Lesson 3: Simple Encryption
In this lesson, students are introduced to the need for encryption and simple techniques for breaking (or cracking) secret messages. Students try their own hand at cracking a message encoded with the classic Caesar cipher and also a Random Substitution Cipher. Students should become well-acquainted with idea that in an age of powerful computational tools, techniques of encryption will need to be more sophisticated. The most important aspect of this lesson is to understand how and why encryption plays a role in all of our lives every day on the Internet, and that making good encryption is not trivial. Students will get their feet wet with understanding the considerations that must go into making strong encryption in the face of powerful computational tools that can be used to crack it. The need for secrecy when sending bits over the Internet is important for anyone using the Internet.
“Encryption” is a process for transforming a message so that the original is “hidden” from anyone who is not the intended recipient. Encryption is not just for the military and spies anymore. We use encryption everyday on the Internet, primarily to conduct commercial transactions, and without it our economy might grind to a halt.
This lesson gives students a first taste of the kind of thinking that goes into encrypting messages in the face of computational tools. Computational tools dramatically increase the strength and complexity of the algorithms we use to encrypt information, but these same tools also increase our ability to crack an encryption. Developing strong encryption relies on knowledge of problems that are “hard” for computers to solve, and using that knowledge to encrypt messages. As a resource, you may wish to read all of Chapter 5 of Blown to Bits. It provides social context which you may want to bring to your classroom.
Getting Started (15)
Students will be able to:
- Explain why encryption is an important need for everyday life on the Internet.
- Crack a message encrypted with a Caesar cipher using a Caesar Cipher Widget
- Crack a message encrypted with random substitution using Frequency Analysis
- Explain the weaknesses and security flaws of substitution ciphers
- Examine both versions of the widget
For the Students
- Caesar Cipher - a technique for encryption that shifts the alphabet by some number of characters
- Cipher - the generic term for a technique (or algorithm) that performs encryption
- Cracking encryption - When you attempt to decode a secret message without knowing all the specifics of the cipher, you are trying to "crack" the encryption.
- Decryption - a process that reverses encryption, taking a secret message and reproducing the original plain text
- Encryption - a process of encoding messages to keep them secret, so only "authorized" parties can read it.
- Random Substitution Cipher - an encryption technique that maps each letter of the alphabet to a randomly chosen other letters of the alphabet.
Getting Started (15)
If necessary provide context of some facts about the Internet:
- The Internet is not inherently secure.
- Packets traveling across the Internet move through many routers, each of which could be owned by different people or organizations.
- So we should assume all information traveling across the Internet to be public, as if written on a postcard and sent through the mail.
Secrecy is a critical part of our lives, in ways big and small. As our lives increasingly are conducted on the Internet, we want to be sure we can maintain the privacy of our information and control who has access to privileged information.
Digital commerce, business, government operations, and even social networks all rely on our ability to keep information from falling into the wrong hands.
We need a way to send secret messages...
Classic Encryption - The Caesar Cipher
Many of the ideas we use to keep secrets in the digital age are far older than the Internet. The process of encoding a plain text message in some secret way is called Encryption
For example in Roman times Julius Caesar is reported to have encrypted messages to his soldiers and generals by using a simple alphabetic shift - every character was encrypted by substituting it with a character that was some fixed number of letters away in the alphabet.
As a result an alphabetic shift is often referred to as the Caesar Cipher.
- This message was encrypted using a Caesar Cipher (an "alphabetic shift").
- Let's see how long it takes you to decode this message (remember it's just a shifting of the alphabet):
Resist the urge to give students a tool or device to aid in cracking this message -- that's coming in the next part of the lesson! Part of the point here is that it's possible without tools. With tools it becomes trivial, as we'll see next.
If students are struggling to start here are a few strategy suggestions:
- Find a small word and try alphabetic shifts until it's clear that it's an English word
- Remember the letters aren't randomly substituted - the alphabet is just shifted.
- Once you have found the amount of shift the rest comes easily.
Display or write this on the board
serr cvmmn va gur pnsrgrevn
- Give students about 3-5 minutes to work on cracking the message.
- ANSWER: "free pizza in the cafeteria" - the A-Z alphabet is shifted 13 characters.
- With this simple encryption technique it only took a few minutes to decode a small message.
- What if the message were longer BUT you had a computational tool to help you?!
If you'd like your students to read a little bit about Historical Cryptography and cracking ciphers, check out 'Substitution Ciphers and Frequency Analaysis' in Blown to Bits, Chapter 5 - Reading pp. 165-169.
Cracking Substitution Ciphers
In this set of activities students will use two different versions of a simple widget in Code Studio to "crack" a messages encoded with substitution ciphers, including an alphabetic shift and random substitution.
