This document provides information about a cryptography course offered at the University of Washington. It includes details such as the course name and number, instructors, meeting times, recommended texts, and a new lecture schedule. The schedule lists the dates and topics to be covered in each of the 10 lectures, along with the lecturer for each topic.
Detailed cryptographic analysis of contact tracing protocolsChristian Spolaore
A detailed description of DP3T, Google/Apple and PEP-PT
contact tracing protocols. After a brief mathematical introduction on modern cryptography, the primitives used in the protocols are specifically taken into consideration. Then, they are described in details and linked to the standard goals of information security, analyzing if the proposed designs reach them or not. Finally, there can be found a quick but interesting description of the main issues regarding BLE Technology and an example of a secret sharing scheme which could be used to prevent local attacks to the system (refer also to: https://www.slideshare.net/ChristianSpolaore1/introduction-to-contact-tracing-apps-and-privacy-issues).
The document discusses public key cryptography, digital certificates, and Transport Layer Security (TLS). It provides an overview of symmetric and asymmetric key cryptography, algorithms like RSA and ElGamal, the use of digital signatures and certificates, and how TLS uses public key encryption to securely transmit data over the internet, such as for email.
Overview on Cryptography and Network SecurityDr. Rupa Ch
These slides give some overview on the the concepts which were in Crytography and network security. I have prepared these slides by the experiece after refer the text bbok as well as resources from the net. Added figures directly from the references. I would like to acknowledge all the authors by originally.
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin Jani
The document discusses cryptography concepts including symmetric and asymmetric encryption algorithms like DES, AES, RSA. It explains the basic working principles of RSA including key generation using large prime numbers, modular arithmetic and the concept of one-way functions that make private key derivation difficult. It also covers cryptographic modes of operation like ECB, CBC that are used to encrypt data blocks of arbitrary length.
Data Protection Techniques and CryptographyTalha SAVAS
Cryptography:
The study of mathematical techniques related to aspects
of providing information security services (to construct).
Cryptanalysis:
The study of mathematical techniques for attempting to
defeat information security services (to break).
Cryptology:
The study of cryptography and cryptanalysis (both).
This document discusses symmetric cryptography and provides an overview of symmetric cipher systems including stream ciphers like the Vernam cipher and one-time pad, as well as block ciphers like DES, Triple DES, and AES. It describes the basic components of a symmetric cipher model and the properties and modes of operation for symmetric encryption algorithms. Key topics covered include the Feistel cipher structure used by DES, the cryptanalysis of DES leading to its replacement by AES, and the advantages and disadvantages of stream and block ciphers.
The document describes the sequence-to-sequence (seq2seq) model with an encoder-decoder architecture. It explains that the seq2seq model uses two recurrent neural networks - an encoder RNN that processes the input sequence into a fixed-length context vector, and a decoder RNN that generates the output sequence from the context vector. It provides details on how the encoder, decoder, and training process work in the seq2seq model.
Slides of my lecture on block ciphers providing high level security. Lecture was given at Finse Winter School in Information Security (Norway), on May 2014.
Detailed cryptographic analysis of contact tracing protocolsChristian Spolaore
A detailed description of DP3T, Google/Apple and PEP-PT
contact tracing protocols. After a brief mathematical introduction on modern cryptography, the primitives used in the protocols are specifically taken into consideration. Then, they are described in details and linked to the standard goals of information security, analyzing if the proposed designs reach them or not. Finally, there can be found a quick but interesting description of the main issues regarding BLE Technology and an example of a secret sharing scheme which could be used to prevent local attacks to the system (refer also to: https://www.slideshare.net/ChristianSpolaore1/introduction-to-contact-tracing-apps-and-privacy-issues).
The document discusses public key cryptography, digital certificates, and Transport Layer Security (TLS). It provides an overview of symmetric and asymmetric key cryptography, algorithms like RSA and ElGamal, the use of digital signatures and certificates, and how TLS uses public key encryption to securely transmit data over the internet, such as for email.
Overview on Cryptography and Network SecurityDr. Rupa Ch
These slides give some overview on the the concepts which were in Crytography and network security. I have prepared these slides by the experiece after refer the text bbok as well as resources from the net. Added figures directly from the references. I would like to acknowledge all the authors by originally.
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin Jani
The document discusses cryptography concepts including symmetric and asymmetric encryption algorithms like DES, AES, RSA. It explains the basic working principles of RSA including key generation using large prime numbers, modular arithmetic and the concept of one-way functions that make private key derivation difficult. It also covers cryptographic modes of operation like ECB, CBC that are used to encrypt data blocks of arbitrary length.
Data Protection Techniques and CryptographyTalha SAVAS
Cryptography:
The study of mathematical techniques related to aspects
of providing information security services (to construct).
Cryptanalysis:
The study of mathematical techniques for attempting to
defeat information security services (to break).
Cryptology:
The study of cryptography and cryptanalysis (both).
This document discusses symmetric cryptography and provides an overview of symmetric cipher systems including stream ciphers like the Vernam cipher and one-time pad, as well as block ciphers like DES, Triple DES, and AES. It describes the basic components of a symmetric cipher model and the properties and modes of operation for symmetric encryption algorithms. Key topics covered include the Feistel cipher structure used by DES, the cryptanalysis of DES leading to its replacement by AES, and the advantages and disadvantages of stream and block ciphers.
The document describes the sequence-to-sequence (seq2seq) model with an encoder-decoder architecture. It explains that the seq2seq model uses two recurrent neural networks - an encoder RNN that processes the input sequence into a fixed-length context vector, and a decoder RNN that generates the output sequence from the context vector. It provides details on how the encoder, decoder, and training process work in the seq2seq model.
Slides of my lecture on block ciphers providing high level security. Lecture was given at Finse Winter School in Information Security (Norway), on May 2014.
Information and data security block cipher and the data encryption standard (...Mazin Alwaaly
Block ciphers like DES encrypt data in fixed-size blocks and use symmetric encryption keys. DES is a 64-bit block cipher that uses a 56-bit key. It employs a Feistel network structure with 16 rounds to provide diffusion and confusion of the plaintext block. Each round uses subkey-dependent substitution boxes and permutation functions. While DES was widely adopted, cryptanalysis techniques showed it could be broken with less than 256 tries, making the key size too short by modern standards.
This Presentation highlights the project in which i am currently working on.
Secure 2-party AES:
AES is one of the most widely used block cipher.It takes a secret key as input and a message block to be encrypted and generates the ciphertext corresponding to the message, without disclosing anything about the key or the message.
Typically the key and the message to be encrypted are available with a single entity.
Now consider a scenario where we have two parties, one holding the secret key and the other holding the message to be encrypted.
We want to design a protocol such that at the end of the protocol, the second party learns the encryption of the message (and no information about the key) while the first party learns nothing about the encrypted message.
The goal of this project will be to implement such a protocol.
A very clear presentation on Crytographic Alogotithms DES and RSA with basic concepts of cryptography. This presented by students of Techno India, Salt Lake.
There is great research in the field of data security these days. Storing information digitally in the cloud and transferring it over the internet proposes risks of disclosure and unauthorized access, thus users, organizations and businesses are adapting new technology and methods to protect their data from breaches. In this paper, we introduce a method to provide higher security for data transferred over the internet, or information based in the cloud. The introduced method for the most part depends on the Advanced Encryption Standard (AES) algorithm. Which is currently the standard for secret key encryption. A standardized version of the algorithm was used by The Federal Information Processing Standard 197 called Rijndael for the Advanced Encryption Standard. The AES algorithm processes data through a combination of Exclusive-OR operations (XOR), octet substitution with an S-box, row and column rotations, and a MixColumn operations. The fact that the algorithm could be easily implemented and run on a regular computer in a reasonable amount of time made it highly favorable and successful.
In this paper, the proposed method provides a new dimension of security to the AES algorithm by securing the key itself such that even when the key is disclosed, the text cannot be deciphered. This is done by enciphering the key using Output Feedback Block Mode Operation. This introduces a new level of security to the key in a way in which deciphering the data requires prior knowledge of the key and the algorithm used to encipher the key for the purpose of deciphering the transferred text.
Keywords: Keywords: Keywords: Keywords: Keywords: Keywords: Keywords:
Neuroscience core lecture given at the Icahn school of medicine at Mount Sinai. This is the version 2 of the same topic. I have made some modifications to give a more gentle introduction and add a new example for ngs.plot.
The document discusses classical encryption techniques used in cryptography. It begins with an overview of symmetric encryption and the basic concepts of plaintext, ciphertext, encryption, and decryption. It then covers various classical encryption techniques like the Caesar cipher, monoalphabetic cipher, Playfair cipher, polyalphabetic ciphers including the Vigenère cipher, Vernam cipher, and the theoretically unbreakable one-time pad cipher. It also discusses transposition techniques like the rail fence cipher and row transposition cipher.
Data Encryption standard in cryptographyNithyasriA2
The document discusses the Data Encryption Standard (DES) algorithm. It provides an overview of DES, including its history, encryption process, key generation process, and decryption process. It describes how DES uses a Feistel cipher structure with a 64-bit block size and 56-bit key. It also discusses various attacks that have been performed on DES, such as differential cryptanalysis and linear cryptanalysis, and how DES has been shown to be insecure due to increases in computational power allowing brute force attacks. Improved versions of DES using multiple encryptions, such as triple DES, are also summarized to increase the key size and security.
The document discusses stream ciphers and block ciphers. It explains that stream ciphers encrypt data bit-by-bit or byte-by-byte, requiring a randomly generated keystream, while block ciphers encrypt fixed-length blocks, allowing for broader applications. It then focuses on the Feistel cipher structure for block ciphers, proposed by Feistel to approximate an ideal block cipher for large block sizes. The Feistel structure uses a product cipher approach involving substitutions and permutations to provide diffusion and confusion and resist statistical cryptanalysis.
Next-generation sequencing format and visualization with ngs.plotLi Shen
Lecture given at the department of neuroscience, Icahn school of medicine at Mount Sinai. ngs.plot has been published in BMC genomics. Link: http://www.biomedcentral.com/1471-2164/15/284
The document discusses the Data Encryption Standard (DES) algorithm. It was adopted in 1977 and encrypts 64-bit blocks using a 56-bit key. The algorithm uses permutations and substitutions to encrypt data in multiple rounds. Weak keys that reduce the algorithm's security are identified. Attacks like differential and linear cryptanalysis have been developed against DES. Alternatives like triple DES and extending the key length were proposed to strengthen it against attacks.
This document provides an overview of cryptography concepts including symmetric and asymmetric key algorithms, cryptographic hashes, and tools for cryptanalysis. It defines common terminology like plaintext, ciphertext, encryption, and decryption. Symmetric algorithms discussed include the Vernam cipher, A5/1, DES, AES, and RC4. Asymmetric algorithms covered are RSA and Diffie-Hellman key exchange. Cryptographic hashes like MD5 and SHA-1 are also summarized along with resources for cryptanalysis.
This document provides an overview of cryptography concepts including symmetric and asymmetric key algorithms, cryptographic hashes, and tools for cryptanalysis. It defines common terminology like plaintext, ciphertext, encryption, and decryption. Symmetric algorithms discussed include the Vernam cipher, A5/1, DES, AES, and RC4. Asymmetric algorithms covered are RSA and Diffie-Hellman key exchange. Cryptographic hashes like MD5 and SHA-1 are also summarized along with resources for cryptanalysis.
