Cryptography
Dan Fleck
CS 469: Security Engineering
These slides are modified with permission from Bill Young (
Univ
of Texas)
Coming up: Cryptography
1
Cryptography
Apply your cryptanalytic skills.
How
do you get started?
What questions
should you ask?
•
What is the likely
underlying
language of the plaintext
?
•
What
characteristics of the probable source text are relevant?
•
What
characteristics of the source language are relevant?
•
What
is the likely nature/complexity of the
encryption
algorithm
?
•
Have
any transformations/compressions been applied prior
to
encryption
?
•
What
else?
CIA
Kryptos
Sculpture
Coming up: Encryption / Decryption
2
Encryption / Decryption
The purpose of encryption is to render the message less useful
/
meaningful
to any eavesdropper. Conceptually, the process
of
encryption
is quite simple
:
As is the process of decryption:
Encrypt
ciphertext
plaintext
Key
e
(optional)
Decrypt
plaintext
ciphertext
Key
d
(optional)
Coming up: Information Theory and Cryptography
3
Information Theory and
Cryptography
Information theory informs cryptography in several ways:
•
What eﬀect does encrypting a message have on
the
information
content of the ﬁle?
•
An
attempt to decrypt a message is really an attempt
to
recover
a message from a (systematically) noisy channel.
•
How
can redundancy in the source give clues to the
decoding
process
?
•
Is
a perfect encryption possible (i.e., one that is
theoretically
unbreakable
)?
Coming up: Some Terminology
4
Some
Terminology
Encryption and decryption are functions which transform one
text into
another. In functional notation:
C = E(P) and P = D(C)
where C denotes
ciphertext
, E is the encryption rule, D is
the
decryption
rule, P is the plaintext. In this case, we also have:
P = D(E(P))
It is obviously important to be able to recover the original
message from
the
ciphertext
.
Coming up: Keyed Algorithms
5
Keyed
Algorithms
Often the encryption and decryption algorithms use a key K.
The key
selects a speciﬁc algorithm from the family of
algorithms deﬁned
by E.
We write this dependence as:
C
= E(P,K
E
) and P = D(C,K
D
)
If K
E
= K
D
, then the algorithm is called
symmetric
. If not, then
it is
called
asymmetric
. In general,
P = D(E(P,K
E
),K
D
)
An algorithm that does not use a key is called a
keyless cipher
.
Coming up: Some Notation
6
Some
Notation
Often the notation E(P,K) and D(C,K) becomes cumbersome
. An
alternative notation is often used, particularly in
cryptographic
protocols
.
We’ll often
use
to denote E(P,K),
and sometimes
to
denote D
(P,K). For example
,
This
is usually appropriate since, in many important
commercial
cryptosystems
, the same algorithm is used for both encryption
and decryption
(i.e., the algorithm is its own inverse).
P
D
(
E
(
P
,
K
E
)
,
K
D
)
{
{
P
}
K
E
}
K
D
Coming up: Cryptanalysis Tools
7
{
P
}
K
E
{
P
}
K
D
Cryptanalysis
Tools
The analyst works with:
•
encrypted messages,
•
known
encryption algorithms,
•
intercepted
plaintext,
•
data
items known or suspected to be in a
ciphertext
message,
•
mathematical
and statistical tools and techniques,
•
properties
of languages,
•
computers
,
•
ingenuity
and luck.
Really!
CIA
revealed that their analyst David Stein had
also solved the same sections in 1998, using pencil and
paper techniques, though at the time of his solution the
information was only disseminated within the
intelligence community, and no public announcement
was made.

Wikipedia
Coming up: Lessons
8
Lessons
•
Encryption
is designed to obscure the meaning of text.
•
Redundancy
is the enemy of secure encryption because
it
provides
leverage to the attacker.
End of presentation
9
Comments 0
Log in to post a comment