Cryptography

Mikael Aurili

In recent years the use of computers for storing private information has increased. This has led to increasing concerns over the use of cryptography. This essay explains the basic terminology of cryptography. The pros and cons of using cryptography are also described and what is currently being done to solve these problems.

National Research Council (NRC)

For an overview on a report entitled "Cryptography's Role in Securing the Information Society", see Cryptography's Role. Here the NRC expresses a need for strong, reliable encryption to protect individual privacy, provide security for businesses, and maintain national security. Here are some of the key points to the report: [NRC 1]

Current encryption policies are not working
Classified information is not relevant to the policy debate
Export controls do influence the domestic market and harm competitiveness of US industry
Market forces, not government interests, should drive the policy debate

Overview of message about report: [NRC 1]

With advances in computing the amount of private data being stored on computers is increasing. This makes it tougher to secure private information. This includes personal financial transactions, medical records, bidding information, and private research. Without encryption information systems will be vulnerable by terrorists, computer hackers, and foreign governments.

Encryption can help protect transferring of electronic information. Encryption is a mathematical formula which scrambles information into digital codes. Cryptography is now used to protect businesses as well as private citizens. Cryptography can also be used in illegitimate activities. Criminals use cryptography to protect themselves from the law. The government needs to understand both the pros and cons of promoting widespread cryptography.

Congress asked the National Research Council to give policy makers guidance so that they can understand the need for Cryptography. A committee was formed which consisted of people with expertise in many relevant fields including: technical, policy enforcement, and business.

The committee concluded that the advantages of cyptography in securing private information outweigh the disadvantages of increasing difficulty to prosecute criminals. This is because the majority of problems right now do not involve criminals who use cryptography for their benefit.

The committee believed that encryption should be promoted. U.S. companies should be able to easily use strong encyption. Market forces should drive development of products with encryption rather than requirements or standards by the government. Currently the law is not involved in limiting the kinds of encryption that can be sold in the U.S.

The committee also believed that discouraging encryption will only delay the spread of encryption. They also believe that the government should explore escrowed encryption. Encrypted information is unintelligible to anyone lacking the keys to unlock the digital code. In escrowed encryption, the decoding key would be held by a trusted third-party organization or institution.

The committee also expressed an interest in increasing encrypting in telecommunications and banking. To prevent eavesdroppers, the digital signals sent between a cellular phone and it's ground station should be encrypted.

The Cryptography report included several recommendations by the committee.[NRC 1]

No law should bar the manufacture, sale, or use of any form of encryption within the United States.
National cryptography policy should be developed by the executive and legislative branches on the basis of open public discussion and governed by the rule of law.
National cryptography policy affecting the development and use of commercial cryptography should be more closely aligned with market forces.
Export controls on cryptography should be progressively relaxed but not eliminated.
- Products providing confidentiality at a level that meets most general commercial requirements should be easily exportable. Today, products with encryption capabilities that incorporate 56-bit DES provide this level of confidentiality and should be easily exportable.
- Products providing stronger confidentiality should be exportable on an expedited basis to a list of approved companies if the proposed product user is willing to provide access to decrypted information upon legally authorized request.
- The U.S. government should streamline and increase the transparency of the export licensing process for cryptography.
The U.S. government should take steps to assist law enforcement and national security to adjust to new technical realities of the information age.
- The U.S. government should actively encourage the use of cryptography in nonconfidentiality applications such as user authentication and integrity checks.
- The U.S. government should promote the security of the telecommunications networks more actively. At a minimum, the U.S. government should promote the link encryption of cellular communications and the improvement of security at telephone switches.
- To better understand how escrowed encryption might operate, the U.S. government should explore escrowed encryption for its own uses. To address the critical international dimensions of escrowed communications, the U.S. government should work with other nations on this topic.
- Congress should seriously consider legislation that would impose criminal penalties on the use of encrypted communications in interstate commerce with the intent to commit a federal crime.

There are several links which are related to cryptography:

For a short overview on the history of cryptography see A Brief History of Cryptography. This site explains how cryptography first evolved as well as giving definitions to many terms that people associate with this subject. The following is an overview of the site: The most simple form of cryptography is a way to disguise the information in a message by substituting one symbol for another. [Anon 2] Messages can be encrypted using a key. For example a=v, b=c, c=q, ..., z=p is an extremely simple key.[ Anon 2] The unreadable text is known as ciphertext. The encryption algorithm is the mathematics behind this encryption. The ciphertext can be decrypted by doing the algorithm in reverse. If you do not have a key then you must use cryptanalysis to find the key and determine the content of the message. Shortly after 1900, machines were created that could encrypt and decrypt messages. Because calculations could be done faster, more secure encryption methods were created. When computers were introduced, even more complicated keys could be created for encryption.[Anon 2] This page also contains a link to "Conventional Cryptography".

