Ali Nazzal Professor Brenda McKenna Writing 1010 12/05/2013 What Is Cryptography?

Since the time of the Greeks, developing a system to ensure protected communication had been on the mind of Julius Caesar. Caesar needed such a system to ensure the messages he sent containing military intelligence cannot be understood if intercepted. It was a success and even after hundreds of years, army generals continued to use this system of decoding messages. The Caesar cipher was decryption at its finest that is until it was broken. Cryptography has been an interest of mine that has developed from my experience with computers. I was intrigued at the different combinations of encryption that can result from mathematics. My two favorite interests are computer science and mathematics. As I briefly skimmed a cryptographic information website, I was amazed. I quickly gained interest due to the complexity involved in creating secure algorithms to protect information. I therefore feel the need to understand how mathematical equations are generated to help encrypt data on computers. Cryptography is the art of securing information. This art is extremely useful in this digital-age as we have no physical access to the data being sent. Cryptography today is a huge study that is being continuously refined to meet standards. The question is how does cryptography work to secure information sent over the World Wide Web? Where does the mathematics come in and how does it get applied? What fields of math are required to develop strong encryption algorithms? These are questions that I would like to answer as I research. From this research, I hope to gain information as to how cryptographic

Nazzal 2 algorithms are made and how they are applied to the many different aspects of computing. Cryptography is the next step I want to take in my computing journey. I took a cryptographic venture through the internet and found an informative website that details what cryptography there is, the different types of cryptographic algorithms, and more. I found this website by first googling, what is cryptography. Looking through the first page of the results, nothing really intrigued me so I went onto the second page. Thats where I found An Overview of Cryptography. From Kessler, the main author of An Overview of Cryptography, I learned that the first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs in an inscription. After the spur of the digital age, cryptography became a widespread phenomenon. Why? Because such security is necessary when communicating over a medium with which we do not have total control over, such as the Internet. I also learned that cryptography has specific security requirements such as: authentication, privacy, integrity, and non-repudiation (a service that provides proof of the integrity and origin of data). Cryptography, along with helping protect data, is used to prove the identity of someone accessing data. As it is stated by Kessler, Cryptography, then, not only protects data from theft or alteration, but can also be used for user authentication. There are three systems used to accomplish the requirements above: secret-key, public-key, and hash functions. These systems will be described later on in this paper. What cryptography does is it takes unencrypted data, called plain-text, and encrypts it into a cipher-text, which will end up being decrypted into (usually) plain-text. Now, I will delve into the three types of cryptographic algorithms from Kesslers paper (see Figure 1). The first is secret-key cryptography. This type of algorithm uses a single key, or password, for both encryption and decryption. Since one key is used for both functions, it is also

Nazzal 3 called symmetric encryption. In order for this type of system to work, both the sender and receiver must know what this key is. Therefore, the distribution of this key must happen securely so as nobody other than the two will know it. Kessler wrote, Secret-key cryptography schemes are generally categorized as being either stream-ciphers or block-ciphers. Stream-ciphers work on a single bit at a time and implement a feedback mechanism so that the key is constantly changing. Block-ciphers encrypt a block of data at a time using the same key on each block. Basically, block-ciphers encrypt the same plain-text block to the same cipher-text block using the same key. However, stream-ciphers will encrypt the plain-text to different cipher-texts due to the constantly changing key. The second type of algorithm is called public-key cryptography and it uses one key (or password) for encryption and a different one for decryption. Kessler says, Public-key cryptography has been said to be the most significant new development in cryptography in the last 300 400 years. This type of algorithm depends on one-way functions which are mathematical functions that are easy to solve whereas their inverses are difficult to compute. Let me give an example, suppose that I have two numbers; these numbers can be anything but Im going to choose 4 and 6. If I told you to multiply these two numbers you can do it pretty easily; the answer is 24. Now, what if I have the number 24 and I told you what numbers did I use to get this product? It will take more effort for you to find those numbers than it did when you found the product. Another way to look at this is what if I told you to take 5 and raise it to the 8th power. You can get your calculator out and tell me that the answer is 390,625. Okay, so now if I told you I have a number 390,625 and I want you to find out what two numbers I used such that logx 390,625 = y, it will take a significant amount of time. This is the idea of public-key

