Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Cryptography –an introduction

Published byLiani Gunardi Modified over 6 years ago

Similar presentations

Presentation on theme: "Computer Security Cryptography –an introduction"— Presentation transcript:

1 Computer Security Cryptography –an introduction
11/27/2018

2 Encryption key KE key KD
x plaintext y ciphertext original plaintext x encryption decryption Eavesdropper 11/27/2018

3 Encryption A cryptosystem involves an encryption algorithm E, and a
a decryption algorithm D Both algorithms make use of a key. Let KE be the encryption key and KD the decryption key. For symmetric cryptosystems the same key is used both encryption and decryption: KE = KD. 11/27/2018

4 Encryption If P is the plaintext message, C the ciphertext, then for
symmetric cryptosystems: C = E (K,P) and P = D (K,E (K,P)) = D (K,C) For an asymmetric cryptosystem C = E (KE,P) and P = D (KD,E (KE,P)) = D (KD,C) 11/27/2018

5 Kerchoffs’ assumption
The adversary knows all details of the encrypting function except the secret key 11/27/2018

6 Symmetric key encryption
There are two types of cipher systems: Stream ciphers, Block ciphers. 11/27/2018

7 Stream ciphers Encryption x = ISSOPMI y = wdhuvad Key KE 11/27/2018

8 Block ciphers y = . Key KE wdm Encryption . hut vap dgd … x = XNE OIG
TPH YRK … y = Key KE wdm hut vap dgd … Encryption 11/27/2018

9 Block ciphers An overview of the DES Algorithm
DES is an iterated block cipher with 16 rounds, block length 64 bits and key length 56 bits 11/27/2018

10 Iterating Block ciphers
1. Iterated block cipher Random (binary) key K  round keys: K1,..., KNr, 2. Round function g w r = g(w r-1, K r), where w r-1 is the previous state 11/27/2018

11 Iterated cipher … Encryption operation: w0  x (x = plaintext)
w1 = g(w0, K1), w2 = g(w1, K2), wNr = g(wNr-1, KNr), y  wNr (y = ciphertext) 11/27/2018

12 Iterated cipher … For decryption we must have:
g(.,K) must be invertible for all K Then decryption is the reverse of encryption (bottom-up) 11/27/2018

13 Data Encryption Standard
DES is a special type of iterated cipher called a Feistel cipher. Block length 64 bits Key length 56 bits Ciphertext length 64 bits 11/27/2018

14 DES The round function is: g([Li-1,Ri-1 ]),Ki ) = (Li ,Ri), where
Li = Ri-1 and Ri = Li-1 XOR f (Ri-1, Ki). 11/27/2018

15 DES round encryption 11/27/2018

16 DES inner function 11/27/2018

17 DES computation path 11/27/2018

18 Combine 32 bit input and 48 bit key into 32 bit output
Inner function f Combine 32 bit input and 48 bit key into 32 bit output Expand 32 bit input to 48 bits XOR the 48 bit key with the expanded 48 bit input Apply the S-boxes to the 48 bit input to produce 32 bit output Permute the resulting 32 bits This helps diffusion, by making a single bit change in the plaintext ripple throughout the ciphertext. It also explains how the decryption works, when the four bit ciphertext can map back to any of four possible plaintexts. You'll see in a minute. 11/27/2018

19 S Boxes There are 8 different S-Boxes,1 for each chunk
S-box process maps 6 bit input to 4 bit output S box performs substitution on 4 bits There are 8 possible substitutions in each S box Inner 4 bits are fed into an S box Outer 2 bits determine which substitution is used 11/27/2018

20 Decrypting DES DES (and all Feistel structures) is reversible through a “reverse” encryption because: No input data is mangled and passed to the output The properties of XOR S-boxes are not reversible (and don't need to be) Everything needed (except the key) to produce the input to the n-1th step is available from the output of the nthstep. 4. The input to the nth step is the output of the n-1th step. 5. Work backwards to step 1. 11/27/2018

21 Attacks on DES Brute force Linear Cryptanalysis
-- Known plaintext attack Differential cryptanalysis Chosen plaintext attack Modify plaintext bits, observe change in ciphertext No dramatic improvement on brute force - Brute force we've already discussed. If a suitable "Break DES" version were created, brute force could find the key in a matter of hours because of computing power advances. 11/27/2018

22 Countering Attacks Large keyspace combats brute force attack
Triple DES (say EDE mode, with usually 2 keys) Use AES 11/27/2018

23 Modes of operation Four basic modes of operation are available for
block ciphers: Electronic codebook mode: ECB Cipher block chaining mode: CBC Cipher feedback mode: CFB Output feedback mode: OFB 11/27/2018

