# Applications of cryptography

Looking for the “best” websites in cryptology is a daunting, if not an impossible task. This is because, as I started searching the Web for interesting sites on cryptology, I found that there are just so many. The task is made even more difficult by the fact that cryptology is such a broad subject which encompasses several sub-subjects. Nevertheless, I have to choose three sites. Basically, I just set two criteria for choosing a site: it has to be interesting and it has to be easily understandable even when the content is technical.

Being a history enthusiast, my search for fascinating contents led me to a website that features cryptology in the 16th and 17th centuries. It can be accessed via the link http://home. att. net/~tleary/cryptolo. htm and is written by Thomas (Penn) Leary. One of the reasons I was drawn to this site is the existence of an author for the site. With internet access and blogging accessible to almost everyone, I tend to get wary of websites whose authors are unknown for I feel that this lessens the reliability of the site and its contents, unless the site belongs to a company or organization whose reliability cannot be questioned.

The content starts with a philosophical statement by Blaise de Vigenere, something which I found quite endearing. Being primarily a non-technical site, it avoids the use of cryptographic jargon and instead uses words easily understandable by almost any reader. Examples of the early kinds of cryptology such as the Elizabethan cryptology (uses numbers to encipher letters) were discussed in the site. Several paragraphs in the site are attributed to Johannes Trithemius, a German monk who is also considered the first theoretician in cryptography.

Most of his schemes also include steganography, a close cousin to cryptography, which involves concealing the existence of the message itself. Aside from that, Trithemius contributed much to the existence of polyalphabeticity. His tableau, which he called his “tabula recta”, uses the normal alphabet in various positions as the cipher alphabets. Giovanni Battista della Porta, another famous early cryptographer received a highlight in the site. Likewise, the use of acrostic, a cipher which involves using the first letters of a poem in order to form a word, was also given emphasis.

Poets in the Italian Renaissance and during the Elizabethan period were reported to be quite fond in using acrostic. Although quite non-technical, this website appealed to me because I can look back and trace the early days of cryptology when there were no computers and other modern crypto graphing equipment. It is fascinating to note that the state-of-the-art cryptography used nowadays evolved from relatively simple ciphers such as Trithemius’ tableau and acrostic. In terms of information presentation, the website did quite well and the information was arranged in a clear and systematic manner.

Furthermore, the author cited several works which I find commendable as most of the websites today obtain information from other sites, books and journals without acknowledging these sources. As for the technical side, I found David Wagner’s (1999) discussion of the Boomerang Attack quite interesting. His paper can be accessed by this link: lasecwww. epfl. ch/intranet/proceedings-iacr-98-03/papers/1636/16360156. pdf, although I believe it originally came from www. cs. berkeley. edu/~daw/papers/boomerang-fse99. ps. As you might have noticed I’m quite a stickler for the reliability of website contents.

Apart from the topic being quite interesting, I chose this website because it came from an academic institution, which I believe screens articles and papers before posting it in their website. Even for non-technical readers, Wagner’s (1999) introduction to the concept of a boomerang attack is quite comprehensible. He started by describing differential cryptanalysis, a powerful cryptanalytic technique. Because of such power, differential analysis has been used to break many published ciphers. Block cipher designers therefore ensure that their design is secured from differential attacks.

Algorithm designers usually compute an upper bound p on the probability of any differential characteristic on the cipher. The designer then invokes an often repeated “folk theorem” stating that any successful differential attack will require at least 1/p texts to break the cipher, thus making a conclusion that the cipher is safe from differential attacks. In order to prove this “folk theorem” false, Wagner (1999) exhibited an attack – in this case the boomerang attack – that allows an opponent to beat the 1/p bound in some cases.

Let’s say the best characteristic for half of the rounds of the cipher has a probability of q, a successful boomerang attack will therefore need O (q-4) chosen texts. In some cases, q-4 > 1/p, in which case the boomerang attack will be able to beat the folk theorem’s bound. Basically, a boomerang attack is still a differential-style attack but does not try to cover the whole cipher with a single pattern having a significantly large probability. Instead, the attacker tries to find two highly-probable patterns, though not necessarily related to each other, but when taken together can cover the whole cipher (Standaert, Piret, Quisquater, 2003).

