11/21/2013
1
Lecture 3
Introduction to Cryptography
11/21/2013
2
This Week
The Role of Cryptography
Historic Examples of Simple Ciphers
Types of Cryptanalysis
Information Theory and Cipher Security
One

Time Pad
11/21/2013
3
Cryptography
Cryptography is the art and science of encryption,
converting information from its normal form to an
incomprehensible format. At least, that is how it
started out.
Nowadays, it is much broader, covering
authentication, digital signatures, and many more
elementary security functions.
Cryptography is an extremely varied field. From
quantum physics to DNA computing, there are so
many scientific disciplines in relation with
cryptography. That is why there is nobody in the
world who knows everything about cryptography.
There isn’t even anybody who knows most of it.
11/21/2013
4
The Role Of Cryptography
Cryptography by itself is fairly useless. It has
to be part of a much larger system.
Cryptography is like
locks
in the physical
world. A lock by itself is singularly useless
thing.
Even though cryptography is only a small
part of the security system, it is a very
critical part.
Cryptography takes on the role of the lock: it
has to distinguish between “good” access and
“bad” access. This is much more difficult than
keeping everybody out.
11/21/2013
5
Cryptanalysis
Cryptanalysis
is the opposite of
cryptography, the study of methods for
obtaining the meaning of encrypted
messages.
Cryptography and cryptanalysis are
sometimes grouped together under the
umbrella term
cryptology.
(
Cryptology = Cryptography + Cryptanalysis)
In practice, cryptography is also used to
refer to the field as a whole.
11/21/2013
6
History of Cryptology
It
has a fascinating history and dates as far back to
4000 years ago.
The earliest example of an attempt to obscure the
meaning of an inscription was found in Egypt.
The first notable personality in the history of
cryptography is probably Julius Caesar (100
–
44 BC),
who used the “Substitution Cipher” for government
communication.
In these early days, encryption was mainly performed
using “pen and paper”, therefore the methods were
ad hoc, simple and inefficient. Only in 1900’s, the
invention of mechanical devices called “rotors”
allowed more sophisticated and systematic techniques
for cryptography.
11/21/2013
7
History of Cryptology (cont’d)
U
ntil the First World War, important
developments did not appear timely
and the science of cryptography
moved forward in the same way as
most other specialized disciplines.
Starting in 1918,
things began to
change
(detailed introduction of
earlier history can be found in
David
Kahn’s book
.):
11/21/2013
8
Milestones
1918:
William F. Friedman’s monograph “The Index of
Coincidence and Its Applications in Cryptography”
appeared as a research report.
1918:
Edward H. Hebern filed the first patent for a
rotor machine.
1933:
The Enigma machine, used by Germany in
WW2, was broken by Marian Rejewski.
1949:
Claude Shannon’s paper “The Communication
Theory of Secrecy Systems” appeared in the Bell
Systems technical journal.
1967:
David Kahn’s book on the history of
cryptography, “Codebreakers” was published.
1970:
At IBM, Horst Feistel began the development of
what was to become the U.S. Data Encryption
Standard (DES).
11/21/2013
9
Milestones (cont’d)
1976:
Whitfield Diffie and Martin Hellman published
“New Directions in Cryptography”, introducing the
idea of public key cryptography.
1978:
The first realization of public key cryptography,
RSA algorithm was published in Communications of
ACM.
1991:
Phil Zimmermann releases the public key
encryption program PGP along with its source code,
which quickly appears on the Internet. Zimmermann
spent years under investigation because of his release
of PGP.
2001:
After a competition, Rjindael algorithm was
chosen as AES (Advanced Encryption Standard).
2005:
SHA

1, one of FIPS (
Federal Information
Processing Standards
) approved hash functions, was
broken.
11/21/2013
10
Applications of Cryptography
Historically, the sole purpose of cryptography was to
assure secrecy. By the rise of e

banking and e

commerce applications, the use of cryptography for
integrity protection surpasses its use for secrecy.
For instance in electronic funds transfer, without
appropriate cryptographic countermeasures, an error
in a single bit could literally cause millions of dollars
to be erroneously credited or debited.
W
idespread use of cryptography in the Internet
is
well

known:
at
least the
acronyms of security
protocols such as SSL, SSH, S/MIME etc.
Maybe the less known is the fact that cryptography is
used in almost every electronic device we have today
(mobile phones, pay

