Experts classify cryptographic techniques on the basis of how secure or insecure these methods are. Other dimensions include: the speed with which you can encrypt and decrypt a message, whether or not you need a computer to implement the method, whether the method demonstrates a principle (e.g. simple substitution cipher) and the extent to which it can be deployed in real-world practical contexts. Some methods apply only to short messages, others are scalable to high volume instantaneous data processing. Some methods make it clear they are hiding something; others obscure the fact that they conceal information. See posts on steganography.

There are cost dimensions in cryptographic classification. Developing and maintaining algorithms and systems, and releasing security updates carry costs. Maintaining cryptographic security also entails energy costs. Blockchain security provides an obvious reference point for the potentially high cost of encryption. At another end of the spectrum, some cryptographic methods are of historical interest, present mathematical challenges, or serve as leisure pursuits. Within this multidimensional spectrum of cryptographic methods lies the dimension of highly useful to useless.

In my explorations of the theme of cryptography I’ve been keen to discover the extent to which cryptography already permeates the built environment. At the very least, the spatial arrangement of architectural spaces shares some of the principles on which cryptography is founded, such as concealment, access, combinatorics, path following, transactions, play, trust, etc. See post Secret architecture.

Certain cryptographic methods, such as cryptostereograms and steganography bring cryptography into the realm of the senses. Cryptography thereby raises awareness (for some of us) of the idea that the environment is permeated by overt and covert messaging. Places are semiotic. As a related observation, some everyday environments operate via *affordances*. Places and objects communicate to us how they are to be used. See post Place is the code.

Some people (as actors) use the physical environment deliberately to communicate in secret. Cryptography raises questions of agency in the built environment.

Cryptography serves, along with phenomena of visual illusions, to encourage doubt about the evidence of our senses. Cryptography contributes to debates about reality and perception. It also helps perpetuate continued scepticism, suspicion and even “paranoia” about the world.

As with art, cryptography encourages people to see things differently — the sideways glance that treats the familiar as strange and alien, e.g. cryptocurrency and NFTs, require us to think differently about money, value, and authenticity.

To further develop the philosophical thread, this quote from Henri Lefebvre about “blind fields” ought to be relevant to encryption in urban environments.

“Between fields, which are regions of force and conflict, there are blind fields. These are not merely dark and uncertain, poorly explored, but blind in the sense that there is a blind spot on the retina, the center — and negation — of vision. A paradox. The eye doesn’t see; it needs a mirror. The center of vision doesn’t see and doesn’t know it is blind. Do these paradoxes extend to thought, to awareness, to knowledge? In the past there was a field between the rural and the industrial — just as there is today between the industrial and the urban — that was invisible to us” (29).

- Lefebvre, H. 2003.
*The Urban Revolution*. Minneapolis, MN: University of Minnesota Press.

- The banner image is a box of moveable type blocks found in a second hand shop at the Elsecar Heritage Centre, South Yorkshire.

Amongst such text-based imagery you can find ASCII *stereograms*, arrangements of symbols on a page that when viewed in the right way reveal 3d pictures. (See previous post: What ever happened to autostereograms.) The Wikipedia entry for **ASCII stereograms** links to a short online article by computer scientist Jonathan Bowen that demonstrated the practice.

ASCII stereograms offer a low-tech means of hiding messages. Here’s my attempt to deliver a secret message via a block of text repeated in two columns. What might be taken as careless typing serves to highlight certain words and parts of words by bringing them into relief, as if on a layer above the main text. The secret command here is from Flash Gordon to Earth!

In digital communications, encryption that is useful needs to be fast, foolproof and scalable. The practical use of ASCII stereograms is unclear. But to hide secret messages in plain sight brings cryptography into the realm of the human visual system, and hence the senses. It also brings the challenges of cryptography into alignment with optical illusions which are also more useful in shedding light on questions of perception and reality than they are practical.

