Computer Science 101 Cryptography Part II
Modern Cryptography Enigma was last mechanical crypto device in widespread use All modern crypto is done with digital electronics (i.e., computers) Main applications Military communication Banking transactions “Illicit” activity (terrorism, drugs, porn, file-sharing)
Symmetric vs. Asymmetric Crypto Symmetric : Single key for both encryption and decryption (what we've seen thus far) Both Alice and Bob must have the key Best-known example: DES Asymmetric : One key encryption, another for decryption Bob publishes his public encryption key (Alice & Eve can both see it), hides his private decryption key Best known examples: RSA
Symmetric Crypto Block Cipher: Break digital message into small blocks (chunks) for encoding/transmission E.g., using ASCII (8 bits per letter), 64-bit block can encode 8 characters Basic idea: mix up (convolve, blend) block with key so much that each bit is “smeared” over whole block – like making dough from eggs, flower, water. Then Eve has to extract eggs from dough!
Block Ciphers Plaintext is divided into blocks Blocks are operated on to produce blocks in the ciphertext. This obscures the letter structure of the plaintext Each character of block contributes to all characters of the encrypted block.
Block Cipher - Example Matrix multiplication: To obtain element in row I, column J, we multiply elements from row I of first matrix with corresponding elements of column J of second matrix and add up these products: 4 2 3 5 6 3 3 6 30 24 33 39
Block Cipher – Example (Cont.) Matrix multiplication: For this example, we now would reduce the numbers modulo 26 4 2 3 5 6 3 3 6 30 24 33 39 4 24 7 13 30 24 33 39
Block Cipher – Example (Cont.) Now each character is given a numerical value. For simplicity, let’s use position in alphabet A is 1, etc. Each letter in plaintext is replaced by numerical value Message “GENERALS” becomes 7 5 14 5 18 1 12 19 Again for simplicity, let’s use block size of 2 Message looks like 7 5 14 5 18 1 12 19
Block Cipher – Example (Cont.) For block size of 2, we would encrypt using some 2 by 2 matrix, block size n uses n by n matrix. We need an invertible matrix. Matrix A is invertible if there’s another matrix B so that multiplying A by B yields matrix with 1’s on diagonal and 0’s elsewhere. 3 5 2 3 -3 5 2 -3 1 0 0 1
Block Cipher – Example (Cont.) So, we choose our invertible matrix. To encrypt the message, we multiply each block times the encryption matrix to obtain encrypted block: Message: 7 5 14 5 18 1 12 19 Becomes: 5 24 0 7 4 15 22 13 or EXZGOVM from GENERALS 31 50 3 5 2 3 7 5 5 24 52 85 14 5 0 7 56 93 18 1 4 15 74 117 12 19 22 13
Block Cipher – Example (Cont.) To decrypt, we reverse the process, using the inverse of the encryption matrix Ciphertext EXZGOVM becomes: 5 24 0 7 4 15 22 13 Or GENERALS 33 -47 -3 5 2 -3 5 24 7 5 14 -21 0 7 14 5 18 -25 4 15 18 1 -40 71 22 13 12 19
DES Stands for Data Encryption Standard Designed to protect electronic information A block cipher Blocks: 64 bits long Key: 64-bit binary key (only 56 bits are used) Invitation to Computer Science, Java Version, Third Edition
DES (continued) Every substitution, reduction, expansion, and permutation is determined by a well-known set of tables The same algorithm serves as the decryption algorithm Invitation to Computer Science, Java Version, Third Edition
Invitation to Computer Science, Java Version, Third Edition Figure 13.11 The DES Encryption Algorithm Invitation to Computer Science, Java Version, Third Edition
DES (continued) Triple DES Improves the security of DES Requires two 56-bit keys Runs the DES algorithm three times AES (Advanced Encryption Standard) Uses successive rounds of computations that mix up the data and the key Key length: 128, 192, or 256 bits Invitation to Computer Science, Java Version, Third Edition
DES: Trust Us, We're the Government Data Encryption Standard : IBM (NSA?) block cipher 64-bit blocks 56 bit keys (64 bits, minus 8 for parity) 16 rounds Hard to defeat using correlational techniques (c.f. Enigma) Brute force : 256 = 72,057,600,000,000,000 possible keys to try So we're safe, right?
DES: The Revenge of Moore's Law Moore's Law: Computer power doubles every 18 months. Each bit = factor of two So to break N more bits in key, wait 18N months = 1.5N years But DES was developed 30 years (20 bits) ago Blaze, Diffie, Rivest, Schneier, et al. (1996) – 56 bits is no longer enough!
