Embed Size (px)
Citation preview
Running Head: The Best Option for Secure Communication
The Best Option for Secure Communication
William Meek
University of North Carolina at Charlotte
Introduction to Data Encryption
Throughout my life I have always found myself excited by topics surrounding espionage
after growing up watching popular figures of modern culture such as Jason Bourne, Ethan Hunt,
and the great James Bond on the big screen. It was while watching The Blind Banker, an episode
of the BBC television series “Sherlock” that I first began to develop interest in cryptography. In
this episode, a fictional gang known as the Black Lotus was using a cryptosystem which used
ancient Chinese numerals that corresponded to the page number and word on the page in a book.
The reason I find cryptography so fascinating is the competition. Each cryptosystem is like a
game of chess between the group who develops the encryption method and the group who is
attempting to decrypt the system. Steganography holds the same quality: can the creator develop
a system powerful enough to allow data to be communicated undetected or will the attacker
notice that the information is being transferred? This competitiveness raises the question, how
does one go about creating a system which cannot be broken?
Currently, public key cryptography is accepted as the best method for encryption, which I
agree with one thousand percent because it requires two keys to decrypt rather than one, a public
key and a private key. The reason I like this system is because it is not only complex, but it
works on a competitive level. In chess, the key is not to have the best strategy, but to be able to
predict your opponent’s moves. I believe that when developing an encryption system one should
focus primarily on how the attacker will try to decrypt the system rather than making the most
complex system. Public key encryption does an excellent job of this because it is formed on the
theory that multiplication can be done quickly but factoring takes a much longer time to do.
Furthermore, since it involves modular division, it is extremely difficult to determine the public
key, and once an attacker learns the public key, they still have to determine a private key, and
then after they finally figure that out, they still have to determine which numbers correspond to
letters. The entire system is designed, not to be extremely complex, but to be a royal pain to
decrypt.
It is for this reason that of the many types of public-key cryptosystems, elliptic-curve
cryptography (ECC) is my favorite. After 29 years of research, an algorithm to effectively solve
ECC has yet to be found. It is possible to calculate the amount of energy it takes to solve a
cryptographic system and compare that to how much water the same amount of energy could
boil. By this measure, breaking a 228-bit RSA (the most common type of public key encryption)
key requires less energy than it takes to boil a teaspoon of water. Comparatively, breaking a 228-
bit elliptic curve key requires enough energy to boil all the water on earth [Sullivan, 2013], just
to give you an idea of how complex the system is.
Terms:
Cryptology: When defining cryptology, Stinson [2005] considers three main points;
cryptography, cryptanalysis, and cryptosystems. Cryptology is the study of codes and methods of
deciphering codes. By nature, cryptology must incorporate technology – a tool or technique
applied to aid in the acquisition of a want or need. Boone [2005] discusses some of the different
technologies in which cryptology has been used throughout history.
Cryptography: The fundamental purpose of cryptography is to allow two or more
people to communicate over an insecure channel in such a way that an opponent cannot
understand what is being said [Stinson 2005]. Cryptography is the practice of
communicating through messages containing encrypted data. Early encryption patterns
used in cryptography involved simple one-way functions. Hankerson, Menezes, and
Vanstone [2004] describe the path from some of the more modern (and much more
Commented [WM1]: Combine current “entering conversation” with current literacy review. Remove terms with less significance to the paper.
Commented [WM2]: Include “Literature Review” within the section header.
advanced) processes RSA, DL, and elliptical curve encryption schemes. These modern
systems are based on complex mathematical functions which yield scattered values that
are nearly impossible to calculate mentally making their encryption process difficult to
solve resulting in more secure systems – the ultimate goal of cryptography.
Cryptanalysis: Cryptanalysis is the process of deciphering known cryptosystems.
According to Stinson, cryptanalysis follows four primary attack models; ciphertext only
attacks, known plaintext attacks, chosen plaintext attacks, and chosen ciphertext attacks.
Cryptosystem: A cryptosystem is the term used to describe the mechanics of a
cryptograph or cryptogram, which is being used in the real world. Stinson defines a
cryptosystem as a function with five variables (P, C, K, E, D) in which the following
rules are satisfied:
P is a finite set of plaintexts.
C is a finite set of possible ciphertexts.
K, the keyspace is a finite set of possible keys.
