Computers and the Internet
A symmetric encryption is any technique where the same key is used to both encrypt and decrypt the data. The Caesar Cipher is one of the simplest symmetric encryption techniques, and of course, one of the easiest to crack.
Since then, cryptologists have invented many more symmetric encryption techniques, including the ones used today to encrypt data like passwords.
French cryptologists invented the Vigenère Cipher in the mid 1500s. The cipher was considered especially strong, and author Lewis Caroll even called it “unbreakable” in 1868. It was indeed much stronger than the Caesar Cipher, but as we’ll see, it can definitely be cracked.
The Vigenère cipher uses an entire word as the shift key, as opposed to the Caesar Cipher’s single shift amount.
Imagine that we want to encrypt the phrase
VERSAILLESand use a shift key of
First, we need to repeat the shift key to line up with each of the letters in the phrase:
Now we replace each letter of the original text according to the Vigenère table:
For the first letter "V", we select the row that starts with "V". Then since the corresponding shift key letter is "C", we move to the column that has a header of "C". The letter at the intersection of the "V" row and "C" column is "X". Thus, we encrypt "V" as "X".
The letter at the intersection of the "E" row and "H" column is "L", so we encrypt "E" as "L".
If we keep going, we'll end up with the encrypted text "XLVWSMNSIW".
Check your understanding
If we want to use a different shift key of "PIZZA" to encrypt "VERSAILLES", what will the first letter "V" be encrypted as?
Imagine that we receive the encrypted message "NVYZJI" from our ally, and we know they've used a Vigenère cipher with a shift key of "CHEESE".
Once again, we line the encrypted message up with the shift key:
Now we can do a reverse substitution according to the table:
We start by selecting the row for the first letter in the shift key "C". Then we scan down that row until we find the first encrypted letter "N". Once we find the "N", we look up to see the header for that column, "L". Thus, the decryption of "N" is "L".
For the next letter, we select the "H" row, find the "V" in the row, and look up to see we're in column "O".
If we do that for each shift key and encrypted letter, we decrypt the entire phrase as "LOUVRE".
Check your understanding
If we receive a new message "NVSO" that's encrypted with the same shift key of "CHEESE", what was the original text?
Cracking the cipher
The Vigenère Cipher is a type of polyalphabetic cipher, and it's a harder code to crack than the Caesar Cipher due to the use of an entire shift word.
If an intercepter had no idea what the shift key was and wanted to brute force their way to a decryption, they would need to try out all the possible shift words in the world, and perhaps even made-up words! For a mere mortal, that could take a lifetime. That's much more work than brute forcing the Caesar Cipher, where we just had to check 26 different shift amounts.
What about frequency analysis? Do messages encrypted with the Vigenere cipher have a special pattern in their distribution of letters?
Try it out for yourself! Encrypt the message below, and you'll see a frequency analysis of the original message and the encrypted message.
Notice that the frequency analysis of the original message is exactly what we'd expect for an English-language message: "E" is the most popular letter, and there is huge variance in the frequency of the letters.
The frequencies of the encrypted message are more similar to each other. We can't identify an obvious "E", since the letter "E" gets encrypted into different letters at different points in the message.
In the 1800s, people finally figured out different ways to use frequency analysis to crack the cipher. For example, in a long message, a short word like "THE" may get translated to the same three encrypted letters multiple times (just not every time), and that reveals possible lengths for the shift key.
Now that we have the use of powerful computers, the Vigenère Cipher is relatively easy to decipher, because a computer can quickly test out millions of words, and it can easily find the leaked information in the frequency analysis.
In the age of computers, ciphers can't just be hard to crack by an enterprising human; they have to be hard to crack by a computer that can do trillions of calculations per second.
Fortunately, cryptologists have invented encryption techniques that are secure in the digital world, and are continuing to improve them every year.
One of the most common encryption standards is AES-128, a block cipher approved by the federal government and used often for secure file transfer.
What makes it so secure?
One reason is that each key is always 128 bits long. That means there are possible keys. That's this many:
Wow! But wait, there's more: the AES cipher requires applying a sequence of 10 mathematical operations for each bit of the key. Multiply that number above by 10, and that's the number of calculations a computer would need to do.
The fastest computer can calculate around operations per second. That's this many:
The fastest computer would still take 500 trillion years to try every possible 128-bit key!
What about frequency analysis? It won't work. The AES cipher does not reveal any information about the original text, thanks to the multi-step sequence of operations on blocks of bits.
The AES ciphers, and other modern ciphers, may not be secure forever. Security researchers spend their time trying to find clever ways to break the cipher, and present findings in blogs and conference talks.
Cryptography research is done in the open, with the hope that the public finds out about a security breach before a malicious cybercriminal discovers one.
Want to join the conversation?
- I seem to recall a movie or something I watched a while back that mentioned "white hat hacking," which has the intent mentioned in the last couple paragraphs - to try and find security breaches to help make systems more secure. Is this still a thing, and how do people become involved in it if so?(16 votes)
- Yep, that's still a thing! In fact, Khan Academy has a HackerOne page for users to safely disclose vulnerabilities:
The first step to getting involved is to really dive deep into cybersecurity, so you can learn more about system vulnerabilities and ways to compromise them. There are various courses for that, check out this list here for some ideas:
- white hat hacking," what is that(6 votes)
- Hello, white hat hacking is when hackers get paid legally to hack into a system, figure out bugs in their security, and tell the owners of that system about the bug, so hackers that do illegal things can't take advantage of that weakness in the system.(8 votes)
- Is it possible to use many fast computers to crack the encryption of a AES-128 system? The fastest computer takes 500 trillion years to try every key, but what if many fast computers were used, each trying a different range of keys for example?(3 votes)
- It still will take a lot of time. But in few years, they say that computers will outtake humans, so maybe that won't be impossible. But that will be scary...(3 votes)
- What would be the steps to being a professional cryptographer?(2 votes)
- Generally, you need at minimum a bachelor's degree in mathematics, computer science, or something similar. Obtaining a master's degree in one of those fields would also be beneficial. You should also obtain certifications in cybersecurity.(3 votes)
- As far as I understood the Vigenère Cipher is the same as the Ceasar Cipher but instead of using the same offset for each character of the secret message you use a different offset for each character, right?
I am assuming this because You can write an alphabetical key like "ADZAC" used in a Vignère Cipher as a numercial key (1 4 26 1 3) and apply the Ceasar Cipher encryption for each character of the secret message with an individual offset which is given by the numerical key (In this case: first character of the secret message gets shifted by 1, second by 4, third by 26, and so on...).(1 vote)
- Exactly and once you reached the end of your code word you just start again at the beginning and keep going until the whole whole thing is encoded.(4 votes)
- Is it possible to have it where the key and the encrypted message have none of the same letters?(2 votes)
- It is certainly possible to design such an encryption scheme, but it would probably not be a good idea. If someone is trying to break the encryption and they have the encrypted message, then they know that any letter that appears in the encrypted message does not appear in the key. So, it would be easier for them to guess the key and decrypt the message.(1 vote)
- How they used to understand which ciphar is being used to encrypt that data ?(0 votes)
- You look for patterns in the encoded message and try to conclude from that what encryption was used. That works for the simpler methods of encryption, with the more difficult variants you have to try something else.(3 votes)