1. Introduction to CryptographyIntroduction to Cryptography
--- Foundations of information security ------ Foundations of information security ---
Lecture 7Lecture 7
2. CSE2500 System Security and Privacy 2
OutlineOutline
Why study cryptologyWhy study cryptology??
Basic terms, notations and structure ofBasic terms, notations and structure of
cryptographycryptography
Private & public key cryptography examplesPrivate & public key cryptography examples
Modern secret key ciphers : usage andModern secret key ciphers : usage and
methodologymethodology
Encryption and possible attacksEncryption and possible attacks
Secret key ciphers designSecret key ciphers design
Slides 23 to 26 for additional informationSlides 23 to 26 for additional information
(and reading)(and reading)
3. CSE2500 System Security and Privacy 3
Why Study cryptology(1)Why Study cryptology(1)
A B
Intruder
Communications security
4. CSE2500 System Security and Privacy 4
Why Study cryptology(2)Why Study cryptology(2)
Customer Merchant
TTP
Electronic Commerce Security
5. CSE2500 System Security and Privacy 5
Why Study cryptology(3)Why Study cryptology(3)
A B
LEA
Law enforcement
6. CSE2500 System Security and Privacy 6
The Basic ProblemThe Basic Problem
We consider theWe consider the confidentialityconfidentiality goal:goal:
Alice and Bob are FriendsAlice and Bob are Friends
Marvin is a rivalMarvin is a rival
Alice wants to send secret messages (MAlice wants to send secret messages (M11,M,M22,…),…)
to Bob over the Internetto Bob over the Internet
Rival Marvin wants to read the messages (MRival Marvin wants to read the messages (M11,M,M22,,
…) - Alice and Bob want to prevent this!…) - Alice and Bob want to prevent this!
Assumption:Assumption: The network is OPEN: Marvin isThe network is OPEN: Marvin is
able to eavesdrop and read all data sent fromable to eavesdrop and read all data sent from
Alice to Bob.Alice to Bob.
Consequence:Consequence: Alice must not send messagesAlice must not send messages
(M(M11,M,M22,…) directly – they must be “scrambled” or,…) directly – they must be “scrambled” or
encryptedencrypted using a ‘secret code’ unknown tousing a ‘secret code’ unknown to
Marvin but known to Bob.Marvin but known to Bob.
7. CSE2500 System Security and Privacy 7
CryptographyCryptography
plaintext (data file or messages)
encryption
ciphertext (stored or transmitted safely)
decryption
plaintext (original data or messages)
8. CSE2500 System Security and Privacy 8
E
D
Message
(cleartext, plaintext)
Encrypted message
(ciphertext)
Encrypted message
(ciphertext)
Encryption Decryption
key
Alice
Bob
Private key cipherPrivate key cipher
Message
(cleartext,plaintext)
9. CSE2500 System Security and Privacy 9
Basic termsBasic terms
Cryptology (to be very precise)Cryptology (to be very precise)
Cryptography --- code designingCryptography --- code designing
Cryptanalysis --- code breakingCryptanalysis --- code breaking
Cryptologist:Cryptologist:
Cryptographer & cryptanalystCryptographer & cryptanalyst
Encryption/enciphermentEncryption/encipherment
Scrambling data into unintelligible toScrambling data into unintelligible to
unauthorised partiesunauthorised parties
Decryption/deciphermentDecryption/decipherment
Un-scramblingUn-scrambling
10. CSE2500 System Security and Privacy 10
Types of ciphersTypes of ciphers
Private key cryptosystems/ciphersPrivate key cryptosystems/ciphers
The secret key is shared between twoThe secret key is shared between two
partiesparties
Public key cryptosystems/ciphersPublic key cryptosystems/ciphers
The secret key is not shared and twoThe secret key is not shared and two
parties can still communicate using theirparties can still communicate using their
public keyspublic keys
11. CSE2500 System Security and Privacy 11
Examples of “Messages”Examples of “Messages”
Types of secret “Messages” AliceTypes of secret “Messages” Alice
might want to send Bob (in increasingmight want to send Bob (in increasing
length):length):
Decision (yes/no),Decision (yes/no), eg. as answer to theeg. as answer to the
question “Are we meeting tomorrow?”question “Are we meeting tomorrow?”
