Homework 2 - PowerPoint PPT Presentation

1 / 54
About This Presentation
Title:

Homework 2

Description:

4. Any other detail or facts that made you take decisions that you think are cool. ... The idea is to built a system from basic blocks ... – PowerPoint PPT presentation

Number of Views:67
Avg rating:3.0/5.0
Slides: 55
Provided by: and6165
Category:
Tags: basic | facts | homework | mars | of

less

Transcript and Presenter's Notes

Title: Homework 2


1
Homework 2
  • Description
  • Implement both the DES and RSA algorithm. You can
    choose any programming language to implement
    these algorithms. State clearly the assumptions
    that made you decide about the details of your
    implementation and about your programming
    language. Compare your implementation against
    existing ones, changing it or suggesting what you
    would change if you had more time.
  • What I am looking for are
  • 1.      How well you analyze your implementation
    against existing research or implementations
  • 2.      How well you cross reference your
    decisions with existing research papers
  • 3.      What is your current performance and
    storage requirements and how you could improve if
    you had more time
  • 4.      Any other detail or facts that made you
    take decisions that you think are cool.
  • This project can be done in groups of two.
    However, I expect more from group than individual
    projects.

2
Mid Term
  • Date February 26th 2001
  • Time 305 pm 425 pm
  • Subject Anything that was covered in class until
    now.
  • Two parts
  • Closed Book 75 points in 6 questions
  • Open Book 35 points in 2 questions

3
Introduction
  • A few concepts
  • Cryptography
  • Cryptanalysis
  • Steganography
  • Plaintext
  • Ciphertext

4
Concepts
  • Plaintext the original message
  • Ciphertext the transformed message
  • Encryption transformation of plaintext into
    ciphertext
  • Decryption transformation of plaintext into
    ciphertext
  • Key some critical information used for
    encryption and decryption, only known to the
    sender and/or receiver

5
Attacks
  • Interruption
  • r attacks
  • Interception
  • Snnifers, traffic analisys
  • Modification
  • Man in the middle
  • Fabrications
  • Replay

6
Some historical data
  • Gilbert Vernan introduces a very simple system
    that uses an xor operation in 1918
  • Joseph Mauborgne extends Vernans algorythm to
    suggest the perfect cipher one-time pad
  • DES is standardized in 1977.
  • Diffie and Hellman, and Merkle, introduces
    public-key cryptography in 1976.
  • RSA algorithm is published in 1978 (NSA wants to
    classify the work)
  • Reading The Codebreakers from David Kahan

7
Cryptographic Algorithms
  • Symmetric algorithm
  • Encryption and decryption is performed using a
    unique key
  • Both Alice and Bob agree in a secret key
  • The key may have an expiration date for
    containment of damage.
  • Key agreement/distribution is a problem

8
Classical Cryptography
  • Symmetric algorithms
  • The classical algorithms use
  • Substitution Letters/words are substituted by
    another letters/words
  • Transposition Letters are arranged in different
    order
  • The substitution or transposition may be
  • Monoalphabetic one substitution/transposition
  • Polyalphabetic multiple substitution/transpositio
    n

9
Caesar Cipher
  • Monoalphabetic substitution
  • abcdefghijklmnopqrstuvwxyz
  • defghijklmnopqrstuvwxyzabc
  • Ek(m) C (m k) mod 26
  • Dk(C) m (C k) mod 26
  • On Caesar cipher k 3
  • Ex. E3( I CAME I SAW I CONQUERED)
  • L FDPH L VDZ L FRQTXHUHG

10
Cryptanalysis
  • Search space for the key is small 26
    possibilities
  • Brute force attack!
  • How do you recognize a correct plaintext?
  • Frequency analysis
  • Letter E gt T gt R gt N gt I gt O gt A gt S
  • Digraphs TH gt HE gt IN gt ER gt RE gt ON gt AN gt EN
  • Trigraph THE gt AND gt TIO gt ATI gt FOR gt THA ? TER
    gt RES

11
Cryptanalysis
  • Character frequency is dependent on the language
  • Highly effective for monoalphabetic substitutions
  • Important to have enough ciphertext to work on

12
More complex
  • Make the key 26 characters long
  • Key
  • Plain ABCDEFGHIJKLMNOPQRSTUVWXYZ
  • Cipher DKVQFIBJWPESCXHTMYAUOLRGZN
  • Encryption
  • Plaintext IFWEWISHTOREPLACELETTERS
  • Ciphertext WIRFRWAJUHYFTSDVFSFUUFYA
  • Search space very large.
  • Is it safe?

