Help! I Don’t Understand Encryption!
If the title of this article is something that's on your mind, you're not alone. As a mobile device user, you repeatedly have the subject of encryption coming up in discussions of security on everything from laptops to smartphones. But what is it, how does it work, and why does it make our brains fuzzy?
Cryptography is a matter of codes. Here is the world's simplest code: Rotation-13, also known as the Caesar cipher, and abbreviated to "Rot13". It takes the standard 26-letter English alphabet, breaks it in half into two 13-letter segments, and substitutes letters from one half for letters in the same position in the other half. A table would look like this:
ABCDEFGHIJKLM
NOPQRSTUVWXYZ
A becomes M, M becomes A, B becomes O, O becomes B, and so on. It's called a rotation because the same method can be applied to encode and decode the message. ROT13 is only good for hiding a plot spoiler or punchline to a joke on the Internet. Other rotations can be used, however; such is the case with letter-substitution puzzles, called "cryptigrams", printed in the daily newspaper. This used to be effective security in the Julian Caesar era, when you had to work it out yourself writing on a papyrus scroll.
Computers can rip any letter substitution code in an eyeblink. In fact, a cryptographer can break any letter substitution using paper and pen. For one reason, they can use a magic spell called "ETAOIN SHRDLU". You think we're pulling your leg, don't you? Go ahead, search Google for that exact phrase. We'll wait right here.
The phrase ETAOIN SHRDLU gives us the top twelve most frequently used letters in English. Using this, we can break a page of letter-substituted text using letter frequency analysis. The most frequent letter is assuredly e or t, the second most-frequent is usually e, t, or a, and so on. A few tries will reveal the shift, and the rest falls neatly into place.
So now what do we do? We can include not only the alphabet, but the digits 0-9 plus the standard punctuation characters and come up with "ROT47". Programmers know of the GNU software function, "memfrob()", which performs this action automatically. It's a "stronger" code, but we can still break it with letter frequency analysis with a bit more effort, even if we don't know what position the characters are using.
Let's say you came up with a new code. How about substituting 3 digits for each letter? You could call "A" 311, but the trick is that any combination of 311 - 113, 131 - also means "A". B could be 489, with the same method applied, so we'd know that 131948 and 113984 are "AB". We keep this up for each letter and character, then we break the string of numbers up into irregular groups - 13194 8275 5100923 453 22. We know that we only have to have the computer read the digits in in bursts of three, look the digits up in a table, and produce the decoded text. But even this can be broken without too much effort. It eventually produces a pattern, and where there's a pattern, there's a key.
But you're seeing a pattern here, right? We try to encode a message with methods that have a larger and larger pool of possibilities, and having the right decoding method is the "key", with which we can unlock the message. Small, simple algorithms are so easy to break, that it's possible to discover the "key" quickly. We want the opposite. We want algorithms that are soooo complex, that they can produce millions and millions of possibilities, with only the one true key producing the right result. When we do this, we wander away from linguistics and get into math. The method for encrypting is known as a "cipher". By using larger and more complex cyphers, we can increase the possibilities many thousands of times. Further on, we can find ciphers which are their own key - merely reversing the algorithm gives the original message - or ciphers which require a different algorithm to decrypt them. This is the difference between private-key and public-key encryption.
So, large encryption schemes work by making it impractical to crack a code by brute force; you want it so you'd literally have to run a computer for a hundred years to find the key. One of the most common forms of encryption known today, SHA-1, SHA-2, etc., have so far stayed unbreakable, but a recent mathematic proof has shown that it could have a flaw, so we're looking for SHA-3 which could be in place by 2012. The name of the game right now is to look for a new algorithm at the first sign that it could be broken, before criminals actually start breaking them.
Now, beyond this, if you're interested in learning more, there's information all over the Internet. But this at least helps break the fundamentals down to where we mortals can understand it. Know this: all encryption algorithms will eventually be broken. This is because computers get more powerful - and hence faster - all the time. And Moore's law - which, to be brief, says that integrated circuits double their power every two years - guarantees that this will continue indefinitely. Richard P. Feynman's 1960 physics lecture "There's Plenty of Room at the Bottom" proves that we will indeed be able to pack more and more processing logic into smaller and smaller space for some time to come - and after that, there's quantum computing on the horizon.
The sole saving grace of cryptography is that it is a small bit easier to invent an algorithm than it is to break it. That's the only thing saving civilization right now, because we will go on making more sophisticated algorithms and finding breaks in them only a few years later.
Filed Under: Barcoding • Security Technology
