1 / 99

Lecture 3 Introduction to Cryptography

Lecture 3 Introduction to Cryptography. Outline. basics of cryptology private key cryptography public key cryptography digital signatures. Why Study cryptology(1). A. B. Intruder. Communications security. Why Study cryptology(2). Customer. Merchant. TTP. Electronic Commerce Security.

ethel
Télécharger la présentation

Lecture 3 Introduction to Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 3Introduction to Cryptography

  2. Outline • basics of cryptology • private key cryptography • public key cryptography • digital signatures

  3. Why Study cryptology(1) A B Intruder Communications security

  4. Why Study cryptology(2) Customer Merchant TTP Electronic Commerce Security

  5. Why Study cryptology(3) A B LEA Law enforcement

  6. The Basic Problem • We consider the confidentiality goal: • Alice and Bob are Friends • Marvin is a rival • Alice wants to send secret messages (M1,M2,…) to Bob over a network such as Internet • Rival Marvin wants to read the messages (M1,M2,…) - Alice and Bob want to prevent this! • Assumption: The network is OPEN: Marvin is able to eavesdrop and read all data sent from Alice to Bob. • Consequence: Alice must not send messages (M1,M2,…) directly – they must be “scrambled” or encrypted using a ‘secret code’ unknown to Marvin but known to Bob.

  7. Basic terms • cryptology (to be very precise) • cryptography --- designing • cryptanalysis --- code breaking • cryptologist • cryptographer • cryptanalyst • encryption/encipherment • scrambling data into unintelligible to unauthorised parties

  8. Basic terms (2) • decryption/decipherment • un-scrambling • cipher/cryptosystem

  9. A short history • dividing line is 1976/77 • classic ~1976/77 • 1976: Diffie & Hellman discovered public key cryptography • 1977: National Bureau of Standards published DES (Data Encryption Standard) • modern 1976/77 ~ today

  10. History (2) • the word of “cipher”--- from Greek (secret writing) • ancient Egypt, Julius Caesar, ... • WWII • Enigma cipher machine • broken by British team including Alan Turing • Purple cipher • broken by US, led to the death of Yamamoto • Mainly for war, diplomacy & politics

  11. Types of ciphers • private key cryptosystems/ciphers • public key cryptosystems/ciphers

  12. Examples of “Messages” • Types of secret “Messages” Alice might want to send Bob (in increasing length): • Decision (yes/no), eg as answer to the question “Are we meeting tomorrow?” • Numerical Value, eg as answer to the question “at what hour are we meeting?” • Document • Software, • Images etc.

  13. Representation of Data (1) • Before encryption, messages must be represented in a standard way. • A representation code for a set of messages is: • A code which associates each possible message to a unique representing string of symbols • The symbols are elements of an “alphabet” • English Letter alphabet = {A,B,C,…,X,Y,Z} (26 elements) • Decimal digit alphabet = {0,1,…,9} (10 elements) • Binary digit (bit) alphabet = {0,1} (2 elements) • Assumption: The message representation code is NOT secret and is known to everyone, including Marvin!

  14. Representation of Data (2) • Example 1: • Set of Messages = {yes, no} (Decisions) • Symbol Alphabet = {0,1} (bit alphabet) • Representation Code: • 0 = yes, 1 = no • Example 2: • Set of messages = {English text} • Symbol alphabet = {A,B,…,Y,Z} (letters) • Representation code: Leave as is.

  15. Representation of Data (3) • Example 3: • Set of Messages = {English text} • Symbol Alphabet = {0,1} (bits) • Representation Code: • Convert each English letter in text to an 8-bit ASCII code, and concatenate the 8-bit codes. • Example 4: • Set of Messages = {0,1,…,1000} • Symbol Alphabet = {0,1} (bits) • Representation code: binary base system • Represent number x as string of 10 bits where: • Eg x = 734 is encoded as 1011011110

  16. Private key cipher Encryption Decryption Encrypted message (ciphertext) Encrypted message (ciphertext) E Alice D Bob key Message (cleartext, plaintext) Message (cleartext,plaintext)

  17. Concepts • a private key cipher is composed of two algorithms • encryption algorithm E • decryption algorithm D • the same key K is used for encryption & decryption • K has to be distributed beforehand

  18. Notations • encrypt a plaintext P using a key K & an encryption algorithm E C = E(K,P) • decrypt a ciphertext C using the same key K and the matching decryption algorithm D P = D(K,C) • Note: P = D(K,C) = D(K, E(K,P))

  19. Classic ciphers • substitution ciphers • monoalphabetic ciphers • polyalphabetic ciphers • transposition (permutation) ciphers • product ciphers • using both • substitution, and • transposition

  20. The Caesar cipher • The Caesar cipher is a substitution cipher, named after Julius Caesar. • Operation principle:each letter is translated into the letter a fixed number of positions after it in the alphabet table. • the fixed number of positions is a key both for encryption and decryption.

  21. The Caesar cipher (cnt’d) Outer: plaintext Inner: ciphertext

  22. The Caesar cipher (cnt’d) K=3

  23. An example • for a key K=3,plaintext letter: ABCDEF...UVWXYZciphtertext letter: DEF...UVWXYZABC • HenceTREATY IMPOSSIBLEis translated intoWUHDWB LPSRVVLEOH

  24. An exercise • Using the Caesar cipher to encode the following message under a key K=5WAR STARTS TOMORROW

  25. Breaking the Caesar cipher • by trial-and error • by using statistics on letters • frequency distributions of lettersletter percentA 7.49%B 1.29%C 3.54%D 3.62%E 14.00%..................................

