1 / 78

Overview of Cryptography

Overview of Cryptography. Part 1: Concepts and Principles Part 2: Symmetric Cryptography. Meaning of Cryptography . from Greek Cryptos: secret, hidden graphos: writing cryptography: study (some calls science or art too) of secret writing. Basics. Encryption key. Decryption key.

gili
Télécharger la présentation

Overview of Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Overview of Cryptography Part 1: Concepts and Principles Part 2: Symmetric Cryptography

  2. Meaning of Cryptography • from Greek • Cryptos: secret, hidden • graphos: writing • cryptography: study (some calls science or art too) of secret writing

  3. Basics Encryption key Decryption key Encryption (Encipherment) Decryption (Decipherment) Message (plaintext cleartext) Ciphertext (cryptogram) plaintext

  4. Basic Terminology • plaintext - the original message • ciphertext - the coded message • cipher - algorithm for transforming plaintext to ciphertext • key - info used in cipher known only to sender/receiver • encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering plaintext from ciphertext • cryptography - study of encryption principles/methods • cryptanalysis (codebreaking) - the study of principles/ methods of deciphering ciphertext without knowing key • cryptology - the field of both cryptography and cryptanalysis

  5. Kerckhoffs’ principles “The security of a cipher must not depend on anything that cannot be easily changed” “The opponent is not to be underestimated. In particular, the opponent knows the encryption and decryption algorithms. So the strength of a cipher system depends on keeping the key information secret, not the algorithm” Auguste Kerckhoff, 1883

  6. Open discussion • Published algorithm vs. unpublished algorithm

  7. Characteristics of Cryptosystems • types of operations for transformation into ciphertext • substitution • transposition • product • multiple stages of substitutions and transpositions • number of keys used • single-key or private key • two-key or public key • the way in which plaintext is processed • block • stream

  8. Attacks on Ciphers • Brute-force • try all possible keys until solved • Cryptanalytic attacks • use • nature of algorithms • knowledge about general characteristics of plaintext • some sample plaintext-ciphertext pairs • Generally statistical techniques • aim • learn a specific plaintext • learn the key (that makes all past and future communication vulnerable)

  9. Types of Cryptanalytic Attacks

  10. A good algorithm… • resists ciphertext-only and known-plaintext attacks • Actually, no algorithm, but one is proven to be unconditionally secure • only one-time pad

  11. Unconditionally Secure Encryption Scheme • No matter • how much ciphertext is available to opponent • how much time and computing power that opponent has • it is impossible for the opponent to decrypt the ciphertext • because there is no statistical relationship between the ciphertext and plaintext • Only one-time pad is unconditionally secure

  12. A Practical Encryption Scheme • should be computationally secure • the cost of breaking the cipher exceeds the value of encrypted information • the time required to break the cipher exceeds the useful lifetime of the information • assumes the processing powers are limited and estimated breaking time is impractically long (millions of years!)

  13. Brute Force Search • simply try every key • On average, half of the key space is searched until an intelligible translation is found

  14. Symmetric Encryption • also known as • classical • conventional • private-key • single-key • sender and recipient share a common key • was only type prior to invention of public-key cryptography • until second half of 1970’s

  15. Symmetric Cipher Model there must be a secure mechanism for the distribution of this key a priori

  16. Requirements • two requirements for secure use of symmetric encryption: • a strong encryption algorithm • a secret key, K, known only to sender and receiver Y = EK(X) //another notation E(K, X) X = DK(Y) //another notation D(K, Y) • assumes encryption algorithm is known • implies a secure channel to distribute key

  17. Historical secret key cryptography - 1 • Pre-DES (before mid-70’s) • Substitution and Permutation techniques • Substitution: each letter/symbol is replaced by another one • Permutation: same letters/symbols, but their orders are mixed • inspired DES and other modern block ciphers. Now, only has a theoretical value! • earliest known is Caesar's cipher • replace each letter by the one with 3 letters (circularly) down in the alphabet • a becomes d, b becomes e, …, y becomes b, z becomes c • no key • Substitution technique

  18. Historical secret key cryptography - 2 • Make the offset the key • 25 keys • easy to try • Monoalphabetic ciphers • shuffle the letters arbitrarily based on a 26 letters long key Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN Plaintext: ifwewishtoreplaceletters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

  19. Historical secret key cryptography - 3 • Security of Monoalphabetic ciphers • 26! = 4*1026 different keys • but still insecure due to redundancies in the natural languages • some letters or letter pairs/triples occur more than others • ciphertext reflects those characteristics • cryptanalysis is based on this fact and it really works • see the example on pages 65,66, 67 and 68 of the textbook

