SlideShare a Scribd company logo

MyCryptography.2023.ppt

Download as PPT, PDF
H
halosidiq1

Cryptography is the most important

Technology
1 of 62
1 Cryptography CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 30, 2004
2 Overview  Classical Cryptography  Cæsar cipher  Vigenère cipher  DES  Public Key Cryptography  Diffie-Hellman  RSA  Cryptographic Checksums  HMAC
3 Cryptosystem  Quintuple (E, D, M, K, C)  M set of plaintexts  K set of keys  C set of ciphertexts  E set of encryption functions e: M  K  C  D set of decryption functions d: C  K  M
4 Example  Example: Cæsar cipher  M = { sequences of letters }  K = { i | i is an integer and 0 ≤ i ≤ 25 }  E = { Ek | k  K and for all letters m, Ek(m) = (m + k) mod 26 }  D = { Dk | k  K and for all letters c, Dk(c) = (26 + c – k) mod 26 }  C = M
5 Attacks  Opponent whose goal is to break cryptosystem is the adversary  Assume adversary knows algorithm used, but not key  Three types of attacks:  ciphertext only: adversary has only ciphertext; goal is to find plaintext, possibly key  known plaintext: adversary has ciphertext, corresponding plaintext; goal is to find key  chosen plaintext: adversary may supply plaintexts and obtain corresponding ciphertext; goal is to find key
6 Basis for Attacks  Mathematical attacks  Based on analysis of underlying mathematics  Statistical attacks  Make assumptions about the distribution of letters, pairs of letters (digrams), triplets of letters (trigrams), etc. (called models of the language). Examine ciphertext, correlate properties with the assumptions.
7 Classical Cryptography  Sender, receiver share common key  Keys may be the same, or trivial to derive from one another  Sometimes called symmetric cryptography  Two basic types  Transposition ciphers  Substitution ciphers  Combinations are called product ciphers
8 Transposition Cipher  Rearrange letters in plaintext to produce ciphertext  Example (Rail-Fence Cipher)  Plaintext is HELLO WORLD  Rearrange as HLOOL ELWRD  Ciphertext is HLOOL ELWRD
9 Attacking the Cipher  Anagramming  If 1-gram frequencies match English frequencies, but other n-gram frequencies do not, probably transposition  Rearrange letters to form n-grams with highest frequencies
10 Example  Ciphertext: HLOOLELWRD  Frequencies of 2-grams beginning with H  HE 0.0305  HO 0.0043  HL, HW, HR, HD < 0.0010  Implies E follows H
11 Example  Arrange so the H and E are adjacent HE LL OW OR LD  Read off across, then down, to get original plaintext
12 Substitution Ciphers  Change characters in plaintext to produce ciphertext  Example (Cæsar cipher)  Plaintext is HELLO WORLD  Change each letter to the third letter following it (X goes to A, Y to B, Z to C)  Key is 3, usually written as letter ‘D’  Ciphertext is KHOOR ZRUOG
13 Attacking the Cipher  Exhaustive search  If the key space is small enough, try all possible keys until you find the right one  Cæsar cipher has 26 possible keys  Statistical analysis  Compare to 1-gram model of English
14 The Result  Most probable keys, based on , the correlation with expected frequencies of letters in English :  i = 6, (i) = 0.0660  plaintext EBIIL TLOLA  i = 10, (i) = 0.0635  plaintext AXEEH PHKEW  i = 3, (i) = 0.0575  plaintext HELLO WORLD  i = 14, (i) = 0.0535  plaintext WTAAD LDGAS  Only English phrase is for i = 3  That’s the key (3 or ‘D’)
15 Cæsar’s Problem  Key is too short  Can be found by exhaustive search  Statistical frequencies not concealed well  So make it longer  Multiple letters in key  Idea is to smooth the statistical frequencies to make cryptanalysis harder
16 Vigenère Cipher  Like Cæsar cipher, but use a phrase  Example  Message THE BOY HAS THE BALL  Key VIG  Encipher using Cæsar cipher for each letter: key VIGVIGVIGVIGVIGV plain THEBOYHASTHEBALL cipher OPKWWECIYOPKWIRG
17 Relevant Parts of Tableau G I V A G I V B H J W E L M Z H N P C L R T G O U W J S Y A N T Z B O Y E H T  Tableau shown has relevant rows, columns only  Example encipherments:  key V, letter T: follow V column down to T row (giving “O”)  Key I, letter H: follow I column down to H row (giving “P”)
18 Establish Period  Kaskski: repetitions in the ciphertext occur when characters of the key appear over the same characters in the plaintext  Example: key VIGVIGVIGVIGVIGV plain THEBOYHASTHEBALL cipher OPKWWECIYOPKWIRG Note the key and plaintext line up over the repetitions (underlined). As distance between repetitions is 9, the period is a factor of 9 (that is, 1, 3, or 9)
19 Attacking the Cipher  Approach  Establish period; call it n  Break message into n parts, each part being enciphered using the same key letter  Solve each part  You can leverage one part from another  We will show each step
20 The Target Cipher  We want to break this cipher: ADQYS MIUSB OXKKT MIBHK IZOOO EQOOG IFBAG KAUMF VVTAA CIDTW MOCIO EQOOG BMBFV ZGGWP CIEKQ HSNEW VECNE DLAAV RWKXS VNSVP HCEUT QOIOF MEGJS WTPCH AJMOC HIUIX
21 Repetitions in Example Letters Start End Distance Factors MI 5 15 10 2, 5 OO 22 27 5 5 OEQOOG 24 54 30 2, 3, 5 FV 39 63 24 2, 2, 2, 3 AA 43 87 44 2, 2, 11 MOC 50 122 72 2, 2, 2, 3, 3 QO 56 105 49 7, 7 PC 69 117 48 2, 2, 2, 2, 3 NE 77 83 6 2, 3 SV 94 97 3 3 CH 118 124 6 2, 3
22 Estimate of Period  OEQOOG is probably not a coincidence  It’s too long for that  Period may be 1, 2, 3, 5, 6, 10, 15, or 30  Most others (7/10) have 2 in their factors  Almost as many (6/10) have 3 in their factors  Begin with period of 2  3 = 6
23 Check on Period  Index of coincidence is probability that two randomly chosen letters from ciphertext will be the same  Tabulated for different periods: 1: 0.066 5: 0.044 2: 0.052 10: 0.041 3: 0.047 Large: 0.038 4: 0.045
