2.11 Where the Field Is Headed

< Free Open Study >

2.11 Where the Field Is Headed

Throughout history, cryptography has attracted a select few to perform basic research. The world always needs new and better algorithms, while at the same time, governments and others are continually looking for ways to break those algorithms.

Cryptography is not a field for amateurs. One word processor manufacturer found much to its chagrin that the encryption feature it had built into its product could be broken with a ciphertext -only attack in minutes with pencil and paper. Another browser manufacturer found that its means of generating cryptographic keys was predictable. Both of these companies had employed ordinarily smart developers but had not taken the step of involving an expert in cryptography. So while your homemade cipher may be adequate to protect e-mail messages to your friends , for serious use you should rely on the knowledge of professional cryptographers. Typically, professional cryptographers have done significant advanced study, often obtaining doctorates in advanced mathematics.

One interesting problem cryptographers are currently exploring is called "watermarking." The root of the problem is a need to protect digital data from unauthorized copying. How can someone tell by looking at a digital image picture file whether you took a similar photograph yourself or whether you have an unauthorized copy of a copyrighted publication? By embedding a cryptographic string, or watermark, a legitimate author can demonstrate the origin of the file. This research is the subject of papers at cryptographic forums such as the Crypto and EuroCrypt conferences.

Another major research and development topic, certificate and public key infrastructures , was addressed briefly in this chapter and is covered in Chapter 7.

< Free Open Study >

2.12 To Learn More

This chapter does not present much of the history of encryption. Because encryption has been used for military and diplomatic communications, many of the stories are fascinating. David Kahn's thorough study of encryption [KAH67, KAH96] still stands as the masterpiece. Other interesting sources are the works by Friedman [FRI76a], [FRI76b], and [FRI76c]; [DEA85]; [BAM82]; and [YAR31].

The highly readable presentation of elementary cryptography by Sinkov [SIN66] is well worth study. A more precise and mathematical analysis is done by Konheim [KON80] and Meyer and Matyas [MEY82]. Many more simple encryption algorithms are presented in [FOS82]. Singh [SIN99] presents an overview of the history of cryptography from primitive days to modern commercial uses. Schneier's book [SCH96] gives up-to-date and detailed description of practically all encryption systems.

< Free Open Study >

2.13 Exercises

The first several exercises ask you to decrypt a piece of ciphertext . Each of these is an English prose quotation. More important than the precise quotation is the process you use to analyze the encryption. Justify your answer by describing the various tests you performed and the results you obtained for those tests.

