Some study notes for my cryptography class.
Hello again,
I have spent the last several days going over the material for my cryptography class I am taking. I did not realize this when I first started the class, but this course material is developed and tailored to help prepare me for the EC Council Certified Encryption Specialist certification exam. So not only do I get to learn about all sorts of cool stuff surrounding cryptography and cryptanalysis, I also get the chance to earn a certification at the end provided I do well enough on the exam.
Now that I know that this course is preparing me for the E | CES exam, I downloaded the blueprint for this certification from their website and will use it as an outline of what I should be focusing on and how important (weightage %) each section is worth.
The first domain is “The introduction and history of cryptography”. It has several subdomains such as: Overview of cryptography, understanding mono-alphabet substitution cryptographic algorithms, understanding multi-alphabet substitution cryptographic algorithms, and understanding homophonic substitution cryptographic algorithms. This section only has a weightage of 8% so I won’t spend a ton if time here, but when it comes to a test with only 50 questions, 8% is still 4 questions, which may be all that stands between a failure and a pass.
Cryptography is not a new thing/idea. Basically, cryptography is the study of secure communication methods. It is all about finding a way to send some sort of communication between people but making it unreadable to anyone who doesn’t know the secret/have the key. It has been around for a long time, and one of the earliest accounts of someone using cryptography that I could see, was Caesar. He used a form of mono-alphabet substitution cipher, where he would shift the letters in the code forwards or backwards when compared to the alphabet when written down. For example, + 1, would mean to move the letter forwards (A=B), -1 would mean to move backwards (C=B), and the whole word would be encoded using these rules. Another popular example is ROT +13, where the letters would be shifted forward 13 letters. (A becomes N, B becomes O, etc.). Atbash was another mono-alphabet substitution cipher that was used. Basically it reverses the alphabet so A becomes Z, B becomes Y, etc. The course material and other materials I have been studying mention Scytale, which is kind of different, and one that I had not heard of before. Apparently they use a rod of a certain length to create or encrypt a message. They took some material, wrapped around it in a way that when each wrap of the material comes back around to the front it has a letter directly facing you, and when you continue to wrap the material the message is revealed. Only someone with the same length and diameter rod could decode the message. One of the weaknesses of mono-alphabet substitution ciphers, is that it does not alter the underlying letter or word frequency, so it stays vulnerable to different types of cryptanalysis attacks.
One way they addressed the weakness of mono-alphabet substitution ciphers, is to use multi-alphabet substitution ciphers! This added complexity to the code, making it more difficult to break without the key. The show notes from the ITProTV episode talking about this, give the following example which I liked, so I am quoting them directly: “We are using three alphabets to do the shifting, each represented by a “+” or a “-“ value. When we run out of alphabets, we start over again with the first one, effectively “round-robining” through the text until it is all shifted.”
They then give the example of the phrase: A DOG (+1–2+1), which encodes to B BPH. This makes it harder to use letter frequency analysis, because in this example, both A and D both encode to B with the rule provided, which is cool.
Another poly alphabetic cipher is the “Vigenere cipher”. This was invented by a man named Giovan Battista Bellaso in 1553, but it is named after Blaise de Vigenere, who was the individual who developed a stronger version of Bellaso’s cipher. It uses a series of interwoven Caesar ciphers to encrypt information, but it is based off of a keyword.
Two other multi alphabet substitution ciphers were mentioned, namely the Playfair cipher, and the ADFGVX cipher. Both of these ciphers used a grid or square to lay out the key table. The Playfair cipher was invented by Charles Wheatstone in 1854, and uses a 5x5 table containing a keyword or phrase. To set up the key table, you would first place the letters of the keyword one by one into the 5x5 table, ignoring duplicate letters, then fill in the remaining spaces with letters in alphabetic order. The encoding technique encrypts pairs of letters (digraphs), instead of single letters, which makes it much harder to decrypt. The text also makes note that there is no “j” as it is combined with “i”, so there are 25 letters not 26 in the key table, hence the 5x5.
The ADFGVX cipher was confusing for me at first, but after I played with it for a while, and encoded some of my own messages with it, I think I have it figured out. It was used by the German army in WWI, and it was invented by a Colonel Fritz Nebel in 1918. It used a 6x6 square to encode the information. The letters ADFGVX were placed on the top reading from right to left, then ADFGVX was written from top to bottom on the left side. The rest of the table is comprised of random letters and the numbers 0 through 9. You would then use a grid system to decode the message, with one letter from the left acting like the “Y” axis, and another letter from the top acting like the “X” axis, meeting in the middle, to show the decoded letter. For example, a ciphertext of DV XD AV, would be decoded into DOG.
Another really cool multi alphabet substitution cipher “Machine” used in WW2 by the Germans, was the ENIGMA machine. This device was quite brilliant, and used an electromechanical rotor based cipher system to encrypt and decrypt messages.
That is all the note taking I can do for now, I am falling asleep at the computer, so I will call it quits for tonight. Until next time.
