CRYPTO AND PRIVACY VILLAGE - Cryptography, Codes, and Secret Writing: An Introduction to Secret Communications

Video in TIB AV-Portal: CRYPTO AND PRIVACY VILLAGE - Cryptography, Codes, and Secret Writing: An Introduction to Secret Communications

Formal Metadata

CRYPTO AND PRIVACY VILLAGE - Cryptography, Codes, and Secret Writing: An Introduction to Secret Communications
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
Web page Ocean current Point (geometry) Slide rule Context awareness Entropiecodierung Multiplication sign Online help Revision control Mathematics Goodness of fit Hacker (term) Operator (mathematics) Touch typing Energy level Software testing Nichtlineares Gleichungssystem Quantum computer Angular resolution Information security Physical system Adventure game Noise (electronics) Arm Inheritance (object-oriented programming) Key (cryptography) Plastikkarte Bit Cartesian coordinate system Cryptography Degree (graph theory) Elliptic curve Digital rights management Maize Drill commands Personal digital assistant Quantum mechanics Quantum Self-organization Object (grammar) Family Probability density function
Ocean current Server (computing) Observational study Entropiecodierung INTEGRAL Multiplication sign View (database) Set (mathematics) Mereology Formal language Napster Different (Kate Ryan album) Term (mathematics) Computer hardware Encryption Energy level Office suite Information security Physical system Authentication Algorithm Information Key (cryptography) Copyright infringement File format Kälteerzeugung Mathematical analysis 3 (number) Cryptography Cartesian coordinate system Carry (arithmetic) Digital rights management Word Message passing Arithmetic mean Software Telecommunication Order (biology) Website Video game Right angle Game theory Musical ensemble Quicksort Table (information)
Computer virus Existential quantification Greatest element Entropiecodierung Multiplication sign 1 (number) Food energy Steganography Computer programming Neuroinformatik Mathematics Malware Different (Kate Ryan album) Encryption Videoconferencing Hill differential equation Physical system God Boss Corporation Email Block (periodic table) Digitizing Gradient Shared memory Database transaction Bulletin board system Public-key cryptography Sequence Electronic signature Message passing Hash function Telecommunication Chain output Quantum Website Self-organization Right angle Figurate number Computer forensics Writing Row (database) Reverse engineering Tetraeder Slide rule Open source Link (knot theory) 2 (number) Moore's law Causality Alphabet (computer science) Representation (politics) Booting Form (programming) Authentication Pairwise comparison Matching (graph theory) Information Cryptography Frame problem Software Visualization (computer graphics) Personal digital assistant Calculation Window
Point (geometry) Addition Slide rule Shift operator Numbering scheme Inheritance (object-oriented programming) Entropiecodierung Multiplication sign 1 (number) Mereology Cryptography Rule of inference Theory Substitute good Diameter Message passing Arithmetic mean Uniform resource locator Angle Personal digital assistant Different (Kate Ryan album) Encryption Right angle Writing
Numbering scheme Greatest element Entropiecodierung Cryptosystem Multiplication sign Direction (geometry) Execution unit 1 (number) Virtual machine Field (computer science) Formal language Frequency Derivation (linguistics) Internetworking Operator (mathematics) Encryption Square number Selectivity (electronic) Position operator Physical system E (mathematical constant) Key (cryptography) Mathematical analysis Electronic mailing list Planning Maxima and minima Cryptography Symbol table Substitute good Type theory Message passing Word Ring (mathematics) Telecommunication Order (biology) Right angle Figurate number Table (information) Reading (process) Directed graph
Axiom of choice Randomization Length Multiplication sign 1 (number) Mereology Neuroinformatik Mathematics Lattice (group) Different (Kate Ryan album) Encryption Symmetric-key algorithm Diagram Quantum computer Algebra Physical system Curve Algorithm Electronic mailing list Physicalism Bit Public-key cryptography Exterior algebra Symmetry (physics) Telecommunication Quantum mechanics National Institute of Standards and Technology Quantum Quantum cryptography Right angle Advanced Encryption Standard Resultant Point (geometry) Filter <Stochastik> Slide rule Functional (mathematics) Numbering scheme Divisor Variety (linguistics) Diagonal Image resolution Goodness of fit Uncertainty principle Term (mathematics) Internetworking Nichtlineares Gleichungssystem Symmetric matrix Graph (mathematics) Quantum state Key (cryptography) Inheritance (object-oriented programming) Prime factor Wave function Basis <Mathematik> Line (geometry) Cryptography Cartesian coordinate system Elliptic curve Particle system Password Vertex (graph theory) Speech synthesis Game theory Superposition principle
Group action Building Hoax Serial port Transportation theory (mathematics) Entropiecodierung Multiplication sign 40 (number) Combinational logic Casting (performing arts) Different (Kate Ryan album) Encryption Cuboid Series (mathematics) Office suite Physical system God Scripting language Area Boss Corporation Sampling (statistics) Electronic mailing list Bit Entire function Demoscene Message passing Auditory masking Linearization MiniDisc System identification Website Quantum Right angle Lipschitz-Stetigkeit Figurate number Quicksort Writing Computer forensics Probability density function Row (database) Web page Point (geometry) Numbering scheme Token ring Wave packet Stiff equation Internetworking Angular resolution YouTube Metropolitan area network Address space Form (programming) Shift operator Matching (graph theory) Inheritance (object-oriented programming) Key (cryptography) Polygon Expert system Plastikkarte Total S.A. Cryptography Statute System call Diameter Elliptic curve Word Maize Personal digital assistant
welcome everyone to the third talk of today my test shredding her she's a jack of all trades master of none and she's gonna be talking about cryptography codes and secret writing good morning can everyone hear me in the back I've heard there's some noise issues we good if at any point I start going down or it starts getting loud just like raise your hands like you're on a roller coaster and that'll tell me to take it back up okay Wow the rooms full I was expecting to see some kids in here I guess y'all stole their seats so let me start with some questions how many people are here because they've always been kind of intimidated by cryptography and one person ya'll are liars okay how many are here because you just want to learn more okay that's good how many here are experts okay good so you're not gonna point out when I'm wrong is my arm I soaked wait he said something about this cord here make sure I don't step on it do I have slides okay okay I'm not gonna touch anything okay and then how many here in the wrong talk and just don't feel like getting up and going somewhere else nobody okay good okay so I do want to preface this by saying if you are fairly experienced in cryptography you may get bored if you get up and leave I will not be offended because I really did gear this towards people that I've heard over the years over and over again that they don't do any of the crypto contests and they don't they don't they just don't think they can it's it's too hard it's too confusing they're not smart enough and then when I try to introduce it to them they get kind of excited and like oh wow this is like really neat nobody ever like explained it to me so this is really high level only I am NOT gonna drill down into weeds on math you will see a few equations but you don't have to remember them just they're more for reference than anything so this really is high-level only so if you wanted something a little more specific or technical probably you're gonna you know maybe not want to stay or you can I'm sorry did someone ask a question okay maybe I'm hearing someone next door okay so the first thing I want to do is these slides and the walkthroughs all my crypto stuff that I'm going to show you I have a patreon page you do not have to pay me I just need somewhere to put stuff so if you want any other slides or any of the stuff I'm going to show you if I run out you're