24 Splitting Into Alphabets alphabet 1: AIKHOIATTOBGEEERNEOSAI alphabet 2: DUKKEFUAWEMGKWDWSUFWJU alphabet 3: QSTIQBMAMQBWQVLKVTMTMI alphabet 4: YBMZOAFCOOFPHEAXPQEPOX alphabet 5: SOIOOGVICOVCSVASHOGCC alphabet 6: MXBOGKVDIGZINNVVCIJHH  ICs (#1, 0.069; #2, 0.078; #3, 0.078; #4, 0.056; #5, 0.124; #6, 0.043) indicate all alphabets have period 1, except #4 and #6; assume statistics off
25 Frequency Examination ABCDEFGHIJKLMNOPQRSTUVWXYZ 1 31004011301001300112000000 2 10022210013010000010404000 3 12000000201140004013021000 4 21102201000010431000000211 5 10500021200000500030020000 6 01110022311012100000030101 Letter frequencies are (H high, M medium, L low): HMMMHMMHHMMMMHHMLHHHMLLLLL
26 Begin Decryption  First matches characteristics of unshifted alphabet  Third matches if I shifted to A  Sixth matches if V shifted to A  Substitute into ciphertext (bold are substitutions) ADIYS RIUKB OCKKL MIGHK AZOTO EIOOL IFTAG PAUEF VATAS CIITW EOCNO EIOOL BMTFV EGGOP CNEKI HSSEW NECSE DDAAA RWCXS ANSNP HHEUL QONOF EEGOS WLPCM AJEOC MIUAX
27 Look For Clues  AJE in last line suggests “are”, meaning second alphabet maps A into S: ALIYS RICKB OCKSL MIGHS AZOTO MIOOL INTAG PACEF VATIS CIITE EOCNO MIOOL BUTFV EGOOP CNESI HSSEE NECSE LDAAA RECXS ANANP HHECL QONON EEGOS ELPCM AREOC MICAX
28 Next Alphabet  MICAX in last line suggests “mical” (a common ending for an adjective), meaning fourth alphabet maps O into A: ALIMS RICKP OCKSL AIGHS ANOTO MICOL INTOG PACET VATIS QIITE ECCNO MICOL BUTTV EGOOD CNESI VSSEE NSCSE LDOAA RECLS ANAND HHECL EONON ESGOS ELDCM ARECC MICAL
29 Got It!  QI means that I maps into U, as Q is always followed by U: ALIME RICKP ACKSL AUGHS ANATO MICAL INTOS PACET HATIS QUITE ECONO MICAL BUTTH EGOOD ONESI VESEE NSOSE LDOMA RECLE ANAND THECL EANON ESSOS ELDOM ARECO MICAL
30 One-Time Pad  A Vigenère cipher with a random key at least as long as the message  Provably unbreakable  Why? Look at ciphertext DXQR. Equally likely to correspond to plaintext DOIT (key AJIY) and to plaintext DONT (key AJDY) and any other 4 letters  Warning: keys must be random, or you can attack the cipher by trying to regenerate the key  Approximations, such as using pseudorandom number generators to generate keys, are not random
31 Overview of the DES  A block cipher:  encrypts blocks of 64 bits using a 64 bit key  outputs 64 bits of ciphertext  A product cipher  basic unit is the bit  performs both substitution and transposition (permutation) on the bits  Cipher consists of 16 rounds (iterations) each with a round key generated from the user-supplied key
32 Generation of Round Keys key PC-1 C0 D0 LSH LSH D1 PC-2 K1 K16 LSH LSH C1 PC-2  Round keys are 48 bits each
33 Encipherment input IP L0 R0  f K1 L1 = R0 R1 = L0  f(R0, K1) R16 = L15 f(R15, K16) L 16 = R 15 IPŠ1 output
34 The f Function RiŠ1 (32 bits) E RiŠ1 (48 bits) Ki (48 bits)  S1 S2 S3 S4 S5 S6 S7 S8 6 bits into each P 32 bits 4 bits out of each
35 Controversy  Considered too weak  Diffie, Hellman said in a few years technology would allow DES to be broken in days  Design using 1999 technology published  Design decisions not public  S-boxes may have backdoors
36 Undesirable Properties  4 weak keys  They are their own inverses  12 semi-weak keys  Each has another semi-weak key as inverse  Complementation property  DESk(m) = c  DESk´(m´) = c´  S-boxes exhibit irregular properties  Distribution of odd, even numbers non-random  Outputs of fourth box depends on input to third box
37 Differential Cryptanalysis  A chosen ciphertext attack  Requires 247 plaintext, ciphertext pairs  Revealed several properties  Small changes in S-boxes reduce the number of pairs needed  Making every bit of the round keys independent does not impede attack  Linear cryptanalysis improves result  Requires 243 plaintext, ciphertext pairs
38 DES Modes  Electronic Code Book Mode (ECB)  Encipher each block independently  Cipher Block Chaining Mode (CBC)  XOR each block with previous ciphertext block  Requires an initialization vector for the first one  Encrypt-Decrypt-Encrypt Mode (2 keys: k, k´)  c = DESk(DESk´ –1(DESk(m)))  Encrypt-Encrypt-Encrypt Mode (3 keys: k, k´, k´´) c = DESk(DESk´(DESk´´(m)))
39 Current Status of DES  Design for computer system, associated software that could break any DES-enciphered message in a few days published in 1998  Several challenges to break DES messages solved using distributed computing  NIST selected Rijndael as Advanced Encryption Standard (AES), successor to DES  Designed to withstand attacks that were successful on DES
40 Public Key Cryptography  Two keys  Private key known only to individual  Public key available to anyone  Public key, private key inverses  Idea  Confidentiality: encipher using public key, decipher using private key  Integrity/authentication: encipher using private key, decipher using public one
41 Requirements 1. It must be computationally easy to encipher or decipher a message given the appropriate key 2. It must be computationally infeasible to derive the private key from the public key 3. It must be computationally infeasible to determine the private key from a chosen plaintext attack
42 Diffie-Hellman  Compute a common, shared key  Called a symmetric key exchange protocol  Based on discrete logarithm problem  Given integers n and g and prime number p, compute k such that n = gk mod p  Solutions known for small p  Solutions computationally infeasible as p grows large
43 Algorithm  Constants: prime p, integer g ≠ 0, 1, p–1  Known to all participants  Anne chooses private key kAnne, computes public key KAnne = gkAnne mod p  To communicate with Bob, Anne computes Kshared = KBobkAnne mod p  To communicate with Anne, Bob computes Kshared = KAnnekBob mod p  It can be shown these keys are equal
