1

Cryptography:History andSimpleEncryption Methods

andPreliminaries

2

The word cryptography comes from the Greekwords κρυπτός (hidden or secret) and γράφειν(writing).

So historically cryptography has been the “art ofsecret writing.”

Most of cryptography is currently well grounded inmathematics and it can be debated whetherthere’s still an “art” aspect to it.

Cryptography

3

Cryptographycanbeusedatdifferentlevels

• Algorithms:encryption,signatures,hashing,RandomNumberGenerator(RNG)

• Protocols (2ormoreparties):keydistribution,authentication,identification,login,payment,etc.

• Systems:electroniccash,securefilesystems,smartcards,VPNs,e-voting,etc.

• Attacks:onalltheabove

4

SomeApplicationsofCryptography

• Network,operatingsystemsecurity

• ProtectInternet,phone,spacecommunication

• Electronicpayments(e-commerce)

• Databasesecurity

• Software/contentpiracyprotection

• PayTV(e.g.,satellite)

• Militarycommunications

• Voting

5

Openvs.ClosedDesignModel

• Opendesign:algorithm,protocol,systemdesign(andevenpossibleplaintext)arepublicinformation.Onlykey(s)arekeptsecret.

• Closeddesign:asmuchinformationaspossibleiskeptsecret.

6

CoreIssueinNetworksecurity:HowtoCommunicateSecurely?

Lookssimple…But,thedevilisinthedetails

Note:evenstorageisaformofcommunication

Alice

Eve(sdropper)

Bob

7

TheBiggest“Headache”isthat…

GoodsecuritymustbeEffective

YetUnobtrusive

Becausesecurityisnotaserviceinandofitself,butaburden!

8

CryptographyisOld…

• Mostsub-fieldsinCSarefairlynew(20-30years):– Graphics,compilers,software,OS,architecture

• And,afewarequiteold(morethanseveraldecades):– Cryptography,database,networking

9

SomeHistory:Caesar’sCipher

HomoHominemLupus!

KrprKrplqhpOxsxv!

10

SomeHistory:RosettaStone

11

SomeHistory:Enigma

AlanTuring(1912-1954)

12

Historical(Primitive)Ciphers

•Shift(e.g.,Caesar):Enck(x)=x+k mod26

•Affine:Enck1,k2(x)= k1 *x+k2 mod26

•Substitution:Encperm(x)=perm(x)

•Vigenere:EncK(x)=(X[0]+K[0],X[1]+K[1],…)

•Vernam:One-TimePad(OTP)

13

Shift(Caesar)Cipher

Example:

W E W I L L M E E T A T M I D N I G H T22 4 22 8 11 11 12 4 4 19 0 19 12 8 3 13 8 6 7 19

7 15 7 19 22 22 23 15 15 4 11 4 23 19 14 24 19 17 18 4H P H T W W X P P E L E X T O Y T R S E

K=11

• How many keys are there? • How many trials are needed to find the key?

14

SubstitutionCipherExample:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

X N Y A H P O G Z Q W B T S F L R C V M U E K J D I

W E W I L L M E E T A T M I D N I G H T

K H K Z B B T H H M X M T Z A S Z O G M

KEY

• How many keys are there? • How many trials are needed to find the key?

15

SubstitutionCipher

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z0

0.02

0.04

0.06

0.08

0.1

0.12

0.14

0.082

0.015

0.028

0.043

0.127

0.022 0.02

0.0610.07

0.0020.008

0.04

0.024

0.0670.075

0.019

0.001

0.06 0.063

0.091

0.028

0.01

0.023

0.001

0.02

0.001

Probabilities of Occurrence

Cryptanalysis

16

SubstitutionCipher

AN AT ED EN ER ES HE IN ON OR RE ST TE TH TI0

0.5

1

1.5

2

2.5

3

3.5

1.811.51

1.321.53

2.13

1.36

3.05

2.3

1.83

1.28

1.9

1.22 1.3

3.21

1.28

Frequency of some common digram

Cryptanalysis

s

17

VERNAMOne-TimePad(OTP):World’sBestCipher

niotppcwhere

ccotpotppp

iii

n

n

n

<<"Å=

===

-

-

-

0:

},...,{ Ciphertext},...,{ stream pad time-One

},...,{ Plaintext

10

10

10

C A BC B A= ÅÅ =

18

VERNAMOne-TimePad(OTP):World’sBestCipher

• Vernam offersperfectinformation-theoreticsecurity,

but:

• HowlongdoestheOTPkeystreamneedtobe?

