HOWSOFTWAREWORKS
TheMagicBehindEncryption,CGI,SearchEngines,and
OtherEverydayTechnologies
byV.AntonSpraul
SanFrancisco
HOWSOFTWAREWORKS.Copyright©2015byV.AntonSpraul.
Allrightsreserved.Nopartofthisworkmaybereproducedortransmittedinanyformorbyanymeans,electronicor
mechanical,includingphotocopying,recording,orbyanyinformationstorageorretrievalsystem,withouttheprior
writtenpermissionofthecopyrightownerandthepublisher.
PrintedinUSA
Firstprinting
1918171615123456789
ISBN-10:1-59327-666-4
ISBN-13:978-1-59327-666-9
Publisher:WilliamPollock
ProductionEditor:AlisonLaw
CoverIllustration:JoshEllingson
InteriorDesign:OctopodStudios
DevelopmentalEditors:HayleyBaker,SephKramer,andGregPoulos
TechnicalReviewer:RandallHyde
Copyeditor:RachelMonaghan
Compositor:SusanGlinertStevens
Proofreader:JamesFraleigh
Forinformationondistribution,translations,orbulksales,pleasecontactNoStarchPress,Inc.directly:
NoStarchPress,Inc.
2458thStreet,SanFrancisco,CA94103
phone:415.863.9900;
www.nostarch.com
LibraryofCongressCataloging-in-PublicationData:
Spraul,V.Anton.
Howsoftwareworks:themagicbehindencryption,CGI,searchengines,andothereverydaytechnologies/by
V.AntonSpraul.
pagescm
Includesindex.
Summary:“Aguidefornon-technicalreadersthatexplorestopicslikedataencryption;computergraphics
creation;passwordprotection;videocompression;howdataisfoundinhugedatabases;howprogramscanwork
togetheronthesameproblemwithoutconflict;andhowmapsoftwarefindsroutes.”—Providedbypublisher.
ISBN978-1-59327-666-9—ISBN1-59327-666-4
1.Electronicdataprocessing—Popularworks.2.Computersoftware—Popularworks.3.Computernetworks—
Popularworks.I.Title.
QA76.5.S66632015
005.3—dc23
2015022623
NoStarchPressandtheNoStarchPresslogoareregisteredtrademarksofNoStarchPress,Inc.Otherproductand
companynamesmentionedhereinmaybethetrademarksoftheirrespectiveowners.Ratherthanuseatrademark
symbolwitheveryoccurrenceofatrademarkedname,weareusingthenamesonlyinaneditorialfashionandtothe
benefitofthetrademarkowner,withnointentionofinfringementofthetrademark.
Theinformationinthisbookisdistributedonan“AsIs”basis,withoutwarranty.Whileeveryprecautionhasbeentaken
inthepreparationofthiswork,neithertheauthornorNoStarchPress,Inc.shallhaveanyliabilitytoanypersonor
entitywithrespecttoanylossordamagecausedorallegedtobecauseddirectlyorindirectlybytheinformation
containedinit.
AbouttheAuthor
V.AntonSpraulhastaughtintroductoryprogrammingandcomputersciencetostudents
fromallovertheworldformorethan15years.HeisalsotheauthorofThinkLikea
Programmer(NoStarchPress)andComputerScienceMadeSimple(Broadway).
AbouttheTechnicalReviewer
RandallHydeistheauthorofTheArtofAssemblyLanguageandWriteGreatCode(both
NoStarchPress),andisalsotheco-authorofTheWaiteGroup’sMicrosoftMacro
Assembler6.0Bible(SamsPublishing).HydetaughtassemblylanguageattheUniversity
ofCalifornia,Riverside,formorethanadecadeandhasbeenprogrammingsoftwarefor
nuclearreactorconsolesforthepast12years.
BriefContents
Acknowledgments
Introduction
Chapter1:Encryption
Chapter2:Passwords
Chapter3:WebSecurity
Chapter4:MovieCGI
Chapter5:GameGraphics
Chapter6:DataCompression
Chapter7:Search
Chapter8:Concurrency
Chapter9:MapRoutes
Index
ContentsinDetail
Acknowledgments
Introduction
WhoThisBookIsFor
TopicsCovered
BehindtheMagic
1Encryption
TheGoalofEncryption
Transposition:SameData,DifferentOrder
CipherKeys
AttackingtheEncryption
Substitution:ReplacingData
VaryingtheSubstitutionPattern
KeyExpansion
TheAdvancedEncryptionStandard
BinaryBasics
AESEncryption:TheBigPicture
KeyExpansioninAES
AESEncryptionRounds
BlockChaining
WhyAESIsSecure
PossibleAESAttacks
TheLimitsofPrivate-KeyEncryption
2Passwords
TransformingaPasswordintoaNumber
PropertiesofGoodHashFunctions
TheMD5HashFunction
EncodingthePassword
BitwiseOperations
MD5HashingRounds
MeetingtheCriteriaofaGoodHashFunction
DigitalSignatures
TheProblemofIdentity
CollisionAttacks
PasswordsinAuthenticationSystems
TheDangersofPasswordTables
HashingPasswords
DictionaryAttacks
HashTables
HashChaining
IterativeHashing
SaltingPasswords
ArePasswordTablesSafe?
