introduction to cryptographyapkerr/itis6200_02_crypto.pdf · related chapters •cryptography...
TRANSCRIPT
![Page 1: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/1.jpg)
Introduction to Cryptography
--- Foundations of computer security ---
![Page 2: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/2.jpg)
Related Chapters
• Cryptography
– CHAPTER 2, A Cryptography Primer
– CHAPTER 37, Data Encryption
– CHAPTER 39, Public Key Infrastructure
– CHAPTER 70, Advanced Data Encryption
2
![Page 3: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/3.jpg)
Outline
• basic terms in cryptology
• classic secret key ciphers
• modern secret key ciphers
– DES (Data Encryption Standard) and AES (Advanced Encryption Standard)
– how do they work
– how to use DES and AES in practice • 4 modes of operations
3
![Page 4: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/4.jpg)
Basic Terms
• cryptology (to be very precise) – cryptography --- designing
– cryptanalysis --- code breaking
• cryptologist – cryptographer
– cryptanalyst
• encryption/encipherment – scrambling data into unintelligible to unauthorised
parties
4
![Page 5: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/5.jpg)
Basic Terms (2)
• decryption/decipherment
– un-scrambling
• cipher/cryptosystem
5
![Page 6: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/6.jpg)
A Short History
• dividing line is 1976/77
– classic ~1976/77 • 1976: Diffie & Hellman discovered public key cryptography
• 1977: National Bureau of Standards published DES (Data Encryption Standard)
– modern 1976/77 ~ today
6
![Page 7: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/7.jpg)
History (2)
• the word of “cipher”--- from Greek (secret writing)
• ancient Egypt, Julius Caesar, ...
• WWII – Enigma cipher machine
• broken by British team including Alan Turing
– Purple cipher • broken by US, led to the death of Yamamoto
• Mainly for war, diplomacy & politics
7
![Page 8: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/8.jpg)
Good Book on History of Crypto
• David Kahn, The Codebreakers, Macmillan, New York, 1972.
• PS:
– a revised edition was published in 1996
– Not quite complete
8
![Page 9: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/9.jpg)
Cryptography Goals
• Authentication:
– Alice sends a message to Bob. How can Bob verify that the message originated from Alice and not from Eve pretending to be Alice?
• Confidentiality:
– Alice sends a message to Bob. How can Bob be sure that the message was not read by Eve? For example, personal communications need to be maintained as confidential.
9
![Page 10: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/10.jpg)
Cryptography Goals (2)
• Integrity:
– Alice sends a message to Bob. How does Bob verify that Eve did not intercept the message and change its contents?
• Nonrepudiation:
– Alice could send a message to Bob and later deny that she ever sent a message to Bob. In such a case, how could Bob ever determine who actually sent him the message?
10
![Page 11: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/11.jpg)
Types of Ciphers
• private key cryptosystems/ciphers
– Also known as • Secret key ciphers
• Single key ciphers
• Symmetric ciphers
• public key cryptosystems/ciphers
– Also known as • asymmetric ciphers
11
![Page 12: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/12.jpg)
Representation of Data
• By characters
– each character is represented by a 8-bit byte according to the ASCII table
• By binary bits (0’s and 1’s)
– eg. • fax messages
• images
• digitalised voice data
12
![Page 13: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/13.jpg)
Private Key Cipher
13
E Network or Storage
Plain Text Cipher Text Cipher Text Original Plain Text
Bob
Shared Secret Key
Alice
Shared Secret Key
D
![Page 14: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/14.jpg)
Concepts
• A private key cipher is composed of two algorithms
– encryption algorithm E
– decryption algorithm D
• The same key K is used for encryption & decryption
• K has to be distributed beforehand
14
![Page 15: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/15.jpg)
Notations
• Encrypt a plaintext P using a key K & an encryption algorithm E C = E(K,P)
• Decrypt a ciphertext C using the same key K and the matching decryption algorithm D P = D(K,C)
• Note: P = D(K,C) = D(K, E(K,P))
15
![Page 16: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/16.jpg)
Classic Ciphers
• Substitution ciphers (also called shift/additive ciphers) – Monoalphabetic ciphers
– Polyalphabetic ciphers
• Transposition (permutation) ciphers
• Product ciphers – using both
• substitution, and
• transposition
16
![Page 17: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/17.jpg)
The Caesar Cipher
• The Caesar cipher
– a substitution cipher, named after Julius Caesar.