24 Electronic Codebook mode, ECB
Each plaintext xi is encrypted with the same key K: yi = eK(xi). So, the naïve use of a block cipher. 11/27/2018

25 ECB x1 x2 x3 x4 y1 y2 y3 y4 DES DES DES DES 11/27/2018
One DES round only scrambles half of the input data (the left half). Since the last step in the mangle is to reverse the halfs, the other half of the data is scrambled in the second (and fourth ... and 6th, and 8th, etc. rounds). Also, as stated by the scribe: "The 32 bit Right half becomes the 32 bit Left half for the next round (not the mangled output) unless the textbook diagram is wrong also (Page 68 of the text Figure 3-6). The Right half goes into the mangler and that output is XOR'd with the 32 bit Left half to create the 32 bit Right half for the next round. The Right half (unmangled) simply becomes the Left half for the next round, according to the book and the formulas they give for reversing it. " y1 y2 y3 y4 11/27/2018

26 Cipher Block Chaining mode, CBC
Each cipher block yi-1 is xor-ed with the next plaintext xi : yi = eK(yi-1 XOR xi) before being encrypted to get the next plaintext yi. The chain is initialized with an initialization vector: y0 = IV with length, the block size. 11/27/2018

27 CBC x1 x2 x3 x4 + + + + y1 y2 y3 y4 IV DES DES DES DES 11/27/2018
One DES round only scrambles half of the input data (the left half). Since the last step in the mangle is to reverse the halfs, the other half of the data is scrambled in the second (and fourth ... and 6th, and 8th, etc. rounds). Also, as stated by the scribe: "The 32 bit Right half becomes the 32 bit Left half for the next round (not the mangled output) unless the textbook diagram is wrong also (Page 68 of the text Figure 3-6). The Right half goes into the mangler and that output is XOR'd with the 32 bit Left half to create the 32 bit Right half for the next round. The Right half (unmangled) simply becomes the Left half for the next round, according to the book and the formulas they give for reversing it. " y1 y2 y3 y4 11/27/2018

28 Cipher and Output feedback modes (CFB & OFB)
z0 = IV and recursively: zi = eK(yi-1) and yi = xi XOR zi OFB zi = eK(zi-1) and yi = xi XOR zi 11/27/2018

29 CFB mode x1 x2 IV eK + eK + eK y1 y2 11/27/2018

30 OFB mode IV eK eK x1 x2 + + y1 y2 11/27/2018

31 Double & Triple DES Double DES: C = E(k2,E(k1,m))
Triple DES: C = E(k1,D(k2,E(k1,m) 11/27/2018

32 AES The AES is an iterated cipher with Nr=10 (or 12 or 14)
Block length 128 bits. Key lengths 128 (or 192 or 256). The AES is an iterated cipher with Nr=10 (or 12 or 14) In each round we have: Subkey mixing: State  Roundkey XOR State A substitution: SubBytes(State) A permutation: ShiftRows(State) & MixColumns(State) 11/27/2018

33 One time pad This is a binary stream cipher whose key stream is a random stream. This cipher has perfect secrecy. 11/27/2018

34 One time pad The One-Time-Pad is a Stream Cipher for which
The plaintext x e P, ciphertext y e C and key K e K are all binary n-tuples. P = C = K = {0,1}n and eK(x) = (x1+K1, … , xn+Kn) mod 2 Decryption is identical to encryption: dK(x) = (y1+K1, … , yn+Kn) mod 2 11/27/2018

35 Asymmetric key encryption Public Key Cryptography
11/27/2018

36 Public Key Cryptography
Alice Bob Alice and Bob want to exchange a private key in public. 11/27/2018

37 Public Key Cryptography The Diffie-Hellman protocol
Alice ga mod p Bob gb mod p where p is a prime and g a number which has order p-1. The private key is: gab mod p 11/27/2018

38 Public Key Cryptography Encryption schemes
Let P be the set of all plaintext messages C be the set of ciphertexts K be the set of all keys 11/27/2018

39 The RSA cryptosystem Let n = pq, where p and q are primes.
Let P = C = {1,2, … ,n}, and define K = {(n,p,q,e,d) : ed = 1 mod f(n) }. where f(n) = (p-1)(q-1). For each key K = (n,p,q,e,d), define c = eK(m) = me mod n and dK(c) = cd mod n, where 1  m,c  n . Public key = (n,e), Private key (n,d). 11/27/2018

40 Check We have: ed = 1 mod f(n), so ed = 1 + tf(n). Therefore,
dK(eK(m)) = (me)d = med = m tf(n)+1 = (mf(n)) t m = 1.m = m mod n 11/27/2018

