Cryptography
Algorithms, Digital Signatures, and Pragmatics
Arun A Tharuvai
CSC8530
November 25, 2003
Introduction
• Cryptographic Algorithms
• Digital Signatures
• Cryptography Pragmatics
Cryptographic Algorithms
• Convert plaintext message M to ciphertext {M}K using an encryption algorithm E, and a key K
• E(K,M) = {M} K
• Secrecy should lie in the key, not the algorithm
Cryptographic Algorithms
• Symmetric Algorithms (Secret key)– Same key is used for encryption and decryption, and
shared by both parties
• Asymmetric Algorithms (Public key)– A public key, used by anyone for encryption
– A corresponding private key is used for decryption.
Cryptographic Algorithms
• Block Ciphers– Operate on fixed-size blocks of data. 64 bits is a common size.
Useful for non-realtime data, including email and data.
• Stream Ciphers– Operate on single bits of data. A stream of bits is used by a function
known as a keystream generator. In practice very similar to block ciphers.
• CBC mode– Each plain text block is combined with the preceding ciphertext block
using XOR before it is encrypted
– Prevents similar blocks from encrypting to the same result.
Design Techniques
• Confusion– Use of reversible mathematical operations
like XOR and bitshifting to combine each block of plaintext with a key
• Diffusion– Use of techniques like transposing portions
of each plaintext to reduce regular patterns in plaintext
Secret-key Algorithms
• TEA
• DES
• IDEA
• AES (Rijndael)
DES
• Data Encryption Standard
• Designed to be fast in hardware and slow in software. 56-bit key is used to encrypt 64 bit blocks
• Bit permutation, combined with 16 rounds of performing the XOR operation with different 48-bit subsets of the key.
• Chosen in 1977. In 1998, the EFF showed that it was possible to build a machine to crack DES keys in < 3 days for under $250,000, including design costs.
• Triple DES (3DES) – applies DES three times using 2 keys, as follows: E3DES(K1,K2,M) = EDES (K1,DDES (K2,EDES (K1,M))) and is effectively as strong as a 112-bit private key. However, it’s very slow.
Public-key Algorithms
• RSA
• Diffie-Helman
• El-Gamal
• Elliptic curve algorithms
RSA
• Most widely used public key encryption standard.
• Based upon the difficulty of factoring the product of two very large numbers.
• To generate a key-pair
• Choose two large prime numbers, P and Q. N = P * Q Z = (P-1)* (Q-1) d is any number relatively prime to Z. e is a number, such that e*d = 1 mod Z The encryption key is e,N and the decryption key is the pair d,N To encrypt plaintext M, E(e,N,M) = Me mod N To decrypt ciphertext c, D(d,N,C) = cd mod N
Hybrid Protocols
• SSL/TLS
– Negotiable encryption and authentication algorithms.
• SSH
• PGP/GPG
– Uses RSA to encrypt a secret key which is then used for encrypting a document via IDEA, or 3DES
Properties of Digital Signatures
• Authentic
• Unforgeable
• Non-repudiable
Digital Signatures
• Digital Signing
• Digest Functions
Public Key Signatures
• A computes a digest of M, H(M), and encrypts it with his private key.
• A then sends it along with M to B
• B then uses A’s K_pub to decrypt
Secret Key signatures
• Useful when two participants have already agreed upon shared key via a different channel, or public key cryptography.
• A concatenates M with K, and computes the digest, H(M+K) = h, sending M,h
• B concatenates M with K, H(M+K) = h’ comparing with h. If they’re equal the message was sent by someone with K.
Secure digest Functions – properties
• Ease of computing hash
• Difficulty of generating message from hash
• Difficulty of finding another message that maps to the same hash value
Secure Digest Functions
• MD5
• SHA
• Symmetric algorithm using CBC
Secure Digest Functions
• Birthday attack
I am writing {this memo | } to { demand | request | unform you} that {Fred | Mr. Fred Jones} {must | } be { fired | terminated} {at once | immediately}. As the {July 11| 11 July} {memo| memorandum} {from | issued by} {personnel| human resources} states, to meet {our | the corporate} {quarterly | third quarter} budget {targets | goals}, {we must eliminate all discretionary spending | all discretionary spending must be eliminated.}
{Despite | Ignoring } that {memo | memorandum | order }, Fred { ordered | purchased } {PostIts | nonessential supplies} in a flagrant disregard for the company’s {budgetary crisis | current financial difficulties}.
Certificate standards, Authorities
• X.509
• SPKI
Cryptography Pragmatics
• Performance
• Legal Issues
• Key sizes and speed
Cryptographic PerformanceKey/hash size
Speed (kb/s)
Secret
TEA 128 700
DES 56 350
3DES 112 120
IDEA 128 700
Public
RSA 512 7
RSA 2048 1
Message Digest
MD5 128 1740
SHA 160 750
Legal and Political Issues
• Until recently, there were severe restrictions on cryptography, especially export controls, including teaching of such knowledge to foreign nationals in the US.
• The FBI and NSA wanted restrictions for ease of decrypting both foreign and domestic communications.
• Algorithms approved for export were limited to 40-bit encryption. Easily breakable with modern technology.
• Proposals in the mid-90s called for mandatory key-recovery for products exported, and even those used internally.
• Currently, export controls now only exist on the T-7 countries.
• As of 2000, Cryptographic source code can be exported as long as copies are sent to the Bureau of Industry and Security of Commerce department.
Conclusion
• The end
References
• Charlie Kaufman, Radia Perlman, Mike Speciner, Network Security: Private Communication in a Public World, Prentice Hall, Inc, Upper Saddle River, New Jersey, 1995 505pp.
• Schneier, B., Applied Cryptography, 2nd ed., John Wiley & Sons, New York, 1996, 675 pp.
• Electric Frontier Foundation, Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design, O’Reilly & Associates, Sevastopol, California, 1998, online at http://cryptome.org/cracking-des.htm
• George Coulouris, Jean Dollimore, Tim Kindberg, Distributed Systems: Concepts and Design 3rd ed, Addison-Wesley, New York, 2001, pp 272-291.