For more information on encryption, digital signatures and authentication see Cryptography for encryption, digital signatures and authentication. This site gives information on digital signatures. The author also has a section containing a tutorial on public-key cryptography for encryption. This explains the importance of key length. A key with several digits is easy to create and fortunately can make it virtually impossible for an unautorized user to decrypt a message.[Robin 3] The only way to properly decipher the message would be to gain access of the key number. This section also raises the question of how to transfer the key securely. One way to solve this problem is by using Public Key Cryptography. This is were each party has two keys, one public and one private. A message which is encrypted with the private key must be decrypted with the public key and a message a message which is encrypted with the public key must be decrypted with the private key. [Robin 3] Basically, a message is completely secure unless someone finds out the number of the key or can find the key without knowing it. Scenarios of encryption are also shown in this section. This site also has a section on government control over cryptography.

For more information on general issues of cryptography including terminology, public keys, and private keys see Cryptography, General Issues: (problem, terminology, public vs. private key).

The following terms are defined:

Intruder: A user not authorized to access information.
Plaintext: An intelligible message that is to be converted into an unintelligible (i.e., encrypted) form.
Ciphertext: A message in encrypted form.
Encryption: The process of converting plaintext to ciphertext.
Decryption: The process of converting ciphertext to plaintext.
Key: A parameter used in the encryption/decryption process.

Diagram of the model of a typical cryptographic system: [Mellott 4]

Legend

M - Plaintext message.

Ke - Encryption key.

Block E - Performs encryption with key Ke.

C - Ciphertext C=Eke(M)

Kd - Decryption Key

Block D - Performs decryption with key Kd (i.e. M=Dkd(C))

Block CA - Performs crytoanalyst function

SI - Side information known about the process.

This page also explains some of the threats of using encryption. Intruders can tap into communication lines to access Cipher-text. Then the intruder can use frequencies of letters to decrypt the message without actually knowing the key. If the intruder knows what part of the message says already and is able to gain access to a Cipher-text then they can use what they know to try and find out the algorithm for decrypting the message. [Mellott 4]

The page also goes into more detail about public and private key encryption. The Data Encryption Standard (DES) is also explained which is the official standard for the U.S. federal government. This falls into two categories, permutation and substitution. In permutation the bits of a word are permuted and in substitution the input bits are replaced by an output of a different size. The whole DES process is explained on this site.[Mellottt 4]

For a collection of links on cryptography see Cryptography Links. One of the links which is included are the 10 parts of the sci.crypt FAQ.[Kangasluoma 5] These include the following information:

Part 01 Overview: Explains what the 10 parts are about.
Part 02 Net Etiquette: Frequently asked Questions are answered.
Part 03 Basic Cryptology: How cryptology evolved and basic concepts.
Part 04 Mathematical Cryptology: Explains the mathematics behind cryptography.
Part 05 Product Ciphers: Explains ciphers, NSA's envolvement, and DES.
Part 06 Public Key Cryptography: Information on how public keys can be used for encryption.
Part 07 Digital Signatures: Explains how digital signatures can be encypted and sent securely.
Part 08 Technical Miscellany: Technical questions on how to use encryption in specific situations.
Part 09 Other Miscellany: Explains what the NSA is, how US export regulations work, the American Cryptogram Association, etc.
Part 10 References: References to other sources that these 10 pages use.

Bibliography

1) Web site: http://courses.cs.vt.edu/~cs3604/fall.96/Assignments/IP/IP-%20NRC%20crypto%20policy%20report%20-- Author: NRC, May 30, 1996.
2) Web site: ftp://ftp.crl.com/users/ro/smart/TFP/briefhistory.html Author: anonymous, Date -----.
3) Web site: http://www.ozemail.com.au/~firstpr/crypto/ Author: Robin Whittle, 1996.
4) Web site: http://courses.cs.vt.edu/~cs5204/protection/mellott/crypto.html Author: Mike Mellott, April 30, 1995.
5) Web site: http://www.nixu.fi./~pnr/links/crypto.html Author: Minna Kangasluoma, Ronja Addams and Begth Sahlin, Date -----.
Word count = 1641 + (1 picture * 200) = 1841
Mikael Aurili
(last updated: December 3, 1996)

Cryptography

Mikael Aurili

Bibliography