E and D represent encryption and decryption and can be used to decrypt
ciphertext in the function where 𝑑𝐾(𝑒𝐾(𝑥)) = 𝑃𝑥
In a cryptosystem, plaintext is the message which is being communicated between two or
more allies and ciphertext is the encrypted message which is actually sent [Stinson 2005].
Singh [2001], Stinson [2005], Low and Stamp [2007] explain some of the basic
cryptosystems which have been popularly used throughout history and can be combined
to develop more complex cryptosystems.
Steganography: The literal translation of steganography is “covered writing.” Steganography is
the hiding of secret messages within another seemingly innocuous message, or carrier [Johnson,
Duric, Jajodia, 2001].
Steganalysis: Steganalysis is the process of trying to detect hidden messages. Through
examining steganalysis, we begin to see steganography’s advantage over cryptology. It
can be extremely difficult to break steganographic codes because it is not obvious that
there is a message which needs to be detected. Hidden messages which do not
incorporate the use of digital media are especially difficult to detect because they have
fewer restrictions to the means of their camouflage. Kumar and Pooja [2010] explain the
two primary approaches which can be applied in steganalysis regarding digital medium.
First, examining the size of the file and determining whether or not the content of the
file is consistent with its memory usage. For example if you saw a Microsoft Word
document that was one page in length (a file which would typically contain 10-15
kilobytes of memory) but was stored using an entire megabyte (1000 kilobytes) of
memory, that would raise suspicion. The second method is more advanced and requires a
stronger understanding of computer language. This method is to observe variances
between bit patterns, so unless you had a program searching for specific recurring bit
patterns or a strong understanding of binary language, file compression, and digital
memory and storage systems; a skill set which very few people possess.
Stegocarrier: A stegocarrier is the message which is sent between two or more allies in
which the concealed message is contained.
ASCII: ASCII is the American Standard Code for Information Interchange. It is an
encoding scheme used in computer programming which translates the English alphabet, a
Commented [WM3]: Explain why files with larger than expected sizes raise suspicion. Talk about how this indicates the presence of data which is not being displayed to the user.
set of special characters (such as punctuation marks), and the numbers (0-9) into binary
code, the language which all computers use to operate. The ASCII system is important to
steganography because it stores each character as one byte. A byte is comprised of 8 bits
which each store a value of either 1 or 0 (binary). Because not all of the bits in each byte
are used to store significant data, some of the bits can be modified. This is an important
concept in the application of digital steganography.
Digital Water Marking: Digital watermarking is essentially commercially applied
steganography. Just as a non-digital watermark typically provides information about the carrier, a
digital watermark are attributes of their cover work. Digital watermarks can be used to trace,
identify, and locate digital media across networks. They are especially useful addressing issues
related to intellectual property and copyright infringement [Johnson, Duric, Jajodia, 2001].
Digital watermarks include three key components, the embedder, detector, and cover work.
Embedder: The embedder carries two pieces of information; the secret message, and the
cover work which the message is hidden in.
Detector: The detector uses a cover work as input and checks whether or not the work
includes a payload of hidden information and outputs that information if it is present. In
other words, the detector is essentially a specialized search engine. Imagine something
like Google except instead of entering a search term, the detector already knows what key
to search for and displays the hidden message within the cover work.
Cover Work: The cover work is the stego-carrier in which the secret message is
concealed. Essentially, a cover work is just a file but since the ultimate goal is to have
some embedded information which most people wouldn’t notice, they are generally used
in files which store unnecessary data. For example if you were using a text file, it would
be more beneficial to use a .doc (word document) file rather than a .txt (text) file because
the word document will store lots of extra information that a .txt file wouldn’t and this
extra information can be modified to contain a hidden message instead of adding the
message to a .txt file resulting in a file with a suspiciously large memory size.
Why Elliptic Curve Cryptography is the Best Choice
It is clear that throughout history, many systems related to data hiding have been
implemented, but which method of secure communication is the most effective? Both
cryptography and steganography have their advantages and disadvantages. When using
cryptography data is more secure, but ultimately since an outside party is aware the information
is being exchanged, they will eventually break the code. In steganography, if the system is
effective enough, the data will go unnoticed, and the outside party will never know the
information was exchanged, however, there is no encryption, so if the outside party does detect
the data transfer, there is no security to protect the sent message.