13
General Monoalphabetic
  • A particular instance of the algorithm just
    described
  • Key is smaller
  • Write key without repeated letters followed by
    remaining letters.
  • Ex.
  • ABCDEFGHIJKLMNOPQRSTUVWXYZ
  • ANDREBCFGHIJKLMOPQSTUVWXYZ

14
General Monoalphabetic
  • Better
  • ANDRE
  • BCFGH
  • IJKLM
  • OPQST
  • UVWXY
  • Z
  • ABCDEFGHIJKLMNOPQRSTUVWXYZ
  • ABIOUZNCJPVDFKQWRGLSXEHMTY

15
Simple Substitution
  • Use books or dictionary to map numbers to letters
  • This can even be used to map whole words
  • Code and codebooks
  • Use additional symbols

16
Polyalphabetic substitution
  • Change same letter by different letters depending
    on its position on plaintext
  • This flattens the frequency distribution
  • Cryptanalysis is harder
  • This has the same effect that of having several
    Caesar cipher that are position dependent

17
Vigenere
  • Uses i keys from a Caesar cipher
  • For each letter in position j uses the key such
    as
  • j mod i 0
  • In order to make it easier, repeat a keyword as
    many times as necessary.
  • Ex
  • Plaintext THISPROCESSCANALSOBEEXPRESSED
  • Keyword CIPHERCIPHERCIPHERCIPHERCIPHE
  • Plaintext VPXZTIQKTZWTCVPSWFDMTETIGAHLH

18
Kasiski
  • Great idea
  • Certain sequence of letters appears many times in
    a text
  • A ciphertext that uses Vigenere will have the
    sequence of letters (encrypted) showing in many
    places
  • So
  • Record distances between repetitive sequences of
    letters greater than 3 letters
  • Good candidate for the number of alphabets (key
    size) is the gcd of the recorded distances
  • Plaintext TOBEORNOTTOBE
  • Key NOWNOWNOWNOWN
  • Ciphertext GCXRCNACPGCXR

19
Friedmans IC
  • Using this you get Friedmans method
  • Guess that the key size is m
  • Divide the ciphertext in m subtexts
  • Calculate Ic for each of these subtexts, if your
    guess is right than for each subtext Ic will be
    approximately 0.065, if your guess is wrong, than
    you get approximately 0.038

20
Simple Transposition Ciphers
  • Reverse cipher
  • Plain SIMPLE CIPHER
  • Cipher REHP ICEL PMIS
  • Rail Fence
  • Plain S M L C P E
  • I P E I H R
  • Cipher SMLC PEIP EIHR
  • Geometric Figure

21
Row Transposition Cipher
  • Write the message in rows
  • Pad the end of the message
  • Plain A VERY SIMPLE MESSAGE
  • Key 2413
  • AVER Cipher EARV IYMS EPML SEAS XGXE
  • YSIM
  • PLEM
  • ESSA
  • GEXX

22
Block (columnar) Transposition
  • Write plaintext in rows again
  • This time reads a whole column as specified by
    the key
  • Key 2 4 1 3
  • AVER Cipher EIES XAYP EGRM MAXV
  • YSIM SLSE
  • PLEM
  • ESSA
  • GEXX

23
Entropy
  • Entropy is a measure of uncertainty
  • The entropy is a metric for the question
  • What is the information gained by an event that
    takes place with probability p(X)?
  • Which is the same as
  • How easily we can guess the outcome of an event
    before it takes place?
  • The entropy of X is denoted by H(X)

24
Entropy
  • In a natural language, HL is measured in bits per
    letter
  • The excess of characters (information) carried by
    a natural language is called redundancy and given
    by RL1- HL/logP
  • For English,
  • Using these values,

25
Product Ciphers
  • Classical crypto is based on substitution and
    transposition
  • Two substitution is equal to one (or no)
    substitution
  • Two transposition is equal to one (or no)
    transposition
  • So, lets use substitution and transposition for
    our cipher! Why I did not think about this
    before???

26
Block Ciphers
  • The plaintext is divided in blocks
  • Each block is encrypted independently
  • Some times the plaintext blocks suffer a
    transformation. Why?
  • Shannon again,
  • C E Shannon, "Communication Theory of Secrecy
    Systems", Bell System Technical Journal, Vol 28,
    Oct 1949, pp 656-715
  • C E Shannon, "Prediction and Entropy of printed
    English", Bell System Technical Journal, Vol 30,
    Jan 1951, pp 50-64

27
Block Ciphers
  • Substitution-Permutation Ciphers
  • Product cipher
  • S-P networks is the basis of modern symmetric
    cryptography
  • Substitution box (S-Box)
  • We have an input as a n bits word
  • The output will be a n bit word that the input
    has been substituted for.