PasswordStorageServices
AFinalThought
3WebSecurity
HowPublic-KeyCryptographySolvestheSharedKeyProblem
MathToolsforPublic-KeyCryptography
InvertibleFunctions
One-WayFunctions
TrapdoorFunctions
TheRSAEncryptionMethod
CreatingtheKeys
EncryptingDatawithRSA
RSAEffectiveness
RSAUseintheRealWorld
RSAforAuthentication
SecurityontheWeb:HTTPS
Handshaking
TransmittingDataUnderHTTPS
TheSharedKeyProblemSolved?
4MovieCGI
SoftwareforTraditionalAnimation
HowDigitalImagesWork
HowColorsAreDefined
HowSoftwareMakesCelAnimations
FromCelAnimationSoftwaretoRendered2DGraphics
Softwarefor3DCGI
How3DScenesAreDescribed
TheVirtualCamera
DirectLighting
GlobalIllumination
HowLightIsTraced
Full-SceneAnti-Aliasing
CombiningtheRealandtheFake
TheIdealofMovie-QualityRendering
5GameGraphics
HardwareforReal-TimeGraphics
WhyGamesDon’tRayTrace
AllLinesandNoCurves
ProjectionWithoutRayTracing
RenderingTriangles
ThePainter’sAlgorithm
DepthBuffering
Real-TimeLighting
Shadows
AmbientLightandAmbientOcclusion
TextureMapping
Nearest-NeighborSampling
BilinearFiltering
Mipmaps
TrilinearFiltering
Reflections
FakingCurves
DistantImpostors
BumpMapping
Tessellation
Anti-AliasinginRealTime
Supersampling
Multisampling
Post-ProcessAnti-Aliasing
TheRenderingBudget
What’sNextforGameGraphics
6DataCompression
Run-LengthEncoding
DictionaryCompression
TheBasicMethod
HuffmanEncoding
ReorganizingDataforBetterCompression
PredictiveEncoding
Quantization
JPEGImages
ADifferentWaytoStoreColors
TheDiscreteCosineTransform
TheDCTforTwoDimensions
CompressingtheResults
JPEGPictureQuality
CompressingHigh-DefinitionVideo
TemporalRedundancy
MPEG-2VideoCompression
VideoQualitywithTemporalCompression
ThePresentandFutureofVideoCompression
7Search
DefiningtheSearchProblem
PuttingDatainOrder
SelectionSort
Quicksort
BinarySearch
Indexing
Hashing
WebSearch
RankingResults
UsingtheIndexEffectively
What’sNextforWebSearch
8Concurrency
WhyConcurrencyIsNeeded
Performance
MultiuserEnvironments
Multitasking
HowConcurrencyCanFail
MakingConcurrencySafe
Read-OnlyData
Transaction-BasedProcessing
Semaphores
TheProblemofIndefiniteWaits
OrderlyQueues
StarvationfromCircularWaits
PerformanceIssuesofSemaphores
What’sNextforConcurrency
9MapRoutes
WhataMapLooksLiketoSoftware
Best-FirstSearch
ReusingPriorSearchResults
FindingAlltheBestRoutesatOnce
Floyd’sAlgorithm
StoringRouteDirections
TheFutureofRouting
Index
Acknowledgments
Thisbookwasshapedandguidedbyaplatoonoftalentededitors:AlisonLaw,Greg
Poulos,SephKramer,HayleyBaker,RandallHyde,RachelMonaghan,andthe“BigFish”
ofNoStarch,BillPollock.Beyondtheeditorialstaff,Iappreciatethesupportand
kindnessofeveryoneI’veworkedwithatNoStarch.
Thetwopeoplewhohelpedmethemost,though,areMaryBethandMadeline,the
bestwifeanddaughterIcanimagine.Withouttheirloveandsupport,thisbookwouldnot
havebeenwritten.
