<A NAME="Alpha Version"></A> Bill Frantz<BR>Periwinkle<BR>16345 Englewood Ave.<BR>Los Gatos, CA 95032<BR>(408) 356-8506<BR>frantz@netcom.com

History

Cyphered Pottery Glaze formula - 1500 B.C.

Cypher like transformations in the Bible, Jeremiah 25:26, 51,41

The Greeks described substitution cyphers

The Kama-sutra lists secret writing as one of the 64 arts a woman should know and practice.

Cryptography was widely used in Europe during the Renaissance

"It must be that as soon as a culture has reached a certain level, probably measured largely by its literacy, cyptography appears spontaneously... - David Kahn, "The Code-Breakers"

Vocabulary

Plaintext - The message in its unencoded form

Cyphertext - The message as coded by the cypher system

Steganography - Concealed writing, as if no message is being sent

Cryptography - Scrambled writing, it is obvious there is a message, but it can't be read

Encode - The process of changing plaintext to cyphertext

Decode - The process of changing cyphertext back to plaintext

Cryptographic Algorithm - The mathematical functions used to encode and decode a message

Key - The information which must be kept secret if the algorithm is to provide security.

Crypto Algorithms vs. Keys

The important point is that the algorithm can be published and the system is still secure. The key is the part which must be kept secret.

Key size and security

Symmetric and Public-key Key Lengths
with Similar Resistances to Brute-Force Attacks
(from Applied Cryptography, Second Edition)

Symmetric Public-key
Key Length Key Length
56 bits 348 bits
64 bits 512 bits
80 bits 768 bits
112 bits 1792 bits
128 bits 2304 bits

Key Management

How do you distribute the keys?

In person?

By messenger?

By mail?

Public and Symmetric key systems

Until 1976 all cryptographic algorithms used the same key for encryption and decryption.

These systems are called Symmetric Key Algorithms

Public Key Algorithms use separate, but related keys for encryption and decryption.

They are designed so it is hard to calculate one of the keys from the other.

As a result, you can publish one of the keys and keep the other one secret.

Anyone who wants to send you a message can encrypt it with your public key.

Only you can decrypt it since only you know the private key.

This feature of public key systems greatly eases the key distribution problem.

Symmetric key systems are generally much faster than Public key systems.

Secure Hashes

Secure hashes create a short summary (128-256 bits) of an arbitrary length input.

They are designed so it is hard to find an input which will produce a given hash.

They are designed so it is hard to find two inputs which produce the same hash.

Secure hashes, while not designed for encypherment, appear in many cryptographic protocols

Any secure hash can be turned into a not particularly fast cypher.

Digital Signatures - Authentication, Integrity, Nonrepudiation

A number of the public key algorithms are reversable. If you encrypt something with your secret key, anyone with your public key can decrypt it.

Encrypting with your secret key acts as a signature.

Normally signatures are implemented by encrypting a secure hash of the data to be signed.

Not only does the signed secure hash authenticate that the data is from you, it also ensures that the data has not been changed (integrity), and makes it hard for you to repudiate your knowledge of the data.

Encrypting a secure hash with a shared symmetric key can provide message authentication and integrity.

Cryptographic Algorithms

Private Key Algorithms

Public Key Algorithms

Secure Hash Algorithms

Attacks on Algorithms and Protocols

Passive attacks

Active attacks

Cryptographic Protocols

All of these descriptions are grossly oversimplified. For detailed information on cryptographic protocols, please refer to the documents defining them.

Characters

Diffie-Hellman key exchange

Pretty Good Privacy (PGP)

Digicash's Ecash Protocol

Secure Electronic Transaction (SET)

IP Security (IPSEC)

Certificates and Certificate Authorities

How does Alice know a public key is Bob's and not Mallory's pretending to be Bob?

One answer is that she trusts Trent, who has signed a statement associating Bob's key with Bob

If Alice doesn't know Trent, she may know another entity, Usrula who has signed a statement saying she trusts Trent to associate keys with names.

If Alice doesn't know Usrula, she may know ... and so on to the root of a hierarchy.

The signed statements are called "certificates", and the entities who may sign certificates make up a "Certificate Hierarchy".

Verisign Inc. and the United States Postal Service are setting themselves up as the roots of Certificate Hierarchy services.

Random Numbers

In many protocols random numbers are used as session keys, blinding factors, etc.

Pseudo-random, as are produced by Kunth's random number generators are not good enough.

What is needed for crypto work is real entropy.

Jon Callas will be talking about how to generate high-entropy numbers this afternoon.

