Introduction to Cryptography  Paul Krzyzanowski [email_address] [email_address] Distributed Systems Except as otherwise no...
Ngywioggazhon Pystemp Auesfnsicutiwf & Moiiunocaiwn Piqtoaoyp
Cryptographic Systems Authentication & Communication Protocols
cryptography κρυπός hidden γραφία writing A secret manner of writing, … Generally, the art of writing or solving ciphers. ...
cryptology κρυπός hidden λογια speaking 1967  D. Kahn,  Codebreakers  p. xvi, Cryptology is the science that embraces cryp...
Cryptography    Security <ul><li>Cryptography may be a component of a secure system </li></ul><ul><li>Adding cryptography...
Terms <ul><li>Plaintext  (cleartext), message  M </li></ul><ul><li>encryption , E( M ) </li></ul><ul><li>produces  ciphert...
Terms: types of ciphers <ul><li>restricted cipher </li></ul><ul><li>symmetric algorithm </li></ul><ul><li>public key algor...
Restricted cipher <ul><li>Secret algorithm </li></ul><ul><li>Leaking </li></ul><ul><li>Reverse engineering </li></ul><ul><...
The key BTW, the above is a  bump key . See http://en.wikipedia.org/wiki/Lock_bumping.
The key Source: en.wikipedia.org/wiki/Pin_tumbler_lock
The key Source: en.wikipedia.org/wiki/Pin_tumbler_lock
The key <ul><li>We understand how it works: </li></ul><ul><ul><li>Strengths </li></ul></ul><ul><ul><li>Weaknesses </li></u...
Symmetric algorithm <ul><li>Secret key </li></ul><ul><li>C  = E K ( M  ) </li></ul><ul><li>M  = D K ( C  ) </li></ul>
Public key algorithm <ul><li>public key and private keys </li></ul><ul><ul><li>C 1  = E public ( M  ) </li></ul></ul><ul><...
McCarthy’s puzzle (1958) <ul><li>Two countries are at war </li></ul><ul><li>One country sends spies to the other country <...
McCarthy’s puzzle <ul><li>Challenge </li></ul><ul><ul><li>How can a guard authenticate a person without knowing the passwo...
Solution to McCarthy’s puzzle <ul><li>Michael Rabin, 1958 </li></ul><ul><li>Use  one-way function ,  B=f ( A ) </li></ul><...
One-way functions <ul><li>Easy to compute in one direction </li></ul><ul><li>Difficult to compute in the other </li></ul><...
McCarthy’s puzzle example <ul><li>Example with an 18 digit number </li></ul><ul><li>A = 289407349786637777 </li></ul><ul><...
More terms <ul><li>one-way function </li></ul><ul><ul><li>Rabin, 1958: McCarthy’s problem </li></ul></ul><ul><ul><li>middl...
More terms <ul><li>Stream cipher </li></ul><ul><ul><li>Encrypt a message a character at a time </li></ul></ul><ul><li>Bloc...
Yet another term <ul><li>Digital Signature </li></ul><ul><ul><li>Authenticate, not encrypt message </li></ul></ul><ul><ul>...
Cryptography: what is it good for? <ul><li>Authentication </li></ul><ul><ul><li>determine origin of message </li></ul></ul...
Cryptographic toolbox <ul><li>Symmetric encryption </li></ul><ul><li>Public key encryption </li></ul><ul><li>One-way hash ...
Classic Cryptosystems
Substitution Ciphers
Cæsar cipher <ul><li>Earliest documented military use of cryptography </li></ul><ul><ul><li>Julius Caesar  c. 60 BC </li><...
Cæsar cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Cæsar cipher shift alphabet by n (6) A B C D E F G H I J K L M N O P Q R S T U V W X Y Z U V W X Y Z A B C D E F G H I J K...
Cæsar cipher MY CAT HAS FLEAS A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T ...
Cæsar cipher MY CAT HAS FLEAS G A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S ...
Cæsar cipher MY CAT HAS FLEAS GS A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S...
Cæsar cipher MY CAT HAS FLEAS GSW A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R ...
Cæsar cipher MY CAT HAS FLEAS GSWU A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R...
Cæsar cipher MY CAT HAS FLEAS GSWUN A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q ...
Cæsar cipher MY CAT HAS FLEAS GSWUNB A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q...
Cæsar cipher MY CAT HAS FLEAS GSWUNBU A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P ...
Cæsar cipher MY CAT HAS FLEAS GSWUNBUM A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P...
Cæsar cipher MY CAT HAS FLEAS GSWUNBUMZ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O ...
Cæsar cipher MY CAT HAS FLEAS GSWUNBUMZF A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O...
Cæsar cipher MY CAT HAS FLEAS GSWUNBUMZFY A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N ...
Cæsar cipher MY CAT HAS FLEAS GSWUNBUMZFYU A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N...
Cæsar cipher MY CAT HAS FLEAS GSWUNBMUFZYUM A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M ...
Cæsar cipher <ul><li>Convey one piece of information for decryption:  shift value </li></ul><ul><li>trivially easy to crac...
Ancient Hebrew variant  (ATBASH) <ul><li>c. 600 BC </li></ul><ul><li>No information (key) needs to be conveyed! </li></ul>...
Substitution cipher <ul><li>General case: arbitrary mapping </li></ul><ul><li>both sides must have substitution alphabet <...
Substitution cipher <ul><li>Easy to decode: </li></ul><ul><ul><li>vulnerable to frequency analysis </li></ul></ul><ul><ul>...
Statistical Analysis <ul><li>Letter frequencies </li></ul><ul><ul><li>E: 12% </li></ul></ul><ul><ul><li>A, H, I, N, O, R, ...
Polyalphabetic ciphers <ul><li>Designed to thwart frequency analysis techniques </li></ul><ul><ul><li>different ciphertext...
Vigenère polyalphabetic cipher <ul><li>Blaise de Vigenère, court of Henry III of France, 1518 </li></ul><ul><li>Use table ...
Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T A B C D E F G H I J K L M N O P Q R S T B C D E F G...
Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T...
Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T...
Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T...
Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T...
Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T...
Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T...
Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T...
Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T...
Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T...
Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T...
Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T...
Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T...
Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T...
Vigenère polyalphabetic cipher &quot;The rebels reposed their major trust, however, in the Vigenere, sometimes using it in...
Transposition Ciphers
Transposition ciphers <ul><li>Permute letters in plaintext according to rules </li></ul><ul><li>Knowledge of rules will al...
Transposition ciphers: staff cipher MYCATHASFLEAS MYC HAS EAS MHE M H E
Transposition ciphers: staff cipher MYCATHASFLEAS MYC HAS EAS MHE YAA Y A A
Transposition ciphers: staff cipher MYCATHASFLEAS MYC HAS EAS MHE YAA CSS C S S
Transposition ciphers: staff cipher MYCATHASFLEAS CAT SFL S xy MHE YAA CSS AFx A F x Pad out the text. This is a  block ci...
Transposition ciphers: staff cipher MYCATHASFLEAS CAT SFL Sxy MHE YAA CSS Afx TLy T L y
Transposition cipher <ul><li>Table version of staff cipher </li></ul><ul><ul><li>enter data horizontally, read it vertical...
Transposition cipher <ul><li>Table version of staff cipher </li></ul><ul><ul><li>enter data horizontally, read it vertical...
Transposition cipher <ul><li>Table version of staff cipher </li></ul><ul><ul><li>enter data horizontally, read it vertical...
Transposition cipher <ul><li>Table version of staff cipher </li></ul><ul><ul><li>enter data horizontally, read it vertical...
Transposition cipher <ul><li>Table version of staff cipher </li></ul><ul><ul><li>enter data horizontally, read it vertical...
Transposition cipher with key <ul><ul><li>permute letters in plaintext according to key </li></ul></ul><ul><ul><li>read do...
Transposition cipher with key <ul><ul><li>permute letters in plaintext according to key </li></ul></ul><ul><ul><li>read do...
Transposition cipher with key <ul><ul><li>permute letters in plaintext according to key </li></ul></ul><ul><ul><li>read do...
Transposition cipher with key <ul><ul><li>permute letters in plaintext according to key </li></ul></ul><ul><ul><li>read do...
Transposition cipher with key <ul><ul><li>permute letters in plaintext according to key </li></ul></ul><ul><ul><li>read do...
Transposition cipher with key <ul><ul><li>permute letters in plaintext according to key </li></ul></ul><ul><ul><li>read do...
Combined ciphers <ul><li>Combine transposition with substitution ciphers </li></ul><ul><ul><li>German ADFGVX cipher (WWI) ...
Electro-mechanical cryptographic engines
Rotor machines <ul><li>1920s: mechanical devices used for automating encryption </li></ul><ul><li>rotor machine </li></ul>...
Rotor machines <ul><li>Simplest rotor machine: single cylinder </li></ul><ul><li>after a character is entered, the cylinde...
Single cylinder rotor machine A B C D E F G H I J K L M  N  O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S ...
Single cylinder rotor machine A B C D E F G H I J K L  M  N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R  S...
Single cylinder rotor machine A B C D E F G H I J K L M N O P Q R S T U V W X  Y  Z A B C D E F G H I J K L M N O P Q R S ...
Single cylinder rotor machine A B  C  D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H  I  J K L M N O P Q R ...
Single cylinder rotor machine A  B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T...
Single cylinder rotor machine A B C D E F G H I J K L M N O P Q R S  T  U V W X Y Z A B C D E F G H I J K L M N O P Q R S ...
Single cylinder rotor machine A B C D E F G  H  I J K L M N O P Q R S T U V W X Y Z A  B C D E F G H I J K L M N O P Q R S...
Single cylinder rotor machine A  B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T...
Single cylinder rotor machine A B C D E F G H I J K L M N O P Q R  S  T U V W X Y Z A B C D E F G H I J K L M N  O  P Q R ...
Single cylinder rotor machine A B C D E  F  G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H  I  J K L M N O P Q R ...
Single cylinder rotor machine A B C D E F G H I J K  L  M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M  N  O P Q R ...
Single cylinder rotor machine A B C D  E  F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J  K  L M N O P Q R ...
Single cylinder rotor machine A  B C D E F G H I J K L M N O P Q R S T U V W X Y Z A  B  C D E F G H I J K L M N O P Q R S...
Single cylinder rotor machine A B C D E F G H I J K L M N O P Q R  S  T U V W X Y Z A B C D E F G H I J K L M N O P Q R S ...
Multi-cylinder rotor machines <ul><li>Single cylinder rotor machine </li></ul><ul><ul><li>substitution cipher with a perio...
Enigma <ul><li>Enigma machine used in Germany during WWII </li></ul><ul><li>Three rotor system </li></ul><ul><ul><li>26 3 ...
Enigma Keyboard (input) Glowlamps (results) Plugboard Rotors Reflector
One-time pads <ul><li>Only provably secure encryption scheme </li></ul><ul><li>invented in 1917 </li></ul><ul><li>large no...
One-time pads <ul><li>If pad contains KWXOPWMAELGHW … </li></ul><ul><li>and we want to encrypt MY CAT HAS FLEAS </li></ul>...
One-time pads <ul><li>The same ciphertext can decrypt to  anything   depending on the key! </li></ul><ul><li>Same cipherte...
One-time pads <ul><li>Can be extended to binary data </li></ul><ul><ul><li>random key sequence as long as the message </li...
One-time pads <ul><li>Problems with one-time pads </li></ul><ul><ul><li>key needs to be as long as the message! </li></ul>...
Digression: random numbers <ul><li>“ anyone who considers arithmetical methods of producing random digits is, of course, i...
Computer Cryptography
DES <ul><li>Data Encryption Standard </li></ul><ul><ul><li>adopted as a federal standard in 1976 </li></ul></ul><ul><li>bl...
DES 64 bit plaintext block initial permutation, IP left half, L 1 right half, R 0 f R 1  = L 0     f(R 0 , K 1 ) L 1 = R ...
