This document discusses the history and concepts of cryptography. It begins with classical cryptography and how encryption has evolved with computers to become more complex. It then covers specific ciphers like the Enigma machine and how the British broke German codes during WWII. The document discusses the development of modern ciphers like DES and AES, how public key cryptography works using RSA, and concepts of symmetric and asymmetric encryption. It provides details on block ciphers and the design of ciphers like DES.
2. • Classical cryptography
– Encryption/decryption done by hand
• Modern cryptography
– Computers to encrypt and decrypt
– Same principles, but automation allows
ciphers to become much more complex
3. • German encryption
and decryption
machine used in
WWII
• Essentially a complex,
automated
substitution cipher
4. • Rotors have different
wiring connecting input
to output
• Rotors move after each
keypress
• The key is the initial
position of the three
rotors
5. Breaking the Enigma
• Britain set up its cryptanalysis team in Bletchley Park
• They consistently broke German codes throughout the
war
• Important location in the history of computing
– Alan Turing: British Cryptanalyst
– COLOSSUS: used by British codebreakers for
Cryptanalysis
6. Cryptography in the Computer Age
• Working with binary instead of letters
• We can do things many, many times
– Think of an Enigma machine that has 2128 pairs of
symbols on each rotor, and 20 rotors
• Other than that, the basic principles are the same as
classical cryptography
7. Modern Ciphers
• We design one relatively simple scrambling method
(called a round) and repeat it many times
– Think of each round as a rotor on the Enigma
– One round may be easy to break, but when you put
them all together it becomes very hard
• Almost all ciphers follow one of two structures
– SPN (Substitution Permutation Network)
– Feistel Network (basis for DES)
– These describe the basic structure of a round
8. Modern Ciphers in Practice
• Follow SPN/Feistel structure in general, but with added
twists for security
• There are two important ciphers in the history of
modern cryptography
– DES (Data Encryption Standard)
– AES (Advanced Encryption Standard)
9. DES (Data Encryption Standard)
• U.S. Government recognized the need to have a
standardized cipher for secret documents
• DES was developed by IBM in 1976
• Analysis of DES was the beginning of modern
cryptographic research
10. Breaking DES
• The key length of DES was too short
– If a key is 56 bits long, that means there are 256
possible keys
– “DES Cracker” machines were designed to simply try
all possible keys
• Increase key length to 128 bit
• Triple DES
11. Breaking DES
• DES was further weakened by the discovery of differential
cryptanalysis
– Biham and Shamir in 1990; The most significant
advance in cryptanalysis since frequency analysis
• Ideally a ciphertext should be completely random, there
should be no connection to its matching plaintext
– Differential analysis exploits the fact that this is never
actually the case; Uses patterns between plaintext and
ciphertext to discover the key
12. Developing the AES
• With DES effectively broken, a new standard was
needed
• In 2001, the Rijndael cipher was selected to become
the Advanced Encryption Standard
13. The Problem of Symmetric Key
Cryptography
• Up until now we’ve been talking about symmetric key
cryptography
– Alice and Bob are using the same key to
encrypt/decrypt
• Problem: How does Bob get the key to Alice when Eve
is eavesdropping?
• Up until 1976 the only solution was to physically give
Alice the key in a secure environment
14. Public Key Cryptography
• Diffie and Hellman published a paper in 1976 providing a
solution
• We use one key for encryption (the public key) and a
different key for decryption (the private key)
• Everyone knows Alice’s public key, so they can encrypt
messages and send them to her
– But only Alice has the key to decrypt those messages
• No one can figure out Alice’s private key even if they
know her public key
16. Public Key Cryptography in Practice
• The problem is that public key algorithms are too slow
to encrypt large messages
– Instead Bob uses a public key algorithm to send Alice
the symmetric key, and then uses a symmetric key
algorithm to send the message
• The best of both worlds!
– Security of public key cryptography
– Speed of symmetric key cryptography
17. Sending a Message
What’s your public key?
