3. CRYPTOGRAPHY 3
Acknowledgement
This research paper would not have been made possible without God Almighty
for providing me with continuous underserved grace, mercy, guidance and wisdom. Also
through the support from everyone, including: teachers, family, friends, and in essence,
all sentient beings. Especially, please allow me to dedicate my acknowledgment of
gratitude toward the following significant advisors and contributors:
First and foremost, I would like to thank Dr. John Mubenwafor for his most
support and encouragement. He kindly allowed me to present this research paper a week
after the due date because of my position as National Youth Ambassador for the Turks
and Caicos Islands, and Ms. Nekoda Fulford whom read my paper and offered invaluable
detailed advices on grammar, organization, and the theme of the paper.
Second, I would like to thank Hon. Akierra Missick and Ms. Garde Alleyne whom
assisted in advice and support, Dr. Hubert Fulford whom reproofed the paper, as well as
all the other professors who have taught me about Computer Studies over the past two
years of my pursuit of the associate’s degree.
I also would like to sincerely thank to my grandmother, Mercedes Francis and my
parents, family, and friends, whom provided the advice and financial support. The
product of this research paper would not be possible without all of them in particular, my
grandmother.
Last but not the least, Fortis TCI, and LIME TCI for providing me with electricity
and Internet access for the research and printing would not have been accomplished
without them.
4. CRYPTOGRAPHY 4
Abstract
As the field of cryptography has advanced, the dividing lines for what is and what
is not cryptography have become blurred. Cryptography today might be summed up as
the study of techniques and applications that depend on the existence of difficult
problems. Cryptanalysis is the study of how to compromise (defeat) cryptographic
mechanisms; is the discipline of cryptography and cryptanalysis combined. To most
people, cryptography is concerned with keeping communications private. Indeed, the
protection of sensitive communications has been the emphasis of cryptography
throughout much of its history. However, this is only one part of today's cryptography.
Encryption is the transformation of data into a form that is as close to impossible
as possible to read without the appropriate knowledge (a key). Its purpose is to ensure
privacy by keeping information hidden from anyone for whom it is not intended, even
those who have access to the encrypted data. Decryption is the reverse of encryption; it is
the transformation of encrypted data back into an intelligible form.
Encryption and decryption generally require the use of some secret information,
referred to as a key. For some encryption mechanisms, the same key is used for both
encryption and decryption.
Today's cryptography is more than encryption and decryption; it allows us to pay
using electronic money, keep businesses safe from hackers and human kind out of chaos-
in a nutshell, cryptography is a lifesaver.
Keywords: dividing lines, mechanisms, key, nutshell
5. CRYPTOGRAPHY 5
Introduction
Imagine a world where your identity can be stolen at random, your funds
magically disappearing from your banking accounts, and companies having access to
their competitors’ company records; where there is no such thing as privacy and no one
can be held accountable. Today, fortunately that nightmare does not exist because of
cryptography; the evolutionary need for the modern world. The process of encrypting (the
conversion of messages from a comprehensible form into an incomprehensible one and
back again at the other end, rendering it unreadable by interceptors or eavesdroppers
without secret knowledge (namely the key needed for decryption of that message)) and
decrypting (the reversal of encrypting) messages to and from the sender and receiver to
maintain integrity, secrecy and/or protection of confidential information is known as
cryptography.
6. CRYPTOGRAPHY 6
Cryptography
Before the modern era, cryptography was concerned solely with message
confidentiality (i.e., encryption). Encryption was used to (attempt to) ensure secrecy in
communications, such as those of spies, military leaders, and diplomats. Where as in
recent decades, the field has expanded beyond confidentiality concerns to include
techniques for message integrity checking, sender/receiver identity authentication, digital
signatures, and interactive proofs and secure computation, among others.
The earliest known use of cryptography was in Egypt (ca 1900 BCE) where cipher
text (the conversion of an original message known as plain text to a hidden message) was
carved into a stone. Over the years this one encryption from stone has been converted into
several different types of cryptography thus benefiting all aspects of the world; leading
cryptography being key to avoiding world chaos. However, although cryptography might
be safe, it can be breakable.
