Presentation is loading. Please wait.

Presentation is loading. Please wait.

Elcomeway otay lasscay odaytay. Hetay opictay isway ryptographycay.

Published byGeorge Underwood Modified over 6 years ago

Similar presentations

Presentation on theme: "Elcomeway otay lasscay odaytay. Hetay opictay isway ryptographycay."— Presentation transcript:

1 Elcomeway otay lasscay odaytay. Hetay opictay isway ryptographycay.
Introduction to Cryptography CSCE Eastman -- Fall 2006

2 Terminology Symmetric vs. Asymmetric Algorithms
Cryptography Terminology Symmetric vs. Asymmetric Algorithms

3 Insecure Communications
Sender Snooper Recipient Insecure channel Confidential Introduction to Cryptography CSCE Eastman -- Fall 2006

4 Cryptographic Protocols
Messages should be transmitted to destination Only the recipient should see it Only the recipient should get it The recipient should know the sender’s identity Messages shouldn’t be corrupted in transit Messages should be sent/received once only Introduction to Cryptography CSCE Eastman -- Fall 2006

5 Terminology Plaintext (cleartext): a message in its original form
Ciphertext (cyphertext): an encrypted message Encryption: transformation of a message to hide its meaning Cipher: cryptographic algorithm. A mathematical function used for encryption (encryption algorithm) and decryption (decryption algorithm). Introduction to Cryptography CSCE Eastman -- Fall 2006

6 More Terminology Decryption: recovering meaning from ciphertext
Cryptography: art and science of keeping messages secure Cryptanalysis: art and science of breaking ciphertext Cryptology: study of both cryptography and cryptanalysis Introduction to Cryptography CSCE Eastman -- Fall 2006

7 Encryption and Decryption
Plaintext Ciphertext Plaintext Encryption Decryption Introduction to Cryptography CSCE Eastman -- Fall 2006

8 Basic Encryption Techniques
Substitution Permutation Combinations and iterations of these Introduction to Cryptography CSCE Eastman -- Fall 2006

9 Caesar Cipher C=E(K,M), e.g., C=(M+n) mod 26
plaintext placement: A B C D E … ciphertext placement: A B C D E F … e.g., M=CAB C =ECD Advantages: simple to implement Disadvantages: easy to break (25 possibilities for English alphabet) Introduction to Cryptography CSCE Eastman -- Fall 2006

10 Simple Alphabetic Substitution
Assign a new symbol to each plain text symbol randomly, e.g., C K, A H, B  L M=CAB C =KHL Advantage: large key space 26! Disadvantage: trivially broken for known plaintext attack Introduction to Cryptography CSCE Eastman -- Fall 2006

11 Polyalphabetic Substitution
Frequency distribution: reflects the distribution of the underlying alphabet  cryptanalysts find substitutions E.g., English: e – 14 %, t – 9.85%, a – 7.49%, o- 7.37%, … Approach: flatten the distribution E.g., combine high and low distributions: t  a (odd position), b (even position) x  a (even position) , b (odd position) Introduction to Cryptography CSCE Eastman -- Fall 2006

12 Cryptanalysis of Polyalphabetic Substitution
Determine the number of alphabets used Solve each piece as monoalphabetic substitution Kasiski Method: Uses regularity of English: letters, letter groupings, full words e.g., endings: -th, -ing, -ed, -ion, -ation, -tion,… beginnings: im-, in-, re-, un-, ... patterns: -eek-, -oot-, -our-, … words: of, end, to, with, are, is, … Introduction to Cryptography CSCE Eastman -- Fall 2006

13 Summary of Substitution
Advantages: Simple Easy to encrypt Disadvantages: Easy to break!!! Introduction to Cryptography CSCE Eastman -- Fall 2006

14 One-Time Pad Perfect Secrecy! Large, non-repeating set of keys
Key is larger than the message Introduction to Cryptography CSCE Eastman -- Fall 2006

15 Pros and Cons: One Time Pad
Advantages: Immune to most attacks Disadvantages: Need total synchronization Need very long, non-repeating key Key cannot be reused Key management: printing, storing, accounting for Introduction to Cryptography CSCE Eastman -- Fall 2006

16 Transposition Letters of the message are rearranged
Break patterns, e.g., columnar transposition Plaintext: this is a test t h i s i s a t tiehssiatst! e s t ! Advantages: easy to implement Disadvantages: Trivially broken for known plaintext attack Easily broken for cipher only attack Introduction to Cryptography CSCE Eastman -- Fall 2006

