Elementary Cryptography
Chapter 2
Computer Security Systems Lecturer :H.Ben Othmen
Department of Computer Science, Umm Al-Qura University University year: 1435/1436
Concepts of encryption Cryptanalysis: how encryption systems are
"broken" Symmetric (secret key) encryption and the DES
and AES algorithmsAsymmetric (public key) encryption and the RSA
algorithmKey exchange protocols and certificatesDigital signaturesCryptographic hash functions
Computer Security Systems
2
Outline
1435/1436
Computer Security Systems
3
Introduction
1435/1436
Study of algorithms and protocols used to preserve confidentiality of information and ensuring its integrity.It forms the basis of most
security measures: Secure Internet exchanges, confidentiality of banking, protection of trade secrets, protection of medical
confidentiality, protection of computer systems
against intrusion, Through the electronic signature:
identification of correspondents, Guarantee of integrity of documents.
Encryption is the process of encoding a messageDecryption is the reverse process, transforming an encrypted message back into its normalEncode the original message to hide its meaning
Decode it to reveal the original message The original form of a message is known as plaintextThe encrypted form is called ciphertext
Terminology
Computer Security Systems
4 1435/1436
encode = encrypt= encipher
decode=decrypt = decipher
P: plaintext message / P = <p1, p2, …, pn> (as a sequence of individual characters)
C: ciphertext message / C = <c1, c2, …, cm> For example
the plaintext message "I want cookies" can be denoted as the message string <I, ,w,a,n,t, , c,o,o,k,i,e,s>.
It can be transformed into ciphertext <c1, c2, …, c14>, the encryption algorithm tells us how the transformation is
done.
Terminology
Computer Security Systems
5 1435/1436
Figure 2.1. Encryption
using the following formal notation to describe the transformations between plaintext and ciphertext.
For example, we write C = E(P) and P = D(C), where:C represents the ciphertext,E is the encryption rule, P is the plaintext, D is the decryption rule.
What we seek is a cryptosystem for which P = D(E(P)). In other words, we want to be able to convert the message to protect it from an intruder, but we also want to be able to get the original message
Terminology
Computer Security Systems
6 1435/1436
The cryptosystem involves a set of rules for how to encrypt the plaintext and how to decrypt the ciphertext
Algorithms: The encryption and decryption rules K (key) is a device used by the algorithm The resulting ciphertext depends on the original
plaintext message, the algorithm, and the key value.dependence : C = E(K, P).
E is a set of encryption algorithmskey K selects one specific algorithm from the set
Encryption Algorithms
Computer Security Systems
7 1435/1436
Symmetric encryptionThe encryption and decryption keys are the sameP = D(K, E(K,P)) D and E are mirror-image processes
Asymmetric encryptionThe encryption and decryption keys come in pairsA decryption key, KD, inverts the encryption of key KE P = D(KD, E(KE,P))
Encryption Algorithms
Computer Security Systems
8 1435/1436
An encryption scheme that does not require the use of a key is called a keyless cipher.
Encryption with Keys
Computer Security Systems
9 1435/1436
Fig2.2. Encryption with Keys
A key gives us flexibility in using an encryption scheme
We can create different encryptions of one plaintext message just by changing the key
Cryptography: means hidden writing, and it refers to the practice of using encryption to conceal text
Cryptology
Computer Security Systems
10 1435/1436
Encryption has been used for centuries to protect diplomatic and military communications, sometimes without full success
a cryptographer and a cryptanalyst attempt to translate coded material back to its original form.
a cryptographer works on behalf of a legitimate sender or receiver
a cryptanalyst works on behalf of an unauthorized interceptor (A cryptanalyst is an expert in cryptanalysis)
cryptology is the research into and study of encryption and decryption; it includes both cryptography and cryptanalysis.
Cryptology
Computer Security Systems
11 1435/1436
Cryptology = cryptography+ cryptanalysis
break a single messagerecognize patterns in encrypted messages, to be able to
break subsequent ones by applying a straightforward decryption algorithm
infer some meaning without even breaking the encryption (communication was short or long)
deduce the key, to break subsequent messages easilyfind weaknesses in the implementation or environment
of use of encryptionfind general weaknesses in an encryption algorithm,
without necessarily having intercepted any messages
Cryptanalysis
Computer Security Systems
12 1435/1436
The Caesar Cipher:Rules => Ci = E(pi)= pi + k mod 26
Pi = D(ci) = ci– k mod 26Examples:
1) k=3 (Rot 3)P= TREATY IMPOSSIBLEC= w u h d w b l p s r v v l e o h2) ROT13: Why did the chicken cross the road? Gb trg gb gur bgure fvqr!
