|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Cryptology
and Data Secrecy : The Vernam Cipher
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
There
is only one perfectly secure cryptosystem known
Of all the methods of encryption ever devised, only one has been mathematically proved to be completely secure. It is called the Vernam cipher or one-time pad. The worth of all other ciphers is based on computational security. If a cipher is computationally secure this means the probability of cracking the encryption key using current computational technology and algorithms within a reasonable time is supposedly extremely small, yet not impossible. In theory, every cryptographic algorithm except for the Vernam cipher can be broken given enough ciphertext and time. For example the public key cryptosystems such as PGP and RSA are based on the following : Calculate an integer N such that it has only two prime number factors f1 and f2. This triad of integers forms the basis of the encryption and decryption keys used in PK cryptosystems. The security of these systems is simply based on the computational difficulty of calculating f2 and f1 from N if N is a very large integer. To break this cipher N must be factored, and at the time these systems were devised the best publicly available factoring algorithms would take millions of years to factor a 200 digit number. This does not logically exclude the possibility of a new factoring algorithm being discovered, or the existence of a secret factoring algorithm, or the invention of technology capable of running current factoring algorithms at high speed. (Please also click here to view RFC1750 - "Randomness recommendations for security") Computationally secure cryptosystems ? The use of public key cryptosystems has become commonplace, yet should their widespread presence in itself lead to an unquestioningly trust of the security of data encrypted using these methods? How do you know the cryptosystem you use is actually safe? Do you understand how it works? Do you think if a Government or military intelligence institution such as the National Security Agency had a method of breaking cryptosystems they would announce this fact? As a result of work on a new form of computational technology known as the quantum computer a factorisation algorithm ( this is very technical paper ) now exists to factor giant integers in linear time. This was devised in 1994 by Peter Shor from AT&T's Bell Laboratories. A quantum factorisation engine running Shor's algorithm could factor a one hundred digit integer in few thousand arithmetic operations, which might well take only a matter of minutes. Anyone with access to such a machine would easily be able to read any intercepted message encrypted using a pubic key cryptosystem. Prototype quantum computers are already operational ( see the Scientific American article on the NMR quantum computer and this introduction to quantum computing). The article "Breaking the Public Key Cryptosystems" contains information on cryptanalysis using the CORDIC algorithm with current supercomputing technology. Follow this link for the paper "Randomness and the Netscape Browser" by Ian Goldberg and David Wagner describing their attack on the security of this browser. This article provides an excellent introduction to the dangers of using deterministic processes when generating encryption keys. Finally, for those of you wishing to still place your faith in the experts I recommend reading about the Data Encryption Standard (DES), the EEF DES cracker machine, and a possible secret backdoor found within a encryption standard from the NSA. The Vernam cipher or one-time pad. Cryptology is such a complex specialist subject that there seems no choice but to place your trust in a few individuals with sufficient knowledge to grasp the underlying principles of supposedly secure cryptosystems. However understanding the operation of the Vernam cipher is not demanding. Its perfect security is intuitively obvious. Using the Vernam cipher In 1917 during the First World War the American scientist Gilbert Vernam was given the task of inventing an encryption method the Germans could not break by AT&T. What was devised was the only provably unbreakable encryption scheme known to this day. Compared with most cryptosystems it is a very simple. To use a one-time pad, you need 2 copies of the "pad" ( also known as the key ) which is a block of truly random data at least as long as the message you wish to encode. If the data on the pad is not truly random, the security of the pad is compromised. One-time pads are used in pairs. The more copies of a given pad, the greater the likelihood is that one may be captured, in which case the system is completely broken. One copy of the pad is kept by each user, and pads must be exchanged via a secure channel (e.g. face to face on floppy disks). Pads must only be used once. The fastest method of encrypting a message with a one-time pad is with a computer. If you do choose this method keep the pad on a floppy disk, CD or DVD and destroy it completely once used. Supposedly deleted data can be retrieved and reconstructed from magnetic storage, so never store pads on your hard drive or keep the floppy one used. The message recipient should apply the same precautions. Never use a networked computer for implementing the encryption because of possible eavesdropping. A computer simplifies the process because the message and pad are encoded in binary. Each character is represented internally by a computer as a unique combination of zeros and ones called bits, for example the letter 'b' is composed of the eight bits '1100010'. This binary number is 98 in decimal. To encrypt the message each bit of each letter in the plaintext is combined with the corresponding letters' bit in the pad in sequence using a transformation called the bitwise exclusive or ( abbreviated to XOR ). This simply takes two bits as input and outputs a single bit according to the following schema :
This operation is performed on each letter in sequence i.e. The first letter of the plaintext is XORed with the first letter of the pad to produce the first letter of the ciphertext, then the second letter of the plaintext is XORed with the second letter of the pad to produce the second letter of the ciphertext and so on. A basic example : Suppose you wish to encrypt the message [begin at 17.30] using the pad [#/KBZaF>TQV^Nc ]. Firstly all the bits in 'b' are XORed with all the bits in '#. This produces the binary pattern for the character 'A'.
The same process is repeated for the next letters - ' e' and '/' are XORed to produce
'J' To do this manually necessitates that you have a list of all the character binary codes, which is why a computer is helpful. The completed ciphertext looks like [AJ,+4A'Jt`ap}S]. By XORing the ciphertext with their duplicate pad, the receiver regenerates the plaintext. This entire process can be implemented rapidly using the Vernam.exe program on the downloads page. You can experimentally verify this procedure as follows :
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||