Lecture #2 - Hakan Ezgi Kızılöz

innocentsickAI and Robotics

Nov 21, 2013 (3 years and 10 months ago)

117 views

11/21/2013

1

Lecture 3

Introduction to Cryptography

11/21/2013

2

This Week



The Role of Cryptography


Historic Examples of Simple Ciphers


Types of Cryptanalysis


Information Theory and Cipher Security


One
-
Time Pad


11/21/2013

3

Cryptography


Cryptography is the art and science of encryption,
converting information from its normal form to an
incomprehensible format. At least, that is how it
started out.


Nowadays, it is much broader, covering
authentication, digital signatures, and many more
elementary security functions.


Cryptography is an extremely varied field. From
quantum physics to DNA computing, there are so
many scientific disciplines in relation with
cryptography. That is why there is nobody in the
world who knows everything about cryptography.
There isn’t even anybody who knows most of it.

11/21/2013

4

The Role Of Cryptography


Cryptography by itself is fairly useless. It has
to be part of a much larger system.


Cryptography is like
locks

in the physical
world. A lock by itself is singularly useless
thing.


Even though cryptography is only a small
part of the security system, it is a very
critical part.


Cryptography takes on the role of the lock: it
has to distinguish between “good” access and
“bad” access. This is much more difficult than
keeping everybody out.

11/21/2013

5

Cryptanalysis


Cryptanalysis
is the opposite of
cryptography, the study of methods for
obtaining the meaning of encrypted
messages.


Cryptography and cryptanalysis are
sometimes grouped together under the
umbrella term
cryptology.


(
Cryptology = Cryptography + Cryptanalysis)


In practice, cryptography is also used to
refer to the field as a whole.

11/21/2013

6

History of Cryptology


It
has a fascinating history and dates as far back to
4000 years ago.


The earliest example of an attempt to obscure the
meaning of an inscription was found in Egypt.


The first notable personality in the history of
cryptography is probably Julius Caesar (100


44 BC),
who used the “Substitution Cipher” for government
communication.


In these early days, encryption was mainly performed
using “pen and paper”, therefore the methods were
ad hoc, simple and inefficient. Only in 1900’s, the
invention of mechanical devices called “rotors”
allowed more sophisticated and systematic techniques
for cryptography.

11/21/2013

7

History of Cryptology (cont’d)


U
ntil the First World War, important
developments did not appear timely
and the science of cryptography
moved forward in the same way as
most other specialized disciplines.


Starting in 1918,
things began to
change

(detailed introduction of
earlier history can be found in
David
Kahn’s book
.):


11/21/2013

8

Milestones


1918:

William F. Friedman’s monograph “The Index of
Coincidence and Its Applications in Cryptography”
appeared as a research report.


1918:

Edward H. Hebern filed the first patent for a
rotor machine.


1933:

The Enigma machine, used by Germany in
WW2, was broken by Marian Rejewski.


1949:

Claude Shannon’s paper “The Communication
Theory of Secrecy Systems” appeared in the Bell
Systems technical journal.


1967:

David Kahn’s book on the history of
cryptography, “Codebreakers” was published.


1970:

At IBM, Horst Feistel began the development of
what was to become the U.S. Data Encryption
Standard (DES).

11/21/2013

9

Milestones (cont’d)


1976:

Whitfield Diffie and Martin Hellman published
“New Directions in Cryptography”, introducing the
idea of public key cryptography.


1978:

The first realization of public key cryptography,
RSA algorithm was published in Communications of
ACM.


1991:

Phil Zimmermann releases the public key
encryption program PGP along with its source code,
which quickly appears on the Internet. Zimmermann
spent years under investigation because of his release
of PGP.


2001:
After a competition, Rjindael algorithm was
chosen as AES (Advanced Encryption Standard).


2005:

SHA
-
1, one of FIPS (
Federal Information
Processing Standards
) approved hash functions, was
broken.

11/21/2013

10

Applications of Cryptography


Historically, the sole purpose of cryptography was to
assure secrecy. By the rise of e
-
banking and e
-
commerce applications, the use of cryptography for
integrity protection surpasses its use for secrecy.


For instance in electronic funds transfer, without
appropriate cryptographic countermeasures, an error
in a single bit could literally cause millions of dollars
to be erroneously credited or debited.


W
idespread use of cryptography in the Internet

is
well
-
known:

at

least the
acronyms of security
protocols such as SSL, SSH, S/MIME etc.


Maybe the less known is the fact that cryptography is
used in almost every electronic device we have today
(mobile phones, pay
-
TV decoders, game consoles, car
keys, door access cards, burglar alarms etc.)

