MS 1 - PowerPoint PPT Presentation

About This Presentation
Title:

MS 1

Description:

Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues – PowerPoint PPT presentation

Number of Views:51
Avg rating:3.0/5.0
Slides: 47
Provided by: MatsS8
Category:
Tags: numbers | prime

less

Transcript and Presenter's Notes

Title: MS 1


1
Cryptography
History Puzzles Substitution Ciphers The
birth of Cryptanalysis
Modern Times DES Diffie-Hellman key
exchange RSA PGP Contentious Issues
Applied Cryptography, Bruce SchneierCracking
DES, Electronic Frontier Foundation The Code
Book, Simon Singh
2
Cryptography
The Basic Idea
Two approaches
1) Make algorithm secret and dont use a key.
2) Make algorithm public but keep the key
secret.
Bmp example
3
Before Computers
Substitution ciphers ruled
Caesar (Shift by N) 26 possibilities, easy to
decode
A B C D E F G H I J K L M N O P Q R S T U V W X Y
Z D E F G H I J K L M N O P Q R S T U V W X Y Z A
B C
4
Before Computers
Cryptanalysis
First known publication A Manuscript on
Deciphering Cryptographic Messages
By the ninth century Arab scholar Abu Yusuf
Yaqub ibn Is-haq ibn as-Sabbah ibn omran ibn
Ismail al-Kindi
Statistical Frequency Analysis of letters
words can easilybreak any mono-alphabetic
substitution cipher.
In English most common letters E, T, A, O, I,
N, S, most common 2 letters words ON,
AS, TO, AT, IT most common 3 letters
words THE, AND, FOR, WAS,
5
ORITFSIMU YKFMUNM WIUNIS UEI HFKK RIMIXFMD UEI
PVUENRFUA NC UEI MPUFNM'T FMUIKKFDIMYI PDIMYFIT
HIYPVTI FU YNMUPFMT XEPU EI YPKKIS P ORNWFTFNM
UEPU XNVKS LPJI FU P YRFLI CNR P DNWIRMLIMU
NCCFYFPK UN SFTYKNTI YKPTTFCFIS FMCNRLPUFNM.
ORITFSIMU YKFMUNM WIUNIS UEI HFKK RIMIXFMD UEI
PVUENRFUA NC--------- ------- ------ --- ----
-------- --- --------- --UEI MPUFNM'T
FMUIKKFDIMYI PDIMYFIT HIYPVTI FU YNMUPFMT XEPU
--- ------'- ------------ -------- ------- --
-------- ---- EI YPKKIS P ORNWFTFNM UEPU XNVKS
LPJI FU P YRFLI CNR P -- ------ - --------- ----
----- ---- -- - ----- --- - DNWIRMLIMU NCCFYFPK
UN SFTYKNTI YKPTTFCFIS FMCNRLPUFNM. ----------
-------- -- -------- ---------- -----------.
6
(No Transcript)
7
(No Transcript)
8
(No Transcript)
9
  • There are patches to try to increase the security
    ofthe mono-alphabetic substitution cipher
  • Eliminate spaces
  • Use many to one mappings that level the
    frequencies
  • Lots of other clever ideas