Introduction
SciencefictionauthorArthurC.Clarkewrotethat“anysufficientlyadvancedtechnology
isindistinguishablefrommagic.”Ifwedon’tknowhowsomethingworks,thenitmightas
wellbeexplainedbysupernaturalforces.Bythatstandard,weliveinanageofmagic.
Softwareiswovenintoourlives,intoeverydaythingslikeonlinetransactions,special
effectsinmovies,andstreamingvideo.We’reforgettingweusedtoliveinaworldin
whichtheanswertoaquestionwasn’tjustaGooglesearchaway,orwherefindingaroute
foracartripbeganwithunfoldingacumbersomemap.
Butfewofushaveanyideahowallthissoftwareworks.Unlikemanyinnovationsof
thepast,youcan’ttakesoftwareaparttoseewhatit’sdoing.Everythinghappensona
computerchipthatlooksthesamewhetherthedeviceisperforminganamazingtaskor
isn’teventurnedon.Knowinghowaprogramworksseemstorequirespendingyearsof
studytobecomeaprogrammer.Soit’snowonderthatmanyofusassumethatsoftwareis
beyondourunderstanding,acollectionofsecretsknownonlytoatechnologicalelite.But
that’swrong.
WhoThisBookIsFor
Anyonecanlearnhowsoftwareworks.Allyouneediscuriosity.Whetheryou’reacasual
fanoftechnology,aprogrammerinthemaking,orsomeoneinbetween,thisbookisfor
you.
Thisbookcoversthemostcommonlyusedprocessesinsoftwareanddoessowithouta
singlelineofprogrammingcode.Nopriorknowledgeofhowcomputersoperateis
required.Tomakethispossible,I’vesimplifiedafewprocessesandclippedsomedetails,
butthatdoesn’tmeanthesearemerehigh-leveloverviews;you’llbegettingthereal
goods,withenoughdetailsthatyou’lltrulyunderstandhowtheseprogramsdowhatthey
do.
TopicsCovered
ComputersaresoubiquitousinthemodernworldthatthelistofsubjectsIcouldcover
seemsendless.I’vechosentopicsthataremostcentraltoourdailylivesandwiththemost
interestingexplanations.
•Chapter1:Encryptionallowsustoscrambleourdatasothatonlywecanaccessit.
Whenyoulockyourphoneorpassword-protecta.zipfile,you’reusingencryption.
We’llseehowdifferentscramblingtechniquesarecombinedinmodernencryption
software.
•Chapter2:Passwordsarethekeysweusetolockourdataandhowweidentify
ourselvestoremotesystems.You’llseehowpasswordsareusedinencryptionandlearn
thesurprisingstepsthatmustbetakentokeeppasswordssafefromattackers.
•Chapter3:WebSecurityiswhatweneedtosafelypurchasegoodsonlineoraccessour
accounts.Lockingdatafortransmissionrequiresadifferentmethodofscramblingcalled
public-keyencryption.You’lldiscoverhowasecurewebsessionrequiresallthe
techniquescoveredinthefirstthreechapters.
•Chapter4:MovieCGIispuresoftwaremagic,creatingwholeworldsoutof
mathematicaldescriptions.You’lldiscoverhowsoftwaretookovertraditionalcel
animationandthenlearnthekeyconceptsbehindmakingacompletemoviesetwith
software.
•Chapter5:GameGraphicsareimpressivenotjustfortheirvisualsbutalsoforhow
theyarecreatedinmerefractionsofasecond.We’llexploreahostofclevertricks
gamesusetoproducestunningimageswhentheydon’thavetimeforthetechniques
discussedinthepreviouschapter.
•Chapter6:DataCompressionshrinksdatasothatwecangetmoreoutofourstorage
andbandwidthlimits.We’llexplorethebestmethodsforshrinkingdata,andthensee
howtheyarecombinedtocompresshigh-definitionvideoforBlu-raydiscsandweb
streams.
•Chapter7:Searchisaboutfindingdatainstantly,whetherit’sasearchforafileonour
owncomputerorasearchacrossthewholeWeb.We’llexplorehowdataisorganized
forquicksearches,howsearchzerosinonrequesteddata,andhowwebsearchesreturn
themostusefulresults.
•Chapter8:Concurrencyallowsmultipleprogramstosharedata.Withoutconcurrency,
multiplayervideogameswouldn’tbepossible,andonlinebanksystemscouldallow
onlyonecustomeratatime.We’lltalkaboutthemethodsthatenabledifferent
processorstoaccessthesamedatawithoutgettingineachother’sway.
•Chapter9:MapRoutesarethoseinstantdirectionswegetfrommappingsitesandincarnavigators.You’lldiscoverwhatamaplooksliketosoftwareandthespecialized
searchtechniquesthatfindthebestroutes.
