Upload
byron-anthony
View
226
Download
0
Embed Size (px)
Citation preview
Cryptography 1Cryptography 1
CS432CS432
OverviewOverview
What is cryptography and cryptology?What is cryptography and cryptology? The main components of a crypto system.The main components of a crypto system. Problems solved by cryptography.Problems solved by cryptography. Basic concepts: symmetric cryptography, Basic concepts: symmetric cryptography,
asymmetric cryptography, digital asymmetric cryptography, digital signatures.signatures.
Types of algorithms and related concepts.Types of algorithms and related concepts.
Cryptography and CryptologyCryptography and Cryptology EncryptionEncryption: transformation of intelligible, : transformation of intelligible,
understandable information into unintelligible form to understandable information into unintelligible form to disguise its meaning and intent from intruders. disguise its meaning and intent from intruders.
Decryption:Decryption: The inverse transformation of encrypted The inverse transformation of encrypted information into intelligible forminformation into intelligible form
Both encryption and decryption are based on keys. It Both encryption and decryption are based on keys. It should be difficult or impossible to decrypt a message should be difficult or impossible to decrypt a message without knowing the key. without knowing the key.
CryptographyCryptography: encryption + decryption.: encryption + decryption. Cryptanalysis:Cryptanalysis: analyzing encrypted information with the analyzing encrypted information with the
intent of recovering the original plain information, without intent of recovering the original plain information, without knowing the key. knowing the key.
CryptologyCryptology: cryptography + cryptanalysis. : cryptography + cryptanalysis.
The Encryption and Decryption The Encryption and Decryption ProcessProcess
The encryption modelThe encryption model
The major components of a crypto The major components of a crypto system (the model)system (the model)
Plain text: Plain text: the original message before encryption.the original message before encryption. Encryption AlgorithmEncryption Algorithm: the algorithm used to transform : the algorithm used to transform
the plaintext into unintelligible form (the cipher text).the plaintext into unintelligible form (the cipher text). The cipher textThe cipher text: the encrypted text.: the encrypted text. Encryption keyEncryption key: the encryption process is always based : the encryption process is always based
on a key.on a key. Decryption AlgorithmDecryption Algorithm: used to transforms cipher text : used to transforms cipher text
back to plaintext.back to plaintext. The Decryption keyThe Decryption key: the key used in the decryption : the key used in the decryption
process. process.
All algorithms must be public; only the keys are secret. All algorithms must be public; only the keys are secret.
Intruders and CryptanalysisIntruders and Cryptanalysis It is assumed that there is an It is assumed that there is an intruderintruder
who listens to all communications and who listens to all communications and he may copy or delete any messagehe may copy or delete any message An An active intruder active intruder modifies some modifies some
messages and re-inserts themmessages and re-inserts them A A passive intruder passive intruder just listensjust listens
To decrypt a message without having To decrypt a message without having a key, an intruder practices the art of a key, an intruder practices the art of cryptanalysiscryptanalysis
What Does Cryptography Solve?What Does Cryptography Solve?
Confidentiality Confidentiality Ensure that nobody can get knowledge of what you transfer even if Ensure that nobody can get knowledge of what you transfer even if
listening to the whole conversationlistening to the whole conversation Integrity Integrity
Ensure that message has not been modified during the Ensure that message has not been modified during the transmissiontransmission
Authenticity Authenticity You can verify that you are talking to the entity you think you are You can verify that you are talking to the entity you think you are
talking totalking to IdentityIdentity
You can verify who is the specific individual behind that entityYou can verify who is the specific individual behind that entity Non-repudiationNon-repudiation
The individual behind that asset cannot deny being associated with The individual behind that asset cannot deny being associated with itit
Symmetric EncryptionSymmetric Encryption
““An introduction An introduction to cryptography”to cryptography”
““AxCvGsmWe#4^,AxCvGsmWe#4^,sdgfMwir3:dkJeTssdgfMwir3:dkJeTsY8R\s@!q3%”Y8R\s@!q3%”
““An introduction An introduction to cryptography”to cryptography”
