The majority of my original research work over this interval was focused on the video/survey I plan to send out to various communities. The first part of this work involved writing a script, which I did to a high level of detail to make the rest of the process easier. The script is linked here and is also copied at the bottom of this post.
After the script was complete, I began work on the video itself. I have not quite finished it yet, but have made good progress. I have rendered out what I have so far, which you can view here: https://drive.google.com/file/d/13MzhoFA-cJyZxk3SdVzYoU2fuzcJq4px/view?usp=sharing
While this video is only a few minutes currently, it represents dozens of hours of work due to the tedious process that animation always is.
I also spent some time brainstorming with my committee where I might share the video and its accompanying survey. A few of our ideas include a local church community, a neighborhood association, or a sports club.
Note: the formatting here is messed up by WordPress, I suggest you view the linked version through google docs.
| Hi. In this video I’ll be explaining the basics of encryption. This might not be something you are usually interested in, but bear with me, because encryption is an important component of many of the technologies that make your life easier. You may have been told the importance of digital security, perhaps by a company offering an end-all, be-all solution. However, keeping yourself safe is not this easy. Fortunately, most of the work has already been done for you. Think of how many companies’ products you use every day on the internet: You might use Google to find a site, which is made by a university and uses Cloudflare for network protection, Amazon to host the site, and Facebook to load ads. If any of these companies didn’t care about your security, things would go wrong fast, and that company’s reputation would be destroyed. Therefore, your data is encrypted as it travels to and from the various servers of each company, theoretically guaranteeing your safety from any interceptions along the way. So why should you care about security at all, if it’s all taken care of? There are two reasons: First, “taken care of” can mean something different to each company, and remember that they are handling the encryption, meaning they also have the power to store and read your information if they wish. The second reason is just as important: If you don’t understand how encryption works and why it matters, you have no motivation to care abou t how it is used and regulated. This has been the most significant roadblock for proponents of encryption throughout the years. While cyphers and codes have existed for centuries, computer-driven encryption did not enter the public eye until the late 1960s. Before this, its development was done secretly inside intelligence agencies; the Nixon administration feared that publicly-available encryption would make crime untraceable and lead to widespread illegal activity. This didn’t stop some “public” cryptographers from making their voices heard. In 1976, Whitfield Diffie and Martin Hellman published a famous paper about so-called “public key exchange.” In order to explain why this work was so significant, I’ll have to start from the ground up. ———- ———- To make these concepts easier to visualise, let’s create a scenario. Let’s say one party, who we’ll call Alice, wants to send a message over the internet to another party, Bob. The message is important, and it’s critical that no one but Bob is able to read it. Unfortunately, Eve, a third, more malicious party, has managed to intercept their connection and is eavesdropping on their communication. It’s obvious why you can’t just send plain text over a network – anyone could simply interpret the radio waves your computer was sending and read your message exactly as you sent it. You can’t simply scramble the information, either. While this would prevent Eve from understanding the message, it would also make it unintelligible to Bob. What if Alice scrambles the message using a secret number, a key, in such a way that it can be decrypted by anyone who has the key? This works, but there is one problem: unless Alice has already agreed on a key with Bob before sending her message, she will have to send the key to him over the network. As we already know, this gives Eve everything she needs to decrypt the message. Alright, says Alice, I’ll just encrypt the key in the same way! But what about the key for that key? And so we see that this method doesn’t work either. It may seem like there is no solution to this problem, but Diffie and Hellman showed that we can exploit a particular mathematical quirk to find a way. The best way to think about this is to imagine buckets of paint, where each color represents a unique number. First, Alice and Bob agree on a common starting color. It doesn’t matter which color they pick, and it’s okay if Eve intercepts it. Both of them also have a unique “secret” color that they keep to themselves. Again, it’s not important what these colors are. Now, each mixes the shared color with their own secret