Cryptography: Crash Course Computer Science #33

00:03

Hi, I’m Carrie Anne, and welcome to CrashCourse Computer Science!

00:05

Over the past two episodes, we’ve talked a lot about computer security.

00:09

But the fact is, there’s no such thing as a perfectly, 100% secure, computer system.

00:14

There will always be bugs and security experts know that.

00:17

So system architects employ a strategy called defence in depth, which uses many layers of

00:21

varying security mechanisms to frustrate attackers.

00:23

It’s a bit like how castles are designed – first you’ve got to dodge the archers,

00:27

then cross the moat, scale the walls, avoid the hot oil, get over the ramparts, and defeat

00:32

the guards before you get to the throne room, but in this case we’re talking about one

00:36

of the most common forms of computer security - Cryptography.

00:39

INTRO

00:49

The word cryptography comes from the roots ‘crypto’ and ‘graphy’, roughly translating

00:53

to “secret writing”.

00:54

In order to make information secret, you use a cipher – an algorithm that converts plain

00:58

text into ciphertext, which is gibberish unless you have a key that lets you undo the cipher.

01:03

The process of making text secret is called encryption, and the reverse process is called

01:08

decryption.

01:09

Ciphers have been used long before computers showed up.

01:11

Julius Caesar used what’s now called a Caesar cipher, to encrypt private correspondence.

01:15

He would shift the letters in a message forward by three places.

01:18

So, A became D, and the word "brutus" became this: "euxwxv".

01:21

To decipher the message, recipients had to know both the algorithm and the number to

01:25

shift by, which acted as the key.

01:27

The Caesar cipher is one example of a larger class of techniques called substitution ciphers.

01:32

These replace every letter in a message with something else according to a translation.

01:35

A big drawback of basic substitution ciphers is that letter frequencies are preserved.

01:40

For example, E is the most common letter in English, so if your cipher translates E to

01:44

an X, then X will show up the most frequently in the ciphertext.

01:48

A skilled cryptanalyst can work backwards from these kinds of statistics to figure out

01:51

the message.

01:52

Indeed, it was the breaking of a substitution cipher that led to the execution of Mary,

01:56

Queen of Scots, in 1587 for plotting to kill Queen Elizabeth.

02:00

Another fundamental class of techniques are permutation ciphers.

02:02

Let’s look at a simple example, called a columnar transposition cipher.

02:06

Here, we take a message, and fill the letters into a grid.

02:09

In this case, we’ve chosen 5 by 5.

02:11

To encrypt our message, we read out the characters in a different order, let’s say from the

02:15

bottom left, working upwards, one column at a time.

02:19

The new letter ordering, what’s called a permutation, is the encrypted message.

02:23

The ordering direction, as well as the 5 by 5 grid size, serves as the key.

02:27

Like before, if the cipher and key are known, a recipient can reverse the process to reveal

02:31

the original message.

02:33

By the 1900s, cryptography was mechanized in the form of encryption machines.

02:37

The most famous was the German Enigma, used by the Nazis to encrypt their wartime communications.

02:42

As we discussed back in Episode 15, the Enigma was a typewriter-like machine, with a keyboard

02:46

and lampboard, both showing the full alphabet.

02:48

Above that, there was a series of configurable rotors that were the key to the Enigma’s

02:52

encryption capability.

02:53

First, let’s look at just one rotor.

02:56

One side had electrical contacts for all 26 letters.

02:59

These connected to the other side of the rotor using cross-crossing wires that swapped one

03:03

letter for another.

03:04

If ‘H’ went in, ‘K’ might come out the other side.

03:07

If “K’ went in, ‘F’ might come out, and so on.

03:09

This letter swapping behavior should sound familiar: it’s a substitution cipher!

03:14

But, the Enigma was more sophisticated because it used three or more rotors in a row, each

03:19

feeding into the next.

03:20

Rotors could also be rotated to one of 26 possible starting positions, and they could

03:25

be inserted in different orders, providing a lot of different substitution mappings.

03:29

Following the rotors was a special circuit called a reflector.

03:32

Instead of passing the signal on to another rotor, it connected every pin to another,

03:37

and sent the electrical signal back through the rotors.

03:39

Finally, there was a plugboard at the front of the machine that allowed letters coming

03:42

from the keyboard to be optionally swapped, adding another level of complexity.

03:46

With our simplified circuit, let’s encrypt a letter on this example enigma configuration.

