Understanding Cryptography: Symmetric vs. Asymmetric Encryption, Key Generation, and Random Number Generation

1. SECURITY Cryptology cryptanalysis cryptography Symmetric Asymmetric Protocols alg alg

2. m = plaintext message c = ciphertext k = secret key E,D = cipher Alice & Bob are talking Eve is always listening Bob Alice c E(k,m) = c D(k,c) = m m D E k k Eve

3. One-time vs many time key Symmetric vs asymmetric E(x) = D(x)

4. SECURITY Cryptology cryptanalysis cryptography Symmetric Asymmetric Protocols alg alg

5. SECURITY Cryptology cryptanalysis cryptography Symmetric Asymmetric Protocols Stream block Ciphers ciphers

6. Stream Ciphers ‘on the fly’

7. Key bits Key bits s4, s3, s2, s1, s0 s4, s3, s2, s1, s0 Ꚛ  … y4, y3, y2, y1, y0 Ꚛ cyphertext voice bits voice bits …x4, x3, x2, x1, x0  …x4, x3, x2, x1, x0  cleartext cleartext

8. how does a voice turn into bits? (another example of digitizing (thanks to Claude)) voice bits …x4, x3, x2, x1, x0  cleartext -- https://discover.hubpages.com/technology/Microphones

9. Stream cipher works bit by bit E(Yi) = (yi + si) mod 2 - this is the encryption algorithm D(Xi) = (xi + si) mod 2 - this is the decryption algorithm voice bits key bits Why are they the same? Why not minus for decryption?

10. XOR – exclusive or What your mom probably means when she asks if you want vanilla ice cream or strawberry ice cream X Y X xor Y ------------------------------ 0 0 0 0 1 1 1 0 1 1 1 0 One or the other, but not both Xor is its own inverse

11. as opposed to inclusive or: X Y X xor Y ------------------------------ 0 0 0 0 1 1 1 0 1 1 1 1

12. Addition and subtraction are the same operation Ꚛ 0-0 = 0 1-0 = 1 0-1 = 1 1-1 = 0 0+0 = 0 0+1 = 1 1+0 = 1 1+1 = 0 Key bits Key bits s4, s3, s2, s1, s0 s4, s3, s2, s1, s0 Ꚛ  … y4, y3, y2, y1, y0 Ꚛ cyphertext …x4, x3, x2, x1, x0  …x4, x3, x2, x1, x0  cleartext cleartext

13. Clear message key bit cypher bits key bit clear message bit options options bit recovered M K E K D -------------------------------------- 0 0 0 0 0 1 1 1 0 Two possible message bits Two possible key bits M K E K D -------------------------------------- 1 0 1 0 1 1 0 1 1

14. resulting cypher bits possible key bits Ꚛ Xi Si Yi = Xi Si ------------------------------------------------------------------------------------------------ 0 0 0 0 1 1 possible message bits In both cases each plaintext bit can become either 0 or 1 1 0 1 1 1 0 I.E. -. Key bit == 0, m stays the same Key bit == 1, m flips

16. Xor is its own inverse A B A xor B (A xor B) xor A (A xor B) xor B -------------------------------------------------------------------------------------------------- 0 0 0 0 0 0 1 1 1 0 1 0 1 0 1 1 1 0 1 1

17. If Key bit is a zero, stay the same If key bit is a one, flip it So it comes down to ‘where are the 1’s in the key stream’? If the key stream is ½ 1’s and ½ 0’s, then ½ of the ciphertext bits are in clear text

18. There should be no discernible pattern in the key stream Where are the 1’s, and where are the 0’s ? How should we decide?

19. Random number generation Pi, e, division, is the universe discrete? social use, media use of the term “random” is usually far away from what this guy had in mind:

20. For us: 3 classes of random number generation 1. True random number generators TRNG True random numbers come from physical processes (random process or just not-understood?)

21. Coin flipping, lottery, dice, roulette, thermal noise, timing, mouse movement disk speed variance, radioactive decay (but humans are terrible) hard to integrate into your program, maybe use mturk Truly random – you can’t recreate them, they can be slow

22. 2. Pseudo random number generators PRNG The distribution of the values is uniform, but they are computed/deterministic S0 = seed Si+1 = f(Si)

23. rand function in c, srand, drand, drand48, Java stuff: S0 = 12345 Si+1 = (1103515245 * Si + 12345) % 231

24. 3. Cryptographically secure pseudo random number generator - CPRNG PRNG with the following property: generated values are unpredictable which means that if I give you N output bits it is not computationally feasible to compute the next one