DES: The Revenge of Moore's Law With parallel computing, you can “buy” more bits First computer tries keys 0 .. 228-1 Second computer tries keys 228..256-1 Of course, we have more than two computers (like our 48-node Beowulf cluster)! Alternatives: 3DES (168 bits), Blowfish (448 bits), Skipjack / Clipper (80 bits) – declassified 1998
Symmetric Key Crypto: General Issues Problem: How do Alice and Bob share a key? Alice sends key to Bob (but Eve sees it!) Alice and Bob meet in secret (inconvenient; impractical) Alice has her key KA ; Bob has his KB ; and they send the message M back and forth; e.g.: KA = 3 KB = 5 M = 4 Encrypt = * Decrypt = /
Symmetric Crypto without Key Sharing 12 A: 4*3 B
Symmetric Crypto without Key Sharing 12 A: 4*3 B: 12*5
Symmetric Crypto without Key Sharing 12 A: 4*3 B: 12*5 60
Symmetric Crypto without Key Sharing 12 A: 4*3 B: 12*5 60 A: 60/3
Symmetric Crypto without Key Sharing 12 A: 4*3 B: 12*5 60 60 A: 60/3 20
Symmetric Crypto without Key Sharing 12 A: 4*3 B: 12*5 60 60 A: 60/3 20 B: 20/5
Symmetric Crypto without Key Sharing 12 A: 4*3 B: 12*5 60 60 A: 60/3 20 B: 20/5 4
Symmetric Crypto without Key Sharing Of course... Keys are more complicated than 3, 5 Functions are more complicated that *, / E.g., use block ciphers with 3DES, Blowfish, Skipjack, ... Sending message three times is inefficient and may be costly Can we avoid sharing secret keys and still send message only once?
The RSA Public-Key Cryptosystem Rivest, Shamir, and Adelman, “A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120-126, 1978 Asymmetric encryption algorithm – all senders to a given receiver use the same public key for encryption. Only the receiver has the private decryption key which is very different, but someway related.
Bob and Alice PA, SA public and secret keys for Alice PB, SB public and secret keys for Bob Alice Bob C= PA(M) SA PA M M
The Public and Private Keys Select two large primes, p and q. (100 decimal digits, maybe) Compute n = pq Let m= (p-1)(q-1) Select small positive integer e that shares no factors with m Find d, which is the multiplicative inverse of e, modulo m (guaranteed to exist) Publish the pair P = (e,n) as public key Keep secret pair S = (d,n) as private key.
Encoding and Decoding Recall P=(e,n), S=(d,n) Given message M, interpret as number in range 0 to (n-1). Then encoding is P(M) = Me (modulo n) = C Decoding is S(C) = Cd (modulo n) = (Me)d = Med = M all done modulo n.
RSA Example: p = 5, q = 7, e = 5: 5 is a good value for d, because m = (p-1)(q-1) = 4*6 =24 and e*d = 5*5 = 25=1 (mod 24) n = 5*7 = 35 To encode message M = 4: C = M e mod n = 45 mod 35 = 1024 mod 35 = 9 To decode: M = C d mod n = 95 mod 35 = 59049 mod 35 = 4
RSA Breaking the code means figuring out private key d. Seems like Eve can do this easily, using algebra: Make up arbitrary message M Encode it using Bob's public key (e, n): C = M e mod n Then solve M = C d mod n For M = 4, n = 35, e = 5 example: C = 9 4 = 9d mod 35
RSA Problem: Lots of values of d will work: 4 = 95 mod 35 = 911 mod 35 = 917 mod 35 = ... In fact, Eve must know p and q if she wants to find d (since Bob used p and q to generate d) So the problem becomes factoring n into p*q. So Bob uses huge p, q, and gets very huge n. This is the “magic” of primes: there is no way other than exhaustive search. The encoding function C = M e mod n is a trapdoor : easy to get in, difficult to get out!
What is this based on? Note: We make public (e,n), and keep secret d. Note that an eavesdropper would only need to factor n, getting p and q and then could find d. RSA is based on the fact that we do not have an algorithm that can factor large numbers in any feasible speed. Furthermore there is much evidence suggesting that there can not be such an algorithm.
PGP Phil Zimmermann – politically active physicist / computer scientist; wants to make asymmetric (public-key) crypto available to ordinary citizens But RSA algorithm runs too slow on 1980's PC's Solution : combine symmetric (DES) and asymmetric (RSA) techniques
PGP: Pretty Good Privacy Alice uses Bob's public RSA key to encrypt her secret DES key (small), and DES key to encrypt message (big). Sends both to Bob. DESA A: PubKeyB C1 C2C3...Cn M DESA
PGP Bob decrypts Alice's IDEA key using his private RSA key, then the message using A's IDEA key. B: C1 C2C3...Cn PrivKeyB DESA M
Secure Socket Layer Figure 13.12 An SSL Session Invitation to Computer Science, Java Version, Third Edition
Well gang, it's been fun, but now it's time to head to the barn (sigh).