Cryptography is the more effective system to use when exchanging data that is only
required to maintain secret for a limited amount of time. For example, if a company is
exchanging information about a new product, once the product is released, the information is no
longer required to maintain confidential. More specifically, the most beneficial cryptosystem to
use would be one based upon elliptic curve cryptography such as ECDSA (elliptic curve digital
signature algorithm) and ECDH (elliptic curve Diffie-Hellman). Systems incorporating ECC are
popularly accepted as the most effective form of modern cryptography, but in order to
understand their effectiveness, we must first identify what they are.
Elliptic curve cryptography is a very complex system to explain. I myself spent countless
hours reading and rereading multiple sources just to comprehend the basic property of the
Commented [WM4]: Literacy review should circle back around to my figured world from assignment 1.
Commented [WM8]: In entering the conversation, consider talking about the advantages of ECC for security in mobile devices.
Commented [WM7]: In the new literature review section, explain the memory storage and retrieval process specifically pertaining to how fewer bits corresponds to faster performance.
Commented [WM6]: Talk about why it is important to have fewer bits since mobile devices have less processing power.
Commented [WM5]: Research and briefly discuss WHY mobile devices have less processing power and potentially how much less.
system. Comprehending the basics of ECC requires the understanding of two key elements:
public-key encryption, and elliptic curve mathematic functions.
Most experts agree that cryptology can be divided into two eras: classical and modern.
The classical era consisted of simple mathematic functions involving transference and
substitution properties as well as encryption methods based out of books but the factor which all
of the classical-era cryptosystems contained was the requirement of the members of the party
relaying information to have prior knowledge of the key before the information was sent. The
modern era of cryptography began in 1977 when both the RSA algorithm and Diffie-Hellman
key-exchange algorithm were introduced [Sullivan, 2013]. What separates the two eras is that
through incorporating a public key, members of the party attempting to create secure
communication can use separate private keys, and still retain the ability to decrypt the cipher-
text.
Though ECC is extremely difficult and time consuming to decrypt for external parties,
the reality is that it can still be decrypted. Previously, I discussed how cryptographic systems are
the strategic choice of secure communication for messages which have constraints to the amount
of time they must remain unknown (ie a company’s new product). What about the preferred
method of transferring data that must remain unknown to outside parties for an infinite amount
of time? One would think that steganography would be the preferred method of secure
communication in instances such as these, but in fact, I would still argue that the ECC is a more
beneficial way to go. Assuming the numbers used during the encryption process of ECC are in-
fact random, the constantly changing encryption scheme combined with the single mundane
approach to cryptanalysis which exists for the particular system should provide enough security
for the system to be effective long-term. That is not to say steganography is a useless practice.
Commented [WM9]: Consider combining these two paragraphs for organizational purposes.
Digital steganography and watermarking primarily focus on sending individual bits of data in
places where they can be transferred undetected. Digital cryptosystems can be strengthened by
sending the ciphertext in methods incorporating steganography. Because the message is digital,
no matter how complex the number being sent is, it is ultimately going to be sent as a bit stream.
A bit stream is simply the representation of the message being conveyed in binary language, a
language in which all computers use to operate which uses only ones and zeroes.
The most common places to hide the information sent in steganography is in text, image,
audio, and video files. I will be using text-file based steganography systems for examples as they
do not require the composite knowledge of digital bit storage to and memory retrieval to
understand as systems using image, audio, and video files do. All we need to understand for text
based systems is how text is stored electronically which I will break down step by step. Digital
text is stored as either a variable or a constant, which are simply values stored in the computer’s
memory (the only difference is that a variable’s value can be changed and a constant’s cannot) in
this case a “string.” A string is stored as an array of letters/characters called “chars.” For our
purposes, an array is a series of elements (in this case chars) which all reference the same
variable/constant name and a unique index. Furthermore, the computer stores each char as an
integer (called “int”) which corresponds to a specific character, in our examples the ints which
represent each character will be derived from ASCII. Finally, the integer which corresponds to
the correct character is converted into binary code, the language comprised of only ones and
zeroes which the computer actually understands. For example, if you were to type the message
“Hello World!” into the computer, this is how the message would be stored at each step:
string message = “Hello World!”;
char message[12] = {‘H’, ’e’, ’l’, ’l’, ’o’, ’ ‘, ’W’, ’o’, ’r’, ’l’, ’d’, ’!’};
char message[12] = {72, 101, 108, 108, 111, 32, 87, 111, 114, 108, 100, 33};
Bit string (or binary value) which variable or constant “message” is stored:
010010000110010101101100011011000110111100100000010101110110111101110010011011
000110010000100001
Now that we understand how textual data is stored, we can use this information to identify how
some text-based steganography works. Many forms of text-based steganography take advantage
of ASCII’s redundancy for “space” values in its char codes. For example, using ASCII’s codes,
values 7, 9, 12, and 32 all represent spaces. To use this in the simplest way possible, you could
write messages in binary where a space with ASCII code 7 represents a zero and a space with
ASCII code 9 represents a one. Below is an example of how one could create a stego-carrier
which would contain the letter ‘A’ as a hidden message (binary translation of ‘A’ = 010000001):
What user sees: I am happy to be alive days like today!
