|3. Everything / Communications|
Modern Cryptography - Methods and Uses
cryp·tog'·ra·phy n. The process or skill of communicating in or deciphering secret writings or ciphers.1
So says one dictionary at least. But cryptography goes beyond communicating in 'secret writings or ciphers'.
What is Cryptography?
Most importantly, cryptography entails security. Cryptography allows you to make sure your credit card numbers aren't stolen, that no-one knows your password and that the recipient of a message knows, indisputably, that you sent it. Cryptography is the encryption and decryption of information that you want to keep secure.
Who Uses Cryptography?
Governments. Spies. Banks. Credit card companies. You, if you've ever bought anything online. But do you realise you're using cryptography? That little lock in the bottom corner of your web browser shows that you're browsing on a secure site - you're using a form of cryptography called 'single-key cryptography'. Historically, it's the most common form. Unfortunately, cryptography suffers the stigma that it is only used by people with something to hide.
Why Use Cryptography?
Because you value your privacy; it's really that simple. Governments don't want to let classified information out. Banks and credit card companies are interested in your privacy, so they make sure your sensitive information is kept secret. You want to use email as you would snail mail - not as if you are shouting across a crowded room.
A Brief History Of Cryptography
The most widely-known form of cryptography is Caesar's Alphabet. It's a very simple substitution cipher - a letter shift. Every letter in the alphabet is shifted a certain number of letters to the left. The most common key is three. Here is the alphabet as we know it, followed by Caesar's 'encrypted' alphabet:
Pretty simple, no? As such, the 'cleartext' of 'THIS IS AN ENCRYPTED MESSAGE' would become the 'ciphertext' of 'WKLV LV DQ HQFUBSWHG PHVVDJH'.
Can this be a secure cryptography system? It depends on who you're trying to secure it from. Governments? Not at all. Other people? Not really. Caesar's Alphabet is a very basic substitution cipher, and many people break substitution ciphers as a hobby, in the form of 'cryptograms'.
Quite a jump - from ancient Rome to World War II. Enigma2 was the revolutionary cryptography system developed by the German navy in order to pass secret messages without the pesky Allies getting the messages and interfering with the plans. The system was primarily mechanical and was a stream cipher - every point in the message affected every later point.
Enigma used a series of electrically-connective wheels to exchange one letter into another multiple times. Most Enigma machines had spaces for three wheels, although later incarnations used four wheels to confound the Allied cryptanalysts. These wheels were chosen out of only a few possible wheels. The standard Enigma machine came with five possible wheels. The German Army and Air Force used a standard wheel set, while the Navy used a set of eight wheels.
When the user pressed a key on an Enigma machine's keyboard, the following changes occurred:
Enigma itself was a reciprocal cryptography system - provided that the machine had been reset, all one needed to do to decrypt a message was to enter the ciphertext into the keyboard, and the cleartext would be output on the display.
DES - The Data Encryption Standard
The history of DES3 is long and convoluted, but in short it successfully brought cryptography out of strictly governmental use and into the commercial market. Originally known as Lucifer and developed at IBM, DES was IBM's attempt to form a virtual monopoly in the digital world. If IBM could introduce cryptography to the consumer, then everyone would use their solution. IBM's first customer would be the various banks, with the revised, all-hardware version of Lucifer known as DSD-1.
Unfortunately, the National Security Agency (otherwise known as No Such Agency - the NSA) decided that commercial cryptography could be detrimental to national security and informed IBM that DSD-1 would require the NSA's stamp of approval before it could be shipped worldwide. IBM consented and submitted DSD-1 for approval.
Cracking DSD-1 proved to be a harder task for the NSA than originally expected. An attack upon ciphertext known as a 'T attack', which would attempt to force open the ciphertext and reveal the key by attempting various mathematical formulae, proved useless - IBM had somehow discovered this previously-classified method and redesigned Lucifer, taking this particular attack into account. The NSA forced IBM to classify all information regarding DSD-1 and Lucifer.
The NSA did have one idea for DSD-1 that would make IBM baulk - the key length itself. The original specification for Lucifer involved a 128-bit key. That might seem paltry, but consider this - 128 bits means that for each of those 128 positions, there are two choices. A two-bit key has a 'keyspace' of four possible keys. A three-bit key has eight. A key of this length has a monstrously large keyspace - approximately 3.4x1038 (a mind-bendingly large number) possible keys. Assuming a computer could try a billion different keys in a single second, it would still take over ten quintillion millennia to try the entire keyspace. A key length of 128 bits, assuming the cryptography system is only vulnerable to such an attack (known as a 'brute force' attack) would be virtually unbreakable using modern computers. NSA insisted that the key length be reduced to only 56 bits. A 56-bit key may be just under half as long, but it is orders of magnitude simpler to force open (A key requiring half the time to brute force would be 127 bits long). This recommended key would take the same computer just over only two years to break. The NSA, of course, even at the time that DSD-1 was under development (circa 1974), must have had supercomputers significantly more powerful than this, in order to be comfortable with a keyspace of 56 bits.