  20. Historical secret key cryptography - 4 • Playfair cipher • improves security by encrypting the letters 2 by 2 (called digrams) • e.g. hs encrypts to BP • 26*26 = 676 digrams • cryptanalysis should be based on the frequency of the digrams which is more difficult than monoalphabetic crypto • invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair • widely used for many years • by British army in WW1 as a standard system • also used (among other systems) in WW2 by the US Army and other allied forces

  21. Historical secret key cryptography - 5 • Polyalphabetic substitution ciphers • different monoalphabetic substitutions as proceeding through the plaintext • key determines which monoalphabetic substitution rule to be applied to each letter • Famous example is Vigenère cipher key: deceptivedeceptivedeceptive plaintext: wearediscoveredsaveyourself ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ • makes cryptanalysis harder • multiple ciphertext letters for the same plaintext letter • frequency distribution is kind of obscured, but cryptanalysis is still possible

  22. Vigenere Table

  23. Historical secret key cryptography - 6 • Transposition(or permutation) ciphers • hide the message by rearranging the letter order without altering the actual letters • same frequency distribution as the original text • cryptanalysis is possible • Example scheme: write letters of message out in rows over a specified number of columns • then reorder the columns according to some key before reading off the rows Key: 4 3 1 2 5 6 7 Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m x y z Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

  24. Towards modern cryptography - 1 • Vernam cipher • AT&T’s Gilbert Vernam invented in 1918 • treats the messages as binary data • XOR the plaintext with the key • reversible • very long key in tapes • repetitions possible for long messages • cryptanalysis is hard but possible with sufficient amount of ciphertext

  25. Towards modern cryptography - 2 • One-time pad • key is random and as long as the plaintext • key is not re-used • unconditionally secure • ciphertext bears no statistical relationship to the plaintext • for a given ciphertext, there exists several intelligible decryptions that use different keys • even brute-force does not work, since it is not possible to understand which decryption is the correct one • generally, data and key are represented in binary and they are bitwise XORed • Problems of one time pad in practice • large amount of random number generation • protection and safe distribution of those keys

  26. Towards modern cryptography - 3 • Rotor machines • basic idea: multiple stages of substitutions • were widely used in WW2 • German (Enigma), Japan (Purple) • implemented as a series of cylinders that move after each letter is encrypted • each cylinder represents a substitution alphabet • 3 cylinders = 26*26*26 = 17576 different substitution alphabets • this number is even bigger for 4 and 5 cylinders

  27. Towards modern cryptography - 4

  28. Towards modern cryptography - 5 • Product ciphers • general name for having multiple stages of substitutions, permutations or both • aim: to make cryptanalysis difficult by having irregularities in the cipher • rotor machine is an example • this idea led to Fiestel cipher and DES (Data Encryption Standard) • bridge between classical and modern ciphers

  29. Towards modern cryptography - 5 • Product ciphers

  30. Modern Ciphers • Block ciphers vs. Stream Ciphers • Block ciphers operate on a block of data • entire block must be available before processing • Stream ciphers process messages one bit or byte at a time when en/decrypting • need not wait the entire block • Most ciphers are block ciphers • but it is possible to use a block cipher as a stream cipher (in some modes of operations that we will see later)

  31. DES (Data Encryption Standard) • most widely used block cipher in world • adopted in 1977 by NBS (now NIST) • as FIPS PUB 46 • encrypts 64-bit data using 56-bit key • has widespread use • There has been considerable controversy over its security

  32. DES – Black box view

  33. DES History • IBM developed Lucifer cipher • by team led by Horst Feistel (1971) • used 64-bit data blocks with 128-bit key • then redeveloped as a commercial cipher with input from NSA and others • in 1973 NBS issued request for proposals for a national cipher standard • IBM submitted their revised Lucifer which was eventually accepted as the DES • 56-bit key size! • recertified in 1983, 1987 and 1993 • 3-DES (triple DES) has been issued as a new standard in 1999

  34. DES Controversy • Controversy over design • in choice of 56-bit key (vs Lucifer 128-bit) • design criteria (of the S-boxes) were classified • S-boxes were fine • but 56-bits became problem for DES as time goes by • due to advances in cryptanalysis and electronics • back in 1998 a project funded ($220K) by EFF (Electronic Frontier Foundation) broke DES in less than three days

