Lecture 2 Cryptology

 Network Security( )  user name for students :guestnws  pwd : guestnws2012 E-learning

 Cryptology, the study of cryptosystems  can be subdivided into two disciplines:  Cryptography  cryptanalysis  Cryptography : concerns itself with the design of cryptosystems  Cryptanalysis: (code breaking) studies the breaking of cryptosystems Cryptology

 crypt— comes from the Greek word kryptos, meaning hidden or secret. Cryptography

 Cryptography History DAVID KAHN at 1976 said at “coder breaker” : Cryptology was born among the Arabs. They were the first to discover and write down the methods of cryptanalysis وقد نشر مجمع اللغة العربية ، بدمشق الجزء الأول من الكتاب ” علم التعمية و استخراج المعمى ” ، سنة ١٩٨٧ ونشر الجزء الثاني سنة ١٩٩ 7 للدكتور : محمد مراياتي ويحيى ميرعلم و محمد حسان الطيان

 About 1900 BC An Egyptian scribe used non-standard hieroglyphs in an inscription.  Julius Caesar ( BC) used a simple substitution with the normal alphabet (just shifting the letters a fixed amount) in government communications History

 The Enigma machine was not a commercial success but it was taken over and improved upon to become the cryptographic workhorse of Nazi Germany.  rotor cipher machines used for the encryption and decryption of secret messages.  Enigma was invented by German engineer Arthur Scherbius at the end of World War I History

 1976 A design by IBM based on the Lucifer cipher and with changes (including both S-box improvements and reduction of key size) by the US NSA, was chosen to be the U.S. Data Encryption Standard. History

 1976 Whitfield Diffie and Martin Hellman published ``New Directions in Cryptography'', introducing the idea of public key cryptography History

Cryptography

 Cryptography or Encryption  Encryption, process of converting messages, information, or data into a form unreadable by anyone except the intended recipient.  Encrypted data must be deciphered, or decrypted, before it can be read by the recipient. Cryptography

 two requirements for secure use of symmetric encryption:  a strong encryption algorithm  a secret key known only to sender / receiver  mathematically have: Y = E K (X) X = D K (Y)  assume encryption algorithm is known  implies a secure channel to distribute key 12 Cryptography : Requirements

 plaintext - original message  ciphertext - coded message  cipher-algorithm : for transforming plaintext to ciphertext  key - info used in cipher known only to sender/receiver  encipher (encrypt) - converting plaintext to ciphertext  decipher (decrypt) - recovering ciphertext from plaintext 13 Cryptography :Some Basic Terminology

Cryptanalysis

objective to recover key not just message is the art and science of analyzing information systems in order to study the hidden aspects of the systemsinformation systems general approaches: ◦ cryptanalytic attack rely on the nature of the algorithm plus perhaps some knowledge of the general characteristics of the plaintext or even some sample plaintext- ciphertext pairs. ◦ Brute-force attack try every possible key on a piece of cipher text until an intelligible translation into plaintext is obtained. 15 Cryptanalysis

 ciphertext only  only knows algorithm & ciphertext  known plaintext  know/suspect plaintext & ciphertext  chosen plaintext  select plaintext and obtain ciphertext  chosen ciphertext  select ciphertext and obtain plaintext  chosen text  select plaintext or ciphertext to en/decrypt 16 Cryptanalytic Attacks

 always possible to simply try every key  most basic attack, proportional to key size  assume either know / recognise plaintext 17 Brute Force Search Key Size (bits)Number of Alternative Keys Time required at 1 decryption/µs Time required at 10 6 decryptions/µs = 4.3  µs= 35.8 minutes2.15 milliseconds = 7.2  µs= 1142 years10.01 hours = 3.4  µs= 5.4  years 5.4  years = 3.7  µs= 5.9  years 5.9  years 26 characters (permutation) 26! = 4   µs= 6.4  years 6.4  10 6 years

Classic techniques

 Substitution  Transposition 19 Cryptography : The main two basic techniques

 Substitution : where letters of plaintext are replaced by other letters or by numbers or symbols  or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with cipher text bit patterns 20 Classical Substitution Ciphers

 Transposition or Permutation ciphers : these hide the message by rearranging the letter order without altering the actual letters used can recognise these since have the same frequency distribution as the original text. 21 Transposition Ciphers

Example for Substitution

 earliest known substitution cipher  by Julius Caesar  first attested use in military affairs  replaces each letter by 3rd letter on  example: Me e t m e a f t e r t h e t o g a p a r t y P H H W P H D I W H U W K H W R J D S D U W B 23 Caesar Cipher

 then have Caesar cipher as: c = E(p) = (p + k) mod (26) p = D(c) = (c – k) mod (26) 24 Caesar Cipher

 can define transformation as: a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C  mathematically give each letter a number a b c d e f g h i j k l m n o p q r s t u v w x y z  then have Caesar cipher as: c = E(p) = (p + 3) mod (26) If p= a= 0, E(a) = (0+3) mod 26 = 3 = D 25 Caesar Cipher

a b c d e f g h i j k l m n o p q r s t u v w x y z abcdefghijklmnopqrstuvwxyz

 Let k= 10  Encrypt the following “Hello” 27 Caesar Example

 Let k= 10  Encrypt the following “Hello”  H E L L O  (MOD 26) R O V V Y 28 Caesar Example

