Running Head: The Best Option for Secure Communication

The Best Option for Secure Communication William Meek University of North Carolina at Charlotte

Introduction to Data Encryption Throughout my life I have always found myself excited by topics surrounding espionage after growing up watching popular figures of modern culture such as Jason Bourne, Ethan Hunt, and the great James Bond on the big screen. It was while watching The Blind Banker, an episode of the BBC television series Sherlock that I first began to develop interest in cryptography. In this episode, a fictional gang known as the Black Lotus was using a cryptosystem which used ancient Chinese numerals that corresponded to the page number and word on the page in a book. The reason I find cryptography so fascinating is the competition. Each cryptosystem is like a game of chess between the group who develops the encryption method and the group who is attempting to decrypt the system. Steganography holds the same quality: can the creator develop a system powerful enough to allow data to be communicated undetected or will the attacker notice that the information is being transferred? This competitiveness raises the question, how does one go about creating a system which cannot be broken? Currently, public key cryptography is accepted as the best method for encryption, which I agree with one thousand percent because it requires two keys to decrypt rather than one, a public key and a private key. The reason I like this system is because it is not only complex, but it works on a competitive level. In chess, the key is not to have the best strategy, but to be able to predict your opponents moves. I believe that when developing an encryption system one should focus primarily on how the attacker will try to decrypt the system rather than making the most complex system. Public key encryption does an excellent job of this because it is formed on the theory that multiplication can be done quickly but factoring takes a much longer time to do. Furthermore, since it involves modular division, it is extremely difficult to determine the public key, and once an attacker learns the public key, they still have to determine a private key, and

then after they finally figure that out, they still have to determine which numbers correspond to letters. The entire system is designed, not to be extremely complex, but to be a royal pain to decrypt. It is for this reason that of the many types of public-key cryptosystems, elliptic-curve cryptography (ECC) is my favorite. After 29 years of research, an algorithm to effectively solve ECC has yet to be found. It is possible to calculate the amount of energy it takes to solve a cryptographic system and compare that to how much water the same amount of energy could boil. By this measure, breaking a 228-bit RSA (the most common type of public key encryption) key requires less energy than it takes to boil a teaspoon of water. Comparatively, breaking a 228bit elliptic curve key requires enough energy to boil all the water on earth [Sullivan, 2013], just to give you an idea of how complex the system is. Terms: Cryptology: When defining cryptology, Stinson [2005] considers three main points; cryptography, cryptanalysis, and cryptosystems. Cryptology is the study of codes and methods of deciphering codes. By nature, cryptology must incorporate technology a tool or technique applied to aid in the acquisition of a want or need. Boone [2005] discusses some of the different technologies in which cryptology has been used throughout history. Cryptography: The fundamental purpose of cryptography is to allow two or more people to communicate over an insecure channel in such a way that an opponent cannot understand what is being said [Stinson 2005]. Cryptography is the practice of communicating through messages containing encrypted data. Early encryption patterns used in cryptography involved simple one-way functions. Hankerson, Menezes, and Vanstone [2004] describe the path from some of the more modern (and much more
Commented [WM1]: Combine current entering conversation with current literacy review. Remove terms with less significance to the paper. Commented [WM2]: Include Literature Review within the section header.

advanced) processes RSA, DL, and elliptical curve encryption schemes. These modern systems are based on complex mathematical functions which yield scattered values that are nearly impossible to calculate mentally making their encryption process difficult to solve resulting in more secure systems the ultimate goal of cryptography. Cryptanalysis: Cryptanalysis is the process of deciphering known cryptosystems. According to Stinson, cryptanalysis follows four primary attack models; ciphertext only attacks, known plaintext attacks, chosen plaintext attacks, and chosen ciphertext attacks. Cryptosystem: A cryptosystem is the term used to describe the mechanics of a cryptograph or cryptogram, which is being used in the real world. Stinson defines a cryptosystem as a function with five variables (P, C, K, E, D) in which the following rules are satisfied: P is a finite set of plaintexts. C is a finite set of possible ciphertexts. K, the keyspace is a finite set of possible keys. E and D represent encryption and decryption and can be used to decrypt ciphertext in the function where ( ()) = In a cryptosystem, plaintext is the message which is being communicated between two or more allies and ciphertext is the encrypted message which is actually sent [Stinson 2005]. Singh [2001], Stinson [2005], Low and Stamp [2007] explain some of the basic cryptosystems which have been popularly used throughout history and can be combined to develop more complex cryptosystems.