color, then sends the resulting mix to the other. Eve now has seen three colors, but doesn’t know anything about them. Eve also cannot figure out the secret colors from the two mixes, since the paint cannot be unmixed. In reality, th is “mixing” involves a series of multiplications and divisions which are simple to perform, but nearly impossible to reverse since there are countless ways to reach the same result using different starting numbers. Now Alice and Bob each mix the color they received from the other with their own secret color. In both cases, the result is a mixture of the public color and both secret colors, meaning that our problem has been solved. Alice and Bob now have a shared key while Eve is forced to spend thousands of years trying to reverse engineer the mixtures she has received. Alice can now encrypt her original message using the key, and Bob can read it in secret. But how does this “encryption” actually work? To be honest, there is no one answer. These days there are countless encryption standards used around the world, and it would be impossible to explain all of them in detail. For the sake of time, I’ll go over two algorithms, one simple and one complex, to hopefully demonstrate the pros and cons of each approach. Specifically, I’ll be comparing a simple substitution cypher with the current international standard. The government loves to come up with boring names for things, so it is of course called the “Advanced Encryption Standard” or AES. A substitution cypher is something you have likely seen in books. The idea is simple: Write down every possible letter in a list. For english-speaking humans, this list has a length of 26. For english-speaking computers, it is a lot longer to account for parentheses, numbers, etc. /*and comes to 128 characters.*/ Now, for each character in the message, do the following: find that character in the list, then increment by some number of characters as many times as dictated by the secret key. Let’s say that Alice and Bob have agreed that the first digit of the secret key represents how many characters to increment each time, and the second represents how many times to increment. In this case, those are two and five respectively. Performing this process for our H, we see that the resulting character is R. We write R down as the first letter of our encrypted message. Now we repeat this process for all other characters in the message, looping back to the start of the list whenever we go over the end. We now have our encrypted message, ready to send, and in no time at all! My computer can perform more than one hundred thousand of these operations per second. Unfortunately, because all this algorithm is doing is taking steps in one direction, it is just as easy to take steps in the other direction. Even if we make our key millions of digits long, the task of “brute-forcing” – trying every possible combination until the right one is found – is trivial for modern computers. In my own testing, it took only zero point zero three seconds to decrypt a 20 character message with thousands of iterations. While this is obviously a simple example, imagine what modern computers can brute-force in, say, ten hours. It quickly becomes obvious why powerful encryption is needed to keep data safe. AES is a specification first established in 2001, based on a proposal submitted by two cryptographers during a global selection process. It operates in “blocks,” small chunks of binary data representing about twelve to twenty characters. Let’s pretend that each bit of data in this block is a piece of an image, much like a jigsaw puzzle. Each iteration of AES consists of four steps. First, we swap out each piece of the data for a completely unrelated one based on a lookup table – this is much like our substitution cypher from earlier, but here we’re just getting started. Next, each row is shifted first one, then two, then three, and so on in a certain direction. Now, each column is mixed up according to complex mathematical rules. Some of the values may change during this step. Lastly, the secret key is added in to each of the pieces to change their values. This whole process is repeated 10-14 times, resulting in a thoroughly scrambled message. So many operations have happened by now that it would take many lifetimes of the universe for every computer on earth combined to brute-force. It is therefore extremely secure, and is the only algorithm approved by the NSA for top secret information. But if so much is happening, doesn’t all this encryption take up valuable time? While AES is considerably slower than our previous example, it can still be done at lightning fast speeds. This is especially true because all modern processors have built in circuitry to perform AES encryption at a hardware level. It’s important that the global standard be fast, considering how much it is used. Going back to our original example of how data is sent to you to load a web page, unlike Alice and Bob’s open network, nearly all internet traffic is encrypted with AES or something similar. ——– ——– It’s easy to take all of this for granted; after all you will