Cryptography: History and Simple Encryption Methods and ...keldefra/teaching/fall... · The word...
Transcript of Cryptography: History and Simple Encryption Methods and ...keldefra/teaching/fall... · The word...
1
Cryptography:History andSimpleEncryption Methods
andPreliminaries
2
The word cryptography comes from the Greekwords κρυπτός (hidden or secret) and γράφειν(writing).
So historically cryptography has been the “art ofsecret writing.”
Most of cryptography is currently well grounded inmathematics and it can be debated whetherthere’s still an “art” aspect to it.
Cryptography
3
Cryptographycanbeusedatdifferentlevels
• Algorithms:encryption,signatures,hashing,RandomNumberGenerator(RNG)
• Protocols (2ormoreparties):keydistribution,authentication,identification,login,payment,etc.
• Systems:electroniccash,securefilesystems,smartcards,VPNs,e-voting,etc.
• Attacks:onalltheabove
4
SomeApplicationsofCryptography
• Network,operatingsystemsecurity
• ProtectInternet,phone,spacecommunication
• Electronicpayments(e-commerce)
• Databasesecurity
• Software/contentpiracyprotection
• PayTV(e.g.,satellite)
• Militarycommunications
• Voting
5
Openvs.ClosedDesignModel
• Opendesign:algorithm,protocol,systemdesign(andevenpossibleplaintext)arepublicinformation.Onlykey(s)arekeptsecret.
• Closeddesign:asmuchinformationaspossibleiskeptsecret.
6
CoreIssueinNetworksecurity:HowtoCommunicateSecurely?
Lookssimple…But,thedevilisinthedetails
Note:evenstorageisaformofcommunication
Alice
Eve(sdropper)
Bob
7
TheBiggest“Headache”isthat…
GoodsecuritymustbeEffective
YetUnobtrusive
Becausesecurityisnotaserviceinandofitself,butaburden!
8
CryptographyisOld…
• Mostsub-fieldsinCSarefairlynew(20-30years):– Graphics,compilers,software,OS,architecture
• And,afewarequiteold(morethanseveraldecades):– Cryptography,database,networking
9
SomeHistory:Caesar’sCipher
HomoHominemLupus!
KrprKrplqhpOxsxv!
10
SomeHistory:RosettaStone
11
SomeHistory:Enigma
AlanTuring(1912-1954)
12
Historical(Primitive)Ciphers
•Shift(e.g.,Caesar):Enck(x)=x+k mod26
•Affine:Enck1,k2(x)= k1 *x+k2 mod26
•Substitution:Encperm(x)=perm(x)
•Vigenere:EncK(x)=(X[0]+K[0],X[1]+K[1],…)
•Vernam:One-TimePad(OTP)
13
Shift(Caesar)Cipher
Example:
W E W I L L M E E T A T M I D N I G H T22 4 22 8 11 11 12 4 4 19 0 19 12 8 3 13 8 6 7 19
7 15 7 19 22 22 23 15 15 4 11 4 23 19 14 24 19 17 18 4H P H T W W X P P E L E X T O Y T R S E
K=11
• How many keys are there? • How many trials are needed to find the key?
14
SubstitutionCipherExample:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
X N Y A H P O G Z Q W B T S F L R C V M U E K J D I
W E W I L L M E E T A T M I D N I G H T
K H K Z B B T H H M X M T Z A S Z O G M
KEY
• How many keys are there? • How many trials are needed to find the key?
