An Introduction to Cryptography CS 41 GW Poorvi Vora
The Greeks Used a rod with a piece of cloth draped around it. Could be decrypted by draping the cloth around a rod of the same size. Other size rods could not be used. The rod was the key to the cipher 4/10/2019 Spr04/GWU/Vora
The Caesar Cipher A B C D E D E F G H …. Easily decrypted, key is fixed. Even with varying key is easily decrypted. 4/10/2019 Spr04/GWU/Vora
Substitution cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z C J M Z U V Y W RDBU N J O X A E S L P T F G H I A letter goes to another one. Each time a letter appears in the message it encrypts to the same letter in the ciphertext 4/10/2019 Spr04/GWU/Vora
Substitution cipher – encrypted message vqwfcqaorqdrwfrfsfeojgjolkqsvirwgicfrquqnbibrwqbwqqjaxslqomuqnbfbiaykqxbqjwfbrobrojqfadrfzuvirwgxlkizuqnboaknrvouqnbfjqaqqdqdgqjxbqjoaqgxlkizfadoaqgjicfrqkqrxbbqqvwfrdimmejqazqrwibsfuqbiarwqaxslqjomuqnbaqqdqd 4/10/2019 Spr04/GWU/Vora
Frequency of occurence Ciphertext q 37 b 16 r 16 f 14 a 13 i 11 j 11 o 11 w 10 d 8 x 7 u 7 n 6 English (every 1000) E 127 T 91 A 82 O 75 I 70 N 67 S 63 H 61 R 60 D 43 L 40 C 28 k 6 g 6 l 5 s 5 v 5 m 4 z 4 c 3 e 2 y 1 h 0 t 0 p 0 U 28 M 24 W 23 F 22 G 20 Y 20 P 19 B 15 V 10 K 8 J 2 Q 1 X 1 Z 1 4/10/2019 Spr04/GWU/Vora
Digram/Trigram occurence TH HE IN ER AN RE ED ON ES ST EN AT Trigram THE ING AND HER ERE ENT THA NTH WAS ETH FOR DTH TO NT HA ND OU EA NG AS OR TI IS ET IT AR TE SE HI OF 4/10/2019 Spr04/GWU/Vora
Decrypted plaintext A B C D E F G H I J K L M N O P Q R S T U V W X Y Z R F L Z D Q M Y W I E U K S A O G T J B R X C V H N P J WE HAVE NOTED THAT A MAJOR PROBLEM WITH PRIVATE KEYS IS THE SHEER NUMBER OF KEYS A SINGLE USER HAS TO STORE AND TRACK. WITH PUBLIC KEYS ONLY TWO KEYS ARE NEEDED PER USER ONE PUBLIC AND ONE PRIVATE. LET US SEE WHAT DIFFERENCE THIS MAKES IN THE NUMBER OF KEYS NEEDED. 4/10/2019 Spr04/GWU/Vora
Vernam Cipher Used by English in WWII ESCAPE BY THE ROUTE THROUGH BELGRADE bababl ac ksh eepha veyouan ywoolyes FSDAQP BA DX……. Replaced by pieces of silk hidden in socks. Burnt after use. 4/10/2019 Spr04/GWU/Vora
Modern Cryptography Need to design ciphers so that breaking is hard even for the computer Require Mathematics, Algorithms, and Theory of Complexity 4/10/2019 Spr04/GWU/Vora
The problems modern crypto addresses Confidentiality/secrecy/privacy How to keep a message secret so it can be read only by a chosen person Integrity How to determine a string of symbols has not been changed since it was created, and that it originated from a particular entity 4/10/2019 Spr04/GWU/Vora
Research Topics
Digital Media
Application: Robust, imperceptible watermarking Prevention of digital media piracy Physical media piracy Quality deterioration with each copy Distribution visible and expensive, legal enforcement easier Digital media piracy Perfect copies Distribution unsupervised; no clear laws; no means of enforcing them, most important no easy way of locating distribution centers Current OS and digital copies: Any object that needs a PC for viewing can be copied perfectly through file copies, and imperfectly through screen captures 4/10/2019 Spr04/GWU/Vora
Copyright protection with a robust, invisible watermark Owner looks for the watermark - either all over the Internet, or on an individual picture that she suspects was stolen from her. Original picture to be sold on the Internet contains an invisible mark: If she finds it with/being sold by an unauthorized person, she could seek legal recourse. `watermark’ - something that identifies owner or copyright owner All existing methods can be busted by free software available on the Internet; it is not a preventive measure, it merely aids in finding the culprit after the fact; 4/10/2019 Spr04/GWU/Vora
Watermark should survive accidental attacks Original, legal, buyer performs operations on image - sharpening, brightness/colour adjustment, filtering, cropping, resizing, rotation - while retaining perceptual quality of image. Watermark should survive such operations - called accidental attacks - and should remain invisible; ie.e watermark should be robust 4/10/2019 Spr04/GWU/Vora
Image quality degrades if watermark removed (intentional attack) Illegal reseller trys to destroy watermark before reselling. Watermark should damage perceptual quality of image when being removed (detection procedure does not detect the existence of a watermark) or sufficiently altered (the information contained in it is altered sufficiently - identity of owner is changed). Intentional attack. 4/10/2019 Spr04/GWU/Vora
