Tuesday, February 19, 2008

WORLD OF CODES-ENCRYPTION

In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as ciphertext). In many contexts, the word encryption also implicitly refers to the reverse process, decryption (e.g. “software for encryption” can typically also perform decryption), to make the encrypted information readable again (i.e. to make it unencrypted).

Encryption has long been used by militaries and governments to facilitate secret communication. Encryption is now used in protecting information within many kinds of civilian systems, such as computers, networks (e.g. the Internet e-commerce), mobile telephones, wireless microphones, wireless intercom systems, Bluetooth devices and bank automatic teller machines. Encryption is also used in digital rights management to prevent unauthorized use or reproduction of copyrighted material and in software also to protect against reverse engineering (see also copy protection).

Encryption, by itself, can protect the confidentiality of messages, but other techniques are still needed to protect the integrity and authenticity of a message; for example, verification of a message authentication code (MAC) or a digital signature. Standards and cryptographic software and hardware to perform encryption are widely available, but successfully using encryption to ensure security may be a challenging problem. A single slip-up in system design or execution can allow successful attacks. Sometimes an adversary can obtain unencrypted information without directly undoing the encryption. See, e.g., traffic analysis, TEMPEST, or Trojan horse.


Semantics

This term is somewhat a misnomer, but is very commonly used as described above. More correctly, the term "encyphering" should be used (along with "decyphering" for decoding a cryptographically encoded message, when you know the cipher and key). "Decrypt" actually means to decode a message when you do not know the cypher and/or key (i.e., codebreaking), and "encrypt" is meaningless, strictly speaking. However, the common usage is so pervasive even in academic literature, that these distinctions are now generally lost.

The terms "encrypt" and "decrypt" are discouraged in international documents, since they tend to translate to "inter" (bury) and "disinter".

Cryptography (or cryptology; derived from Greek κρύπτω kryptó "hidden" and the verb γράφω gráfo "to write" or λέγειν legein "to speak")[1] is the practice and study of hiding information. In modern times, cryptography is considered to be a branch of both mathematics and computer science, and is affiliated closely with information theory, computer security, and engineering[citation needed]. Cryptography is used in applications present in technologically advanced societies; examples include the security of ATM cards, computer passwords, and electronic commerce, which all depend on cryptography

Until modern times, cryptography referred almost exclusively to encryption, the process of converting ordinary information (plaintext) into unintelligible gibberish (ie, ciphertext).[2] Decryption is the reverse, moving from unintelligible ciphertext to plaintext. A cipher (or cypher) is a pair of algorithms which creates the encryption and the reversing decryption. The detailed operation of a cipher is controlled both by the algorithm and, in each instance, by a key. This is a secret parameter (ideally, known only to the communicants) for a specific message exchange context. Keys are important, as ciphers without variable keys are trivially breakable and therefore less than useful for most purposes. Historically, ciphers were often used directly for encryption or decryption, without additional procedures such as authentication or integrity checks.

In colloquial use, the term "code" is often used to mean any method of encryption or concealment of meaning. However, in cryptography, code has a more specific meaning; it means the replacement of a unit of plaintext (i.e., a meaningful word or phrase) with a code word (for example, apple pie replaces attack at dawn). Codes are no longer used in serious cryptography—except incidentally for such things as unit designations (eg, 'Bronco Flight' or Operation Overlord) —- since properly chosen ciphers are both more practical and more secure than even the best codes, and better adapted to computers as well.

Some use the terms cryptography and cryptology interchangeably in English, while others use cryptography to refer specifically to the use and practice of cryptographic techniques, and cryptology to refer to the combined study of cryptography and cryptanalysis.

History of cryptography and cryptanalysis

Before the modern era, cryptography was concerned solely with message confidentiality (i.e., encryption) — conversion of messages from a comprehensible form into an incomprehensible one, and back again at the other end, rendering it unreadable by interceptors or eavesdroppers without secret knowledge (namely, the key needed for decryption of that message). In recent decades, the field has expanded beyond confidentiality concerns to include techniques for message integrity checking, sender/receiver identity authentication, digital signatures, interactive proofs, and secure computation, amongst others.

The earliest forms of secret writing required little more than local pen and paper analogs, as most people could not read. More literacy, or opponent literacy, required actual cryptography. The main classical cipher types are transposition ciphers, which rearrange the order of letters in a message (e.g. 'help me' becomes 'ehpl em' in a trivially simple rearrangement scheme), and substitution ciphers, which systematically replace letters or groups of letters with other letters or groups of letters (e.g., 'fly at once' becomes 'gmz bu podf' by replacing each letter with the one following it in the alphabet). Simple versions of either offered little confidentiality from enterprising opponents, and still don't. An early substitution cipher was the Caesar cipher, in which each letter in the plaintext was replaced by a letter some fixed number of positions further down the alphabet. It was named after Julius Caesar who is reported to have used it, with a shift of 3, to communicate with his generals during his military campaigns, just like EXCESS-3 code in boolean algebra.