• HowdoAliceandBobexchangethekeystream?

19

• Acryptosystemhas(atleast)fiveingredients:– Plaintext– SecretKey– Ciphertext– EncryptionAlgorithm– DecryptionAlgorithm

• Securityusuallydependsonthesecrecyofthekey,notthesecrecyofthealgorithms

EncryptionPrinciples

20

CryptoBasics

21

AverageTimeRequiredforExhaustiveKey Search (forBrute ForceAttacks)

KeySize(bits)

NumberofAlternativeKeys

Timerequiredat106

Decr/µs

32 232 =4.3x109 2.15milliseconds

56 256 =7.2x1016 10hours

128 2128=3.4x1038 5.4x1018 years

168 2168=3.7x1050 5.9x 1030 years

22

TypesofAttainableSecurity

• Perfect,unconditionalor“informationtheoretic”:thesecurityisevidentfreeofany(computational/hardness)assumptions

• Reducibleor“provable”:securitycanbeshowntobebasedonsomecommon(oftenunproven)assumptions,e.g.,theconjectureddifficultyoffactoringlargeintegers

• Adhoc:thesecurityseemsgoodoften->“snakeoil”…

Takealookat:

http://www.ciphersbyritter.com/GLOSSARY.HTM

23

ComputationalSecurity• Encryptionschemeiscomputationallysecure if

– costofbreakingit(viabruteforce)exceedsthevalueoftheencryptedinformation;or

– timerequiredtobreakitexceedsusefullifetimeoftheencryptedinformation

• Mostmodernschemeswewillseeareconsideredcomputationallysecure– Usuallyrelyonverylargekey-space,impregnabletobruteforce

• Mostadvancedschemesrelyonlackofknowledgeofeffectivealgorithmsforcertainhardproblems,notonaproveninexistenceofsuchalgorithms(reduciblesecurity)!– Suchas:factorization,discretelogarithms,etc.

24

ComplexityReminder/Re-cap• P:problemsthatcanbesolvedinpolynomialtime,i.e.,problemsthatcanbe

solved/decided“efficiently”

• NP:broadsetofproblemsthatincludesP;• answerscanbeverified“efficiently”(inpolynomialtime);• solutionscannotalwaysbeefficientlyfound(asfarasweknow).

• NP-complete:thebelieved-to-be-harddecisionproblemsinNP,theyappeartohavenoefficientsolution;answersareefficientlyverifiable,solutiontooneisnevermuchharderthanasolutiontoanother

• NP-hard:hardest;someofthemmaynotbesolvedbyanon-deterministicTM.ManycomputationalversionofNP-completeproblemsareNP-hard.

• Examples:• Factoring,discretelogareinNP,notknowifNP-completeorinP• Primalitytestingwasrecently(2002)showntobeinP• KnapsackisNP-complete

Formoreinfo,see:https://www.nist.gov/dads//

25

PvsNP

26

CryptosystemsClassifiedalongthreedimensions:

• Typeofoperationsusedfortransformingplaintextintociphertext– Binaryarithmetic:shifts,XORs,ANDs,etc.