This document proposes a method for hiding secret data in encrypted and compressed video bitstreams for privacy protection. It involves encrypting the video using standard encryption keys, compressing it using H.264 encoding, and then embedding additional encrypted data into the encrypted video stream using bit wrapping without accessing the original video content. At the receiver end, the hidden data can be extracted from the encrypted or decrypted video stream. The performance is evaluated based on mean square error, peak signal-to-noise ratio, and correlation coefficient between the original and embedded video streams. The method aims to protect video privacy during transmission and storage while allowing hidden data to be embedded and extracted.
Slides for a college cryptography course at CCSF. Instructor: Sam Bowne
Based on: Understanding Cryptography: A Textbook for Students and Practitioners by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000 ASIN: B014P9I39Q
See https://samsclass.info/141/141_F17.shtml
The document provides an overview of cyber security concepts and the Data Encryption Standard (DES) algorithm. It defines key terminology like plaintext, ciphertext, encryption, decryption, and cryptography. It explains that DES is a symmetric block cipher that encrypts data in 64-bit blocks using a 56-bit key. DES operates by performing an initial permutation on the plaintext, then uses 16 rounds of encryption involving substitution boxes and key-dependent permutation/XOR operations to generate the ciphertext.
This document provides an overview of cryptography concepts including:
- Homework 1 is due on 1/18 and project 1 is due the next day
- It reviews classical ciphers, modern symmetric ciphers like DES, and basic cryptography terminology
- It describes the Feistel cipher structure used in DES, the DES algorithm details like key scheduling and rounds, and strengths and weaknesses of DES versus alternatives like AES and triple DES
Security Analysis of AES and Enhancing its Security by Modifying S-Box with a...IJCNCJournal
The document analyzes the security of the Advanced Encryption Standard (AES) algorithm and proposes a modification to enhance its security. It summarizes AES, including its key expansion process, rounds, and steps. It then evaluates AES-128 security based on time security against brute force attacks and avalanche effect criteria. The authors propose modifying AES by XORing an additional random byte with the s-box value to increase time security and strict avalanche criterion. Security measurements of the modified AES sometimes fluctuate due to the random additional key.
A General Session Based Bit Level Block Encoding Technique Using Symmetric Ke...ijcseit
In this paper a session based symmetric key cryptographic algorithm has been proposed and it is termed as
Matrix Based Bit Permutation Technique (MBBPT). MBBPT consider the plain text (i.e. the input file) as a
binary bit stream with finite number bits. This input bit stream is divided into manageable-sized blocks with
different length. The bits of the each block fit diagonally upward starting from ( 1 , 1 ) cell in a left to right
trajectory into a square matrix of suitable order n. Then the bits are taken from the square matrix
diagonally upward starting from ( n , n ) cell in a right to left trajectory to form the encrypted binary string
and from this encrypted string cipher text is formed. Combination of the values of block length and the no.
of blocks of a session generates the session key. For decryption the cipher text is considered as a stream of
binary bits. After processing the session key information, this binary string is divided into blocks. The bits
of the each block fit diagonally upward starting from ( n , n ) cell in a right to left trajectory into a square
matrix of suitable order n. Then the bits are taken from the square matrix diagonally upward starting from
( 1 , 1 ) cell in a left to right trajectory to form the decrypted binary string . Plain text is regenerated from
this binary string. Comparison of MBBPT with existing and industrially accepted TDES and AES has been
done.
A Universal Session Based Bit Level Symmetric Key Cryptographic Technique to ...IJNSA Journal
In this technical paper a session based symmetric key cryptographic technique, termed as SBSKCT, has been proposed. This proposed technique is very secure and suitable for encryption of large files of any type. SBSKCT considers the plain text as a string with finite no. of binary bits. This input binary string is broken down into blocks of various sizes (of 2k
order where k = 3, 4, 5, ….). The encrypted binary string
is formed by shifting the bit position of each block by a certain values for a certain number of times and from this string cipher text is formed. Combination of values of block length, no. of blocks and no. of iterations generates the session based key for SBSKCT. For decryption the cipher text is considered as
binary string. Using the session key information, this binary string is broken down into blocks. The decrypted binary string is formed by shifting the bit position of each block by a certain values for a certain number of times and from this string plain text is reformed. A comparison of SBSKCT with existing and industrially accepted TDES and AES has been done.
Leveraging Generative AI to Drive Nonprofit InnovationTechSoup
In this webinar, participants learned how to utilize Generative AI to streamline operations and elevate member engagement. Amazon Web Service experts provided a customer specific use cases and dived into low/no-code tools that are quick and easy to deploy through Amazon Web Service (AWS.)
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
Information and data security block cipher and the data encryption standard (...Mazin Alwaaly
Block ciphers like DES encrypt data in fixed-size blocks and use symmetric encryption keys. DES is a 64-bit block cipher that uses a 56-bit key. It employs a Feistel network structure with 16 rounds to provide diffusion and confusion of the plaintext block. Each round uses subkey-dependent substitution boxes and permutation functions. While DES was widely adopted, cryptanalysis techniques showed it could be broken with less than 256 tries, making the key size too short by modern standards.
This Presentation highlights the project in which i am currently working on.
Secure 2-party AES:
AES is one of the most widely used block cipher.It takes a secret key as input and a message block to be encrypted and generates the ciphertext corresponding to the message, without disclosing anything about the key or the message.
Typically the key and the message to be encrypted are available with a single entity.
Now consider a scenario where we have two parties, one holding the secret key and the other holding the message to be encrypted.
We want to design a protocol such that at the end of the protocol, the second party learns the encryption of the message (and no information about the key) while the first party learns nothing about the encrypted message.
The goal of this project will be to implement such a protocol.
A very clear presentation on Crytographic Alogotithms DES and RSA with basic concepts of cryptography. This presented by students of Techno India, Salt Lake.
There is great research in the field of data security these days. Storing information digitally in the cloud and transferring it over the internet proposes risks of disclosure and unauthorized access, thus users, organizations and businesses are adapting new technology and methods to protect their data from breaches. In this paper, we introduce a method to provide higher security for data transferred over the internet, or information based in the cloud. The introduced method for the most part depends on the Advanced Encryption Standard (AES) algorithm. Which is currently the standard for secret key encryption. A standardized version of the algorithm was used by The Federal Information Processing Standard 197 called Rijndael for the Advanced Encryption Standard. The AES algorithm processes data through a combination of Exclusive-OR operations (XOR), octet substitution with an S-box, row and column rotations, and a MixColumn operations. The fact that the algorithm could be easily implemented and run on a regular computer in a reasonable amount of time made it highly favorable and successful.
In this paper, the proposed method provides a new dimension of security to the AES algorithm by securing the key itself such that even when the key is disclosed, the text cannot be deciphered. This is done by enciphering the key using Output Feedback Block Mode Operation. This introduces a new level of security to the key in a way in which deciphering the data requires prior knowledge of the key and the algorithm used to encipher the key for the purpose of deciphering the transferred text.
Keywords: Keywords: Keywords: Keywords: Keywords: Keywords: Keywords:
Neuroscience core lecture given at the Icahn school of medicine at Mount Sinai. This is the version 2 of the same topic. I have made some modifications to give a more gentle introduction and add a new example for ngs.plot.
The document discusses classical encryption techniques used in cryptography. It begins with an overview of symmetric encryption and the basic concepts of plaintext, ciphertext, encryption, and decryption. It then covers various classical encryption techniques like the Caesar cipher, monoalphabetic cipher, Playfair cipher, polyalphabetic ciphers including the Vigenère cipher, Vernam cipher, and the theoretically unbreakable one-time pad cipher. It also discusses transposition techniques like the rail fence cipher and row transposition cipher.
Data Encryption standard in cryptographyNithyasriA2
The document discusses the Data Encryption Standard (DES) algorithm. It provides an overview of DES, including its history, encryption process, key generation process, and decryption process. It describes how DES uses a Feistel cipher structure with a 64-bit block size and 56-bit key. It also discusses various attacks that have been performed on DES, such as differential cryptanalysis and linear cryptanalysis, and how DES has been shown to be insecure due to increases in computational power allowing brute force attacks. Improved versions of DES using multiple encryptions, such as triple DES, are also summarized to increase the key size and security.
The document discusses stream ciphers and block ciphers. It explains that stream ciphers encrypt data bit-by-bit or byte-by-byte, requiring a randomly generated keystream, while block ciphers encrypt fixed-length blocks, allowing for broader applications. It then focuses on the Feistel cipher structure for block ciphers, proposed by Feistel to approximate an ideal block cipher for large block sizes. The Feistel structure uses a product cipher approach involving substitutions and permutations to provide diffusion and confusion and resist statistical cryptanalysis.
Next-generation sequencing format and visualization with ngs.plotLi Shen
Lecture given at the department of neuroscience, Icahn school of medicine at Mount Sinai. ngs.plot has been published in BMC genomics. Link: http://www.biomedcentral.com/1471-2164/15/284
The document discusses the Data Encryption Standard (DES) algorithm. It was adopted in 1977 and encrypts 64-bit blocks using a 56-bit key. The algorithm uses permutations and substitutions to encrypt data in multiple rounds. Weak keys that reduce the algorithm's security are identified. Attacks like differential and linear cryptanalysis have been developed against DES. Alternatives like triple DES and extending the key length were proposed to strengthen it against attacks.
This document provides an overview of cryptography concepts including symmetric and asymmetric key algorithms, cryptographic hashes, and tools for cryptanalysis. It defines common terminology like plaintext, ciphertext, encryption, and decryption. Symmetric algorithms discussed include the Vernam cipher, A5/1, DES, AES, and RC4. Asymmetric algorithms covered are RSA and Diffie-Hellman key exchange. Cryptographic hashes like MD5 and SHA-1 are also summarized along with resources for cryptanalysis.
This document provides an overview of cryptography concepts including symmetric and asymmetric key algorithms, cryptographic hashes, and tools for cryptanalysis. It defines common terminology like plaintext, ciphertext, encryption, and decryption. Symmetric algorithms discussed include the Vernam cipher, A5/1, DES, AES, and RC4. Asymmetric algorithms covered are RSA and Diffie-Hellman key exchange. Cryptographic hashes like MD5 and SHA-1 are also summarized along with resources for cryptanalysis.
This document proposes a method for hiding secret data in encrypted and compressed video bitstreams for privacy protection. It involves encrypting the video using standard encryption keys, compressing it using H.264 encoding, and then embedding additional encrypted data into the encrypted video stream using bit wrapping without accessing the original video content. At the receiver end, the hidden data can be extracted from the encrypted or decrypted video stream. The performance is evaluated based on mean square error, peak signal-to-noise ratio, and correlation coefficient between the original and embedded video streams. The method aims to protect video privacy during transmission and storage while allowing hidden data to be embedded and extracted.
