Applied Cryptology Applied Cryptology – The Science of – The Science of

SecrecySecrecy

Applied Cryptology Applied Cryptology – The Science of – The Science of

SecrecySecrecy

Dr. Victor RalevichDr. Victor RalevichSheridan InstituteSheridan Institute

Credit for some of the slides goes to Dr. Richard J.SpillmanCredit for some of the slides goes to Dr. Richard J.Spillman

Dr. Victor RalevichDr. Victor RalevichSheridan InstituteSheridan Institute

Credit for some of the slides goes to Dr. Richard J.SpillmanCredit for some of the slides goes to Dr. Richard J.Spillman

Basic TerminologyBasic TerminologyBasic TerminologyBasic Terminology

Encryption: Encryption: Encryption keyEncryption key

– Plaintext CiphertextPlaintext Ciphertext

Decryption: Decryption: Decryption keyDecryption key

– Ciphertext PlaintextCiphertext Plaintext

Cipher = Encryption algorithmCipher = Encryption algorithm

CryptologyCryptologyCryptologyCryptology

CryptologyCryptology is the science of building and is the science of building and analyzing encryption-decryption methods. analyzing encryption-decryption methods.

CRYPTOLOGYCRYPTOLOGY

CRYPTOGRAPHYCRYPTOGRAPHYCRYPTOANALYSISCRYPTOANALYSIS

Secure SystemsSecure SystemsSecure SystemsSecure Systems

Fundamental Principle of Cryptology

A Good CipherA Good CipherA Good CipherA Good Cipher

The strength of the system should not lie in The strength of the system should not lie in the secrecy of the algorithms. the secrecy of the algorithms.

The strength of the system should only The strength of the system should only depend the secrecy of the key. depend the secrecy of the key.

Cipher EvaluationCipher EvaluationCipher EvaluationCipher Evaluation

We can We can nevernever be sure that a cipher is be sure that a cipher is secure. secure.

The best way to gain some confidence The best way to gain some confidence in a new cipher is to allow the security in a new cipher is to allow the security community to test it. community to test it.

Cipher ClassificationCipher ClassificationCipher ClassificationCipher Classification

Ciphers

Public KeySymmetric

KeyUnkeyed

IDSignaturePublicKey HashOneWayRandom

SymmetricMACSignatureRandom

BlockStreamClassical

Transposition Substitution

Classical CiphersClassical CiphersClassical CiphersClassical Ciphers

Further subdivisions:Further subdivisions:

Transposition Substitution

polyalphabetic monoalphabetic

BlockStreamClassical

...

Each plaintext characteris always substituted by the same other character.

Each plaintext characteris substituted by different characters dependant on the key used for encryption

Substitution CiphersSubstitution CiphersSubstitution CiphersSubstitution Ciphers

General General substitution algorithmsubstitution algorithm permits permits the cipher alphabet to be any the cipher alphabet to be any rearrangement of the plain alphabet.rearrangement of the plain alphabet.

That gives That gives

26! = 403,291,461,126,605,635,584,000,00026! = 403,291,461,126,605,635,584,000,000

possible keys from which to choose.possible keys from which to choose.

Frequency AnalysisFrequency Analysis Frequency AnalysisFrequency Analysis

Every letter of a given language has Every letter of a given language has characteristics of its own such as:characteristics of its own such as:– Frequency of occurrenceFrequency of occurrence

– Relation to the other lettersRelation to the other letters

– Position within wordsPosition within words

These and other similar characteristics are used to These and other similar characteristics are used to break substitution monoalphabetic ciphers by break substitution monoalphabetic ciphers by letter letter frequency analysisfrequency analysis

Letter Frequency in Letter Frequency in English LanguageEnglish Language

Letter Frequency in Letter Frequency in English LanguageEnglish Language

In order: ETAONIRSHDLUCMPFYWGBVJKQXZ Four vowels A, E, I, O and four consonants N, R, S, T

form 2/3 of the normal English plain text. 0.

