Cryptography

1
Cryptography

• Cryptography is the technique of secret writing.
• A cipher is a method of secret writing.
• The purpose is to convert an intelligible
  message, referred to as plaintext, into
  apparently random nonsense text, referred to as
  ciphertext.
• The encryption process consists of an algorithm
  and a key.
• The algorithm will produce a different output
  depending on the specific key being used at the
  time.

2
2
3
Conventional CryptographyBasic Definitions

• Plaintext This is the original message or data
  that is fed into the algorithm as input
• Encryption Algorithm The encryption algorithm
  performs various substitutions and
  transformations on the plaintext.
• Secret Key The secret key is also an input to
  the algorithm. The exact substitutions and
  transformations performed by the algorithm depend
  on the key.
• Ciphertext This is the scrambled message
  produced as output. It depends on the plaintext
  and on the secret key. For a given message, two
  different keys will produce two different
  ciphertexts.

4
Basic Definitions

• Decryption algorithm This is essentially the
  encryption algorithm run in reverse. It takes the
  ciphertext and the secret key and produces the
  origin plaintext.
• Ciphertext cryptogram
• Cleartext plaintext message
• Ciphering encryption
• Deciphering decryption

5

• There are two requirements for secure use of
  conventional encryption
• The opponent should be unable to decrypt
  cryptogram or discover the key even if he or she
  is in possession of a number of cryptograms
  together with the plaintext that produced each
  cryptogram.
• Sender a receiver must have obtained copies of
  the secret key in a secure fashion and must keep
  the key secure.
• It is important to note that the security of
  conventional encryption depends on the secrecy of
  the key, not the secrecy of the algorithm
• The algorithm is supposed to be public.

6
Classification of Cryptographic systems

• By the numbers of keys used
• If both sender and receiver use the same key, the
  system is referred to as symmetric (or single
  key, secret-key, conventional) cryptosystem
• If the sender and receiver uses a different key,
  the system is referred to as symmetric or two-key
  or public-key cryptosystem.

7
By the way in which the plaintext is processed
A block cipher processes the input one block of
elements at a time, producing an output block for
each input block.
8
By the way in which the plaintext is processed
A stream cipher processes the input elements
continuously, producing output one element at a
time, as it goes along.
9

• Cryptanalysis
• The process of attempting to discover the
  plaintext or key is known as cryptanalysis.
• The strategy used by the cryptanalyst depends on
  the nature of the encryption scheme and the
  information available to the cryptanalyst.
• A cipher is breakable if is possible to determine
  systematically the key (or the plaintext) from
  pairs plaintext, ciphertext given.

10

• An encryption scheme is computationally secure if
  the ciphertext generated by the scheme meets one
  or both of the following criteria
• The cost of breaking the cipher exceeds the value
  of the encrypted information.
• The time required to break the cipher exceeds the
  useful lifetime of the information.
• It is very difficult to estimate the amount of
  effort required to cryptanalize ciphertext
  successfully. However, assuming there are no
  inherent mathematical weaknesses in the
  algorithm, then a brute-force approach is
  indicated, and here we can make some reasonable
  estimates about costs and time

11

• A brute-force approach involves trying every
  possible key until an intelligible translation of
  the ciphertext into plaintext is obtained.

12
Assuming 1E12 Decryptions / sec
12
13
Caesar Cipher (A historical note)

• A substitution cipher is one in which the letters
  of plaintext are replaced by other letters or by
  numbers or symbols.
• The Caesar cipher involves replacing each letter
  of the alphabet with the letter standing three
  places further down the alphabet. For example
• Rule (algorithm)
• a b c d e f g h i j k l m
  n o p q r s t u v w x y z
• d e f g h i j k l m n o p
  q r s t u v w x y z a b c
• Message meet me after the toga party
• Ciphertext phhw ph diwhu wkh wrjd
  sduwb

14
Caesar Cipher (A historical note)

• If we assign a numerical equivalent to each
  letter (a0, b1,.., z25), then the algorithm
  can be expressed as follows
• C E(p) (p3) modulo 26,
• Where p is a letter (i.e. a number between 0 and
  25) and CE(P) is the corresponding ciphertext.
• The decryption algorithm is as follows
• pD(C)(C-3) modulo 26.
• The key space has 25 elements, i.e. There are
  25 possible keys.