BehindtheMagic
Ithinkit’simportanttosharethisknowledge.Weshouldn’thavetoliveinaworldwe
don’tunderstand,andit’sbecomingimpossibletounderstandthemodernworldwithout
alsounderstandingsoftware.Clarke’smessagecanbetakenasawarningthatthosewho
understandtechnologycanfoolthosewhodon’t.Forexample,acompanymayclaimthat
thetheftofitslogindataposeslittledangertoitscustomers.Couldthisbetrue,andhow?
Afterreadingthisbook,you’llknowtheanswertoquestionslikethese.
Beyondthat,though,there’sanevenbetterreasontolearnthesecretsofhowsoftware
works:becausethosesecretsarereallycool.Ithinkthebestmagictricksareevenmore
magicalonceyoulearnhowtheyaredone.Readonandyou’llseewhatImean.
1
Encryption
Werelyonsoftwaretoprotectourdataeveryday,butmostofusknowlittleabouthow
thisprotectionworks.Whydoesa“lock”iconinthecornerofyourbrowsermeanit’ssafe
toenteryourcreditcardnumber?Howdoescreatingapasswordforyourphoneactually
protectthedatainside?Whatreallypreventsotherpeoplefromloggingintoyouronline
accounts?
Computersecurityisthescienceofprotectingdata.Inaway,computersecurity
representstechnologysolvingaproblemthattechnologycreated.Notthatlongago,most
datawasn’tstoreddigitally.Wehadfilingcabinetsinourofficesandshoeboxesof
photographsunderourbeds.Ofcourse,backthenyoucouldn’teasilyshareyour
photographswithfriendsaroundtheworldorcheckyourbankbalancefromamobile
phone,butneithercouldanyonestealyourprivatedatawithoutphysicallytakingit.Today,
notonlycanyouberobbedatadistance,butyoumightnotevenknowyou’vebeen
robbed—thatis,untilyourbankcallstoaskwhyyouarebuyingthousandsofdollarsin
giftcards.
Overthesefirstthreechapters,we’lldiscussthemostimportantconceptsbehind
computersecurity.Inthischapter,wetalkaboutencryption.Byitself,encryptionprovides
uswiththecapabilitytolockourdatasoonlywecanunlockit.Additionaltechniques,
discussedinthenexttwochapters,areneededtoprovidethefullsecuritysuitethatwe
dependon,butencryptionisthecoreofcomputersecurity.
TheGoalofEncryption
Thinkofafileonyourcomputer:itmightcontaintext,aphotograph,aspreadsheet,audio,
orvideo.Youwanttoaccessthefilebutkeepitsecretfromeveryoneelse.Thisisthe
fundamentalproblemofcomputersecurity.Tokeepthefilesecret,youcanuseencryption
totransformitintoanewformatthatisunreadableuntilthefilehasbeenreturnedtoits
originalformusingdecryption.Theoriginalfileistheplaintext(evenifthefileisn’ttext),
andtheencryptedfileistheciphertext.
Anattackerissomeonewhoattemptstodecrypttheciphertextwithoutauthorization.
Thegoalofencryptionistocreateaciphertextthatiseasyforauthorizeduserstodecrypt,
whilepracticallyimpossibleforattackerstodecrypt.“Practically”isthesourceofmany
headachesforsecurityresearchers.Justasnolockisabsolutelyunbreakable,no
encryptioncanbeabsolutelyimpossibletodecrypt.Withenoughtimeandenough
computingpower,anyencryptionschemecanbebrokenintheory.Thegoalofcomputer
securityistomakeanattacker’sjobsodifficultthatsuccessfulattacksareimpossiblein
practice,requiringcomputingresourcesbeyondanattacker’smeans.
Ratherthanjumpheadfirstintotheintricaciesofsoftware-basedencryption,I’llstart
thischapterwithsomesimpleexamplesfromthepre-softwaredaysofcodesandspies.
Althoughthestrengthofencryptionhasvastlyimprovedovertheyears,thesesameclassic
techniquesformthebasisofallencryption.Later,you’llseehowtheseideasarecombined
inamoderndigitalencryptionscheme.
Transposition:SameData,DifferentOrder
Oneofthesimplestwaystoencryptdataiscalledtransposition,whichsimplymeans
“changingposition.”TranspositionisthekindofencryptionmyfriendsandIusedwhen
passingnotesingradeschool.Becausethesenoteswerepassedthroughuntrustworthy
hands,itwasimperativethenoteswereunintelligibletoanyonebutus.