What the computer stores in char codes (ints representing a space are highlighted):
073 007 097 109 009 104 097 112 112 121 007 116 111 007 098 101 007 097 108 105 118 101
007 100 097 121 115 007 108 105 107 101 009 116 111 100 097 121 033
Using a system like this would allow one to write out a long essay which seemed harmless in
order to disguise streams of underlying information. This particular system is extremely effective
at hiding the transference of information since it neither yields a visible change in the display nor
noticeably modifies the file size (amount of memory space the file uses).
Commented [WM10]: Clarify further which elements the computer sees versus which ones the user sees.
Significance of ECC and Steganography
Though I still do not fully comprehend it, I cannot emphasize enough the power of ECC
when it comes to information hiding. Influential companies and organizations around the world
have already adopted ECC. The United States government uses it for internal communication
protection, Bitcoin provides proof of ownership through it, and Apple’s iMessage service
signatures are derived from it [Sullivan, 2013]. I have always believed that facts speak for
themselves and thus reiterate that after 29 YEARS of research, no effective method of
cryptanalysis has been found to decipher this particular cryptosystem! As of 2013, it was
estimated that the (at that time) currently used RSA and Diffie-Hellman algorithms would be
decrypted within five to ten years and that the ONLY suitable encryption scheme to use in the
future would be ECC [Sullivan, 2013]. For all the excitement I reserve about this technique, it
seems silly that I still do not fully understand it. Perhaps I deem the system more complex than it
truly is due to this. I understand how the construction and decryption supposedly work, but what
I fail to comprehend is how the plain-text is transferred within the cipher-text. In other words, I
understand how the graph is created, and how the public key is created using the graph and
private key. What eludes me is one, how the encryption process works after the public key is
determined to get the locations of the point which generates the cipher-text, two, how the point
which the cipher-text is based upon is translated into the bit stream which is actually sent, and
three, how the plaintext is incorporated in the entire cryptosystem. What’s frustrating is that of
these three uncertainties, I understand at least half of each concept, but not enough to wrap it all
together.
My experience as a programmer have allowed me to have a much stronger grasp of
digital steganography and water-marking. This is one of the reasons which concludes me to
Commented [WM11]: Include “conclusion” in section header.
Commented [WM12]: Remove the vinegar from this sentence.
Commented [WM13]: Insert an actual graph under the paragraph.
Commented [WM14]: HAS
reject steganography as a viable source of secure communication. Anyone who understands a
beginner to intermediate level about memory and the file type which is being used as a cover-
work can breach the security of steganography extremely quickly, all they have to do is check to
see if hidden information is present. If someone like me, who has only taken three classes
studying computer programming can fully and easily comprehend how the system works, its
effectiveness is obviously not going to hold if someone experienced in steganography or
steganalysis is looking for it.
This brings me back to one of my initial points in the introduction, they key to designing
a cryptosystem with a high degree of difficulty to decipher is not to think about how to make the
system more complex, but to consider the approach the attacker will take when decrypting and
constructing a system designed to make whatever steps the attacker wants to take impossible or
useless. After conducting research and attempting to understand how ECC works myself, I can
testify that it is truly a trapdoor encryption system which eliminates every conceivable short-cut
or trick the attacker would want to use, and it is for this reason that it has gained my respect as
the most secure means of private communication which currently exists.
Annotated Bibliography
STINSON, D.R. 2006. Cryptography Theory and Practice. Chapman & Hall/CRC Taylor &
Francis Group. Boca Raton, FL.
