## Subtitles section Play video

• [MUSIC PLAYING]

• SPEAKER 1: Cryptography.

• What is it, and why is it important?

• We're going to answer those two questions in exactly that order.

• It's the art and science of obscuring, and ideally protecting, information.

• Now it's an art and a science because there's math involved with it.

• It's pretty straightforward to manipulate characters in some way

• by adding some constant number to them or to change them

• in some systematic manner.

• But it's an art, because doing so in a way to defend against potential attacks

• is not as easy as it might first appear.

• There's a lot of guesswork and calculation

• that needs to go into play to find a really strong cipher.

• Cryptography gives us the opportunity to have

• a basic level of security against an adversary who might

• do bad things with the information.

• We usually contrast, in cipher information,

• with information that is presented in the clear, which

• is to say there's no protection surrounding it at all.

• And it's generally considered better to protect information using cryptography

• than to have information just freely available out there.

• Now a cipher, we're going to start by talking about cryptography

• sort of through history.

• We'll lead up to more modern forms of cryptography,

• which are derived from more ancient forms of cryptography.

• But a cipher is one of the most fundamental forms of cryptography.

• And ciphers are algorithms.

• And recall that an algorithm is just a step-by-step set of instructions

• that we use to complete a task.

• And in case, the task is to obscure or encipher information.

• And ciphers can also be used in reverse to unobscure, or decipher,

• that same information that was previously encoded or enciphered.

• Now there are many different ciphers out there

• that have varying levels of security potential.

• Some of the more ancient ciphers that we're going to start with

• should be [INAUDIBLE] be considered to have no security potential at all

• considering how easy they are to crack.

• But again, this leads into the more modern approach to cryptography,

• which is much more secure than some of these basic ones.

• And now let's start by imagining that we have possession of this device.

• Now if you're looking at this device and it seems somewhat familiar to you,

• it may be because you've recently seen the movie A Christmas Story,

• where Ralphie, the character there, obtains

• one of these, which is a little orphan Annie's secret society decoder pin.

• And this decoder pin has a set of numbers going sequentially one

• through 26 around the inner edge, and a set

• of letters, which is not presented in any particular order,

• around the outer edge.

• And what would happen is the radio announcer would provide,

• set your pins to some combination.

• So line up one number with one letter.

• And then it would read off some secret message

• that, ostensibly, only individuals who possessed this pin,

• or many of the duplicate versions of this pin that were distributed

• to children around the country, could then decipher

• by taking the numbers that were given over the radio

• and transforming them back into letters so that it makes sense.

• So if you can, if you zoom in on this image,

• it might be a little difficult to see, but you

• can see that the 3 corresponds to the letter L, and the 4 corresponds to an M

• based on this particular setting of this decoder pin.

• So this is one potential, what we would call a substitution cipher,

• where we're changing, we're substituting a letter in this case for a number,

• and that number will henceforth represent that letter

• for the rest of this message.

• But what is the problem with this cipher?

• Or more generally, when we think about issues in computer science

• where we have adversaries who are trying to penetrate some system,

• or break a code, or break in, or hack into anything,

• what is the attack vector?

• Where is the vulnerability that is potentially

• part of this particular cipher?

• And in this case, it's that anybody who has access to this pin

• is able to break any cipher that is made with this pin.

• And again, this pin was distributed pretty extensively in 1930s and 40s

• to children who listened to this very popular radio program.

• So these pins were in the hands of many people.

• be able to understand the message.

• And so that is, how we might frame this attack vector,

• is the key, in this case, the pin, which we will call a key for this purpose,

• is just very prevalent.

• It's pretty well known how to use this key and manipulate this key.

• But that's just one example of a substitution cipher.

• We have many different examples of substitution ciphers that we could use.

• Let's just take another very simple, straightforward one,

• which is imagine we have all of the letters of the alphabet

• and we're just going to assign the ordinal position of that letter

• as its cipher value.

• So with the secret society pin, there was this sort of random element

• to it, right?

• The letters were being skipped.

• There wasn't a rhyme or reason to them, although the numbers were sequential.

• Here let's just line up both.

• Let's use sequential letters and map them to their sequential numbers.

• So A becomes 1, B becomes 2, and so on.

• Both of these things are increasing linearly.

• Now you may recall that as computer scientists,

• we ordinarily start counting from zero rather than counting from one.

• I'm counting from one here because this mapping of A to 1 and Z to 26

• is much more familiar to us intuitively as humans,

• and I want to keep us grounded in this discussion of cryptography right now.

• But ordinarily, you might actually instead see this as 0 to 25, 0 being A,

• through Z being 25 as opposed to 1 through 26.

• But this cipher would work exactly the same

• and has roughly the same security potential

• as Annie's secret society cipher does.

• And we can actually make this a little bit better because we are consistently

• increasing the letters, A through Z, and consistently increasing

• the numbers, 1 through 26.

• We could also, instead of just doing this direct mapping,

• we could rotate around.

• We could start the 1 somewhere else as opposed to being A.

• And now instead of having just one cipher where A maps to 1, B maps to 2,

• we have a variety of different ciphers, depending

• on where we decide we want to have our starting point.

• So for example, we might instead add two to every number.

• So instead of going from 1 to 26, we go from 3 to 28.

• If you're trying to break this cipher and you see patterns

• like this with all these numbers in them, what might jump out at you?

• Well, if you're used to seeing ciphers that are 1 through 26, for example,

• something where you don't see any 1s or 2s

• and suddenly you're seeing 27s and 28s potentially in the message that might

• be long enough to have, in this case, Ys or Zs in it

• might seem to you that this is slightly off.

• Like this cipher must be shifted in some way.

• Instead of being this straightforward line,

• there's some modification that's been made to it.

• That's kind of a tip off if you're trying to defend

• against somebody figuring that out.

• And so instead of going 27, 28 at the end,

• we might instead wrap around the alphabet.

• Once we have exhausted the 26 possible values that we started with,

• the 26 letters of the alphabet, we might instead, once we have X is 26,

• say, well, instead of Y being 27, Y is 1 and Z is 2.

• And this is not a massive improvement on the security of this cipher.

• Like I said, it's still quite fragile and quite easy to break.

• But it doesn't give quite as much of a clue to a potential adversary

• as to how to crack it, how to decipher the message.

• And this can be done for any different value

• to obtain any number of different ciphers.

• Instead of going forward by two positions,

• we could add 20 to every letter's value, again,

• wrapping around the alphabet when we exhaust,

• when we get to 26, instead of having 27, 28, we would just reset at 1

• and continue on.

• But we can also add 26 to it.

• But that doesn't look very different than what we had before.

• And that's where this cipher's vulnerability comes into play.

• There's only 26 possible ways to rotate the alphabet

• while keeping the order of the letters preserved, right?

• Unless we start skipping A, D, G, and then,

• you know, rearranging the other letters in some other way.

• If we want to keep everything straightforward in a line,

• again, wrapping around 26 when necessary, there's

• only 26 ways to do it.

• That is to say that shifting the alphabet forward by 26

• is exactly the same as shifting the alphabet forward by 0.

• And so that's our limitation.

• We have a very small number of, again, this word keys that can

• be used to decipher using this cipher.

• Now this is an example of something called a rotational cipher,

• and it's actually a rather famous rotational cipher

• known as the Caesar Cipher.

• It's attributed to Julius Caesar and was apparently used

• more than two millennia ago for him to encode messages to his troops