Análisis sobre el impacto generado en los habitantes de Ávila

So far, we haven’t discussed one single encryption algorithm without showing, at least rudimentarily, how it can be broken. Though you are likely to come across statements like ‘provably secure method’ in publications, don’t buy it: rather than proving that their method is secure, the authors normally just attribute it to another one that hasn’t been broken yet (and often to the problems of factoring large numbers, or calculating the discrete logarithm; more about these issues in Section 4.5).

‘Is there such a thing as a secure encryption method?’, you’ll probably ask. Yes, there is, and it’s called a one-time pad. The method is very easy to describe. It’s a polyalphabetic cipher with infinite period. In other words, we select a key which is at least as long as the plaintext:

ANEXTREMELYLONGANDCOMPLETELYRANDOMLYSELECTEDKEY THEPLAINTEXTISSOMEWHATSHORTER

Superimposed characters are added (as in the Caesar cipher described earlier): A corresponds to 0, B to 1, Z to 25, and if the sum grows larger than 25, we deduct 25 to once more obtain a number that can be translated back into a letter:

ANEXTREMELYLONGANDCOMPLETELYR + THEPLAINTEXTISSOMEWHATSHORTER = TUIMERMZXPVEWFYOZHYVMIDLHVECI

The receiver is (hopefully!) the only one who also knows the key and subtracts it from the ciphertext:

2.6. The Only Safe Method: One-Time Pads 57

TUIMERMZXPVEWFYOZHYVMIDLHVECI - ANEXTREMELYLONGANDCOMPLETELYR = THEPLAINTEXTISSOMEWHATSHORTER

We encrypt bitwise rather than bytewise nowadays. We no longer add characters modulo 25, but bits modulo 2, which corresponds to the bitwise exclusive OR (XOR, or operator in the C programming language). That’s a basic operation for every microprocessor, and it can also be used to encrypt arbitrary data streams. The important point about this method is that the section of the key concerned may be used once only. Since absolutely nothing is known about the key, any plaintext could have produced a given ciphertext, and all conceivable plaintexts are equally likely. All other symmetric methods (these are encryption algo- rithms like the ones described in this book so far) have shorter keys, which means that they necessarily contain some rules (the trouble is, we just aren’t clever enough to recognize and exploit these rules). There are no such rules with the one-time pad, not even in theory.

Unfortunately, there are two problems inherent in this method.

Problem 1: How can we create a ‘truly random’ key? Using a computer won’t do the trick properly, because every computer output obeys rules, which means that it can be at best ‘pseudo-random’. What we need is chaotic input from the real world, which cannot be traced back. How about this for ‘chaotic’ and ‘real world’: record whatever an unreliable Geiger counter measures from a radioactive sample in the trunk of your car as you rumble over bumpy roads, then overlay this data stream with the digitized gurgling of a waterfall and the bleating of sheep. Every spy will just give up.

Since there were times when digitizing didn’t exist, people selected sections from books for use as keys, for example. Naturally, that’s far from being secure. [BauerDS] explains the so-calledzigzag method, whichdoesbreak this method after all: for a starter, you know a little bit of plaintext, from which you can easily calculate a fragment of the key. This fragment doesn’t normally end at word boundaries so that, with some luck, fragments missing in words can be filled in. This, in turn, produces a little piece of plaintext—and so on. Though this cryptanalysis doesn’t always work, it can indeed reveal important parts of the plaintext.

Good keys, i.e., non-reproducible keys, were carried around by good spies in printed form. Adversaries would regularly pull them out of the hollow knob of their walking sticks.

Both the sender and the receiver of a message have to carry this individual key with them.

This takes us straight to problem 2: handling the key. How does the key get to the receiver? How should it be stored? This is not practical in most cases. If you want to use a one-time pad to encrypt a complete hard disk, you need a second disk only to store the key. How about locking away the critical disk in the first place? Anyway, fast data streams over lengthy periods cannot be encrypted in this way.

The following historical episode should teach us a lesson in this respect: one- time pads were used by Soviet spies in the USA during World War II. They reused the same pads; the KGB must have supplied them in identical batches. That was a fateful mistake. Of course, the adversary listened in on them and copied the messages, although they couldn’t initially make sense of them. Using simple statistical tests, they managed in arrears to fish out usable ciphertext pairs. If you use different pads, S1 and S2, for two plaintexts,P1 and P2, then the results,C1=P1+S1andC2=P2+S2, are independent, and both the sum and the difference ofC1 and C2 produce equally distributed random numbers. In the case of S1=S2, however,