The first types of cryptography are terminologically known as classical cipher
types. The main classical cipher types are transposition ciphers, which rearrange the order
of letters in a message (e.g., 'hello world' becomes 'ehlol owrdl' in a trivially simple
rearrangement scheme), and substitution ciphers, which systematically replace letters or
groups of letters with other letters or groups of letters (e.g., 'fly at once' becomes 'gmz bu
podf' by replacing each letter with the one following it in the Latin alphabet). An early
substitution cipher was the Caesar cipher, in which each letter in the plaintext was
replaced by a letter some fixed number of positions further down the alphabet. Caesar
Cipher, also known as Caesar's cipher, the shift cipher, Caesar's code or Caesar shift, is
one of the simplest and most widely known encryption techniques. It is a type of
substitution cipher in which each letter in the plaintext is replaced by a letter some fixed
number of positions down the alphabet. For example, with a left shift of 3, ‘D’ would be
7. CRYPTOGRAPHY 7
replaced by ‘A’, then ‘E’ would become ‘B’, and so on. The method is named after Julius
Caesar, who used it in his private correspondence.
In ancient times, the first known transposition cipher was the Scytale cipher,
which is a tool consisting of a cylinder with a strip of parchment wound around it on
which is written a message. Shchenko’s (2002) study argued that the ancient Greeks, and
the Spartans (the people of the city-state Sparta in ancient Greece) in particular, are said
to have used this cipher to communicate during military campaigns (Shchenko, 2002).
During these times, cryptography was taken seriously to protect information such as
practicing acts of messages being tattooed on a slave's shaved head and concealed under
the regrown hair. However, cipher-texts produced by a classical cipher were discovered
to always reveal some sort of statistical information that would lead into frequency
analysis (a method of decrypting classical ciphers by statistical information), which is the
first cryptanalysis technique (the study of analysing information systems in order to study
the hidden aspects of the systems).
You could now imagine how much of a breakthrough it was for the discovery of
decrypting classical ciphers for eavesdroppers. According to Singh’s (2000) publication,
after the discovery of frequency analysis, perhaps by the Arab mathematician and
polymath Al-Kindi (also known as Alkindus) in the 9th century (Singh, 2000), nearly all
such ciphers became more or less readily breakable by any informed attacker. Such
classical ciphers still enjoy popularity today, though mostly as puzzles.
In further support of this finding, Al-Kadi’s (1992) study hypothesized essentially,
all ciphers remained vulnerable to cryptanalysis using the frequency analysis technique
until the development of the polyalphabetic cipher, most clearly by Leon Battista Alberti
around the year 1467 (Al-Kadi, 1992). He also invented what was probably the first
automatic cipher device, a wheel which implemented a partial realisation of his invention.
8. CRYPTOGRAPHY 8
Schrödel’s (2008) research supported that in the polyalphabetic Vigenère cipher,
encryption uses a key word, which controls letter substitution depending on which letter
of the key word is used (Schrödel 2008).
Although frequency analysis can be a powerful and general technique against
many ciphers, encryption has still often been effective in practice, as many a would-be
cryptanalyst was unaware of the technique. Breaking a message without using frequency
analysis essentially required knowledge of the cipher used and perhaps of the key
involved, thus making espionage, bribery, burglary, defection, etc., more attractive
approaches to the cryptanalytically uninformed. It was finally explicitly recognised in the
19th century that secrecy of a cipher's algorithm is not a sensible or practical safeguard of
message security; in fact, it was further realised that any adequate cryptographic scheme
(including ciphers) should remain secure even if the adversary fully understands the
cipher algorithm itself. Security of the key used should alone be sufficient for a good
cipher to maintain confidentiality under an attack.
Hakim’s (1995) study agreed that many mechanical encryption/decryption devices
were invented early in the 20th century, and several patented, among them rotor
machines—famously including the Enigma machine used by the German government and
military from the late 1920s and during World War II (Hakim, 1995). According to
Gannon (2001), the ciphers implemented by better quality examples of these machine
designs brought about a substantial increase in cryptanalytic difficulty after WWI
(Gannon, 2001).
To the verge of entering the computer era of cryptography, cryptanalysis of the
new mechanical devices proved to be both difficult and laborious. In the United
Kingdom, cryptanalytic efforts at Bletchley Park during WWII spurred the development
of more efficient means for carrying out repetitious tasks. This culminated in the
9. CRYPTOGRAPHY 9
development of the Colossus, the world's first fully electronic, digital, programmable
computer, which assisted in the decryption of ciphers generated by the German Army's
Lorenz SZ40/42 machine. Just as the development of digital computers and electronics
helped in cryptanalysis, it made possible much more complex ciphers. Furthermore,
computers allowed for the encryption of any kind of data representable in any binary
format, unlike classical ciphers, which only encrypted written language texts; this was
new and significant.
