1Running Head: CRYPTOGRAPHY

18CRYPTOGRAPHY

CryptographyDonte FrancisTurks and Caicos Islands Community CollegeCIS2222: Project11th May 2015

Table of ContentsI. Title . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1II. Acknowledgement.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 2III. Table of Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3IV. Abstract. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4V. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5VI. Cryptography. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6VII. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16VIII. References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

AcknowledgementThis research paper would not have been made possible without God Almighty for providing me with continuous underserved grace, mercy, guidance and wisdom. Also through the support from everyone, including: teachers, family, friends, and in essence, all sentient beings. Especially, please allow me to dedicate my acknowledgment of gratitude toward the following significant advisors and contributors:

First and foremost, I would like to thank Dr. John Mubenwafor for his most support and encouragement. He kindly allowed me to present this research paper a week after the due date because of my position as National Youth Ambassador for the Turks and Caicos Islands, and Ms. Nekoda Fulford whom read my paper and offered invaluable detailed advices on grammar, organization, and the theme of the paper.

Second, I would like to thank Hon. Akierra Missick and Ms. Garde Alleyne whom assisted in advice and support, Dr. Hubert Fulford whom reproofed the paper, as well as all the other professors who have taught me about Computer Studies over the past two years of my pursuit of the associates degree.

I also would like to sincerely thank to my grandmother, Mercedes Francis and my parents, family, and friends, whom provided the advice and financial support. The product of this research paper would not be possible without all of them in particular, my grandmother.

Last but not the least, Fortis TCI, and LIME TCI for providing me with electricity and Internet access for the research and printing would not have been accomplished without them. AbstractAs the field of cryptography has advanced, the dividing lines for what is and what is not cryptography have become blurred. Cryptography today might be summed up as the study of techniques and applications that depend on the existence of difficult problems. Cryptanalysis is the study of how to compromise (defeat) cryptographic mechanisms; is the discipline of cryptography and cryptanalysis combined. To most people, cryptography is concerned with keeping communications private. Indeed, the protection of sensitive communications has been the emphasis of cryptography throughout much of its history. However, this is only one part of today's cryptography.Encryption is the transformation of data into a form that is as close to impossible as possible to read without the appropriate knowledge (a key). Its purpose is to ensure privacy by keeping information hidden from anyone for whom it is not intended, even those who have access to the encrypted data. Decryption is the reverse of encryption; it is the transformation of encrypted data back into an intelligible form.Encryption and decryption generally require the use of some secret information, referred to as a key. For some encryption mechanisms, the same key is used for both encryption and decryption.Today's cryptography is more than encryption and decryption; it allows us to pay using electronic money, keep businesses safe from hackers and human kind out of chaos- in a nutshell, cryptography is a lifesaver.Keywords: dividing lines, mechanisms, key, nutshell

IntroductionImagine a world where your identity can be stolen at random, your funds magically disappearing from your banking accounts, and companies having access to their competitors company records; where there is no such thing as privacy and no one can be held accountable. Today, fortunately that nightmare does not exist because of cryptography; the evolutionary need for the modern world. The process of encrypting (the conversion of messages from a comprehensible form into an incomprehensible one and back again at the other end, rendering it unreadable by interceptors or eavesdroppers without secret knowledge (namely the key needed for decryption of that message)) and decrypting (the reversal of encrypting) messages to and from the sender and receiver to maintain integrity, secrecy and/or protection of confidential information is known as cryptography.