17 Cryptanalysis Rearrange the letters Digrams, Trigrams, Patterns
Frequent digrams: -re-, -th-, -en-, -ed-, … Cryptanalysis: Compute letter frequencies  substitution or permutation Compare strings of ciphertext to find reasonable patterns (e.g., digrams) Find digram frequencies Introduction to Cryptography CSCE Eastman -- Fall 2006

18 Double Transposition Two columnar transposition with different number of columns First transposition: breaks up adjacent letters Second transposition: breaks up short patterns Introduction to Cryptography CSCE Eastman -- Fall 2006

19 Product Ciphers One encryption applied to the result of the other En(En-1(…(E1(M)))), e.g., Double transposition Substitution followed by permutation, followed by substitution, followed by permutation… Broken for Chosen plaintext Introduction to Cryptography CSCE Eastman -- Fall 2006

20 Stream Ciphers Convert one symbol of plain text into a symbol of ciphertext based on the symbol (plain), key, and algorithm Advantages: Speed of transformation Low error propagation Disadvantages: Low diffusion Vulnerable to malicious insertion and modification Introduction to Cryptography CSCE Eastman -- Fall 2006

21 Block Ciphers Encrypt a group of plaintext as one block and produce a block of ciphertext Advantages: Diffusion Immunity to insertions Disadvantages: Slowness of encryption Error propagation Introduction to Cryptography CSCE Eastman -- Fall 2006

22 Secret Key Cryptosystem
Plaintext Ciphertext Plaintext Encryption Decryption Sender Recipient K C=E(K,M) M=D(K,C) K needs secure channel Introduction to Cryptography CSCE Eastman -- Fall 2006

23 Public Key Cryptosystem
Recipient’s public Key (Kpub) Recipient’s private Key (Kpriv) Plaintext Ciphertext Plaintext Encryption Decryption Sender Recipient C=E(Kpub,M) M=D(Kpriv,C) Kpub needs reliable channel Introduction to Cryptography CSCE Eastman -- Fall 2006

24 Cryptanalysis: Goals Break message Break key Break algorithm
Introduction to Cryptography CSCE Eastman -- Fall 2006

25 Taxonomy of Attacks Ciphertext-only attack: attacker has ciphertext for messages encrypted with E. Deduce keys and/or plaintext messages. Known plaintext attack: attacker additionally knows the plaintext of the messages. Deduce keys or a decryption algorithm. Chosen plaintext attack: attacker can obtain the ciphertext for selected plaintext messages. Deduce as above. Chosen ciphertext attack: attacker can obtain decrypted (plaintext) versions of selected ciphertext. Deduce as above. Introduction to Cryptography CSCE Eastman -- Fall 2006

26 Breakable vs. Practically Breakable
Unconditionally secure: impossible to decrypt. No amount of ciphertext will enable a cryptanalyst to obtain the plaintext Computationally secure: an algorithm that is not breakable in practice based on worst case scenario Breakable: all algorithms (except one-time pad) are theoretically breakable Introduction to Cryptography CSCE Eastman -- Fall 2006

27 What makes a good cryptosystem?
A good cryptosystem is one whose security does not depend upon the secrecy of the algorithm. From Bruce Schneier: “Good cryptographers rely on peer review to separate the good algorithms from the bad.'' Introduction to Cryptography CSCE Eastman -- Fall 2006

28 Secret Key Vulnerabilities: Passive
Passive Attacker (Eavesdropper) Obtain and/or guess key and cryptosystem use these to decrypt messages Capture text in transit and try a ciphertext-only attack to obtain plaintext. Introduction to Cryptography CSCE Eastman -- Fall 2006

29 Secret Key Vulnerabilities: Active
Active Attacker Break communication channel (denial of service) Obtain and/or guess key and cryptosystem and use these to send fake messages Introduction to Cryptography CSCE Eastman -- Fall 2006

30 Inherent Weaknesses of Symmetric Cryptography
Key distribution must be done secretly (difficult when parties are geographically distant, or don't know each other) Need a key for each pair of users n users need n*(n-1)/2 keys If the secret key (and cryptosystem) is compromised, the adversary will be able to decrypt all traffic and produce fake messages Introduction to Cryptography CSCE Eastman -- Fall 2006

31 Major Algorithms Secret key algorithms Public key algorithm
DES – Data Encryption Standard AES – Advanced Encryption Standard Public key algorithm RSA – Rivest-Shamir-Adelman Introduction to Cryptography CSCE Eastman -- Fall 2006