44 Example  n = gk mod p  Assume p = 53 and g = 17  Alice chooses kAlice = 5  Then KAlice = 175 mod 53 = 40  Bob chooses kBob = 7  Then KBob = 177 mod 53 = 6  Shared key:  KBobkAlice mod p = 65 mod 53 = 38  KAlicekBob mod p = 407 mod 53 = 38
45 RSA  Exponentiation cipher  Relies on the difficulty of determining the number of numbers relatively prime to a large integer n
46 Background  Totient function (n)  Number of positive integers less than n and relatively prime to n  Relatively prime means with no factors in common with n  Example: (10) = 4  1, 3, 7, 9 are relatively prime to 10  Example: (21) = 12  1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20 are relatively prime to 21
47 Algorithm  Choose two large prime numbers p, q  Let n = pq; then (n) = (p–1)(q–1)  Choose e < n such that e relatively prime to (n).  Compute d such that ed mod (n) = 1  Public key: (e, n); private key: d  Encipher: c = me mod n  Decipher: m = cd mod n
48 Example: Confidentiality  Take p = 7, q = 11, so n = 77 and (n) = 60  Alice chooses e = 17, making d = 53  Bob wants to send Alice secret message HELLO (07 04 11 11 14)  0717 mod 77 = 28  0417 mod 77 = 16  1117 mod 77 = 44  1117 mod 77 = 44  1417 mod 77 = 42  Bob sends 28 16 44 44 42
49 Example  Alice receives 28 16 44 44 42  Alice uses private key, d = 53, to decrypt message:  2853 mod 77 = 07  1653 mod 77 = 04  4453 mod 77 = 11  4453 mod 77 = 11  4253 mod 77 = 14  Alice translates message to letters to read HELLO  No one else could read it, as only Alice knows her private key and that is needed for decryption
50 Example: Integrity/Authentication  Take p = 7, q = 11, so n = 77 and (n) = 60  Alice chooses e = 17, making d = 53  Alice wants to send Bob message HELLO (07 04 11 11 14) so Bob knows it is what Alice sent (no changes in transit, and authenticated)  0753 mod 77 = 35  0453 mod 77 = 09  1153 mod 77 = 44  1153 mod 77 = 44  1453 mod 77 = 49  Alice sends 35 09 44 44 49
51 Example  Bob receives 35 09 44 44 49  Bob uses Alice’s public key, e = 17, n = 77, to decrypt message:  3517 mod 77 = 07  0917 mod 77 = 04  4417 mod 77 = 11  4417 mod 77 = 11  4917 mod 77 = 14  Bob translates message to letters to read HELLO  Alice sent it as only she knows her private key, so no one else could have enciphered it  If (enciphered) message’s blocks (letters) altered in transit, would not decrypt properly
52 Example: Both  Alice wants to send Bob message HELLO both enciphered and authenticated (integrity-checked)  Alice’s keys: public (17, 77); private: 53  Bob’s keys: public: (37, 77); private: 13  Alice enciphers HELLO (07 04 11 11 14):  (0753 mod 77)37 mod 77 = 07  (0453 mod 77)37 mod 77 = 37  (1153 mod 77)37 mod 77 = 44  (1153 mod 77)37 mod 77 = 44  (1453 mod 77)37 mod 77 = 14  Alice sends 07 37 44 44 14
53 Security Services  Confidentiality  Only the owner of the private key knows it, so text enciphered with public key cannot be read by anyone except the owner of the private key  Authentication  Only the owner of the private key knows it, so text enciphered with private key must have been generated by the owner
54 More Security Services  Integrity  Enciphered letters cannot be changed undetectably without knowing private key  Non-Repudiation  Message enciphered with private key came from someone who knew it
55 Warnings  Encipher message in blocks considerably larger than the examples here  If 1 character per block, RSA can be broken using statistical attacks (just like classical cryptosystems)  Attacker cannot alter letters, but can rearrange them and alter message meaning  Example: reverse enciphered message of text ON to get NO
56 Cryptographic Checksums  Mathematical function to generate a set of k bits from a set of n bits (where k ≤ n).  k is smaller then n except in unusual circumstances  Example: ASCII parity bit  ASCII has 7 bits; 8th bit is “parity”  Even parity: even number of 1 bits  Odd parity: odd number of 1 bits
57 Example Use  Bob receives “10111101” as bits.  Sender is using even parity; 6 1 bits, so character was received correctly  Note: could be garbled, but 2 bits would need to have been changed to preserve parity  Sender is using odd parity; even number of 1 bits, so character was not received correctly
58 Definition  Cryptographic checksum function h: AB: 1. For any x  A, h(x) is easy to compute 2. For any y  B, it is computationally infeasible to find x  A such that h(x) = y 3. It is computationally infeasible to find x, x´  A such that x ≠ x´ and h(x) = h(x´) – Alternate form (Stronger): Given any x  A, it is computationally infeasible to find a different x´  A such that h(x) = h(x´).
59 Collisions  If x ≠ x´ and h(x) = h(x´), x and x´ are a collision  Pigeonhole principle: if there are n containers for n+1 objects, then at least one container will have 2 objects in it.
60 Keys  Keyed cryptographic checksum: requires cryptographic key  DES in chaining mode: encipher message, use last n bits. Requires a key to encipher, so it is a keyed cryptographic checksum.  Keyless cryptographic checksum: requires no cryptographic key  MD5 and SHA-1 are best known; others include MD4, HAVAL, and Snefru
61 HMAC  Make keyed cryptographic checksums from keyless cryptographic checksums  Useful for distribution to countries that prohibit keyed cryptography
62 Key Points  Two main types of cryptosystems: classical and public key  Classical cryptosystems encipher and decipher using the same key  Or one key is easily derived from the other  Public key cryptosystems encipher and decipher using different keys  Computationally infeasible to derive one from the other  Cryptographic checksums provide a check on integrity