CryptographyBefore the modern era, cryptography was concerned solely with message confidentiality (i.e., encryption). Encryption was used to (attempt to) ensure secrecy in communications, such as those of spies, military leaders, and diplomats. Where as in recent decades, the field has expanded beyond confidentiality concerns to include techniques for message integrity checking, sender/receiver identity authentication, digital signatures, and interactive proofs and secure computation, among others. The earliest known use of cryptography was in Egypt (ca 1900 BCE) where cipher text (the conversion of an original message known as plain text to a hidden message) was carved into a stone. Over the years this one encryption from stone has been converted into several different types of cryptography thus benefiting all aspects of the world; leading cryptography being key to avoiding world chaos. However, although cryptography might be safe, it can be breakable.The first types of cryptography are terminologically known as classical cipher types. The main classical cipher types are transposition ciphers, which rearrange the order of letters in a message (e.g., 'hello world' becomes 'ehlol owrdl' in a trivially simple rearrangement scheme), and substitution ciphers, which systematically replace letters or groups of letters with other letters or groups of letters (e.g., 'fly at once' becomes 'gmz bu podf' by replacing each letter with the one following it in the Latin alphabet). An early substitution cipher was the Caesar cipher, in which each letter in the plaintext was replaced by a letter some fixed number of positions further down the alphabet. Caesar Cipher, also known as Caesar's cipher, the shift cipher, Caesar's code or Caesar shift, is one of the simplest and most widely known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions down the alphabet. For example, with a left shift of 3, D would be replaced by A, then E would become B, and so on. The method is named after Julius Caesar, who used it in his private correspondence. In ancient times, the first known transposition cipher was the Scytale cipher, which is a tool consisting of a cylinder with a strip of parchment wound around it on which is written a message. Shchenkos (2002) study argued that the ancient Greeks, and the Spartans (the people of the city-state Sparta in ancient Greece) in particular, are said to have used this cipher to communicate during military campaigns (Shchenko, 2002). During these times, cryptography was taken seriously to protect information such as practicing acts of messages being tattooed on a slave's shaved head and concealed under the regrown hair. However, cipher-texts produced by a classical cipher were discovered to always reveal some sort of statistical information that would lead into frequency analysis (a method of decrypting classical ciphers by statistical information), which is the first cryptanalysis technique (the study of analysing information systems in order to study the hidden aspects of the systems).You could now imagine how much of a breakthrough it was for the discovery of decrypting classical ciphers for eavesdroppers. According to Singhs (2000) publication, after the discovery of frequency analysis, perhaps by the Arab mathematician and polymath Al-Kindi (also known as Alkindus) in the 9th century (Singh, 2000), nearly all such ciphers became more or less readily breakable by any informed attacker. Such classical ciphers still enjoy popularity today, though mostly as puzzles.In further support of this finding, Al-Kadis (1992) study hypothesized essentially, all ciphers remained vulnerable to cryptanalysis using the frequency analysis technique until the development of the polyalphabetic cipher, most clearly by Leon Battista Alberti around the year 1467 (Al-Kadi, 1992). He also invented what was probably the first automatic cipher device, a wheel which implemented a partial realisation of his invention. Schrdels (2008) research supported that in the polyalphabetic Vigenre cipher, encryption uses a key word, which controls letter substitution depending on which letter of the key word is used (Schrdel 2008).Although frequency analysis can be a powerful and general technique against many ciphers, encryption has still often been effective in practice, as many a would-be cryptanalyst was unaware of the technique. Breaking a message without using frequency analysis essentially required knowledge of the cipher used and perhaps of the key involved, thus making espionage, bribery, burglary, defection, etc., more attractive approaches to the cryptanalytically uninformed. It was finally explicitly recognised in the 19th century that secrecy of a cipher's algorithm is not a sensible or practical safeguard of message security; in fact, it was further realised that any adequate cryptographic scheme (including ciphers) should remain secure even if the adversary fully understands the cipher algorithm itself. Security of the key used should alone be sufficient for a good cipher to maintain confidentiality under an attack.Hakims (1995) study agreed that many mechanical encryption/decryption devices were invented early in the 20th century, and several patented, among them rotor machinesfamously including the Enigma machine used by the German government and military from the late 1920s and during World War II (Hakim, 1995). According to Gannon (2001), the ciphers implemented by better quality examples of these machine designs brought about a substantial increase in cryptanalytic difficulty after WWI (Gannon, 2001).To the verge of entering the computer era of cryptography, cryptanalysis of the new mechanical devices proved to be both difficult and laborious. In the United Kingdom, cryptanalytic efforts at Bletchley Park during WWII spurred the development of more efficient means for carrying out repetitious tasks. This culminated in the development of the Colossus, the world's first fully electronic, digital, programmable computer, which assisted in the decryption of ciphers generated by the