32 Secret Key Encryption Sender Recipient K K Plaintext Ciphertext M C
Decryption Plaintext M Ciphertext C Sender Recipient K K Secure channel R knows that: Message was sent by S Message hasn’t been altered Key source Introduction to Cryptography CSCE Eastman -- Fall 2006

33 Secret-Key Encryption
Needed for security: Secret key must be kept confidential Impossible (at least impractical) to decipher a message if no other information is available Knowledge of algorithm and samples of ciphertext must be insufficient to determine the key Introduction to Cryptography CSCE Eastman -- Fall 2006

34 Symmetric-Key with Server
Knows KO and KR Server Originator (O,R,IO) E([(IO,R,KOR,E((KOR,P), KR)], KO) E((KOR,P), KR) Recipient Decrypts with KR Knows KOR Decrypts with KO Knows KOR Does not know E((KOR,P), KR) Introduction to Cryptography CSCE Eastman -- Fall 2006

35 DES Overview DES is a product cipher
56 bit key size 64 bit block size for plaintext and cipher text Developed by IBM and adopted by NIST with NSA approval Adopted as US Standard November 1976 Encryption and decryption algorithms are public but the design principles are classified Introduction to Cryptography CSCE Eastman -- Fall 2006

36 DES Foundations Mathematics to design strong product ciphers is classified Breakable by exhaustive search on 56-bit key size for known plaintext, chosen plaintext and chosen ciphertext attacks Security: computational complexity of computing the key under the above scenarios (22 hours) Introduction to Cryptography CSCE Eastman -- Fall 2006

37 DES Controversies Key size 56 bits – threshold of allowing exhaustive-search known plaintext attack Built in trapdoor – allegations The US Senate Select Committee of Intelligence exonerated NSA from tampering with the design of DES in any way Introduction to Cryptography CSCE Eastman -- Fall 2006

38 DES Multiple Encryption
1992: proven that DES is not a group: multiple encryptions by DES are not equivalent to a single encryption Introduction to Cryptography CSCE Eastman -- Fall 2006

39 Double DES P EK1(P) EK2[EK1(P)] Intermediate Ciphertext Ciphertext
Plaintext Encryption Encryption K1 K2 Effective key size: 57 bit An increase of 1 bit !! Introduction to Cryptography CSCE Eastman -- Fall 2006

40 Triple DES P EK1(P) DK2[EK1(P)] EK1[DK2[EK1(P)]] E D E K1 K2 K1
If K1=K2: single encryption Effective key size: 112 bits Major improvement!!! Introduction to Cryptography CSCE Eastman -- Fall 2006

41 DES Algorithm K1 K2 K3 64 bit plaintext 56 bit key 64 bit ciphertext
Initial permutation Permuted choice K1 Iteration 1 Permuted choice 1 Left circular shift K2 Iteration 2 Permuted choice 2 Left circular shift K3 Iteration 16 Permuted choice 16 Left circular shift 32 bit swap Inverse initial permutation 64 bit ciphertext Introduction to Cryptography CSCE Eastman -- Fall 2006

42 DES Cycle R i-1 L i-1(= R i-2) L i R i + Permuted key + 32 bits
Expansion permutation 48 bits 48 bits + Permuted key 48 bits S-box 32 bits Permutation 32 bits + L i R i Introduction to Cryptography CSCE Eastman -- Fall 2006

43 Advanced Encryption Standard
Federal Information Processing Standard (FIPS) to be used by U.S. Government organizations Effective since May 26, 2002 Replaces DES (triple DES remains) Rijndael ([Rhine Dhal]) algorithm (Joan Daemen and Vincent Rijmen) Introduction to Cryptography CSCE Eastman -- Fall 2006

44 Motivations for AES Replacement of DES Known vulnerabilities
Broken by exhaustive key search attack Triple DES – secure but slow Need new standard that is: Secure – resist known attacks Cost effective Easy to implement and portable Flexible Introduction to Cryptography CSCE Eastman -- Fall 2006

45 AES Origin Started in 1997 and lasted for several years
Requirements specified by NIST: Algorithm unclassified and publicly available Available royalty free world wide Symmetric key Operates on data blocks of 128 bits Key sizes of 128, 192, and 256 bits Fast, secure, and portable Active life of years Provides full specifications Introduction to Cryptography CSCE Eastman -- Fall 2006