Recommended

Crypto
CryptoCrypto
Cryptophanleson
 
Computer Security (Cryptography) Ch02
Computer Security (Cryptography) Ch02Computer Security (Cryptography) Ch02
Computer Security (Cryptography) Ch02Saif Kassim
 
Cryptography
CryptographyCryptography
CryptographyStefan Coetzee
 
Informationtoinformation///Security.pptx
Informationtoinformation///Security.pptxInformationtoinformation///Security.pptx
Informationtoinformation///Security.pptxMahmoodTareq3
 
Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2AfiqEfendy Zaen
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesJanani S
 
Polyalphabetic Substitution Cipher
Polyalphabetic Substitution CipherPolyalphabetic Substitution Cipher
Polyalphabetic Substitution CipherSHUBHA CHATURVEDI
 
06.03.2022 Reference Polyalphabetic Substitution.pdf
06.03.2022 Reference Polyalphabetic Substitution.pdf06.03.2022 Reference Polyalphabetic Substitution.pdf
06.03.2022 Reference Polyalphabetic Substitution.pdfMeera357768
 

Recommended

Crypto
CryptoCrypto
Cryptophanleson
 
Computer Security (Cryptography) Ch02
Computer Security (Cryptography) Ch02Computer Security (Cryptography) Ch02
Computer Security (Cryptography) Ch02Saif Kassim
 
Cryptography
CryptographyCryptography
CryptographyStefan Coetzee
 
Informationtoinformation///Security.pptx
Informationtoinformation///Security.pptxInformationtoinformation///Security.pptx
Informationtoinformation///Security.pptxMahmoodTareq3
 
Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2AfiqEfendy Zaen
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesJanani S
 
Polyalphabetic Substitution Cipher
Polyalphabetic Substitution CipherPolyalphabetic Substitution Cipher
Polyalphabetic Substitution CipherSHUBHA CHATURVEDI
 
06.03.2022 Reference Polyalphabetic Substitution.pdf
06.03.2022 Reference Polyalphabetic Substitution.pdf06.03.2022 Reference Polyalphabetic Substitution.pdf
06.03.2022 Reference Polyalphabetic Substitution.pdfMeera357768
 
Data Protection Techniques and Cryptography
Data Protection Techniques and CryptographyData Protection Techniques and Cryptography
Data Protection Techniques and CryptographyTalha SAVAS
 
Substitution techniques
Substitution techniquesSubstitution techniques
Substitution techniquesvinitha96
 
Edward Schaefer
Edward SchaeferEdward Schaefer
Edward SchaeferInformation Security Awareness Group
 
Computer Security (Cryptography) Ch03
Computer Security (Cryptography) Ch03Computer Security (Cryptography) Ch03
Computer Security (Cryptography) Ch03Saif Kassim
 
CNS UNIT-II.pptx
CNS UNIT-II.pptxCNS UNIT-II.pptx
CNS UNIT-II.pptxnandan543979
 
Shad_Cryptography_PracticalFile_IT_4th_Year (1).docx
Shad_Cryptography_PracticalFile_IT_4th_Year (1).docxShad_Cryptography_PracticalFile_IT_4th_Year (1).docx
Shad_Cryptography_PracticalFile_IT_4th_Year (1).docxSonu62614
 
M.Sridevi II-M.Sc (computer science)
M.Sridevi II-M.Sc (computer science)M.Sridevi II-M.Sc (computer science)
M.Sridevi II-M.Sc (computer science)SrideviM4
 
Cryptography
Cryptography Cryptography
Cryptography navajomath
 
Cyber Security Part-2.pptx
Cyber Security Part-2.pptxCyber Security Part-2.pptx
Cyber Security Part-2.pptxRavikumarVadana
 
Network security CS2
Network security CS2Network security CS2
Network security CS2Infinity Tech Solutions
 
Cryptography 101
Cryptography 101 Cryptography 101
Cryptography 101 Andy Fisher
 
Ch02...1
Ch02...1Ch02...1
Ch02...1nathanurag
 
Section2.4.ppt
Section2.4.pptSection2.4.ppt
Section2.4.pptZeenathJahanBegum
 
row.coliumn,transitio,.Polyetchnical.colleage.ppt
row.coliumn,transitio,.Polyetchnical.colleage.pptrow.coliumn,transitio,.Polyetchnical.colleage.ppt
row.coliumn,transitio,.Polyetchnical.colleage.ppthalosidiq1
 
Symmetric ciphers questions and answers
Symmetric ciphers questions and answersSymmetric ciphers questions and answers
Symmetric ciphers questions and answersprdpgpt
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesramya marichamy
 
Computer archi&mp
Computer archi&mpComputer archi&mp
Computer archi&mpMSc CST
 
Classical crypto techniques
Classical crypto techniques Classical crypto techniques
Classical crypto techniques parves kamal
 
Monoalphabetic Substitution Cipher
Monoalphabetic Substitution CipherMonoalphabetic Substitution Cipher
Monoalphabetic Substitution CipherSHUBHA CHATURVEDI
 
CLASSICAL ENCRYPTION TECHNIQUE- PART 1
CLASSICAL ENCRYPTION TECHNIQUE- PART 1CLASSICAL ENCRYPTION TECHNIQUE- PART 1
CLASSICAL ENCRYPTION TECHNIQUE- PART 1SHUBHA CHATURVEDI
 
my net security and its models which are explained here
my net security and its models which are explained heremy net security and its models which are explained here
my net security and its models which are explained herehalosidiq1
 
new.technique.column transposional CTi college.ppt
new.technique.column transposional CTi college.pptnew.technique.column transposional CTi college.ppt
new.technique.column transposional CTi college.ppthalosidiq1
 

More Related Content

Similar to MyCryptography.2023.ppt

Data Protection Techniques and Cryptography
Data Protection Techniques and CryptographyData Protection Techniques and Cryptography
Data Protection Techniques and CryptographyTalha SAVAS
 
Substitution techniques
Substitution techniquesSubstitution techniques
Substitution techniquesvinitha96
 
Computer Security (Cryptography) Ch03
Computer Security (Cryptography) Ch03Computer Security (Cryptography) Ch03
Computer Security (Cryptography) Ch03Saif Kassim
 
Shad_Cryptography_PracticalFile_IT_4th_Year (1).docx
Shad_Cryptography_PracticalFile_IT_4th_Year (1).docxShad_Cryptography_PracticalFile_IT_4th_Year (1).docx
Shad_Cryptography_PracticalFile_IT_4th_Year (1).docxSonu62614
 
M.Sridevi II-M.Sc (computer science)
M.Sridevi II-M.Sc (computer science)M.Sridevi II-M.Sc (computer science)
M.Sridevi II-M.Sc (computer science)SrideviM4
 
Cyber Security Part-2.pptx
Cyber Security Part-2.pptxCyber Security Part-2.pptx
Cyber Security Part-2.pptxRavikumarVadana
 
Cryptography 101
Cryptography 101 Cryptography 101
Cryptography 101 Andy Fisher
 
row.coliumn,transitio,.Polyetchnical.colleage.ppt
row.coliumn,transitio,.Polyetchnical.colleage.pptrow.coliumn,transitio,.Polyetchnical.colleage.ppt
row.coliumn,transitio,.Polyetchnical.colleage.ppthalosidiq1
 
Symmetric ciphers questions and answers
Symmetric ciphers questions and answersSymmetric ciphers questions and answers
Symmetric ciphers questions and answersprdpgpt
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesramya marichamy
 
