5-2  Encryption Methods

The study and development of ways to hide information and then recover it by only the intended recipient are the bases for cryptology, a word derived from two Greek words, kryptos (hidden) and logos (word). Cryptology includes cryptography, which is the study of ways lo disguise information. Opposing cryptography is cryptanalysis, the adversarial deduction of intelligence from encrypted text. The process of encryption and decryption is carried out by a cryptosystem.

Cryptosystems are by no means new. The early Egyptians, Hebrews, Babylonians, and Assyrians all had cryptosystems. Spartans and Romans encrypted military communiques. Encryption is discussed in an Arab encyclopedia dating back to 1412.

The process is shown in Figure 1. Information or plaintext is converted into ciphertext, a cipher, or a cryptogram; the latter three terms are synonymous. The process is called encryption or encipherment.

Almost always, an encryption key is used to allow changes to the ciphering process on the assumption that the longer a key is used to encrypt traffic, the more analysis can be conducted against the traffic to derive the encryption key.[1] A new key forces an attacker to start all over again. Periodic key changes are designed to give cryptanalysts nervous breakdowns. Sometimes it works.

A decryption key is needed to reverse the encipherment process. In a single-key system, it is the same as the encryption key. Single-key systems arc also called symmetric cryptosystems. As we saw previously, the authentication systems most often implemented today are two-key asymmetric systems.

The Data Encryption Standard

Encryption algorithms used to be a deep dark secret. This all changed in 1977 when the United States federal government adopted the Data Encryption Standard (DES).

Developed by IBM under contract to the National Bureau of Standards ( now called the National Institute of Standards and Technology or NIST), the DES algorithm is publicly available to anyone who cares to look. The reason for tins is that possession of the DES algorithm does not really help an attacker.

Finding the one right key from the 76 quadrillion keys possible in DES is the real problem. To give you an idea of the difficulty, an attacker would have to test a billion keys a second in order to find the key in about a year.

The public nature of DES is a reflection of the old saw that "two can keep a secret if one of them is dead." With time, the odds of compromising a private algorithm increase. With a public algorithm, there is no such risk. Another benefit is that if public, the algorithm can be tested for weaknesses. As we noted earlier, DES is the most thoroughly tested algorithm ever, and no major weaknesses have been found since its debut in 1977.

DES implementations

For communications purposes, most DES implementations are in hardware encryption devices and use specialized DES chipsets. Software encryption and decryption are processor-intensive and press the resources of desktop computers. However, DES software implementations are commonly used to encrypt passwords and files in both network and non-network operating systems.

In 1994 the U.S. government reversed a long-standing policy that all networked DES implementations had to be in hardware. The policy was established on the basis that hardware implementations were easier to certify and harder for people to tamper with.

Conversely, software implementations were thought to be more readily compromised. The advantage to software implementation is that the product cost is generally lower and software is easier to install than encryption hardware with its attendant space and cabling needs.

The policy change has implications for private industry as well. In particular, the financial community will feel justified in implementing software encryption, pointing to the federal government as their model. It will be difficult for government auditors to disallow software encryption if the federal government is using it.

As one might expect, there is a price. NIST has published a 56-page set of rules titled Security Requirements for Cryptographic Modules that establishes four security levels for cryptographic systems. These requirements are to be implemented in software security products that will then be tested with government-developed software by independent testing laboratories for compliance.[2] To protect yourself, you should obtain a copy of the certificate of compliance before buying or leasing any such software .

Specific encryption algorithms are not named, giving the requirements more flexibility.  Both public-key encryption and digital signature technology are incorporated in the document.

Caesar Cipher

The earliest known use of a substitution cipher, and the simplest, was by Julius Caesar, The Caesar cipher involves replacing each letter of the alphabet with the letter standing three places further down the alphabet.[3] For example,

plain:    m e e  t   m e  a f t e r   t h e   t o g a  p a r t y

cipher:   P H H W   P h  DI WHU  WKH  WRJD  SDUWB

Note that the alphabet is wrapped around, so that the letter following Z. is A. We can define the transformation by listing all possibilities, as follows:

plain:      a b c d e f g h I j k l m n o p q r s t u v w x y z

cipher:     DE FG H IJ K LMNOPQRS TUVWXYZ A BC

If we assign a numerical equivalent to each letter ( a = I, b = 2, etc. ), then the algorithm can be expressed as follows. For each plaintext letter P, substitute the ciphertext letter C:

C=E(p)=(p+3)mod(26)

A shift may be of any amount, so that the general Caesar algorithm is

C=E(p)=(p+k)mod(26)

where k takes on a value in the range 1 to 25. The decryption algorithm is simply p=D(C)=(C-k)mod(26)

WORDS AND PHRASES

adversarial      敌对的

Assyrian  亚述人

asymmetric 非对称的

cipher/ciphertext  密文

compliance   顺从，依从，顺应性

compromise   受连累，受害

cryptogram      密码电文，暗号

cryptograph密码术

cryptology密码学，密码术

disguise 伪装，假装

implication牵连，含义，暗示

odds可能的机会

processor-intensive 与处理或密切相关的

quadrillion一百分的四次方

Spartan斯巴达人

symmetric对称的

tamper干预，干涉

NOTES

[1] Almost always, an encryption key is used to allow changes to the ciphering process on the assumption that the longer a key is used to encrypt traffic, the more analysis can be conducted against the traffic to derive the encryption key.

差不多用于加密过程的密钥总是假设：加密报文的密钥使用时间越长，则针对报文解开密钥的可能性越大。

[2] These requirements are to be implemented in software security products that will then be tested with government-developed software by independent testing laboratories for compliance.

为将这些要求在软件产品中实现，并且由独立的测试实验室对政府开发的软件进行顺应性测试。

[3] The Caesar cipher involves replacing each letter of the alphabet with the letter standing three places further down the alphabet.

Ceasar密码包括以位于某字符的字母顺序的后三个位置的字母取代该位置。