The Enigma machine, used in several variants by the German military between the late 1920s and the end of World War II, implemented a complex electro-mechanical polyalphabetic cipher to protect sensitive communications. Breaking the Enigma cipher at the Biuro Szyfrów, and the subsequent large-scale decryption of Enigma traffic at Bletchley Park, was an important factor contributing to the Allied victory in WWI








As well as being aware of cryptographic history, cryptographic algorithm and system designers must also sensibly consider probable future developments in their designs. For instance, the continued improvements in computer processing power have increased the scope of brute-force attacks when specifying key lengths. The potential effects of quantum computing are already being considered by some cryptographic system designers; the announced imminence of small implementations of these machines is making the need for this preemptive caution fully explicit.


Books on cryptography




Johannes Trithemius' Polygraphiae (1518) — the first printed book on cryptology.









"Classic" books (that are by now somewhat outdated)

* Gaines, Helen Fouché - Cryptanalysis, 1939, Dover, ISBN 0-486-20097-3. Considered one of the classic books on the subject, and includes many sample ciphertext for practice. It reflects public amateur practice as of the inter-War period. The book was compiled as one of the first projects of the American Cryptogram Association.
* Dominic Welsh -- Codes and Cryptography, Oxford University Press, 1988. A brief textbook intended for undergraduates. Some coverage of fundamental information theory. Requires some mathematical maturity; is well written, and otherwise accessible.
* Patterson, Wayne (1987). Mathematical Cryptology for Computer Scientists and Mathmeticians, Rowman & Littlefield, ISBN 0-8476-7438-X
* Konheim, Alan G. (1981). Cryptography: A Primer, John Wiley & Sons, ISBN 0-471-08132-9. Written by one of the IBM team who developed DES.


More mathematical

* Oded Goldreich's Foundations of Cryptography series [1] provides a comprehensive formal treatment of the theory underlying modern cryptography. The focus is on mathematical abstractions, rigorous constructions and proof techniques; practical aspects are best sought elsewhere. Requires a computer science background.
o Goldreich, Oded (2001). Foundations of Cryptography: Volume 1, Basic Tools. Cambridge University Press. ISBN 0-521-79172-3 (fragments available at the author's web site). Discusses the basic constructs: one way functions, pseudorandomness and zero-knowledge proofs.
o Goldreich, Oded (2004). Foundations of Cryptography: Volume 2, Basic Applications. Cambridge University Press. ISBN 0-521-83084-2 (drafts available at the author's web site). Using the tools developed in vol. 1, discusses encryption, digital signatures and cryptographic protocols.
* Jonathan Katz and Yehuda Lindell (2007). Introduction to Modern Cryptography. CRC Press. Presents modern cryptography at a level appropriate for undergraduates, graduate students, or practitioners. Assumes mathematical maturity but presents all the necessary mathematical and computer science background.
* Mao, Wenbo (2004).Modern Cryptography Theory and Practice ISBN 0-13-066943-1. An up-to-date book on cryptography. Touches on provable security, and written with students and practitioners in mind.
* Douglas Stinson - Cryptography: Theory and Practice ISBN 1-58488-508-4. Covers topics in a textbook style but with more mathematical detail then is usual.
* Nigel Smart - Cryptography: An introduction ISBN 0-07-709987-7 (online version). Similar in intent to Applied Cryptography but less comprehensive. Covers more modern material and is aimed at undergraduates covering topics such as number theory and group theory not generally covered in cryptography books.
* Lawrence Washington - Elliptic Curves: Number Theory and Cryptography ISBN 1-58488-365-0. A book focusing on elliptic curves, beginning at an undergraduate level (at least for those who have had a course on abstract algebra), and progressing into much more advanced topics, even at the end touching on Andrew Wiles' proof of the Taniyama-Shimura conjecture which led to the proof of Fermat's last theorem.

Less mathematical

* A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone - Handbook of Applied Cryptography ISBN 0-8493-8523-7 (online version). Equivalent to Applied Cryptography in many ways, but somewhat more mathematical. For the technically inclined. Covers few meta-cryptographic topics, such as crypto system design. This is currently (2004) regarded as the standard reference work in technical cryptography.
* Ferguson, Niels, and Schneier, Bruce - Practical Cryptography, Wiley, 2003, ISBN 0-471-22357-3. A cryptosystem design consideration primer. Covers both algorithms and protocols. This is an in depth consideration of one cryptographic problem, including paths not taken and some reasons why. At the time of its publication, most of the material was not otherwise available in a single source. Some was not otherwise available at all. According to the authors, it is (in some sense) a follow-up to Applied Cryptography.
* Schneier, Bruce - Applied Cryptography, 2 ed, Wiley, 1996, (ISBN 0-471-11709-9). The most accessible single volume available covering modern cryptographic practice, and approachable by the non mathematically oriented. Incredibly, not exhaustive. Extensive bibliography which can serve as an entry into the modern literature. Less immediately mathematical than some others, eg Menezes et al Handbook of Applied Cryptography. Note however, that the lack of extensive proofs and notation does not imply that the mathematical concepts are optional. Modern cryptography is fundamentally based on mathematics and Schneier covers it here, just not formally.
* Mel, H.X., and Baker, Doris -- Cryptography Decrypted, Addison Wesley 2001, ISBN 0-201-61647-5. This technical overview of basic cryptographic components (including extensive diagrams and graphics) explains the evolution of cryptography from the simplest concepts to some modern concepts. It details the basics of symmetric key, and asymmetric key ciphers, MACs, SSL, secure mail and IPsec. No math background is required, though there's some public key mathematics in the appendix.


