Cryptography's Past, Present, and Future Role in Society: Franck Lin
Cryptography's Past, Present, and Future Role in Society: Franck Lin
Cryptography's Past, Present, and Future Role in Society: Franck Lin
Franck Lin
12/16/2010
Contents
Executive Summary....................................................................................................................................... 1 Introduction .................................................................................................................................................. 2 Part One: Technological Background ............................................................................................................ 3 Symmetric Key Encryption ........................................................................................................................ 3 Examples of Symmetric Key .................................................................................................................. 4 Asymmetric (Public) Key Encryption ......................................................................................................... 7 One-way functions ................................................................................................................................ 8 RSA ........................................................................................................................................................ 8 Digital Signatures and Hashing ............................................................................................................. 9 Limitations of Public Key Cryptography .............................................................................................. 10 Quantum Key Distribution ...................................................................................................................... 11 Theory ................................................................................................................................................. 11 Cipher Details ...................................................................................................................................... 11 Feasibility ............................................................................................................................................ 12 Conclusion of Technical Overview .......................................................................................................... 12 Part Two: The Digital Age and Cryptography .............................................................................................. 13 Overview of Privacy Laws ....................................................................................................................... 13 Judicial Precedent ............................................................................................................................... 13 The 4th Amendment and Cryptography .................................................................................................. 14 Government and Cryptography .............................................................................................................. 15 Key Disclosure ..................................................................................................................................... 15 Key Escrow .......................................................................................................................................... 15 Cryptography as a Military Asset ........................................................................................................ 16 Export Restrictions ...................................................................................................................... 16 Digital Millennium Copyright Act ........................................................................................................ 17 Societys Quantum Leap ......................................................................................................................... 18 Conclusion ................................................................................................................................................... 20 Works Cited ................................................................................................................................................. 21 Appendix ....................................................................................................................................................... A RSA (Asymmetric/Public Key Cipher) ........................................................................................................ A B92 (Quantum Key Distribution using Polarized Light)............................................................................. B
Executive Summary
The Individual and Authority (defined as civil government, military, and corporations) have always had a complex relationship with cryptography. Craving digital privacy, individuals highly value the effectiveness and transparency of the algorithms protecting personal and financial secrets. On the other hand, governments want to intercept criminal communication, the military wants to maintain a proven military asset, and corporations, especially those that sell media, want to safeguard their multibilliondollar markets. These later desires often run counter to the privacy-rights of the individuals. After establishing basic technical literacy, I will argue that the future advent on quantum cryptology, based on the fantastic yet proven field of quantum mechanics, represents a revolution in our information society. I will show that the past 50 years of digital cryptography has been characterized by a constant tug-of-war between the individual and authority. Quantum cryptology will end this decade-long struggle and also define who will finally win what cryptographic rights. However, the result of quantum cryptography is largely dependent on what precedents we establish in this generation. Lastly, I will attempt to make educated predictions on how our individual privacy rights will be affected by this technology.
Introduction
In the course of human history, there is a collection of technological innovations that have revolutionized society. The printing press is an often-cited example of the great impact one humble persons invention can have on ruling dynasties, world religions, and personal life. Quantum encryption could rival Guttenbergs printing press in its impact. On October 24, 1861, the Governor of Utah sent the first transatlantic telegraph: Utah has not seceded but is firm for the Constitution and the laws of our once happy country Two days later, the Pony Express ceased existence and digital communication in the United States took off. Since then, the right to communicate privately has been synonymous with the right to cryptography. The first half of this report is a technical overview of cryptography, including current progress on quantum cryptography. This technical knowledge is a necessary prerequisite for understanding the second half of this report, which covers cryptographys complex and sometimes controversial role in society.
Figure 1: A map of submarine fiber optic cables. The map shows both the importance and vulnerability of digital communication.
The goal of this section is to provide a brief overview of how ciphers work and the history of cryptography. The scope includes everything from World War I and excludes the field of classical cryptography.
4 Alice and Bob use the same key to both encrypt and decrypt The method is useless if they key is not kept privately between Alice and Bob, which is why this method is sometimes referred to as private key encryption. Alice must first securely notify Bob of her key
The last characteristic is the methods greatest limitation. The key, which must be sent in plaintext, can be intercepted. Overcoming or exploiting this weakness is a reoccurring theme in this report and also a focus of cryptographic research. Examples of Symmetric Key I present four examples to illustrate symmetric key cryptography: Enigma: One-time Pad: Stream Cipher: Block Cipher: Enigma Such a simple algorithm such as shift letters can easily be attacked by either pure guessing or frequency analysis. An early example of a complex symmetric key algorithm is the Enigma machine, used by the German military in WWII. [2][4] The electro-mechanical machine consisted of a keyboard and rotary blocks that scrambled the data. Every time a letter was pressed, electrical current would flow through the rotary blocks and power a small light bulb which corresponded to a letter in ciphertext. Additionally, one or more rotary blocks would shift after pressing a letter. Therefore, pressing A twice would always yield different results. In this method, the key consisted of a timetable of the selection, order, and initial position of the rotary blocks, which was printed on water-soluble paper so that a captured intelligence officer could literally eat his key.
