introduction to cryptography - cct.lsu.edusidhanti/classes/csc4601/5_4601_04.pdf · louisiana state...
TRANSCRIPT
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 1
Introduction to Introduction to CryptographyCryptography
Dr. Arjan Durresi Louisiana State UniversityBaton Rouge, LA 70810
These slides are available at:http://www.csc.lsu.edu/~durresi/csc4601_04/
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 2
OverviewOverview
DefinitionsSecret keysPublic keysHash functions
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 3
Communication SecrecyCommunication SecrecyThe history of codes and ciphers is the story of centuries-old battle between codemakers and codebreakersEvolution of codes. Always under attack from codebreakers.
Analogous to the situation of a strain of infectious bacteria under the attack of antibiotics Technologies involved from mathematics to linguistics, from information theory to quantum theory
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 4
The Evolution of Secret WritingThe Evolution of Secret WritingIn The histories, Herodotus, “the father of history”, chronicled the conflicts between Greece and Persia in the fifth century B.C. The art of secret writing saved the Greece
Demaratus send information to Greece about Persian preparation using secret messages: scraping the wax off a pair of wooden folding tablets, writing on the wood underneath and then covering the message with wax again.
Herodotus chronicled also the story of Histaiaeus who wanted to encaurage Aristagoras of Miletus to revolt against Persians
To convey his instructions securely, Histaiaeus shaved the head of his messenger, wrote the message on his scalp, and then waited for the hair to grow. It seems this period of history tolerated a certain lack of urgency.
Hiding a message is known as steganography derived from the Greek word steganos meaning “covered” and graphein–“to write”.
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 5
The Evolution of Secret WritingThe Evolution of Secret WritingIn the two thousand years since Herodotus, various forms of steganography has been used.The ancient Chinese wrote messages on fine silk, which then was scrunched into a tiny ball and covered in wax and swallowed by a messenger.In the 16th century, the Italian scientist Giovanni Portadescribed how to conceal a message within a hard-boiled egg by making an ink from mixture of alum and pint vinegar and then write on the shell. The solution penetrates the shell and leaves the message on the egg inside and can be read when the shell is removed.Today write messages on pictures posted on the web
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 6
The Evolution of Secret WritingThe Evolution of Secret WritingThe longevity of steganography illustrates that can offer security, but it suffers from a fundamental weakness. If the message is found the secret is revealed. Hence in parallel with steganography, there was the evolution of Cryptography, derived from the Greek word kryptos –“hidden”.The aim of cryptography is not to hide the existence of the message, but rather hide its meaning, a process known as encryption.
To render the message unintelligible, it is scrambled according a particular protocol agreed beforehand between the sender and the intended recipient.The advantage of cryptography is that if the enemy intercepts an encrypted message, then the message is unreadable.
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 7
CryptographyCryptographyPossible to combine cryptography and steganography.For example, during Second World War, German agents in Latin America would photographically shrink a page of text down to a dot less than 1 mm and then hide it in a letter. Sometimes they also scrambled the text before reducing it.Cryptography is more powerful because of this ability to prevent the information from falling into enemy hands.
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 8
CryptographyCryptographyCryptography can be divided into: transposition and substitution. In transposition, the letters of the message are simply rearranged. For very short messages, such as a single word, thismethod is relatively insecure. “For example, consider this short sentence.”
35 letters with more than 50 *1030 distinct arrangements. If each person would check one arrangement per second, it would take all people more than thousand time the life of universe to check all arrangements. This seems unbreakable, but there is a drawback. If letter are randomly jumbled without rule, then unscrambling the text will be impossible for the enemy as well as for the recipient.
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 9
CryptographyCryptographyHave a history of at least 4000 years Ancient Egyptians enciphered some of their hieroglyphic writing on monuments
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 10
Spartan Spartan ScytaleScytale
Wrap a strip of paper around a tube of specific size, then write your message sideways (generally one letter per strip). Only someone with same size tube can read your message.
