1. Outline Secret communication Goal Definitions Examples Please read:
Steganography
Cryptography
Goal
Sender has message intended only for recipient. How to protect from detection or eavesdropping?
Definitions
Examples
Please read:
Chapter 1 in The Code Book

2. Steganography Secret message is hidden inside larger document How?
Microdotting
requires special equipment
Having this equipment makes you target of suspicion
Sprinkle the message into much larger area
Ex. Add a letter to every 7th page of a book
Slightly modify pixels of an image

3. Cryptography
Modify the message so that if it’s discovered, only the recipient can understand it.
A “cipher system” consists of the following:
Plaintext = the message you want to send/conceal
Ciphertext = what actually gets sent
Encryption and decryption functions
Each function requires a key
To encrypt a message, sender uses the encryption function: inputs are the encryption key and plaintext message.
Receiver decrypts the message: uses the decryption function: inputs are the decryption key & ciphertext.

4. Cryptography (2)
Cryptography is the science of developing good cipher systems
What encryption and decryption functions should we use?
What are good key values?
Should the keys be the same or different?
Cryptanalysis = trying to figure out plaintext from the ciphertext, when you don’t have the key
Who would want to do that?

5. Frequency analysis Top 10 letters Sources:
"Secret Codes and Cryptograms" by Elonka Dunin
Language 1 2 3 4 5 6 7 8 9 10
English E T A O N I S R H D
Spanish L C
French U
Russian V
Greek K

6. Text data How does the computer know if a variable contains a string?
s = "Bring me my bow of burning gold"
password = "123"
value = 123
How does the computer know if a variable contains a string?
All data is internally stored in binary.
We know how numbers look in binary √
Binary representation of characters? Two step process: First, we have to assign each symbol a number. Then, convert the number to binary.

7. ASCII code
To manipulate text, we need to treat each letter in a message like a number.
“American Standard Code for Information Interchange”
The letters A – Z are assigned the consecutive values 65 thru 90. Examples:
‘A’ + 10 = ‘K’
‘K’ – 10 = ‘A’
ASCII codes are also assigned for lowercase letters and all other symbols you can type

8. Caesar cipher
The key is a secret number from This number gets added to each letter.
Julius Caesar liked the number 3
How do you decrypt the message?
What happens if we add 3 to X, Y or Z?
Cryptanalysis: How does one try to “break” the code?
OAAW FTQ DAMEF UZ HUZQSMD

9. Encryption Simple methods of encryption Transposition Substitution
Better substitution methods
Important fact: the method you use might not be a secret, but the key must be!
Please read chapter 2 in Code Book

10. Transposition Change the order of the letters in our plaintext message
Easy approach: collect the odd # letters (1st, 3rd, 5th, 7th, …), then the even # letters (2nd, 4th, 6th, 8th, …).
In this case, we say that the period or key is 2.
Can try a larger key, which means a longer period.
Ex. Key = 4 means collect the 1st, 5th, 9th, 13th, … followed by the 2nd, 6th, 10th, 14th, etc.
In other words: Write your message in rows 4 letters long. Add Z’s to end to make last row complete. The ciphertext is obtained by reading columns down!

11. Substitution
Most cipher systems use substitution: instead of moving letters around, change each letter into a different symbol. We can get very creative!
Caesar cipher
Easy to use, but only 26 possible keys (including a bad one)
The general substitution cipher
Not restricted in merely shifting the alphabet
We have 26! keys instead of 26

12. continued
Instead of adding a constant to each letter, scramble the assignment more randomly
One problem is how to “remember” the key. The key is not a number, but the sequence of 26 letters.
Ex. Identify a key by the letters of some word or phrase. Cryptography, page 26: “we hope you enjoy this book” gives the key: wehopyunjtisbkacdfglmqrvxz
Cryptanalysis?
Newspapers have “cryptogram” puzzles
Uncover a weakness of substitution method
Even worse if the message is long

13. Improvements Nulls: cipher includes symbols/numbers that mean nothing
Misspell words: use unusual letters more often
Homophonic cipher: common letters can be represented by 1 of several possible values
Code words
Pure encoding means we encipher by words, not letters
Nomenclator: just encode certain words
Polyalphabetic cipher: use multiple ciphers and alternate. Useful to hide double letters