Numerical ValueNumerical Value, eg. as answer to the, eg. as answer to the
question “at what hour are we meeting?”question “at what hour are we meeting?”
DocumentDocument
SoftwareSoftware,,
ImagesImages etc.etc.
12. CSE2500 System Security and Privacy 12
ConceptsConcepts
A private key cipher is composed ofA private key cipher is composed of
two algorithmstwo algorithms
encryption algorithm Eencryption algorithm E
decryption algorithm Ddecryption algorithm D
The same key K is used for encryptionThe same key K is used for encryption
& decryption& decryption
K has to be distributed beforehandK has to be distributed beforehand
13. CSE2500 System Security and Privacy 13
NotationsNotations
Encrypt a plaintext P using a key K &Encrypt a plaintext P using a key K &
an encryption algorithm Ean encryption algorithm E
C = E(K,P)C = E(K,P)
Decrypt a ciphertext C using the sameDecrypt a ciphertext C using the same
key K and the matching decryptionkey K and the matching decryption
algorithm Dalgorithm D
P = D(K,C)P = D(K,C)
Note: P = D(K,C) = D(K, E(K,P))Note: P = D(K,C) = D(K, E(K,P))
14. CSE2500 System Security and Privacy 14
The Caesar cipher (e.g)The Caesar cipher (e.g)
The Caesar cipher is a substitutionThe Caesar cipher is a substitution
cipher, named after Julius Caesar.cipher, named after Julius Caesar.
Operation principle:Operation principle:
each letter is translated into the lettereach letter is translated into the letter
a fixed number of positionsa fixed number of positions after itafter it
in the alphabet table.in the alphabet table.
The fixed number of positions is a keyThe fixed number of positions is a key
both for encryption and decryption.both for encryption and decryption.
15. CSE2500 System Security and Privacy 15
The Caesar cipher (cnt’d)The Caesar cipher (cnt’d)
K=3
Inner: ciphertext
Outer: plaintext
16. CSE2500 System Security and Privacy 16
An exampleAn example
For a key K=3,For a key K=3,
plaintext letter:plaintext letter: ABCDEF...UVWXYZABCDEF...UVWXYZ
ciphtertext letter:ciphtertext letter: DEF...UVWXYZABCDEF...UVWXYZABC
HenceHence
TREATY IMPOSSIBLETREATY IMPOSSIBLE
is translated intois translated into
WUHDWB LPSRVVLEOHWUHDWB LPSRVVLEOH
17. CSE2500 System Security and Privacy 17
Breaking classic ciphersBreaking classic ciphers
With the help of fast computers,With the help of fast computers,
99.99% ciphers used before 1976 are99.99% ciphers used before 1976 are
breakable by using one of the 4 typesbreakable by using one of the 4 types
of attacks (described later).of attacks (described later).
Modern cluster computers and futureModern cluster computers and future
quantum computers can break severalquantum computers can break several
existing ciphers due to the power ofexisting ciphers due to the power of
such computers.such computers.
18. CSE2500 System Security and Privacy 18
Breaking the Caesar cipherBreaking the Caesar cipher
By trial-and errorBy trial-and error
By using statistics on lettersBy using statistics on letters
frequency distributions of lettersfrequency distributions of letters
letterletter percentpercent
AA 7.49%7.49%
BB 1.29%1.29%
CC 3.54%3.54%
DD 3.62%3.62%
EE 14.00%14.00%
....................................................................
19. CSE2500 System Security and Privacy 19
Toy example of private keyToy example of private key
cryptography (TPC)cryptography (TPC)
Assume that a message is broken into 64-bit blocks and eachAssume that a message is broken into 64-bit blocks and each
64-bit block of plaintext is encrypted separately:64-bit block of plaintext is encrypted separately:
Key space are combinations of numerical digits – max: 7Key space are combinations of numerical digits – max: 7
digits-digits-
(eg: key = [1]; or key = [1,3], or key = [1,4,2]).(eg: key = [1]; or key = [1,3], or key = [1,4,2]).
Assume that all 8 bits of a byte is used and key digits startAssume that all 8 bits of a byte is used and key digits start
from left to right.from left to right.
Encryption: Each plaintext block is first shifted by the numberEncryption: Each plaintext block is first shifted by the number
of binary digits before the last non-zero digit of the key. It isof binary digits before the last non-zero digit of the key. It is
then exclusive-ored with the key starting from the first byte ofthen exclusive-ored with the key starting from the first byte of
the block, repeatedly to the end of the block (the key moves athe block, repeatedly to the end of the block (the key moves a
distance of its size from left to right of the plaintext block).distance of its size from left to right of the plaintext block).
