Today I Learned #4

Today I learned (more) about William F. Friedman, the true “father of American cryptography”:

  • Friedman wrote the de facto standard texts on cryptanalysis. His pamphlets are still considered the prerequisite for cryptanalysts today, or at least, they were at the time The Codebreakers was written.
  • He invented the term “cryptanalysis”, as well as “monalphabetic” and “polyalphabetic”!
  • His magnum opus, The Index of Coincidence and its Applications in Cryptanalysis, brought cryptanalysis out of isolation and meshed it with the world of statistics and mathematics. I cannot understate how important this work was to modern cryptanalysis — without this work, cryptanalysis as we know it today would exist, but in a stunted, deformed state. If I recommended Codebreakers for one reason, it would be for the sublime beauty in Friedman’s techniques described within. I have to admit, I don’t understand a lot of the descriptions of cryptanalysis in the book, but Friedman’s methods are as simple and sweet as apple pie, and as powerful as a howitzer.
  • They say “behind every great man is a great woman”, and Friedman was no exception. Elizebeth Smith Friedman most notably worked with William to disprove the theory that Francis Bacon was the author of Shakespeare’s plays, by tearing apart the supposed “cryptograms” hidden within.
  • Friedman not only brought America to the forefront of worldwide cryptological prowess, but also fathered the NSA. The NSA is the direct descendant of the organization that Friedman created single-handedly (with Elizebeth by his side, of course).
  • In an episode that appears to be somewhat common throughout Codebreakers, Friedman sadly suffered a nervous breakdown in 1941 and was hospitalized for months, due to the sheer stress of the work involved. We see this today in software engineers in the form of “burnout”. In other cases (unrelated to Friedman), some cryptanalysts babbled incoherently, hallucinated, and suffered all manner of horrific things due to the pure fatigue of working on a problem nonstop.
  • Without Friedman, America would likely have been unable to solve the PURPLE cipher used by the Japanese in WWII. Who knows what the outcome of the war would have been without the intelligence gathered thanks to Friedman and his team…

It should go without saying that Friedman is now on my list of personal heroes, along with Étienne Bazeries. He was a true genius, a polymath, a visionary, a scholar, a man of the greatest importance in cryptology. I can’t truly do him justice here, but hopefully, I’ve shed some light on the brilliance that was William F. Friedman.

Today I Learned #3

Today I learned about Herbert Yardley, architect of the American Black Chamber, named in homage to the “Black Chambers” of Europe a couple centuries prior. In this organization, subsidized by the State Department, Yardley and his team cracked the diplomatic messages of every major ally we had at the time (shortly after WWI). He even wrote a book about it, “The American Black Chamber”, which was both praised and panned — some critics noted it was the first book of its kind by an American, offering a glimpse into a world never before seen by the general public, much like “The Codebreakers”, while others criticized it as jeopardizing foreign relations.

The reason I decided to write this post is the reaction of Congress to Yardley’s book. They essentially wanted to make it a crime to do what Yardley did, to disseminate information gained in a government position. Some representatives rightly pointed out that this would limit the freedom of the press to make public communications which they thought were damaging to the American public or the fabric of society, but nevertheless, with the backing of the administration at that time, the law passed and sits on the books to this day.

Could you imagine such a scenario today? Could you imagine regular folks, let alone representatives, giving two shits about freedom of the press, in an age where the press is vilified by our own president? Where Snowden was seen as a traitor by his predecessor? When trust in the media is at an all-time low? I know, there are plenty of people fighting the waves upon waves of “fake news” (I prefer the term “propaganda”, and will use that word instead from here on out). There are people who are fighting tooth-and-nail to restore faith in the press, and I respect them to no end. However, propaganda, and those who seek to discredit the press, seem to be winning.

So what does this have to do with crypto, you might be asking? Well, the entire reason I’m studying crypto is to create a secure pseudonymous publication platform for journalists. I want to restore that trust. With crypto, along with network analysis, trust graphs, and a whole host of other techniques, the details of which I haven’t completely hammered out yet, we can at once restore trust in journalism while protecting those writers from persecution (or prosecution, at that). America’s founders put freedom of the press in the very first amendment for a reason — tyranny cannot survive in the light. With cryptography, this dream can be realized.

In future posts, I will be fleshing out the details of this pseudonymous publication platform, as promised. I’ve been trying to work my way through “Codebreakers” as quickly as possible (without skimming or missing details, of course), so I’ve been distracted, in a good way. I’m learning a lot. I’ve also been trying to work my way through the Cryptopals challenges, although I have to admit, I’m stuck on the “ECB/CBC detection oracle” challenge, in which I have to distinguish between ciphertext encrypted randomly with one of those two modes (more to come on that in another post). I have a lot of pies in the oven, but I’m making forward progress. More to come, folks…

The Importance of Being Simple

Reading Codebreakers, I came across a section on American cryptography during WWI. The production of codebooks was both secure and efficient, but the front line was a different story. According to Kahn, no other army could match the American’s frustration when it came to actually using the damn things. One general even commanded his division not to use the codes at all before or during crucial operations! This is better than sending messages improperly encoded, or re-sending those messages in the clear after the fact, but it’s still incredibly reckless.