- Bowen, Jonathan. 1992. ASCII Stereograms.
*Museophile*. Available online: https://web.archive.org/web/20080517013244/http://archive.museophile.org/3d/ascii-3d.html (accessed 15 July 2021).

I have created the featured image above to illustrate the principle of autostereogrammetry. In the middle row the images are closer together. If you allow each eye to attend to adjacent images so that images overlay one another (in a kind of “double vision”) then the angle at which the eyes converge while inspecting the middle row will be smaller than for the top and bottom rows. This disparity contributes strongly to depth perception. The middle row will appear to stand out as if on a plane closer than the others to your face.

The presentation of full 3d imagery with just a single image requires computer manipulation of patterns of pixels that repeat across the plane of the image. The process involves a depth map, which is a grey scale pixel image of a 3d object, such as a car. This information is mapped onto the repeated pattern. Pixels on adjacent repeats in the pattern are adjusted slightly according to the information on the depth map. The variable convergence effect provides the depth cues, and we see the 3d shape.

At the time of their popularity these images reminded us of the remarkable capacity of the human visual system to take in details (pixels) presented to each eye from the same source and to match them so as to signal sufficient depth to present a 3d illusion.

The techniques assume full visual acuity of course. There’s no colouring; the repeated patterns drape across the surface of the 3d model. You see ghosts and echoes within the imagery, and if you allow your eyes to lock onto repeating patterns that are not directly adjacent then the 3d imagery fragments and multiplies. As with HMDs and 3d cinema, it’s not possible to simulate the way the human eye adjusts focus according to depth cues. There’s no parallax either. You can’t see around the virtual 3d objects by moving your head.

Those of us involved in computer graphics had trouble identifying roles for autostereogrammetry techniques, especially in architecture. They don’t seem to offer glasses-free 3d cinema, though a clever YouTube music video of the Young Rival group shows the musicians moving in 3d animation through visual white noise. There are many other animated examples, e.g. by Roma N: https://www.youtube.com/watch?v=IZpsbQMQFBs.

The idea of pictures hidden within seeming randomness is alluring as a form of steganography, and scholars have experimented with such imagery as a way of achieving so-called “cerebral cryptography,” cryptography that incorporates the capability of the human cognitive system to decode secret messages unaided.

- Ninio, Jacques. 2007. The science and craft of autostereograms.
*Spatial Vision*, (21) 1-2, 185–200. - Zou, Zhengxia, Tianyang Shi, Yi Yuan, and Zhenwei Shi. 2020. NeuralMagicEye: Learning to See and Understand the Scene Behind an Autostereogram.
*arXiv e-prints*arXiv:2012.15692.

- A quick check on Google Scholar reveals hundreds of research articles on autostereograms. Unfortunately, “autostereogrammetry” isn’t a word.

“In this paper we consider the problem of encrypting written material (printed text, handwritten notes, pictures, etc.) in a perfectly secure way which can be decoded directly by the human visual system.” (1)

The challenge was to transmit short, singular messages, a bit like instructions between HQ and submarines in WWII, and of the kind intercepted by the Bletchley Park code breakers.

The second remarkable proposition in this article was that even though computers might be required to generate an encrypted message, its decryption could be accomplished by purely visual means, such as laying images photocopied onto transparent sheets of acetate.

“The basic model consists of a printed page of ciphertext (which can be sent by mail or faxed) and a printed transparency (which serves as a secret key). The original cleartext is revealed by placing the transparency with the key over the page with the ciphertext, even though each one of them is indistinguishable from random noise. The system is similar to a one time pad in the sense that each page of ciphertext is decrypted with a different transparency. Due to its simplicity, the system can be used by anyone without any knowledge of cryptography and without performing any cryptographic computations.” (1)

To illustrate the method Naor and Shamir provided two images:

“two random looking dot patterns. To decrypt the secret message, the reader should photocopy each pattern on a separate transparency, align them carefully, and project the result with an overhead projector.” (1)

I don’t have access to a photocopier, acetate or an overhead projector, but I have Photoshop (PS). Here are the two noisy images in the article as PS layers. Overlaying with the PS “Darken” transparency filter reveals the hidden text, “IACR.” (These are the initials of The International Association for Cryptologic Research.)

