[Cryptography] Questions about crypto that lay people want to understand

[Ray Dillinger]

Okay, here's a few answers.  I skipped the one about physics and
quantum-based notions of "information" because I don't feel
like an authority on that.  Hope this helps.

				Bear




On 12/19/2015 11:22 AM, Henry Baker wrote:

> [These questions are in no particular
> order.]
> 
> * Ordinary citizens lived thousands of
> years in sophisticated societies and
> never needed clever crypto.  I don't
> recall any crypto in the Bible, and the
> only discussion of crypto in novels
> seems to occur in the context of war
> or high politics -- e.g., Queen Mary
> of Scots.
> 
> Why now?  What is it about modern
> society that seems to require crypto
> for us ordinary citizens?

Your basic citizens in earlier days needed privacy too, and
routinely used sealed envelopes to send their mail.  Crypto
is what a sealed envelope looks like when using digital
communications instead of paper.

Then as now, there is a lot of business you just plain can't
(or wouldn't want to) do without it.

> * We just had a crypto war in the
> 1990's, and everyone thought the
> problem was solved.  Why are we
> having another crypto war 20 years
> later?  Is this a generational
> phenomenon?  Or is this a periodic
> cicada phenomenon?  Will there be
> a quantum crypto war in 2035 ?

It's happening again because the people who legitimately lost
last time around are cheating.  And it probably will be a
generational thing, until we fix it so they can't cheat.

Snowden, Manning, etc, let us know that although we unequivocally
won the right to privacy in the last crypto war, some agencies
have not been abiding by the people's decision.  Now those agencies
that want to continue the practices they've grown accustomed to
doing by cheating, have launched another crypto war trying to get
those practices declared legal.

Finally, partly because of things we haven't fixed yet and partly
because of things those same agencies have been actively subverting
efforts to fix, we have been losing billions of dollars to corporate
espionage, fraud, and theft, and many national diplomatic and
defense secrets via deliberate foreign attacks on our systems which
exploit the same vulnerabilities.

The short version is we're fighting another crypto war because
our nation is in danger again.

> * Why the intimate connection
> between crypto and randomness?
> This connection seems very odd,
> since encrypted text must be
> capable of being *decrypted* back
> into plaintext, and therefore
> even seemingly random ciphertext
> must have significant structure.

You need keys that nobody can guess, nor even narrow down
the search for.  Randomness is the very best (in fact only)
possible source of keys nobody can guess.

You can say it in more complicated ways and specialize it for
lots of individual cases and applications, but it all comes
down to the same thing.  One way or another, randomness in
crypto is for the basic requirement that you need keys nobody
can guess.

> * SW/HW engineers and crypto
> folks both use the word "code" to
> indicate that some additional
> structure has been added to
> ordinary ASCII text in order to
> achieve certain goals -- e.g.,
> error detection, error correction,
> confidentiality, integrity.  Are
> these uses of "code" indicative
> of any deeper relationship between
> the different fields?

"Code" has several meanings.  In software engineering it usually
expresses procedure and occasionally mathematical relationships.
In cryptography it usually expresses mathematical relationships
and occasionally procedures.  The uses are related but not the
same.

Also security code, even when it is programs, is very different
from ordinary software engineering code, because in software
engineering programs are defined only in terms of what they do.
Security code is also be defined in terms of what it must not
do and what information its execution must not reveal about what
it's doing.

> * What is the relationship
> between the "key" in my pocket
> and a crypto "key" ?

The first difference is that one protects physical things secured
by a lock, and the other protects digital things secured by
cryptography.

The second difference is that your cryptographic keys also do double
duty for things that people have been doing for centuries with paper
documents but could usually only do in person.  They are the anti-
counterfeiting stuff in banknotes, they are the signatures on
contracts, they are the notary stamps on documents, they are the
locks on your roll-top desks that you used to use to lock down
your business at night, they are even the wax seals on old-timey
envelopes that let you know nobody else has opened a message since
it was sent.  And a bunch of other things besides.  We need those
things for digital documents as much as anybody ever needed them
for paper documents.

> * Crypto techniques seem to
> involve *cycles* -- e.g. modular
> arithmetic, etc.  Why do cyclic
> and circular things keep showing
> up in crypto ?

There are a lot of operations that are easily reversed when you
do them the normal way, but very very hard to reverse when you
do them on modular numbers.  A number of those operations, when
done on large numbers, form the basis of crypto operations -
when something is very very hard to reverse, people who don't
already know the answer can't solve the problem. And in this case
the problem is the code, and the solution is the key.

> * If HTTPS is good enough for
> my bank account, how come I
> can't use it to vote?  Why
> do I have to vote in person?

Your bank only accepts https because they have insurance that will
reimburse them if their certificate gets spoofed.  There isn't any
insurance that can give us back democracy, and the attackers are
willing to devote a lot more resources to stealing it than thieves
are willing to devote to stealing from banks.

> * Speaking of banking, will
> digital currency replace
> paper money?

To a large extent, it already has.  It's just that for most people the
digital currency is denoted in the same old units they've been using,
such as dollars (or francs, or pesos, or whatever).  Between direct
deposit, credit cards, bank transfers, and online bill payments, most
of our currency is digital, and secured by cryptography, already.
If you're asking about some special currency that isn't denominated
in one of the usual government-defined units?  Nobody knows yet.

Personally, I have my doubts that people will ever allow much of their
business to be done in completely irrevocable transactions that courts
can't recover when they get cheated or stolen from.  But that's not a
direct part of the short answer, and besides opinions vary - so "Nobody
knows yet."

> * What is "strong" crypto?
> Some products say that they
> use "government quality"
> crypto.  Will I be twice as
> safe with 2048-bit keys as
> with 1024-bit keys?

"strong" crypto usually means you'd have to either use more energy
than the sun will ever produce, more time than the solar system is
expected to last, or have a fundamental mathematical breakthrough
to find a way to decrypt it without the key.  That said, people
trying to sell you something will use the word "strong" when they
aren't selling anything close to that.  Caveat emptor.

"Government quality" isn't specific enough to be meaningful.

The key size does not really mean much without knowing what system
it's for and what you're trying to protect against.

If we take seriously recent pronouncements about being safe from
quantum computing advances, then even the shortest, lowest-security
keys for the simplest systems should be at least 160 bits.

Public-key cryptography systems can require much more key material
than that to be safe, and most of the ones we have currently deployed
would fail even with very large keys if a large quantum computer is
available for the attack. Fortunately no such computer is available
at this time.

No key length will get you any security at all if you use a crypto
algorithm that has a mathematical flaw, or a key that someone can
guess, or a protocol that allows an attacker to bypass or extract
the key.

And no increase in key length will improve your security if there
are already any easier ways to break the security than an attack
on the encryption.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151220/5bfc84d6/attachment.sig>