You are currently browsing the tag archive for the ‘crypto analysis’ tag.

**Elliptical Curve Cryptography**

*This post builds on some of the ideas in the previous post on elliptical curves. This blog originally appeared in a Plus Maths article I wrote here. The excellent Numberphile video above expands on some of the ideas below.
*

On a (slightly simplified) level elliptical curves they can be regarded as curves of the form:

y² = x³ +ax + b

So for example the curve below is an elliptical curve. This curve also has an added point at infinity though we don’t need to worry about that here. Elliptical curve cryptography is based on the difficulty in solving arithmetic problems on these curves. If you remember from the last post, we have a special way of defining the addition of 2 points.

Let’s say take 2 points A and B on y² = x³ -4x + 1. In the example we have A = (2,1) and B = (-2,1). We now want to find an answer for A + B which also is on the elliptical curve. If we add them as we might vectors we get (0,2) – but unfortunately this is not on the curve. So, we define the addition A + B through the following geometric steps.

We join up the points A and B. This line intersects the curve in one more place, C.

We then reflect the point C in the x axis. We then define this new point C’ = A + B. In this case this means that (2,1) + (-2,1) = (1/4, -1/8).

Trying another example, y² = x³ -5x + 4 (below), with A = (1,0) and B = (0,2) we have C = (3,-4) and C’ = (3,4). Therefore (1,0) + (0,2) = (3,4).

We also need to have a definition when A and B define the same point on the curve. This will give us the definition of 2A. In this case we take the tangent to the curve at that point, and then as before find the intersection of this line and the curve, before reflecting the point. This probably is easier to understand with another graph:

Here we used the graph y² = x³ -5x + 4 again. This time point A = B = (-1.2, 2.88) and we have drawn the tangent to the curve at this point, which gives point D, which is then reflected in the x axis to give D’. D’ = (2.41, -2.43). Therefore we can say 2A = D’, or 2(-1.2, 2.88) = (2.41, -2.43).

Now addition of points is defined we can see how elliptical curve cryptography works. The basic idea is that given 2 points on the curve, say A and B, it takes a huge amount of computing power to work out the value a such that aA = B. For example, say I use the curve y² = x³ -25x to encrypt, and the 2 points on the curve are A = (-4,6) and B = (1681/144 , -62279/1728). Someone who wanted to break my encryption would need to find the value a such that a(-4,6) = (1681/144 , -62279/1728). The actual answer is a =2 which we can show graphically. As we want to show that 2(-4,6) = (1681/144 , -62279/1728) , we can use the previous method of finding the tangent at the point (-4,6):

We can then check with Geogebra which shows that B’ is indeed (1681/144 , -62279/1728). When a is chosen so that it is very large, this calculation becomes very difficult to attack using brute force methods – which would require checking 2(4,-6), 3(4,-6), 4(4,-6)… until the solution (1681/144 , -62279/1728) was found.

**NSA and hacking data**

Elliptical curve cryptography has some advantages over RSA cryptography – which is based on the difficulty of factorising large primes – as less digits are required to create a problem of equal difficulty. Therefore data can be encoded more efficiently (and thus more rapidly) than using RSA encryption. Currently the digital currency Bitcoin uses elliptical curve cryptography, and it is likely that its use will become more widespread as more and more data is digitalised. However, it’s worth noting that as yet no-one has proved that it* has* to be difficult to crack elliptical curves – there may be a novel approach which is able to solve the problem in a much shorter time. Indeed many mathematicians and computer scientists are working in this field.

Government digital spy agencies like the NSA and GCHQ are also very interested in such encryption techniques. If there was a method of solving this problem quickly then overnight large amounts of encrypted data would be accessible – and for example Bitcoin currency exchange would no longer be secure. It also recently transpired that the NSA has built “backdoor” entries into some elliptical curve cryptography algorithms which have allowed them to access data that the people sending it thought was secure. Mathematics is at the heart of this new digital arms race.

If you enjoyed this post you might also like:

RSA Encryption – the encryption system which secures the internet.

Circular inversion – learn about some other geometrical transformations used in university level mathematics.

**Crypto Analysis to Crack Vigenere Ciphers**

*(This post assumes some familiarity with both Vigenere and Ceasar Shift Ciphers. You can do some background reading on them here first).*

We can crack a Vigenere Cipher using mathematical analysis. Vigenere Ciphers are more difficult to crack than Caesar Shifts, however they are still susceptible to mathematical techniques. As an example, say we receive the code:

*VVLWKGDRGLDQRZHSHVRAVVHZKUHRGFHGKDKITKRVMG*

If we know it is a Vigenere Cipher encoded with the word CODE then we can create the following decoding table.