This 1995 article has over 3,000 citations, and it’s still being referenced in 2021. So there’s some substance to the concepts. As an example, a 2017 article by Petrauskiene and Saunoriene discusses how secret messages can be hidden and revealed by shaking things up:

“secret information is encoded into a single stochastic moiré grating, which is fixed onto the surface of the vibrating structure. It is shown, that the secret can be visually decoded if the cover image oscillates according to a chaotic law.”

Secret messages may be hidden within moiré patterns, 3d magic eye and other innocuous imagery. See posts tagged steganography.

- Desmedt, Yvo, Shuang Hou, and Jean-Jacques Quisquater. 1998. Audio and Optical Cryptography. In K Ohta, and D Pei (eds.),
*ASIACRYPT’98, LNCS 1514*: 392-404. Berlin: Springer-Verlag. - Naor, M., and A. Shamir. 1995. Visual cryptography.
*Workshop on the Theory and Application of Cryptographic Techniques*, (950)1-12. - Petrauskiene, Vilma, and Loreta Saunoriene. 2017. Application of dynamic visual cryptography for optical control of chaotic oscillations.
*JVE INTERNATIONAL LTD. VIBROENGINEERING PROCEDIA*, (15)81-87.

The spectrum of dubious truth claims within the built environment spans from obvious fraud by unscrupulous developers, design firms, suppliers and contractors, to enthusiastic endorsements that overstate the qualities of a building development and raise expectations beyond the capability of the project to deliver.

I see this range of assertions that fall short of full truthfulness as the darker end of human society’s tendency to cultivate *expectations*, promises and hopes via its buildings, environments and artefacts. The philosopher Martin Heidegger called this capacity to anticipate “foreprojection.” Perception, interpretation and worldly engagement could not operate without it. Architecture participates in the cultivation and delivery of expectations, whether or not they are well founded. Most buildings, by their forms, imagery, arrangements, infrastructures, displays, screens, and the stories people tell, encourage expectations amongst visitors and occupants that resonate as true or false in varying degrees and for different communities. Architectural photography, models and imagery further encourage ambiguous and sometimes confounding expectations.

According to a critical reading, as well as revealing truths, built environments and their representations are capable of concealing truths and promoting falsehoods. They can obfuscate, camouflage and dissimulate — themes developed by scholars such as Roland Barthes as matters of overt and covert communications within socially constructed semiotic systems.

At least in the mainstream press, fact checking and truth telling starts with the assumption that lying deviates from the evidence of the senses and some correspondence with reality. I prefer *story-telling* as the starting position. Lying is not simply a deviation but is grounded in the age-old human propensity to tell stories.

Expectations and promises are delivered via stories, i.e. sets of assertions that interrelate to create an internally coherent narrative. Lies belong within categories of story telling that instil expectations that will never be met by experience, observation and evidence. See post: Rogue fan fiction: the peculiar case of QAnon.

Yuval Harari’s book *Sapiens: A Brief History of Humankind* foregrounds the human propensity to gossip, to tell stories about other people. By this theory, human language developed as a way of exchanging information about the world and surviving better through cooperation, but “the vast majority of human communication – whether in the form of emails, phone calls, or newspaper columns – is gossip.” (26).

That observation leads Harari to assert that the focus is usually on wrongdoing: “Rumour-mongers are the original fourth estate” (27), that is, the press. Subsequently he laud’s the unique human capacity to invent: “It’s the ability to transmit information about things that do not exist at all” (27).

It’s a short step in this story of cognitive evolution to recognise the significance of legends and myths, and the peculiar capability to classify some stories as true or false, and to reject, ignore or sanction the latter. For my interpretation of C.S. Peirce’s take on truth and evidence see post: Hunch, symptom, clue.