127

0.09

1

0.08

2

0.07

5

0.07

0

0.06

7

0.06

3

0.06

1

0.06

0

0.04

3

0.04

0

0.02

8

0.02

8

0.02

4

0.02

3

0.02

2

0.02

0

0.02

0

0.01

9

0.01

5

0.01

0

0.00

8

0.00

2

0.00

1

0.00

1

0.00

1

0.000

0.020

0.040

0.060

0.080

0.100

0.120

0.140

E T A O I N S H R D L C UMW F G Y P B V K J Q X Z

Word of AdviceWord of AdviceWord of AdviceWord of Advice NoteNote: The longer texts are more likely to follow the : The longer texts are more likely to follow the

standard frequencies, but it is not always the case. standard frequencies, but it is not always the case.

In 1969, the French author In 1969, the French author George PerecGeorge Perec wrote wrote “La “La Disparation”Disparation”, a 200-page novel that did not use words that , a 200-page novel that did not use words that contain letter “E”. contain letter “E”.

Gilbert AdairGilbert Adair translated the novel in English respecting the translated the novel in English respecting the same restriction. same restriction.

See also similar book See also similar book “Gadsby”“Gadsby” a story of over 50,000 a story of over 50,000 words without using the letter “E” by words without using the letter “E” by Ernest Vincent WrightErnest Vincent Wright

Polyalphabetic CiphersPolyalphabetic CiphersPolyalphabetic CiphersPolyalphabetic Ciphers

VigenVigenère’s cipherère’s cipherVigenVigenère’s cipherère’s cipher

VigenVigenèère Cipherre CipherVigenVigenèère Cipherre Cipher

Vigenère’s most important work was his Vigenère’s most important work was his “Traicté des Chiffres” (“A Treatise on “Traicté des Chiffres” (“A Treatise on Secret Writing”) published in 1586.Secret Writing”) published in 1586.

Vigenère’s cipher is resistant to letter Vigenère’s cipher is resistant to letter frequency analysis.frequency analysis.

VigVigeennèère Operationre OperationVigVigeennèère Operationre Operation A keyword is selected and it is A keyword is selected and it is

repeatedly written above the plaintextrepeatedly written above the plaintext– EXAMPLE: using the keyword “hold”EXAMPLE: using the keyword “hold”

H O L D H O L D H O L D H O L D H OKEYKEYplaintextplaintext I S T H E LP IA TN XE TST H I

a b c d e f g h i . . .a a b c d e f g h ib b c d e f g h i j . . .n c d e f g h i j k . . .d d e f g h i j k l . . .e e f g h i j k l m . . .f f g h i j k l m n . . .g g h i j k l m n o . . .h h i j k l m n o p . . .i i j k l m n o p q . . .j j k l m n o p q r . . . k k l m n o p q r s . . .l l m n o p q r s t . . .m m n o p q r s t u . . .n n o p q r s t u v . . .o o p q r s t u v w . . .p p q r s t u v w x . . .q q r s t u v w x y . . .r r s t u v w x y z . . .s s t u v w x y z a . . .t t u v w x y z a b . . .u u v w x y z a b c . . .

Aciphertextciphertext V T V HKEGQ HEBQDWDL E

Breaking VigenBreaking Vigenèère’s re’s CipherCipher

Breaking VigenBreaking Vigenèère’s re’s CipherCipher

In 1863, a Polish Infantry officer, Friedrich W. In 1863, a Polish Infantry officer, Friedrich W. Kasiski, published a short book which changed Kasiski, published a short book which changed the nature of cryptography. He noticed that:the nature of cryptography. He noticed that:

So, the size of the keyword can be determined by the nature of repeated ciphertext character strings.

The conjuction of a repeated portion ofthe key with a repetition in the plaintextproduces a repetition in the ciphertext.

Shannon CriteriaShannon CriteriaShannon CriteriaShannon Criteria

Claude Shannon (in the late 1940s) defined Claude Shannon (in the late 1940s) defined additional design criteria for ciphers: additional design criteria for ciphers:

–ConfusionConfusion – cipher should hide local – cipher should hide local patterns in language from an attacker.patterns in language from an attacker.

–DiffusionDiffusion – cipher should mix around – cipher should mix around different parts of the plaintext, so that different parts of the plaintext, so that nothing is left in its original position. nothing is left in its original position.

