Spears, Enigmas and Quantum Computing: The Evolution of Encryption and War

i just want to welcome you all to besides 2021 here in perth uh and thank you all for being here both in person and online uh i'd also really like to thank all the organizers the sponsors university of wa all the volunteers involved in putting this event on it's absolutely awesome to be able to present to you all so a little bit about myself i'm anthony jones i'm a security consultant with kinetic i.t protect plus and i've been in various risk management roles for the previous 10 years i'm obviously passionate about cyber hence why i'm here but i'm also very interested in history and what we can learn from it to help guide us in the future

and it was a combination of these two interests that provided the inspiration for my topic today and i hope you all find it interesting

so my presentation today is spears enigmas and quantum computing the evolution of encryption and war so today we'll be taking a look at the role of cryptography through warfare throughout history including some of the key cryptographic moments in history that had ramifications not just for wars but for also greater society as we know it we're then going to take a look forward at quantum computing in the context of cryptography and what that might mean for the cyber wars of the future

so first up we go all the way back to ancient spartan warfare

so from about 700 to 400 bc uh spartan military officers utilize an ancient encryption technique called the city cipher so the siddeley cipher involved wrapping a piece of leather or cloth around a rod or a spear before writing a message and then to decrypt or read the message you had to re-wrap that leather or cloth around a rod or a spear of the same diameter this enables spartan military officers to send encrypted messages to one another via messengers with some protection against those messages being intercepted and the information being used against them

next up we move all the way forward to world war one so during world war one there was a plethora of encoding and encryption techniques utilised and one of the most popular was code books so code books would have hundreds or thousands of phrases written in them each with an associated number up to five digits so that when you wrote a message the phrases you used were simply replaced by the associated numbers in the code book there was also something called super encryption utilized which was when a message was first encoded using a code book and then encrypted using a simple substitution or transposition cipher now to paint the picture a little bit in january 1917

world war one had been raging for about three years and was effectively in a stalemate both sides were engaged in horrible trench warfare with neither side gaining much ground without tremendous loss of life at this stage the united states had remained neutral in the war and had not engaged outside of selling suppliers

so this all changed with the introduction of this innocuous looking telegram

so the zimmermann telegram was sent by arthur zimmerman who was a german foreign affairs official in world war one and the information it contained would arguably change the course of the war the telegram was sent across a two-part journey firstly from berlin to the german consulate in washington dc and secondly from washington dc to its ultimate destination in the german consulate in mexico uh unbeknownst to the us or anyone else at the time the british had actually tapped the u.s diplomatic lines that ran between europe and the north americas and had intercepted the zimmermann telegram on the first part of its journey however due to the telegram being encoded with codebook075 which had only been partly cracked at

the time they were only able to decode a small part of that message that small part though was enough for them to realize that what they had could potentially change the outcome of the war so the british were now in a conundrum they had partly decrypted a military intelligence that were gathered by a means that they needed to keep secret so they came up with a plan they bribed a telegram official in mexico for to obtain a copy of the encrypted zimmerman telegram and now by either luck or design when germany had transmitted the telegram they had effectively committed a downgrade attack on themselves this was due to the german consulate in mexico mexico not being able to decrypt

code0075 this led to the telegram being rewritten in the less secure code 13040 whilst it was in the us before being sent on to mexico so this meant that the new zimmerman telegram that the british had obtained was able to be fully decoded once decoded the british handed the telegram over to the u.s alongside with the cover story of having a spy in the german consulate in mexico who had obtained it this cover story was ultimately effective and the british continued to spy on the us diplomatic lines for another 25 years

so this is what the zimmerman telegram looks like decrypted or decoded germany were offering mexico the states of texas new mexico and arizona as part of an alliance in the event that the u.s joined the war as well as announcing that they were going to begin unrestricted submarine warfare including against u.s merchandise vessels now initially the u.s thought that this intelligence was fake until arthur zimmerman himself came out and admitted it

so what were the consequences of this telegram

the u.s received the decoded zimmermann telegram in february 1917 and on april 2nd less than two months later they declared war in germany and officially entered into world war one by november 11 the following year world war one was over now i'm not claiming that the zimmermann telegram was the only reason for world war one's outcome or for the us entering the war but according to official war historians it played a pivotal role in both so to summarize the british performed a man-in-the-middle attack against the germans whilst the germans performed a downgrade attack on themselves the result of which arguably changed the outcome of world war one next up we have world war ii and the

enigma machine

so the enigma machine was originally invented in world war one by another german arthur arthur sherbius and it was used extensively by nazi germany in world war ii it was an electromechanical rotor substitution cipher where each rotor inside was effectively an alphabet the basic machine operation was you would press a key or a letter on a keyboard the rotors would move and complete an electrical circuit and it would appear a light would appear above another letter those illuminated letters were the ciphertext now what made the enigma machine so successful were the keys utilized so the keys were the different possible configurations of the enigma machine itself these included the order of the rotor the rotor starting position the plug

board settings and more and in total provided an estimated three times 10 to the power of 114 possible machine configurations this made the option of manually brute forcing the machine or guessing the machine settings impossible this is just a photo of what the rotors inside the enigma machine look like and how they're effectively each in alphabet

