Cryptography 1 - PSU

innocentsickAI and Robotics

Nov 21, 2013 (3 years and 11 months ago)

46 views

Cryptography 1

CS432

Overview


What is cryptography and cryptology?


The main components of a crypto system.


Problems solved by cryptography.


Basic concepts: symmetric cryptography,
asymmetric cryptography, digital
signatures.


Types of algorithms and related concepts.


Cryptography and Cryptology


Encryption
: transformation of intelligible,
understandable information into unintelligible form to
disguise its meaning and intent from intruders.


Decryption:

The inverse transformation of encrypted
information into intelligible form


Both encryption and decryption are based on keys. It
should be difficult or impossible to decrypt a message
without knowing the key.


Cryptography
: encryption + decryption.


Cryptanalysis:

analyzing encrypted information with the
intent of recovering the original plain information, without
knowing the key.


Cryptology
: cryptography + cryptanalysis.

The Encryption and Decryption
Process


The encryption model

The major components of a crypto
system (the model)


Plain text:
the original message before encryption.


Encryption Algorithm
: the algorithm used to transform
the plaintext into unintelligible form (the cipher text).


The cipher text
: the encrypted text.


Encryption key
: the encryption process is always based
on a key.


Decryption Algorithm
: used to transforms cipher text
back to plaintext.


The Decryption key
: the key used in the decryption
process.


All algorithms must be public; only the keys are secret.

Intruders and Cryptanalysis


It is assumed that there is an
intruder

who listens to all communications and
he may copy or delete any message


An
active intruder
modifies some
messages and re
-
inserts them


A
passive intruder
just listens


To decrypt a message without having a
key, an intruder practices the art of
cryptanalysis

What Does Cryptography Solve?


Confidentiality


Ensure that nobody can get knowledge of what you transfer even if
listening to the whole conversation


Integrity


Ensure that message has not been modified during the
transmission


Authenticity


You can verify that you are talking to the entity you think you are
talking to


Identity


You can verify who is the specific individual behind that entity


Non
-
repudiation


The individual behind that asset cannot deny being associated with
it

Symmetric Encryption

“An introduction
to cryptography”


“AxCvGsmWe#4^,
sdgfMwir3:dkJeTs
Y8R
\
s@!q3%”

“An introduction
to cryptography”


Clear
-
text input

Clear
-
text output

Cipher
-
text

Same key

(shared secret)

Encryption

Decryption

DES

DES

Asymmetric Encryption

“An introduction
to cryptography”


“Py75c%bn&*)9|f
De^bDzjF@g5=&
nmdFgegMs”

“An
introduction to
cryptography”

Clear
-
text Input

Clear
-
text Output

Cipher
-
text

Different keys

Encryption

Decryption

RSA

RSA

Asymmetric Encryption


Things to remember about asymmetric keys:


The relation between the two keys is unknown and from one
key you cannot gain knowledge of the other, even if you
have access to clear
-
text and cipher
-
text


The two keys are interchangeable. All algorithms make no
difference between public and private key. When a key pair
is generated, any of the two can be public or private

g$5knvMd’rk
vegMs”

Clear
text

?

Encryption

Example: Confidentiality

Different

keys

Recipient’s
public key

Recipient’s
private key

private

public

Encryption

Decryption

“An
introduction to
cryptography”

“Py75c%bn&*)9|f
De^bDzjF@g5=&
nmdFgegMs”

“An
introduction to
cryptography”

Clear
-
text Input

Clear
-
text Output

Cipher
-
text

Example: Authenticity

Different

keys

Sender’s
public key

Sender’s
private key

private

public

Encryption

Decryption

“An introduction
to cryptography”


“Py75c%bn&*)9|f
De^bDzjF@g5=&
nmdFgegMs”

“An introduction
to cryptography”


Clear
-
text Input

Clear
-
text Output

Cipher
-
text

Creating a Digital Signature

3kJfgf*£$&

Py75c%bn

This is the
document
created by
Gianni

Message or File

Digital Signature

Message Digest

Calculate a short message
digest from even a long input
using a one
-
way message
digest function (hash)

Signatory's
private key

priv

Generate

Hash

SHA, MD5

Asymmetric

Encryption

RSA

This is the
document
created by
Ahmed

3kJfgf*£$&

Signed

Document

(Typically 128 bits)

Verifying a Digital Signature

RSA

This is the
document
created by
Ahmed

3kJfgf*£$&

Signed

Document

Py75c%bn

Message Digest

Generate

Hash

Gianni's public key

(from certificate)

Asymmetric

Decryption

pub

Digital

Signature

Py75c%bn

? Compare ?

Classification of Ciphers


Substitution ciphers


Cesar’s cipher


Affine transformation ciphers


Transposition ciphers


One
-
time pad


Block ciphers


Exponentiation ciphers


RSA

Substitution Ciphers



Each symbol is replaced by another symbol (Example:
with Latin alphabet, in
monoalphabetic substitution
, the key
is a 26
-
letter string that represents the substituting
permutation of the alphabet, so 26! keys are available)

Case study
:
Caesar cipher (A
-
> D, B
-
> E, C
-
>F, …Z
-
>C )
,
or

ord (s) = [ord(s) + 3] mod 26.


