Chapter 4 Page 1 of 5

I awoke after a time to find that the boys had left. So too had the girl with the book. They were replaced by a middle-aged man and his dog. Both the man and the dog had long shaggy hair, although the dog’s hair was fuller than that of the man, for the man had a bald area on the crown of his head.

A jogger crossed in front of me on the path. The sun had moved and I was no longer shaded by the branch over my head. With the movement of the sun further down on the horizon the shadows had lengthened and the heat had subsided. A light breeze ruffled the leaves and cooled my face.

I wondered how I should explain the EFT situation to Ms. Cryer. My next chance would very likely be my last one. Did she know anything about cryptology? I doubted it; it is not a very popular field. I knew nothing at all about her personal background. If I was lucky, she would have an understanding of basic mathematics. That would make things easier. While the science of cryptology is quite complex and requires a deep grasp of number theory, complexity theory, group theory, and various other sub-disciplines of mathematics and formal reasoning, it can also be understood at a more intuitive level provided one has a head for science in general. Still not fully awake, I leaned forward and rested my elbows on my knees and reviewed in my head the content of a cryptology primer I presented to co-workers when I still worked at AT&T.

Cryptology has a long history. Early examples date back to pre-history, to a time before accurate records were kept. Early documented examples of cryptography include the private communications of Julius Caesar. Caesar wrote to Cicero and others using a cipher that is commonly referred to today as a Caesar cipher.

The Ceaser cipher is familiar to readers of Usenet, for it is essentially the same thing as ROT-13. ROT-13 encrypts a message (of alphabetic characters) by replacing each letter with the letter that occurs thirteen positions beyond it in the alphabet. For letters M-Z, the sequence wraps back around to A. So A is replaced with N, B with O, C with P, and so on. Because of the wrapping, M is replaced with A, N with B, etc. When Caesar used this technique to obscure the content of his messages, he rotated each letter by three positions instead of the thirteen used on Usenet.

How hard is it to crack a Caesar cipher? Well, while it was good enough for Caesar to fool Brutus, ROT-13 can’t stop a child from decrypting material in Usenet. ROT-13 is only used to temporarily obscure offensive news articles so that the reader has a moment to reflect on the decision to view it before it appears on the screen. It is a way to incorporate warnings into news-readers that were not designed for “rated” material. Nothing more. It is not any more “secure” than using Control-L to give the reader a chance to avoid a spoiler before inadvertently reading it on the screen.

In fact, Edgar Allan Poe’s short story, The Gold Bug, describes all the cryptanalysis one would need to successfully crack a Caesar cipher and other similar ciphers. In addition to using exhaustive search of all possible keys (there are only 25 — hardly a big search problem!), one can use statistical methods based upon the non-uniform frequency with which various letters occur in the English language. For example, as any scrabble player knows, the letter E occurs much more frequently than any other letter, and the letter X is relatively infrequent.

The strength of a Caesar cipher breaks down quickly once the enemy knows the algorithm. With only 25 possible keys, the key-space is ridiculously small. Even without computers to search the key-space, an enemy can make short work of finding the key, given even just one encrypted message. Whether he was aware of it or not, Julius Caesar was relying upon the obscurity of his method rather than the secrecy of the key. Today we realize that a far less delicate situation is to assume that the enemy is fully aware of the algorithm used but that the same enemy remains unaware of the key. A crypto-system that remains strong even after the algorithm is known is far more flexible; it is easy to change keys but hard to invent (and evaluate) new algorithms. This principle was first put forward by A. Kerckhoffs in the 19th century. If one applies Kerckhoffs’ Principle, then all of the security of a crypto-system is concentrated in the secrecy of the keys. There is no harm in divulging the algorithm. Indeed, there are advantages to making the algorithm public; if there are any flaws in the algorithm that might be exploited by your enemies, making the algorithm public gives the general population an opportunity to study your algorithm and perhaps find the flaws for you. An algorithm that has been subjected to wide-spread peer-review is much more reliable than one that has been reviewed behind closed doors by only a limited number of people.

There are three aspects to a Ceaser cipher that make it very different from modern encryption methods. The first, as already pointed out, is that it violates Kerckhoff’s law. The second is that both of the communicating parties must share knowledge of the secret code. Third, it is a weak code, in that the key is easily guessed. So weak, in fact, that even in its hay-day a Ceaser cipher was vulnerable. It is not just with recent advances that we are able to look back and crack these types of codes. Even if Brutus was unable to crack Julius Caeser’s code, others of that era could. Given the overall lack of respect that Julius Caeser had for mathematics, it isn’t surprising that he placed his confidence in such a weak cipher. This is the same Caeser that ransacked Alexandria and burned its libraries.