Applied Cryptography: Protocols, Algorithms and Source …

Praise for Applied Cryptography

“This book should be on the shelf of any computer professional involved in the use or implementation of cryptography.” IEEE Software

“An encyclopedic survey … could well have been subtitled ‘The Joy of Encrypting’ … a useful addition to the library of any active or would-be security practitioner.” Cryptologia

“…the best introduction to cryptography I’ve ever seen…The book the National Security Agency wanted never to be published…” Wired magazine

“…easily ranks as one of the most authoritative in its field…” PC magazine

“…monumental…fascinating…comprehensive…the definitive work on cryptography for computer programmers…” Dr. Dobb’s journal

Written by the world’s most renowned security technologist this special Anniversary Edition celebrates 20 years for the most definitive reference on cryptography ever published, Applied Cryptography, Protocols, Algorithms, and Source Code in C. Inside security enthusiasts will find a compelling introduction by author Bruce Schneider written specifically for this keepsake edition.

Included in this edition:

Link:
Applied Cryptography: Protocols, Algorithms and Source …

Export of cryptography from the United States – Wikipedia

The export of cryptographic technology and devices from the United States was severely restricted by U.S. law until 1992, but was gradually eased until 2000; some restrictions still remain.

Since World War II, many governments, including the U.S. and its NATO allies, have regulated the export of cryptography for national security reasons, and, as late as 1992, cryptography was on the U.S. Munitions List as an Auxiliary Military Equipment.[2]

Due to the enormous impact of cryptanalysis in World War II, these governments saw the military value in denying current and potential enemies access to cryptographic systems. Since the U.S. and U.K. believed they had better cryptographic capabilities than others, their intelligence agencies tried to control all dissemination of the more effective crypto techniques. They also wished to monitor the diplomatic communications of other nations, including those emerging in the post-colonial period and whose position on Cold War issues was vital.[3]

The First Amendment made controlling all use of cryptography inside the U.S. illegal, but controlling access to U.S. developments by others was more practical there were no constitutional impediments.

Accordingly, regulations were introduced as part of munitions controls which required licenses to export cryptographic methods (and even their description); the regulations established that cryptography beyond a certain strength (defined by algorithm and length of key) would not be licensed for export except on a case-by-case basis. This policy was also adopted elsewhere for various reasons.

The development and public release of Data Encryption Standard (DES) and asymmetric key techniques in the 1970s, the rise of the Internet, and the willingness of some to risk and resist prosecution, eventually made this policy impossible to enforce, and by the late 1990s it was being relaxed in the U.S., and to some extent (e.g., France) elsewhere. As late as 1997, NSA officials in the US were concerned that the widespread use of strong encryption will frustrate their ability to provide SIGINT regarding foreign entities, including terrorist groups operating internationally. NSA officials anticipated that the American encryption software backed by an extensive infrastructure, when marketed, was likely to become a standard for international communications.[4] In 1997, Louis Freeh, then the Director of the FBI, said

For law enforcement, framing the issue is simple. In this time of dazzling telecommunications and computer technology where information can have extraordinary value, the ready availability of robust encryption is essential. No one in law enforcement disputes that. Clearly, in today’s world and more so in the future, the ability to encrypt both contemporaneous communications and stored data is a vital component of information security.

As is so often the case, however, there is another aspect to the encryption issue that if left unaddressed will have severe public safety and national security ramifications. Law enforcement is in unanimous agreement that the widespread use of robust non-key recovery encryption ultimately will devastate our ability to fight crime and prevent terrorism. Uncrackable encryption will allow drug lords, spies, terrorists and even violent gangs to communicate about their crimes and their conspiracies with impunity. We will lose one of the few remaining vulnerabilities of the worst criminals and terrorists upon which law enforcement depends to successfully investigate and often prevent the worst crimes.

For this reason, the law enforcement community is unanimous in calling for a balanced solution to this problem.[5]

In the early days of the Cold War, the U.S. and its allies developed an elaborate series of export control regulations designed to prevent a wide range of Western technology from falling into the hands of others, particularly the Eastern bloc. All export of technology classed as ‘critical’ required a license. CoCom was organized to coordinate Western export controls.

Two types of technology were protected: technology associated only with weapons of war (“munitions”) and dual use technology, which also had commercial applications. In the U.S., dual use technology export was controlled by the Department of Commerce, while munitions were controlled by the State Department. Since in the immediate post WWII period the market for cryptography was almost entirely military, the encryption technology (techniques as well as equipment and, after computers became important, crypto software) was included as a Category XIII item into the United States Munitions List. The multinational control of the export of cryptography on the Western side of the cold war divide was done via the mechanisms of CoCom.

By the 1960s, however, financial organizations were beginning to require strong commercial encryption on the rapidly growing field of wired money transfer. The U.S. Government’s introduction of the Data Encryption Standard in 1975 meant that commercial uses of high quality encryption would become common, and serious problems of export control began to arise. Generally these were dealt with through case-by-case export license request proceedings brought by computer manufacturers, such as IBM, and by their large corporate customers.

Encryption export controls became a matter of public concern with the introduction of the personal computer. Phil Zimmermann’s PGP cryptosystem and its distribution on the Internet in 1991 was the first major ‘individual level’ challenge to controls on export of cryptography. The growth of electronic commerce in the 1990s created additional pressure for reduced restrictions.

In 1992, a deal between NSA and the SPA made 40-bit RC2 and RC4 encryption easily exportable using a Commodity Jurisdiction (which transferred control from the State Department to the Commerce Department). At this stage Western governments had, in practice, a split personality when it came to encryption; policy was made by the military cryptanalysts, who were solely concerned with preventing their ‘enemies’ acquiring secrets, but that policy was then communicated to commerce by officials whose job was to support industry.

Shortly afterward, Netscape’s SSL technology was widely adopted as a method for protecting credit card transactions using public key cryptography. Netscape developed two versions of its web browser. The “U.S. edition” supported full size (typically 1024-bit or larger) RSA public keys in combination with full size symmetric keys (secret keys) (128-bit RC4 or 3DES in SSL 3.0 and TLS 1.0). The “International Edition” had its effective key lengths reduced to 512 bits and 40 bits respectively (RSA_EXPORT with 40-bit RC2 or RC4 in SSL 2.0, SSL 3.0 and TLS 1.0), by zero-padding 88 bits of the normal 128-bit symmetric key[6]. Acquiring the ‘U.S. domestic’ version turned out to be sufficient hassle that most computer users, even in the U.S., ended up with the ‘International’ version,[7] whose weak 40-bit encryption could be broken in a matter of days using a single computer. A similar situation occurred with Lotus Notes for the same reasons.