Still very weak! Clever cryptanalysists knew how
to beat them all hundreds of years ago !!
Polyalphabetic substitution ciphers provided the
next big step. (Worked OK until the dawn of
modern computers).
10
Vigenere square (1586)
a b c d e f g h i j k l m n o p q r s t u v w
x y z 1 B C D E F G H I J K L M N O P Q R S T U
V W X Y Z A 2 C D E F G H I J K L M N O P Q R S
T U V W X Y Z A B 3 D E F G H I J K L M N O P Q
R S T U V W X Y Z A B C 4 E F G H I J K L M N O
P Q R S T U V W X Y Z A B C D 5 F G H I J K L M
N O P Q R S T U V W X Y Z A B C D E 6 G H I J
K L M N O P Q R S T U V W X Y Z A B C D E F 7 H
I J K L M N O P Q R S T U V W X Y Z A B C D E F G
8 I J K L M N O P Q R S T U V W X Y Z A B C D E
F G H 9 J K L M N O P Q R S T U V W X Y Z A B C
D E F G H I 10 K L M N O P Q R S T U V W X Y Z A
B C D E F G H I J 11 L M N O P Q R S T U V W X Y
Z A B C D E F G H I J K 12 M N O P Q R S T U V W
X Y Z A B C D E F G H I J K L 13 N O P Q R S T U
V W X Y Z A B C D E F G H I J K L M 14 O P Q R S
T U V W X Y Z A B C D E F G H I J K L M N 15 P Q
R S T U V W X Y Z A B C D E F G H I J K L M N O
16 Q R S T U V W X Y Z A B C D E F G H I J K L M
N O P 17 R S T U V W X Y Z A B C D E F G H I J K
L M N O P Q 18 S T U V W X Y Z A B C D E F G H I
J K L M N O P Q R 19 T U V W X Y Z A B C D E F G
H I J K L M N O P Q R S 20 U V W X Y Z A B C D E
F G H I J K L M N O P Q R S T 21 V W X Y Z A B C
D E F G H I J K L M N O P Q R S T U 22 W X Y Z A
B C D E F G H I J K L M N O P Q R S T U V 23 X Y
Z A B C D E F G H I J K L M N O P Q R S T U V W
24 Y Z A B C D E F G H I J K L M N O P Q R S T U
V W X 25 Z A B C D E F G H I J K L M N O P Q R S
T U V W X Y 26 A B C D E F G H I J K L M N O P Q
R S T U V W X Y Z
11
a b c d e f g h i j k l m n o p q r s t u v w
x y z 1 B C D E F G H I J K L M N O P Q R S T U
V W X Y Z A 2 C D E F G H I J K L M N O P Q R S
T U V W X Y Z A B 3 D E F G H I J K L M N O P Q
R S T U V W X Y Z A B C 4 E F G H I J K L M N O
P Q R S T U V W X Y Z A B C D 5 F G H I J K L M
N O P Q R S T U V W X Y Z A B C D E 6 G H I J
K L M N O P Q R S T U V W X Y Z A B C D E F 7 H
I J K L M N O P Q R S T U V W X Y Z A B C D E F G
8 I J K L M N O P Q R S T U V W X Y Z A B C D E
F G H 9 J K L M N O P Q R S T U V W X Y Z A B C
D E F G H I 10 K L M N O P Q R S T U V W X Y Z A
B C D E F G H I J 11 L M N O P Q R S T U V W X Y
Z A B C D E F G H I J K 12 M N O P Q R S T U V W
X Y Z A B C D E F G H I J K L 13 N O P Q R S T U
V W X Y Z A B C D E F G H I J K L M 14 O P Q R S
T U V W X Y Z A B C D E F G H I J K L M N 15 P Q
R S T U V W X Y Z A B C D E F G H I J K L M N O
16 Q R S T U V W X Y Z A B C D E F G H I J K L M
N O P 17 R S T U V W X Y Z A B C D E F G H I J K
L M N O P Q 18 S T U V W X Y Z A B C D E F G H I
J K L M N O P Q R 19 T U V W X Y Z A B C D E F G
H I J K L M N O P Q R S 20 U V W X Y Z A B C D E
F G H I J K L M N O P Q R S T 21 V W X Y Z A B C
D E F G H I J K L M N O P Q R S T U 22 W X Y Z A
B C D E F G H I J K L M N O P Q R S T U V 23 X Y
Z A B C D E F G H I J K L M N O P Q R S T U V W
24 Y Z A B C D E F G H I J K L M N O P Q R S T U
V W X 25 Z A B C D E F G H I J K L M N O P Q R S
T U V W X Y 26 A B C D E F G H I J K L M N O P Q
R S T U V W X Y Z
Vigenere square
Keyword VOTEVOTEVOTEVOTEVOTE Plaintext
ihavethreestinkydogs Ciphertext
DVTZZHAVZSLXDBDCYCZW
12
  • This can still be cryptanalyzed
  • just N monoaphabetic substitution ciphers (N is
    length of key)
  • so, just solve the N monoaphabetic problems as
    before

Keyword VOTEVOTEVOTEVOTEVOTE Plaintext
ihavethreestinkydogs Ciphertext
DVTZZHAVZSLXDBDCYCZW
DZZDY
Do frequency analysis on these separately
VHSBC
TALDZ
ZVXCW
13
OK, so make the key longer. Make it as long as
the message !
Keyword VOTINGISIMPORTANTFOR Plaintext
ihavethreestinkydogs Ciphertext
DVTDRZPJMQPHAGKLWTUJ
If there are patterns in the key (for example,
words), the message can still be decrypted with
a bit of work.
14
However IF If the key is as long as the
message AND The key is completely random THEN
The encryption is perfect (cant be broken) !!!
This is called a One Time Pad
15
The proof that a one time pad gives perfect
security is simple Suppose you have the
ciphertext Since all keys are equally likely,
thenall decoded messages are equally likely !
Keyword ASDF Plaintext dogs Ciphertext DGJX
How message was encoded
Ciphertext DGJX Keyword ASDF Plaintext dogs
How it should be decodedgiven the correct key
Ciphertext DGJX Keyword BGQF Plaintext cats
How it could be decodedgiven an equally likely
key
16
Along come computers
Tailor made for both code making braking
Represent message as a list of numbers (bits)
andoperate on these with your favorite algorithm.
Computing engines were spawned from
code-breaking efforts during WW-II (Turing).
17
This is an example of Symmetric Key Encryption
Plaintext DEAD 1101 1110 1010 1101
?
Key BEEF 1011 1110 1110 1111