TV decoders, game consoles, car
keys, door access cards, burglar alarms etc.)
11/21/2013
11
The Generic Setting
Alice
Oscar
encrypter
decrypter
key source
Bob
secure channel
P
C
P
K
plaintext
ciphertext
D
K
(E
K
(P)) = P
11/21/2013
12
Kerckhoff’s Principle
The security of the encryption scheme must depend
only on
secrecy of the key and not on the secrecy of
the algorithms
.
Reasons:
Algorithms are hard to change and secrets are hard
to keep.
It is very easy to make a small mistake and design a
cryptographic algorithm that is weak.
11/21/2013
13
Key Escrow and Export Control
Key escrow
is an arrangement in which
the keys needed to decrypt encrypted data
are held in
escrow
by a third party, so that
someone else can obtain them to decrypt
messages
For Law Enforcement (Clipper Chip)
For Careless Users
Many countries used to impose severe
restrictions on export of encryption. They
are pretty much lifted today.
11/21/2013
14
History of Cryptanalysis
T
he earliest known cryptanalys
is book is written by
Al

Kindi
, lived between 801 AD and 873 AD.
The main topics of
A
l

Kindi's book are methods of
cryptanalysis, cryptanalysis of ciphers and frequency
analysis of Arabic.
Al

Kindi's manuscript was discovered
at the old library in Istanbul.
The International Association for Cryptologic Research
newsletter Vol. 20, No. 3, (Late) Fall 2003, included
an interesting review of a new translation of
Al

Kindi's
work.
http://www.iacr.org/newsletter/v20n3/newbooks.html
11/21/2013
15
Cryptanalysis (cont’d)
Historically,
frequency analysis
was the
main technique used to break simple
ciphers. It uses statistics to measure the
frequency of single letters and their
combinations in natural languages.
In modern cryptanalysis, since ciphers
became more complex, frequency analysis
loses its predominance over other
mathematical techniques.
11/21/2013
16
Types of Cryptanalysis
Ciphertext

only attack:
The cryptanalyst obtains examples
of ciphertext and knows some statistical properties of
typical plaintext.
Known

plaintext attack:
The cryptanalyst obtains examples
of ciphertext/plaintext pairs.
Chosen

plaintext attack:
The cryptanalyst can generate a
number of plaintexts and will obtain the corresponding
ciphertext.
Adaptive chosen

plaintext attack:
The cryptanalyst can
perform several chosen

plaintext attacks and use
knowledge gained from previous ones in the preparation of
new plaintext.
The goal is always to find the key or any other
information that helps in decrypting or encrypting new
text.
11/21/2013
17
Brute

Force Attack
Key Space
refers to the set of all possible
values the key might have. The size of key
space is critical because if it is not large
enough, using a plaintext

ciphertext pair,
the attacker can exhaustively try all the key
space until he finds the correct key.
Exhaustive key search is sometimes
referred as the
brute

force attack
since
there is no intelligence involved.
The goal of the cryptanalyst is to come up
with a more efficient attack than the brute

force attack.
11/21/2013
18
Shift Cipher
Let P=C=K=Z
29
. For 0 K 28, define
e
K
(x)=x+K mod 29
d
K
(y)=y

K mod 29
(x,y Z
29
)
For the particular key K=3, the cryptosystem is often
called the
Caesar Cipher
, which was purportedly used
by Julius Caesar.
11/21/2013
19
Example
CIPHERTEXT:
WUYMUL MCGJFS
LYJFUWYX YUWB
FYNNYL CH U GYMMUAY
QCNB NBY FYNNYL
NBUN CM NBLYY
JFUWYM ZOLNBYL XIQH
NBY UFJBUVYN BIQ
UVION GY
PLAINTEXT:
Caesar
simply replaced each
letter in a message with
the letter that is three
places further down the
alphabet how about me
English Letter Frequency
0
0.02
0.04
0.06
0.08
0.1
0.12
0.14
a
c
e
g
i
k
m
o
q
s
u
w
y
11/21/2013
20
Substitution Cipher
Let P=C=Z
29
. K consists of all possible permutations
of the 29 symbols 0,1,...,28. For each permutation
K, define
e (x) = (x)
and define
d (x) =