welcome to go out there and get it it's free PDFs you can just download them and I did want to thank Paul Ewan and james Troutman they're two of my biggest supporters I think you guys love you so much our agenda we're gonna go over some definitions I love to do that if you see me speak before I think it's good to work with a common vocabulary so you know what I mean when I say a certain thing and we kind of have an agreed-upon vocabulary to get started then we're going to talk about some current applications of cryptography and then a short history of cryptography and secret writing we're going to talk about some of the classical stuff and then move into the modern era I am going to attempt to make sure everyone in here can walk out and in the bar tonight you can explain elliptical curve cryptography and quantum key cryptography to your friends okay that's my goal all right see if we can do this and I'll let you in on a secret if they don't know any of it y'all just you say whatever you want they'll go oh and unless they google you later you're good or if they're drunk you can just say what you were drunk you misunderstood me and then if we have time at the end there are some really neat unsolved mysteries in cryptography and current including a current open case the FBI needs help solving that if one of you guys want to give it a shot I'll have the thing and maybe one of you guys can solve a murder so so a little bit about me I'm test roading or has anyone heard about my choose your own crypto books only one person good so now I can talk about them so I am one of the organizers for besides DC and besides charm and one of the things I was noticing over time was a lot of people weren't playing the crypto contests because they were really geared towards super smart black badge like full-contact crypto people and it kind of left a lot of folks out right and if we have any teachers in the audience if I have any left over I'd like the teachers if as long as I have some to come get one because I decided that I wanted to create a contest for everybody so it means your grandma could play your kids could play but the black badge people could play too so if you're old enough to remember the choose-your-own-adventure mysteries I've written to choose your own crypto and I do have two versions but I only have this one left but the other one again it's online in PDF on my page you can print it out and the walkthrough is there as well but what it does is it allows for you to go in if you just want to do some fun puzzles mazes acrostics anagrams just fun little puzzle II stuff with the kids that's level one if you really want to kind of start practicing with actual different systems there's a adventure level too that you can go in and each piece and leg that goes through teaches you a different kind it talks about it gives you a little history gives you a way to help solve it and then you put all the answers together at the end to get the solution and then if you want to be like okay I got it and do something a little harder but not like that's gonna make you cry cuz I make the black bad guys cry but you know that's not for everybody you can go to the third level and kind of try out what you've just learned but you don't have the hints or the walkthroughs or the explanations and then if you do want to cry and you're into that the black ops black badge level so I'm gonna have some of these today I'm gonna have a couple little questions and little little contest so we'll give some of those away and again when I run out they will be available on PDF you can get them anytime share them with your friends if you have a con and you want to use them there please do I'm fine with that just contact me so if there's extra pieces that go with that I can give them to you so I do those little books and my background I have a bachelor's degree in sociology I never thought it would be that useful and InfoSec but oh my goodness sociology is very helpful because it helps you not only understand your adversary because they tend to have similar mindsets depending on you know what they're doing or what their objective is but it also helps you understand your users your user base and you know doing security awareness you're gonna talk to your administrative assistants way different than your gonna talk to your deaths right so that's really been helpful in ways I had not thought so if you don't have a technical degree don't assume that you don't have an opportunity and InfoSec I have a master's in security management and then I have my master's work done in cybersecurity as well and I recently just let everyone know I am going to begin working if you've seen my quantum computing talk I'm going to go back to school and start working on my PhD in quantum physics so I can go into the quantum computing securing that the hacking etc non-technical stuff I'm a triathlete I homeschool my amazing child who's probably hiding behind me and I love to Argentine tango so first contest can anyone here tell me what a common code used all the time when you're texting your family and friends what could be considered a code that we use like everyday if you text exactly exactly come up get a book or someone pass it to her she said leet-speak or when you use acronyms like we all know
FML means fluff my llama right right because this was friendly for kids talk so whenever you use little things like FML lol buh buh buh those are like examples of what we kind of have little codes and another one would be emojis right because we all know what the peach means that's an example so let's talk about some
definitions secret so secret is essentially just we want to keep something hidden from knowledge or view from a third party if you're exchanging with someone else or just from anybody if you want to keep it to yourself so code versus cipher does anyone know the difference well with codes you're mapping a one to one thing so like when we talked about what is the peach mean that's a one to one thing right a cipher is a little different in that it includes a set of instructions or an algorithm that you apply in order to change whatever your message or your item or your text is okay so that's the big difference you can see I think this is an old espionage kind of thing like the word accountant actually meant come at once do not delay so that would be like a code that thing meant this thing but there was really no algorithm or anything like that it was strict memorization or you used a table to figure it out so cryptology cryptography and crypto analysis cryptology is kind of an overarching term that applies to the practice and study of techniques to secure communications and then sorry cryptography is that it's crypto analysis is when you're excuse me my threats really dry crypto analysis is when you analyze and decipher the cryptography and encrypt o analysis the big key steps are you want to try to determine what language or algorithm or system was used and then you want to reconstruct the key if you can and then you use all of that to reconstruct the plaintext encryption versus decryption we have plaintext you're going to apply some sort of key that'll get you your ciphertext and then you use a key it could be the same key or a different key depending on if you're using symmetric or asymmetric which we'll talk about later we use that to decrypt it back into the plaintext so some current applications of crypto the first thing I want to talk about is why do we even need to secure communication well if you're here you probably already know why it's probably pretty obvious how many here have heard of the CIA triad okay it's funny because things I take for granted that I think everyone knows like apparently they don't it just shows like in a little microcosm you just assume things are common knowledge so CIA triad is something we use a lot it stands for confidentiality integrity and availability so confidentiality obviously is keeping people who don't need to know that thing from knowing the thing and then integrity refers to making sure the thing has not been altered or manipulated or changed you're kind of ensuring the authenticity of that thing it is what I say it is and it's not something else and then availability is another part of it when you're formation security everyone who's spent a day at the office when the networks down right so availability comes