German Army's Lorenz SZ40/42 machine. Just as the development of digital computers and electronics helped in cryptanalysis, it made possible much more complex ciphers. Furthermore, computers allowed for the encryption of any kind of data representable in any binary format, unlike classical ciphers, which only encrypted written language texts; this was new and significant.Nonetheless, good modern ciphers have stayed ahead of cryptanalysis; it is typically the case that use of a quality cipher is very efficient (i.e., fast and requiring few resources, such as memory or CPU capability), while breaking it requires an effort many orders of magnitude larger, and vastly larger than that required for any classical cipher, making cryptanalysis so inefficient and impractical as to be effectively impossible. Extensive open academic research into cryptography is relatively recent; it began only in the mid-1970s. Diffie and Hellmans (1976) research supported that in recent times, IBM personnel designed the algorithm that became the Federal (i.e., US) Data Encryption Standard; Whitfield Diffie and Martin Hellman published their key agreement algorithm (Diffie, Hellman, 1976). Since then, cryptography has become a widely used tool in communications, computer networks, and computer security generally.As well as being aware of cryptographic history, cryptographic algorithm and system designers must also sensibly consider probable future developments while working on their designs. Blaze et al. (1996) study indicated that for instance, continuous improvements in computer processing power have increased the scope of brute-force attacks, so when specifying key lengths, the required key lengths are similarly advancing (Blaze, Diffie, Rivest, Schneier, Schimomura, Thompson, Wiener, 1996). Essentially, prior to the early 20th century, cryptography was chiefly concerned with linguistic and lexicographic patterns. Since then the emphasis has shifted, and cryptography now makes extensive use of mathematics, including aspects of information theory, computational complexity, statistics, combinatorics, abstract algebra, number theory, and finite mathematics generally.The modern field of cryptography is computerised and can be divided into two kinds, symmetric-key and asymmetric-key cryptography. Symmetric-key cryptography refers to encryption methods in which both the sender and receiver share the same key (a unique way of decrypting messages), or, less commonly, in which their keys are different, but related in an easily computable way. According to Diffie and Hellmans (1976) study, this was the only kind of encryption publicly known until June 1976 (Diffie, Hellman, 1976). Symmetric-key ciphers are implemented as either block ciphers or stream ciphers. A block cipher enciphers input in blocks of plaintext as opposed to individual characters, the input form used by a stream cipher. The first type of symmetric-key cryptography is the cryptographic hash functions. They take a message of any length as input, and output a short, fixed length hash, which can be used in (for example) a digital signature. For good hash functions, an attacker cannot find two messages that produce the same hash. Another type of a symmetric-key cryptography concept is the Message Authentication Codes. Menezes et al. s publication proved that, it was much like cryptographic hash functions, except that a secret key can be used to authenticate the hash value upon receipt (Menezes, van Oorschot, Vanstone), this additional complication blocks an attack scheme against bare digest algorithms, and so has been thought worth the effort. In contrast to the symmetric-key cryptography concept, the asymmetric-key (also known as public-key cryptography) cryptographic concept includes two keys compared to one in the symmetric-key cryptography concept. According to Diffie and Hellmans (1976) study:In public-key cryptosystems, the public key may be freely distributed, while its paired private key must remain secret. In a public-key encryption system, the public key is used for encryption, while the private or secret key is used for decryption. While Diffie and Hellman could not find such a system, they showed that public-key cryptography was indeed possible by presenting the DiffieHellman key exchange protocol, a solution that is now widely used in secure communications to allow two parties to secretly agree on a shared encryption key.Kahns (1979) study supported that himself, as a historian, David Kahn, described public-key cryptography as "the most revolutionary new concept in the field since polyalphabetic substitution emerged in the Renaissance" (Kahn, 1979). Diffie and Hellman's publication sparked widespread academic efforts in finding a practical public-key encryption system. According to Rivest et al. s (1978) research, they themselves, whose solution has since become known as the RSA algorithm, finally won this race in 1978. (Rivest, Shamir, Adleman, 1978).Schneiers (1996) study found the following:Public-key cryptography can also be used for implementing digital signature schemes. A digital signature is reminiscent of an ordinary signature; they both have the characteristic of being easy for a user to produce, but difficult for anyone else to forge. Digital signatures can also be permanently tied to the content of the message being signed; they cannot then be 'moved' from one document to another, for any attempt will be detectable. In digital signature schemes, there are two algorithms: one for signing, in which a secret key is used to process the message (or a hash of the message, or both), and one for verification, in which the matching public key is used with the message to check the validity of the signature. RSA and DSA are two of the most popular digital signature schemes. Digital signatures are central to the operation of public key infrastructures and many network security schemes (e.g., SSL/TLS, many VPNs, etc.).All in all, it is a common misconception that every encryption method can be broken. Cryptanalysis of symmetric-key