Slides for a college cryptography course at CCSF. Instructor: Sam Bowne
Based on: Understanding Cryptography: A Textbook for Students and Practitioners by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000 ASIN: B014P9I39Q
See https://samsclass.info/141/141_F17.shtml
The document provides an overview of cyber security concepts and the Data Encryption Standard (DES) algorithm. It defines key terminology like plaintext, ciphertext, encryption, decryption, and cryptography. It explains that DES is a symmetric block cipher that encrypts data in 64-bit blocks using a 56-bit key. DES operates by performing an initial permutation on the plaintext, then uses 16 rounds of encryption involving substitution boxes and key-dependent permutation/XOR operations to generate the ciphertext.
This document provides an overview of cryptography concepts including:
- Homework 1 is due on 1/18 and project 1 is due the next day
- It reviews classical ciphers, modern symmetric ciphers like DES, and basic cryptography terminology
- It describes the Feistel cipher structure used in DES, the DES algorithm details like key scheduling and rounds, and strengths and weaknesses of DES versus alternatives like AES and triple DES
Security Analysis of AES and Enhancing its Security by Modifying S-Box with a...IJCNCJournal
The document analyzes the security of the Advanced Encryption Standard (AES) algorithm and proposes a modification to enhance its security. It summarizes AES, including its key expansion process, rounds, and steps. It then evaluates AES-128 security based on time security against brute force attacks and avalanche effect criteria. The authors propose modifying AES by XORing an additional random byte with the s-box value to increase time security and strict avalanche criterion. Security measurements of the modified AES sometimes fluctuate due to the random additional key.
A General Session Based Bit Level Block Encoding Technique Using Symmetric Ke...ijcseit
In this paper a session based symmetric key cryptographic algorithm has been proposed and it is termed as
Matrix Based Bit Permutation Technique (MBBPT). MBBPT consider the plain text (i.e. the input file) as a
binary bit stream with finite number bits. This input bit stream is divided into manageable-sized blocks with
different length. The bits of the each block fit diagonally upward starting from ( 1 , 1 ) cell in a left to right
trajectory into a square matrix of suitable order n. Then the bits are taken from the square matrix
diagonally upward starting from ( n , n ) cell in a right to left trajectory to form the encrypted binary string
and from this encrypted string cipher text is formed. Combination of the values of block length and the no.
of blocks of a session generates the session key. For decryption the cipher text is considered as a stream of
binary bits. After processing the session key information, this binary string is divided into blocks. The bits
of the each block fit diagonally upward starting from ( n , n ) cell in a right to left trajectory into a square
matrix of suitable order n. Then the bits are taken from the square matrix diagonally upward starting from
( 1 , 1 ) cell in a left to right trajectory to form the decrypted binary string . Plain text is regenerated from
this binary string. Comparison of MBBPT with existing and industrially accepted TDES and AES has been
done.
A Universal Session Based Bit Level Symmetric Key Cryptographic Technique to ...IJNSA Journal
In this technical paper a session based symmetric key cryptographic technique, termed as SBSKCT, has been proposed. This proposed technique is very secure and suitable for encryption of large files of any type. SBSKCT considers the plain text as a string with finite no. of binary bits. This input binary string is broken down into blocks of various sizes (of 2k
order where k = 3, 4, 5, ….). The encrypted binary string
is formed by shifting the bit position of each block by a certain values for a certain number of times and from this string cipher text is formed. Combination of values of block length, no. of blocks and no. of iterations generates the session based key for SBSKCT. For decryption the cipher text is considered as
binary string. Using the session key information, this binary string is broken down into blocks. The decrypted binary string is formed by shifting the bit position of each block by a certain values for a certain number of times and from this string plain text is reformed. A comparison of SBSKCT with existing and industrially accepted TDES and AES has been done.
Similar to 1 Cryptography Introduction_shared.ppt (20)
Leveraging Generative AI to Drive Nonprofit InnovationTechSoup
In this webinar, participants learned how to utilize Generative AI to streamline operations and elevate member engagement. Amazon Web Service experts provided a customer specific use cases and dived into low/no-code tools that are quick and easy to deploy through Amazon Web Service (AWS.)
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
This document provides an overview of wound healing, its functions, stages, mechanisms, factors affecting it, and complications.
A wound is a break in the integrity of the skin or tissues, which may be associated with disruption of the structure and function.
Healing is the body’s response to injury in an attempt to restore normal structure and functions.
Healing can occur in two ways: Regeneration and Repair
There are 4 phases of wound healing: hemostasis, inflammation, proliferation, and remodeling. This document also describes the mechanism of wound healing. Factors that affect healing include infection, uncontrolled diabetes, poor nutrition, age, anemia, the presence of foreign bodies, etc.
Complications of wound healing like infection, hyperpigmentation of scar, contractures, and keloid formation.
हिंदी वर्णमाला पीपीटी, hindi alphabet PPT presentation, hindi varnamala PPT, Hindi Varnamala pdf, हिंदी स्वर, हिंदी व्यंजन, sikhiye hindi varnmala, dr. mulla adam ali, hindi language and literature, hindi alphabet with drawing, hindi alphabet pdf, hindi varnamala for childrens, hindi language, hindi varnamala practice for kids, https://www.drmullaadamali.com
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
This presentation was provided by Steph Pollock of The American Psychological Association’s Journals Program, and Damita Snow, of The American Society of Civil Engineers (ASCE), for the initial session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session One: 'Setting Expectations: a DEIA Primer,' was held June 6, 2024.
Walmart Business+ and Spark Good for Nonprofits.pdfTechSoup
"Learn about all the ways Walmart supports nonprofit organizations.
You will hear from Liz Willett, the Head of Nonprofits, and hear about what Walmart is doing to help nonprofits, including Walmart Business and Spark Good. Walmart Business+ is a new offer for nonprofits that offers discounts and also streamlines nonprofits order and expense tracking, saving time and money.
The webinar may also give some examples on how nonprofits can best leverage Walmart Business+.
The event will cover the following::
Walmart Business + (https://business.walmart.com/plus) is a new shopping experience for nonprofits, schools, and local business customers that connects an exclusive online shopping experience to stores. Benefits include free delivery and shipping, a 'Spend Analytics” feature, special discounts, deals and tax-exempt shopping.
Special TechSoup offer for a free 180 days membership, and up to $150 in discounts on eligible orders.
Spark Good (walmart.com/sparkgood) is a charitable platform that enables nonprofits to receive donations directly from customers and associates.
Answers about how you can do more with Walmart!"
Chapter wise All Notes of First year Basic Civil Engineering.pptxDenish Jangid
Chapter wise All Notes of First year Basic Civil Engineering
Syllabus
Chapter-1
Introduction to objective, scope and outcome the subject
Chapter 2
Introduction: Scope and Specialization of Civil Engineering, Role of civil Engineer in Society, Impact of infrastructural development on economy of country.
Chapter 3
Surveying: Object Principles & Types of Surveying; Site Plans, Plans & Maps; Scales & Unit of different Measurements.
Linear Measurements: Instruments used. Linear Measurement by Tape, Ranging out Survey Lines and overcoming Obstructions; Measurements on sloping ground; Tape corrections, conventional symbols. Angular Measurements: Instruments used; Introduction to Compass Surveying, Bearings and Longitude & Latitude of a Line, Introduction to total station.
Levelling: Instrument used Object of levelling, Methods of levelling in brief, and Contour maps.
Chapter 4
Buildings: Selection of site for Buildings, Layout of Building Plan, Types of buildings, Plinth area, carpet area, floor space index, Introduction to building byelaws, concept of sun light & ventilation. Components of Buildings & their functions, Basic concept of R.C.C., Introduction to types of foundation
Chapter 5
Transportation: Introduction to Transportation Engineering; Traffic and Road Safety: Types and Characteristics of Various Modes of Transportation; Various Road Traffic Signs, Causes of Accidents and Road Safety Measures.
Chapter 6
Environmental Engineering: Environmental Pollution, Environmental Acts and Regulations, Functional Concepts of Ecology, Basics of Species, Biodiversity, Ecosystem, Hydrological Cycle; Chemical Cycles: Carbon, Nitrogen & Phosphorus; Energy Flow in Ecosystems.
Water Pollution: Water Quality standards, Introduction to Treatment & Disposal of Waste Water. Reuse and Saving of Water, Rain Water Harvesting. Solid Waste Management: Classification of Solid Waste, Collection, Transportation and Disposal of Solid. Recycling of Solid Waste: Energy Recovery, Sanitary Landfill, On-Site Sanitation. Air & Noise Pollution: Primary and Secondary air pollutants, Harmful effects of Air Pollution, Control of Air Pollution. . Noise Pollution Harmful Effects of noise pollution, control of noise pollution, Global warming & Climate Change, Ozone depletion, Greenhouse effect
Text Books:
1. Palancharmy, Basic Civil Engineering, McGraw Hill publishers.
2. Satheesh Gopi, Basic Civil Engineering, Pearson Publishers.
3. Ketki Rangwala Dalal, Essentials of Civil Engineering, Charotar Publishing House.
4. BCP, Surveying volume 1
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPRAHUL
This Dissertation explores the particular circumstances of Mirzapur, a region located in the
core of India. Mirzapur, with its varied terrains and abundant biodiversity, offers an optimal
environment for investigating the changes in vegetation cover dynamics. Our study utilizes
advanced technologies such as GIS (Geographic Information Systems) and Remote sensing to
analyze the transformations that have taken place over the course of a decade.
The complex relationship between human activities and the environment has been the focus
of extensive research and worry. As the global community grapples with swift urbanization,
population expansion, and economic progress, the effects on natural ecosystems are becoming
more evident. A crucial element of this impact is the alteration of vegetation cover, which plays a
significant role in maintaining the ecological equilibrium of our planet.Land serves as the foundation for all human activities and provides the necessary materials for
these activities. As the most crucial natural resource, its utilization by humans results in different
'Land uses,' which are determined by both human activities and the physical characteristics of the
land.
The utilization of land is impacted by human needs and environmental factors. In countries
like India, rapid population growth and the emphasis on extensive resource exploitation can lead
to significant land degradation, adversely affecting the region's land cover.
Therefore, human intervention has significantly influenced land use patterns over many
centuries, evolving its structure over time and space. In the present era, these changes have
accelerated due to factors such as agriculture and urbanization. Information regarding land use and
cover is essential for various planning and management tasks related to the Earth's surface,
providing crucial environmental data for scientific, resource management, policy purposes, and
diverse human activities.
Accurate understanding of land use and cover is imperative for the development planning
of any area. Consequently, a wide range of professionals, including earth system scientists, land
and water managers, and urban planners, are interested in obtaining data on land use and cover
changes, conversion trends, and other related patterns. The spatial dimensions of land use and
cover support policymakers and scientists in making well-informed decisions, as alterations in
these patterns indicate shifts in economic and social conditions. Monitoring such changes with the
help of Advanced technologies like Remote Sensing and Geographic Information Systems is
crucial for coordinated efforts across different administrative levels. Advanced technologies like
Remote Sensing and Geographic Information Systems
9
Changes in vegetation cover refer to variations in the distribution, composition, and overall
structure of plant communities across different temporal and spatial scales. These changes can
occur natural.