Figure 2: Enigma Machine with 3 rotors. White letters are plaintext, yellow are ciphertext.
Historical yet fascinating example. Unbreakable but hard to implement. Vulnerable yet still foolishly used. The current industry standard in security.
5 Allied powers were able to break the code mostly due to operator mistakes, which gave Polish and British cryptanalysts insight in how the Enigma machine worked. With creative mathematical theory, cryptanalysts decreased the number of possible keys by orders of magnitude. For example, knowing that the rotary block would always shift when a letter was pressed ruled out some possible keys. Additionally, phrases such as Heil Hitler were very common and eliminated several possible keys. British Intelligence built a mechanical bomb to quickly cycle through the remaining possibilities. One-time Pad For an unbreakable code, assuming Alice can safely provide Bob with the private key, the one-time pad method can be used. [4] For example: Alice randomly generates a string of numbers to be used as the key: 1042 Alice encrypts Mark by shifting each letter by a number in the key, using each number only once for each letter: NAVM Bob decrypts the ciphertext using the same string 1042: Mark Both Alice and Bob throw away the key 1042, never to be used again. This method requires a large amount of key material and very secure delivery of the key. Additionally, truly random numbers are very hard to generate.
Figure 3: British "bomba" which quickly cycles through possible rotor arrangements.
6 Stream Ciphers A stream cipher attempts to imitate a one-time pad. Since it is impractical to have a key that is at least the same size as the plaintext, stream ciphers take a smaller 128 bit key and use a complex feedback method to generate the pseudo-key one would use for a one-time pad. [4] It is referred to as a pseudo-key because it is not truly random, as it should be. Therefore, stream ciphers are insecure. WEP, used to encrypt wireless internet networks, SSL, used to encrypt packets of data sent over the internet, and A5/1, used to encrypt voice over cell phones, have all been respectively replaced by WPA2, TSL, and KATSUMI, which are block ciphers. Unfortunately, WEP is still commonly used since most people do not know that WEP can be successfully attacked in less than a minute by a child who knows how to run a google search. In fact in 2005, 4 years after a published paper proved WEP could be attacked in less than a minute, hackers stole credit card information from T.J. Maxx stores. The hacker himself was sentenced to 20 years in prison but T.J. Maxx was also sued by a bankers association. Block Ciphers Block ciphers represent a major advancement in cryptography and have few vulnerabilities. Most block ciphers rely on substitution-permutation rounds. In each round, data is broken up into 8-bit sections, substituted according to a key, recombined, and then rearranged according to a key. Imagine separating a book into individual pages, taking a page of text, and substituting and rearranging the words. A particular algorithm may have 12 to 15 rounds. Data Encryption Standard (DES) was once considered secure and used for most financial transactions but a contest hosted by the authors of RSA (an asymmetric key cipher to be described later) awarded 10,000 dollars to anyone who could successfully attack DES. [4] The Electronic Freedom Frontier (a prominent group in the second half of this report) used 250,000 dollars of custom chips to claim the prize.
Figure 4: A5/1 Cipher. The three short keys are recombined to make a pseudorandom stream of key material.
7 With the proven weakness of DES, the National Institute for Standards and Technology hosted a contest to find a replacement block cipher. A program called Rijndael won the contest and was renamed Advanced Encryption Standard (AES). [4] This cipher also uses multiple substitutions and rearrangements to scramble the data. However, with different formats for encryption and decryption and more complex operations, there is currently no known feasible attack for AES.
Figure 5: The "ShiftRows" step in one round of the AES cipher. This step is governed by the key.