Ciphertext 0110 0000 0100 0010 6042
Ciphertext 6042 0110 0000 0100 0010
?
Key BEEF 1011 1110 1110 1111

Plaintext 1101 1110 1010 1101 DEAD
Real Simple Same key to encode and decode
18
SO Just generate a long one time pad
bitstream, do the simple XOR, and we have
perfect security.
This has two problems1) Its hard to generate
a long truly random bitstream. 2) Sender and
receiver must both have the same one time
pad (i.e. the key).
If we make the algorithm more sophisticated we
canmake the minimum length of a secure key much
shorter.
19
Suppose we have an algorithm that takes a block
of plaintextand converts it into a block of
ciphertext using an N bit key.
Suppose that changing any single bit in the key
completely changesthe ciphertext.
We could only break this bytrying all 2N
possible keys.
If N 128, the time required is way beyond the
age of the universe.
DES (Digital Encryption Standard)
20
DES
64 bit plaintext block
IP
L0
R0
32
32
K1 (derived from 56 bit key)
L1R0
R1L0 f(R0,K1)
repeat 16 times
K16 (derived from 56 bit key)
L16R15
R16L15 f(R15,K16)
IP-1
64 bit ciphertext block
21
IP (Initial Permutation)
22
L0
R0
32
32
48 bit subkey Generator K48 g(i,K56) (The key
for each round is deterministically found from
the input 56 bit key).
Expansion Permutation
48
48
48
S-Box Substitution
32
P-Box Permutation
32
32
32
L1
R1
23
32
Expansion Permutation
48
1
4
5
8
9
12
13
16
17
20
21
24
25
28
29
32
1
48
24
48
48
48
1
48
X-OR with 48 bit key
1
48
25
48
S-Box Substitution
32
1
48
S-box 1
S-box 2
S-box 3
S-box 4
S-box 5
S-box 6
S-box 7
S-box 8
1
4
5
8
9
12
13
16
17
20
21
24
25
28
29
32
26
How an S-Box works
S-box 1
Page select
27
32
P-Box Permutation
32
1
4
5
8
9
12
13
16
17
20
21
24
25
28
29
32
1
4
5
8
9
12
13
16
17
20
21
24
25
28
29
32
28
IP-1 (Final Permutation)
29
Initial Key Permutation
8
16
24
32
40
48
56
64
8
16
24
32
40
48
56
30
Key Split Shift Compress
8
16
24
32
40
48
56
K56
Shift left by Ni
Shift left by Ni
Ni 1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1
Shift accumulates every round
8
16
24
32
40
48
56
K48
8
16
24
32
40
48
31
DES Advantages
Very Fast Ideally suited for implementationin
hardware (bit shifts, look-ups etc).
Dedicated hardware (in 1996) couldrun DES at 200
Mbyte/s.
Well suited for voice, video etc.
32
DES Security
Not too good Trying all 256 possible keys is
not that hard these days.
(Thank the NSA for this)
If you spend 25k you can builda DES password
cracker that can will succeed in a few hours.
EFF
Back in 1975 this would have costa few billion
. It is widely believedthat the NSA did this.
Similar algorithms with longer keys are available
today (IDEA).
33
Other Issues
With any symmetric algorithm, the key must be
agreed upon by sender and receiver in a secure
way.
34
Modular Arithmetic to the RescueDiffieHellman
Key Exchange
  • How Alice and Bob want to come up with the same
    key by talking on the phone without giving it
    away to a third party listening to the
    conversation.
  • They agree on a large prime number p and a small
    integer g. These numbers are not secret.
  • Alice picks a large random integer a, and
    calculates A ga mod pAlice tells Bob what A
    is.
  • Bob picks a large random integer b, and
    calculates B gb mod pBob tells Alice what B
    is.
  • Alice computes Ka Ba mod p.
  • Bob computes Kb Ab mod p.
  • Low and behold Ka Kb gab mod p.
  • Someone spying on the phone can not get the key
    without knowing a and b, which were never spoken.
    Figuring out a and b from A, B, g, and p is as
    hard as it is to factor numbers the same size as
    p, hence p should be big (hundreds of digits).