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 11
CryptographyCryptographyAncient Hebrews enciphered certain words in the scriptures 2000 years ago Julius Ceasar used a simple substitution cipher, now known as the Caesar cipher Roger Bacon described several methods in 1200s Geoffrey Chaucer included several ciphers in his works Leon Alberti devised a cipher wheel, and described the principles of frequency analysis in the 1460s Blaise de Vigenère published a book on cryptology in 1585, & described the polyalphabetic substitution cipher Increasing use, esp in diplomacy & war over centuries
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 12
Substitution CiphersSubstitution CiphersMake a table for all the letters of the alphabet. Pick a new code letter to stand for each one. Go through your message, and replace each letter with its code letter from the table. Only someone with the table could decode your message.
Original a b c d e f g h i jCode Letter D F I Q K X M Z R P
bed
FKQ
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 13
Caesar Cipher Caesar Cipher akaaka Decoder Decoder RingsRings
Caesar used a simple substitution cipher. He just “shifted” the alphabet. But since there’s only 26 ways to shift, these codes are easy to break (just try all 26 ways).
Original a b c d e f g h i j ...Code Letter D E F G H I J K L M ...
Image: Old Time Radio Premiums
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 14
KKāāmama--SSūūtratra Secret WritingSecret WritingA harder-to-break cipher can be designed by instead of just shifting the letters of the alphabet, you assign each letter a totally random code letter.This form of secret-writing is one of the 64 arts explained in the Kāma-Sūtra.
Original a b c d e f g h i jCode Letter D F I Q K X M Z R P
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 15
Newspaper CryptogramsNewspaper Cryptograms
Why don’t we all just use this approach to hide our information? Because people can figure out how to decode it!In fact, substitution ciphers are behind the cryptogram puzzles you see in the newspaper. People solve these in an afternoon…Computers make them even easier to solve.
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 16
DefinitionsDefinitionsProcess data into unintelligible form, reversible, without data lossUsually one-to-one (not compression)Analog cryptography example: voice changersOther services:
Integrity checking: no tamperingAuthentication: not an imposter
Plaintext encryption→ ciphertext decryption → plaintext
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 17
Secret Key CryptographySecret Key Cryptography
Originally a way to keep secret data privateEncode a message using a secret “key”A long and colorful history
Today, it has many usesPrivacyAuthentication – verifying someone (something’s) identityData Integrity – reassuring the recipient of the message that the message has not been altered since it was generated by a legitimate source
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 18
What is Encryption?What is Encryption?You and I agree on a secret way to transform dataLater, we use that transform on data we want to pass over an unsafe communications channelInstead of coming up with new transforms, design a common algorithm customized with a “key”
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 19
Secret Key Encryption for Secret Key Encryption for PrivacyPrivacy
Encrypt DecryptPlaintext Ciphertext Plaintext
Key Key
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 20
How Secure is Encryption?How Secure is Encryption?An attacker who knows the algorithm we’re using could try all possible keysSecurity of cryptography depends on the limited computational power of the attackerA fairly small key (e.g. 64 bits) represents a formidable challenge to the attackerAlgorithms can also have weaknesses, independent of key size
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 21
How do we know how good an How do we know how good an algorithm is?algorithm is?
A problem of mathematics: it is very hard to prove a problem is hardIt’s never impossible to break a cryptographic algorithm - we want it to be as hard as trying all keysFundamental Tenet of Cryptography: If lots of smart people have failed to solve a problem then it probably won’t be solved (soon)
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 22
To Publish or Not to PublishTo Publish or Not to Publish
If the good guys break your algorithm, you’ll hear about itIf you publish your algorithm, the good guys provide free consulting by trying to crack itThe bad guys will learn your algorithm anywayToday, most commercial algorithms are published; most military algorithms are not
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 23
Computational DifficultyComputational DifficultyAlgorithm needs to be efficient.
Otherwise only short keys can be used.Most schemes can be broken: depends on $$$.
E.G. Try all possible keys.Longer key is often more secure:
Encryption O(N+1).Brute-force cryptanalysis: O(2N+1), twice as hard with each additional bit.
Cryptanalysis tools:Special-purpose hardware.Parallel machines.Internet coarse-grain parallelism.
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 24
Secret Key vs. Secret AlgorithmSecret Key vs. Secret AlgorithmSecret algorithm: additional hurdleHard to keep secret if used widely:
Reverse engineering, social engineeringCommercial: published
Wide review, trustMilitary: avoid giving enemy good ideasDutch linguist in 1883, Kerckhoff’s Principle: “ The security of a cryptosystem must not depend on keeping secret the crypto-algorithm. The security depends only on keeping secret the key.”
