<h1 align="center">Can You Keep a Secret?<b> Introduction to Cryptography</b></h1>

# 1.0 Safe Spending

Have you ever bought anything off the internet or off Amazon? When you type your credit information and your all personal information have you ever thought about how all your personal information gets to Amazon's servers and isn't intercepted by anyone?

<img src="assets/amazon.jpg" alt="Drawing" style="width: 400px;"/>

Well, you can thank Computer Security and Cryptology for that. Data is in transit is encryped so that no noisy hackers can get to it. If you sent your credit card 1234-5678, I would just see a bunch of gibberish and would be unable to decode it? 

<img src="assets/crypt.jpg" alt="Drawing" style="width: 400px;"/>

__Cryptography or cryptology is the practice and study of techniques for secure communication in the presence of third parties called adversaries__

# 1.1 Why should we care?

* All the personal information that some company has about you on their server.
* What would happened if someone hacked into your Facebook or Email and started to impersonate you?
* Banks store their money electronically

# 1.2 Alice and Bob

Alice and Bob are two classic characters in cryptography. Alice and Bob are trying to communicate securely. However, Eve is easedropping and try to listen in on what they are saying.

<img src="assets/encryption.png" alt="Drawing" style="width: 400px;"/>

What makes a good cryptographic method for Alice and Bob to communicate with?
* Difficulty of Breaking
* Low cost of computation

# 2.0 An Ancient Example 

People have wanted secure communications for a very long time. When Caesar was conquering the world and busy on his expeditions he used a very primitive form of communication to speak with Generals. He used the __Caeser Cipher__.

<img src="assets/caesar.png" alt="Drawing" style="width: 400px;"/>

The Caesar Cipher works in the following way: pick a number $n$ between 1 and 25. Shift each letter in your message $n$ letters forward.

For example if I chose $n = 1$ and had the message

__ABC are the first letters__

The Caesar cipher would encrypt this as 

__BCD bsd uid hjstu mduudst__

Formally each letter is encrypted as

$$ E_n(x) = x + n \mod 26$$

To decrypt a word you reverse the process and decrease $n$ from the letter.

$$ E_n(x) = x - n \mod 26$$

It is a __VERY__ weak encryption method by modern standards but it was probably pretty effective for Caesar. Granted because most of his enemies were either illiterate or spoke another language ... so ... yea.

__Can you think of why this may not be the strongest cipher?__

```python
NUMBER_OF_LETTERS = 26
A_IN_PYTHON = 97

def casear_cipher(n):

    encrypt = {}

    for i in range(NUMBER_OF_LETTERS + 1):

        original_letter = i + A_IN_PYTHON
        shift = i + n

        letter = chr(original_letter)
        other_letter = chr((shift % NUMBER_OF_LETTERS) + A_IN_PYTHON)

        encrypt[letter] = other_letter

    return encrypt
```

# 2.1 Cracking the Caesar Cipher

Can you think of method of breaking the Caesar Cipher?

One can the brute force a solution by trying all 25 combinations ... let's pretend you would like to be more clever than that.

A more classy solution was actually discussed as early at the 9th century in the writings of an Arab: Al-Kindi.

<img src="assets/kindi.jpg" alt="Drawing" style="width: 400px;"/>

Al-Kindi observed that frequency analysis could be used to break the cipher. Letters in a language are not distributed uniformly. For example, if I have a corpus of English text: let's say Sunday's New York Times. It is highly unlikely that $\frac{1}{26}$ of the letters are __a__, $\frac{1}{26}$ of the letters are b, $\frac{1}{26}$ of the letters are c and so on .

Rather you are much likely to many more __e__'s and __s__'s then __z__'s or __q__'s.

<img src="assets/freq.jpg" alt="Drawing" style="width: 400px;"/>

If you were to use Frequency Analysis to break a Caesar Cipher  you would try and match observed frequencies to their known frequencies in English. For example the letter __e__ is known to have a frequency of about $13\%$ in English. If you were in the cypher to observe the letter __z__ to have a frequency of $13\%$ you could infer that __z__ was __e__ as work backwards.

What are some drawbacks of this approach?

What if you don't have much text what are you to do?

# 2.2 Caesar Cipher Upgraded 

The __Vigenère cipher__ is a method of encrypting alphabetic text by using a series of interwoven Caesar ciphers based on the letters of a keyword. It is a form of polyalphabetic substitution.

<img src="assets/vig.jpg" alt="Drawing" style="width: 400px;"/>

In a Vignere Cipher you have a short key word like for example __LEMON__. You superimpose the keyword over your message and shift each letter in your message based on the keyword letter associated with it.

\begin{align}
&ATTACKATDAWN\\
&LEMONLEMONLE
\end{align}

Shift A the numeric value corresponding to L over. Shift T the numeric value corresponding to E over and so on.

This is a more effective cipher than the Caesar cipher and for a while was nearly unbreakable. However, as you may have guessed it was broken. Can you think about some vunerabilities in the cipher? 


# 2.3 Caesar Cipher Even More Upgraded 

What if our key length in the Vignere cipher was as long as the message? Would an attack be able to break our the cipher?

Let's say we return to the humble Caesar cipher.  However, instead of shifting every letter forward by $k$ we roll a $26$ sided die. For every letter in our message we roll the dice and produce a number which we write down. This number becomes the shift distance for the character at that position. Can one perform frequency analysis on this cipher to break it?

No. This cipher is unbreakable. Computationally this is too unfeasible. $26 ^ {\text{length of message}}$ If for a A Five letter word would write all the possible cominbations on a piece of apper and stacked them the wall of paper would be 1km high.