• Operation principle: each letter is translated into the letter a fixed number of positions after it in the alphabet table.
• the fixed number of positions is a key both for encryption and decryption.
17
![Page 18: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/18.jpg)
18
The Caesar Cipher (cnt’d)
Outer: plaintext
Inner: ciphertext
![Page 19: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/19.jpg)
19
The Caesar Cipher (cnt’d)
K=3
![Page 20: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/20.jpg)
An Example
• for a key K=3, plaintext letter: ABCDEF...UVWXYZ ciphertext letter: DEF...UVWXYZABC
• Hence TREATY IMPOSSIBLE is translated into WUHDWB LPSRVVLEOH
20
![Page 21: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/21.jpg)
An Exercise
• Using the Caesar cipher to encode the following message under a key K=3 WAR STARTS TOMORROW
21
![Page 22: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/22.jpg)
Another substitution cipher example
22
![Page 23: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/23.jpg)
Transposition Cipher
• It works by changing the location of characters (characters’ permutation).
• A cyclic group defines the permutation with a single key to encrypt, and the same key is used to decrypt the ciphered message.
23
![Page 24: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/24.jpg)
Polyalphabetic Cipher
• Instead of one-to-one mapping (Cesar cipher), one-to-many mapping is used.
• A single letter can have multiple substitutes.
• A tableau is developed (see next slide). This tableau is a series of shift ciphers.
• The key is repeated over the plaintext. Then, using the tableau, the corresponding letter is used.
• The top row is used to look up the plaintext, and the leftmost column is used to reference the keyword.
24
![Page 25: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/25.jpg)
25
![Page 26: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/26.jpg)
Polyalphabetic Cipher Example
• Plaintext: “Ask not what your country can do for you”, key: “rockerrooks”.
• Notice that “A” is encrypted to different letters.
26
Plaintext A S K N O T W H A T Y O U R …
Key R O C K E R R O O K S R O C …
Ciphertext R G M X S K N V O D Q F I T …
![Page 27: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/27.jpg)
• Ciphertext only attack: – The cryptanalyst has an
access to the ciphertext only. Frequency analysis is used to infer the key.
• Known plaintext attack: – The cryptanalyst has an an
access to both plaintext and the corresponding cipher text trying to find the key.
• Chosen plaintext attack: – The cryptanalyst can encrypt
plaintext of his choice and analyze the resulting cipher text.
• Chosen Ciphertext attack: – The cryptanalyst can decrypt
ciphertext of his choice to recover the key.
27
Attacks Against Cryptography
![Page 28: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/28.jpg)
• by trial-and error
• by using statistics on letters – frequency distributions of
letters letter percent A 7.49% B 1.29% C 3.54% D 3.62% E 14.00% ..................................
• with the help of fast computers, 99.99% ciphers used before 1976 are breakable by using one of the 4 types of attacks.
• The first computer designed by Alan Turing was used to break the Enigma cipher in WWII.
28
Breaking the Caesar Cipher
![Page 29: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/29.jpg)
MODERN BLOCK CIPHERS
29
![Page 30: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/30.jpg)
Block Ciphers
• Block ciphers provide the backbone algorithmic technology behind most modern-era ciphers
• It is a series of serial operations (rounds).
• In each round, a chunk of the input data is encrypted and fed to the next round. (chaining)
• Each output block is the same size as the input block.
• Each block uses a subkey permuted (derived) from the original key.