8 One-way functions Simple examples of one-way functions include logarithms and mods. For example Log(x)=y Given y, x is easy to find. It is simply 10y. However, given x, finding y will usually require a calculator or a table. When y is a 218 bit key, handheld calculators will not suffice but computers can successfully attack this cipher. As a stronger example: x Mod(3)=y Given x, y is very easy to find. One simply divides x by 3 and outputs the numerator. Therefore, f(4)=1. However, f-1 is much harder to find, because f-1(1) could be 1,4,7,10, etc More complex one-way functions, used in present-day ciphers, are prime-factorization and the ellipticcurve. Since prime-factorization is used in the most well-known asymmetric key cipher, that math problem will be described in greater detail. RSA In 1873, British economist William Jevons rhetorically asked: Can the reader say what two numbers multiplied together will produce the number 8616460799? I think it unlikely that anyone but myself will ever know. [4] Almost 100 years before the advent of Internet, Jevons realized that factoring the product of two prime numbers (factoring a semi-prime) was a one-way function. In RSA, invented by military cryptographers but named after its MIT reinventers, the public key includes the semi-prime number. An example of the RSA cipher in action is included in Appendix A. As a clever marketing scheme, RSA Laboratories released several semi-primes and offered cash rewards to anyone who could factor them. The longest semi-prime factored was RSA-200, with 200 digits, which
9 required 7 years of brute force calculations. When computers advance and attacks become faster, RSA Laboratories simply recommends longer keys. [2] Digital Signatures and Hashing There are two other important uses for one-way signatures: signatures and hashing. If Bob is worried that Eve is pretending to be Alice and sending false information, Bob can ask Alice to sign and hash her documents. Using a different public-private key pair, Alice can use the private key for encryption and the public key for decryption. If an established authority, usually a wellknown company, states what public key is attributed to Alice, only the real Alice could encode her name and hash into the document. A hash is a long string of characters that is a product of a cascading, one-way function. All of the text in the document will be used to generate the hash, so even making minute changes to the text will completely change the hash. Hash functions are available for free, such as MD5. [4] In this example, there are two attackers, Eve and Dan: 1. Alice wants to tell Bob to pay Eve 10 dollars. 2. Alice writes out such instructions and signs the document Alice 38FJ3MZD9, with the signature encrypted by her own private key. The alpha-numeric string is the hash. She then encrypts the entire document, signature included, with Bobs RSA public key.
Figure 7: How asymmetric key cryptography can be used to sign documents with hash values.
10 3. Eve intercepts the document but is unable to crack Bobs private key. So, she deletes the original and forges another set of instructions telling Bob to pay her 1000 dollars. 4. However, Eve cannot sign the document Alice because Eve does not have Alices private key. 5. Dan is a better cryptanalyst and breaks Bobs private key. He sees Alices signature line as unreadable ciphertext. 6. Dan changes 10 to 1000. However, this slight change will change the MD5 hash to something like 193KFE3ZP In both examples, Bob will be able to easily realize that someone is trying to feed him false information. Either Alices signature will be missing or the hashes will not match up. This fairly simple procedure is performed every time anyone visits a website or sends an email. The ability to establish a trustworthy online identity is critical to every function of the internet. Limitations of Public Key Cryptography RSA is limited by its larger computational requirements. Additionally, keys must be longer to provide the same level of security. Therefore, the most popular security protocols used to secure online data rely on a hybrid-cipher. Asymmetric encryption is used to send symmetric keys and establish identity, while symmetric encryption is used to transmit the bulk of the information. An early and still valid example of this is Phillip Zimmermanns Pretty Good Privacy (PGP) cipher. [2][4]Additionally, Zimmermann used his cipher to champion individual cryptographic rights, as explained in the second half of the paper.