14. Chapter 2 Pinprick method Great Cipher of Louis XIV Vigenère cipher
Cryptanalysis
Book (Beale) cipher
Some implementation details
Caesar cipher
List of lists for homophonic ciphers
Try/except statement
Please read chapter 3 of Code Book

15. Early examples Pinprick method Great Cipher of Louis XIV
Long history from Ancient Greece… Victorian England
Is this steganography or cryptography?
Great Cipher of Louis XIV
Encode syllables
To thwart the cryptanalyst , also add cipher values for individual letters (even silent ones)
Backspace symbol to tell decrypter to delete previous symbol
Homophonic cipher 
E.g. Table on page 53

16. Cipher system recap
Caesar – add same number to each plaintext character
Transposition – place the plaintext into rows, read off the columns
Homophonic – Assign multiple possible values to more common letters; select them randomly
“Great” cipher – encode syllables
Polyalphabetic – Use more than one Caesar, alternate what numbers you add
Vigenère – A polyalphabetic cipher: the key is itself a word or phrase

17. Vigenère cipher Example of polyalphabetic cipher
Has the effect of using many Caesar ciphers simultaneously.
The key is a word or phrase
Cycle through the letters of the key, to tell you what should be added to the next plaintext letter
Repeat the key as often as needed.
If key = “DOG”: add 4, 15, 7, 4, 15, 7, 4, 15, 7, …
Considered unbreakable until mid 19th century.

18. Vigenère variations
When we “add” a letter from the key to a letter of plaintext, what exactly does this mean?
At least 3 possibilities
Letters A-Z represented as 
Letters A-Z represented as 0-25
Use ASCII code values
Just an implementation detail. The choice doesn’t matter as long as you are consistent.

19. Breaking Vigenère
Charles Babbage performed the cryptanalysis, to show this cipher is not perfectly secure
Look for repetitions of short letter sequences
How far apart are they?
Determine length of the key
Since Vigenère is several Caesar ciphers, do each pattern separately (1,6,11,16…) ; (2,7,12,17…); etc.
Compare statistical distribution of letters. Shift it over until it matches A-Z: shift amount is the key.

20. Book cipher
Reminiscent of homophonic cipher: each letter can be represented by 1 of several possible numbers
The key is a long document, e.g. hundreds of words
Number the words 1,2,3…
Take note of first letter of each word
E.g. (1)take (2)note (3)of (4)first (5)letter (6)of (7)each (8)word. In this case, ‘o’ may be enciphered by 3 or 6.

21. Python coding See handout for Caesar cipher example
In Python, we need to be able to:
Open files for reading and writing
Read entire file into a string variable
For each letter in the file, we need to perform arithmetic on it, before writing it to the output file
Obstacle: Need to convert string’s letter to a number so we can add/subtract; convert back to letter.
To do homophonic encoding…
Key is a list of lists! For each letter A-Z, specify what numbers could represent it.

22. Try / except statement
To get ready for lab, we need to understand how to gracefully handle abnormal run-time situations
General structure has 2 essential parts:
try: # put the risky code here
except <name of error>: # what we should do if error occurs
# remainder of program follows

23. Examples (handout)
Distribute pieces of candy among children. But what if # children is zero? (ZeroDivisionError)
Ask user for name of input file. What if it doesn’t exist? (FileNotFoundError)
Add 13 to user’s input number. But what if the user’s input is not a number? (ValueError)
Return 10th character from input string. What if it isn’t long enough? (IndexError)
You don’t have to memorize the type of error. How would we find out what it is?

24. Chapter 3 Review Python example Messages sent by radio
File I/O, loop on characters, change letters
Running the Caesar cipher
Messages sent by radio
Review polyalphabetic ciphers (Vigenère)
One time pad improvement
Please read Code Book, pp
covering Enigma

25. Radio technology No longer necessary to send message by
Line of sight
Messenger, mail
Physical wire
Enemy can just as easily hear your message
Increased demand for cryptography by WW1
1 more piece of information: traffic analysis
Can identify radio operators by how they tap Morse code
Take note of direction and strength of signal
Over time, deduce movement of battalions…

26. Polyalphabetic Vigenère cipher was good How does it work?
Babbage’s cryptanalysis
We know that the key needs to repeat while enciphering.
Look for repeated substrings in ciphertext  key length
Once you know key length, you have n Caesar ciphers. Check the letter frequency of each to see how much the alphabet “shifted”
But also possible to break even if key is very long & no substrings repeat
Example pp

