Encryption Options

[FlakJacket]

Now I don't have the book right in front of me at the minute, but it's my understanding that Shadowrun treats trying to break encryption as an all or nothing test. You either do, or don't crack it.

As I undertsand it, no encryption code/process is uncrackable. It might take you more time than it'll take before the sun goes out, but if you keep bashing away you can evetually crack it. Has anyone ever come up with any rules to reflect this or other factors? Things like the power of the computer, how long you've being going at at, the skill of the person etc.

[Corywn]

It's called Decryption. The other factors should be considered appropriate for the Decryption program.

[Herald of Verjig...]

The only progress you make in RL decrypting is the removal of possible solutions. More raw computing power simply means evaluating more failures each second. Unless there is a rule preventing followup attempts to crack an encryption (book is not within reach), then just keep rolling, that gives the proper representation of such brute force methods.

[Zazen]

There is such a thing as an unbreakable code called a one-time-pad, which is occasionally discussed here. As for the current nigh-unbreakable universe-will-collapse-first codes, there is always the potential for a codebreaker to get really really really really really really lucky. Hey, anything can happen.

I rather like the encryption system used in SR, though, however unrealistic it may be. You get the potential for things like "Ultimate Codebreaker" programs which are totally ridiculous in the real world. It's more fun.

ed- And, more on topic, you get the need to go on a run or use a contact or whatever to get through encryption that the team decker just can't seem to crack.

[Kagetenshi]

There's also quantum cryptography, which is also unbreakable.

~J

Edit: well, it's theoretically breakable the same way a one-time pad is: if someone manages to guess massively obscenely well. It's not actually going to be broken without key interception.

[mfb]

what kagetenshi said--even a one-time pad is breakable. the problem is, it's not currently possible to break it within the time constraints posed by the heat death of the universe.

as for quantum encryption--it's actually obscenely breakable, assuming you've got a quantum computer to compute with. quantum computing actually makes SR computers almost make sense. almost.

[Kagetenshi]

Er... quantum cryptography is not breakable by quantum computers. It's basically the only form of encryption that isn't [aside from things like a one-time pad]. It's not breakable by ANYTHING save that one obscenely lucky guess, as if you guess wrong you've destroyed the encrypted material.

~J

This post has been edited by Kagetenshi: Nov 19 2003, 05:40 AM

[Zazen]

A one-time-pad is not breakable even with a lucky guess, though, except by those ignorant of how it works.

The trick is that there is no way of knowing if your guess is the right one. If I encrypt the word "longfellow", for example, an attempt at decrypting it brute-force will yield every single possible combination of ten letters, including every ten-letter word in the dictionary. There is no way of knowing which result is correct.

[Kagetenshi]

True enough. I think I'm remembering my one-time pad knowledge; it's been a long time.

~J

[Diesel]

So it would take

a. A lucky guess
and
b. A lucky interpretation.

Both of which are so statistically remote that the universe will be nice and cozy before anyone even comes close.

Now please explain quantum cryptography.

[Kagetenshi]

In quantum cryptography, particles are sent from one location to another. These particles have a property known as spin. There's a known test for spin that will seperate those with a left spin from those with a right spin and those with a top spin from those with a bottom spin; if you filter out a series of particles into up-spins and down-spins, they'll continue to show the same spin throughout all up/down tests.
What is interesting, though, is that if you take the particles that are known to have top spins and then filter them through a left/right spin detector, and then afterwards send them through a top/bottom spin detector, they will come out as either top or bottom. In other words, the process of sending them through the other detector has "rerandomized" them.
Thus, to intercept a message, a person would have to know the exact position of a gate for each and every particle. The intended receiver would have a previously-arranged sequence indicating which particles to test top/bottom and which left/right, but someone intercepting the data would destroy it unless they got everything right the first time.
This, incidentally, is an unsubtle method of eavesdropping: unlike most electronic data, if you intercept a quantum cryptographic message, the interception will be noticed because the intended receiver will not receive it.

Incidentally, there's another property to make things even messier for a would-be eavesdropper: the property of entanglement. Basically, it means that to maintain the conservation of angular momentum, a given particle-pair MUST always have equal and opposite spins. This means that if you change the spin of one, the other will instantly change to match it (but reversed), faster than the time it takes light to travel between the two particles. This means that messages can be relayed without passing through the intervening space in any way, shape, or form, and thus can only be intercepted at the endpoints.