Clear-text inputClear-text input Clear-text outputClear-text outputCipher-textCipher-text
Same keySame key(shared secret)(shared secret)
EncryptionEncryption DecryptionDecryption
DESDES DESDES
Asymmetric EncryptionAsymmetric Encryption
““An introduction An introduction to cryptography”to cryptography”
““Py75c%bn&*)9|Py75c%bn&*)9|fDe^bDzjF@g5=fDe^bDzjF@g5=&nmdFgegMs”&nmdFgegMs”
““An An introduction to introduction to cryptography”cryptography”
Clear-text InputClear-text Input Clear-text OutputClear-text OutputCipher-textCipher-text
Different keysDifferent keys
EncryptionEncryption DecryptionDecryption
RSARSARSARSA
Asymmetric EncryptionAsymmetric Encryption
Things to remember about asymmetric keys:Things to remember about asymmetric keys: The relation between the two keys is unknown and from one The relation between the two keys is unknown and from one
key you cannot gain knowledge of the other, even if you key you cannot gain knowledge of the other, even if you have access to clear-text and cipher-texthave access to clear-text and cipher-text
The two keys are interchangeable. All algorithms make no The two keys are interchangeable. All algorithms make no difference between public and private key. When a key pair difference between public and private key. When a key pair is generated, any of the two can be public or privateis generated, any of the two can be public or private
g$5knvMd’rkg$5knvMd’rkvegMs”vegMs”
Clear Clear texttext
?EncryptionEncryption
Example: ConfidentialityExample: Confidentiality
DifferentDifferent keys keys
Recipient’s Recipient’s public keypublic key
Recipient’s Recipient’s private keyprivate key
privatprivatee
publicpublic
EncryptionEncryption DecryptionDecryption
““An An introduction to introduction to cryptography”cryptography”
““Py75c%bn&*)9|Py75c%bn&*)9|fDe^bDzjF@g5=fDe^bDzjF@g5=&nmdFgegMs”&nmdFgegMs”
““An An introduction to introduction to cryptography”cryptography”
Clear-text InputClear-text Input Clear-text OutputClear-text OutputCipher-textCipher-text
Example: AuthenticityExample: Authenticity
DifferentDifferent keys keys
Sender’s Sender’s public keypublic key
Sender’s Sender’s private keyprivate key
privatprivatee
publicpublic
EncryptionEncryption DecryptionDecryption
““An introduction An introduction to cryptography”to cryptography”
““Py75c%bn&*)9|Py75c%bn&*)9|fDe^bDzjF@g5=fDe^bDzjF@g5=&nmdFgegMs”&nmdFgegMs”
““An introduction An introduction to cryptography”to cryptography”
Clear-text InputClear-text Input Clear-text OutputClear-text OutputCipher-textCipher-text
Creating a Digital SignatureCreating a Digital Signature
3kJfgf*£$&3kJfgf*£$&Py75c%bnPy75c%bn
This is the This is the document document created by created by GianniGianni
Message or FileMessage or File Digital SignatureDigital SignatureMessage DigestMessage Digest
Calculate a short message Calculate a short message digest from even a long input digest from even a long input using a one-way message using a one-way message digest function (hash)digest function (hash)
Signatory's Signatory's private keyprivate key
privpriv
GenerateGenerateHashHash
SHA, MD5SHA, MD5
AsymmetricAsymmetricEncryptionEncryption
RSARSA
This is the This is the document document created by created by AhmedAhmed 3kJfgf*£$&3kJfgf*£$&
SignedSignedDocumentDocument
(Typically 128 bits)(Typically 128 bits)
Verifying a Digital SignatureVerifying a Digital Signature
This is the This is the document document created by created by AhmedAhmed
3kJfgf*£$&3kJfgf*£$&
SignedSignedDocumentDocument
Py75c%bnPy75c%bn
Message DigestMessage DigestGenerateGenerate
HashHash
Gianni's public keyGianni's public key(from certificate)(from certificate)
AsymmetricAsymmetricDecryptionDecryption
pubpub
DigitalDigitalSignatureSignature
Py75c%bnPy75c%bn
? Compare ?? Compare ?
Classification of CiphersClassification of Ciphers
Substitution ciphersSubstitution ciphers Cesar’s cipherCesar’s cipher Affine transformation ciphersAffine transformation ciphers
Transposition ciphersTransposition ciphers One-time padOne-time pad Block ciphersBlock ciphers Exponentiation ciphersExponentiation ciphers
RSARSA
Substitution CiphersSubstitution Ciphers
Each symbol is replaced by another symbol (Example: Each symbol is replaced by another symbol (Example: with Latin alphabet, in with Latin alphabet, in monoalphabetic substitutionmonoalphabetic substitution, the key , the key is a 26-letter string that represents the substituting is a 26-letter string that represents the substituting permutation of the alphabet, so 26! keys are available)permutation of the alphabet, so 26! keys are available)Case studyCase study: : Caesar cipher (A -> D, B -> E, C->F, …Z->C )Caesar cipher (A -> D, B -> E, C->F, …Z->C ), , oror
ord (s) = [ord(s) + 3] mod 26. ord (s) = [ord(s) + 3] mod 26.
