Yang Guang, Research Director of Conflux: From Modern Cryptography to Blockchain

"It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience."

This is one of the six principles of the famous cryptography Kirkhof.

The issue of software open source and security, which has recently been regulated by the US government, has caused great discussion and attention.

The blockchain is one of the most relevant technologies for open source, and cryptography, one of the origins of the blockchain, has already had an answer.

Introduction / Lin Jiayi

Text / Yang Guang

When it comes to passwords or cryptography, many people may have two very different images in their minds.

A kind of romanticism in mystery, such as the dancing characters of Holmes (see The Adventure of the Dancing Men) or the Da Vinci Code, commonly found in popular literature and Film and television works.

The other is chilly and even boring. For example, according to a short password, the computer program turns a good file into a series of unrecognized "garbled characters", which is actually the various electronic devices around us. The password that is used every moment.

Why do we have two very different impressions of the same concept?

Is the mass media cheating us?

In fact, the answer is not as simple as it is: both descriptions of cryptography are correct, except that the former is often referred to as "classical cryptography" and the latter is called "modern cryptography" – It is the cryptography that people study and use today.

Although the two are also bearing the name of "cryptography", they are very different in nature. In a word, "classical cryptography belongs to art, and modern cryptography belongs to science."

Classical cryptography

Specifically, the security of classical cryptography comes from the knowledge accumulation and creativity of the cryptographer, as well as the confidentiality of the designed solution.

For example, during the Second World War, the US military used the Navajo language to learn and understand the characteristics. Based on the language, a communication terminology system was established and a large number of Navajo people were recruited to serve as decoders. (The 2002 film "Winners" That reflects the relevant deeds).

For the Japanese, there are only two ways to break through this cryptosystem: one is to learn Navajo from zero; the other is to first hear that the password is based on Navajo, and then try to find it. The Vaho people helped crack it.

In fact, this set of passwords was not cracked until the end of the war.

However, if the opponent is superior, the cryptosystem that relies too much on a confidential design scheme will be self-defeating—a good example of Turing's story of helping the Allies break the German “Enigma” password (Note 1).

Classical cryptography, as a military technology with thousands of years of history, can perform its mission well in most cases, so why did it fall to the point of being replaced by modern cryptography today?

This is because classical cryptography, as an art form of high and low, is similar to many other elegant art and does not meet the needs of the broad masses of the people – in simple terms, it is too expensive, and ordinary people cannot afford it.

For national governments, the military, or some powerful black organizations, it is not difficult to design a cryptographic system for their members. It is only necessary to avoid traitors in the organization.

For ordinary people, the cost of designing a set of passwords is already somewhat expensive. More expensive is often not enough. For example, Alice wants to communicate confidentially with Bob and Chris separately, in order to ensure that Bob cannot decrypt Alice and Communication between Chris, Alice must use two distinct cryptosystems when communicating with two people.

Imagine if a bank needs to design a separate set of passwords for user and interbank communication for each user, then a cryptography major will definitely find a job at the bank—provided the bank has not been costed High and closed down.

The birth of modern cryptography

In fact, with the popularity of computers, even the wealthy local tyrants of the US government can hardly afford to maintain the cost of a dedicated cryptosystem for every department that uses computers.

As a result, the National Bureau of Standards (the predecessor of NIST) in the United States began collecting cryptosystems for encrypting non-confidential sensitive information within the government in 1972.

In the second round of public-facing convening in 1974, IBM submitted a proposal for an encryption algorithm called the DES encryption algorithm, where DES is the abbreviation of Data Encryption Standard ("Data Encryption Standard").

As a pioneering and outstanding representative of modern cryptography, the DES encryption algorithm follows the Kirkhof principle.

This principle requires that the security of the cryptosystem be completely dependent on a secure key that is kept in a safe place, without relying on the confidentiality of the details of the cryptosystem itself. In the words of Claude Shannon, the inventor of information theory, it is "the enemy understands the system."

According to the Kirkhof principle, the same cryptosystem can be used to securely communicate on all channels simply by keeping the respective passwords of the different communication channels.