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 25
Classical Substitution CiphersClassical Substitution CiphersWhere letters of plaintext are replaced by other letters or by numbers or symbolsOr if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 26
Caesar CipherCaesar CipherEarliest known substitution cipherby Julius Caesar First attested use in military affairsReplaces each letter by 3rd letter onExample:meet me after the toga partyPHHW PH DIWHU WKH WRJD SDUWB
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 27
Caesar CipherCaesar Ciphercan define transformation as:a b c d e f g h i j k l m n o p q r s t u v w x y zD E F G H I J K L M N O P Q R S T U V W X Y Z A B C
mathematically give each letter a numbera b c d e f g h i j k l m0 1 2 3 4 5 6 7 8 9 10 11 12n o p q r s t u v w x y Z13 14 15 16 17 18 19 20 21 22 23 24 25
then have Caesar cipher as:C = E(p) = (p + k) mod (26)p = D(C) = (C – k) mod (26)
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 28
Cryptanalysis of Caesar Cipher Cryptanalysis of Caesar Cipher
only have 26 possible ciphers A maps to A,B,..Z
could simply try each in turn a brute force searchgiven ciphertext, just try all shifts of lettersdo need to recognize when have plaintexteg. break ciphertext "GCUA VQ DTGCM"
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 29
MonoalphabeticMonoalphabetic CipherCipherrather than just shifting the alphabet could shuffle (jumble) the letters arbitrarily each plaintext letter maps to a different random ciphertext letter hence key is 26 letters long
Plain: abcdefghijklmnopqrstuvwxyzCipher: DKVQFIBJWPESCXHTMYAUOLRGZNPlaintext: ifwewishtoreplacelettersCiphertext: WIRFRWAJUHYFTSDVFSFUUFYA
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 30
MonoalphabeticMonoalphabetic Cipher SecurityCipher Security
now have a total of 26! = 4 x 1026 keys with so many keys, might think is secure but would be !!!WRONG!!!problem is language characteristics
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 31
Language Redundancy and Language Redundancy and CryptanalysisCryptanalysis
human languages are redundanteg "th lrd s m shphrd shll nt wnt" letters are not equally commonly used in English e is by far the most common letter then T,R,N,I,O,A,S other letters are fairly rare cf. Z,J,K,Q,X have tables of single, double & triple letter frequencies
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 32
English Letter FrequenciesEnglish Letter Frequencies
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 33
Use in CryptanalysisUse in Cryptanalysiskey concept - monoalphabetic substitution ciphers do not change relative letter frequencies discovered by Arabian scientists in 9th centurycalculate letter frequencies for ciphertextcompare counts/plots against known values if Caesar cipher look for common peaks/troughs
peaks at: A-E-I triple, NO pair, RST tripletroughs at: JK, X-Z
for monoalphabetic must identify each lettertables of common double/triple letters help
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 34
Example CryptanalysisExample Cryptanalysisgiven ciphertext:UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
count relative letter frequencies (see text)guess P & Z are e and tguess ZW is th and hence ZWP is theproceeding with trial and error finally get:it was disclosed yesterday that several informal butdirect contacts have been made with politicalrepresentatives of the viet cong in moscow
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 35
PlayfairPlayfair CipherCiphernot even the large number of keys in a monoalphabetic cipher provides security one approach to improving security was to encrypt multiple letters the Playfair Cipher is an example invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 36
PlayfairPlayfair Key MatrixKey Matrixa 5X5 matrix of letters based on a keyword fill in letters of keyword (sans duplicates) fill rest of matrix with other letterseg. using the keyword MONARCHY
MONARCHYBDEFGIKLPQSTUVWXZ
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 37
Encrypting and DecryptingEncrypting and Decryptingplaintext encrypted two letters at a time:
1. if a pair is a repeated letter, insert a filler like 'X', eg. "balloon" encrypts as "ba lx lo on"
2. if both letters fall in the same row, replace each with letter to right (wrapping back to start from end), eg. “ar" encrypts as "RM"
3. if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom), eg. “mu" encrypts to "CM"
4. otherwise each letter is replaced by the one in its row in the column of the other letter of the pair, eg. “hs" encrypts to "BP", and “ea" to "IM" or "JM" (as desired)
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 38
Security of the Security of the PlayfairPlayfair CipherCiphersecurity much improved over monoalphabeticsince have 26 x 26 = 676 digramswould need a 676 entry frequency table to analyse (verses 26 for a monoalphabetic) and correspondingly more ciphertextwas widely used for many years (eg. US & British military in WW1) it can be broken, given a few hundred letters since still has much of plaintext structure
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 39
PolyalphabeticPolyalphabetic CiphersCiphersanother approach to improving security is to use multiple cipher alphabets called polyalphabetic substitution ciphersmakes cryptanalysis harder with more alphabets to guess and flatter frequency distribution use a key to select which alphabet is used for each letter of the message use each alphabet in turn repeat from start after end of key is reached