30
![Page 31: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/31.jpg)
Modern Private Key Ciphers
• DES (US, 1977) – key -- 56 bits, plaint/ciphertext -- 64 bits
• IDEA (Lai & Massey, Swiss, 1991) – key -- 128 bits, plaint/ciphertext -- 64 bits
• LOKI (ADFA, Australia, 1989) – key, plaint/ciphertext -- 64 bits
• FEAL (NTT, Japan, 1990) – key -- 128 bits, plaint/ciphertext -- 64 bits
• AES (successor to DES, 2001)
31
![Page 32: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/32.jpg)
• a 56-bit key K is expanded into 16 subkeys, each 48 bits (K1, K2, ..., K16)
• Encryption consists of 16 rounds, each using a different 48-bit subkey
• Both a plaintext & a ciphertext are 64 bits long
• Similar to encryption, except that the order in which the subkeys are used is reversed, namely, (K16, K15, ..., K2, K1)
32
Encryption using DES
DES (Encryption)
64-bit plaintext
56-bit key
64-bit ciphertext
DES (Decryption)
64-bit ciphertext
56-bit key
64-bit plaintext
![Page 33: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/33.jpg)
AES Family – AES-128,AES-192, AES-256
33
AES- 128
128-bit plaintext
128-bit key
128-bit ciphertext
AES- 192
128-bit plaintext
192-bit key
128-bit ciphertext
AES- 256
128-bit plaintext
256-bit key
128-bit ciphertext
![Page 34: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/34.jpg)
Examples
• AES128 – PLAINTEXT: 00112233445566778899aabbccddeeff – KEY: 000102030405060708090a0b0c0d0e0f – CIPHERTEXT: 69c4e0d86a7b0430d8cdb78070b4c55a
• AES256
– PLAINTEXT: 00112233445566778899aabbccddeeff – KEY: 000102030405060708090a0b0c0d0e0f
101112131415161718191a1b1c1d1e1f – CIPHERTEXT: 8ea2b7ca516745bfeafc49904b496089
34
![Page 35: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/35.jpg)
Use of A Private Key Cipher in Practice
![Page 36: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/36.jpg)
4 Modes of Operation
• Electronic Code Book (ECB)
• Cipher Block Chaining (CBC)
• Cipher Feedback Mode (CFB)
• Output Feedback Mode (OFB)
• (Use AES-128 as an example)
36
![Page 37: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/37.jpg)
Electronic Code Book (ECB)
37
E E E E E E E E E E
plaintext (message)
m1 m2 m3 m4 m5 m6 m7 m8 m9 m10
c1 c2 c3 c4 c5 c6 c7 c8 c9 c10
K
ciphertext (scrambled message)
Encryption mi, ci: 128 bits for AES K: 128 bits (or 192, 256 bits)
![Page 38: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/38.jpg)
Electronic Code Book (ECB)
38
D D D D D D D D D D
ciphertext (message)
m1 m2 m3 m4 m5 m6 m7 m8 m9 m10
c1 c2 c3 c4 c5 c6 c7 c8 c9 c10
K
plaintext (original message)
Decryption
![Page 39: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/39.jpg)
Electronic Code Book (ECB)
39
Encryption
Decryption
K
E E E E E E E E E E
plaintext (message)
m1 m2 m3 m4 m5 m6 m7 m8 m9 m10
c1 c2 c3 c4 c5 c6 c7 c8 c9 c10
ciphertext (scrambled message)
K D D D D D D D D D D
ciphertext (message)
m1 m2 m3 m4 m5 m6 m7 m8 m9 m10
c1 c2 c3 c4 c5 c6 c7 c8 c9 c10
plaintext (original message)
![Page 40: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/40.jpg)
Padding
• If the length of a plaintext is not a multiple of 128bits, extra bits (0’s or 1’s) are padded to the end of the original message, so that the last block is 128 bits.
• Padded bits are discarded after decryption.