46 AES Finalists -- 1999 Algorithm name Complexity Speed Security margin
MARS (IBM- USA) Complex Fast High Serpent (Anserson, Biham, & Knudsen - U.K.) Simple - clean Slow Rijndael (Joan Daemen/V. Rijmen – Belgium) Simple -clean Good RC6 (RSA Data Security, Ins. - USA) Very simple Very fast Low Twofish (Bruse Schneier and others - USA) Introduction to Cryptography CSCE Eastman -- Fall 2006

47 Rijndael Algorithm Winner of the competition
Chosen for: security, performance, efficiency, ease of implementation, and flexibility Block cipher (variable block and key length) Block size: 128, 192, 256 bits Key size: 128, 192, 256 bits Introduction to Cryptography CSCE Eastman -- Fall 2006

48 Rijndael Overview Symmetric, block cipher
Key size: 128, 192, or 256 bits Block size: 128 Processed as 4 groups of 4 bytes (state) Operates on the entire block in every round Number of rounds depending on key size: Key=128  9 rounds Key=192  11 rounds Key=256  13 rounds Introduction to Cryptography CSCE Eastman -- Fall 2006

49 Diffusion and Confusion
Diffusion – spread information from plaintext across cyphertext Transposition/Permutation Confusion – transform information from plaintext in cyphertext Substitution Introduction to Cryptography CSCE Eastman -- Fall 2006

50 Rijndael Basic Steps Byte substitution: Confusion
Shift rows: Confusion Mix columns: Transformation Add round key: More confusion All operations can be done with XOR and table look-ups  very fast and efficient Introduction to Cryptography CSCE Eastman -- Fall 2006

51 Byte Substitution Simple substitution for each byte S-box: 16x16 bytes
Each byte of state is replaced by byte in row (left 4 bits) and column (right 4 bits) S-box is designed to resist known attacks Confusion Introduction to Cryptography CSCE Eastman -- Fall 2006

52 s00 s01 s02 s03 s10 s11 s12 s13 s20 s21 s22 s23 s30 s31 s32 s33 S-box
e.g., if s00 =5B and row 5 and Column B in S-box contains value 39, then s'00 = 39 Introduction to Cryptography CSCE Eastman -- Fall 2006

53 Shift Row Circular byte shift (128 or 192 bits block)
1st row: unchanged 2nd row: 1 byte circular shift to left 3rd row: 2 bytes circular shift to left 4th row: 3 bytes circular shift to left Decryption: shift to right Confusion Introduction to Cryptography CSCE Eastman -- Fall 2006

54 Shift Row Transformation
s0,0 s0,1 s0,2 s0,3 s1,0 s1,1 s1,2 s1,3 s2,0 s2,1 s2,2 s2,3 s3,0 s3,1 s3,2 s3,3 s'0,0 s'0,1 s'0,2 s'0,3 s'1,1 s'1,2 s'1,3 s'1,0 s'2,2 s'2,3 s'2,0 s'2,1 s'3,3 s'3,0 s'3,1 s'3,2 Introduction to Cryptography CSCE Eastman -- Fall 2006

55 Mix Column Each column is processed separately
Each byte is replaced by a value depending on all 4 bytes in the column Confusion and diffusion Introduction to Cryptography CSCE Eastman -- Fall 2006

56 Add Round Key Generate unique subkey: Create new words depending on
Previous word and 4 places back 3 and 4 cases XOR together Every 4th has s-box + rotate +XOR constant Designed to resist attack XOR state with unique key Confusion Introduction to Cryptography CSCE Eastman -- Fall 2006

57 AES Decryption Not the same as encryption Steps done in reverse
Different key schedule Introduction to Cryptography CSCE Eastman -- Fall 2006

58 Strength of AES Algorithm
New – few experimental results Cryptanalysis results Few theoretical weakness No real problem No relation to government agency  no allegations of tampering with code Has sound mathematical foundations Introduction to Cryptography CSCE Eastman -- Fall 2006

59 Public Key Cryptosystem
Insecure channel Ciphertext Plaintext Plaintext Encryption Algorithm. Decryption Algorithm. B Recipient A Sender B’s private key B’s public key (need reliable channel) Introduction to Cryptography CSCE Eastman -- Fall 2006

60 Public-Key Encryption
One of the keys must be kept secret Impossible (at least impractical) to decipher message if no other information is available Knowledge of algorithm, one of the keys, and samples of ciphertext must be insufficient to determine the other key Introduction to Cryptography CSCE Eastman -- Fall 2006

61 Public-Key Encryption
Two keys – one is private one is public Solves the key distribution problem (but need reliable channel) Provides electronic signatures Slower than secret-key encryption Introduction to Cryptography CSCE Eastman -- Fall 2006