  26. 4 types of cryptanalysis • depending on what a cryptanalyst has to work with, attacks can be classified into • ciphertext only attack • known plaintext attack • chosen plaintext attack • chosen ciphertext attack (most severe)

  27. 4 types of attacks (2) • ciphertext only attack • the only data available is a target ciphertext • known plaintext attack • a target ciphertext • pairs of other ciphertext and plaintext (say, previously broken)

  28. 4 types of attacks (3) • chosen plaintext attacks • a target ciphertext • can feed encryption algorithm with plaintexts and obtain the matching ciphertexts • chosen ciphertext attack • a target ciphertext • can feed decryption algorithm with ciphertexts and obtain the matching plaintexts

  29. Two Main Types of Secrecy • Types of secrecy a cipher can offer: • Perfect Secrecy: For these ciphers Marvin cannot determine the message M even with unlimited computation time • Decrypting C with all possible keys K gives many possible messages, all reasonable candidates for the actual message M • One of the decrypted messages is M, but Marvin has no way to tell which one is the actual message encrypted by Alice! • Example: Caesar cipher with all 26 possible keys equally likely and message being just ONE letter (26 possible messages). • Eg Given ciphertext A, corresponding plaintexts under keys {0,1,2,…,25} are {A,B,C,…,X,Y,Z}.

  30. Two Main Types of Secrecy (2) • Unfortunately, ciphers achieving perfect secrecy are not practical in most cases: • May require very long keys (eg as long as message) • Cannot withstand known plaintext attacks (or stronger) • Instead, most common are ciphers aiming to achieve: • Computational Secrecy: Marvin cannot determine the message M unless he performs an unfeasible amount of computation (eg it would take 10,000 years for Marving to determine M using the fastest supercomputer!) • This can be achieved under all 4 possible attack scenarios, and using quite short keys!

  31. Breaking classic ciphers • with the help of fast computers, 99.99% ciphers used before 1976 are breakable by using one of the 4 types of attacks. • The first computer designed by Alan Turing was used to break the Enigma cipher in WWII.

  32. Modern private key ciphers • DES (US, 1977) • key -- 56 bits, plaint/ciphertext -- 64 bits • IDEA (Lai & Massey, Swiss, 1991) • key -- 128 bits, plaint/ciphertext -- 64 bits • LOKI (ADFA, Australia, 1989) • key, plaint/ciphertext -- 64 bits • FEAL (NTT, Japan, 1990) • key -- 128 bits, plaint/ciphertext -- 64 bits

  33. The SPEED Cipher • designed by Y Zheng in 1996 • SPEED stands for “Secure Package for Encrypting Electronic Data” • length of a Key • 48,64,80,…,256 bits • length of a plaintext/ciphertext • 64 bits, or • 128 bits, or • 256 bits

  34. DES Encryption (Pfleeger, P.114)

  35. 0 0 = 0 1 1 = 0 0 1 = 1 1 0 = 1 Bit-wise exclusive-or (XOR) 101010111 110000010 011010101

  36. Encryption using DES • a 56-bit key K is expanded into 16 subkeys, each 48 bits (K1, K2, ..., K16) • Encryption consists of 16 rounds, each using a different 48-bit subkey • Both a plaintext & a ciphertext are 64 bits long

  37. DES as an iterative cipher plaintext 0101101010111011 0101101010111011 after round 1 0101101010111011 after round 2 after round 3 0101101010111011 after round 4 0101101010111011 after round 16 0101101010111011 ciphertext 0101101010111011

  38. Decryption using DES • Similar to encryption, except that the order in which the subkeys are used is reversed, namely, (K16, K15, ..., K2, K1)

  39. DES Decryption

  40. DES decryption illustrated plaintext 0101101010111011 0101101010111011 after round 16 0101101010111011 after round 15 0101101010111011 after round 14 0101101010111011 after round 13 after round 1 0101101010111011 ciphertext 0101101010111011

  41. Public Key Cryptosystems & Digital Signatures

  42. Outline • Why public key cryptography ? • general principles of public key cryptography • the RSA public key cryptosystem • examples of RSA

  43. Private key cipher Encryption Decryption Encrypted message (ciphertext) Encrypted message (ciphertext) E Alice D Bob key Message (cleartext, plaintext) Message (cleartext,plaintext)

  44. Problems with private key ciphers • In order for Alice & Bob to be able to communicate securely using a private key cipher, such as DES, they have to have a shared key in the first place. • Question: What if they have never met before ? • Alice needs to keep 100 different keys if she wishes to communicate with 100 different people

  45. A question • Consider a group of n people, each wishing to communicate securely with all other members in the group, by using a private key cipher, say DES. • How many different secret keys does each member of the group have to keep ? • What’s the total number of different secret keys that have to be kept by all members of the group ?

  46. Motivation of Diffie & Hellman • Is it possible for Alice & Bob, who have no shared secret key, to communicate securely ? • This led to the SINGLE MOST IMPORTANT discovery in the history of secure communications:W. Diffie & M. Hellman: New Directions in Cryptography, IEEE Transactions on Information Theory, Vol. IT-22, No.6, Nov. 1976, pp.644-654.

  47. Main ideas • Bob: • publishes, say in Yellow/White pages, his • public (encryption) key, and • encryption algorithm. • keeps to himself • the matching secret (decryption) key.

  48. Main ideas (2) • Alice: • Looks up the phone book, and finds out Bob’s • public (encryption) key, and • encryption algorithm. • Encrypts a message using Bob’s public key and encryption algorithm. • sends the ciphertext to Bob.

  49. Main ideas (3) • Bob: • Receives the ciphertext from Alice • Decrypts the ciphertext using his secret decryption key, together with the decryption algorithm

  50. Network Public Key Cryptosystem Key Directory (Yellow/White Pages) Bob: Cipher Text Cipher Text Plain Text Plain Text D E Secret Key Alice Bob

More Related