Legal challenges by Peter Junger and other civil libertarians and privacy advocates, the widespread availability of encryption software outside the U.S., and the perception by many companies that adverse publicity about weak encryption was limiting their sales and the growth of e-commerce, led to a series of relaxations in US export controls, culminating in 1996 in President Bill Clinton signing the Executive order 13026[8] transferring the commercial encryption from the Munition List to the Commerce Control List. Furthermore, the order stated that, “the software shall not be considered or treated as ‘technology'” in the sense of Export Administration Regulations. The Commodity Jurisdiction process was replaced with a Commodity Classification process, and a provision was added to allow export of 56-bit encryption if the exporter promised to add “key recovery” backdoors by the end of 1998. In 1999, the EAR was changed to allow 56-bit encryption and 1024-bit RSA to be exported without any backdoors, and new SSL cipher suites were introduced to support this (RSA_EXPORT1024 with 56-bit RC4 or DES). In 2000, the Department of Commerce implemented rules that greatly simplified the export of commercial and open source software containing cryptography, including allowing the key length restrictions to be removed after going through the Commodity Classification process.[9]

This section needs to be updated. Please update this article to reflect recent events or newly available information. (October 2016)

As of 2009[update], non-military cryptography exports from the U.S. are controlled by the Department of Commerce’s Bureau of Industry and Security.[10] Some restrictions still exist, even for mass market products, particularly with regard to export to “rogue states” and terrorist organizations. Militarized encryption equipment, TEMPEST-approved electronics, custom cryptographic software, and even cryptographic consulting services still require an export license[10](pp.67). Furthermore, encryption registration with the BIS is required for the export of “mass market encryption commodities, software and components with encryption exceeding 64 bits” (75 FR 36494). In addition, other items require a one-time review by, or notification to, BIS prior to export to most countries.[10] For instance, the BIS must be notified before open-source cryptographic software is made publicly available on the Internet, though no review is required.[11] Export regulations have been relaxed from pre-1996 standards, but are still complex.[10] Other countries, notably those participating in the Wassenaar Arrangement,[12] have similar restrictions.[13]

U.S. non-military exports are controlled by Export Administration Regulations (EAR), a short name for the U.S. Code of Federal Regulations (CFR) Title 15 chapter VII, subchapter C.

Encryption items specifically designed, developed, configured, adapted or modified for military applications (including command, control and intelligence applications) are controlled by the Department of State on the United States Munitions List.

Encryption export terminology is defined in EAR part 772.1.[14] In particular:

Export destinations are classified by the EAR Supplement No. 1 to Part 740 into four country groups (A, B, D, E) with further subdivisions;[15] a country can belong to more than one group. For the purposes of encryption, groups B, D:1, and E:1 are important:

The EAR Supplement No. 1 to Part 738 (Commerce Country Chart) contains the table with country restrictions.[16] If a line of table that corresponds to the country contains an X in the reason for control column, the export of a controlled item requires a license, unless an exception can be applied. For the purposes of encryption, the following three reasons for control are important:

For export purposes each item is classified with the Export Control Classification Number (ECCN) with the help of the Commerce Control List (CCL, Supplement No. 1 to the EAR part 774). In particular:[10]

An item can be either self-classified, or a classification (“review”) requested from the BIS. A BIS review is required for typical items to get the 5A992 or 5D992 classification.

More:
Export of cryptography from the United States – Wikipedia

Introduction to Cryptography: Simple Guide for Beginners …

Introduction to Cryptography

Cryptography, or the art and science of encrypting sensitive information, was once exclusive to the realms of government, academia, and the military. However, with recent technological advancements, cryptography has begun to permeate all facets of everyday life.

Everything from your smartphone to your banking relies heavily on cryptography to keep your information safe and your livelihood secure.

And unfortunately, due to the inherent complexities of cryptography, many people assume that this is a topic better left to black hat hackers, multi-billion dollar conglomerates, and the NSA.

But nothing could be further from the truth.

With the vast amounts of personal data circulating the Internet, it is more important now than ever before to learn how to successfully protect yourself from individuals with ill intentions.

In this article, I am going to present you with a simple beginners guide to cryptography.

My goal is to help you understand exactly what cryptography is, how its, how its used, and how you can apply it to improve your digital security and make yourself hacker-proof. Heres table of contents:

Since the dawn of human civilization, information has been one of our most treasured assets.

Our species ability (or inability) to keep secrets and hide information has eliminated political parties, shifted the tide of wars, and toppled entire governments.

Lets go back to the American Revolutionary War for a quick example of cryptography in practice.

Suppose that a valuable piece of information regarding the British Armys plan to attack an American encampment was intercepted by local militia.

Since this is 1776 and therefore pre-iPhone, General Washington couldnt just shoot a quick text to the commanding officers at the encampment in question.

He would have to send a messenger who would either transport some form of written correspondence, or keep the message locked away in their head.

And heres where the Founding Fathers would have hit a snag.

The aforementioned messenger must now travel through miles and miles of enemy territory risking capture and death in order to relay the message.

And If he was intercepted? It spelled bad news for team USA.

The British captors could have simply killed the messenger on sight, putting an end to the communication.

They could have persuaded him to share the contents of the message, which would then render the information useless.

Or, if the messenger was a friend of Benedict Arnolds, they could have simply bribed the messenger to spread false information, resulting in the deaths of thousands of American militia.

However, with the careful application of cryptography, Washington could have applied an encryption method known as a cipher (more on this in a second) to keep the contents of the message safe from enemy hands.

Assuming that he entrusted the cipher to only his most loyal officers, this tactic would ensure that even if the message was intercepted, the messenger would have no knowledge of its contents. The data would therefore be indecipherable and useless to the enemy.

Now lets look at a more modern example, banking.

Every day, sensitive financial records are transmitted between banks, payment processors, and their customers. And whether you realize it or not, all of these records have to be stored at some point in a large database.

Without cryptography, this would be a problem, a very big problem.

If any of these records were stored or transmitted without encryption, it would be open season for hackers and your bank account would quickly dwindle down to $0.

However, the banks know this and have gone through an extensive process to apply advanced encryption methods to keep your information out of the hands of hackers and food on your table.

So now that you have a 30,000-foot view of cryptography and how it has been used, lets talk about some of the more technical details surrounding this topic.

*Note: For the purposes of this article, I will refer to messages in an easily readable format as plaintext and encrypted or unreadable messages as ciphertext. Please note that the words encryption and cryptography will also be used interchangeably*

Cryptography, at its most fundamental level, requires two steps: encryption and decryption. The encryption process uses a cipher in order to encrypt plaintext and turn it into ciphertext. Decryption, on the other hand, applies that same cipher to turn the ciphertext back into plaintext.

Heres an example of how this works.

Lets say that you wanted to encrypt a the simple message, Hello.

So our plaintext (message) is Hello.

We can now apply one of the simplest forms of encryption known as Caesars Cipher (also known as a shift cipher) to the message.

With this cipher, we simply shift each letter a set number of spaces up or down the alphabet.

So for example, the image below shows a shift of 3 letters.

Meaning that:

By applying this cipher, our plaintext Hello turns into the ciphertext Khoor

To the untrained eye Khoor looks nothing like Hello. However, with knowledge of Caesars cipher, even the most novice cryptographer could quickly decrypt the message and uncover its contents.

Before we continue, I want to touch on a more advanced topic known as polymorphism.