The way cities develop is typically a response to a range of pressures involving assertions that fall along complex spectra of truth and falsity reflecting different power interests and value systems in the city. In recent years the challenges posed by the ethics of promoting, marketing and procuring urban developments has played out on the world stage. The prominence of the narratives surrounding the US-based real estate company Trump Org brought the role of truthless story-telling into focus.

Due not least to the elevation of its Chief Executive Officer to the role of US President in 2016, the dubious ethical practices of one particular urban development company has elevated the challenges of truth and falsity in public discourse, to the extent that some have asserted we live in a post-truth era. See earlier post Is post-truth politics a thing?

The current peculiar falsehood by Trump and his supporters is that he won the 2020 presidential election, in spite of the certified vote count to the contrary.

Perhaps as therapy, I listen to the *Mea Culpa* podcast by Michael Cohen, Trump’s former “fixer” and now fierce detractor. Amongst his many criticisms, Cohen says Trump really knows nothing about real estate. What Trump does well is promote his brand. He’s a branding expert. The brand is now tarnished of course. In any case, branding flirts along the line between truth and falsity, and buildings are caught up in that.

- HMSO,
*Trade Descriptions Act Chapter 29*(1968), 3; “Policy Paper: Consumer Rights Act 2015,” Departmernt for Business, Energy and Industrial Strategy, 2015, accessed 7 June 2021, https://www.gov.uk/government/publications/consumer-rights-act-2015/consumer-rights-act-2015. - Martin Heidegger,
*Being and Time*, trans. John Macquarrie and Edward Robinson (London: SCM Press, 1962); Adrian Snodgrass and Richard Coyne,*Interpretation in Architecture: Design as a Way of Thinking*(London: Routledge, 2006). - Roland Barthes,
*Mythologies*, trans. Annette Lavers (London: Paladin, 1973). - Yuval Noah Harari,
*Sapiens: A Brief History of Humankind*(London: Penguin, 2011), 26.

- Image above is a model on display in the Dundee’s V&A Design Museum with the caption: “Early study model for Maggie’s Centre, Dundee 1999 designed by Frank Gehry. Frank Gehry’s concept for the first new-build Maggie’s Centre, in Dundee, brought the initiative to international attention. His design draws on traditional Scottish buildings and techniques with its white roughcast exterior and conical tower recalling Iron Age brochs (round drystone structures). These echoes are juxtaposed with a folded metal roof that glints in the sunshine. Inside, huge windows offer spectacular views across the River Tay. Foamcore, paper and tape. Maggie’s( on loan from Gehry Partners,L LP).”

I described the finite field translation of the graph in my previous post. Here’s the chart of

**y ^{2} mod 17 = (x^{3} – 2x + 2) mod 17**

showing values of **x** and **y** across four 17×17 frames. The chart extends indefinitely in all directions. Here I show in red the calculation for P + Q = R. The steps can all take place in just one frame (bottom left). As the red line leaves a frame it re-enters at the same point on the opposite side of the frame. That wrapping operation could repeat many times, depending on the size of the space traversed by the red line.

What is the red line? It’s a vector connecting two points added and projected in either direction until it meets (precisely) another cell in the field. The maths is straight forward geometry: calculate the slope of the vector, then test it against each point in the field to see if it is on the vector. Then find the point reflected across the mid axis of the frame. The process parallels the operations applied to the elliptic curve for addition.

Mark Hughes provides a very helpful explanation of the Diffie-Hellman Elliptic-Curve Key Exchange method with diagrams. I explored in a previous post (Sharing a secret number) a process by which two people might exchange a secret code number across the public Internet, assuming someone else might be listening in. Each of the two people communicating retains a private key that they don’t disclose to anyone. There’s also a public key that anyone can read, and will be instrumental in encrypting a message, but not decrypting it, unless they have the private key as well.

If you and I are to communicate in secret then we need to agree to use the same Elliptic curve, with the same parameters. We also pick a random point on the curve, i.e. a point in the finite field chart above. It will with certainty be an integer, and correspond with a point on the elliptic curve via the translation described in the previous post (Elliptic fields). (I’ll use Hughes’ nomenclature here.)