Nonetheless, good modern ciphers have stayed ahead of cryptanalysis; it is
typically the case that use of a quality cipher is very efficient (i.e., fast and requiring few
resources, such as memory or CPU capability), while breaking it requires an effort many
orders of magnitude larger, and vastly larger than that required for any classical cipher,
making cryptanalysis so inefficient and impractical as to be effectively impossible.
Extensive open academic research into cryptography is relatively recent; it began only in
the mid-1970s. Diffie and Hellman’s (1976) research supported that in recent times, IBM
personnel designed the algorithm that became the Federal (i.e., US) Data Encryption
Standard; Whitfield Diffie and Martin Hellman published their key agreement algorithm
(Diffie, Hellman, 1976). Since then, cryptography has become a widely used tool in
communications, computer networks, and computer security generally.
As well as being aware of cryptographic history, cryptographic algorithm and
system designers must also sensibly consider probable future developments while
working on their designs. Blaze et al. (1996) study indicated that for instance, continuous
improvements in computer processing power have increased the scope of brute-force
attacks, so when specifying key lengths, the required key lengths are similarly advancing
(Blaze, Diffie, Rivest, Schneier, Schimomura, Thompson, Wiener, 1996).
10. CRYPTOGRAPHY 10
Essentially, prior to the early 20th century, cryptography was chiefly concerned
with linguistic and lexicographic patterns. Since then the emphasis has shifted, and
cryptography now makes extensive use of mathematics, including aspects of information
theory, computational complexity, statistics, combinatorics, abstract algebra, number
theory, and finite mathematics generally.
The modern field of cryptography is computerised and can be divided into two
kinds, symmetric-key and asymmetric-key cryptography. Symmetric-key cryptography
refers to encryption methods in which both the sender and receiver share the same key (a
unique way of decrypting messages), or, less commonly, in which their keys are different,
but related in an easily computable way. According to Diffie and Hellman’s (1976) study,
this was the only kind of encryption publicly known until June 1976 (Diffie, Hellman,
1976).
Symmetric-key ciphers are implemented as either block ciphers or stream ciphers.
A block cipher enciphers input in blocks of plaintext as opposed to individual characters,
the input form used by a stream cipher. The first type of symmetric-key cryptography is
the cryptographic hash functions. They take a message of any length as input, and output
a short, fixed length hash, which can be used in (for example) a digital signature. For
good hash functions, an attacker cannot find two messages that produce the same hash.
Another type of a symmetric-key cryptography concept is the Message Authentication
Codes. Menezes et al. ‘s publication proved that, it was much like cryptographic hash
functions, except that a secret key can be used to authenticate the hash value upon receipt
(Menezes, van Oorschot, Vanstone), this additional complication blocks an attack scheme
against bare digest algorithms, and so has been thought worth the effort.
11. CRYPTOGRAPHY 11
In contrast to the symmetric-key cryptography concept, the asymmetric-key (also
known as public-key cryptography) cryptographic concept includes two keys compared to
one in the symmetric-key cryptography concept.
According to Diffie and Hellman’s (1976) study:
In public-key cryptosystems, the public key may be freely distributed,
while its paired private key must remain secret. In a public-key encryption
system, the public key is used for encryption, while the private or secret
key is used for decryption. While Diffie and Hellman could not find such a
system, they showed that public-key cryptography was indeed possible by
presenting the Diffie–Hellman key exchange protocol, a solution that is
now widely used in secure communications to allow two parties to secretly
agree on a shared encryption key.
Kahn’s (1979) study supported that himself, as a historian, David Kahn, described public-
key cryptography as "the most revolutionary new concept in the field since
polyalphabetic substitution emerged in the Renaissance" (Kahn, 1979). Diffie and
Hellman's publication sparked widespread academic efforts in finding a practical public-
key encryption system. According to Rivest et al. ‘s (1978) research, they themselves,
whose solution has since become known as the RSA algorithm, finally won this race in
1978. (Rivest, Shamir, Adleman, 1978).
Schneier’s (1996) study found the following:
Public-key cryptography can also be used for implementing digital
signature schemes. A digital signature is reminiscent of an ordinary
signature; they both have the characteristic of being easy for a user to
produce, but difficult for anyone else to forge. Digital signatures can also
be permanently tied to the content of the message being signed; they
12. CRYPTOGRAPHY 12
cannot then be 'moved' from one document to another, for any attempt will
be detectable. In digital signature schemes, there are two algorithms: one
for signing, in which a secret key is used to process the message (or a hash
of the message, or both), and one for verification, in which the matching
public key is used with the message to check the validity of the signature.
