CompFoo pt' 5: Cryptography

1
Comp-Foo pt. 5Cryptography

• What cryptography is
• The two basic types of cryptography
• Substitution
• Transposition
• Hashing algorithms
• Public key cryptography
• Randomness and Pseudo-randomness
• Steganography (and why it's not cryptography!)

2
What cryptography is

• Cryptography literally means secret writing.
• To encrypt a piece of information is to obscure
  is and make it unreadable without special
  knowledge.
• To decrypt it is to reverse the process.

3
Some terminology

• Cipher An algorithm for performing encryption
  and decryption.
• Plaintext Ordinary, unencrypted information.
• Ciphertext Plaintext after the encryption
  process.
• Cryptanalysis Analyzing a part of an encryption
  system in order to find out some unknown part of
  it.

4
Substitution and Transposition

• There are two basic ways to encrypt text. They
  are known as substitution and transposition.

5
Substitution

• Substitution involves replacing characters with
  other characters (or in some cases, other things)
  to encrypt the text.
• An example is Caesar's cipher, which is known as
  a shift cipher, because it involves shifting
  characters within a given set of characters,
  specifically the alphabet.

6
Substitution

• Here's an example of Caesar's cipher.
• Plaintext HELLO WORLD
• Ciphertext KHOOR ZRUOG
• This particular instance involves moving each
  character forward 3 letters in the alphabet. So,
  a key of 3 is used.
• In order to permute a cipher, a key is used which
  changes the process of encryption slightly.

7
Caesar's cipher

• Just as a note, don't use this cipher for
  anything you seriously want to protect.
• It is a member of a class of substitution ciphers
  known as simple substitution ciphers.

8
Simple substitution ciphers

• Simple substitution ciphers are ciphers which
  involve a one-to-one replacement of characters
  with other characters.
• For an example, look in your local newspaper for
  the Cryptogram. And to find a cryptanalyst
  worthy of cracking one?

9
Simple substitution ciphers

• Go talk to your granny.

10
Simple substitution ciphers(Cryptanalysis)

• To cryptanalyze a simple substitution cipher, the
  most straight-forward method is to identify the
  language used, and use the appropriate letter
  frequency table.
• Some characters appear more frequently than
  others, so when, for instance, a message in
  english is encrypted such that each letter is
  replaced by another, the letter replacing E will
  be very likely to appear most frequently.

11
More complex types

• Polyalphabetic substitution ciphers are ciphers
  for which each character can have several
  different replacements.

12
Transposition

• Transposition involves changing the order of
  characters in order to encrypt the text.
• .sdrawkcab txet eht gnitirw elpmaxe nA

13
Rail Fence Cipher

• And now, for a transposition cipher that a 4 year
  old likely wouldn't break. Too soon.

14
Rail Fence Cipher

• The rail fence cipher involves writing several
  characters at a time vertically into a block,
  padding with junk characters, and reading
  horizontally to produce the ciphertext.
• W R I O R F E O E P
• E E S V E L A N J D
• A D C E D E T C X Q
• Ciphertext WRIOR FEOEP EESVE LANJD ADCED ETCXQ
• Plaintext We are discovered. Flee at once.

15
Hashing algorithms

• Hashing is a reproducible method of turning data
  into a seemingly random string, or hash.
• These functions provide a way of creating a small
  digital fingerprint from any kind of data.
  These algorithms are designed to, ideally, meet
  three conditions.

16
Hashing algorithms should ideally be

• Mathematically impossible to reverse
• Impossible to predict the outcome of
• Unlikely to produce many collisions, or matching
  hashes with two plaintexts

17
The question then is

• What exactly can you use hashing algorithms for,
  then?

18
Uses of hashing algorithms

• Checksums
• Identity verification (create a hash with
  information that is entirely or partially
  secret)
• Integrity verification

19
Public Key Cryptography

• In the ciphers we've seen so far that use a key,
  the same key is used for encryption and
  decryption. These are called symmetric key
  ciphers.
• In public key cryptography, there are two
  separate keys. One is used for encryption, and
  the other for decryption. Depending on what is
  needed, one is made public.

20
Public Key Cryptography

• The problem with using only symmetric key ciphers
  is that the key must be agreed upon beforehand,
  and transmitted via some non-encrypted channel,
  like a letter or face-to-face conversation.
• With public key cryptography, you can go on
  national television and read out your public key
  several times over and have it printed on the
  dollar, and you still won't have a problem. So
  that solves that, doesn't it?

21
Public Key Cryptography

• Think about public key cryptography like a locked
  mail box. Anyone can drop in a letter or small
  package, but only someone with the key can
  retrieve those messages.
• In the same way, anyone can encrypt a message
  using a public key, but only the person with the
  private key can decrypt them.

22
Randomness and Pseudo-randomness

• Randomly chosen numbers are important to a lot of
  cryptographic functions and protocols. Something
  that is truly random has no rhyme nor reason to
  its selection or creation at all.
• Is the number 23 random?
• The problem is, there's no way of telling.

23
Pseudo-randomnessGood and bad

• Computers are only capable of generating
  pseudo-random numbers, which are numbers which
  appear to be random until they are analyzed.
• The strength of pseudo-random numbers is based on
  how much entropy is used in their creation.
  Sources of good entropy include Timing of
  keystrokes and mouse movements, electrical
  fluctuations, thermal noise, quantum phenomena
• (Entropy is the measure of disorder in a
  system.)

24
Cryptographically secure pseudo-random numbers
(phew)

• A pseudo-random number generator (PRNG) is
  considered to be cryptographically secure when,
  even under analysis, the numbers produced appear
  indistinguishable from truly random numbers.
• The closer to random that a PRNG can get, the
  better it is for cryptography and security
  protocols.

25
Steganography

• steganography is the art of Hiding infOrmatiOn
  within some otheR piece of informAtion. anY data
  will do, but most commonly, text Files OR
  piCtureS arE used.
• steganography is not Cryptography, however. it is
  simply hiding information, whereas cryptography
  involves obscuring it.