Cryptography 1 CS432. Overview What is cryptography and cryptology? The main components of a crypto system. Problems solved by cryptography. Basic

Cryptography 1Cryptography 1

CS432CS432

OverviewOverview

What is cryptography and cryptology?What is cryptography and cryptology? The main components of a crypto system.The main components of a crypto system. Problems solved by cryptography.Problems solved by cryptography. Basic concepts: symmetric cryptography, Basic concepts: symmetric cryptography,

asymmetric cryptography, digital asymmetric cryptography, digital signatures.signatures.

Types of algorithms and related concepts.Types of algorithms and related concepts.

Cryptography and CryptologyCryptography and Cryptology EncryptionEncryption: transformation of intelligible, : transformation of intelligible,

understandable information into unintelligible form to understandable information into unintelligible form to disguise its meaning and intent from intruders. disguise its meaning and intent from intruders.

Decryption:Decryption: The inverse transformation of encrypted The inverse transformation of encrypted information into intelligible forminformation into intelligible form

Both encryption and decryption are based on keys. It Both encryption and decryption are based on keys. It should be difficult or impossible to decrypt a message should be difficult or impossible to decrypt a message without knowing the key. without knowing the key.

CryptographyCryptography: encryption + decryption.: encryption + decryption. Cryptanalysis:Cryptanalysis: analyzing encrypted information with the analyzing encrypted information with the

intent of recovering the original plain information, without intent of recovering the original plain information, without knowing the key. knowing the key.

CryptologyCryptology: cryptography + cryptanalysis. : cryptography + cryptanalysis.

The Encryption and Decryption The Encryption and Decryption ProcessProcess

The encryption modelThe encryption model

The major components of a crypto The major components of a crypto system (the model)system (the model)

Plain text: Plain text: the original message before encryption.the original message before encryption. Encryption AlgorithmEncryption Algorithm: the algorithm used to transform : the algorithm used to transform

the plaintext into unintelligible form (the cipher text).the plaintext into unintelligible form (the cipher text). The cipher textThe cipher text: the encrypted text.: the encrypted text. Encryption keyEncryption key: the encryption process is always based : the encryption process is always based

on a key.on a key. Decryption AlgorithmDecryption Algorithm: used to transforms cipher text : used to transforms cipher text

back to plaintext.back to plaintext. The Decryption keyThe Decryption key: the key used in the decryption : the key used in the decryption

process. process.

All algorithms must be public; only the keys are secret. All algorithms must be public; only the keys are secret.

Intruders and CryptanalysisIntruders and Cryptanalysis It is assumed that there is an It is assumed that there is an intruderintruder

who listens to all communications and who listens to all communications and he may copy or delete any messagehe may copy or delete any message An An active intruder active intruder modifies some modifies some

messages and re-inserts themmessages and re-inserts them A A passive intruder passive intruder just listensjust listens

To decrypt a message without having To decrypt a message without having a key, an intruder practices the art of a key, an intruder practices the art of cryptanalysiscryptanalysis

What Does Cryptography Solve?What Does Cryptography Solve?

Confidentiality Confidentiality Ensure that nobody can get knowledge of what you transfer even if Ensure that nobody can get knowledge of what you transfer even if

listening to the whole conversationlistening to the whole conversation Integrity Integrity

Ensure that message has not been modified during the Ensure that message has not been modified during the transmissiontransmission

Authenticity Authenticity You can verify that you are talking to the entity you think you are You can verify that you are talking to the entity you think you are

talking totalking to IdentityIdentity

You can verify who is the specific individual behind that entityYou can verify who is the specific individual behind that entity Non-repudiationNon-repudiation

The individual behind that asset cannot deny being associated with The individual behind that asset cannot deny being associated with itit

Symmetric EncryptionSymmetric Encryption

““An introduction An introduction to cryptography”to cryptography”

““AxCvGsmWe#4^,AxCvGsmWe#4^,sdgfMwir3:dkJeTssdgfMwir3:dkJeTsY8R\s@!q3%”Y8R\s@!q3%”


Clear-text inputClear-text input Clear-text outputClear-text outputCipher-textCipher-text

Same keySame key(shared secret)(shared secret)

