Download Presentation
## Cryptography 1

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -

**Cryptography 1**CS432**Overview**• What is cryptography and cryptology? • The main components of a crypto system. • Problems solved by cryptography. • Basic concepts: symmetric cryptography, asymmetric cryptography, digital signatures. • Types of algorithms and related concepts.**Cryptography and Cryptology**• Encryption: transformation of intelligible, understandable information into unintelligible form to disguise its meaning and intent from intruders. • Decryption: The inverse transformation of encrypted information into intelligible form • Both encryption and decryption are based on keys. It should be difficult or impossible to decrypt a message without knowing the key. • Cryptography: encryption + decryption. • Cryptanalysis: analyzing encrypted information with the intent of recovering the original plain information, without knowing the key. • Cryptology: cryptography + cryptanalysis.**The Encryption and Decryption Process**• The encryption model**The major components of a crypto system (the model)**• Plain text: the original message before encryption. • Encryption Algorithm: the algorithm used to transform the plaintext into unintelligible form (the cipher text). • The cipher text: the encrypted text. • Encryption key: the encryption process is always based on a key. • Decryption Algorithm: used to transforms cipher text back to plaintext. • The Decryption key: the key used in the decryption process. All algorithms must be public; only the keys are secret.**Intruders and Cryptanalysis**• It is assumed that there is an intruder who listens to all communications and he may copy or delete any message • An active intruder modifies some messages and re-inserts them • A passive intruder just listens • To decrypt a message without having a key, an intruder practices the art of cryptanalysis**What Does Cryptography Solve?**• Confidentiality • Ensure that nobody can get knowledge of what you transfer even if listening to the whole conversation • Integrity • Ensure that message has not been modified during the transmission • Authenticity • You can verify that you are talking to the entity you think you are talking to • Identity • You can verify who is the specific individual behind that entity • Non-repudiation • The individual behind that asset cannot deny being associated with it**Symmetric Encryption**Clear-text input Clear-text output Cipher-text “An introduction to cryptography” “AxCvGsmWe#4^,sdgfMwir3:dkJeTsY8R\s@!q3%” “An introduction to cryptography” DES DES Encryption Decryption Same key(shared secret)**Asymmetric Encryption**Clear-text Input Clear-text Output Cipher-text “Py75c%bn&*)9|fDe^bDzjF@g5=&nmdFgegMs” “An introduction to cryptography” “An introduction to cryptography” RSA RSA Encryption Decryption Different keys**Asymmetric Encryption**• Things to remember about asymmetric keys: • The relation between the two keys is unknown and from one key you cannot gain knowledge of the other, even if you have access to clear-text and cipher-text • The two keys are interchangeable. All algorithms make no difference between public and private key. When a key pair is generated, any of the two can be public or private Clear text g$5knvMd’rkvegMs” Encryption ?**private**public Example: Confidentiality Clear-text Input Clear-text Output Cipher-text “An introduction to cryptography” “Py75c%bn&*)9|fDe^bDzjF@g5=&nmdFgegMs” “An introduction to cryptography” Decryption Encryption Different keys Recipient’s private key Recipient’s public key**private**public Sender’s private key Sender’s public key Example: Authenticity Clear-text Input Clear-text Output Cipher-text “An introduction to cryptography” “Py75c%bn&*)9|fDe^bDzjF@g5=&nmdFgegMs” “An introduction to cryptography” Decryption Encryption Different keys**priv**SignedDocument Creating a Digital Signature Message or File Message Digest Digital Signature This is the document created by Ahmed