Confidentially Yours

Cryptology and the art of keeping secrets.

“Hmm yeah I miss Rhea”! Sounds like I’m pining for someone of female persuasion, but I ain’t... It’s a code. Can you crack it? Okay, here’ another clue: “Hai seems my Mr hi ha”. Still stumped? Samjho na… Both those are just anagrams for the melody mouth of the moment, Mr. Aashiq Banaya Aapne “Himesh Reshammiya”.

Neat way of confounding people, isn’t it? But it’s nothing as confounding as the science of keeping data secure. A discipline of mathematics and computer science concerned with information security—specifically encryption, authentication and access control—cryptology naam hae tera!

Cryptology is derived from the Greek word “kryptós” connoting “hidden”. From ancient Greek “scytale” devices to Julius Caesar's simple substitution ciphers (called the Caesar cipher); from Germany's Enigma machine to protect sensitive communications in WW II to the Kamasutra’s instructions for lovers to communicate without discovery… Secret coded messages, writing with invisible ink, pig Latin, and international espionage... the need for information security has always existed.

Cryptology comprises cryptography and cryptanalysis. Cryptography is about encoding secrets—that is, the conversion or encryption of plaintext to ciphertext by cryptographers. And cryptanalysis is the reverse—decoding secrets. This decryption of ciphertext back into plaintext is carried out by cryptanalysts.

As is quite evident, plaintext (or cleartext), means “usable data”--data before encryption, or after successful decryption. And ciphertext means “encrypted data”. Ciphertext looks like “j9z3D9i7slj7sHHdghT824fls7fdfg”--a load of junk. But it isn’t. A cipher is essentially an algorithm for encryption. (And sometimes decryption too because often ciphers use a separate algo for decoding.) In modern data security, this cipher is actually one of main cooperating elements in a full “cryptosystem”. The cryptosystem is a set of algos, procedures, and protocols required by the encryption and decryption process.

One form of encryption is symmetric key cryptography. Here both the sender and receiver share the same key—or a key that is related and easy to decode. This is also known as private key, secret key, one key or single key cryptography. Since both parties must share the secret passphrase (usually a combination of upper and lower case letters and other characters), the main problem with symmetric cryptography is secure transmission of the key. An example of a secret key cryptosystem is DES.

The other form of encryption is called public key or asymmetric key cryptography. Here two different keys--one for encryption and one for decryption--are used. While decryption key must remain confidential, the encryption key can be made public. This method is also deployed to implement digital signature systems. The best known public key cryptosystem is RSA—an algorithm devised by Rivest, Shamir and Adleman in 1977 at MIT. With the appropriate resources RSA is also crackable.

An even more secure public key method is PGP (Pretty Good Privacy). Based on RSA, PGP (www.pgp.com) was created by Phil Zimmermann and uses it uses 128-bit key RSA. Sounds like a lot of gobbledy gook? Check out the sites mentioned in the boxes here.

Speaking of codes, I'm so fascinated by this Da Vinci Code business that I'm contemplating making a movie on it too. It’s going to be in my father tongue, Punjabi. The movie title: Vinci Da Code.



DECRYPTING ENCRYPTION

NSA's CryptoKids
www.nsa.gov/kids

International Association for Cryptologic Research
www.iacr.org

sci.crypt mini-FAQ
www.mindspring.com/~schlafly/crypto/faq.htm

Information System Security Portal
www.infosyssec.net/infosyssec/security/cry1.htm



CRYPTO STANDARDS
IEEE-1363 and forthcoming amendments
http://grouper.ieee.org/groups/1363/

US Govt. standards (DES, SHA, DSA, AES etc.)
http://csrc.nist.gov/

Others (X.9F, ISO/IEC etc.)
www.cacr.math.uwaterloo.ca/hac/about/chap15.pdf
http://crypto.cs.mcgill.ca/~stiglic/cryptoresources.html