Here we have 4 alphabets, each starting with the letters of the code word. To decode we cycle through the alphabets. The first code letter is V so we find this in the C row and then look at the letter at the top of the column – this is T. This is our first letter. Next the second code letter is also V, but this time we find it the O row. The column letter corresponding to this is H. We continue this method which gives the decoded sentence:

*THIS IS AN EXAMPLE OF HOW THE VIGENERE CIPHER WORKS*

**How do we know what cipher to use? **

In any kind of crypto-analyis we need to decide which technique has been used. Say for example we receive the message:

*GZEFWCEWTPGDRASPGNGSIAWDVFTUASZWSFSGRQOHEUFLAQVTUWFV*

* JSGHRVEEAMMOWRGGTUWSRUOAVSDMAEWNHEBRJTBURNUKGZIFOHR*

* FYBMHNNEQGNRLHNLCYACXTEYGWNFDRFTRJTUWNHEBRJ*

In real code breaking we won’t have a message alongside it saying, “Use a Vigenere Cipher.” A large part of the skill of code breaking is deciding which encoding technique has been used. For our received message we have the frequency:

So, in this case is it best to do look for a Caesar Shift or a Vigenere Cipher? To find this out, we could do with finding out how “smooth” the bar chart is and how it compares with the expected frequencies. The expected values in English are:

A Caesar Shift simply shifts every letter in the message by a given number of letters in the alphabet, so we would expect a frequency barchart for a Caesar Shift to have the same peaks and troughs (just shifted along). The Vigenere makes frequency analysis more difficult because it “smooths out” the frequencies – this means that the bar chart for the frequency will be less spiky and more uniform.

**Incidence of Coincidence**

A mathematical method to check how smooth the bar chart is, is to use the Incidence of Coincidence – this method is outlined in this post on Practical Cryptography, and uses this formula:

There is also a script on the site to work out the I.C for us. If we enter our received code we get an I.C of 0.045. We would expect an I.C of around 0.067 for a regular distribution of English letters (which we would find in a Caesar Shift for example). Therefore this I.C value is a clue that we have a Vigenere Cipher rather than a Caesar shift.

**Exploiting the cyclic nature of the Vigenere Cipher**

So, we suspect it is a Vigenere Cipher, next we want to find out what the code word that was used to generate the code table is. To do this we can look at the received code for repeating groups of letters. There is a cyclic nature to the Vigenere Cipher, so there will also be a cyclic nature to the encoded message.

Using the site Crypto Corner we can analyse the text for repeating patterns of letters. This gives us:

This clearly indicates that there are a lot of letters repeating with period of 3. Therefore it is a good guess that the keyword is also length 3.

So, next we can split the received message into 3 separate messages:

*GFEPRPGAVUZFRHFQUVGVAOGURADEHRBNGFRBNQRNYXYNRRUHR*

* ZWWGAGSWFAWSQELVWJHEMWGWUVMWEJUUZOFMNGLLATGFFJWEJ*

* ECTDSNIDTSSGOUATFSREMRTSOSANBTRKIHYHENHCCEWDTTNB*

Here we have simply generated the first line by taking the first, fourth, seventh, tenth etc. letters.

**Cracking the code**

Now we can do three separate Cesar Shift tests on these separate lines:

The first line has frequency:

which strongly suggests that R in the cipher text is going to E. This gives us the following Caesar Shift:

The second line has the following frequency:

Which strongly suggests that W in the cipher text is going to E. This gives us:

Lastly we notice that this will give us the codeword NS_. Well NSA, (the American digital spy agency) would be a good guess so for the third Caesar Shift we try:

Putting these together we have the Vigenere Cipher:

and this decodes our received code as:

*THE SECRET CODE IS CONTAINED IN THIS MESSAGE. YOU MUST ADD THE FIRST PRIME NUMBER TO THE SECOND SQUARE NUMBER TO CRACK THIS. WHEN YOU HAVE DONE THAT CLICK BELOW AND ENTER THE NUMBER.*

We have done it! We have cracked the Vigenere Cipher using a mixture of statistics, logic and intuition. The method may seem long, but this was a cipher that was thought to be unbreakable – and indeed took nearly 300 years to crack. Today, using statistical algorithms it can be cracked in seconds. Codes have moved on from the Vigenere Cipher – but maths remains at the heart of both making and breaking them.

If you enjoyed this post you might also like:

The Maths Code Challenge – three levels of codes to attempt, each one providing a password to access the next code in the series. Can you make it onto the leaderboard?

RSA public key encryption – the code that secures the internet.

Essential resources for IB students:

1) Exploration Guides and Paper 3 Resources

I’ve put together four comprehensive pdf guides to help students prepare for their exploration coursework and Paper 3 investigations. The exploration guides talk through the marking criteria, common student mistakes, excellent ideas for explorations, technology advice, modeling methods and a variety of statistical techniques with detailed explanations. I’ve also made 17 full investigation questions which are also excellent starting points for explorations. The Exploration Guides can be downloaded here and the Paper 3 Questions can be downloaded here.