While the intricacies of this topic stretch far beyond the realm of this guide, its increasing prevalence mandates that I include a brief explanation.

Polymorphism is basically a cipher that changes itself with each use. Meaning that each time it is used, it produces a different set of results. So, if you encrypted the exact same set of data twice, each new encryption would be different from the previous one.

Lets go back to our original example with the plaintext Hello. While the first encryption would result in Khoor, with the application of a polymorphic cipher, the second encryption could result in something like Gdkkn (where each letter is shifted down a rung of the alphabet)

Polymorphism is most commonly used in cipher algorithms to encrypt computers, software, and cloud-based information.

I want to preface the rest of this article with a warning.

Throughout the rest of this article, I will be explaining exactly how cryptography works and how it is applied today. In doing so, I will have to employ a significant amount of technical jargon that may feel tedious at times.

But bear with me and pay attention. Understanding how all of the pieces fit together will ensure that you are able to maximize your personal security and keep your information out of the wrong hands.

So before I go full blast, explaining symmetric and asymmetric cryptography, AES, and MD5, I want to explain, in Laymans terms, why this matters and why you should care.

For starters, lets discuss the only real alternative to cryptography, obfuscation. Obfuscation is defined as The act of making something unclear, obscure, or unintelligible. It means that, in order to transmit a secure message, you must hold back some of the information required to understand the message.

Which, by default, means it would only take one person with knowledge of the original message to divulge the missing pieces to the public.

With cryptography, a specific key and numerous calculations are required. Even if someone knew the encryption method used, they wouldnt be able to decrypt the message without the corresponding key, making your information much more secure.

To understand why cryptography really matters you need look no further than something we all know and love, the Internet.

By design, the Internet was created to relay messages from one person to another, in a similar manner to the postal service. The Internet delivers packets from the sender to the recipient, and without the various forms of cryptography that we will discuss in a moment, anything that you sent would be visible to the general populace.

Those private messages you meant to send to your spouse? The whole world could see them. Your banking information?

Anybody with a router could intercept your funds and redirect them to their own account. Your work emails discussing sensitive company secrets? You might as well package those up and ship them to your competitors.

Luckily, we do have cryptographic algorithms that actively protect almost all of our personal data.

However, this does not mean that you are completely secure.

You need to look no further than recent attacks on companies like AdultFriendFinder and Anthem Inc. to realize that large corporations do not always implement the necessary systems required to protect your information.

Your personal security is your responsibility, no one elses.

And the sooner that you can develop a strong understanding of the systems in place, the sooner you will be able to make informed decisions about how you can protect your data.

So with that out of the way, lets get to the good stuff.

There are four primary types of cryptography in use today, each with its own unique advantages and disadvantages.

They are called hashing, symmetric cryptography, asymmetric cryptography, and key exchange algorithms.

Hashing is a type of cryptography that changes a message into an unreadable string of text for the purpose of verifying the messages contents, not hiding the message itself.

This type of cryptography is most commonly used to protect the transmission of software and large files where the publisher of the files or software offers them for download. The reason for this is that, while it is easy to calculate the hash, it is extremely difficult to find an initial input that will provide an exact match for the desired value.

For example, when you download Windows 10, you download the software which then runs the downloaded file through the same hashing algorithm. It then compares the resulting hash with the one provided by the publisher. If they both match, then the download is completed.

However, if there is even the slightest variation in the downloaded file (either through the corruption of the file or intentional intervention from a third party) it will drastically change the resulting hash, potentially nullifying the download.

Currently, the most common hashing algorithms are MD5 and SHA-1, however due to these algorithms multiple weaknesses, most new applications are transitioning to the SHA-256algorithm instead of its weaker predecessors.

Symmetric Cryptography, likely the most traditional form of cryptography, is also the system with which you are probably most familiar.

This type of cryptography uses a single key to encrypt a message and then decrypt that message upon delivery.

Since symmetric cryptography requires that you have a secure channel for delivering the crypto key to the recipient, this type of cryptography is all but useless for transmitting data (after all, if you have a secure way to deliver the key, why not deliver the message in the same manner?).

As such, its primary application is the protection of resting data (e.g. Hard Drives and data bases)

In the Revolutionary War example that I mentioned earlier, Washingtons method for transmitting information between his officers would have relied on a symmetric cryptography system. He and all of his officers would have had to meet in a secure location, share the agreed upon key, and then encrypt and decrypt correspondence using that same key.

Most modern symmetric cryptography relies on a system known as AES or Advanced Encryption Standards.

While the traditional DES models were the industry norm for many years, DES was publicly attacked and broken in 1999 causing the National Institute of Standards and Technology to host a selection process for a stronger and more updated model.

After an arduous 5-year competition between 15 different ciphers, including MARS from IBM, RC6 from RSA Security, Serpent, Twofish, and Rijndael, the NIST selected Rijndael as the winning cipher.

It was then standardized across the country, earning the name AES or Advanced Encryption Standards. This cipher is still widely used today and is even implemented by the NSA for the purposes of guarding top secret information.

Asymmetric cryptography (as the name suggests) uses two different keys for encryption and decryption, as opposed to the single key used in symmetric cryptography.

The first key is a public key used to encrypt a message, and the second is a private key which is used to decrypt them. The great part about this system is that only the private key can be used to decrypt encrypted messages sent from a public key.

While this type of cryptography is a bit more complicated, you are likely familiar with a number of its practical applications.

It is used when transmitting email files, remotely connecting to servers, and even digitally signing PDF files. Oh, and if you look in your browser and you notice a URL beginning with https://, thats a prime example of asymmetric cryptography keeping your information safe.

Although this particular type of cryptography isnt particularly applicable for individuals outside of the cyber-security realm, I wanted to briefly mention to ensure you have a full understanding of the different cryptographic algorithms.

A key exchange algorithm, like Diffie-Hellman, is used to safely exchange encryption keys with an unknown party.

Unlike other forms of encryption, you are not sharing information during the key exchange. The end goal is to create an encryption key with another party that can later be used with the aforementioned forms of cryptography.

Heres an example from the Diffie-Hellman wiki to explain exactly how this works.

Lets say we have two people, Alice and Bob, who agree upon a random starting color. The color is public information and doesnt need to be kept secret (but it does need to be different each time). Then Alice and Bob each selects a secret color that they do not share with anyone.

Now, Alice and Bob mix the secret color with the starting color, resulting in their new mixtures. They then publicly exchange their mixed colors. Once the exchange is made, they now add their own private color into the mixture they received from their partner, and the resulting in an identical shared mixture.

So now that you understand a little bit more about the different types of cryptography, many of you are probably wondering how it is applied in the modern world.

There are four primary ways that cryptography is implemented in information security. These four applications are called cryptographic functions.

When we use the right cryptographic system, we can establish the identity of a remote user or system quite easily. The go-to example of this is the SSL certificate of a web server which provides proof to the user that they are connected to the right server.

The identity in question is not the user, but rather the cryptographic key of that user. Meaning that the more secure the key, the more certain the identity of the user and vice versa.