Tokeepmessagessecret,werearrangedtheorderofthelettersusingasimple,easy-toreversescheme.SupposeIneededtosharethevitalintelligencethatCATHYLIKES
KEITH(thenameshavebeenchangedtoprotecttheinnocent).Toencryptthemessage,I
copiedeverythirdletteroftheplaintext(ignoringanyspaces).Duringthefirstpass
throughthemessage,Icopiedfiveletters,asshowninFigure1-1.
Figure1-1:Thefirstpassinthetranspositionofthesamplemessage
Havingreachedtheendofthemessage,Istartedbackatthebeginningandcontinued
selectingeverythirdremainingletter.ThesecondpassgotmetothestateshowninFigure
1-2.
Figure1-2:Thesecondtranspositionpass
OnthelastpassIcopiedtheremainingletters,asshowninFigure1-3.
Figure1-3:Thefinaltranspositionpass
TheresultingciphertextisCHISIAYKKTTLEEH.Myfriendscouldreadthemessage
byreversingthetranspositionprocess.ThefirststepisshowninFigure1-4.Returningall
theletterstotheiroriginalpositionrevealstheplaintext.
Figure1-4:Thefirstpassinreversingthetranspositionfordecryption
Thisbasictranspositionmethodwasfuntouse,butit’sterriblyweakencryption.The
biggestconcernisaleak—oneofmyfriendsblabbingabouttheencryptionmethodto
someoneoutsidethecircle.Oncethathappens,sendingencryptedmessageswon’tbe
secureanymore;itwilljustbemorework.Leaksaresadlyinevitable—andnotjustwith
schoolchildren.Everyencryptionmethodisvulnerabletoleaks,andthemorepeopleusea
particularmethod,themorelikelyitwillleak.
Forthisreason,allgoodencryptionsystemsfollowaruleformulatedbyearlyDutch
cryptographerAugusteKerckhoffs,knownasKerckhoffs’sprinciple:thesecurityofdata
shouldnotdependontheencryptionmethodremainingasecret.
CipherKeys
Thisraisesanobviousquestion.Iftheencryptionmethodisnotasecret,howdowe
securelyencryptdata?Theanswerliesinfollowingageneral,publicallydisclosed
encryptionmethod,butvaryingtheencryptionofindividualmessagesusingacipherkey
(orjustkey).Tounderstandwhatakeyis,let’sexamineamoregeneraltransposition
method.
Inthismethod,sendersandreceiversshareasecretnumberpriortosendingany
messages.Let’ssaymyfriendsandIagreeon374.We’llusethisnumbertoalterthe
transpositionpatterninourciphertexts.ThispatternisshowninFigure1-5forthe
messageCATHYLIKESKEITH.Thedigitsofoursecretnumberdictatewhichletter
shouldbecopiedfromtheplaintexttotheciphertext.Becausethefirstdigitis3,thethird
letteroftheplaintext,T,becomesthefirstletteroftheciphertext.Thenextdigitis7,so
thenextletteristheseventhletteraftertheT,whichisS.Next,weselectthefourthletter
fromtheS.ThefirstthreelettersoftheciphertextareTST.
Figure1-6showshowthenexttwolettersarecopiedtotheciphertext.Startingfrom
whereweleftoff(indicatedbythecircled1inthefigure),wecountthreepositions,
returningtothebeginningoftheplaintextwhenwereachtheend,toselectAasthefourth
letteroftheciphertext.ThenextletterchosenissevenpositionsaftertheA,skipping
lettersthathavealreadybeencopied:theK.Theprocesscontinuesuntilallofthelettersof
theplaintexthavebeentransposed.
Figure1-5:Thefirstpassintransposingusingthekey374
Figure1-6:Thesecondpassintransposingusingthekey374
Thesecretnumber374,then,isourcipherkey.Someonewhointerceptsthismessage
won’tbeabletodecryptitwithoutthekey,eveniftheyunderstandwe’reusinga
transpositionmethod.Thecodecanberegularlychangedtopreventblabbermouthsand
turncoatsfromcompromisingtheencryption.
AttackingtheEncryption
Evenwithoutthekey,attackerscanstilltrytorecovertheplaintextthroughothermeans.
Encrypteddatacanbeattackedthroughbruteforce,tryingallthepossiblewaysof
applyingtheencryptionmethodtotheciphertext.Foramessageencryptedusing
transposition,abrute-forceattackwouldexamineallpermutationsoftheciphertext.
Becausebruteforceisalmostalwaysanoption,thenumberoftrialsanattackerwillneed
tofindtheplaintextisagoodbaselineforencryptionstrength.Inourexample,the
messageCATHYLIKESKEITHhasaround40billionpermutations.