into play a lot of times when you're securing certain systems you want to apply an availability need to it because we're if you have a game server for after hours at the office that y'all play on it probably doesn't matter if it's down one night y'all just go do something else but you really don't want your EMTs and their radio systems to be down you know what I mean so that's used often when you're trying to identify what you need to do with the systems what level do we need here obviously confidentiality is going to be way different when your refrigerators calculating how much milk you're drinking versus you know trying to send coordinates to troops in Afghanistan right so this is the CIA triad and it comes into play because we're gonna talk about things like espionage right so this is definitely a time when we would want to secure communications has anyone been to DC in the spy museum if you're ever in Washington DC go see it it is amazing and they have all the old like the stuff hidden in the pill and in the tooth and in the shoe it's really neat but forever through espionage spies and agents have always been trying to keep information that they take or that they need to pass from others note knowledge and then you know if they have to carry something that nobody else needs to know do it in a surreptitious way that helps if they get caught they can either destroy it keep it hidden or if it's found it's not able to be deciphered and then digital rights management and copyright infringement this has gotten really big because does everyone remember Napster so essentially now you know obviously artists and companies want to protect their their product but in an age where you can copy everything easily and pass it around they need to find a way to kind of protect the rights of the artist or the producer or whoever creates it so that you can't just make all these copies of it so this digital rights management kind of restricts the like things like hardware or computer games ebooks film music things like that they will use cryptography to make that work so that they can kind of protect people's rights authentication this is proving something or someone is true genuine or valid okay and an example of a good time is if you want to go to a website you're gonna kind of want to maybe make sure that's the website you should be on maybe someone's not spoofing it or you know created a copy
so there you know you can look at the certificates and ensure that this website is who it says it is you want you can use credentials and authentication to log into systems that you need access to and then when you if your butt like a electronics product and has like the little holographic sticker on it those are actually used for authentication so it's really hard for people who do knock offs to create those little Holograms so you can actually use those stickers to try to make sure you're actually buying what you know people are claiming they're selling you so digital signatures so I'm so old I still print stuff out and sign it with a pen and my boss is like you realize you can like just sign it on your computer and email it to me and I go oh I forgot again I'm getting better though about half the time I can remember to do it but you can now digitally sign just about anything if you just have the right credentials or you have your stuff set up to do it and for those who aren't sure how that works we basically you take a plaintext it creates a hash function which we talk about just in a second and you get a message digest out of that right and then it gets signed with a private key and then that goes on your document and then that can authenticate that you've signed something so you know if someone comes back and says oh you signed this you can say nope nope that wasn't me and you know the forensics folks can actually say oh yeah no no it wasn't them or if you did sign something and then you tried to say you didn't they can pretty much prove you did secure communication this is one of the reasons why we need stuff I think I was gonna do hash oh yeah okay so we're gonna get to Bitcoin cuz apparently every slide die-cast I mentioned Bitcoin now trying to keep my notes straight so I had hash further along but I want to talk about it now instead of making you wait how many here are familiar with hash okay good so this will be easy so hash is essentially when you have an input you run it through a hash function or just an you know calculation and it gives you what's called a digest and so as long as you make sure it's the same all the time it always gives you the same digest right and if anything changes even one letter you get a totally different digest okay and this is important because you can use this to authenticate like software if someone says oh here download this but you're like I'm not sure about that they can say oh here's the hash function so as long as those match you know that it's what they say it is and someone hasn't put something else out there instead and then this is just a visual kind of representation you can kind of use hash to send a lot of things from programs to messages I think even pictures and things like that so that way people can confirm and you can also kind of use that we talk about steganography later on you can kind of compare hash for different things to see if maybe there's stuff hidden in something that maybe doesn't look like it's hidden in there so let's do blockchain let me figure out how I want to start here so blockchain is not crypto okay blockchain is not crypto blockchain is a distributed ledger technology okay it uses crypto but it is not crypto so does everyone here know how the lock chain works so do I need to explain okay so I'll go through it so essentially in a nutshell it uses the digital signatures that we talked about right so the big deal with that is you need to make sure that the money can't be spent more than once because if I come up and I have like 100 and I give you 50 of them I only have 50 physical dollars left I can't just like snap my fingers and suddenly I got 50 more dollars in my bag and so when all this digital currency started they're like well wait a minute and we need to figure out a way to make sure that someone's like here's 100 oh here's a you could use like unlimited supplies of money so there needed to be some way to have some accountability to the system to ensure that people weren't doing that because that just pretty much deletes the value of anything if people could just create as much of it as they want there's no valuing anymore so mr. X will send mr. Y a Bitcoin alright and then the network is going to record that transaction and then probably like a bunch that are made about in that same time frame that window and then that little recording of that all those transactions is called the block right and then there's computers that run special software they call them miners and they note the transactions in like a giant ledger ok and that ledger is called the blah Chane and it's basically an open source record of all the transactions made so then the miners convert the blocks into sequences of code known as hash and then when a new hash is generated it's placed at the end of the blockchain and then the whole ledger is publicly updated and shares miners make a lot of money because the computing power is very energy and resource intensive and then there's probably a thousand videos online if you really want to dig deeper into it but that's essentially what it is and cryptography is involved obviously when you're trying to do the hash so that you can authenticate that this transaction has occurred and now this wallet has one less dollar this one has one more and then people can't go back and go oh no now I had fifty more it's like no no that's not what the ledger says so it just kind of hardens it slightly not perfectly against people trying to manipulate it or scam it now if you have not heard they actually have a new quantum ledger so if you're interested in that there's some guys using that technology I think their website just went live in the last month or so and it's really interesting and you might want to check it out if you're super interested in that kind of stuff okay a short history of cryptography and secret writing so let's do steganography so steganography is interesting the concept behind that is you want to conceal the fact that there's secret information and kind of a non secret document or other medium okay and so I kind of put it up here with cryptography only the actual message is hidden but it's fairly obvious there's something there that's secret because you can see the code or the in cipher or all that we steganography the message as well as the fact that communication to is taking place is actually hidden okay and that's kind of useful in some cases when you're trying to not attract the attention of unwanted parties and then obviously if you just use plain Photography it can be you know people that you don't want seeing things will realize something's going on and then they'll start looking into it but if they don't even realize something's going on there they're just probably gonna ignore it leave you alone there is