When explaining cryptology, Stinson regularly mentions three important figures. Alice
and Bob; the two) people transmitting encrypted messages, and Oscar; the “opponent”
eavesdropping on those messages. Stinson opens his book by explaining the primary purpose of
cryptography and how a cryptosystem operates. He then continues his introduction to cryptology
by introducing some of the basic kinds cryptosystems (Shift Cipher, Substitution Cipher, Affine
Cipher, Vigenère Cipher, and Hill Cipher) and explains how to compose and “break” each of
those unique systems. After teaching some of the basic methods for creating cryptosystems,
Stinson explains the basic ways to break them (attack models). Before revealing these methods,
Stinson defines Kerckhoff’s Principle which states that, more often than not, Oscar knows the
cryptosystem being used [Stinson 2006]. After explaining these techniques, Stinson introduces
the first method which can be used to create cryptosystems which can be considered beyond a
basic level. This product cryptosystem, developed by Claude Shannon in 1949, is created by
combining two or more cryptosystems to form their “product,” a practice which has become a
fundamental factor of modern cryptosystems [Stinson 2006].
JOHNSON, N.F., DURIC, Z., JAJODIA, S. 2003. Information Hiding: Steganography and
Watermarking - Attacks and Countermeasures. Kluwer Academic Publishers. Norwell,
MA.
This article begins by defining steganography (literal translation “covered writing”) as
the art of hiding and transmitting data through apparently innocuous carriers in an effort to
conceal the existence of the data [Johnson, Duric, Jajodia, 2003]. It then discusses the difference
between steganography and cryptography; Cryptography is a means of providing secrecy by
scrambling a message, whereas steganography focuses simply on hiding the very existence of the
message itself [Johnson, Duric, Jajodia, 2003]. The book discusses the advantage of
steganography over cryptology; that the scrambled messages used in cryptosystems often times
draw attention whereas when using steganography, the enemy is unaware a message was ever
transmitted. The book notes the significance of this factor when discussing how the techniques
used to attack cryptosystems versus hidden messages. After defining steganography, it’s
counterpoint cryptography, and the relationship the two share, the references some of the
particularly successful developments in steganography throughout history including microdot
technology, a technique developed by Germany in World War I so successful that modified
versions are still being used today [Johnson, Duric, Jajodia, 2003]. After summarizing some of
the various recorded applications of steganography throughout history, the book lists and
describes some of the countless methods used to conceal information in digital media including
the use of inherent network protocols, allocated files in unused disk space, and audio/image files.
BLOOM, J.A., COX, I.J., FRIDRICH, J., KALKER, T., MILLER, M.L. 2008. Digital
Watermarking and Steganography. Elsevier Inc. Burlington, MA.
This book’s purpose was to provide framework for watermarking technology research
and development and discusses solely still image watermarking techniques since the authors’
have experience dominantly in this area as well as video aspects of the field. The book begins by
presenting an example of watermarking; President Jackson’s reflection which can be seen when
holding a $20 bill to the light. Watermarking’s advantage which makes it so difficult to detect is
that it can be applied to nearly anything including physical substances like fabrics, inks, and
packaging as well as electronic sources, most commonly audio, image, and video files. Next, the
book describes the primary difference between steganography and watermarking which is that
when practicing steganography, it is more common to use whatever medium the message is
hidden in as a decoy to camouflage the hidden message which is unrelated to the primary
message or piece of data which is being sent [Bloom, Cox, Fridrich, Kalker, Miller, 2008].
Similar to steganography, watermarking uses an embedder, and a detector. The embedder carries
two pieces of information; the secret message, and the “cover work” which the message is
hidden in. This cover work is then presented as input to the detector which checks whether the
work includes a payload of hidden information and outputs that information if it is present
[Bloom, Cox, Fridrich, Kalker, Miller, 2008]. Next the book discusses the history of both
watermarking and steganography followed by a section explaining the importance of each of
these fields. The second chapter begins by listing and describing in detail the applications of
watermarking and steganography. The book continues to follow this comparison/contrast trend
as it goes on to discuss the properties of the two fields and an evaluation of their systems.
Chapters three through ten focus specifically on watermarking including detailed examples of
actual watermarking models or techniques, how to encode messages in those assorted techniques,
and watermarking-related security.
GAGNANI, L., JOSHI, R., PANDEY, S. 2013. Image Steganography. International Journal of
Advanced Research in Computer Engineering & Technology (IJARCET), 2, 1, 224-227.