28
Substitution-Permutation Networks
  • In order to have a practical implementation
  • define inverses for each of S P-boxes, but this
    doubles the code/hardware needed, or
  • define a structure that is easy to reverse, so
    can use basically the same code or hardware for
    both encryption and decryption

29
Feistel
  • Feistel, from IBM, designed a practical schema in
    early 70s that uses S-P boxes
  • The schema tries to maximize confusion-diffusion
    and too make the system easy to reverse
  • The idea is to built a system from basic blocks
  • The input to each basic block is divide in left
    part and right part

30
Feistel
  • Only the right part is used together with a
    subkey in each basic block (a round)

31
Data Encryption Standard (DES)
  • Financial companies found the need for a
    cryptographic algorithm that would have the
    blessing of the US government (NSA)
  • First call for candidates in May 73, followed by
    a new call in August 74
  • Not very many submissions (Why?)
  • IBM submitted Lucifer
  • NSA worked with IBM in redesigning the algorithm

32
DES
  • The standard is public, the design criteria is
    classified
  • One of the biggest controversies is the key size
    (56 bits)
  • W Diffie, M Hellman "Exhaustive Cryptanalysis of
    the NBS Data Encryption Standard" IEEE Computer
    10(6), June 1977, pp74-84
  • M Hellman "DES will be totally insecure within
    ten years" IEEE Spectrum 16(7), Jul 1979, pp
    31-41
  • Another controversy is there a back door?

33
DES
  • DES has proven a well designed code
  • 56 bits has been proven inadequate
  • EFF built a cracker for around 200,000
  • Increase the key to 112 bits?
  • The best way known to cryptanalyze DES is (after
    brute force) the differential analysis
  • NSA new this from the design??

34
DES
  • Uses Feistel principle
  • Many similarities with Lucifer
  • Improves on the S-Boxes

35
DES
  • It operates in 64 bits blocks with 56 bits keys
  • Uses 16 rounds, each round computed by a function
    f

36
DES
  • A round can be described as
  • Li Ri-1
  • The key generation is performed
  • An initial permutation PC1 which selects 56 bits
    and divide them in two halves
  • In each round
  • Select 24 bits from each half using a permutation
    function PC2
  • Rotate left each half by one or two position

37
DES
  • Properties of DES (per NSA)
  • All rows of all the S-boxes are permutations of
    0, 1, , 15
  • S-Boxes are not affine transformations of their
    input
  • Change in an input bit changes at least two
    output bits of the S-box
  • For any x and any S-box S, S(x), S(x ?001100)
    differs by at least two bits

38
DES Modes of Operation
  • Block modes
  • Electronic Codebook Book (ECB)
  • Message is broken into independent blocks of 64
    bits
  • Cipher Block Chaining (CBC)
  • Message is broken in independent blocks of 64
    bits, but next input depends of previous output
  • CiPi?Ci-1, with C-1IV

39
DES Modes of Operation
  • Stream Modes
  • Cipher FeedBack (CFB)
  • The message is xored with the feedback of
    encrypting the previous block
  • CiPi?Ek(Ci-1), with C-1IV
  • Output feedback
  • The feedback is independent of the message
  • CiPi?Ek(Oi-1), with O-1IV

40
DES Weak Keys
  • with many block ciphers there are some keys that
    should be avoided, because of reduced cipher
    complexity
  • these keys are such that the same sub-key is
    generated in more than one round
  • Weak Keys
  • The same sub-key is generated for every round
  • DES has 4 weak keys

41
Cryptanalysis of DES
  • If you can choose the plaintext
  • Brute Force try all 256 possible keys
  • No memory necessary
  • The encryption with all keys may be too slow
  • Build a dictionary
  • Each plaintext may result in 264 different
    ciphertext, but there is only 256 possible values
  • Encrypt the known plaintext with all possible
    keys
  • You have a look up table
  • Very effective if you can inject plaintext and
    want to find many different keys

42
Cryptanalysis of DES
  • Linear cryptanalisis
  • Find bit locations ?s on plain, ?s on
    ciphertext and ?s on key such that
  • has a probability higher than .5
  • Use many different plaintext and analyze the left
    hand side. Infer the right hand side.

