1 Introduction to Cryptography Chapter-4

Definitions  Cryptography = the science (art) of encryption  Cryptanalysis = the science (art) of breaking encryption  Cryptology = cryptography + cryptanalysis

Cryptography Goals  Encryption – Prevent Eve from intercepting message  Authentication – Prevent Eve from impersonating Alice AliceBob Eve Insecure Channel

Cryptosystems A. Ciphers B. Classic B.1 Substitution e.g., Caesar Cipher B.2 Transposition e.g., Route Cipher B.3 Hybrid C. Modern C.1 Symmetric (Private Key) Stream Cipher e.g., RC4, A5/1 Block Cipher e.g., DES, AES C.2 Asymmetric (Public Key) e.g., RSA C.3 Hybrid

A. Terminology  Cryptology is the art and science of making and breaking “secret codes.”  Cryptography is the making of “secret codes.”  Cryptanalysis is the breaking of “secret codes.”  Crypto is a synonym for any or all of the above (and more).  Cipher ( صفر ) is an algorithm for performing encryption and decryption — a series of well-defined steps that can be followed as a procedure. 5

Terminology  Encryption is the process of encoding a message so that its meaning is not obvious  Equivalent terms: encode, encipher  Decryption is the reverse process, transforming an encrypted message back into its normal, original form  Equivalent terms: decode, decipher Plaintext Ciphertext Encrypt Decrypt 6

Substitution Ciphers Tap Code  Each letter is replaced by a number of beeps 7

8 Substitution Cipher Pigpen Cipher  Each letter is replaced by an art

Substitution Ciphers Vigenère Cipher  Polyalphabetic ciphers flatten the frequency distribution of the plaintext considerably.  Vigenère Cipher is an example of polyalphabetic ciphers - use different monoalphabetic substitutions as one proceeds through the plaintext message.  For example: Plaintext (M)meet me at ten Key (K)badb ad ba dba Ciphertext(C)nehu mh bt wfn where C = M+K mod 26 9

Plaintext (M)= Y 24 Key (K) = T 19 Ciphertext(C) 24+19=43 43 mod 26  43 – 26 = 17 ( R )

B.2. Transposition Ciphers  Transposition cipher – reorders (rearrange) symbols but does not disguise them. It is also called permutation  With transposition, the cryptography aims for diffusion  Widely spreading the information from the message or the key across the ciphertext  Transpositions try to break established patterns 12

Transposition Ciphers Route Cipher 13

Transposition Ciphers Rail Fence Cipher 14

Transposition Ciphers Columnar Transposition  Plaintext written in rows  Number of columns = key length  Key is used to number the columns  Ciphertext reads out by columns, starting with column whose key letter is lowest 15

Transposition Ciphers Columnar Transposition  Plaintext (M): WE ARE DISCOVERED FLEE AT ONCE  Key (K):  Ciphertext(C): EVLNE ACDTK ESEAQ ROFOJ DEECU WIREE 16

Terminology  Encryption/decryptions algorithms often use a device called a key, so that the resulting ciphertext depends on the original plaintext message, the algorithm, and the key value  An encryption scheme that does not require the use of a key is called a keyless cipher Plaintext Ciphertext Encrypt Decrypt 17

Terminology  Plaintext: message to be encrypted  Ciphertext: encrypted message  D K (E K (P)) = P 18

Symmetric (secret) Key  Alice and Bob share a secret key, K ab  Encryption – Plaintext message is encrypted and decrypted with K ab  Authentication – Alice proves to Bob that she knows K ab (e.g. a password)

Symmetric (secret) Key Alice Bob Message “Plaintext” Encryption By “K” Encryption By “K” Ciphertext Decryption By “K” Decryption By “K” Message “Plaintext” Ciphertext

Public Key Encryption  Bob generates 2 keys, K eb and K db  Bob publishes K eb (public key)  Alice encrypts: ciphertext C = E(K eb, plaintext P)  Bob decrypts: P = D(K db, C)  It must not be possible to compute K db (private key) from K eb