41 Example p = 101, q = 113, n = 11413. f (n) = 100x112 = 11200 = 26527
For encryption use e = 3533. Then d = e-1 mod11200 = 6597. Bob publishes: n = 11413, e = 3533. Suppose Alice wants to encrypt: 9726. She computes mod = 5761 To decrypt it Bob computes: mod = 9726 11/27/2018

42 Security of RSA Relation to factoring.
Recovering the plaintext m from an RSA ciphertext c is easy if factoring is possible. The RSA problem Given (n,e) and c, compute: m such that me = c mod n 11/27/2018

43 Digital Signatures 11/27/2018

44 Public Key Cryptography Signature schemes
Let P be the set of all messages S be the set of signatures K be the set of all keys 11/27/2018

45 The RSA digital signature
Let n = pq, where p and q are primes. Let P = S = {1,2, … ,n } , and define K = {(n,p,q,e,d) : ed = 1 mod f(n) }. For each key K = (n,p,q,e,d), define sigK(m) = md mod n and verK(m,y) = true ye = m mod n, where (m,y) e Zn. Public key = (n,e), Private key (n,d). 11/27/2018

46 The ElGamal signature scheme
Let p be a prime and g an integer of order p-1. Let P = {0,1, … , p-1}, A = {0,1, … , p-1} x {0,1, … , p-1} and K = {(p,g,a,ya): ya = ga modp }. The values p,g,ya are the public key. a is the private key. 11/27/2018

47 The ElGamal signature scheme
Signing Let m, 0  m  p-1, be a message. For a key K = (p,g,a,ya) with ya = ga mod p, and a secret random number k , 0  k  p-1, such that gcd(k,p-1) = 1, define: sigK(m,k) = (s,t), where r = gk mod p s = (m-ar)k-1 mod p-1 Verification verK(m,(r,s)) = true yar·rs = gm modp . 11/27/2018

48 Toy example message m = 100, Choose k = 213. Then k-1mod 466 = 431.
Let p = 467, g = 2, x = 127, message m = 100, Choose k = 213. Then k-1mod 466 = 431. The signature is: r = 2213 mod 467 = 29 s = (m-ar)k-1 mod(p-1) = ( x29)431 mod 466 = 51 Verification: ? mod 467 11/27/2018

49 The security of the ElGamal signature
If the Discrete Logarithm problem can be solved then ElGamal signatures can be forged. The converse may not be true. The exponent k must be private cannot be used twice best: chosen at random. 11/27/2018

50 The Digital Signature Algorithm
Let p be a an L-bit prime prime, 512  L  1024 and L  0 mod 64 , let q be a 160-bit prime that divides p-1 and Let  e Zp* be a q-th root of 1 modulo p. Let P = Zp-1, A = Zq x Zq and K = {(p,q,,x,y): y =  x modp }. The values ,y are the public key. x is the private key. 11/27/2018

51 The Digital Signature scheme
Signing Let m e Zp-1 be a message. For K = {{(p,q,,x,y): y = x mod p }, and secret random number k e Zp-1, define: sigK(m,k) = (s,t), where s = (k mod p) mod q t = (SHA1(m)+xs)k-1mod q Verification Let e1 = SHA1(m) t-1 mod q e2 = st-1 mod q verK(m,(s,t)) = true (e1 ye2 mod p) mod q = s). 11/27/2018

52 The Digital Signature scheme
Verification – continued Check: (e1 ye2 mod p) mod q = ( SHA1(m) t-1 y st-1mod p) mod q = = ( SHA1(m) t-1  xst-1mod p) mod q = = ( (SHA1(m)+ xs)t-1mod p) mod q = = ( k mod p) mod q = s 11/27/2018

Download ppt "Computer Security Cryptography –an introduction"

Similar presentations

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.

Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.
1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.

1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.
7. Asymmetric encryption-

7. Asymmetric encryption-
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
Announcement Homework 1 out, due 1/18 11:59pm If you purchased the textbooks, but it hasn’t arrived, please see TA for copies of the questions, Project.

Announcement Homework 1 out, due 1/18 11:59pm If you purchased the textbooks, but it hasn’t arrived, please see TA for copies of the questions, Project.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.

Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
1 Chapter 4 Encryption. 2 Objectives In this chapter, you will: Learn the basics of encryption technology Recognize popular symmetric encryption algorithms.

1 Chapter 4 Encryption. 2 Objectives In this chapter, you will: Learn the basics of encryption technology Recognize popular symmetric encryption algorithms.
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.
 Introduction  Requirements for RSA  Ingredients for RSA  RSA Algorithm  RSA Example  Problems on RSA.

 Introduction  Requirements for RSA  Ingredients for RSA  RSA Algorithm  RSA Example  Problems on RSA.
1 CIS 5371 Cryptography 8. Asymmetric encryption-.

1 CIS 5371 Cryptography 8. Asymmetric encryption-.

Similar presentations

Ads by Google