The Mathematics of Security

Originally written on May 25, 2019.
I’ve been reading Joshua Holden’s The Mathematics of Security, subtitled Cryptography from Caesar Ciphers to Digital Encryption. The book begins with definitions of ciphers, plaintext, ciphertext, cryptanalysis and other common terms used in the general field of cryptography, and then dives into mathematical descriptions of different ciphers. They are presented not from a point-of-view of a formal proof but in a somewhat practical view of what makes each cipher more effective than the previously-defined cipher. Holden mixes in historical figures, so we learn, for example, that Carl Friedrich Gauss codified the “wraparound” technique seen in Caesar ciphers where a ciphertext letter is shifted a fixed number of characters. If that shift value is 5, ‘a’ in ciphertext becomes ‘f’, ‘b’ becomes ‘g’ and so on. For letters within the last five of the alphabet, you wraparound back to the beginning of the alphabet: for example, ‘x’ becomes ‘c’. Holden then relates this historical reference to current mathematics: the wraparound idea is modular arithmetic, and the wraparound number is the modulus.

I love the fact that the author points out that Caesar’s cipher was so successful partly because most of the people who might see it in passing could not read! It wasn’t until the 1800s that the fact that Caesar ciphers, relying on secrecy (it was passed in secret so that those who could read would not get their hands on it), were discovered to be very insecure ciphers. Auguste Kerckhoffs wrote that cipher text must not be secret -- that anyone should be able to see it and not easily guess the plaintext because they do not have the key to the cipher. The “key” in the case of a shift, or additive, cipher, is the number each ciphertext character is shifted to arrive at its plaintext value.

Up until this point, Holden hasn’t really gone much into mathematics. By discussing the shift or additive cipher, and then the multiplicative cipher, he starts describing each technique or algorithm in terms of its mathematics. In describing a multiplicative cipher, he doesn’t just jump to the concept of a multiplicative inverse, which is, the author points out later, fundamental to the cipher. Holden also hints that inverses are an important concept we will see later in the book.
Going back to the revealing of a multiplicative cipher, we learn that you cannot just pick any number to use as a key. If you pick 2, for example, and multiply the numeric value of any of the alphabetic characters by 2, and then take the modulo 26 value, not all characters can appear in the ciphertext because multiplication by 2 returns an even number.