ICT 6541 Applied Cryptography

Hossen Asiful Mustafa

Protocols

• A protocol is – a series of steps, – involving two or more parties, – designed to accomplish a task.

• Everyone involved in the protocol must know the protocol and all of the steps to follow in advance.

• Everyone involved in the protocol must agree to follow it. • The protocol must be unambiguous; each step must be well

defined and there must be no chance of a misunderstanding.

• The protocol must be complete; there must be a specified action for every possible situation.

2

Cryptographic Protocol

• Uses cryptography

• The parties can be friends and trust each other implicitly or they can be adversaries and not trust one another to give the correct time of day.

• The goal is to prevent or detect eavesdropping and cheating

3

Different Types of Protocols

• Arbitrated Protocols

– Example: Lawyer, notary public

• Adjudicated Protocols

– Non-arbitrated and arbitrated sub-protocol

– Example: Judges

• Self-Enforcing Protocols

– No arbitrator required

– Self-enforcing

4

Symmetric Cryptosystems Problems

• Keys must be distributed in secret. They are as valuable as all the messages they encrypt, since knowledge of the key gives knowledge of all the messages.

• If a key is compromised (stolen, guessed, extorted, bribed, etc.), then Eve can decrypt all message traffic encrypted with that key. She can also pretend to be one of the parties and produce false messages to fool the other party.

• If a separate key is used for each pair of users in a network, the total number of keys increases rapidly as the number of users increases. A network of n users requires n(n -1)/2 keys. For example, 10 users require 45 different keys to talk with one another and 100 users require 4950 keys.

5

Public Key Cryptosystem is the Solution?

• Public key Cryptosystem solves the problem of key distribution

• But, it is very slow compared to symmetric cryptosystems

• It is vulnerable to chosen-plaintext attacks

6

One Way Functions

• One-way functions are relatively easy to compute, but significantly harder to reverse. That is, given x it is easy to compute f(x), but given f(x) it is hard to compute x.

– Example: breaking a plate

• Is not usable in public key cryptography

7

One-Way Hash Functions

• A hash function is a function, mathematical or otherwise, that takes a variable-length input string (called a pre-image) and converts it to a fixed-length (generally smaller) output string called a hash value.

• A single bit change in the pre-image changes, on the average, half of the bits in the hash value.

• Given a hash value, it is computationally unfeasible to find a pre-image that hashes to that value.

8

Message Authentication Codes

• A MAC, also known as a data authentication code (DAC), is a one-way hash function with the addition of a secret key.

• The hash value is a function of both the pre-image and the key.

• Someone with the key can verify the hash value.

9

Merkle’s Puzzles

1. Bob generates 220, or about a million, messages of the form: “This is puzzle number x. This is the secret key number y,” where x is a random number and y is a random secret key. Both x and y are different for each message. Using a symmetric algorithm, he encrypts each message with a different 20-bit key and sends them all to Alice.

2. Alice chooses one message at random and performs a brute-force attack to recover the plaintext. This is a large, but not impossible, amount of work.

3. Alice encrypts her secret message with the key she recovered and some symmetric algorithm, and sends it to Bob along with x.

4. Bob knows which secret key y he encrypts in message x, so he can decrypt the message.

10

Merkle’s Puzzles: Why works?

• Eve can break this system, but – To recover the message in step (3), she has to perform a brute-

force attack against each of Bob’s 220 messages in step (1) – This attack has a complexity of 240. – The x values won’t help Eve either; they were assigned

randomly in step (1). In general, Eve has to expend approximately the square of the effort that Alice expends.

• If Alice and Bob can try ten thousand keys per second, – it will take them a minute each to perform their steps and

another minute to communicate the puzzles from Bob to Alice link.

• If Eve had comparable computing facilities, it would take her about a year to break the system.

11

Digital Signature

• Signing Documents with Symmetric Cryptosystems and an Arbitrator

• Signing Documents with Public-Key Cryptography

• Signing Documents and Timestamps

• Signing Documents with Public-Key Cryptography and One-Way Hash Functions

12

Digital Signatures with Encryption

1. Alice signs the message with her private key: SA(M)

2. Alice encrypts the signed message with Bob’s public key and sends it to Bob: EB(SA(M))

3. Bob decrypts the message with his private key: DB(EB(SA(M))) = SA(M)

4. Bob verifies with Alice’s public key and recovers the message: VA(SA(M)) = M

13

Randomness!!!

• Random numbers – Impossible to generate something truly random on a

computer

• Pseudo-Random numbers – It looks random, i.e., it passes all the statistical tests of

randomness that we can find.