Steganography: The literal translation of steganography is covered writing. Steganography is the hiding of secret messages within another seemingly innocuous message, or carrier [Johnson, Duric, Jajodia, 2001]. Steganalysis: Steganalysis is the process of trying to detect hidden messages. Through examining steganalysis, we begin to see steganographys advantage over cryptology. It can be extremely difficult to break steganographic codes because it is not obvious that there is a message which needs to be detected. Hidden messages which do not incorporate the use of digital media are especially difficult to detect because they have fewer restrictions to the means of their camouflage. Kumar and Pooja [2010] explain the two primary approaches which can be applied in steganalysis regarding digital medium. First, examining the size of the file and determining whether or not the content of the file is consistent with its memory usage. For example if you saw a Microsoft Word document that was one page in length (a file which would typically contain 10-15 kilobytes of memory) but was stored using an entire megabyte (1000 kilobytes) of memory, that would raise suspicion. The second method is more advanced and requires a stronger understanding of computer language. This method is to observe variances between bit patterns, so unless you had a program searching for specific recurring bit patterns or a strong understanding of binary language, file compression, and digital memory and storage systems; a skill set which very few people possess. Stegocarrier: A stegocarrier is the message which is sent between two or more allies in which the concealed message is contained. ASCII: ASCII is the American Standard Code for Information Interchange. It is an encoding scheme used in computer programming which translates the English alphabet, a
Commented [WM3]: Explain why files with larger than expected sizes raise suspicion. Talk about how this indicates the presence of data which is not being displayed to the user.

set of special characters (such as punctuation marks), and the numbers (0-9) into binary code, the language which all computers use to operate. The ASCII system is important to steganography because it stores each character as one byte. A byte is comprised of 8 bits which each store a value of either 1 or 0 (binary). Because not all of the bits in each byte are used to store significant data, some of the bits can be modified. This is an important concept in the application of digital steganography. Digital Water Marking: Digital watermarking is essentially commercially applied steganography. Just as a non-digital watermark typically provides information about the carrier, a digital watermark are attributes of their cover work. Digital watermarks can be used to trace, identify, and locate digital media across networks. They are especially useful addressing issues related to intellectual property and copyright infringement [Johnson, Duric, Jajodia, 2001]. Digital watermarks include three key components, the embedder, detector, and cover work. Embedder: The embedder carries two pieces of information; the secret message, and the cover work which the message is hidden in. Detector: The detector uses a cover work as input and checks whether or not the work includes a payload of hidden information and outputs that information if it is present. In other words, the detector is essentially a specialized search engine. Imagine something like Google except instead of entering a search term, the detector already knows what key to search for and displays the hidden message within the cover work. Cover Work: The cover work is the stego-carrier in which the secret message is concealed. Essentially, a cover work is just a file but since the ultimate goal is to have some embedded information which most people wouldnt notice, they are generally used in files which store unnecessary data. For example if you were using a text file, it would