Bob picks a
symmetric key and
encrypts it using
Alice’s public key
Alice decrypts the
symmetric key using her
private key
Then sends the
key to Alice
Bob encrypts his
message using
the symmetric
key
Then sends the
message to
Alice
Alice decrypts the
message using the
symmetric key
hi
18. The RSA Public Key Cipher
• The most popular public key cipher is RSA, developed in
1977
– Named after its creators: Rivest, Shamir, and
Adleman
• Uses the idea that it is really hard to factor large
numbers
– Create public and private keys using two large prime
numbers
– Then forget about the prime numbers and just tell
people their product
– Anyone can encrypt using the product, but they
can’t decrypt unless they know the factors
– If Eve could factor the large number efficiently she
could get the private key, but there is no known way
to do this
19. Public-Key Cryptography: RSA
(Rivest, Shamir, and Adleman)
• Sender uses a public key
– Advertised to everyone
• Receiver uses a private key
Internet
Encrypt with
public key
Decrypt with
private key
Plaintext Plaintext
Ciphertext
20. Generating Public and Private Keys
• Choose two large prime numbers p and q (~ 256
bit long) and multiply them: n = p*q
• Chose encryption key e such that e and (p-1)*(q-
1) are relatively prime
• Compute decryption key d, where
d = e-1 mod ((p-1)*(q-1))
(equivalent to d*e = 1 mod ((p-1)*(q-1)))
• Public key consists of pair (n, e)
• Private key consists of pair (n, d)
21. RSA Encryption and Decryption
• Encryption of message block m:
– c = me mod n
• Decryption of ciphertext c:
– m = cd mod n
22. Example (1/2)
• Choose p = 7 and q = 11 n = p*q = 77
• Compute encryption key e: (p-1)*(q-1) = 6*10 = 60
chose e = 13 (13 and 60 are relatively prime numbers)
• Compute decryption key d such that 13*d = 1 mod 60
d = 37 (37*13 = 481)
23. Example (2/2)
• n = 77; e = 13; d = 37
• Send message block m = 7
• Encryption: c = me mod n = 713 mod 77 = 35
• Decryption: m = cd mod n = 3537 mod 77 = 7
24. Properties
• Confidentiality
• A receiver B computes n, e, d, and sends out (n, e)
– Everyone who wants to send a message to B uses
(n, e) to encrypt it
• How difficult is to recover d ? (Someone that can
do this can decrypt any message sent to B!)
• Recall that
d = e-1 mod ((p-1)*(q-1))
• So to find d, you need to find primes factors p and
q
– This is provable very difficult
25. RSA Factoring Challenge
• In mathematics, the RSA numbers are a set of large
semiprimes (numbers with exactly two prime factors)
that are part of the RSA Factoring Challenge.
• RSA-768 has 232 decimal digits and was factored on
December 12, 2009. It’s the largest factored RSA
number to date.
• RSA-2048 may not be factorizable for many years to
come, unless considerable advances are made in
integer factorization or computational power in the
near future.
26. RSA Factoring Challenge
• Suppose, for example, that in the year 2020 a
factorization of RSA-1024 is announced that requires 6
months of effort on 100,000 workstations. In this
hypothetical situation, would all 1024-bit RSA keys need
to be replaced?
– The answer is no. If the data being protected needs
security for significantly less than six months, and its
value is considerably less than the cost of running
100,000 workstations for that period, then 1024-bit
keys may continue to be used.
27. Are we all secure now?
• Unfortunately not, there are still many problems that
need to be dealt with
– How does Bob know that he’s really talking to Alice?
– How does Alice know that the message she receives
hasn’t been tampered with?
– How does Alice know the message was sent by Bob?
