 Welcome everyone to the third talk of the day by Tess Schroedinger. She's a jack-of-all-trades Master of none, and she's gonna be talking about cryptography codes and secret writing Good morning Can everyone hear me in the back? I've heard there's some noise issues. We good if at any point I start going down or it starts getting loud just like raise your hands like you're on a roller coaster And that'll tell me to take it back up Okay Wow the room's full. I Was expecting to see some kids in here. I guess y'all stole their seats So let me start with some questions how many people are here because they've always been kind of intimidated by cryptography and One person y'all are liars. Okay How many are here because you just want to learn more Okay, that's good. How many here are experts? Okay, good. So you're not going to point out when I'm wrong Is my arm I so wait he said something about this cord here make sure I don't step on it. Do I have slides? Okay Okay, I'm not going to touch anything. Okay, and then how many here in the wrong talk and just don't feel like getting up And going somewhere else No, but okay, good Okay, so I do want to preface this by saying if you are fairly Experienced in cryptography you may get bored if you get up and leave I will not be offended because I really did gear this towards people that I've heard over the years Over and over again that they don't do any of the crypto contests and they don't They don't they just don't think they can it's it's too hard. It's too confusing They're not smart enough and then when I try to introduce it to him they get kind of excited and like oh wow This is like really neat. Nobody ever like explained it to me. So this is really high level only I am not going to drill down into weeds on math You will see a few equations, but you don't have to remember them. Just they're more for reference than anything So this really is high level only so if you wanted something a little more specific or technical Probably you're gonna, you know, maybe not want to stay or you can I'm sorry did someone ask a question Okay, maybe I'm hearing someone next door. Okay, so The first thing I want to do is these slides and the walkthroughs all my crypto stuff that I'm gonna show you I have a patreon page. You do not have to pay me. I just need somewhere to put stuff So if you want any of the slides or any of the stuff I'm gonna show you if I run out You're welcome to go out there and get it. It's free PDFs. You can just download them And I did want to thank Paul you and James Troutman. They are two of my biggest supporters. I think you guys love you so much Our agenda we're gonna go over some definitions. I love to do that if you've seen me speak before I Think it's good to work with a common vocabulary So you know what I mean when I say a certain thing and we kind of haven't agreed upon vocabulary to get started Then we're gonna talk about some current applications of cryptography and then a short history of cryptography and secret writing We're gonna talk about some of the classical stuff and then move into the modern era. I am going to attempt To make sure everyone in here can walk out and in the bar tonight You can explain elliptical curve cryptography and quantum key cryptography to your friends Okay, that's my goal All right, see if we can do this And and I'll let you in on a secret if they don't know any of it y'all just you say whatever you want They'll go oh And unless they Google you later, you're good Or if they're drunk, you can just say well you were drunk. You misunderstood me And then if we have time at the end, there are some really neat unsolved mysteries in cryptography in current including a current Open case the FBI needs help solving that if one of you guys want to give it a shot I'll have the thing and maybe one of you guys can solve a murder so So a little bit about me I'm test Schrodinger Has anyone heard about my choose your own crypto books? Only one person good so now I can talk about them so I am one of the organizers for besides DC and besides charm and One of the things I was noticing over time was that a lot of people weren't playing the crypto contests because they were really geared towards super smart black badge like full contact crypto people and It kind of left a lot of folks out Right and if we have any teachers in the audience if I have any left over I'd like the teachers if as long as I have some to come get one because I Decided that I wanted to create a contest for everybody So it means your grandma could play your kids could play but the black badge people could play too So if you're old enough to remember the choose your own adventure mysteries I've written a choose your own crypto And I do have two versions, but I only have this one left But the other one again, it's online in PDF on my page. You can print it out and the walkthrough is there as well But what it does is it allows for you to go in if you just want to do some fun puzzles mazes Acrostics anagrams just fun little puzzly stuff with the kids That's level one if you really want to kind of start practicing with actual different systems There's an adventure level two that you can go in and each Piece and leg that goes through teaches you a different kind It talks about it gives you a little history gives you a way to help solve it And then you put all the answers together at the end to get the solution And then if you want to be like, okay I got it and do something a little harder But not like that's gonna make you cry because I make the black badge guys cry But you know that's not for everybody you can go to the third level and kind of try out what you've just learned But you don't have the hints or the walkthroughs or the explanations And then if you do want to cry and you're into that The black ops black badge level so I am gonna have some of these today I'm gonna have a couple little Questions and little little contests so we'll give some of those away and again when I run out They will be available on PDF. You can get them anytime Share them with your friends if you have a con and you want to use them there, please do I'm fine with that just contact me. So if there's extra pieces that go with that, I can give them to you so I do those little books and My background I have a bachelor's degree in sociology. I Never thought it would be that useful in infosek, but oh my goodness Sociology is very helpful because it helps you not only understand your adversary because they tend to Have similar mindsets depending on, you know, what they're doing or what their objective is But it also helps you understand your users your user base and you know doing security awareness You're gonna talk to your administrative assistants way different than you're gonna talk to your devs, right? So that's really been helpful in ways. I had not thought so if you don't have a technical degree Don't assume that you don't have an opportunity in infosek. I Have a master's in security management and then I have my master's work done in cyber security as well And I recently just let everyone know I am gonna begin working if you've seen my quantum computing talk I'm gonna go back to school and start working on my PhD in quantum physics So I can go into the quantum computing securing that the hacking etc I'm non-technical stuff. I'm a triathlete. I home school my amazing child who's probably hiding behind me And I love to Argentine tango. So first contest Can anyone here? Tell me what a common code used all the time When you're texting your family and friends, what could be considered a code that we use like every day if you text Exactly exactly come up and get a book or someone pass it to her She said leet speak