Also see: RFC1750 - ftp://ds.internic.net/rfc/rfc1750.txt

International Traffic in Arms Regulations (ITAR)

No laws limit the use of cryptography within the United States and Canada.

US law requires a license to export any encryption product.

US law requires a license to export any authentication product. This license may be easy to get unless the product can also be used for encryption.

Export licenses have been expedited for systems which use RC2 or RC4 with keys of 40 bits or less.

Senator Burns has introduced the ProCODE bill to substantially ease export restrictions.

If you are going to export a crypto product, consult a lawyer.

Patent Issues

RSA is patented by RSA Data Security Inc. in the USA only. It expires Sept 20, 2000.

Diffie-Hellman key exchange is patented by Cylink . It expires April 29, 1997.

Cylink also claims a patent on all public key cryptography. It expires Sept 19, 1997.

IDEA is patented by Ascom Systec AG, Switzerland (idea@ascom.ch).

DES is patented by IBM. The patent has expired.

RC2 and RC4 were protected by trade secret. Implementation code has been published on the net. The names are still protected by trademark. RSA Data Security Inc licenses it.

Blowfish is not patented.

ElGamel is not patented. (But see above about Cylinks claim to all public key algorithms).

I am not a lawyer. You should consult a lawyer before using these algorthms commercially.

Crypto Libraries

http://www.clark.net/pub/cme/ has source for MD5

http://www.homeport.org/~adam/crypto/ for a comparison of crypto libraries

http://www.enter.net/~chronos/cryptolog1.html has a collection of links to crypto resources

http://www.openmarket.com/techinfo/applied.htm - Internet Locations for Materials on the Disks for Applied Cryptography

Crypto++ in C++ by Wei Dai. - Has been tested under Codewarrior 2.0.

Cryptolib in C by Jack Lacy - No Mac version, C, Sparc, SGI, i486 assembler

RSAref 2.0, by RSA Data Security Inc. - Tested with Mac

SSLeay in C by Eric Young - C, gcc and system cc for Solaris 2.[34] (sparc and x86), SunOS 4.1.3, DGUX, OSF1 Alpha, HPUX 9, AIX 3.5, IRIX 5.[23], LINUX, NeXT (Intel)

The Systemics Cryptix Cryptography Library in Java or Perl by Gary Howland - Java on Win95, WinNT, Solaris, Linux, Irix.

The Cryptlib free Encryption Library in C by Peter Gutmann - Unix, DOS, windows (16 & 32 bit DLL available), Amiga

Other Net Resources

mac-crypto

cypherpunks

coderpunks

pgp-users-d

sci.crypt

sci.crypt.research

The sci.crypt FAQ

Snake Oil

There is a lot of ineffective cryptographic software out in the world. For example, there is a company called AccessData (87 East 600 South, Orem, Utah84058, phone 1-800-658-5199) that sells a package that cracks the built-in encryption schemes used by WordPerfect, Lotus1-2-3, Microsoft Excel, Symphony, Quattro Pro, Paradox, and Microsoft Word 2.0.

Let me quote from Philip Zimmermann's PGP documentation:

"When examining a cryptographic software package, the question always remains, why should you trust this product? Even if you examined the source code yourself, not everyone has the cryptographic experience to judge the security. Even if you are an experienced cryptographer, subtle weaknesses in the algorithms could still elude you.

"When I was in college in the early seventies, I devised what I believed was a brilliant encryption scheme. A simple pseudorandom number stream was added to the plaintext stream to create ciphertext. This would seemingly thwart any frequency analysis of the ciphertext, and would be uncrackable even to the most resourceful Government intelligence agencies. I felt so smug about my achievement. So cock-sure.

"Years later, I discovered this same scheme in several introductory cryptography texts and tutorial papers. How nice. Other cryptographers had thought of the same scheme. Unfortunately, the scheme was presented as a simple homework assignment on how to use elementary cryptanalytic techniques to trivially crack it. So much for my brilliant scheme.

...

"Anyone who thinks they have devised an unbreakable encryption scheme either is an incredibly rare genius or is naive and inexperienced."

The sure signs of snake oil cryptography

There are several things you can do to avoid snake oil cryptography

Essential References

For the history of cryptography: David Kahn, "The Code-Breakers", Macmillan, 1967

For currently useful cryptographic algorithms and protocols: Bruce Schneier, "Applied Cryptography, Second Edition", Wiley, 1996

Plug for a friend

Disclaimer: I receive no direct benefit from this plug.

This document was prepared with a Macintosh version of Doug Englebart's NLS. It is called Thinker and is distributed by Poor Person Software. The URL is: http://www.webcom.com/~thinker/