40
![Page 41: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/41.jpg)
Examples of ECB Mode
• AES128, Encryption, 16 bytes – KEY = 10a58869d74be5a374cf867cfb473859 – PLAINTEXT = 00000000000000000000000000000000 – CIPHERTEXT = 6d251e6944b051e04eaa6fb4dbf78465
• AES256, Decryption, 16 bytes
– KEY = 07eb03a08d291d1b07408bf3512ab40 c91097ac77461aad4bb859647f74f00ee
– CIPHERTEXT = 47cb030da2ab051dfc6c4bf6910d12bb – PLAINTEXT = 00000000000000000000000000000000
41 Source: NIST AES Test Data
![Page 42: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/42.jpg)
ECB, AES128
• Plaintext, 128 X 4 bits – 6bc1bee22e409f96e93d7e117393172a
ae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710
• Key, 128 bits – 2b7e151628aed2a6abf7158809cf4f3c
• Ciphertext – 3ad77bb40d7a3660a89ecaf32466ef97
f5d3d58503b9699de785895a96fdbaaf 43b1cd7f598ece23881b00e3ed030688 7b0c785e27e8ad3f8223207104725dd4
42
![Page 43: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/43.jpg)
43
Bit-Wise Exclusive OR (XOR)
0 0 = 0
1 1 = 0
0 1 = 1
1 0 = 1
P 1 0 0 1 0 0 1 0
K 0 1 0 1 1 1 1 1
C 1 1 0 0 1 1 0 1
XOR Table
Useful properties: PKC CKP
In Java, C & C++: C = P ^ K; P = C ^ K;
![Page 44: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/44.jpg)
Cipher Block Chaining (CBC)
44
IV
E
m1
c1
E
m2
c2
E
m3
c3
E
m4
c4
K
Encryption
![Page 45: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/45.jpg)
Cipher Block Chaining (CBC)
45
IV
D
m1
c1
D
m2
c2
D
m3
c3
D
m4
c4
K
Decryption
![Page 46: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/46.jpg)
Cipher Block Chaining (CBC) --- Another way to look at decryption
46
c1
m1
c2
m2
c3
m3
IV
c4
m4
D D D D
K
Decryption
![Page 47: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/47.jpg)
Cipher Block Chaining (CBC)
47
IV
E
m1
c1
E
m2
c2
E
m3
c3
E
m4
c4
K
Encryption
c1
m1
c2
m2
c3
m3
IV
c4
m4
D D D D
K Decryption
![Page 48: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/48.jpg)
CBC, AES256
• Plaintext, 128 X 4 bits – 6bc1bee22e409f96e93d7e117393172a
ae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710
• Key, 256 bits – 603deb1015ca71be2b73aef0857d7781
1f352c073b6108d72d9810a30914dff4
• IV, 128 bits – 000102030405060708090a0b0c0d0e0f
• Ciphertext – f58c4c04d6e5f1ba779eabfb5f7bfbd6
9cfc4e967edb808d679f777bc6702c7d 39f23369a9d9bacfa530e26304231461 b2eb05e2c39be9fcda6c19078c6a9d1b
48
![Page 49: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/49.jpg)
Cipher Block Chaining (CBC) with Interleave Factor = 2
49
IV
E
m1
c1
E
m2
c2
E
m3
c3
E
m4
c4
K
Encryption
c0
Agreed values
![Page 50: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/50.jpg)
Cipher Block Chaining (CBC) with Interleave Factor = 2
50
Decryption
IV
D
m1
c1
D
m2
c2
D
m3
c3
D
m4
c4
K
c0
Agreed values
![Page 51: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/51.jpg)
Cipher Block Chaining (CBC) with Interleave Factor = 2
51
IV
E
m1
c1
E
m2
c2
E
m3
c3
E
m4
c4
K
Encryption
c1
m1
c2
m2
c3
m3
IV
c4
m4
D D D D
K Decryption
c0
c0
![Page 52: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/52.jpg)
Higher Order Bits & Lower Order Bits
52
128-bit register/storage
Higher order bits Lower order bits
(Note: in line with Java, C, and C++)
The left The right
b127 b0
![Page 53: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/53.jpg)
Cipher Feedback Mode (CFB)
53
Encryption
mi ci
ki: t higher order bits
t bits t bits
E K
128-bit shift register (to the left by t bits)
…
128-bit register
(1)
(2)
(3)
(4) Copy & Feedback t bits
![Page 54: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/54.jpg)
Blocks, Key & Initial Vector for CFB
• Long data is divided into blocks, each having t bits. Typically, t=8.