Heres an example.

See the original post here:
Introduction to Cryptography: Simple Guide for Beginners …

Cypherpunk – Wikipedia

This article is about cryptography advocates. For the book by Julian Assange, see Cypherpunks (book).

A cypherpunk (UK /sfpk/ US /sfrpk/)[1] is any activist advocating widespread use of strong cryptography and privacy-enhancing technologies as a route to social and political change. Originally communicating through the Cypherpunks electronic mailing list, informal groups aimed to achieve privacy and security through proactive use of cryptography. Cypherpunks have been engaged in an active movement since the late 1980s.

Until about the 1970s, cryptography was mainly practiced in secret by military or spy agencies. However, that changed when two publications brought it out of the closet into public awareness: the US government publication of the Data Encryption Standard (DES), a block cipher which became very widely used; and the first publicly available work on public-key cryptography, by Whitfield Diffie and Martin Hellman.

The technical roots of Cypherpunk ideas have been traced back to work by cryptographer David Chaum on topics such as anonymous digital cash and pseudonymous reputation systems, described in his paper “Security without Identification: Transaction Systems to Make Big Brother Obsolete” (1985).[2]

In the late 1980s, these ideas coalesced into something like a movement.[2]

In late 1992, Eric Hughes, Timothy C. May and John Gilmore founded a small group that met monthly at Gilmore’s company Cygnus Solutions in the San Francisco Bay Area, and was humorously termed cypherpunks by Jude Milhon at one of the first meetings – derived from cipher and cyberpunk.[3] In November 2006, the word was added to the Oxford English Dictionary.[4]

The Cypherpunks mailing list was started in 1992, and by 1994 had 700 subscribers.[3] At its peak, it was a very active forum with technical discussion ranging over mathematics, cryptography, computer science, political and philosophical discussion, personal arguments and attacks, etc., with some spam thrown in. An email from John Gilmore reports an average of 30 messages a day from December 1, 1996 to March 1, 1999, and suggests that the number was probably higher earlier.[5] The number of subscribers is estimated to have reached 2000 in the year 1997.[3]

In early 1997, Jim Choate and Igor Chudov set up the Cypherpunks Distributed Remailer,[6] a network of independent mailing list nodes intended to eliminate the single point of failure inherent in a centralized list architecture. At its peak, the Cypherpunks Distributed Remailer included at least seven nodes.[7] By mid-2005, al-qaeda.net ran the only remaining node.[8] In mid 2013, following a brief outage, the al-qaeda.net node’s list software was changed from Majordomo to GNU Mailman[9] and subsequently the node was renamed to cpunks.org.[10] The CDR architecture is now defunct, though the list administrator stated in 2013 that he was exploring a way to integrate this functionality with the new mailing list software.[9]

For a time, the cypherpunks mailing list was a popular tool with mailbombers,[11] who would subscribe a victim to the mailing list in order to cause a deluge of messages to be sent to him or her. (This was usually done as a prank, in contrast to the style of terrorist referred to as a mailbomber.) This precipitated the mailing list sysop(s) to institute a reply-to-subscribe system. Approximately two hundred messages a day was typical for the mailing list, divided between personal arguments and attacks, political discussion, technical discussion, and early spam.[12][13]

The cypherpunks mailing list had extensive discussions of the public policy issues related to cryptography and on the politics and philosophy of concepts such as anonymity, pseudonyms, reputation, and privacy. These discussions continue both on the remaining node and elsewhere as the list has become increasingly moribund.

Events such as the GURPS Cyberpunk raid lent weight to the idea that private individuals needed to take steps to protect their privacy. In its heyday, the list discussed public policy issues related to cryptography, as well as more practical nuts-and-bolts mathematical, computational, technological, and cryptographic matters. The list had a range of viewpoints and there was probably no completely unanimous agreement on anything. The general attitude, though, definitely put personal privacy and personal liberty above all other considerations.

The list was discussing questions about privacy, government monitoring, corporate control of information, and related issues in the early 1990s that did not become major topics for broader discussion until ten years or so later. Some list participants were more radical on these issues than almost anyone else.

Those wishing to understand the context of the list might refer to the history of cryptography; in the early 1990s, the US government considered cryptography software a munition for export purposes, which hampered commercial deployment with no gain in national security, as knowledge and skill was not limited to US citizens. (PGP source code was published as a paper book to bypass these regulations and demonstrate their futility.) The US government had tried to subvert cryptography through schemes such as Skipjack and key escrow. It was also not widely known that all communications were logged by government agencies (which would later be revealed during the NSA and AT&T scandals) though this was taken as an obvious axiom by list members.

The original cypherpunk mailing list, and the first list spin-off, coderpunks, were originally hosted on John Gilmore’s toad.com, but after a falling out with the sysop over moderation, the list was migrated to several cross-linked mail-servers in what was called the “distributed mailing list.”[14][15] The coderpunks list, open by invitation only, existed for a time. Coderpunks took up more technical matters and had less discussion of public policy implications. There are several lists today that can trace their lineage directly to the original Cypherpunks list: the cryptography list (cryptography@metzdowd.com), the financial cryptography list (fc-announce@ifca.ai), and a small group of closed (invitation-only) lists as well.

Toad.com continued to run with the existing subscriber list, those that didn’t unsubscribe, and was mirrored on the new distributed mailing list, but messages from the distributed list didn’t appear on toad.com.[16] As the list faded in popularity, so too did it fade in the number of cross-linked subscription nodes.

To some extent, the cryptography list[17] acts as a successor to cypherpunks; it has many of the people and continues some of the same discussions. However, it is a moderated list, considerably less zany and somewhat more technical. A number of current systems in use trace to the mailing list, including Pretty Good Privacy, /dev/random in the Linux kernel (the actual code has been completely reimplemented several times since then) and today’s anonymous remailers.

The basic ideas can be found in A Cypherpunk’s Manifesto (Eric Hughes, 1993): “Privacy is necessary for an open society in the electronic age. … We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy … We must defend our own privacy if we expect to have any. … Cypherpunks write code. We know that someone has to write software to defend privacy, and … we’re going to write it.”[18]

Some are or were quite senior people at major hi-tech companies and others are well-known researchers (see list with affiliations below).

The first mass media discussion of cypherpunks was in a 1993 Wired article by Steven Levy titled Crypto Rebels:

The people in this room hope for a world where an individual’s informational footprints — everything from an opinion on abortion to the medical record of an actual abortion — can be traced only if the individual involved chooses to reveal them; a world where coherent messages shoot around the globe by network and microwave, but intruders and feds trying to pluck them out of the vapor find only gibberish; a world where the tools of prying are transformed into the instruments of privacy.

There is only one way this vision will materialize, and that is by widespread use of cryptography. Is this technologically possible? Definitely. The obstacles are political — some of the most powerful forces in government are devoted to the control of these tools. In short, there is a war going on between those who would liberate crypto and those who would suppress it. The seemingly innocuous bunch strewn around this conference room represents the vanguard of the pro-crypto forces. Though the battleground seems remote, the stakes are not: The outcome of this struggle may determine the amount of freedom our society will grant us in the 21st century. To the Cypherpunks, freedom is an issue worth some risk.[19]

The three masked men on the cover of that edition of Wired were prominent cypherpunks Tim May, Eric Hughes and John Gilmore.