• Cryptographically Secure Pseudo-Random Sequences – It is unpredictable, i.e., it must be computationally

infeasible to predict what the next random bit will be

14

MATHEMATICAL BACKGROUND

15

Entropy and Uncertainty

• The amount of information in a message M is measured by the entropy of a message, denoted by H(M) and H(M) = log2(M)

• The entropy of a message also measures its uncertainty. This is the number of plaintext bits needed to be recovered when the message is scrambled in ciphertext in order to learn the plaintext.

16

A cryptosystem with a 64-bit key has an entropy of 64 bits; the greater the entropy, the harder it

is to break

Rate of a Language

• The rate of the language is

r = H(M)/N

• The absolute rate of language L is

R = log2(L)

• The redundancy of a language is defined by:

D = R - r

17

The more redundant the language, the easier it is to cryptanalyze.

Confusion and Diffusion

• Confusion obscures the relationship between the plaintext and the ciphertext

– Example: substitution cipher

• Diffusion dissipates the redundancy of the plaintext by spreading it out over the ciphertext

– Example: transposition cipher

18

Complexity of Algorithms

• An algorithm’s complexity is determined by the computational power needed to execute it.

– T: for time complexity

– S: for space complexity, or memory requirement

• The computational complexity of an algorithm is expressed in what is called “big O”

19

Running Times of Different Classes of Algorithms

20

Number Theory

• Two numbers are relatively prime when they share no factors in common other than 1. gcd(a,n) = 1

• Inverses Modulo a Number 1 = (a*x) mod n => a-1 ≡ x (mod n)

has a unique solution if a and n are relatively prime.

If a and n are not relatively prime, then has no solution

21

Extended Euclidean Algorithm • p0 = 0 and p1 = 1.

• Calculate pi = pi-2 - pi-1 qi-2 (mod n)

• At step k, then if remainder is 1, x has an inverse and it is pk+2

22

Step 0: 26 = 1(15) + 11 p0 = 0

Step 1: 15 = 1(11) + 4 p1 = 1

Step 2: 11 = 2(4) + 3 p2 = 0 - 1( 1) mod 26 = 25

Step 3: 4 = 1(3) + 1 p3 = 1 - 25( 1) mod 26 = -24 mod 26 = 2

p4 = 25 - 2( 2) mod 26 = 21

p5 = 2 - 21( 1) mod 26 = -19 mod 26 = 7

Euler Totient Function

• The reduced set of residues mod n is the subset of the complete set of residues that is relatively prime to n. For example, the reduced set of residues mod 12 is {1, 5, 7, 11}

• The Euler totient function, also called the Euler phi function and written as φ(n), is the number of elements in the reduced set of residues modulo n. Example: φ(12) = 4

• If n is prime, then φ(n) = n- 1. • If n = pq, where p and q are prime, then φ(n) = (p- 1)(q- 1).

23

Euler Totient Function

• aφ(n) mod n = 1 if gcd(a,n) = 1

• So, x = aφ(n)-1 mod n

• Example: inverse of 5, modulo 7

– Since 7 is prime, φ(7) = 7- 1 = 6

– So: 56-1 mod 7 = 55 mod 7 = 3

• Example: inverse of 5, modulo 21 (7*3) – Since 21 = 7*3, and both are prime, φ(21) = 6*2 =12

– So: 512-1 mod 21 = 511 mod 21 = 17

24

Chinese Remainder Theorem

• if the prime factorization of n is p1*p2*...*pt, then the system of equations

(x mod pi) = ai, where i = 1, 2,..., t

has a unique solution, x, where x is less than n. (Note that some primes can appear more than once, e.g., p1 might be equal to p2 .)

25

Chinese Remainder Theorem

• For an arbitrary a < p and b < q (where p and q are prime), there exists a unique x, where x is less than pq, such that

x ≡ a (mod p), and x ≡ b (mod q)

• To find this x, first use Euclid’s algorithm to find u, such that

u*q ≡ 1 (mod p)

• Then compute:

x = (((a - b)*u) mod p)*q + b

26

Chinese Remainder Theorem

• Find x ≡ 2 (mod 3) and x ≡ 4 (mod 5) – a = 2, b = 4, p = 3, q = 5

u*q ≡ 1 (mod p)

u*5 ≡ 1 (mod 3)

u = 52-1 mod 3 = 2

x = (((a - b)*u) mod p)*q + b

x = (((2 - 4)*2) mod 3)*5 + 4

= (-4 mod 3) * 5 + 4

= 2 * 5 + 4 = 14

27