I choose a secret integer α. You choose β. I multiply the point G by itself α times, and you multiply the point G by itself β times.

We each arrive at new points A=αG, and B=βG that we exchange with one another.

Starting at the new points, we each multiply our new points by our own secret numbers using the field method described above to yield the secret message. Lest we think this process is easy to implement and/or codebreak by hand, Hughes reminds us:

“Remember that we used small numbers to make the process easier to understand. DHEC uses a publicly known equation with large coefficients and modulus, for example, curve1559, which might very well be securing your browser right now.

max: 115792089210356248762697446949407573530086143415290314195533631308867097853951

curve: y² = x³ + ax + b

a=115792089210356248762697446949407573530086143415290314195533631308867097853948

b= 41058363725152142129326129780047268409114441015993725554835256314039467401291

Summary

A great deal of modern cryptography is based upon the Diffie-Hellman exchange, which requires that two parties combine their messages with a shared secret that is difficult for a bad actor to deduce.

Elliptic-curve Diffie-Hellman allows microprocessors to securely determine a shared secret key while making it very difficult for a bad actor to determine that same shared key.”

The multipliers our computers choose for our private keys α and β will also be many digits long as will the coordinates of the initial point G, further securing the method.

- Hughes, Mark. 2019. How Elliptic Curve Cryptography Works.
*All About Circuits*, 26 June. Available online: https://www.allaboutcircuits.com/technical-articles/elliptic-curve-cryptography-in-embedded-systems/ (accessed 15 May 2021).

- The diagram of the grid above is my own interpretation of the process.

However, that kind of equivalence doesn’t apply in the case of the **mod** operation, i.e. dividing both sides of the equation by the same divisor and just leaving the remainder. **y mod 3 = 2x mod 3** is true for a different set of values for **x** and **y** than **y = 2x**. The graph of the relationship between **x** and **y** in the case of the mod variant will be different than for **y = 2x**, as I will show below for the elliptic curve.

Elliptic curve cryptography starts with more complex equations than **y = 2x**. As I explored in the post Elliptic trapdoors, elliptic curves follow a general formula **y ^{2} = x^{3} – ax + b**. (Such elliptic curves carry certain advantages, notably that you can perform repeated addition and scalar multiplication on values along the curve such that it’s very difficult to reverse the process to discover the starting values.) Here’s the curve for

**y ^{2} = x^{3} – 2x + 2**.

You can mod both sides of the elliptic curve equation by the same divisor. I’ve chosen 17 as the divisor arbitrarily.

**y ^{2} mod 17 = (x^{3} – 2x + 2) mod 17**

The **x** and **y** values that satisfy the equation will be different than in the case of the simple curve equation. Here’s what the left and right sides look like drawn via the Desmos Graphing Calculator web utility.

The graphs above show real numbers, i.e. include fractions. Mod calculations are useful for cryptography as they can deploy complex arithmetical operations that are always integers. 30 divided by 17 produces a real number 1.765, but 30 mod 17 is the integer 13. The mod of two integers added or multiplied is always an integer. The graph here shows the integer values for the left and right side of the equation **y ^{2} mod 17 = (x^{3} – 2x + 2) mod 17**.

The *vertical* axis on the left graph shows **y** values. The *horizontal* axis on the left graph are the results of the **y ^{2} mod 17** calculation. The

I’ve identified 3 arbitrary points on the left graph that yield the same results as 3 points on the right graph. The correspondences so established are shown with arrows in the graphs below. So if **x** = 10 and **y** = 8 that yields 13 = 13 via the formula. The full set of (x, y) points for which the formula holds true are (0, 6), (0, 11), (1, 1), (1, 16), (5, 7), (5, 10), (6, 6), (6, 11), (7, 5), (7, 12), (9, 4), (9, 13), (10, 8), (10, 9), (11, 6), (11, 11), (14, 7), (14, 10), (15, 7), (15, 10).