LettersLetters are packed in equal blocks to prevent cryptanalysis are packed in equal blocks to prevent cryptanalysis based on the word lengthbased on the word length
Case Study: Cesar’s CipherCase Study: Cesar’s Cipher
Plaintext: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Ciphertext: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
THIS MESSAGE IS TOP SECRET THISM ESSAG EISTO PSECR ET
19 7 8 18 12 | 4 18 18 0 6 | 4 8 18 19 14 | 15 18 4 2 17 | 4 19|
22 10 11 21 15 | 7 21 21 3 9 | 7 11 21 22 17 | 18 21 7 5 20 | 7 22
WKLVP HVVDJ HLVWR SVHFU HW
Substitution Ciphers
Substitution ciphers are easy to break with a relatively small amount of ciphertext, using statistical properties of the language (frequency of letters, bigrams, trigrams, etc.)
A Cryptanalysis Example A Cryptanalysis Example
Letter A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Frequency 7 1 3 4 13 3 2 3 8 <1 <1 4 3 8 7 3 <1 8 6 9 3 1 1 <1 2 <1
The frequencies of occurrence of letters in English text:
Letter A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Frequency 1 0 4 5 1 3 0 0 0 1 0 1 1 1 0 7 2 2 2 3 0 0 1 2 3 2
Analysis of the frequencies of occurrence of letters in the ciphertext:
Ciphertext: YFXMP CESPZ CJTDF DPQFW QZCPY NTASP CTYRX PDDLR PD
(Suppose, we know that shift transformation cipher was used)
Guess: P(7) = E(13) => 15 = 4 + k (mod 26) => k = 11.
Plaintext: NUMBE RTHEO RYISU SEFUL FOREN CIPHE RINGM ESSAG ES
(NUMBER THEORY IS USEFUL FOR ENCIPHERING MESSAGES)
Transposition CipherTransposition Cipher All symbols are reordered according to a All symbols are reordered according to a
permutation specified by the keypermutation specified by the key
Example: Example: WISPER WISPER the keythe key—must have no repeated symbols—must have no repeated symbols 6253 14 6253 14 the relative order of each symbol in the the relative order of each symbol in the
keykey
“ “CIS IS THE BEST COLLEGE IN TOWN”CIS IS THE BEST COLLEGE IN TOWN”
C I S I S TC I S I S T
H E B E S TH E B E S T
C O L L E GC O L L E G
E I N T O W E I N T O W plaintextplaintext is written in is written in rowsrows of the key’s of the key’s sizesize
N x x x x x N x x x x x the last row is the last row is paddedpadded
1 2 3 4 5 61 2 3 4 5 6 SOXLEIEEGTTHUTTMNY SOXLEIEEGTTHUTTMNY (ciphertext is written in columns (ciphertext is written in columns
permuted in the order of key’s symbols)permuted in the order of key’s symbols)
Transposition ciphers can also be broken by guessing the key size and using statistical analysis when the cryptanalyst knows that it is a transposition cipher.