1. JLM 20060107 22:16 1
University of Washington
CSEP 590TU – Practical Aspects of
Modern Cryptography
Instructors: Josh Benaloh, Brian LaMacchia, John Manferdelli
Tuesdays: 6:30-9:30, Allen Center 305
Webpage: http://www.cs.washington.edu/education/courses/csep590/06wi/
Recommended texts:
Stinson, Cryptography, Theory and Practice. 2nd Edition, CRC Press,
2002.
Menezes, vanOrtshot, Vanstone. Handbook of Applied Cryptography.
Ferguson and Schneier, Practical Cryptography.
2. JLM 20060107 22:16 2
New Lecture Schedule
Date Topic Lecturer
1 1/3 Practical Aspects of Cryptography Josh
2 1/10 Symmetric Key Ciphers and Hashes John
3 1/17 Public Key Ciphers Josh
4 1/24 Cryptographic Protocols I Brian
5 1/31 Cryptographic Protocols II Brian
6 2/7 Security of Block Ciphers John
7 2/14 AES and Cryptographic Hashes John
8 2/21 Trust, PKI, Key Management [Last HW
Assignment)
Brian
9 3/1 Random Numbers/Elliptic Curve Crypto Josh
10 3/8 Three topics: Elections, ITAR/Politics, Side
Channels/Timing Attacks, DRM, BigNum
Implementation
All
4. JLM 20060107 22:16 4
Communications Engineers Coat of
Arms
Plaintext
(P)
Noisy insecure
channel
Compress
(to save space)
The Source
Sender: Alice
The Sink
Receiver:Bob
Plaintext
(P)
Encrypt
(for confidentiality)
Encode
(to correct errors)
Noisy insecure
channel
Decompress
(to save space)
Decrypt
(for confidentiality)
Decode
(to correct errors)
5. JLM 20060107 22:16 5
Symmetric Encryption
• Symmetric Key cryptographic algorithms use a secret
known to the authorized parties called a “key”. Encryption
and Decryption use the same key.
– The transformations are simple and fast enough for practical use
and implementation.
– “Keyspace” large enough to protect against exhaustive search.
– The encryption algorithm must be efficiently invertible.
– Two major types: Stream ciphers and Block ciphers
Key (k)
Ciphertext (C)
Encrypt
Ek(P)
Plaintext (P)
Key (k)
Plaintext (P)
Decrypt
Dk(P)
Ciphertext (C)
6. JLM 20060107 22:16 6
Why go Ugly?
Algorithm Speed
RSA-1024 Encrypt .32 ms/op (128B), 384 KB/sec
RSA-1024 Decrypt 10.32 ms/op (128B), 13 KB/sec
AES-128 .53 ms/op (16B), 30MB/sec
RC4 .016 ms/op (1B), 63 MB/sec
DES .622 ms/op (8B), 12.87 MB/sec
RSA implementation uses CRT, Karasuba and Montgomery.
Timings do not include setup. All results are for an 850MHz x86.
7. JLM 20060107 22:16 7
Ugly II
Algorithm Speed
SHA-1 48.46 MB/sec
SHA-256 24.75 MB/sec
SHA-512 8.25 MB/sec
Timings do not include setup. All results are for an 850MHz x86.
9. JLM 20060107 22:16 9
Suite B - Computation Cost
Symmetric Key Size Ratio RSA/DH:EC
80 3:1
112 6:1
128 10:1
192 32:1
256 64:1
10. JLM 20060107 22:16 10
Adversaries and their Discontents
Eve
Plaintext
(P) Channel
Encrypt Decrypt
Alice
Bob
Plaintext
(P)
Wiretap Adversary
Man in the Middle Adversary
Mallory
Plaintext
(P)
Encrypt Decrypt
Alice Bob
Plaintext
(P)
Channel
11. JLM 20060107 22:16 11
Adversaries
• Cryptography is computing/communicating in the presence
of an Adversary
• An Adversary’s strength is characterized by:
– Computational resources available to the adversary:
– Exponential time/memory
– Polynomial time/memory
– Nature of access to cryptographically protected data:
– Probable plaintext attacks
– Known plaintext/ciphertext attacks
– Chosen plaintext attacks
– Adaptive interactive chosen plaintext attacks (oracle model)
– Physical Access
• Outsider threat
• Insider Threat (Timing, side channels)
• Trusted Insider Threat (Some key access)
12. JLM 20060107 22:16 12
Cipher Requirements
• WW II
– Universally available (simple, light instrumentation) - interoperability
– Compact , rugged: Easy for people to use
– Security in key only: We assume that the attacker knows the
complete details of the cryptographic algorithm and implementation
– Adversary has access to some corresponding plain and ciphertext
• Now
– Adversary has access to unlimited ciphertext and lots of chosen text
– Implementation in digital devices (power/speed) paramount
– Easy for computers to use
– Resistant to ridiculous amount of computing power
13. JLM 20060107 22:16 13
Practical Attacks
• Exhaustive Search of Key space
• Exhaustive Search of Keyspace Restricted by poor
practice.
– For example non random key generation
• Exploiting bad key Management/Storage
• Bribing Keyholder
• Side Channel/Timing
• Exploiting encryption Errors
• Spoofing (ATM PIN)
• Leaking due to size, position, language choice, repetition,
frequency, intersymbol transitions
14. JLM 20060107 22:16 14
Some Formal Attack Requirements
• Indistinguishability:
– Given two messages and the encryption of one of the
messages (the target ciphertext), it is hard to determine
which message is encrypted
– Related to Semantic Security
• Non-Malleability :
– Given a target ciphertext y, it is hard to find another
ciphertext y’ such that the corresponding plaintexts are
“meaningfully related”
RSA Slide --- Key Management
15. JLM 20060107 22:16 15
Security In Practice
• Balances risk of loss, usability and operational efficiency
against costs
• Risk assessed against “known” threat and absolute
computing model. (e.g.- Linear cryptanalysis in 243 steps
rather that O(f(n))).
• This requires an intelligent assessment of each problem
case and computing/communication environment.
• The greatest threat to “good security” is the insistence on
perfect security.
16. JLM 20060107 22:16 16
Block Cipher
• In a block cipher, plaintext is encrypted in blocks of m
elements of the alphabet. In the binary block case, m is the
block length in bits and Ek: P C where
• P=C= {0,1,…, 2m-1}.
• Since Ek is invertible, Ek e SN, the permutations on N = 2m
elements. Thus Ek: k SN.
• Think of k as selecting an element from SN , which is
enormous.
• | SN| = N! (2 p N) (N/e)N. For example, in DES, the
keyspace has N=256 elements, SN has more than (264)N
elements which is way, way more than the number of
elementary particles in the universe
17. JLM 20060107 22:16 17
Block Ciphers: Modes
• ECB : ci= Ek(pi)
– Same plaintext gets same ciphertext anywhere in stream
– Not semantically secure
– All other modes safer for long communications.
• CBC: c0 = IV, ci= Ek(pi+ci-1)
– Errors propagate two blocks
– Can’t use parrallel HW or pre-processing, slower
• OFB: z0 = IV, zi= Ek(zi-1), ci= pi + zi
– Limited error propagation
• CFB: c0 = IV, zi= Ek(ci-1), ci= pi + zi
– Error propagates for a few blocks but self-synchronizing
• CTR: zi= Ek(nonce || i), ci= pi + zi
– Never reuse nonce key combination
– Current favorite: fast, random access, allows preprocessing, similar security to
CBC
18. JLM 20060107 22:16 18
Stream Cipher – Definition and
Example
• A Stream Cipher takes an arbitrary sequence of elements
from the (plaintext) input alphabet to the (ciphertext) output
alphabet.
• Example for the binary alphabet:
• Let mt represents the bits of the plaintext, t =1,2,…
• Let kt be bits selected from a random source, t =1,2,…
• Let ct represent the ciphertext bits. ct= mt kt defines a
self-reciprocal (self inverting) stream cipher called a
one-time pad.
• You can’t beat one time pads for security (can you spot
why they are seldom used?)
20. JLM 20060107 22:16 20
Group Theory in Cryptography - 1
• Groups are sets of elements that have a binary operation with the
following properties:
1. If x,y,z e G, xy e G and (xy)z=x(yz). It is not always true xy=yx.
2. There is an identity element 1 e G and 1x=x1=x for all x in G
3. For all, x in G there is an element x-1 e G and x x-1 =1= x-1 x
• One very important group is the group of all bijective maps from a
set of n elements to itself denoted Sn or Sn. These are called the
“permutations of n elements.” The “binary operation” is the
composition of mappings. The identity element leaves every
element alone. The inverse of a mapping, x, “undoes” what x does.
• If s e Sn and the image of x is y we can write this two ways: y= s
(x); this is the usual functional notation your used to where
mappings are applied “from the left”. When mappings are applied
from the left and s and d are elements of Sn sd denotes the
mapping obtained by applying d first and then s - i.e. y= s(d(x)).
• Some people apply mappings from the right. They would write
y=(x) s. For them, sd denotes the mapping obtained by applying s
first and then d - i.e. y= ((x)s)d.
21. JLM 20060107 22:16 21
Group Theory in Cryptography - 2
• The smallest k such that sk=1 is called the order of s. G is finite if it
has a finite number of elements. In a finite group, all elements have
finite order and the order of each element divides the number of
elements of G (Lagrange’s Theorem).
• Example. Let G= S4.
– s= 12, 23, 34, 41, d= 13, 24, 31, 42.
s-1= 14, 21, 32, 43
– Applying mappings “from the left”, sd= 14, 21,32,43.
– Sometimes s is written like this:
s= 1 2 3 4
2 3 4 1
– Sometimes permutations are written as products of cycles:
s=(1234)and d= (13)(24).
22. JLM 20060107 22:16 22
Transpositions
• Grilles
B U L L
W I N K
L E I S BWLAEUINEDLNIOLKSP
A D O P
E
ci= pS(i) where
S=(1)(2,5,17,16,12,11,7,6)(3,9,14,4,13,15,8,10)
23. JLM 20060107 22:16 23
Breaking Completely filled Columnar
Transposition
Procedure
1. Determine rectangle dimensions (l,w) by noting that message
length=m = l x w. Here m=77, so l=7, w=11 or l=11, w=7
2. Anagram to obtain relative column positions
Note a transposition is easy to spot since letter frequency is the same as
regular English.
Message (from Sinkov)
EOEYE GTRNP SECEH HETYH SNGND DDDET OCRAE RAEMH
TECSE USIAR WKDRI RNYAR ABUEY ICNTT CEIET US
24. JLM 20060107 22:16 24
Anagramming
• Look for words, digraphs, etc.