DES:  f DATA: right 32 bits KEY: 56 bits DATA: left 32 bits New DATA: right 32 bits 48 bits 48 bits S S S S S S S S
DES: S-boxes <ul><li>After compressed key is XORed with expanded block </li></ul><ul><ul><li>48-bit result moves to substi...
Is DES secure? <ul><li>56-bit key makes DES relatively weak </li></ul><ul><ul><li>7.2×10 16  keys </li></ul></ul><ul><ul><...
The power of 2 <ul><li>Adding an extra bit to a key doubles the search space. </li></ul><ul><li>Suppose it takes 1 second ...
Increasing The Key <ul><li>Can double encryption work for DES? </li></ul><ul><ul><li>Useless if we could find a key K such...
Double DES <ul><li>Vulnerable to meet-in-the-middle attack </li></ul><ul><li>If we know some pair (P, C), then: </li></ul>...
Triple DES <ul><li>Triple DES with two 56-bit keys: </li></ul><ul><li>C = E K1 (D K2 (E K1 (P))) </li></ul><ul><li>Triple ...
Triple DES <ul><li>Prevent meet-in-the-middle attack with </li></ul><ul><ul><li>three stages </li></ul></ul><ul><ul><li>an...
Popular symmetric algorithms <ul><li>IDEA - International Data Encryption Algorithm </li></ul><ul><ul><li>1992 </li></ul><...
AES  <ul><li>From NIST: </li></ul><ul><ul><li>Assuming that one could build a machine that could recover a DES key in a se...
The end.
Upcoming SlideShare
Loading in...5
×

Cryptography (Distributed computing)

1,668

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,668
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
72
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Cryptography (Distributed computing)

  1. 1. Introduction to Cryptography Paul Krzyzanowski [email_address] [email_address] Distributed Systems Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License.
  2. 2. Ngywioggazhon Pystemp Auesfnsicutiwf & Moiiunocaiwn Piqtoaoyp
  3. 3. Cryptographic Systems Authentication & Communication Protocols
  4. 4. cryptography κρυπός hidden γραφία writing A secret manner of writing, … Generally, the art of writing or solving ciphers. — Oxford English Dictionary
  5. 5. cryptology κρυπός hidden λογια speaking 1967 D. Kahn, Codebreakers p. xvi, Cryptology is the science that embraces cryptography and cryptanalysis, but the term ‘cryptology’ sometimes loosely designates the entire dual field of both rendering signals secure and extracting information from them. — Oxford English Dictionary
  6. 6. Cryptography  Security <ul><li>Cryptography may be a component of a secure system </li></ul><ul><li>Adding cryptography may not make a system secure </li></ul>
  7. 7. Terms <ul><li>Plaintext (cleartext), message M </li></ul><ul><li>encryption , E( M ) </li></ul><ul><li>produces ciphertext , C =E( M ) </li></ul><ul><li>decryption : M =D( C ) </li></ul><ul><li>Cryptographic algorithm, cipher </li></ul>
  8. 8. Terms: types of ciphers <ul><li>restricted cipher </li></ul><ul><li>symmetric algorithm </li></ul><ul><li>public key algorithm </li></ul>
  9. 9. Restricted cipher <ul><li>Secret algorithm </li></ul><ul><li>Leaking </li></ul><ul><li>Reverse engineering </li></ul><ul><ul><li>HD DVD (Dec 2006) and Blu-Ray (Jan 2007) </li></ul></ul><ul><ul><li>RC4 </li></ul></ul><ul><ul><li>All digital cellular encryption algorithms </li></ul></ul><ul><ul><li>DVD and DIVX video compression </li></ul></ul><ul><ul><li>Firewire </li></ul></ul><ul><ul><li>Enigma cipher machine </li></ul></ul><ul><ul><li>Every NATO and Warsaw Pact algorithm during Cold War </li></ul></ul>
  10. 10. The key BTW, the above is a bump key . See http://en.wikipedia.org/wiki/Lock_bumping.
  11. 11. The key Source: en.wikipedia.org/wiki/Pin_tumbler_lock
  12. 12. The key Source: en.wikipedia.org/wiki/Pin_tumbler_lock
  13. 13. The key <ul><li>We understand how it works: </li></ul><ul><ul><li>Strengths </li></ul></ul><ul><ul><li>Weaknesses </li></ul></ul><ul><li>Based on this understanding, we can assess how much to trust the key & lock. </li></ul>Source: en.wikipedia.org/wiki/Pin_tumbler_lock
  14. 14. Symmetric algorithm <ul><li>Secret key </li></ul><ul><li>C = E K ( M ) </li></ul><ul><li>M = D K ( C ) </li></ul>
  15. 15. Public key algorithm <ul><li>public key and private keys </li></ul><ul><ul><li>C 1 = E public ( M ) </li></ul></ul><ul><ul><li>M = D private ( C 1 ) </li></ul></ul><ul><li>also: </li></ul><ul><ul><li>C 2 = E private ( M ) </li></ul></ul><ul><ul><li>M = D public ( C 2 ) </li></ul></ul>
  16. 16. McCarthy’s puzzle (1958) <ul><li>Two countries are at war </li></ul><ul><li>One country sends spies to the other country </li></ul><ul><li>To return safely, spies must give the border guards a password </li></ul><ul><li>Spies can be trusted </li></ul><ul><li>Guards chat – information given to them may leak </li></ul>
  17. 17. McCarthy’s puzzle <ul><li>Challenge </li></ul><ul><ul><li>How can a guard authenticate a person without knowing the password? </li></ul></ul><ul><ul><li>Enemies cannot use the guard’s knowledge to introduce their own spies </li></ul></ul>
  18. 18. Solution to McCarthy’s puzzle <ul><li>Michael Rabin, 1958 </li></ul><ul><li>Use one-way function , B=f ( A ) </li></ul><ul><ul><li>Guards get B … </li></ul></ul><ul><ul><ul><li>Enemy cannot compute A </li></ul></ul></ul><ul><ul><li>Spies give A , guards compute f(A) </li></ul></ul><ul><ul><ul><li>If the result is B, the password is correct. </li></ul></ul></ul><ul><li>Example function: </li></ul><ul><ul><li>Middle squares </li></ul></ul><ul><ul><ul><li>Take a 100-digit number (A), and square it </li></ul></ul></ul><ul><ul><ul><li>Let B = middle 100 digits of 200-digit result </li></ul></ul></ul>
