Based on Applied Cryptography by Schneier Chapter 1: Foundations Dulal C. Kar

Terminology Sender and Receiver Messages and Encryption –Encryption and decryption –Plaintext and ciphertext –Cryptography and cryptographers –Cryptanalysis and cryptanalysts –Cryptology and cryptologists

Encryption and Decryption Notations –Message, M –Plaintext, P –Ciphertext, C –Encryption function, E E(M) = C –Decryption function, D D(C) = M Identity: D(E(M)) = M EncryptionDecryption Plaintext Ciphertext Original Plaintext

Authentication, Integrity, and Nonrepudiation In addition to providing confidentiality (privacy), other cryptographic services are: –Authentication Ascertaining a message’s true origin –Integrity Verifying that a message has not been modified in transit –Nonrepudiation A sender should not be able to falsely deny later that he sent a message

Algorithms and Keys Cryptographic algorithm –Also called cipher –Mathematical function for encryption and decryption Restricted algorithm –Secret algorithm, popular for low security applications, no standard Modern cryptography –Key, K –Keyspace Range of possible values of the key

Key-Based Cryptography Key-based encryption and decryption –E k (M) = C –D k (C) = M Identity –D k (E k (M)) = M EncryptionDecryption Plaintext Ciphertext Original Plaintext Key

Different Keys for Encryption and Decryption Encryption key, K 1 Decryption key, K 2 E k1 (M) = C D k2 (C) = M D k2 (E k1 (M)) = M EncryptionDecryption Plaintext Ciphertext Original Plaintext Encryption Key Decryption Key

Cryptosystem An algorithm, plus all possible plaintexts, ciphertexts, and keys

Symmetric Algorithms Same key for encryption and decryption Also called, secret-key algorithms, one-key algorithms, single-key algorithms E k (M) = C D k (C) = M Two categories –Stream algorithms or stream ciphers (operate on a single bit or sometimes bytes) –Block algorithms or block ciphers (a typical block size is 64 bits for modern computer algorithms)

Public-Key Algorithms Key used for encryption is different from key used for decryption Encryption key is often called the public key Decryption key is often called the private key Decryption key cannot be calculated from encryption key in any reasonable amount of time Also called asymmetric algorithms E k1 (M) = C D k2 (C) = M For digital signatures, messages are encrypted with the private key and decrypted with the public key

Cryptanalysis Science of recovering plaintext of a message without access to the key An attempted cryptanalysis is called an attack Kerckhoffs’ assumptions in cryptanalysis –Cryptographic algorithm and implementation known –Secrecy resides only in the key

Cryptanalytic Attacks Ciphertext-only attack –Given ciphertext of several messages, recover plaintext, key(s), or algorithm –Formally Given: C 1 = E k (P 1 ), C 2 = E k (P 2 ),..., C i = E k (P i ) Deduce: Either P 1, P 2,... P i ; k; or an algorithm to infer P i+1 from C i+1 = E k (P i+1 ) Known-plaintext attack –Given ciphertext and corresponding plaintext of several messages, deduce the key(s) or algorithm –Formally Given: (P 1, C 1 ), (P 2, C 2 ),..., (P i, C i ) where C i = E k (P i ) Deduce: Either k, or an algorithm to infer P i+1 from C i+1 = E k (P i+1 )

Cryptanalytic Attacks (cont’d) Chosen-plaintext attack Given: (P 1, C 1 ), (P 2, C 2 ),..., (P i, C i ) where the cryptanalyst gets to choose P 1, P 2,..., P i Deduce: Either k, or an algorithm to infer P i+1 from C i+1 = E k (P i+1 ) Adaptive-chosen-plaintext attack –A special case of chosen-plaintext attack –Cryptanalyst modifies his or her choice of plaintext based on the results of previous encryption Chosen-ciphertext attack –Given: C 1, P 1 = D k (C 1 ), C 2, P 2 = D k (C 2 ),..., C i, P i = D k (C i ) –Deduce: k –Primarily applicable to public-key algorithms –Sometimes effective against a symmetric algorithm as well

Cryptanalytic Attacks (cont’d) Chosen-key attack –Cryptanalyst has some knowledge about the relationship between different keys –Not very practical Rubber-hose cryptanalysis –Cryptanalyst threatens, blackmails, or tortures someone to get the key Purchase-key attack –Bribe someone to get the key Author’s Comments –The best cryptographic algorithms are the ones that have been made public, have been attacked by the world’s best cryptographers for years, and are still unbreakable –Those who claim to have an unbreakable cipher simply because they cannot break are either geniuses or fools –Good cryptographers rely on peer review to separate the good algorithms from the bad

Security of Algorithms Different algorithms offer different degrees of security Cost of breaking must be greater than the value of encrypted data Value of most data decreases over time An algorithm is unconditionally secure if, no matter how much ciphertext a cryptanalyst has, there is not enough information to recover the plaintext (ex: one-time pad) Cryptography is concerned with cryptosystems that are computationally infeasible to break An algorithm is considered computationally secure (also called strong) if it cannot be broken with available resources, either current or future.

Complexity Measures of An Attack Data complexity –Amount of data needed as input to the attack Processing complexity (also called work factor) –Time needed to perform the attack Storage requirements –Amount of memory needed to do the attack As a rule of thumb, the complexity of an attack is taken to be the minimum of the three factors Some attacks involve trading off the three complexities

Steganography Existence of a secret message is concealed by hiding it in other messages Example –Hiding secret messages in graphic images

Substitution Ciphers and Transposition Ciphers Substitution Ciphers –Classical cryptography –Each character in the plaintext is substituted for another character in the ciphertext. Ex: Caesar Cipher Transposition Ciphers –Plaintext remains the same, but the order of characters is shuffled around. Ex: columnar transposition cipher Rotor Machines –Enigma machine –Used by the Germans during World War II –A team of Polish cryptographers broke the first German Enigma

Simple XOR A symmetric algorithm –Plaintext is XORed with a keyword to generate ciphertext Not secured at all; trivial to break How to break –Discover the length of the key by a procedure known as counting coincidences –Shift the ciphertext by that length and XOR it with itself

One-Time Pads Perfect encryption scheme, primarily used for ultra-secure low bandwidth channels Invented by Major Joseph Mauborgne and AT&T’s Gilbert Vernam in 1917 Start by representing the message as a sequence of 0s and1s Key is a random sequence of 0s and 1s of the same length as the message Add the key to the message mod 2, bit by bit (Actually XOR operation) Discard the key, once used and never use again (plaintext) (key) (ciphertext)

A Variation of One-Time Pads Consider plaintext as a sequence of letters Key is a random sequence of shifts, each one between 0 and 25 Decryption uses the same key, but subtracts instead of adding the shifts This encryption is completely unbreakable for a ciphertext only attack Example: Assume A  1, B  2,..., Z  0 Plaintext: ONETIMEPADkey:TBFRGFARFM Ciphertext: IPKLPSFHGQ How? O+T mod 26 = I N + B mod 26 = P etc. Caveats: –key letters have to be generated randomly. Using pseudo-random number generator is not useful. –No authenticity.

Computer Algorithms Thee most common cryptographic algorithms –DES (Data Encryption Standard) Most popular symmetric key algorithm 3DES –AES (Advanced Encryption Standard) –RSA (Rivest, Shamir, and Adleman) Most popular public-key algorithm Can be used for both encryption and digital signatures –DSA (Digital Signature Algorithm) A public-key algorithm; cannot be used for encryption, but only for digital signatures