Cryptography Reference
In-Depth Information
words in the plaintext—not a total break, but providing a starting point for
cryptanalysis. Given access to a sufficiently large number of ciphertexts, a
cryptanalyst could also perform
word frequency analysis
. Both of these short-
comings imply a need to frequently
refresh
the key— that is, the codebook
itself—which, as Kahn notes, was both costly and inconvenient: “Their
initial strengths, which was due to the extent of the lexicon and the many
homophones, eventually proved a weakness: the foreign service was reluc-
tant to change a nomenclator that, in the late 1700s, cost £150, or to order
separate nomenclators for separate countries. Thus some remained in use
for a dozen years or more, and some simultaneously served several embas-
sies.”
10
In the end, because codebook-based encryption cannot be easily
automated, it fell into disgrace with the rise of modern communications-
based warfare and the need for mass enciphering and deciphering of mili-
tary communications.
11
This short overview of ciphers and codes has introduced some of the
fundamental concepts of contemporary cryptographic theory: encryption
algorithms are step-by-step procedures for transforming plaintext messages
into ciphertexts
.
A
key
is a parameter to the procedure known only to the
communicating parties. Because schemes become increasingly vulnerable
as adversaries intercept ciphertexts on which to base their cryptanalysis, it
is necessary to regularly refresh keys, and thus to devise secure procedures
for key distribution while the communicating parties are in the field.
Desirable features of cryptographic schemes are their ability to defeat
adversaries by, on the one hand, exhibiting a key space sufficiently large
to preclude exhaustive key search (or brute-force attacks) while, on the
other hand, producing a ciphertext void of the statistical regularities that
characterize natural languages and thus defeat frequency analysis
.
In addi-
tion, encryption and decryption procedures should remain as simple as
possible, both for efficiency purposes and because operator mistakes in
handling complex cryptographic procedures often provide points of entry
for cryptanalysts to break the schemes.
In evaluating the security of a cryptographic algorithm, experts make
various worst-case assumptions regarding the resources available to the
adversary: she may have complete knowledge of the enciphering method,
have access to plaintext/ciphertext pairs of her choosing, or neither. A
strong assumption
—for example, that the adversary has no knowledge of
the encryption method—provides for a weaker certification of security.
