On Cryptography and the Golden Age of Islamic Civilization

The following is a beautiful excerpt from Simon Singh’s The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography:

Between the appointment of Abū Bakr in 632 to the death of the fourth caliph, Alī, in 661, Islam spread until half of the known world was under Muslim rule. Then in 750, after a century of consolidation, the start of the Abbasid caliphate (or dynasty) heralded the golden age of Islamic civilization. The arts and sciences flourished in equal measure. Islamic craftsmen bequeathed us magnificent paintings, ornate carvings, and the most elaborate textiles in history, while the legacy of Islamic scientists is evident from the number of Arabic words that pepper the lexicon of modern science such as algebra, alkaline and zenith.

The richness of Islamic culture was to a large part the result of a wealthy and peaceful society. The Abbasid caliphs were less interested than their predecessors in conquest, and instead concentrated on establishing an organized and affluent society. Lower taxes encouraged businesses to grow and gave rise to greater commerce and industry, while strict laws reduced corruption and protected the citizens. All of this relied on an effective system of administration, and in turn the administrators relied on secure communication achieved through the use of encryption.

As well as encrypting sensitive affairs of state, it is documented that officials protected tax records, demonstrating a widespread and routine use of cryptography. Further evidence comes from many administrative manuals, such as the tenth-century Adab al-Kuttāb (“ The Secretaries’ Manual”), which include sections devoted to cryptography. The administrators usually employed a cipher alphabet which was simply a rearrangement of the plain alphabet, as described earlier, but they also used cipher alphabets that contained other types of symbols. For example, a in the plain alphabet might be replaced by # in the cipher alphabet , b might be replaced by +, and so on.

The monoalphabetic substitution cipher is the general name given to any substitution cipher in which the cipher alphabet consists of either letters or symbols, or a mix of both. All the substitution ciphers that we have met so far come within this general category. Had the Arabs merely been familiar with the use of the monoalphabetic substitution cipher, they would not warrant a significant mention in any history of cryptography. However, in addition to employing ciphers, the Arab scholars were also capable of destroying ciphers. They in fact invented cryptanalysis, the science of unscrambling a message without knowledge of the key. While the cryptographer develops new methods of secret writing, it is the cryptanalyst who struggles to find weaknesses in these methods in order to break into secret messages . Arabian cryptanalysts succeeded in finding a method for breaking the monoalphabetic substitution cipher, a cipher that had remained invulnerable for several centuries. Cryptanalysis could not be invented until a civilization had reached a sufficiently sophisticated level of scholarship in several disciplines, including mathematics, statistics and linguistics. The Muslim civilization provided an ideal cradle for cryptanalysis, because Islam demands justice in all spheres of human activity, and achieving this requires knowledge, or “ilm”.

Every Muslim is obliged to pursue knowledge in all its forms, and the economic success of the Abbasid caliphate meant that scholars had the time, money and materials required to fulfill their duty. They endeavored to acquire the knowledge of previous civilizations by obtaining Egyptian, Babylonian, Indian, Chinese, Farsi, Syriac, Armenian, Hebrew and Roman texts and translating them into Arabic. In 815, the Caliph al-Ma’mūn established in Baghdad the Bait al-Hikmah (“ House of Wisdom”), a library and center for translation. At the same time as acquiring knowledge, the Islamic civilization was able to disperse it, because it had procured the art of papermaking from the Chinese. The manufacture of paper gave rise to the profession of warraqīn, or “those who handle paper,” human photocopying machines who copied manuscripts and supplied the burgeoning publishing industry. At its peak, tens of thousands of books were published every year, and in just one suburb of Baghdad there were over a hundred bookshops. As well as such classics as Tales from the Thousand and One Nights, these bookshops also sold textbooks on every imaginable subject, and helped to support the most literate and learned society in the world.

We’ve all been there, but none of us remember. As we develop into fully self-aware beings, our subjective experience of the world shifts dramatically. Once we leave infanthood behind, that early window on the world – and what it’s like to look through it – is closed to us.

