1. K. Salah1 Cryptography Module I

2. K. Salah2 Cryptographic Protocols  Messages should be transmitted to destination  Only the recipient should see it  Only the recipient should get it  Proof of the sender’s identity  Message shouldn’t be corrupted in transit  Message should be sent/received once only

3. K. Salah3 Terminology  Cipher: Arabic word means “meaningless” or “hiding meaning” The term cipher is used to refer to encryption and decryption algorithms. Decryption: recovering meaning from ciphertext  Cryptography: art and science of keeping messages secure  Cryptanalysis: art and science of breaking ciphertext Brute force attack Tries all possible keys on a piece of ciphertext  Cryptology: study of both cryptography and cryptanalysis

4. K. Salah4 Encryption and decryption  A key is a number (value) that the cipher, as an algorithm, operates on.  To encrypt a message, we need an encryption algorithm, an encryption key, and the plaintext. These create the ciphertext.  To decrypt a message, we need a decryption algorithm, a decryption key, and the ciphertext. These reveal the plaintext.  In cryptography, the encryption/decryption algorithms are public; the keys are secret.

5. K. Salah5 Symmetric-key cryptography  In symmetric-key cryptography, the same key is used by the sender (for encryption) and the receiver (for decryption). The key is shared.  In symmetric-key cryptography, the same key is used in both directions  The algorithm used for decryption is the inverse of the algorithm used for encryption.  It takes less time to encrypt a message using a symmetric-key algorithm than it takes to encrypt using a public-key algorithm.  Symmetric-key cryptography is often used for long messages  Disadvantages: Each pair of users must have a unique symmetric key. Key distribution must be done secretly (difficult when parties are geographically distant, or don't know each other) Need a key for each pair of users n users need n*(n-1)/2 keys If the secret key (and cryptosystem) is compromised, the adversary will be able to decrypt all traffic and produce fake messages

6. K. Salah6 Symmetric (Secret Key) Cryptosystem Encryption Decryption Plaintext Ciphertext K SenderRecipient C=E(K,M) M=D(K,C) K needs secure channel

7. K. Salah7 Asymmetric or Public Key Cryptosystem Encryption Decryption Plaintext Ciphertext SenderRecipient C=E(K pub,M) M=D(K priv,C) Recipient’s public Key (K pub ) Recipient’s private Key (K priv ) K pub needs reliable channel

8. K. Salah8 Basic Encryption Techniques Substitution (Replacement) Substitution (Replacement) Transposition or Permutation (Rearranging) Transposition or Permutation (Rearranging) Combinations and iterations of these Combinations and iterations of these  The principle of “Rounds”

9. K. Salah9 Caesar cipher A cipher using the substitution method substitutes one symbol with another. A cipher using the substitution method substitutes one symbol with another. Monoalphabetic: A character in the plaintext is always changed to the same character in the ciphertext regardless of its position in the text. Ex. Caesar Cipher. Monoalphabetic: A character in the plaintext is always changed to the same character in the ciphertext regardless of its position in the text. Ex. Caesar Cipher. In monoalphabetic substitution, the relationship between a character in the plaintext to the character in the ciphertext is always one-to-one In monoalphabetic substitution, the relationship between a character in the plaintext to the character in the ciphertext is always one-to-one Simple to implement but easy to break Simple to implement but easy to break  Common alphabets in English Letters E, T, O, A occur far more often than J, Q, X, Z  Can id the pattern easily

10. K. Salah10 Vigenere cipher In polyalphabetic substitution, the relationship between a character in the plaintext and a character in the ciphertext is one-to-many In polyalphabetic substitution, the relationship between a character in the plaintext and a character in the ciphertext is one-to-many Each occurrence of a character can have a different substitute Each occurrence of a character can have a different substitute  ‘A’ can be changed to ‘D’ at the beginning, and later ‘A’ can be changed to ‘X’ at the middle Key is like: Take the position of the character in the text, divide the number by 10, and let the remainder be the shift value. Key is like: Take the position of the character in the text, divide the number by 10, and let the remainder be the shift value. Ex. Vigenere Cipher. Ex. Vigenere Cipher.  The reminder is not shifted, but chosen from a table Difficult to attack when compared to Monoalphabetic. Difficult to attack when compared to Monoalphabetic.

11. K. Salah11 Transpositional cipher The characters retain their plaintext form but change their positions to create the ciphertext. The characters retain their plaintext form but change their positions to create the ciphertext. The text is organized into a two-dimensional table, and the columns are interchanged according to a key. The text is organized into a two-dimensional table, and the columns are interchanged according to a key.

12. K. Salah12 Block cipher Modern ciphers use a block of bits as the unit of encryption/decryption. Modern ciphers use a block of bits as the unit of encryption/decryption. P-box (P for permutation) performs a transposition at the bit level. It can be implemented in hardware or software, but hardware is faster. P-box (P for permutation) performs a transposition at the bit level. It can be implemented in hardware or software, but hardware is faster.

13. K. Salah13 S-box S-box (S for substitution) performs a substitution at the bit level. S-box (S for substitution) performs a substitution at the bit level. The S-box substitutes one decimal digit with another. The S-box substitutes one decimal digit with another. The S-box normally has three components: an encoder, a decoder, and a P-box. The S-box normally has three components: an encoder, a decoder, and a P-box. The decoder changes an input of n bits to an output of 2 n bits. This output has one single 1 (the rest are 0s) located at a position determined by the input. The P-box permutes the output of decoder, and the encoder changes the output of the P-box backs to a binary number in the same way as the decoder, but inversely. The decoder changes an input of n bits to an output of 2 n bits. This output has one single 1 (the rest are 0s) located at a position determined by the input. The P-box permutes the output of decoder, and the encoder changes the output of the P-box backs to a binary number in the same way as the decoder, but inversely.  For example, If the number is 010  00000100  01000000  110

14. K. Salah14 What makes a good cryptosystem? A good cryptosystem is one whose security does not depend upon the secrecy of the algorithm.  Two reasons: Achieving security through obscurity does not last for long The algorithm can not be shared by public From Bruce Schneier:  “Good cryptographers rely on peer review to separate the good algorithms from the bad.'' Confusion (by substitution) Confusion (by substitution)  Has a complex relationship between plaintext/key and ciphertext  Not easy to deduce the relation and thus see a pattern Diffusion (by permutation) Diffusion (by permutation)  Distributing and spreading the information from plaintext over the entire ciphertext  Therefore, changes in plaintext produce numerous changes in different and random parts of the ciphertext, not the same ones!