• Key & initial vector
– Sender & receiver need to agree on 2 pieces of information beforehand: • key K (has to be kept secret)
• an initial vector for the shift register
– it does NOT have to be kept secret !
– a 128-bit all-0 vector may be chosen
54
![Page 55: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/55.jpg)
Cipher Feedback Mode (CFB)
55
Decryption
ci mi
t bits t bits
E K
128-bit shift register (to the left by t bits)
... (3)
(2)
(1)
ki: t higher order bits
(4) Copy & Feedback t bits
![Page 56: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/56.jpg)
Cipher Feedback Mode (CFB)
56
Encryption
mi ci
ki: t higher order bits
t bits t bits
E K
128-bit shift register (to the left by t bits)
…
128-bit register
(1)
(2)
(3)
(4)
ci mi
t bits t bits
E K
128-bit shift register (to the left by t bits)
... (3)
(2)
(4) (1)
Decryption
ki: t higher order bits
![Page 57: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/57.jpg)
4 Sub-steps in CFB Decryption
• encrypt (with, say, AES)
• XOR
• Shift (to the left/higher order bit positions)
• Feedback (to the lower order bit positions)
57
![Page 58: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/58.jpg)
CFB with t=1, AES128
• Plaintext, 16 bits – 6bc1 (=0110 1011 1100 00012)
• Key, 128 bits – 2b7e151628aed2a6abf7158809cf4f3c
• IV, 128 bits – 000102030405060708090a0b0c0d0e0f
• Ciphertext, 16 bits – 68b3 (=0110 1000 1011 00112)
58
![Page 59: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/59.jpg)
CFB with t=8, AES256
• Plaintext, 18 bytes (=144 bits) – 6bc1bee22e409f96e93d7e117393172aae2d
• Key, 256 bits – 603deb1015ca71be2b73aef0857d7781
1f352c073b6108d72d9810a30914dff4
• IV, 128 bits – 000102030405060708090a0b0c0d0e0f
• Ciphertext, 18 bytes – dc1f1a8520a64d655fcc8ac554844e889700
59
![Page 60: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/60.jpg)
Output Feedback Mode (OFB)
60
Encryption
iiickm
:Note
mi ci
t bits t bits
E K
(2)
(3) Feedback all 128 bits
(1)
ki: t higher order bits
128-bit shift register (initially IV)
![Page 61: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/61.jpg)
Output Feedback Mode (OFB)
61
Decryption
ii
iii
iiiii
mm
kkm
kkmkc
00
)(
)(
:Note
ci mi
t bits t bits
E K
128-bit shift register (initially IV)
(2)
(3) Feedback all 128 bits
(1)
ki: t higher order bits
![Page 62: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/62.jpg)
Output Feedback Mode (OFB)
62
Encryption Decryption
mi ci
t bits t bits
E K
128-bit shift register (initially IV)
(2)
(3) Feedback all 128 bits
(1)
ki: t higher order bits
ci mi
t bits t bits
E K
128-bit shift register (initially IV)
(2)
(3) Feedback all 128 bits
(1)
ki: t higher order bits
![Page 63: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/63.jpg)
OFB, AES128
• Plaintext, 128 x 4 bits – 6bc1bee22e409f96e93d7e117393172a
ae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710
• Key, 128 bits – 2b7e151628aed2a6abf7158809cf4f3c
• IV, 128 bits – 000102030405060708090a0b0c0d0e0f
• Ciphertext, 128 x 4 bits – 3b3fd92eb72dad20333449f8e83cfb4a
7789508d16918f03f53c52dac54ed825 9740051e9c5fecf64344f7a82260edcc 304c6528f659c77866a510d9c1d6ae5e
63
![Page 64: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/64.jpg)
OFB, AES192
• Plaintext, 128 x 4 bits – 6bc1bee22e409f96e93d7e117393172a
ae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710
• Key, 192 bits – 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b
• IV, 128 bits – 000102030405060708090a0b0c0d0e0f
• Ciphertext, 128 x 4 bits – cdc80d6fddf18cab34c25909c99a4174
fcc28b8d4c63837c09e81700c1100401 8d9a9aeac0f6596f559c6d4daf59a5f2 6d9f200857ca6c3e9cac524bd9acc92a
64
![Page 65: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/65.jpg)
Which Mode to Use ?