Letters

are packed in equal blocks to prevent cryptanalysis
based on the word length





Case Study: Cesar’s Cipher

Plaintext:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z


0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

Ciphertext:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z


3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

THIS MESSAGE IS TOP SECRET

THISM ESSAG EISTO PSECR ET

19 7 8 18 12 | 4 18 18 0 6 | 4 8 18 19 14 |
15 18 4 2 17 | 4 19|

22 10 11 21 15 | 7 21 21 3 9 | 7 11 21 22
17 | 18 21 7 5 20 | 7 22

WKLVP HVVDJ HLVWR SVHFU HW

Substitution Ciphers

Substitution ciphers are easy to break with a
relatively small amount of ciphertext, using
statistical properties of the language
(frequency of letters, b
igrams
,
trigrams
, etc.)


A Cryptanalysis Example


Letter

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z


Frequency 7 1 3 4 13 3 2 3 8 <1 <1 4 3 8 7 3 <1 8 6 9 3 1 1 <1 2 <1

The frequencies of occurrence of letters in English text:


Letter

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z


Frequency 1 0 4 5 1 3 0 0 0 1 0 1 1 1 0 7 2 2 2 3 0 0 1 2 3 2

Analysis of the frequencies of occurrence of letters in the ciphertext:

Ciphertext:
YFXMP CESPZ CJTDF DPQFW QZCPY NTASP CTYRX PDDLR PD


(Suppose, we know that shift transformation cipher was used)

Guess: P(7) = E(13) =>
15 = 4 + k (mod 26) => k = 11.

Plaintext: NUMBE RTHEO RYISU SEFUL FOREN CIPHE RINGM ESSAG ES

(NUMBER THEORY IS USEFUL FOR ENCIPHERING MESSAGES)

Transposition Cipher


All symbols are reordered according to a
permutation specified by the key


Example:
WISPER
the key

must have no repeated symbols


6253 14
the relative order of each symbol in the key



“CIS IS THE BEST COLLEGE IN TOWN”


C I S I S T

H E B E S T

C O L L E G

E I N T O W
plaintext

is written in
rows

of the key’s
size

N x x x x x
the last row is
padded








1 2 3 4 5 6


SOXLEIEEGTTHUTTMNY
(ciphertext is written in columns
permuted in the order of key’s symbols)


Transposition ciphers can also be broken by guessing the key
size and using statistical analysis when the cryptanalyst knows
that it is a transposition cipher.

Transposition Ciphers

C I S I S T

H E B E S T

C O L L E G

E I N T O W
plaintext

is written in
rows

of the key’s
size

N x x x x x
the last row is
padded


WISPER

6253 14


SIITSC

SEETBH

EOLGLC

OITWNE

XXXXXN


Cipher Text: SSEOX IEOIX IELTX TTGWX SBLNX CHCEN

Any bit sequence the size of plaintext can be a key. Each bit of
plaintext is XOR
-
ed with the corresponding bit of the key to
produce a bit of the ciphertext


One
-
Time Pad Ciphers

0

1

1

1

0

0

1

0

(XOR)

+






E
K
D
K
=

)
(
)
(
x
y
y
x
y
x





Plaintext: 001110011010010110


Key: 100100100111110110

Ciphertext: 101010111101100000

Example:

One
-
time Pad is unbreakable;
however key distribution is a big
problem…

Block Ciphers (Affine Transformation)


Key:


A


is a square integer matrix of order
n
such that (|
A
|, 26) = 1


B

is an
n
-
vector of integers


The ciphertext is split into blocks of
length
n;
the last block is padded


For each block

P
,
compute


C = (AP + B) (mod 26)

Exponentiation Ciphers

Given:


p
is a prime


The
key,
e
> 0

satisfies:
(e, p
-
1) = 1

Plaintext:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z


00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

1.
Group the resulting numbers into blocks of
2m
decimal digits, where
m
is
the largest even integer such that the decimal value of each block is less
than
p

2.
For each plaintext block,
P,

compute a ciphertext block
C = P
e
(mod p)

3.
To decipher, find
d
such that
de
≡ 1 (mod p
-
1)
and compute
P = C
d
(mod p)

C
d
≡ P
ed
P ≡ P
k(p
-
1)+1
≡ [P

(p
-
1)
]
k
P ≡ P (mod p)

(By Fermat’s Little Theorem)

Exponentiation Ciphers: An Example


p = 2633;


the key
e = 29; (e, p
-
1) = (29, 2632) =
1;


Block length is 4 (
m=2)

Plaintext:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z


00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

THIS IS AN EXAMPLE OF AN EXPONENTIATION CIPHER

1907 0818 0818 0013 0423 0012 1511 0414 0500 1304 2315 1413 0413 1908 0019
0814 1302 0815 0704 17
23

1907
29



2199 (mod 2633)

2199 1745 1745 1206 2437 2425 1729 1619 0935 0960 1072 1541 1701 1553 0735
2064 1351 1794 1841 1459

d

=
2269

2269*2622

≡ 1 (mod 2622)


2199
2269



1907 (mod 2633)

One Immediate Application:
The Diffie
-
Hellman Algorithm

Problem:

Establish
common
keys (for symmetric cryptography) to be used by two
individuals so that
intruders

cannot discover them in a feasible amount of computer time.