03:51

If we press the ‘H’ key, electricity flows through the plugboard, then the rotors, hits

03:56

the reflector, comes back through the rotors and plugboard, and illuminates the letter

03:59

‘L’ on the lampboard.

04:00

So H is encrypted to L.

04:01

Note that the circuit can flow both ways – so if we typed the letter ‘L’, ‘H’ would

04:05

light up.

04:06

In other words, it’s the same process for encrypting and decrypting; you just have to

04:10

make sure the sending and receiving machines have the same initial configuration.

04:14

If you look carefully at this circuit, you’ll notice it’s impossible for a letter to be

04:19

encrypted as itself, which turned out to be a fatal cryptographic weakness.

04:22

Finally, to prevent the Enigma from being a simple substitution cipher, every single

04:26

time a letter was entered, the rotors advanced by one spot, sort of like an odometer in a

04:31

car.

04:31

So if you entered the text A-A-A, it might come out as B-D-K, where the substitution

04:36

mapping changed with every key press.

04:38

The Enigma was a tough cookie to crack, for sure.

04:40

But as we discussed in Episode 15, Alan Turing and his colleagues at Bletchley Park were

04:45

able to break Enigma codes and largely automate the process.

04:47

But with the advent of computers, cryptography moved from hardware into software.

04:52

One of the earliest software ciphers to become widespread was the Data Encryption Standard

04:56

developed by IBM and the NSA in 1977.

04:59

DES, as it was known, originally used binary keys that were 56 bits long, which means that

05:05

there are 2 to the 56, or about 72 quadrillion different keys.

05:09

Back in 1977, that meant that nobody – except perhaps the NSA – had enough computing power

05:14

to brute-force all possible keys.

05:16

But, by 1999, a quarter-million dollar computer could try every possible DES key in just two

05:21

days, rendering the cipher insecure.

05:24

So, in 2001, the Advanced Encryption Standard (AES) was finalized and published.

05:29

AES is designed to use much bigger keys – 128, 192 or 256 bits in size – making brute force

05:37

attacks much, much harder.

05:38

For a 128-bit keys, you'd need trillions of years to try every combination, even if you

05:44

used every single computer on the planet today.

05:46

So you better get started!

05:48

AES chops data up into 16-byte blocks, and then applies a series of substitutions and

05:53

permutations, based on the key value, plus some other operations to obscure the message,

05:58

and this process is repeated ten or more times for each block.

06:01

You might be wondering: why only ten rounds?

06:03

Or why only 128 bit keys, and not ten thousand bit keys?

06:07

Well, it’s a performance tradeoff.

06:09

If it took hours to encrypt and send an email, or minutes to connect to a secure website,

06:13

people wouldn't use it.

06:15

AES balances performance and security to provide practical cryptography.

06:19

Today, AES is used everywhere, from encrypting files on iPhones and transmitting data over

06:23

WiFi with WPA2, to accessing websites using HTTPS.

06:27

So far, the cryptographic techniques we’ve discussed rely on keys that are known by both

06:32

sender and recipient.

06:34

The sender encrypts a message using a key, and the recipient decrypts it using the same key.

06:38

In the old days, keys would be shared by voice, or physically; for example, the Germans distributed

06:43

codebooks with daily settings for their Enigma machines.

06:46

But this strategy could never work in the internet era.

06:49

Imagine having to crack open a codebook to connect to youtube!

06:52

What’s needed is a way for a server to send a secret key over the public internet to a

06:56

user wishing to connect securely.

06:59

It seems like that wouldn’t be secure, because if the key is sent in the open and intercepted

07:02

by a hacker, couldn’t they use that to decrypt all communication between the two?

07:06

The solution is key exchange!

07:09

– An algorithm that lets two computers agree on a key without ever sending one.

07:13

We can do this with one-way functions – mathematical operations that are very easy to do in one

07:17

direction, but hard to reverse.

07:19

To show you how one-way functions work, let’s use paint colors as an analogy.

07:23

It’s easy to mix paint colors together, but it’s not so easy to figure out the constituent

07:27

colors that were used to make a mixed paint color.

07:30

You’d have to test a lot of possibilities to figure it out.

07:33

In this metaphor, our secret key is a unique shade of paint.

07:36

First, there’s a public paint color that everyone can see.

07:39

Then, John and I each pick a secret paint color.

07:41

To exchange keys, I mix my secret paint color with the public paint color.

07:45

Then, I send that mixed color to John by any means – mail, carrier pigeon, whatever.

07:50

John does the same – mixing his secret paint color with the public color, then sending

07:54

that to me.