The feature of "replace only the key, not change the password system" greatly reduces the cost of using encryption technology, making the password from a work of art into a low-cost and widely available industrial product.

Modern cryptography technology has finally gained an opportunity to show its talents in commercial applications represented by finance.

Although DES is a very good encryption algorithm, trust in DES is not inherent.

As early as 1975 when the US National Bureau of Standards publicly solicited opinions on the DES program, it was suggested that the National Security Agency (the notorious NSA) interfered with the design of the DES algorithm, especially the specific choice of S-box in the DES algorithm ( It should have been randomly selected), which may secretly weaken the security of the algorithm or even bury it in the backdoor, so that the NSA can crack the encrypted information more easily.

To this end, DES has been scrutinized by academia, which has even directly contributed to the development of cryptanalysis.

The suspicion of hiding weaknesses in the S-box eventually disappeared until the early 1990s, as the NSA's modifications to the S-box were significantly improved based on the differential cryptanalysis techniques discovered and published by Eli Biham and Adi Shamir (Note 2). The ability of the DES algorithm to resist differential cryptographic attacks—There is evidence that IBM and NSA have known this attack technology since 1974.

On the other hand, there is also information showing that the NSA has convinced IBM to shorten the key length of the DES algorithm, possibly to limit the security of the DES algorithm to the NSA's hackable range.

From the public collection and discussion of DES encryption algorithm, and then the academic community suspected that NSA intervened to try to find the weakness of DES, the whole process shows that the public DES algorithm not only does not reduce its security, but proves it through extensive and in-depth research. Safety and reliability.

The 3DES algorithm that overcomes the shortage of keys by using three encryptions still exists in software such as Firefox, and has been used in Microsoft Office 365 until December 2018. NIST mentioned in the review of DES:

DES can be described as the "first impetus" for non-military research and development of encryption algorithms.

In the 1970s, cryptographers outside the military or intelligence organizations had very little academic research on cryptography.

There are now many cryptographers active in academia, high-quality cryptography courses in universities, and commercial information security companies and consultants.

A whole generation of cryptographers are desperately trying to analyze the DES algorithm, or rather, trying to crack.

In the words of cryptographer Bruce Schneier: "DES has done more to promote the development of the cryptography community than anything else. There is now an algorithm for scholars to analyze."

Cryptography and open source movement

An important reason for the success of the DES encryption algorithm is that its algorithm design is completely public from the beginning, so anyone interested in it can try to analyze it, which is essential to the secret cryptosystem used in military or intelligence. different.

It is also because of its openness that DES finally cleared the suspicion of being buried in the back door by NSA interference and was widely used commercially.

The DES algorithm sets a benchmark for modern cryptography. Since then, all civilian cryptographic algorithms have followed the Kirkhof principle and disclosed all algorithmic designs for cryptographic peer research, as well as cryptography that withstand peer analysis and attack. The algorithm will be recognized as safe.

Some people may think that public cryptography algorithms will also facilitate the cracking of passwords by malicious attackers.

But in fact, I have never heard of any case because the cryptographic algorithm was broken and caused losses.

Most of the causes of security incidents are outside of cryptography, including programmers writing code without understanding the cryptographic algorithm itself designed to write bugs (for example, the Sony PS3's ECDSA signature algorithm is implemented in a place where the random number is used. Number), even using the wrong algorithm (for example, some programmers will use the MD5 or SHA algorithm to "encrypt"), or accidentally leaking keys for other reasons (such as someone who mistakenly used the test with a plaintext key) Upload files to GitHub) and more.

Even the attack methods in the cryptography range are implemented by measuring side-channel attacks such as program running time or chip power consumption. In essence, the loopholes that are not considered in the implementation of the algorithm are considered.

In fact, modern cryptanalysis techniques require a high degree of mathematical skills. Therefore, the best analysts are often in the academic world. They are more willing to publicly publish their research results to gain academic reputation rather than launch actual attacks. beneficial.