• electronic code book (ECB) suffers various potential attacks, including block-replacing attack, it should NOT be used !
• Use one of the other 3 modes
– cipher block chaining (CBC)
– cipher feedback mode (CFB)
– output feedback mode (OFB)
65
![Page 66: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/66.jpg)
Other modes
• Counter mode (CTR)
• Combined modes
– CTR + CFB
– CTR + OFB
– ……
66
![Page 67: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/67.jpg)
Counter Mode (CTR)
67
Encryption
iiickm
:Note
mi ci
t bits t bits
E K
128-bit counter (initialized to 0)
(2)
(3) Increase counter by 1
(1)
ki: t higher order bits
Counter
![Page 68: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/68.jpg)
Counter Mode (CTR)
68
Decryption
iiimkc
:Note
ci mi
t bits t bits
E K
128-bit counter (initialized to 0)
(2)
(3) Increase counter by 1
(1)
ki: t higher order bits
Counter
![Page 69: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/69.jpg)
How Long a Key should Be to Be Secure
• 56 bits (DES) -- too short
• 64 bits -- OK for a few months
• 80 bits -- OK for non-critical applications
• 128 bits -- OK for all applications
• 256 bits – OK for applications requiring the highest level of security
69
![Page 70: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/70.jpg)
How to Get Long Keys
• use ciphers that support long keys:
– IDEA (128 bits)
– AES (128, 192, 256 bits)
• use triple DES
– results in a key of 112 bits • encrypt using K1
• decrypt using K2
• encrypt again using K1
70
![Page 71: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/71.jpg)
Triple DES (~2030) --- Option 1
71
E E D m c
c m
Encrypt
Decrypt
K1
K2
K3
D D E
K1
K2
K3 Source: NIST SP800-67 rev1, 1/2012
![Page 72: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/72.jpg)
Triple DES (~2030) – Option 2
72
E E D m c
K1
K2
D D E c m
K1
K2
Encrypt
Decrypt
![Page 73: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/73.jpg)
ONE-WAY HASH
73
![Page 74: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/74.jpg)
One-Way Hash Algorithm
74
A document (of any length)
A condensed, short, fixed length output (say of 160 bits)
![Page 75: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/75.jpg)
One-Way Hash Algorithm
• a one-way hash algorithm hashes an input document into a condensed short output (say of 160 bits)
• One-wayness – Given an output, it is infeasible for any one to find an
input document which is hashed to that specific output !
• Collision resistance – it is infeasible for any one to find two or more input
documents which are hashed to the same condensed output !
75
![Page 76: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/76.jpg)
Criteria of Hash Functions
• Preimage resistance: – Given a message m and the hash function hash, if the hash
value h = hash(m) is given, it should be hard to find any m such that h = hash(m).
• Second preimage resistance (weak collision resistance): – Given input m1 , it should be hard to find another message m2
such that hash(m1) = hash(m2) and that m1 ≠ m2
• Strong collision resistance: – It ought to be hard to find two messages m1 ≠ m2 such that
hash(m1) = hash(m2).
76
![Page 77: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/77.jpg)
Finding collision is infeasible
77
(same condensed output)
I, Bob, will pay $1,000 to Alice.
I, Bob, will pay $10,000 to Alice.