ciphers typically involves looking for attacks against the block ciphers or stream ciphers that are more efficient than any attack that could be against a perfect cipher. Much public-key cryptanalysis concerns numerical algorithms for solving these computational problems, or some of them, efficiently (i.e., in a practical time).However, much like every aspect of life, law enforcement seems to make their presence to protect the people of the earth from illegal acts. Cryptography has long been of interest to intelligence gathering and law enforcement agencies. Secret communications may be criminal or even treasonous. Because of its facilitation of privacy, and the diminution of privacy attendant on its prohibition, cryptography is also of considerable interest to civil rights supporters. Accordingly, there has been a history of controversial legal issues surrounding cryptography, especially since the advent of inexpensive computers has made widespread access to high quality cryptography possible.In some countries, even the domestic use of cryptography is, or has been, restricted. Until 1999, France significantly restricted the use of cryptography domestically, though it has since relaxed many of these rules. According to Crypto Law Survey (2013), In China and Iran, a license is still required to use cryptography. Many countries have tight restrictions on the use of cryptography. According to EMC Website, Among the more restrictive are laws in Belarus, Kazakhstan, Mongolia, Pakistan, Singapore, Tunisia, and Vietnam. Link: (http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/cryptographic-policies-countries.htm)In the United States, cryptography is legal for domestic use, but there has been much conflict over legal issues related to cryptography. One particularly important issue has been the export of cryptography and cryptographic software and hardware. Probably because of the importance of cryptanalysis in World War II and an expectation that cryptography would continue to be important for national security, many Western governments have, at some point, strictly regulated export of cryptography. Rosenoers (1995) argues that After World War II, it was illegal in the US to sell or distribute encryption technology overseas; in fact, encryption was designated as auxiliary military equipment and put on the United States Munitions List (Rosenoer, 1995). Until the development of the personal computer, asymmetric key algorithms (i.e., public key techniques), and the Internet, this was not especially problematic. However, as the Internet grew and computers became more widely available, high-quality encryption techniques became well known around the globe.According to PC Worlds Website, In the United Kingdom, the Regulation of Investigatory Powers Act gives UK police the powers to force suspects to decrypt files or hand over passwords that protect encryption keys. Failure to comply is an offense in its own right, punishable on conviction by a two-year jail sentence or up to five years in cases involving national security.Link:(http://www.pcworld.com/article/137881/uk_data_encryption_disclosure_law_takes_effect.html)All in all, much of what was defined as cryptography does not really explain how cryptography and all of its fancy techniques and concepts benefits anyone other than computer scientists, world war soldiers and historians. In fact, as mentioned in the beginning of this technical essay, cryptography, in a nutshell, is waking up from a nightmare of secrecy non-existence; it benefits everyone; it is how businesses make better profits compared to their competitors.Cryptography has become so great in modern times that we can use these techniques to secure data such as debit and credit card, voting, private calls, password, email information and so on. I could write a million words worth of scenarios in which cryptography has benefited the world but needless to say it explains itself.Nonetheless, on the verge of closing, I will illustrate a prime example of how great cryptography is by giving an scenario of what happened to Adobe, a multimillionaire business that could have lost everything in the space of no time. In October of the year 2013, Adobe announced the sad news that their customer IDs, passwords, and information relating to nearly 3 million Adobe customers, including credit and debit card numbers were accessed by hackers (a group of people that seeks and exploits weaknesses in a computer system or computer network). BBC World News reported the number of accounts that was breached was much greater 38 million! This is in addition to the loss of source code to Photoshop, its popular photo editing software package.When this happens, it is a very bad day; it is a nightmare; it is 38 million nightmares. Their fortress of information protection has now been breached and 38 million data horses have run out of the barn. However, there is a diamond of good news in their announcement. They have encrypted data (this is the part where you wake up from the nightmare). Although data was taken from Adobe, some of it was encrypted. Specifically, passwords as well as credit and debit card numbers were encrypted. This is a strike against the perpetrators.However, imagine if they caught the hackers and could not sue them a massive dose of medication to make you go back into the nightmare again right? As mentioned earlier in this essay, there are laws in place for things like this so that lifts the burden on companies when their data is breached. Data integrity is great but the fact that much of the data that was stolen was encrypted is a saving grace for Adobe. The tools of encryption and key management can (and should, especially after this scenario) be applied at numerous layers of business to protect, isolate, and control data. The technology is well known and standardised. It is predictable and manageable and in no-way should be considered a scary technology that only the most advanced technical experts can understand and manage such as computer scientists, the military or historians.