an interesting thing if you want to look into it deeper in Virus Bulletin April 2016 stay go loader have you heard of this they were hiding malware I think it was in images so that if you got something it downloaded the malware onto your system and you didn't even realize it because it was hidden inside something else so they were actually using steganography to hide malware and I believe that that's something you definitely want to be aware of exists especially if you are trying to secure an organization and your users so this is a easy fun one invisible link right that's considered a form of steganography we've all done the lemon juice and the light bulb trick right right okay so these are some fun ones when I was a kid the first book I got when I was super super little was a book on secret codes and writing and they taught you just like how to write in mirror reverse and that's just a fun way just to obscure something probably most everybody would notice it and figure it out pretty quick but it is it's kind of fun have you seen the one with the blocks where you do the 5 and the 3 so this one I loved we use this to pass notes in 3rd grade all the time I tell all my friends how to do it and the teacher couldn't read our notes really all you're doing I'm taking a piece from a poem that was my favorite poem in the second grade you know it goes the top of the hill is not until the bottom is below and you have to stop when you reach the top 4 there's no more up to go to make it plain let me explain the one most reason why you have to stop when you reach the top because the neck up-up is the sky second grade still remember it but what I've done is taken this piece and if you look at it carefully you'll notice all the letters are there I've just broken everything up into blocks of five so on first glance it may look like a bunch of gibberish but if you know that's what I've done it's easy-peasy to read and then if you want to make it a little more like if I started it with vah it might be a little obvious so you can pat out a little in the front I'll do like an XY throw XYZ at the end and you can break it into either chunks of five or you can break it into chunks of three or six or Tet you could do it however you want but it's just a fun way to kind of obscure writing fairly easily the kids love it so then the other one we loved which we thought was fun was we would do every other letter so I'm sure the bottom again it just looks like gibberish right well all we've really done is we've just inserted a different letter between each letter of the phrase okay so the red letters are just the miscellaneous extra letters and then the the phrases in the dark black letters so you can see it's all there it's fairly easy to read if you know what I'm doing but someone who doesn't know like yeah English teacher has no clue what this says right so then you can make it a little more fun and you can do the same thing with every other letter and then block those right we were we were pretty clever in the third grade MSA and then that's just again what it looks like it's it's all right there and if you're passing it to your friend they can read it very quickly but the English teacher can't now are you ready for the challenge you can do that every other letter then break it into blocks and then mirror it the first three people that can tell me what that says when a book and I have it on little slips of paper if you are of it you have to come up and tell me I don't want them to know or did you say it - did anyone here Oh we'll come get a book and then if nobody else if someone else did hear them come get a book anyone else figure it out huh no it's not the alphabet I got three books limited edition come up and tell me if you know it all I've done is done every other letter broken it into three blocks and then flipped it like a mirror come on one more all right we have our three does anyone here listen to welcome to night Vale oh my god you people you need to go listen to that all right so it's a it's a really good podcast we enjoy it my daughter actually cause plays at cause plays as Cecil but it's just a quote from the show and now the weather and I just Pat it out I don't know if this microphone will reach but the P and the Q are padding and then you go a and D and O W all the way across the top and now the weather and you know what it seems kind of silly and childish but not everybody got that right so it's not a bad thing to use if you're writing a love note to somebody you want to leave and you don't want any us to see it or again those English teachers don't need to know everything so it's it's just a fun one you don't have to have a calculator to do it it doesn't take forever if the person you're communicating with knows what you're doing it's super easy for them to read it and smile so that's just a fun one I think so let's talk about some classical cryptography
okay so in 1900 BCE they were using cryptographic techniques in the hieroglyphics in Egypt and I believe I'm gonna Massacre the name of this King but in the tomb of nobleman Koon Numa hotep ii they've actually figured out that some of the hieroglyphics in his tomb were obscured and confusing to kind of hide messages so not only did they have to decipher the hieroglyphics but then they had to decipher the cipher in the hieroglyphics in some cases they think it it's held kind of important stuff but then they think other times they actually did it for amusement and fun and mystery because they had their own little contests like we do today and this is 1900 BCE they were already playing around with that another thing I thought was really interesting when I was reading up on Egypt was they've learned that when they were putting the hieroglyphics in there was a lot of detail about like the depth and the angle at which the writing was made that gave it a different meaning so you may walk in and read one thing back then but you if you were trying to tell somebody something else based on how you carved it it actually would have a different meaning or a different message to those who were in the know okay so ancient Egypt that was pretty neat the next one there's no kids so I'm not gonna freak any parents out the Kama Sutra in addition to some other stuff apparently a Kama Sutra talks about ciphers I guess we all missed that part right I am I can't say these things um I it I just don't I'm gonna try but in a Kama Sutra it mentioned two different ciphers the first one I think it was a transposition cipher and then the second one was more of a sub tattooin kinda cipher and then in ancient Persia they also had these two ciphers so again they've been using these things for thousands of years so