Computer archi&mp
Computer archi&mpComputer archi&mp
Computer archi&mpMSc CST
 
Classical crypto techniques
Classical crypto techniques Classical crypto techniques
Classical crypto techniques parves kamal
 
Monoalphabetic Substitution Cipher
Monoalphabetic Substitution CipherMonoalphabetic Substitution Cipher
Monoalphabetic Substitution CipherSHUBHA CHATURVEDI
 
CLASSICAL ENCRYPTION TECHNIQUE- PART 1
CLASSICAL ENCRYPTION TECHNIQUE- PART 1CLASSICAL ENCRYPTION TECHNIQUE- PART 1
CLASSICAL ENCRYPTION TECHNIQUE- PART 1SHUBHA CHATURVEDI
 

Similar to MyCryptography.2023.ppt (20)

Data Protection Techniques and Cryptography
Data Protection Techniques and CryptographyData Protection Techniques and Cryptography
Data Protection Techniques and Cryptography
 
Substitution techniques
Substitution techniquesSubstitution techniques
Substitution techniques
 
Edward Schaefer
Edward SchaeferEdward Schaefer
Edward Schaefer
 
Computer Security (Cryptography) Ch03
Computer Security (Cryptography) Ch03Computer Security (Cryptography) Ch03
Computer Security (Cryptography) Ch03
 
CNS UNIT-II.pptx
CNS UNIT-II.pptxCNS UNIT-II.pptx
CNS UNIT-II.pptx
 
Shad_Cryptography_PracticalFile_IT_4th_Year (1).docx
Shad_Cryptography_PracticalFile_IT_4th_Year (1).docxShad_Cryptography_PracticalFile_IT_4th_Year (1).docx
Shad_Cryptography_PracticalFile_IT_4th_Year (1).docx
 
M.Sridevi II-M.Sc (computer science)
M.Sridevi II-M.Sc (computer science)M.Sridevi II-M.Sc (computer science)
M.Sridevi II-M.Sc (computer science)
 
Cryptography
Cryptography Cryptography
Cryptography
 
Cyber Security Part-2.pptx
Cyber Security Part-2.pptxCyber Security Part-2.pptx
Cyber Security Part-2.pptx
 
Network security CS2
Network security CS2Network security CS2
Network security CS2
 
Cryptography 101
Cryptography 101 Cryptography 101
Cryptography 101
 
Ch02...1
Ch02...1Ch02...1
Ch02...1
 
Section2.4.ppt
Section2.4.pptSection2.4.ppt
Section2.4.ppt
 
row.coliumn,transitio,.Polyetchnical.colleage.ppt
row.coliumn,transitio,.Polyetchnical.colleage.pptrow.coliumn,transitio,.Polyetchnical.colleage.ppt
row.coliumn,transitio,.Polyetchnical.colleage.ppt
 
Symmetric ciphers questions and answers
Symmetric ciphers questions and answersSymmetric ciphers questions and answers
Symmetric ciphers questions and answers
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
 
Computer archi&mp
Computer archi&mpComputer archi&mp
Computer archi&mp
 
Classical crypto techniques
Classical crypto techniques Classical crypto techniques
Classical crypto techniques
 
Monoalphabetic Substitution Cipher
Monoalphabetic Substitution CipherMonoalphabetic Substitution Cipher
Monoalphabetic Substitution Cipher
 
CLASSICAL ENCRYPTION TECHNIQUE- PART 1
CLASSICAL ENCRYPTION TECHNIQUE- PART 1CLASSICAL ENCRYPTION TECHNIQUE- PART 1
CLASSICAL ENCRYPTION TECHNIQUE- PART 1
 

More from halosidiq1

my net security and its models which are explained here
my net security and its models which are explained heremy net security and its models which are explained here
my net security and its models which are explained herehalosidiq1
 
new.technique.column transposional CTi college.ppt
new.technique.column transposional CTi college.pptnew.technique.column transposional CTi college.ppt
new.technique.column transposional CTi college.ppthalosidiq1
 
symet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.pptsymet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.ppthalosidiq1
 
CTI.Vigenir Cipher.pptx
CTI.Vigenir Cipher.pptxCTI.Vigenir Cipher.pptx
CTI.Vigenir Cipher.pptxhalosidiq1
 
my lecture 21.network security.2023.ppt
my lecture 21.network security.2023.pptmy lecture 21.network security.2023.ppt
my lecture 21.network security.2023.ppthalosidiq1
 
My Project on Cryptograpghy.2023.ppt
My Project on Cryptograpghy.2023.pptMy Project on Cryptograpghy.2023.ppt
My Project on Cryptograpghy.2023.ppthalosidiq1
 
my.Light weight cryptography.2023.pptx
my.Light weight cryptography.2023.pptxmy.Light weight cryptography.2023.pptx
my.Light weight cryptography.2023.pptxhalosidiq1
 
MyTutorialON Cryptography.ppt
MyTutorialON Cryptography.pptMyTutorialON Cryptography.ppt
MyTutorialON Cryptography.ppthalosidiq1
 
new.deadlock.ppt
new.deadlock.pptnew.deadlock.ppt
new.deadlock.ppthalosidiq1
 
CNF.Chap.5.pptx
CNF.Chap.5.pptxCNF.Chap.5.pptx
CNF.Chap.5.pptxhalosidiq1
 

More from halosidiq1 (10)

my net security and its models which are explained here
my net security and its models which are explained heremy net security and its models which are explained here
my net security and its models which are explained here
 
new.technique.column transposional CTi college.ppt
new.technique.column transposional CTi college.pptnew.technique.column transposional CTi college.ppt
new.technique.column transposional CTi college.ppt
 
symet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.pptsymet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.ppt
 
CTI.Vigenir Cipher.pptx
CTI.Vigenir Cipher.pptxCTI.Vigenir Cipher.pptx
CTI.Vigenir Cipher.pptx
 
my lecture 21.network security.2023.ppt
my lecture 21.network security.2023.pptmy lecture 21.network security.2023.ppt
my lecture 21.network security.2023.ppt
 
My Project on Cryptograpghy.2023.ppt
My Project on Cryptograpghy.2023.pptMy Project on Cryptograpghy.2023.ppt
My Project on Cryptograpghy.2023.ppt
 
my.Light weight cryptography.2023.pptx
my.Light weight cryptography.2023.pptxmy.Light weight cryptography.2023.pptx
my.Light weight cryptography.2023.pptx
 
MyTutorialON Cryptography.ppt
MyTutorialON Cryptography.pptMyTutorialON Cryptography.ppt
MyTutorialON Cryptography.ppt
 
new.deadlock.ppt
new.deadlock.pptnew.deadlock.ppt
new.deadlock.ppt
 
CNF.Chap.5.pptx
CNF.Chap.5.pptxCNF.Chap.5.pptx
CNF.Chap.5.pptx
 

Recently uploaded

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Recently uploaded (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

