Concepts of Cryptography:Caesar Cipher

Overview

Caesar cipher is an old and simple encryption techniques, and also a very widely used one. (Smart, 2016). It is a type of substitute cipher where a plaintext letter is replaced by a letter which is at some fixed number of position in the alphabet chronology. For example: with a left shift of two, D would be replaced by B in encryption based on Caesar cipher. This method is named after Julius Caesar, who used this technique to communicate with his generals. Many more complex encryption techniques such as Vigenere and ROT13 are based on the principles of Caesar cipher. ( Nasution, Ginting, Syahrizal, and Rahim (2017).

Example

For a Caesar cipher to work properly, both the parties concerned should have the key to the cipher, as in which letter will be replaced by what in the encrypted message. It helps the sender to encrypt the message and the receiver to decrypt the message after receiving it. For this cipher, the key is the number of characters that needs to be shifted to encrypt the message and find its meaning.

Here is an example of Caesar cipher with a shift(key) of 1

plaintext:  defend the wall of the castle

ciphertext: efgfoe uif xbmm pg uif dbtumf

The key is shifting the plaintext alphabets by -1

plain:  abcdefghijklmnopqrstuvwxyz

cipher: bcdefghijklmnopqrstuvwxyza

Security Concerns

Since Caesar cipher uses a simple method of encryption, it offers very little security. Single alphabet substitution ciphers can be easily broken, and many complex substitutions can be broken if the decryption party is smart enough. In modern practices, this cipher has become very easily breakable. It can easily be broken by one hand. In earlier times, breaking the cipher was tough because most of the enemies of Julius Caesar were illiterate.

In a ciphertext scenario of a Caesar cipher, two situations can be considered:

• The enemy knows (or can guess) that a substitution method is being used. It may or may not be Caesar’s cipher.
• The enemy knows that the encryption is Caesar cipher, but does not know the shift value of the alphabets.

In the first case, the enemy might use a trial and error method to decrypt the hidden message. If any regularity or pattern is found, then the next steps become apparent. In the second case, the enemy might guess the number of patterns through permutation and combinations, as there is a limited number of alphabet shifts that can be done in the English alphabet, which is 26. (Bhargava, Sharma, Chawla, and Thakral (2017).

Kerckhoff’s Principle

Overview

Kerckhoff’s principle in encryption was given by Auguste Kerckhoff, a cryptographer from the Netherlands in the late 19^th century. It states that the cryptosystem should be secure, even if anything about the system, including the key, is public knowledge. American mathematician Claude Shannon reformulated the principle and stated it as the enemy knows the cryptography, and it should be designed, keeping in mind the fact that the enemy knows it. This modified version is called Shannon’s maxim. (Knoll (2018).

Kerckhoff’s Six Principles

In today’s world, all contemporary encryption algorithms such as DES, AES, and others use Kerckhoff’s principle. The principle serves as the basis of these algorithms, as they use its techniques to encrypt and decrypt program files. Kerckhoff’s one work, published in 1883 in French under the title “Le Crytogrphie Military” (military cryptography), included six design principles that were to be used by military ciphers:

• If not mathematically, the system should be practically indecipherable
• It is not required to be a secret, but it should fall unto the hands of the enemy without any inconvenience
• Its key must be transferable and should be retainable with the help of notes, which can be modified as per the sender’s and receiver’s convenience
• It must apply to and compatible with telegraphic communication
• Apparatus and documents concerned should be portable enough and must not be known to many people.
• The cipher should be easy to read and use, and mental strain should not be required.

The second principle is called as Kerckhoff’s principle

As stated earlier, Kerckhoff’s principle takes into consideration that the enemy will gain access to the encryption. It instead focusses on the safety and security of the key, which is required to decrypt the message. The central idea of this principle is that secrecy itself is not necessarily a good thing. If a part of the cryptosystem is kept hidden, then it may have chances of getting compromised.  Security can be provided if the details of the cryptographic system can be shared with the rest of the world.