or When you use acronyms like We all know fml means fluff my llama, right? Right because this was friendly for kids talk So whenever you use little things like fml lol, blah, blah, blah Those are like examples of what we kind of have little codes and another one would be emojis, right? Because we all know what the peach means That's an example So let's talk about some definitions Secret so secret is essentially just we want to keep something Hidden from knowledge or view From a third party if you're exchanging with someone else or just from anybody if you want to keep it to yourself So code versus cipher. Does anyone know the difference? Well with codes you're mapping a one-to-one thing so like when we talked about what does the peach mean? That's a one-to-one thing, right? Cipher is a little different in that it includes a set of instructions or an algorithm that you apply in Order to change whatever your message or your item or your text is okay, so that's the big difference You can see I think this is An old espionage kind of thing like the word accountant actually meant come at once do not delay So that would be like a code that thing meant this thing But there was really no algorithm or anything like that It was strict memorization or you used a table to figure it out so cryptology Cryptography and crypto analysis Cryptology is kind of an overarching term that applies to the practice and study of techniques to secure communications and then Sorry cryptography is that it's crypto analysis is when you're Excuse me my throat's really dry Crypto analysis is when you analyze and decipher the cryptography and in crypto analysis The big key steps are you want to try to determine what language or algorithm or system was used and Then you want to reconstruct the key if you can and then you use all of that to reconstruct the plain text Encryption versus decryption we have plain text. You're gonna apply some sort of key That'll get you your cipher text and then you use a key It could be the same key or a different key depending on if you're using symmetric or asymmetric which we'll talk about later Use that to decrypt it back into the plain text So some current applications of crypto The first thing I want to talk about is why do we even need to secure communication? Well, if you're here, you probably already know why it's probably pretty obvious. How many here have heard of the CIA Triad? Okay It's funny because things I take for granted that I think everyone knows like apparently they don't It just shows like in a little microcosm You just assume things are common knowledge. So CIA Triad is something we use a lot It stands for confidentiality integrity and availability So confidentiality obviously is keeping people who don't need to know that thing from knowing the thing and then integrity refers to making sure the thing has not been altered or Manipulated or changed you're kind of ensuring the authenticity of that thing It is what I say it is and it's not something else and then availability is another part of it when you're in information security Everyone who's spent a day at the office when the network's down, right? So availability comes into play a lot of times when you're securing certain systems You want to apply an availability need to it because where if you have a game server For after hours at the office that y'all play on it probably doesn't matter if it's down one night Y'all just go do something else, but you really don't want your EMTs and their radio systems to be down You know what I mean? So that's used often when you're trying to identify what you need to do with the systems What level do we need here? Obviously confidentiality is going to be way different when your refrigerators Calculating how much milk you're drinking Versus, you know trying to send coordinates to troops in Afghanistan, right? So this is the CIA triad and it comes into play because we're going to talk About things like espionage, right? So this is definitely a time when we would want to secure communications. Has anyone been to DC in the spy museum? If you're ever in Washington DC Go see it. It is Amazing and they have all the old like the stuff hidden in the pill and in the tooth and in the shoe It's really neat, but forever through espionage Spies and agents have always been trying to keep information that they take or that they need to pass From others know knowledge and then you know if they have to carry something that nobody else needs to know Do it in a surreptitious way that helps if they get caught they can either destroy it keep it hidden or if it's found It's not able to be deciphered And then digital rights management And copyright infringement. This has gotten really big because as I remember Napster So essentially now, you know, obviously artists and Companies want to protect their their product But in an age where you can copy everything Easily and pass it around they need to find a way to kind of protect the rights of the artist or the producer Or whoever creates it so that you can't just make all these copies of it So this digital rights management kind of restricts the like things like hardware or computer games ebooks film music things like that they will use cryptography to Make that work so that they can kind of protect people's rights Authentication, this is proving something or someone is true genuine or valid. Okay and An example of a good time is if you want to go to a website You're gonna kind of want to maybe make sure that's the website you should be on Maybe someone's not spoofing it or you know created a copy So there you know, you can look at the certificates and ensure that this website is who it says it is You want to you can use credentials and authentication to log into systems that you need access to and then When you if you're bought like a electronics product and has like the little holographic sticker on it Those are actually used for authentication So it's a really hard for people who do knockoffs to create those little holograms So you can actually use those stickers to kind of make sure you're actually buying what you know people are claiming. They're selling you So digital signatures, so I'm so old I Still print stuff out and sign it with a pen and My boss is like you realize you can like just sign it on your computer and email it to me And I go oh, I forgot again I'm getting better though about half the time. I can remember to do it But you can now digitally sign just about anything if you just have the right credentials or you have your stuff set up to do it And for those who aren't sure how that works. We basically you take a plain text it creates a hash function which I'm going to talk about just in a second and You get a message digest out of that right and then it gets signed with a private key And then that goes on your document and then that can authenticate that you've signed something So, you know if someone comes back and says oh you signed this you can say nope. Nope, that wasn't me and You know the forensics folks can actually say oh, yeah No, no, it wasn't them or if you did sign something and then you tried to say you didn't they can pretty much prove you did Secure communication. This is one of the reasons why we need stuff I Think I was going to do hash. Oh, yeah. Okay, so we're going to get to Bitcoin because apparently every slide that I cast I mentioned Bitcoin now Trying to keep my notes straight. So I had hash further along But I wanted to talk about it now instead of making you wait. How many here are familiar with hash? Okay, good. So this will be easy So hash is essentially when you have an input You run it through a hash function or just in it, you know Calculation and