07:55

When I receive John’s color, I simply add my private color to create a blend of all

07:58

three paints.

07:59

John does the same with my mixed color.

08:01

And Voila!

08:02

We both end up with the same paint color!

08:04

We can use this as a shared secret, even though we never sent each other our individual secret

08:09

colors.

08:10

A snooping outside observer would know partial information, but they’d find it very difficult

08:14

to figure out our shared secret color.

08:16

Of course, sending and mixing paint colors isn’t going to work well for transmitting

08:20

computer data.

08:21

But luckily, mathematical one-way functions are perfect, and this is what Diffie-Hellman

08:25

Key Exchange uses.

08:26

In Diffie-Hellman, the one-way function is modular exponentiation.

08:30

This means taking one number, the base, to the power of another number, the exponent,

08:34

and taking the remainder when dividing by a third number, the modulus.

08:37

So, for example, if we wanted to calculate 3 to the 5th power, modulo 31, we would calculate

08:43

3 to the 5th, which is 243, then take the remainder when divided by 31, which is 26.

08:50

The hard part is figuring out the exponent given only the result and the base.

08:54

If I tell you I raised 3 to some secret number, modulo 31, and got 7 as the remainder, you'd

08:59

have to test a lot of exponents to know which one I picked.

09:02

If we make these numbers big, say hundreds of digits long, then finding the secret exponent

09:06

is nearly impossible.

09:08

Now let’s talk about how Diffie-Hellman uses modular exponentiation to calculate a

09:12

shared key.

09:13

First, there's a set of public values – the base and the modulus, that, like our public

09:17

paint color, everyone gets to know... even the bad guys!

09:21

To send a message securely to John, I would pick a secret exponent: X.

09:24

Then, I’d calculate B to the power of X, modulo M.

09:28

I send this big number over to John.

09:30

John does the same, picking a secret exponent Y, and sending me B to the Y modulo M.

09:35

To create a shared secret key, I take what John sent me, and take it to the power of

09:40

X, my secret exponent.

09:42

This is mathematically equivalent to B to the XY modulus M.

09:45

John does the same, taking what I sent to him to the power of Y, and we both end up

09:49

with the exact same number!

09:51

It’s a secret shared key, even though we never sent each other our secret number.

09:56

We can use this big number as a shared key for encrypted communication, using something

10:00

like AES for encryption.

10:02

Diffie-Hellman key exchange is one method for establishing a shared key.

10:06

These keys that can be used by both sender and receiver, to encrypt and decrypt messages,

10:10

are called symmetric keys because the key is the same on both sides.

10:14

The Caesar Cipher, Enigma and AES are all symmetric encryption.

10:18

There’s also asymmetric encryption, where there are two different keys, most often one

10:23

that’s public and another that’s private.

10:24

So, people can encrypt a message using a public key that only the recipient, with their private

10:29

key, can decrypt.

10:30

In other words, knowing the public key only lets you encrypt, but not decrypt – it’s

10:35

asymmetric!

10:36

So, think about boxes with padlocks that you can open with a key.

10:39

To receive a secure message, I can give a sender a box and padlock.

10:43

They put their message in it and lock it shut.

10:45

Now, they can send that box back to me and only I can open it, with my private key.

10:49

After locking the box, neither the sender, nor anyone else who finds the box, can open

10:54

it without brute force.

10:55

In the same way, a digital public key can encrypt something that can only be decrypted

10:59

with a private key.

11:00

The reverse is possible too: encrypting something with a private key that can be decrypted with

11:04

a public key.

11:05

This is used for signing, where a server encrypts data using their private key.

11:10

Anyone can decrypt it using the server's public key.

11:13

This acts like an unforgeable signature, as only the owner, using their private key, can

11:17

encrypt.

11:19

It proves that you're getting data from the right server or person, and not an imposter.

11:22

The most popular asymmetric encryption technique used today is RSA, named after its inventors:

11:28

Rivest, Shamir and Adleman.

11:30

So, now you know all the “key” parts of modern cryptography: symmetric encryption,

11:34

key exchange and public-key cryptography.

11:36

When you connect to a secure website, like your bank, that little padlock icon means

11:40

that your computer has used public key cryptography to verify the server, key exchange to establish

11:45

a secret temporary key, and symmetric encryption to protect all the back-and-forth communication

11:50

from prying eyes.

11:51

Whether you're buying something online, sending emails to BFFs, or just browsing cat videos,

11:56

cryptography keeps all that safe, private and secure.

11:58

Thanks cryptography!