11/21/2013

11

The Generic Setting

Alice

Oscar

encrypter

decrypter

key source

Bob

secure channel

P

C

P

K

plaintext

ciphertext

D
K
(E
K
(P)) = P


11/21/2013

12

Kerckhoff’s Principle


The security of the encryption scheme must depend
only on
secrecy of the key and not on the secrecy of

the algorithms
.


Reasons:


Algorithms are hard to change and secrets are hard
to keep.


It is very easy to make a small mistake and design a
cryptographic algorithm that is weak.

11/21/2013

13

Key Escrow and Export Control


Key escrow

is an arrangement in which
the keys needed to decrypt encrypted data
are held in
escrow

by a third party, so that
someone else can obtain them to decrypt
messages


For Law Enforcement (Clipper Chip)


For Careless Users


Many countries used to impose severe
restrictions on export of encryption. They
are pretty much lifted today.



11/21/2013

14

History of Cryptanalysis


T
he earliest known cryptanalys
is book is written by
Al
-
Kindi
, lived between 801 AD and 873 AD.


The main topics of
A
l
-
Kindi's book are methods of
cryptanalysis, cryptanalysis of ciphers and frequency
analysis of Arabic.


Al
-
Kindi's manuscript was discovered
at the old library in Istanbul.



The International Association for Cryptologic Research
newsletter Vol. 20, No. 3, (Late) Fall 2003, included
an interesting review of a new translation of
Al
-
Kindi's

work.


http://www.iacr.org/newsletter/v20n3/newbooks.html


11/21/2013

15

Cryptanalysis (cont’d)


Historically,
frequency analysis

was the
main technique used to break simple
ciphers. It uses statistics to measure the
frequency of single letters and their
combinations in natural languages.


In modern cryptanalysis, since ciphers
became more complex, frequency analysis
loses its predominance over other
mathematical techniques.


11/21/2013

16

Types of Cryptanalysis


Ciphertext
-
only attack:

The cryptanalyst obtains examples
of ciphertext and knows some statistical properties of
typical plaintext.


Known
-
plaintext attack:

The cryptanalyst obtains examples
of ciphertext/plaintext pairs.


Chosen
-
plaintext attack:

The cryptanalyst can generate a
number of plaintexts and will obtain the corresponding
ciphertext.


Adaptive chosen
-
plaintext attack:

The cryptanalyst can
perform several chosen
-
plaintext attacks and use
knowledge gained from previous ones in the preparation of
new plaintext.


The goal is always to find the key or any other
information that helps in decrypting or encrypting new
text.

11/21/2013

17

Brute
-
Force Attack


Key Space

refers to the set of all possible
values the key might have. The size of key
space is critical because if it is not large
enough, using a plaintext
-
ciphertext pair,
the attacker can exhaustively try all the key
space until he finds the correct key.


Exhaustive key search is sometimes
referred as the
brute
-
force attack

since
there is no intelligence involved.


The goal of the cryptanalyst is to come up
with a more efficient attack than the brute
-
force attack.

11/21/2013

18

Shift Cipher


Let P=C=K=Z
29
. For 0 K 28, define



e
K
(x)=x+K mod 29


d
K
(y)=y
-
K mod 29


(x,y Z
29
)



For the particular key K=3, the cryptosystem is often
called the
Caesar Cipher
, which was purportedly used
by Julius Caesar.




11/21/2013

19

Example


CIPHERTEXT:
WUYMUL MCGJFS
LYJFUWYX YUWB
FYNNYL CH U GYMMUAY
QCNB NBY FYNNYL
NBUN CM NBLYY
JFUWYM ZOLNBYL XIQH
NBY UFJBUVYN BIQ
UVION GY


PLAINTEXT:
Caesar
simply replaced each
letter in a message with
the letter that is three
places further down the
alphabet how about me


English Letter Frequency
0
0.02
0.04
0.06
0.08
0.1
0.12
0.14
a
c
e
g
i
k
m
o
q
s
u
w
y
11/21/2013

20

Substitution Cipher


Let P=C=Z
29
. K consists of all possible permutations
of the 29 symbols 0,1,...,28. For each permutation


K, define



e (x) = (x)




and define



d (x) =
-
1
(y)


Where
-
1
is the inverse permutation of .














11/21/2013

21

Substitution Cipher (cont’d)


A key for the
Substitution Cipher

just consists of a
permutation of the 29 alphabetic characters.


The number of these permutations is 29!, which is
more than 4.0 x 10
26
, a very large number.


Thus, an exhaustive key search is infeasible, even for
a computer.


However, we can show that a
Substitution Cipher

can
easily be cryptanalyzed by other methods.