15
SubstitutionCipher
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z0
0.02
0.04
0.06
0.08
0.1
0.12
0.14
0.082
0.015
0.028
0.043
0.127
0.022 0.02
0.0610.07
0.0020.008
0.04
0.024
0.0670.075
0.019
0.001
0.06 0.063
0.091
0.028
0.01
0.023
0.001
0.02
0.001
Probabilities of Occurrence
Cryptanalysis
16
SubstitutionCipher
AN AT ED EN ER ES HE IN ON OR RE ST TE TH TI0
0.5
1
1.5
2
2.5
3
3.5
1.811.51
1.321.53
2.13
1.36
3.05
2.3
1.83
1.28
1.9
1.22 1.3
3.21
1.28
Frequency of some common digram
Cryptanalysis
s
17
VERNAMOne-TimePad(OTP):World’sBestCipher
niotppcwhere
ccotpotppp
iii
n
n
n
<<"Å=
===
-
-
-
0:
},...,{ Ciphertext},...,{ stream pad time-One
},...,{ Plaintext
10
10
10
C A BC B A= ÅÅ =
18
VERNAMOne-TimePad(OTP):World’sBestCipher
• Vernam offersperfectinformation-theoreticsecurity,
but:
• HowlongdoestheOTPkeystreamneedtobe?
• HowdoAliceandBobexchangethekeystream?
19
• Acryptosystemhas(atleast)fiveingredients:– Plaintext– SecretKey– Ciphertext– EncryptionAlgorithm– DecryptionAlgorithm
• Securityusuallydependsonthesecrecyofthekey,notthesecrecyofthealgorithms
EncryptionPrinciples
20
CryptoBasics
21
AverageTimeRequiredforExhaustiveKey Search (forBrute ForceAttacks)
KeySize(bits)
NumberofAlternativeKeys
Timerequiredat106
Decr/µs
32 232 =4.3x109 2.15milliseconds
56 256 =7.2x1016 10hours
128 2128=3.4x1038 5.4x1018 years
168 2168=3.7x1050 5.9x 1030 years
22
TypesofAttainableSecurity
• Perfect,unconditionalor“informationtheoretic”:thesecurityisevidentfreeofany(computational/hardness)assumptions
• Reducibleor“provable”:securitycanbeshowntobebasedonsomecommon(oftenunproven)assumptions,e.g.,theconjectureddifficultyoffactoringlargeintegers
• Adhoc:thesecurityseemsgoodoften->“snakeoil”…
Takealookat:
http://www.ciphersbyritter.com/GLOSSARY.HTM
23
ComputationalSecurity• Encryptionschemeiscomputationallysecure if
– costofbreakingit(viabruteforce)exceedsthevalueoftheencryptedinformation;or
– timerequiredtobreakitexceedsusefullifetimeoftheencryptedinformation
• Mostmodernschemeswewillseeareconsideredcomputationallysecure– Usuallyrelyonverylargekey-space,impregnabletobruteforce
• Mostadvancedschemesrelyonlackofknowledgeofeffectivealgorithmsforcertainhardproblems,notonaproveninexistenceofsuchalgorithms(reduciblesecurity)!– Suchas:factorization,discretelogarithms,etc.
24
ComplexityReminder/Re-cap• P:problemsthatcanbesolvedinpolynomialtime,i.e.,problemsthatcanbe
solved/decided“efficiently”
• NP:broadsetofproblemsthatincludesP;• answerscanbeverified“efficiently”(inpolynomialtime);• solutionscannotalwaysbeefficientlyfound(asfarasweknow).
• NP-complete:thebelieved-to-be-harddecisionproblemsinNP,theyappeartohavenoefficientsolution;answersareefficientlyverifiable,solutiontooneisnevermuchharderthanasolutiontoanother
• NP-hard:hardest;someofthemmaynotbesolvedbyanon-deterministicTM.ManycomputationalversionofNP-completeproblemsareNP-hard.
• Examples:• Factoring,discretelogareinNP,notknowifNP-completeorinP• Primalitytestingwasrecently(2002)showntobeinP• KnapsackisNP-complete
Formoreinfo,see:https://www.nist.gov/dads//
25
PvsNP
26
CryptosystemsClassifiedalongthreedimensions:
• Typeofoperationsusedfortransformingplaintextintociphertext– Binaryarithmetic:shifts,XORs,ANDs,etc.