• Typicalforconventional encryption– Integerarithmetic

• Typicalforpublickeyencryption• Numberofkeysused

– Symmetricorconventional(singlekeyused)– Asymmetricorpublic-key(2keys:1toencrypt,1todecrypt)

• Howplaintextisprocessed:– Onebitatatime– Astringofanylength– Ablockofbits

27

Conventional Encryption Principles

Conventional(Symmetric)Cryptography

•AliceandBobshare akey KAB whichtheysomehowagreeupon(how?)• keydistribution/keymanagementproblem• ciphertextisroughlyaslongasplaintext• examples:Substitution,VernamOTP,DES,AES

28

plaintextciphertext

K AB

encryptionalgorithm

decryptionalgorithm

K AB

plaintextm

K(m)AB

K(m)ABm =K( )

AB

UsesofConventionalCryptography

•Messagetransmission(confidentiality):• Communicationoverinsecurechannels

•Securestorage:cryptonUnix•Strongauthentication:provingknowledgeofasecretwithoutrevealingit:• Seenextslide• Evecanobtainchosen<plaintext,ciphertext>pair• Challengeshouldbechosenfromalargepool

• Integritychecking:fixed-lengthchecksumformessageviasecretkeycryptography• SendMACalongwiththemessageMAC=H(m,K)

29

Challenge-ResponseAuthenticationExample

30

K AB

challenge

K AB

ra

KAB(ra) challengereply

rb

KAB(rb)

challenge

challengereply

31

ConventionalCryptographyØ Advantages

l highdatathroughputl relativelyshortkeysizel primitivestoconstructvariouscryptographicmechanisms

Ø Disadvantagesl keymustremainsecretatboth endsl keymustbedistributedsecurelyandefficientlyl relativelyshortkeylifetime

• Asymmetriccryptography

• Inventedin1974-1978(Diffie-HellmanandRivest-Shamir-Adleman)

• Twokeys:private(SK),public(PK)• Encryption:withpublickey;• Decryption:withprivatekey• DigitalSignatures:Signingbyprivatekey;Verificationbypublickey.i.e.,“encrypt”messagedigest/hash-- h(m)-- withprivatekey• Authorship(authentication)• Integrity:SimilartoMAC• Non-repudiation:can’tdowithsecretkeycryptography

•Muchslower thanconventionalcryptography• Oftenusedtogetherwithconventionalcryptography,e.g.,toencryptsessionkeys

32

PublicKeyCryptography

PublicKeyCryptography

33

plaintextmessage,m

ciphertextencryptionalgorithm

decryptionalgorithm

Bob’spublic key

plaintextmessagePK(m)

B

PKBBob’sprivate key

SKB

m=SK(PK(m))BB

UsesofPublicKeyCryptography•Datatransmission(confidentiality):• Aliceencryptsma usingPKB,Bobdecryptsittoobtainma usingSKb.

•SecureStorage:encryptwithownpublickey,laterdecryptwithownprivatekey•Authentication:• Noneedtostoresecrets,onlyneedpublickeys.• Secretkeycryptography:needtosharesecret keyforeverypersononecommunicateswith

•DigitalSignatures(authentication,integrity,non-repudiation)

34

35

Ø Advantagesl onlytheprivatekeymustbekeptsecretl relativelylonglifetimeofthekeyl moresecurityservicesl relativelyefficientdigitalsignaturesmechanisms

Ø Disadvantagesl lowdatathroughputl muchlargerkeysizesl distribution/revocationofpublickeysl securitybasedonconjecturedhardnessofcertaincomputationalproblems

PublicKeyCryptography

36

Ø Publickeyl encryption,signatures(esp.,non-repudiation)andkeymanagement

Ø Conventionall encryptionandsomedataintegrityapplications

Ø Keysizesl Keysinpublickeycryptomustbelarger(e.g.,2048bitsforRSA)thanthoseinconventionalcrypto(e.g.,112bitsfor3-DESor256bitsforAES)• mostattackson“good”conventionalcryptosystemsareexhaustivekeysearch(bruteforce)

• publickeycryptosystemsaresubjectto“short-cut”attacks(e.g.,factoringlargenumbersinRSA)

ComparisonSummary

37

SuggestedReadings:

Chapters1and2inKPSbookOptional:Ch 1inStinson

Don'tforgettocheckthewebsite!Didyoudoitbeforethislecture?