11/21/2013

22

Vigenere Cipher


Let m be some fixed positive integer. Define P=C=K= (Z
29
)
m
.
For a key K = (k
1
,k
2 , ...,
k
m
), we define



e
k
(x
1
,x
2
,...,x
m
)=(x
1
+k
1
,x
2
+k
2
,...,x
m
+k
m
)

And


d
k
(y
1
,y
2
,...,y
m
)=(y
1
-
k
1
,y
2
-
k
2
,...,y
m
-
k
m
).

Where all operations are performed in Z
29
.



Shift Cipher and Substitution Cipher are
monoalphabetic
(each
letter in plaintext is transformed to a fixed letter as
ciphertext).


Vigenere Cipher is
polyalphabetic
(transformation depends also
on the location of the letter).


Polyalphabetic property (one
-
to
-
many correspondence)
makes Vigenere Cipher stronger against frequency analysis.
Nevertheless it was broken by Kasiski back in 1863.



11/21/2013

23

Cryptanalysis of Vigenere Cipher (1)

Source: Markus Kuhn’s slides

11/21/2013

24

Cryptanalysis of Vigenere Cipher (2)

11/21/2013

25

Cryptanalysis of Vigenere Cipher (3)

11/21/2013

26

Hill Cipher


The ciphertext (y) is obtained from
the plaintext (x) by means of a linear
transformation: y = xK.


We can use the inverse matrix K
-
1
to
decrypt: x=yK
-
1
.


How do we find the inverse of a
matrix?


11/21/2013

27

Permutation Cipher


The idea is to keep the plaintext
characters unchanged, but to alter
their positions by rearranging them.


Also known as Transposition Cipher.


In fact, Permutation Cipher is a
special case of the Hill Cipher. How?

11/21/2013

28

Random Variable


A
random variable

x

has a probability distribution
p(x),

which is the probability that
X = x.



For two random variables
x

and
y
, the distribution
p(x,y)

gives the probability that
X = x

and
Y = y
.


The probability that
X = x

given that
Y = y

is the
conditional probability, and is written
p(x|y)
.


Note that


p(x,y) = p(x|y) * p(y)

a
nd
p(x,y) = p(y|x) * p(x)


The above equation can be rewritten as
Bayes'
Theorem
:


p(x|y) = p(x) * p(y|x) / p(y)

11/21/2013

29

Perfect Secrecy


Computationally secure:

The most efficient known
algorithm for breaking a cipher would require far more
computational steps than any hardware available to an
opponent can perform.


Unconditionally secure:

The opponent has not enough
information to decide whether one plaintext is more
likely to be correct than another, even if
unlimited

computational power were available.


A cryptosystem is unconditionally secure (has perfect
secrecy) if
Pp(x|y) = Pp(x) for all x


倬y





T
he posteriori

probabilities of being particular
plaintexts are equal to the
a priori

probabilities
independently of the values of either plaintext or
ciphertext.


In other words, ciphertext gives no additional
information to determine the plaintext.




11/21/2013

30

Entropy


Entropy can be thought as a mathematical measure of
information or uncertainty, and is computed as a
function of a probability distribution.


Suppose
X

is a random variable which takes on a
finite set of values according to a probability
distribution
p(X).

Then, the entropy of this probability
distribution is defined to be the quantity










n
i
i
i
p
p
X
H
1
2
log
)
(
11/21/2013

31

Information Theory and Cipher Security


Perfect Secrecy in terms of entropy:


H(P|C) = H(P)


Shannon showed that this implies


H(K) >= H(P)


The remaning uncertainty about a key when some
ciphertext is known is called
key equivocation

and can
be calculated as


H(K|C) = H(K) + H(P)
-

H(C)


In an unconditionally secure cipher, H(K|C) never
approaches zero.

11/21/2013

32

One
-
Time Pad


One well
-
known realization of perfect secrecy is the
Vernam One
-
Time Pad.


The OTP is a variant of Vigenere Cipher with the key
as long as the plaintext (no key letter is ever used to
encrypt more than one plaintext letter).


Every key should be used with equal probability 1/|K|.


11/21/2013

33

One
-
Time Pad (cont’d)


USA and Britain used one
-
time pads during the
second world war. However today one
-
time pads have
a little usage in practice. These are the reasons:


One
-
Time Pad has the problem of transfering
securely the key material which is very long (at least
as long as the plaintext message).


The key is also required to be generated in a
perfectly random way which is not an easy task.


State
-
of
-
the
-
art encryption algorithms that we will see
next week suffices for the needs most of the time
even though they provide only computational security.


Recycling one
-
time pads, is it possible?



11/21/2013

34

Next Class


Secret
-
Key Cryptography