  19. 19. One-way functions <ul><li>Easy to compute in one direction </li></ul><ul><li>Difficult to compute in the other </li></ul><ul><li>Examples: </li></ul><ul><li>Factoring : </li></ul><ul><li>pq = N EASY </li></ul><ul><li>find p , q given N DIFFICULT </li></ul><ul><li>Discrete Log: </li></ul><ul><li>a b mod c = N EASY </li></ul><ul><li>find b given a, c, N DIFFICULT </li></ul>
  20. 20. McCarthy’s puzzle example <ul><li>Example with an 18 digit number </li></ul><ul><li>A = 289407349786637777 </li></ul><ul><li>A 2 = 83756614110525308948445338203501729 </li></ul><ul><li>Middle square, B = 110525308948445338 </li></ul><ul><li>Given A, it is easy to compute B </li></ul><ul><li>Given B, it is extremely hard to compute A </li></ul>110525308948445338
  21. 21. More terms <ul><li>one-way function </li></ul><ul><ul><li>Rabin, 1958: McCarthy’s problem </li></ul></ul><ul><ul><li>middle squares, exponentiation, … </li></ul></ul><ul><li>[one-way] hash function </li></ul><ul><ul><li>message digest, fingerprint, cryptographic checksum, integrity check </li></ul></ul><ul><li>encrypted hash </li></ul><ul><ul><li>message authentication code </li></ul></ul><ul><ul><li>only possessor of key can validate message </li></ul></ul>
  22. 22. More terms <ul><li>Stream cipher </li></ul><ul><ul><li>Encrypt a message a character at a time </li></ul></ul><ul><li>Block cipher </li></ul><ul><ul><li>Encrypt a message a chunk at a time </li></ul></ul>
  23. 23. Yet another term <ul><li>Digital Signature </li></ul><ul><ul><li>Authenticate, not encrypt message </li></ul></ul><ul><ul><li>Use pair of keys (private, public) </li></ul></ul><ul><ul><li>Owner encrypts message with private key </li></ul></ul><ul><ul><li>Sender validates by decrypting with public key </li></ul></ul><ul><ul><li>Generally use hash (message). </li></ul></ul>
  24. 24. Cryptography: what is it good for? <ul><li>Authentication </li></ul><ul><ul><li>determine origin of message </li></ul></ul><ul><li>Integrity </li></ul><ul><ul><li>verify that message has not been modified </li></ul></ul><ul><li>Nonrepudiation </li></ul><ul><ul><li>sender should not be able to falsely deny that a message was sent </li></ul></ul><ul><li>Confidentiality </li></ul><ul><ul><li>others cannot read contents of the message </li></ul></ul>
  25. 25. Cryptographic toolbox <ul><li>Symmetric encryption </li></ul><ul><li>Public key encryption </li></ul><ul><li>One-way hash functions </li></ul><ul><li>Random number generators </li></ul>
  26. 26. Classic Cryptosystems
  27. 27. Substitution Ciphers
  28. 28. Cæsar cipher <ul><li>Earliest documented military use of cryptography </li></ul><ul><ul><li>Julius Caesar c. 60 BC </li></ul></ul><ul><ul><li>shift cipher : simple variant of a substitution cipher </li></ul></ul><ul><ul><li>each letter replaced by one n positions away modulo alphabet size </li></ul></ul><ul><ul><ul><li>n = shift value = key </li></ul></ul></ul><ul><li>Similar scheme used in India </li></ul><ul><ul><li>early Indians also used substitutions based on phonetics </li></ul></ul><ul><ul><ul><li>similar to pig latin </li></ul></ul></ul><ul><li>Last seen as ROT13 on usenet to keep the reader from seeing offensive messages unwillingly </li></ul>
  29. 29. Cæsar cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
  30. 30. Cæsar cipher shift alphabet by n (6) A B C D E F G H I J K L M N O P Q R S T U V W X Y Z U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
  31. 31. Cæsar cipher MY CAT HAS FLEAS A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
  32. 32. Cæsar cipher MY CAT HAS FLEAS G A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
  33. 33. Cæsar cipher MY CAT HAS FLEAS GS A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
  34. 34. Cæsar cipher MY CAT HAS FLEAS GSW A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
  35. 35. Cæsar cipher MY CAT HAS FLEAS GSWU A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
  36. 36. Cæsar cipher MY CAT HAS FLEAS GSWUN A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
  37. 37. Cæsar cipher MY CAT HAS FLEAS GSWUNB A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
  38. 38. Cæsar cipher MY CAT HAS FLEAS GSWUNBU A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
  39. 39. Cæsar cipher MY CAT HAS FLEAS GSWUNBUM A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
  40. 40. Cæsar cipher MY CAT HAS FLEAS GSWUNBUMZ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
  41. 41. Cæsar cipher MY CAT HAS FLEAS GSWUNBUMZF A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
  42. 42. Cæsar cipher MY CAT HAS FLEAS GSWUNBUMZFY A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
  43. 43. Cæsar cipher MY CAT HAS FLEAS GSWUNBUMZFYU A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
  44. 44. Cæsar cipher MY CAT HAS FLEAS GSWUNBMUFZYUM A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
  45. 45. Cæsar cipher <ul><li>Convey one piece of information for decryption: shift value </li></ul><ul><li>trivially easy to crack (26 possibilities for a 26 character alphabet) </li></ul>MY CAT HAS FLEAS GSWUNBMUFZYUM A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