Transition to Code Studio: Encryption Widgets on Code Studio
Part 1 - Crack a Caesar Cipher
Don't rush it, but don't linger on cracking caesar ciphers. Presenting and cracking a caesar cipher should go pretty fast.
The widget is pretty self-explanatory. Let students figure out how to use it on their own.
The goal here is make points about cracking encryption with computational tools, and start to use some common terms.
You should move on to cracking random substitution relatively quickly.
The instructions for this activity are simple - there is no handout:
- Put students in pairs/partners
Goal: Select a message encrypted with a caesar cipher and use the provided widget to "crack" it.
- Experiment with the tool - Click things, poke around, figure out what it's doing.
- Choose one of the messages from the pull down menu and try to crack it using the tool.
- If you want to, enter you own message, encrypt it, and have a friend decrypt it.
Give students about 5 minutes to get into the tool and crack a few messages
- Aided with the tool, cracking an alphabetic shift is trivial.
- Once you've done one, it only takes a matter of seconds to do others.
Optional - Pause and Recap:
There is a page in Code studio which recaps terminology (encryption, decryption, crack, cipher, Caesar ciper) and poses the next problem.
You may optionally pause here to recap and go over terms if you like or just let students proceed (see activity part 2 below).
Part 2 - Crack a Random Substitution Cipher
After re-capping the first activity make sure students understand the following before proceeding:
- Cracking a Caesar cipher is easy...trivial with a computational tool like the one we used.
- The next step is to make the encryption slightly harder...
What if instead of shifting the whole alphabet, we mapped every letter of the alphabet to a random different letter of the alphabet? This is called a random substitution cipher.
The new version of the widget you'll see is a more sophisticated version of the encryption tool that shows you lots of different stuff.
But what it does is bit of a mystery! Let's check it out...
Use a Discovery-based approach
REMINDER: Discovery-based introduction of tools in a nutshell:
- Get students into to the tool without much or any introduction
- Give students working in partners a fixed amount of time (5 minutes or so) to poke around and see if they can figure out what it does and doesn’t do – typically this might be presented as a mystery worth investigating
- Ask the group to report what they found
- Teacher fill in any gaps or explanations of how the tool works afterwards
This widget, like all others, are meant as a learning tool. You cannot break it so you are encouraged to let students play and investigate to figure out how the tools work.
These discovery-based methods of introducing tools have been tested in professional development and have worked well for teachers who use this curriculum. This method is effective for a few reasons, but overall students find this approach more engaging and fun, and they tend to be more receptive to, and motivated to hear, explanations of how the tool works after trying to “solve the mystery” themselves.
- Have students click to the next bubble to see the frequency analysis version of the widget. (It should look like the screen shown below)
Goal: let students explore for 5-10 minutes to see if they can discover what the tool is showing them and allowing them to do.
The tasks laid out for students in code studio are:
- Figure out what is going on in this new version of the tool
- What information is being presented to you?
- Figure out what the the tool let's you do
- As usual: you can't break it. So click on things, poke around.
- If you figure it out you might be able to crack a message encoded with random substitution.
After some exploration time regroup to clarify what the tool is and how it works.
If necessary point out to students that the next level in code studio (the one after the frequency analysis tool) explains a little bit about how frequency analysis works and suggests a few strategies for how to get started.
Give students about 15-20 minutes to crack one of the messages.
- If they finish there are more to try.
- Students can enter their own messages, do a random substitution to encrypt it, then copy/paste the encrypted version and see if a friend can crack it.
- It is possible to get pretty proficient at cracking these messages with the tool.
Video: Encryption and Public Keys
Wrap up goals
The video re-iterates a number of points that came out in this lesson.
In wrapping-up, make sure students:
Understand the relationship between cryptographic keys and passwords.
- A Key is an input to an encryption algorithm. A password is basically the same thing.
Understand why using longer passwords makes them harder to guess.
- Longer passwords increase the number of possible keys making it Computationally hard to guess what the key is.
You should know about this video:
- 0:00 to 4:11 covers Caesar and Vigenere ciphers and explains why they are hard to crack
- After 4:11...it explains the difference between encryption that uses symmetric v. asymmetric keys which is related to material on public key encryption and is intended as a preview/teaser for more modern encryption techniques.
As part of wrap up the major points we want to draw out are:
- Encryption is essential for every day life and activity
- The "strength" of encryption is related to how easy it is to crack a message, assuming adversary knows the technique but not the exact "key"
- A random substitution cipher is very crackable by hand though it might take some time, trial and error.
- However, when aided with computational tools, a random substitution cipher can be cracked by a novice in a matter of minutes.
- Simple substitution ciphers give insight into encryption algorithms, but as we've seen fall way short when a potential adversary is aided with computational tools...our understanding must become more sophisticated.