In addition, after the theoretical loopholes are usually found, it takes a considerable period of time to successfully exploit the vulnerability to launch an attack. This provides a valuable buffer for users to upgrade in time.

For example, in 2005, Professor Wang Xiaoyun pointed out the security vulnerability of the SHA-1 hash function widely used in business at the time. Although this vulnerability does not mean that it can directly break the system using SHA-1, it is enough to prove the security of SHA-1. Severely lower than expected, and directly prompted NIST to choose a new SHA-2 hash function (including SHA-256, SHA-512 and other variants) instead of SHA-1.

But the true declaration of SHA-1 death, but also wait until more than ten years later in 2017, Google team completed the complete crack of SHA-1.

At this point in any reliable project, the replacement upgrade for SHA-1 should have been completed.

Nowadays, cryptographic research on anti-quantum computing attacks has more or less similar "prepared tires" meaning. If one day quantum computer technology makes a major breakthrough, people should switch before quantum computers are really used to attack RSA or ECDSA. Go to the new password system.

Therefore, by public cryptography algorithm design, users can get early warning about the vulnerability and upgrade to the new algorithm before the vulnerability is actually used. This is far better than being unprepared. attack.

In contrast, adopting a cryptographic design that is confidential can only prevent goodwill researchers from analyzing and helping to improve their security. For opponents who deliberately attack the password, whether through reverse engineering or through social engineering, there will always be The method breaks through the secrecy mechanism to obtain the corresponding design plan, and then sneak cracks until the user launches the attack without the user's knowledge.

For example, in the Second World War, the Germans did not know that the cryptosystem they used had been cracked by the Turing-led team. They still used the cracked cryptosystem to pass confidential information, which made a significant contribution to the Allied victory.

Cryptologists also cherish and maintain the right to openly discuss, research, and use cryptography.

Especially in the context of the information age and the Internet age, cryptography is an important technology to protect people's information from being streaking.

From this perspective, cryptographers are fighting for the right to learn and use cryptography for ordinary people, and even a little bit of Prometheus's feeling of stealing fire for humans.

As early as 1991, Phil Zimmermann wrote a high-intensity encryption software called PGP with a key length of more than 128 bits.

At that time, the US government required encryption products with a key length of more than 40 digits to be subject to export control as an arms product. Therefore, when Zimmermann put the PGP source code online for people to download, it alerted the US government.

Zimmermann's case at the time caused a heated discussion in the technical and legal circles, and many people stood up to support him and provide various support.

Eventually Zimmermann decided to circumvent the government's restrictions on encryption software in a roundabout way – he published a book containing all the source code for PGP through MIT, which was the first in the US Constitution as a publication rather than a software. The amendment protects the freedom of the press.

Since then, two famous cases have occurred.

In 1995, Professor Junger of Case Western Reserve University initiated a lawsuit against the US State Department in an effort to publicly teach encryption rights in a classroom (with foreign students).

In 1996, Bernstein, a student at the University of California at Berkeley, filed a lawsuit against the US Department of Justice for unrestricted disclosure of his own cryptographic algorithms and participation in academic discussions.

These two cases have attracted wide attention from the society. With the joint efforts of a large number of lawyers and jurists, scientists and engineers, the two cases have won the final victory after 2000.

The cryptographers' struggles not only won the right to freely discuss and use cryptography, but more importantly, these jurisprudence determined that cryptographic algorithms and source code are a form of freedom of speech and are not subject to US government restrictions on software exports— – This is of paramount importance for the development of all future open source software projects.

With the openness of cryptographic technology, people can finally get rid of the last trace of doubts about whether the source code of open source projects will be regulated by the US government. So many open source software foundations have chosen to register in the US, which is also open source for the future. The flourishing development of software projects laid the foundation.

Compared with copyright software, open source software has unique advantages in terms of security, reliability, and scalability.

By revealing the source code, vulnerabilities caused by inadvertence in open source software are more easily discovered by other programmers, and the behavior of implanted backdoors is as obvious as the scorpion on the bald head – in contrast, the loopholes and backdoors of closed source software It is often only discovered by experienced hackers.