62 Public Key Examples Concept conceived by Diffie and Hellman in 1976
Rivest, Shamir, and Adleman (RSA) describe a public key system in 1978 Many proposals have been broken e.g., Merkle-Hellman proposal broken by Shamir Serious candidates (public domain) RSA El Gamal Introduction to Cryptography CSCE Eastman -- Fall 2006

63 RSA Keys Public key: (n,e) Secret key: (n,d) n is a 200 digit number
C = Me mod n M = Cd mod n Introduction to Cryptography CSCE Eastman -- Fall 2006

64 Notation C = E(KE-B, M) M = D(KD-B,C) KE-B: public key of B
KD-B: private key of B E: encryption algorithm D: decryption algorithm M: plaintext C: ciphertext Introduction to Cryptography CSCE Eastman -- Fall 2006

65 Who Knows What? Both sender and receiver know n Sender knows e
Only receiver knows d Need: Find values e,d,n s.t. Easy to calculate Me, Cd for all M < n Infeasible to determine d give e Introduction to Cryptography CSCE Eastman -- Fall 2006

66 Generating RSA Keys Choose 2 large (100 digit) numbers p and q
Compute n = p*q Choose e relatively prime to (n) = (p-1)*(q-1) Compute d such that e*d = 1 mod (p-1)*(q-1) Publish (n,e) Secret (n,d), p, q Introduction to Cryptography CSCE Eastman -- Fall 2006

67 RSA Keys Example 1 Choose 2 “large” numbers p=7, q=17 Compute n=p*q
7*17=119 Choose relative prime to (p-1)*(q-1) 6*16=96, e=5 Compute d = 5–1 mod 96=77 Publish (5,119) Keep (77,119), 7, 17 Introduction to Cryptography CSCE Eastman -- Fall 2006

68 RSA Keys Example 2 Choose 2 “large” numbers p=47, q=71 Compute n=p*q
47*71=3337 Choose relative prime to (p-1)*(q-1) 46*70=3220, e=79 Compute d = 79–1 mod 3220=1019 Publish (3337,79) Keep (3337,1019), 47, 71 Introduction to Cryptography CSCE Eastman -- Fall 2006

69 Why is RSA Hard to Break? Compute d such that e*d = 1 mod (p-1)*(q-1)
If factorization of n into p*q is known: Easy Otherwise: Hard How hard is it to compute d given (n,e)? Don’t know BUT not harder than factoring n into p*q  Security of RSA is no better than the complexity of the factoring problem Introduction to Cryptography CSCE Eastman -- Fall 2006

70 RSA versus DES: Key Size
RSA: selected by user (usually n is 154 digit (512 bits) so key is 1024 bits) DES: 64 bits (56 effective) Introduction to Cryptography CSCE Eastman -- Fall 2006

71 RSA versus DES: Speed RSA: kilobits/second DES: megabits/second 
DES is about 100 times faster than RSA Use RSA for exchange of DES keys Introduction to Cryptography CSCE Eastman -- Fall 2006

Download ppt "Elcomeway otay lasscay odaytay. Hetay opictay isway ryptographycay."

Similar presentations

CLASSICAL ENCRYPTION TECHNIQUES

CLASSICAL ENCRYPTION TECHNIQUES
Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
Making “Good” Encryption Algorithms

Making “Good” Encryption Algorithms
Cryptology  Terminology  plaintext - text that is not encrypted.  ciphertext - the output of the encryption process.  key - the information required.

Cryptology  Terminology  plaintext - text that is not encrypted.  ciphertext - the output of the encryption process.  key - the information required.
Cryptography and Network Security

Cryptography and Network Security
CC3.12 Erdal KOSE Privacy & Digital Security Encryption.

CC3.12 Erdal KOSE Privacy & Digital Security Encryption.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
AES clear a replacement for DES was needed

AES clear a replacement for DES was needed
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.

Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard It seems very simple. It is very simple. But if you don't know.

Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.
Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Chapter 2 Basic Encryption and Decryption (part B)

Chapter 2 Basic Encryption and Decryption (part B)
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Encryption Schemes Second Pass Brice Toth 21 November 2001.

Encryption Schemes Second Pass Brice Toth 21 November 2001.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.
Chapter 12 Cryptography (slides edited by Erin Chambers)

Chapter 12 Cryptography (slides edited by Erin Chambers)
Cryptography Week-6.

Cryptography Week-6.

Similar presentations

Ads by Google