## RE: If he's learning about crypto...

I think that modern crypto encoders work by shifting (rotating) the bits of each character byte left or right a secret number of times, and then logically processing each bit (AND, OR, exclusive OR) them with corresponding bits from words from a pseudo random sequence generator.

Nope. Modern cryptosystems fall into two broad categories — public key and secret key. Secret key systems, like DES, are vaguely like you describe. They take a block of characters (say, 4), and permute the bits according to a schedule that’s selected by the bits of the key.

Public key cryptosystems use separate keys for encrypting and decrypting. For data privacy, the encryption key is made public (published in a newspaper or on a web site or whatever), while the decryption key is kept secret. The encryption process takes large(-ish) blocks of source text and treat the bits as if they were a single large number. They compute an exponent with the source text as the base and the public key as the power, modulo a large prime number.

Today, most encryption uses a combination of public and private key systems. The text is encrypted with a randomly chosen private key, the private key is encrypted with the public key(s) of the receiver(s), and the encrypted key is sent with the ciphertext. The receiver uses their private key to recover the randomly chosen symmetric key and uses that to decrypt the original text.

I don’t understand how such a code could be broken working backwards from the coded text unless you had the tremendous power of a supercomputer and could work through all the key possibilities in a reasonable time.

First, pseudo-random number generators aren’t quite random. Since we assume the PRNG algorithm is known, the attacker can exploit those non-random elements. Each bit of information you can extract cuts your workload in half.

Second, the key and the algorithm aren’t the only pieces, here. It’s often possible to guess at small chunks of the plain text. For example, a cipher transmitted between military units are likely to include the names or ranks of the units’ commanders near the beginning or end (salutation and closing). So, an attacker takes those guesses and “drags” them through the text — computing what key would encrypt the guess to the given ciphertext at each point. Now, instead of having to test all possible keys, the attacker only has to test the set of keys revealed by the dragging, which is proportional to the length of the text (that is, much smaller than the full key space).

This is why cryptosystems are created and analyzed by people with PhDs in number theory. They’re tricky to get right.

so why would you use a simpler system

To learn how cryptosystems work.

The theoretical principles of what makes a cryptosystem secure and how cryptosystems are attacked don’t depend too much on the particular algorithm being used. The problem with the Vignere cipher (or, maybe more likely, the Grosveld cipher variant used in the article) isn’t its complexity, it’s that the keyspace is too small (probably no more than 1e6).

Since he’s a new cryptologist, there are likely issues with how the key is applied in the algorithm that expose correlations between different parts of the text that might be used to recover the key as well.

Another reason to use a simpler system is that circumstances may prevent one or both sides of the transmission from having access to computers. In Neal Stephenson’s ?Cryptonomicon?, a pair of PoWs needed to communicate. Stephenson even had professional cryptographer Bruce Schneier invent a cryptosystem that used manipulations on a deck of cards as the cipher engine.

## RE: If he's learning about crypto... by Occams

Thanks Scott. Most informative.