  46. 46. Ancient Hebrew variant (ATBASH) <ul><li>c. 600 BC </li></ul><ul><li>No information (key) needs to be conveyed! </li></ul>MY CAT HAS FLEAS NBXZGSZHUOVZH A B C D E F G H I J K L M N O P Q R S T U V W X Y Z T S R Q P O N M L K J I H G F E D C B A Z Y X W V U
  47. 47. Substitution cipher <ul><li>General case: arbitrary mapping </li></ul><ul><li>both sides must have substitution alphabet </li></ul>MY CAT HAS FLEAS IVSMXAMBQCLMB A B C D E F G H I J K L M N O P Q R S T U V W X Y Z E A J T N C I F Z W O Y B X G K U D V H M P S R L Q
  48. 48. Substitution cipher <ul><li>Easy to decode: </li></ul><ul><ul><li>vulnerable to frequency analysis </li></ul></ul><ul><ul><li>Moby Dick Shakespeare (1.2M chars) (55.8M chars) e 12.300% e 11.797% o 7.282% o 8.299% d 4.015% d 3.943% b 1.773% b 1.634% x 0.108% x 0.140% </li></ul></ul>
  49. 49. Statistical Analysis <ul><li>Letter frequencies </li></ul><ul><ul><li>E: 12% </li></ul></ul><ul><ul><li>A, H, I, N, O, R, S, T: 6 – 9% </li></ul></ul><ul><ul><li>D, L: 4% </li></ul></ul><ul><ul><li>B, C, F, G, M, P, U, W, Y: 1.5 – 2.8% </li></ul></ul><ul><ul><li>J, K, Q, V, X, Z: < 1% </li></ul></ul><ul><li>Common digrams: </li></ul><ul><ul><li>TH, HE, IN, ER, AN, RE, … </li></ul></ul><ul><li>Common trigrams </li></ul><ul><ul><li>THE, ING, AND, HER, ERE, … </li></ul></ul>
  50. 50. Polyalphabetic ciphers <ul><li>Designed to thwart frequency analysis techniques </li></ul><ul><ul><li>different ciphertext symbols can represent the same plaintext symbol </li></ul></ul><ul><ul><ul><li>1  many relationship between letter and substitute </li></ul></ul></ul><ul><li>Leon Battista Alberti: 1466: invented key </li></ul><ul><ul><li>two disks </li></ul></ul><ul><ul><li>line up predetermined letter on inner disk with outer disk </li></ul></ul><ul><ul><li>plaintext on inner  ciphertext on outer </li></ul></ul><ul><ul><li>after n symbols, the disk is rotated to a new alignment </li></ul></ul>encrypt: A  J decrypt: J  A A J B M C Q D S Z G Y P
  51. 51. Vigenère polyalphabetic cipher <ul><li>Blaise de Vigenère, court of Henry III of France, 1518 </li></ul><ul><li>Use table and key word to encipher a message </li></ul><ul><li>repeat keyword over text: (e.g. key=FACE) FA CEF ACE FACEF .... MY CAT HAS FLEAS </li></ul><ul><li>encrypt: find intersection: row = keyword letter column = plaintext letter </li></ul><ul><li>decrypt: column = keyword letter, search for intersection = ciphertext letter </li></ul><ul><li>message is encrypted with as many substitution ciphers as there are letters in the keyword </li></ul>
  52. 52. Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T A B C D E F G H I J K L M N O P Q R S T B C D E F G H I J K L M N O P Q R S T U C D E F G H I J K L M N O P Q R S T U V D E F G H I J K L M N O P Q R S T U V W E F G H I J K L M N O P Q R S T U V W X F G H I J K L M N O P Q R S T U V W X Y plaintext letter keytext letter ciphertext letter
  53. 53. Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z FA CEF ACE FACEF MY CAT HAS FLEAS R
  54. 54. Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z FA CEF ACE FACEF MY CAT HAS FLEAS R Y
  55. 55. Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z FA CEF ACE FACEF MY CAT HAS FLEAS RY E
  56. 56. Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z FA CEF ACE FACEF MY CAT HAS FLEAS RY E E
  57. 57. Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z FA CEF ACE FACEF MY CAT HAS FLEAS RY EE Y
  58. 58. Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z FA CEF ACE FACEF MY CAT HAS FLEAS RY EEY H
  59. 59. Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z FA CEF ACE FACEF MY CAT HAS FLEAS RY EEY H C
  60. 60. Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z FA CEF ACE FACEF MY CAT HAS FLEAS RY EEY HC W
  61. 61. Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z FA CEF ACE FACEF MY CAT HAS FLEAS RY EEY HCW K
  62. 62. Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z FA CEF ACE FACEF MY CAT HAS FLEAS RY EEY HCW K L
  63. 63. Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z FA CEF ACE FACEF MY CAT HAS FLEAS RY EEY HCW KL G
  64. 64. Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z FA CEF ACE FACEF MY CAT HAS FLEAS RY EEY HCW KLG E
  65. 65. Vigenère polyalphabetic cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z FA CEF ACE FACEF MY CAT HAS FLEAS RY EEY HCW KLGE X
  66. 66. Vigenère polyalphabetic cipher &quot;The rebels reposed their major trust, however, in the Vigenere, sometimes using it in the form of a brass cipher disc. In theory, it was an excellent choice, for so far as the South knew the cipher was unbreakable. In practice, it proved a dismal failure. For one thing, transmission errors that added or subtracted a letter ... unmeshed the key from the cipher and caused no end of difficulty. Once Major Cunningham of General Kirby-Smith's staff tried for twelve hours to decipher a garbled message; he finally gave up in disgust and galloped around the Union flank to the sender to find out what it said.&quot; http://rz1.razorpoint.com/index.html
  67. 67. Transposition Ciphers