ConclusionIn conclusion, we can therefore agree that cryptography is not alone the process of encrypting and decrypting confidential information; it is the evolutionary need for life. As technical and complicated as it might be described throughout any research paper, it is easy to deploy and use and provides a strong protection against data thieves. When we look at events such as those that unfortunately happened to Adobe, we will look in detail at what went wrong, but too infrequently, we forget to ask about those things that went right. In adobes case, the answer to the question is simple: they encrypted their data.

ReferencesAl-Kadi, Ibrahim A. (April 1992). "The origins of cryptology: The Arab contributions". Cryptologia 16 (2): 97126.Blaze, Matt; Diffie, Whitefield; Rivest, Ronald L.; Schneier, Bruce; Shimomura, Tsutomu; Thompson, Eric; Wiener, Michael (January 1996). "Minimal key lengths for symmetric ciphers to provide adequate commercial security". Fortify. Retrieved 26 March 2015. Ciccarelli, S. K., & White, J. N. (2010). Psychology (3rd Edition). United States of America, 12-13.Diffie, Whitfield; Hellman, Martin (November 1976). "New Directions in Cryptography" (pdf). IEEE Transactions on Information Theory. IT-22: 644654. Hakim, Joy (1995). A History of US: War, Peace and all that Jazz. New York: Oxford University Press. ISBN 0-19-509514-6.Kahn, David (Fall 1979). "Cryptology Goes Public". Foreign Affairs 58 (1): 153.Menezes, A. J.; van Oorschot, P. C.; Vanstone, S. A. Handbook of Applied Cryptography. ISBN 0-8493-8523-7. Nolen-Hocksema, S., Fredrickson, B. L., Loftus, G. R., & Wagenaar, W. A. (2009). Atkinson & Hilgards Introduction to Psychology (15th Edition ed.). (J. Clark, & L. Dawson-Bowling, Eds.) Pat Bond, 5.Rivest, Ronald L.; Shamir, A.; Adleman, L. (1978). "A Method for Obtaining DigitalRosenoer, Jonathan (1995). "CRYPTOGRAPHY & SPEECH". CyberLaw. Archived December 1, 2005 at the Wayback MachineSchneier, Bruce (1996). Applied Cryptography (2nd ed.). Wiley. ISBN 0-471-11709-9."Overview per country". Crypto Law Survey. February 2013. Retrieved 26 March 2015.Schrdel, Tobias (October 2008). "Breaking Short Vigenre Ciphers". Cryptologia 32 (4): 334337. doi:10.1080/01611190802336097.Shchenko, V. V. (2002). Cryptography: an introduction. AMS Bookstore. p. 6. ISBN 0-8218-2986-6.Signatures and Public-Key Cryptosystems". Communications of the ACM (Association for Computing Machinery) 21 (2): 120126.Archived November 16, 2001 at the Wayback MachinePreviously released as an MIT "Technical Memo" in April 1977, and published in Martin Gardner's Scientific American Mathematical recreations columnSingh, Simon (2000). The Code Book. New York: Anchor Books. pp. 1420. ISBN 9780385495325."6.5.1 WHAT ARE THE CRYPTOGRAPHIC POLICIES OF SOME COUNTRIES?". RSA Laboratories. Retrieved 26 March 2015.http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/cryptographic-policies-countries.htm"UK Data Encryption Disclosure Law Takes Effect". PC World. 1 October 2007. Retrieved 26 March 2015. (http://www.pcworld.com/article/137881/uk_data_encryption_disclosure_law_takes_effect.html)