Cryptography: the art of hiding behind numbers

Sending an unencrypted e-mail is like sending a postcard: easy to read for anyone who cares to look. In a day and age where some businesses make their profits off of selling personal information and identity theft prompts individuals to invest in paper shredders, cryptographers face a never-ending task. Dr. Tom Shrimpton works daily to advance the field that protects the secrecy of ATM codes, credit card information and e-mail content.

Shrimpton teaches cryptography at PSU and works at the forefront of cryptology development on the theoretical mathematical side. That means the modern-day technological cavalier develops mathematical algorithms to expand the application and effectiveness of cryptography.

Though some cryptographers may drink their martinis shaken, not stirred, Shrimpton said a cryptographer’s work is not quite as glamorous as students entering his classes sometimes assume.

Cryptography can be described as the art of making writings indecipherable. It is most prevalently used in e-commerce, banking and e-mail. Extremely long and complicated mathematical proofs go into creating encryption programs. Shrimpton works in this part of the process, writing the proofs that verify that the programs do what they’re intended to.

The mathematical proofs used to test the difficulty of untangling the codes are necessary to assure their efficacy. “You can’t just say, ‘This looks really hard,'” said Vahid Jimenez, PSU graduate and enthusiastic student of cryptography. Hence the necessity of the tedious work put forth.

When a theoretical whiz team develops computational guarantees that a certain encryption cannot be broken, they share a paper at a conference. A new standard may be adopted, thus evolving encryption.

Shrimpton said cryptographers battle against two forces. The first foe is Moore’s law, which can be defined succinctly as the doubling of technology every 18 months. Curious people weaseling their way into private systems and servers are the second scoundrel against technological security. Shrimpton said that cryptographers do not make assumptions on hackers’ motives, simply on the means they go about attacking. It is not their place to judge, only to protect.

Jimenez wants everyone to encrypt their e-mails. Self-defined as a general-purpose nerd, Jimenez encourages everyone to send encrypted e-mails as a matter of course. “Fight tooth and nail for what you have,” Jimenez said regarding civil liberties and privacy.

Despite Jimenez’s fervent desire for encryption to enter the mainstream in casual communication, such is not the case. “Only the most paranoid people actually encrypt their e-mails,” Shrimpton said.

Encrypted e-mails break down like this: encryption programs are readily available for the privacy savvy. A popular system is Pretty Good Privacy (PGP), where people download the encryption program onto their computer. They register a public key where it is listed in a directory available to all. If the user wishes to e-mail someone an encrypted e-mail, they send their message using the public key to send it. The recipient has a private key (or code) that is stored on their computer, they type in a password to open the message. Voila, communication occurs.

Jimenez recommended using the program Thunderbird for encryption because it interfaces with the e-mail server for PSU.

Many encryption programs are free. The code used in creating such a program is detailed and quite complex. “No one should attempt to roll their own cryptography,” Shrimpton said. “They are notoriously hard to get right.”

Though sending an encrypted message decreases the likelihood of an outside individual accessing it, encrypted e-mails are not as impervious as one would hope. If the network has holes, a rigorous cryptography system can be compared to an iron vault door on a house made of toilet paper, Shrimpton said. Generally if something goes awry during an encrypted discourse, it is not in the programming end but on the network side. For example, if hackers access the registry of public keys they can change an individual’s public key to their own. When someone sends an e-mail to the listed public code, it actually gets sent to the hacker.

Another downside to encrypted e-mails is that the messages tend to be slower and larger. Sometimes a two-sentence message turns into a 200-word paragraph of encrypted code.

Shrimpton sees encryption becoming more prevalent in the day-to-day but less obvious to the user. He said that a rise in the technology will yield positive results, but it will take more trust on the user’s end. Shrimpton compared the level of trust needed to the trust airline passengers grant to their pilot. “You better believe the people who built it did a good job,” he said.