Cryptography

1
Cryptography

• Cryptography
• Terminology
• Secret-Key Encryption
• Public-Key Encryption

2
Insecure communications
Confidential
3

Cryptographic Protocols

• Messages should be transmitted to destination
• Only the recipient should see it
• Only the recipient should get it
• Proof of the senders identity
• Message shouldnt be corrupted in transit
• Message should be sent/received once only

4
Terminology

• Plaintext (cleartext) a message in its original
  form
• Ciphertext (cyphertext) an encrypted message
• Encryption transformation of a message to hide
  its meaning
• Cipher cryptographic algorithm. A mathematical
  function used for encryption (encryption
  algorithm) and decryption (decryption algorithm).

5
Terminology

• Decryption recovering meaning from ciphertext
• Cryptography art and science of keeping messages
  secure
• Cryptanalysis art and science of breaking
  ciphertext
• Cryptology study of both cryptography and
  cryptanalysis

6
Encryption and Decryption
Plaintext
Ciphertext
Plaintext
Encryption
Decryption
7
Conventional (Secret Key) Cryptosystem
Plaintext
Ciphertext
Plaintext
Encryption
Decryption
Sender
Recipient
K
CE(K,M) MD(K,C)
K needs secure channel
8
Public Key Cryptosystem
Recipients public Key (Kpub)
Recipients private Key (Kpriv)
Plaintext
Ciphertext
Plaintext
Encryption
Decryption
Sender
Recipient
CE(Kpub,M) MD(Kpriv,C)
Kpub needs reliable channel
9
Cryptanalysis

• Cryptanalysts goal
• Break message
• Break key
• Break algorithm

10
Secret Key Cryptosystem Vulnerabilities (1

• Passive Attacker (Eavesdropper)
• Obtain and/or guess key and cryptosystem use
  these to decrypt messages
• Capture text in transit and try a ciphertext-only
  attack to obtain plaintext.

11
Secret Key Cryptosystem Vulnerabilities

• Active Attacker
• Break communication channel (denial of service)
• Obtain and/or guess key and cryptosystem and use
  these to send fake messages

12
Inherent Weaknesses of Symmetric Cryptography

• Key distribution must be done secretly (difficult
  when parties are geographically distant, or don't
  know each other)
• Need a key for each pair of users
• n users need n(n-1)/2 keys
• If the secret key (and cryptosystem) is
  compromised, the adversary will be able to
  decrypt all traffic and produce fake messages

13
Basic Encryption Techniques

• Substitution
• Permutation
• Combinations and iterations of these

14
Caesar cipher

• CE(K,M), e.g., C(Mn) mod 26
• plaintext placement A B C D E
• ciphertext placement A B C D E F
• e.g., MCAB
• C ECD
• Advantages simple to implement
• Disadvantages easy to break

15
Simple Alphabetic Substitution

• Assign a new symbol to each plain text symbol
  randomly, e.g.,
• C ?K, A ?H, B ? L

• MCAB
• C KHL
• Advantages large key space 26!
• Disadvantages trivially broken for known
  plaintext attack

16
One-Time Pad

• Perfect Secrecy!
• Large, non-repeating set of keys
• Key is larger than the message
• Advantages immune to most attacks
• Disadvantages
• Need total synchronization
• Need very long, non-repeating key
• Key cannot be reused

17
Summary of Substitution

• Advantages
• Simple
• Easy to encrypt
• Disadvantages
• Easy to break!!!

18
Transposition

• Letters of the message are rearranged
• Break patterns, e.g., columnar transposition
• Plaintext this is a test!
• t h i s
• i s a t tiehssiatst!
• e s t !
• Advantages easy to implement
• Disadvantages
• Trivially broken for known plaintext attack
• Easily broken for cipher only attack

19
Cryptanalysis

• Rearrange the letters
• Digrams, Trigrams, Patterns
• Frequent digrams -re-, -th-, -en-, -ed-,
• Cryptanalysis
• Compute letter frequencies ? subst. or perm.
• Compare strings of ciphertext to find reasonable
  patterns (e.g., digrams)
• Find digram frequencies

20
Data Encryption Standards DES
21
Data Encryption Standard

• Mathematics to design strong product ciphers is
  classified
• Breakable by exhaustive search on 56-bit key size
  for known plaintext, chosen plaintext and chosen
  ciphertext attacks
• Security computational complexity of computing
  the key under the above scenarios (22 hours)

22
Data Encryption Standard (DES)

• DES is a product cipher
• 56 bit key size
• 64 bit block size for plaintext and cipher text
• Developed by IBM and adopted by NIST with NSA
  approval
• Encryption and decryption algorithms are public
  but the design principles are classified

23
DES Controversies

• Key size 56 bits threshold of allowing
  exhaustive-search known plaintext attack
• Built in trapdoor allegations
• The US Senate Select Committee of Intelligence
  exonerated NSA from tampering with the design of
  DES in any way