Example

Let’s say that a cryptographic algorithm is developed by software and hardware, which is commonly distributed among users. If the algorithm is kept secret, then it becomes tough to train new staff about it along with testing and developing new types of algorithms. However, if the concept of algorithm is widely known and its secrecy is no longer a concern, with only the keys meant to be secure, then disclosure of the keys, and generating new keys becomes relatively easy, and less costly.

Key Cryptosystem

Overview

In cryptography, the key is the piece of information that determines the functional output of the encrypted message. It is a parameter defined by a particular set of principles that are used to encrypt the message. Keys also specify the changes in other algorithms, if necessary. In modern practices, companies use two types of key for encryption: public key and private key. The private key, which is kept secret, encrypts the data, whereas the public key, which decrypts the data, is open to all. Since the public key has no other purpose other than to decode the message, it can be shared with anyone. Public key works well in a situation where sharing of the key is dangerous, like sharing a key over the internet, or an open public network (Jayanthi, and Singh (2019).

Challenges of Key Cryptosystem

Public key algorithms usually contain a longer sequence of keys as compared to other types of algorithms. Furthermore, public keys are more vulnerable to brute force attacks, with the attacker submitting multiple passwords or log in credentials by using permutations and combinations. Alternatively, the attacker can also try to guess the key using a key derivative function, for which the public key is not strong enough. (Huang and Li (2017). Public key also is very much prone to man-in-the-middle attacks, in which a third party user receives the message, decrypts it, reads the contents, modifies the message as per convenience, and resends it to the intended recipient after re-encrypting it, without anyone knowing it. (Mallik, Ahsan, Shahadat, & Tsou (2019)

Since public key encryption works mostly on mathematics, the computer takes up some time in the process of encrypting the files. Hence, when large files or bulk amount of files needs to be encrypted, the computer has to work under huge stress, causing the encryption to be delayed. Public key system algorithm can be cracked using mainly two techniques: the first one usually involves breaking down the mathematics involved in setting up the encryption, which is practically impossible to date. The second one, as discussed earlier, is the brute force attack, where the attacker tries to guess the password by guessing the number pool and applying common sense. (Kiktenko, Kudinov & Fedorov (2019)

Conclusion:

However safe it may seem, but public-key encryption is designed to protect the data with some limitations. For example, if a piece of important information is mailed to one user by another, that transaction us safe and is protected by public-key encryption, but if the recipient, after reading the data, gives access to a third party on a public network, then the attacker may siphon off the data by decrypting the message. Hence, it can be understood that it is useful only for overall security measures.

References

Bhargava, U., Sharma, A., Chawla, R., & Thakral, P. (2017, May). A new algorithm combining substitution & transposition cipher techniques for secure communication. In 2017 International Conference on Trends in Electronics and Informatics (ICEI) (pp. 619-624). IEEE.

Huang, Q., & Li, H. (2017). An efficient public-key searchable encryption scheme secure against inside keyword guessing attacks. Information Sciences, 403, 1-14.

Jayanthi, R., & Singh, K. J. (2019). A public key-based encryption and signature verification model for secured image transmission in network. International Journal of Internet Technology and Secured Transactions, 9(3), 299-312.

Kiktenko, E. O., Kudinov, M. A., & Fedorov, A. K. (2019, June). Detecting brute-force attacks on cryptocurrency wallets. In International Conference on Business Information Systems (pp. 232-242). Springer, Cham.

Knoll, T. (2018). Adapting Kerckhoffs’s principle. Advanced Microkernel Operating Systems, 93.

Mallik, A., Ahsan, A., Shahadat, M., & Tsou, J. (2019). Man-in-the-middle-attack: Understanding in simple words. International Journal of Data and Network Science, 3(2), 77-92.

Nasution, S. D., Ginting, G. L., Syahrizal, M., & Rahim, R. (2017). Data Security Using Vigenere Cipher and Goldbach Codes Algorithm. Int. J. Eng. Res. Technol, 6(1), 360-363.

Smart, N. P. (2016). Historical Ciphers. In Cryptography Made Simple (pp. 119-132). Springer, Cham