Social Construction of

Technology:

Cryptography

Michael Yamamoto
CPSP 227 T

J. Rosser Matthews

2
Abstract

Cryptography has always been a socially constructed technology. It is a tool for

secure communication and has been used in military, political, and economic sectors. As

society progresses further into an age of digital communication and commerce

cryptographic strength becomes increasingly relevant. Without cryptographic strength

internet commerce would collapse and it would be impossible to conduct any kind of

secure wireless communication resulting in possible military collapse as well.

Background

Definitions1:

Cryptography - the science or study of the techniques of secret writing, esp. code

and cipher systems, methods, and the like.

Cipher - a secret method of writing, as by transposition or substitution of letters,

specially formed symbols, or the like.

Monoalphabetic Substitution

Cryptography has been used by cultures as ancient as the Romans. Julius Caesar

was known to encipher messages to his generals by shifting each letter four positions,

making 'A' become 'D'; 'X' become 'B' and so on2. While very simple, this was an

effective and easily used method of writing secure messages without risking enemy

interception. At least until the method of encryption was known.

This type of encryption is known as monoalphabetic substitution. Each character

in the original message (plaintext) corresponds to a single character in the encrypted

3
message (ciphertext). This is obviously rather weak as certain letters appear more

frequently than others and it is possible to determine, by trial and error which letters are

represented by which symbols.

Mary Queen of Scots, in the 16th century, used a similar cipher that used a

specific, sometimes bizarre, character for each English letter. The decryption of this led

almost directly to her subsequent execution as it implicated her in her plot to overthrow

then queen, Elizabeth I. more than 16 centuries after Caesar, ciphers of similar

complexity were still seriously used. The level of cryptographic strength led to intense

social ramifications; if the cipher had been stronger, history as we know it might be

radically different.

Polyalphabetic Substitution

The next advancement in cryptography was the invention of polyalphabetic

substitution ciphers. Fundamentally, these work by having different letters encrypted

using different monoalphabetic ciphers depending on some formula. The Vigenère cipher

is the most well known of these, conceived in the mid-16th century and using a repeating

key with the Caesar Shift cipher to determine the multiple alphabets used. The nature of

the polyalphabetic cipher is that it is much more difficult to decrypt without more intense

mathematical analysis and a longer ciphertext. Fundamentally, a ciphertext for which the

key is of equal length as the plaintext would be wholly unbreakable, but unfortunately the

communication of encryption/decryption keys is as vulnerable to interception as the

message if sent along the same channel. This problem of key distribution would not be

4
adequately addressed until the conception of public-key encryption algorithms in the late

19th century1.

Most early cryptographic schemes can be classified as either mono- or

polyalphabetic. In the WWI several schemes including the Playfair and ADFGVX cipher

came into use. Both fundamentally used a table of letters, though in drastically different

ways. Because they were novel they proved difficult to decipher but did not provide

incredibly leaps in cryptographic strength. Before long the algorithms were discovered

and defeated. The first major leap forward in cryptography occurred in World War II, in

which machines were used to add a level of complexity beyond simple human

processing.

Machine Cryptography

WWII saw the advent of machinated cryptography. Both Germany and Japan used

complex machines (Enigma, and PURPLE) that essentially utilized polyalphabetic

substitution ciphers in a complex manner. Without acquiring one of these machines it was

incredibly difficult to break these ciphers. However, at the same time as encryption began

to utilize improved technology, code breaking took advantage of the incredibly new

computing technology. Supercomputers such as the British Colossus enabled code

breakers to take advantage of processing power capable of performing basic tasks far

more quickly, easily, and accurately than by hand. Even with these early computers it

was possible to break the machine ciphers.

1
See Public-Key Cryptography page 6

5
Dawn of the Digital Age

As computing technology exploded in the second half of the 20th century

cryptography took a new turn. With the increasing availability of computers it became

not only practical but necessary to use algorithms of increasing mathematical complexity.

These systems were divided into two distinct fields: private and public key cryptography.

Private-Key Cryptography

All early cryptography was done with a private key: that is to say, both the

sending and receiving parties had to know the key before hand and any outside party

could defeat the encryption by obtaining the key. Despite the obvious weakness of having

a key at all, private key algorithms are both strong when the key can't be and generally

easier to compute. Even the Vigenère cipher is completely unbreakable if the key length

equals the message length. The difficulty, as always, lies in key distribution.

In 1975 The United States set the Data Encryption Standard (DES), a Feistel

system which used the earlier parts of a message to encrypt the whole message in

addition to a key. The exact standard changed slightly, progressing gradually to triple

DES which gained increased cryptographic strength by executing the algorithm multiple

times at increased computational complexity. The Advanced Encryption Standard (AES)

was developed in 1998 and approved in 2002 due to the increasing weaknesses in DES.

