Discover more from Wrong Speak Publishing
Encryption Methodologies That May Challenge The National Security Agency
Encrypting information is not new, it's older than the Roman Empire. Today the National Security Agency (NSA) tries to decrypt information from our enemies and even in some cases our allies. There are numerous schemas for encryption. The oldest was just the substitution Matrix. One letter was substituted for another. The most popular schema today for commercial encryption is private key/public key encryption using the RSA algorithm. Another popular methodology is using elliptic curve cryptography.
Before we discuss a new methodology of cryptography to seriously challenge the NSA let's talk about elliptic cryptography and RSA.
Elliptic Key And RSA
Elliptic key encryption utilizes the algebra of elliptic curves as an encryption methodology. Its keys can be shorter and are considered more efficient than RSA using less CPU time to decrypt.
RSA is the most widely used methodology for commercial transactions (I almost exclusively use RSA as opposed to all other encryption methodologies). It was invented by the mathematician Rivest Shamir Adleman and is the oldest public/private key methodology.
Both of these encryption methodologies involve a public key and a private key. What that means is that there's a private key that you use that you keep a secret. And a public key that you've distributed among users who need to decrypt the information.
Let me give you an example of the usage of public and private keys. A company wants to put up a website and they want that website to be secure. The name of the website is www.paul.com. They would create something known as a certificate signing request (CSR). This would contain the country of origin for the website, the state, province, or city, the email address, and the actual website name (www.paul.com). They would send that request to an agency known as a certificate of authority. It has a specialized authority to sign CSR to make them valid. It would also distribute the signing CA’s to websites so they can validate the signed CSR.
When I create a CSR for a client company I typically use a 4096-bit key. Originally some websites used only 128-bit key. The longer the key the harder it is to decrypt the data. And as computers become faster and faster, encryption keys have grown bigger. You encrypt information because you want to keep it private and there's a long list of actors who want to steal your information. It is not only computer hackers but also state governments, commercial enterprises, and hacker groups. They're always brute force attacks with computers to decrypt information. Now with the possibility of quantum computing being much faster than conventional computing, it could pose a serious challenge to any type of encryption. One mechanism that has had some impressive results to decrypt information is known as the side channel.
This methodology involves spying on any type of emanations from the PC or equipment that is receiving or decrypting the information. These emanations were first discovered by a type of telletype machine used by the army during World War II. It was noticed on nearby oscilloscopes that when a certain character key was pressed on the teletype, there would be an additional registration on the oscilloscope screen. The registrations on the screen could be further correlated back to the keys pressed on the teletype. This side channel is related to the electrical emanations from the teletype. Another early example of side channel had to do with the electrical emanations from an early IBM 360 computer. A programmer discovered that he could have an IBM 360 play music by the way he programmed it in assembly code. A famous Cold War side channel spying was documented in the book “Blind Man's Bluff”.
A United States sub placed a listening device on top of a Russian undersea cable and was able to spy on conversations of top Russian Admirals. The federal government has now created standards relating to the electrical emanations from equipment, they call these standards Tempest GIAC Certifications.
Side channel attacks are not limited to electrical emanations from the CPUs or information processing devices. Side channel can also utilize sound or acoustic vibrations from information processing devices. It was theorized that acoustic cryptography could be used against information-processing devices several years ago. The co-inventor of RSA, Shamir conducted acoustic experiments on a personal computer. He found that you can extract an RSA 4096 key from a laptop. He uses a smartphone placed by the laptop to conduct his experiment. The results indicated that the laptop should be placed in some type of sound-absorbing device or fabric.
Experimental Setup Below:
IBM is also aware of side channel attacks against crypto cards and strengthens their hardware against such attacks. Below is their crypto card for their mainframe computers:
A New Crypto Methodology:
I have come across a new methodology that will seriously challenge the NSA. However before I can go into that methodology, I will have to explain an invention that came about during World War II known as frequency hopping.
Hedley Lamarr, the actress, developed a technique for frequency hopping during World War II. It was initially developed to prevent the jamming of our radio signals and to secure guidance for our torpedoes. It was further developed as a mechanism to prevent the enemy from listening in to our communications. As you are transmitting the frequency it's constantly changing due to an algorithm. The receiver on the other end is also receiving at the same predetermined frequencies. It makes it impossible for an enemy to listen to a conversation or access the data that is being transmitted. This way somebody listening to one of the frequencies would have an unintelligible gobble.
I've come across a new methodology that utilizes data encryption and a type of what I can call data set hopping. Information is encrypted using any number of standard encryption methodologies algorithms but each character is stored in a separate data set. The first 10 encrypted characters could be stored on page 100 of the Bible. The next 40 characters could be on the third page of the Quran. The encrypted characters could also be hidden in a large number of relational databases. To decrypt the information you need an algorithm that spreads the information over several different databases or books. Then you have to figure out how the original information was encrypted.
So this encryption methodology involves two steps; first, identify the algorithm that distributed the encrypted data over several different databases, then figure out how the information was encrypted. And you would still have no idea if you got the original algorithm wrong that reconstituted the original encryption. Most decryption methodologies utilize relationships between characters in the data set. It is the case that the characters are randomly secreted among different datasets and have no relationship to character sets next to them.
Let me give a simple example using the novel War and Peace, the 1200-page novel by Tolstoy. We want to encrypt the word ‘apple’. It encrypts out as ”ZYGHI” An algorithm could then determine where the characters will be placed in the Tolstoy novel. For instance, the Third character G could be on the first 70 characters. The second character Y could be on page 800, 400 characters into the page. The first character Z could be on page 1000 and the 10th character on the page. The 4th character H could be on page 200 in the first character on that page. The last letter I could be on the first page and the 63rd character on that page.
I believe this new methodology will be extremely challenging for the NSA to decrypt any type of information. The challenge could be further complicated if this is information that is needed in real-time to solve a disaster. I am further researching this new methodology as information becomes available.