Transposition CiphersTransposition CiphersC I S I S TC I S I S TH E B E S TH E B E S TC O L L E GC O L L E GE I N T O W E I N T O W plaintextplaintext is written in is written in rowsrows of the key’s of the key’s sizesizeN x x x x x N x x x x x the last row is the last row is paddedpadded
WISPERWISPER6253 146253 14
SIITSCSIITSCSEETBHSEETBHEOLGLCEOLGLCOITWNEOITWNEXXXXXNXXXXXN
Cipher Text: SSEOX IEOIX IELTX TTGWX SBLNX CHCENCipher Text: SSEOX IEOIX IELTX TTGWX SBLNX CHCEN
Any bit sequence the size of plaintext can be a key. Each bit of Any bit sequence the size of plaintext can be a key. Each bit of plaintext is XOR-ed with the corresponding bit of the key to plaintext is XOR-ed with the corresponding bit of the key to produce a bit of the ciphertextproduce a bit of the ciphertext
One-Time Pad CiphersOne-Time Pad Ciphers
001111
110000
1100(XOR)(XOR)+
EK DK=
)()( xyyxyx Plaintext: 001110011010010110
Key: 100100100111110110Ciphertext: 101010111101100000
Example:
One-time Pad is unbreakable; however key distribution is a big problem…
Block Ciphers (Affine Transformation)Block Ciphers (Affine Transformation)
Key:Key: AA is a square integer matrix of order is a square integer matrix of order n n
such that (|such that (|AA|, 26) = 1|, 26) = 1 BB is an is an n-n-vector of integersvector of integers
The ciphertext is split into blocks of The ciphertext is split into blocks of length length n; n; the last block is paddedthe last block is padded
For each blockFor each block PP, , computecompute C = (AP + B) (mod 26)C = (AP + B) (mod 26)
Exponentiation CiphersExponentiation CiphersGiven:Given: p p is a primeis a prime The The key, key, e e > 0> 0 satisfies: satisfies: (e, p-1) = 1(e, p-1) = 1
Plaintext: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
1. Group the resulting numbers into blocks of 2m decimal digits, where m is the largest even integer such that the decimal value of each block is less than p
2. For each plaintext block, P, compute a ciphertext block C = Pe(mod p)
3. To decipher, find d such that de ≡ 1 (mod p-1) and compute P = Cd(mod p)Cd ≡ Ped P ≡ Pk(p-1)+1 ≡ [P (p-1)]kP ≡ P (mod p) (By Fermat’s Little Theorem)
Exponentiation Ciphers: An ExampleExponentiation Ciphers: An Example p = 2633;p = 2633; the key the key e = 29; (e, p-1) = (29, 2632) e = 29; (e, p-1) = (29, 2632)
= 1;= 1; Block length is 4 (Block length is 4 (m=2)m=2)
Plaintext: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
THIS IS AN EXAMPLE OF AN EXPONENTIATION CIPHER
1907 0818 0818 0013 0423 0012 1511 0414 0500 1304 2315 1413 0413 1908 0019 0814 1302 0815 0704 1723
190729 ≡ 2199 (mod 2633)
2199 1745 1745 1206 2437 2425 1729 1619 0935 0960 1072 1541 1701 1553 0735 2064 1351 1794 1841 1459
d = 2269
2269*2622 ≡ 1 (mod 2622)
21992269 ≡ 1907 (mod 2633)
One Immediate Application: One Immediate Application: The Diffie-Hellman AlgorithmThe Diffie-Hellman Algorithm
Problem: Establish common keys (for symmetric cryptography) to be used by two individuals so that intruders cannot discover them in a feasible amount of computer time.
Let • p be a large prime• a be an integer relatively prime to p
These are known to all!
Pick k1 relatively prime to p-1
pypay k 11 0),(mod1
Pick k2 relatively prime to p-1
pypay k 22 0),(mod2
pKpapyK kkk 0),(mod)(mod 212
1pKpapyK kkk 0),(mod)(mod 121
2 =
A Simple Example of a DH A Simple Example of a DH ExchangeExchange
p =17a = 2
k1 = 3
8)17(mod8)(mod11 pay k
k2 = 5
15)17(mod32)(mod22 pay k
9)17(mod32768)(mod2
1 pyK k9)17(mod3375)(mod1
2 pyK k
=
Modern Modern SymmetricSymmetric-Key Algorithms-Key Algorithms
Combine transpositions and Combine transpositions and substitutions and cascade them to substitutions and cascade them to make the algorithms very complex (to make the algorithms very complex (to prevent cryptanalysis even when large prevent cryptanalysis even when large amounts of ciphertext are available)amounts of ciphertext are available)
Often use Often use blockblock ciphersciphers
ED KK
4-bit transposition (T)
SSSS
SSSS
SSSSTT
SS
TT
SS
TT