By 1999 it was possible to break DES in less than half an hour with dedicated hardware.

The use of these private key algorithms was made practical by public key

algorithms being used for key exchange.

6
Public-Key Cryptography

In the late 19th century the concept of one way functions for cryptographic

purposes had been posited. In the 1970s several algorithms were created that are still in

use today. These dealt with two problems which are fundamentally NP-complete2: the

discrete log problem, and the prime factorization problem. While possible for small

numbers, these problems rapidly become infeasible to solve in real time with even

slightly large numbers.

The concept of public key cryptography is that the receiver of messages chooses

certain secret numbers and using them calculates certain numbers which he distributes.

The distributed numbers are the public key and can be used to send messages to him. To

decrypt the message he must use his private numbers. The nature of the process used to

create the public key is such that it is not feasible to find the private key due to the

mathematical complexity. For instance, in RSA the public key is a composite number

which is the product of two primes and an only marginally related other number. The

private key is essentially the two primes which form the composite number. Since

factoring is an NP-complete problem, this cannot be easily done. This is readily seen as

even very small two prime products such as 391 and 667 do not have obvious factors.

2
See NP-Complete page 12

7
The primes used in RSA are on the order of hundreds of decimal digits in length 3 and so

the process of factoring their product is clearly much more difficult.

The primary purpose of public key cryptography is in key exchange. The ability

to receive messages from anyone without their prior knowledge of a private key is crucial

to online commerce as well as most other secure communication. The problem with most

of these algorithms is that it is significantly more computationally intense to perform than

private key algorithms. This is why the two are often used in conjunction, allowing for

the benefits of both to play off one another: A relatively easily computed and strong

private key encryption is used with the private key communicated by means of the more

accessible public key algorithm.

Applications of Modern Cryptography

Political Communication

The political uses of technology are less pronounced than other uses but no less

important. Fundamentally secure communications are of either international or intra-

national nature.

3
For example:

35324619344027701212726049781984643686711974001976250236493034687761212536794232000585
47956528088349
×
79258699544783330333470858414800596877379758573642199607343303414557678728181521353814
09304740185467
=
27997833911221327870829467638722601621070446786955428537560009929326128400107609345671
05295536085606182235191095136578863710595448200657677509858055761357909873495014417886
3178946295187237869221823983

Where this third number is the public composite number and the first two are the prime factors.

8
 Secure international communication is of obvious importance. There is immense

value in being able to communicate with one or more parties without other parties being

able to interpret these communications. While of more serious nature during wartime,

these communications are just as vital in peacetime be they of economic or other nature.

In a world where a significant portion of communication is undergone over long-

distances, the ability to secure these long distance communications lines can prove less

than trivial. In any given crypto-system it is assumed that third parties can observe any

exchange of information and that it is wholly the responsibility of the crypto-system to

protect the communication. For this reason it continues to be quite common for

dignitaries to meet in person to avoid the threat of long-distance communication

interception. By and large such communications take advantage of security through

obscurity, something cryptography tries to avoid by ensuring security through security.

Intra-national communication (within a nation) is often addressed as personal

communication and has many of the same weaknesses. In more important cases the

communication may be conducted with security levels more consistent with international

policy.

Military Communication

Military communication continues to be of incredible importance. As from our

original example of Caesar, communicating on the battlefield without alerting hostiles is

a delicate and vital task. Many companies exist to facilitate and manage battlefield

communication but chiefly they must all balance out several important aspects.

9
 First of all, battlefield communication must happen in real time. Whatever crypto-

system is used it must support near-instantaneous communication. The ability to send a

message that the enemy will never be able to decrypt but will require half an hour before

your men are able to understand is often completely worthless. This timeframe

requirement necessitates the use of either incredibly powerful hardware, simple

algorithms, or both. The balance in this case is of course one of cost vs. safety.

Safety is the second and also crucial element. While it is vital that the message be

communicable in real time it is also vital that the message be wholly safe from enemy

interception within the relevant timeframe. It is difficult to have both safety and ease of

communication and so once again it is difficult to balance.

Lastly the ability to transmit this communication must be cost-effective in terms

of monetary cost, ease of operation, and hardware vulnerability. That is to say, the

devices comprising this communication network must be within reasonable expense

given the military's budget, great though it may be. At the same time, the system can't

require soldiers to carry heavy electronic equipment, in most cases this means that the

necessary technologic components have to be of roughly cell phone complexity. Finally,

the harm of enemy acquisition of communication hardware must be mitigated as much as

possible. This means the crypto system needs to keep track not only of great amounts of

information including who to send what messages to and be able to cope with missing or

stolen equipment in addition to operating under all other parameters.