11
12 Due to the complexity, the main goal is to communicate a random, private, and symmetric key, not transmit data. The one-time pad cipher is used once the key is generated. The key is created first, then the security of the key is verified through quantum mechanics, and then ciphertext is sent. Therefore, there is no possibility of Eve observing actual ciphertext. Instrumental mistakes are the most serious source of error. For example, if two photons are sent instead of one, this may allow Eve a chance to observe without being detected. Feasibility Quantum key distribution is currently experimentally possible and should be commercially feasible within a decade. The University of Cambridge and Toshiba have achieved transmission rates of 1 Mbit/s over 20 km of fiber and 10kbit/s over 100 km of fiber. The longest distance over which quantum key distribution has succeeded is 148.7 km, achieved in 2007 by Los Alamos National Laboratory. Over free space (no fiber), European collaborators achieved a distance of 144 km, under very clear atmospheric conditions. There are currently 3 specialized networks that can distribute keys over quantum encryption, one in the Northeast, one in Vienna, and one in Tokyo. [3]
13
The Constitution only vaguely defines what privacy rights are protected. Furthermore, the authors of the 4th Amendment could not have foreseen the technological advances that have changed the definitions of *+ papers, and effects and unreasonable. Recent court decisions shed light on the present relationship between Constitution and privacy. Judicial Precedent First, what constitutes a reasonable expectation of privacy? The Judicial Branch interprets the 4th amendment to stress rights-based expectation over probability-based expectation. For example, Justice Rehnquist explains: [5] A burglar plying his trade in a summer cabin during the off season may have a thoroughly justified subjective expectation of privacy, but it is not one which the law recognizes as legitimate. *+ his expectation is not one that society is prepared to recognize as reasonable. However, a weakness in this application of the 4th Amendment is that judges have to predict what society considers a reasonable expectation of privacy. Rulings from different levels of the judicial system will often disagree and even at the Supreme Court level, contradictions exist. For example, in Florida v. Riley, the Supreme Court ruled that police do not need a warrant to observe an individuals property from public airspace using a helicopter. In Kyllo v. United States, the Supreme Court, without
14 overturning the Riley decision, ruled that police did need a warrant to observe an individuals property from public property using thermal imaging. [5] Another example of the haphazard line the Judiciary draws between reasonable and unreasonable is the Open Field Doctrine. Under this U.S. legal doctrine, fields surrounding a house do not fall under the protection of the 4th Amendment. However, curtilage, the area of land immediately surrounding a home, is protected by the 4th Amendment. [5]
15
16 unexamined flaws and the escrow key would be abused. The governments ambition for complete access to individuals encrypted files was not limited to just Clipper. Bill Clinton, approving the Clipper chip in 1993, wrote: I do not intend to prevent the private sector from developing, or the government from approving, other microcircuits or algorithms that are equally effective in assuring both privacy and a secure key-escrow system. [7] The EFF, individuals concerned with privacy, and even several law-makers vociferously opposed key escrow. Despite offering incentives to manufacturers, Clipper was never embraced. Simply put, if thenSenator John Ashcroft, pioneer of the USA PATRIOT Act, thinks the government overstepped its boundaries with key escrow, then key escrow is obviously a step towards a police-state. Cryptography as a Military Asset Cryptography has its roots in the military and will always be an important military asset. Along with the Enigma cipher, Allied cryptanalysts also successfully attacked the Lorenz cipher, used among German High Command, and JN-25, used by the Japanese Imperial Navy. In the present-day, beyond the obvious need to keep military orders secret, government-sponsored cyber-war means cryptography is a national security concern. Stuxnet, an elaborate computer worm discovered in 2010, overrode speed controls in Iranian centrifuges and set back their nuclear program. The evidence points towards the Israeli government, who have confirmed that cyberwarfare is now among the pillars of its defense doctrine*+. The 2010, the Pentagon set up the Cyber Command to defend its computer networks from foreign attack. It is a recent response to a war that the US seems to be losing, as there are several confirmed successful attacks on high-value military networks. [1]
17 Export Restrictions Until 1992, cryptography was on the US Munitions List. [6][2] Exporting cryptography was a felony equivalent to giving an enemy country a physical AIM-9 Sidewinder heat-seeking missile. Proponents of unfettered study of cryptography responded by making cipher tee-shirts and tattoos. In 1993, Zimmermann, the author of PGP, was under investigation for exporting munitions without a license, which carried substantial jail-time. In an attempt to invoke more directly his 1st amendment rights, Zimmerman had published his entire source code in a 907 page book. Anyone could buy the book, export the book himself, and scan the pages using text-recognition software. Fortunately for Zimmermann, the federal investigation ended. Furthermore, in 1996, Junger v. Daley established that Junger, a professor of computer law, could accept non-US citizen students and any software source code enjoyed 1st Amendment protection. [1] Even now, with export controls weakened by court rulings and widely available PGP encryption, the US government is still trying to control dissemination. Non-military cryptography exports (hardware, software, and even consulting services) need an export license from the Department of Commerce. [1] Digital Millennium Copyright Act The DMCA issue, in my opinion, represents a greater threat to digital rights than key disclosure law, key escrow, and export controls. DMCA, signed by President Bill Clinton, criminalizes production and dissemination of technology, devices, or services intended to circumvent digital rights management (DRM), which is software that limits copying and playback. [1] Furthermore, the act of circumventing DRM is illegal even if the material is not under copyright. For example, using a program to copy a purchased DVD is illegal, even though making back-ups of purchased media is legal under Fair Use laws. Among the DMCA, Librarian of Congress Fair Use exceptions, and vague 1st Amendment protections, the boundary between illegal and legal is unclear. Since large media corporations can easily issue Takedown Notices, most individuals will not risk litigation. [1]
Figure 11: RSA source code. Before 1992, it was a serious felony to take this shirt outside the country.