Cascading into a product
4 to 2 encoder
2-bit substitution (S)
T
2 to 4 decoder
Some Common Symmetric-Key Some Common Symmetric-Key Cryptographic AlgorithmsCryptographic Algorithms
(after A. Tanenbaum)(after A. Tanenbaum)
CipherCipher Key size (bits)Key size (bits) CharacteristicsCharacteristics
RijndaelRijndael 128-256128-256 BestBest
Triple DESTriple DES 168168 Second bestSecond best
Serpent, TwofishSerpent, Twofish 128-256128-256 Very strongVery strong
IDEAIDEA 128128 Good (but patented)Good (but patented)
RC5RC5 128-256128-256 Good (but patented)Good (but patented)
RC4RC4 1-20481-2048 Some keys are weakSome keys are weak
DESDES 5656 WeakWeak
Public-Key CryptographyPublic-Key Cryptography
A (public key, private key) pairA (public key, private key) pair Publish the public key (= encryption key)Publish the public key (= encryption key) Keep the private key (= decryption key) secretKeep the private key (= decryption key) secret
Two essential requirements:Two essential requirements:1) 1) 2) It is 2) It is very hard (very hard (i.e,i.e, computationally infeasible) computationally infeasible)
to obtain fromto obtain from To send a message To send a message MM to you, I send to you, I send You decrypt it, obtaining: You decrypt it, obtaining:
EK
DK
.))(( MMKK ED
IKK ED
DK EK);(MKE
RSA (Rivest, Shamir, Adleman)RSA (Rivest, Shamir, Adleman)
Parameters: Parameters: p, q, n, z, d, ep, q, n, z, d, e Choose, large (1024 bits) Choose, large (1024 bits) primesprimes: : p, qp, q Compute Compute n = pq, z = φ(n) = (p-1)(q-1)n = pq, z = φ(n) = (p-1)(q-1) Choose the Choose the exponent exponent ee relatively prime to relatively prime to z z Find Find d:d: ed ed ≡ ≡ 1(mod z)1(mod z)
Keys: Keys: publicpublic,, ((ee, n), n); ; privateprivate, , ((dd, n), n); ; Encryption and decryption:Encryption and decryption:
Brake the plaintext into Brake the plaintext into largest equal even-digit blockslargest equal even-digit blocks ( (PP) ) shortershorter than than nn bitsbits
Encrypt each blockEncrypt each block P P by computing by computing C = E(P) C = E(P) ≡≡ P Pee (mod n) (mod n)
Decrypt Decrypt C C by computing by computing D(C) D(C) ≡≡ C Cdd (mod n) (mod n) ≡ ≡ PPed ed (mod n) (mod n) ≡ ≡ PPkkφ(n)+1φ(n)+1
(mod n) (mod n) ≡ ≡ PPkkφ(n)φ(n) P(mod n) P(mod n) ≡ ≡ P(mod n) P(mod n) Euler’s Theorem:
If n > 0 and e and d are integers, such that (a, m) = 1, then aφ(m) ≡ 1 (mod m).
The probability that P and n are not relatively prime is extremely low!
RSA: An ExampleRSA: An Example p = 43, q=59; n = 43*59 = 2357; p = 43, q=59; n = 43*59 = 2357; φ(n) = 42*58 φ(n) = 42*58
=2436=2436
Exponent e = 13; (e, Exponent e = 13; (e, φ(n)φ(n) ) = (13, 42*58) = 1;) = (13, 42*58) = 1; Block length is 4Block length is 4
Plaintext: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
PUBLIC KEY CRYPTOGRAPHY
1520 0111 0802 1004 2402 1724 1519 1406 1700 1507 2423
152013 ≡ 95 (mod 2537)
0095 1648 1410 1299 0811 2333 2132 0370 1185 1457 1084
937* 13 ≡ 1 (mod 2436)
0095937 ≡ 1520 (mod 2537)
d = 937
E(P) ≡ Pe (mod n)
P ≡ Cd (mod n)
Public key: (13, 2357)
Private key: (937, 2357)
Properties of RSAProperties of RSA
The algorithm is secure because of the difficulty of The algorithm is secure because of the difficulty of factoring factoring N. N. Factoring a 500-digit number should Factoring a 500-digit number should take 10take 1025 25 years using a CPU with 1 microsecond years using a CPU with 1 microsecond instruction timeinstruction time
Encryption and decryption are inverse and Encryption and decryption are inverse and commutative (an important property for commutative (an important property for digital digital signaturessignatures))
The algorithm is slow (compared to DES and other The algorithm is slow (compared to DES and other symmetric algorithms with much shorter keys)symmetric algorithms with much shorter keys)
RSA may be prohibitively slow when dealing with large blocks of data. It is typically used for one-time session key distribution for a symmetric-key algorithm (such as triple-DES)