Well currently writing and finishing up a little crypto program, however talking about types of crypto, failures and successes might be interesting.

Some of the more secure encryption used back in WW1/WW2 was the One Time Pad, which was effectively getting a string of characters in a book and doing a lookup table to convert your characters to total garbage. Once you used the characters, you crossed them out or even tore the page burning it, while the other person with the identical book could still decode the message (assuming they got a message encoded with the pad).

In those books you'd get pages of this:
SEYIW TPYNK VRAPP PSNAJ QJRPA
GMKIK RTTML TYFJE WXCEP XYAIU

So following that, if you wanted to cipher out 'Telegraph' (using the codes above and the grid I provided) you'd get SCLKIWSDJ (or simple arithmetic) LIJMCKPNU. Since spaces and other symbols weren't encoded they were simply dropped and you'd get a long string of letters.

Due to automation and computers, encryption has had to take a far more complex level.

Even today, the One Time Pad is the only cipher where you know for certain that it is secure (as long as you keep your pad in a secure place). There have been so many modern ciphers which have been considered secure for a fairly long time only to be broken later on.
Of course the One Time Pad is not practical for most use cases, so having bright people investing their time in developing and breaking new cipher is of course a good thing. The math behind modern ciphers can be quite fascinating.

Well modern technology the OTP is effectively a single Xor command, it really comes down to the source of random data, and how easy it is to fine and/or duplicate.


Modern day 'secure' communication via Public key encryption is actually very insecure, the only thing making it secure is the difficulty of solving a mathematical problem. Still it's an interesting thing to read up about, you just need incredibly large math to do anything; Then again, modular division allows faster (and simpler) encryption/decryption than actually fully emulating the full math.

Inevitably encryption today involves a number of steps to possibly include:
addition (with/without carry?)
subtraction (with/without carry?)
lookup tables/replacement
reordering
xoring
multiplication/power of, and division.

The problem is not the encryption system or algorithm themselves, it's the implementation and knowing that the person on the other side is as security-conscious as yourself. If there's a vulnerability in the implementation that you aren't aware of, you're screwed and if the other person makes a mistake that also is not to your awareness, the content of your message might leak even for a while before you notice it. In the end, it's about human error since implementation is done by humans for other humans.

What is interesting though is if we come to a breaking point e.g when we find a tool that can basically derypt anything in no time so no one can keep secret messages or the other way around, everyone can keep secrets but no one at the same time can crack them.

There's some project in China where they are researching the potential of Quantum Encryption. <span class="bold">Article</span>.

Regarding One Time Pad, isn't it better if the parties involved memorize the entire thing of how to encrypt and decrypt rather than have a physical object of which do it? If that object would be discovered and you are not aware, a third party could be listening for quite a while before you even discover that someone might actually have the key information. Eh? What about algorithms such as AES that are approved of the US military? If they are implemented correctly and preferably as simply as possible to avoid unnecessary complexity it will come down to counting the math. Even with special toys that can use process of elimination or Rainbow Tables it's going to take ages to decrypt.

A quantum computer would deal with the problem... doing all combinations and possibilities simultaneously. Although it would come down to identifying if something was decoded or garbage. In theory yes. However I doubt I could memorize 32 characters and keep it straight. This means you will have a loss or corrupted data in which to work with, also positioning is important so forgetting or adding a letter would render the rest of the data useless unless they decoded the data at different points to find where it's valid again and use logic to fill in the blanks.

Although you could always encrypt via using a phrase which is much easier, and not quite as random but would provide a certain level of protection.

Probably those with really good memories (or photographic memories) would be best for that. That's not public key encryption...

Public key Encryption (based on RSA) takes two primes, multiplies them together to get a shared number which is distributed, then two values are created using the primes and shared number to get your public and private numbers. To get the private number you have to break the shared number back into the two primes. Each prime is likely hundreds of digits long...

AES, DES, Blowfish and other encryption methods likely heavily use tables and xor data over multiple times. It is one of the simplest methods and can be implemented in hardware fairly easily, and be far faster than software.

So at best all you get is a very smart alert system? At least if they manage to decrypt one message if you keep changing the key all you have lost is 1 message and if you aware of this, you could likely structure your messages accordingly that 1 message is not too useful. Yes but there's likely very few people that have that. Chances are if a spy agency is after you they might find ways to narrow down the possibilities of who actually it could be. Might serve well for encryption enthusiasts though. Ah, okay. What's the advantage of Public key encryption then? Good enough and easy to implement?