Later, Levy wrote a book, Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital Age,[20] covering the crypto wars of the 1990s in detail. “Code Rebels” in the title is almost synonymous with cypherpunks.

The term cypherpunk is mildly ambiguous. In most contexts it means anyone advocating cryptography as a tool for social change, social impact and expression. However, it can also be used to mean a participant in the Cypherpunks electronic mailing list described below. The two meanings obviously overlap, but they are by no means synonymous.

Documents exemplifying cypherpunk ideas include Timothy C. May’s The Crypto Anarchist Manifesto (1992)[21] and The Cyphernomicon (1994),[22]A Cypherpunk’s Manifesto.[18]

A very basic cypherpunk issue is privacy in communications and data retention. John Gilmore said he wanted “a guarantee — with physics and mathematics, not with laws — that we can give ourselves real privacy of personal communications.”[23]

Such guarantees require strong cryptography, so cypherpunks are fundamentally opposed to government policies attempting to control the usage or export of cryptography, which remained an issue throughout the late 1990s. The Cypherpunk Manifesto stated “Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act.”[18]

This was a central issue for many cypherpunks. Most were passionately opposed to various government attempts to limit cryptography export laws, promotion of limited key length ciphers, and especially escrowed encryption.

The questions of anonymity, pseudonymity and reputation were also extensively discussed.

Arguably, the possibility of anonymous speech and publication is vital for an open society, an essential requirement for genuine freedom of speech this was the position of most cypherpunks.[citation needed] A frequently cited example was that the Federalist Papers were originally published under a pseudonym.

Questions of censorship and government or police monitoring were also much discussed. Generally, cypherpunks opposed both.

In particular, the US government’s Clipper chip scheme for escrowed encryption of telephone conversations (encryption secure against most attackers, but breakable at need by government) was seen as anathema by many on the list. This was an issue that provoked strong opposition and brought many new recruits to the cypherpunk ranks. List participant Matt Blaze found a serious flaw[24] in the scheme, helping to hasten its demise.

Steven Schear created[when?] the warrant canary to thwart the secrecy provisions of court orders and national security letters.[citation needed] As of 2013[update], warrant canaries are gaining commercial acceptance.[25]

An important set of discussions concerns the use of cryptography in the presence of oppressive authorities. As a result, Cypherpunks have discussed and improved steganographic methods that hide the use of crypto itself, or that allow interrogators to believe that they have forcibly extracted hidden information from a subject. For instance, Rubberhose was a tool that partitioned and intermixed secret data on a drive with fake secret data, each of which accessed via a different password. Interrogators, having extracted a password, are led to believe that they have indeed unlocked the desired secrets, whereas in reality the actual data is still hidden. In other words, even its presence is hidden. Likewise, cypherpunks have also discussed under what conditions encryption may be used without being noticed by network monitoring systems installed by oppressive regimes.

As the Manifesto says, “Cypherpunks write code”;[18] the notion that good ideas need to be implemented, not just discussed, is very much part of the culture of the mailing list. John Gilmore, whose site hosted the original cypherpunks mailing list, wrote: “We are literally in a race between our ability to build and deploy technology, and their ability to build and deploy laws and treaties. Neither side is likely to back down or wise up until it has definitively lost the race.”[citation needed]

Anonymous remailers such as the Mixmaster Remailer were almost entirely a cypherpunk development. Among the other projects they have been involved in were PGP for email privacy, FreeS/WAN for opportunistic encryption of the whole net, Off-the-record messaging for privacy in Internet chat, and the Tor project for anonymous web surfing.

In 1998, the Electronic Frontier Foundation, with assistance from the mailing list, built a $200,000 machine that could brute-force a Data Encryption Standard key in a few days.[26] The project demonstrated that DES was, without question, insecure and obsolete, in sharp contrast to the US government’s recommendation of the algorithm.

Cypherpunks also participated, along with other experts, in several reports on cryptographic matters.

One such paper was “Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security”.[27] It suggested 75 bits was the minimum key size to allow an existing cipher to be considered secure and kept in service. At the time, the Data Encryption Standard with 56-bit keys was still a US government standard, mandatory for some applications.

Other papers were critical analysis of government schemes. “The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption”,[28] evaluated escrowed encryption proposals. Comments on the Carnivore System Technical Review.[29] looked at an FBI scheme for monitoring email.

Cypherpunks provided significant input to the 1996 National Research Council report on encryption policy, Cryptography’s Role In Securing the Information Society (CRISIS).[30] This report, commissioned by the U.S. Congress in 1993, was developed via extensive hearings across the nation from all interested stakeholders, by a committee of talented people. It recommended a gradual relaxation of the existing U.S. government restrictions on encryption. Like many such study reports, its conclusions were largely ignored by policy-makers. Later events such as the final rulings in the cypherpunks lawsuits forced a more complete relaxation of the unconstitutional controls on encryption software.

Cypherpunks have filed a number of lawsuits, mostly suits against the US government alleging that some government action is unconstitutional.

Phil Karn sued the State Department in 1994 over cryptography export controls[31] after they ruled that, while the book Applied Cryptography[32] could legally be exported, a floppy disk containing a verbatim copy of code printed in the book was legally a munition and required an export permit, which they refused to grant. Karn also appeared before both House and Senate committees looking at cryptography issues.

Daniel J. Bernstein, supported by the EFF, also sued over the export restrictions, arguing that preventing publication of cryptographic source code is an unconstitutional restriction on freedom of speech. He won, effectively overturning the export law. See Bernstein v. United States for details.

Peter Junger also sued on similar grounds, and won.

John Gilmore has sued US Attorneys General Ashcroft and Gonzales, arguing that the requirement to present identification documents before boarding a plane is unconstitutional.[33] These suits have not been successful to date.

Cypherpunks encouraged civil disobedience, in particular US law on the export of cryptography. Until 1996, cryptographic code was legally a munition, and until 2000 export required a permit.

In 1995 Adam Back wrote a version of the RSA algorithm for public-key cryptography in three lines of Perl[34][35] and suggested people use it as an email signature file:

Vince Cate put up a web page that invited anyone to become an international arms trafficker; every time someone clicked on the form, an export-restricted item originally PGP, later a copy of Back’s program would be mailed from a US server to one in Anguilla. This gained overwhelming attention. There were options to add your name to a list of such traffickers and to send email to the President of the United States registering your protest.[36][37][38]

In Neal Stephenson’s novel Cryptonomicon many characters are on the “Secret Admirers” mailing list. This is fairly obviously based on the cypherpunks list, and several well-known cypherpunks are mentioned in the acknowledgements. Much of the plot revolves around cypherpunk ideas; the leading characters are building a data haven which will allow anonymous financial transactions, and the book is full of cryptography. But, according to the author[39] the book’s title is in spite of its similarity not based on the Cyphernomicon,[22] an online cypherpunk FAQ document.