Emeralds - Candy Shoppe
from Does It Look Like I'm Here?
80 plays

Probably the best single track by electronic music band Emeralds. The blending of electric guitar is really great. Worth sharing.

Music video for the title track from Lusine’s new Arterial EP.

miniLock

miniLock was released this Monday on the Chrome Web Store after making it through the peer review and public review periods. The contributions made during the two weeks of public review were truly something to make the open source cryptography community proud. People were wonderfully productive, and individuals like Dmitry Chestnykh, Trevor Perrin and Jenna Fox contributed deeply valuable ideas to improve the protocol design as well as the general usability of the project.

Here’s miniLock in a nutshell, from the website:

miniLock lets you encrypt any file quickly and easily, and share it securely with any friend that has a miniLock ID.

Open miniLock and enter your email and passphrase. miniLock uses your passphrase to generate a miniLock ID. You can then send your miniLock ID to friends and they will be able to encrypt files and send them to you. You can send files to your friends once you have their miniLock IDs.

miniLock IDs are very small and easy to communicate. They fit inside a tweet, business card or text message. Entering your passphrase on any computer with miniLock installed will immediately give you the same miniLock ID.

miniLock’s also received very positive press coverage, and the reception on Twitter has also been great. Of all the articles written about it this week (and there are many), the one by PC World struct me as the one most worth reading. Ian Paul did a really thoughtful comprehensive review of miniLock, check out his article here.

Also, my miniLock talk at HOPE X in mid-July went quite well. You can watch it on Vimeo, but keep in mind that this talk was given before the public review period began, so some aspects of my describing miniLock’s design are out of date.

Oh, and my miniLock ID is quBSaJLXKsRiaSrhgkPnswKocth711H29ZamMi1H9j4Mb.

This standard has a future. I’ll keep improving it.

"Hacker Nadim Kobeissi is showing off a prototype tool, miniLock, at a hacker conference this weekend. The tool is a free, open-source browser plug-in that will let users easily encrypt just about anything."

gazaDeaths.com f

I made a website that gathers information from the Gaza Health Ministry to display statistics and names regarding Palestinian deaths in the current July 2014 palestinian conflict.

Upcoming Cryptography Work

Fast Company has published an interview with me that covers recent advancements with Cryptocat, my design rationale for a lot of Cryptocat work, and also the current Cryptocat Kickstarter that’s trying to raise $45,000 for the project.

I’m also traveling to New York City this weekend to attend HOPE X, where I plan to present my next encryption software project, miniLock. WIRED published a preview of miniLock last week.

miniLock will make use of some interesting and original file encryption and file sharing techniques using elliptic curve cryptography. I’ll post the slides for my talk right after it’s given on Saturday, and will also be releasing miniLock with a full, peer-reviewed design specification, unit test kit, third-party cryptographic audit, API, reference implementation and more.

Here’s a good excerpt from the Fast Company interview:

Why the focus on the general public?

Cryptography is my main research interest and I’ve always had the opinion that you have to focus on practical, applied cryptography. I see a lot of research being done on really theoretical cryptography. But I don’t like that approach because it’s a very Ivory Tower, academic approach. I really want to focus on the kind of cryptography that has practical benefits to regular individuals in the world. Everything I’ve done related to cryptography has I think embodied the belief that if you want to do cryptography research it’s much more valuable to do stuff that’s related to practical or applied cryptography.

Why is it important for you that Cryptocat is free and open source software?

First this is an argument that I believe in at the engineering and programming level. I think that encryption software can’t afford to not be open source. I think that in order to evaluate the research and security of any cryptographic software, you need to adhere to , which has been a staple for cryptography for many decades. The principle is simply that you cannot obtain security via obscuring your practices. You have to obtain your security via assuming that the adversary already knows all aspects of the system and nevertheless the system is still secure.

So how does that principle play out with Cryptocat?