The grey squares in the chart below are the values for **x** and **y** where the left and right sides of the equation give the same integer value. I produced the chart via an Excel spreadsheet. I set it up to calculate for values for the **x** and **y** of each cell to find out whether **(x ^{3} – 2x + 2) mod 17** has the same value as

Calculations involving **x** and **y** beyond the mod value of 17 keep repeating. I’ve shown 4 repetitions here, but the chart extends indefinitely in either direction, including the negative direction. Only positive integer values are considered for **x** and **y** in this representation, as encryption usually only deploys positive integers. Note that due to this repetition the chart can be shown more economically as just one frame of dimensions 17 x 17, i.e. the mod value. Note also that Each 17 x 17 grid frame is symmetrical about a horizontal axis.

The interesting thing about the chart, described in standard texts as the “**elliptic curve over a finite field**,” is that it preserves some significant arithmetical properties of the elliptic curve such as arithmetical addition and scalar multiplication, while dealing only in integers.

I’ll address this property and how it pertains to cryptography in the post that follows. In the mean time, I’ll indulge my fascination with the spatial forms and diagrams for this kind of calculation.

The chart below shows the 2 values in the left and right of the equation for values of **x** and **y** for **y ^{2} mod 17 = (x^{3} – 2x + 2) mod 17** up to the value of 17. The equation is true only for the coordinates of the shaded cells.

The following charts show the patterns produced by using different mod divisors. They remind me of cellular automator diagrams, and perhaps suggest the potential for hidden messages, though I’ll explain the mechanism next time.

The algebra of mod calculations is not entirely intuitive, especially translating elliptic curves to a finite field. I’m happy to be corrected on any of this.

- Grau, Sascha. 2017. Elliptic Curves over Finite Fields. Available online: https://graui.de/code/elliptic2/ (accessed 12 May 2021).
- Raedy, Will. 2017. Elliptic Curve Cryptography Tutorial – Understanding ECC through the Diffie-Hellman Key Exchange.
*Fullstack Academy*, 8 August. Available online: https://www.youtube.com/watch?v=gAtBM06xwaw (accessed 9 May 2021).

The channel we are using for our communication is entirely public. Anyone can see what passes between us — like the Internet. Here’s the protocol.

- We both agree some arbitrary number and exchange that across the public network. One of us may decide on that number, or it could be chosen by a third party, or we may decide to use the number of today’s date. Let’s say that arbitrary number is 5. Algebraically I’ll call that G, G=5.
- We, or our computers, each independently make up a secret number (N). No one else will ever see or get to know that secret number except the originator, or their computer. I choose 4 as my secret number N = 4; you choose 2 as your secret number, N = 2.
- I, or my computer, raise the arbitrary number, 5, to the power of my secret number: G
^{N}= 5^{4}= 625. You do the same and calculate 5 to the power of your secret number 2, i.e. G^{N}= 5^{2}= 25. - We then transmit those numbers to each other across the public network.
- I take your number and raise it to the power of my secret number S = 25
^{4}= 390625 - You do same and raise the number I sent you to the power of your secret number S = 625
^{2}= 390625. So we now both have the same number (S_{combined}= 390625). So that value of S is going to be the key to some other encryption system, bank account PIN, door access, or gym locker.

Here’s what’s public and there to be exploited by a potential hacker:

- G: the shared arbitrary starting number, as a generator.
- The result of the calculation S = G
^{N}for each of us. - This protocol (method) for generating a shared secret key.

Here’s what’s ** not** shared with anyone

- N (for each of us)
- The result of the calculation G raised to the power of our secret numbers combined, which is now our shared secret key S
_{combined}.

There are clear vulnerabilities in this encryption system. It may work as a parlour game, or in a low risk context, or where the protocol isn’t known.