RSA and DSA are two of the most popular digital signature schemes.
Digital signatures are central to the operation of public key infrastructures
and many network security schemes (e.g., SSL/TLS, many VPNs, etc.).
All in all, it is a common misconception that every encryption method can be
broken. Cryptanalysis of symmetric-key ciphers typically involves looking for attacks
against the block ciphers or stream ciphers that are more efficient than any attack that
could be against a perfect cipher. Much public-key cryptanalysis concerns numerical
algorithms for solving these computational problems, or some of them, efficiently (i.e., in
a practical time).
However, much like every aspect of life, law enforcement seems to make their
presence to protect the people of the earth from illegal acts. Cryptography has long been
of interest to intelligence gathering and law enforcement agencies. Secret
communications may be criminal or even treasonous. Because of its facilitation of
privacy, and the diminution of privacy attendant on its prohibition, cryptography is also
of considerable interest to civil rights supporters. Accordingly, there has been a history of
controversial legal issues surrounding cryptography, especially since the advent of
inexpensive computers has made widespread access to high quality cryptography
possible.
In some countries, even the domestic use of cryptography is, or has been,
restricted. Until 1999, France significantly restricted the use of cryptography
13. CRYPTOGRAPHY 13
domestically, though it has since relaxed many of these rules. According to Crypto Law
Survey (2013), “In China and Iran, a license is still required to use cryptography.” Many
countries have tight restrictions on the use of cryptography.
According to EMC Website, “Among the more restrictive are laws in
Belarus, Kazakhstan, Mongolia, Pakistan, Singapore, Tunisia, and
Vietnam.”
Link: (http://www.emc.com/emc-plus/rsa-labs/standards-
initiatives/cryptographic-policies-countries.htm)
In the United States, cryptography is legal for domestic use, but there has been
much conflict over legal issues related to cryptography. One particularly important issue
has been the export of cryptography and cryptographic software and hardware. Probably
because of the importance of cryptanalysis in World War II and an expectation that
cryptography would continue to be important for national security, many Western
governments have, at some point, strictly regulated export of cryptography. Rosenoer’s
(1995) argues that After World War II, it was illegal in the US to sell or distribute
encryption technology overseas; in fact, encryption was designated as auxiliary military
equipment and put on the United States Munitions List (Rosenoer, 1995). Until the
development of the personal computer, asymmetric key algorithms (i.e., public key
techniques), and the Internet, this was not especially problematic. However, as the
Internet grew and computers became more widely available, high-quality encryption
techniques became well known around the globe.
According to PC World’s Website, “In the United Kingdom, the
Regulation of Investigatory Powers Act gives UK police the powers to
force suspects to decrypt files or hand over passwords that protect
encryption keys. Failure to comply is an offense in its own right,
14. CRYPTOGRAPHY 14
punishable on conviction by a two-year jail sentence or up to five years in
cases involving national security.”
Link:(http://www.pcworld.com/article/137881/uk_data_encryption_disclo
sure_law_takes_effect.html)
All in all, much of what was defined as cryptography does not really explain how
cryptography and all of its fancy techniques and concepts benefits anyone other than
computer scientists, world war soldiers and historians. In fact, as mentioned in the
beginning of this technical essay, cryptography, in a nutshell, is waking up from a
nightmare of secrecy non-existence; it benefits everyone; it is how businesses make better
profits compared to their competitors.
Cryptography has become so great in modern times that we can use these
techniques to secure data such as debit and credit card, voting, private calls, password,
email information and so on. I could write a million words worth of scenarios in which
cryptography has benefited the world but needless to say it explains itself.
Nonetheless, on the verge of closing, I will illustrate a prime example of how
great cryptography is by giving an scenario of what happened to Adobe, a
multimillionaire business that could have lost everything in the space of no time. In
October of the year 2013, Adobe announced the sad news that their customer IDs,
passwords, and information relating to nearly 3 million Adobe customers, including credit
and debit card numbers were accessed by hackers (a group of people that seeks and
exploits weaknesses in a computer system or computer network). BBC World News
reported “the number of accounts that was breached was much greater – 38 million!”
This is in addition to the loss of source code to Photoshop, its popular photo editing
software package.
15. CRYPTOGRAPHY 15
When this happens, it is a very bad day; it is a nightmare; it is 38 million
nightmares. Their fortress of information protection has now been breached and 38
million data horses have run out of the barn. However, there is a diamond of good news
in their announcement. They have encrypted data (this is the part where you wake up
from the nightmare). Although data was taken from Adobe, some of it was encrypted.