35
Generating Huge Primes
  • Idea
  • Pick a big random number.
  • Test to see if its prime.

There are several probabilistic methods
Choose a possible prime p332095338784889512982936
21905948288497515233544999
Choose a witness random number a 7229265988
Calculate j a(p-1)/2 mod p ( 1 in this
case)
If j 1 or 1 then the chance that p is not
prime is no more than 50
Choose another a and test again. Repeat until
desired confidence is reached.
36
Are there enough Huge Primes?
  • YES!
  • For numbers near n the chance of a number being
    prime is one in ln(n)
  • There are about 10150 prime numbers containing
    512 bits (155 digits).
  • If every atom in the universe needed a billion
    primes every microsecond from the beginning of
    time until now, we would only use 10110 primes.

37
Public Key CryptographyRSA (Rivest, Shamnir,
Adleman 1977)
  • IDEA Alice has a public encryption key that
    everyone knows, and a private decryption key
    that only she knows. Bob looks up her public
    key, encrypts his message, and sends it to her.
    She decrypts it with her private key.
  • Pick two large prime numbers p and q. These are
    secret.
  • Calculate n pq
  • Pick another number e such that e and (p-1)(q-1)
    are relatively prime.
  • The numbers n and e make up your public key.
    Publish them!
  • Calculate d such that ed 1 mod (p-1)(q-1)
    i.e. d e-1 mod (p-1)(q-1)
  • The number d is your private key.

example
This is what happens when you buy a book from
Amazon.com
38
RSA Drawbacks
  • RSA is slow (i.e. computationally
    intensive).Message must be broken into chunks
    n in size, and each block is encrypted separately.

Does not really lend itself to hardware
implementation Most RSA chips (in 1996) needed
106 clock cyclesper 512 bit encryption.
39
RSA Security
  • RSA is secure because its very hard to factor n
    to find p and q if n is sufficiently big.
    (Discrete logarithms).

Sufficiently Big means 2048 bits
Hard means that all the computers on earth
could not do it inthe age of the universe.
Symmetric key algorithms can provide the same
raw securitywith key-lengths between 64 and
128 bits.
40
The PGP Solution(had Phil Zimmerman in very hot
water from 1992 to 1996)
  • PGP Pretty Good Privacy
  • Use IDEA for encryption (similar to DES except
    128 bit key)
  • Use RSA for key IDEA key-exchange. (RSA
    key-lengths up to 2048 bits supported).

Made available as freeware (www.pgp.com).In 1993
Zimmerman was charged with illegally exporting
weapons.
The FBI DOJ hounded him until 1996 whenthe
charges were dropped.
41
Todays Issues
  • CLIPPER CAPSTONE
  • Encryption chips developed by the NSA.
  • Uses Escrowed Encryption Standard (EES)
  • Each chip has a back door that the government
    has a key to.They can use this key in the same
    sense as they can now do a phone wiretap.

Not very popular, not (yet) required by law.
(These things really piss off the encryption
community the NSA loves them)
Tempest
42
Quantum Cryptography(Kwiat _at_ UIUC !)
How Bob and Alice can agree on a perfectly secret
one-time pad
Suppose Alice can send binary information
usingpolarized photons.
There are 2 distinct encodingschemes and x.
0
1
0
1
43
Quantum Cryptography(Kwiat _at_ UIUC !)
Alice randomly switches between and x schemes,
and sends arandom string of 1s and 0s to Bob.
(Alice keeps track of the schemes she used and
the bits she sent).
0
1
1
0
1
0
0
0
0
1
44
Quantum Cryptography(Kwiat _at_ UIUC !)
Bob measures these photons with his own random
choice ofscheme (he does not know what Alice has
done). Sometimes he gets it right, sometimes he
gets it wrong
Alicesmessage
0
1
1
0
1
0
0
0
0
1
Bobmeasures
0
1
0
1
1
0
0
1
0
0
45
Quantum Cryptography(Kwiat _at_ UIUC !)
Alice phones Bob and tells him how her schemes
were chosen. Bob tell Alice which schemes he
guessed right. Considering only these, they now
agree on a subset of bits sent.
Alicesmessage
0
1
0
0
0
1
Bobmeasures
0
1
0
0
0
1
46
Quantum Cryptography(Kwiat _at_ UIUC !)
Someone listening on the phone only knows which
schemes wereused, but not what the polarization
was. Any attempt to intercept photons will alter
their state, which Alice and Bob can detect by
comparing some of their bits to make surethey
agree (and discarding these).
0
1
0
0
0
1
One time pad !
Write a Comment
User Comments (0)
About PowerShow.com