## Monday, August 11, 2014

### Questions that arose teaching High School students crypto

I taught a 3-week, 3-hours-a-day course to High School student titled

Computer Science: A Hands Off Approach.

Given that time constraints and the fact that some already know (say) Java and some don't know any language, this seemed like a good choice.

I decided to teach mostly pre-RSA crypto with the following theme: Alice and Bob want to pass secret messages. How do they do it? I cover Shift, affine, general sub, Vigenere, Matrix, 1-time pad, Diffie-Helman (a highpoint of the course since Alice and Bob don't have to meet in a dark alley). In also did secret sharing with polynomials, error correcting codes (elementary), Huffman codes, and some applications of mod arithmetic.

While teaching this course some points of interest came up. I suspect most are know and I appreciate polite comments telling me so.

1. A student suggested this cipher:   code a,b,c,...,z into a 100-letter alapahbet and map each letter to a set of symbols that is the size of the freq. For example, if e occurs 9% of the time then map e to 9 letters. Then use those letters at random. This would seem to foil freq analysis? Does it?  Has it been used? What are the downsides.
2. Many students suggested using Vigenere but instead of having every xth letter be done by a different shift, have it be affine or general. Of course this can be cracked the same way Vig is cracked. But it does raise an interesting point: Which ciphers are used and not used can be the based on when things were discovered. Martians may very well have used some kind of Vig where every xth letter is a different gen sub cipher.
3. Wikipedia and other sources say that the Vig cipher was unbroken for 300 years. A student pointed out that it might have been broken but the one who broke it didn't say. Jon Katz (crypto prof at UMCP) can't believe it wasn't broken immediately, but of course hindsight is 20-20.
4. (I have commented on this before) A matrix cipher with a 10x10 matrix seems uncrackable using plaintext only.  I have made this question rigorous here.
5. I made the comment that 1-time pads are not used much (is this even true? Might depend on the definition of must'') because getting a perfect source of randomness is hard. During WW II they also would be hard to use because its hard to carry around a billion bits. But now that would not be a problem. Again--if history had been different we may use 1-time pads, or quasi-random ones today!
6. I told the students about arithmetic mod n. One of the students really really didn't like that (say) in mod 7 we have 1/3 = 5. He REALLY wants 1/3 to be between 0 and 1. I suspect he didn't care much for discrete logs either. This was a GOOD student- so his objection was not that it was hard.
7. For some of the students their first exposure to matrices was matrix codes over mod 26. I hope they can recover from that.
8. Most of the students know what logs were, but weren't that comfortable with them. And here I go and teach them discrete logs! I hope they can recover from that.
9. I showed the students that there were quadratic equations over mod 12 with more than 2 roots and challenged them to see how many roots they could come for other mods. One of my students ran massive computer tests and found stuff and in the end had a result that didn't need all of his computations:  x^2 \equiv 0 mod n^2 has n roots. And I later had on a HW x^a \equiv 0 mod n^a. I am sure none of this is new, but its new to him when he discovered it and of course new to the class when I taught it.
10. I taught the class the Baby-Step/Giant-Step Discrete Log algorithm which has sqrt(p) prepocessing an sqrt(p) running time. Its not used because it also takes sqrt(p) space; however, it was good to show them that Discrete Log can be done in sqrt(p) time, much better than p time--- hence Alice and Bob need to pick their parameters larger than they may have thought when doing Diffie-Helman. That night I easily worked out that it can be modified to do p^{2/3} preprocessing (and space) but just p^{1/3} time. HW was p^a prep, p^{1-a} time. One of the students inquired if this algorithm has a name. I then looked over the web but couldn't find it anywhere so I told them to call it  The Gasarch Variant of Baby-Step, Giant-Step. I also quickly told them to NOT be impressed--- and this helped me make a point I had made often, that CS is a NEW field, so NEW that one can present new or newish results to HS students. I also made the point that I am sure this variant is KNOWN to anyone who would care, but (1) they may not care since it takes even more space if x is larger than 0.5  and more time if x is less than 1/2  and (2) not everything is no the web. That last point freaked them out more than the quadratic equation mod 12 that had more than two roots.
UPSHOT- teaching HS students CS can bring up some issues that you had not thought of. Or at least that I had not thought of.

1. The title "Quetions" has a typo ("Questions").

What are HS students?

2. Fixed- Thanks.
I just noticed that the spell check doesn't look at the title of the article
HS is High School. Silly to abbreviate it, its pretty short.

3. for #1 you need to worry about bigram and trigram frequency analysis too.

4. 1. Seems immune to frequency analysis, but it's not immune to analysing the frequency of bigrams. It does require more plaintext to do the attack, of course.

5. How is 1/3 = 5 mod 7?

1. What is 1/3? To be pedanti 1/3 is The Number that when multiplied by 3 is 1.

in mod 7 we have 3*5 = 15 = 1. Hence 1/3 IS 5.

6. I much prefer the use of 3^{-1} instead of 1/3, since it's much more clear that we are dealing with a multiplicative inverse -- in fact, this is preferable when you are doing arithmetic mod n, since for n not prime multiplicative inverses may not exist! So I would write 3^{-1} = 5 mod 7 (or maybe even [3^{-1}] = [5] to be clear we're talking about equivalence classes).

7. Can you recommend a good book and/or notes for this stuff, aimed at the high school pre-calculus (or before) level?

8. For 6, I guess he still had the ordered set baggage with him. Explaining that order does not make sense mod 7 might have solved the issue.