Specifically, passwords as well as credit and debit card numbers were encrypted. This is a
strike against the perpetrators.
However, imagine if they caught the hackers and could not sue them – a massive
dose of medication to make you go back into the nightmare again right? As mentioned
earlier in this essay, there are laws in place for things like this so that lifts the burden on
companies when their data is breached. Data integrity is great but the fact that much of
the data that was stolen was encrypted is a saving grace for Adobe.
The tools of encryption and key management can (and should, especially after this
scenario) be applied at numerous layers of business to protect, isolate, and control data.
The technology is well known and standardised. It is predictable and manageable and in
no-way should be considered a scary technology that only the most advanced technical
experts can understand and manage such as computer scientists, the military or historians.
16. CRYPTOGRAPHY 16
Conclusion
In conclusion, we can therefore agree that cryptography is not alone the process of
encrypting and decrypting confidential information; it is the evolutionary need for life. As
technical and complicated as it might be described throughout any research paper, it is
easy to deploy and use and provides a strong protection against data thieves. When we
look at events such as those that unfortunately happened to Adobe, we will look in detail
at what went wrong, but too infrequently, we forget to ask about those things that went
right. In adobe’s case, the answer to the question is simple: they encrypted their data.
17. CRYPTOGRAPHY 17
References
Al-Kadi, Ibrahim A. (April 1992). "The origins of cryptology: The Arab contributions".
Cryptologia 16 (2): 97–126.
Blaze, Matt; Diffie, Whitefield; Rivest, Ronald L.; Schneier, Bruce; Shimomura,
Tsutomu; Thompson, Eric; Wiener, Michael (January 1996). "Minimal key
lengths for symmetric ciphers to provide adequate commercial security". Fortify.
Retrieved 26 March 2015.
Ciccarelli, S. K., & White, J. N. (2010). Psychology (3rd Edition). United States of
America, 12-13.
Diffie, Whitfield; Hellman, Martin (November 1976). "New Directions in Cryptography"
(pdf). IEEE Transactions on Information Theory. IT-22: 644–654.
Hakim, Joy (1995). A History of US: War, Peace and all that Jazz. New York: Oxford
University Press. ISBN 0-19-509514-6.
Kahn, David (Fall 1979). "Cryptology Goes Public". Foreign Affairs 58 (1): 153.
Menezes, A. J.; van Oorschot, P. C.; Vanstone, S. A. Handbook of Applied
Cryptography. ISBN 0-8493-8523-7.
Nolen-Hocksema, S., Fredrickson, B. L., Loftus, G. R., & Wagenaar, W. A. (2009).
Atkinson & Hilgard’s Introduction to Psychology (15th Edition ed.). (J. Clark, &
L. Dawson-Bowling, Eds.) Pat Bond, 5.
Rivest, Ronald L.; Shamir, A.; Adleman, L. (1978). "A Method for Obtaining Digital
Rosenoer, Jonathan (1995). "CRYPTOGRAPHY & SPEECH". CyberLaw.
Archived December 1, 2005 at the Wayback Machine
Schneier, Bruce (1996). Applied Cryptography (2nd ed.). Wiley. ISBN 0-471-11709-9.
"Overview per country". Crypto Law Survey. February 2013. Retrieved 26 March
2015.
18. CRYPTOGRAPHY 18
Schrödel, Tobias (October 2008). "Breaking Short Vigenère Ciphers". Cryptologia 32 (4):
334–337. doi:10.1080/01611190802336097.
Shchenko, V. V. (2002). Cryptography: an introduction. AMS Bookstore. p. 6. ISBN 0-
8218-2986-6.
Signatures and Public-Key Cryptosystems". Communications of the ACM (Association
for Computing Machinery) 21 (2): 120–126.
Archived November 16, 2001 at the Wayback Machine
Previously released as an MIT "Technical Memo" in April 1977, and published in
Martin Gardner's Scientific American Mathematical recreations column
Singh, Simon (2000). The Code Book. New York: Anchor Books. pp. 14–20. ISBN
9780385495325.
"6.5.1 WHAT ARE THE CRYPTOGRAPHIC POLICIES OF SOME COUNTRIES?".
RSA Laboratories. Retrieved 26 March 2015.
http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/cryptographic-
policies-countries.htm
"UK Data Encryption Disclosure Law Takes Effect". PC World. 1 October 2007.
Retrieved 26 March 2015.
(http://www.pcworld.com/article/137881/uk_data_encryption_disclosure_law_tak
es_effect.html)