43
Cryptanalysis of DES
  • Differential cryptanalysis
  • First suggested by Murphy for the cryptanalysis
    of FEAL-4
  • Assume that we label each left and right part of
    any block in the 16 rounds of DES as xi, starting
    from x0 and x1.
  • Assume that we have two known plaintext x and x,
    and we know ?x x?x
  • DES in each round produces xi1 xi-1 ?F(xi,Ki)

44
Cryptanalysis of DES
  • Differential analysis
  • Using that, we have
  • ? xi1 ? xi-1 ?F(xi,Ki) ?F(xi,Ki)
  • If F(xi,Ki) ?F(xi,Ki) is a function of ? xi with
    high probability, then
  • Knowing ? xi-1 and ? xi then we know ? xi1
  • Test this hypotheses for different ? x and start
    getting information about Ki
  • This can break DES with 247 chosen plaintext

45
IDEA
  • name changed to IDEA in 1992
  • encrypts 64-bit blocks using a 128-bit key
  • based on mixing operations from different
    (incompatible) algebraic groups (XOR, Addition
    mod 2(16) , Multiplication mod 2(16) 1)
  • all operations are on 16-bit sub-blocks, with no
    permutations used, hence its very efficient in
    s/w
  • IDEA is patented in Europe US, however
    non-commercial use is freely permitted
  • used in the public domain PGP secure email system
    (with agreement from the patent holders)

46
DESX
  • This algorithm, designed by Ron Rivest in 1984,
    compete with 3DES to provide protection against
    brute force attacks
  • One goal of DESX is to overcome the slowness of 3
    DES (three time slower than DES)
  • DESX use three keys k, k1, and k2
  • DESXk,k1,k2k2?DESk(k1?x)

47
AES
  • Second AES conference in March 1999
  • Selected five candidates
  • MARS
  • RC6
  • Rijndael
  • Serpent
  • Twofish.
  • In October 200 Rijndael is selected by NIST as
    proposed AES

48
Public Key Cryptography
  • Symmetric Key Algorithms
  • Key agreement and change
  • Trust on all parties that have the key
  • Trust in the security level
  • Trust in not misusing keys
  • Public-key cryptography involves the use of two
    keys
  • a public-key, which may be known by anybody, and
    can be used to encrypt messages, and verify
    signatures
  • a private-key, known only to the recipient, used
    to decrypt messages, and sign (create) signatures

49
Public Key Cryptography
  • Public-key is easily computed from the private
    key and other information about the cipher (a
    polynomial time (P-time) problem)
  • Knowing the public-key and public description of
    the cipher, it is still computationally
    infeasible to compute the private key (an NP-time
    problem)
  • The public-key may be distributed to anyone
    wishing to communicate securely with its owner
    (although secure distribution of the public-key
    is a non-trivial problem - the key distribution
    problem)

50
RSA
  • Based on exponentiation in a finite (Galois)
    field over integers modulo a prime
  • exponentiation takes O((log n)3) operations
  • Security relies on the difficulty of calculating
    factors of large numbers
  • factorization takes O(e log n log log n)
    operations
  • (same as for discrete logarithms)
  • Main patent expired in 2000

51
RSA
  • Key-Generation by each user consists of
  • Selecting two large primes at random (100
    digit), p, q
  • Calculating the system modulus Rpq p, q primes
  • selecting at random the encryption key e (usually
    3),
  • e lt R, gcd(e, ?(R)) 1
  • solving the congruence to find the decryption key
    d,
  • ed 1 mod ?(R) 0 ? d ? R
  • publishing the public encryption key K1e,R
  • securing the private decryption key K2d,p,q

52
RSA
  • Encryption of a message M to obtain ciphertext C
    is
  • C Me mod R
  • Decryption of a ciphertext C to recover the
    message M is
  • M Cd Me.d M1n?(R) M mod R
  • Note we still would need to prove that this
    holds for g.c.d.(M, R) ? 1

53
RSA
  • Most (all!!) computers can't directly handle
    numbers larger than 32-bits (64-bits on the very
    newest)
  • Need to use multiple precision arithmetic
    libraries to handle numbers this large
  • Multi-Precision Arithmetic
  • Involves libraries of functions that work on
    multiword (multiple precision) numbers
  • Classic references are in Knuth vol 2 -
    "Seminumerical Algorithms"
  • multiplication digit by digit

54
RSA
  • Primality Testing and RSA
  • The first stage of key-generation for RSA
    involves finding two large primes p, q
  • Because of the size of numbers used, must find
    primes by trial and error
  • Modern primality tests utilize properties of
    primes eg
  • an-1 1 mod n where GCD(a,n)1
  • all primes numbers 'n' will satisfy this equation
  • some composite numbers will also satisfy the
    equation, and are called pseudo-primes.
Write a Comment
User Comments (0)
About PowerShow.com