15

• XOR Operation
• Permutations

Example 1100 01111011
0 1
0 0 1
1 1 0
Example P(0101)1010
16

• Left Circular rotation (or shift) of a Block of
  Bits
• Input bit 1 bit 2 bit3 bit 4
• Output bit2 bit 3 bit 4 bit1
• Input bit 1 bit 2 bit3 bit 4
• Output bit3 bit 4 bit 1 bit2
• Basic Operation (i-th round)
• LiRi-1
• RiLi-1 F(Ri-1, Ki)

17
Feistel Cipher Structure

• Virtually all conventional block ciphers have a
  structure first described by H. Feistel of IBM in
  1973.
• Parameters
• Block size larger block sizes mean greater
  security (all other things being equal) but
  reduce encryption/decryption speed. A block size
  is a reasonable tradeoff and is nearly universal
  in block cipher design.
• Key Size Larger key size means greater security
  but may decrease encryption/decryption speed. The
  most common key length in modern algorithms is
  128 bits.
• Number of rounds The essence of the Feistel
  cipher is that a single round offers inadequate
  security but that multiple rounds offer
  increasing security. A typical size is 16 rounds

17
18
()
()
()
18
19
Feistel Cipher Structure

• Subkey generation algorithm Greater complexity
  in this algorithm lead to greater difficulty of
  cryptanalysis.
• Round Function Again, greater complexity
  generally means greater resistance to
  cryptanalysis.
• Decryption Process
• The decryption process is as follows use the
  ciphertext as input to the algorithm, but use the
  subkeys Ki in reverse order. That is, use Kn in
  the first round, Kn-1 in the second, and so on
  until K1 is used in the last round.

19
20
Data Encryption Standard (DES)

• The most widely used encryption scheme is defined
  in the data encryption standard (DES) adopted in
  1977 by National Institute of Standards and
  Technology (NIST), as a Federal Information
  Processing Standard 46 (FIPS PUB 46). In 1994,
  NIST reaffirmed DES for federal use for another
  five years in FIPS PUB46-2.
• Block cipher (64 bits)
• Key (64 bits, but 8 bits are used as parity
  bits)
• DES has a Feistel cipher structure with 16 rounds

20
21
(No Transcript)
22
(No Transcript)
23
Data Encryption Standard (DES)

• The process of decryption with DES is essentially
  the same as the encryption process. The rule is
  as follows use the ciphertext as input to the
  DES algorithm, but use the keys in reverse order.
  That is, use K16 in the first iteration, K15 in
  the second iteration, and so on until K1 is used
  o0n the sixteenth and last iteration.

24
The strength of DES

• Concerns about the strength of DES fall in two
  categories
• Concerns about the design of the algorithm
  Despite numerous approaches, no one has so far
  succeeded in discovering a fatal weakness in DES.
• Concerns about the use of a 56-bit key a 56-bit
  key is too small!

25
TRIPLE DEA(Triple Data Encryption Algorithm)

• TDEA uses three executions of the DES algorithm.
• CEK3 DK2 EK1P
• C ciphertext Pplaintext
• EKX encryption of X using key K
• DKXdecryption of Y using key K
• Decryption is simply the same operation with the
  keys reversed
• PDK1 EK2 DK3C
• CEK1 DK1 EK1P?

26
(No Transcript)
27

• With three different keys, TDEA has an effective
  key length of 168 bits.
• Other Symmetric Block Ciphers
• IDEA
• Blowfish
• RC5
• CAST-128

28
Cipher Block Modes of Operation

• A symmetric block cipher processes one bit block
  of data at a time.
• Operation Modes
• Electronic Code Book (ECB)
• In this case each block plaintext is encrypted
  using the same key.
• Typical application secure transmission of
  single values (e.g. an encryption key)

29

• With ECB, if the same 64-bit block of plaintext
  appears more than once in the message, it always
  produces the same ciphertext. Because of this,
  for lengthy messages, the ECB mode may be no
  secure.

30

• Cipher Block Chaining Mode (CBC)
• Typical application General-purpose
  block-oriented transmission
• Cipher Feedback Mode (CBC)
• The DES scheme is essentially a block cipher
  technique that uses 64-bit blocks. It is possible
  to convert DES into a stream cipher, using the
  cipher feedback mode (CFB).
• Typical application General-purpose
  block-oriented transmission

31
(No Transcript)
32
(No Transcript)
33
Location Of Encryption Devices

• The most powerful, and most common, approach to
  countering the threats to network security is
  encryption.
• In order to use encryption, it is necessary to
  decide what to encrypt and where the encryption
  process will be located.
• There are two fundamental alternatives
• Link encryption
• End-to end encryption

34
34
35

• Link encryption
• In this case there is a encryption device in each
  side of each vulnerable link.
• All traffic over all communications links is
  secured.
• One disadvantage of this approach is that the
  message must be decrypted each time it enters a
  packet switch. This is necessary because the
  switch must read the address in the packet
  header to route the packet. Thus the message is
  vulnerable in each switch.
• End-End encryption
• The encryption process is carried out at the two
  end systems.

36
36