• Note: Everything is very easy in corresponding
plain/ciphertext attack
1
E
O
E
Y
E
G
T
R
N
P
S
3
G
N
D
D
D
D
E
T
O
C
R
6
R
N
Y
A
R
A
N
U
E
Y
I
5
E
U
S
I
A
R
W
K
D
R
I
7
C
N
T
T
C
E
I
E
T
U
S
2
E
C
E
H
H
E
T
Y
H
S
N
4
A
E
R
A
E
M
H
T
E
C
S
1
E
O
E
Y
E
G
T
R
N
P
S
3
G
N
D
D
D
D
E
T
O
C
R
6
R
N
Y
A
R
A
N
U
E
Y
I
5
E
U
S
I
A
R
W
K
D
R
I
7
C
N
T
T
C
E
I
E
T
U
S
2
E
C
E
H
H
E
T
Y
H
S
N
4
A
E
R
A
E
M
H
T
E
C
S
25. JLM 20060107 22:16 25
Alphabetic Substitution
• A monoalphabetic cipher maps each occurrence of a
plaintext character to one ciphertext character
• A polyalphabetic cipher maps each occurrence of a
plaintext character to more than one ciphertext character
• A polygraphic cipher maps more than one plaintext
character at a time
– Groups of plaintext characters are replaced by assigned
groups of ciphertext characters
26. JLM 20060107 22:16 26
Et Tu Brute?: Substitutions
Caeser Cipher
B U L L W I N K L E I S A D O P E
D W N N Y K P M N G K U C F Q S G
c= pCk, C= (ABCDEFGHIJKLMNOPQRSTUVWXYZ), k= 2 here
k=3 for classical Caeser
27. JLM 20060107 22:16 27
Attacks on Monoalphabetic
Substitution
• Letter Frequency
A .0651738 B .0124248 C .0217339 D .0349835
E .1041442 F .0197881 G .0158610 H .0492888
I .0558094 J .0009033 K .0050529 L .0331490
M .0202124 N .0564513 O .0596302 P .0137645
Q .0008606 R .0497563 S .0515760 T .0729357
U .0225134 V .0082903 W .0171272 X .0013692
Y .0145984 Z .0007836 sp .1918182
• Probable word.
• Corresponding plain/cipher text makes this trivial.
28. JLM 20060107 22:16 28
Polygraphic Frequencies
• Bigraphs
EN RE ER NT TH
ON IN TE AN OR
ST ED NE VE ES
ND TO SE AT TI
• Trigraphs
ENT ION AND ING IVE
TIO FOR OUR THI ONE
• Words
THE OF AND TO A
IN THAT IS I IT
FOR AS WITH WAS HIS
HE BE NOT BY BUT
HAVE YOU WHICH ARE ON
30. JLM 20060107 22:16 30
Letter Frequency Bar Graph
Letter Frequency
0
10
20
30
40
50
60
1
Letter
Count
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
32. JLM 20060107 22:16 32
Vigenere Multialphabetic Cipher
6 Alphabet Direct Standard Example (Keyword: SYMBOL)
ABCDEFGHIJKLMNOPQRSTUVWXYZ PLAIN: GET OUT NOW
-------------------------- KEY: SYM BOL SYM
STUVWXYZABCDEFGHIJKLMNOPQR CIPHER: YCF PIE FMI
YZABCDEFGHIJKLMNOPQRSTUVWX
MNOPQRSTUVWXYZABCDEFGHIJKL
BCDEFGHIJKLMNOPQRSTUVWXYZA
OPQRSTUVWXYZABCDEFGHIJKLMN
LMNOPQRSTUVWXYZABCDEFGHIJK
33. JLM 20060107 22:16 33
Constructing Vig Alphabets
Direct Standard:
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Reverse Standard:
ZYXWVUTSRQPONMLKJIHGFEDCBA
Keyword Direct (Keyword: NEW YORK CITY):
NEWYORKCITABDFGHJLMPQRSUVZ
Keyword Transposed (Keyword: CHICAGO):
CHIAGO
BDEFJK
LMNPQR
STUVWX
YZ
CBLSYHDMTZIENUAFPVGJQWOKRX
34. JLM 20060107 22:16 34
Solving Vigenere
1. Determine Number of Alphabets
• Repeated runs yield interval differences. Number of
alphabets is the gcd of these. (Kasiski)
• Statistics: Index of coincidence
2. Determine Plaintext Alphabet
3. Determine Ciphertext Alphabets
35. JLM 20060107 22:16 35
Statistical Tests for Alphabet Identification
• Index of coincidence for letter frequency
– Can choose same letters fi choose 2 ways
IC = Si fi(fi-1)/(n(n-1)), so IC Si pi
2
– For English Text IC .07
– For Random Text IC= 1/26=.038
– IC is useful for determining number of alphabets (key length) and
aligning alphabets. For n letters enciphered with m alphabets:
– IC(n,m)= 1/m (n-m)/(n-1) (.07) + (m-1)/m n/(n-1) (.038)
• Other Statistics
– Vowel Consonant pairing
– Digraph, trigraph frequency
36. JLM 20060107 22:16 36
Review of Attacks on Polyalphabet
• Letter Frequency, multigram frequencies, transition probabilities
• Index of Coincidence
• Alphabet Chaining
• Sliding Probable Text
• Limited Keyspace search
• Long repeated sequences in ciphertext
• Markoff like contact processes
• Decimation of sequences
• Log weights
• Generatrix
• Direct and indirect symmetries
38. JLM 20060107 22:16 38
Hill Cipher
• The Hill cipher is a block cipher with block size is 2 over the “normal”
alphabet.
• Assign each letter a number between 0 and 25 (inclusive)
– For example, a = 0, b = 1, . . ., z = 25 (z is used as space)
• Let p1p2 be two successive plaintext letters. c1c2 are the ciphertext
output where
• Apply the inverse of the “key matrix” [k11 k12 | k21 k22] to transform
ciphertext into plaintext
• Works better if we add space (27=33 letters) or throw out a letter (25=52)
c1 = k11p1 + k12p2 (mod 26)
c2 = k21p1 + k22p2 (mod 26)
39. JLM 20060107 22:16 39
Breaking Hill
• The Hill cipher is resistant to a ciphertext only attack with
limited ciphertext.
– Increasing the block size increases the resistance.
• It is trivial to break using a known plaintext attack.
– The process is much like the method used to break an affine cipher.
Corresponding plaintext/ciphertext are used to set up a system of
equations whose solutions are the key bits.
40. JLM 20060107 22:16 40
Information Theory Motivation
• How much information is in a binary string?
• Game: I have a value between 0 and 2n-1 (inclusive), find it by asking
the minimum number of yes/no questions.
• Write the number as [bn-1bn-2…b0]2 .
• Questions: Is bn-1 1?, Is bn-2 1? , … , Is b0 1?
• So, what is the amount of information in a number between 0 and 2n-1?
• Answer: n bits
• The same question: Let X be a probability distribution taking on values
between 0 and 2n-1 with equal probability. What is the information content
of a observation?
• There is a mathematical function that measures the information in an
observation from a probability distribution. It’s demoted H(X).
• H(X)= Si –pilg(pi)
41. JLM 20060107 22:16 41
Information Theory
• The “definition” of H(X), which is called entropy, has two desireable
properties
• Doubling the storage (the bits your familiar with) doubles the
information content
• H(1/2, 1/3, 1/6)= H(1/2, 1/2) + ½ H(2/3,1/3)
• It was originally developed to study how efficiently one can reliably
transmit information over “noisy” channel.
• Applied by Shannon to Cryptography (Communication Theory of
Secrecy Systems. BTSJ, 1949)
• Entropy which measures “amount” of uncertainty that is represented in a
sample drawn from a stochastic distribution
• Thus information learned about Y by observing X is I(Y,X)= H(Y)-H(Y|X).
• Can be used to estimate requirements for cryptanalysis of a cipher.
42. JLM 20060107 22:16 42
Information Theory in Cryptography
• Studying key search
• Distribution A: 2 bit key each key equally likely
• Distribution B: 4 bit key each key equally likely
• Distribution C: n bit key each key equally likely
• Distribution A’: 2 bit key selected from distribution (1/2, 1/6, 1/6,
1/6)
• Distribution B’: 4 bit key selected from distribution (1/2, 1/30, 1/30,
…, 1/30)
• Distribution C’: n bit key selected from distribution (1/2, ½ 1/(2n-
1),…, ½ 1/(2n-1))
43. JLM 20060107 22:16 43
Information Theory in Cryptography
• How much information is there in a key drawn from a random variable
X
• Distribution A: H(X)= ¼ lg(4) + ¼ lg(4) + ¼ lg(4) +1/4 lg(4) = 2 bits
• Distribution B: H(X)= 16 x (1/16 lg(16))= 4 bits
• Distribution C: H(X)= 2n x (1/2n) lg(2n) = n bits
• Distribution A’: H(X) = ½ lg(2) + 3 x(1/6 lg(6))= 1.79 bits
• Distribution B’: H(X) = ½ lg(2) + 15 x(1/30 lg(30))= 2.95 bits
• Distribution C’: H(X) = ½ lg(2) + 1/2 2n-1 x(1/(2n-1) lg(2n-1)) n/2+1 bits
44. JLM 20060107 22:16 44
Information Theory in Cryptography
• What is the expected number of keys that must be tried to
determine a key drawn from a random variable X
• Distribution A: E(X)= ¼ (1+2+3) = 1.5 trials
• Distribution B: E(X)= 1/16 (1+2+…+15)=7.5 trials
• Distribution C: E(X)= 1/2n (1+2+ … +2n) = (2n-1)/2 trials
• Distribution A’: E(X) = ½ x 1 + 1/6(2+3)= 4/3 trials
• Distribution B’: E(X) = ½ X1 + 1/30 (2+3+…+15)= 125/12 trials
• Distribution C’: E(X) = ½ X1 + ½ 1/(2n-1)(2+3+…+2n-1)=
½ + ¼ 1/(2n-1) (2n-1)(2n+1)trials
45. JLM 20060107 22:16 45
Equivocation and Bayes Theorem
• HE= Lim nS(x[1],…,x[n]) (1/n)Pr(X=(x[1],…,x[n]))
lg(Pr(X=(x[1],…,x[n])))
• For random stream of letters
• HR= Si(1/26)lg(26)=4.7004
• For English
• HEnglish = 1.2-1.5 (so English is about 75% redundant)
• There are approximately T(n)= 2nH n symbol messages that can
be drawn from the meaningful English sample space.
• H(X,Y)= H(Y)+H(X|Y)
• Bayes: P(x|y) P(y)= P(x)P(y|x)
• X and Y are independent if P(X,Y)= P(X)P(Y)
46. JLM 20060107 22:16 46
Some Information Theory Theorems
• H(K|C)= H(M|C)+ H(K|M,C)
Proof:
H(K|C)= H(K,C)-H(C), H(K|M,C)= H(M, K, C)-H(M,C).
H(M|C)= H(M,C) –H(C). Thus, H(K|C)= H(K,C)-H(M,C)+H(M|C).
H(M|K,C)= H(M,K,C)- H(K,C), but H(M|K,C)= 0 since there is no
uncertainty in the message given the ciphertext and the key.
H(K|M,C)= H(M,K,C)- H(M,C). So H(K|M,C)= H(K,C)- H(M,C).
Thus H(K|C)= H(K|M,C)+H(M|C).
• Perfect Security: P(C|M)=P(C)
47. JLM 20060107 22:16 47
Unicity and Random Ciphers
Question: How many messages do I need to trial decode so
that the expected number of false keys for which all m
messages land in the meaningless subset is less than 1?
Answer: The unicity point.
Nice application of Information Theory.
Theorem: Let H be the entropy of the source (say English)
and let S be the alphabet. Let K be the set of
(equiprobable) keys. Then u= lg(|K|)/(lg(|S|)-H).