what's the difference between a transposition cipher and a substitution cipher who knows okay you're close basically transposition means that you just rearrange everything right using a given rule which is usually your key substitution which we'll have a slide in a second it's just basically a one-for-one replacement so that's the big difference between those two one of the earliest ones for the transposition which kind of fed into what you're about to talk about was the atbash and i want to say this one was an awful waste notice there but if you are a biblical scholar and you look at the Book of Jeremiah they found at least three different locations where they used the atbash to code different names into that book of the Bible and essentially the way it works is the first letter is replaced with the last letter and then the second letter is replace to the second last and so on but this was all the way back biblical times they use this there are codes in the Bible not that weird funny stuff like we're all gonna die by a dinosaur on a meteor of stuff but like real there are real codes in the Bible and they use this stuff to kind of hide names and things in there and the Spartan military skittle II is everyone heard of this one it's usually the first one you learn about so this one's kind of neat you basically they would have a rod of a certain diameter and then you're a person you were saying the message to would have one that that was equal and then what you did would you would wrap like leather or hide or something around it and you'd put your message on it and then you'd unwind it and then you'd give it to the messenger and the messenger would take off running walk'n whatever he did and he'd take it to your person and the theory was if he got intercepted he'd just have this paper with like some stuff on it and they wouldn't be able to read it and in theory you could only read it if you had a rod of the same diameter to rewrap it and then you could see what it said so even if you had another rod unless it was right you couldn't necessarily decode it okay now we all could probably read it if we just wrapped it you know but back then it was kind of high-tech that brings us to our good old friend the Caesar cipher so Caesar I think originally used a shift of three although I think he was known to use other shifts his original I think that his like standby was three and this is kind of I guess he got he was the one that made it famous but essentially it's like what she was saying earlier you're taking and you're shifting by a certain number and they also call this rot so if you're ever wanted to play like a crypto contest or if someone's like oh yeah what 17 and you're like I have no clue what that means now you know rot just stands for rotate and the number afterwards is how many you rotate by that's that's all that is so and then rot13 is kind of the the one I see use the most but when we get to the Zodiac killer and they think someone may have deciphered one of those finally and it used a Caesar shift of three point four which I'm not sure you how you do three point four so I got to do more research on that but that one's interesting and then our substitution cipher as we
set back when we separate it out is basically when you take a one-for-one just replacement how many are familiar with frequency analysis all right so frequency analysis is when you take a look at your cipher text and you try to determine what it says by examining the frequency with which you see certain letter or symbols or even numbers okay so who knows the most common letters in the English language that are used their ETA and O so chances are if you have a fairly lengthy piece that you're reading if you see one character or letter the most chances are it's an e and then T and then the least common are usually your Z Q and X and you can usually figure that out by thinking about Scrabble like the ones that are worth the most are usually the ones use the least and then the pairs that you want to look for gonna be like th er o n a n those are called digraphs so if you can figure out like where your E's are then you could just look for the ers and then if you see two next to each other so what am I do if you can look for them next to each other if you look like you have to ease some of the most common repeats or SS e e TT FF and oo so you kind of then wanna if you can start looking for those and figure those out and then you start looking for some common where it's like the or and or or then you can start kind of cobbling things together and then just continuing to do the analysis until the message kind of unfolds in front of your eyes and that's called frequency analysis
who can tell me what this machine is whoever said it come get it well you get it cuz you stood up be proactive people own it there you go alright so this is the Enigma machine we're gonna talk about polyalphabetic ciphers and essentially a polyalphabetic cipher is any cipher that's based on a substitution using multiple substitution alphabets the first they believe that they fit that was used or created was by a guy named out birdie in 1467 but this takes us into visionnaire how many have worked with visionnaire ciphers okay these are neat you will see these a lot in crypto contests they're a pain to do by hand but there's tons of stuff on the internet that will figure it out for you if you ask for it essentially what you need is a keyword and your table and the tables on the fancy name is table you'll erecta but you can call them visionnaire squares or visionnaire tables and essentially what it is is it's all the different ways the Caesar cipher can be written out so that the 26 different ways you can shift using a Caesar cipher they're all here in a table for you okay so once you've got your table you need your key word and that's going to tell you how to read your code so if we have a tacit dawn and our key word is lemon what you're going to want to do is you're gonna want to like kind of write I write mine one on the top one on the bottom and then you have five keys l e em o and n okay so that's your key word and it's composed of your five keys and what you're going to want to do is you're just going to run or write it under your entire message and then just keep repeating it so you can have a fairly long message and a fairly short key it doesn't matter but you just want to make sure you line it up and then you just keep doing and repeating so you can see here's like lemon lemon le so it didn't need the full third one you ride it underneath and then what you're gonna want to do is you're gonna want to let's start with a so you'll go up to your a on top and then you'll come all the way down and look for that L and lemon and when those two intersect that gives you the first letter of your cipher text which is L and then you do the same thing with your T out here T comes all the way down to the e which is in green that gives you your X then you do your next T but this time instead it's encoded using the M instead of the e so it brings you further down and gives you an F so you can see this is a little more involved a little more difficult to just do a quickie reverse like with the Caesar because you're using multiple different ways to code it so you can see I kind of took you out to purple it's basically where you intersect I didn't do the whole thing does this make sense doesn't have questions on this does everyone get it are we good are we brilliant nice so the Enigma machine so this was used by the Germans and they thought they were pretty clever but we actually ended up cracking it and they didn't know it which that really worked to our advantage so the way it worked was you had a sender and receiver that each had a machine and the machines had to be configured identically for this to work and you had to have like there was a rotor selection and order there were ring positions plugs and connectors and then a starting a rotor position and the starting rotor positions were established using key lists that changed daily so you were issued a list and then you knew if it was this date like um what does this 18th day of the month you knew this is how you needed to set up okay and so then the operator would type a letter and then a lamp would indicate the different letter according to the substitution on how the machine was set up and so then he would record that is the first letter and each time you pressed a key it also moved a rotor inside so that the next key pressed used a different electrical path and you got a different substitution okay and then you just continue on this through the full message and then you'd send the message and then the receiving operator on his machine would key in your message and it would light the opposite one up and so then you could totally pull the entire crypto out and it would emerge and that's how the Enigma machine works I do have here if you want to grab one later or there's a ton of them over there we actually have a puzzle in the crypto village that is create your own enigma machine so you can actually take one of these home if you want if you got kids or you want to teach them or you just want to play with it too or your teachers and this will kind of let you put together