25. There are many applications where you need random numbers PRNG’s are well understood and almost always suitable for you application Except for cryptography applications, where they are unusable

26. One Time Pad OTP A “perfect” encryption algorithm: A cipher is “unconditionally secure” if it can’t be broken with infinite computing resource

27. Say you have 10000 key bits An exhaustive search would try up to 2**10000 combinations Computational infeasible But it is not secure (“infinite”, remember?) Suppose the cardinality of the keyspace is 100000000000000000000000 Somebody tries to search it anyway and the first one they try is it! (somebody wins the lottery, just not you)

28. Ciphers in use are (mostly) practically secure, but they are not unconditionally secure OTP is a stream cipher where  the key stream bits come from a TRNG  one bit for each message bit  each key stream bit is used only one time

29. Extremely powerful Extremely simple Crypto solved?

30. Each side needs to know the key The key is unique each time Sending the key to the other side is the same problem as sending the message

31. …back to reality… LFSR

32. So, how can we generate the key bits? Ꚛ k k PRNG PRNG Ꚛ  … y4, y3, y2, y1, y0 Ꚛ …x4, x3, x2, x1, x0  …x4, x3, x2, x1, x0 

33. Addition and subtraction are the same operation K = a,b What’s in “LCG”? K = a,b LCG LCG (Linear congruential generator) Ꚛ  … y4, y3, y2, y1, y0 Ꚛ …x4, x3, x2, x1, x0  …x4, x3, x2, x1, x0 

34. We are going to build a gadget to generate the key bits. It has to be small enough to fit in your cell phone, and simple enough to use only a tiny amount of power (== battery life), and generate almost no heat First though, we need some background

35. shift registers logic gates how we remember a bit

36. logic we use when thinking & solving problems Logic Gates: AND (Java operator: &&) given: If Fred is strong and Bob is strong, we will win the football game (“strong” means benches >= 275 pounds) Fred benches 290, Bob benches 310 - Will we win? Fred benches 290, Bob benches 210 – Will we win? Fred benches 135, Bob benches 80 – Will we win? Fred benches 110, Bob benches 300 – Will we win?

37. AND If Fred is strong and Bob is strong, we will win the football game, otherwise we will lose the football game (“strong” means benches >= 275 pounds) Fred benches 290, Bob benches 310 - Will we win? Fred benches 290, Bob benches 210 – Will we win? Fred benches 190, Bob benches 275 – Will we win? Fred benches 135, Bob benches 80 – Will we win?

38. AND - ^,juxtaposed Fred Victory Bob F B V 0 0 1 1 0 1 0 1 0 0 0 1 We call this representation a Truth Table

39. OR (Java operator: ||) If Tabitha competes or Katie competes, the world record will be broken Tabitha competes, Katie does not. Will the world record be broken? Katie competes, Tabitha does not. Will the world record be broken? Both Tabitha and Katie compete. Will the world record be broken? Neither Tabitha nor Katie compete. Will the world record be broken?

40. OR If Tabitha competes or Katie competes, the world record will be broken, otherwise the world record will not be broken. Tabitha competes, Katie does not. Will the world record be broken? Katie competes, Tabitha does not. Will the world record be broken? Both Tabitha and Katie compete. Will the world record be broken? Neither Tabitha nor Katie compete. Will the world record be broken?

41. OR - ^,+ Tabitha New world record Katie T K WR 0 0 1 1 0 1 0 1 0 1 1 1 OR Truth Table

42. NOT (Java operator: !) X X'

43. Electronic realization of a nand gate We can make transistors • at the atomic level • super reliable, dense, & cheap • usable in consumer devices nand “covers” – means you can make any gate just using nand gates we think using and/or/not, but we build computers using nand gates

44. Flip-Flops (i.e memory) also called a latch S Q Q' R Asynchronous – feedback paths -instability operates with both inputs normally at 1 application of a momentary '0' to the S(et) input causes Q to go to 1 and Q' to go to 0 application of a momentary '0' to the R(eset) input causes Q to go to 0 and Q' to go to 1

45. S Q block diagram for a flip-flop/ latch cp Q' R 1 in out S --------------------------- 0 0 0 1 1 0 1 1 R Q(t+1) Q(t) 0 1 ? no change clear SET don't do it it always holds either a 0 or a 1 when the clock ticks, the input will be stored next and the output will flow to the input of another

46. We are going to connect these flip-flops in series. The output of one is connected to the input on the next. Each time the clock ticks, the bit ‘moves’ one position to the right • • • 1 0 1 0 0 1 . . . 0 1 1 this piece of hardware is called a the bits which fall out at the end are the key bits which we will use to encrypt the voice bits register (where all the action happens)