1:	Decrypt the following encrypted quotation. fqjcb rwjwj vnjax bnkhj whxcq nawjv nfxdu mbvnu ujbbf nnc
2:	Decrypt the following encrypted quotation. oczmz vmzor jocdi bnojv dhvod igdaz admno ojbzo rcvot jprvi oviyv aozmo cvooj ziejt dojig toczr dnzno jahvi fdiyv xcdzq zoczn zxjiy
3:	Decrypt the following encrypted quotation. pbegu uymiq icuuf guuyi qguuy qcuiv fiqgu uyqcu qbeme vp
4:	Decrypt the following encrypted quotation. jrgdg idxgq anngz gtgtt sitgj ranmn oeddi omnwj rajvk sexjm dxkmn wjrgm ttgdt gognj ajmzg ovgki nlaqg tjamn xmsmj jrgko jtgnw jrgnj rgvat tmgta wamno jjrgw izgtn sgnji babgu
5:	Decrypt the following encrypted quotation. ejitp spawa qleji taiul rtwll rflrl laoat wsqqj atgac kthls iraoa twlpl qjatw jufrh lhuts qataq itats aittk stqfj cae
6:	Decrypt the following encrypted quotation. auqrq rkrzd dmhxk ageho kfalu hkmog rlagm hznhf fhglm hkrlh mvzmr znvir klhgl vhodw krnra przgr jozdl vzkra gmvrw almka xomah gmvrf zbhka mtqho dwxre dzwmh mzcro imvra khqgz gwwri zkm
7:	Decrypt the following encrypted quotation. jmjmj gsmsg lrjgu csqyj quflr mfajq erdmc cmqlv lqyhg gawgq arpgq sblce jrlrj lnemc cyjqu flrmf ajqer d
8:	Decrypt the following encrypted quotation. vcwpc kwblm smljy glbgu gbtwj jyats lwsgm lwjjy vcrfc rikwl qjwte fscpw lbgqm jwscb ktpbc pqats vfwsm dvwpw lbsfc ktrfu wtlsc brpgk cmdqj wtefs cpgle vfmjc ncmnj cq
9:	Decrypt the following encrypted quotation. ptgpz ggprf bdkrg pequt tngtf ggpzf zfqgp tukrw wkzfg kquyd qxwzu ltuet zfrfl ptgpz ggprf bdkrg pequt dhmgw tgokr wwdtt bxqug tuedq xequt fraty rdaur erfzg rqfot gjzfr gorfa wrftd hdgqx rfyxz hwgdz fokpt utuzg ptugp zfrfq hudtw jtdpt gpzgu tzydz fyluq kdfqk rdtud hdcta gdfqg prdqk fytxr artfa omhga qecwz rfdqx pzuyk quydz fyqmd ahutd tfgtf atdzf yzdbd kpomq qbdzu tkurg gtfkp rapaz ffqgm thfyt udgqq y
10:	Decrypt the following encrypted quotation. mszkx ijddj nzatm lrkdj mlwmc qrktj tnwir zatnj bxdrj amlrs zxrzd dbjbk wsrir mlrxc icnic qrkza tmlrb cbriz mlkco mnizx r
11:	Decrypt the following encrypted quotation. gahzh zgaff irfcc fqgmx eefsp xmgab bxscy gadgb afqbf dsfzh rvhqm xsgnq fxmgf qgafz nsmfh gxmxn sxbqk faduh xnsbf jdvft nhcgp xmxns yhzdz gfszg afznq gafjx xqdqy gafzg dszdz hmbfb fsfuh ccdhq zkpqf rfzzh gpmxx czkpa fdufq cprxj enczh xq
12:	Decrypt the following encrypted quotation. gasaz afxfk hqbzp zbqnq hfkqf zdfgr gsaaf afdfz fzujz fhhxh irxxg rvnqp fhsdm cqbqx cmfyx fxjgc qsdaz ggvfk mnfzp xqtga efndf exhsd fmczu sggdf pfpzq xqxhc mgmmp gaxbr afnfx bzsbj bnyfe xshsn smzfc cfduz yhzhh gggcx axfcq dmsdi
13:	What characteristics would make an encryption absolutely unbreakable ? What characteristics would make an encryption impractical to break?
14:	Does a substitution need to be a permutation of the plaintext symbols? Why or why not?
15:	Explain why the product of two relatively simple ciphers, such as a substitution and a transposition, can achieve a high degree of security.
16:	How would you test a piece of ciphertext to determine quickly if it was likely the result of a simple substitution?
17:	How would you test a piece of ciphertext to determine quickly if it was likely the result of a transposition?
18:	Suggest a source of a very long sequence of unpredictable numbers . Your source must be something that both the sender and receiver can readily access but that is not obvious to outsiders and is not transmitted directly from sender to receiver.
19:	Given the speed of a current ordinary computer (for home or light office use), estimate the amount of time necessary to crack a DES encryption by testing all 2 ⁵⁶ possible keys. Make a similar estimate for a 128-bit AES key.
20:	List three kinds of data whose lifetime (amount of time for which confidentiality protection is needed) is approximately one day. List three whose lifetime is closer to one year. List three whose lifetime is closer to one century.
21:	Obtain manufacturers' specifications on two current cryptographic products for the same algorithm, such as AES, DES, a proprietary algorithm from the manufacturer, or some other algorithm. The products should have different implementations , such as one in hardware and the other software, or one on a smart card and one in software. Determine the amount of time it would take to encrypt a block of characters of some modest size (for example, 3,000 characters ) with each.
22:	List three applications in which a stream cipher would be desirable. Are applications for block ciphers more prevalent ? Why or why not? Why do you think this is true?
23:	Are DES and AES stream or block ciphers?
24:	What are the risks in the U.S. government's selecting a cryptosystem for widespread commercial use (both inside and outside the United States)? How could users from outside the United States overcome some or all of these risks?
25:	DES and AES are both " turn the handle" algorithms in that they use repetition of some number of very similar cycles. What are the advantages (to implementer, users, cryptanalysts, etc.) of this approach?
26:	Why should exportability be a criterion for selection of a cryptographic standard?
27:	How do the NIST criteria for selection of DES and AES relate to Shannon's original standards of a good cryptographic system? What are the significant differences? How do these standards reflect a changed environment many years after Shannon wrote his standards?
28:	Obtain the manufacturer's specifications for a commercial product that performs symmetric encryption (e.g., a DES, AES, or proprietary encryption module). Obtain specifications for an asymmetric algorithm (from the same or a different manufacturer). What is the expected time for each to encrypt a short (e.g., 1,500-character) piece of plaintext?
29:	If the useful life of DES was about 20 years (1977 “1999), how long do you predict the useful life of AES to be? Justify your answer.
30:	Assume you are in charge of product development for a company that makes cryptographic equipment. At its simplest, a cryptographic implementation is a black box: insert key, insert plaintext, press "start," retrieve ciphertext. And for the same algorithm, these so-called black boxes from different manufacturers will be very similar. What other features or capabilities would differentiate your cryptographic product from the competition. Be specific. Do not simply say " user interface," for example, but list specific features of capabilities you think users would like to have.
31:	Should a cryptographic product manufacturer try to develop an "all in one" product that could perform, for example, DES, AES, and RSA cryptography? Why or why not?