be more beneficial to use a .doc (word document) file rather than a .txt (text) file because the word document will store lots of extra information that a .txt file wouldnt and this extra information can be modified to contain a hidden message instead of adding the message to a .txt file resulting in a file with a suspiciously large memory size. Why Elliptic Curve Cryptography is the Best Choice It is clear that throughout history, many systems related to data hiding have been implemented, but which method of secure communication is the most effective? Both cryptography and steganography have their advantages and disadvantages. When using cryptography data is more secure, but ultimately since an outside party is aware the information is being exchanged, they will eventually break the code. In steganography, if the system is effective enough, the data will go unnoticed, and the outside party will never know the information was exchanged, however, there is no encryption, so if the outside party does detect the data transfer, there is no security to protect the sent message. Cryptography is the more effective system to use when exchanging data that is only required to maintain secret for a limited amount of time. For example, if a company is exchanging information about a new product, once the product is released, the information is no longer required to maintain confidential. More specifically, the most beneficial cryptosystem to use would be one based upon elliptic curve cryptography such as ECDSA (elliptic curve digital signature algorithm) and ECDH (elliptic curve Diffie-Hellman). Systems incorporating ECC are popularly accepted as the most effective form of modern cryptography, but in order to understand their effectiveness, we must first identify what they are. Elliptic curve cryptography is a very complex system to explain. I myself spent countless hours reading and rereading multiple sources just to comprehend the basic property of the
Commented [WM4]: Literacy review should circle back around to my figured world from assignment 1. Commented [WM5]: Research and briefly discuss WHY mobile devices have less processing power and potentially how much less. Commented [WM6]: Talk about why it is important to have fewer bits since mobile devices have less processing power. Commented [WM7]: In the new literature review section, explain the memory storage and retrieval process specifically pertaining to how fewer bits corresponds to faster performance. Commented [WM8]: In entering the conversation, consider talking about the advantages of ECC for security in mobile devices.

system. Comprehending the basics of ECC requires the understanding of two key elements: public-key encryption, and elliptic curve mathematic functions. Most experts agree that cryptology can be divided into two eras: classical and modern. The classical era consisted of simple mathematic functions involving transference and substitution properties as well as encryption methods based out of books but the factor which all of the classical-era cryptosystems contained was the requirement of the members of the party relaying information to have prior knowledge of the key before the information was sent. The modern era of cryptography began in 1977 when both the RSA algorithm and Diffie-Hellman key-exchange algorithm were introduced [Sullivan, 2013]. What separates the two eras is that through incorporating a public key, members of the party attempting to create secure communication can use separate private keys, and still retain the ability to decrypt the ciphertext. Though ECC is extremely difficult and time consuming to decrypt for external parties, the reality is that it can still be decrypted. Previously, I discussed how cryptographic systems are the strategic choice of secure communication for messages which have constraints to the amount of time they must remain unknown (ie a companys new product). What about the preferred method of transferring data that must remain unknown to outside parties for an infinite amount of time? One would think that steganography would be the preferred method of secure communication in instances such as these, but in fact, I would still argue that the ECC is a more beneficial way to go. Assuming the numbers used during the encryption process of ECC are infact random, the constantly changing encryption scheme combined with the single mundane approach to cryptanalysis which exists for the particular system should provide enough security for the system to be effective long-term. That is not to say steganography is a useless practice.
Commented [WM9]: Consider combining these two paragraphs for organizational purposes.

Digital steganography and watermarking primarily focus on sending individual bits of data in places where they can be transferred undetected. Digital cryptosystems can be strengthened by sending the ciphertext in methods incorporating steganography. Because the message is digital, no matter how complex the number being sent is, it is ultimately going to be sent as a bit stream. A bit stream is simply the representation of the message being conveyed in binary language, a language in which all computers use to operate which uses only ones and zeroes. The most common places to hide the information sent in steganography is in text, image, audio, and video files. I will be using text-file based steganography systems for examples as they do not require the composite knowledge of digital bit storage to and memory retrieval to understand as systems using image, audio, and video files do. All we need to understand for text based systems is how text is stored electronically which I will break down step by step. Digital text is stored as either a variable or a constant, which are simply values stored in the computers memory (the only difference is that a variables value can be changed and a constants cannot) in this case a string. A string is stored as an array of letters/characters called chars. For our purposes, an array is a series of elements (in this case chars) which all reference the same variable/constant name and a unique index. Furthermore, the computer stores each char as an integer (called int) which corresponds to a specific character, in our examples the ints which represent each character will be derived from ASCII. Finally, the integer which corresponds to the correct character is converted into binary code, the language comprised of only ones and zeroes which the computer actually understands. For example, if you were to type the message Hello World! into the computer, this is how the message would be stored at each step:

string message = Hello World!; char message[12] = {H, e, l, l, o, , W, o, r, l, d, !}; char message[12] = {72, 101, 108, 108, 111, 32, 87, 111, 114, 108, 100, 33}; Bit string (or binary value) which variable or constant message is stored: 010010000110010101101100011011000110111100100000010101110110111101110010011011 000110010000100001 Now that we understand how textual data is stored, we can use this information to identify how some text-based steganography works. Many forms of text-based steganography take advantage of ASCIIs redundancy for space values in its char codes. For example, using ASCIIs codes, values 7, 9, 12, and 32 all represent spaces. To use this in the simplest way possible, you could write messages in binary where a space with ASCII code 7 represents a zero and a space with ASCII code 9 represents a one. Below is an example of how one could create a stego-carrier which would contain the letter A as a hidden message (binary translation of A = 010000001): What user sees: I am happy to be alive days like today! What the computer stores in char codes (ints representing a space are highlighted): 073 007 097 109 009 104 097 112 112 121 007 116 111 007 098 101 007 097 108 105 118 101 007 100 097 121 115 007 108 105 107 101 009 116 111 100 097 121 033 Using a system like this would allow one to write out a long essay which seemed harmless in order to disguise streams of underlying information. This particular system is extremely effective at hiding the transference of information since it neither yields a visible change in the display nor noticeably modifies the file size (amount of memory space the file uses).
Commented [WM10]: Clarify further which elements the computer sees versus which ones the user sees.

Significance of ECC and Steganography Though I still do not fully comprehend it, I cannot emphasize enough the power of ECC when it comes to information hiding. Influential companies and organizations around the world have already adopted ECC. The United States government uses it for internal communication protection, Bitcoin provides proof of ownership through it, and Apples iMessage service signatures are derived from it [Sullivan, 2013]. I have always believed that facts speak for themselves and thus reiterate that after 29 YEARS of research, no effective method of cryptanalysis has been found to decipher this particular cryptosystem! As of 2013, it was estimated that the (at that time) currently used RSA and Diffie-Hellman algorithms would be decrypted within five to ten years and that the ONLY suitable encryption scheme to use in the future would be ECC [Sullivan, 2013]. For all the excitement I reserve about this technique, it seems silly that I still do not fully understand it. Perhaps I deem the system more complex than it truly is due to this. I understand how the construction and decryption supposedly work, but what I fail to comprehend is how the plain-text is transferred within the cipher-text. In other words, I understand how the graph is created, and how the public key is created using the graph and private key. What eludes me is one, how the encryption process works after the public key is determined to get the locations of the point which generates the cipher-text, two, how the point which the cipher-text is based upon is translated into the bit stream which is actually sent, and three, how the plaintext is incorporated in the entire cryptosystem. Whats frustrating is that of these three uncertainties, I understand at least half of each concept, but not enough to wrap it all together. My experience as a programmer have allowed me to have a much stronger grasp of digital steganography and water-marking. This is one of the reasons which concludes me to

Commented [WM11]: Include conclusion in section header.

Commented [WM12]: Remove the vinegar from this sentence.

Commented [WM13]: Insert an actual graph under the paragraph.

Commented [WM14]: HAS

reject steganography as a viable source of secure communication. Anyone who understands a beginner to intermediate level about memory and the file type which is being used as a coverwork can breach the security of steganography extremely quickly, all they have to do is check to see if hidden information is present. If someone like me, who has only taken three classes studying computer programming can fully and easily comprehend how the system works, its effectiveness is obviously not going to hold if someone experienced in steganography or steganalysis is looking for it. This brings me back to one of my initial points in the introduction, they key to designing a cryptosystem with a high degree of difficulty to decipher is not to think about how to make the system more complex, but to consider the approach the attacker will take when decrypting and constructing a system designed to make whatever steps the attacker wants to take impossible or useless. After conducting research and attempting to understand how ECC works myself, I can testify that it is truly a trapdoor encryption system which eliminates every conceivable short-cut or trick the attacker would want to use, and it is for this reason that it has gained my respect as the most secure means of private communication which currently exists. Annotated Bibliography STINSON, D.R. 2006. Cryptography Theory and Practice. Chapman & Hall/CRC Taylor & Francis Group. Boca Raton, FL. When explaining cryptology, Stinson regularly mentions three important figures. Alice and Bob; the two) people transmitting encrypted messages, and Oscar; the opponent eavesdropping on those messages. Stinson opens his book by explaining the primary purpose of cryptography and how a cryptosystem operates. He then continues his introduction to cryptology by introducing some of the basic kinds cryptosystems (Shift Cipher, Substitution Cipher, Affine Cipher, Vigenre Cipher, and Hill Cipher) and explains how to compose and break each of those unique systems. After teaching some of the basic methods for creating cryptosystems, Stinson explains the basic ways to break them (attack models). Before revealing these methods, Stinson defines Kerckhoffs Principle which states that, more often than not, Oscar knows the cryptosystem being used [Stinson 2006]. After explaining these techniques, Stinson introduces the first method which can be used to create cryptosystems which can be considered beyond a