That’sahugenumber,soinsteadofbruteforce,asmartattackerwouldapplysome
commonsensetorecovertheplaintextfaster.Iftheattackercanassumetheplaintextisin
English,thenmostofthepermutationscanberuledoutbeforetheyaretested.For
example,theattackercanassumetheplaintextwon’tstartwiththelettersHTbecauseno
Englishwordstartswiththoseletters.That’sabillionpermutationstheattackerwon’t
havetocheck.
Anattackerwithsomeideaofthewordsinthemessagecanbeevensmarterabout
figuringouttheplaintext.Inourexample,theattackermightguessthemessageincludes
thenameofaclassmate.Theycanseewhatnamescanbeformedfromtheciphertext
lettersandthendeterminewhatwordscanbeformedfromtheleftoverletters.
Guessesabouttheplaintextcontentareknownascribs.Thestrongestkindofcribisa
known-plaintextattack.Tocarryoutthistypeofattack,theattackermusthaveaccesstoa
plaintextA,itsmatchingciphertextA,andaciphertextBthatusesthesamecipherkeyas
ciphertextA.Althoughthisscenariosoundsunlikely,itdoeshappen.Peopleoftenleave
documentsunguardedwhentheyarenolongerconsideredsecretwithoutrealizingthey
mayaidattacksonotherdocuments.Known-plaintextattacksarepowerful;figuringout
thetranspositionpatterniseasywhenyouhaveboththeplaintextandciphertextinfront
ofyou.
Thebestdefensesagainstknown-plaintextattacksaregoodsecuritypractices,suchas
regularlychangingpasswords.Evenwiththebestsecuritypractices,though,attackerswill
almostalwayshavesomeideaofaplaintext’scontents(that’swhyaretheysointerestedin
readingit).Inmanycases,theywillknowmostoftheplaintextandmayhaveaccessto
knownplaintext-ciphertextpairs.Agoodencryptionsystemshouldrendercribsand
knownplaintextsuselesstoattackers.
Substitution:ReplacingData
Theotherfundamentalencryptiontechniqueismoreresistanttocribs.Insteadofmoving
thedataaround,substitutionmethodssystematicallyreplaceindividualpiecesofdata.
Withtextmessages,thesimplestformofsubstitutionreplaceseveryoccurrenceofone
letterwithanotherletter.Forexample,everyAbecomesaD,everyBanH,andsoon.A
keyforthistypeofencryptionlookslikeTable1-1.
Table1-1:ASubstitutionCipherKey
Original
A B CDE F GHI J KL M NO P Q R ST U V W X Y Z
Replacement
M NBVCXZ L KFHGJ DS A P O I U Y T R E W Q
Althoughsimplesubstitution,asthismethodiscalled,isanimprovementover
transposition,ittoohasproblems:thereareonlysomanypossiblesubstitutions,soan
attackercansometimesdecryptciphertextthroughbruteforce.
Simplesubstitutionisalsovulnerabletofrequencyanalysis,inwhichanattacker
appliesknowledgeofhowoftenlettersorlettercombinationsoccurinagivenlanguage.
Statedbroadly,knowinghowoftendataitemsarelikelytoappearinaplaintextgivesthe
attackeranadvantage.Forexample,theletterEisthemostcommonletterinEnglish
writing,andTHisthemostcommonletterpair.Therefore,themostfrequentlyoccurring
letterinalongciphertextislikelytorepresentplaintextE,andthemostfrequently
occurringletterpairislikelytorepresentplaintextTH.
Thepoweroffrequencyanalysismeansthatsubstitutionencryptionbecomesmore
vulnerableasthetextgrowslonger.Attacksarealsoeasierwhenacollectionof
ciphertextsisknowntohavebeenencryptedwiththesamekey;avoidingsuchkeyreuseis
animportantsecuritypractice.
VaryingtheSubstitutionPattern
Tostrengthenencryptionagainstfrequencyanalysis,wecanvarythesubstitutionpattern
duringencryption,sothefirstEintheplaintextmightbereplacedwithA,butthesecond
EintheplaintextisreplacedwithaT.Thistechniqueisknownaspolyalphabetic
substitution.Onemethodofpolyalphabeticsubstitutionusesagridofalphabetsknownas
atabularecta,showninFigure1-7.Inthistable,eachrowandcolumnislabeledwiththe
letterofthealphabetthatstartstheroworcolumn.Everylocationinthegridislocated
withtwoletters,suchasrowD,columnH,whichcontainstheletterK.
Figure1-7:Atabularecta—theshadedfirstcolumnandrowarelabels.