so how was the enigma machine cracked well despite what movies like the imitation game would make have you believe it wasn't originally cracked by alan turing it was actually cracked by the polish cipher bureau in 1938 before world war ii had even begun the polish cipher bureau also invented the bomba cryptologista or cryptologic bomb uh that enabled them to trial enigma machine settings far quicker than was possible manually the bomba design was created with some help from french german spies at the time who had gotten their hands on an enigma machine manual just before the beginning of world war ii uh nazi germany made improvements to the enigma machine and the way it was used by adding additional rotors and

changing the keys more regularly this meant that the bomba machine was no longer effective at cracking them uh just before this happened however the polish intercepted and decrypted messages from nazi germany germany indicating the impending invasion of poland so in 1939 the polish cipher bureau fled the country and shared their knowledge of enigma machines and bombers with british and french intelligence which brings us to alan turing and the other code breakers at bletchley park

so utilizing the information provided by the polish cipher bureau the allied code breakers at bletchley park led by alan turing invented the bomb which was an upgraded version of the polish bomber the bomb would successfully crack the new enigma machine and calculate their settings before the keys were changed this marked the beginning of a cryptographic cast and mouse game before between nazi germany who kept improving the enigma machine and increasing the key changes and alan turing led code breakers who kept improving the bomb machines in response at one point the naval enigma machines were enhanced with the introduction of a fourth active roto and for a time this proved uncrackable for the allied code breakers

however due to some key intelligence that was captured from a sinking german u-boat including one of the newly enhanced enigma machines the allied code breakers were able to enhance the bomb machine to such a level that it could both crack the most complex enigma machines and the even more complicated and recently introduced lorenz ciphers this is a photo of one of alan turing's bombs and by the end of world war ii there were several hundred of them so what were the consequences

well official war historians estimate that the allied force code breaking efforts cut two to three years after world war ii and saved an estimated 14 to 21 million lives also alan turing and other bletchley park alumni use what they had learnt inventing and improving the bomb to invent what was arguably the first programmable computer which has obviously had a massive impact on defining modern day society as we know it which brings us now to present day so the good news is that the current gold standard encryption algorithms that we use are pretty awesome they've all been around for a decent amount of time now and have had no or little susceptibility to various cryptographic attacks

to give you an example of the idea of their relative strength against brute forcing attacks of the algorithms on the screen rsa or rivest shamir adelman is the weakest per bit of key length however it would still take a current conventional computer about 300 trillion years to be able to brute force a 2048-bit key rsa algorithm seems pretty secure [Music] but what about these guys what about quantum computers are they a legitimate threat to our modern day cryptography

to answer that question we first need to understand how powerful they currently are and could be in the future this depends primarily on the number of quantum bits or qubits that they have and the stability and error rate of those qubits so to briefly explain what cubics are and what makes them special let's compare them to conventional computer bits so conventional computer bits are binary they can either be a zero or a one at any given time whereas qubits through the quantum mechanic of superposition have the ability to be both a one and a zero simultaneously what that means is that qubits have exponentially more processing power than bits and for every additional qubit you're

effectively doubling the computational power so for one qubit you have twice for two you have four times the amount three you have eight four sixteen and so on uh so by the time you get to just 50 qubits which uh 50 cubic quantum computer already exists today it is already more powerful than the most powerful supercomputer in existence so how long do we have before a really powerful and stable quantum computer exists well there isn't a consensus at the moment but the common estimates are between 5 and 20 years from now to give you an example google is currently aiming to have a 1 000 stable qubit computer built by 2029 as far as who will have them first

that's a race between the tech giants of the world like microsoft ibm and google and the world's most powerful governments 15 of which at the time are at the present time have an active quantum computer program

so what does that mean for today's encryption well the good news is that aes256 is already quantum resistant and quantum computing would only be able to reduce the effective key size down to 128 which is still considered secure the bad news is all of the commonly used asymmetric encryption algorithms such as the ones on the screens will all be brute forceable to give you an example the 2040 bit key sr sorry rsa encryption algorithm that took the conventional computer 300 trillion years will now take about 10 seconds for a 4 000 cubit uh quantum computer to brute force

so what are the consequences if all of our current asymmetric encryption is no longer secure

well in their current states tls would no longer be viable so there goes the most common secure communication method over the internet uh there'd also be no secure way to exchange symmetric keys online which would nullify much of the effectiveness of quantum resistance symmetric encryption like aes also digital signatures and certificates would no longer be reliable or trusted so there goes all of the public key infrastructure from a cyber warfare warfare perspective if an adversary was able to build a stable quantum computer they would effectively be able to decrypt any data in transit or that they had captured and impersonate a trusted source both of these would be a tremendous advantage in the context of war

so what can be done about it

well the good news is there's the hunt for post quantum cryptography is already well underway and several families of quantum resistant cryptography already exists in fact since 2016 the u.s national institute of standards and technology or nist has been working towards assessing and standardizing post-quantum asymmetric cryptography algorithms they're currently down to the final seven submissions and are estimated to have selected the new standards and published them by 2024 up there's just a link if you'd like to learn more about that

so to finish my presentation i wanted to leave you with some food for thought about some of the other possible cyber security implications of quantum computing things like what the password length requirements might need to be the compatibility and hardware issues that post quantum cryptography might introduce or what quantum malware might look like in the future

thank you all for listening to my presentation were there any questions awesome thank you very much

[Applause]