The way I enforce this is not only by making Cryptocat open source software, but by making it free software under a permissive license. We document the software and the cryptographic specification and we open up our development process. We hire auditors to do biannual audits and release those audits for the public to examine. It’s a very transparent approach to doing cryptography research. Unfortunately it’s resulted in the misconception that Cryptocat is more broken than other tools because we keep talking about how many different bugs we find and fix. But the real reason for that is because no other software has this level of transparency.

It’s been almost a year since I’ve seen “Somewhere”, a short film produced by Nicolas Ménard and Rich Vreeland. It remains quite possibly my favourite short film of all time. I’m posting it here on my blog for visitors to check it out.

The usage of geometry and the spacing of shapes is masterful. It makes scenes from beautiful geometric combinations, and manages to wrap it all in an emotionally gripping context.

VHS Head - Body Magic
from Persistence of Vision
1,085 plays

VHS Head’s Persistence of Vision comes out today on SKAM records. I’ve listened to his entire discography and I can attest that Adrian Blacow pulls out many more stops in this iteration than in his previous ones. He continues to define his aesthetic, stemming from a mix of Boards of Canada style surrealism and the soul of 90s VHS culture. There’s also an accentuated theme of “retro horror” to this release, which VHS Head plays well throughout the album.

Persistence of Vision seems stuck in limbo between danceable beats and IDM-style synths, and the result is surprisingly great. The album was delayed in production, and it shows: a full listen of this 15-track album flows seamlessly from track to track — VHS Head manages to paint his aesthetic cleanly throughout.

A criticism I have of the album is that some of the tracks lean back too comfortably on the Vaporwave scene that engulfed electronic music in 2012 and 2013, thereby allowing these tracks to meander through without contributing meaningfully in terms of melody or sound. Thankfully, such occurrences are rare.

I’ve chosen to post the track Body Magic since I feel it adequately showcases some variety present in this overall excellent album. But don’t let it fool you — the whole album reaches out and covers far more ground. If you’re an electronic music snob, Persistence of Vision is almost certainly going to mindfully contribute to your perspective.

I got my copy from iTunes.

6electronic music,

My Response to DMCA Protection Offers

As the developer of Bluenote, I sometimes get emails from agencies offering to “remove” the “thousands of pirated copies” of Bluenote off the Internet, in a “fast, effective and affordable fashion”, using the DMCA.

This “removal” is discussed matter-of-factly, but in the context of their email, I feel like I’m being contacted by a hit man offering to “take care” of someone who’s been causing me problems. To add to the climate of fear, they usually include links to Google searches revealing pirated copies of Bluenote. Gasp!

I’ve never replied to these emails, but the latest from “DMCA Force” annoyed me, and I wrote the following response:

Dear Jason,

Bluenote is especially made in order to be DRM-free, thereby making it not difficult to pirate.

I think that your work, in which you are effectively attempting to profit off Internet censorship enacted by the fears you attempt to instill in content creators, contributes to a less free Internet.

I also think that you should find a job that actually contributes to mankind’s greatest free flow of information instead of stymying it via the force of this kind of mediocre message. I think the fact that you effectively profit off Internet censorship is shameful.

Regards, NK

If you can’t afford Bluenote, by all means pirate it. If you feel like I deserve the money, then it would be nice if you paid the five bucks. But I would much rather see myself losing money than have someone play my fears in order to use a misguided law to further censor the free flow of information on the Internet.

Oneohtrix Point Never - Format & Journey North
from Rifts
1,235 plays

Format & Journey North is a really underrated electronic music track by Oneohtrix Point Never. I say underrated because it’s barely available on YouTube and no one seems to have heard of it, even though it’s an exceptionally expressive and creative ten-minute piece that’s been out there for years.

The track is split into two parts. The first part is calm and reflective (even including a rainforest background). But as the track reaches its halfway point, it transitions into an intense melody with countless overlapping samples that manage to still produce a coherently powerful message.

This is one of my favourite electronic music tracks of all time. As usual, listening only with good headphones or a solid speaker system is recommended.