EncryptionEncryption DecryptionDecryption

DESDES DESDES

Asymmetric EncryptionAsymmetric Encryption


““Py75c%bn&*)9|Py75c%bn&*)9|fDe^bDzjF@g5=fDe^bDzjF@g5=&nmdFgegMs”&nmdFgegMs”

““An An introduction to introduction to cryptography”cryptography”

Clear-text InputClear-text Input Clear-text OutputClear-text OutputCipher-textCipher-text

Different keysDifferent keys


RSARSARSARSA

Asymmetric EncryptionAsymmetric Encryption

Things to remember about asymmetric keys:Things to remember about asymmetric keys: The relation between the two keys is unknown and from one The relation between the two keys is unknown and from one

key you cannot gain knowledge of the other, even if you key you cannot gain knowledge of the other, even if you have access to clear-text and cipher-texthave access to clear-text and cipher-text

The two keys are interchangeable. All algorithms make no The two keys are interchangeable. All algorithms make no difference between public and private key. When a key pair difference between public and private key. When a key pair is generated, any of the two can be public or privateis generated, any of the two can be public or private

g$5knvMd’rkg$5knvMd’rkvegMs”vegMs”

Clear Clear texttext

?EncryptionEncryption

Example: ConfidentialityExample: Confidentiality

DifferentDifferent keys keys

Recipient’s Recipient’s public keypublic key

Recipient’s Recipient’s private keyprivate key

privatprivatee

publicpublic






Example: AuthenticityExample: Authenticity

DifferentDifferent keys keys

Sender’s Sender’s public keypublic key

Sender’s Sender’s private keyprivate key

privatprivatee

publicpublic






Creating a Digital SignatureCreating a Digital Signature

3kJfgf*£$&3kJfgf*£$&Py75c%bnPy75c%bn

This is the This is the document document created by created by GianniGianni

Message or FileMessage or File Digital SignatureDigital SignatureMessage DigestMessage Digest

Calculate a short message Calculate a short message digest from even a long input digest from even a long input using a one-way message using a one-way message digest function (hash)digest function (hash)

Signatory's Signatory's private keyprivate key

privpriv

GenerateGenerateHashHash

SHA, MD5SHA, MD5

AsymmetricAsymmetricEncryptionEncryption

RSARSA

This is the This is the document document created by created by AhmedAhmed 3kJfgf*£$&3kJfgf*£$&

SignedSignedDocumentDocument

(Typically 128 bits)(Typically 128 bits)

Verifying a Digital SignatureVerifying a Digital Signature

This is the This is the document document created by created by AhmedAhmed

3kJfgf*£$&3kJfgf*£$&

SignedSignedDocumentDocument

Py75c%bnPy75c%bn

Message DigestMessage DigestGenerateGenerate

HashHash

Gianni's public keyGianni's public key(from certificate)(from certificate)

AsymmetricAsymmetricDecryptionDecryption

pubpub

DigitalDigitalSignatureSignature

Py75c%bnPy75c%bn

? Compare ?? Compare ?

Classification of CiphersClassification of Ciphers

Substitution ciphersSubstitution ciphers Cesar’s cipherCesar’s cipher Affine transformation ciphersAffine transformation ciphers

Transposition ciphersTransposition ciphers One-time padOne-time pad Block ciphersBlock ciphers Exponentiation ciphersExponentiation ciphers

RSARSA

Substitution CiphersSubstitution Ciphers

Each symbol is replaced by another symbol (Example: Each symbol is replaced by another symbol (Example: with Latin alphabet, in with Latin alphabet, in monoalphabetic substitutionmonoalphabetic substitution, the key , the key is a 26-letter string that represents the substituting is a 26-letter string that represents the substituting permutation of the alphabet, so 26! keys are available)permutation of the alphabet, so 26! keys are available)Case studyCase study: : Caesar cipher (A -> D, B -> E, C->F, …Z->C )Caesar cipher (A -> D, B -> E, C->F, …Z->C ), , oror

ord (s) = [ord(s) + 3] mod 26. ord (s) = [ord(s) + 3] mod 26.

