Visualizing Cryptography
Unless you are a mathematician or a cryptologist, a technical description of how an encryption algorithm works can make your eyes glaze over. So I thought I would do something that is both mildly educational and a little bit entertaining (see the challenge at the end of this blog entry).
I wrote a little crypto application that encrypts and decrypts graphical images. The encryption algorithm (call it algorithm X) is “home-grown” and was designed to be visually appealing rather than secure. I will use it to illustrate some weaknesses in its encryption and to highlight a couple of essential properties of a good crypto algorithm.
Algorithm X is a simple permutation of pixels in the image. Each iteration or frame will permute the pixels a bit more. The permutation rule is designed so that the pixels appear to move and collide with each other like billiard balls, which is what makes it visually appealing. After many rounds the image becomes more scrambled and at some point you could say it is “encrypted”. Simply running the rule in reverse decrypts the image. The following shows the input and resulting images produced by running algorithm X and AES.
Figure 1: Input Image
Figure 2: Encrypted with Algorithm X
Figure 3: Encrypted with AES
With algorithm X you can still see some of the original information. For example, you may notice that the color information has not changed and that the pixels are merely scrambled. You can also still see some clustering of pixels around where the flag and FIPS logo were originally. This is because the permutations are very local and it takes many “rounds” (frames) for the pixels to become dissipated. AES does a much better job at diffusing the information very quickly and using the entire range of colors uniformly so there is no discernable pattern relating to the input. In fact randomness of the output of an algorithm was one of the criteria used by NIST when selecting the AES algorithm.
That being said I could conceivably modify algorithm X to produce similar looking images to the AES version but that is no indication of security. Looks are only skin deep and the real security of an algorithm is also determined by other factors such as the soundness of the mathematical implementation, and its resistance to cryptanalysis. Even so, public algorithms also spend years of being in the public domain where they should survive the test of time.
But once again, Algorithm X was designed to be entertaining not secure, which brings us to the fun part of the discussion. If you download the application (download link) you can try the encryption and decryption of the sample above.
Challenge:
In the Visual Crypto application there is a secret image that has been password protected. To decrypt the message you will need the correct password. Using the clues below you can construct the password (Tip: search our recent press releases and device literature on our web site for answers).
Clues:
1. The password is thirteen characters (all upper case)
2. The name of the security evaluation for the UK Government that the Stealth M550 is undergoing: (4)
3. Acronyms of the U.S. Government smart cards that can be used as authentication factors for MXI Security devices: (3 + 3)
4. Family of devices that combine secure storage, strong authentication, digital identity services, and management functions? (3)
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Leave a Reply