7. The Bedrock of Cybersecurity: Cryptography 153 The next evolution beyond Vigenère-type ciphers was a truly revolutionary breakthrough in cryptography: the one-time pad. First described in 1882 but operationalized by Gilbert Vernam in 1917, the one-time pad is a polyalphabetic substitution cipher with two special properties: the key is random (i.e., it is not tied to a word like SECRET), and the key is the same length as the plaintext message. Because it encapsulates all possible letter substitutions, the Vigenère table can be used with the one-time pad. Using this scheme, the random key JHECNISMAXAE encrypts attack at dawn to JAXCPSSFDXWR. Unlike the previous examples, and unlike all other cryptographic schemes ever invented, this ciphertext contains no pattern whatsoever. Claude Shannon proved that the one-time pad is information-theoretic secure. This means that it is impervious to cryptanalysis and is not even susceptible to a brute-force key search attack! In other words, even if an adversary were to intercept the ciphertext JAXCPSSFDXWR, he would learn no information about the plaintext message other than the length. From the adversary’s perspective, every twelve character plaintext message is equally probable. To see this, assume he tries every key. For a message of this length, there are 2612 ≈ 9 × 1016 possible keys. Given the assumptions we made for the supercomputer above, every key could in fact be attempted in just over a day—that is not the problem. The problem is that the keys will produce every possible twelve character message, not just the actual plaintext message. The output will include the actual plaintext attack at dawn, but it will also include countless other valid plaintexts such as depart at dusk, and send supplies. From this collection of putative plaintexts, the attacker has no way of narrowing them down to the actual plaintext message—there is no basis for eliminating any of the guesses. Therefore, the attacker learns nothing and has wasted his time performing the bruteforce key search. This is not the case for any other cipher. All other ciphertext-key pairings contain a pattern of the underlying message, and for messages of any length, the correct key is the only key that “unlocks” the pattern. All the wrong keys produce nonsensical plaintexts and can be ruled out one-by-one until the correct key is identified. The great American writer Edgar Allan Poe was also an expert in cryptography. In the quote at the beginning of this chapter, Poe stated that there will never be a cipher that “human ingenuity cannot resolve.” While he was a genius of extraordinary talent, the later invention of the one-time pad proved Poe wrong! It is unbreakable. Even in a hypothetical world where an alien race possesses advanced mathematical techniques and technology, and are capable of breaking all of our strongest modern cryptographic systems, the good old one-time pad will still be beyond their grasp! Since that is the case, it would appear that cryptography has been solved—all people everywhere, including in cyberspace, should always just use one-time pads for encrypting their secret messages. But this is not what has happened. The reason is because cryptographic schemes that look great on paper have to be implemented in the real world, and
RkJQdWJsaXNoZXIy MTM4ODY=