The hacker knows G and the G^{N} that each of us has just exchanged. Knowing those numbers means that N can be calculated easily

- 5
^{N}= 25 yields N = log_{5}(25) = 2 (your secret number) - 5
^{N}= 625 yields N = log_{5}(625) = 4 (my secret number)

Then it’s easy to raise G to the power of our secret numbers to reveal the shared secret key S_{combined}. So that method is extremely insecure. I’ve derived this explanation from a very helpful Elliptic Curve Cryptography Tutorial by Will Raedy. S = G^{N} is trivial to solve for N if you know S and G.

One way to make the codebreaking challenge harder is to introduce another factor, a divisor, p. If p = 7 and you divide that into another number, such as 25, then you’ll find that it divides exactly 3 times to make 21 with a remainder of 4. The remainder is called the *mod* of 25 and 7. That’s written as 25 mod 7 = 4. So it takes more computation to solve for N in the following, even if you know S, G and p. So what I transmit across the public channel is the value of S mod p, i.e. 4.

S = G^{N} mod p

In the example above we’ll agree on p = 7. That’s also public.

I transmit the result of

- S mod p = 5
^{4}mod 7 = 625 mod 7 = 2

You transmit the result of

- S mod p = 5
^{2}mod 7 = 25 mod 7 = 4

Someone intercepting the messages will have to iterate through a range of values that yield that remainder. Raedy says that’s like being told that an event starts at 12.00 and ends at 1.00 but you don’t know the number of days in between. Is it a one hour event, or 12+1 hours, 24+1 hours, etc?

Solving for N when the other parameters are known in **S = G ^{N} mod p** is called

- Raedy, Will. 2017. Elliptic Curve Cryptography Tutorial – Understanding ECC through the Diffie-Hellman Key Exchange.
*Fullstack Academy*, 8 August. Available online: https://www.youtube.com/watch?v=gAtBM06xwaw (accessed 9 May 2021).

A trapdoor is a one-way portal. You can go through it easily in one direction, but it’s difficult to come out again in the reverse direction. Turnstiles are like that. If it’s a horizontal door then it relies on gravity for the one-way function. It’s easy to fall through it into the cellar below, but harder to jump or climb your way out. It’s similar to the way hunters use pits to trap prey, and some insects lure prey into a one-way system from which there’s no escape except by herculean effort. Trapdoors associate with secrets and hiddenness. A stage magician will install a secret trapdoor under a magic box. The assistant falls through the secret door before the magician opens the lid to reveal the box is now empty.

Cryptographers use the trapdoor metaphor to describe their methods. It’s easy to encrypt a message, but has to be substantially more difficult to recover it without a special key, or escape route.

Some mathematical operations are difficult to undo, e.g. you can multiply 2 arbitrary prime numbers, but it’s much more difficult to factor the resultant into those two primes again. It’s easy to get the toothpaste out of the tube, but trying to get it back in only makes a mess.

The multiplication of prime numbers can be made even more difficult to un-multiply if you redefine multiplication. One method is to define addition in terms of geometrical relationships between points on a curved line. Scalar multiplication is just repeated addition. For this to work the curved line needs to have a relatively simple formula. It must also be possible to draw a straight line through two points on the curve that will only strike one other point on the same curve. Two points can be co-incident on the curve, in which case the straight line drawn from that point will be a tangent to the curve and will always be found to cross the curve at another point, or at infinity. These condition are met in the case of the curve **y**^{2} = **x**^{3} – **ax** + **b**.

This is the graph of the function **y**^{2} = **x**^{3} – **ax** + **b**, or **y** = (**x**^{3} – **ax** + **b**). I generated this curve using the very elegant maths function visualiser at https://www.desmos.com/calculator. I also saved an animation showing different values for a and b. (The function visualiser doesn’t calculate the negative y values so I had to do some image manipulation in Premiere Pro etc.)

Here’s how you **add** two points (P and Q) together. Draw a line through them. Where that line intersects the curve again drop another line to find that intersection point’s mirror reflection.