![Page 78: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/78.jpg)
• Shredding a newspaper into very fine pieces – Pick & keep only 20 random pieces
out of all those fine pieces & burn off the rest
• It’s “1-way” – Infeasible for one to recover the
original newspaper from the 20 fine pieces
• It’s “collision-resistant” – Infeasible for one to find 2
different newspapers that are shredded to the same set of 20 pieces
78
Confetti Shredder as “1-Way Hash”
![Page 79: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/79.jpg)
• SHA Family – SHA-1 (output: 160 bits)
– SHA-224 (output: 224 bits)
– SHA-256 (output: 256 bits)
– SHA-324 (output: 324 bits)
– SHA-512 (output: 512 bits)
• MD5 (broken, should no longer be used)
79
Examples of 1-Way Hashing
![Page 80: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/80.jpg)
SECURE TWO-WAY COMMUNICATION
80
![Page 81: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/81.jpg)
Secure 1-Directional Communication
81
Network or Storage
Plain Text Cipher Text Cipher Text Original Plain Text
Bob
Shared Secret Key
Alice
Shared Secret Key
E D
![Page 82: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/82.jpg)
Secure Bi-Directional Communication
82
Open Network
Plain Text Cipher Text Cipher Text Plain Text
Bob Alice
Pair of Shared Secret Keys: KAB & KBA
Pair of Shared Secret Keys: KAB & KBA
E D
![Page 83: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/83.jpg)
PUBLIC KEY CRYPTOGRAPHY (ASYMMETRIC CRYPTOGRAPHY)
83
![Page 84: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/84.jpg)
Public Key Cryptosystem
84
Plain Text Cipher Text Cipher Text Plain Text
Alice Bob
Secret Key
(for decryption)
Open
Network
Bob’s Public Key
(for encryption)
Public Key Directory
E D
![Page 85: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/85.jpg)
Public Key Encryption/Decryption Process
85
![Page 86: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/86.jpg)
Main Differences with AES
• The public encryption key is different from the secret decryption key.
• Infeasible for an attacker to find out the secret decryption key from the public encryption key.
• No need for Alice & Bob to distribute a shared secret key beforehand !
• Only one pair of public and secret keys is required for each user !
86
![Page 87: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/87.jpg)
Digital Signature
87
S
Message
V
Message
H
256 bits
Bob
Secret
Signing Key
+
H
Cathy
Signature
Accept
if satisfied
1-way hash
Signature
Public Key
signature
generation
algorithm
256 bits
signature
verification
algorithm
Open
Network
Bob’s Public
Verification Key
Public Key Directory
![Page 88: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/88.jpg)
Digital Signature Operations
88
![Page 89: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/89.jpg)
Applications of Digital Signature • Authentication • Non-repudiation • Digital certification • E-Commerce
– Digital certificates for servers, clients & users
• Secure communication • Digital credentials • Certified software applications (apps, drivers, APIs etc) • Digital money • ……
89
![Page 90: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/90.jpg)
• ePassport – an embedded RFID chip that
contains information about the owner
– Digitally signed --- good !
– Data may be encrypted with a key derived from user info --- not secure at all !
• Ref: – ICAO Doc 9303, Machine
Readable Travel Documents
90
Digital Signature in ePassport
e-Passport
symbol
RFID chip and
antenna is embedded
in the cover
![Page 91: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/91.jpg)
Symmetric Key Encryption (summary)
• One Key.
• Pre-distribution of the key is needed.
• Fast.
• Not scalable (you need a key for each sender/receiver).
• Not suitable for broadcasting messages.
91
![Page 92: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/92.jpg)
Asymmetric Key Encryption (summary)
• Two Keys (public and private).
• Pre-distribution of the key is NOT needed.
• Slow.
• Private key can not be derived from public key.
• Scalable (you need one pair of keys for each user).
• Suitable for broadcasting messages.
92
![Page 93: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/93.jpg)
Using Both Symmetric and Asymmetric Crypto
• Symmetric keys are used to encrypt sessions between users (fast).
• Asymmetric keys are used to distribute the symmetric keys (more secure).
93
![Page 94: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/94.jpg)
Public Key Encryption
• Based on Integer Factorization
– RSA
• Based on Discrete Logarithm
– ElGamal
– Diffie-Hellman
• Based on Elliptic Curves
– Elliptic curve Diffie-Hellman
• Based on Lattices
– NTRU
Digital Signature
• Based on Integer Factorization
– RSA signature
• Based on Discrete Logarithm
– Schnorr
– DSS
• Based on Elliptic Curves
– EC-DSS
• Based on Lattices
– NTRU signature
94
Notable Public Key Encryption and Digital Signature
![Page 95: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/95.jpg)
95
Signcryption (signature+encryption)
• Simultaneously provides the functions of
– digital signature
• unforgeability & non-repudiation
– public key encryption
• confidentiality
• with a significantly smaller computational & communication overhead
Cost (signcryption) << Cost (signature) + Cost (encryption)
• Ref:
– ISO/IEC 29150:2011, Information technology -- Security techniques – Signcryption, International Organization for Standardization, 12/2011.