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 40
VigenVigenèèrere CipherCiphersimplest polyalphabetic substitution cipher is the Vigenère Ciphereffectively multiple caesar ciphers key is multiple letters long K = k1 k2 ... kd ith letter specifies ith alphabet to use use each alphabet in turn repeat from start after d letters in messagedecryption simply works in reverse
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 41
ExampleExamplewrite the plaintext out write the keyword repeated above ituse each key letter as a caesar cipher key encrypt the corresponding plaintext lettereg using keyword deceptivekey: deceptivedeceptivedeceptiveplaintext: wearediscoveredsaveyourselfciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 42
Security of Security of VigenVigenèèrere CiphersCiphersHave multiple ciphertext letters for each plaintext letterhence letter frequencies are obscuredbut not totally lostStart with letter frequencies
see if look monoalphabetic or notIf not, then need to determine number of alphabets, since then can attach each
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 43
KasiskiKasiski MethodMethodMethod developed by Babbage / KasiskiRepetitions in ciphertext give clues to period So find same plaintext an exact period apart Which results in the same ciphertextOf course, could also be random flukeeg repeated “VTW” in previous exampleSuggests size of 3 or 9Then attack each monoalphabetic cipher individually using same techniques as before
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 44
AutokeyAutokey CipherCipherideally want a key as long as the messageVigenère proposed the autokey cipher with keyword is prefixed to message as keyknowing keyword can recover the first few letters use these in turn on the rest of the messagebut still have frequency characteristics to attack eg. given key deceptivekey: deceptivewearediscoveredsavplaintext: wearediscoveredsaveyourselfciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 45
OneOne--Time PadTime Padif a truly random key as long as the message is used, the cipher will be secure called a One-Time padis unbreakable since ciphertext bears no statistical relationship to the plaintextsince for any plaintext & any ciphertext there exists a key mapping one to othercan only use the key once thoughhave problem of safe distribution of key
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 46
Transposition CiphersTransposition Ciphersnow consider classical transposition or permutationciphers these hide the message by rearranging the letter order without altering the actual letters usedcan recognise these since have the same frequency distribution as the original text
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 47
Rail Fence cipherRail Fence cipherwrite message letters out diagonally over a number of rows then read off cipher row by roweg. write message out as:m e m a t r h t g p r ye t e f e t e o a a t
giving ciphertextMEMATRHTGPRYETEFETEOAAT
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 48
Row Transposition CiphersRow Transposition Ciphersa more complex schemewrite letters of message out in rows over a specified number of columnsthen reorder the columns according to some key before reading off the rowsKey: 3 4 1 2 5 6 7Plaintext: a t t a c k p
o s t p o n ed u n t i l tw o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 49
Product CiphersProduct Ciphersciphers using substitutions or transpositions are not secure because of language characteristicshence consider using several ciphers in succession to make harder, but:
two substitutions make a more complex substitution two transpositions make more complex transposition but a substitution followed by a transposition makes a new much harder cipher
this is bridge from classical to modern ciphers
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 50
Rotor MachinesRotor Machinesbefore modern ciphers, rotor machines were most common product cipherwere widely used in WW2
German Enigma, Allied Hagelin, Japanese Purpleimplemented a very complex, varying substitution cipherused a series of cylinders, each giving one substitution, which rotated and changed after each letter was encryptedwith 3 cylinders have 263=17576 alphabets
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 51
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 52
SteganographySteganographyan alternative to encryptionhides existence of message
using only a subset of letters/words in a longer message marked in some wayusing invisible inkhiding in LSB in graphic image or sound file
has drawbackshigh overhead to hide relatively few info bits
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 53
Cryptanalysis: Breaking an Cryptanalysis: Breaking an Encryption SchemeEncryption Scheme
Ciphertext only:Exhaustive search until “recognizable plaintext”Need enough ciphertext
Known plaintext:Secret may be revealed (by spy, time), thus <ciphertext, plaintext> pair is obtainedGreat for monoalphabetic ciphers
Chosen plaintext:Choose text, get encryptedUseful if limited set of messages
Encryption schemes have to withstand all three types of attacks
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 54