~J

[Zazen]

[Kagetenshi]

Double-checking, you're correct. My quantum physics is spotty, even after having taken a course in the stuff, because it's so easy to misinterpret and when you ask the person next to you for clarification they may be dead wrong but thing they're right.
But yes, I'd wondered about that.
I know you can use it for a message somehow, though; it may be that entangled pairs was the way of passing the key securely.

~J

Edit: by the by, it does have a true spin before observation: all possible spins it could have.

[nezumi]

FYI, there is a very long thread about this in the old forums.

Barring quantum encryption, which I had never heard of before and I'm betting is still only in R&D stages, any encryption code can be broken. The problem is that, with current technology, a good encryption algorithm will take a very, very long time to break (however, if you regularly upgraded your computer, you could probably finish it on a timeline of years instead of centuries). Also, in the case of a one time pad especially, you may get several different "unencrypted" messages from the one real message (probably every combination of letters of that length), so you need to figure out which one is right. The biggest problem with encryption, especially one time pads, is that you need to get a totally random key (which really can't be done with people or most computers) and you need to transfer the key to the recipient somehow. So keep in mind that, for realism, your goal is going to be to catch the key when they're sending that.

In regards to rules for encryption/decryption, the only one I remember really liking is effectively halving the rating of the decryption device (for realism's sake). Even the U.S. government can't decrypt certain messages in a reasonable amount of time. I don't remember if the rules have an amount of time it takes to break the code, but you may want to consider doubling that as well. Either way, go check the old forums for that thread.

[Shockwave_IIc]

What about the code where you use page, line and word numbers to encrypt your message? As i understand this form, without knowing the books used (the key) this is pretty unbreakable as every repeat of a word would have a diferent series of numbers. I think it was used in Red dragon, the only reason why it was broken then is because hannable had a very limited selection of books.

[nezumi]

Here are the problems with using your idea for the key (and I'm assuming this is a sufficient large book so we can randomly sample from words at least 10 pages apart).

1) You still need to somehow tell the guy which book you're talking about.
2) You somehow need to randomly choose words. If a human is doing it, there will be patterns in word length etc. and its unlikely he will choose the same word twice, etc. This reduces the randomness of the key. If the words are really random, than we're going to get an inordinate number of 'a', 'the', and 'of's, which will make the code much easier to break.
3) If we're using an English book, we have a relatively small set of keys, which also means that when we have our set of possible results, we can eliminate any results which have keys that are not words, which SERIOUSLY helps you figure out which is the real message.

On the good side, once you've sent the book name to the other person, you can send the key without it having a real effect on how easy it is to break the code. However, the way it's often done is to make a 'book' of a random code. Imagine something the size of a phone book with column and line numbers, and the contents are exclusively random alphanumeric strings. Then, when I send my message, I tell you 'column X line Y' and you just look it up in the book. Since the book is random, this eliminates problems 2 and 3, I just need to make sure I never use the same lines twice. This was used by the Russians for a while and the Americans felt it nigh unbreakable until the second or third message when we realized they always encoded their messages starting with the first line of the book. Otherwise the other guys need to get your 'book' (which could be built into your communication devices') to figure out the message.

The down side, with what you suggested or what I suggested, is that if, after the fact, the bad guys get the book in question, they can unencrypt all of your previous messages. This may or may not be a problem, depending on the situation.

[Buzzed]

A one-time pad can be copied, so the number of guesses possible would be limited to the number of copies of the information.

[nezumi]

A one time pad can NOT be copied, because it ceases to be a one time pad. The problem with copying a one time pad is that I can take your two messages which I know are encrypted with the same pad and run analysis on those two. It is possible to break encryption this way, although it requires either a lot of small messages or a few longer ones. This is exactly why the Americans broke the Russian code, they used the same pad more than once.

[Kagetenshi]

Quantum cryptography does exist in that it has been demonstrated possible. It does not exist in that it's not currently useable in any practical way, shape, or form, and probably won't be for some time.

~J

[Rev]

If you want to make shadowrun encryption mildly more realistic, but still crackable, you can have encryption cost go up with rating squared, and decryption cost go up with rating cubed. Then have the base time to decrypt be Rating squared hours or something and maybe require more sucesses to break encryption higher than the decryption.

So if the bases were 1000Y:

Rating 4 encryption = 16kY
Rating 4 decryption = 64kY

Rating 8 encrypt = 64kY
Rating 8 decrypt = 512kY

Rating 14 encrypt = 196kY
Rating 14 decrypt = 2744kY




In the real world it is far far worse than that.

