Cryptography (Network security)

Cryptography (from now on “crypto”, you might as well call cryptocurrencies “currencies”) is how we do security over the Internet, so I will discuss how these concepts are applied to username/password authentication we’re all still using for some reason. Because it suits Google et al, perhaps?

With computers modern crypto is based on math, though traditionally it was based on linguistics. Like when fictional journalist Jack Peters spells secret messages in the final letters of alternating words of his news articles. You’ll still see linguistic crypto as “cryptogram” puzzles to break or in fiction.

The mathematical foundations behind crypto are the concept of “trapdoor” functions. These are combinations of math operators which are to the best of our knowledge trivial to compute yet essentially impossible to reverse.

E.g. exponentiation + remainder, or multiplying two primes.

Hash functions are formulas which converts some arbitrary ammount of input to a fixed ammount of output. The mapping from inputs to output is supposed to be unpredictable, beyond the fact the same inputs always gives you the same output.

Webservices use hashing to check your passwords without storing them in a form useful to the inevitable break-in.

Outside crypto: Distributed networking often uses hashes. Random number generators are built on them, as are efficient key-value mappings.

Encryption scrambles some sequence of data so that it’s unreadable unless you know a secret “key”. With Symmetric Encryption the same key is used both to encrypt & decrypt the data.

Symmetric encryption is used by password managers so noone without your password (given it’s good enough) can read your password vault, not even the devs. Your OS might also use it to protect all the data saved to your harddrive.

The main trick is elongating the key to hide any patterns in the data.

Asymmetric encryption uses different, but related via a trapdoor function, “keys” to encrypt & decrypt the data.

You use assymmetric encryption when connecting to just about any website today. Especially those requiring/managing payments (terrible idea to transmit your credit number in “plaintext” where any attacker can wiretap it!) or you log into. Theoretically assymetric encryption could be a more secure (the server never sees your private key) & user friendly (it doesn’t expect you to be able to come up with a secure password) way to authenticate.

Encryption & hashing involves applying a relevant trapdoor function, the main difference is you can decrypt encrypted data.

Combine hashing & assymmetric encryption and you get crypto signatures! These play the same role your IRL signature does in beaurocracy. Letting you prove who sent a message without encrypting the whole thing, probably because you want to make that public.

This is used e.g. to check you obtained the correct key for a domain name & that noone’s intercepting your messages. By checking it was vouched for by a “certificate authority” like Let’s Encrypt.

Feel free to doubt this trust model!

I really don’t know much about this, but there’s research into “homomorphic encryption” that lets you encrypt data so that an untrusted service can process it but not actually read the data.

This is used e.g. to anonymously tally digital votes in the CHVote & HeliosC protocols as implemented in Belenios amongst others.

Homomorphic encryption may add more nuance to this statement in the future, but online & offline security are two seperate beasts. Online security is done via cryptography, offline security is done via if checks.

When Hollywood wants that not to be the case, they place a crypto key on your computer & sue you if/when you find it. Then send DMCA takedowns to Github.

I strongly believe the international laws they sue under are unjust.

Final topic from me: The computer geek’s approach to leaving a will, Shamer’s Secret Sharing! Which is implemented as e.g. Dark Crystal.

This allows you to unlock a crypto key only when n of m parties agree to do so, for your choice of n & m.

To do so you generate a random n-degree polynomial & sample m points from it to hand to the different parties. Solving for x=0 gives you the key.