MyCryptography.2023.ppt

  • 1. 1 Cryptography CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 30, 2004
  • 2. 2 Overview  Classical Cryptography  Cæsar cipher  Vigenère cipher  DES  Public Key Cryptography  Diffie-Hellman  RSA  Cryptographic Checksums  HMAC
  • 3. 3 Cryptosystem  Quintuple (E, D, M, K, C)  M set of plaintexts  K set of keys  C set of ciphertexts  E set of encryption functions e: M  K  C  D set of decryption functions d: C  K  M
  • 4. 4 Example  Example: Cæsar cipher  M = { sequences of letters }  K = { i | i is an integer and 0 ≤ i ≤ 25 }  E = { Ek | k  K and for all letters m, Ek(m) = (m + k) mod 26 }  D = { Dk | k  K and for all letters c, Dk(c) = (26 + c – k) mod 26 }  C = M
  • 5. 5 Attacks  Opponent whose goal is to break cryptosystem is the adversary  Assume adversary knows algorithm used, but not key  Three types of attacks:  ciphertext only: adversary has only ciphertext; goal is to find plaintext, possibly key  known plaintext: adversary has ciphertext, corresponding plaintext; goal is to find key  chosen plaintext: adversary may supply plaintexts and obtain corresponding ciphertext; goal is to find key
  • 6. 6 Basis for Attacks  Mathematical attacks  Based on analysis of underlying mathematics  Statistical attacks  Make assumptions about the distribution of letters, pairs of letters (digrams), triplets of letters (trigrams), etc. (called models of the language). Examine ciphertext, correlate properties with the assumptions.
  • 7. 7 Classical Cryptography  Sender, receiver share common key  Keys may be the same, or trivial to derive from one another  Sometimes called symmetric cryptography  Two basic types  Transposition ciphers  Substitution ciphers  Combinations are called product ciphers
  • 8. 8 Transposition Cipher  Rearrange letters in plaintext to produce ciphertext  Example (Rail-Fence Cipher)  Plaintext is HELLO WORLD  Rearrange as HLOOL ELWRD  Ciphertext is HLOOL ELWRD
  • 9. 9 Attacking the Cipher  Anagramming  If 1-gram frequencies match English frequencies, but other n-gram frequencies do not, probably transposition  Rearrange letters to form n-grams with highest frequencies
  • 10. 10 Example  Ciphertext: HLOOLELWRD  Frequencies of 2-grams beginning with H  HE 0.0305  HO 0.0043  HL, HW, HR, HD < 0.0010  Implies E follows H
  • 11. 11 Example  Arrange so the H and E are adjacent HE LL OW OR LD  Read off across, then down, to get original plaintext
  • 12. 12 Substitution Ciphers  Change characters in plaintext to produce ciphertext  Example (Cæsar cipher)  Plaintext is HELLO WORLD  Change each letter to the third letter following it (X goes to A, Y to B, Z to C)  Key is 3, usually written as letter ‘D’  Ciphertext is KHOOR ZRUOG
  • 13. 13 Attacking the Cipher  Exhaustive search  If the key space is small enough, try all possible keys until you find the right one  Cæsar cipher has 26 possible keys  Statistical analysis  Compare to 1-gram model of English
  • 14. 14 The Result  Most probable keys, based on , the correlation with expected frequencies of letters in English :  i = 6, (i) = 0.0660  plaintext EBIIL TLOLA  i = 10, (i) = 0.0635  plaintext AXEEH PHKEW  i = 3, (i) = 0.0575  plaintext HELLO WORLD  i = 14, (i) = 0.0535  plaintext WTAAD LDGAS  Only English phrase is for i = 3  That’s the key (3 or ‘D’)
  • 15. 15 Cæsar’s Problem  Key is too short  Can be found by exhaustive search  Statistical frequencies not concealed well  So make it longer  Multiple letters in key  Idea is to smooth the statistical frequencies to make cryptanalysis harder
  • 16. 16 Vigenère Cipher  Like Cæsar cipher, but use a phrase  Example  Message THE BOY HAS THE BALL  Key VIG  Encipher using Cæsar cipher for each letter: key VIGVIGVIGVIGVIGV plain THEBOYHASTHEBALL cipher OPKWWECIYOPKWIRG
  • 17. 17 Relevant Parts of Tableau G I V A G I V B H J W E L M Z H N P C L R T G O U W J S Y A N T Z B O Y E H T  Tableau shown has relevant rows, columns only  Example encipherments:  key V, letter T: follow V column down to T row (giving “O”)  Key I, letter H: follow I column down to H row (giving “P”)
  • 18. 18 Establish Period  Kaskski: repetitions in the ciphertext occur when characters of the key appear over the same characters in the plaintext  Example: key VIGVIGVIGVIGVIGV plain THEBOYHASTHEBALL cipher OPKWWECIYOPKWIRG Note the key and plaintext line up over the repetitions (underlined). As distance between repetitions is 9, the period is a factor of 9 (that is, 1, 3, or 9)
  • 19. 19 Attacking the Cipher  Approach  Establish period; call it n  Break message into n parts, each part being enciphered using the same key letter  Solve each part  You can leverage one part from another  We will show each step
  • 20. 20 The Target Cipher  We want to break this cipher: ADQYS MIUSB OXKKT MIBHK IZOOO EQOOG IFBAG KAUMF VVTAA CIDTW MOCIO EQOOG BMBFV ZGGWP CIEKQ HSNEW VECNE DLAAV RWKXS VNSVP HCEUT QOIOF MEGJS WTPCH AJMOC HIUIX
  • 21. 21 Repetitions in Example Letters Start End Distance Factors MI 5 15 10 2, 5 OO 22 27 5 5 OEQOOG 24 54 30 2, 3, 5 FV 39 63 24 2, 2, 2, 3 AA 43 87 44 2, 2, 11 MOC 50 122 72 2, 2, 2, 3, 3 QO 56 105 49 7, 7 PC 69 117 48 2, 2, 2, 2, 3 NE 77 83 6 2, 3 SV 94 97 3 3 CH 118 124 6 2, 3
  • 22. 22 Estimate of Period  OEQOOG is probably not a coincidence  It’s too long for that  Period may be 1, 2, 3, 5, 6, 10, 15, or 30  Most others (7/10) have 2 in their factors  Almost as many (6/10) have 3 in their factors  Begin with period of 2  3 = 6
  • 23. 23 Check on Period  Index of coincidence is probability that two randomly chosen letters from ciphertext will be the same  Tabulated for different periods: 1: 0.066 5: 0.044 2: 0.052 10: 0.041 3: 0.047 Large: 0.038 4: 0.045