your own little enigma machine this right here is kind of an example of what one of the sheets look like it's in German but you can see where it gives you the tables and tells you how you would set it up each day so each person who had who is an operator of the machine would consult their table set their machine up get everything ready and then they were able to send and receive messages okay so we've talked about the Enigma so this brings us into some more modern day kind of stuff so kerkoff's principle in Shannon's Maxim Shanna's maximum is essentially a derivation of it they're the same thing they basically say a crypto system should be secure even if everything about the system except the key is known by your enemy okay and Shannon's maximum was basically the enemy knows the system so what it means is you should be able to put out the directions on how your system works explain the whole thing all the equations but unless they've got that secret key they can't do anything and so that's kind of how modern stuff works is around these Maxim's so you should be able to make it pretty airtight that way who's heard of the Navajo code talkers these guys are really neat there's actually a movie I think it was 2002 it's a John Woo flick Nicolas Cage stars in it he plays one of the soldiers that was assigned to protect one of the code talkers I think the movie was called wind talkers so approximately 400 to 500 Native Americans in the US Marine Corps they were assigned as telephone or radio because their language was so obscure you know isn't like the internet today where everyone knows everything you can go online and learn Swahili in the afternoon their language was so obscure and the only people that knew it or spoke it were them so they would take one of them and assign them to a unit and then they would take another and sign it to a different unit and then when secure messages needed to be passed in the field this guy would get on his thing and the soldier would say tell them this he'd translate in Navajo to his guy on the other end who would receive the message and then turn around and say okay this is what they need okay so they did it entirely in their own language and it was unbreakable the enemy had no clue what they were saying because their language was so obscure that you know nobody knew it even existed they thought it was a code but they couldn't break it because it was a language not a code right it is strongly associated with Navajos especially because of the movie but it was actually pioneered in World War one by the Cherokee and Choctaw and it wasn't limited to Navajo I think they also had Lakota Comanche 3 a couple other ones and these guys hugely respected and this is an example like what they the words they would use for the planes and the ships and the picture down here on the bottom is one of them in the field you can see he's on the radio talking to his compatriot over wherever their unit is and then one of the other soldiers is sitting there he's writing the stuff down these guys were considered so valuable that many men died to make sure they stayed alive to keep the communication secured they were considered absolutely priceless in the field and even to this day as you can see up here forgive me
for tearing up they are so respected and so honored for what they've done for our country so sorry so let's talk about something I won't make me cry or maybe it will so symmetric-key on do you all know the difference between symmetric and asymmetric key I mean the big thing is with symmetric key you're gonna use the same key to encrypt and decrypt AES the advanced encryption standard that was established in 2001 by the United States government through NIST National Institute of Standards and Technology and it was to replace des that was cracked 15 designs were submitted I want to say it was rained all serpent to fish RC six and another one and well fifteen designs those are the finalists and then they selected I think reigned all for the AES algorithm now a couple people asked me sometimes with quantum coming online and and the concern about that stuff being compromised they're fairly sure that AES 128 that's the key lengths fairly sure that's going to be pretty vulnerable but right now as of like the last week that I've checked a aes-256 you might still be kind of ok yeah 250 right like I said as of yesterday this stuff changes so fast especially in the quantum world but right now 256 is still looking okay but I think there are obviously and we're going to talk in a little bit they are definitely still looking for some good alternatives for cryptography if you are here on Sunday and super interested in quantum there's a gentleman speaking on quantum cryptography I will be here if you're interested I definitely recommend the talk and then we have our asymmetric key and that's when we're just essentially going to use a different key to encrypt than we do to decrypt some examples of this or like the RSA some of the elliptic curve techniques this is day to day communications over the internet kind of stuff so are we ready for some math it's not really Matt it's just gonna like people looking in the door will be all like ooh baby it's not really that hard so elliptic curve cryptography does anyone understand how this works all right when you walk out you'll be able to explain it okay so an elliptic curve we've all taken algebra right you know how that works they give you the the equation and you draw the lines and you're good to go so the elliptic curve this is the equation for an elliptic curve okay you have to memorize it that's just what it looks like so what you're going to want to do well not on paper you'll have the computer do this is anytime you take and draw a line through two points straight line it's only going to intersect the curve at one other point okay so that's like a given all right now are you familiar with trap door functions okay so a trap door function essentially is it's really easy to get from A to B to try and work backwards from B to a difficult if not impossible and so what you're trying to create here with this elliptic curve is a trapdoor function make it easy to do it super easy easy to super hard to undo it unless you have the key okay so our starting point here on this graph is a okay and there's a fancy little term that you'll hear when you go from A to B it's called a dot d-o-t a dot B so if you're looking at this graph a dot B equals C you with me so far it's easy alright so a dot something equals a certain value so if my line was a little further up it would be a dot that would equal a different point so basically a dot B equals C but X dot y equals Z just examples only-- all right so you're with me so far we're good all right so then if you can hang with me through this slide you're gonna nail it all right so you can see this one's moving over here once you get up to your C point you can drop a dotted down a dotted line down so that it hits the curve on the other side since we're symmetric if you get to see D is simply going to be the negative of that so if C is 3 D is gonna be negative 3 if C is 42 he's gonna be negative 42 you're with me so far we're good alright so you drop the dotted line down from C to hit the opposite value on the x-axis with the symmetry okay now then watch the line you're gonna go back that way does it go back to that one yeah yep see how it goes back up to a so you've got C it's going to come down and around see dot and then go back up okay so every time you do a dot and drop across that is your private key is the number of times you go in a loop around okay and okay so a dot and write the number of times that's your key so key size you can max out any way you want this way on the graph and you can determine how big your key is by how far you let those points come out on your x-axis but essentially you dot the thing a secret number of times that's it you got it we could explain it to your friends in the bar elliptic curve cryptography okay and this provides the basis of the trapdoor function because even if you have the curve like you have the equation for the curve and you even have your points like your start point your end point unless you know how many times they've looped around through that thing it's really hard to try and break that okay and that's why there they have been looking at it for use in quantum like