it gives you what's called a digest and so as long as you make sure it's the same all the time It always gives you the same digest, right? And if anything changes even one letter you get a totally different digest, okay? and this is important because You can use this to authenticate like software if someone says oh here download this But you're like, yeah, I'm not sure about that. They can say oh here's the hash function So as long as those match, you know that it's what they say it is and someone hasn't put something else out there instead and Then this is just a visual kind of representation You can kind of use hash to send a lot of things from programs to Messages I think even pictures and things like that So that way people can confirm and you can also kind of use that we've talked about steganography later You can kind of compare hash for different things to see if maybe there's stuff hidden in something that Maybe doesn't look like it's hidden in there So let's do blockchain Trying to figure out how I want to start here. So blockchain is not crypto Okay, blockchain is not crypto Blockchain is a distributed ledger Technology, okay It uses crypto, but it is not crypto So does everyone here know how the lock chain works? So do I need to explain? Okay, so I'll go through it So essentially in a nutshell it uses the digital signatures that we talked about right So the big deal with that is you need to make sure that the money can't be spent more than once Because if I come up and I have like a hundred dollars and I give you fifty of them I Only have fifty physical dollars left I can't just like snap my fingers and suddenly I got fifty more dollars in my bag and So when all this digital currency started they're like well wait a minute We need to figure out a way to make sure that someone's like here's a hundred dollars boom Oh, here's it you could use like unlimited supplies of money So there needed to be some way to have some accountability to the system to ensure that people weren't doing that Because that just pretty much Deletes the value of anything if people could just create as much of it as they want there's no value in anymore So mr. X will send mr. Y A bitcoin alright, and then the network is going to record that Transaction and then probably like a bunch that are made about in that same time frame that window and then that little Recording of that all those transactions is called the block Right, and then there's computers that run special software. They call them miners and they note the transactions in like a giant ledger Okay, and that ledger is called the block chain And it's basically an open source record of all the transactions made so then the miners convert the blocks into sequences of code known as hash and Then when a new hash is generated It's placed at the end of the block chain and then the whole ledger is publicly updated and shares Miners make a lot of money because the computing power is a very energy and resource intensive and then There's probably a thousand videos online if you really want to dig deeper into it But that's essentially what it is and cryptography is involved obviously when you're trying to do the hash So that you can authenticate that this transaction has occurred and now this wallet has one less dollar This one has one more and then people can't go back and go oh no no now I have 50 more It's like no no no that's not what the ledger says So it just kind of hardens it slightly not perfectly Against people trying to manipulate it or scam it now if you have not heard they actually have a new quantum ledger So if you're interested in that there's some guys using that technology I think their website just went live in the last month or so and it's really interesting and you might want to check it out If you're super interested in that kind of stuff Okay, a short history of cryptography and secret writing So let's do steganography So steganography is interesting The concept behind that is you want to conceal the fact That there's secret information and kind of a non-secret document or other medium Okay, and so I kind of put it up here with Cryptography only the actual message is hidden, but it's fairly obvious There's something there that's secret because you can see the code or the enxipher all that With steganography the message as well as the fact that communication is taking place is actually hidden Okay, and that's kind of useful in some cases when you're trying to not attract the attention of unwanted parties And then obviously if you just use plain cryptography it can be you know People that you don't want seeing things will realize something's going on and then they'll start looking into it But if they don't even realize something's going on They're they're just probably gonna ignore it and leave you alone There is an interesting thing if you want to look into it deeper in virus bulletin April 2016 Stego loader. Have you heard of this? They were hiding malware. I think it was in images so that if you got something It downloaded the malware onto your system and you didn't even realize it because it was hidden inside something else So they were actually using steganography to hide malware And I believe that that's something you definitely want to be aware of Exists especially if you are trying to secure an organization and your users So this is a easy fun one invisible ink Right, that's considered a form of steganography. We've all done the lemon juice and the light bulb trick, right? right, okay So these are some fun ones When I was a kid the first book I got when I was super super little was a book on secret codes and writing and They taught you just like how to write in mirror reverse And that's just a fun way just to obscure something Probably most everybody would notice it and figure it out pretty quick, but it is it's kind of fun Have you seen the one with the blocks where you do the five and the three? So this one I loved we use this to pass notes in third grade all the time I taught all my friends how to do it and the teacher couldn't read our notes really all you're doing I'm taking a piece from a poem that was my favorite poem in the second grade and It goes the top of the hill is not until the bottom is below And you have to stop when you reach the top for there's no more up to go to make it plain Let me explain the one most reason why you have to stop when you reach the top because the next step up is the sky Second grade still remember it, but what I've done is taken this piece and if you look at it carefully you'll notice All the letters are there. I've just broken everything up into blocks of five So on first glance It may look like a bunch of gibberish, but if you know that's what I've done It's easy peasy to read and then if you want to make it a little more like if I started it with the Might be a little obvious so you can pat out a little in the front. I'll do like an x y throw x y z at the end And you can break it into either chunks of five or you can break it into chunks of three or Six or ten you could do it however you want But it's just a fun way to kind of obscure writing fairly easily the kids love it So then the other one we loved which we thought was fun was we would do every other letter So I'm sure the bottom again. It just looks like gibberish, right? Well, all we've really done is We've just inserted a different letter between each letter of the phrase Okay, so the red letters are just the miscellaneous extra letters And then the the phrase is in the dark black letters so you can see it's all there It's fairly easy to read if you know what I'm doing But someone who doesn't know like yeah English teacher has no clue what this says, right? So then