Computer Based CiphersComputer Based CiphersComputer Based CiphersComputer Based Ciphers

Security RequirementsSecurity RequirementsSecurity RequirementsSecurity Requirements

Confidentiality– Protection from disclosure to unauthorised persons

Integrity– Maintaining data consistency

Authentication– Assurance of identity of person or originator of data

Non-repudiation– Originator of communications can’t deny it later

Binary NumbersBinary NumbersBinary NumbersBinary Numbers

Data in computer systems is stored, processed, and Data in computer systems is stored, processed, and transmitted in binary form (as 0’s and 1’s)transmitted in binary form (as 0’s and 1’s)

All numerical values are represented and manipulated as All numerical values are represented and manipulated as binary numbersbinary numbers

decimal binary 0 0 1 1 2 10 3 11 4 100

decimal binary 5 101 6 110 7 111 8 1000 9 1001

CharactersCharactersCharactersCharacters

There is no natural way to express characters There is no natural way to express characters (as there is with numbers) so computer (as there is with numbers) so computer manufactures have developed standard codes manufactures have developed standard codes such as ASCII and UNICODE.such as ASCII and UNICODE.

ASCIIASCII assigns 8 bits per character: assigns 8 bits per character: 2288 = 226 characters = 226 characters

UNICODEUNICODE assigns 16 bits per character: assigns 16 bits per character: 221616 = 65536 different characters = 65536 different characters

Symmetric Key CiphersSymmetric Key CiphersSymmetric Key CiphersSymmetric Key Ciphers

Stream CiphersStream CiphersBlock CiphersBlock Ciphers

Stream CiphersStream CiphersBlock CiphersBlock Ciphers

Symmetric CiphersSymmetric CiphersSymmetric CiphersSymmetric Ciphers

EncryptionEncryption Transmission Transmission Decryption Decryption

Symmetric Encryption Scheme Symmetric Encryption Scheme

The same key is used for both: encryption and The same key is used for both: encryption and decryption.decryption.

Bit Level CiphersBit Level CiphersBit Level CiphersBit Level Ciphers

Using computers, ciphers are implemented at the bit Using computers, ciphers are implemented at the bit level. We can now substitute or transpose 0’s and 1’slevel. We can now substitute or transpose 0’s and 1’s

The problem is, how can we seem to randomly change The problem is, how can we seem to randomly change bits and yet still be able to recover the plaintext?bits and yet still be able to recover the plaintext?

To do this we use the exclusive-OR (XOR) binary To do this we use the exclusive-OR (XOR) binary function function

XOR FunctionXOR FunctionXOR FunctionXOR Function

A

BF

A B F0 0 00 1 11 0 11 1 0

A will be the plaintext and B the key

XOR

Simple Stream CipherSimple Stream CipherSimple Stream CipherSimple Stream Cipher

plaintext

Key stream

XOR XOR

Key stream

plaintextcipherteciphertextxt

Some Stream CiphersSome Stream CiphersSome Stream CiphersSome Stream Ciphers

RC4RC4 PikePike SOBER-128SOBER-128 SEAL (Software-Optimized Encryption SEAL (Software-Optimized Encryption

Algorithm)Algorithm) TuringTuring A5/1 and A5/2A5/1 and A5/2

Block CiphersBlock CiphersBlock CiphersBlock Ciphers

Block CipherBlock CipherBlock CipherBlock Cipher

Today’s most widely used ciphersToday’s most widely used ciphers– Define a block of computer bits which represent several Define a block of computer bits which represent several

characterscharacters

– Encipher the complete block at one timeEncipher the complete block at one time

AlgorithmAlgorithm

Block of BitsBlock of Bits

Block of BitsBlock of Bits

KEYKEY

Electronic Code BookElectronic Code BookElectronic Code BookElectronic Code Book

Simplest mode of operationSimplest mode of operation– each block is enciphered into a ciphertext each block is enciphered into a ciphertext

block using one keyblock using one key

Ek

M1

C1

Key Ek

M2

C2

Ek

Mm

Cm

Problem:if Mi = Mj thenCi = Cj

Cipher Block ChainingCipher Block ChainingCipher Block ChainingCipher Block Chaining