LettersLetters are packed in equal blocks to prevent cryptanalysis are packed in equal blocks to prevent cryptanalysis based on the word lengthbased on the word length

Case Study: Cesar’s CipherCase Study: Cesar’s Cipher

Plaintext: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

Ciphertext: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

THIS MESSAGE IS TOP SECRET THISM ESSAG EISTO PSECR ET

19 7 8 18 12 | 4 18 18 0 6 | 4 8 18 19 14 | 15 18 4 2 17 | 4 19|

22 10 11 21 15 | 7 21 21 3 9 | 7 11 21 22 17 | 18 21 7 5 20 | 7 22

WKLVP HVVDJ HLVWR SVHFU HW

Substitution Ciphers

Substitution ciphers are easy to break with a relatively small amount of ciphertext, using statistical properties of the language (frequency of letters, bigrams, trigrams, etc.)

A Cryptanalysis Example A Cryptanalysis Example

Letter A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Frequency 7 1 3 4 13 3 2 3 8 <1 <1 4 3 8 7 3 <1 8 6 9 3 1 1 <1 2 <1

The frequencies of occurrence of letters in English text:

Letter A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Frequency 1 0 4 5 1 3 0 0 0 1 0 1 1 1 0 7 2 2 2 3 0 0 1 2 3 2

Analysis of the frequencies of occurrence of letters in the ciphertext:

Ciphertext: YFXMP CESPZ CJTDF DPQFW QZCPY NTASP CTYRX PDDLR PD

(Suppose, we know that shift transformation cipher was used)

Guess: P(7) = E(13) => 15 = 4 + k (mod 26) => k = 11.

Plaintext: NUMBE RTHEO RYISU SEFUL FOREN CIPHE RINGM ESSAG ES

(NUMBER THEORY IS USEFUL FOR ENCIPHERING MESSAGES)

Transposition CipherTransposition Cipher All symbols are reordered according to a All symbols are reordered according to a

permutation specified by the keypermutation specified by the key

Example: Example: WISPER WISPER the keythe key—must have no repeated symbols—must have no repeated symbols 6253 14 6253 14 the relative order of each symbol in the the relative order of each symbol in the

keykey

“ “CIS IS THE BEST COLLEGE IN TOWN”CIS IS THE BEST COLLEGE IN TOWN”

C I S I S TC I S I S T

H E B E S TH E B E S T

C O L L E GC O L L E G

E I N T O W E I N T O W plaintextplaintext is written in is written in rowsrows of the key’s of the key’s sizesize

N x x x x x N x x x x x the last row is the last row is paddedpadded

1 2 3 4 5 61 2 3 4 5 6 SOXLEIEEGTTHUTTMNY SOXLEIEEGTTHUTTMNY (ciphertext is written in columns (ciphertext is written in columns

permuted in the order of key’s symbols)permuted in the order of key’s symbols)

Transposition ciphers can also be broken by guessing the key size and using statistical analysis when the cryptanalyst knows that it is a transposition cipher.

Transposition CiphersTransposition CiphersC I S I S TC I S I S TH E B E S TH E B E S TC O L L E GC O L L E GE I N T O W E I N T O W plaintextplaintext is written in is written in rowsrows of the key’s of the key’s sizesizeN x x x x x N x x x x x the last row is the last row is paddedpadded

WISPERWISPER6253 146253 14

SIITSCSIITSCSEETBHSEETBHEOLGLCEOLGLCOITWNEOITWNEXXXXXNXXXXXN

Cipher Text: SSEOX IEOIX IELTX TTGWX SBLNX CHCENCipher Text: SSEOX IEOIX IELTX TTGWX SBLNX CHCEN

Any bit sequence the size of plaintext can be a key. Each bit of Any bit sequence the size of plaintext can be a key. Each bit of plaintext is XOR-ed with the corresponding bit of the key to plaintext is XOR-ed with the corresponding bit of the key to produce a bit of the ciphertextproduce a bit of the ciphertext

One-Time Pad CiphersOne-Time Pad Ciphers

001111

110000

1100(XOR)(XOR)+

EK DK=

)()( xyyxyx Plaintext: 001110011010010110

Key: 100100100111110110Ciphertext: 101010111101100000

Example:

One-time Pad is unbreakable; however key distribution is a big problem…

Block Ciphers (Affine Transformation)Block Ciphers (Affine Transformation)

