This document provides an overview of cryptography from a historical and practical perspective. It discusses early crypto systems like the Scytale and Caesar cipher. Modern systems like the Enigma machine and the One-Time Pad are explained. It also summarizes public key cryptography pioneers like PGP and the "Crypto Wars" debates around government access to encrypted communications and privacy rights.

1. CRYPTOGRAPHY
A HISTORY, PRACTICAL, AND APPLIED PRACTICES

2. OVERVIEW
The purpose of this presentation is to give a brief overview of cryptography. Both from a historical perspective, through modern usage. The lesson will have one interactive section, taking possibly
close to thirty minutes to complete. Topics covered will include:
• Historic crypto systems
• Symbols, Symbology, Anti-Language
• Scytale
• Letter substitution (Caesar Cipher, and ROT13)
• Vignère cipher (keyed letter substitituion)
• The Enigma Machine and Rotordisk Encryption
• One Time Pads (OTP)
• Secure, but not secure, thanks
• Modern crypto systems
• Steganography and Visual Cryptography vs. actual Cryptography
• Shared Key Cryptography
• Defining A Web of Trust
• Cryptowars V1 (the Right to Privacy)
• PGP/GPG
• Cryptowars V2 (Post 9/11 Politics)
• Cryptanalysis: A Very Brief Overview
• Physical Attacks
• Letter Frequency
• Cribs
• Statistical Analysis
• Activity: Getting Started With Cryptography and Defining a Web of Trust

3. HISTORIC CRYPTO SYSTEMS
Cryptography and Cryptanalysis—its sister study—are extremely old
disciplines. While the first known use of cryptography is recorded in Egypt c.
1900 BCE. Where non-standard hieroglyphs were used, apparently playfully,
to obscure the meaning of the text for literate readers. Other factors also
came into play with hieroglyphs, primarily that the direction the animals were
facing in the writing determined the direction the text was to be read.
The oldest commercial use dates to near 1500 BCE, where a craftsman wrote
down his recipe for pottery glaze in a cipher text.
Even later Hebrew scholars used letter substitution around 500 to 600 BCE.
Asian writing, particularly Chinese writing systems have an easier time encoding their data due to their inherent
complexity. In China (as an example) the direction to read/write depended on the class of the writer, the class of
the recipient, the era the writing was made, and various other factors.
Arabic based texts are similar in that the texts themselves omit vowel sounds. This means that translation
efforts rely heavily on verbal knowledge, as well as contextual based clues. While not deliberately being a
cryptographic system the goal was obviously to obscure content to limit its understanding. Essentially the same
goal as cryptography.

4. SYMBOLS, SYMBOLISM, ANTI-LANGUAGE
• Similar to the hieroglyphic methods of encoding language. Groups may tend to use symbols
to hide meanings and definitions, effectively creating a cipher for those that don’t know what
a symbol means, as opposed to those who do.
• Examples of this are:
Hobosigns War Chalking Tagging (Anti-
Fa sign from Greece)
• Other examples, of codified language are cryptolects: argots, or “anti-languages” such as
Thieves’ Cant, Rhyming Slang, Jive.
• Urban Dictionary – useful reference for modern cryptolects, may be slightly off due to
crowdsourcing and locale.
• Disinformation – language is hard to prove/disprove due to it’s constantly fluid state. This
also allows for bad translations/disinformation of anti-language to be leveraged to discount a
given meaning.
Etymology (n): The origin
and historical
development of a
linguistic form as
determined by its basic
elements, earliest known
use, and changes in form
and meaning.

5. SCYTALE
• The Scytale was an early form of physical
encryption. Roman military leaders and their
subordinates were dispatched with
octagonal sticks. When a message needed to
be dispatched a piece of leather would be
wrapped around the stick, and the message
written on the leather. After unwrapping the
leather the message was scrambled. Only a
recipient with a similarly sized stick could
decode the message (in theory).