  35. Design of DES • is not our concern in this course • neither the details of cryptanalysis of DES • will give only basic characteristics of DES in the next few slides

  36. DES Characteristics • DES is basically a product cipher • several rounds of substitutions and permutations • actually not that simple  • originally designed for hardware implementation • software implementations validated in 1993 • but software DES is slow

  37. DES Characteristics • DES shows strong avalanche effect • one bit change in the input affects on average half of the output bits • to make attacks based on guessing difficult • S-boxes are non-linear • provides confusion • i.e. makes relationship between ciphertext and key as complex as possible

  38. Other Important Symmetric Ciphers • AES (Rjindael) • 3DES (Triple DES) • Blowfish • RC5 • IDEA • RC4

  39. What happened after DES • Replacement for DES was needed • vulnerability to cryptanalysis and practical brute-force attacks • AES is the new standard (will see) • But took some time to standardize and deploy • Meanwhile, some other ciphers are also used in practice (will briefly discuss too) • But we still needed an immediate replacement of DES that can be standardized and deployed easily • This was 3DES

  40. 3DES (Triple DES) • Another method for a strong cipher • use multiple encryption with DES with different keys • to preserve the investment in DES • for quicker deployment • Triple DES is chosen as a standard method • Standardized by ANSI, ISO and NIST

  41. Why not double DES? • Double DES • use DES two times with two different keys • Does not work due to meet-in-the-middle attack (which is a known-plaintext attack) • X = EK1[P] = DK2[C] • Try all possible K1’s on P to create all possible X’s and store them sorted • Try all possible K2’s on C and match with above table • may create some false-alarms, so do the same attack for another plaintext-ciphertext pair • If the same K1-K2 pairs match for the second plaintext-ciphertext pair, then the correct keysare most probably found • complexity of this attack is close to the complexity of the single-DES brute-force attack, so double-DES is useless

  42. Triple-DES • Three stages of DES • with two different keys • some attacks are possible but impractical • Merkle and Hellman, 1981 • 256 trials, but requires 256 plaintext-ciphertext pairs • Oorschot and Wiener, 1990 • 2120/n trials, where n is the number of plaintext-ciphertext pairs • with three different keys • Attack complexity increasesand becomes impractical

  43. Triple-Des with two keys • E-D-E sequence • use of decryption at the second stage does not reduce/increase the security • Why decryption in the middle stage?

  44. Triple-DES with three keys • For those who feel some concern about the attacks on two-key 3-DES • E-D-E sequence C = EK3[DK2[EK1[P]]] • has been adopted by some Internet applications, eg PGP, S/MIME

  45. Blowfish • Developed by Bruce Schneier • author of the book Applied Cryptography • 64-bit of block size • Key size is variable • one to fourteen 32-bit blocks • 32 to 448 bits • provides a good trade-off between security and performance • Fast and compact • Has been implemented in numerous products • including GnuPG, SSH • see http://www.schneier.com/blowfish-products.html • no known practical security problems

  46. RC5 • Ron’s Code 5 • developed by Ron Rivest who is also co-inventor of RSA cryptosystem • owned and extensively used by RSA Inc. • highly parametric • word oriented processing that uses primitive operations that can be found in instruction sets of almost all microprocessors

  47. RC5-w/r/b • RC5 is actually a family of algorithms • Parameters: w, r, b • w: Word size • 16, 32 or 64 bits • block size is 2*w • r: Number of rounds • 0 .. 255 • b: key size in octets • 0 .. 255 • RC5 as suggested by Rivest is • RC5-32/12/16 • 32-bit words (i.e. 64 bit blocks), 12 rounds, 128-bit key size

  48. IDEA • International Data Encryption Algorithm • Lai and Massey of ETH Zurich (Swiss Federal Institute of Technology), 1990/91 • 64-bit blocks, 128-bit key size • one of the early 128-bit algorithms • not US originated, so no export restrictions • used widely in PGP

  49. AES (Advanced Encryption Standard) • Replacement needed for DES • reasons discussed before • 3DES is a solution, but temporary • 3DES is slow in software • 3DES uses small blocks that makes even slower • Need a new standard cipher

  50. AES Events in Chronological Order • NIST issued call for a standard cipher in 1997 • international • 15 candidates (out of 21) accepted in June 98 • A shortlist of 5 selected in August 99 • Rijndael (from Belgium) was selected as the AES in October 2000 • issued as FIPS PUB 197 standard in November 2001

More Related