First, apparently I missed my posting on Tuesday last week - I was in a cybersecurity competition all weekend and forgot to make sure I had postings queued up here, as well as on Instagram (MEDALS Monday and Travel Thursday posts) and on Tumblr (Wednesday Slabovian factoid) and Facebook (Wednesday meme post). Oops. Let's see if we can get back on track this week!
So, let's keep talking about micronational spy agencies, because it's fun. Today, I want to talk about cryptography, because what good's a spy if they don't have their codes, right?
Let's start with some terminology.
First the obligatory etymology: the word "cryptography" comes to us from the Greek words kryptos (hidden or secret) and graphein (to write), so it literally translates to "secret writing".
Basically, cryptography is the technique of making unreadable gibberish out of a message, but in a way that can be undone later so the original message can be read. (This is unlike a "hashing function" like MD5, which is a one-way function; there's no easy way to determine the original message from the hash.)
The method or algorithm we use to encrypt and decrypt the message is called the cipher. The unencrypted message is usually referred to as plaintext, while the encrypted message is called ciphertext.
 |
| The encryption/decryption flow |
What's missing from the above diagram is the key (or "cryptovariable", according to the NSA), an additional piece of information that guides the encryption/decryption processes so that you don't always get the same results. If you use the same key for encryption and decryption, this is called "symmetric encryption" - it's quicker, but if someone else compromises the key then they can read all of your messages. Systems that use different keys for encryption and decryption are "asymmetric" - they tend to be slower than symmetric encryption, in part because the keys are much larger (and thus the math is more computationally intensive), but you can allow part of the key to be publicly disclosed without fear of compromising the system. Public key encryption, which is how your web browser talks to a web server over Transport Layer Security (TLS), works this way, and we'll talk about that a bit more later on.
Historically, cryptographic systems were either substitution ciphers or transposition ciphers. A substitution cipher literally just substitutes a letter for a different letter (or a symbol) in a known way. Morse code is a substitution cipher of sorts, as is ASCII encoding. One of the first known substitution ciphers in history was the Caesar cipher, invented by Julius Caesar himself. He just shifted each letter by three positions in the alphabet, and the last three letters "wrapped around" to the front. So A would become D, B would become E, and so on, and when you got to X, Y, and Z, they would become A, B, and C respectively. A more modern version of the Caesar cipher is "ROT-13", which rotates each letter by 13 places in the alphabet.
As an aside, a lot of "alien languages" in science fiction movies and television shows tend to just be substitution ciphers - basically they write the message in English and then change the font to the galactic equivalent of "Wingdings". Aurebesh (the language used in the Star Wars films) is a bit better, as it uses 34 symbols rather than 26, adding specific symbols for sounds such as "Ch", "Sh", and "Th".
All substitution ciphers suffer from the same basic problem: predictability. We know that, for instance, E is a much more common letter in the English language than, say, X, so a "frequency analysis" of symbols will quickly help us determine which letter is probably an E. Also, short words such as "the" occur very frequently in English, so if we already suspect that H is the ciphertext for E, and we see WKH several times in our ciphertext, then WKH is probably the encoded THE, and now we have a couple more letters. By proceeding in this way, given enough ciphertexts you can always crack a substitution cipher.
Transposition ciphers, on the other hand, try to "scramble" the plaintext (albeit in a predictable way, so the scrambling can be undone) to generate the ciphertext as a permutation. For example, you could just write all of your text backward. Historically, these might have been tough to crack without knowing the key, but not impossible - if you have some idea of which words should appear in the plaintext, and you can identify the corresponding letters in the ciphertext, that can help you determine how the scrambling occurred (and how to reverse it). Modern computers can generally apply brute-force solving methods to quickly crack such ciphers. (When I run across such ciphers during cybersecurity competitions, I usually go to dcode.fr as my first stop - it can often identify the cipher AND solve it in a matter of seconds, by trying various permutations and combinations and looking for English-language words in the results.)
Based on the above, you can probably determine that more effective cipher systems will combine substitution and transposition...
Next time we'll continue talking about cryptography, including more modern systems.
No comments:
Post a Comment