1
(y)
Where

1
is the inverse permutation of .
11/21/2013
21
Substitution Cipher (cont’d)
A key for the
Substitution Cipher
just consists of a
permutation of the 29 alphabetic characters.
The number of these permutations is 29!, which is
more than 4.0 x 10
26
, a very large number.
Thus, an exhaustive key search is infeasible, even for
a computer.
However, we can show that a
Substitution Cipher
can
easily be cryptanalyzed by other methods.
11/21/2013
22
Vigenere Cipher
Let m be some fixed positive integer. Define P=C=K= (Z
29
)
m
.
For a key K = (k
1
,k
2 , ...,
k
m
), we define
e
k
(x
1
,x
2
,...,x
m
)=(x
1
+k
1
,x
2
+k
2
,...,x
m
+k
m
)
And
d
k
(y
1
,y
2
,...,y
m
)=(y
1

k
1
,y
2

k
2
,...,y
m

k
m
).
Where all operations are performed in Z
29
.
Shift Cipher and Substitution Cipher are
monoalphabetic
(each
letter in plaintext is transformed to a fixed letter as
ciphertext).
Vigenere Cipher is
polyalphabetic
(transformation depends also
on the location of the letter).
Polyalphabetic property (one

to

many correspondence)
makes Vigenere Cipher stronger against frequency analysis.
Nevertheless it was broken by Kasiski back in 1863.
11/21/2013
23
Cryptanalysis of Vigenere Cipher (1)
Source: Markus Kuhn’s slides
11/21/2013
24
Cryptanalysis of Vigenere Cipher (2)
11/21/2013
25
Cryptanalysis of Vigenere Cipher (3)
11/21/2013
26
Hill Cipher
The ciphertext (y) is obtained from
the plaintext (x) by means of a linear
transformation: y = xK.
We can use the inverse matrix K

1
to
decrypt: x=yK

1
.
How do we find the inverse of a
matrix?
11/21/2013
27
Permutation Cipher
The idea is to keep the plaintext
characters unchanged, but to alter
their positions by rearranging them.
Also known as Transposition Cipher.
In fact, Permutation Cipher is a
special case of the Hill Cipher. How?
11/21/2013
28
Random Variable
A
random variable
x
has a probability distribution
p(x),
which is the probability that
X = x.
For two random variables
x
and
y
, the distribution
p(x,y)
gives the probability that
X = x
and
Y = y
.
The probability that
X = x
given that
Y = y
is the
conditional probability, and is written
p(xy)
.
Note that
p(x,y) = p(xy) * p(y)
a
nd
p(x,y) = p(yx) * p(x)
The above equation can be rewritten as
Bayes'
Theorem
:
p(xy) = p(x) * p(yx) / p(y)
11/21/2013
29
Perfect Secrecy
Computationally secure:
The most efficient known
algorithm for breaking a cipher would require far more
computational steps than any hardware available to an
opponent can perform.
Unconditionally secure:
The opponent has not enough
information to decide whether one plaintext is more
likely to be correct than another, even if
unlimited
computational power were available.
A cryptosystem is unconditionally secure (has perfect
secrecy) if
Pp(xy) = Pp(x) for all x
倬y
䌮
T
he posteriori
probabilities of being particular
plaintexts are equal to the
a priori
probabilities
independently of the values of either plaintext or
ciphertext.
In other words, ciphertext gives no additional
information to determine the plaintext.
11/21/2013
30
Entropy
Entropy can be thought as a mathematical measure of
information or uncertainty, and is computed as a
function of a probability distribution.
Suppose
X
is a random variable which takes on a
finite set of values according to a probability
distribution
p(X).
Then, the entropy of this probability
distribution is defined to be the quantity
n
i
i
i
p
p
X
H
1
2
log
)
(
11/21/2013
31
Information Theory and Cipher Security
Perfect Secrecy in terms of entropy:
H(PC) = H(P)
Shannon showed that this implies
H(K) >= H(P)
The remaning uncertainty about a key when some
ciphertext is known is called
key equivocation
and can
be calculated as
H(KC) = H(K) + H(P)

H(C)
In an unconditionally secure cipher, H(KC) never
approaches zero.
11/21/2013
32
One

Time Pad
One well

known realization of perfect secrecy is the
Vernam One

Time Pad.
The OTP is a variant of Vigenere Cipher with the key
as long as the plaintext (no key letter is ever used to
encrypt more than one plaintext letter).
Every key should be used with equal probability 1/K.
11/21/2013
33
One

Time Pad (cont’d)
USA and Britain used one

time pads during the
second world war. However today one

time pads have
a little usage in practice. These are the reasons:
One

Time Pad has the problem of transfering
securely the key material which is very long (at least
as long as the plaintext message).
The key is also required to be generated in a
perfectly random way which is not an easy task.
State

of

the

art encryption algorithms that we will see
next week suffices for the needs most of the time
even though they provide only computational security.
Recycling one

time pads, is it possible?
11/21/2013
34
Next Class
Secret

Key Cryptography
Σχόλια 0
Συνδεθείτε για να κοινοποιήσετε σχόλιο