ECE578 #1 Spring 2010 © 2000-2010, Richard A. Stanley ECE578: Cryptography 1. Introduction Professor Richard A. Stanley, P.E

Spring 2010© 2000-2010, Richard A. Stanley

ECE578 #1

ECE578: Cryptography

1. Introduction

Professor Richard A. Stanley, P.E.


ECE578 #2

Organizational Details

• Prof. Stanley contact information– Office: Atwater-Kent 303, WPI campus (but

rarely there)– Hours: by appointment before class, here– Phone: (508) 269-6482– Email: [email protected]


ECE578 #3

Administrivia• Class will normally meet 5:00 - 9:00 PM every Monday

here and at the remote locations. Please be on time.

• Class will end promptly; I am unable to stay after 9:00. If we need to meet, please come before class or schedule another meeting time.

• We will hold 10 classes, including exams; cancellations will be announced in advance (except weather)

• We will take a breaks approximately halfway through the class


ECE578 #4

Course Text

• Douglas Stinson, Cryptography: Theory and Practice, Third Edition (Discrete Mathematics and Its Applications). Chapman & Hall/CRC, 2002.

• Additional material will be in the form of handouts


ECE578 #5

Course Web Page

• http://ece.wpi.edu/courses/ee578/

• Slides will be posted to the page before class, barring any unfortunate problems


ECE578 #6

Policies

• Homework is due at the class following the one in which it is assigned. It will be accepted--with a one grade penalty--up to the second class after that in which it is assigned, but not after that, except in truly emergency situations. By definition, emergencies do not occur regularly.

• There is a difference between working in teams and submitting the same work. If work is a team product, it must be clearly labeled as such.


ECE578 #7

Elements of the Course• Assignments: There will be weekly assignments,

which will be graded• Presentation: At the end of the course, student

teams will present a report prepared on a cryptography-related subject. The presentation should be well-prepared and should give an overview of a special topic in cryptography (e.g. eCash, wireless security, SSL, biometric authentication systems etc.).

• Examinations: There will be a written examination that will cover all topics discussed in class. The questions will range from mild to hard.


ECE578 #8

Research Projects

• Teams of 3-5 individuals per project

• Research a cryptographically-related topic

• Prepare a report on the research

• Present findings– Note: a presentation is not the report copied

into PowerPoint


ECE578 #9

Grading

• Grade components– Course exams (35%)– Homework (20%)– Class participation (10%)– Course project (35%)


ECE578 #10

Syllabus

• Basic Definitions and Terminology

• Stream Ciphers• Block Ciphers • DES and AES• Modes of

Operation • Public Key

Cryptography

• RSA • Elliptic Curve

Cryptosystems• Public Key

Infrastructure • Certificates• Applications


ECE578 #11

Encryption

• A means for rendering plain language text (cleartext) into recoverable gibberish (ciphertext)– Classical usage since antiquity

• We will see that cryptographic techniques are also useful for providing other assurances as to message security– e.g., authentication


ECE578 #12

Encryption Primer• Cryptography = “secret writing”

– From the Greek, kryptos graphos

• Input = plaintext• Output = ciphertext• Ciphertext = plaintext + key (in general)

– Intention is that the cipher text be unintelligible to an eavesdropper

• Two basic types of cipher– Symmetric– Asymmetric


ECE578 #13

Problem Areas

• Languages have well-known statistics– E.g., “e” is most common letter in English– This can be exploited for cryptanalysis

• The only way to achieve true security is to make the ciphertext appear as random as possible


ECE578 #14

Relative Frequencies of Letters in English Language Text


ECE578 #15

Generic Cryptosystem

Cryptographic System

Plaintext Ciphertext

Key

Objective: Make the ciphertext as random as possible


ECE578 #16

Overview of the Cryptology Field


ECE578 #17

Types of Cryptosystems

• Symmetric key– Used since times B.C.E. to today– Also called private key, which has become

confusing

• Asymmetric key– Invented in 1976– Also called public key systems

• Hybrid Systems


ECE578 #18

The Players

• Alice: commonly used to denote the sender of cryptographic traffic

• Bob: commonly used to indicate the recipient of that traffic

• Eve: an eavesdropper

• Oscar: a generalized “bad guy”


ECE578 #19

Symmetric Key Cryptosystems• Problem Statement: Alice and Bob want to

communication over an un-secure channel (e.g., computer network, satellite link). They want to prevent Oscar (the bad guy) from listening.

• Solution: Use of symmetric cryptosystems (these have been around since ancient times) such that if Oscar reads the encrypted version y of the message x over the unsecured channel, he will not be able to understand its content because x is what really was sent.


ECE578 #20

Symmetric Key Cryptosystems


ECE578 #21

Definitions


ECE578 #22

EnigmaPerhaps the most famouscipher machine in history.

This is an early model. Laterversions had as many as five rotors.

Enigma was a tactical machine--designed for battlefield use.

Even today, Enigma would providedecent security…IF no errors

occurred on the part of the operators.


ECE578 #23

Sigaba

Similar in theoryto Enigma.

Designed for strategic(fixed station) use; note

direct punching of teletypewriter paper

tape for transmission.