Public Key Encryption Alice Bob Message “Plaintext” Encryption by Bob Public K Encryption by Bob Public K Ciphertext Decryption by private “K” Decryption by private “K” Message “Plaintext” Ciphertext It must not be possible to compute (private key) from ‘Public kay‘

Digital Signatures  Alice generates K ea and K da  Alice publishes K ea  Alice signs plaintext P: (P, S = D(K da, P))  Alice sends P, S to Bob  Bob verifies that E(K ea, S) = P (since only Alice knows K da )

Digital Signatures Alice Bob Message “Plaintext” Signe P by private “K” To get S Signe P by private “K” To get S Send (S+P) verifies by public “K” To make sure that the Message from Alice verifies by public “K” To make sure that the Message from Alice Message “Plaintext” Send (S+P)

Combining Public Key Encryption and Authentication  Alice encrypts with Bob’s public key: C = E(K eb, P)  Alice signs with her secret key: S = D(K da, C)  Alice sends S, C to Bob  Bob verifies E(K ea, C) = C  Bob decrypts: P = D(K db, C)

Combining Public Key Encryption and Authentication Alice Bob Message “Plaintext” Send (C+S) Message “Plaintext” Send (C+S) encrypts with Bob’s public “K” signs with her secret “K” C S Verifie with Alice public “K” Decrypts with his private “K”

Cryptographic Attacks  Ciphertext only: attacker has only ciphertext.  Known plaintext: attacker has plaintext and corresponding ciphertext.  Chosen plaintext: attacker can encrypt messages of his choosing.  Distinguishing attack: an attacker can distinguish your cipher from an ideal cipher (random permutation).  A cipher must be secure against all of these attacks.

Kerckhoffs’ Principle  The security of an encryption system must depend only on the key, not on the secrecy of the algorithm.  Nearly all proprietary encryption systems have been broken (Enigma, DeCSS, zipcrack).  Secure systems use published algorithms (PGP, OpenSSL, Truecrypt).

Provable Security  There is no such thing as a provably secure system.  Proof of unbreakable encryption does not prove the system is secure.  The only provably secure encryption is the one time pad: C = P + K, where K is as long as P and never reused.  Systems are believed secure only when many people try and fail to break them.

Cryptographic Algorithms  Block ciphers (secret/symmetric key)  Hashes  MAC (keyed hashes)  Diffie-Hellman key exchange  RSA (public key encryption and digital signature)  ElGamal digital signature

Block Ciphers  AES  DES  3DES  Twofish  Blowfish  Serpent  RC4  IDEA  Etc. E D Plaintext Ciphertext Key

Encryption Modes  ECB – Electronic Code Book  CBC – Cipher Block Chaining  OFB – Output Feedback  CTR – Counter

ECB Mode  C i = E(K, P i )  Insecure (ciphertext blocks may repeat) C1C1 C2C2 C3C3 C4C4 P1P1 P2P2 P3P3 P4P4 EEEE

CBC Mode  C i = E(K, P i xor C i-1 )  C 0 = IV (initialization Vector) (fixed, random, counter, or nonce)  Most popular mode PiPi + E C i-1 CiCi P i-1 IV

OFB Mode  K 0 = IV (nonce = number used once)  K i = E(K, K i-1 )  C i = P i xor K i  Not tamper resistant E PiPi + CiCi KiKi

CTR Mode  K i = E(K, nonce || i)  C i = P i xor K i  Not tamper resistant E PiPi + CiCi KiKi (nonce || i)

Block Cipher Components  S boxes – invertible lookup tables, depends on key  P boxes – reorder bits (may also depend on key)  Key schedule – function of key (e.g. bit selection or simple hash) SSSS P SSSS P Schedule One Round Key Round Key

Substitution by itself is weak

Permutation by itself is weak  But combining many rounds of substitution and permutation might build a strong cipher.

Stream Ciphers C i-1 CiCi C i+1 P i-1 PiPi P i+1 PRNG + Key XOR Pseudo Random Number Generator