18 DCMA and Cryptography DMCA has stifled worldwide cryptography research, since any cryptography could be used to circumvent DRM. I only include a few examples since a full list would be exhaustive. The most visible example of this conflict is Dmitry Sklyarovs one-month imprisonment in 2001. Sklyarov was a Russian PhD student and employee of ElcomSoft, who wrote software that could process DRMprotected eBooks. This act is legal in both the US and Russia but, under DMCA, it is illegal to disseminate the knowledge. After giving a talk at DEF CON, Sklyarov was arrested by FBI agents. After agreeing to testify against his employers, he was freed. [1] In fact, DEF CON, an annual gathering of computer security experts and amateur hackers, has often been marred by incidents. In 2005, Cisco used legal threats to stop security expert Mike Lynn from presenting on serious security flaws in Cisco networking equipment. Even though Cisco had already repaired the flaws (without informing its clients of the original vulnerability) and Lynn removed most of the technical details, Cisco threatened legal actions. Mike Lynns employer threatened to fire Lynn if he gave his presentation. In response, Lynn resigned from his position an hour before the presentation, gave the presentation, and asked the audience for employment opportunities. A few months later, he was hired by another computer security company. [1]
19 filled with crime and terrorist attacks. If military researchers are first to find a way to feasibly implement quantum-secure networks, the academic field of cryptography could be endangered. A reasonable expectation of privacy will be much easier to demonstrate to a judge. However, with the main vulnerability of quantum cryptography being key disclosure subpoenas and key escrow schemes, those two issues will become major conflict topics. DRM will be not be able to be circumvented. As a result, current Fair Use rights will disappear. How can Sony let a school teacher copy a film for educational purposes when doing so requires a quantum-encrypted key.
20
Conclusion
In an age of explosive growth of digital data storage and communication, cryptography plays in integral role in our society. It is a challenge to respect the serious concerns of national security and copyright protection while also safeguarding individual liberties. The main purpose of this report is to disseminate basic cryptographic knowledge and discuss the implications of such knowledge on our society. Furthermore, this report also confirms the feasibility and strength of quantum cryptography, highlighting an almost certain legal battle and information technology revolution. This report has accomplished its purpose. In conclusion, I list several recommendations for authorities and individuals to ensure that the right to privacy is not infringed upon. 1. Export controls should be switched from prohibited until specified to allowed until specified. The decision should be made more rationally, assessing if formal export controls would actually stop ciphers from reaching the wrong hands. 2. Businesses should respond faster to increases in computing power. It was not until 2010 when Visa and Mastercard prohibited merchants from using WEP, the vulnerable stream cipher. 3. Federal and State judges should be fairly briefed by both sides of the debate. Orin Kerr has considerable sway so the Electronic Freedom Frontier should be given an equal opportunity to brief the judges. 4. Authority should acknowledge the importance of peer review in cryptography. A published paper detailing a flaw in a cipher strengthens the cipher, because hackers, now often government-sponsored, may already know that vulnerability.
21
Works Cited
1. Committee to Study National Cryptography Policy. (1996). Cryptography's Role in Securing the Information Society. (K. Dam , & H. Lin, Eds.) Washington D.C.: National Academy Press. 2. Davis, J., Htet, A., Hoshi, Y., Liu, C., Jia, Y., Mack, P., et al. (2008, February). Broken Ciphers and Lost Secrets. Retrieved December 1, 2010, from http://www.lightupflorida.com: http://www.lightupflorida.com/groupproject/home/Broken%20Ciphers%20and%20Lost%20Secr ets.pdf 3. Ekert, A. (2005, November). Quantum Information Processing and Communication. Quantum Cryptography, 101-110. 4. Hellman, M. E., & Diffie, W. (1979). Privacy and Authentication: An Introduction to Cryptography. Proceedings of the IEEE, (pp. 397-427). 5. Kerr, O. S. (2001). The Fourth Amendment in Cyberspace: Can Encryption Create a "Reasonable Expectation of Privacy?". Connecticut Law Review, 503-533. 6. Lawton, G. (2001). Is Technology Meeting the Privacy Challenge. Computer, 16-18. 7. Singhal, A. (1996). The Piracy of Prvacy? A Fourth Amendment Analysis of Key Escrow Cryptography. Stanford Law and Policy Review, 189-210.
Most figures were found in Wikimedia Commons and are categorized as fair use. Exceptions are: Figure 1 Figure 9 Figure 10
http://image.guardian.co.uk/sys-images/Technology/Pix/pictures/2008/02/01/SeaCableHi.jpg http://www.natlawreview.com/article/cryptographic-lock-baffles-fbi http://www.digicrime.com/escrow/
Appendix
Detailed descriptions of ciphers.