After giving a brief background of steganography, cryptography, and the similarities and
differences between the two, this article discusses why steganography has gained superior
popularity over cryptography. Steganography has taken off as one of the most used methods of
data hiding due to a lack of sophistication in cryptographic systems. This is primarily a result of
government interference. Putting legal limitations on the strength of cryptographic systems or
outlawing them altogether has become common practice, not only in the United States, but in
governments around the world forcing people to study alternative methods of transferring secure
information [Gagnani, Joshi, Pandey, 2013]. The article also mentions how businesses have
played a large role in generating popularity of steganography over cryptology discussing their
necessity for means of secure communication such as new product information or trade secrets
and why it is more valuable to them to send undetected messages rather than suspicious
encrypted files [Gagnani, Joshi, Pandey, 2013]. Following this analysis of steganography’s
advantages, the article discusses some of the different mediums in which steganography can be
applied including, text, imagery, and audio files. Following the list of mediums is a list of
common methods which are used to hide data in image files and explanations of how the data in
each bit of memory that stores the image file is modified to hold information.
LEE, I.-S. TSAI, W.-H. 2008. Data Hiding in Emails and Applications Using Unused ASCII
Control Codes. Journal of Information Technology and Applications, 3, 1, 13-24.
In this article, the medium by which hidden information is to be passed through is
referred to as the cover carrier and the result of the embedding is referred to as the stego-carrier
or stego-email since the article focuses specifically on email as a medium. The article begins by
discussing the two types of digital text documents, hard-copy and soft-copy. A hard copy text
document may be treated as a binary image resulting from scanning a text document, while a
soft-copy document may be regarded as an American Standard Code for Information Interchange
(ASCII) text that can be edited by text editing software such as Microsoft Word [Lee, Tsai,
2008]. Lee and Tsai continue by giving some brief examples of methods which can be used to
implement data hiding in both hard and soft-copy text documents which range from generating
binary code out of the number of space between words [Bender in Lee, Tsai, 2008], to generating
code by assigning values to context-free grammar [Wayner in Lee, Tsai, 2008], to embedding
data within the unused space of file headers (spaces which are invisible to most readers after
being automatically disregarded upon opening the files) [Cantrell and Dampier in Lee, Tsai,
2008].
KUMAR, A., POOJA, K. 2010. Steganography: A Data Hiding Technique. International
Journal of Computer Applications. 9, 7, 19-23.
After giving a brief background and explanation of steganography, Kumar and Pooja
describe some of the methods of steganography used throughout history including wax tablets
containing concealed messages scratched into the underlying wood from ancient Greece, the
German microdots, and letters with two messages, one written in visible ink, the other written
between the lines with invisible ink. Next they explain some of the practical uses of
steganography. These uses can be helpful to the public such as creating stronger online user
security for features such as e-commerce to developing better ways to hide a dirty little secret (or
a big one). The next section of the article simply compares and contrasts steganography to
cryptology. Following that, is a description of steganalysis or "the process of detecting
steganography by looking at variances between bit patterns and unusually large file sizes”
[Kumar, Pooja, 2010]. This section discusses the approaches to recognizing stego-carriers and
the tools available to make detection easier.
BOONE, J.V. 2005. A Brief History of Cryptology. J.V. Boone. Annapolis, MD.
Boone begins by iterating how important cryptology has become in everyday life, after
all, we are currently living in the “age of information” and as a given, some of that information
needs to be protected. Boone continues to recognize the significance of cryptology by quoting
President Eisenhower:
“In war, nothing is more important to a commander than the facts concerning strength,
dispositions, and intentions of his opponent and the proper interpretation of those facts. In
peacetime, the necessary facts are of a different nature. They deal with conditions,
resources, requirements, and attitudes prevailing in the world. They and their correct
interpretation are essential to the development of policy to further our long-term security
and best interests” [Eisenhower in Boone, 2005].
After preaching the importance of cryptology and giving a short explanation of what it is, Boone
begins to list some of its biggest achievements throughout history such as Arthur Scherbius’
ENIGMA and many other cryptographic systems and or tools developed during World War II.
The second chapter discusses some of the first mechanical devices relative to cryptology from
the 1200’s to the 1800. The third chapter discusses devices developed in the 1800’s and begins to
describe the significance of some modern devices such as the telegraph and phone.