27. continued Observations
Let’s assume that the key is a real word or phrase.
Trial & error in plaintext: find where “the” could be. See which locations yield possible words in key.
“can” and “ypt” are plausible, but “bsj” is not.
When you find letters in the key that form part of a word, fill in the remaining letters of the word, to see if more of the plaintext can be deciphered. We know the plaintext has to contain real words.
e.g. key fragment Egypt seems to work, but not apocalyptic
Once you have a word of the key, see if it’s part of a logical pattern, such as a list of countries.

28. Lesson To use a Vigenère cipher effectively, the key:
Should be long, so that repeated letters in ciphertext are not obvious or do not occur
Should consist of random letters, because real words make it breakable, as we just saw.
e.g. Inserting “the” at various places in the plaintext should not give clues about the key
The result is called a one-time pad
To get a really long key, you distribute a “code book” to your agents.
Japanese version: encode entire words. Instead of replacing with a random number, add to a random number

29. Random key helps
Cryptanalyst is forced to try all possible keys to see which one generates meaningful plaintext
But, many possible messages are possible.
E.g. if message length is 21, then all possible messages of size 21 will be found. Impossible to tell which one is “correct” because key does not have any clues.
3 problems with one-time pad
How to distribute it to the field, maintain security
How to create the random key
Too difficult to use under extreme conditions. In some cases, on a negative acknowledgement, people resend message in plaintext in frustration or desperation.

30. Improvements Lab recap Improvements to Vigenère cipher
We want a long, random key 
Doing it for Japanese
Automating the process: do it by machine
Enigma, Typex, SIGABA
Please finish chapter 4 in Code Book

31. String loop Let’s understand the loop we used in steganography
for i in range (0, len(text)):
if i % 100 == 0 and
i/100 < len(secretMessage):
outFile.write(secretMessage[i/100])
else:
outFile.write(text[i])
Let’s interpret this in English
For every 100 characters of “text” we write 1 letter of the secret message. Ex. What happens when i equals 700?

32. Japan’s code One-time pad (e.g. JN-25)
Dictionary table: convert each word to a 5-digit number
Additive table: add the next random number to each word
Preface the message by indicating where in additive table you are starting the encoding
Tables may be periodically changed.
Example: encryption code book.xlsx

33. Enigma Arthur Scherbius, 1918 Used by Germany through WW2
Commercial and military versions
Served as basis for other cipher machines
How to use
Set machine to today’s starting position
Has usual keyboard
As you type, display lights up the ciphertext letter, which you need to write down
As you type, scramblers rotate to next position, i.e. to next letter of the Vigenère “key”

34. Scrambler
Disk containing wires that connect each letter on keyboard with different ciphertext letter for display board.
You type “A”, may be connected to “D”
But then the scrambler rotates, so the next “A” may be connected to a different letter (p. 129)
Effect  Vigenère cipher with random key of length 26
Two scramblers
Effectively means we have two keys.
Plaintext + key1 + key2 = ciphertext
Like odometer, second scrambler rotates less often

35. Strength of cipher Enigma used 3 scramblers out of a possible 5
Length of key = 26 * 26 * 26
Number of scrambler choices = 5 * 4 * 3 = 60
(Similar American device “SIGABA” used 15 scramblers)
Plugboard
6 pairs of letters were swapped before entering scrambler
Ex. Change “A” to “B” before adding the cipher keys
This increases # of possible keys, making cryptanalysis more confusing
“Code book” tells operator what daily machine settings are

36. Chapter 4 Let’s review Vigenère, one-time-pad and Enigma
How do you break a Vigenère cipher?
Suppose you intercept a message from Brazil. It uses a Vigenère cipher. The ciphertext says TQX.
We don’t know the key! Can try all possibilities.
If key = AHZ, what is the plaintext?
If key = ZTI, what is the plaintext?
Breaking the unbreakable…
Exploit weaknesses in the implementation.
Look for mathematical patterns in rotors.
Consider the plugboard settings separately.