against securing against quantum computers how many here are familiar with quantum computing okay let me give you a quick like like my two minutes MOOC on talked quantum computing essentially the concern with that against cryptography is it can factor very large numbers much faster than classical computers because you can do it in the quantum state you can function you can do the functions on both in superposition right so when you have some passwords that would take literally like a billion years using a classical computer a quantum computer can break at about 20 minutes right and it's because of Shor's algorithm it can factor it's a factoring for quantum computers so everyone's getting a little nervous which they should be that is why a lot of this cryptography that uses prime factorization is really at risk right now is because of Shor's algorithm and they've been exploring a variety of different ways to try and you know find a replacement or replacements elliptic curve was really high on the list a couple years ago when I was doing research they were like oh yeah that's it's gonna solve everything but the problem is is that it's starting to look a little like that may not be our best choice right now I do talk about something called lattice cryptography and my other talk it's using lattice mathematics that's also one of the things and hopefully I'm looking forward to this guy on Sunday I want to learn a little more from him hopefully but elliptic curve I think this is used a lot in cell phone encryption I think blackberry uses this in some of their stuff and then this is just some list of encryption systems we've got the symmetric the asymmetric okay this is the next one are you ready quantum key cryptography all right you got the elliptic curve right you're good you ready to do quantum all right so in
a nutshell quantum cryptography uses physics instead of math to create the key to encrypt your data okay every some people look very sad right now okay so how do we do that how do you alright how do you do how do you use physics instead of math well what you do is you generate your key using photons does everyone know what a photon is it's a particle of light right so this is how photons become a key okay when you have a regular photon emitted by an LED its unpolarized okay and that means that it can oscillate that packet or the photon it can oscillate like all over the place it's a hot mess okay and what you can do is you can pass it through a polarizing filter so that you give it a specific spin all right and the spins usually are like a horizontal a vertical or a diagonal okay so you are going to emit your and your particles gonna be a 1 or a 0 like binary so you're gonna emit it you're gonna put it through a filter and give it a spin ok with me so far are we good all right Alice is gonna create a string of random polarized photons and send them to Bob ok so here's an example she might send these different ones like a diagonal vertical so she's gonna send these off to Bob okay now Bob's on the other end bob has absolutely no clue what she's doing all right he has no clue what filter she's using so he just picks some random one so that he can receive them okay so if Bob or if Alice sends a photon that has a vertical spin and Bob has this is hard to do holding a mic if Bob has a filter that set up is a vertical filter that photon is just gonna write through have you all seen those Japanese game shows where they have the cutouts and you got to stand in the weird things so it's like that think about like that if it's vertical and his filter matches it's gonna sail right through and no problem the problem is is if he has the raw filter like a diagonal one then it's either gonna give you a no result because it's not gonna go through or that filter will change the spin on the particle to match and it'll be a diagonal with me so far we good y'all are brilliant okay so what happens is now Alice can pick up the phone and she can call Bob she say hey Bob these are the filters I used right and so if anyone's trying to eavesdrop they don't know what Bob used they know what Alice she's but they don't know what Bob use right so she tells him what she sent okay now Bob knows what he used and none of that's communicated back that way so then Bob knows what he got right and what he got wrong and that gives them a union of the ones that he knows are right and that becomes your key okay and you can't man-in-the-middle this because if you're familiar with like quantum physics when you with Heisenberg uncertainty principle if you code if you observe something or measure it you collapse the wave function so they will be able to tell on either end if that wave functions been collapsed and then they can scrap it and try again so they'll know if someone's tried to observe it okay but this is a good little kind of diagram here what it shows like Alice's random bits and then her filters right and then his and then they tab that talk in the middle and then they realized this is their shared secret key and that's quantum key cryptography you got it explained it at the bar whew all right that was the hardest part so let's wrap up by talking about some unsolved mysteries this is the fun part I like these we have a lot of murder and mayhem going on here but we'll start with some of the the older stuff so have
you all heard of the face dos disk okay this was found I want to say like early 1900s like around 1908 it's fired clay it was found in a Minoan Palace on Crete and it's 16 centimeters in diameter and they think it's written in Linear a it so that's one of the two undeciphered writing systems in ancient Greece so they still have writing systems from you know ancient times that they still haven't quite figured out yet and this was I think there's like 241 different little token piece like Stamper things that they probably put in and it comes about 45 different distinct characters and if you read it clockwise spiraling into the middle and this is still kind of unsolved there's some guys that have been working on it for quite some time I want to say about six years a linguist and another guy from Oxford they're fairly certain it's a prayer to a Minoan goddess but they're not quite sure so anytime you get frustrated working on a puzzle like these guys I'm working on this for six years and still haven't figured it out so don't feel too bad but this is ancient Greece and then have you heard of the Voynich manuscript this is there's a it's either on YouTube or Netflix it may be on both but there's like an entire hour long thing on this manuscript it's super fascinating it'll put you to sleep if you need it but this is a book of unknown writing and they've carbon-dated it to some time I think in the 15th century and they it may have been written during the Italian Renaissance but they're not sure it allegedly was found by a book dealer but there is some question around did he actually like buy it and find it or is it this really elaborate hoax they're not really sure it's 240 pages it's a combination of script and all sorts of like crazy writing there's another page from it nobody's been able to figure it out absolutely nobody can figure any of this out it is just their boggled the the show if you want to sit and watch absolutely like an hour and it's super fascinating cuz they go through the whole history of when it was found and they show you a lot of the pages and some of the stuff that cryptographers have been trying to figure out with it there's some thoughts that maybe Francis Bacon wrote it which would be interesting because of the Baconian cipher and then some others have suggested maybe it was Albertus Magnus he was like a monk back then and then again there are some people that just think it is just a big fake thing that this guy created to kind of make money and yet you know how people are but that's the Voynich manuscript you ready for some murder have you heard of tamam shud the mystery of the Somerton man no all right this is an unsolved murder okay in December 1948 an unidentified man was found dead on a beach okay no identification on him nobody had any idea who he was a dead body on a beach six weeks later they found a suitcase in the railway station cloakroom that they were able to they think they connected it to him somehow and it was deposited at 11 o'clock the day before he died okay there was no