Cryptography

1
Cryptography

• Algorithms, Digital Signatures, and Pragmatics

• Arun A Tharuvai
• CSC8530
• November 25, 2003

2
Introduction

• Cryptographic Algorithms
• Digital Signatures
• Cryptography Pragmatics

3
Cryptographic Algorithms

• Convert plaintext message M to ciphertext MK
  using an encryption algorithm E, and a key K
• E(K,M) M K
• Secrecy should lie in the key, not the algorithm

4
Cryptographic Algorithms

• Symmetric Algorithms (Secret key)
• Same key is used for encryption and decryption,
  and shared by both parties
• Asymmetric Algorithms (Public key)
• A public key, used by anyone for encryption
• A corresponding private key is used for
  decryption.

5
Cryptographic Algorithms

• Block Ciphers
• Operate on fixed-size blocks of data. 64 bits is
  a common size. Useful for non-realtime data,
  including email and data.
• Stream Ciphers
• Operate on single bits of data. A stream of bits
  is used by a function known as a keystream
  generator. In practice very similar to block
  ciphers.
• CBC mode
• Each plain text block is combined with the
  preceding ciphertext block using XOR before it is
  encrypted
• Prevents similar blocks from encrypting to the
  same result.

6
Design Techniques

• Confusion
• Use of reversible mathematical operations like
  XOR and bitshifting to combine each block of
  plaintext with a key
• Diffusion
• Use of techniques like transposing portions of
  each plaintext to reduce regular patterns in
  plaintext

7
Secret-key Algorithms

• TEA
• DES
• IDEA
• AES (Rijndael)

8
DES

• Data Encryption Standard
• Designed to be fast in hardware and slow in
  software. 56-bit key is used to encrypt 64 bit
  blocks
• Bit permutation, combined with 16 rounds of
  performing the XOR operation with different
  48-bit subsets of the key.
• Chosen in 1977. In 1998, the EFF showed that it
  was possible to build a machine to crack DES keys
  in lt 3 days for under 250,000, including design
  costs.
• Triple DES (3DES) applies DES three times using
  2 keys, as follows E3DES(K1,K2,M) EDES
  (K1,DDES (K2,EDES (K1,M))) and is effectively as
  strong as a 112-bit private key. However, its
  very slow.

9
Public-key Algorithms

• RSA
• Diffie-Helman
• El-Gamal
• Elliptic curve algorithms

10
RSA

• Most widely used public key encryption standard.
• Based upon the difficulty of factoring the
  product of two very large numbers.
• To generate a key-pair
• Choose two large prime numbers, P and Q.
• N P Q
• Z (P-1) (Q-1)
• d is any number relatively prime to Z.
• e is a number, such that ed 1 mod Z
• The encryption key is e,N and the decryption key
  is the pair d,N
• To encrypt plaintext M, E(e,N,M) Me mod N
• To decrypt ciphertext c, D(d,N,C) cd mod N

11
Hybrid Protocols

• SSL/TLS
• Negotiable encryption and authentication
  algorithms.
• SSH
• PGP/GPG
• Uses RSA to encrypt a secret key which is then
  used for encrypting a document via IDEA, or 3DES

12
Properties of Digital Signatures

• Authentic
• Unforgeable
• Non-repudiable

13
Digital Signatures

• Digital Signing
• Digest Functions

14
Public Key Signatures

• A computes a digest of M, H(M), and encrypts it
  with his private key.
• A then sends it along with M to B
• B then uses As K_pub to decrypt

15
Secret Key signatures

• Useful when two participants have already agreed
  upon shared key via a different channel, or
  public key cryptography.
• A concatenates M with K, and computes the digest,
  H(MK) h, sending M,h
• B concatenates M with K, H(MK) h comparing
  with h. If theyre equal the message was sent by
  someone with K.

16
Secure digest Functions properties

• Ease of computing hash
• Difficulty of generating message from hash
• Difficulty of finding another message that maps
  to the same hash value

17
Secure Digest Functions

• MD5
• SHA
• Symmetric algorithm using CBC

18
Secure Digest Functions

• Birthday attack
• I am writing this memo to demand
  request unform you that Fred Mr. Fred
  Jones must be fired terminated at
  once immediately. As the July 11 11 July
  memo memorandum from issued by personnel
  human resources states, to meet our the
  corporate quarterly third quarter budget
  targets goals, we must eliminate all
  discretionary spending all discretionary
  spending must be eliminated.
• Despite Ignoring that memo memorandum
  order , Fred ordered purchased PostIts
  nonessential supplies in a flagrant disregard
  for the companys budgetary crisis current
  financial difficulties.

19
Certificate standards, Authorities

• X.509
• SPKI

20
Cryptography Pragmatics

• Performance
• Legal Issues
• Key sizes and speed

21
Cryptographic Performance
22
Legal and Political Issues

• Until recently, there were severe restrictions on
  cryptography, especially export controls,
  including teaching of such knowledge to foreign
  nationals in the US.
• The FBI and NSA wanted restrictions for ease of
  decrypting both foreign and domestic
  communications.
• Algorithms approved for export were limited to
  40-bit encryption. Easily breakable with modern
  technology.
• Proposals in the mid-90s called for mandatory
  key-recovery for products exported, and even
  those used internally.
• Currently, export controls now only exist on the
  T-7 countries.
• As of 2000, Cryptographic source code can be
  exported as long as copies are sent to the Bureau
  of Industry and Security of Commerce department.

23
Conclusion

• The end

24
References

• Charlie Kaufman, Radia Perlman, Mike Speciner,
  Network Security Private Communication in a
  Public World, Prentice Hall, Inc, Upper Saddle
  River, New Jersey, 1995 505pp.
• Schneier, B., Applied Cryptography, 2nd ed., John
  Wiley Sons, New York, 1996, 675 pp.
• Electric Frontier Foundation, Cracking DES
  Secrets of Encryption Research, Wiretap
  Politics, and Chip Design, OReilly Associates,
  Sevastopol, California, 1998, online at
  http//cryptome.org/cracking-des.htm
• George Coulouris, Jean Dollimore, Tim Kindberg,
  Distributed Systems Concepts and Design 3rd ed,
  Addison-Wesley, New York, 2001, pp 272-291.