3 - 11
# Cryptography: Symmetric Encryption

**Revision Date:** Sep 07, 2015
(Version 1.2)

**Duration:** 1 50-minute session

0b11 - 0b1011

Unit 3. Information and the Internet

**Summary**

Students are introduced to the topic of cryptography and learn to perform two encryption techniques. The students will identify the role of the algorithm and key in the encryption process. Students will use abstraction to see the general process used in symmetric encryption. The students will consider the strength of ciphers and the importance of keeping the key a secret.

**Outcomes**

- Students will understand how encryption is used to keep data secure.
- Students will learn how encrypting and decrypting data is accomplished using an algorithm and a key.
- Students will understand why the key must be kept a secret.

**Overview**

- Getting Started (5 min) Journal
- Introduction to Content (15 min)
- Lesson Motivation [5 min]
- Presenting the Key Concepts [10 min]

- Guided Activities (25 min)
- Practice [15 min]
- Follow Up: Analyzing the Strength of Ciphers [5 min]
- Follow Up: Defining Symmetric Encryption and Seeing the Abstraction in Symmetric Encryption Systems [5 min]

- Wrap Up (5 min) Journal

- MP1: Make sense of problems and persevere in solving them.
- MP2: Reason abstractly and quantitatively.
- MP8: Look for and express regularity in repeated reasoning.

- RST 12.4 - Determine the meaning of symbols, key terms, and other domain-specific words and phrases

- 5. Using mathematics and computational thinking

- Encryption is used to keep data secure as it is transmitted through the Internet.
- Symmetric encryption involves encrypting and decrypting data using an algorithm and a key.
- Encryption algorithms themselves are standardized (well known), so the key must be kept secret.

- How is cybersecurity impacting the ever increasing number of Internet users?

Student computer usage for this lesson is: **optional**

In the Lesson Resources folder:

- "Cryptography Partner Practice": A worksheet for the students
- "Cipher Python Project": A worksheet with instructions for a simple Python project
- "Cipher Python Project Rubric": The rubric for the Cipher project

Optional: Lesson slides with the key questions, encryption demos, and diagrams (the teacher could simply read the questions and present demos and diagrams by writing on a board).

For examples, consider reviewing <i>The Code Book</i> by Simon Singh.

Journal:

- Name one website you use that requires you to log in with a username and password.
- Why does the website require you to provide a username and password?

- Present the scenario: “Alice would like to send a message to her friend Li in China, but she wants to keep it secret from everybody else.”
- Ask the students: “If Alice sends the message to Li by email over the Internet, will her message remain secret?”
- Student responses should bring up the architecture and trust model of the Internet to show that Alice’s message could be intercepted along the way, since it will pass through many devices before it ends up at Li’s computer.

Tell the students, “This problem is not a new one. Throughout history, people, including government and military officials and personnel, business owners, and others, have wanted to send secret messages to someone but worried that the message could be intercepted along the way.”

There are two ways to try to keep the message secret: Steganography and Cryptography.

Explain the basic difference between the two.

*Steganography*is when a message is "hiding in plain sight". Examples: Writing something in invisible ink that can be revealed with a special type of light.*Cryptography*is when a message is modified in a way that hides the meaning of the message. For example, the letters are replaced with symbols that someone else would not understand.

Present two different encryption techniques, showing one example of each.

- Transposition:
- Definition: Rearranging the letters in the message.
- Example: Rail fence (or "box cipher") http://www.braingle.com/brainteasers/codes/railfence.php or http://practicalcryptography.com/ciphers/rail-fence-cipher/

- Substitution:
- Definition: Each letter is replaced by a different letter or symbol (although, technically a letter could be replaced by itself).
- Example: Caesar Cipher (Shift Cipher) http://www.braingle.com/brainteasers/codes/caesar.php or http://practicalcryptography.com/ciphers/classical-era/caesar/
- Online Tool for Demonstration: Cipher Disk - http://inventwithpython.com/cipherwheel/

An alternative to this lecture portion above is to have students independently study the same concepts using a reading, video, or online learning tool. Here are some suggested resources:

- Khan Academy: Have students watch the videos on "What is cryptography?" and "The Caesar Cipher" and complete the "Caesar Cipher Exploration". https://www.khanacademy.org/computing/computer-science/cryptography/crypt/v/intro-to-cryptography
- Practical Cryptography: Have students use the tools and descriptions to learn how to perform the rail fence encryption and decryption: http://crypto.interactive-maths.com/rail-fence-cipher.html

Summarize with this overview: "Each encryption scheme involves an algorithm and a key. The algorithm is the set of steps that you follow to accomplish the encryption. The key is the secret piece of information that is needed to know exactly how to apply the algorithm in this case. This allows you to securely send encoded information across the Internet and decode it when it arrives. Some codes are more secure than others."