User experience is not a new concept. Luckily, we live in an age where UX has come to the forefront of app development concerns, teaching more people than ever about the necessity of designing something that’s not just easy, but simple for actual people to actually use.

Despite this, we have APIs like OpenSSL, which allow you to do insanely stupid things like using ECB mode, which is no better than a simple codebook, or CBC mode with a null IV, which will encrypt the same plaintext/key combo the same way, every time. Then we have GPG, which makes encrypting emails about as easy as pulling your own teeth.

I get why this is the case: developers want to give their users options. They want to make the tool as widely usable as possible. But it’s like Kurt Vonnegut said, “if you open a window and make love to the world, your story will get pneumonia”. He was talking about writing, but the same applies to the UX of your software. If you try to be everything to everyone, you’ll end up being nothing to no one.

So how do we create simple systems? Easy: put your system in front of regular folks, and listen to what they say. Put your app in front of someone who has no idea what it does, and see how they use it. Again, this isn’t a new concept. Cryptanalysis has a similar dictum: only real-world experience will prove (or disprove) the security of your system. No amount of theoretical hand-waving will do this for you. If your user has to worry about key sizes and verifying signatures manually (I’m looking at you, GPG), you’ve already lost.

Signal does an excellent job of simply securing communications, without making the user worry about details that are insignificant to them (but crucial to actual security). I’m not saying the problem is easy to solve. But I am saying it’s tractable.

With Apologies to David Kahn

I love The Codebreakers so far, but there’s one point where David Kahn and I disagree. Here’s the quote in question:

Now cryptanalysis has a potential that cryptography does not. Cryptanalysis can alter the status quo. Cryptography can at best conserve it. Cryptanalysis can bring countries into war, engender naval battles and win them, compel besieged cities to yield, condemn queens to death and prove innocent the unjustly accused. Cryptanalysis hammers upon the real world. Cryptography does not.

I couldn’t disagree more. This may have been true in the age where cryptography was only used by governments and military, but cryptography is shaping the world around us right now in the hands of regular folks. It allows people to communicate in private, as they would in their own homes; offers a path to secure, and with the advent of cryptocurrency, anonymous, online payments; keeps our browsing history out of the hands of those who would use it against us; and in some cases, can even aid in peaceful revolution.

Cryptography protects our most sacred rights: our right to free speech, our right to assemble peaceably, and our right to privacy. As the companies most of us depend on for communication collect and disseminate our data to advertisers and governments, cryptography offers a way out. There’s a reason the NSA fought to keep public-key cryptography out of the hands of the general public — ostensibly, it would make their signal intelligence activities more difficult, but after the Snowden revelations I don’t buy that excuse for a second.

With any freedom comes the possibility that someone will use that freedom to do evil. If people have freedom of speech, they might say something reprehensible. If they have the right to assemble, they might riot. If they have the right to privacy, they might do heinous things behind closed doors. But like Benjamin Franklin said:

Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.

Today I Learned, Part 2

Some of this I didn’t technically learn today, but here goes:

  • Bazeries was a bit stubborn, to put it politely. His last book was filled with contempt and vitriol, although on the plus side, Kahn said that made it among the most interesting reads in an otherwise dry field. Even so, he denied a perfectly valid breaking of his wheel cipher.
  • Speaking of wheel ciphers, I had no idea that Jefferson’s system was in use by the Army into the 20th century!
  • French cryptanalysis was leaps and bounds ahead of any other European country at that time, perhaps with the exception of Austria-Hungary.
  • The English, on the other hand, relied on pure dumb luck to decipher enemy messages during WWI. They happened to capture German code books — no cryptanalysis required.
  • The English were not exactly helpful towards the French, either. Insisting that the French share their cryptanalytic findings, the French replied with something to the effect of “one of our ships was torpedoed by the Germans not long ago — why didn’t you warn us?” The English replied with something like “well, it would be dangerous to our intelligence efforts if that information fell into the wrong hands”, to which the French said “would you feel the same if it were an English ship?” That pretty much killed the conversation about cooperation on intelligence operations.
  • England wasn’t totally incompetent, though: by the end of the war, they used what David Kahn called the best cipher of that era, “Cypher SA”.
  • This cipher included polyphones, or code groups that have multiple meanings. The method for deciphering the messages essentially uses the character from the last code group as part of the “key” to decipher the current code group, giving you the proper meaning while confounding cryptanalysis. It’s remarkably similar to cipher block chaining (CBC) mode in modern block ciphers, where the previous block “feeds” into the next, and if one gets scrambled, the remainder of the message is scrambled as well.
  • England wasn’t alone in their cryptographic floundering — Germany flat-out refused to use ciphers that weren’t Teutonic in origin, and their cryptanalysis division was nonexistent for most of the war.
  • England’s first offensive move of the war? Cutting Germany’s transatlantic cables!