Wagner (1999) does not only discuss boomerang attack theoretically and only through probabilities, he showed how boomerang attack can be used to break COCONUT98, a cipher that rely on decorrelation techniques for its design. The breaking of COCONUT98 suggests that decorrelation design may fail to give enough security against advance differential attacks when caution is not taken. Therefore the use of decorrelation techniques is not a total guarantee of safety against differential-style attacks.

Nevertheless, a decorrelation design still improves the cipher’s security such that in the absence of a decorrelation module, COCONUT98 will be more vulnerable to conventional differential-style attacks. Wagner (1999) also demonstrated the use of boomerang attacks on Khufu and FEAL, and included a description of “inside-out attack”, a dual to boomerang attack, with the boomerang attack working from the outside, while the “inside-out attack” works from the inside. In general, the site is very informative but I must admit, quite technical.

One therefore does not approach it without having received a background on cryptology. Oliver Pell’s (nd) website, which he claims has won him a prize in a mathematics essay contest, is just as interesting. Accessed from http://www. ridex. co. uk/cryptology/#_Toc439908875, it presents a very useful overview of cryptology. Slightly technical, it comes in between the first two websites. Whereas the first is definitely non-technical while Wagner’s (1999) paper is definitely technical, Pell (nd) presents technical data in the simplest way possible.

In fact, among the three sites, this one definitely stands out. The website content begins with the definition of commonly-used cryptographic terms, an indication that the paper is meant to be read by a wide range of audience including non-technical ones. The history of cryptography and cryptanalysis which followed the definition is quite fascinating and seems to me, well-researched. Ancient Egyptians, Hebrews and Assyrians already developed a crude form of cryptographic systems.

Later on, the Greeks invented the first transposition cipher but it was the Arabs who were the first to have a clear grasp on the principles of cryptography and elucidated the beginning of cryptanalysis. In the more modern times, the uses of cryptography during the First and Second World War were also discussed. What follows is a detailed discussion on cryptography starting on how cryptographic systems are grouped: based on the mathematical operation that changes the plain text into ciphertext using the encryption key, based on whether a block or stream cipher is produced, and based on the type of key used, whether single or two key.

Substitution ciphers – ciphers wherein the units of the plaintext are replaced with symbols or group of symbols, transposition ciphers – rearranging of the letters of the plaintext without actually changing the letters themselves, block ciphers – symmetric-key encryption algorithms that changes a fixed length block of the plaintext into the same length of cipher text, and stream ciphers – also breaks plaintext into units but usually a single character are just some of the ciphers discussed in greater detail under the single key cryptography.

A problem in cryptography – the key distribution problem – is also tackled. Such a problem usually occurs because both the sender and the receiver hold a copy of the key, but must also prevent others from getting access to the key. The solution to this problem, the two-key cryptography, is also discussed. Briefly, a two-key cryptography enables a user to possess two keys – one public and one private – with the public key used to encrypt the data to be sent, and the private key used to decrypt it.

Some common applications of cryptography, such as protecting confidential company information and protecting a phone call just to name a few, are also presented. In general, the topic (Cryptography) is really well presented. At times when the topic gets a bit too technical (like algorithms), the author presents examples in order for the topic to be better understood. Such a well presented website content is quite uncommon and indeed deserves a prize. References Leary, T. (1996 July). Cryptology in the 16th and 17th Centuries.

Retrieved September 27 from http://home. att. net/~tleary/cryptolo. htm Pell, O (nd). Cryptology. Retrieved September 27, 2007 from http://www. ridex. co. uk/ cryptology/#_Toc439908875. Standaert, F-X. , Pirret, G. & Quisquater, J-J. (2003). Cryptanalysis of Block Ciphers: A Survey. UCL Crypto Group Technical Report Series. Retrieved September 27, 2007 from http://www. di. ens. fr/~piret/publ/cg03-2. pdf Wagner, P. (1999). Boomerang Attack. Retrieved September 27, 2007 from lasecwww. epfl. ch/intranet/proceedings-iacr-98-03/papers/1636/16360156. pdf.