Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 5 Overview Does DES Work? Differential Cryptanalysis Idea – Use two plaintext that barely differ – Study the difference in the corresponding.

Published bySophia Adams Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 5 Overview Does DES Work? Differential Cryptanalysis Idea – Use two plaintext that barely differ – Study the difference in the corresponding."— Presentation transcript:

1

2 Lecture 5 Overview

3 Does DES Work? Differential Cryptanalysis Idea – Use two plaintext that barely differ – Study the difference in the corresponding cipher text – Collect the keys that could accomplish the change – Repeat 2 CS 450/650 – Lecture 5: DES

4 Cracking DES Diffie and Hellman then outlined a "brute force" attack on DES – By "brute force" is meant that you try as many of the 2 56 possible keys as you have to before decrypting the ciphertext into a sensible plaintext message – They proposed a special purpose "parallel computer using one million chips to try one million keys each" per second 3 CS 450/650 – Lecture 5: DES

5 Cracking DES (cont.) In 1998, Electronic Frontier Foundation spent $220K and built a machine that could go through the entire 56-bit DES key space in an average of 4.5 days – On July 17, 1998, they announced they had cracked a 56-bit key in 56 hours – The computer, called Deep Crack used 27 boards each containing 64 chips was capable of testing 90 billion keys a second 4 CS 450/650 – Lecture 5: DES

6 Cracking DES (cont.) In early 1999, Distributed. Net used the DES Cracker and a worldwide network of nearly 100K PCs to break DES in 22 hours – combined they were testing 245 billion keys per second This just serves to illustrate that any organization with moderate resources can break through DES with very little effort these days 5 CS 450/650 – Lecture 5: DES

7 Double DES E(k 1, E(k 2, M) ) – As strong as 57-bit key ! – Given message M and ciphertext c – Encrypt M with all possible keys 2 56 steps – Decrypt c with all possible keys and match M s 2 56 steps CS 450/650 Fundamentals of Integrated Computer Security 6

8 Triple DES – Two keys E(k 1, D(k 2, E(k 1, M) ) ) The first key is used to DES-encrypt the message The second key is used to DES-decrypt the encrypted message – Since the second key is not the right key, this decryption just scrambles the data further The twice-scrambled message is then encrypted again with the first key to yield the final ciphertext As strong as 80-bit key ! 7 CS 450/650 – Lecture 5: DES

9 Triple DES – Three keys E(k 3, D(k 2, E(k 1, M) ) ) The first key is used to DES-encrypt the message The second key is used to DES-decrypt the encrypted message – Since the second key is not the right key, this decryption just scrambles the data further The twice-scrambled message is then encrypted with the third key to yield the final ciphertext As strong as 112-bit key ! 8 CS 450/650 – Lecture 5: DES

10 Analysis of Algorithms Algorithms – Time Complexity – Space Complexity An algorithm whose time complexity is bounded by a polynomial is called a polynomial-time algorithm – An algorithm is considered to be efficient if it runs in polynomial time. CS 450/650 Lecture 5: Algorithm Background 9

11 Growth Rate  T(n) = O(f(n)): T is bounded above by f The growth rate of T(n) <= growth rate of f(n)  T(n) =  (g(n)): T is bounded below by g The growth rate of T(n) >= growth rate of g(n)  T(n) =  (h(n)): T is bounded both above and below by h The growth rate of T(n) = growth rate of h(n)  T(n) = o(p(n)): T is dominated by p The growth rate of T(n) < growth rate of p(n) 10 CS 450/650 Lecture 5: Algorithm Background

12 Time Complexity  C  O(n)  O(log n)  O(nlogn)  O(n 2 )  …  O(n k )  O(2 n )  O(k n )  O(n n ) 11 CS 450/650 Lecture 5: Algorithm Background Polynomial Exponential

13 P, NP, NP-hard, NP-complete A problem belongs to the class P if the problem can be solved by a polynomial-time algorithm A problem belongs to the class NP if the correctness of the problem’s solution can be verified by a polynomial- time algorithm A problem is NP-hard if it is as hard as any problem in NP – Existence of a polynomial-time algorithm for an NP-hard problem implies the existence of polynomial solutions for every problem in NP NP-complete problems are the NP-hard problems that are also in NP 12 CS 450/650 Lecture 5: Algorithm Background