likely never experience any encryption-related issues in your own life. So why is it so important to understand? Because none of this would have been possible without the tireless work of cryptographers to push encryption into the public eye. When Diffie and Helman published their work on public key exchange, strong encryption of any kind was not only illegal to practice, but illegal to discuss publicly. The NSA and other intelligence agencies had an airtight clamp on the technology, allowing it to be used only for their own purposes. Why would they do this? Because they were afraid. Such unbreachable privacy had never been possible before, and many feared what would happen if strong encryption got into the hands of terrorist organizations or rival governments. What could criminals do if they had the power to communicate completely undetected? While this sentiment is understandable, there are a few problems with it. Firstly, private technology always takes longer to develop without the help of the global community. What if another country developed stronger encryption sooner, giving them a leg up? Also, as with anything desirable, criminals will always find a way to acquire it; at least if you release the standard you can keep everyone on the same page and discourage anyone else from developing alternatives. For these reasons, along with growing pressure from cryptographers and the public, the US government decided in 1976 to adopt the Data Encryption Standard, or DES, and to release this standard publicly. While DES encryption was considerably weaker than the AES method which replaced it, it opened the door for private companies and individuals to protect their information. Nonetheless, it’s critical that we do not get complacent. My goal for this video was to give you a better understanding of why you should care about your security and be grateful for the proverbial Prometheuses who handed you the torch. Next time you see a bill in your state enforcing stricter regulation of encryption or setting new standards, I hope you can make an informed decision about what path we should take to ensure our freedom and security. Although ultimately, none of this matters if your password is 123456. I’m looking at you, Alice. | A lock appears on screen. A clip of one of those RFID-blocking wallet commercials followed by a smash cut of YouTube VPN commercials. The logo of each company pops up in a line as they are mentioned. A red X appears over Amazon, which then spreads down the chain. Show an icon of a person with a hat attempting to break into the chain and failing. A big question mark appears. Show a Facebook logo sending along your data but keeping a copy for itself. The words “If you don’t know, you don’t care” appear. A lock on one side, a pedestrian on the other, the NSA in between. The person looks over but cannot see the lock. Photo of Diffie and Hellman along with the header from their paper. Alice and Bob appear on the left and right, with a network between them and Eve above. Alice broadcasts information which is sent to Bob but also intercepted by Eve. Another message is sent, this time a question mark appears over Eve and Bob’s head. A message is encrypted with a key, then sent to Bob. The key is then sent, and both Bob and Eve decrypt it. Alice does it A color appears alongside a number, they both vary. Alice sends a color to Bob; Eve keeps it as well. Secret colors pop up next to A and B. Different attempts to unmix paint; a question mark appears. A and B mix their colors to result in the same one; Eve frantically unmixes colors to no avail. A sends a message to B, who reads it. A question mark appears on screen, followed by a word cloud of encryption-based words. “Substitution Cypher vs. AES” appears. Both lists of characters are displayed sequentially. “Hello World” is shown on the left, along with “Secret key: 25” An arrow appears over ‘H’ ‘2’ and ‘5’ appear in the middle of the screen. The arrow increments appropriately, then an ‘R’ appears on the right of the screen level with the original message. This repeats, sped up, for all other characters. Zoom in on the resulting message. An arrow appears pointing right along a line of characters, then one appears below pointing left. E puts many numbers through a black box, eventually revealing the true message. *Some kind of image representing AES in the real world.* An image of a dog appears, which splits into 16 pieces. Each part of the image is replaced with another based on a table. Each row of pieces is permuted consecutively more. < Each piece changes color. The process happens again, sped up, until we are left with random values. A CPU is shown performing encryption very fast. Show an icon of a person with a hat attempting to break into the chain and failing. (same as clip 3) An icon of a person shrugs. An encryption word cloud is hidden behind an NSA insignia. Images of Diffie, Helman, and a crowd of people slowly poke at the wall. ? <- a lock appears next to an NSA insignia, then a much bigger lock slams down next to another country). Some background images regarding DES Facecam? Blank screen? |