Cryptographic environment/context -- 'security'

* Schneier, Bruce - Secrets and Lies, Wiley, ISBN 0-471-25311-1, a discussion of the context within which cryptography and cryptosystems work. Practical Cryptography also includes some contextual material in the discussion of crypto system design.
* Schneier, Bruce -- Beyond Fear, Wiley, ISBN 0-387-02620-7
* Ross Anderson -- Security Engineering, Wiley, ISBN 0-471-38922-6 (online version), advanced coverage of computer security issues, including cryptography. Covers much more than merely cryptography. Brief on most topics due to the breadth of coverage. Well written, especially compared to the usual standard.
* Edney, Jon and Arbaugh, William A -- Real 802.11 Security: Wi-Fi Protected Access and 802.11i, Addison-Wesley, ISBN 0-321-13620-9, covers the use of cryptography in Wi-Fi networks. Includes details on Wi-Fi Protected Access (which is based on the IEEE 802.11i specification). The book is slightly out of date as it was written before IEEE 802.11i was finalized but much of the content is still useful for those who want to find out how encryption and authentication is done in a Wi-Fi network.


Declassified works

* Callimahos, Lambros D. and Friedman, William F. Military Cryptanalytics. A (partly) declassified text intended as a training manual for NSA cryptanalysts.

Historic works

* Abu Yusuf Yaqub ibn Ishaq al-Sabbah Al-Kindi, (A Manuscript on Deciphering Cryptographic Messages), 9th century included first known explanation of frequency analysis cryptanalysis
* Roger Bacon (English friar and polymath), Epistle on the secret Works of Art and Nobility of Magic, 13th century, possibly the first European work on cryptography since Classical times, written in Latin and not widely available then or now
* Johannes Trithemius, Steganographia ("Hidden Writing"), written ca. 1499; pub 1606, banned by the Catholic Church 1609 as alleged discussion of magic, see Polygraphiae (below).
* Johannes Trithemius, Polygraphiae Libri Sex ("Six Books on Polygraphy"), 1518, first printed book on cryptography (thought to really be about magic by some observers at the time)
* Giovan Batista Belaso, La cifra del. Sig. Giovan Batista Belaso, 1553, first pub of the cypher widely misattributed to Vigenère.
* Giambattista della Porta, De Furtivis Literarum Notis ("On concealed characters in writing"), 1563.
* Blaise de Vigenère, Traicte de Chiffres, 1585.
* Gustavus Selenus, Cryptomenytics, 1624, (modern era English trans by J W H Walden)
* John Wilkins, Mercury, 1647, earliest printed book in English about cryptography
* Friedrich Kasiski, Die Geheimschriften und die Dechiffrierkunst ("Secret writing and the Art of Deciphering"), pub 1863, contained the first public description of a technique for cryptanalyzing polyalphabetic cyphers.
* Etienne Bazeries, Les Chiffres secrets dévoilés ("Secret ciphers unveiled") about 1900.
* Émile Victor Théodore Myszkowski, Cryptographie indéchiffrable: basée sur de nouvelles combinaisons rationelles ("Unbreakable cryptography"), published 1902.



Fiction

* Neal Stephenson - Cryptonomicon (ISBN 0-06-051280-6) The adventures of some World War II codebreakers and their modern day progeny.
* Edgar Allan Poe - "The Gold-Bug" (1843) An eccentric man discovers an ancient parchment which contains a cryptogram which, when solved, leads to the discovery of buried treasure. Includes a lengthy discourse on a method of solving a simple cypher.
* Sir Arthur Conan Doyle - The Dancing Men. Holmes becomes involved in a case which features messages left lying around. They are written in a substitution cypher, which Holmes promptly discerns. Solving the cypher leads to solving the case.
* Ken Follett - The Key to Rebecca (1980), WW2 spy novel whose plot revolves around the heroes' efforts to cryptanalyze a book cipher with time running out.
* Clifford B. Hicks - Alvin's Secret Code (1963), a children's novel which introduces some basics of cryptography and cryptanalysis.
* Robert Harris - Enigma (1995) (ISBN 0-09-999200-0) Novel partly set in Britain's World War II codebreaking centre at Bletchley Park.
* Dan Brown - Digital Fortress (1998)
* Dan Brown - The Da Vinci Code (2003)