Substitution : Shift (Caesar) Cipher
Computer Security Systems
13 1435/1436
Letter: A B …… Y ZCode : 0 1 …… 24 25Can we do arithmetic on
letters?Example: A+2=C, N+1=O Y-1=X, etc.Rot 3: “rotate by 3 places”
Outer: plaintextInner: ciphertext
The Caesar cipher
Computer Security Systems
14 1435/1436
K=3
The Caesar cipher
Computer Security Systems
15 1435/1436
Rule1) pick a keyword2) spell it without duplicates3) then, fill in the rest of the alphabet in order
Example: keyword VACATIONP: A B C D E F G H I J K L M N O P Q R S T U V W X Y ZC: V A C T I O N B D E F G H J K L M P Q R S U W X Y ZQ: Encrypt “I should be sailing” as: DQBK SGTAIQVD GDJN
Substitutions :Keyword Mixed Alphabet
Computer Security Systems
16 1435/1436
a type of one-time pad devised by Gilbert Vernam The basic encryption involves an arbitrarily long non
repeating sequence of numbers that are combined with the plaintext.
Substitutions : Vernam Cipher
Computer Security Systems
17 1435/1436
The encryption is done by adding the key to the message modulo 2, bit by bit.
This process is often called exclusive or (XOR).
Substitutions : Vernam Cipher
Computer Security Systems
18 1435/1436
Example: Key : XMCKL Message: HELLO
Substitutions : Vernam Cipher
Computer Security Systems
19 1435/1436
H E L L O message (plaintext)
+7(H) 4(E) 11(L) 11(L) 14(O) message
23(X) 12(M) 2(C) 10(K) 11(L) Key
30 16 13 21 25 Message+key
4(E) 16(Q) 13(N) 21(V) 25(Z) Message+key (mod 26)
E Q N V Z Ciphertext
Substitution : Vigenere Cipher
Computer Security Systems
20 1435/1436
Vigenere cipher is a method of encrypting alphabetic text by using a series of different Caesar ciphers based on the letters of a keyword.
The Vigenere square or Vigenere table
Example: The person sending the message chooses a keyword and repeats it until it matches the length of the plaintext.
P= ATTACKATDAWNkeyword :LEMON
Substitution : Vigenere Cipher
Computer Security Systems
21 1435/1436
Plaintext: ATTACKATDAWNKey: LEMONLEMONLECiphertext: LXFOPVEFRNHR
Method
A:the first letter of the plaintext,
L: the first letter of the keyA is paired with Luse row L and column A of the
Vigenere squareX? : the first letter of the
CiphertextX= row L ∩ column A
Transpositions (Permutations)
Computer Security Systems
22 1435/1436
A transposition is an encryption in which the letters of the message are rearranged
With transposition, the cryptography aims for diffusion, widely spreading the information from the message or the key across the ciphertext
A transposition is also known as a permutation.
Columnar Transpositions
Computer Security Systems
23 1435/1436
Figure 2.4. Columnar Transposition
The following set of characters is a five-column transposition
The plaintext characters arewritten in rows of five and arranged one row after another
c1 c2 c3 c4 c5c6 c7 c8 c9 c10c11 c12 etc
Plaintext : THIS IS A MESSAGE TO SHOW HOW A COLUMNAR TRANSPOSITION WORKS
Columnar Transpositions- Example
Computer Security Systems
24 1435/1436
T H I S I
S A M E S
S A G E T
O S H O W
H O W A C
O L U M N
A R T R A
N S P O S
I T I O N
W O R K S
Ciphertext:tssoh oaniw haaso lrsto imghwutpir seeoa mrook istwc nasns
Note : if the message length is not a multiple of the length of a row, the last columns will be one or more letters short. When this happens, we sometimes use an infrequent letter, such as X, to fill in any short
Two basic kinds of encryptions are: Symmetric
Secret keySymmetric algorithms use one key, which works for both
encryption and decryption Authenticity is ensuredn users who want to communicate in pairs need n * (n - 1)/2 keys.key distribution Asymmetric
Two keys: -public key -private key
Symmetric and Asymmetric Encryption Systems
Computer Security Systems
25 1435/1436
DES: Data Encryption Standarda system developed for the U.S. government DES algorithm: key is 64 bits Uses basic techniques of encryption
confusion (substitutions)diffusion (permutations)
Same process 16 times/blockUses standard arithmetic and logical operators
DES
Computer Security Systems
26 1435/1436
DES algorithm
Computer Security Systems
27 1435/1436
The DES algorithm
Fractioning of the text into 64-bit (8 octet) blocks
Initial permutation of blocks
Breakdown of the blocks into two parts: left and right, named L
and R
Permutation and substitution steps repeated 16 times (called
rounds)
Re-joining of the left and right parts then inverse initial
permutation. The function expects a 64-bit key as input. However, only 56 of these bits are ever used; the other 8 bits can be used as parity bits or simply set arbitrarily.
