Last time, we started talking about cryptography. After all, if you're going to have a micronational spy agency, you need to know how to keep your secrets, well, secret.
Enigma was a cryptography system used by the Germans in World War Two. Actually, it was a whole family of ciphers, including different strengths for business, diplomatic, and military use. It had a series of internal rotors that changed positions in a defined pattern with every letter typed on the machine's keyboard. When a letter key was depressed, a circuit was completed through the rotors and a corresponding ciphertext letter would light up above the keyboard. Using the same rotor settings, entering ciphertext would result in the corresponding cleartext. The history of Enigma is fascinating, but you can ignore U-571 in terms of historical accuracy. The Imitation Game is somewhat more fact-based, but ignores that Poland had cracked the code as early as 1932. There are a number of "Enigma Emulators" available online, such as this one.
 |
| A Military Model Enigma I, in use from 1930 By Alessandro Nassiri - Museo della Scienza e della Tecnologia "Leonardo da Vinci", CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=47910919 |
Modern cryptography owes a lot to Claude Shannon, who worked in information theory after WW2.
We talked previously about symmetric and asymmetric encryption. Until the 1970s, symmetric encryption was the only option available. The problem with symmetric encryption is that the receiver needs to also have a copy of the key in order to be able to decrypt the message. So, you need to send the key to the receiver, but without anyone else being able to capture/copy it. The Data Encryption Standard (DES) used symmetric encryption, but with a key length of only 56 bits, it is pretty easy to crack on modern computers. Triple DES, or 3DES, gets a bit more clever by using three keys - first it encrypts the data with one key, then decrypts it with a different key (which would really be a second round of encryption) and then a third key is used to encrypt it again (again). 3DES is considered to be fairly secure, but very slow due to the three rounds required.
DES and 3DES are also examples of what's called a "block cipher", meaning it works on "blocks" of data of a defined size (64 bits in the case of DES/3DES) - if you don't have enough data the block needs to be padded out to the defined size, which in some cryptographic systems can be a weakness. Some cryptographic systems are "stream ciphers", meaning that each character coming in is acted upon separately. They tend to be faster than block ciphers, but may be more susceptible to certain forms of attack.
Modern cryptography tends to use systems such as AES, the Advanced Encryption Standard, which is derived from Rijndael, which was developed by Rijmen and Daemen, two Belgian cryptographers. Like DES and 3DES, it's a symmetric-key algorithm, so it's faster but requires keys be communicated.
"Public key" encryption systems expose part of the secret as the "public" part of the key, and keep the rest of the secret as the private key. They do this by exploiting a trick of mathematics - it's very easy to multiply two numbers together, but it's much harder to figure out what two numbers were multiplied together to make a number (i.e., "factoring"). Recall that prime numbers are only divisible by themselves and 1. A product of two primes (say, for example, 3 x 7 = 21) can only be factored into those two primes. Now, 21 is pretty easy, but what about the number 212583? The larger the primes, the harder it is to factor the product and determine the prime numbers used, and public key encryption uses VERY large numbers, like 1024 bits. (A 1024-bit number represents values between 1 and 179769313486231590772930519078902473361797697894230657273430081157732675805500963132708477322407536021120113879871393357658789768814416622492847430639474124377767893424865485276302219601246094119453082952085005768838150682342462881473913110540827237163350510684586298239947245938479716304835356329624224137216.)
As an aside, one of the promises/threats of quantum computing is that it makes this sort of factoring of very large numbers MUCH easier. In response, the National Institute of Standards and Technology (NIST), the US government agency that certifies cryptographic algorithms for use, has already released "quantum-resistant cryptography" standards.
In practice, when you visit a website protected by Transport Layer Security (TLS)(*), your web browser is using a mixture of public key (asymmetric) and private key (symmetric) encryption. When your web browser first connects to a web server, it looks up the server's public key based on its digital certificate, and uses that public key to initiate communication with the web server, perform the "TLS handshake", and set up a session-specific encryption channel. Once that encryption channel is established, a private key is shared (or independently computed by both sides), and that private key is what's used to transmit most of the data (since, recall, symmetric encryption is generally much faster).
Is there such a thing as an unbreakable cipher? Actually, yes - the one-time pad (OTP), when properly prepared and distributed, is provably unbreakable. You need a pre-shared key that's larger than the message being sent - a long sequence of randomly generated characters, for instance. Then you add each character of your message's cleartext to the next character in the OTP to generate the ciphertext. The receiver does the same in reverse with the ciphertext, subtracting characters from the OTP to generate the cleartext. However, you need to distribute the one-time pads. As long as the OTP is never re-used, it was truly randomly generated, and nobody else has managed to get a copy of it, your message will be unbreakable. If you want to try generating your own one-time pads, I find that random.org does a good job of generating randomness.
(*) = You may sometimes hear people refer to TLS as "SSL". This is wrong. Secure Sockets Layer (SSL) was what was in place before TLS, but it's been deprecated since 2015 because it's pretty convincingly broken. Also, only TLS 1.2 and/or TLS 1.3 should be in use, TLS 1.0 and TLS 1.1 have been deprecated for about five years as of time of writing
No comments:
Post a Comment