Models for Evaluating SecurityModels for Evaluating Security
Unconditional security (perfect secrecy)Uncertainty/entropy H(p)=H(p|c)No matter how much computer power is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext
Complexity-theoretic securityProvable security
As difficult to break as solving well-known and supposedly difficult problem
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 55
Models for Evaluating SecurityModels for Evaluating SecurityComputational security
Given limited computing resources (eg time needed for calculations is greater than age of universe), the cipher cannot be broken
Ad hoc security
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 56
Brute Force AttacksBrute Force AttacksNumber of encryption/sec: 1 million to 1 billion/sec56-bit key broken in 1 week with 120,000 processors ($6.7m)56-bit key broken in 1 month with 28,000 processors ($1.6m)64-bit key broken in 1 week with 3.1 × 107
processors ($1.7b)128-bit key broken in 1 week with 5.6 × 1026
processors
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 57
Uses of CryptographyUses of CryptographyTransmitting secret data over an insecure channelStoring secret data on an insecure mediumMessage integrity checksum/authentication code (MIC/MAC)Authentication: “challenge” the other party to encrypt or decrypt a random number
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 58
Types of CryptographyTypes of Cryptography
Secret key cryptography: one keyPublic key cryptography: two keys - public, private Hash functions: no key
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 59
Secret Key CryptographySecret Key CryptographySame key is used for encryption and decryption
Symmetric cryptographyCiphertext approximately the same length as plaintextSubstitution codes, DES, IDEAMessage transmission:
Agree on key (but how?)Communicate over insecure channel
Secure storage: crypt
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 60
Symmetric Cipher ModelSymmetric Cipher Model
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 61
Secret Key AlgorithmsSecret Key AlgorithmsDES (Data Encryption Standard)
56 bit key (+ 8 parity bits) controversial!Input and output are 64 bit blocksslow in software, based on (sometime gratuitous) bit diddling
IDEA (International Data Encryption Algorithm)128 bit keyInput and output are 64 bit blocksdesigned to be efficient in software
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 62
Secret Key AlgorithmsSecret Key AlgorithmsTriple DES
Apply DES three times (EDE) using K1, K2, K3 where K1 may equal K3Input and output 64 bit blocksKey is 112 or 168 bits
Advanced Encryption Standard (AES)New NIST standard to replace DES.Public Design and Selection Process. Key Sizes 128,192,256. Block size 128.
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 63
Secret Key AlgorithmsSecret Key AlgorithmsRC2 (Rivest’s Cipher #2)
Variable key sizeInput and output are 64 bit blocks
RC4 (Rivest’s Cipher #4)Variable key sizeExtremely efficientStream cipher - one time use keys
Many other secret key algorithms existIt is hard to invent secure ones!No good reason to invent new ones
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 64
XOR (ExclusiveXOR (Exclusive--OR)OR)
Bitwise operation with two inputs where the output bit is 1 if exactly one of the two input bits is one(B XOR A) XOR A) = BIf A is a “one time pad”, very efficient and secureCommon encryption schemes (e.g. RC4) calculate a pseudo-random stream from a key
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 65
Secret Key Integrity ProtectionSecret Key Integrity Protection
GenerateMAC
VerifyMAC
MAC
Plaintext
Yes/No
Key Key
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 66
Challenge / Response Challenge / Response AuthenticationAuthentication
Alice (knows K) Bob (knows K)
I’m Alice Pick Random REncrypt R using K(getting C)
If you’re Alice, decrypt C
R
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 67
Secret Key Cryptography Secret Key Cryptography (Cont(Cont’’d)d)
Strong authentication: prove knowledge of key without revealing it:
Send challenge r, verify the returned encrypted {r}Fred can obtain chosen plaintext, cihpertextpairs
Challenge should chosen from a large poolIntegrity check: fixed-length checksum for message
Send Message Integrity Code (MIC) along with the message
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 68
Public Key Encryption for Public Key Encryption for PrivacyPrivacy
Plaintext Ciphertext Plaintext
Public Key Private Key
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 69
Public Key CryptographyPublic Key CryptographyAsymmetric cryptographyInvented/published in 1975Two keys: private (d), public (e)
Encryption: public key; Decryption: private keySigning: private key; Verification: public key
Much slower than secret key cryptography
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 70
Public Key CryptographyPublic Key Cryptography
Two keys per user: a private key and a public key. The keys reverse each other’s effects.Encrypt a message for Alice using her public keyDecryption requires her private keyGenerating Digital Signatures requires the private keyVerifying them requires the public key
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 71
Public Key Cryptography Public Key Cryptography (Cont(Cont’’d)d)
Data transmission:Alice encrypts ma using eB, Bob decrypts to mausing db.
Storage:Can create a safety copy: using public key of trusted person.
Authentication:No need to store secrets, only need public keys.Secret key cryptography: need to share secretkey for every person to communicate with.
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 72
Public Key Cryptography Public Key Cryptography (Cont(Cont’’d)d)
Digital signaturesEncrypt hash h(m) with private key
AuthorshipIntegrityNon-repudiation: can’t do with secret key cryptography
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 73
Public Key Integrity ProtectionPublic Key Integrity Protection
GenerateSignature
VerifySignature
Signature
Plaintext
Yes/No
Private Key Public Key
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 74
Public Key AuthenticationPublic Key Authentication
Alice (knows A’sprivate key)
Bob (knows A’spublic key)
I’m Alice Pick Random REncrypt R usingA’s public key(getting C)If you’re Alice, decrypt C
RDecrypt C
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 75
Message Digest FunctionsMessage Digest Functions
DigestMessage Digest Value
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 76
Hash AlgorithmsHash AlgorithmsMessage digests, one-way transformationsLength of h(m) much shorter then length of mUsually fixed lengths: 48-128 bitsEasy to compute h(m) Given h(m), no easy way to find mComputationally infeasible to find m1, m2 s.t. h(m1) = h(m2)Example: (m+c)2, take middle n digits
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 77
Hash Algorithms (ContHash Algorithms (Cont’’d)d)Password hashing
Doesn’t need to know password to verify itStore h(p+s), s (salt), and compare it with the user-entered pSalt makes dictionary attack less convenient
Message integrityAgree on a password pCompute h(p|m) and send with mDoesn’t require encryption algorithm, so the technology is exportable
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 78
Message Digest FunctionsMessage Digest FunctionsAlso known as cryptographic hashesNon-reversible functionTakes an arbitrary size message and mangles it into a fixed size digestIt should be impossible to find two messages with the same MD, or come up with a message with a given MDUseful as a shorthand for a longer thing
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 79
Message Digest FunctionsMessage Digest FunctionsMD2, MD4, and MD5 used to be most popular. SHA-1 taking overAll produce 128 bit digestsMD4 and MD2 were recently “broken” and MD5 has significant weaknessesSHA-1 was proposed by the U.S. government. It produces a 160 bit digestMessage digests are not difficult to design, but most are not secure
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 80
Combining Cryptographic Combining Cryptographic Functions for PerformanceFunctions for Performance
Public key cryptography is slow compared to hashes and secret key cryptographyPublic key cryptography is more convenient & secure in setting up keysAlgorithms can be combined to get the advantages of both
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 81
Hybrid EncryptionHybrid Encryption
Instead of:Message
Encrypted with Alice’s Public KeyUse:
RandomlyChosen K
Encrypted withAlice’s Public Key
Message
Encrypted withSecret Key K
+
Message
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 82
Hybrid SignaturesHybrid Signatures
Instead of:Message
Signed with Bob’s Private Key
Use:
Message
Message
Signed with Bob’s Private Key
Digest (Message)Message +
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 83
Signed and Encrypted MessageSigned and Encrypted Message
RandomlyChosen K
Encrypted withAlice’s Public Key
Message
Encrypted withSecret Key K
+
Digest (Message)+ Signed with
Bob’s Private Key
CSC4601 F04Louisiana State University 5- Introduction to Cryptography - 84
SummarySummary
DefinitionsSecret keysPublic keysHash functions