Computer Security Systems
28 1435/1436Fig 2..General Depiction of DES Encryption Algorithm
Left-hand side:
The processing of the plaintext proceeds in three phases
First, the plaintext (64-bit) passes through an initial
permutation (IP) that rearranges the bits to produce the
permuted input
This is followed by a phase consisting of 16 rounds of the
same function (permutation and substitution functions)
The output of the last (sixteenth) round consists of 64 bits
that are a function of the input plaintext and the key.
DES
Computer Security Systems
29 1435/1436
The left and right halves of the output are swapped to
produce the preoutput
Finally, the preoutput is passed through a permutation (IP-1)
that is the inverse of the initial permutation function, to
produce the 64-bit ciphertext
The right-hand:
The key is passed through a permutation function for each of
the 16 rounds, a subkey (Ki) is produced by the combination of
a left circular shift and a permutation
DES
Computer Security Systems
30 1435/1436
The key is ciphered on 64 bits and made of 16 blocks of 4 bits,
generally denoted k1 to k16 . Given that "only" 56 bits are actually
used for encrypting, there can be 2^56 (or 7.2*10^16 ) different
keys
The permutation function is the same for each round, but a
different subkey is produced
DES
Computer Security Systems
31 1435/1436
The First phase: Initial Permutation
DES: Initial Permutation
Computer Security Systems
32 1435/1436
Description :put bit 58 into the 1st position,put 50 into the 2nd position,………….
After round 16: Inverse Initial Permutation (IP-1)
At the end of the iterations, the two blocks L16 and R16 are re-joined, then subject to inverse initial permutation
Computer Security Systems
33 1435/1436
Figure 2.. Single Round of DES Algorithm
DES-Expansion Permutation (E)
Computer Security Systems
34 1435/1436
DES-Calculation of F(R, K)
Computer Security Systems
35 1435/1436
DES: S Boxes
Computer Security Systems
36 1435/1436
Each box defines a substitution– 6-bit input– 4-bit output
Example: S box 1bit 1 and 6 define the row.bit 2-5 define col.
Example: 010011 bit 1,6 = 01 → row 1 bit 2,3,4,5 = 1001 → col 9
output = 6, i.e. 0110
DES: S Boxes
Computer Security Systems
37 1435/1436
Permutation function (P)
Computer Security Systems
38 1435/1436
16 7 20 21 29 12 28 17
1 15 23 26 5 18 31 10
2 8 24 14 32 27 3 9
19 13 30 6 22 11 4 25
DES: Keys
Computer Security Systems
39 1435/1436
28 28PC1: just a simple permutation(output = 56 bit) selected by Pc1
key split in half each half 28 bits
Both halves are shifted lift either 1 or 2 bits (depending on round)
result of shift fed to PC2 bits are permuted and 48 of
the 56 bits chosen for Subkey 1
Triple DES Operation For each block:
encrypt with key 1 decrypt with key 2 encrypt with key 1
i.e. C= E(K3, D(K2, E(K1, P)))• C: ciphertext•P: plaintext•E[K, X] encryption of X using key K•D[K, Y] decryption of Y using key K
The Triple Data Encryption Standard (Triple DES)
Computer Security Systems
40 1435/1436
The Triple Data Encryption Standard (Triple DES)
Computer Security Systems
41 1435/1436
Key Length (3DES) = 3*56 = 168
Computer Security Systems
42 1435/1436
Security in Computing, Fourth Edition By Charles P. Pfleeger - Pfleeger Consulting Group, Shari Law rence Pfleegercryptography-and-network-security-principles-and-practices-4th-ed-william-stallings
Bibliography
Computer Security Systems
43 1435/1436