Cypherpunk achievements would later also be used on the Canadian e-wallet, the MintChip, and the creation of bitcoin. It was an inspiration for CryptoParty decades later to such an extent that the Cypherpunk Manifesto is quoted at the header of its Wiki,[40] and Eric Hughes delivered the keynote address at the Amsterdam CryptoParty on 27 August 2012.

Cypherpunks list participants included many notable computer industry figures. Most were list regulars, although not all would call themselves “cypherpunks”.[41] The following is a list of noteworthy cypherpunks and their achievements:

* indicates someone mentioned in the acknowledgements of Stephenson’s Cryptonomicon.

Read the original here:
Cypherpunk – Wikipedia

How to Break Cryptography | Infinite Series – YouTube

Only 4 steps stand between you and the secrets hidden behind RSA cryptography. Find out how to crack the worlds most commonly used form of encryption.

Tweet at us! @pbsinfiniteFacebook: facebook.com/pbsinfinite seriesEmail us! pbsinfiniteseries [at] gmail [dot] com

Previous Episode:Can We Combine pi & e into a Rational Number?https://www.youtube.com/watch?v=bG7cC…

Links to other resources:

Shor’s paper: https://arxiv.org/abs/quant-ph/9508027v2

Lecture on Shor’s Algorithm: https://arxiv.org/pdf/quant-ph/001003…

Blog on Shor’s algorithm: http://www.scottaaronson.com/blog/?p=208

Video on RSA cryptography: https://www.youtube.com/watch?v=wXB-V…

Another video on RSA cryptography: https://www.youtube.com/watch?v=4zahv…

Euler’s Big Idea: https://en.wikipedia.org/wiki/Euler%2… (I can find a non-wiki article, but I don’t actually use this in the video. It’s just where to learn more about the relevant math Euler did.)

Written and Hosted by Kelsey Houston-EdwardsProduced by Rusty WardGraphics by Ray LuxMade by Kornhaber Brown (www.kornhaberbrown.com)

Challenge Winner – Reddles37https://www.youtube.com/watch?v=bG7cC…

Comments answered by Kelsey:

Joel David Hamkinshttps://www.youtube.com/watch?v=bG7cC…

PCreeper394https://www.youtube.com/watch?v=bG7cC…

Visit link:
How to Break Cryptography | Infinite Series – YouTube

Key (cryptography) – Wikipedia

In cryptography, a key is a piece of information (a parameter) that determines the functional output of a cryptographic algorithm. For encryption algorithms, a key specifies the transformation of plaintext into ciphertext, and vice versa for decryption algorithms. Keys also specify transformations in other cryptographic algorithms, such as digital signature schemes and message authentication codes.

In designing security systems, it is wise to assume that the details of the cryptographic algorithm are already available to the attacker. This is known as Kerckhoffs’ principle “only secrecy of the key provides security”, or, reformulated as Shannon’s maxim, “the enemy knows the system”. The history of cryptography provides evidence that it can be difficult to keep the details of a widely used algorithm secret (see security through obscurity). A key is often easier to protect (it’s typically a small piece of information) than an encryption algorithm, and easier to change if compromised. Thus, the security of an encryption system in most cases relies on some key being kept secret.

Trying to keep keys secret is one of the most difficult problems in practical cryptography; see key management. An attacker who obtains the key (by, for example, theft, extortion, dumpster diving, assault, torture, or social engineering) can recover the original message from the encrypted data, and issue signatures.

Keys are generated to be used with a given suite of algorithms, called a cryptosystem. Encryption algorithms which use the same key for both encryption and decryption are known as symmetric key algorithms. A newer class of “public key” cryptographic algorithms was invented in the 1970s. These asymmetric key algorithms use a pair of keys or keypair a public key and a private one. Public keys are used for encryption or signature verification; private ones decrypt and sign. The design is such that finding out the private key is extremely difficult, even if the corresponding public key is known. As that design involves lengthy computations, a keypair is often used to exchange an on-the-fly symmetric key, which will only be used for the current session. RSA and DSA are two popular public-key cryptosystems; DSA keys can only be used for signing and verifying, not for encryption.

Part of the security brought about by cryptography concerns confidence about who signed a given document, or who replies at the other side of a connection. Assuming that keys are not compromised, that question consists of determining the owner of the relevant public key. To be able to tell a key’s owner, public keys are often enriched with attributes such as names, addresses, and similar identifiers. The packed collection of a public key and its attributes can be digitally signed by one or more supporters. In the PKI model, the resulting object is called a certificate and is signed by a certificate authority (CA). In the PGP model, it is still called a “key”, and is signed by various people who personally verified that the attributes match the subject.[1]

In both PKI and PGP models, compromised keys can be revoked. Revocation has the side effect of disrupting the relationship between a key’s attributes and the subject, which may still be valid. In order to have a possibility to recover from such disruption, signers often use different keys for everyday tasks: Signing with an intermediate certificate (for PKI) or a subkey (for PGP) facilitates keeping the principal private key in an offline safe.

Deleting a key on purpose to make the data inaccessible is called crypto-shredding.

For the one-time pad system the key must be at least as long as the message. In encryption systems that use a cipher algorithm, messages can be much longer than the key. The key must, however, be long enough so that an attacker cannot try all possible combinations.

A key length of 80 bits is generally considered the minimum for strong security with symmetric encryption algorithms. 128-bit keys are commonly used and considered very strong. See the key size article for a more complete discussion.

The keys used in public key cryptography have some mathematical structure. For example, public keys used in the RSA system are the product of two prime numbers. Thus public key systems require longer key lengths than symmetric systems for an equivalent level of security. 3072 bits is the suggested key length for systems based on factoring and integer discrete logarithms which aim to have security equivalent to a 128 bit symmetric cipher. Elliptic curve cryptography may allow smaller-size keys for equivalent security, but these algorithms have only been known for a relatively short time and current estimates of the difficulty of searching for their keys may not survive. As of 2004, a message encrypted using a 109-bit key elliptic curve algorithm had been broken by brute force.[2] The current rule of thumb is to use an ECC key twice as long as the symmetric key security level desired. Except for the random one-time pad, the security of these systems has not (as of 2008[update]) been proven mathematically, so a theoretical breakthrough could make everything one has encrypted an open book. This is another reason to err on the side of choosing longer keys.

To prevent a key from being guessed, keys need to be generated truly randomly and contain sufficient entropy. The problem of how to safely generate truly random keys is difficult, and has been addressed in many ways by various cryptographic systems. There is a RFC on generating randomness (RFC 4086, Randomness Requirements for Security). Some operating systems include tools for “collecting” entropy from the timing of unpredictable operations such as disk drive head movements. For the production of small amounts of keying material, ordinary dice provide a good source of high quality randomness.

