Cryptography Dave Feinberg
Suppose I send an from to Who has access to that ? What if I want the message to be private?
Encryption Should it be legal to send encrypted messages? Is there anyone that should NOT be allowed to send encrypted messages?
sketchystore.com Suppose I'm making a purchase. I click on a link, and it takes me to
What I send GET /checkout.jsp HTTP/1.1 Host:
What comes back Enter your credit card number: Enter your expiration date:
How it looks in my browser
When I press "submit" POST /purchase.jsp HTTP/1.1 Host: User-Agent: Mozilla/4.0 Content-Length: 48 Content-Type: application/x-www-form- urlencoded userid=dave&creditcard= &e xp=0109
Privacy If this information is sent unencrypted, who has access to my credit card number? Other people who can connect to my wireless ethernet? Other people physically connected to my wired ethernet?
Privacy When I send a letter through the mail, it passes through the hands of many mail carriers. What keeps them from reading my mail? What if I send a postcard?
Internet Packets = Postcards Internet data is sent in packets (small chunks bits that include the receiver's address, sender's address, and the content of that packet.) Packets are passed from router to router. All those routers have access to my data.
Encryption Scheme #1 Shift every letter forward by 1 A → B, B → C,..., Z → A MESSAGE → NFTTBHF Can you decrypt TFDSFU?
Encryption Scheme #2 Caesar Cipher. Shift forward n letters. For example, shift forward 3 letters: A → D, B → E,..., Z → C We're encrypting using a key of 3. MESSAGE → PHVVDJH
Caesar Ciphers: Now You Try Small wheel: plain text (decrypted) Big wheel: cipher text (encrypted) Turn until ∆ points to key number. For each letter in message: To encrypt: Translate from small to big. To decrypt: Translate from big to small.
Caesar Cipher How can we decode this: DEEDUSEKBTFEIIYRBOTUSETUJXYI
Deciphering DEEDUSEKBTFEIIYRBOTUSETUJXYI EFFEVTFLCUGFJJZSCPUVTFUVKYZJ FGGFWUGMDVHGKKATDQVWUGVWLZAK GHHGXVHNEWIHLLBUERWXVHWXMABL HIIHYWIOFXJIMMCVFSXYWIXYNBCM IJJIZXJPGYKJNNDWGTYZXJYZOCDN JKKJAYKQHZLKOOEXHUZAYKZAPDEO KLLKBZLRIAMLPPFYIVABZLABQEFP LMMLCAMSJBNMQQGZJWBCAMBCRFGQ MNNMDBNTKCONRRHAKXCDBNCDSGHR NOONECOULDPOSSIBLYDECODETHIS OPPOFDPVMEQPTTJCMZEFDPEFUIJT PQQPGEQWNFRQUUKDNAFGEQFGVJKU QRRQHFRXOGSRVVLEOBGHFRGHWKLV RSSRIGSYPHTSWWMFPCHIGSHIXLMW STTSJHTZQIUTXXNGQDIJHTIJYMNX TUUTKIUARJVUYYOHREJKIUJKZNOY UVVULJVBSKWVZZPISFKLJVKLAOPZ VWWVMKWCTLXWAAQJTGLMKWLMBPQA WXXWNLXDUMYXBBRKUHMNLXMNCQRB XYYXOMYEVNZYCCSLVINOMYNODRSC YZZYPNZFWOAZDDTMWJOPNZOPESTD ZAAZQOAGXPBAEEUNXKPQOAPQFTUE ABBARPBHYQCBFFVOYLQRPBQRGUVF BCCBSQCIZRDCGGWPZMRSQCRSHVWG CDDCTRDJASEDHHXQANSTRDSTIWXH How long would it take a computer to try all 25 shifts?
Encryption Scheme #3 Shift different amount for each letter. Vigenère cipher Pick a secret key: TEACH Write Key: TEACHTEACHTE Message: ATTACKATDAWN Encrypted: TXTCJDETFHPR
Vigenère Cipher: Now You Try Small wheel: plain text (decrypted) Big wheel: cipher text (encrypted) Repeatedly write key word above message. For each letter in message: Turn until ∆ points to key letter. To encrypt: Translate from small to big. To decrypt: Translate from big to small.
Vigenère Cipher If you don't know the key, how could you decrypt the message? What makes a good key?
Does anyone see a weakness in this plan? What's the solution? To Summarize The key is QZXJW IERUH KDJKE HCIUE
Exchanging the Key IERUH KDJKE HCIUE QZXJW
Exchanging the Key IERUH KDJKE HCIUE QZXJW Why is this a problem?
Book: "Blown to Bits" "Secure communication was practical only for people who could arrange to meet beforehand, or who had access to a prior method of secure communication (such as military couriers) for carrying the key between them. If Internet communications had to proceed on this assumption, electronic commerce never could have gotten off the ground."
The Problem Tom and I need to agree on a key without meeting. Therefore, the key must be sent at some point. Therefore, someone might discover the key. Is there a way I can still use that key to send a message securely? Yes!