you can make it a little more fun and You can do the same thing with every other letter and then block those right We were we were pretty clever in the third grade MSI and Then that's just again what it looks like it's it's all right there And if you're passing it to your friend they can read it very quickly, but the English teacher can't Now are you ready for the challenge? You can do that Every other letter Then break it into blocks and then mirror it The first three people that can tell me what that says win a book And I have it on little slips of paper if you want it you have to come up and tell me I don't want them to know or did you say it too loud? Did anyone hear him? Oh, we'll come get a book and then if nobody else if someone else didn't hear him come get a book Anyone else figure it out? Huh? No, it's not the alphabet. I got three books limited edition Come up and tell me if you know it all I've done is done every other letter Broken it into three blocks and then flipped it like a mirror One more All right, we have our three Does anyone here listen to welcome to night veil? Oh god you people You need to go listen to that. All right, so it's a it's a really good podcast. We enjoy it My daughter actually cosplays at cosplays as Cecil But it's just a quote from the show and now the weather and I just padded out I Don't know if there's microphone on reach, but the P and the Q are padding and then you go A and D and OW all the way across the top and now the weather and You know what? It seems kind of silly and childish, but not everybody got that right? So it's not a bad thing to use if you're writing a love note to somebody you want to leave and you don't want Anyone else to see it or again those English teachers don't need to know everything So it's it's just a fun one You don't have to have a calculator to do it It doesn't take forever if the person you're communicating with knows what you're doing. It's super easy for him to read it and smile So that's just a fun one. I think so let's talk about some classical cryptography so in 1900 BCE They were using cryptographic techniques in the hieroglyphics in Egypt And I believe I'm gonna massacre the name of this king, but in the tomb of nobleman Kuhn Noomhotep the second they've actually figured out that some of the hieroglyphics in his tomb were Obscured and confusing to kind of hide messages So not only did they have to decipher the hieroglyphics, but then they had to decipher The cipher in the hieroglyphics In some cases they think it it's held kind of important stuff But then they think other times they actually did it for amusement and fun and mystery because they had their own little Contests like we do today and this is 1900 BCE. They were already playing around with that another thing I thought was really interesting when I was reading up on Egypt was They've learned that when they were putting the hieroglyphics in There was a lot of detail about like the depth and the angle at which the writing was made That gave it a different meaning So you may walk in and and read one thing back then But you if you were trying to tell somebody something else based on how you carved it It actually would have a different meaning or a different message to those who were in the know Okay, so ancient Egypt that was pretty neat the next one There's no kids. So I'm not gonna freak any parents out the Kamasutra in addition to some other stuff Apparently the Kamasutra talks about ciphers. I Guess we all missed that part, right? I Am good. I can't I can't say these things I will it I just don't I'm gonna try but in the Kamasutra it mentioned two different ciphers the first one I think it was A transposition cipher and then the second one was more of a substitution kind of cipher And then in ancient Persia, they also had these two ciphers So again, they've been using these things for thousands of years So what's the difference between a transposition cipher and a substitution cipher? Who knows? Okay, you're you're close. Basically transposition means that you just rearrange everything Right using a given rule, which is usually your key Substitution which will have a side in a second. It's just basically a one-for-one replacement So that's the big difference between those two one of the earliest ones for the transposition Which kind of fed into what you're about to talk about was the at-bash and I want to say this one was I don't know if it was first notice there But if you are a biblical scholar and you look at the book of Jeremiah They found at least three different locations where they used the at-bash to code different names into that book of the Bible and Essentially the way it works is the first Letter is replaced with the last letter and then the second letter is replaced to the second last and so on But this was all the way back biblical times They use this There are codes in the Bible not that weird funny stuff like we're all gonna die by a dinosaur on a meteor stuff But like real there are real codes in the Bible and they use this stuff to kind of hide names and things in there and The Spartan military skittly is everyone heard of this one. This is usually the first one you learn about so this one's kind of neat you basically they would have a rod of a certain diameter and Then your person you were saying the message to would have one that that was equal And then what you did would you would wrap like a leather or hide or something around it? And you'd put your message on it and then you'd unwind it And then you'd give it to the messenger and the messenger would take off running or walk in whatever he did and He'd take it to your person and the theory was if he got intercepted he'd just have this paper with like some stuff on it and they wouldn't be able to read it and In theory you could only read it if you had a rod of the same diameter to rewrap it and Then you could see what it said. So even if you had another rod unless it was right You couldn't necessarily decode it. Okay. Now. We all could probably read it if we just wrapped it, you know But back then it was kind of high-tech That brings us to our good old friend the Caesar cipher So Caesar I think originally used a shift of three Although I think he was known to use other shifts his original I think that was his like standby was three and this is kind of I guess he got he was the one that made it famous But essentially it's like what she was saying earlier. You're taking and you're shifting by a certain number and They also call this rot So if you ever wanted to play like a crypto contest or if someone's like, oh, yeah rot 17 and you're like I have no clue what that means now, you know rot just stands for rotate and The number afterwards is how many you rotate by That's that's all that is so and then rot 13 is kind of the the one I see use the most but we're and we get to the zodiac killer and They think Someone may have deciphered one of those finally and it used a Caesar shift of three point four Which I'm not sure you how to do three point four, so I gotta do more research on that but that one's interesting and Then our substitution cipher as we said back when we separate it out. It's basically when you take a one-for-one Just replacement. How many are familiar with frequency analysis? Alright, so frequency analysis is when you take a look at your cipher text and you try to determine What it says by examining the frequency with which you see certain letters or Symbols or even numbers, okay, so who knows the most common letters in the English language that are used They're Eta and oh So chances are if you have a fairly lengthy piece that you're reading If you see one character or letter the most chances are it's an