37. Enigma mechanized Vigenère Breaking the code
If you can mechanize enciphering, why not mechanize cryptanalysis?
Intelligence on how Germans used Enigma
The work of Marian Rejewski and Alan Turing

38. Breaking the code What skills are needed to be a cryptanalyst?
Prepare for the worst: The Germans might make your work in the future more difficult.
Day key and message key
Four messages today might begin like this
L and R are encryptions of the same letter, etc. L O K R G M V T X Z E J P D Y

39. Letter chains Look for patterns! Example: A  F  W  A
All letters belong to some chain
The length of the chain is a fingerprint of the scrambler settings for today.
We separate out the problem of the letter identity
Bombe: automatically try all 263 settings.
Plugboard? Look for words that are almost spelled right. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

40. German mistakes Repeating the message key
Not allowing a scrambler to be in the same position (left, middle, right) two days in a row
Plugboard cannot link 2 letters next to each other on keyboard
Predictable structure of message, time of message

41. Alan Turing Bletchley Park contributions Turing Machine
Extending the work of Rejewski
Relied on fact that weather reports start with word “wetter” and used this to deduce initial scrambler setting
But what if you are off by a couple of letters? Fortunately, more help from German constraints.
Turing Machine
He was interested in theoretical boundaries of what a computer could accomplish
Machine has: instructions, internal memory, tape
Turing proved that not all problems can be solved
Feed universal TM into a “contradictor” machine. If U says yes, D says no. But what if we feed D into itself?

42. By the numbers New flavor of cryptography: numbers
Transpose bits
“add” bits
Data encryption standard
Problem of sharing keys… solved!
Diffie-Hellman protocol
Please finish reading chapter 6 in Code Book

43. Binary
Computers represent all data, including text, in the form of binary numbers
p. 246: ASCII codes for capital letters
Cryptography can now be done at a minute level: manipulate individual bits
Transposition cipher
E.g. Every 3rd bit swaps with bit to its right
It’s possible the last bit of a letter swaps with first bit of the next letter

44. Vigenère in binary
If we adapt the Vigenère cipher to the binary representation of text, we get XOR cipher
Example p. 247
Line up the bits for the addition:
0 + 0 = = = = 1
In other words, if the bits are the same, result is 0. If bits differ, result is 1. There is no carry.
Data Encryption Standard
Performs many successive steps of transposition and XOR
Key length 56, later increased.

45. Key problem
One lingering problem since antiquity: how do 2 people share the key privately?
Need to coordinate in person periodically, or
Hire a trusted 3rd party to relay your keys
Expensive
Whitfield Diffie’s vision
People will need privacy online
Handling keys in person only is impractical
Is there a technological solution? Yes!
Collaborated with Martin Hellman and Ralph Merkle at Stanford

46. Math idea Some functions are 2-way (easy to undo)
We need a 1-way function (hard to undo) so that an eavesdropper cannot discover the key
The 1-way function they used was “mod” or remainder calculations.
Example, f(n) = 3n mod 19?
Given a value of n, calculating f(n) isn’t too hard.
But given a value of f(n), there is no obvious way to determine n except trial and error!
In practice, the “19” should be replaced by a much larger number.

47. Diffie - Hellman Method for 2 people to establish a private key 
Choose values p (prime) and q
Sender
chooses secret value a, and computes A = qa mod p
Sends A, p, q
Eavesdropper cannot easily determine a
Receiver
Chooses secret value b
Computes B = qb mod p and K = Ab mod p
Sends B back to sender, who can compute K = Ba mod p
Both methods of computing secret K are equivalent
Ab mod p = (qa)b mod p
Ba mod p = (qb)a mod p
q doesn’t have to be prime

48. Calculations Recap Diffie-Hellman protocol – what is it?
How to calculate something like qa mod p?
Asymmetric cipher system: RSA
Review chapter 6

49. “mod” properties (In Python, the symbol for mod is %)
x mod y is always less than y
If x < y, the answer is x.
If x is a multiple of y, the answer is 0.
The 10th day of the year is in which month?
What about the 20th day, the 40th, the 100th ? These are essentially mod calculations, except that the month lengths are not quite the same!
What time is it, 75 hours after midnight?

50. Asymmetric ciphers Perennial problem in cryptography: key security
One solution is Diffie-Hellman protocol
Diffie thought of another approach
Use separate keys for encrypting and decrypting (this is why it’s called asymmetric)
Each person has a public encryption key, and a private decryption key
These keys don’t need to change often
No messages need to be passed to compute value of keys. It can be arbitrary & predetermined.