Decryption: do the reverse of encryption: the cipher-text isDecryption: do the reverse of encryption: the cipher-text is
exclusive-ored and then shifted.exclusive-ored and then shifted.
0 0 0=
1 1 0=
0 1 1=
1 0 1=
: exclusive: exclusive oror
20. CSE2500 System Security and Privacy 20
Using TPCUsing TPC
Use TPC to encrypt the plaintext “12345”, keyUse TPC to encrypt the plaintext “12345”, key
= [1,4,2]= [1,4,2]
Use TPC to encrypt the plaintext “TREATYUse TPC to encrypt the plaintext “TREATY
IMPOSSIBLE”; key = [4];IMPOSSIBLE”; key = [4];
Use TPC to encrypt the plaintext “100Use TPC to encrypt the plaintext “100
dollars”, key = [2,4];dollars”, key = [2,4];
21. CSE2500 System Security and Privacy 21
Principles of Private Key EncryptionPrinciples of Private Key Encryption
Devise cryptographic algorithms:Devise cryptographic algorithms:
a set of fast functions (E1, E2, E3, ..En) that when in turna set of fast functions (E1, E2, E3, ..En) that when in turn
applied to an input (initial or intermediate input) willapplied to an input (initial or intermediate input) will
produce a more potentially scrambled output.produce a more potentially scrambled output.
and a set of functions (D1,D2,D3, .. Dn) that when in turnand a set of functions (D1,D2,D3, .. Dn) that when in turn
applied to the cipher text (final or intermediate) willapplied to the cipher text (final or intermediate) will
produce the original input text.produce the original input text.
Devise algorithms, tests and proofs to validateDevise algorithms, tests and proofs to validate
your cryptographic algorithmsyour cryptographic algorithms
Analysing algorithms.Analysing algorithms.
Tests with powerful computers such as specialised,Tests with powerful computers such as specialised,
parallel, cluster, or quantum computers.parallel, cluster, or quantum computers.
Mathematical proofs.Mathematical proofs.
22. CSE2500 System Security and Privacy 22
Toy example of public keyToy example of public key
cryptographycryptography
Definition: The multiplicative inverse ofDefinition: The multiplicative inverse of xx with modulowith modulo nn isis yy
such that (such that (xx**yy) mod) mod nn = 1= 1
E.g:x=3; n=10, => y=7; since (3*7) mod 10 = 1E.g:x=3; n=10, => y=7; since (3*7) mod 10 = 1
The above multiplicative inverse can be used to create aThe above multiplicative inverse can be used to create a
simple public key cipher: eithersimple public key cipher: either xx oror yy can be thought of as acan be thought of as a
secret key and the other is the public key. Letsecret key and the other is the public key. Let xx = 3,= 3, yy = 7,= 7, nn ==
10, and M be the message:10, and M be the message:
M = 4 ;M = 4 ;
3*4 mod 10 = 2; (ciphertext) - encrypting3*4 mod 10 = 2; (ciphertext) - encrypting
2*7 mod 10 = 4 = M ; (message) - decrypting2*7 mod 10 = 4 = M ; (message) - decrypting
M =6 ;M =6 ;
3*6 mod 10 = 8;3*6 mod 10 = 8;
8*7 mod 10 = 6 = M (message)8*7 mod 10 = 6 = M (message)
23. CSE2500 System Security and Privacy 23
What is PKE used for?What is PKE used for?
Private Key Encryption (PKE) can bePrivate Key Encryption (PKE) can be
used:used:
Transmitting data over an insecureTransmitting data over an insecure
channelchannel
Secure stored data (encrypt & store)Secure stored data (encrypt & store)
Provide integrity check:Provide integrity check:
(Key + Mes.) -> MAC (message authentication(Key + Mes.) -> MAC (message authentication
code)code)
24. CSE2500 System Security and Privacy 24
Morden Cryptography applicationsMorden Cryptography applications
Not just about confidentiality!Not just about confidentiality!
IntegrityIntegrity
Digital signaturesDigital signatures
Hash functionsHash functions
Fair exchangeFair exchange
Contract signingContract signing
AnonymityAnonymity
Electronic cashElectronic cash
Electronic votingElectronic voting
Etc.Etc.