Have the students pair up and practice sending each other encrypted messages, then decrypting them to make sure they end up with the correct message.

A worksheet called "Cryptography Partner Practice" is provided in the Lesson Resources folder.

- Each student gets to write two short messages that they will encrypt and send to their partner.
- First message: Transposition: Use the rail fence algorithm. You must agree on the number of rails to use (this will be the “key”).
- Second message: Substitution: Use the shift substitution cipher algorithm. You must agree on the amount to shift (this will be the “key”).
- For each message, pass it to your partner and have them decrypt it using the agreed upon algorithm and key. Have them read back the decrypted message to make sure they decrypted it correctly.

Ask the students: “How difficult would it be to crack a message that was encrypted using the Caesar (shift) cipher if you didn’t know the key? How would you do it?” (Easy, try each of the 25 possible shifts.)

Present: There are two ways to increase the strength of encryption:

**Option #1:** Increase the number of possible keys.

A general substitution (not limiting to just a shift) dramatically increases the number of keys. The number of keys in this case is the number of permutations (different orderings) of the 26 letters in the alphabet. This can be computed by multiplying the 26 options for the first letter in the cipheralphabet, by the 25 remaining options for the 2nd letter, 24 remaining options for the 3rd letter, etc. (26! or 26 factorial).

The answer: 4.032914e x 10^{26} keys (Google will calculate it for you).

This analysis makes it seem as though a substitution cipher would be unbreakable, but clever people have invented tricks (e.g., frequency analysis) that can be used so you don't have to try all of the different keys.

**Option #2:** Use a better algorithm.

For example, use a polyalphabetic cipher that combines multiple cipher alphabets.

(If time allows, you can have students explore other ciphers. For further study, see Khan Academy or *The Code Book* by Simon Singh.)

Present a diagram that shows high-level view of the encryption and decryption process (see *The Code Book*, p. 11).

- Identify this as an example of abstraction. (You can ask the students to try to explain why.) Example: This is abstraction because it shows the general process of encryption and decryption using any key or algorithm. It omits the details of the specific algorithm and the type of key.
- Tell the students, “The types of encryption you learned today are called “symmetric”. Why do you think they are called “symmetric”? (The same key is used to encrypt and decrypt. You use the algorithm to encrypt, and then reverse it to decrypt.)
- What do you think it would mean for encryption to be asymmetric (non-symmetric)? (foreshadowing the next lesson)

**Journal:**

- What is the role of the algorithm in the encryption process? What is the role of the key?
- Which one of these, the algorithm or the key, is more important to keep secret? Why?

Use the "Cipher Python Project" worksheet in the Lesson Resources folder. Students are tasked to create a simple Caesar cipher program that uses ASCII values to shift messages by a certain letter. The rubric for this project is also in the Lesson Resources folder.

- Computer Encryption: Use bitwise XOR to do substitution cipher (see
*The Code Book,*p. 247) - Students read a historical account that involves encryption (Mary, Queen of Scots) http://www.nationalarchives.gov.uk/spies/ciphers/mary/ (After reading the introduction, click on the links below the picture for “Mary’s ciphers” and “The Babington Plot”)
- Students read about cryptanalysis and learn about the frequency analysis technique. Try using it on an encryption puzzle..
- An example of breaking a substitution cipher: http://www-math.ucdenver.edu/~wcherowi/courses/m5410/exsubcip.html
- Try deciphering an encrypted message using the techniques you read about: http://cryptogram.org/solve_cipher.html#contents

The teacher will evaluate student responses to the journal entries, class discussion questions, and the students performance during the encryption practice.