User without decryption sees garbage Encapsulated Content: Better Security, More Expensive – Prevents Unauthorized Use Content encrypted during transmission and in storage on buyer’s local disk User without decryption sees garbage aCd9Tof3trefgu Evariste Galois aCd9Tof3trefgu Content decrypted in hardware or software to allow viewing and manipulation. Pay per view possible Evariste Galois 4/10/2019 Spr04/GWU/Vora
Classification of Rights Management Systems Complexity of access specifications Low Medium High Personal Family Multimedia Archives Personal publishing using templates Personal metadata? Lessons/hw by students and teachers Mixed Wedding videos professionally filmed Aggregated Personal metadata? Type of Content (Read only) Entertainment Magazine subscriptions Commercial Photography Publishing Press Ebooks Scientific publishing Commercial Use password protection Use secure encapsulation Use secure encapsulation + watermarking 4/10/2019 Spr04/GWU/Vora
4/10/2019 Spr04/GWU/Vora
Was this image changed in any way after it was captured? Another problem: Authentication of digital media given cheap access to capable processing systems Was this image changed in any way after it was captured? 4/10/2019 Spr04/GWU/Vora
Authentication with a fragile, invisible watermark In a court of law, a judge checks the watermark hidden in the presented image to see if it is associated in the same way with each pixel of the image presented as evidence Original picture contains an invisible mark inserted at `source’: If she finds that the hidden watermark is not what it should be for the presented image, the presented image is not authentic and has been changed since it was obtained. `watermark’ - something that is associated with the value of each pixel of the image 4/10/2019 Spr04/GWU/Vora
Auctions and Privacy
Privacy Cost When we re-encounter vendors online, they may use information from previous encounters against us If amazon knows I’m a crypto fan, why not charge me higher for crypto books? Would I pay higher on average if they knew stuff about me? If so, would that be an economic value to privacy in commercial interactions? 4/10/2019 Spr04/GWU/Vora
eBay example Highest Bids for Auction of Annexation Drone Bid Order eBay Identity Bid Value b1 erelfir 13.50 b2 les-letwin 13.00 b3 daredevilgo 5.55 b4 jan1923 5.09 4/10/2019 Spr04/GWU/Vora
eBay example Highest Bids for Auction of Annexation Drone Bid Order eBay Identity Bid Value Price Non-strategic b1 erelfir 13.50 b2 les-letwin 13.00 b3 daredevilgo 5.55 b4 jan1923 5.09 - 4/10/2019 Spr04/GWU/Vora
eBay example Highest Bids for Auction of Annexation Drone Bid Order eBay Identity Bid Value Price Non-strategic Price Auctions b1 erelfir 13.50 b2 les-letwin 13.00 5.60 b3 daredevilgo 5.55 5.09 b4 jan1923 - 4/10/2019 Spr04/GWU/Vora
eBay example Highest Bids for Auction of Annexation Drone Bid Order eBay Identity Bid Value Price Non-strategic Price Auctions Strategic b1 erelfir 13.50 5.12 b2 les-letwin 13.00 5.60 5.11 b3 daredevilgo 5.55 5.09 5.10 b4 jan1923 - 4/10/2019 Spr04/GWU/Vora
Electronic Voting
Receipts for secure transactions You get a receipt when you use the ATM You can check your bank statement to ensure the transaction was recorded correctly Why don’t you get a receipt when you vote, so you can check your vote was correctly counted? You could use the receipt to sell your vote The mafia could force you to prove you voted a certain way 4/10/2019 Spr04/GWU/Vora
Integrity during ballot casting: paper receipts Challenge: allow the voter to keep a record of her vote so she can determine that it has been counted correctly, yet not prove how she voted This record on paper, so “computer” problems will not destroy the record 4/10/2019 Spr04/GWU/Vora
The receipt can be encrypted 4/10/2019 Spr04/GWU/Vora
Key 4/10/2019 Spr04/GWU/Vora
Overlaid 4/10/2019 Spr04/GWU/Vora
Voter chooses The voter chooses one of the two layers shown and takes it home All encrypted receipts are displayed on the Web Voter checks to see her receipt is there. Equivalent to checking her receipt is in the ballot box before counting starts. 4/10/2019 Spr04/GWU/Vora
Counting The encrypted votes are passed to several trustees (such as representatives of the candidates, the Electronic Frontier Foundation, a government representative, etc.) Each trustee does a partial decryption and shuffles the receipts Finally, decrypted receipts (i.e. votes) are counted. Trustees can be audited 4/10/2019 Spr04/GWU/Vora
GW implementation Several A recent implementation by GW grad student Stefan Popoveniuc and students from UMBC and Univ. of Ottawa won the Student Voting System competition and has been used for student government elections at Univ. of Ottawa 4/10/2019 Spr04/GWU/Vora