26. CSE2500 System Security and Privacy 26
General approaches to CryptographyGeneral approaches to Cryptography
There are two general encryption methods:There are two general encryption methods: Block ciphers &Block ciphers &
Stream ciphersStream ciphers
Block ciphersBlock ciphers
Slice message M into (fixed size blocks)Slice message M into (fixed size blocks) mm11, …,, …, mmnn
Add padding to last blockAdd padding to last block
Use EUse Ekk to produce (ciphertext blocks)to produce (ciphertext blocks) xx11, …,, …, xxnn
Use DUse Dkk to recover M fromto recover M from mm11, …,, …, mmnn
E.g: DES, etc.E.g: DES, etc.
Stream ciphersStream ciphers
Generate a long random string (or pseudo random)Generate a long random string (or pseudo random)
calledcalled one-time padone-time pad..
MessageMessage one-time padone-time pad (exclusive or)(exclusive or)
E.g: EC4E.g: EC4
27. CSE2500 System Security and Privacy 27
Design of Private Key Ciphers(1)Design of Private Key Ciphers(1)
A Cryptographic algorithm should be efficient forA Cryptographic algorithm should be efficient for
good usegood use
It should be fast and key length should be of the rightIt should be fast and key length should be of the right
length – e.g.; not too shortlength – e.g.; not too short
Cryptographic algorithms are not impossible toCryptographic algorithms are not impossible to
break without a keybreak without a key
If we try all the combinations, we can get the originalIf we try all the combinations, we can get the original
messagemessage
The security of a cryptographic algorithm dependsThe security of a cryptographic algorithm depends
on how much work it takes for someone to break iton how much work it takes for someone to break it
E.g If it takes 10 mil. years to break a cryptographicE.g If it takes 10 mil. years to break a cryptographic
algorithm X using all the computers of a state, X can bealgorithm X using all the computers of a state, X can be
thought of as a secure one – reason: cluster computersthought of as a secure one – reason: cluster computers
and quantum computers are powerful enough to crackand quantum computers are powerful enough to crack
many current cryptographic algorithms.many current cryptographic algorithms.
28. CSE2500 System Security and Privacy 28
Design of Private Key Ciphers(2)Design of Private Key Ciphers(2)
Encryption Algorithm DesignEncryption Algorithm Design
Should the strength of the algorithm beShould the strength of the algorithm be
included in the implementation of theincluded in the implementation of the
algorithm? Should we hide the algorithm?algorithm? Should we hide the algorithm?
Should the block size be small or large?Should the block size be small or large?
Should the keyspace be large?Should the keyspace be large?
Should we consider other search ratherShould we consider other search rather
than brute-force search?than brute-force search?
Should we consider the hardwareShould we consider the hardware
technology?technology?
29. CSE2500 System Security and Privacy 29
4 types of cryptanalysis4 types of cryptanalysis
Depending on what a cryptanalyst hasDepending on what a cryptanalyst has
to work with, attacks can be classifiedto work with, attacks can be classified
intointo
ciphertext only attackciphertext only attack
known plaintext attackknown plaintext attack
chosen plaintext attackchosen plaintext attack
chosen ciphertext attack (most severe)chosen ciphertext attack (most severe)
30. CSE2500 System Security and Privacy 30
4 types of attacks4 types of attacks
Ciphertext only attackCiphertext only attack
the only data available is a targetthe only data available is a target
ciphertextciphertext
Known plaintext attackKnown plaintext attack
a target ciphertexta target ciphertext
pairs of other ciphertext and plaintextpairs of other ciphertext and plaintext
(say, previously broken or guessing)(say, previously broken or guessing)
31. CSE2500 System Security and Privacy 31
4 types of attacks4 types of attacks
Chosen plaintext attacksChosen plaintext attacks
a target ciphertexta target ciphertext
can feed encryption algorithm withcan feed encryption algorithm with
plaintexts and obtain the matchingplaintexts and obtain the matching
ciphertextsciphertexts
Chosen ciphertext attackChosen ciphertext attack
a target ciphertexta target ciphertext
can feed decryption algorithm withcan feed decryption algorithm with
ciphertexts and obtain the matchingciphertexts and obtain the matching
plaintextsplaintexts