David Evans CS200: Computer Science University of Virginia Computer Science Lecture 12: Decrypting Work Circle Fractal by Ramsey Arnaoot and Qi Wang

12 February 2003CS 200 Spring Menu Measuring Work Faster (?) Sorting PS4: Cryptology

12 February 2003CS 200 Spring Sorting How much work is sort ? We measure work using orders of growth: How does work grow with problem size? (define (sort cf lst) (if (null? lst) lst (let ((most (find-most cf lst))) (cons most (sort cf (delete lst most)))))) (define (find-most cf lst) (insertl (lambda (c1 c2) (if (cf c1 c2) c1 c2)) lst (car lst)))

12 February 2003CS 200 Spring Why not just time it? Moore’s Law: computing power doubles every 18 months!

12 February 2003CS 200 Spring How much work is find-most? Work to evaluate (find-most f lst)? –Evaluate (insertl (lambda (c1 c2) …) lst) –Evaluate lst –Evaluate (car lst) (define (find-most cf lst) (insertl (lambda (c1 c2) (if (cf c1 c2) c1 c2)) lst (car lst))) These don’t depend on the length of the list, so we don’t care about them.

12 February 2003CS 200 Spring Work to evaluate insertl How many times do we evaluate f for a list of length n ? (define (insertl f lst stopval) (if (null? lst) stopval (f (car lst) (insertl f (cdr lst) stopval)))) n insertl is  ( n ) If we double the length of the list, we amount of work insertlg does approximately doubles.

12 February 2003CS 200 Spring Sorting How much work is it to sort? –How many times does sort evaluate find-most ? (define (sort cf lst) (if (null? lst) lst (let ((most (find-most cf lst))) (cons most (sort cf (delete lst most)))))) sort is  ( n 2 ) If we double the length of the list, we amount of work sort does approximately quadruples.

12 February 2003CS 200 Spring Timing Sort > (time (sort < (revintsto 100))) cpu time: 20 real time: 20 gc time: 0 > (time (sort < (revintsto 200))) cpu time: 80 real time: 80 gc time: 0 > (time (sort < (revintsto 400))) cpu time: 311 real time: 311 gc time: 0 > (time (sort < (revintsto 800))) cpu time: 1362 real time: 1362 gc time: 0 > (time (sort < (revintsto 1600))) cpu time: 6650 real time: 6650 gc time: 0

12 February 2003CS 200 Spring (n2)(n2) = n 2 /500 measured times

12 February 2003CS 200 Spring Is our sort good enough? Takes over 1 second to sort 1000-length list. How long would it take to sort 1 million items? (n2)(n2) 1s = time to sort s ~ time to sort M is 1000 * 1000 Sorting time is n 2 so, sorting 1000 times as many items will take times as long = 1 million seconds ~ 11 days Note: there are 800 Million VISA cards in circulation. It would take 20,000 years to process a VISA transaction at this rate.

12 February 2003CS 200 Spring Divide and Conquer sorting? Bubble sort: find the lowest in the list, add it to the front of the result of sorting the list after deleting the lowest Insertion sort: insert the first element of the list in the right place in the sorted rest of the list

12 February 2003CS 200 Spring insertsort (define (insertsort cf lst) (if (null? lst) null (insertel cf (car lst) (insertsort cf (cdr lst)))))

12 February 2003CS 200 Spring insertel (define (insertel cf el lst) (if (null? lst) (list el) (if (cf el (car lst)) (cons el lst) (cons (car lst) (insertel cf el (cdr lst))))))

12 February 2003CS 200 Spring How much work is insertsort? (define (insertsort cf lst) (if (null? lst) null (insertel cf (car lst) (insertsort cf (cdr lst))))) (define (insertel cf el lst) (if (null? lst) (list el) (if (cf el (car lst)) (cons el lst) (cons (car lst) (insertel cf el (cdr lst)))))) Worst case? Average case? insertel is  ( n ) How many times does insertsort evaluate insertel ? n times (once for each element) insertsort is  ( n 2 )

12 February 2003CS 200 Spring > (insertsort < (revintsto 20)) ( ) Requires 190 applications of < > (insertsort < (intsto 20)) ( ) Requires 19 applications of < > (insertsort < (rand-int-list 20)) ( ) Requires 104 applications of <

