The journey from Enigma to Cyberus Key
85 years ago, Polish mathematicians: Marian Rejewski, Henryk Zygalski and Jerzy Różycki broke the famous and considered to be unbreakable German Enigma cypher. It was Marian Rejewski who had deciphered the first message coded by Enigma on December 31st, 1932.
But what Enigma and this episode has to do with Cyberus Key and cybersecurity of today? We invite you to read this fascinating story by Jack Wolosewicz, Cyberus Labs’ CTO.
Punting on the Cam gives you time to think. It was a beautifully sunny day in Cambridge and I jumped at the chance to re-enact this Edwardian pastime of standing on the back of a flat wooden boat on the river Cam and pushing it along with a long pole. Cam is in Cambridge, England. It was definitely a must do, as it was featured at the beginning of one of the James Bond movies and I just happened to be in Cambridge, studying advanced cryptography at the Isaac Newton Institute for Mathematics. I was thinking how odd it was for me, a Pole born in Warsaw who grew up on stories of WWII espionage and on James Bond movies, to be here working on cryptography and walking in the footsteps of code breakers who had a pivotal role in winning WWII. I had just finished a tour of Bletchely Park in Cambridge, where the German Enigma cypher was decoded in January 1940. It was a herculean effort, which would have never happened without Alan Touring’s Touring engine – the first electronic computer, without luck, but mainly without the participation of Polish mathematicians, without the courage and sacrifice of AK (Polish Resistance Army) soldiers.
In fact the Enigma was broken initially by Polish mathematicians: Marian Rejewski, Henryk Zygalski and Jerzy Różycki from The Polish General Staff’s Cipher Bureau. It was when Marian Rejewski had deciphered the first message coded by “unbreakable” German Enigma on December 31st, 1932. It is estimated that thanks to this achievement WWII was shorter of 2 – 3 years and around 30 million of human lives were saved.
Hardly a mention of their efforts is to be seen in the Bletchely Park museum.
I had been invited to Cambridge by colleagues from Bell Labs who were collaborating with me on my efforts to develop a technology called audio watermarking. Audio watermarking is a system for tracking music distributed on the Internet and in any kind of broadcast. Audio watermarking is a cryptographic technique also known as steganography, which is the art of concealing secret information inside other information, in this case in music. I had founded a company around this idea, it was my first startup. MP3 music and Napster were all the rage in 1998 and this technology would allow artists and the recording industry to track and control the distribution of music. We had some competition from Microsoft, BBN, NEC and some other serious technology companies, but eventually our system won and Verance Corporation became part of the Recording Industry Association of America Digital Rights Management System.
Some years later, the Academy Awards committee asked Verance to watermark a number of copies of Oscar nominated movies, which were being given to some of the Academy judges to evaluate. The Academy suspected that some of the judges were pirating the films and putting them out on the Internet. The pirates were quickly identified and some legal consequences followed.
While at Cambridge, it occurred to me that the Enigma was actually based on an inherently breakable cypher. The German Navy chose conventional symmetric cryptography with long persistence encryption keys. They built a very clever machine, which was a mechanical computer, the Enigma, to implement the encryption algorithm. But the underlying choice of cypher was flawed. One of the many issues was that if you sent the same message many times, the encrypted message will look the same every time. This is a pattern that can be used to crack the code. The Germans kept sending “Heil Hitler!” at the end of every message and that created a pattern.
Cryptographers have known for a while that there is an unbreakable cypher, one that will never exhibit a pattern and never use the same encryption key twice. It’s called One Time Pad Encryption. Claude Shannon, the father of modern communications theory finally proved mathematically, in 1947, that in fact, this was an unbreakable code. Neither Alan Touring nor all the NSA computers can break One Time Pad Encryption. There is a catch; One Time Pad Encryption needs a very large encryption key, which needs to change with every message.
Fast forward to 2012, cyber security was becoming an urgent issue, personal and financial information were being stolen left and right. User credentials were being protected by an absurdly flawed system, user name and password. It occurred to me that there must be a way to make an unbreakable security mechanism that authenticates users safely and easily without exposing them to the possibility of identity theft. Thinking back to Cambridge and the Enigma, the answer was there since 1947; One Time Pad Encryption would give users unbreakable security. The use of One Time Transaction Codes is a variant of One Time Pad Encryption and it is completely secure. But how do you make it easy to use and universally usable? Here is where the audio watermarking technology comes in. Audio watermarking techniques provide a universal communications technology to link with most Web enabled devices. Speakers and microphones are a part of most connected devices. An audio watermark is designed to convey messages sonically even in very noisy environments. So a cell phone app that is able to send and receive One Time Transaction Codes is the answer. That is Cyberus Key. No more passwords, no more identity theft, secure user authentication. This is the necessary foundation of the secure web, cloud services and IoT.
And it all goes back to the Enigma and punting on the Cam in Cambridge.