48. JLM 20060107 22:16 48
Unicity for Random Ciphers
Cipher Messages
|S|n Non-Meaningful Messages
Meaningful Messages
2Hn
Decoding with correct key
Decoding with incorrect key
49. JLM 20060107 22:16 49
Unicity Distance for Monoalphabet
HCaeserKey= Hrandom = lg(26)= 4.7004
HEnglish 1.2.
For Caeser, u lg(26)/(4.7-1.2) 4 symbols, for ciphertext
only attack. For known plaintext/ciphertext, only 1
corresponding plain/cipher symbol is required for unique
decode.
For arbitrary substitution, u lg(26!)/(4.7-1.2) 25 symbols
for ciphertext only attack. For corresponding
plain/ciphertext attack, about 8-10 symbols are required.
Both estimates are remarkably close to actual experience.
50. JLM 20060107 22:16 50
Application: One Time Pads are
“unbreakable”
M, C, K are n bits long
P(M=x|C=y)=P(M=x and C=y)/P(C=y).
P(M=x and C=y) =P(M=x and K=x y)=P(M=x)P(K=x
y)=P(M=x)2-n
P(C=y)= SxP(M=x and C=y)= SxP(M=x)2-n=2-n
So P(M=x|C=y)= P(M=x) 2-n/2-n=P(M=x)
51. JLM 20060107 22:16 51
Information Theoretic Estimates
to break monoalphabet
Cipher Type of Attack Information
Resources
Computational
Resources
Caeser Ciphertext only U= 4.7/1.2=4
letters
26 computations
Caeser Known plaintext 1 corresponding
plain/cipher pair
1
Substitution Ciphertext only ~30 letters O(1)
Substitution Known plaintext ~10 letters O(1)
52. JLM 20060107 22:16 52
Mixing cryptographic elements to produce
strong cipher
• Diffusion – transposition
– Using group theory, the action of a transposition t on a1 a2 …ak could be
written as at(1) at(2) …at(k) .
• Confusion – substitution
– Using group theory, the action of a substitution s on a1 a2 …ak could be
written as s(a1) s(a2) … s(ak) .
• Transpositions and substitutions may depend on keys. Keyed
permutations may be written as sk(x). Incidentially, a block cipher on b
bits is nothing more than a keyed permutation on 2b symbols.
• Iterative Ciphers – key dependant staged iteration of combination of
basic elements is very effective way to construct cipher. (DES, AES)
56. JLM 20060107 22:16 56
Group Theory for Rotors
• Theorem: If s=(a11 a12 … a1i) (a11 … a1j) … (a11 … a1k)then
dsd-1= (da11 da12 … da1i) (da11 … da1j) … (da11 … da1k).
• When permutations are written as products of cycles, it is very easy to
calculate their order. (It is the LCM of the length of the cycles).
• Writing cryptographic processes as group operation can be very useful.
For example, if R denotes the mapping of a “rotor” and C=(1,2,…,26),
the mapping of the rotor “turned” one position is CRC-1.
Reference:
Rotman, Group Theory.
Lang, Algebra.
Hall, Group Theory. Chelsea.
57. JLM 20060107 22:16 57
Diagrammatic Enigma Structure
Message flows right to left
U: Umkehrwalze (reversing drum)
N,M,L: First (fastest), second
third rotors
S: Stecker (plugboard)
U L M N S
Lamps
Keyboard
B
L
Diagram courtesy of Carl Ellison
58. JLM 20060107 22:16 58
Military Enigma
Encryption Equation
c= (p) PiNP-i PjMP-j PkLP-k U PkL-1P-k PjM-1P-j PiN-1P-i
– K: Keyboard
– P=(ABCDEFGHIJKLMNOPQRSTUVWXYZ)
– N: First Rotor
– M: Second Rotor
– L: Third Rotor
– U: Reflector. Note: U=U-1.
– i,j,k: Number of rotations of first, second and third rotors
respectively.
• Later military models added plug-board (S) and additional
rotor (not included). The equation with Plugboard is:
c=(p)S PiNP-i PjMP-j PkLP-k U PkL-1P-k PjM-1P-j PiN-1P-i S-1
59. JLM 20060107 22:16 59
Enigma Data
Rotors
Input ABCDEFGHIJKLMNOPQRSTUVWXYZ
Rotor I EKMFLGDQVZNTOWYHXUSPAIBRCJ
Rotor II AJDKSIRUXBLHWTMCQGZNPYFVOE
Rotor III BDFHJLCPRTXVZNYEIWGAKMUSQO
Rotor IV ESOVPZJAYQUIRHXLNFTGKDCMWB
Rotor V VZBRGITYUPSDNHLXAWMJQOFECK
Rotor VI JPGVOUMFYQBENHZRDKASXLICTW
Rotor VII NZJHGRCXMYSWBOUFAIVLPEKQDT
Reflector B (AY) (BR) (CU) (DH) (EQ) (FS) (GL) (IP)
(JX) (KN) (MO) (TZ) (VW)
Reflector C (AF) (BV) (CP) (DJ) (EI) (GO) (HY) (KR)
(LZ) (MX) (NW) (TQ) (SU)
Ring Turnover
Rotor I R
Rotor II F
Rotor III W
Rotor IV K
Rotor V A
Rotors VI A/N
60. JLM 20060107 22:16 60
Military Enigma Key Length
• Key Length (rotor order, rotor positions, plugboard)
– 60 rotor orders. lg(60)= 5.9 bits.
– 26*26*26 = 17576 initial rotor positions. lg(17576)= 14.1 bits of key
– 10 exchanging steckers were specified yielding C(26,2)
C(24,2)…C(8,2)/10! = 150,738,274,937,250.
lg(150,738,274,937,250)= 47.1 bits as used
– Bits of key: 5.9 + 14.1 + 47.1 = 67.1 bits
– Note: plugboard triples entropy of key!
• Rotor Wiring State
– lg(26!) = 88.4 bits/rotor.
• Total Key including rotor wiring:
– 67.1 bits + 3 x 88.4 bits = 312.3 bits
61. JLM 20060107 22:16 61
Method of Batons
• Applies to Enigma
– Without plugboard
– With fast rotor ordering known and only the fast rotor moving
– With a “crib”
• Let N be the fast rotor and Z the combined effect of the other apparatus,
then N-1ZN(p)=c.
• Since ZN(p)=N(c), we know the wiring of N and a crib, we can play the
crib against each of the 26 possible positions of N for the plaintext and
the ciphertext. In the correct position, there will be no “scritches” or
contradictions in repeated letters.
• This method was used to “analyze” the early Enigma variants used in
the Spanish Civil War and is the reason the Germans added the
plugboard.
• Countermeasure: Move fast rotor next to reflector.
62. JLM 20060107 22:16 62
German Key Management before 5/40
• Daily keys were distributed on paper monthly and distributed by
courier. Each daily key consisted of a line specifying:
– (date, rotor order, ring settings, plug settings -10)
• For each message
1. Operator chooses a 3-letter sequences, the “indicator” and the “text”
2. Operator set rotor positions to indicator and encrypted text twice.
3. Machine rotor positions were reset to “text” positions and the message
encrypted.
4. Operator prepended indicator and twice encrypted rotor order text to
transmitted message.
• This was done to avoid starting rotors in the same position for each
message without enormous key lists.
– Good motivation. Bad idea.
63. JLM 20060107 22:16 63
Changes German use of Enigma
1. Plugboard added– 6/30
2. Key setting method – 1/38
3. Rotors IV and V – 12/38
4. More plugs - 1/39
5. End of message key pair encipherment – 5/40
64. JLM 20060107 22:16 64
Polish (Rejewski) Attack
• Rejewski exploited weakness in German keying procedure to
determine rotor wiring
– Rejewski had ciphertext for several months but no German Enigma.
– Rejewski had Stecker settings for 2 months (from a German spy via the
French in 12/32), leaving 265.2 bits of key (the wirings) to be found. He
did.
• Poles determine the daily keys
– Rejewski catalogued the characteristics of rotor settings to detect daily
settings. He did this with two connected Enigmas offset by 3 positions (the
“cyclotometer”).
– In 9/38, when the “message key” was no longer selected from standard
setting (the Enigma operator to choose a different encipherment start
called the indicator), Rejewski’s characteristics stopped working.
– Zygalski developed a new characteristic and computation device (“Zygalski
sheets”) to catalog characteristics which appeared when 1st/4th,
2nd/5th,3rd/6th ciphertext letters in encrypted message keys (“Females”)
were the same.
65. JLM 20060107 22:16 65
How Rejewski did it
Recall c=(p)S PiNP-i PjMP-j PkLP-k U PkL-1P-k PjM-1P-j PiN-1P-I
S-1
Let Q= MLUL-1M-1=Q-1
Then the first 6 permutations (used to encrypt settings twice) are:
– A=A-1= SP1NP-1QP1N-1P-1S-1, B=B-1= SP2NP-2QP2N-1P-2S-1
– C=C-1= SP3NP-3QP3N-1P-3S-1, D=D-1= SP4NP-4QP4N-1P-4S-1
– E=E-1= SP5NP-5QP5N-1P-5S-1, F=F-1= SP6NP-6QP6N-1P-6S-1
Their products and what they reveal about encrypted settings
(c1c2c3c4c5c6):
– AD= SP1NP-1QP1N-1P3NP-4QP4N-1P-4S-1
. (c1)AD= c4.
– BE= SP2NP-2QP2N-1P3NP-5QP5N-1P-5S-1
. (c2)BE= c5.
– CF= SP3NP-3QP3N-1P3NP-6QP6N-1P-6S-1
. (c3)CF= c6.
So we can find AD, BE and CF after about 80 messages.
66. JLM 20060107 22:16 66
How Rejewski did it (continued)
We don’t know S, N or Q. Suppose
– AD= (dvpfkxgzyo)(eijmunqlht)(bc)(rw)(a)(s)
– BE= (blfqveoum)(hjpswizrn)(axt)(cgy)(d)(k)
– CF= (abviktjgfcqny)(duzrehlxwpsmo)
Now the following two simple Group Theory Theorems help:
1. The product of two permutations of the same degree consisting of
products of disjoint transpositions has an even number of cycles
of the same length and the each element of a transposition
ends up in different cycles of the same length.
2. Two permutations in Sn are conjugate (s=r-1dr) iff they have the
same cycle structure.
67. JLM 20060107 22:16 67
How Rejewski did it (conclusion)
• Using the first theorem, the expression for CF gives 13 possibilities for C and
F, 27(=3x9) possibilities for B and E and 20(=2x10) possibilities for A and D.
• Histograms of the enciphered message keys showed spikes. Rejewski
deduced, correctly, that these were often for plaintext keys AAA, BBB, CCC,
etc. --- that allowed him to line up cycles between the three Enigma pairs.
• This determines A,B,C,D,E and F.
• Rejewski was given 2 months of key sheets, carrying the Stecker settings.
From them he removed the Stecker and solved the equations for the fast rotor.
For example:
– S-1AS= P1NP-1QP1N-1P-1 with S-1AS and P, known.
– This leaves only two permutations Q and N (the fast rotor) unknown and Q is in
precisely the right form to apply the second group theory result.
– Thus we can obtain both Q and N (see postscript).
• Since all the rotors are in the fast position at some time, we (as Rejewski) can
obtain all the wirings.