24
Advanced Encryption Standards AES
25
Advanced Encryption Standard (AES) Motivations

• Replacement of DES
• Known vulnerabilities
• Broken by exhaustive key search attack
• Triple DES secure but slow
• Need new standard that is
• Secure practical cryptanalysis, resist known
  attacks
• Cost effective
• Easy to implement (software, hardware) and
  portable
• Flexible

26
Advanced Encryption Standard (AES)

• Federal Information Processing Standard (FIPS) to
  be used by U.S. Government organizations
• Effective since May 26, 2002
• Replaces DES (triple DES remains)
• Rijndael (Rhine Dhal) algorithm (Joan Daemen
  and Vincent Rijmen)

27
Rijndael Algorithm

• Chosen for security, performance, efficiency,
  ease of implementation, and flexibility
• Block cipher (variable block and key length)
• Block size 128, 192, 256 bits
• Key size 128, 192, 256 bits

28
Hash FunctionsLecture 8
29
Hash Functions

• Hash function h maps an input x of arbitrary
  length to a fixed length output h(x)
  (compression)
• Given h and x, h(x) is easy to compute (ease of
  computation)

30
Hash Functions

• Message digest
• Used for authenticity and integrity purposes
• Algorithms
• SHA-1MD2,MD4,
• MD5

31
MD5 Message Digest Algorithm

• Input of arbitrary length
• Output 128 bits
• Block size 512 bits

32
Public Key Encryption
33
Public-Key Encryption

• Two keys one is private one is public
• Solves the key distribution problem (but need
  reliable channel)
• Provides electronic signatures
• Slower than secret-key encryption

34
Public-Key Encryption

• Needed for security
• One of the keys must be kept secret
• Impossible (at least impractical) to decipher
  message if no other information is available
• Knowledge of algorithm, one of the keys, and
  samples of ciphertext must be insufficient to
  determine the other key

35
Public Key Cryptosystem
Insecure channel
Plaintext
Ciphertext
Plaintext
Encryption Alg.
Decryption Alg.
B Recipient
A Sender
Bs private key
Bs public key
(need reliable channel)
36
Public Key Cryptosystem

• Concept conceived by Diffie and Hellman in 1976
• Rivest, Shamir, and Adleman (RSA) describe a
  public key system in 1978
• Many proposals have been broken
• e.g., Merkle-Hellman proposal broken by Shamir
• Serious candidates (public domain)
• RSA
• El Gamal

37
Notation

• C E(KE-B, M)
• M D(KD-B,C)
• KE-B public key of B
• KD-B private key of B
• E encryption alg.
• D decryption alg.
• M plaintext
• C ciphertext

38
RSA

• Public key (n,e)
• Secret key (n,d)
• n is a 200 digit number
• C Me mod n
• M Cd mod n

39
RSA

• Both sender and receiver know n
• Sender knows e
• Only receiver knows d
• Need
• Find values e,d,n s.t.
• Easy to calculate Me, Cd for all M lt n
• Infeasible to determine d give e

Med mod n M mod n
40
RSA Keys

• Generation of public and private keys
• Choose 2 large (100 digit) numbers p and q
• Compute n pq
• Choose e relatively prime to ?(n) (p-1)(q-1)
• Compute d such that ed 1 mod (p-1)(q-1)
• Publish (n,e)
• Secret (n,d), p, q

41
RSA versus DES

• RSA kilobits/second
• DES megabits/second
• ?
• DES is about 100 times faster than RSA
• RSA used for secure exchange of DES keys

42
RSA versus DES

• Key size
• RSA selected by user
• (usually n is 154 digit (512 bits) so key is
  1024 bits)
• DES 64 bits (56 effective)

43
Digital Signatures in RSA

• RSA Property encryption and decryption are
  commutative
• Encryption followed by decryption yields the
  original message
• (Me mod n)d mod n M
• Decryption followed by encryption yields the
  original message
• (Md mod n)e mod n M
• Cryptosystems that preserve message length have
  this property

44
Digital Signatures in RSA
Insecure channel
Sign
Verify
Plaintext
Signed plaintext
Plaintext
Encryption Alg.
Decryption Alg.
B
A
As public key
As private key
(need reliable channel)
45
Signature and Encryption
B
Encrypted Signed Plaintext
A
Signed Plaintext
Signed Plaintext
Plaintext
Plaintext
D
E
D
E
Bs public key
As public key
Bs private key
As private key
46
Signature and Encryption

• We could do the encryption first, followed by the
  signature.
• Adv. signature first parties, other than B can
  verify the signature
• DES can be used for encryption

47
Non-repudiation

• Requires notarized signature, involving a third
  party
• Large system hierarchies of notarization