This is the document created by Gianni (Typically 128 bits) 3kJfgf*£$& 3kJfgf*£$& Py75c%bn RSA SHA, MD5 Asymmetric Encryption Generate Hash Calculate a short message digest from even a long input using a one-way message digest function (hash) Signatory's private key**Message Digest**Generate Hash Py75c%bn ? Compare ? DigitalSignature Asymmetric Decryption This is the document created by Ahmed Py75c%bn pub 3kJfgf*£$& Gianni's public key(from certificate) SignedDocument Verifying a Digital Signature RSA**Classification of Ciphers**• Substitution ciphers • Cesar’s cipher • Affine transformation ciphers • Transposition ciphers • One-time pad • Block ciphers • Exponentiation ciphers • RSA**Substitution Ciphers**• Each symbol is replaced by another symbol (Example: with Latin alphabet, in monoalphabetic substitution, the key is a 26-letter string that represents the substituting permutation of the alphabet, so 26! keys are available) Case study: Caesar cipher (A -> D, B -> E, C->F, …Z->C ), or ord (s) = [ord(s) + 3] mod 26. Lettersare packed in equal blocks to prevent cryptanalysis based on the word length**Case Study: Cesar’s Cipher**Plaintext: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Ciphertext: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 THIS MESSAGE IS TOP SECRET THISM ESSAG EISTO PSECR ET 19 7 8 18 12 | 4 18 18 0 6 | 4 8 18 19 14 | 15 18 4 2 17 | 4 19| 22 10 11 21 15 | 7 21 21 3 9 | 7 11 21 22 17 | 18 21 7 5 20 | 7 22 WKLVP HVVDJ HLVWR SVHFU HW**Substitution Ciphers**Substitution ciphers are easy to break with a relatively small amount of ciphertext, using statistical properties of the language (frequency of letters, bigrams, trigrams, etc.)**The frequencies of occurrence of letters in English text:**LetterA B C D E F G H I J K L M N O P Q R S T U V W X Y Z Frequency 7 1 3 4 13 3 2 3 8 <1 <1 4 3 8 7 3 <1 8 6 9 3 1 1 <1 2 <1 (Suppose, we know that shift transformation cipher was used) Ciphertext: YFXMP CESPZ CJTDF DPQFW QZCPY NTASP CTYRX PDDLR PD Analysis of the frequencies of occurrence of letters in the ciphertext: LetterA B C D E F G H I J K L M N O P Q R S T U V W X Y Z Frequency 1 0 4 5 1 3 0 0 0 1 0 1 1 1 0 7 2 2 2 3 0 0 1 2 3 2 A Cryptanalysis Example Guess: P(7) = E(13) => 15 = 4 + k (mod 26) => k = 11. Plaintext: NUMBE RTHEO RYISU SEFUL FOREN CIPHE RINGM ESSAG ES (NUMBER THEORY IS USEFUL FOR ENCIPHERING MESSAGES)**Transposition Cipher**• All symbols are reordered according to a permutation specified by the key Example: WISPER the key—must have no repeated symbols 6253 14 the relative order of each symbol in the key “CIS IS THE BEST COLLEGE IN TOWN” • C I S I S T • H E B E S T • C O L L E G • E I N T O W plaintext is written in rows of the key’s size • N x x x x x the last row is padded 1 2 3 4 5 6 SOXLEIEEGTTHUTTMNY (ciphertext is written in columns permuted in the order of key’s symbols) Transposition ciphers can also be broken by guessing the key size and using statistical analysis when the cryptanalyst knows that it is a transposition cipher.**Transposition Ciphers**C I S I S T H E B E S T C O L L E G E I N T O W plaintext is written in rows of the key’s size N x x x x x the last row is padded WISPER 6253 14 SIITSC SEETBH EOLGLC OITWNE XXXXXN Cipher Text: SSEOX IEOIX IELTX TTGWX SBLNX CHCEN**Example:**= Plaintext: 001110011010010110 Key: 100100100111110110 Ciphertext: 101010111101100000 (XOR) 0 1 + 0 0 1 1 1 0 One-Time Pad Ciphers Any bit sequence the size of plaintext can be a key. Each bit of plaintext is XOR-ed with the corresponding bit of the key to produce a bit of the ciphertext One-time Pad is unbreakable; however key distribution is a big problem…**Block Ciphers (Affine Transformation)**• Key: • A is a square integer matrix of order n such that (|A|, 26) = 1 • Bis an n-vector of integers • The ciphertext is split into blocks of length n; the last block is padded • For each blockP, compute C = (AP + B) (mod 26)**Exponentiation Ciphers**Given: • p is a prime • The key, e > 0satisfies: (e, p-1) = 