Whenusingatabularecta,thekeyistextual—lettersareusedtovarytheencryption
insteadofnumbers,asweusedinourtranspositionexample.Thelettersoftheplaintext
selectrowsinthetabularecta,andthelettersofthekeyselectcolumns.Forexample,
supposeourplaintextmessageisthewordSECRET,andourencryptionkeyistheword
TOUGH.BecausethefirstletteroftheplaintextisSandthefirstletterofthekeyisT,the
firstletteroftheciphertextisfoundatrowS,columnTinthetabularecta:theletterL.We
thenusetheOcolumnofthetabletoencryptthesecondplaintextletterE(resultinginS),
andsoon,asshowninFigure1-8.Becausetheplaintextislongerthanthekey,wemust
reusethefirstletterofthekey.
Figure1-8:EncryptionusingthetabularectaandcipherkeyTOUGH
Decryptionreversestheprocess,asshowninFigure1-9.Thelettersinthekeyindicate
thecolumns,whicharescannedtofindthecorrespondingletterintheciphertext.Therow
wheretheciphertextletterisfoundindicatestheplaintextletter.Inourexample,thefirst
letterofourkeyisT,andthefirstletteroftheciphertextisL.WescantheTcolumnofthe
tabularectatofindL;becauseLappearsinrowS,theplaintextletterisS.Theprocess
repeatsforeveryletteroftheciphertext.
Figure1-9:DecryptionusingthetabularectaandcipherkeyTOUGH
Polyalphabeticsubstitutionismoreeffectivethansimplesubstitutionbecauseitvaries
thesubstitutionpatternthroughoutthemessage.Inourexample,thetwooccurrencesofE
intheplaintextbecomedifferentciphertextletters,andthetwooccurrencesofLinthe
ciphertextrepresenttwodifferentplaintextletters.
KeyExpansion
Althoughpolyalphabeticsubstitutionisagreatimprovementoversimplesubstitution,it’s
effectiveonlywhenthekeyisn’trepeatedtoooften;otherwiseithasthesameproblemsas
simplesubstitution.Withakeylengthoffive,forexample,eachplaintextletterwouldbe
representedbyonlyfivedifferentciphertextletters,leavinglongciphertextsvulnerableto
frequencyanalysisandcribs.Anattackerwouldhavetoworkharder,butgivenenough
ciphertexttoworkwith,anattackercouldstillbreaktheencryption.
Formaximumeffectiveness,weneedencryptionkeysthatareaslongastheplaintext,
atechniqueknownasaone-timepad.Butthat’snotapracticalsolutionformost
situations.Instead,amethodcalledkeyexpansionallowsshortkeystodotheworkof
longerones.Oneimplementationofthisideafrequentlyappearsinspynovels.Insteadof
sharingasuper-longkey,twospieswhoneedtoexchangemessagesagreeonacodebook,
whichisusedasarepositoryoflongkeys.Toavoidarousingsuspicion,thecodebookis
anordinarypieceofliterature,likeaspecificeditionofShakespeare’splays.
Let’ssupposea50-lettermessagewillbesentusingthisscheme.Inadditiontothe
ciphertext,themessagesenderalsoappendstheunexpandedkey.Usingtheworksof
Shakespeareasthecodebook,theunexpandedkeymightbe2.2.4.9.Thefirst2indicates
thesecondofShakespeare’splayswhenlistedalphabetically(AsYouLikeIt).Thesecond
2meansActIIoftheplay.The4meansScene4ofthatact.The9meanstheninth
sentenceofthatsceneinthespecifiededition:“WhenIwasathome,Iwasinabetter
place,buttravelersmustbecontent.”Thenumberoflettersinthissentenceexceedsthe
numberintheplaintextandcouldbeusedforencryptionanddecryptionusingatabula
rectaasbefore.Inthisway,arelativelyshortkeycanbeexpandedtofitaparticular
message.
Notethatthisschemedoesn’tqualifyasaone-timepadbecausethecodebookisfinite,
andthereforethesentence-keyswouldhavetobereusedeventually.Butitdoesmeanour
spiesonlyhavetoremembershortcipherkeyswhileencryptingtheirmessagesmore
securelywithlongerkeys.Asyou’llsee,thekeyexpansionconceptisimportantin
computerencryptionbecausethecipherkeysrequiredarehugebutneedtobestoredin
smallerforms.
TheAdvancedEncryptionStandard
Nowthatwe’veseenhowtransposition,substitution,andkeyexpansionwork
individually,let’sseehowsecuredigitalencryptionresultsfromacarefulcombinationof
allthreetechniques.