68. JLM 20060107 22:16 68
How Rejewski did it (postscript)
A=SP1NP-1QP1N-1P-1S-1 A’=S-1P-1AP1S= NP-1QP1N-1
B=SP2NP-2QP2N-1P-2S-1 B’=S-1P-2BP2S= NP-2QP2N-1
So,
A’B’=NP-1QP1QP2N-1
Similarly,
C’D’= NP-2QP1QP3N-1
So
C’D’= NP-1N-1 A’B’ NPN-1
69. JLM 20060107 22:16 69
Digital Block Ciphers
Complicated keyed invertible functions constructed from
iterated elementary rounds.
• Confusion: non-linear functions (ROM lookup)
• Diffusion: permute round output bits
• Key mixing: xor “key schedule” at beginning of round
Characteristics:
• Fast
• Data encrypted in fixed “block sizes” (64,128,256 bit blocks are
common).
• Key and message bits non-linearly mixed in ciphertext
DES (1974) design was watershed in public symmetric key
crypto.
70. JLM 20060107 22:16 70
Data Encryption Standard
• Federal History
• 1972 study
• RFP: 5/73, 8/74
• NSA: S-Box influence, key size reduction
• Published in Federal Register: 3/75
• FIPS 46: January, 1976.
• IBM
• Descendant of Feistel’s Lucifer
• Designers: Horst Feistel, Walter Tuchman, Don Coppersmith, Alan
Konheim, Carl Meyer, Mike Matyas, Roy Adler, Edna Grossman, Bill
Notz, Lynn Smith, and Bryant Tuckerman
• Brute Force Cracking
• EFS DES Cracker: $250K, 1998. 1,536 custom chips. Can brute
force a DES key in days
• Deep Crack and distributed.net break a DES key in 22.25 hours.
71. JLM 20060107 22:16 71
Horst Feistel: Lucifer
• Early 1970s: First serious needs for civilian encryption (in electronic
banking)
• IBM’s response: Lucifer, an iterated SP cipher
• Lucifer (v0):
– Two fixed, 4x4 s-boxes, S0 & S1
– A fixed permutation P
– Key bits determine
which s-box is to be
used at each position
– 8 x 64/4 = 128 key bits
(for 64-bit block, 8 rounds)
...
. . . .
P
S0
S1 S0
S1
S0
S1
. . . .
S0
S1 S0
S1
S0
S1
P
. . . .
S0
S1 S0
S1
S0
S1
x
EK(x)
Graphic by cschen@cc.nctu.edu.tw
72. JLM 20060107 22:16 72
From Lucifer to DES
• 8 fixed, 6x4 s-boxes (non-invertible)
• expansion E (simple duplication of 16
bits)
• round keys are used only for xor with the
input
• 56-bit key size
• 16 x 48 round key bits are selected from
the 56-bit master key by the “key
schedule”.
x
S1 S2 S8
. . . .
P
f(x, ki)
ki
32
48
E
32 bits
74. JLM 20060107 22:16 74
f
Feistel Round
F(K,X)= non-linear function
ki
Graphic courtesy of Josh
Benaloh
Note: If si(L,R)= (Lf(E(R) ki) ,R) and t(L,R)= (R,L), this round
is tsi(L,R).
To invert: swap halves and apply same transform with same key:
sittsi(L,R)=(L,R).
75. JLM 20060107 22:16 75
DES Round Function
Sub-key
6/4-bit substitutions
32-bit permutation
32 bits
48 bits
Slide courtesy of Josh Benaloh
83. JLM 20060107 22:16 83
DES Described Algebraically
si(L,R)= (Lf(E(R) ki) ,R)
ki is 48 bit sub-key for round i and
f(x)= P(S1S2S3 … S8(x)). Here, each S –box operates on 6 bit
quantities and outputs 4 bit quantities. P permutes the resulting 32
output bits.
t(L,R)= (R,L).
Each round (except last) is t si. Note that t t = t 2=1= si si= si
2.
Full DES is:
DESK(x)= IP-1 s16 t ... s3 t s2 t s1 IP(x)
So its inverse is
DESK
-1(x)= IP-1 s1 t ... s14 t s15 t s16 IP(x)
84. JLM 20060107 22:16 84
DES Key Schedule
C0D0= PC1(K)
Ci+1 = LeftShift(Shifti, Ci), Di+1 = LeftShift(Shifti, Di),
Ki= PC2(Ci ||Di)
Shifti= <1,2,2,2,2,2,2,1,2,2,2,2,2,2,1,1>
Note: Irregular Key schedule protects against related key
attacks. [Biham, New Types of Cryptanalytic Attacks
using Related Keys, TR-753, Technion]
87. JLM 20060107 22:16 87
DES Data
S4 (hex)
7 d e 3 0 6 9 a 1 2 8 5 b c 4 f
d 8 b 5 6 f 0 3 4 7 2 c 1 a e 9
a 6 9 0 c b 7 d f 1 3 e 5 2 8 4
3 f 0 6 a 1 d 8 9 4 5 b c 7 2 e
S5 (hex)
2 c 4 1 7 a b 6 8 5 3 f d 0 e 9
e b 2 c 4 7 d 1 5 0 f a 3 9 8 6
4 2 1 b a d 7 8 f 9 c 5 6 3 0 e
b 8 c 7 1 e 2 d 6 f 0 9 a 4 5 3
S6 (hex)
c 1 a f 9 2 6 8 0 d 3 4 e 7 5 b
a f 4 2 7 c 9 5 6 1 d e 0 b 3 8
9 e f 5 2 8 c 3 7 0 4 a 1 d b 6
4 3 2 c 9 5 f a b e 1 7 6 0 8 d
88. JLM 20060107 22:16 88
DES Data
E
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1
S7 (hex)
4 b 2 e f 0 8 d 3 c 9 7 5 a 6 1
d 0 b 7 4 9 1 a e 3 5 c 2 f 8 6
1 4 b d c 3 7 e a f 6 8 0 5 9 2
6 b d 8 1 4 a 7 9 5 0 f e 2 3 c
S8 (hex)
d 2 8 4 6 f b 1 a 9 3 e 5 0 c 7
1 f d 8 a 3 7 4 c 5 6 b 0 e 9 2
7 b 4 1 9 c e 2 0 6 a d f 3 5 8
2 1 e 7 4 a 8 d f c 9 0 3 5 6 b
Note: DES can be made more secure
against linear attacks by changing
the order of the S-Boxes: Matsui,
On Correlation between the order of
S-Boxes and the Strength of DES.
Eurocrypt,94.
89. JLM 20060107 22:16 89
S Boxes as Polynomials over GF(2)
1,1:
56+4+35+2+26+25+246+245+236+2356+16+15+156+14+146+145+13+135+134+1346+1
345+13456+125+1256+1245+123+12356+1234+12346
1,2:
C+6+5+4+45+456+36+35+34+346+26+25+24+246+2456+23+236+235+234+2346+1+15+
156+134+13456+12+126+1256+124+1246+1245+12456+123+1236+1235+12356+
1234+12346
1,3:
C+6+56+46+45+3+35+356+346+3456+2+26+24+246+245+236+16+15+145+13+1356+13
4+13456+12+126+125+12456+123+1236+1235+12356+1234+12346
1,4: C+6+5+456+3+34+346+345+2+23+234+1+15+14+146+135+134+1346+1345+1256+
124+1246+1245+123+12356+1234+12346
90. JLM 20060107 22:16 90
DES Data
P
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25
Note on applying permutations: For permutations of bit positions, like P above, the table entries
consisting of two rows, the top row of which is “in order” means the following. If t is above
b, the bit at b is moved into position t in the permuted bit string. For example, after applying
P, above, the most significant bit of the output string was at position 16 of the input string.
91. JLM 20060107 22:16 91
Homework
Review DES description by reading
http://www.aci.net/kalliste/des.htm or
http://www.itl.nist.gov/fipspubs/fip46-2.htm
You need to know DES well for a future class as well as for
problem number 5.
92. JLM 20060107 22:16 92
DES Data
S1 (hex)
e 4 d 1 2 f b 8 3 a 6 c 5 9 0 7
0 f 7 4 e 2 d 1 a 6 c b 9 5 3 8
4 1 e 8 d 6 2 b f c 9 7 3 a 5 0
f c 8 2 4 9 1 7 5 b 3 e a 0 6 d
S2 (hex)
f 1 8 e 6 b 3 4 9 7 2 d c 0 5 a
3 d 4 7 f 2 8 e c 0 1 a 6 9 b 5
0 e 7 b a 4 d 1 5 8 c 6 9 3 2 f
d 8 a 1 3 f 4 2 b 6 7 c 0 5 e 9
S3 (hex)
a 0 9 e 6 3 f 5 1 d c 7 b 4 2 8
d 7 0 9 3 4 6 a 2 8 5 e c b f 1
d 6 4 9 8 f 3 0 b 1 2 c 5 a e 7
1 a d 0 6 9 8 7 4 f e 3 b 5 2 c
93. JLM 20060107 22:16 93
Cryptographic Hashes
A cryptographic hash (“CH”) is a “one way function,” h, from all binary
strings (of arbitrary length) into a fixed block of size n (called the size
of the hash) with the following properties:
1. Given y=h(x) it is infeasible to calculate a x’ x such that y=h(x’).
(“One way,” “non-invertibility” or “pre-image” resistance). Functions
satisfying this condition are called One Way Hash Functions (OWHF)
2. Given u, it is infeasible to find w such that h(u)=h(w). (weak collision
resistance, 2nd pre-image resistance).
3. It is infeasible to find u, w such that h(u)=h(w). (strong collision
resistance). Note 32. Functions satisfying this condition are called
Collision Resistant Functions (CRFs).
• Just like Symmetric ciphers ratio of work factor for computation of
hash vs work factor to break hash should be very high.
• Adversary has complete information on computing hash and
(obviously) can compute as many hashes from the target as she
wants.
94. JLM 20060107 22:16 94
Observations on Cryptographic Hashes
• Hashes are a strong “checksum”
• OWHF and CRF conditions make CHs satisfy many of the properties
of “random functions”
– Small changes should create large changes (otherwise the pre-
image of near neighbors are near neighbors making collisions easy
to find)
– Small input changes should be statistically unrelated (uncorrelated)
to changes in a subset of the hash bits
– Analysis of CHs very similar to Symmetric Cipher techniques
Popular practical cryptographic hashes
– MD4, MD5 (now “broken”)
– SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 (last 4 are “SHA-2”)
– RIPEMD
95. JLM 20060107 22:16 95
Observations
• Collision Resistance 2nd pre-image resistance
• Let f(x)= x2-1 (mod p).
– f(x) acts like a random function but is not a OWHF since square roots are easy to
calculate mod p.
• Let f(x)= x2 (mod pq).
– f(x) is a OWHF but is neither collision nor 2nd pre-image resistant
• If either h1(x) or h2(x) is a CRHF so is h(x)= h1(x) || h2(x)
• MDC+signature & MAC+unknown Key require all three properties
• Ideal Work Factors:
Type Work Property
OWHF 2n Pre-image
2nd Pre-image
CRHF 2n/2 Collision
MAC 2t Key recovery, computational resistance
96. JLM 20060107 22:16 96
What are Hash Functions Good for?
