I was struck recently by how often pairs crop up in things to do with security, and for how long this has been true. I’ll go into two similar old techniques to do with documents – indenture and chirograph, and an old pair-based object (the split tally) and then two things enabled by the current technology of public key cryptography. I’d like to thank the palaeography student who introduced me to chirographs.
Documents – indentures and chirographs
A chirograph is a Medieval document that records something important such as loan repayments, land transfers etc. The issue being documented is important to two or more parties, such as a loan having a lender and a borrower. The two parties each get a copy of the relevant information, but the important thing is that the two copies start off on the same piece of parchment that is then split, and it’s the details of the split that matter.
The word chirographum (or similar) is written in the gap between the two copies of the text, and then the parchment is cut in a line that goes through chirographum, so that each part will have some of the split word along with all of one copy of the text. It’s as if the document has been turned into a custom two-piece jigsaw.
Each party gets one bit of the split document. Sometimes a third party is involved, such as a court that oversees the transaction being recorded. In this case there are three copies of the text – two copies side-by-side and a third copy underneath both of them. Then two cuts are made in the shape of an upside-down capital T – these both go through places where the word chirographum is written. The part at the bottom – called the foot of the fine – is kept by the court, and the two parties each get one of the two upper parts.
The Latin word chirographum comes from the Greek word meaning handwritten.
An indenture is a similar custom two-piece jigsaw, but the pieces are defined in different ways to a chirograph. Instead of cutting into the word chirographum, the line of the cut is wavy. (Sometimes a chirograph is cut along a wavy line, but isn’t always.) The name indenture is because the wavy edge looks a bit like bite marks from some teeth. An indenture could be used to record that someone is a slave, servant or apprentice, or an agreement for buildings or land, or that captains in an army would provide so many soldiers to a king etc.
The point with the wavy cut and/or separated parts of the word chirographum is that the two (or more) parts of the original can be brought together to reassemble the original whole. The chances of someone being able to forge a particular wavy cut and/or bits of the word chirographum in the case of a chirograph) are small enough that a matching pair (or triple) shows that they are both genuine.
There are two versions of a tally stick – the single tally and the split tally. A single tally is a long bit of wood, bone etc, that has notches or tally marks cut into it to record something. I won’t go into these any further as I want to concentrate on the split tally.
A split tally is a long thin bit of wood that has been cut nearly along its length, to make something a bit like a wooden tuning fork. Like with a single tally, notches or tally marks are cut into it so that each mark goes across both prongs of the tuning fork. Then the prongs are separated and each one is given to a different person, e.g. the lender and borrower involved in a loan.
The tally marks record an important piece of information, such as the size of a loan, or the number of barrels of wine to be supplied etc. Like with the indenture and the chirograph, the two parts of the split tally can each vouch for the other. When they are brought back together, the tally marks and the grain of the wood will line up. If one person tried to add extra tally marks to their part then there would be no match when the two were brought together.
Unlike the indenture and chirograph, the parts of the split tally vouch for each other by having identical tally marks. The parts of the indenture and chirograph vouch for each other by being different in just the right way so that the two parts make a whole. That is, where one part of the original document has a sticking out part that acts as a plug, the other part of the document has a hollow that acts as a matching socket.
Tally sticks, indentures and chirographs in real life, or: How can I attack this?
These objects haven’t been part of my life, but a few hundred years ago they were part of our predecessors’ life and not museum pieces or curiosities. So, they were used and people had some kind of relationship to them. I can’t think of reasons to assume that people in the past were much more or less honest than they are now, so the people with relationships to indentures etc. included dishonest people.
Imagine it’s a few hundred years ago and you’re in a pub. Someone says that they have a business proposition for you. They’re owed the equivalent of £100 by someone, but they unexpectedly have to go overseas before the debt is due. They can sell the debt to you for £80, so you will make £20 profit when the debt is repaid. As proof of this they show you their half of a tally stick with some tally marks in it, and these marks say that £100 is owed.
You’ve probably seen tally sticks before and so recognise the thing being showed to you. However, how do you know that it’s genuine? How do you know that there’s a matching pair somewhere, and it has matching marks? Maybe the person is owed only £5 but they have added extra tally marks to make it look like the debt is £100, so you’d lose £75. Maybe there is no matching pair and no debt at all, so you’d lose all £80.
There could be similar examples for indentures. Perhaps your father was granted some land from the local monastery in return for a service he did for the monks. This transfer was recorded in an indenture. Then your father and the abbot die. You inherit the land and the corresponding land registry document (your half of the indenture), and the abbot is succeeded by someone else.
The new abbot wants to make sure everything is in order at the start of his new appointment, so he calls you and all the other people with indentures in. You show your half of the indenture to the abbot, and when he offers up his part the two don’t match.
There are several possible reasons for this, including:
- Your father stole the land from someone and poorly forged an indenture to cover this up;
- Someone broke into where the monastery keeps its indentures and swapped the one relating to your land with a forgery, during the current or previous abbot’s time (so your father and both abbots are genuine, but someone else is a fraudster);
- The previous abbot was dishonest and replaced his indenture with a forgery, which the current abbot accepted as genuine;
- The previous abbot was honest and the current abbot swapped in a forgery;
- The person you’re talking to isn’t the current abbot but someone impersonating him with a forgery.