IBM relented on the key length, and DSD-1 became DES. The NSA controlled the export of DES beyond the US borders, but it became enormously popular within the country. DES did just what IBM had hoped - it introduced cryptography to the consumer.
Modern Cryptography Systems
Since the development and publication of DES, cryptography has become enormously popular. Numerous cryptography systems (or algorithms, as they are better known today) have been developed for various purposes. Generally, they all benefit cryptography and privacy in one way or another.
Types of Ciphers
Substitution ciphers are the most simple, because they switch one letter for another, throughout the length of a message. They are easily broken by analysing the frequency of letters in the ciphertext and applying the most commonly-used letters in the appropriate places.
Reciprocal ciphers encompass more cryptography systems, and can make a system either less secure or more usable. A reciprocal cipher means, just as one enters the cleartext into the cryptography system to get the ciphertext, one could enter the ciphertext into the same place in the system to get the cleartext. Using a reciprocal substitution is a form of cryptographic suicide - it makes the cipher half as difficult to break. However, if Enigma weren't reciprocal, it would have been significantly more difficult to implement.
For a long time, symmetric ciphers were the only form of cryptography available. A symmetric cipher uses the same key for encryption and decryption. Generally, symmetric ciphers are no less secure than asymmetric ciphers, since, in most modern cryptography systems, securing the key is more important than securing the cryptography system itself.
An asymmetric cipher4 is another name for a 'split-key' algorithm. Very few split-key algorithms exist in the world of cryptography. The concept of split-key cryptography emerged in 1975. It revolutionised cryptography, as not only could the recipient of a message know that only he could read the contents, but that the message also could have come only from the sender. Each key, however has a dual purpose.
How They're Used
Popular Titles in Cryptography
SSL5 isn't a revolutionary cryptography system. It's actually a means of implementing cryptography into a web browser. SSL stands for Secure Sockets Layer and it's absolutely crucial for e-commerce.
The operation of SSL lies somewhere between simple and complicated. It relies on an asymmetric cipher to assure that the server computer in question belongs to the company it claims it does and a symmetric cipher to proceed with encrypted communication.
At this point, all the information sent between the client and the server can only be read by those two machines. Credit card numbers, passwords, you name it - they can't be read by eavesdroppers.
PGP (otherwise known as 'Pretty Good Privacy'), like SSL, isn't a cryptographygraphic algorithm in and of itself, but a wrapper around cryptography. Phil Zimmermann began developing the PGP software in the mid-eighties in a political attack against the anti-cryptography movements of the government6.
PGP implements a number of asymmetric and symmetric algorithms in order to safely and securely encrypt and decrypt your email, depending on the contents of your certificate. This certificate includes your public key and your preferred symmetric algorithm. PGP uses any one of CAST, IDEA and TripleDES (DES applied three times) to encrypt the message (Recent versions seem to prefer CAST and TripleDES over IDEA as the former two are patent-free). The software encrypts using the following steps:
PGP is quite simple in theory. The actual algorithms used are what made this software package difficult to write. Decryption operates in the opposite direction - the session key is decrypted with the recipient's private key, then the compressed message is decrypted using the appropriate algorithm, then PGP decompresses the message7.
The benefits of using cryptography should be relatively obvious - your private messages are kept private and you can be quite sure that your mail has been sent by the person who claims to have sent it. Privacy and peace of mind, plain and simple.
Of course, communication isn't the only thing cryptography can be used for. A controversial concept called 'digital rights management' can benefit from digital signatures - record companies can digitally sign songs that they don't mind being distributed and if a piece of music without the appropriate signature arrives on a person's hard drive, their music software could refuse to play it. Additionally, these digital signatures could be used to sign important documents in Adobe's Portable Document Format (also known as PDF). This could greatly speed up various legal or bureaucratic situations.
Cryptography, it could therefore be argued, is a necessity in today's 'digital age'. Governments may complain that, with widespread use of cryptography, national security will be threatened. On the other hand, what good is national security if the population has to give up their personal security? The Bush administration has taken pains to promote national security at the expense of personal privacy. This defeats the efforts that numerous mathematicians and programmers have taken to promote peace of mind in the coming era - and could make e-commerce, among many other behaviours on the internet, just as dangerous as it was only five years ago.
Explore cryptography today!
People have been talking about this Guide Entry. Here are the most recent Conversations:
Please note that the BBC is not responsible for the content of any external sites listed.
Most of the content on this site is created by h2g2's Researchers, who are members of the public. The views expressed are theirs and unless specifically stated are not those of the BBC. The BBC is not responsible for the content of any external sites referenced. In the event that you consider anything on this page to be in breach of the site's House Rules, please click here to alert our Moderation Team. For any other comments, please start a Conversation below.