E And then T and then the least common are usually your z q and x and you can usually figure that out I think it about scrabble like the ones that are worth the most or usually the ones use the least And then the pairs that you want to look for are gonna be like th er On an those are called digraphs So if you can figure out like where your ease are then you can just look for the er's and then if you see two next to each other What am I doing? If you can look for them next to each other if you look like you have two ease some of the most common repeats are ss ee ttff and oh So you kind of then want to if you can start looking for those and figure those out And then you start looking for some common words like the Or and or or then you can start kind of cobbling things together And then just continuing to do the analysis until the message kind of unfolds in front of your eyes And that's called a frequency analysis Who can tell me what this machine is Whoever said it come get it will you get it cuz you stood up Be proactive people Own it there you go All right, so this is the enigma machine. We're gonna talk about polyalphabetic ciphers and essentially a polyalphabetic Cipher is any cipher that's based on a substitution using Multiple substitution alphabets the first they believe that they've said that was used or created was by a guy named Alberti in 1467 But this takes us into vision air How many have worked with the vision air ciphers Okay, these are neat you will see these a lot in crypto contests They're a pain to do by hand, but there's tons of stuff on the internet that'll figure it out for you if you ask for it essentially what you need is a keyword and your table and The tables the fancy name is tabula recta, but you can call them vision air squares or vision air tables and Essentially what it is is it's all the different Ways the Caesar cipher can be written out So that the 26 different ways you can shift using a Caesar cipher. They're all here in a table for you Okay, so once you've got your table you need your keyword and that's going to tell you how to read your code So if we have a tack at dawn And our keyword is lemon what you're going to want to do is you're going to want to like kind of write I write mine one on the top one on the bottom and then you have five keys L E M O and N Okay So that's your keyword and it's composed of your five keys And what you're going to want to do is you're just going to run a write it under your entire message and then just keep repeating it So you can have a fairly long message and a fairly short key. It doesn't matter But you just want to make sure you line it up and then you just keep doing and repeating so you can see here It's like lemon lemon le so it didn't need the full third one You write it underneath and then what you're going to want to do is you're going to want to let's start with a So you'll go up to your a on top and then you'll come all the way down and look for that L and lemon And when those two intersect that gives you the first letter of your cipher text, which is L And then you do the same thing with your tea out here Tea comes all the way down to the e which is in green that gives you your x Then you do your next tea, but this time instead It's encoded using the M instead of the e so it brings you further down and gives you an F So you can see this is a little more involved a little more difficult to just Do a quickie reverse like with the Caesar it because you're you're using multiple different ways to code it So you can see I kind of took you out to purple. It's basically where you intersect. I didn't do the whole thing Does this make sense? It doesn't have questions on this Does everyone get it? Are we good? Are we brilliant? nice So the enigma machine so this was used by the Germans and They thought they were pretty clever, but we actually ended up cracking it and they didn't know it which that really worked to our advantage so the way it worked was you had a sender and receiver that each had a machine and The machines had to be configured Identically for this to work and you had to have like there was a rotor selection and order There were ring positions plugs and connectors and then a starting rotor position and the starting rotor Positions were established using key lists that change daily So you were issued a list and then you knew if it was this date like What is this 18th day of the month? You knew this is how you needed to set up, okay? And so then the operator would type a letter and Then a lamp would indicate the different letter according to the substitution on how the machine was set up And so then he would record that is the first letter and each time you pressed a key It also moved a rotor inside so that the next key pressed used a different electrical path And you got a different substitution Okay, and then you just continue on this through the full message And then you'd send the message and then the receiving operator on his machine would key in your message And it would light the opposite one up And so then you could totally pull the entire crypto out and it would emerge And that's how the enigma machine works. I do have here If you want to grab one later, or there's a ton of them over there We actually have a puzzle in the crypto village that is create your own enigma machine So you can actually take one of these home if you want if you got kids or you want to teach them or you just want to play with it too or your teachers and This will kind of let you put together your own little enigma machine this right here is Kind of an example of what one of the sheets look like it's in German But you can see where it gives you the tables and tells you how you would set it up each day So each person who had who is an operator of the machine would consult their table Set their machine up get everything ready, and then they were able to send and receive messages Okay, so we've talked about the enigma. So this brings us into some more modern-day kind of stuff So cure coughs principle and Shannon's maximum Shannon's maximum is essentially a Derivation of it. They're the same thing. They basically say a crypto system should be secure Even if everything about the system except the key is known by your enemy Okay, and Shannon's maximum was basically the enemy knows the system So what it means is you should be able to put out the directions on how your system works Explain the whole thing all the equations, but unless they've got that secret key They can't do anything and so that's kind of how modern stuff works is Around these maxims, so you should be able to make it pretty airtight that way Who's heard of the Navajo Code Talkers? These guys are really neat. There's actually a movie. I think it was 2002. It's a John Wuflick Nicholas Cage stars in it. He plays one of the soldiers that was assigned to protect one of the code talkers I think the movie is called wind talkers so Approximately 400 to 500 Native Americans in the U.S. Marine Corps raw They were assigned as telephone or radio because their language was so obscure You know, it's not like the internet today where everyone knows everything you can go online and learn Swahili in the afternoon Their language was so obscure and the only people that knew it or spoke it were them So they would take one of them and assign them to a unit and Then they would take another and sign it to a different unit and then when secure messages needed to be passed in the field this guy would get on his thing and The soldier would say tell them this he'd translate in Navajo To his guy on the other end who would receive the message and then turn around and say, okay This is what they need. Okay, so they did it entirely