Linxz' Blog

Still trying to think of something witty, I will let you know once I get something...

Home Blog
27 January 2019

A Preface to Cryptography Part II

Tags: crypto

Disclaimer

I am not a Cryptographer, I am not a Cryptography student, Cryptology is not my discipline. Please note that there is no guarantee that everything in this series of blog posts is/will be correct, I cannot be held accountable for you implementing a poor crypto system because you decided to do no further reading than my posts. Crypto is a very hard discipline, it takes years & years to get it right. Just keep this in mind when reading my posts, thanks! With that said, I will do my absolute best to ensure that every post is 100% accurate!

Introduction

In the last post we covered a very basic introduction to cryptography, we talked about some applications of cryptography, discussed the differences between the terms cryptology, cryptography & cryptanalysis. Then we shed light on one of cryptography’s most important principles and finally we touched a little on what it means to “roll your own”.

Today’s post is again a pretty basic introduction to cryptography and more or less continuing on from our last post. We’re first going to look at the principles of cryptography and what it actually aims to achieve, then we will focus on the history of cryptography for the rest of the post. As there is a lot of history to digest I want to keep it at that so I don’t implode your brain when we move into some math stuff! There is plenty of extra reading to do off the back of this post so I think we can leave it at that.

Principles of Cryptography

It can be said that cryptography has four main principles, or rather it has four tasks which it sets itself to achieve, these are: confidentiality, integrity, authentication and non-repudiation. You’re going to hear these a lot as you venture through InfoSec so you better get used to them! (I personally actually hate hearing this spiel of terms however as I said, you need to get used to them as they’re said a lot throughout InfoSec)

  1. Confidentiality - used in order to prevent disclosure of information to unauthorized parties, we can achieve this by using cryptographic algorithms to encrypt the data. Making it unintelligible to everyone except those who are authorised to view the material.

  2. Integrity - used in order to ensure consistency and accuracy of data during its life time. By using a digital signature or by hashing the received data and comparing the hash value with the original hash value.

  3. Authentication - used in order to confirm that a part is the party you actually want to be communicating with. In order to achieve this we can use many methods such as a pre-shared key, public/private key cryptography we could also do this using a message authentication code (MAC) which will allow us to verify the message came from the stated sender (more on MAC later)

  4. Non-repudiation - used to confirm that an entity had involvement in some communication preventing a party denying they ever sent a message this can also be done using a digital signature.

It could be said that there are more principles of cryptography such as accessibility, authorization and more however, I think we have covered the main four in some detail and throughout the blog series we will cover them in a lot more depth; specifically we will dive into the maths behind the algorithm and the algorithm design on a whole.

A Not-So Brief History of Cryptography

Cryptography is said to have begun around the Egyptian times where Egyptians would develop non-standard hieroglyphics in order to hide messages from those who were not meant to read them. We also know that the Sumerians developed “Cuneiform” around this time too which could be seen as another sort of cryptography. As time passed around 600-500 before Christ we know that Hebrew scholars started to make use of simple Monoalphabetic substitution ciphers such as Atbash

Note: Monoalphabetic Substitution Cipher equals “simple substitution cipher” i.e, a substitution cipher that relies on a fixed replacement structure. In layman’s terms, that means that the substitution is fixed for each letter so if Z became G then every Z would be G. An example of this is the Caeser Cipher.

We then know that around 100-1 A.D the Romans started to invent ciphers such as the Caeser Cipher. Moving on, around 801-873 A.D a Muslim mathematician by the name of Al-Kindi (Alkindus) developed techniques for breaking Monoalphabetic substitution ciphers. On from here we start to see a lot more use & creation of different cipher techniques, in 1466 we see the creation of the first Polyalphabetic cipher from Leon Battista Alberti known as the “Alberti Cipher” not only that but he also invents the first known mechanical cipher machine.

Note: Polyalphabetic Substitution Cipher is any cipher based on substitution but using multiple substitution alphabets, the most notable example of this would be the Vigenère cipher. We will cover how this actually works later however if you’re interested now Crypto Corner has a great post on Polyalphabetic Substitution Ciphers

In 1553 we see another entry to Polyalphabetic Substitution ciphers when Bellaso invents the Vigenère cipher a book is later published in 1585. For those who are interested in the history of monarchy, you may know that in 1586 cryptanalysis was used by Sir Francis Walsingham to implicate Mary, Queen of Scots in the Babington Plot to murder Elizabeth I of England. There’s a pretty massive gap from here, we see some activity in 1641 however it is not until 1793 we see some movement when Claude Chappe establishes the first long-distance semaphore telgraph line of course then in 1795 we see Thomas Jefferson release his famous “Jefferson Disk Cipher”. Cut to 1800-1899 we see some more interesting developments with George Scovell’s work on Napoleonic ciphers during the Peninsular War, Joseph Henry building an electric telegraph, Samuel Morse developing the Morse code, Charles Wheatstone inventing the Playfair cipher and perhaps most notably, Charles Babbage developing techniques for breaking Polyalphabetic ciphers. In 1855 we saw Babbage breaking Vigenère’s Autokey cipher (deemed the “unbreakable cipher” of the time) and a much weaker cipher that we call the Vigenère cipher today. Cut to 1883 and we finally see Kerckhoff’s “La Cryptographie Militare” published, in 1885 we then see the Beale ciphers published.