Nazzal 4 cryptography. Now to break such an algorithm, you must find some sort of hidden door in the one-way function that will give you knowledge of the inverse. The third and last type of algorithm is called a hash function. It is most commonly referred to as one-way encryption. The differing factor in this algorithm with regards to the previous two is that it does not use a key; rather it uses a fixed-length hash value which makes the contents or length of the plain-text impossible to recover. Here is what a typical hash value might look like: 464668D58274A7840E264E8739884247. These types of functions are commonly employed by computers, operating-systems, websites that store sensitive information, checking the integrity of a file or anything downloaded from the Internet or transferred to your computer by any other mean, and more. All three of these algorithms help secure data in different ways and some shield you from false data. For example, hash-functions are great at ensuring the data being sent. Any changes made to a message will result in a different hash-value than the one originally placed by the sender. Secret-key cryptography is best suited for encrypting messages for better privacy. In order for this message to be decrypted by someone whom you want to read this message, a key needs to be supplied beforehand. Public-key cryptography is also used for mainly userauthentication. One thing that all these algorithms have in common is size does matter. The larger the key, or passphrase, the harder it is for someone to decrypt the data. Why? Brute-force methods have made decrypting data simpler by letting the machine do all the work. Brute-force is when a machine, such as a computer, generates every possible key and applies it to the cipher-text. As you can see, the larger your key, the more time it will take for the machine to decrypt your data.

Nazzal 5 Gary Kesslers paper has been extremely helpful and has given me a base for me to venture more into the cryptographic world. This was my main source and I used the information I gained from it to look for other types of sources. My next source is going to be creating a program that encrypts and decrypts a text file. Cryptography can get extremely complex due to its API which is the set of routines and tools for building software applications. I googled creating a cryptographic program and the first result was the best. Microsoft had a sample cryptographic application that I used as a reference. Thanks to the .NET Framework, which is a software framework developed by Microsoft, cryptographic providers, such as symmetric and asymmetric cryptography, are available. So I created a program, using the C# language, which encrypts and decrypts a text file using a block-cipher. The size of this block depends on the algorithm used. I referenced the RijndaelManaged class which gives me the ability to encrypt and decrypt data by using its automatically generated Key and IV (initialization vector) (Microsoft). A class in C# is a document that holds rules and properties. I made a key, which is a series of bytes, which determines how to cipher each block. So as to not have a potential security hole, I created another key called the initialization vector. This determines how the key for the up-coming block is created based on the previously ciphered blocks. For encryption, I created an instance of the provider class. The two keys, the original KEY and the initialization vector were created as follows: byte[] KEY = { 0x01, 0x02 0x16 }; byte[] IV = { 0x01, 0x02 0x16 }; Once the KEY and IV have been defined, they are then packaged in an ICryptoTransform object which performs the actual encryption. Then to create the encrypted text file I use the Stream

Nazzal 6 object. The same exact methods apply to the decryption process but instead of creating an ICryptoTransform object to encrypt the data, I use that object to decrypt it. I then reference the Stream object to read the data. This has been a profound experience because I used my knowledge of cryptography, so far, and applied them to a practical application. I also became aware of how Microsoft implements cryptographic modules into their development environments and how a developer can access these tools. How block-ciphers generate keys and apply them to subsequent blocks has also helped me better understand the architecture of building such a cipher. Public-key cryptography seems to be the most widely used algorithm today. I wanted to learn more about this type of algorithm so I googled free cryptographic e-books to find online books that I can use as sources. I clicked on the first link and found a book titled, Handbook of Applied Cryptography by Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone. This book talks about a system that branches under public-key cryptography called RSA publickey encryption. The RSA cryptosystem, named after its inventors R. Rivest, A Shamir, and L. Adleman, is the most widely used public-key cryptosystem. (Menezes 285). Lets say we have two people, Tom and Bob, who want to share a message. Bob generates a message and converts that message into a number; lets call it y, using some scheme. Then Tom would generate a public and private key, both of which are random prime numbers, q and r, and then multiplies them together to form a number n. After Tom does this, he finds (n) by multiplying (q-1) * (r-1) and then picks a public exponent that must be a small odd number that does not share a factor with (n). Last but not least, Tom needs to find the value of his private exponent which would be (2 * (n))/(public exponent). Now, what Tom does is hide everything except the value of n and his public exponent. Then Tom sends the leftover values to Bob. Bob then takes his