For most computer security purposes and for most users, “key” is not synonymous with “password” (or “passphrase”), although a password can in fact be used as a key. The primary practical difference between keys and passwords is that the latter are intended to be generated, read, remembered, and reproduced by a human user (although nowadays the user may delegate those tasks to password management software). A key, by contrast, is intended for use by the software that is implementing the cryptographic algorithm, and so human readability etc. is not required. In fact, most users will, in most cases, be unaware of even the existence of the keys being used on their behalf by the security components of their everyday software applications.

If a password is used as an encryption key, then in a well-designed crypto system it would not be used as such on its own. This is because passwords tend to be human-readable and,hence, may not be particularly strong. To compensate, a good crypto system will use the password-acting-as-key not to perform the primary encryption task itself, but rather to act as an input to a key derivation function (KDF). That KDF uses the password as a starting point from which it will then generate the actual secure encryption key itself. Various methods such as adding a salt and key stretching may be used in the generation.

Continue reading here:
Key (cryptography) – Wikipedia

Origin of Cryptography – tutorialspoint.com

Human being from ages had two inherent needs (a) to communicate and share information and (b) to communicate selectively. These two needs gave rise to the art of coding the messages in such a way that only the intended people could have access to the information. Unauthorized people could not extract any information, even if the scrambled messages fell in their hand.

The art and science of concealing the messages to introduce secrecy in information security is recognized as cryptography.

The word cryptography was coined by combining two Greek words, Krypto meaning hidden and graphene meaning writing.

The art of cryptography is considered to be born along with the art of writing. As civilizations evolved, human beings got organized in tribes, groups, and kingdoms. This led to the emergence of ideas such as power, battles, supremacy, and politics. These ideas further fueled the natural need of people to communicate secretly with selective recipient which in turn ensured the continuous evolution of cryptography as well.

The roots of cryptography are found in Roman and Egyptian civilizations.

The first known evidence of cryptography can be traced to the use of hieroglyph. Some 4000 years ago, the Egyptians used to communicate by messages written in hieroglyph. This code was the secret known only to the scribes who used to transmit messages on behalf of the kings. One such hieroglyph is shown below.

Later, the scholars moved on to using simple mono-alphabetic substitution ciphers during 500 to 600 BC. This involved replacing alphabets of message with other alphabets with some secret rule. This rule became a key to retrieve the message back from the garbled message.

The earlier Roman method of cryptography, popularly known as the Caesar Shift Cipher, relies on shifting the letters of a message by an agreed number (three was a common choice), the recipient of this message would then shift the letters back by the same number and obtain the original message.

Steganography is similar but adds another dimension to Cryptography. In this method, people not only want to protect the secrecy of an information by concealing it, but they also want to make sure any unauthorized person gets no evidence that the information even exists. For example, invisible watermarking.

In steganography, an unintended recipient or an intruder is unaware of the fact that observed data contains hidden information. In cryptography, an intruder is normally aware that data is being communicated, because they can see the coded/scrambled message.

It is during and after the European Renaissance, various Italian and Papal states led the rapid proliferation of cryptographic techniques. Various analysis and attack techniques were researched in this era to break the secret codes.

Improved coding techniques such as Vigenere Coding came into existence in the 15th century, which offered moving letters in the message with a number of variable places instead of moving them the same number of places.

Only after the 19th century, cryptography evolved from the ad hoc approaches to encryption to the more sophisticated art and science of information security.

In the early 20th century, the invention of mechanical and electromechanical machines, such as the Enigma rotor machine, provided more advanced and efficient means of coding the information.

During the period of World War II, both cryptography and cryptanalysis became excessively mathematical.

With the advances taking place in this field, government organizations, military units, and some corporate houses started adopting the applications of cryptography. They used cryptography to guard their secrets from others. Now, the arrival of computers and the Internet has brought effective cryptography within the reach of common people.

Continued here:
Origin of Cryptography – tutorialspoint.com

Security, privacy, and cryptography Microsoft Research

Differentially Private Network-Trace-Analysis Tools Research and analysis related to computer networks is often hampered by the tension between the need for accurate network packet traces to study, and the concern that these traces may contain sensitive information. Starting from recent work on differential privacy, we have produced a toolkit and a collection of standard network trace analyses using these

FourQLib FourQLib is an efficient and portable math library that provides functions for computing essential elliptic curve operations on a new, high-performance curve called FourQ.

FS2PV: A Cryptographic-Protocol Verifier for F# FS2PV is a verification tool that compiles cryptographic-protocol implementations in a first-order subset of F# to a formal pi-calculus model. This pi-calculus model then can be analyzed using ProVerif to prove the desired security properties or to find security flaws.

LatticeCrypto LatticeCrypto is a high-performance and portable software library that implements lattice-based cryptographic algorithms.

MSR ECCLib MSR ECCLib is an efficient cryptographic library that provides functions for computing essential elliptic curve operations on a new set of high-security curves.

MSR JavaScript Cryptography Library The Microsoft Research JavaScript Cryptography Library has been developed for use with cloud services in an HTML5 compliant and forward-looking manner.

SIDH Library SIDH is a fast and portable software library that implements a new suite of algorithms for Supersingular Isogeny Diffie-Hellman (SIDH) key exchange.

Simple Encrypted Arithmetic Library (SEAL) SEAL is an easy-to-use homomorphic encryption library, developed by researchers in the Cryptography Research group at Microsoft Research. SEAL is written in C++11, and contains .NET wrappers for the public API. It has no external dependencies.

TulaFale: A Security Tool for Web Services TulaFale is a new specification language for writing machine-checkable descriptions of SOAP-based security protocols and their properties.

See the original post:
Security, privacy, and cryptography Microsoft Research

The Science Behind Cryptocurrencies Cryptography

In this guide, we will be going deep into symmetric and asymmetric cryptography and the science behind cryptocurrencies cryptography.

Cryptocurrencies like Bitcoin and Ethereum use a peer-to-peer decentralized system to conduct transactions. Since the entire process is online, there are fears that the transactions maybe volatile and hackable. What we are going to see in this guide is how cryptocurrency uses cryptography to make their transactions extremely secure.

Digital Signatures

One of the most important cryptographical tools that are used in cryptocurrency is the concept of signatures. What is a signature in real life and what are its properties? Imagine a paper that you have signed with your signature, what should a good signature do?

In the real world, however, no matter how intricate the signature, there are always chances of forgery, and you cannot really verify signatures using simple visual aids, it is very inefficient and non-reliable.

Cryptography gives us a solution to this by means of digital signatures which is done via the use of keys. So, what are keys? And how are the used in the blockchain? Before we explore those, it is important to know more about basic cryptography.

Cryptography is a method of using advanced mathematical principles in storing and transmitting data in a particular form so that only those, for whom it is intended for, can read and process it. Cryptography has been used for thousands and thousands of years by people to relay messages without detection. In fact, the earliest use of cryptography was seen in the tomb taken from Old Kingdom in Egypt circa 1900 BCE. Cryptography has existed in the modern society through one way or another.

Encryption is one of the most critical tools used in cryptography. It is a means by which a message can be made unreadable for an unintended reader and can be read only by the sender and the recipient. In modern technology, there are three forms of encryption that are widely used, symmetric cryptography, asymmetric cryptography, and hashing.