The requirements upon secure military communication are all incredibly intense

and the corresponding cost of failure is also high. Almost by definition the strength of the

crypto-system defines the safety of the lives of the soldiers relying on it.

10
The Internet

After WWII the military funded ARPANET (Advanced Research Projects

Agency Network) gradually split into a secure military network and the more public,

university-based internet. The internet continued to expand, especially with the invention

of the personal computer and by the turn of the 21st century it has become a multi-billion

page construct growing in response to social stimuli. As it has continued to evolve and

grow the internet has become one of the most powerful social tools in existence. It allows

global communication and dissemination of ideas while also providing a global platform

for businesses.

Personal Communication

While the postal service is still used for some official communications, more and

more written communication is occurring through the medium of the internet. E-mail is

used by almost all internet users at rates far in excess of communication in any former

age. This communication is secured, though in most cases only very modestly so.

Interception of e-mail occurs startlingly often and the hacking of e-mail accounts, a far

more dangerous event, is certainly not unheard of.

With E-mail as well as many other services, cryptography serves chiefly to

protect the user's account allowing only the password-holder to access the information

stored for him/her. The key difficulty here is in digital authentication of identity.

Authentication

11
 While there are several fundamental methods of secure authentication all of then

essentially rely on the intended user having some secret piece of information which must

be transmitted and verified. Aside from the user's own ability to keep this information

secret, it is once again possible to intercept his communication with the verifier. Even for

unique items like fingerprints which can't practically be stolen, their digital representation

can be. The safety therefore lies wholly with the crypto-system transmitting the secret

data from the user to the verifying agency. Once again, the value and social construction

of cryptography presents itself. Casual online communication is certainly not a process

that was determined by the technological capacity to secure information by means of

cryptographic algorithms. Rather, the social desire to communicate casually led to the

appropriation of cryptographic algorithms to make feasible the communication, defining

much of modern cryptography in the process.

Internet Commerce and Banking

Aside from personal communication authentication is vital to the existence of the

internet economy. Seeing the opportunity presented by the internet, businesses and banks

also utilize cryptographic algorithms to allow for money to change hands through the

internet.

Cryptographic algorithms are of incredible importance in this regard. Every time

an individual wishes to purchase something from an online store or check his bank

balance through the internet he must transmit private information allowing this

transaction to occur. Without adequate cryptographic protection this process would be the

equivalent of shouting your credit card or bank information across a room.

12
Code Breaking - Past and Present

Dedicated Hardware

A significant portion of code-breaking over the years has occurred on dedicated

machinery. Code-breaking machines have limited capacity in their application, generally

being dedicated to a single task such as factoring, but in their task they can out perform

personal computer by as much as 1000 times. Such hardware is relatively easy to build

but runs into the problem that most crypto-systems are still impractical to break even in

one thousandth of the time.

Computer Processing

Over the last several decades computer processing has rather startlingly obeyed an

exponential level of growth. While it may be slowing down as we reach certain atomic

limits, research both into nanotechnology and multiprocessing fuels the continued push

for faster and faster computers. As the capabilities of computers increases, the danger to

cryptosystems increases. AES will likely go the way of DES before it as computers grow

increasingly powerful, and it is vital the cryptography keep up with increases in

computing power elsewhere.

NP-Complete

As mentioned before, public-key algorithms rely on NP-Complete problems.

What this means, essentially, is that the complexity required to solve them is very high to

13
the point where with sufficiently large values they are essentially unsolvable. This

provides some consolation in that it gives us a benchmark for safety in cryptographic

systems in general. However, public-key systems are not without their drawbacks and

private-key systems continue to be susceptible to some attacks.

The Future of Cryptography

Political

Discrete political communication will always be in demand. To that end

cryptography will almost certainly progress as a field to determine newer, stronger,

private key algorithms. Unlike in commercial applications, nations can set a key long in

advance should the need for emergency communication ever arise.

Military

Military cryptography is a demanding and delicate field in which numerous

aspects must be taken into account and balanced. The continued interplay between

computational power and military demand will determine the future of cryptography in

this field. So long as there is conflict, however, there will be the need for secure military

communication.

Economic

14
 Every year the amount of commerce being conducted on the internet increases.

Banking, too, is moving almost entirely away from paper to online services. As more

people flock to online transactions, the danger of cryptographic failure increases.

Cryptographic strength will necessarily have to keep up with computational power or else

the entire system of online commerce, and the economy at large, will be at risk of

collapse.

15
Bibliography

• Singh, Simon. The Code Book. New York: Anchor Books, 1999

• Trappe, Wade, and Washington, Lawrence C. Introduction to Cryptography with

Coding Theory. New Jersey: Prentice Hall, 2006

Works Cited:

16
1
Random House Dictionary
2
Suetonius - Life of Julius Caesar