P, Q and R are each defined as x and y coordinates. Simple algebra calculates the x and y coordinates of R from the coordinates of P and Q and the curve formula. A point added to itself is simply the same operation but the straight line from P is a tangent to the curve.

To multiply P by an integer, say 4, involves adding 2P to P to produce 3P, then adding that to P again. 4P is also created by doubling 2P, i.e. drawing a tangent from 2P.

If the multiplication factor is * k*, then

It’s worth noting that if the elliptic curve is extended it tends towards a straight vertical line both above and below the x axis. You can see this by zooming out on the maths function visualiser.

This means that all straight lines in the additions and multiplications outlined above, and all tangents to the curve, will collide again with the curve somewhere along its length. The exception is the case where a line is perfectly vertical. In that case the product of the calculation is a point at infinity. That represents a limit point of the calculation.

This method of bouncing about a curve is a way of making a number ** k** almost impossible to recover, even if you know the other parameters. I’ll attempt to explain how this facilitates the Elliptic-curve Diffie–Hellman encryption method in subsequent posts.

- Pierce, Robert. 2014. Elliptic curve Diffie Hellman.
*YouTube*, 10 December. Available online: https://www.youtube.com/watch?v=F3zzNa42-tQ (accessed 8 May 2021). - Sullivan, Nick. 2013. A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography.
*The Cloudflare Blog*, 24 October. Available online: https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/ (accessed 6 May 2021).

- Banner image is the Olympic Pool, Stratford, UK by Zaha Hadid.

The procedure recounted in this and the previous post exploit this property of very large prime numbers. The property is used to generate two numbers: a public key number and a private key number. Sullivan says

“The takeaway is that you can take a number, multiply it by itself a number of times to get a random-looking number, then multiply that number by itself a secret number of times to get back to the original number.”

Person B wants to send person A a secret message and so asks A for A’s public encryption key. Person A transmits A’s public encryption key to B to facilitate this. Person B uses that public key information to encode a message according to the algorithm described below. Person A has the private key and can decode the message. Three items are transferred in sequence.

- B’s initial low security request for A’s public key.
- The public key transferred from A to B which is low risk. It doesn’t matter if hacker C intercepts that transfer and finds out what the public key is. All that would enable C to do at best is to encrypt a message; not to decrypt a message.
- The encrypted message from B to A which is secure. A can read this with the private encryption key. The message could only be read by C if C had the private key. The private key is never transmitted and stays with A.

These operations are of course invisible to the device user, and are the kinds of operations carried out by browser and server software in requesting and transmitting information securely across the Internet. Here’s the algorithm from the previous post for encrypting a message using prime numbers.

- choose
and*p*large primes*q* =*n*.*p**q*= (*z*-1).(*p*-1)*q*- choose
such that*e*<*e*and*n***z**mod**e**≠ 0 - choose large number
such that*d*<*d*and*n*.*d*mod*e*= 1*z* - transmit the public encryption key = [
,*n*]*e* - convert a text message to a number
*m* - convert
to encrypted form*m**c* =*c*mod*m*^{e}*n*

Sullivan notes that ** n** is a maximum value for

“We can make sure that the numbers we are dealing with do not get too large by choosing a maximum number and only dealing with numbers less than the maximum. We can treat the numbers like the numbers on an analog clock. Any calculation that results in a number larger than the maximum gets wrapped around to a number in the valid range.”

The following is the “reverse” operation for recovering the message.

- the recipient recovers the message
with the private encryption key [*c*,*n*]*d* =*m*mod*c*^{d}*n*

Codebreakers without the public key won’t know ** d**. If they could discover

This method of encryption is called RSA encryption after the three inventors, Ron Rivest, Adi Shamir, and Leonard Adleman (1977). The more recent (2004) ECC encryption method (Elliptic-curve cryptography) supports shorter keys and is more efficient for communications that involve mobile devices.

- Sullivan, Nick. 2013. A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography.
*The Cloudflare Blog*, 24 October. Available online: https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/ (accessed 6 May 2021).