This is known as a one time pad, I cannot give Bob a simple number or simple keyword but I must give him a keyword that is as long as the message. How do I protect giving him the key? Do I encrypt the key? Then who will encrypt the encryptor?

```python
from random import randint

def create_mapping(msg):

    d = {}

    for i in range(len(msg)):

        random_shift_forward = randint(0,26)

        d[i] = random_shift_forward

    return d
```

# 2.4 A Note on Randomness

Where does randomness come from? Can you write code that magically generates randomness out of thin air. The answer is no. Randomness must come from the environment in some way: either the time at the a certain moment, the weather that day or some internal configuration of the computer.

At anyrate generating true randomness is a very important and difficult thing to do. If your numbers aren't truly random your cipher could be compromised. 

Let's not worry about that for the time being and use Python's included random module/library.

## 2.4.1 What is a Library

A library is a pre-written unit of code that provides functionality for you to use in your code. For example, let's say I wrote a function that encrypts a bunch of text using a Caesar Cipher. Later, I have a bit text that I want to encrpyt in a different program, should I bother rewriting the Caesar Cipher? No!!!

```python
from ciphers import caesar

encrypted_text = caesar("some random message", shift_amount)
```

Above we used Python's random module. As the name implys the library has a bunch of functionality related to generated random number.

For example if we a bunch of options that we would like to randomly choose from, there is a function for that.

```python
from random import choice
lunch_options = ['steak', 'fish' ,'bbq', 'turkey sandwich']
lunch = choice(lunch_options)
```

# 3.0 Hash Functions and your Password

A couple of years ago there big fuss about company called Ashley Madison getting hacked. Ashley Madison was a dating website for married couples and as a result of the hack all their personal information was exposed. Every couple of years a big data breach like this happens. Whether its Yahoo, LinkedIn or Big Governments.

<img src="assets/databreach.jpg" alt="Drawing" style="width: 400px;"/>

Obviously, then protecting data is a very important task. Have you ever wondered how your data is protected when you sign into services. For example when you sign into your favorite website lets say Facebook how do they store your password?

\begin{align}
\text{username: }& \text{nasrmaswood}\\
\text{password: }& \text{iloveponies123}
\end{align}

Your login information is stored in something called a database along with all the others users. To login you into the service the website will query the database for credentials and see if your password matches. If it does it will grant you an authentication token that will allow access to that service.


<img src="assets/wp.gif" alt="Drawing" style="width: 400px;"/>
__However, the problem is, what happens when the database gets hacked? EVERYONE's information is potentially compromised. Especially if the information is stored in plaintext__

For example, how many of you reuse passwords among different services? Probably at least a couple of you. So if they got your Facebook login information couldn't they also get you online banking information?




# 3.1 Solution to Plain Text Passwords

<img src="assets/chf.svg" alt="Drawing" style="width: 400px;"/>

To avoid this danger password are first put through a __cryptographic hash function__ before they are stored. This way the person storing your password actually has no idea what your original password originally. But is your password still tottaly safe?

A  __cryptographic hash function__ is a one way function that obfuscate yours text such that the original cannot be recovered. However, the attacker can still guess a password run it through the hash function and see if the hashes match.

```python
def hash_function(string):

     x = 37

     for char in string:
        x = x * ord(char)

    return x
```

What are some problems with this you could imagine?

## 3.1 Online Attacks

* To combat people simply trying to guess on the website many times. Sites often have rate limiters which limits the amount of guesses per interval of time. This is similiar to an iPhone locking you out after too many incorrect guesses.


# 3.1 Offline Attacks

If an attacker does compromise the website's security and gets access to their database there are multiple attacks they can try. 

__jtr__ and __hashcat__
* software that enumerate through common password permutations and guesses them.

__giant hash tables__
* very fast
* very very space intensive though 

__rainbow tables__
* trade off between time and space.

# RSA Encryption

RSA Encryption is the current protocol for encrypting data across the web. It is a little bit techincal so I will just describe it in broad strokes. 

Pretend that you have a lockbox and key that that opens this lockbox.

<img src="assets/lockbox.jpg" alt="Drawing" style="width: 400px;"/>

When you want a friend to send you a message. You give your friend the open lockbox. They put their letter in the lockbox and send it back to you. Now, people only you have the key to the lock box only you can open it. Obviously this all happens through math, but the analogy is more or less the same. 


Really all the magic is done through prime numbe
s an algorithm used by modern computers to encrypt and decrypt messages. It is an asymmetric cryptographic algorithm. Asymmetric means that there are two different keys. This is also called public key cryptography, because one of them can be given to everyone. The other key must be kept private. It is based on the fact that finding the factors of an integer is hard (the factoring problem).

Most basic and general explanation: cryptography is all about number theory, and all integer numbers (except 0 and 1) are made up of primes, so you deal with primes a lot in number theory.

More specifically, some important cryptographic algorithms such as RSA critically depend on the fact that prime factorization of large numbers takes a long time. Basically you have a "public key" consisting of a product of two large primes used to encrypt a message, and a "secret key" consisting of those two primes used to decrypt the message. You can make the public key public, and everyone can use it to encrypt messages to you, but only you know the prime factors and can decrypt the messages. Everyone else would have to factor the number, which takes too long to be practical, given the current state of the art of number theory.

# Historical Note


The history of cryptography is tightly linked to the birth of compputer science and computing.

<img src="assets/enigma.jpg" alt="Drawing" style="width: 400px;"/>

During WWII cracking the codes of enemy interceptions was extremely important. The Germans developed an advanced machine that generated ciphers called the enigma machine.  The Axis Needed to launch surprise attacks. 