– www.signcryption.org
![Page 96: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/96.jpg)
RSA Algorithm
![Page 97: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/97.jpg)
Public key Cryptography
• Developed to address two issues:
– key distribution – how to have secure communications in general without having to trust a KDC with your own key.
– digital signatures – to verify a message coming intact from the intended sender.
• Uses two keys, private and public key.
97
![Page 98: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/98.jpg)
RSA
• Invented by Rivest, Shamir and Adleman in 1977
• It is based on exponentiation over integers modulo a prime
• It uses large integers (to make it hard to break)
• Its security due to cost of factoring large numbers
98
![Page 99: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/99.jpg)
Prime Numbers
• Prime numbers have only two divisors, 1 and it self.
• It can’t be written as multiplication of other numbers.
• Eg. 2,3,5,7 are prime numbers; 4,6,8,9,10 are
not.
• List of prime numbers less than 100 is: 2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59
61 67 71 73 79 83 89 97
99
![Page 100: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/100.jpg)
Prime Factorization
• Given a number n, factoring n is to write it as multiple of other numbers; n = x * y * z.
• Prime factorization is to write a number n as a product of prime numbers.
• Eg. 91 = 7 * 13
100
![Page 101: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/101.jpg)
Fermat’s Little Theorem
• ap-1 mod p = 1 , where p is prime and gcd(a,p)=1
• In other words, if p is a prime number, and a is any integer, then ap-a is an integer multiple of p
• Eg. a=2, p=7, 27 =128, 128-2=126, 126=7*18, 126 is multiple of 7.
101
![Page 102: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/102.jpg)
Relatively Prime Numbers (Coprimes)
• Two numbers (a and b) are relatively prime if they have no common divisors other than 1 – eg. 8 & 9 are relatively prime since factors of 8 are 1,2,4,8
and factors of 9 are 1,3,9 and 1 is the only common factor
• In other words, relatively prime numbers have a greatest common divisor (GCD) of 1.
102
![Page 103: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/103.jpg)
Euler Totient Function ø(n)
• Is an arithmetic function that calculates the number of relatively prime numbers (<= n) to a given number n.
• Examples: – ø(1) = 0.
– ø(10) = 4 // {1,3,7,9}
– ø(p) = p-1, if p is prime.
– ø(pe) = pe - pe-1 , if p is prime.
– ø(m*n) = ø(m) * ø(n), if m and n are coprimes
103
![Page 104: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/104.jpg)
RSA Key Generation
1. choose two distinct prime numbers, p and q
2. compute n = p*q.
3. find ø(n) = ø(p) * ø(q) = (p-1)*(q-1).
4. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1 – e is the public key
5. calculate d as d*e ≡ 1 (mod φ(n)) – d is the private key
104
![Page 105: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/105.jpg)
RSA Example
1. Select primes: p=17 & q=11
2. Compute n = pq =17×11=187
3. Compute ø(n)=(p–1)(q-1)=16×10=160
4. Select e : gcd(e,160)=1; choose e=7
5. Determine d: d*e=1 mod 160 and d < 160 Value is d=23 since 23×7=161= 10×160+1
6. Publish public key{7,187}
7. Keep secret private key{23,17,11}
105
![Page 106: Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography –CHAPTER 2, A Cryptography Primer –CHAPTER 37, Data Encryption –CHAPTER 39, Public](https://reader031.vdocuments.net/reader031/viewer/2022021716/5e6c59828432040cd9072ee4/html5/thumbnails/106.jpg)
RSA Example cont
• sample RSA encryption/decryption is:
• given message M = 88
• encryption:
C = 887 mod 187 = 11
• decryption:
M = 1123 mod 187 = 88
106