identification in the suitcase but in the pocket of his pants they found a paper that read to mom she soon even know what that means okay so that is the final words from the Ruby awed by Omar Khayyam it's a book if you went to English you probably had to suffer through it later in a abandoned car parked near that Beach they found a copy of the book and the last page that had those words on it had been torn out of the book okay so they obviously you know we're trying to figure out who done it when they examined the book very carefully in the book in some kind of faint writing they found this cipher e stuff they're really not sure what it is but it looks like a cipher and they also found a phone number well they called the phone number and it turns out to bull it belonged to a local nurse who actually lived near that beach and the detectives went and showed like a plaster bust cast thing they had made of the man after he died trying to identify him they went and showed this to the nurse and the nurse was like I have no clue who that is however the way she reacted when she saw it apparently she turned sheet white and panicked she claims she didn't know it was but her reaction to what he the cast it was kind of obvious she knew something right so she claims she gave a book the Rubaiyat she gave a book like that to a guy named Alfred where she was doing some nursing training like a couple years earlier but she hadn't seen Alfred or the book in ages and then when they actually tried to track down Alfred they they found him but he had been dead for a couple years so then a couple years later I think they were trying to reopen the case the daughter of the woman came forth and she said that her mother had known much more and hadn't want to admit it and that there's some thought that the mother had ties to Russia and could have been a spy and maybe that had something to do with the guy's death on the beach but this is a completely unsolved murder case and they have never been able to decrypt that note in his pocket so if you want to give it a shot it's on the internet it's out there but
it's totally unsolved and nobody can read it the McCormick's cipher this is a neat one so in June 30th 1999 they found a dead body on the edge of a cornfield in Missouri and the body was of a man named Ricky McCormick he was 41 years old unemployed on disability he had a criminal record I think he'd served time for statutory rape and he was 15 miles from his home address but he didn't own a car and he had no public transportation what was even more interesting was he couldn't spell and could barely write his own name yet on him they found this note on the body okay so the FBI actually has this on their website you can go to forms code this is an open case still they are looking for anyone who can help them solve this give them a call but this to this day let's see 1999 we're almost up on 20 years 20 year cold case dead body code in the pocket they think that if they can break this code they might be able to figure out who killed him but there's no guarantees it could be a grocery list the blitz ciphers I love this picture it just shows the British stiff upper lip T in the bombing so the Blitz ciphers World War two during the bombings this was an East London this guy and one of the buildings found some wooden boxes and they had these pages in them that had all sorts of ciphers and stuff this is what some of them look like and at first he only released three because he was really actually the gentleman didn't release him he passed them on down his nephew who finally had him his nephew have released a couple they might have been written with a quill pen but the the problem with these is that nobody's been able to actually look at them for real because the guy who owns them wants to stay anonymous and he will only release pictures of them so then again it begs the question are these real is it a hoax so they just messin with cryptographers but these are some of the pictures and some of them look kind of like if you're familiar with John Dee and the the guy in English history Oh we'll go to the zodiac so our who's familiar with the Zodiac killer all right this is what got me interested in crypto when I was a little kid I actually read this book best book on zodiac I still own it it's dog-eared it's yellow but if you're interested in an actual book on it I highly recommend this one and I just found my background before this was I was a police officer so I do a medical legal death investigation forensics and I read a lot of this stuff and I just always found this fascinating they never caught the guy and all the codes involved with the stuff so in the late 60s early 70s there was a serial killer in Northern California and he was a for men and three women again super fascinating how he did it he would like his a hooded figure there were actually two people that he went after that got away and were able to describe him so they have like sketches of that this book is great because it has a lot of the photography and the evidence and pictures from the crime scenes and everything they named him zodiac after a series of taunting letters that he sent the police there's a couple samples up here and they were all these kind of cipher e crypto grams and I think there were four total that were sent to the police and only one had ever been solved it was a husband-wife hobbiest cryptography group or pair they solve one of them but the it wasn't the same thing for each one so it's not like they could just fool you solve that one so the rest it was different for each one so um what I thought was really interesting was there's a guy named cauri star Lipper um he's not in here is he that happens to be sometimes people I talk about her sitting in my talks so he thinks he solved this okay he saw a movie on it in 2007 and he got super interested in it like to the point of like stalking the whole story yet stuff everywhere and he's like I'm gonna crack this so there's one of the the crypto grands it's called the 340 because I had three hundred forty characters and he thought to himself you know this is interesting three forty is the area code for the US Virgin Islands right and then he said okay three plus four plus zero equals seven and then he did seven plus zero and I don't know he kind of got seven zero seven which happens oddly enough to be the area code for Vallejo Napa and Solano where the murders occurred he's like I think I'm on to something so he decided to use a Caesar shift of three point four because of the three forty right I not sure I've ever shifted three point four I want to do some more research on that but when he applied a Caesar shift of three point four do you know what came out this and it was how am i God if you read through the whole thing it ends with Lee Allen my name is Lee Allen Leigh Allen happened to be one of the prime suspects on the top of the police list at the time of the investigation on they had brought in a handwriting expert who claimed that oh no no his handwriting doesn't match whoever did these but y'all know you can mask handwriting that's not rocket science and he also happened to pass a poly but if you have any background in poly you know that's not a science so on unfortunately Lee Allen died in 92 so they really can't Hermer deny this in any way but they think this has been cracked but there's other people that claim oh no no you didn't do it you didn't make it so it's still a little bit out there with uh has it been solved I think there's still two others that are still not solved to this day so how are we doing on time be good I think we're good so what have we learned learned a lot today y'all can explain elliptic curve right you can hide messages from your English teacher right or your boss quantum key right doing pretty good so that's pretty much it that's my talk I wanted to do just an introduction a little bit of history some unsolved mysteries you know just to kind of get people interested and realizing it's not all that difficult I do have a couple copies of my book left if anyone wants one afterwards you feel free to take one and if I run out the PDF copy of the book is on my site as well as the walkthrough for it so if you get a book and then you get stuck and you want it you want one I'll make sure you get one okay so that's all I have are there questions comments short smart remarks