I'm very excited to bring you the very first guest post on Carpe Daemon! Benjamin Templeton is an ace cyber warrior embedded with a splinter cell in [CENSORED]. He is an avid urban hang glider and can make ten minute brownies in under eight minutes. He's also single, ladies. I'll get out of his way and let him do his thing.
- 44 Maagnum
Let me preface this discussion with a question: if you were to rank the varieties of computer scientist by sexiness, how far up would “Secret Code Breaker” be? If the answer is “very high”, then read on. If not, you can read on anyway; you might still find this interesting.
Consider the following hypothetical scenario:
The date is January 2002. The United States is engaged in Afghanistan, and on the brink of entering Iraq. There is a belief that the Iraqi government possesses weapons of mass destruction, but not definitive proof. To gather more information, the US government sends its top secret agents into the country. These covert operatives use their skills in espionage to intercept an internet communication between top government officials which they believe to contain irrefutable proof. Before they leave, they try to inspect the intercepted transmission to confirm the legitimacy of their discovery. They are disappointed to find only a nonsensical series of seemingly random characters. But, with confidence in the investigation that lead them to the data, they declare "It must be encrypted! We'll get this back to the States, and our tech guys will break the code."
Now, let's consider the conclusion to this scenario in two separate worlds. First, the world of Jack Bauer; pop culture espionage and cryptography. The agents bring the data back, and the socially awkward but endearing tech guy (or, disproportionately often, tech girl) coolly and confidently tells them "Don't worry, they might have some good computer geeks over there, but I'm the best there is." He or she boots up his or her workstation, hunches over a bit, and gets to work. Some very intent typing occurs, a few mutters of professional admiration for the adversary, something about an algorithm, and then a triumphant proclamation that the code is broken. The day is saved. Anybody who has watched James Bond or an episode of 24 knows all about this.
Consider the following hypothetical scenario:
The date is January 2002. The United States is engaged in Afghanistan, and on the brink of entering Iraq. There is a belief that the Iraqi government possesses weapons of mass destruction, but not definitive proof. To gather more information, the US government sends its top secret agents into the country. These covert operatives use their skills in espionage to intercept an internet communication between top government officials which they believe to contain irrefutable proof. Before they leave, they try to inspect the intercepted transmission to confirm the legitimacy of their discovery. They are disappointed to find only a nonsensical series of seemingly random characters. But, with confidence in the investigation that lead them to the data, they declare "It must be encrypted! We'll get this back to the States, and our tech guys will break the code."
Now, let's consider the conclusion to this scenario in two separate worlds. First, the world of Jack Bauer; pop culture espionage and cryptography. The agents bring the data back, and the socially awkward but endearing tech guy (or, disproportionately often, tech girl) coolly and confidently tells them "Don't worry, they might have some good computer geeks over there, but I'm the best there is." He or she boots up his or her workstation, hunches over a bit, and gets to work. Some very intent typing occurs, a few mutters of professional admiration for the adversary, something about an algorithm, and then a triumphant proclamation that the code is broken. The day is saved. Anybody who has watched James Bond or an episode of 24 knows all about this.
Next, take the actual real-life world. The agents bring the data back, and the socially awkward and not-at-all endearing tech (almost certainly) guy tells them simply "Sorry, if this is all you’ve got, we're out of luck."
Once upon a time, encrypting data was basically a process where two people agreed on a secret system of changing data so that plain language appeared incomprehensible. There are a lot of interesting aspects of this process (secret-key encryption), but in modern communications, secret-key methods have taken a back seat. This is because in the 1970s, the concept of public-key encryption came about, and revolutionized secure communications. Consider the earlier scenario. If the government officials want to use a secret key, they have to somehow exchange that key. But, of course, that key could be intercepted. The logistical problems are clear. But what if the officials never had to meet each other before and send messages to the other that only the recipient could read? This is the promise and reality of public-key encryption.
Public key encryption is almost universally implemented with the RSA technique, named after its inventors Rivest, Shamir, and Adleman. I won’t go into many technical details, but I’ll give a hugely simplified explanation below:
Encryption and decryption are performed but applying a function to the data (a function which makes meaningful data appear completely (mathematically) random), and then applying the reverse process to undo the encryption. Both functions require a key of some sort; the decryption key must match the encryption key, or the data will remain scrambled. Consider the example of the Caesar Cipher: the encryption function is shifting the letters in one direction, the decryption function shifts them the other direction, and the key (for both directions) is the distance.
RSA is based on the premise of one-way functions. This is a function that is easy to compute in one direction (multiplication) and difficult to perform in the other (factorization). The process uses a decryption function based on two prime numbers, and an encryption function based on their product. Basically, to receive messages, somebody picks two secret prime numbers (private key) and multiplies them together. They then tell everybody what the product is, the public key. With the product, anybody can encrypt messages using the encryption function. However, only the recipient can operate the decryption, because only he knows the private key. The genius of RSA is that they came up with a pair of (en/de)cryption functions such that the public key can be generated easily from the private keys (multiplication), but the private keys cannot be plausibly extracted from the public key (factorization). This is because of the computational difficulty of factoring, which I won’t go into here, but you can read about further in this wikipedia article. Let it suffice to say that the consensus is that factoring very large numbers quickly is essentially impossible.
So now go back to our Iraqi officials. The first official (let’s call her Alice) picks her large primes for the private key, and multiplies them to generate the public key, which she makes available to anybody who wants it. The second official (Bob) writes a message (plaintext) about the status of the nuclear weaponization project, and encrypts it with Alice’s public key. Bob then sends the encrypted message (ciphertext) to Alice. Unfortunately for Alice, the American spies have tapped the wires, and so they get the message too. They return home, confident in their techies’ abilities. But when they return home, they discover the problem: there is no way to get the plaintext without Alice’s secret key, and since Alice didn’t tell the secret key to anybody, it is (in practical terms) impossible to retrieve. This has nothing to do with the cleverness of the code-breakers; it is simply a reality of the world. And this is the reality of cryptography: it’s not about the skill of one programmer against that of another, but about irrefutable math.
This is not at all to say that cryptography is an obsolete field of study. Encryption schemes can be attacked, including RSA. There are known-plaintext attacks (the method by which the Enigma encryption of WWII was broken), ciphertext-only attacks, and many more strategies. In this age of computers, code-breaking still exists.
Real Cryptography |
I guess if you were to say “What’s the point?” I would tell you that cryptographers aren’t the international men and women of mystery that they’re made out to be. They’re engineers and mathematicians, like the rest of us techies, and we’re tired of them getting all the hot dates.
Rivest, Shamir & Adelman,
ReplyDeletee-commerce is my favorite commerce.
Love,
Reegs