in their own language and it was Unbreakable the enemy had no clue what they were saying because their language was so obscure that you know Nobody knew it even existed and they thought it was a code, but they couldn't break it because it was a language not a code, right? It is strongly associated with Navajos especially because of the movie But it was actually pioneered in World War one by the Cherokee and Choctaw and it wasn't limited to Navajo I think they also had Lakota, Comanche, Cree and a couple other ones and these guys hugely respected And this is an example like what they the words they would use for the planes and The ships and the picture down here on the bottom is one of them in the field You can see he's on the radio Talking to his compatriot over wherever their unit is and then one of the other soldiers is sitting there And he's writing the stuff down these guys were considered So valuable that many men died to make sure they stayed alive to keep the communication secured They were considered absolutely priceless in the field and even to this day as you can see up here Forgive me for tearing up. They are so respected and so honored for what they've done for our country. So Sorry So let's talk about something. We'll make me cry or maybe it will Symmetric key Do y'all know the difference between symmetric and asymmetric key I mean the big thing is with symmetric key You're going to use the same key to encrypt and decrypt AES the advanced encryption standard that was established in 2001 by the United States government through NIST National Institute of Standards and Technology and It was to replace the DES that was cracked 15 designs were submitted. I want to say it was Rain doll serpent two fish RC six and another one and Well 15 designs those are the finalists and then they selected I think Rain doll for the AES Algorithm now a couple people ask me sometimes with quantum coming online and and the concern about that stuff being compromised They're fairly sure that AES 128. That's the key length fairly sure that's going to be pretty vulnerable But right now as of like the last week that I've checked AES 256 you might still be kind of okay Yeah, 250 right like I said as of yesterday This stuff changes so fast Especially in the quantum world, but right now 256 is still looking okay But I think they're obviously and we're gonna talk in a little bit They are definitely still looking for some good alternatives for Cryptography if you are here on Sunday and super interested in quantum. There's a gentleman speaking on quantum cryptography I will be here if you're interested. I definitely recommend the talk and then we have our asymmetric key And that's when we're just essentially going to use a different key To encrypt then we do to decrypt Some examples of this are like the RSA some of the elliptic curve techniques This is day-to-day communications over the internet kind of stuff So are we ready? For some math It's not really math. It's just gonna look like people looking in the door will be all like ooh, but it's not really that hard So elliptic curve cryptography does anyone that understand how this works? All right, when you walk out, you'll be able to explain it Okay, so an elliptic curve we've all taken algebra, right? You know how that works. They give you the the equation and you draw the lines and you're good to go So the elliptic curve This is the equation for an elliptic curve Okay, you have to memorize it. That's just what it looks like So what you're gonna want to do well not on paper. You'll have the computer do this is Any time You take and draw a line through two points straight line It's only gonna intersect the curve at one other point. Okay, so that's like a given. All right Now are you familiar with trapdoor functions? Okay, so a trapdoor function that essentially is it's really easy to get from a to b but to try and work backwards from b to a Difficult if not impossible and so what you're trying to create here with this elliptic curve is a trapdoor function make it easy to do it Super easy easy to are super hard to undo it unless you have the key. Okay So our starting point here on this graph is a okay and There's a fancy little term that you'll hear when you go from a to b. It's called a Dot DOT a dot b. So if you're looking at this graph a dot b Equal C You with me so far It's easy. All right, so a dot something equals a certain value So if my line was a little further up, it would be a dot that would equal a different point So basically a dot be equal C But x dot y equals Z just examples only all right So you're with me so far. We're good. All right, so then If you can hang with me through this slide, you're gonna nail it. All right, so You can see this one's moving over here once you get up to your C point You can drop a dotted down a dotted line down so that it hits the curve on the other side since we're symmetric if you get to see D is simply going to be the negative of that so if C is 3 D is going to be negative 3 if C is 42 D is going to be negative 42 you with me so far. We're good. All right, so You drop the dotted line down from C to hit the opposite value on the x-axis with the symmetry. Okay? now then Watch the line you're going to go back that way Does it go back that way? Okay. Yep. See how it goes back up to a so you've got C It's going to come down and around C dot and then go back up Okay, so every time you do a dot and Drop across That is your private key is the number of times you go in a loop around okay, and Okay, so a dot n right the number of times That's your key so the key size you can max out any way you want this way on the graph and You can determine how big your key is by how far you let those points come out on your x-axis, but essentially You dot the thing a secret number of times That's it You got it We good explain it to your friends in the bar Electric curve photography. Okay, and this provides the basis of the trapdoor function because even if you have the curve Like you have the equation for the curve and you even have your points like your start point and your end point Unless you know how many times they've looped around through that thing It's really hard to try and break that Okay, and that's why they're they have been looking at it for use in quantum like against securing against quantum computers How many here are familiar with quantum computing? Okay, let me give you a quick like like my two-minute schmoo contact quantum computing essentially the concern with that against cryptography is it can factor very large numbers much faster than Classical computers because you can do it in the quantum state you can function you can do the functions on both In superposition Right, so when you have some passwords it would take literally like a billion years using a Classical computer a quantum computer can break it about 20 minutes Right, and it's because of shores algorithm. It can factor. It's a factoring for quantum computers So everyone's getting a little nervous which they should be That is why a lot of this the Cryptography that uses prime factorization is really at risk right now is because of shores algorithm and they've been exploring a variety of different ways to try and you know find a Replacement or replacements Elliptic curve was really high on the list a couple years ago when I was doing research They were like oh, yeah, that's it. It's gonna solve everything. What the problem is is that? It's starting to look a little like that may not be our best choice right now I do talk about something called lattice cryptography in my other talk. It's using lattice mathematics That's also one of the things and hopefully I'm looking forward to this guy on