In terms of reliability, since the source code of the open source software is already public, the user does not have to worry too much about the software developer's failure to continue using the software after the shelf is removed or stopped, and only needs to modify and compile the source code.

In terms of scalability, open source software has an unparalleled advantage. Anyone can freely customize and modify the software code according to their own needs, regardless of time or economic cost, much lower than custom copyright software. .

In addition, open source software projects are also very important for cultivating new programmers and improving the technical level of the entire industry.

Farther away than open source software

As more and more people become aware of the disruptive role of open source software projects in computer software, especially the Internet industry, some people have already turned their attention to further distances: in addition to bringing free and easy-to-use software, open source projects actually It also brings the same more valuable thing – trust.

When using closed source software, we don't really know what the software will do.

For example, will the software secretly scan our hard drive or tamper with certain files?

Will we collect our private information or even steal the password of the online account?

Most of the time, users can only choose to trust a centralized organization to use the software with confidence. This organization can be the software publisher, anti-virus software vendor, or operating system vendor.

But what if the organization is trying to do this?

If Microsoft wants to collect data from Windows users, it is believed that they can technically collect the history of their visits to the website without the ordinary users being unaware.

Perhaps Microsoft is concerned that the law will not go beyond the thunder, but if the FBI asks Microsoft to provide information about certain users in the name of a certain grandiose (such as "TongRu")?

Moreover, in the case that the law cannot keep up with the speed of technological development, no one can guarantee that commercial companies will not infringe on the rights and interests of users in the form of legal “edge ball”.

Older friends should remember the “3Q War” in 2010 when Qihoo and Tencent blamed each other for unfair competition and infringement of user privacy.

Open source software is much better than closed source in this respect, because with open source code, all trained programmers can understand how the program will run.

If the code of an open source project is embedded with backdoors or malicious code, as long as someone finds and points out the location of the problem, other programmers can easily verify if there is a problem, or even modify the problematic part. Continue to use the original code.

Therefore, an open source project that has been widely used for a long time is almost impossible to have any backdoor or malicious code, which is much more credible than closed source copyright software.

If we look at it a little further, it is easy to see how many parts of our society operate. In fact, it is also like a black-skinned "closed source": for example, we can't confirm whether the World Cup matches are tricky or not. Know if the car you bought has been repaired or replaced, not to mention statistics or even limiting the amount of money issued by the government.

To this end, in reality we can only choose to trust the World Cup Organizing Committee, the court or the government and other authorities – even if you do not believe, it is difficult to have other better choices.

If these "closed-source" parts of society can operate in an open source model, and everyone can see the rules of the run and verify that the system is running according to the rules, then you don't have to trust an authority.

This open source operation must lead to a higher degree of trust, a kind of "decentralized" trust.

To this end, on October 31, 2008, someone sent a message on the mailing list of a cryptography circle:

"I've been working on a new electronic cash system that's fully peer-to-peer, with no trusted third party."

A paper was attached to the letter titled "Bitcoin: A Peer-to-Peer Electronic Cash System".

Note 1: The 2014 movie "Imitation Game" tells the true story. The film also won the Oscar for Best Adapted Screenplay Award and seven other awards such as Best Picture and Best Actor.

Note 2: Shamir is an Israeli cryptographer and Turing Award winner. The “S” in the famous RSA public key cryptography algorithm comes from his initials. In March of this year, he was unable to participate in the RSA Information Security Conference (named after him) in the United States because he was refused by the United States. This incident temporarily made the Trump administration's visa policy a joke.

Yang Guang

Yang Guang graduated from Yao Ban of Tsinghua University and received his Ph.D. in computer science from the Institute of Interdisciplinary Information of Tsinghua University. Before joining the Conflux team, he worked in the University of Aarhus, Denmark, Institute of Computing, Chinese Academy of Sciences, and Bitland. His research interests include cryptography, game theory, and blockchain. His doctoral thesis was awarded the Outstanding Doctoral Dissertation Award of the Chinese Cryptography Society.