basic level. This product cryptosystem, developed by Claude Shannon in 1949, is created by combining two or more cryptosystems to form their product, a practice which has become a fundamental factor of modern cryptosystems [Stinson 2006]. JOHNSON, N.F., DURIC, Z., JAJODIA, S. 2003. Information Hiding: Steganography and Watermarking - Attacks and Countermeasures. Kluwer Academic Publishers. Norwell, MA. This article begins by defining steganography (literal translation covered writing) as the art of hiding and transmitting data through apparently innocuous carriers in an effort to conceal the existence of the data [Johnson, Duric, Jajodia, 2003]. It then discusses the difference between steganography and cryptography; Cryptography is a means of providing secrecy by scrambling a message, whereas steganography focuses simply on hiding the very existence of the message itself [Johnson, Duric, Jajodia, 2003]. The book discusses the advantage of steganography over cryptology; that the scrambled messages used in cryptosystems often times draw attention whereas when using steganography, the enemy is unaware a message was ever transmitted. The book notes the significance of this factor when discussing how the techniques used to attack cryptosystems versus hidden messages. After defining steganography, its counterpoint cryptography, and the relationship the two share, the references some of the particularly successful developments in steganography throughout history including microdot technology, a technique developed by Germany in World War I so successful that modified versions are still being used today [Johnson, Duric, Jajodia, 2003]. After summarizing some of the various recorded applications of steganography throughout history, the book lists and describes some of the countless methods used to conceal information in digital media including the use of inherent network protocols, allocated files in unused disk space, and audio/image files.

BLOOM, J.A., COX, I.J., FRIDRICH, J., KALKER, T., MILLER, M.L. 2008. Digital Watermarking and Steganography. Elsevier Inc. Burlington, MA. This books purpose was to provide framework for watermarking technology research and development and discusses solely still image watermarking techniques since the authors have experience dominantly in this area as well as video aspects of the field. The book begins by presenting an example of watermarking; President Jacksons reflection which can be seen when holding a $20 bill to the light. Watermarkings advantage which makes it so difficult to detect is that it can be applied to nearly anything including physical substances like fabrics, inks, and packaging as well as electronic sources, most commonly audio, image, and video files. Next, the book describes the primary difference between steganography and watermarking which is that when practicing steganography, it is more common to use whatever medium the message is hidden in as a decoy to camouflage the hidden message which is unrelated to the primary message or piece of data which is being sent [Bloom, Cox, Fridrich, Kalker, Miller, 2008]. Similar to steganography, watermarking uses an embedder, and a detector. The embedder carries two pieces of information; the secret message, and the cover work which the message is