 Let k= 9  Encrypt the following “SUN” 29 Caesar Example

 Let k= 9  Encrypt the following “SUN” S U N (MOD 26) B D W 30 Caesar Example

 Let the cipher text = “IFMMP” and k =1  What is the plain text?  P= (C-1) mod 26  P = Hello 31 Caesar Example

only have 26 possible ciphers ◦ A maps to A,B,..Z could simply try each in turn a brute force search given ciphertext, just try all shifts of letters do need to recognize when have plaintext eg. break ciphertext "GCUA VQ DTGCM" 32 Cryptanalysis of Caesar Cipher

GCUAVQDTGCM AWOUPKXNAWG BXPVQLYOBXH CYQWRMZPCYI DZRXSNAQDZJ EASYTOBREAK FBTZUPCSFBL GCUAVQDTGCM HDVBWREUHD IEWCXSFVIE JFXDYT gWJF KIYEZU hX LJZFAV IY MKAGBW jZ NLBH X kA OMc I y lB PN dJ z mC QO eK a nD R p f l b oE S q g m c pF T r h n d qG U s I o e rH V t j p f sI W u k q g tJ X v l r h uK Y w m s I vL Z x n t j wM 33 Example for fun

GCUAVQDTGCM AWOUPKXNAWG BXPVQLYOBXH CYQWRMZPCYI DZRXSNAQDZJ EASYTOBREAK FBTZUPCSFBL GCUAVQDTGCM HDVBWREUHD IEWCXSFVIE JFXDYT gWJF KIYEZU hX LJZFAV IY MKAGBW jZ NLBH X kA OMc I y lB PN dJ z mC QO eK a nD R p f l b oE S q g m c pF T r h n d qG U s I o e rH V t j p f sI W u k q g tJ X v l r h uK Y w m s I vL Z x n t j wM 34 Example for fun

Example of Transposition Ciphers 35

 write message letters out diagonally over a number of rows  then read off cipher row by row  eg. write message out as: m e m a t r h t g p r y e t e f e t e o a a t  giving ciphertext MEMATRHTGPRYETEFETEOAAT 36 Rail Fence cipher

 a more complex transposition  write letters of message out in rows over a specified number of columns (key length)  Then reorder the columns according to some key before reading off the rows Key : Plain text : the simplest possible transpositions. 37 Row Transposition Ciphers

 Make the statement in 5 columns:  “the simplest possible transpositions” 38 Row Transposition Ciphers THESI MPLES TPOSS IBLET RANSP OSITI ONSXX

39 Row Transposition Ciphers THESI MPLES TPOSS IBLET RANSP OSITI ONSXX STIEH EMSLP STSOP EITLB SRPNA TOIIS XOXSN

Make the statement in 5 columns: 40 Row Transposition Ciphers Key: Cipher: STIEH EMSLP STSOP EITLB SRPNA TOIIS XOXSN STIEH EMSLP STSOP EITLB SRPNA TOIIS XOXSN

12345 THESI MPLES TPOSS IBLET RANSP OSITI ONSXX 41 The same plain with another key TIESH MSLEP TSOSP ITLEB RPNSA OIITS OXSXN The key : The cipher is :TIESH MSLEP TSOSP ITLEB RPNSA OIITS OXSXN

 Plain text : " laser beams can be modulated to carry more intelligence than radio”  Key is: Row transposition : Example 1

 " laser beams can be modulated to carry more intelligence than radio” 43 Row transposition : Example EBRESAL BNACSMA ALUDOME ACOTDET EROMYRR ILLETNI HTECNEG OIDARNA

 KEY : Row transposition : Example EBRESAL BNACSMA ALUDOME ACOTDET EROMYRR ILLETNI HTECNEG OIDARNA ERALESB BAMACSN AUMEDOL AOETTDC EORRMYR ILNIETL HEEGCNT ODNAARI

Solution is : “bselare nscamab lodemua cdtteoa rymrroe lteinli tncg eeh iraando” 45 Row transposition : Example ERALESB BAMACSN AUMEDOL AOETTDC EORRMYR ILNIETL HEEGCNT ODNAARI

 Let  key : COMPUTER  PLAIN: “a convenient way to express the permutation “ 46 Another Example: 2

 Let  key : COMPUTER  Key will be: 47 Another Example COMPUTER

48 Another Example Key: Plain: a convenient way to the permutation Cipher: ANOVINCE EW TAOTNY TPEEUMHR TITOXXAN ACONVENI ENTWAYTO THEPERMU TATIONXX ANOVINCE EWTAOTNY TPEEUMHR TITOXXAN

consists of: writing the message out in rows reading off the message by reordering columns 49 Decryption of a Row Transposition cipher