  • 24. 24 Splitting Into Alphabets alphabet 1: AIKHOIATTOBGEEERNEOSAI alphabet 2: DUKKEFUAWEMGKWDWSUFWJU alphabet 3: QSTIQBMAMQBWQVLKVTMTMI alphabet 4: YBMZOAFCOOFPHEAXPQEPOX alphabet 5: SOIOOGVICOVCSVASHOGCC alphabet 6: MXBOGKVDIGZINNVVCIJHH  ICs (#1, 0.069; #2, 0.078; #3, 0.078; #4, 0.056; #5, 0.124; #6, 0.043) indicate all alphabets have period 1, except #4 and #6; assume statistics off
  • 25. 25 Frequency Examination ABCDEFGHIJKLMNOPQRSTUVWXYZ 1 31004011301001300112000000 2 10022210013010000010404000 3 12000000201140004013021000 4 21102201000010431000000211 5 10500021200000500030020000 6 01110022311012100000030101 Letter frequencies are (H high, M medium, L low): HMMMHMMHHMMMMHHMLHHHMLLLLL
  • 26. 26 Begin Decryption  First matches characteristics of unshifted alphabet  Third matches if I shifted to A  Sixth matches if V shifted to A  Substitute into ciphertext (bold are substitutions) ADIYS RIUKB OCKKL MIGHK AZOTO EIOOL IFTAG PAUEF VATAS CIITW EOCNO EIOOL BMTFV EGGOP CNEKI HSSEW NECSE DDAAA RWCXS ANSNP HHEUL QONOF EEGOS WLPCM AJEOC MIUAX
  • 27. 27 Look For Clues  AJE in last line suggests “are”, meaning second alphabet maps A into S: ALIYS RICKB OCKSL MIGHS AZOTO MIOOL INTAG PACEF VATIS CIITE EOCNO MIOOL BUTFV EGOOP CNESI HSSEE NECSE LDAAA RECXS ANANP HHECL QONON EEGOS ELPCM AREOC MICAX
  • 28. 28 Next Alphabet  MICAX in last line suggests “mical” (a common ending for an adjective), meaning fourth alphabet maps O into A: ALIMS RICKP OCKSL AIGHS ANOTO MICOL INTOG PACET VATIS QIITE ECCNO MICOL BUTTV EGOOD CNESI VSSEE NSCSE LDOAA RECLS ANAND HHECL EONON ESGOS ELDCM ARECC MICAL
  • 29. 29 Got It!  QI means that I maps into U, as Q is always followed by U: ALIME RICKP ACKSL AUGHS ANATO MICAL INTOS PACET HATIS QUITE ECONO MICAL BUTTH EGOOD ONESI VESEE NSOSE LDOMA RECLE ANAND THECL EANON ESSOS ELDOM ARECO MICAL
  • 30. 30 One-Time Pad  A Vigenère cipher with a random key at least as long as the message  Provably unbreakable  Why? Look at ciphertext DXQR. Equally likely to correspond to plaintext DOIT (key AJIY) and to plaintext DONT (key AJDY) and any other 4 letters  Warning: keys must be random, or you can attack the cipher by trying to regenerate the key  Approximations, such as using pseudorandom number generators to generate keys, are not random
  • 31. 31 Overview of the DES  A block cipher:  encrypts blocks of 64 bits using a 64 bit key  outputs 64 bits of ciphertext  A product cipher  basic unit is the bit  performs both substitution and transposition (permutation) on the bits  Cipher consists of 16 rounds (iterations) each with a round key generated from the user-supplied key
  • 32. 32 Generation of Round Keys key PC-1 C0 D0 LSH LSH D1 PC-2 K1 K16 LSH LSH C1 PC-2  Round keys are 48 bits each
  • 33. 33 Encipherment input IP L0 R0  f K1 L1 = R0 R1 = L0  f(R0, K1) R16 = L15 f(R15, K16) L 16 = R 15 IPŠ1 output
  • 34. 34 The f Function RiŠ1 (32 bits) E RiŠ1 (48 bits) Ki (48 bits)  S1 S2 S3 S4 S5 S6 S7 S8 6 bits into each P 32 bits 4 bits out of each
  • 35. 35 Controversy  Considered too weak  Diffie, Hellman said in a few years technology would allow DES to be broken in days  Design using 1999 technology published  Design decisions not public  S-boxes may have backdoors
  • 36. 36 Undesirable Properties  4 weak keys  They are their own inverses  12 semi-weak keys  Each has another semi-weak key as inverse  Complementation property  DESk(m) = c  DESk´(m´) = c´  S-boxes exhibit irregular properties  Distribution of odd, even numbers non-random  Outputs of fourth box depends on input to third box
  • 37. 37 Differential Cryptanalysis  A chosen ciphertext attack  Requires 247 plaintext, ciphertext pairs  Revealed several properties  Small changes in S-boxes reduce the number of pairs needed  Making every bit of the round keys independent does not impede attack  Linear cryptanalysis improves result  Requires 243 plaintext, ciphertext pairs
  • 38. 38 DES Modes  Electronic Code Book Mode (ECB)  Encipher each block independently  Cipher Block Chaining Mode (CBC)  XOR each block with previous ciphertext block  Requires an initialization vector for the first one  Encrypt-Decrypt-Encrypt Mode (2 keys: k, k´)  c = DESk(DESk´ –1(DESk(m)))  Encrypt-Encrypt-Encrypt Mode (3 keys: k, k´, k´´) c = DESk(DESk´(DESk´´(m)))
  • 39. 39 Current Status of DES  Design for computer system, associated software that could break any DES-enciphered message in a few days published in 1998  Several challenges to break DES messages solved using distributed computing  NIST selected Rijndael as Advanced Encryption Standard (AES), successor to DES  Designed to withstand attacks that were successful on DES
  • 40. 40 Public Key Cryptography  Two keys  Private key known only to individual  Public key available to anyone  Public key, private key inverses  Idea  Confidentiality: encipher using public key, decipher using private key  Integrity/authentication: encipher using private key, decipher using public one
  • 41. 41 Requirements 1. It must be computationally easy to encipher or decipher a message given the appropriate key 2. It must be computationally infeasible to derive the private key from the public key 3. It must be computationally infeasible to determine the private key from a chosen plaintext attack
  • 42. 42 Diffie-Hellman  Compute a common, shared key  Called a symmetric key exchange protocol  Based on discrete logarithm problem  Given integers n and g and prime number p, compute k such that n = gk mod p  Solutions known for small p  Solutions computationally infeasible as p grows large
  • 43. 43 Algorithm  Constants: prime p, integer g ≠ 0, 1, p–1  Known to all participants  Anne chooses private key kAnne, computes public key KAnne = gkAnne mod p  To communicate with Bob, Anne computes Kshared = KBobkAnne mod p  To communicate with Anne, Bob computes Kshared = KAnnekBob mod p  It can be shown these keys are equal
