A Short History of
Cryptography

for Programmers

A Short History of
Cryptography

for Programmers

A Short History of
Cryptography

for Programmers

Gant Laborde

WHY!?

CRYPTOGRAPHY?

Why Cryptography?

It's here to stay

Why Cryptography?

It's cool

Why Cryptography?

It's part of a programmer's job

Ready!?

Ciphers are Old

1900 BC

The Oldest Keyed Cipher

Caesar / ROT

The Oldest Cipher

Substitution / Caesar / ROT

"If he had anything confidential to say, he wrote it in cipher, that is, by so changing the order of the letters of the alphabet, that not a word could be made out. If anyone wishes to decipher these, and get at their meaning, he must substitute the fourth letter of the alphabet, namely D, for A, and so with the others."

 

— Suetonius, Life of Julius Caesar 56

The Oldest Cipher

Substitution / Caesar / ROT

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z


D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

The Oldest Cipher

Substitution / Caesar / ROT

Can this become one encrypt/decrypt function?

YES!

Rotate the alphabet by 180 degrees

The Oldest Cipher

Substitution / Caesar / ROT

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z


N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

The Oldest Cipher

Substitution / Caesar / ROT

The Oldest Cipher

Substitution / Caesar / ROT

Cipher Encodes
ROT13 Case insensitive 2-time letter only cipher
(A-Z, a-z)
ROT5 2-time cipher for numbers
(0-9)
ROT18 (13.5) Case insensitive 2-time letters and numbers
(0-9, A-Z, a-z)
ROT47 All visible ASCII characters 2-time cipher

The Oldest Cipher

Substitution / Caesar / ROT

The Oldest Cipher

Substitution / Caesar / ROT

3 Major Parts

 

  1. The Algorithm
  2. The Key
  3. The Ciphertext

The Oldest Cipher

Substitution / Caesar / ROT

What's the problem with Caesar (rotational)?

Really Simple Keyspace

The Oldest Cipher

Substitution / Caesar / ROT

Better Rotation

Vigenère cipher 1508

Better Rotation

Vigenère cipher 1508

Each letter has a corresponding rotation.

EVERY

1, 5, 8, 11, 14

FAMCM

Better Rotation

Vigenère cipher 1508

  • Larger Key Space (up to message size)
  • Frequency Analysis Resistant

Better Rotation

Vigenère cipher 1508

"The meeting is at the end of the street"

ROT13: GUR ZRRGVAT VF NG GUR RAQ BS GUR FBERRG

Vigenère with code 1508:
150 8150815 08 15 081 508 15 081 508150
UME UFJTQOL IA BY TPF JNL PK TPF XTZFJT

Remembering Numbers Sucks

1, 5, 8, 11, 14

?, ?, ?, ??, ??

Encoding Keys

1 2 3 4 5
1 a b c/k d e
2 f g h i j
3 l m n o p
4 q r s t u
5 v w x y z

Polybius Square (knock Cipher)

Encoding Keys

1 2 3 4 5
1 i n f t e
2 r d a b c/k
3 g h j l m
4 o p q s u
5 v w x y z

Polybius Square (knock Cipher)

Key Table Passphrase "Infinite Red"

Encoding Keys

Changing the position of a character depending on a secret is called a transposition cipher.

Transposition helps hide recognizable patterns in the result.

Stacking Confusion & Diffusion

Vigenère Cipher Key

Polybius Encoding

Message

Polybius Key Phrase

= Ciphertext

Do it again... and again... and again...

Jargon Alert

Symmetric Encryption Ciphers

  1. DES (Data Encryption Standard)
  2. AES (Advanced Encryption Standard) - Rijndael
  3. IDEA (International Data Encryption Algorithm)
  4. Blowfish (Like DES or IDEA)
  5. Rivest Cipher (RC5, RC6)

Digital Secrets

Encrypting your hard drive?

 

👍

Digital Secrets

Digital Secrets

Sharing secrets over the internet?

Digital Secrets

?

Ralph Merkle

Merkle's Insight

Whitfield Diffie & Martin Hellman

Digital Secrets

The Diffie-Hellman Key Exchange

Diffie-Hellman

p = 53

g = 18

x1 = 10

y1 = 38

p = 53

g = 18

x2 = 11

y2 = 48

48^10 mod 53
secret = 4

38^11 mod 53
secret = 4

We Want More

What can we do now!?

PUBLIC

KEY

CRYPTOGRAPHY

What can we do now!?

Public Key Crypto

Asymmetric Cryptography

Public Key

Private Key

What can we do now!?

  • Confidentiality

  • Authentication

  • Integrity

  • Nonrepudiation

All Good!?

Not Really... RSA Public Key was 100x's slower than DES

Cryptographic Hashing

Lots of things are easier one way.

  1. Opening a car door in tall grass vs closing it
  2. Square vs square root
  3. Shredding vs unshredding paper
  4. Hearing examples vs inventing examples

 

Cryptographic Hashing

New Tricks!

A Hash Gives You New Powers

  1. Identify if a file has been modified
  2. Verification across insecure channels
  3. Cryptocurrencies keeping anon

COOL NEW AUTH TRICKS!

Just Encrypt the Hash!

Fully Encrypt File

Sign/Encrypt Hash

One-Time Passwords

Jargon Alert

Asymmetric

  1. RSA
  2. ECC

Cryptographic Hashes

  1. MD5
  2. SHA-1 SHA-2

What can we do now!?

Authorization

Classic Way

Browser

Server

user/password

Cookie (Session ID)

Request + Session ID

Elevated Access Response

Scaled Authorization

JWT - JSON Web Token

Browser

Auth Server

Any Service Server

user/password

signed JWT with secret

Request + JWT

Elevated Access Response

(No User DB

Needed)

Scaled Authorization

Scaled Authorization

Let's Review

  1. Confusion Diffusion Products
  2. Merkle's Insight
  3. Diffie-Hellman
  4. Public Key Cryptography
  5. Cryptographic Hasing
  6. JSON Web Token Authorization

Where do we go from here?

  1. Never rely on your own cryptographic algorithm
  2. Cryptography is actually kinda fun
  3. There's a whole world out there with techniques no one has considered yet.  BE CURIOUS!


THANK YOU!


THANK YOU!

 


THANK YOU!

 

@GANTLABORDE

A History of Cryptography for Programmers

By Gant Laborde

A History of Cryptography for Programmers

Cryptography has a long and fascinating history that spans thousands of years. It has been used to protect sensitive information, ensure the authenticity of messages, and facilitate secure communication. In this conference talk, we will explore the history of cryptography from its early beginnings with the Caesar cipher to modern techniques such as public key cryptography and JWT (JSON Web Token). We will start by discussing the Caesar cipher, a simple substitution cipher that was used by Julius Caesar to encode messages sent to his military commanders. We will then move on to public key cryptography, which allows for secure communication over an insecure channel by using a pair of keys: a public key and a private key. We will also discuss how JWT (JSON Web Token) is used in modern web applications to securely transmit information between parties. Throughout the talk, we will cover the key concepts and techniques used in cryptography, as well as the challenges and opportunities that have shaped the field over the years. This talk is designed for programmers who are interested in learning more about the history and fundamentals of cryptography.

  • 517