Sunday I want to learn a little more from him. Hopefully, but elliptic curve. I think this is used a lot in cell phone encryption, I think Blackberry uses this in some other stuff and then this is just some lists of encryption system or crypto systems We've got the symmetric the asymmetric Okay, this is the next one. Are you ready? Quantum key cryptography All right, you got the elliptic curve, right? You're good. You ready to do quantum All right so in a nutshell Quantum cryptography uses physics instead of math To create the key to encrypt your data Okay Every some people look very sad right now. Okay So how do we do that? How do you how do you do how do you use physics instead of math? Well, what you do is you generate your key using photons. Does everyone know what a photon is? It's a particle of light, right? So this is how photons become a key. Okay When you have a regular photon emitted by an LED It's unpolarized. Okay, and that means that it can oscillate that packet or the photon It can oscillate like all over the place. It's a hot mess. Okay, and What you can do is you can pass it through a polarizing filter So that you give it a specific spin all right, and The spins usually are like a horizontal a vertical or a diagonal. Okay, so You are gonna emit Your and your particle is gonna be a one or a zero like binary So you're gonna emit it. You're gonna put it through a filter and give it a spin. Okay With me so far Are we good? All right Alice is Gonna create a string of random polarized photons and send them to Bob Okay So here's an example she might send These different ones like a diagonal vertical so she's gonna send these off to Bob. Okay now Bob's on the other end Bob has absolutely no clue what she's doing. All right. He has no clue what filters she's using So he just picks some random ones so that he can receive them Okay, so if Bob or if Alice sends a photon that has a vertical spin and Bob has this is hard to do holding a mic if Bob has a filter that's set up as a vertical filter That photon is just gonna Right through have y'all seen those Japanese game shows where they have the cutouts and you got a stand in the weird thing So it's like that think about like that if it's vertical and his filter matches It's gonna sail right through and no problem The problem is is if he has the wrong filter like a diagonal one then It's either gonna give you a no result because it's not gonna go through or That filter will change the spin on the particle to match and it'll be a diagonal With me so far We good y'all are brilliant. Okay so What happens is now Alice can pick up the phone and she can call Bob. She said hey Bob. These are the filters I used right and So if anyone's trying to eavesdrop, they don't know what Bob use they they know what Alice is But they don't know what Bob used right so she tells him what she sent Okay Now Bob knows what he used and none of that's communicated back that way So then Bob knows what he got right and what he got wrong and That gives them a union of the ones that he knows are right and that becomes your key okay, and You can't man in the middle of this because if you're familiar with like quantum physics when you With the Heisenberg uncertainty principle if you call if you observe something or measure it you collapse the wave function So they will be able to tell on either end if that wave function's been collapsed and then they can scrap it and try again So they'll know if someone's tried to observe it Okay But this is a good little kind of diagram here about shows like Alice's random bits and then her filters right and Then his and then they tab that talk in the middle and then they realize this is their shared secret key and That's quantum key cryptography You got it explained it at the bar Whoo. All right. That was the hardest part So let's wrap up by talking about some unsolved mysteries. This is the fun part. I like these We have a lot of murder and mayhem going on here, but we'll start with some of the the older stuff So have you all heard of the face-toes disc? Okay, this was found I want to say like early 1900s like around 1908. It's fired clay It was found in a Minoan palace on Crete and It's 16 centimeters in diameter and they think it's written in linear a it's so that's one of the two Undeciphered writing systems in ancient Greece. So they still have writing systems from you know ancient times that they still haven't quite figured out yet and this was I think there's like 241 different little token piece like Stamper things that they probably put in and it comes about 45 different distinct characters and it you read it clockwise spiraling into the middle and This is still kind of unsolved. There's some guys that have been working on it for quite some time I want to say about six years a linguist and Another guy from Oxford. They're fairly certain. It's a prayer to a Minoan goddess But they're not quite sure so Anytime you get frustrated working on a puzzle like these guys are working on this for six years and so I've figured it out So don't feel too bad, but this is ancient Greece and Then have you heard of the Voynich manuscript? This is so there's a It's either on YouTube or Netflix it may be on both, but there's like an entire hour long thing on this manuscript It's super fascinating. It'll put you to sleep if you need it but this is a book of unknown writing and they've carbon dated it to some time I think in the 15th century and They it may have been written during the Italian Renaissance, but they're not sure It allegedly was found by a book dealer But there is some question around did he actually like a buy it and find it or is it this really elaborate hoax They're not really sure it's 240 pages. It's a combination of script and all sorts of like crazy writing There's another page from it Nobody's been able to figure it out. Absolutely. Nobody can figure any of this out. It is just they're boggled the show If you want to sit and watch it's really like an hour and it's super fascinating because they go through the whole history of when it Was found and they show you a lot of the pages and some of the stuff the cryptographers have been trying to figure out with it there's some Thoughts that maybe Francis Bacon wrote it which would be interesting because of the Baconi encipher And then some others have suggested maybe it was Albertus Magnus He was like a monk back then and then again There are some people that just think it is just a big fake thing that this guy created to kind of make money and You know how people are but that's the Voynich manuscript You ready for some murder have you heard of tomom chude the mystery of the Summerton man Now right. It's an unsolved murder Okay in December 1948 an Identified man was found dead on a beach Okay, no identification on him. Nobody had any idea who he was a dead body on a beach Six weeks later They found a suitcase in the railway station cloakroom that they were able to I think they connected it to him somehow and It was deposited at 11 o'clock The day before he died Okay, there was no identification in the suitcase But in the pocket of his pants they found a paper That read to mom shoot So anyone know what that means Okay, so that is the final words From the Ruby odd by Omar Kayam It's a book if you went to English you probably had to suffer through it Later in a car abandoned car parked near that beach They found a copy of the book and The last page that had those words on it had been torn out of the book Okay So they obviously, you know, we're trying to figure out who'd done it When they examined the book very carefully In the book in some kind of faint writing they found this Ciphery stuff they're really not sure what