Well first you'd need to know what kind of data you're working with. That would probably be part of the detection. If you are expecting raw plaintext then upper/lower case or within a range of characters and/or frequency analysis could help determine if the data wasn't totally garbage.

But if we assume it's something like OTP or xor vs specific data, then that's useless because every combination is really possible.

Quantum computers with encryption makes far more sense when you have a large sample. Normal encryption and block ciphers over a large amount of data, where brute-forcing makes the most sense. Or breaking RSA keys. There's a basic tutorial, so you could implement it easily enough, the problem is how big the numbers get. Modern RSA keys are going to be 2048 or 4096 bits or larger. Internal registers are 64bit currently.

Normal encryption uses one key for both encryption and decryption. Symmetrical vs Asymmetrical keys I believe it was.

As for the advantage... Well the keys only encrypt one way. A private encodes data so only the public key can decrypt it, and vice versa.

It also allows for digital signing.

It means you can share the public key openly, for example people use the public key to encrypt communications sent to you, and only you can decode it because you have your private key.

By contrast symmetric key crypto schemes like AES use the same key to decrypt and encrypt. So you have to share the secret key and anybody who has it can both code and decode messages....

Yes, of course. What I meant was, the simple XOR operation is so well understood, there really isn't anything that can go wrong there. Of course the hard part is creating true random data for the pad. And there is also the possibility of user error, when the user uses part of the pad multiple times, but of course you can do stupid mistakes with other crypto algorithms as well, so that's not a problem of OTP in particular. The math is interesting for sure, but it is really hard to tell if an algorithm is actually as secure as it claims to be, not only for a layman, but even for experts. Then there are things like elliptic curve crypto, where even when understanding the principle behind the algorithm, probably very few people can tell a good curve from a bad one. I certainly couldn't.

Creating the random data isn't a problem. It's storing it. Radio frequencies on unused frequencies will give you good static which is more or less totally random, to my understanding one of the primary reliable sources. But depending on equipment and time and location you won't get the exact duplication of static.

This is sorta where good RNG might be useful. If a good RNG code can provide nearly endless semi-random data. Exhaustively going through said stream could or could not yield results. Even purely random data will have periods of duplication and patterns, but they will be few and far between. I recall going over a test suite, there's something like 20 tests that do different checks to determine how secure a code is. The randomness/noise you get from the encoding, how much it changes, how normalized the signals are, etc. I don't recall exactly, this was 10 years ago and I abandoned the old cipher as well as the RNG it provided.

I am not sure I could identify said curves myself either.

Strictly speaking, we're almost there for normal math. Rijndael (the cipher AES is built on) doesn't have any known theoretical weaknesses; the structure (block cipher) doesn't have any known theoretical weaknesses. AES *does* have weaknesses, because of the very rigid (and small) key size specified. But unlike, say, DES, you could make an AES 2.0 just by respecifying key sizes and timing, and it would still be highly secure. And at least so far, the weaknesses are just halving or quartering the time to brute force a key, which is almost trivial.

That round of NIST candidates (Rijndael, Twofish, Serpent, etc) was really good. It produced some really good encryption. I suppose ECC is better (by which I just mean faster) for unimportant stuff, but public key will always be more vulnerable than private. There may never come a day (and almost certainly not in our lifetimes, even if quantum computers end up being as good at certain maths as people hope/fear) when Rijndael can be cracked.

There's some math that may yield weaknesses eventually, but it's real math and thus way out of my league.

EDIT: Nothing to see here.

Well here's 2 more ciphers from the early days, neither are secure (although it will keep the random passerby from reading).

Character Substitution - Although there's HUGE number of ways this can be rearranged so A->Z and B->U, etc etc, if there's any real length of the encoding it doesn't deal with the weight of the letters. The top 3 letters used in the English Alphabet is E T and A. Other's will have lower values, but you can just by weight get 90% of the characters correct and fix any of the others later.

ROT13 - Technically character substitution but with a simple rule. Add 13 to whatever your character is and it's encoded. encode it again and you get the original value.

What did i did?