Key:Key: AA is a square integer matrix of order is a square integer matrix of order n n

such that (|such that (|AA|, 26) = 1|, 26) = 1 BB is an is an n-n-vector of integersvector of integers

The ciphertext is split into blocks of The ciphertext is split into blocks of length length n; n; the last block is paddedthe last block is padded

For each blockFor each block PP, , computecompute C = (AP + B) (mod 26)C = (AP + B) (mod 26)

Exponentiation CiphersExponentiation CiphersGiven:Given: p p is a primeis a prime The The key, key, e e > 0> 0 satisfies: satisfies: (e, p-1) = 1(e, p-1) = 1


00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

1. Group the resulting numbers into blocks of 2m decimal digits, where m is the largest even integer such that the decimal value of each block is less than p

2. For each plaintext block, P, compute a ciphertext block C = Pe(mod p)

3. To decipher, find d such that de ≡ 1 (mod p-1) and compute P = Cd(mod p)Cd ≡ Ped P ≡ Pk(p-1)+1 ≡ [P (p-1)]kP ≡ P (mod p) (By Fermat’s Little Theorem)

Exponentiation Ciphers: An ExampleExponentiation Ciphers: An Example p = 2633;p = 2633; the key the key e = 29; (e, p-1) = (29, 2632) e = 29; (e, p-1) = (29, 2632)

= 1;= 1; Block length is 4 (Block length is 4 (m=2)m=2)


00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

THIS IS AN EXAMPLE OF AN EXPONENTIATION CIPHER

1907 0818 0818 0013 0423 0012 1511 0414 0500 1304 2315 1413 0413 1908 0019 0814 1302 0815 0704 1723

190729 ≡ 2199 (mod 2633)

2199 1745 1745 1206 2437 2425 1729 1619 0935 0960 1072 1541 1701 1553 0735 2064 1351 1794 1841 1459

d = 2269

2269*2622 ≡ 1 (mod 2622)

21992269 ≡ 1907 (mod 2633)

One Immediate Application: One Immediate Application: The Diffie-Hellman AlgorithmThe Diffie-Hellman Algorithm

Problem: Establish common keys (for symmetric cryptography) to be used by two individuals so that intruders cannot discover them in a feasible amount of computer time.

Let • p be a large prime• a be an integer relatively prime to p

These are known to all!

Pick k1 relatively prime to p-1

pypay k 11 0),(mod1

Pick k2 relatively prime to p-1

pypay k 22 0),(mod2

pKpapyK kkk 0),(mod)(mod 212

1pKpapyK kkk 0),(mod)(mod 121

2 =

A Simple Example of a DH A Simple Example of a DH ExchangeExchange

p =17a = 2

k1 = 3

8)17(mod8)(mod11 pay k

k2 = 5

15)17(mod32)(mod22 pay k

9)17(mod32768)(mod2

1 pyK k9)17(mod3375)(mod1

2 pyK k

=

Modern Modern SymmetricSymmetric-Key Algorithms-Key Algorithms

Combine transpositions and Combine transpositions and substitutions and cascade them to substitutions and cascade them to make the algorithms very complex (to make the algorithms very complex (to prevent cryptanalysis even when large prevent cryptanalysis even when large amounts of ciphertext are available)amounts of ciphertext are available)

Often use Often use blockblock ciphersciphers

ED KK

4-bit transposition (T)

SSSS

SSSS

SSSSTT

SS

TT

SS

TT

Cascading into a product

4 to 2 encoder

2-bit substitution (S)

T

2 to 4 decoder

Some Common Symmetric-Key Some Common Symmetric-Key Cryptographic AlgorithmsCryptographic Algorithms

(after A. Tanenbaum)(after A. Tanenbaum)

CipherCipher Key size (bits)Key size (bits) CharacteristicsCharacteristics

RijndaelRijndael 128-256128-256 BestBest

Triple DESTriple DES 168168 Second bestSecond best

Serpent, TwofishSerpent, Twofish 128-256128-256 Very strongVery strong

IDEAIDEA 128128 Good (but patented)Good (but patented)

RC5RC5 128-256128-256 Good (but patented)Good (but patented)

