Encrypting information is not new; it's as old as the Roman Empire and even further back than that. Today the National Security Agency tries to decrypt information from our enemies and even in some cases our allies. There are numerous schemas for encryption. The oldest was just the substitution matrix. One letter was substituted for another. The most popular schema today for commercial encryption is private key public key encryption using the RSA Algorithm. Another popular methodology is using the elliptic curve cryptography.
Before we discuss a new methodology of cryptography to seriously challenge the NSA, let's
talk about Elliptic Cryptography and RSA.
Elliptic Key and RSA:
Elliptic key encryption utilizes the algebra of elliptic curves as an encryption methodology. Its keys can be shorter and is considered more efficient than RSA using less CPU time to decrypt.
RSA is the most widely used methodology for commercial transactions (I almost exclusively use RSA as opposed to all other encryption methodologies). It was invented by the mathematicians Rivest, Shamir and Adleman and is the oldest public/private key methodology.
Both of these encryption methodologies involve a public key and a private key. What that means is that there’s a private key that you use that you keep a secret. And a public key that you’ve distributed among users who need to decrypt the information. Let me give you an example of usage of public and private keys.
A company wants to put up a website and they want that website to be secure. The name of the website is www.paul.com. They would create something known as a certificate signing request (CSR). This would contain the country of origin for the website, the state or province, the city, the email address and the actual website name (www.paul.com). They would send that request to an agency known as a certificate of authority. It has a specialized authority to sign CSR to make them valid. It would also distribute the signing CA’s to websites so they can validate the signed CSR.
When I create CSR for a client company, I typically use a 4096-bit key. Originally, some websites used only 128 bit key. The longer the key, the harder it is to decrypt the data and as computers become faster and faster, encryption keys have grown bigger.
You encrypt information because you wanted to keep it private and there's a long list of actors who want to steal your information. It is not only computer hackers, state governments, commercial enterprises and hacker groups. They're always brute force attacks with computers to decrypt information, and now with the possibility of quantum computing being much faster than conventional computing, it could pose a serious challenge to any type of encryption. One mechanism that has had some impressive results to decrypt information is known as the side channel.
Side Channel:
This methodology involves spying on any type of emanations from the PC or equipment that is receiving or decrypting the information. These emanations were first discovered by a type of teletype machine used by the army during World War II. It was noticed on nearby oscilloscopes that when a certain character key was pressed on the teletype, there would be an additional registration on the oscilloscope screen. The registrations on the screen could be further correlated back to the keys pressed on the teletype. This side channel is related to the electrical emanations from the teletype. Another early example of side channel had to do with the electrical emanations from early IBM 360 computer. A programmer discovered that he could have an IBM 360 play music by the way he programmed it in assembly code.
A famous Cold War side channel spying was documented in the book “Blind Man's Bluff”.
A United States sub placed a listening device on top of a Russia underseas cable and was able to spy on conversations of top Russian admirals.
The federal government has now created standards relating to the electrical emanations from equipment; they call these standards Tempest GIAC Certifications.
Side channel attacks are not limited to electrical emanations from CPUs or information processing devices. Side channel can also utilize sound or acoustic vibrations from information processing devices. It was theorized that acoustic cryptography could be used against information-processing devices a number of years ago. The co-inventor of RSA, Shamir conducted acoustic experiments on a personal computer. He found that you can extract an RSA 4096 key from a laptop. He uses a smartphone placed by the laptop to conduct his experiment. The results indicated that the laptop should be placed in some type of sound absorbing device or fabric.
Below, I have a picture of his experimental setup:
IBM is also aware of side channel attacks against crypto cards and strengthens their hardware against such attacks. Below, I have an image of their crypto card for their mainframe computers:
A New Crypto Methodology:
I have come across a new methodology that will seriously challenge The National Security Agency. However, before I can go into that methodology, I will have to explain an invention that came about during World War II known as frequency hopping.
The actress Hedy Lamarr developed a technique for frequency hopping during World War 2. It was initially developed to prevent jamming of our radio signals and to secure guidance for our torpedoes. It was further developed as a mechanism to prevent the enemy from listening in to our communications. As you are transmitting, the frequency is constantly changing due to an algorithm. The receiver on the other end is also receiving at the same predetermined frequencies; it makes it impossible for an enemy to listen to a conversation or the data that is being transmitted. This way, somebody listening to one of the frequencies would have unintelligible garbled noises.
I've come across a new methodology that utilizes data encryption and a type of what I can call data set hopping. Information is encrypted using any number of standard encryption methodologies algorithms but each character is stored in a separate data set.
The first 10 encrypted characters could be stored on the first 100 pages of the Bible. The next 40 characters could be on the third page of the Quran. The encrypted characters could also be hidden in a large number of relational databases. In order to decrypt the information, you need an algorithm that spreads the information over a number of different databases or books. Then you have to figure out how the original information was encrypted. So this encryption methodology involves two steps: the algorithm that distributed the encrypted data over a number of different databases and then you would have to figure out how that information was encrypted. And you would still have no idea if you got the original algorithm wrong that reconstituted the original encryption.
Most decryption methodologies utilize relationships between characters in the data set. It is the case that the characters are randomly secreted among different datasets and have no relationship to character sets next to them.
Let me give a simple example using the novel War and Peace, the 1200-page novel by Tolstoy. We want to encrypt the word Apple. It encrypts out as ”ZYGHI”. An algorithm could determine where the characters will be placed into the Tolstoy novel, for instance, the third character, G, could be on the first page, 70 characters into the page. The second character, Y, could be on the 800th page, 400 characters into the page. The first character, Z, could be on the 1000th page the 10th character in the page. The fourth character, H, could be on the 200th page, the first character on that page. The last letter, I, could be on the first page the 63rd character on that page.
Conclusion:
I believe this new methodology will be extremely challenging for the National Security Agency to decrypt any type of information. The challenge could be further complicated if this is information is needed in real time to solve a disaster. I am further researching this new methodology as information becomes available.
