The document discusses differential cryptanalysis and brute force attacks on the Data Encryption Standard (DES). It describes how in 1998, the Electronic Frontier Foundation built a machine that could crack a 56-bit DES key in 56 hours by testing 90 billion keys per second. It also discusses how Distributed.net used a network of 100,000 computers to crack DES in 22 hours by testing 245 billion keys per second, illustrating that DES could be broken with moderate resources. The document then covers double and triple DES, which increase key length for greater security.

1. Lecture 5 Overview

2. Does DES Work?
• Differential Cryptanalysis Idea
– Use two plaintext that barely differ
– Study the difference in the corresponding cipher
text
– Collect the keys that could accomplish the change
– Repeat
2CS 450/650 – Lecture 5: DES

3. Cracking DES
• Diffie and Hellman then outlined a "brute
force" attack on DES
– By "brute force" is meant that you try as many of
the 256
possible keys as you have to before
decrypting the ciphertext into a sensible plaintext
message
– They proposed a special purpose "parallel
computer using one million chips to try one
million keys each" per second
3CS 450/650 – Lecture 5: DES

4. Cracking DES (cont.)
• In 1998, Electronic Frontier Foundation spent
$220K and built a machine that could go
through the entire 56-bit DES key space in an
average of 4.5 days
– On July 17, 1998, they announced they had
cracked a 56-bit key in 56 hours
– The computer, called Deep Crack
• used 27 boards each containing 64 chips
• was capable of testing 90 billion keys a second
4CS 450/650 – Lecture 5: DES

5. Cracking DES (cont.)
• In early 1999, Distributed. Net used the DES Cracker
and a worldwide network of nearly 100K PCs to
break DES in 22 hours
– combined they were testing 245 billion keys per second
• This just serves to illustrate that any organization
with moderate resources can break through DES with
very little effort these days
5CS 450/650 – Lecture 5: DES

6. Double DES
• E(k1, E(k2, M) )
– As strong as 57-bit key !
– Given message M and ciphertext c
– Encrypt M with all possible keys
• 256
steps
– Decrypt c with all possible keys and match Ms
• 256
steps
CS 450/650 Fundamentals of Integrated Computer Security 6

7. Triple DES – Two keys
• E(k1, D(k2, E(k1, M) ) )
• The first key is used to DES-encrypt the message
• The second key is used to DES-decrypt the encrypted
message
– Since the second key is not the right key, this decryption
just scrambles the data further
• The twice-scrambled message is then encrypted
again with the first key to yield the final ciphertext
• As strong as 80-bit key !
7CS 450/650 – Lecture 5: DES

8. Triple DES – Three keys
• E(k3, D(k2, E(k1, M) ) )
• The first key is used to DES-encrypt the message
• The second key is used to DES-decrypt the encrypted
message
– Since the second key is not the right key, this decryption
just scrambles the data further
• The twice-scrambled message is then encrypted with
the third key to yield the final ciphertext
• As strong as 112-bit key !
8CS 450/650 – Lecture 5: DES

9. Analysis of Algorithms
• Algorithms
– Time Complexity
– Space Complexity
• An algorithm whose time complexity is
bounded by a polynomial is called a
polynomial-time algorithm
– An algorithm is considered to be efficient if it runs
in polynomial time.
CS 450/650 Lecture 5: Algorithm Background 9

10. Growth Rate
 T(n) = O(f(n)): T is bounded above by f
The growth rate of T(n) <= growth rate of f(n)
 T(n) = Ω (g(n)): T is bounded below by g
The growth rate of T(n) >= growth rate of g(n)
 T(n) = Θ(h(n)): T is bounded both above and below by h
The growth rate of T(n) = growth rate of h(n)
 T(n) = o(p(n)): T is dominated by p
The growth rate of T(n) < growth rate of p(n)
10CS 450/650 Lecture 5: Algorithm Background

11. Time Complexity
 C
 O(n)
 O(log n)
 O(nlogn)
 O(n2
)
 …
 O(nk
)
 O(2n
)
 O(kn
)
 O(nn
)
11CS 450/650 Lecture 5: Algorithm Background
Polynomial
Exponential

12. P, NP, NP-hard, NP-complete
• A problem belongs to the class P if the problem can be
solved by a polynomial-time algorithm
• A problem belongs to the class NP if the correctness of
the problem’s solution can be verified by a polynomial-
time algorithm
• A problem is NP-hard if it is as hard as any problem in NP
– Existence of a polynomial-time algorithm for an NP-hard
problem implies the existence of polynomial solutions for every
problem in NP
• NP-complete problems are the NP-hard problems that
are also in NP
12CS 450/650 Lecture 5: Algorithm Background

13. Relationships between different classes
NP
P
NP-complete
NP-hard
13CS 450/650 Lecture 5: Algorithm Background

14. Partitioning Problem
• Given a set of n integers, partition the integers
into two subsets such that the difference
between the sum of the elements in the two
subsets is minimum
– NP-complete
13, 37, 42, 59, 86, 100
14CS 450/650 Lecture 5: Algorithm Background
Sum 165 172
86 100
42 59
37 13