hidden in. This cover work is then presented as input to the detector which checks whether the work includes a payload of hidden information and outputs that information if it is present [Bloom, Cox, Fridrich, Kalker, Miller, 2008]. Next the book discusses the history of both watermarking and steganography followed by a section explaining the importance of each of these fields. The second chapter begins by listing and describing in detail the applications of watermarking and steganography. The book continues to follow this comparison/contrast trend as it goes on to discuss the properties of the two fields and an evaluation of their systems. Chapters three through ten focus specifically on watermarking including detailed examples of actual watermarking models or techniques, how to encode messages in those assorted techniques, and watermarking-related security. GAGNANI, L., JOSHI, R., PANDEY, S. 2013. Image Steganography. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET), 2, 1, 224-227. After giving a brief background of steganography, cryptography, and the similarities and differences between the two, this article discusses why steganography has gained superior popularity over cryptography. Steganography has taken off as one of the most used methods of data hiding due to a lack of sophistication in cryptographic systems. This is primarily a result of government interference. Putting legal limitations on the strength of cryptographic systems or outlawing them altogether has become common practice, not only in the United States, but in governments around the world forcing people to study alternative methods of transferring secure information [Gagnani, Joshi, Pandey, 2013]. The article also mentions how businesses have played a large role in generating popularity of steganography over cryptology discussing their necessity for means of secure communication such as new product information or trade secrets and why it is more valuable to them to send undetected messages rather than suspicious encrypted files [Gagnani, Joshi, Pandey, 2013]. Following this analysis of steganographys advantages, the article discusses some of the different mediums in which steganography can be applied including, text, imagery, and audio files. Following the list of mediums is a list of common methods which are used to hide data in image files and explanations of how the data in each bit of memory that stores the image file is modified to hold information. LEE, I.-S. TSAI, W.-H. 2008. Data Hiding in Emails and Applications Using Unused ASCII Control Codes. Journal of Information Technology and Applications, 3, 1, 13-24. In this article, the medium by which hidden information is to be passed through is referred to as the cover carrier and the result of the embedding is referred to as the stego-carrier or stego-email since the article focuses specifically on email as a medium. The article begins by discussing the two types of digital text documents, hard-copy and soft-copy. A hard copy text document may be treated as a binary image resulting from scanning a text document, while a soft-copy document may be regarded as an American Standard Code for Information Interchange (ASCII) text that can be edited by text editing software such as Microsoft Word [Lee, Tsai, 2008]. Lee and Tsai continue by giving some brief examples of methods which can be used to implement data hiding in both hard and soft-copy text documents which range from generating binary code out of the number of space between words [Bender in Lee, Tsai, 2008], to generating code by assigning values to context-free grammar [Wayner in Lee, Tsai, 2008], to embedding data within the unused space of file headers (spaces which are invisible to most readers after

being automatically disregarded upon opening the files) [Cantrell and Dampier in Lee, Tsai, 2008]. KUMAR, A., POOJA, K. 2010. Steganography: A Data Hiding Technique. International Journal of Computer Applications. 9, 7, 19-23. After giving a brief background and explanation of steganography, Kumar and Pooja describe some of the methods of steganography used throughout history including wax tablets containing concealed messages scratched into the underlying wood from ancient Greece, the German microdots, and letters with two messages, one written in visible ink, the other written between the lines with invisible ink. Next they explain some of the practical uses of steganography. These uses can be helpful to the public such as creating stronger online user security for features such as e-commerce to developing better ways to hide a dirty little secret (or a big one). The next section of the article simply compares and contrasts steganography to cryptology. Following that, is a description of steganalysis or "the process of detecting steganography by looking at variances between bit patterns and unusually large file sizes [Kumar, Pooja, 2010]. This section discusses the approaches to recognizing stego-carriers and the tools available to make detection easier. BOONE, J.V. 2005. A Brief History of Cryptology. J.V. Boone. Annapolis, MD. Boone begins by iterating how important cryptology has become in everyday life, after all, we are currently living in the age of information and as a given, some of that information needs to be protected. Boone continues to recognize the significance of cryptology by quoting President Eisenhower: In war, nothing is more important to a commander than the facts concerning strength, dispositions, and intentions of his opponent and the proper interpretation of those facts. In peacetime, the necessary facts are of a different nature. They deal with conditions, resources, requirements, and attitudes prevailing in the world. They and their correct interpretation are essential to the development of policy to further our long-term security and best interests [Eisenhower in Boone, 2005]. After preaching the importance of cryptology and giving a short explanation of what it is, Boone begins to list some of its biggest achievements throughout history such as Arthur Scherbius ENIGMA and many other cryptographic systems and or tools developed during World War II. The second chapter discusses some of the first mechanical devices relative to cryptology from the 1200s to the 1800. The third chapter discusses devices developed in the 1800s and begins to describe the significance of some modern devices such as the telegraph and phone. SINGH, S. 2001. The Code Book: How to Make It, Break It, Hack It, Crack It. Simon Singh. New York, NY. Singh begins by summarizing the story surrounding Mary Queen of Scots. She had been accused of high treason with plans to assassinate Queen Elizabeth of England, correctly so. The issue surrounding the case was that Mary had only communicated with the group responsible for conspiring to assassinate Queen Elizabeth through letters written in a cipher. In order to prove her guilt and secure her conviction, Sir Francis Walsingham had to break the cipher [Singh,