TheAdvancedEncryptionStandard(AES)isanopenstandard,whichmeansthe
specificationsmaybeimplementedbyanyonewithoutpayingalicensefee.Whetheryou
realizeitornot,muchofyourdataisprotectedbyAES.Ifyouhaveasecurewireless
networkatyourhomeoroffice,ifyouhaveeverpassword-protectedafileina.zip
archive,orifyouuseacreditcardatastoreormakeawithdrawalfromanATM,youare
probablyrelying,atleastinpart,onAES.
BinaryBasics
Uptonow,I’veusedtextencryptionsamplestokeeptheexamplessimple.Thedata
encryptedbycomputers,though,isrepresentedintheformofbinarynumbers.Ifyou
haven’tworkedwiththesenumbersbefore,here’sanintroduction.
DecimalVersusBinary
Thenumbersystemweallgrewupwithiscalledthedecimalsystem,decimeaning“ten,”
becausethesystemuses10digits,0through9.Eachdigitinanumberrepresentsthe
quantityofaunit10timesgreaterthanthedigittoitsright.Theunitsandquantitiesfor
thedecimalnumber23,065areshowninFigure1-10.The2inthefifthpositionfromthe
leftmeanswehave2“tenthousands,”forexample,andthe6means6“tens.”
Figure1-10:Eachdigitinthedecimalnumber23,065representsadifferentunitquantity.
Inthebinarynumbersystem,thereareonlytwopossibledigits,0or1,whichare
calledbits,forbinarydigits.Eachbitinabinarynumberrepresentsaunittwiceaslargeas
thebittotheright.Theunitsandquantitiesforthebinarynumber110101areshownin
Figure1-11.Asshown,wehaveoneofeachofthefollowingunits:32,16,4,and1.
Therefore,thebinarynumber110101representsthesumofthesefourunitvalues,which
isthedecimalnumber53.
Figure1-11:Eachbitinthebinarynumber110101representsadifferentunitquantity.
Binarynumbersareoftenwrittenwithafixednumberofbits.Themostcommon
lengthforabinarynumberiseightbits,knownasabyte.Althoughthedecimalnumber53
canbewrittenas110101inbinary,writing53asabyterequireseightbits,soleading0
bitsfillouttheotherpositionstomake00110101.Thesmallestbytevalue,00000000,
representsdecimal0;thelargestpossiblebyte,11111111,representsdecimal255.
BitwiseOperations
Alongwiththeusualmathematicaloperationssuchasadditionandmultiplication,
softwarealsousessomeoperationsuniquetobinarynumbers.Theseareknownasbitwise
operationsbecausetheyareappliedindividuallytoeachbitratherthantothebinary
numberaswhole.
Thebitwiseoperationknownasexclusive-or,orXOR,iscommoninencryption.When
twobinarynumbersareXORedtogether,the1sinthesecondnumberflipthe
correspondingbitsinthefirstnumber,asshowninFigure1-12.
Figure1-12:Theexclusive-or(XOR)operation.The1bitsinthesecondbyteindicate
whichbitsare“flipped”inthefirstbyte,asshownintheshadedcolumns.
Remember,encryptionmustbereversible.XORaltersthebitpatternsinawaythat’s
impossibletopredictwithoutknowingthebinarynumbersinvolved,butit’seasily
reversed.XORingtheresultwiththesecondnumberflipsthesamebitsbacktotheir
originalstate,asshowninFigure1-13.
Figure1-13:IfweXORabytewiththesamebytetwice,we’rebacktowherewestarted.
ConvertingDatatoBinaryForm
Computersusebinarynumberstorepresentallkindsofdata.Aplaintextfilecouldbea
textmessage,aspreadsheet,animage,anaudiofile,oranythingelse—butintheend,
everyfileisasequenceofbytes.Mostcomputerdataisalreadynumericandcantherefore
bedirectlyconvertedintobinarynumbers.Insomecases,though,aspecialencoding
systemisneededtoconvertnon-numericdataintobinaryform.
Forexample,toseehowatextmessagebecomesasequenceofbytes,considerthis
message:
Sendmoremoney!
Thismessagehas16characters,countingtheletters,spaces,andexclamationpoint.We
canturneachcharacterintoabyteusingasystemsuchastheAmericanStandardCodefor
InformationInterchange,whichisalwaysreferredtobyitsacronym,ASCII,pronounced
“as-key”.InASCII,capitalAisrepresentedbythenumber65,Bby66,andsoon,through
90forZ.Table1-2showssomeselectedentriesfromtheASCIItable.
Table1-2:SelectedEntriesfromtheASCIITable