 CIPHER TEXT : LHEL VOEE BRYOXDYX  THE solution : hello every body LEHL EEOV OYRB XYDX

Cipher text = OANTTOSRGINCHRPE Key: K=IVAN 51 Decryption of a Row Transposition cipher example:

 The solution is : not a strong cipher 52

Modern Cryptographic Techniques 53

 Modern cipher system :  Symmetric  Asymmetric  Symmetric cryptography:  Stream cipher  Block cipher 54 Modern Cryptographic Techniques

 Symmetric cipher  Asymmetric cipher 55 Cryptography : Cryptography types or number of Keys

 or conventional / private-key / single-key  sender and recipient share a common key  all classical encryption algorithms are private-key  was only type prior to invention of public-key in 1970’s  and by far most widely used 56 Symmetric Encryption

 Symmetric cryptography : ◦ Also called Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption Plain TextCipher Text Plain Text

Asymmetric Encryption  probably most significant advance in the 3000 year history of cryptography  uses two keys – a public & a private key  asymmetric since parties are not equal  uses clever application of number theoretic concepts to function  complements rather than replaces private key crypto

 Asymmetric Cryptography : ◦ Also called Public Key Cryptography (PKC): Uses one key for encryption and another for decryption Cipher TextPlain Text

60 Cryptography : Encryption Diagram Encryption algorithm Decryption algorithm Plain Text Cipher Text Key

 Stream ciphers: where plaintext bits are combined with a pseudorandom cipher bit stream (key stream), typically by an  exclusive-or (xor) operation. In a stream cipher, the plaintext digits are encrypted one at a time, and the transformation of successive digits varies during the encryption. 61 Stream cipher

62 Stream cipher Stream ciphers:- process messages a bit or byte at a time when en/decrypting

 2 types:  Synchronous stream  Asynchronous stream  Synchronous stream ciphers where the key stream depends only on the key,  Asynchronous stream ones where the key stream also depends on the ciphertext. 63 Stream cipher

64 Stream cipher

Definition Stream Cipher Encryption and Decryption The plaintext, the ciphertext and the key stream consist of individual bits, i.e., xi,yi, si ∈ {0,1}. Encryption: y i = e si (x i ) ≡ x i +s i mod 2. Decryption: x i = d si (y i ) ≡ y i +s i mod Stream cipher

 look at modern block ciphers  one of the most widely used types of cryptographic algorithms  provide secrecy /authentication services  focus on DES (Data Encryption Standard)  to illustrate block cipher design principles 66 Modern Block Ciphers

67 Block cipher Block cipher scheme :encrypts one block of data at a time using the same key on each block. In general, the same plaintext block will always be encrypted to the same cipher text if using the same key in a block cipher whereas the same plaintext will be encrypted to different cipher text in a stream cipher.

 block ciphers: process messages in blocks, each of which is then en/decrypted  like a substitution on very big characters  64-bits or more 68 Block cipher

 Electronic Codebook (ECB) mode  Cipher Block Chaining (CBC) mode  Cipher Feedback (CFB)  Output Feedback (OFB) mode 69 Block modes

 Electronic Codebook (ECB) mode: The simplicity of the encryption modes is the electronic codebook (ECB) mode, in which the message is split into blocks and each is encrypted separately 70 Block modes

71 Block modes

 Cipher Block Chaining (CBC) mode In the cipher-block chaining (CBC) mode, each block of the plaintext is XORed with the previous cipher text block before being encrypted. This way, each cipher text block is dependent on all plaintext blocks up to that point. 72 Block modes

73 Block modes

74 Block modes

 Cipher Block Chaining (CBC) mode 75 Block modes

 Cipher Feedback (CFB) Cipher feedback mode converts the block cipher into a stream cipher: they generate key-stream blocks, which then are XORed with the plaintext blocks to get the cipher-text. Just as with other stream ciphers, flipping a bit in the cipher-text produces a flipped bit in the plaintext at the same location. With cipher feedback, a key-stream block is computed by encrypting the previous cipher-text block. 76 Block modes

77 Block modes

78 Block modes

Cipher Feedback (CFB) 79 Block modes

 Output Feedback (OFB) mode OFB is similar to CFB but with small differences, where the Output feedback generates the next key- stream block by encrypting the last one. 80 Block modes

81 Block modes

82 Block modes

Output Feedback (OFB) mode 83 Block modes

 many current ciphers are block ciphers  broader range of applications 84 Block vs Stream Ciphers

Block ciphers work a on block / word at a time, which is some number of bits. All of these bits have to be available before the block can be processed. Stream ciphers work on a bit or byte of the message at a time, hence process it as a “stream”. Block ciphers are currently better analysed, and seem to have a broader range of applications, hence focus on them. 85 Block vs Stream Ciphers