• Typicalforconventional encryption– Integerarithmetic
• Typicalforpublickeyencryption• Numberofkeysused
– Symmetricorconventional(singlekeyused)– Asymmetricorpublic-key(2keys:1toencrypt,1todecrypt)
• Howplaintextisprocessed:– Onebitatatime– Astringofanylength– Ablockofbits
27
Conventional Encryption Principles
Conventional(Symmetric)Cryptography
•AliceandBobshare akey KAB whichtheysomehowagreeupon(how?)• keydistribution/keymanagementproblem• ciphertextisroughlyaslongasplaintext• examples:Substitution,VernamOTP,DES,AES
28
plaintextciphertext
K AB
encryptionalgorithm
decryptionalgorithm
K AB
plaintextm
K(m)AB
K(m)ABm =K( )
AB
UsesofConventionalCryptography
•Messagetransmission(confidentiality):• Communicationoverinsecurechannels
•Securestorage:cryptonUnix•Strongauthentication:provingknowledgeofasecretwithoutrevealingit:• Seenextslide• Evecanobtainchosen<plaintext,ciphertext>pair• Challengeshouldbechosenfromalargepool
• Integritychecking:fixed-lengthchecksumformessageviasecretkeycryptography• SendMACalongwiththemessageMAC=H(m,K)
29
Challenge-ResponseAuthenticationExample
30
K AB
challenge
K AB
ra
KAB(ra) challengereply
rb
KAB(rb)
challenge
challengereply
31
ConventionalCryptographyØ Advantages
l highdatathroughputl relativelyshortkeysizel primitivestoconstructvariouscryptographicmechanisms
Ø Disadvantagesl keymustremainsecretatboth endsl keymustbedistributedsecurelyandefficientlyl relativelyshortkeylifetime
• Asymmetriccryptography
• Inventedin1974-1978(Diffie-HellmanandRivest-Shamir-Adleman)
• Twokeys:private(SK),public(PK)• Encryption:withpublickey;• Decryption:withprivatekey• DigitalSignatures:Signingbyprivatekey;Verificationbypublickey.i.e.,“encrypt”messagedigest/hash-- h(m)-- withprivatekey• Authorship(authentication)• Integrity:SimilartoMAC• Non-repudiation:can’tdowithsecretkeycryptography
•Muchslower thanconventionalcryptography• Oftenusedtogetherwithconventionalcryptography,e.g.,toencryptsessionkeys
32
PublicKeyCryptography
PublicKeyCryptography
33
plaintextmessage,m
ciphertextencryptionalgorithm
decryptionalgorithm
Bob’spublic key
plaintextmessagePK(m)
B
PKBBob’sprivate key
SKB
m=SK(PK(m))BB
UsesofPublicKeyCryptography•Datatransmission(confidentiality):• Aliceencryptsma usingPKB,Bobdecryptsittoobtainma usingSKb.
•SecureStorage:encryptwithownpublickey,laterdecryptwithownprivatekey•Authentication:• Noneedtostoresecrets,onlyneedpublickeys.• Secretkeycryptography:needtosharesecret keyforeverypersononecommunicateswith
•DigitalSignatures(authentication,integrity,non-repudiation)
34
35
Ø Advantagesl onlytheprivatekeymustbekeptsecretl relativelylonglifetimeofthekeyl moresecurityservicesl relativelyefficientdigitalsignaturesmechanisms
Ø Disadvantagesl lowdatathroughputl muchlargerkeysizesl distribution/revocationofpublickeysl securitybasedonconjecturedhardnessofcertaincomputationalproblems
PublicKeyCryptography
36
Ø Publickeyl encryption,signatures(esp.,non-repudiation)andkeymanagement
Ø Conventionall encryptionandsomedataintegrityapplications
Ø Keysizesl Keysinpublickeycryptomustbelarger(e.g.,2048bitsforRSA)thanthoseinconventionalcrypto(e.g.,112bitsfor3-DESor256bitsforAES)• mostattackson“good”conventionalcryptosystemsareexhaustivekeysearch(bruteforce)
• publickeycryptosystemsaresubjectto“short-cut”attacks(e.g.,factoringlargenumbersinRSA)
ComparisonSummary
37
SuggestedReadings:
Chapters1and2inKPSbookOptional:Ch 1inStinson
Don'tforgettocheckthewebsite!Didyoudoitbeforethislecture?