12 February 2003CS 200 Spring > (bubblesort < (intsto 20)) ( ) Requires 210 applications of < > (bubblesort < (rand-int-list 20)) ( ) Requires 210 applications of <

12 February 2003CS 200 Spring bubblesort vs. insertsort Both are  ( n 2 ) worst case (reverse list) Both are  ( n 2 ) average case (random) –But insert-sort is about twice as fast insertsort is  ( n ) best case (ordered list)

12 February 2003CS 200 Spring Can we do better? Think about this for next time Hint: think about the trees in SICP 2.2

12 February 2003CS 200 Spring Cryptology ( CS588 Condensed)

12 February 2003CS 200 Spring Terminology Encrypt Decrypt Plaintext Ciphertext Plaintext Alice Bob Eve Insecure Channel C = E(P) P = D(C) E must be invertible: P = D (E (P))

12 February 2003CS 200 Spring Encrypt Decrypt Plaintext Ciphertext Plaintext Alice Bob Insecure Channel C = E(P, K) P = D(C, K) KK “The enemy knows the system being used.” Claude Shannon Eve

12 February 2003CS 200 Spring Jefferson Wheel Cipher

12 February 2003CS 200 Spring Enigma About 50,000 used by Nazi’s in WWII Modified throughout WWII, believed to be perfectly secure Broken by Bletchley Park led by Alan Turing (and 30,000 others) First computer (Collossus) developed to break Nazi codes (but kept secret through 1970s) Allies used decrypted Enigma messages to plan D-Day

12 February 2003CS 200 Spring Bletchley Park

12 February 2003CS 200 Spring Lorenz Cipher Machine

12 February 2003CS 200 Spring Perfectly Secure Cipher: One-Time Pad Mauborgne/Vernam [1917] xor (  ): 0  0 = 0 1  0 = 1 0  1 = 1 1  1 = 0 a  a = 0 a  0 = a a  b  b = a E(P, K) = P  K D(C, K) = C  K = (P  K)  K = P

12 February 2003CS 200 Spring For any given ciphertext, all plaintexts are equally possible. Ciphertext: Key: Plaintext: = “CS” Why perfectly secure? 1 0 B

12 February 2003CS 200 Spring If its “perfect” why is it broken? Cannot reuse K Need to generate truly random bit sequence as long as all messages Need to securely distribute key

12 February 2003CS 200 Spring “One-Time” Pad’s in Practice Lorenz Machine – Nazi high command in WWII –Pad generated by 12 rotors –Receiver and sender set up rotors in same positions –One operator retransmitted a message (but abbreviated message header the second time!) –Enough for Bletchley Park to figure out key – and structure of machine that generated it! –But still had to try all configurations

12 February 2003CS 200 Spring Colossus – First Programmable Computer Bletchley Park, 1944 Read ciphertext and Lorenz wheel patterns from tapes Tried each alignment, calculated correlation with German Decoded messages (63M letters by 10 Colossus machines) that enabled Allies to know German troop locations to plan D-Day Destroyed in 1960, kept secret until 1970s

12 February 2003CS 200 Spring From

12 February 2003CS 200 Spring Problem Set 4 Break a simplified Lorenz Cipher Removed one wheel, made initial positions of all groups of wheels have to match Small rotors Its REALLY AMAZING that the British were able to break the real Lorenz in 1943 and it is still hard for us today!

12 February 2003CS 200 Spring Motivation Helps… Confronted with the prospect of defeat, the Allied cryptanalysts had worked night and day to penetrate German ciphers. It would appear that fear was the main driving force, and that adversity is one of the foundations of successful codebreaking. Simon Singh, The Code Book

12 February 2003CS 200 Spring Modern Ciphers 128-bit keys, encrypt 128-bit blocks Brute force attack –Try 1 Trillion keys per second –Would take years to try all keys! –If that’s not enough, can use 256-bit key No known techniques that do better than brute force search

12 February 2003CS 200 Spring Charge PS4: Cryptology –No new Computer Science concepts –Lots of practice with lists and recursion Think about faster ways of sorting Read Tyson’s essay (before Friday) –How does it relate to  (n 2 ) –How does it relate to grade inflation –Don’t misinterpret it as telling you to run out and get tatoos and piercings!