51. Challenge What kind of math formula can support asymmetric ciphers?
Goal: we want secure decryption key, but publicly known encryption key.
RSA system
The key value N is the product of two large prime numbers N = pq
Given N, there is no algorithm, other than trial and error, for determining values of p and q.
Ideally, N should be very large, e.g. hundreds of digits.
See Appendix J.

52. RSA outline Alice Chooses secret primes p and q Computes N and M
Chooses public encryption key e, and private decryption key d.
Publishes N and e. Anyone wanting to send Alice a message uses these values.
Bob
Has a message x to send to Alice.
Uses x and Alice’s e to compute y. Sends y to Alice.
Uses d to decrypt y to reveal the plaintext.

53. RSA
Choose secret & distinct 512-bit random primes p and q (up to 155 digits!)
Let N = pq, and let M = (p – 1)(q – 1)
Choose public encryption key e: a value less than and relatively prime to M.
Message is x. Sender transmits: y = xe mod N
Choose private decryption key d: where ed mod M = 1
e and N are public; outsider should have a tough time factoring N to obtain p and q to determine d
Recipient converts: z = yd mod N which should equal x.
Rivest, Shamir, Adleman

54. Example Choose secret primes p,q N = pq; M = (p – 1)(q – 1)
Choose e < & relatively prime to M.
Message is x. Compute and send y = xe mod N
Pick private decrypt key d where ed mod M = 1
z = yd mod N, which should equal x.
p = 31, q = 41 N = 1271, M = 1200 e = 7 x = 12 y = 127 mod 1271 = 1047 d = 343 z = mod 1271 = 12 It works!

55. Practical considerations
What should the relationship between x and N be?
What if x is too large (and how can we tell)?
What if x is too small (and how can we tell)?
RSA assumes that x is a number.
How do we turn text/image/sound into a number, let alone a number having about 1000 bits?

56. Topics in secrecy “Perfect secrecy” Hash functions
Practical considerations
Piper chapters 7 and 9

57. Perfect secrecy
Purpose of cipher system is to protect you in case an eavesdropper finds your ciphertext
But, even presence of the message itself may be enough information for the enemy
Eve will try to guess plaintext even if no ciphtertext
Don’t be too predictable!

58. Advice
Very short message (e.g. 1 char) can’t be broken with any certainty
Try to have as many possible keys as possible messages. (key length >= message length)
Cryptography is just 1 facet of overall security
If you notice someone is trying to guess your PIN or password, how can you tell? What should happen?

59. Hash functions Many applications in CS
An efficient way to store lots of data, for easy retrieval later
Quickly determine whether data has become corrupted
Provide password security
It’s a 1-way function: used to encrypt passwords
When you enter your password, p, the system computes value of e(p)
Your correct password, c, is already stored in encrypted form e(c)
If e(p) == e(c), then you are “authenticated”

60. Hash functions (2) Why do it this way? One way to do it:
If password file is compromised, thief really has no information
If you lose your password, no one can retrieve it  very secure. In this case, a new password is generated
One way to do it:
Multiply first letter value by 3
Add 2nd letter value. Multiply answer by 3.
Add 3rd letter value. Multiply answer by 3. Continue…
At each point, take mod by a large prime ~ 1 billion

61. Hash functions (3)
Another purpose: provide digital fingerprint to a file
Associate with each file a single numerical value, like a serial number
For example, the file size
There is a slim chance that 2 files will map to the same number.
Quick way to determine if your files have been altered or damaged. Saves space.

62. Collisions
When using a hash function, it’s possible for two items (e.g. message/file) to have same hash value.
Two passwords might be treated the same, e(p1) versus e(p2).
Issues:
Do you want to design a hash function that will handle all collisions? Or, is it acceptable to have a tiny probability of collision?
Techniques to handle collision, e.g. add 1

63. Practical considerations
One-time pad & RSA are really good cipher systems
But only if used properly. 3 is not a good choice of a prime number.
Better security requires higher cost
More computational time, more memory may be needed
Questions to consider
Do you really need to encrypt it?
Is the information confidential forever, or might it become obsolete soon?
What is the cost of compromised data?