ECE578 #24

Example: DES


ECE578 #25

Cryptanalysis

• The science of recovering the plaintext x from the ciphertext y without the knowledge of the key (Oscar's job)

• Rules of the game:– Oscar knows the cryptosystem (encryption and

decryption algorithms)– Oscar does not know the key

• Example: JN-25


ECE578 #26

Kerckhoffs’ Principle

• Secrecy must reside solely in the key– It is assumed that the attacker knows the

complete details of the cryptographic algorithm and implementation

– A. Kerckhoffs was a 19th century Dutch cryptographer

• Ergo, Security by obscurity doesn’t work!


ECE578 #27

Attacks Against Cryptosystems

• Ciphertext-only attack– Oscar's knowledge: some y1 = ek(x1), y2 =

ek(x2), ...

– Oscar's goal : obtain x1; x2; ... or the key k

• Known plaintext attack– Oscar's knowledge: some pairs (x1,

y1 = ek(x1)); (x2, y2 = ek(x2)) ...

– Oscar's goal : obtain the key k.


ECE578 #28

More Cryptosystem Attacks

• Chosen plaintext attack– Oscar's knowledge: some pairs (x1, y1 = ek(x1)), (x2; y2

= ek(x2)), ... of which he can choose x1, x2, ...

– Oscar's goal : obtain the key k

• Chosen ciphertext attack– Oscar's knowledge: some pairs (x1; y1 = ek(x1)), (x2; y2

= ek(x2)), ... of which he can choose y1, y2, ...

– Oscar's goal : obtain the key k


ECE578 #29

How to Achieve Good Cryptography?

• Well-reviewed algorithms– So weaknesses cannot “hide” until after

implementation

• Excellent key generation & management– To maintain secrecy of the key

• Algorithms that are sufficiently complex so as to not permit feasible exhaustive attacks


ECE578 #30

Some Number Theory

r is sometimes also called the residue

Example: 12 mod 9 = 3

or 12 = 3 mod 9


ECE578 #31

Remarks on Modulo Arithmetic


ECE578 #32

Rings


ECE578 #33


ECE578 #34

Some Remarks on the Ring Zm


ECE578 #35

More Remarks on the Ring Zm


ECE578 #36

Simple Block Ciphers


ECE578 #37

Shift Cipher


ECE578 #38

Caesar Cipher


ECE578 #39

Encryption: Caesar Cipher


ECE578 #40

Attacks on Shift Cipher• Ciphertext-only: Try all possible keys (|k| = 26).

This is known as “brute force attack” or “exhaustive search”– Secure cryptosystems require a sufficiently large

key space. Minimum requirement today is |K| > 280, however for long-term security, |K| 2100 is recommended.

• Since same cleartext maps to same ciphertext, can also easily be attacked with letter-frequency analysis.


ECE578 #41

Stream Ciphers


ECE578 #42

Stream Encryption


ECE578 #43

Modulo 2 Addition Remarks


ECE578 #44


ECE578 #45

Vernam’s FirstPatent for a Stream Cipher Machine


ECE578 #46

Security

• A cryptosystem is unconditionally secure if it cannot be broken even with infinite computational resources.

• This is a very stringent test of security, and one not often met.


ECE578 #47

Substitution Ciphers

• Similar to shift cipher, except the substitution need not be regular– e.g. A=Q, B=Z, C=A, etc.

• Book ciphers fall into this category

• Is the probability of appearance of all symbols in the ciphertext equal?


ECE578 #48

Vigenère Cipher

• Polyalphabetic substitution cipher

• Invented by Bellaso; attributed to Blaise Vigenère

• In French, “le chiffre indéchiffrable,” but it is quite breakable

Source: Wikipedia


ECE578 #49

Vigenère Letter Statistics

Source: Wikipedia


ECE578 #50

One-Time Pad Ciphers

The One-Time Pad is unconditionally secure if the keys are used only once.


ECE578 #51

OTP Remarks


ECE578 #52

One Time Pad


ECE578 #53

Why Use Anything Except One-time Pads?

• Speed of encipherment

• Letters vs. numbers

• Logistics

• Usability

• Error rates


ECE578 #54

OTP Encryption

• Only ONE provably secure cryptosystem– One-time pad– Secure even if pad or operator captured– BUT…errors can lead to decryption– http://www.cia.gov/csi/books/venona/preface.htm


ECE578 #55

Stream Cipher Model


ECE578 #56

Classifications


ECE578 #57

Stream Ciphers


ECE578 #58

Key Characteristics

• Plaintext is a function with known statistics that are non-random

• Ideally, we want a keystream that is completely random

• Why?


ECE578 #59

Random Keys

• It is mathematically impossible to create purely random outputs from deterministic processes, e.g., computer programs

• Obtaining random numbers is not easy– Radioactive decay– Shot noise– ...etc.

• Key is critical to security (Kerckhoff)


ECE578 #60

Cryptographically Secure PRNG

A pseudo random generator (key stream generator) is cryptographically secure if it is unpredictable. That is, given the first n output bits of the generator, it is computationally infeasible to compute the bits n+1, n+2, ...


ECE578 #61

Summary

• Cryptology is the science that deals with making and breaking codes for secure communications

• Cryptographic techniques are critical to modern secure communications

• Understanding the underlying mathematics is crucial to proper employment of the systems


ECE578 #62

Homework

• Read Stinson, Chapters 1 & 2

• Read the paper on the class webpage about English language letter statistics; be prepared to discuss in next class

• Organize research teams and bring candidate topics to class next week

Documents

ECE578 #1 Spring 2010 © 2000-2010, Richard A. Stanley ECE578: Cryptography 1. Introduction Professor Richard A. Stanley, P.E