• Modification Detection Codes (MDCs): This is a strong
checksum (integrity check). Sometimes called “unkeyed”
hashes.
• Message Authentication Code (MACs): If shared secret is
part of the hash, two parties can determine authenticated
integrity with CHs. Called “keyed hashes”.
• Message Digests (MDs): Encrypting (with private key) the
CH of a message (its MD) acts as a certification that the
message was “approved” by possessor of private key. This
is called a Digital Signature. [Note: you could “sign’ the
whole message rather than the hash but this would take
oodles of time by comparison.]
97. JLM 20060107 22:16 97
What are Hash Functions Good for?
• Uniquely and securely identifies bit streams like programs.
Hash is strong name for program.
• Entropy mixing: Since CHs are random functions into fixed
size blocks with the properties of random functions, they are
often used to “mix” biased input to produce a “seed” for a
psuedo-random number generator.
• Password Protection: Store salted hash of password instead
of password (Needham).
• Bit Committment
98. JLM 20060107 22:16 98
One-Way Functions
Hashes come from two basic classes of one-way functions
– Mathematical
• Multiplication: Z=X•Y
• Modular Exponentiation: Z = YX (mod n) (Chaum vP
Hash)
– Ad-hoc (Symmetric cipher-like constructions)
• Custom Hash functions (MD4, SHA, MD5, RIPEMD)
99. JLM 20060107 22:16 99
Chaum-vanHeijst-Pfitzmann
Compression Function
• Suppose p is prime, q=(p-1)/2 is prime, a is a primitive root in Fp, b is
random.
• g: {1,2,…,q-1}2 {1,2,…,p-1}, q=(p-1)/2 by:
– g(s, t) = as bt (mod p)
• Not used in practice: too slow.
• Reduction to discrete log:
Suppose g(s, t)= g(u, v) can be found. Then as bt (mod p)= au bv (mod p).
So as-u (mod p)= bv-t (mod p). Let b= ax (mod p). Then (s-u)=x(y-t) (mod p-1).
But p-1= 2q so we can solve for x, thus determining the discrete log of b.
100. JLM 20060107 22:16 100
Merkle/Damgard Construction
Compression
Function (f)
Hash Value
Padded n bit blocks
Hi-1
Graphic by Josh Benaloh
Input: x=x1||…||xt
Input is usually padded
H0= IV
Hi= f(Hi-1, xi)
h(x)= g(ht)
101. JLM 20060107 22:16 101
A Cryptographic Hash: SHA-1
Compression
Function
160-bit state
512-bit input
160 bits of state
Slide by Josh Benaloh
102. JLM 20060107 22:16 102
A Cryptographic Hash: SHA-1
Picture from Wikipedia
103. JLM 20060107 22:16 103
Padding
• Standard technique
– Let last message block have k bits. If k=n, make a new
block and set k= 0.
– Append a 1 to last block leaving r=n-k-1 remaining bits
in block.
– If r>=64, append r-64 0s then append bit length of
input expressed as 64 bit unsigned integer
– If r<64, append n-r 0’s (to fill out block), append n-64
0’s at beginning of next block then append bit length of
input expressed as 64 bit unsigned integer
104. JLM 20060107 22:16 104
Technique for CHs from Block Ciphers
Let input be x= x1 || x2 || … || xt where each xi is n bits long. Let g be a
function taking an n bit input to an m bit input. Let E(k, x) be a block
cipher with m bit keyspace and n bit block. Let H0= IV.
Construction 1
Hi= E(g(Hi-1), xi) Hi-1
Construction 2
Hi= E(xi, Hi-1) Hi-1
Construction 3
Hi= E(g(Hi-1), xi) xi Hi-1
Note: Because of collisions n should be >64. Ideally, m=n and g= id. DES
with n= 64 is too small. AES with n=m=128 is better.
105. JLM 20060107 22:16 105
Birthday Attacks
• Probability of collision determined by “Birthday Paradox”
calculation:
– (1-1/n) (1-2/n) … (1-(k-1)/n)= (n!/k!)/nk
– Probability of collision is >.5 when k2 > n.
– Need 280 blocks for SHA.
– 1+x c ex, Pi=1
i=k (1-i/n) c e-k(k-1)/(2n)
106. JLM 20060107 22:16 106
Attacks on Cryptographic Hashes
• Berson (1992) using differential cryptanalysis on 1 round MD-5.
• Boer and Bosselaers (1993), Pseudo collision in MD5.
• Dobbertin (1996), Collisions in compression function. Attacks inspired
RIPEMD proposal.
• Biham and Chen (2004), Collisions in SHA-0.
• Chabaud and Joux (2004), Collisions in SHA-0 .
• Wang, Feng, Lai, Yu, (2004), MD4, MD5, RIPEMD
• Wang et al, (2004, 2005), SHA-1
• SHA-1 has stood up best: best known theoretical attack (11/05) requires
263 operations.
108. JLM 20060107 22:16 108
Winnowing and Chaffing (Rivest)
• Want to send 1001. Pick random stream (mi) and
embed message at positions (say) 3, 7, 8 14 MAC
each packet (mmi).
• Make sure MAC is correct only in message
positions
109. JLM 20060107 22:16 109
Homework 1-Question 1
Encrypt the following message using a Vigeniere cipher with direct
standard alphabets. Key: JOSH.
All persons born or naturalized in the United States, and
subject to the jurisdiction thereof, are citizens of the
United States and of the state wherein they reside. No
state shall make or enforce any law which shall abridge
the privileges or immunities of citizens of the United
States; nor shall any state deprive any person of life,
liberty, or property, without due process of law; nor deny
to any person within its jurisdiction the equal protection
of the laws.
Upper case only! Turn plain and cipher text into 5 letter groups.
Calculate the index of coincidence of the plaintext and ciphertext.
Break the ciphertext into 4 columns. What is the index of coincidence of
each column?
111. JLM 20060107 22:16 111
Homework 1-Question 2
Break the Vigeniere based ciphertext below. Plaintext and ciphertext
alphabets are direct standard.
What is the key length? What is the key?
If the key length is k, how long a corresponding plain, ciphertext sequence
be given to solve? Can you give an upper bound on the pure
ciphertext length needed?
IGDLK MJSGC FMGEP PLYRC IGDLA TYBMR KDYVY XJGMR TDSVK ZCCWG ZRRIP
UERXY EEYHE UTOWS ERYWC QRRIP UERXJ QREWQ FPSZC ALDSD ULSWF FFOAM
DIGIY DCSRR AZSRB GNDLC ZYDMM ZQGSS ZBCXM OYBID APRMK IFYWF MJVLY
HCLSP ZCDLC NYDXJ QYXHD APRMQ IGNSU MLNLG EMBTF MLDSB AYVPU TGMLK
MWKGF UCFIY ZBMLC DGCLY VSCXY ZBVEQ FGXKN QYMIY YMXKM GPCIJ HCCEL
PUSXF MJVRY FGYRQ
112. JLM 20060107 22:16 112
Homework 1-Question 3
Consider a message source M(x) with the following distribution:
M: P(x=0)= p
M: P(x=1)= q, with p+q=1
and a one time pad selected from distribution P(x)
P: P(x=0)= ½
P: P(x=1)= ½
Consider the ciphertext formed by “xoring” the message m with the pad
p, so that c= mp
What is the ciphertext distribution C?
Calculate H(M), H(P), H(C).
Calculate: I(M|C)= H(M)-H(M|C)
Suppose, P: P(x=0)=3/4 and P(x=1)=1/4. What is the ciphertext
distribution and H(M), H(P), H(C) and I(M|C) now.
113. JLM 20060107 22:16 113
Homework 1-Question 4
Calculate the output of the first two rounds of DES with input message
0x3132333435363738 and key 0x00abcdefabcdef89. The input to
round 1 (after initial permutation) and the first 2 round keys are given
below.
For fixed key, DES is a permutation on 264 letters.
Approximately how many such permutations are there? (Hint: Use Stirling’s
approximation.)
Compare this to the size of the key space for DES.
Round 01 Key: 01001111 01010111 00000111 10111001 01011100 10101011
Round 02 Key: 00101111 00100111 01101001 00111011 01111111 00100100
Input to DES: 00110100 00110011 00110010 00110001
00111000 00110111 00110110 00110101
Round 1 Input: 00000000 11111111 11100001 10101010
00000000 11111111 00010000 01100110
114. JLM 20060107 22:16 114
Homework 1-Question 5 (Extra
Credit)
Given a one rotor machine, M, depicted below with equation
Ci R-1 C-i U C-i R Ci (p)=c with C, U, R below.
R: ABCDEFGHIJKLMNOPQRSTUVWXYZ
EKMFLGDQVZNTOWYHXUSPAIBRCJ
U: ABCDEFGHIJKLMNOPQRSTUVWXYZ
YRUHQSLDPXNGOKMIEBFZCWVJAT
C: The cyclic permutation AB, BC, etc
U R
Lamps
Keyboard
115. JLM 20060107 22:16 115
Homework 1-Question 5 (cont)
Calculate the ciphertext derived from the plaintext: HELLOWORLD
What do you think the index of coincidence of the ciphertext
from a 50 letter message is?
If the key was the “starting position,” i, of M, how many letters
of corresponding plain/cipher text would you need to find the key? How
many ciphertext only letters?
The following may be helpful:
R-1 ABCDEFGHIJKLMNOPQRSTUVWXYZ
UWYGADFPVZBECKMTHXSLRINQOJ
116. JLM 20060107 22:16 116
General Modern References
Blake, Seroussi, and Smart, Elliptic Curves in Cryptography, Cambridge
Bressoud and Wagon, Computational Number Theory. Key Press.
Bach and Shallit, Algorithmic Number Theory.
Berlekamp, Algebraic Coding Theory. Reprinted by Aegean Park Press.
Biham and Shamir, Differential Cryptanalysis of DES. Springer.
Boneh, Twenty Years of attacks on RSA. Notices AMS.
Buchmann, Introduction to Cryptography. Springer.
Cohen, A Course in Computational Algebraic Number Theory. Springer.
Damgard, Lectures on Data Security. Springer.
Golumb, Shift Register Sequences. Reprinted by Aegean Park Press.
Koblitz, A Course in Number Theory and Cryptography. Springer.
Koblitz, Algebraic Aspects of Cryptography. Springer.
Konheim, Cryptography: A Primer. Wiley.
117. JLM 20060107 22:16 117
General Modern References
Landau, DES, AES, Survey article. Notices AMS.
MacWilliams et. al., Theory of Error Correcting Codes. North Holland.
Menezes, van Oorshot, Vanstone, Handbook of Applied Cryptography.
(Online: http://www.cacr.math.uwaterloo.ca/hac/). CRC Press.
Rhee, Cryptography and Secure Communications.
Rivest, Class notes on Security and Crypto online. (web.mit.edu).
Schneier, Applied Cryptography. Wiley.
Simovits, The DES: Documentation and Evaluation. Aegean Park Press.
Stinson, Cryptography: Theory and Practice. CRC Press.
Welch, Codes and Cryptography. Oxford.
Web sites: www.rsa.com, www.counterpane.com, www.iacr.org has loads of
preprints.