Let



p

be a large prime



a

be an integer relatively prime to
p

These are known to all!

Pick
k
1

relatively prime
to
p
-
1

p
y
p
a
y
k



1
1
0
),
(mod
1
Pick
k
2

relatively prime
to
p
-
1

p
y
p
a
y
k



2
2
0
),
(mod
2
p
K
p
a
p
y
K
k
k
k




0
),
(mod
)
(mod
2
1
2
1
p
K
p
a
p
y
K
k
k
k




0
),
(mod
)
(mod
1
2
1
2
=

A Simple Example of a DH
Exchange

p

=17

a

= 2

k
1

= 3

8
)
17
(mod
8
)
(mod
1
1



p
a
y
k
k
2

= 5

15
)
17
(mod
32
)
(mod
2
2



p
a
y
k
9
)
17
(mod
32768
)
(mod
2
1



p
y
K
k
9
)
17
(mod
3375
)
(mod
1
2



p
y
K
k
=

Modern
Symmetric
-
Key Algorithms


Combine transpositions and
substitutions and cascade them to
make the algorithms very complex (to
prevent cryptanalysis even when large
amounts of ciphertext are available)


Often use
block

ciphers

E
D
K
K

4
-
bit transposition (T)

S

S

S

S

S

S



T

S


T

S


T

Cascading into a
product

4 to 2 encoder

2
-
bit substitution (S)

T

2 to 4 decoder

Some Common Symmetric
-
Key
Cryptographic Algorithms

(after A. Tanenbaum)

Cipher

Key size (bits)

Characteristics

Rijndael

128
-
256

Best

Triple DES

168

Second best

Serpent, Twofish

128
-
256

Very strong

IDEA

128

Good (but patented)

RC5

128
-
256

Good (but patented)

RC4

1
-
2048

Some keys are weak

DES

56

Weak

Public
-
Key Cryptography

A (public key, private key) pair


Publish the public key (= encryption key)


Keep the private key (= decryption key) secret

Two essential requirements:

1)

2) It is
very hard (
i.e,

computationally infeasible)
to obtain from



To send a message
M

to you, I send


You decrypt it, obtaining:


E
K
D
K
.
))
(
(
M
M
K
K
E
D

I
K
K
E
D


D
K
E
K
);
(
M
K
E
RSA (Rivest, Shamir, Adleman)


Parameters:
p, q, n, z, d, e


Choose, large (1024 bits)
primes
:
p, q


Compute
n = pq, z = φ(n) = (p
-
1)(q
-
1)


Choose the
exponent
e

relatively prime to
z


Find
d:

ed

1(mod z)


Keys:
public
,

(
e
, n)
;
private
,
(
d
, n)
;


Encryption and decryption:


Brake the plaintext into
largest equal even
-
digit blocks

(
P
)
shorter

than
n

bits


Encrypt each block

P
by computing
C = E(P)


P
e

(mod n)


Decrypt
C
by computing
D(C)


C
d

(mod n)

P
ed
(mod n)

P
k
φ(n)+1

(mod n)

P
k
φ(n)

P(mod n)

P(mod n)




Euler’s Theorem:


If
n > 0
and
e
and
d
are integers, such that
(a, m) = 1
, then

a
φ(m)


1 (mod m).

The probability that P and
n are not relatively prime
is extremely low!

RSA: An Example


p = 43, q=59; n = 43*59 = 2357;
φ(n) = 42*58 =2436


Exponent e = 13; (e,
φ(n)

) = (13, 42*58) = 1;


Block length is 4

Plaintext:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z


00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

PUBLIC KEY CRYPTOGRAPHY

1520 0111 0802 1004 2402 1724 1519 1406 1700 1507 24
23

1520
13



95 (mod 2537)

0095 1648 1410 1299 0811 2333 2132 0370 1185 1457 1084


937* 13

≡ 1 (mod 2436)


0095
937



1520 (mod 2537)

d

=
937

E(P)
≡ P
e

(mod n)

P

≡ C
d

(mod n)

Public key: (13, 2357)

Private key: (937, 2357)

Properties of RSA


The algorithm is secure because of the difficulty of
factoring
N.
Factoring a 500
-
digit number should
take 10
25
years using a CPU with 1 microsecond
instruction time


Encryption and decryption are inverse and
commutative (an important property for
digital
signatures
)


The algorithm is slow (compared to DES and other
symmetric algorithms with much shorter keys)


RSA may be prohibitively slow when dealing with large blocks
of data. It is typically used for one
-
time session key distribution
for a symmetric
-
key algorithm (such as triple
-
DES)