6electronic music, oneohtrix point never,

Hitler’s Soft Side

Reading accounts of Hitler’s behaviour at his Berghof mountain house is fascinating and distressing in equal measure. Here are some quotes from a recent Washington Post interview with one of Hitler’s twenty two maids at his mountain retreat (the last surviving one):

"Late at night, Hitler liked to steal away to the kitchen for a bite of “Fuhrer cake,” a specially prepared sheet cake with apples, nuts and raisins that the kitchen was expected to always have on hand."

Another interview from 2008 with one of Hitler’s former maids yields the following information:

Recalling her first direct request from [Hitler], she said she was drying some porcelain cups when he came down the stairs. ‘Hello,’ he said softly. ‘Sorry to trouble you, but could you make me some coffee and bring some gingerbread biscuits to my study?’

These tidbits are distressing to me because I’ve always imagined that these small things, things like sneaking into the kitchen late at night for some of your favourite, special cake, or softly asking someone for a gingerbread biscuit to eat while you work in your study — were the things that unquestioningly granted you some allowance of honesty and humanity. No matter how small these acts are, they reflect a facet that I’ve always prioritized when evaluating people. But here they are, reflected in modern history’s worst human being.

It’s easy to imagine that Hitler snuck down for some Fuhrer Cake and then went back upstairs to lock himself in his study and draft an order for another shipment of Zyklon B.

I’ve been recently playing Sonic 3 and Knuckles on my GCW Zero and I just finished the entire game (with all fourteen emeralds!) It is really a masterpiece of retro gaming.

I have a lot of love for this game — if the screenshots above intrigue you, you should definitely grab an emulator (or better yet, a GCW Zero) and give it a play through. The graphics, style and gameplay are timeless and artful. To top it off, much of the wonderful soundtrack was composed by Michael Jackson!

Play it, if only for the final boss fight, which involves a giant fire-breathing robot that shoots a beam of pure energy out of a giant emerald embedded in its stomach, in space. Such a work of art shouldn’t be forgotten as a mere retro video game, but memorialized as an element of culture.
ZoomInfo
I’ve been recently playing Sonic 3 and Knuckles on my GCW Zero and I just finished the entire game (with all fourteen emeralds!) It is really a masterpiece of retro gaming.

I have a lot of love for this game — if the screenshots above intrigue you, you should definitely grab an emulator (or better yet, a GCW Zero) and give it a play through. The graphics, style and gameplay are timeless and artful. To top it off, much of the wonderful soundtrack was composed by Michael Jackson!

Play it, if only for the final boss fight, which involves a giant fire-breathing robot that shoots a beam of pure energy out of a giant emerald embedded in its stomach, in space. Such a work of art shouldn’t be forgotten as a mere retro video game, but memorialized as an element of culture.
ZoomInfo
I’ve been recently playing Sonic 3 and Knuckles on my GCW Zero and I just finished the entire game (with all fourteen emeralds!) It is really a masterpiece of retro gaming.

I have a lot of love for this game — if the screenshots above intrigue you, you should definitely grab an emulator (or better yet, a GCW Zero) and give it a play through. The graphics, style and gameplay are timeless and artful. To top it off, much of the wonderful soundtrack was composed by Michael Jackson!

Play it, if only for the final boss fight, which involves a giant fire-breathing robot that shoots a beam of pure energy out of a giant emerald embedded in its stomach, in space. Such a work of art shouldn’t be forgotten as a mere retro video game, but memorialized as an element of culture.
ZoomInfo
I’ve been recently playing Sonic 3 and Knuckles on my GCW Zero and I just finished the entire game (with all fourteen emeralds!) It is really a masterpiece of retro gaming.

I have a lot of love for this game — if the screenshots above intrigue you, you should definitely grab an emulator (or better yet, a GCW Zero) and give it a play through. The graphics, style and gameplay are timeless and artful. To top it off, much of the wonderful soundtrack was composed by Michael Jackson!