I’ve been sick the past week, and haven’t devoted any time to the Cryptopals challenges, but I have a goal of at least looking at the current problem at least once a day. This, combined with reading Codebreakers, will make up my daily routine (after work, that is). As for blogging, I’ll write at least one post per week. Any less and I’ll lose steam — any more and the quality is likely to suffer, unless I have something I absolutely have to write about. With that, I’m signing off. More to come!

Today I Learned

I was reading The Codebreakers by David Kahn, and today I learned:

  • Étienne Bazeries was among the most badass cryptologists who ever lived (at least, as far as I’ve read). Noted as “the great pragmatist of cryptology” by David Kahn (a tremendous understatement), he tore through ciphers like tissue paper. I cannot understate how deftly this man manipulated ciphers and unlocked their secrets.
  • Sometimes this had hilarious results: someone sent a message to a duke in France, with many errors in its encipherment, yet Bazeries was able to solve it. The duke’s frustrated, contemptuous one-word response: “Merde.”
  • On a related note: I will never design my own cipher. Repeat after me: I will never design my own cipher. Write this on a chalkboard 50 times if you have to. Just don’t do it.
  • If you don’t trust me on the last point, consider this: Bazeries was able to solve the ciphers used by the French military, which at that point, was the largest military in Europe. If he could solve their ciphers, a modern cryptanalyst will be able to crack yours. Granted, they were wimpy ciphers compared to the systems Bazeries suggested, but still.
  • I didn’t technically learn this today, but: the Vigenère cipher was not created by Blaise de Vigenère himself, and was misattributed to him. It was actually invented by Giovan Battista Bellaso. However, Vigenère did create an even more powerful “autokey” cipher.

Over the past few week or so, as I’ve read Codebreakers, I’ve gained an immense respect for French cryptography in general. The “black chambers” were a fertile source of cryptanalysis, for one. On top of that, some of the greatest books on cryptography have come from the French. Most of all, France produced the great Étienne Bazeries, one of my new heroes.

More to come, folks…

Shadowplay

Secret communication has recently come into vogue, with apps like WhatsApp and Signal (I’d highly recommend the latter, by the way). However, this is best for person-to-person communication. What if someone wants to communicate en masse? What if someone wants to publish something anonymously, or pseudonymously?

Current offerings are piss-poor. Sure, you can register on a site under a pseudonym and start posting, sometimes even posting anonymously, but what security does this offer you? The answer is none. Your ISP can rat you out. Your unencrypted traffic can be sniffed. You could fall prey to a man-in-the-middle attack. And that’s just off the top of my head. I know, I know, VPNs and HTTPS will solve these problems, for the most part, but how many people do you know who are well-versed in these technologies and understand their use? Are these people technically inclined?

Pseudonyms are possible with public-key cryptography, but the reality is far off from the dream. Generating a key pair alone requires mastery of the command line, something that’s esoteric to others at best, and intractable at worst. Then you have to convince your friends and colleagues to use the public-key system, a losing battle from the start. Modern crypto implementations are like a sheer cliff, and using crypto as it exists today is like trying to climb that cliff.

So what is the answer? How can we assure anonymous or pseudonymous communications?

The answer seems to lie in the dining cryptographers protocol. With this protocol, you can anonymously publish a message. However, that doesn’t solve the problem of pseudonymous communication, which is far preferable for people like journalists who want to build a following, yet in some cases, fear for their lives.

How can we ensure a pseudonym is secure? How can we allow for pseudonymous publication without fear of being exposed?

I don’t quite have an answer yet — I’ve been pondering this problem for months now, years if you count my high school days. I don’t believe there’s an easy answer, but in future posts, I’ll attempt to explore solutions.

Dark Entries

Hey there! My name’s Austin Pocus, and I’ve been studying cryptography on and off for the past 10 years. In this first post, I’d like to lay out what this blog will be (or not).

This blog is going to be about crypto, but usually not cryptocurrencies. I have no interest in speculating on which currencies are going “to the moon”, although I am interested in the blockchain as a technology, and anonymous payments in general. Unless I have a specific application in mind, you won’t find too much talk about cryptocurrencies here.

That said, this blog will be about traditional cryptography, the study and implementation of secret communication systems. It will also be about security: how to design secure systems (or not), how to break flawed systems, and trying to measure just how fucked we are in our current state of affairs. Bruce Schneier is a constant source of inspiration, and I highly recommend his blog.

More specifically, this blog will cover my adventures in learning more about cryptography, as I work my way through the Cryptopals challenges, and try to design a cryptosystem of my own (more on that in future posts).

What do you want to read about here? Tell me in the comments!