Moving into the 1900s we see a considerable amount of progress in Cryptography with Gilbert Vernam developing the first practical implementation of a teletype cipher, now known as a stream cipher and a while later we see Joseph Mauborgne produce the one-time pad. Over the next few years we start to see a lot more usage of cryptography throughout military & government. In 1932 we see Marian Rejewski breaking the Germany Army Enigma for the first time. In 1940 we see further successful cryptanalysis when the SIS team break Japan’s PURPLE machine. Cutting into April 1943 we see Max Newman, Wynn-Williams, and their team (Alan Turing included) at the secret Government Code and Cypher School complete their work on the “Heath Robinson” which is a specialised machine designed for cipher-breaking. Following on from April 1943, in December 1943 we see The Colossus Computer was built, by Thomas Flowers at The Post Office Research Laboratories in order to crack the German Lorenz Cipher SZ42 the Colossus was used at Bletchley during World War II as a successor to the Robinson. Towards 1950 we see some more movement in the cryptography world, most notably Claude Shannon releases his paper that establishes the mathematical basis of information theory and he also publishes “Communication Theory of Secrecy Systems” in the Bell Labs Technical Journal.

Going into the 50s we don’t see much movement, in 51 we see the NSA founded and the KL-7 rotor machine being introduced sometime after. We see a few events happen during the 60s but not an awful lot of movement, of course in 1969 we see the first hosts of ARPANET however, we don’t see a major entry in Cryptography until 1973 when Horst Feistel developed the Feistal network block cipher design. Cut to 1976 and we see the Data Encryption Standard being published as an official Federal Information Processing Standard for the United States, alongside we this we have a publication titled “New Directions in Cryptography” from Diffie & Hellman. In 1977 RSA public key encryption is invented and in ‘78 Robert McEliece invents the first asymmetric encryption algorithm to use randomization in the encryption process, this was known as the “McEliece cryptosystem” following on from Stephen Wiesner’s idea in the 70s, in 1984 Charles Bennett and Gilles Brassard design the first quantum cryptography protocol, BB84 (I know what you’re thinking, quantum crypto is really that old!?!? Yes, it is! Fascinating, right?!). In 1989 we see quantum crypto experimentally demonstrated in a proof-of-the-principle experiment by Charles Bennett. In 1991 Phil Zimmermann releases the public key encryption program PGP along with its source code. In ‘94 Secure Sockets Layer is released by Netscape and Peter Shor devises an algorithm which lets quantum computers determine the factorisation of large integers quickly alongside this the proprietary, but un-patented RC4 algorithm is published on the Internet in addition this, the first ever RSA Factoring Challenge from 1977 is decrypted as “The Magic Words are Squeamish Ossifrage” (see, I bet you did not expect to get a bit of nerd humour out of this, did you? :D) In 1995 the NSA publishes SHA-1 as part of its Digital Signature Standard.

Finally we reach the 2000s (God, that was a long journey and I missed out on lots!) Quite a lot has happened this millennium, on Sep 6th 2000 RSA Security release their RSA algorithm into the public domain. In 2001 we see the Belgian Rijndael algorithm selected as the U.S Advanced Encryption Standard. In 2004 we are shown that MD5 is vulnerable to practical collision attack. We also see that in 2005 potential attacks on SHA1 are demonstrated, there’s a few bits and pieces that go on here however in 2012 NIST selects the Keccak algorithm as the winner of its SHA-3 hash function competition. 2013 sees Edward Snowdens Global Surveillance disclosures and Dual_EC_DRBG is discovered to have a NSA Backdoor, we also see in the same year that NSA publishes the Simon and Speck lightweight cipher blocks.

Note: it is worth noting that we missed a lot of history out here, there is so much more to cover however I could write pages & pages on the history of cryptography so I did my best to condense it down to important/interesting points in time rather than just covering everything! However, there is so much more to be aware of/research so if you’d like you can visit the timeline of cryptography on Wikipedia. I used this timeline for most of this post so you’ll see a lot of duplicate entries however, there is links to everything on there for further research if one particular point in time interests you more than others, for example I’m fascinated by the 1940-1960 crytpo era.

Closing Notes

As we’ve covered a lot of history today and we’re not on a schedule for these posts I’m going to close that one here. I don’t want to weigh you down with math on top of all the history we just covered, besides, there is a lot of extra reading you could be doing off the back of this post so I will leave that up to you!

Thank you for reading! See you next time! :D