64. Breakability
Cryptanalysis often relies on “exhaustive key search.” What does this mean?
How does Moore’s Law relate?
What can an attacker do to speed up a search?
RSA & Diffie-Hellman rely on unsolvability of certain number theory problems
(we have faith in them)
But will someone discover short cuts?
We should be seeking out better 1-way functions just in case! Learn from history.

65. Uses Uses of cryptography For W, Please read last chapter (8) in Singh
It’s not just to thwart eavesdroppers
Data Integrity
Authenticating people or data
Non-repudiation
Examples in chapter 9
For W, Please read last chapter (8) in Singh
Lab today on RSA

66. Data integrity A hacker might not care what your message says
Wants to modify / corrupt it
Just encrypting your data won’t help
Need to
Recognize genuine data, unchanged from the source
Detect unauthorized access or change (security)
Preventing the attack might not be necessary
We have backups of the data

67. Attacker strategy Look for a long file/message to decrypt
Cryptanalysis
Once you discover the key, insert your own message in the original’s place
How to make attacker’s job harder:
During the message, modify the key so that it depends on an earlier part of the message
In effect, you are sending several messages, each with different keys

68. Authentication “How do I know it’s from you?”
2 types: for “entities” and data
Ways to authenticate users:
Something known (password)
Something possessed (physical key/token/file)
Intrinsic property (retina, static IP address)
1-way & 2-way authentication
When you set up your account, you can ask bank to always display some message when it asks for password
Fake login scams

69. Data integrity A sends message to B. (p. 95)
B wants to be assured data hasn’t been altered.
B wants to verify it really came from A, not someone else.
Some encryption algorithm is used as the “authentication function,” with a key
Both A & B share a secret key – very common in cryptography
Can be set up ahead of time or with Diffie-Hellman
A computes message’s authentication value, and appends it to message
B performs same computation for verification

70. Digital signature Data integrity with extra feature: proof of origin
Sender can’t later deny sending message!
In ordinary authentication, an imposter could have used Diffie-Hellman to pretend being A.
DS relies on sender’s public and private keys
The two keys are mathematically related
Sender must use private key to compute the message’s digital signature (analogous to authentication value)
Receiver uses sender’s public key to verify origin
Why is the message “hashed”?

71. Attacker strategy
Impersonating you: “Hey, I just changed my public key.”
Computes new public and private key, and claims they belong to you, so he really looks like you online
Can now perform digital signatures just like they came from you
Response: 3rd party trust
Your public key needs to be verified by a Certification Authority, known to your Web browser and the receiver of your message.
E.g. Verisign

72. Case Study: ATM Features both privacy and data integrity
Attacker’s plans
Impersonate you
Intercept communication to bank
Alter amount of money bank knowing
Duplicating transaction without bank knowing

73. E-commerce What are the relationships among: Other things to consider:
Client (i.e. you)
Server
Bank
Certification authority
Other things to consider:
How to set up your own online business
The steps of a secure session
Authentication
Digital signature

74. Setting it up You have products to sell Create a Web site
Subscribe for Web hosting, acquire HW/SW as needed
Need accounts with a bank, and individual credit card merchant accounts, PayPal, etc.
Subscribe to SSL service
E.g. Verisign is now owned by Symantec
Maintain database of transactions
E.g. individual purchases

75. Secure Web session Here’s one way to do it.
Client wants to buy goods on server’s secure site.
Server sends its public key & authentication certificate to client.
Client’s Web browser verifies certificate with CA
Client uses RSA with server’s public key to encrypt DES key. Send to server.
Server uses own RSA-private key to decrypt DES key.
Now, both parties can communicate with DES.

76. Notes Why not just use RSA for everything?
DES is much faster. We just use RSA to communicate the DES key.
Client & server have “agreed” on a key, but we did not use Diffie-Hellman.
DES key was chosen by the client, sent to server securely.
Diffie-Hellman by itself can’t authenticate.
Authentication goes both ways
CA verifies server identity to client (you).
Bank verifies client (you) to the server.

77. Digital signature A closely related concept using RSA
Purpose: verify sender & integrity of message
Useful when resolving disputes: non-repudiation
When A sends message to B
Message  private key  D.S.
Append D.S. to the message
B receives message (with D.S.) from A
Separate the D.S. from body of the message.
D.S.  public key  output
Verify that the output matches the message.
(To save time, the message is usually “hashed”)