6. LETTER SUBSTITUTION OR CAESAR CIPHER
• Simple letter substitution ciphers rely on swapping parts of the
alphabet in a 1:1 relationship. Decoding these ciphers is as
simple as reversing the swap.
• The principle is to map one letter to another letter. A wide
spread example of this is the ROT13 algorithm, which maps the
first 13 characters of the alphabet to the last 13 characters. As
such the clear text “Hello” would be translated to “Uryyb”
• Another example, called a pigpen cipher, works at breaking up
the alphabet into “pens” and swapping out parts of the pen for
the location of the letters.
• A similar scheme to letter substitution is the transposition
cipher, which relies on rearranging the plain text in a complex
manner, but not actually changing the text itself.

7. VIGNÈRE CIPHER
• The Vignère Cipher is a form of polyalphabetic substitution cipher that combines both a key
and multiple scrambled alphabets (that is multiple Caesar ciphers with different offsets). It
was one of the strongest early forms of encryption developed without the aid of a
computer.
• To process a Vignère Cipher a table of alphabets (called a tabula recta) was laid out (as
pictured to the right), and a key phrase was generated along with the clear text.
• The key phrase was then repeated until it matched the clear text in length. For example:
“San Dimas High school Football rules” with a key of “Whoa” would appear similar to:
sandimashighschoolfootballrules
whoawhoawhoawhoawhoawhoawhoawho
• By using the letters in the key (here four letters w, h, o, a) the corresponding row in the
table is matched with the column determined by the clear text. That is (in our example):
w + s = o Full cipher text is:
h + a = h --------------------
o + n = b ohbdetosdpuhojvokstokapahsfuhlg
a + d = d
• Before the algorithm for the Vignère cipher was figured out, attacking the cipher was
difficult as it helped to obscure commonly seen letter frequencies. This was a time
consuming process to handle by hand and reversing it was equally difficult.
With today’s technologies there’s multiple websites that can reverse a Vignère and give you
the key in seconds.

8. THE ENIGMA AND ROTOR DISK
ENCRYPTION• Letter substitution took a turn shortly before WWII with the inception of Rotordisk Encryption. This was
most famously seen in the German Enigma machine.
• Rotordisk encryption works by having a series of mechanical disks (three in the case of the Enigma) that
would be set to a certain pre-defined key. Clear text messages could then be typed in on a keyboard.
The mechanical action of the keyboard would turn the rotors—at least the right, but often all of them—to
change the path of an electrical current which would illuminate letters in an output board, these were
noted down and after encoding were radioed out using Morse Code. This allowed a multiple-offset
substitutional cipher.
• Decryption could be handled by setting the rotors to match the initial key, and entering the coded
message on the keyboard, recreating the original operator’s steps. This allowed the electricity to flow
back through the enigma on the same pathways and would illuminate the clear text light.
• It was discovered that an additional layer of security could be added through the addition of a plug
board. This allows pairs of letters to be swapped both before and after encoding.
• Initial attempts at cryptanalysis by Polish mathematicians proved successful, and the information was
shared with the Allies. Combined with poor operating practices on the part of the Enigma operators, and
recovered information (codebooks, machines, and other intelligence). As well as the development of the
Bombe (named after the Polish Bomba) by Alan Turing and his team at Bletchley park. The Enigma was
eventually broken. Similar units to the Bombe were also developed by the US Army and US Navy but were
engineered differently. This all helped to turn the tide of the war in the Allies’ favor.
Enigma photo By Alessandro Nassiri - Museo della Scienza e della Tecnologia "Leonardo da Vinci", CC BY-SA 4.0,
https://commons.wikimedia.org/w/index.php?curid=47910919

9. ONE-TIME PADS
• Intended to be used once and then disposed
• Multiple pads required to send messages
• Both sender and received must:
• have copies of the same pad
• must maintain sequencing
• Must not stray off established formula
• Not as cryptographically secure as one would
think
• Pseudorandom number generation vs. true random
number generation
• The Cryptonomicon

10. MODERN CRYPTOSYSTEMS
• Computers have changed the
game
• Telecommunications
• Politics
• Software
• Hardware
• Social Media & Steganography
• REALLY BIG NUMBERS
• Quantum computing
• The heat death of the Universe