- If we are to create a secure Internet, we will need to develop tools and protocols which can resist the enormous computational power of modern computers.
Here are a couple of thought-provoking prompts you can use to bring closure to the lesson and as an avenue to draw out the points above. Choose one or more.
How much easier is it to crack a caesar cipher than a random substitution cipher? Can you put a number on it?
- For Caesar's Cipher there are only 25 possible ways to shift the alphabet. Worst case, you only need to try 25 different possibilites. A random substitution cipher has MANY more possibilities (26 factorial = 4x10 26 possibilities). However, as we learned, with frequency analysis we can avoid having to try all of them blindly.
Was it difficult to crack a Random Substitution cipher? Did it take longer than you thought? shorter? Why?
- Computational tools aid humans in the implementation of encryption, decryption, and cracking algorithms. In other words, using a computer changes the speed and complexity of the types of encryption we can do, but it also increases our ability to break or circumvent encryption.
Any encryption cipher is an algorithm for transforming plaintext into ciphertext. What about the other way around? Can you write out an algorithm for cracking a Ceasar cipher? What about a random substitution cipher?
- An algorithm for cracking a Caesar cipher is pretty easy - for each possible alphabetic shift, try it, see if the words come out as english.
- An algorithm for cracking random substitution is trickier and more nunanced. There might not be a single great answer but through thinking about it you realize how tricky it is to codify human intelligence and intuition for doing something like frequency analysis into a process that a machine can follow. It probably requires some human intervention which is an interesting point to make.
Review of Terminolgoy -- you can use this opportunity to review new vocabulary introduced in the activity and respond to questions students may have encountered during the activity.
- Definitions of cryptography, encryption, decryption, cracking/breaking an encryption, cipher, etc.
Students should be encouraged to chat with their partner while completing the worksheet. The questions are fairly straightforward and the point is more to use the questions as a guide to the reading, than to find all the answers as quickly as possible.
Read Blown to Bits
- Read pp. 165-169 of Blown to Bits, Chapter 5 - Reading.
- Answer the questions provided in the reading guide and worksheet Reading Guide for Encryption - Worksheet
More Blown to Bits
The earlier sections of Chapter 5 of Blown to Bits make reference to the significance of and controversies surrounding encryption in the aftermath of September 11th. This reading may be a useful tool for further introducing the impact of cryptography on many aspects of modern life.
Ask students to review the history of their Internet browsing and calculate roughly what percentage they conduct with the assumption that it is “private.” Do they have any way of being sure this is the case? Are there any websites they visit where they feel more confident in the secrecy of their traffic than others? Are they justified in this conclusion?
CSTA K-12 Computer Science Standards (2011)
CI - Community, Global, and Ethical Impacts
- CI.L3A:10 - Describe security and privacy issues that relate to computer networks.
CL - Collaboration
- CL.L2:2 - Collaboratively design, develop, publish and present products (e.g., videos, podcasts, websites) using technology resources that demonstrate and communicate curriculum. concepts.
CPP - Computing Practice & Programming
- CPP.L3A:9 - Explain the principles of security by examining encryption, cryptography, and authentication techniques.
- CPP.L3B:5 - Deploy principles of security by implementing encryption and authentication strategies.
CT - Computational Thinking
- CT.L3B:4 - Evaluate algorithms by their efficiency, correctness, and clarity.
Computer Science Principles
1.2 - Computing enables people to use creative development processes to create computational artifacts for creative expression or to solve a problem.
1.2.2 - Create a computational artifact using computing tools and techniques to solve a problem. [P2]
- 1.2.2A - Computing tools and techniques can enhance the process of finding a solution to a problem.
3.3 - There are trade offs when representing information as digital data.
3.3.1 - Analyze how data representation, storage, security, and transmission of data involve computational manipulation of information. [P4]
- 3.3.1B - Security concerns engender tradeoffs in storing and transmitting information.
- 3.3.1F - Security and privacy concerns arise with data containing personal information.
6.3 - Cybersecurity is an important concern for the Internet and the systems built on it.
6.3.1 - Identify existing cybersecurity concerns and potential options to address these issues with the Internet and the systems built on it. [P1]
- 6.3.1C - Implementing cybersecurity has software, hardware, and human components.
- 6.3.1H - Cryptography is essential to many models of cybersecurity.
- 6.3.1I - Cryptography has a mathematical foundation.
- 6.3.1K - Symmetric encryption is a method of encryption involving one key for encryption and decryption.
7.3 - Computing has a global affect -- both beneficial and harmful -- on people and society.
7.3.1 - Analyze the beneficial and harmful effects of computing. [P4]
- 7.3.1G - Privacy and security concerns arise in the development and use of computational systems and artifacts.