15. Bin Packing Problem
• Suppose you are given n items of sizes
s1, s2,..., sn
• All sizes satisfy 0 ≤ si ≤ 1
• The problem is to pack these items in the
fewest number of bins,
– given that each bin has unit capacity
– NP-hard
15CS 450/650 Lecture 5: Algorithm Background

16. Lecture 6
RSA
CS 450/650
Fundamentals of
Integrated Computer Security
Slides are modified from Hesham El-Rewini

17. RSA
• Invented by Cocks (GCHQ), independently,
by Rivest, Shamir and Adleman (MIT)
• Two keys e and d used for Encryption and
Decryption
– The keys are interchangeable
• M = D(d, E(e, M) ) = D(e, E(d, M) )
– Public key encryption
• Based on problem of factoring large numbers
– Not in NP-complete
– Best known algorithm is exponential 17CS 450/650 Lecture 6: RSA

18. RSA
• To encrypt message M compute
– c = Me
mod N
• To decrypt ciphertext c compute
– M = cd
mod N
18CS 450/650 Lecture 6: RSA

19. • Let p and q be two large prime numbers
• Let N = pq
• Choose e relatively prime to (p−1)(q−1)
– a prime number larger than p-1 and q-1
• Find d such that ed mod (p−1)(q−1) = 1
Key Choice
19CS 450/650 Lecture 6: RSA

20. RSA
• Recall that e and N are public
• If attacker can factor N, he can use e to easily
find d
– since ed mod (p−1)(q−1) = 1
• Factoring the modulus breaks RSA
• It is not known whether factoring is the only
way to break RSA
20CS 450/650 Lecture 6: RSA

21. Does RSA Really Work?
• Given c = Me
mod N we must show
– M = cd
mod N = Med
mod N
• We’ll use Euler’s Theorem
– If x is relatively prime to N then xϕ(N)
mod N =1
• ϕ(n): number of positive integers less than n that are
relatively prime to n.
• If p is prime then, ϕ(p) = p-1
21CS 450/650 Lecture 6: RSA

22. Does RSA Really Work?
• Facts:
– ed mod (p − 1)(q − 1) = 1
– ed = k(p − 1)(q − 1) + 1 by definition of mod
– ϕ(N) = (p − 1)(q − 1)
– Then ed − 1 = k(p − 1)(q − 1) = kϕ(N)
• Med
= M(ed-1)+1
= M⋅Med-1
= M⋅Mkϕ(N)
= M⋅(Mϕ(N)
)k
mod N = M⋅1k
mod N
= M mod N
22CS 450/650 Lecture 6: RSA

23. Example
• Select primes p=11, q=3.
• N = p* q = 11*3 = 33
• Choose e = 3
• check gcd(e, p-1) = gcd(3, 10) = 1
– i.e. 3 and 10 have no common factors except 1
• check gcd(e, q-1) = gcd(3, 2) = 1
• therefore gcd(e, (p-1)(q-1)) = gcd(3, 20) = 1
23CS 450/650 Lecture 6: RSA

24. Example (cont.)
• p-1 * q-1 = 10 * 2 = 20
• Compute d such that
e * d mod (p-1)*(q-1) = 1
3 * d mod 20 = 1
d = 7
Public key = (N, e) = (33, 3)
Private key = (N, d) = (33, 7)
24CS 450/650 Lecture 6: RSA

25. Example (cont.)
• Now say we want to encrypt message m = 7
• c = Me
mod N = 73
mod 33 = 343 mod 33 = 13
– Hence the ciphertext c = 13
• To check decryption, we compute
M' = cd
mod N = 137
mod 33 = 7
25CS 450/650 Lecture 6: RSA

26. More Efficient RSA
• Modular exponentiation example
– 520
= 95367431640625 = 25 mod 35
• A better way: repeated squaring
– Note that 20 = 2 ⋅ 10, 10 = 2 ⋅ 5, 5 = 2 ⋅ 2 + 1, 2 = 1⋅ 2
– 51
= 5 mod 35
– 52
= (51
)2
= 52
= 25 mod 35
– 55
= (52
)2
⋅ 51
= 252
⋅ 5 = 3125 = 10 mod 35
– 510
= (55
)2
= 102
= 100 = 30 mod 35
– 520
= (510
)2
= 302
= 900 = 25 mod 35
• No huge numbers and it’s efficient!
CS 450/650 Lecture 6: RSA 26

27. RSA key-length strength
• RSA has challenges for different key-lengths
– RSA-140
• Factored in 1 month using 200 machines in 1999
– RSA-155 (512-bit)
• Factored in 3.7 months using 300 machines in 1999
– RSA-160
• Factored in 20 days in 2003
– RSA-200
• Factored in 18 month in 2005
– RSA-210, RSA-220, RSA-232, … RSA-2048
27CS 450/650 Lecture 6: RSA

28. Group Work
Find keys d and e for the RSA cryptosystem with
p = 7 and q = 11
Solution
– p*q = 77
– (p-1) * (q-1) = 60
– e = 37
– d = 13
– n = 13 * 37 = 481 = 1 mod 60
28CS 450/650 Lecture 6: RSA