quarta-feira, abril 08, 2015

Humpty Dumpty: "The Code Book - The Science of Secrecy from Ancient Egypt to Quantum Cryptography" by Simon Singh

The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography - Simon Singh
Published 1999.

“[ ] One-way functions are sometimes called Humpty Dumpty functions. Modular arithmetic, sometimes called clock arithmetic in schools, is an area of mathematics that is rich in one-way functions. In modular arithmetic, mathematicians consider a finite group of numbers arranged in a loop [ ].”

The two greatest hazards of the internet are pornography and security. I have no idea how this is so, or how these myths have become so dominant in our collective consciousness. In fact is that quality pornography is available from the bookshops (so I’ve been told…), and the internet is fundamentally more secure than the world it’s replacing. There’s only one catch: one should not be stupid!

Many Internet services are in it just for the money, i.e., they sell data they collect about us customers and users. This applies both to information I post intentionally and also to the hidden parts of my information footprint. Even paid apps and services often collect data about me; it’s not a question of paying more money; even if you pay more there’s no guarantee that service in question isn’t also profiting indirectly by selling my data. Most of the time what happens is even worse: the data is sold to other 3rd-party services that aggregate data from many primary sources, making it even more valuable. My information may be innocuous or just annoying, for example, which online ads I usually see, but in the worst-case scenario, digital information can be used against me. Data from cell phones, email accounts, computer hard drives, and other sources can be used by others (sigh). The history of Cryptography has always been a struggle between the code makers, and the code breakers, with sometimes one and sometimes the other having the ascendancy. In today’s society, I think the code breakers are getting the upper hand…

This shows the importance of data/information privacy in today’s information society.
Singh’s book had a dual objective as far as I can discern: (1) to document the evolution of Cryptography, (2) to show that this study area is as relevant for today as ever (many of us working in IT firmly believe that the Encryption Standard Stack – DES was weakened in order to allow government agencies to access 3rd party information).

Singh’s puts forth some very relevant questions about Information Security. The crux of the matter now is not so much about the battle between Code Breaking vs Code Making, but it’s now more about the need for heightened security and the protection of individual freedoms.

Where would we be without PKI? eCommerce as we know it today would be unthinkable. Every time we want to buy a book using online services the "padlock" symbol appears on our browser, meaning we’re about to conduct an encrypted transaction. This is PKI in action. It works by having a public key, and my own private key. They belong to one another mathematically, but by being mathematically linked doesn’t mean that’s possible to get one from the other (at least we don’t know how it can be done...).

Singh’s book has a very different flavour to the usual science books on the subject. It’s much more mathematically-oriented than I was expecting, but that’s a good thing due its nature. Without the so-called math the book wouldn’t have been as good and insightful. Had Singh had incurred in the fatal sin of dumbing down the book’s tone, I’d have thrown it across the room.

For me one of the major points of the book, at the end of the day, was to know a little bit more about Marian Rejewski’s, the first mathematician to decrypt the Enigma Code. He was able to deduce the wiring of the 3 rotor Enigma while Turing, later on, invented the bombe, a much more advanced machine that would resist some of the changes in procedure (e.g., not sending the message settings twice in the beginning of message and cyphered with day settings). I’d always thought Rejewski had worked at Bletchley Park during WWII, but Singh’s book disavowed me of that notion. I still haven’t seen “The Imitation Game”, i.e., I don’t know how Rejewski is portrayed in the movie. Without Rejewski it is doubtful Turing would have been able to develop his version of his Enigma Cracking approach in the same terms.

Even though it's sadly a bit out of date, all in all this book represents a major addition to my Computer Science Reading Library.

NB: Just For the 3 pages of appendix J, it’s worth the read. I’d never seen the RSA encryption/decryption algorithm explained this way, i.e., by using a very down-to-earth approach. Everyone can follow the explanation. Only high-school math needed.

Just for the fun of it, I’ve implemented two of the algorithms referenced (for the Android OS):

App repository.
Original post: antao.booklikes.com/post/1142282/humpty-dumpty-the-code-book-the-science-of-secrecy-from-ancient-egypt-to-quantum-cryptography-by-simon-singh

Sem comentários: