1. Cryptography Introduction
Li Sung-Chi Taiwan Evolutionary Intelligence Laboratory 2016/10/12 Group Meeting Presentation

2. Outline Classification of the Field of Cryptology Symmetric Ciphers
Asymmetric Ciphers
Post-quantum Cryptography

3. Classification of the Field of Cryptology
Cryptography
Cryptanalysis

4. Classification of the Field of Cryptology
Cryptography
Cryptanalysis
Symmetric
Asymmetric

5. Cryptography
Cryptography
Symmetric
Asymmetric

6. Symmetric vs Asymmetric
Analogy:
Symmetric Ciphers: Alice Bob

7. Symmetric vs Asymmetric
Analogy:
Symmetric Ciphers: Alice Bob

8. Symmetric vs Asymmetric
Analogy:
Asymmetric Alice Bob

9. Symmetric vs Asymmetric
Analogy:
Asymmetric Alice Bob

10. Symmetric vs Asymmetric
Analogy:
Asymmetric Alice Bob

11. Symmetric vs Asymmetric
Analogy:
Asymmetric Alice Bob

12. Cryptography
Cryptography
Symmetric
Asymmetric

13. Symmetric Ciphers
K is Key
Alice and Bob use the same K

14. Symmetric Ciphers y is encrypted message eK is encryption with key K
dK is decryption with key K

15. Symmetric Ciphers
Symmetric
Block ciphers
Stream Ciphers

16. Stream Cipher

17. Block Cipher
Input a certain length message and encrypt a full block

18. Symmetric Ciphers
Symmetric
Block ciphers
Stream Ciphers

19. Stream Cipher Substitution Ciphers (Caesar Cipher, ROT13, …)
One-Time Pad(OTP)

20. Substitution Cipher
Casesar Cipher, also called shift cipher

21. Substitution Cipher
ROT13: Casesar Cipher with shift number = 13

22. One-Time Pad (OTP) Not the One-Time Password (OTP) we are using now
Encryption: k is random generated key
Decryption:

23. One-Time Pad (OTP)
Disadvantage: key must be as long as the message. WHY???
If the key less is less than twice of the message, and the attacker have one plain text and cipher text pair, he then crack the encryption.

24. Symmetric Ciphers
Symmetric
Block ciphers
Stream Ciphers

25. Block Ciphers
AES, DES, TKIP

26. AES

27. AES

28. AES
Iterated with 10/12/14 rounds (128/192/256)

29. AES
S-Box

30. S-Box
Nonlinear: operation 𝐵𝑦𝑡𝑒𝑆𝑢𝑏 𝐴 𝑖 +𝐵𝑦𝑡𝑒𝑆𝑢𝑏 𝐴 𝑗 ≠𝐵𝑦𝑡𝑒𝑆𝑢𝑏( 𝐴 𝑖 + 𝐴 𝑗 )
Bijective
ShiftRows
MixColumn

31. AES
Decryption

32. Block Ciphers AES is currently the most safe symmetric cipher
3-DES was used in ATM, but change to AES since 2001
TKIP can be used in wifi encryption, but was found a security hole.

33. Issues of block ciphers
Plaintext
Encryption using AES

34. CBC
Encryption
Decryption

35. Issues of block ciphers
Plaintext
Encryption using AES with CBC mode

36. Symmetric Ciphers
K is Key
Alice and Bob use the same K

37. Secure Channel
Diffie-Hellman key exchange (DHKE)
Asymmetric ciphers

38. DHKE
Domain parameter p, α

39. DHKE

40. Cryptography
Cryptography
Symmetric
Asymmetric

41. Asymmetric Ciphers RSA
ECDH (Elliptic Curve Diffie-Hellman key exchange)

42. ECC

43. ECC

44. Computations on Elliptic Curves
Define

45. Computations on Elliptic Curves

46. Computations on Elliptic Curves

47. ECDH

48. Advantage of ECC over RSA
ECC has less key storage size, and more efficient implementation than RSA (at the same security level); thus is good for embedded system.

49. Man-in-the-Middle
Shortened MITM

50. MITM MITM works for both symmetric, asymmetric ciphers
How can we defense this attack?

51. Certificate (CA)

52. Post-Quantum Cryptography
The new need for cryptography
Quantum computer
Reduce time complexity by square root
NIS readies ‘post-quantum’ crypto competition in May 2016

53. PQC
Currently, the candidate of post-quantum encryptions are mostly based on Lattice system
We’ll discuss a encryption called GGH

54. Lattice
𝐿= 𝑎 1 𝒗 1 + 𝑎 2 𝒗 2 +…+ 𝑎 𝑛 𝒗 𝑛 : 𝑎 1 , 𝑎 2 ,…, 𝑎 𝑛 ∈ℤ

55. Problem on Lattice System
SVP
CVP

56. Babai’s Algorithm
Do the transformation any, round all number in the vector
How orthogonal basis is does matter!

57. Babai’s Algorithm Example 𝑉= 𝒗 1 , 𝒗 2 , 𝒗 3 𝒗 1 = −97, 19, 19
𝒗 2 = −36, 30, 86
𝒗 3 = −184, −64, 78 𝑊= 𝒘 1 , 𝒘 2 , 𝒘 3
𝒘 1 = − , − ,
𝒘 2 = − , − ,
𝒘 3 =(− , − , )
ℋ 𝑉 ≈0.75
ℋ 𝑊 =

58. Babai’s Algorithm vector 𝒆∉𝐿 with 𝒆= −79081427,−35617462,11035473
𝒆 𝑉 = − ,− ,
𝒆 𝑊 = − ,− ,
𝒆− 𝒆 𝑉 = − ≈5.39
𝒆− 𝒆 𝑊 ≈

59. GGH Based on CVP Private key: a good basis 𝐵(orthogonal enough)
Public key: a bad basis 𝐵′
𝐵 ′ =𝑈𝐵, 𝑈 𝑖𝑠 𝑢𝑛𝑖𝑚𝑜𝑑𝑢𝑙𝑎𝑟 𝑚𝑎𝑡𝑟𝑖𝑥 i.e. row operation

60. GGH
Encryption: 𝑐=𝑚∗ 𝐵 ′ +𝑒 𝑐:𝑐𝑖𝑝ℎ𝑒𝑟 𝑡𝑒𝑥𝑡 𝑚:𝑝𝑙𝑎𝑖𝑛 𝑡𝑒𝑥𝑡 𝑒:𝑟𝑒𝑙𝑎𝑡𝑖𝑣𝑒𝑙𝑦 𝑠𝑚𝑎𝑙𝑙 𝑣𝑒𝑐𝑡𝑜𝑟
Represent 𝑚 in Lattice 𝐵

61. GGH
Decryption 𝑐∗ 𝐵 −1 = 𝑚∗ 𝐵 ′ +𝑒 ∗ 𝐵 −1 =𝑚∗𝑈∗𝐵∗ 𝐵 −1 +𝑒∗ 𝐵 −1 =𝑚∗𝑈+𝑒∗ 𝐵 −1
From Babai’s algorithm, 𝑒∗ 𝐵 −1 vanished
𝑚=𝑚∗𝑈∗ 𝑈 −1

62. Issues of GGH Potential danger if
Send the same message twice using different 𝑒
Send different message using the same 𝑒

63. Conclusion and Future
There are many encryptions, understand more can help you choose a suitable one for your application
Quantum computer is coming – lot’s of crypto system is in danger, but the PQC is still in development

64. Reference
陳君明老師的投影片