Play it, if only for the final boss fight, which involves a giant fire-breathing robot that shoots a beam of pure energy out of a giant emerald embedded in its stomach, in space. Such a work of art shouldn’t be forgotten as a mere retro video game, but memorialized as an element of culture.
ZoomInfo
I’ve been recently playing Sonic 3 and Knuckles on my GCW Zero and I just finished the entire game (with all fourteen emeralds!) It is really a masterpiece of retro gaming.

I have a lot of love for this game — if the screenshots above intrigue you, you should definitely grab an emulator (or better yet, a GCW Zero) and give it a play through. The graphics, style and gameplay are timeless and artful. To top it off, much of the wonderful soundtrack was composed by Michael Jackson!

Play it, if only for the final boss fight, which involves a giant fire-breathing robot that shoots a beam of pure energy out of a giant emerald embedded in its stomach, in space. Such a work of art shouldn’t be forgotten as a mere retro video game, but memorialized as an element of culture.
ZoomInfo

I’ve been recently playing Sonic 3 and Knuckles on my GCW Zero and I just finished the entire game (with all fourteen emeralds!) It is really a masterpiece of retro gaming.

I have a lot of love for this game — if the screenshots above intrigue you, you should definitely grab an emulator (or better yet, a GCW Zero) and give it a play through. The graphics, style and gameplay are timeless and artful. To top it off, much of the wonderful soundtrack was composed by Michael Jackson!

Play it, if only for the final boss fight, which involves a giant fire-breathing robot that shoots a beam of pure energy out of a giant emerald embedded in its stomach, in space. Such a work of art shouldn’t be forgotten as a mere retro video game, but memorialized as an element of culture.

How do we know when decryption is successful?

I recently answered a nice question on StackExchange’s cryptography forum:

Judging by the algorithm on the Blowfish Wikipedia article, there is no way for the process to fail with an error. How then does GnuPG know when to tell you your password is correct when decrypting a file, rather than proceeding to decrypt meaningless data?

An important property of a ciphertext is that it has to be indistinguishable from truly random data. This allows the encryption cipher to produce ciphertext that reveals no information about the plaintext (other than size) or the encryption key. In fact, this property even allows encryption algorithms to act as pseudorandom byte generators by simply making them generate a stream of random ciphertext.

In the case of stream ciphers, decryption is the result of XORing each ciphertext byte with its corresponding keystream byte in sequence. If the keystream byte corresponding to the ciphertext byte is correct, the result of the XOR will yield the original plaintext byte. Since ciphertext cannot be made to provide any information regarding the plaintext, it follows that it also cannot be made to reveal whether the XOR of a certain keystream byte yielded a correct plaintext for the byte or not. Otherwise, the cipher would be clearly broken and allow us to basically query it for information regarding the plaintext.

A similar principle applies to block ciphers such as Blowfish, except those ciphers operate on entire blocks of bytes instead of individual bytes, and also employ other operations such as substitution in tandem with XORs, organized in structures such as Feistel networks.

Therefore, when it’s important to be able to inform the user whether a decryption operation has succeeded in yielding the expected data, cryptography engineers use Message Authentication Codes. Hash-based MACs allow a candidate plaintext to be compared against an authenticated hash value. If the check passes, then we know that it is the correct plaintext and are then able to notify the user that the decryption function was successful as intended.

Generally, if you want to verify the integrity of encrypted data as it goes through the wire to reach someone, you would generate a MAC for the ciphertext. But if you also want to verify that the decrypted plaintext is correct (as seems to be your case here,) then you would generate another MAC for the plaintext and send it along with the ciphertext.

While hash-based MACs are probably the preferred way to do this, they aren’t the only way to verify successful decryption. For example, TrueCrypt will check the first four bytes of the volume header in order to see if decryption is successful. This approach is likely to be more error-prone than HMACs in most applications, however.

Finally, there are block cipher modes of operation (such as Galois Counter Mode) that grant block ciphers such as Blowfish or AES the ability to self-authenticate. This pretty much allows a ciphertext to verify its own integrity without the need for an external check. Depending on what you’re trying to accomplish, you may want to investigate both HMACs and Galois Counter Mode and decide which offers the verification properties you’re looking for.

-