  68. 68. Transposition ciphers <ul><li>Permute letters in plaintext according to rules </li></ul><ul><li>Knowledge of rules will allow message to be decrypted </li></ul><ul><li>Earliest version used by the Spartans in the 5 th century BC – staff cipher </li></ul>
  69. 69. Transposition ciphers: staff cipher MYCATHASFLEAS MYC HAS EAS MHE M H E
  70. 70. Transposition ciphers: staff cipher MYCATHASFLEAS MYC HAS EAS MHE YAA Y A A
  71. 71. Transposition ciphers: staff cipher MYCATHASFLEAS MYC HAS EAS MHE YAA CSS C S S
  72. 72. Transposition ciphers: staff cipher MYCATHASFLEAS CAT SFL S xy MHE YAA CSS AFx A F x Pad out the text. This is a block cipher versus a stream cipher
  73. 73. Transposition ciphers: staff cipher MYCATHASFLEAS CAT SFL Sxy MHE YAA CSS Afx TLy T L y
  74. 74. Transposition cipher <ul><li>Table version of staff cipher </li></ul><ul><ul><li>enter data horizontally, read it vertically </li></ul></ul><ul><ul><li>secrecy is the width of the table </li></ul></ul>M Y C A T H A S F L E A S x y z MYCATHASFLEAS
  75. 75. Transposition cipher <ul><li>Table version of staff cipher </li></ul><ul><ul><li>enter data horizontally, read it vertically </li></ul></ul><ul><ul><li>secrecy is the width of the table </li></ul></ul>M Y C A T H A S F L E A S x y z MYCATHASFLEAS MTFS
  76. 76. Transposition cipher <ul><li>Table version of staff cipher </li></ul><ul><ul><li>enter data horizontally, read it vertically </li></ul></ul><ul><ul><li>secrecy is the width of the table </li></ul></ul>M Y C A T H A S F L E A S x y z MYCATHASFLEAS MTFSYHLx
  77. 77. Transposition cipher <ul><li>Table version of staff cipher </li></ul><ul><ul><li>enter data horizontally, read it vertically </li></ul></ul><ul><ul><li>secrecy is the width of the table </li></ul></ul>M Y C A T H A S F L E A S x y z MYCATHASFLEAS MTFSYHLxCAEy
  78. 78. Transposition cipher <ul><li>Table version of staff cipher </li></ul><ul><ul><li>enter data horizontally, read it vertically </li></ul></ul><ul><ul><li>secrecy is the width of the table </li></ul></ul>M Y C A T H A S F L E A S x y z MYCATHASFLEAS MTFSYHLxCAEyASAz
  79. 79. Transposition cipher with key <ul><ul><li>permute letters in plaintext according to key </li></ul></ul><ul><ul><li>read down columns, sorting by key </li></ul></ul>Key: 3 1 4 2 M Y C A T H A S F L E A S x y z MYCATHASFLEAS
  80. 80. Transposition cipher with key <ul><ul><li>permute letters in plaintext according to key </li></ul></ul><ul><ul><li>read down columns, sorting by key </li></ul></ul>Key: 3 1 4 2 M Y C A T H A S F L E A S x y z YHLx YHLx MYCATHASFLEAS
  81. 81. Transposition cipher with key <ul><ul><li>permute letters in plaintext according to key </li></ul></ul><ul><ul><li>read down columns, sorting by key </li></ul></ul>Key: 3 1 4 2 M Y C A T H A S F L E A S x y z ASAz YHLxASAz MYCATHASFLEAS
  82. 82. Transposition cipher with key <ul><ul><li>permute letters in plaintext according to key </li></ul></ul><ul><ul><li>read down columns, sorting by key </li></ul></ul>Key: 3 1 4 2 M Y C A T H A S F L E A S x y z MTFS YHLxASAzMTFS MYCATHASFLEAS
  83. 83. Transposition cipher with key <ul><ul><li>permute letters in plaintext according to key </li></ul></ul><ul><ul><li>read down columns, sorting by key </li></ul></ul>Key: 3 1 4 2 M Y C A T H A S F L E A S x y z CAEy YHLxASAzMTFSCAEy MYCATHASFLEAS
  84. 84. Transposition cipher with key <ul><ul><li>permute letters in plaintext according to key </li></ul></ul><ul><ul><li>read down columns, sorting by key </li></ul></ul>Key: 3 1 4 2 M Y C A T H A S F L E A S x y z YHLxASAzMTFSCAEY MYCATHASFLEAS
  85. 85. Combined ciphers <ul><li>Combine transposition with substitution ciphers </li></ul><ul><ul><li>German ADFGVX cipher (WWI) </li></ul></ul><ul><li>can be troublesome to implement </li></ul><ul><ul><li>may require a lot of memory </li></ul></ul><ul><ul><li>may require that messages be certain lengths </li></ul></ul><ul><li>Difficult with manual cryptography </li></ul>
  86. 86. Electro-mechanical cryptographic engines
  87. 87. Rotor machines <ul><li>1920s: mechanical devices used for automating encryption </li></ul><ul><li>rotor machine </li></ul><ul><ul><li>set of independently rotating cylinders through which electrical pulses flow </li></ul></ul><ul><ul><li>each cylinder has input & output pin for each letter of the alphabet </li></ul></ul><ul><ul><li>implements version of Vigenère cipher </li></ul></ul><ul><ul><li>each rotor implements a substitution cipher </li></ul></ul><ul><ul><li>output of each rotor is fed into the next rotor </li></ul></ul>
  88. 88. Rotor machines <ul><li>Simplest rotor machine: single cylinder </li></ul><ul><li>after a character is entered, the cylinder rotates one position </li></ul><ul><ul><li>internal combinations shifted by one </li></ul></ul><ul><ul><li>polyalphabetic substitution cipher with a period of 26 </li></ul></ul>A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
  89. 89. Single cylinder rotor machine A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z G V I L C M B Q F K D O S P Z H R E U Z N X A T W J A B C D E F G H I J K L M N O P Q R S T U V W X Y Z K H W J M D N C R G L E P T Q Z I S F V A O Y B U X rotate A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
  90. 90. Single cylinder rotor machine A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z MY CAT HAS FLEAS S