1 Plaintext: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 • Group the resulting numbers into blocks of 2m decimal digits, where m is the largest even integer such that the decimal value of each block is less than p • For each plaintext block, P, compute a ciphertext block C = Pe(mod p) • To decipher, find d such that de ≡ 1 (mod p-1) and compute P = Cd(mod p) Cd ≡ Ped P ≡ Pk(p-1)+1 ≡ [P (p-1)]kP ≡ P (mod p)(By Fermat’s Little Theorem)**Plaintext: A B C D E F G H I J K L M N**O P Q R S T U V W X Y Z 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Exponentiation Ciphers: An Example • p = 2633; • the key e = 29; (e, p-1) = (29, 2632) = 1; • Block length is 4 (m=2) d = 2269 2269*2622≡ 1 (mod 2622) THIS IS AN EXAMPLE OF AN EXPONENTIATION CIPHER 190729≡ 2199 (mod 2633) 1907 0818 0818 0013 0423 0012 1511 0414 0500 1304 2315 1413 0413 1908 0019 0814 1302 0815 0704 1723 2199 1745 1745 1206 2437 2425 1729 1619 0935 0960 1072 1541 1701 1553 0735 2064 1351 1794 1841 1459 21992269≡ 1907 (mod 2633)**One Immediate Application: The Diffie-Hellman Algorithm**Problem:Establish common keys (for symmetric cryptography) to be used by two individuals so that intruders cannot discover them in a feasible amount of computer time. • Let • pbe a large prime • abe an integer relatively prime to p These are known to all! Pick k1relatively prime to p-1 Pick k2relatively prime to p-1 =**A Simple Example of a DH Exchange**p=17 a= 2 k1= 3 k2= 5 =**T**S T S T 4 to 2 encoder S S 2 to 4 decoder S S T S S 4-bit transposition (T) Cascading into a product 2-bit substitution (S) Modern Symmetric-Key Algorithms • Combine transpositions and substitutions and cascade them to make the algorithms very complex (to prevent cryptanalysis even when large amounts of ciphertext are available) • Often use blockciphers**Some Common Symmetric-Key Cryptographic Algorithms(after A.**Tanenbaum)**Public-Key Cryptography**A (public key, private key) pair • Publish the public key (= encryption key) • Keep the private key (= decryption key) secret Two essential requirements: 1) 2) It is very hard (i.e, computationally infeasible) to obtain from • To send a message M to you, I send • You decrypt it, obtaining:**RSA (Rivest, Shamir, Adleman)**The probability that P and n are not relatively prime is extremely low! • Parameters: p, q, n, z, d, e • Choose, large (1024 bits) primes: p, q • Compute n = pq, z = φ(n) = (p-1)(q-1) • Choose the exponent erelatively prime to z • Find d:ed ≡ 1(mod z) • Keys: public,(e, n); private, (d, n); • Encryption and decryption: • Brake the plaintext into largest equal even-digit blocks (P) shorter than nbits • Encrypt each blockP by computing C = E(P) ≡ Pe (mod n) • Decrypt C by computing D(C) ≡ Cd (mod n) ≡ Ped (mod n) ≡ Pkφ(n)+1(mod n) ≡ Pkφ(n)P(mod n) ≡ P(mod n) Euler’s Theorem: If n > 0 and e and d are integers, such that (a, m) = 1, thenaφ(m)≡ 1 (mod m).**Plaintext: A B C D E F G H I J K L M N**O P Q R S T U V W X Y Z 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 RSA: An Example Public key: (13, 2357) Private key: (937, 2357) 937* 13≡ 1 (mod 2436) • p = 43, q=59; n = 43*59 = 2357; φ(n) = 42*58 =2436 • Exponent e = 13; (e, φ(n)) = (13, 42*58) = 1; • Block length is 4 d = 937 PUBLIC KEY CRYPTOGRAPHY 152013≡ 95 (mod 2537) 1520 0111 0802 1004 2402 1724 1519 1406 1700 1507 2423 • E(P) ≡ Pe (mod n) 0095 1648 1410 1299 0811 2333 2132 0370 1185 1457 1084 0095937≡ 1520 (mod 2537) P≡ Cd (mod n)**Properties of RSA**• The algorithm is secure because of the difficulty of factoring N. Factoring a 500-digit number should take 1025 years using a CPU with 1 microsecond instruction time • Encryption and decryption are inverse and commutative (an important property for digital signatures) • The algorithm is slow (compared to DES and other symmetric algorithms with much shorter keys) RSA may be prohibitively slow when dealing with large blocks of data. It is typically used for one-time session key distribution for a symmetric-key algorithm (such as triple-DES)