SINGH, S. 2001. The Code Book: How to Make It, Break It, Hack It, Crack It. Simon Singh.
New York, NY.
Singh begins by summarizing the story surrounding Mary Queen of Scots. She had been
accused of high treason with plans to assassinate Queen Elizabeth of England, correctly so. The
issue surrounding the case was that Mary had only communicated with the group responsible for
conspiring to assassinate Queen Elizabeth through letters written in a cipher. In order to prove
her guilt and secure her conviction, Sir Francis Walsingham had to break the cipher [Singh,
2001]. Singh then begins to mention some of the earliest recorded accounts of the use of “secret
writing” throughout history dating all the way back to Herodotus, the supposed father of history.
According to Herodotus, it was a method of secret writing which saved the Greeks from being
conquered by Persia during the Peloponnesian Wars. After summarizing the beginnings of
cryptology, Singh divides the field into two major branches, transportation, and substitution.
Transportation is a method related to scrambling the order of characters in a message. By using
transportation, it is possible to generate over 50,000,000,000,000,000,000,000,000,000,000
possible combinations out of a sentence containing only 35 words [Singh 2001]. Substitution is
the process of pairing specific corresponding symbols with one another and then swapping each
of them when encrypting.
LOW, R.M., STAMP, M. 2007. Applied Cryptanalysis: Breaking Ciphers in the Real World.
John Wiley & Sons, Inc. Hoboken, NJ.
This book breaks ciphers into four main categories; Classic ciphers, WWII ciphers,
stream ciphers, and block ciphers. The book begins by explaining basic terminology associated
with cryptology. Following this introduction is a list of some of the “classic” types of ciphers
that have been used throughout history including transposition ciphers, double transposition
ciphers, substitution ciphers, and affine ciphers. After describing these basic ciphers, Low and
Stamp explain the index of coincidence or probability that two randomly selected cipher text
symbols represent the same symbol in plaintext [Low, Stamp, 2007]. Following this theory, the
book describes why the only cryptosystem which is truly invulnerable to ciphertext-only attacks
is the one time pad, a cipher based in binary language which uses a key to trans-morph the plain
text when encrypting it. The book also explains how a codebook cipher works, essentially the
plaintext and ciphertext words are all paired in a book and as long as the book itself is secure, the
messages transmitted are nearly impossible to decipher, due to the overwhelming amount of data
this system allows storage for.
SULLIVAN, N. 2013. A (Relatively Easy to Understand) Primer on Elliptic Curve
Cryptography. ars technica. http://arstechnica.com/security/2013/10/a-relatively-easy-to-
understand-primer-on-elliptic-curve-cryptography/
In his article, Sullivan breaks down public-key encryption – the format which modern
cryptography is based upon, and explains how elliptic curve cryptography (ECC) works. The
article explains the RSA system, the most popular form of public-key encryption, and why it was
necessary to develop ECC. Because RSA is built upon factoring, it is ultimately not sustainable
as a long-term source of encryption, hence, ECC was conceived. Like RSA, ECC uses modular
division to keep numbers appearing random, but instead of using multiplication to generate
numbers, it uses elliptic curves. All elliptic curves follow the expression 𝑦2 = 𝑥3 + 𝑎𝑥 + 𝑏After
explaining ECC, Sullivan notes ECC’s accelerating gain in popularity and lists some of the
applications in which it is currently being used including the United States government internal
communication protection, proof of bitcoin ownership, and Apple’s iMessage service signatures
[Sullivan, 2013]. Sullivan proceeds to list some of the flaws in ECCs discussing the flaw in the
electronic random number generator. When a computer generates a “random” number, the
number is actually selected from a sequence and therefore not truly random at all. Given this
information, if an attacker had a list of the random numbers that a selected piece of software
using an ECC contained, they could predict the “random” number and relatively easily decrypt
the information being transferred. Fears of these threats were legitimized in 2013 when
companies using ECDSA (a variant of ECC) for online security were hacked including bitcoin
suffering losses around 1.2 million dollars and Sony’s Playstation network suffering losses of
approximately 171 million dollars [Sullivan, 2013]. Despite these drawbacks, many experts
predict that the currently implemented RSA and Diffie-Hellman encryption schemes could be
broken within five years (as of 2013) leaving ECC based encryption methods as the only
possible alternative for the future.