28. Secret Key Cryptography
• Goal: Take a reasonable-length key and generate a one-
to-one mapping to ciphertext that looks random to
someone who doesn’t know the key
29. Modern Block Ciphers
• One of the most widely used types of cryptographic
algorithms
• Provide secrecy /authentication services
• Focus on DES (Data Encryption Standard)
– illustrate block cipher design principles
31. Block vs. Stream Ciphers
• Block ciphers process messages in blocks, each of which
is then en/decrypted
• Like a substitution on very big characters
– 64-bits or more
• Stream ciphers process messages a bit or byte at a time
when en/decrypting
• Many current ciphers are block ciphers
– broader range of applications
32. Block Cipher Principles
• Most symmetric block ciphers are based on a Feistel
Cipher Structure
– needed since must be able to decrypt ciphertext to
recover messages efficiently
– block ciphers look like an extremely large
substitution
• Problem: Scale
– would need table of 264 entries for a 64-bit block
• Solution: Create from smaller building blocks
– using idea of a product cipher
33. Ideal Block Cipher
• Problem: For small sizes, this is just equivalent to a
standard substitution cipher
34. Generic Block Encryption
• Substitution: 2k values
– k 2k bits
• Permutation: Change the position for each bit
– Requires k lg k bits
– For each of k bits, must specify output position
• Round: Each time through a substitution/permutation
set
– Each change in input bit should be enough to affect
all the output bits
– No more rounds than necessary, but enough to
generate this property (typically, about 16)
35. Substitution-Permutation Ciphers
• Claude Shannon introduced idea of substitution-
permutation (S-P) networks in 1949 paper
– form basis of modern block ciphers
• S-P nets are based on the two primitive cryptographic
operations seen before:
– substitution (S-box)
– permutation (P-box)
• Provide confusion & diffusion of message & key
36. Confusion and Diffusion
• Cipher needs to completely obscure statistical
properties of original message
• A one-time pad does this
• More practically Shannon suggested combining S & P
elements to obtain:
– Diffusion: dissipates statistical structure of plaintext
over bulk of ciphertext
– Confusion: makes relationship between ciphertext
and key as complex as possible
37. Feistel Cipher Structure
• Horst Feistel devised the feistel cipher
– based on concept of invertible product cipher
• Partitions input block into two halves
• Process through multiple rounds which
– perform a substitution on left data half
– based on round function of right half & subkey
– then have permutation swapping halves
39. Feistel Cipher Design Elements
• Block size: Larger size means greater security, but
reduced speed. 64 bits is common.
• Key size: Same tradeoff. 128 bits is now common
• Number of rounds: Multiple rounds offer more security
• Subkey generation algorithm: Greater complexity
means more difficult cryptanalysis
• Round function: Same story here.
• Other considerations
– Fast software en/decryption
– Ease of analysis
41. DES (Data Encryption Standard)
• Published in 1977, standardized in 1979.
• Key: 64 bit quantity=8-bit parity+56-bit key
– Every 8th bit is a parity bit.
• 64 bit input, 64 bit output.
DES
Encryption
64 bit M 64 bit C
56 bits
42. Data Encryption Standard (DES)
• Adopted in 1977 by NBS (now NIST)
– as FIPS PUB 46
• Standardized in 9179
• Encrypts 64-bit data using 56-bit key
– Now considered insecure, primarily due to the small
key size
– Key: 8-bit parity + 56-bit key (problems with this)
• Very efficient to implement in hardware
– Enjoyed widespread international use
43. DES History
• IBM developed Lucifer cipher
– by team led by Feistel in late 60’s
– used 64-bit data blocks with 128-bit key
• Redeveloped as a commercial cipher with input from
NSA and others
– in 1973 NBS issued request for proposals for a
national cipher standard
– IBM submitted their revised Lucifer which was
eventually accepted as the DES
44. DES Design Controversy
• Although DES standard is public
• Considerable controversy over design
– in choice of 56-bit key (vs Lucifer 128-bit)
– and because design criteria were classified
47. Initial Permutation (IP)
• First step of the data computation
• Reorders the input data bits
– Even bits to LH half, odd bits to RH half
– quite regular in structure (easy in h/w)
• The benefits of this permutation are debatable at
best
• Example:
IP(675a6967 5e5a6b5a) = (ffb2194d 004df6fb)
48. DES Round Structure
• Uses two 32-bit L & R halves
• As for any Feistel cipher can describe as:
Li = Ri–1
Ri = Li–1 F(Ri–1, Ki)
• F takes 32-bit R half and 48-bit subkey:
– expands R to 48-bits using perm E
– adds to subkey using XOR
– passes through 8 S-boxes to get 32-bit
result
– finally permutes using 32-bit perm P
50. Substitution Boxes S
• Have eight S-boxes which map 6 to 4 bits
• Each S-box is actually 4 little 4-bit boxes
– outer bits 1 & 6 (row bits) select one row
of 4
– inner bits 2-5 (col bits) are substituted
– result is 8 lots of 4 bits, or 32 bits
• row selection depends on both data & key
– feature known as autoclaving (autokeying)
• example:
– S(18 09 12 3d 11 17 38 39) = 5fd25e03