The input to each block stage is the The input to each block stage is the current block XOR-ed with the previous current block XOR-ed with the previous stage cipher blockstage cipher block

Key Ek

M1

C1

Ek

M2

C2

Ek

Mm

Cm

Some Block CiphersSome Block CiphersSome Block CiphersSome Block Ciphers

AESAES DES (obsolete)DES (obsolete) IDEAIDEA BlowfishBlowfish SkipjackSkipjack RC5RC5 RC6RC6 TwofishTwofish

Asymmetric Key CiphersAsymmetric Key CiphersAsymmetric Key CiphersAsymmetric Key Ciphers

Cipher ClassificationCipher ClassificationCipher ClassificationCipher Classification

Ciphers

AsymmetricKey

Symmetric Key

Unkeyed

IDSignaturePublicKey

Asymmetric ciphers have twodifferent keys: one to encipherand one to decipher

Public Key CiphersPublic Key CiphersPublic Key CiphersPublic Key Ciphers

They are usually They are usually based on number theorybased on number theory rather than substitution or permutation rather than substitution or permutation operationsoperations

There are There are two different keystwo different keys: : – one for encryption, and one for encryption, and – one for decryptionone for decryption

Knowing one key cannot compromise the otherKnowing one key cannot compromise the other

Public Key TransactionPublic Key TransactionPublic Key TransactionPublic Key Transaction

Asymmetric algorithms use matched public/private key pairsAsymmetric algorithms use matched public/private key pairs

RSARSARSARSA

Named after researchers at MIT who Named after researchers at MIT who developed the cipher: developed the cipher:

RRivest – ivest – SShamir – hamir – AAdleman Cipherdleman Cipher(1978)(1978)

Named after researchers at MIT who Named after researchers at MIT who developed the cipher: developed the cipher:

RRivest – ivest – SShamir – hamir – AAdleman Cipherdleman Cipher(1978)(1978)

RSA Key Generation RSA Key Generation RSA Key Generation RSA Key Generation

1.1. Select two 100 digit (or more) prime Select two 100 digit (or more) prime numbers, numbers, pp and and qq

2.2. Multiply them to obtain Multiply them to obtain n = pn = p∙∙qq

3.3. Select another number Select another number dd such that such that gcd(d, (p-1)gcd(d, (p-1)∙∙(q-1)) = 1 (q-1)) = 1 (relatively prime)(relatively prime)

4.4. Find integer Find integer ee such that: such that: ee∙∙d d ≡ 1≡ 1 mod ((p-1) mod ((p-1)∙∙(q-1))(q-1))

5.5. Par Par (e, n)(e, n) is public key, and pair is public key, and pair (d, n)(d, n) is is private key.private key.

RSA EncryptionRSA EncryptionRSA EncryptionRSA Encryption

Divide the message into blocks Divide the message into blocks MM all of the all of the same size same size xx. The bit string . The bit string MM can be can be viewed as an viewed as an xx digit binary number. digit binary number.

Calculate ciphertext as:Calculate ciphertext as:

C ≡ MC ≡ Mee mod n mod n Remember Remember (e, n)(e, n) is public key (so anyone is public key (so anyone

can do this)can do this)

RSA DecryptionRSA DecryptionRSA DecryptionRSA Decryption

To obtain plaintext form ciphertext To obtain plaintext form ciphertext calculate:calculate:

CCdd = (M = (Mee))dd ≡≡ M M11 mod n mod n Remember Remember d d is private and remains is private and remains

private . private . To find To find dd you must discover you must discover pp and and qq but but

the only way to do that is to factor the only way to do that is to factor nn

Aside: Characters to Aside: Characters to NumbersNumbers

Aside: Characters to Aside: Characters to NumbersNumbers

Process: to translate a collection of characters Process: to translate a collection of characters to a numberto a number– convert the characters to ASCIIconvert the characters to ASCII

