Overview of Encryption I
Codes Codes and ciphers are used as a way to make sure that only the intended recipient is able to comprehend the meaning of a message sent via an untrusted route. While codes will translate a phrase into something completely unrelated, a cipher actually is a permutation of the original data. A code would take a phrase like this: We attack at dawn and transform it into something like this: Cheese is special. Because the translated message is completely unrelated to the original, it's only possible to find out what the original message was by having a code book. The code book is a specific set of phrases that may be used and their transformed versions. Using codes has several downsides:
- Both sides must have a full copy of the code book
- For each trusted sender, the recipient must keep another code book
- Both sides must have previously communicated with each other
- Only the information which was predicted to have to be sent can be sent.
The upside of using a code book is that without capturing a copy, anybody attempting to intercept the message is completely unable to decode it reliably. In other words, as long as the book is protected, a code cannot be translated without correlating messages to events. Substitution Ciphers A cipher operates on the actual letters in the message to allow for any message you may want to send. Without anticipating a message, you can't send it with code. You can send any message with a cipher. You are also only required to keep a copy of the ciphers key, or method of decryption, in order to read the contents. Simple ciphers, like substitution ciphers work like this: a b c d e f g h i j k l m n o p q r s t u v w x y z n o p q r s t u v w x y z a b c d e f g h i j k l m The plaintext is lined up letter by letter with a different character. "A" is transformed into "N", "B" is transformed into "O", and so on. A substitution cipher would take: We attack at dawn and transform it into something like this: Jr nggnpx ng qnja. The example above is done with the "ROT13" cipher, or by displacing the alphabet 13 characters. "ROT13" is short for "ROTate 13". Substitution ciphers have a couple of downsides.
- Both sides must know the key
- For each cipher used, both sides must know the key
- Both sides must have previously communicated with each other
- Ciphers are breakable by trying various permutations of letters matching to characters in the message.
One Time Pads A one time pad is a cipher that cannot be broken. It can only be used once, as the name implies. Basically both sides have an agreed upon random key which is used to cipher the plaintext. In order to use a one time pad, the pad (a random key) must be of a longer length than the message to be transmitted. The pad and the plaintext message are then combined using one of various mathematical techniques. To give an example, let's say that we have our plaintext message: We attack at dawn We also need a one time pad. Both parties must have a copy of this key. Perhaps they sent it by trusted courier or met personally. Most likely they have a large number of one-time pads and just use the next one in sequence for the next message. Let's say that particular key is: oxjelijqmfdsosdthsalqnsi Notice how the pad is longer than the message to encrypt. This means that there is no pattern in the encoding, provided that the key is truly random. I got this from mashing my keyboard while reading something else, then removing the non-alphabetic characters. We'll use a simple method to combined the two lines. First let's write the alphabet, and assign each letter a number.
Now, we'll translate our plaintext message into numbers.
And translate our pad into numbers as well.
We'll combine the first number (23, standing for the letter "W") with the first number of the pad (15, standing for the letter "o"). 23 + 15 = 38 Now, 38 doesn't line up to a number on our list, so we'll subtract 26 from it to make it. 38 - 26 = 12 12 lines up to the letter L in our numbered alphabet. So the first character in our encrypted message is "L" Going through it like that, we end up with this line: LD KYFJMB NZ HTLG Notice that because we used a random line to combine with our plaintext line, characters that are the same in the plaintext are not the same in the encoded result. This means that using a one time pad to encode does not allow statistical analysis of the encoded text to break it. Now to decrypt the text we do the opposite process. Take the encrypted text and translate it to numbers.
We take our key (which we translated to numbers earlier in this article) and this time we subtract the pad values from the encrypted text. The first character is "L", which equates to 12. The first character of the pad is "O" which equates to 15. 12 - 15 = -3 If the result is negative, we add 26 to get it within the range of the alphabet. -3 + 26 = 23 Therefore the first character is "W", which equates to "23" on our alphabet numbers list. When we proceed with this, we come out with the plaintext again.
Since the pad could be any sequence of letters, by using another pad on the encrypted text, we could get any text out. And because the pad is truly random, there is no way to statistical way to know if the message is "We attack at dawn" or "No chimps in line". It should be noted that when a computer generates a random number, it is generally generating a pseudo-random number, which can render a one time pad vulnerable to being broken. One source of true randomness commonly used is radioactive decay. So why aren't these used more often? They're unbreakable as long as the pad is truly random and each pad is only used once to prevent analysis. For most uses of encryption, we don't require it to be unbreakable. We only require it to take longer than the lifespan of the information to break. If it takes a hundred years to get your credit card details then it's secure enough, because the card expires in four years. The Problem With Shared Keys All of the methods of encryption mentioned above have one huge problem with them. They require a trusted contact between the two parties at some point. This decreases the ease of use and increases the cost of use hugely. This is unsuitable for things like email, chat, and online shopping. Would you buy that book from Amazon.com if you had to first go to an office of theirs and establish a secret key. In our next article, we'll examine the ways that two parties can establish a key for secure encryption without needing a trusted initial connection.