2001]. Singh then begins to mention some of the earliest recorded accounts of the use of secret writing throughout history dating all the way back to Herodotus, the supposed father of history. According to Herodotus, it was a method of secret writing which saved the Greeks from being conquered by Persia during the Peloponnesian Wars. After summarizing the beginnings of cryptology, Singh divides the field into two major branches, transportation, and substitution. Transportation is a method related to scrambling the order of characters in a message. By using transportation, it is possible to generate over 50,000,000,000,000,000,000,000,000,000,000 possible combinations out of a sentence containing only 35 words [Singh 2001]. Substitution is the process of pairing specific corresponding symbols with one another and then swapping each of them when encrypting. LOW, R.M., STAMP, M. 2007. Applied Cryptanalysis: Breaking Ciphers in the Real World. John Wiley & Sons, Inc. Hoboken, NJ. This book breaks ciphers into four main categories; Classic ciphers, WWII ciphers, stream ciphers, and block ciphers. The book begins by explaining basic terminology associated with cryptology. Following this introduction is a list of some of the classic types of ciphers that have been used throughout history including transposition ciphers, double transposition ciphers, substitution ciphers, and affine ciphers. After describing these basic ciphers, Low and Stamp explain the index of coincidence or probability that two randomly selected cipher text symbols represent the same symbol in plaintext [Low, Stamp, 2007]. Following this theory, the book describes why the only cryptosystem which is truly invulnerable to ciphertext-only attacks is the one time pad, a cipher based in binary language which uses a key to trans-morph the plain text when encrypting it. The book also explains how a codebook cipher works, essentially the plaintext and ciphertext words are all paired in a book and as long as the book itself is secure, the messages transmitted are nearly impossible to decipher, due to the overwhelming amount of data this system allows storage for.

SULLIVAN, N. 2013. A (Relatively Easy to Understand) Primer on Elliptic Curve Cryptography. ars technica. http://arstechnica.com/security/2013/10/a-relatively-easy-tounderstand-primer-on-elliptic-curve-cryptography/ In his article, Sullivan breaks down public-key encryption the format which modern cryptography is based upon, and explains how elliptic curve cryptography (ECC) works. The article explains the RSA system, the most popular form of public-key encryption, and why it was necessary to develop ECC. Because RSA is built upon factoring, it is ultimately not sustainable as a long-term source of encryption, hence, ECC was conceived. Like RSA, ECC uses modular division to keep numbers appearing random, but instead of using multiplication to generate numbers, it uses elliptic curves. All elliptic curves follow the expression 2 = 3 + + After explaining ECC, Sullivan notes ECCs accelerating gain in popularity and lists some of the applications in which it is currently being used including the United States government internal communication protection, proof of bitcoin ownership, and Apples iMessage service signatures [Sullivan, 2013]. Sullivan proceeds to list some of the flaws in ECCs discussing the flaw in the electronic random number generator. When a computer generates a random number, the number is actually selected from a sequence and therefore not truly random at all. Given this

information, if an attacker had a list of the random numbers that a selected piece of software using an ECC contained, they could predict the random number and relatively easily decrypt the information being transferred. Fears of these threats were legitimized in 2013 when companies using ECDSA (a variant of ECC) for online security were hacked including bitcoin suffering losses around 1.2 million dollars and Sonys Playstation network suffering losses of approximately 171 million dollars [Sullivan, 2013]. Despite these drawbacks, many experts predict that the currently implemented RSA and Diffie-Hellman encryption schemes could be broken within five years (as of 2013) leaving ECC based encryption methods as the only possible alternative for the future.