  91. 91. Single cylinder rotor machine A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z MY CAT HAS FLEAS S U
  92. 92. Single cylinder rotor machine A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z MY CAT HAS FLEAS SU I
  93. 93. Single cylinder rotor machine A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z MY CAT HAS FLEAS SUI U
  94. 94. Single cylinder rotor machine A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z MY CAT HAS FLEAS SUIU V
  95. 95. Single cylinder rotor machine A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z MY CAT HAS FLEAS SUIUV A
  96. 96. Single cylinder rotor machine A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z MY CAT HAS FLEAS SUIUVA Y
  97. 97. Single cylinder rotor machine A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z MY CAT HAS FLEAS SUIUVAY O
  98. 98. Single cylinder rotor machine A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z MY CAT HAS FLEAS SUIUVAYO I
  99. 99. Single cylinder rotor machine A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z MY CAT HAS FLEAS SUIUVAYOI N
  100. 100. Single cylinder rotor machine A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z MY CAT HAS FLEAS SUIUVAYOIN K
  101. 101. Single cylinder rotor machine A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z MY CAT HAS FLEAS SUIUVAYOINK B
  102. 102. Single cylinder rotor machine A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z MY CAT HAS FLEAS SUIUVAYOINKB Y
  103. 103. Multi-cylinder rotor machines <ul><li>Single cylinder rotor machine </li></ul><ul><ul><li>substitution cipher with a period = length of alphabet (e.g., 26) </li></ul></ul><ul><li>Multi-cylinder rotor machine </li></ul><ul><ul><li>feed output of one cylinder as input to the next one </li></ul></ul><ul><ul><li>first rotor advances after character is entered </li></ul></ul><ul><ul><li>second rotor advances after a full period of the first </li></ul></ul><ul><ul><li>polyalphabetic substitution cipher </li></ul></ul><ul><ul><ul><li>period = (length of alphabet) number of rotors </li></ul></ul></ul><ul><ul><ul><li>3 26-char cylinders  26 3 = 17,576 substitution alphabets </li></ul></ul></ul><ul><ul><ul><li>5 26-char cylinders  26 5 = 11,881,367 substitution alphabets </li></ul></ul></ul>
  104. 104. Enigma <ul><li>Enigma machine used in Germany during WWII </li></ul><ul><li>Three rotor system </li></ul><ul><ul><li>26 3 = 17,576 possible rotor positions </li></ul></ul><ul><li>Input data permuted via patch panel before sending to rotor engine </li></ul><ul><li>Data from last rotor reflected back through rotors  makes encryption symmetric </li></ul><ul><li>Need to know initial settings of rotor </li></ul><ul><ul><li>setting was f(date) </li></ul></ul><ul><ul><li>find in book of codes </li></ul></ul><ul><li>broken by group at Bletchley Park (Alan Turing) </li></ul>
  105. 105. Enigma Keyboard (input) Glowlamps (results) Plugboard Rotors Reflector
  106. 106. One-time pads <ul><li>Only provably secure encryption scheme </li></ul><ul><li>invented in 1917 </li></ul><ul><li>large non-repeating set of random key letters written on a pad </li></ul><ul><li>each key letter on the pad encrypts exactly one plaintext character </li></ul><ul><ul><li>encryption is addition of characters modulo 26 </li></ul></ul><ul><li>sender destroys pages that have been used </li></ul><ul><li>receiver maintains identical pad </li></ul>
  107. 107. One-time pads <ul><li>If pad contains KWXOPWMAELGHW … </li></ul><ul><li>and we want to encrypt MY CAT HAS FLEAS </li></ul><ul><li>Ciphertext: </li></ul><ul><li>WUZOIDMSJWKHO </li></ul>M + K mod 26 = W Y + W mod 26 = U C + X mod 26 = Z A + O mod 26 = O T + P mod 26 = I H + W mod 26 = D A + M mod 26 = M S + A mod 26 = S F + E mod 26 = J L + L mod 26 = W E + G mod 26 = K A + H mod 26 = H S + W mod 26 = O
  108. 108. One-time pads <ul><li>The same ciphertext can decrypt to anything depending on the key! </li></ul><ul><li>Same ciphertext: </li></ul><ul><li> WUZOIDMSJWKHO </li></ul><ul><li>With a pad of: KWXOPWMAELGHW … </li></ul><ul><li>Produces: </li></ul><ul><li>THE DOG IS HAPPY </li></ul>W - D mod 26 = W U - N mod 26 = U Z - V mod 26 = Z O - L mod 26 = O I - U mod 26 = I D - X mod 26 = D M - E mod 26 = M S - A mod 26 = S J - C mod 26 = J W - W mod 26 = W K - V mod 26 = K H - S mod 26 = H O - Q mod 26 = O
  109. 109. One-time pads <ul><li>Can be extended to binary data </li></ul><ul><ul><li>random key sequence as long as the message </li></ul></ul><ul><ul><li>exclusive-or key sequence with message </li></ul></ul><ul><ul><li>receiver has the same key sequence </li></ul></ul>
  110. 110. One-time pads <ul><li>Problems with one-time pads </li></ul><ul><ul><li>key needs to be as long as the message! </li></ul></ul><ul><ul><li>key storage can be problematic </li></ul></ul><ul><ul><ul><li>may need to store a lot of data </li></ul></ul></ul><ul><ul><li>keys have to be generated randomly </li></ul></ul><ul><ul><ul><li>cannot use pseudo-random number generator </li></ul></ul></ul><ul><ul><li>cannot reuse key sequence </li></ul></ul><ul><ul><li>sender and receiver must remain synchronized (e.g. cannot lose a message) </li></ul></ul>