Nazzal 7 message y, raises it up to Toms public exponent mod n: yToms public exponent value mod n = m. Once Bob generates m, he sends that back to Tom who will decrypt his message using the private key that he made. To get Bobs message, Tom uses this formula: mToms private exponent value mod n = y Bobs original message! Now, if someone was gathering the information being sent, that eavesdropper will get the value of n, the value of m, and Toms public exponent value. For that person to find Toms private exponent value they would have to find (n) which means they will need to resort to prime factorization of n! If n is extremely large, it will take the person, who snooped in on the data being sent, possibly hundreds of years to find that value even if that person has the worlds fastest super-computer at his/her disposal! This is what RSA is and everybody has been exposed to it as they play with technology nowadays. This book has been extremely helpful in clarifying to me the mathematics behind this widely-used encryption system. I am truly amazed at how the mathematics works out in the end and how it leaves snoopers in the dark. The Handbook of Applied Cryptography has changed my views of public-key cryptography by exposing the bare-bones of its main branch RSA. I also understand how mathematics gets used to generate cryptographic keys and how to use mathematical principles to decrypt messages. With all of the information presented, it is safe to assume that no matter what code you make, it will end up getting cracked, right? With todays vastly open Internet and other technological resources, codes cannot hide. There is no code left in this world that has not already been cracked or broken. What if I told you that there is a code that has never been broken since the 1990s? Kryptos the most famous encrypted sculpture sculpted by Jim Sanborn, an American artist (see Figure 2), houses that code. I was already familiar with this sculpture and so I googled kryptos and clicked on the second link. That is where I found the interview Jim

Nazzal 8 Sanborn had with ABC. According to ABCs World News Tonight broadcast from April 2, 1991, the author, Sanborn says, Once the plate is deciphered Im not convinced the true meaning will be clear even then. Theres another deeper mystery. This sculpture has four passages and of the four only three have been solved. Not even the intelligence gatherers in the world could break it even with technology at their disposal. This shows how powerful cryptography can get and how it can enhance security. Cryptography is not necessarily security, but if powerful codes are made, it can enrich it. This interview helped open doors to what cryptography can conceal. Kryptos gave me a valuable insight into how information can be hidden in plain-sight. ABCs interview gave me valuable insight from the Jim Sanborn himself. To sum up, I have learned a lot about cryptography with regards to how it is done through coding, how the mathematical language is implemented in cryptography, and some of the basic terminology that deals with cryptography. What I have shown is definitely not all of cryptography, but the basics to get started with it. Everything you use, whether it be a computer, smartphone, modern game-consoles, GPS, etc., they all have some sort of cryptographic implementation so as to prevent someone from gaining unauthorized access. As it was stated, cryptography is not security, it only enriches it. Why bother with cryptography? Cryptography is like a brick-wall protecting whatever is inside. The stronger the brick-wall, the longer it will take the enemy to bring it down. Cryptography has improved, and if one barrier goes down, there can be other implementations that will notify the user about a breach or run an emergency shutdown, thus preventing the enemy from accessing data. In todays world, cryptography is a must as it has improved in helping to secure data. Also, with PCs, anybody can generate cryptographic algorithms that will take super-computers centuries to break!

Nazzal 9 Figure 1:

Figure 2:

Nazzal 10 References Kessler, Gary C.. "An Overview of Cryptography." Gary Kessler. Auerbach, 3 Oct 2013. Web. 1 Dec 2013. <http://www.garykessler.net/library/crypto.html Menezes, Alfred J., Paul C. van Oorschot, and Scott A. Vanstone. Handbook of Applied Cryptography. Fifth Printing. Florida: CRC Press, 1996. 816. eBook. <http://cacr.uwaterloo.ca/hac/>. Microsoft. MSDN. Walkthrough: Creating a Cryptographic Application. Web. 3 Dec 2013. http://msdn.microsoft.com/en-us/library/aa964697(v-vs.85(.asp&xet/. My personal experience developing a program that encrypts and decrypts a text file. Sanborn, Jim, dir. World News Tonight. ABC: 2 Apr 1991. Television. <http://www.elonka.com/kryptos/mirrors/WNT.html>.