Locks 123 Let's teach stuff. What if someone steals the lock? What if someone steals the locked briefcase?
Locks How does Tom send messages to me? I know the combination to one set of locks, which can be used to send messages that only I can read. You know the combination to another set of locks, which can be used to send messages that only you can read.
Locks This works because Locks are easy to open, if you know the combination. Locks are hard to open, if you don't know the combination.
Locks How do you open a lock, if you don't know the combination? If there are 3 digits, how many combinations do we need to try? (worst case)
Locks Suppose someone can crack my 3-digit combo lock in 15 minutes, by trying every combination. Do I give up on combo locks? I use more digits! How long to crack a 6-digit lock at this rate? 6 digits: 15,000 minutes = 10 days How long to crack a 12-digit lock at this rate? 12-digits: 30,000 years
Locks Can we make this "lock" idea work over the Internet? Yes! It's called Public Key Encryption.
RSA Encryption How can you tell if the data you submit will be encrypted using RSA? The URL at the top of the browser will begin with "
Public Key Encryption Whenever you see HTTPS, you are using Public Key Encryption. The information you send using HTTPS is more secure than any encrypted military order sent during World War I, World War II, The Korean War, or The Vietnam War.
Public Key Encryption The public key encryption algorithm is called RSA. How does RSA work?
Representing Messages First, we must be able to represent any message as a single number. For example: A T T A C K A T D A W N
RSA Tom has a public key and a secret key. His public key is (3, 33) His secret key is (7, 33) (Usually these are really huge numbers with many hundreds of digits!)
RSA (7, 33) (3, 33) 31 msg is mod 33 = mod 33 = 4 (Assume I can convert any message into a big number, and any big number back into a message.)
RSA Public Key: (e, n) Secret Key: (d, n) Encrypt M : M e mod n → C Decrypt C : C d mod n → M
RSA Public Key: (e, n) Secret Key: (d, n) Everyone knows (e, n). Only Tom knows d. The Big Question: If I know e and n, can I figure out what d is? To answer that, I need to understand where e, n, and d came from... First, some number theory...
2 p - 1 mod p p2 p - 1 mod p
2 p - 1 mod p = What's the pattern? Every prime number greater than 2... What's a prime number?
2 p - 1 mod p = Every prime number greater than 2... How could you prove this? How could you disprove this?
2 p - 1 mod p = What if I told you that: 11 × 31 = 341 Every prime number greater than 2, and also the number and also some higher non-primes.
2 p - 1 mod p = 1 I call this the "probably prime" test. There is an even better test (the Fermat test), where you try 2 p - 1, 3 p - 1, etc. Numbers that fool this test are called Carmichael numbers.
a p - 1 mod p = 1 "In testing primality of very large numbers chosen at random, the chance of stumbling upon a value that fools the Fermat test is less than the chance that cosmic radiation will cause the computer to make an error in carrying out a 'correct' algorithm. Considering an algorithm to be inadequate for the first reason but not for the second illustrates the difference between mathematics and engineering." --SICP
RSA: Choosing the Keys p and q are big random primes. n = p × q φ = (p - 1)(q - 1) e is small and relatively prime to φ d, such that: ed mod φ = 1 p = 3, q = 11 n = 3 × 11 = 33 φ = 2 × 10 = 20 e = 3 3d mod 20 = 1 d = 7
RSA: Choosing the Keys Usually the primes are huge numbers-- hundreds of digits long.
The Big Question Public Key: (e, n) Secret Key: (d, n) Everyone knows (e, n). Only Tom knows d. The Big Question: If I know e and n, can I figure out what d is?
Cracking RSA I can determine d from e and n. Factor n into p and q.
Encryption and Factoring instead of a lock. 123 are the combination. Public Key Encryption uses a big number The factors of that big number 6997 x 7001
Cracking RSA I can determine d from e and n. Factor n into p and q. φ = (p - 1)(q - 1) ed = 1 (mod φ ) (This is the only way we know to crack RSA.) Should we give up on RSA?
Cracking RSA How do you factor n ? Try dividing n by 2, 3, 4,... (There are better factoring algorithms, but they're not significantly faster than this.)
Cracking RSA Suppose someone can factor my 5-digit number in 1 millisecond, by dividing by every number less than n. Do I give up on RSA? I use more digits! At this rate, to factor a 10-digit number would take 2 minutes. At this rate, to factor a 15-digit number would take 4 months. At this rate, to factor a 20-digit number would take 30,000 years. At this rate, to factor a 25-digit number would take 3 billion years. We're safe with RSA!
Unless... What if there's something that can factor a number into its prime factors, that's much faster than a computer? What could be faster than a computer?
Quantum Computers Shor's Algorithm (1994) lets us factor numbers very quickly on a quantum computer. If only we had a quantum computer to run it on...
Quantum Computers Can be used to break RSA encryption very quickly. We're safe for now, because these are very hard to build. (We do not believe that many other intractable problems could be solved quickly by a quantum computer.)
Key Points Ecommerce depends on public key encryption. Public key encryption is hard to crack because factoring is intractable. Quantum computers would change that.