Symmetric Cryptography

Symmetric cryptography is the earliest known cryptographic method known to man. The concept is very simple and if we were to break it down to steps, this is what it will look like:

If we were to show a visual representation of the process, this is what it will look like.

Image credit: SSL2BUY

The are two types of symmetric cryptography:

Stream cipher basically means using a fixed key which replaces the message with a pseudorandom string of characters. It is basically the encryption of each letter one at a time.

We are going to discuss 3 kinds of stream ciphers in this guide to give you an idea of how stream ciphers work:

One-time pad with alphabets

For doing this encryption we need to have a key which has the same number of characters as the message and it must be used one time only (hence the term one-time pad).

Suppose for this example we are going to send a message, MEET ME OUTSIDE to our friend Bob. But we dont want anyone intercepting our message. This is why, Bob and us have decided to use a one-time pad which goes like this:

B D U F G H W E I U F G W

As you can see, the pad has the same number of characters as the message as well, i.e. 13.

Now, this is a very simple example of the one-time pad, we are using this because we feel it is the best example to use to understand this tactic.

Now, one more thing you need take note of, every alphabet will be replaced by its numeric equivalent in during the process.

The numerical mapping goes like this:

During the process, there will be 6 pieces of data that we need which are: Basically, the numerical equivalent of each alphabet. Ok, now that we have built the foundations, lets move on to the actual process.

So, we need to send the message MEET ME OUTSIDE and we need to use the one-time pad to encrypt it.

The encryption process

So, lets start off by putting in the message in the OM

We put the message MEET ME OUTSIDE in the OM row.Ok, so what happened here?

Next, we used the numerical mapping table to get the numerical equivalent of each alphabet. So, lets refer to the mapping table and see what we get:

In the OTP row we put in the key that we were already given which is, in case you have forgotten, B D U F G H W E I U F G W.Its just simple substitution, we will take these values and put it in NOM row.

Now, in the NOTP row we used the same number mapping table and found the equivalent numerical values of the key which are:

1, 3, 20, 5, 6, 7, 22, 4, 8, 20, 5, 6, 22.

In the new row, for the Numerical cipher text (NCT) we add the NOTP and NOM and mod the result by 26 to get our NCT.

So, finally the message MEET ME OUTSIDE turns into a pseudo-random series of characters N H Y Y S L K Y B M N J A.Thats how you find the values for NCT and then you use the mapping table and find the corresponding alphabets which are: N H Y Y S L K Y B M N J A.

That is how the encryption process works.

Now we will see how we can decrypt the message using the exact same key.

Lets see the data that Bob has with him:

So, how will he decrypt the message using this data?

So, lets see how the NOM calculation work?

Now, if we map the NOM to its alphabetical equivalent using the mapping table then we get:

MEET ME OUTSIDE

And just like that, the message is encrypted and decrypted using the same key.

One-time pad with XOR gate

XOR or Exclusive OR is a logic gate. What is a logic gate? A logic gate usually takes in 2 inputs and gives out 1 output. The inputs and outputs are binary values, meaning they can be 1 or 0. A XOR logic gate takes in 2 binary inputs and gives out a high output ONLY when the inputs are different. Meaning, if A and B are inputted to a XOR gate then the out C will be 1 ONLY when A is not equal to B.

The XOR gate looks like this:

Image courtesy: Wikimedia

This what the XOR truth table look like:

Suppose you have a plain text data which you want to send to your friend Alice. First, youll convert it to its binary form. Suppose the message that you have is this: 00011110

Now you have the key, the key that you share with your recipient and suppose you have passed the key through an algorithm which gives you the equivalent binary result: 01001010.

So now that you have the key, you are going to XOR each corresponding individual bits to get the resulting cipher text output.

Cipher Text = Plain Text XOR Key

So if you XOR both the data the key that you will get is:

01010100

This is the cipher text that Alice will get from you.

The decryption process

So now, how will Alice decrypt your message and retrieve the original one?

This is the data that she has:

So what is she going to do? It is simple.

She will simply XOR the key and the cipher text and she will retrieve the original message! See for yourself:

And just like that, she will retrieve the original message.

Linear feedback shift register

What is a linear feedback shift register? It is a function whose future output completely depends on its earlier (or current) state. This will become clearer as you keep reading so dont get scared off!

The idea of this style of a stream cipher is to predetermine a key with your recipient which will be a linear feedback shift register function which will be used by you to determine the code. Suppose you spoke to your friend Bob and determined that this is the formula that you both want to go with (credit to Daniel Rees from Youtube for this formula).

And lets also assume that prior to sending this message you and Bob determined that E(1) = 2 and E(2) = 4.

Now you can see that in this equation, all future outputs are dependent upon the previous outputs.

So, suppose the message that you want to send to Bob is MEET ME. Since there are 6 characters, we need to determine 6 values of E() to act as key. We already have predetermined the values of E(1) and E(2). Now we need to calculate E(3) to E(6).

So, now that we have the keys, lets start the decryption.

The encryption process

So now that we have the key and message, lets create the table:

To get the numerical cipher text, you add the key and the corresponding numerical value of the alphabet that you map from this table that we have already seen before:

Now, to get the numerical value of the cipher texts, add the key and the numerical value of the original message and mod with 26.

So you get:

Now use the mapping table again to find the corresponding alphabets and you get OIORSO. Thats the encrypted message.

The decryption of this message is really hard especially if you dont have the key. An expert might spot a pattern though. You will need computers to beak this code.

The Rivest Cipher 4 of the RC4

The A5/1

So, that is pretty much it about stream ciphers, time to move on to block ciphers.

Block ciphers are a form of symmetric cryptography which uses a key of a fixed length to encrypt a block of fix length. Lets start by checking out a very common substitution cipher that you must have seen before:

So, if someone were to tell you that they got a message which says EFBD and wants you to decrypt it and get the original message instead, how will you do it?

You will simply see the table, see which alphabets correspond to which and then simply substitute right? So EFBD is the cipher for FACE.

Follow this link:
The Science Behind Cryptocurrencies Cryptography

What is Cryptography? Webopedia Definition

Main TERM C

By Vangie Beal

The art of protecting information by transforming it (encrypting it) into an unreadable format, called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into plain text. Encrypted messages can sometimes be broken by cryptanalysis, also called codebreaking, although modern cryptography techniques are virtually unbreakable.

As the Internet and other forms of electronic communication become more prevalent, electronic security is becoming increasingly important. Cryptography is used to protect e-mail messages, credit card information, and corporate data. One of the most popular cryptography systems used on the Internet is Pretty Good Privacybecause it’s effective and free.

Cryptography systems can be broadly classified into symmetric-key systems that use a single key that both the sender and recipient have, and public-keysystems that use two keys, a public key known to everyone and a private key that only the recipient of messages uses.

Stay up to date on the latest developments in Internet terminology with a free weekly newsletter from Webopedia. Join to subscribe now.

See more here:
What is Cryptography? Webopedia Definition