– treat the ASCII code like a binary number and treat the ASCII code like a binary number and convert it to decimalconvert it to decimal

it

0110100101110100

214 + 213 + 211 + 28 + 26 + 25 + 24 + 22

2699626996

Aside: Numbers to Aside: Numbers to CharactersCharacters

Aside: Numbers to Aside: Numbers to CharactersCharacters

Process: to translate a number to a collection Process: to translate a number to a collection of charactersof characters– convert the number to binaryconvert the number to binary

– treat the binary number like an ASCII codetreat the binary number like an ASCII code

26995

0110100101110011

isis

RSA ExampleRSA ExampleRSA ExampleRSA Example

Select p and q to be two digit primes: p = 41, q = 53Select p and q to be two digit primes: p = 41, q = 53

Then n = p*q = 2173 and (p-1)*(q-1) = 40*52 = 2080Then n = p*q = 2173 and (p-1)*(q-1) = 40*52 = 2080

Select any d between 54 and 2079 which does not share Select any d between 54 and 2079 which does not share any factors with 2080, say any factors with 2080, say d = 623d = 623

Now, compute e so that eNow, compute e so that e∙∙d = 1 mod 2080d = 1 mod 2080

It turns out that It turns out that e = 207e = 207 works since 207*623 = 128961 works since 207*623 = 128961 which when divided by 2080 leaves a remainder of 1which when divided by 2080 leaves a remainder of 1

MessageMessageMessageMessage

Now we need to divide the message into blocks of Now we need to divide the message into blocks of bitsbits– RULE: find the highest power of 2 less than nRULE: find the highest power of 2 less than n

– In our case, n = 2173 and 2In our case, n = 2173 and 21111 = 2048 but 2 = 2048 but 21212 = 4096 = 4096

– So, divide the plaintext into blocks of 11 bitsSo, divide the plaintext into blocks of 11 bits

Encrypt the message “JABBERWOCKY”Encrypt the message “JABBERWOCKY”

01011010 01000001 01000010 01000010 0100010101010010 01010111 01001111 01000011 0100101101011001

BlocksBlocksBlocksBlocks

The 11 bit blocks and their decimal equivalent The 11 bit blocks and their decimal equivalent are:are:

binary decimal01011010010 72200001010000 8010010000100 115610001010101 110900100101011 29910100111101 134100001101001 10501101011001 857

This represents the 8 message blocks, m1 through m8 which will be transformed into 8 ciphertext blocks c1 through c8

CiphertextCiphertextCiphertextCiphertext

Public key is (e, n) = (207, 2173) and the Public key is (e, n) = (207, 2173) and the ciphertext is generated by:ciphertext is generated by:

722207 = 1794 = c1 mod 2173 80207 = 1963 = c2 mod 21731156207 = 1150 = c3 mod 21731109207 = 702 = c4 mod 2173 299207 = 145 = c5 mod 21731342207 = 593 = c6 mod 2173 105207 = 2013 = c7 mod 2173 857207 = 1861 = c8 mod 2173

So the transmitted message is 1794 1963 1150 702 145 593 2013 1861

DecipherDecipherDecipherDecipher

To decipher the message use private key (d, To decipher the message use private key (d, n) = (623, 2173):n) = (623, 2173):

1794623 = 722 = m1 mod 21731963623 = 80 = m2 mod 21731150623 = 1156 = m3 mod 2173 702623 = 1109 = m4 mod 2173 145623 = 299 = m5 mod 2173 593623 = 1341 = m6 mod 21732013623 = 105 = m7 mod 21731861623 = 857 = m8 mod 2173

Convert these numbers back to binary, the binary back to characters and the plaintext message reappears

RSA PerformanceRSA PerformanceRSA PerformanceRSA Performance

Key generation is slowKey generation is slow

Ciphertext generation is about 1000 Ciphertext generation is about 1000 times slower than AES (standard for times slower than AES (standard for symmetric block cipher)symmetric block cipher)

Often times, RSA is used to protect Often times, RSA is used to protect session keys which are used with AESsession keys which are used with AES

Symmetric Session Key Symmetric Session Key Symmetric Session Key Symmetric Session Key

SenderSender RecipientRecipient

Factoring AlgorithmFactoring AlgorithmFactoring AlgorithmFactoring Algorithm

Strength of RSA is entirely based on difficulty of Strength of RSA is entirely based on difficulty of prime factoring of large integers.prime factoring of large integers.