11. CRYPTO WARS V1 (THE RIGHT TO PRIVACY)
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be
violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be
searched, and the persons or things to be seized.”
– Article IV, United States Bill of Rights
• Computer Fraud and Abuse Act (CFAA) – 1985 meets 1984
(https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act)
• The Clipper Chip
(https://en.wikipedia.org/wiki/Clipper_chip)
• Military Grade Encryption
Classified Technology – RSA Two-factor Encryption
Illegal to export without munitions license (letters are now bullets)

12. SHARED KEY AND PUBLIC KEY
CRYPTOGRAPHY
• Software
• Private Key
• Public Key
• Web of Trust

13. PRETTY GOOD PRIVACY (PGP), OPENPGP,
GPG
• First released in 1991 for free (thanks Internet!)
• Developed as a human rights tool by Philip R. Zimmerman
• Three year criminal investigation (thanks legal gray area of
the Internet!)
• Offered military grade encryption for the public
• Based around Diffie-Hellman, AES, and RSA, also offered
Two-Fish
• RedPhone – telephone port of PGP that used a modem
• OpenPGP
• Created in July 1997 by PGP in concert with IETF, based
around concerns that RSA was legally menacing
• GPG – FOSS port of PGP, compliance with OpenPGP. PGP is
Closed Source and now owned by Symantec

14. STEGANOGRAPHY AND VISUAL
CRYPTOGRAPHY VS. ACTUAL
CRYPTOGRAPHY
• What is Steganography?
A process of encoding plaintext information into an existing noise stream. Particularly used with graphic images due to their high noise
tolerance. Due how the human eye perceives color, it’s easier to hide a very small amount of text in the large color pallet of an image while
causing minimal distortion of the image. (https://en.wikipedia.org/wiki/Steganography)
• What is Visual Cryptography?
Similar to Steganography and Watermarking, but using some elements of shared-key cryptography. Visual cryptography hides half of a
public-private key pair inside another image. When the image is shared the message goes with it, and the recipient (holding half of the key
pair) can find the apparent noise in the image, compare it with their key and receive a visual confirmation that the image belongs to the
other user. Particularly useful for DRM, and copyright protection. (https://en.wikipedia.org/wiki/Visual_cryptography)
• How do they differ from ‘actual’ cryptography?
Steganography, and Visual Cryptography rely on hiding a message in existing noise. That is, by breaking the message up and slipping it
into an existing image, text, or digital source the information can be obfuscated far enough to be difficult to detect by those not in the
Web of Trust. Cryptography instead generates random noise using a key, algorithm, and plaintext in combination. A frequent user of
Steganography is ISIS who use it to communicate in plain sight via Reddit, eBay, and other image sharing sites.
(http://www.independent.co.uk/news/world/middle-east/isis-and-al-qaeda-sending-coded-messages-through-ebay-pornography-and-
reddit-10081123.html)

15. CRYPTO WARS V2 (POST 9/11 POLITICS)
“Those who would give up essential Liberty, to purchase a
little temporary Safety, deserve neither Liberty nor Safety.”
– Benjamin Franklin
• Steady Erosion of Privacy Rights (not to mention
other rights)
• Ubiquity of high-level encryption vs. criminals’
ability to crime
• One man’s freedom fighter…
• TOR, i2p, Freenet, and tools of political dissent
• The “Darknet”
• NSA monitoring
• Facebook, Gmail, and Social Media
• Smartphones, and 1984
(Orwell didn’t expect us to buy the cameras.)
Footnote video
(iPhone):

16. ON PGPDISK, TRUECRYPT AND ON-DISK
(OTFE) ENCRYPTION
• On disk encryption uses a cryptographic format to
mask the contents of hard drives (see CGP Grey
Footnote video)
• Previous encryption standards:
• PGPDisk (still actively developed, no longer free, closed
source)
• TrueCrypt (FOSS, no longer actively developed, closed
up and killed the canary)
• BitLocker (closed source, bundled with Windows,
strongly suspected of being back-doored)

17. CRYPTANALYSIS
• Physical attacks – good for physically guarded
systems, such as Scytales, and physical locks.
• Letter and Frequency Analysis
• Cribs