it is But it looks like a cipher and they also found a phone number Well, they called the phone number and it turns out to belong it belonged to a local nurse who actually lives near that beach and The detectives went and showed Like a plaster bus cast thing they had made of the man after he died Trying to identify and they went and showed this to the nurse and the nurse was like I have no clue Who that is however the way she reacted when she saw it apparently she turned sheet white and Panicked Claims she didn't know it was But her reaction to what he the cast it was kind of obvious. She knew something right so She claimed she gave a book the ruby yacht. She gave a book like that to a guy named Alfred Where she was doing some nursing training like a couple years earlier, but she hadn't seen Alfred or the book in Ages and then when they actually tried to track down Alfred they they found him, but he had been dead for a couple years So then a couple years later I think they were trying to reopen the case the daughter of the woman came forth and she said that her mother had known much more and hadn't wanted to admit it and That there's some thought that the mother had ties to Russia and could have been a spy and Maybe that had something to do with the guy's death on the beach But this is a completely unsolved murder case and they have never been able to decrypt that note in his pocket So if you want to give it a shot, it's on the internet It's out there, but it's totally unsolved and nobody can read it the McCormick cipher. This is a neat one so in June 30th 1999 they found a dead body on the edge of a cornfield in Missouri and The body was of a man named Ricky McCormick He was 41 years old unemployed on disability He had a criminal record. I think he'd served time for statutory rape And he was 15 miles from his home address But he didn't own a car and he had no public transportation What was even more interesting was he couldn't spell and could barely write his own name yet on him They found This note on the body Okay, so the FBI Actually has this on their website. You can go to forums dot FBI dot gov code This is an open case still They are looking for anyone who can help them solve this Give them a call But this to this day, let's say 1999 we're almost up on 20 years 20-year cold case dead body code in the pocket They think that if they can break this code, they might be able to figure out who killed them But there's no guarantees. It could be a grocery list The blitz ciphers I love this picture. It just shows the British Stiff upper lip tea in the bombing. So the blitz ciphers World War two during the bombings. This was in East London This guy in one of the buildings found some wooden boxes and they had these Pages in them that had all sorts of ciphers and stuff This is what some of them look like And at first he only released three because he was really actually the gentleman didn't release him He passed them on down his nephew who finally had him his nephew is have released a couple They might have been written with a quill pen But the problem with these is that nobody's been able to actually look at them for real Because the guy who owns them wants to stay anonymous and he will only release pictures of them So then again, it begs the question are these real is it a hoax or they just messing with cryptographers? but these are some of the pictures and Some of them look kind of like if you're familiar with John D and the the guy in English history. Oh We'll go to the zodiac So all right, who's familiar with the zodiac killer? All right This is what got me interested in crypto when I was a little kid I actually read this book best book on zodiac. I still own it It's dog ear to Jell-O, but if you're interested in an actual book on it I highly recommend this one and I just found My background before this was I was a police officer so I do a medical legal death investigation forensics and I Read a lot of this stuff and I just always found this fascinating They never caught the guy and all the codes involved with the stuff so in the late 60s early 70s there was a serial killer in Northern, California and He I'm saying four men and three women Again super fascinating how he did it. He would like his hooded figure There were actually two people that he went after that got away and were able to describe him So they have like sketches of that This book is great because it has a lot of the photography and the evidence and pictures from the crime scenes and everything They named him zodiac after a series of taunting letters that he sent the police there's a couple samples up here and they were all these kind of cyphery cryptograms and I think there were four total that were sent to the police and Only one had ever been solved. It was a husband wife hobbyist cryptography group or pair they solved one of them, but the It wasn't the same thing for each one. So it's not like they could just always solve that one saw the rest It was different for each one So what I thought was really interesting was there's a guy named Corey starlipper He's not in here isn't that happens to me sometimes people I talk about are sitting in my talks so he thinks he solved this okay, he saw a movie on it in 2007 and He got super interested in it like to the point of like stalking the whole story yet stuff everywhere And he's like I'm gonna crack this so there's one of the the cryptograms It's called the 340 because I had 340 characters and he thought to himself You know, this is interesting 340 is the area code for the US Virgin Islands, right and then he said okay 3 plus 4 plus 0 equals 7 and then he did 7 plus 0 and I don't know He kind of got 707 which happens oddly enough to be the area code for Vallejo Napa and Solano where the murders occurred He's like I think I'm on to something So he decided to use a Caesar shift of 3.4 because of the 340, right? I'm Not sure I've ever shifted 3.4. I want to do some more research on that But when he applied a Caesar shift of 3.4. Do you know what came out? this and It was oh my god If you read through the whole thing It ends with Lee Allen. My name is Lee Allen Lee Allen happened to be one of the prime Suspects on the top of the police list at the time of the investigation They had brought in a handwriting expert who claimed that oh no, no His handwriting doesn't match whoever did these but y'all know you can mask handwriting. That's not rocket science And he also happened to pass a Polly, but if you have any background in Polly, you know, that's not a science. So Unfortunately Lee Allen died in 92 So they really can't confirm or deny this in any way, but They think this has been cracked, but there's other people that claim. Oh, no, no, you didn't do it You didn't make it so it's still a little bit out there with the Has it been solved? I think there's still two others that are still not solved to this day So how we doing on time we good I think we're good. So what have we learned learned a lot today y'all can explain elliptic curve Right, you can hide messages from your English teacher, right or your boss Quantum key right doing pretty good. So that's pretty much it. That's my talk I wanted to do just an introduction a little bit of history some unsolved mysteries You know just to kind of get people Interested and realizing it's not all that difficult. I do have a couple copies of my book left Then one wants one afterwards you're feel free to take one and if I run out The PDF copy of the book is on my site as well as the walk-through for it So if you get a book and then you get stuck and you want it you want one I'll make sure you get one. Okay, so That's all I have are there questions comments short smart remarks