Indentures etc. are physical objects but they are tokens of social relationships, in particular of relationships involving trust. An indenture has value in the context of a particular relationship, often a relationship with someone of higher status than you, e.g. the abbot. The other person’s status contributes to your trust in them and hence your trust in their token. You trust the abbot is honest, and will put enough resources into keeping their indentures secure, and so you are prepared to accept your part of an indenture as he will look after the part that vouches for yours.
This how can I break some security? is something I’ve thought about in the context of a modern internet-connected oven. The way in which your trust in one thing, e.g. the abbot, means that you trust another thing because they vouch for it, e.g. their part of an indenture, is something I touch on in articles on the chain of trust and single sign on.
Public key cryptography
Public key cryptography is the modern pair-based thing I want to go into. It’s the foundation of the s in https when you browse the web. It’s an example of asymmetric cryptography, as opposed to symmetric cryptography.
By contrast, a very simple example of symmetric cryptography is encrypting some text by substituting it with the letter N places after it in the alphabet. For instance, if N is 3, then C becomes F, L becomes O and Y becomes B (because you wrap around to the start of the alphabet when you run out of letters). To communicate with someone, you need to agree on which value of N to use. Then the person sending the message will encrypt it by substituting each letter with the letter N places later in the alphabet. The person receiving the message decrypts it by substituting each letter with the letter N places earlier in the alphabet. N is called the key, and as it’s being used to do both encrypting and decrypting, this is symmetric cryptography.
With asymmetric cryptography you use different keys for encrypting and decrypting. For public key cryptography you feed a large random number into a suitable key generation program, and it returns two keys: a private one and a public one. The private one you keep secret like you would with a password. The public one can go onto your business cards, your website etc. The public and private keys always form a pair because they come from the same random number via the same run of the generation process.
The freedom with which you can distribute the public key is important. With symmetric cryptography, such as the Enigma machine or a one-time pad the sender and the recipient need the same key, and this key needs to be kept secret as it does all jobs. That means a code book containing the key must be distributed securely ahead of time, and an enemy getting hold of this code book can both decrypt your messages and encrypt messages that would appear to come from you. The secure distribution of the keys can be a big problem – an example of a defence against losing control of keys is Enigma codebooks for the German Navy, which were printed in water-soluble ink so that they could easily be destroyed should a vessel be captured.
The security of public key cryptography relies on how hard it is to work out which prime numbers multiply together to give a particular large number. This is currently thought to be too hard to do in a realistic amount of time, although quantum computing might one day make this easy enough that public key cryptography would be insecure.
Uses of public key cryptography 1: encrypting messages
The more obvious use of public key cryptography is encrypting messages. This means that only the sender and intended recipient can know what’s in the message. Anyone with the public key can encrypt a message, but someone else who also has the public key can’t decrypt it. Only the person with the private key can decrypt it. This could be used e.g. by a journalist so that anyone can send them messages securely.
Similarly, someone with the private key can encrypt a message which can then be decrypted using the public key. However, given how widely available the public key is likely to be, this probably won’t restrict the message to a particular sender (like a message sent in the other direction). What it does do is say that the person who sent the message was the person with the private key. If a message had been encrypted with the private key from pair A, then decrypting it with the public key from pair B will produce gobbledygook – you have to use the public and private keys from the same pair.
Uses of public key cryptography 2: digital signatures
This is similar to the second case in the previous section – instead of keeping a message secret, it’s used to prove that a message has been sent by a particular person and hasn’t been tampered with since.
The sender writes but doesn’t send their message. They then use their private key and the text of the message to calculate a digital signature, which is sometimes known as a cryptographic hash. The signature looks like a blob of gobbledygook that’s usually shorter than the message. Its value is a summary of the message, which will change if any part of the message changes, or if a different private key is used to produce the signature.
The message plus signature are sent as a pair, and the recipient can use the public key to verify that the message and signature match. If someone intercepted the message in transit and altered it (e.g. added the word not at a key point), then the message and signature would no longer match. Similarly, if they wrote a message from scratch and tacked on the signature from an old message, the message and signature wouldn’t match.
It’s a bit like the wax seal added to manuscripts in the past – it depends on something that is closely guarded by the sender (the private key / the stamp). However, unlike a wax seal, the pattern also depends on the contents of the message in a way that is hard to forge. Neither the wax seal nor the digital signature will stop an eavesdropper from reading the message, but they help to inspire trust in the recipient that the message is genuine.
There’s no great point to this; I just noticed that pairs seemed to crop up again and again when people try to keep things secure, which are usually important things that matter to people.
Something I have learned a little as I have started to learn a bit of history is the combination of things changing and also staying the same over time. People seem to have constant basic needs and motivations, but the tools they use and the ways they express themselves change. Just as we might look back at the tally stick, the indenture and chirograph as primitive, quaint and feeble solutions to the problem of security, I expect one day people will look back at browsing the web using security based on public key cryptography as a charming relic of a simpler time.