PROBLEMPROBLEM: How to decompose a large integer : How to decompose a large integer into its prime factors? For example:into its prime factors? For example:

The largest known prime number today is The largest known prime number today is 7,816,230 digit Mersenne prime 27,816,230 digit Mersenne prime 225964951 25964951 – 1 – 1

71055935100972617105593510097261

RSA ChallengeRSA ChallengeRSA ChallengeRSA Challenge

In December 1977, the challenge was given to break In December 1977, the challenge was given to break RSA-129 where:RSA-129 where:

nn (RSA-129) = (RSA-129) = 1 1438 1625 7578 8886 7669 2357 7997 6146 1 1438 1625 7578 8886 7669 2357 7997 6146 6120 1021 8296 7212 4236 2562 5618 4293 5706 9352 4573 6120 1021 8296 7212 4236 2562 5618 4293 5706 9352 4573 3897 8305 9712 3563 9587 0505 8989 0751 4759 9290 0268 3897 8305 9712 3563 9587 0505 8989 0751 4759 9290 0268 7954 35417954 3541

ee = 9007 = 9007

The best known algorithm at the time would have The best known algorithm at the time would have required 40,000 trillion years if multiplications of 129 required 40,000 trillion years if multiplications of 129 digit numbers could run as fast as 1 nsdigit numbers could run as fast as 1 ns

Challenge MetChallenge MetChallenge MetChallenge Met

It only took 17 yearsIt only took 17 years

Derek Atkins (April 1994) announced that:

RSA-129 = 3490 5295 1084 7650 9491 4784 9619 9038 9813

3417 7646 3849 3387 8439 9082 0577 * 3 2769 1329 9326 6709

5499 6198 8190 8344 6141 3177 6429 6799 2942 5397 9828 8533

ProcessProcessProcessProcess

WhenWhen: : August 1993 - 1 April 1994, August 1993 - 1 April 1994, 8 8 monthsmonths

WhoWho: : D. Atkins, M. Graff, A. K. D. Atkins, M. Graff, A. K. Lenstra, P. LeylandLenstra, P. Leyland– + 600 volunteers from the entire world+ 600 volunteers from the entire world

HowHow: 1600 computers: 1600 computers– from Cray C90, through 16 MHz PC, to from Cray C90, through 16 MHz PC, to

fax machinesfax machines

Now, RSA-155 has been broken as well, so the newstandard for keys is 231 digits

Other Public Key Other Public Key SystemsSystems

Other Public Key Other Public Key SystemsSystems

ElGamal Cipher – ElGamal Cipher – It relies on the difficulty of It relies on the difficulty of solving the discrete logarithm problem solving the discrete logarithm problem

b = ab = axx mod p, mod p,

by finding integer x if p is prime, a and b are by finding integer x if p is prime, a and b are integersintegers. .

Elliptic Curve CipherElliptic Curve Cipher

Further ReadingsFurther ReadingsFurther ReadingsFurther Readings

Richard J. Spillman “Classical and Contemporary Richard J. Spillman “Classical and Contemporary Cryptology”, Prentice Hall, 2005Cryptology”, Prentice Hall, 2005

Richard J. Spillman – Lecture notes for Cryptology course, Richard J. Spillman – Lecture notes for Cryptology course, Pacific Lutheran UniversityPacific Lutheran University

Bruce Scheneier “Applied Cryptography”, J.Wiley&Sons, Bruce Scheneier “Applied Cryptography”, J.Wiley&Sons, 19961996

Simon Singh “Code Book”, Anchor, 2000Simon Singh “Code Book”, Anchor, 2000 Prime Pages (http://www.utm.edu/research/primes/)Prime Pages (http://www.utm.edu/research/primes/) And many more ….And many more ….

That’s All – Thanks!That’s All – Thanks!That’s All – Thanks!That’s All – Thanks!

Questions?Questions?