  • 44. 44 Example  n = gk mod p  Assume p = 53 and g = 17  Alice chooses kAlice = 5  Then KAlice = 175 mod 53 = 40  Bob chooses kBob = 7  Then KBob = 177 mod 53 = 6  Shared key:  KBobkAlice mod p = 65 mod 53 = 38  KAlicekBob mod p = 407 mod 53 = 38
  • 45. 45 RSA  Exponentiation cipher  Relies on the difficulty of determining the number of numbers relatively prime to a large integer n
  • 46. 46 Background  Totient function (n)  Number of positive integers less than n and relatively prime to n  Relatively prime means with no factors in common with n  Example: (10) = 4  1, 3, 7, 9 are relatively prime to 10  Example: (21) = 12  1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20 are relatively prime to 21
  • 47. 47 Algorithm  Choose two large prime numbers p, q  Let n = pq; then (n) = (p–1)(q–1)  Choose e < n such that e relatively prime to (n).  Compute d such that ed mod (n) = 1  Public key: (e, n); private key: d  Encipher: c = me mod n  Decipher: m = cd mod n
  • 48. 48 Example: Confidentiality  Take p = 7, q = 11, so n = 77 and (n) = 60  Alice chooses e = 17, making d = 53  Bob wants to send Alice secret message HELLO (07 04 11 11 14)  0717 mod 77 = 28  0417 mod 77 = 16  1117 mod 77 = 44  1117 mod 77 = 44  1417 mod 77 = 42  Bob sends 28 16 44 44 42
  • 49. 49 Example  Alice receives 28 16 44 44 42  Alice uses private key, d = 53, to decrypt message:  2853 mod 77 = 07  1653 mod 77 = 04  4453 mod 77 = 11  4453 mod 77 = 11  4253 mod 77 = 14  Alice translates message to letters to read HELLO  No one else could read it, as only Alice knows her private key and that is needed for decryption
  • 50. 50 Example: Integrity/Authentication  Take p = 7, q = 11, so n = 77 and (n) = 60  Alice chooses e = 17, making d = 53  Alice wants to send Bob message HELLO (07 04 11 11 14) so Bob knows it is what Alice sent (no changes in transit, and authenticated)  0753 mod 77 = 35  0453 mod 77 = 09  1153 mod 77 = 44  1153 mod 77 = 44  1453 mod 77 = 49  Alice sends 35 09 44 44 49
  • 51. 51 Example  Bob receives 35 09 44 44 49  Bob uses Alice’s public key, e = 17, n = 77, to decrypt message:  3517 mod 77 = 07  0917 mod 77 = 04  4417 mod 77 = 11  4417 mod 77 = 11  4917 mod 77 = 14  Bob translates message to letters to read HELLO  Alice sent it as only she knows her private key, so no one else could have enciphered it  If (enciphered) message’s blocks (letters) altered in transit, would not decrypt properly
  • 52. 52 Example: Both  Alice wants to send Bob message HELLO both enciphered and authenticated (integrity-checked)  Alice’s keys: public (17, 77); private: 53  Bob’s keys: public: (37, 77); private: 13  Alice enciphers HELLO (07 04 11 11 14):  (0753 mod 77)37 mod 77 = 07  (0453 mod 77)37 mod 77 = 37  (1153 mod 77)37 mod 77 = 44  (1153 mod 77)37 mod 77 = 44  (1453 mod 77)37 mod 77 = 14  Alice sends 07 37 44 44 14
  • 53. 53 Security Services  Confidentiality  Only the owner of the private key knows it, so text enciphered with public key cannot be read by anyone except the owner of the private key  Authentication  Only the owner of the private key knows it, so text enciphered with private key must have been generated by the owner
  • 54. 54 More Security Services  Integrity  Enciphered letters cannot be changed undetectably without knowing private key  Non-Repudiation  Message enciphered with private key came from someone who knew it
  • 55. 55 Warnings  Encipher message in blocks considerably larger than the examples here  If 1 character per block, RSA can be broken using statistical attacks (just like classical cryptosystems)  Attacker cannot alter letters, but can rearrange them and alter message meaning  Example: reverse enciphered message of text ON to get NO
  • 56. 56 Cryptographic Checksums  Mathematical function to generate a set of k bits from a set of n bits (where k ≤ n).  k is smaller then n except in unusual circumstances  Example: ASCII parity bit  ASCII has 7 bits; 8th bit is “parity”  Even parity: even number of 1 bits  Odd parity: odd number of 1 bits
  • 57. 57 Example Use  Bob receives “10111101” as bits.  Sender is using even parity; 6 1 bits, so character was received correctly  Note: could be garbled, but 2 bits would need to have been changed to preserve parity  Sender is using odd parity; even number of 1 bits, so character was not received correctly
  • 58. 58 Definition  Cryptographic checksum function h: AB: 1. For any x  A, h(x) is easy to compute 2. For any y  B, it is computationally infeasible to find x  A such that h(x) = y 3. It is computationally infeasible to find x, x´  A such that x ≠ x´ and h(x) = h(x´) – Alternate form (Stronger): Given any x  A, it is computationally infeasible to find a different x´  A such that h(x) = h(x´).
  • 59. 59 Collisions  If x ≠ x´ and h(x) = h(x´), x and x´ are a collision  Pigeonhole principle: if there are n containers for n+1 objects, then at least one container will have 2 objects in it.
  • 60. 60 Keys  Keyed cryptographic checksum: requires cryptographic key  DES in chaining mode: encipher message, use last n bits. Requires a key to encipher, so it is a keyed cryptographic checksum.  Keyless cryptographic checksum: requires no cryptographic key  MD5 and SHA-1 are best known; others include MD4, HAVAL, and Snefru
  • 61. 61 HMAC  Make keyed cryptographic checksums from keyless cryptographic checksums  Useful for distribution to countries that prohibit keyed cryptography
  • 62. 62 Key Points  Two main types of cryptosystems: classical and public key  Classical cryptosystems encipher and decipher using the same key  Or one key is easily derived from the other  Public key cryptosystems encipher and decipher using different keys  Computationally infeasible to derive one from the other  Cryptographic checksums provide a check on integrity