Some time ago (5 years?) somebody published a method to crack netscapes credit card number encryption. Netscape had screwed up the sending of the encrypted number so that half of the key was sent along in the clear with the encrypted credit card number. This made the unknown part of the key about half as long as it should have been. Somebody noticed that and found they could crack a netscape encrypted credit card in about a day of computation on a desktop computer. Still that means they spent an entire day of computation to undo a severely compomised encryption scheme that encrypted the original data in a fraction of a second.

[nezumi]

I'm not sure its fair to increase the cost so drastically. Encryption is usually a fairly well known, moderately easy to implement algorithm. I've implemented triple DES encryption in several hours using only publically available resources. I could implement it with a big enough bread box using only and and or gates. Unless this is a secret algorithm, or its hugely complex, the price shouldn't actually be that high except for the processor, which can use an off the shelf model in most cases. In many cases the algorithm can be made strong simply by re-encrypting the encrypted message (hence the difference between triple DES and normal DES). The tough part is usually coming up with the random key in the first place.

Decryption I'm more inclined to agree with your price jump. The big problem decryption faces is doing relatively complex mathematical exptrapolation a whole bunch of times. To do a problem in a number of hours, having a seriously overpowered computer becomes much more significant. I really like your time modifications though. It makes decrypting quite feasible in game without making it so fast that it's really unrealistic. If anyone ever actually bothers using encryption in one of my games, I'm going to use your numbers : )

[Bearclaw]

One time pads are really not very usable, because of the huge logistical problems with using them properly. You must have a pad for every single message you send, and everyone you send it to must have a copy. So, an embassy communicating critical data to their home office can use a one time pad, but that same embassy communicating with their field agents can't. And, it must be done manually. Try getting that done in 2063. "Here, please spend the next 6 hours encrypting this three page message". Not gonna happen. Another problem with a one time pad is if the enemy gets their hands on a few of them, they will be able to find patterns. Nothing is truly random. So, if your guys in the field have enough pads for 5 messages and get caught, you have to scrap your entire multi-billion dollar encryption system, and come up with a new way to generate your pads.
So, they'll continue to use various versions of PGP, and it'll continue to be cracked by guys with big enough computers. I here it takes about 30 minutes now.

[Rev]

Shrug, if you want to make it realistic encryption is free and decryption costs 100 billion dollars and still usually doesnt work. (unless the nsa is better than the non-secret experts guess)

Maybe have a person make a skill roll to determine if they picked up a good encryption system, and are using it correctly.

But any place inbetween where it is in the rules and in real life is equally valid.

[Kagetenshi]

PGP still takes a very long time to crack if it's a sufficiently long key. Longer-than-useful long time, not "come back in eight hours" long time.

~J

[nezumi]

I would semi argue with Bearclaw. You're right about some points; you do need to distribute the keys in the first place, and if a field agent is ever caught with the code book, you need to remake all the codes and redistribute (although you could only give each field agent a 'chapter' of the whole book).

You're also correct that no computer currently can make something 'truly random', however that is a *HUGE* issue in computers right now and I have no question that we'll have something sufficiently random to make mathematically cracking a 500 page long random code nigh impossible. Most methods right now involve observing outside forces; quanti or heated metal. In my game, I wouldn't bring that up unless your decryption guy has a LOT of the key already figured out (not encrypted messages, he actually needs the key) and he has a wicked fast computer. Even then, that's iffy... However, it's all speculation right now.

Something else you didn't mention which I had already said is that if the key is ever retrieved, all previous messages can be unencrypted. For corporations and embassies, this could be a serious downfall, as they like to keep their stuff secret for years and years.

However... it wouldn't take 6 hours to unencrypt. It's a simple XOR gate usually. With your computer right now it'd probably take maybe .0001 milliseconds per byte, more or less, making a 5,000 word document unencrypted in... .005 seconds (feel free to double check my math).

But you will almost never see one time pads used commercially because you do need to send them to the person beforehand. This would probably be done in person or through a third party online. For runners it's not a problem, meet before the run and upload the code. With the few messages you're going to use before discarding the pad, it's effectivelly unbreakable (although its still possible that using encryption is illegal while visiting your particular corp, so don't think you're invincible).

Most people are probably going to use some form of public key cryptography which is breakable, but still pretty time consuming.