RC4RC4 1-20481-2048 Some keys are weakSome keys are weak

DESDES 5656 WeakWeak

Public-Key CryptographyPublic-Key Cryptography

A (public key, private key) pairA (public key, private key) pair Publish the public key (= encryption key)Publish the public key (= encryption key) Keep the private key (= decryption key) secretKeep the private key (= decryption key) secret

Two essential requirements:Two essential requirements:1) 1) 2) It is 2) It is very hard (very hard (i.e,i.e, computationally infeasible) computationally infeasible)

to obtain fromto obtain from To send a message To send a message MM to you, I send to you, I send You decrypt it, obtaining: You decrypt it, obtaining:

EK

DK

.))(( MMKK ED

IKK ED

DK EK);(MKE

RSA (Rivest, Shamir, Adleman)RSA (Rivest, Shamir, Adleman)

Parameters: Parameters: p, q, n, z, d, ep, q, n, z, d, e Choose, large (1024 bits) Choose, large (1024 bits) primesprimes: : p, qp, q Compute Compute n = pq, z = φ(n) = (p-1)(q-1)n = pq, z = φ(n) = (p-1)(q-1) Choose the Choose the exponent exponent ee relatively prime to relatively prime to z z Find Find d:d: ed ed ≡ ≡ 1(mod z)1(mod z)

Keys: Keys: publicpublic,, ((ee, n), n); ; privateprivate, , ((dd, n), n); ; Encryption and decryption:Encryption and decryption:

Brake the plaintext into Brake the plaintext into largest equal even-digit blockslargest equal even-digit blocks ( (PP) ) shortershorter than than nn bitsbits

Encrypt each blockEncrypt each block P P by computing by computing C = E(P) C = E(P) ≡≡ P Pee (mod n) (mod n)

Decrypt Decrypt C C by computing by computing D(C) D(C) ≡≡ C Cdd (mod n) (mod n) ≡ ≡ PPed ed (mod n) (mod n) ≡ ≡ PPkkφ(n)+1φ(n)+1

(mod n) (mod n) ≡ ≡ PPkkφ(n)φ(n) P(mod n) P(mod n) ≡ ≡ P(mod n) P(mod n) Euler’s Theorem:

If n > 0 and e and d are integers, such that (a, m) = 1, then aφ(m) ≡ 1 (mod m).

The probability that P and n are not relatively prime is extremely low!

RSA: An ExampleRSA: An Example p = 43, q=59; n = 43*59 = 2357; p = 43, q=59; n = 43*59 = 2357; φ(n) = 42*58 φ(n) = 42*58

=2436=2436

Exponent e = 13; (e, Exponent e = 13; (e, φ(n)φ(n) ) = (13, 42*58) = 1;) = (13, 42*58) = 1; Block length is 4Block length is 4


00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

PUBLIC KEY CRYPTOGRAPHY

1520 0111 0802 1004 2402 1724 1519 1406 1700 1507 2423

152013 ≡ 95 (mod 2537)

0095 1648 1410 1299 0811 2333 2132 0370 1185 1457 1084

937* 13 ≡ 1 (mod 2436)

0095937 ≡ 1520 (mod 2537)

d = 937

E(P) ≡ Pe (mod n)

P ≡ Cd (mod n)

Public key: (13, 2357)

Private key: (937, 2357)

Properties of RSAProperties of RSA

The algorithm is secure because of the difficulty of The algorithm is secure because of the difficulty of factoring factoring N. N. Factoring a 500-digit number should Factoring a 500-digit number should take 10take 1025 25 years using a CPU with 1 microsecond years using a CPU with 1 microsecond instruction timeinstruction time

Encryption and decryption are inverse and Encryption and decryption are inverse and commutative (an important property for commutative (an important property for digital digital signaturessignatures))

The algorithm is slow (compared to DES and other The algorithm is slow (compared to DES and other symmetric algorithms with much shorter keys)symmetric algorithms with much shorter keys)

RSA may be prohibitively slow when dealing with large blocks of data. It is typically used for one-time session key distribution for a symmetric-key algorithm (such as triple-DES)

Documents

Cryptography 1 CS432. Overview What is cryptography and cryptology? The main components of a crypto system. Problems solved by cryptography. Basic