Digital Transactions Authoritative, insightful and timely information for payments professionals
It has been going on for thousands of years. Smart people build secret codes, and smarter people crack them. New codes are put forth, smarter cryptanalysts show up. This long-lasting battle of wits has decided the fate of two world wars, as well as ancient conflicts. This smart-versus-smart drama is also the cornerstone of cyber payments.
Now, the question is: Is the curtain coming down on this show?
Some 107 years ago, a Bell Labs New Jersey engineer, Gilbert S. Vernam, filed a patent for a cypher he claimed was unbreakable (typical of most code builders). Twenty-five years later, the father of the information age, Claude Shannon, published a proof backing up the bravado of Mr. Vernam, stating plainly that the Vernam cipher was indeed unbreakable. For a moment, it seemed that the longstanding battle of wits between code writers and code breakers had come to its end.
Not so fast. Vernam required a very rich source of high-quality randomness, which was not easy to handle and, further, was not available at the time. So the Vernam patent (#1,310,719) remained listed, but the news on the death of cryptanalysis was premature.
Using the new powers of “AI-assisted Innovation, AIAI” (Google it), the underlying principle of the Vernam cipher was adjusted for modern technology.
All the ciphers we use today are built as hardened shells designed to withstand cryptanalytic hammering for the lifetime of the protected secret. These ciphers have no proof of efficacy because no one knows for sure how big the hammer would be. Vernam, by contrast, had not fortified the shell. He simply threw the shell on the sand, so to speak, next to all the other shells on the beach.
Vernam’s idea was to confuse his attacker, to overload him with candidates to hammer. If you encrypt a chess move, and the cryptogram can be decrypted to all the possible moves on the board, then the codebreaker has to work hard to uncover all the possible messages that could have been hidden in the cryptogram, and after doing so remain confused—which decrypted message is the correct one and which are misleading?
Claude Shannon has proved that Vernam achieved perfect confusion—perfect secrecy.
The new AI-empowered innovation science (InnovationScience.net) pointed out that it is not necessary to confuse the cryptanalyst with all possible chess moves because most of them are foolish. It is sufficient to equivocate the attacker vis-á-vis only the reasonable moves, which are much fewer, and hence less randomness is needed.
This lesser, yet sufficient, level of confusion is the essence of the modern use of the Vernam principle. It is achieved through the use of non-trivial ciphertexts comprising content-bearing bits and content-devoid bits. The intended reader distinguishes between them, but the attacker’s resources are spread thin because all the bits need to be evaluated. The transmitter can unilaterally, in real time and without pre-coordination with the recipient, determine the level of confusion, namely the level of projected security. The resultant ciphertext is larger in size, but it delivers the Vernam promise, 107 years later.
Anyone familiar with how much work, coordination, design, and construction goes into fitting a cipher into a bank’s cyber operation will understand this scientific milestone will not translate to the “street” any time soon. That’s unless, of course, quantum computers crash our financial cyber life, and the NIST (National Institute of Science and Technology) remedy fails.
Remember, NIST builds a hardened shell against an unknown hammer. Whatever the bad guys are preparing for us, the new Trans Vernam Ciphers will stay put.
—Gideon Samid gideon@bitmint.com