  111. 111. Digression: random numbers <ul><li>“ anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin” </li></ul><ul><ul><li>John vonNeumann </li></ul></ul><ul><li>Pseudo-random generators </li></ul><ul><ul><li>Linear feedback shift registers </li></ul></ul><ul><ul><li>Multiplicative lagged Fibonacci generators </li></ul></ul><ul><ul><li>Linear congruential generator </li></ul></ul><ul><li>Obtain randomness from: </li></ul><ul><ul><li>time between keystrokes </li></ul></ul><ul><ul><li>Cosmic rays </li></ul></ul><ul><ul><li>Electrical noise </li></ul></ul><ul><ul><li>Other encrypted messages </li></ul></ul>
  112. 112. Computer Cryptography
  113. 113. DES <ul><li>Data Encryption Standard </li></ul><ul><ul><li>adopted as a federal standard in 1976 </li></ul></ul><ul><li>block cipher, 64 bit blocks </li></ul><ul><li>56 bit key </li></ul><ul><ul><li>all security rests with the key </li></ul></ul><ul><li>substitution followed by a permutation (transposition) </li></ul><ul><ul><li>same combination of techniques is applied on the plaintext block 16 times </li></ul></ul>
  114. 114. DES 64 bit plaintext block initial permutation, IP left half, L 1 right half, R 0 f R 1 = L 0  f(R 0 , K 1 ) L 1 = R 0 K 1 16 rounds L 15 = R 14 R 15 = L 14  f(R 14 , K 15 ) 48-bit subkey permuted from key f L 16 = R 15 R 16 = L 15  f(R 15 , K 16 ) K 16 final permutation, IP -1 64 bit ciphertext block
  115. 115. DES: f DATA: right 32 bits KEY: 56 bits DATA: left 32 bits New DATA: right 32 bits 48 bits 48 bits S S S S S S S S
  116. 116. DES: S-boxes <ul><li>After compressed key is XORed with expanded block </li></ul><ul><ul><li>48-bit result moves to substitution operation via 8 substitution boxes (s-boxes) </li></ul></ul><ul><li>Each S-box has </li></ul><ul><ul><li>6-bit input </li></ul></ul><ul><ul><li>4-bit output </li></ul></ul><ul><li>48 bits divided into eight 6-bit sub-blocks </li></ul><ul><li>Each block is operated by a separate S-box </li></ul><ul><li>key components of DES’s security </li></ul><ul><li>net result: 48 bit input generates 32 bit output </li></ul>
  117. 117. Is DES secure? <ul><li>56-bit key makes DES relatively weak </li></ul><ul><ul><li>7.2×10 16 keys </li></ul></ul><ul><ul><li>Brute-force attack </li></ul></ul><ul><li>Late 1990’s: </li></ul><ul><ul><li>DES cracker machines built to crack DES keys in a few hours </li></ul></ul><ul><ul><li>DES Deep Crack: 90 billion keys/second </li></ul></ul><ul><ul><li>Distributed.net: test 250 billion keys/second </li></ul></ul>
  118. 118. The power of 2 <ul><li>Adding an extra bit to a key doubles the search space. </li></ul><ul><li>Suppose it takes 1 second to attack a 20-bit key: </li></ul><ul><li>21-bit key: 2 seconds </li></ul><ul><li>32-bit key: 1 hour </li></ul><ul><li>40-bit key: 12 days </li></ul><ul><li>56-bit key: 2,178 years </li></ul><ul><li>64-bit key: >557,000 years! </li></ul>
  119. 119. Increasing The Key <ul><li>Can double encryption work for DES? </li></ul><ul><ul><li>Useless if we could find a key K such that: </li></ul></ul><ul><ul><li>E K (P) = E K2 (E K1 (P)) </li></ul></ul><ul><ul><li>This does not hold for DES </li></ul></ul>
  120. 120. Double DES <ul><li>Vulnerable to meet-in-the-middle attack </li></ul><ul><li>If we know some pair (P, C), then: </li></ul><ul><ul><li>[1] Encrypt P for all 2 56 values of K 1 </li></ul></ul><ul><ul><li>[2] Decrypt C for all 2 56 values of K 2 </li></ul></ul><ul><li>For each match where [1] = [2] </li></ul><ul><ul><li>test the two keys against another P, C pair </li></ul></ul><ul><ul><li>if match, you are assured that you have the key </li></ul></ul>
  121. 121. Triple DES <ul><li>Triple DES with two 56-bit keys: </li></ul><ul><li>C = E K1 (D K2 (E K1 (P))) </li></ul><ul><li>Triple DES with three 56-bit keys: </li></ul><ul><li>C = E K3 (D K2 (E K1 (P))) </li></ul><ul><li>Decryption used in middle step for compatibility with DES (K 1 =K 2 =K 3 ) </li></ul><ul><li>C = E K (D K (E K (P)))  C = E K1 (P) </li></ul>
  122. 122. Triple DES <ul><li>Prevent meet-in-the-middle attack with </li></ul><ul><ul><li>three stages </li></ul></ul><ul><ul><li>and two keys </li></ul></ul><ul><li>Triple DES: C = E K1 (D K2 (E K1 (P))) </li></ul><ul><li>Decryption used in middle step for compatibility with DES C = E K (D K (E K (P)))  C = E K1 (P) </li></ul>
  123. 123. Popular symmetric algorithms <ul><li>IDEA - International Data Encryption Algorithm </li></ul><ul><ul><li>1992 </li></ul></ul><ul><ul><li>128-bit keys, operates on 8-byte blocks (like DES) </li></ul></ul><ul><ul><li>algorithm is more secure than DES </li></ul></ul><ul><li>RC4, by Ron Rivest </li></ul><ul><ul><li>1995 </li></ul></ul><ul><ul><li>key size up to 2048 bits </li></ul></ul><ul><ul><li>not secure against multiple messages encrypted with the same key </li></ul></ul><ul><li>AES - Advanced Encryption Standard </li></ul><ul><ul><li>NIST proposed successor to DES, chosen in October 2000 </li></ul></ul><ul><ul><li>based on Rigndael cipher </li></ul></ul><ul><ul><li>128, 192, and 256 bit keys </li></ul></ul>
  124. 124. AES <ul><li>From NIST: </li></ul><ul><ul><li>Assuming that one could build a machine that could recover a DES key in a second (i.e., try 2 56 keys per second), then it would take that machine approximately 149 trillion years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old. </li></ul></ul>http://csrc.nist.gov/encryption/aes/
  125. 125. The end.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×