14 Relationships between different classes NP P NP-complete NP-hard 13 CS 450/650 Lecture 5: Algorithm Background

15 Partitioning Problem Given a set of n integers, partition the integers into two subsets such that the difference between the sum of the elements in the two subsets is minimum – NP-complete 13, 37, 42, 59, 86, 100 14 CS 450/650 Lecture 5: Algorithm Background Sum165172 86100 4259 3713

16 Bin Packing Problem Suppose you are given n items of sizes s1, s2,..., sn All sizes satisfy 0  si  1 The problem is to pack these items in the fewest number of bins, – given that each bin has unit capacity – NP-hard 15 CS 450/650 Lecture 5: Algorithm Background

17 Lecture 6 RSA CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini

18 RSA Invented by Cocks (GCHQ), independently, by Rivest, Shamir and Adleman (MIT) Two keys e and d used for Encryption and Decryption – The keys are interchangeable M = D(d, E(e, M) ) = D(e, E(d, M) ) – Public key encryption Based on problem of factoring large numbers – Not in NP-complete – Best known algorithm is exponential 17 CS 450/650 Lecture 6: RSA

19 RSA To encrypt message M compute – c = M e mod N To decrypt ciphertext c compute – M = c d mod N 18 CS 450/650 Lecture 6: RSA

20 Let p and q be two large prime numbers Let N = pq Choose e relatively prime to (p  1)(q  1) – a prime number larger than p-1 and q-1 Find d such that ed mod (p  1)(q  1) = 1 Key Choice 19 CS 450/650 Lecture 6: RSA

21 RSA Recall that e and N are public If attacker can factor N, he can use e to easily find d – since ed mod (p  1)(q  1) = 1 Factoring the modulus breaks RSA It is not known whether factoring is the only way to break RSA 20 CS 450/650 Lecture 6: RSA

22 Does RSA Really Work? Given c = M e mod N we must show – M = c d mod N = M ed mod N We’ll use Euler’s Theorem – If x is relatively prime to N then x  (N) mod N =1  (n): number of positive integers less than n that are relatively prime to n. If p is prime then,  (p) = p-1 21 CS 450/650 Lecture 6: RSA

23 Does RSA Really Work? Facts: – ed mod (p  1)(q  1) = 1 – ed = k(p  1)(q  1) + 1by definition of mod –  (N) = (p  1)(q  1) – Then ed  1 = k(p  1)(q  1) = k  (N) M ed = M (ed-1)+1 = M  M ed-1 = M  M k  (N) = M  (M  (N) ) k mod N = M  1 k mod N = M mod N 22 CS 450/650 Lecture 6: RSA

24 Example Select primes p=11, q=3. N = p* q = 11*3 = 33 Choose e = 3 check gcd(e, p-1) = gcd(3, 10) = 1 – i.e. 3 and 10 have no common factors except 1 check gcd(e, q-1) = gcd(3, 2) = 1 therefore gcd(e, (p-1)(q-1)) = gcd(3, 20) = 1 23 CS 450/650 Lecture 6: RSA

25 Example (cont.) p-1 * q-1 = 10 * 2 = 20 Compute d such that e * d mod (p-1)*(q-1) = 1 3 * d mod 20 = 1 d = 7 Public key = (N, e) = (33, 3) Private key = (N, d) = (33, 7) 24 CS 450/650 Lecture 6: RSA

26 Example (cont.) Now say we want to encrypt message m = 7 c = M e mod N = 7 3 mod 33 = 343 mod 33 = 13 – Hence the ciphertext c = 13 To check decryption, we compute M' = c d mod N = 13 7 mod 33 = 7 25 CS 450/650 Lecture 6: RSA

27 More Efficient RSA Modular exponentiation example – 5 20 = 95367431640625 = 25 mod 35 A better way: repeated squaring – Note that 20 = 2  10, 10 = 2  5, 5 = 2  2 + 1, 2 = 1  2 – 5 1 = 5 mod 35 – 5 2 = (5 1 ) 2 = 5 2 = 25 mod 35 – 5 5 = (5 2 ) 2  5 1 = 25 2  5 = 3125 = 10 mod 35 – 5 10 = (5 5 ) 2 = 10 2 = 100 = 30 mod 35 – 5 20 = (5 10 ) 2 = 30 2 = 900 = 25 mod 35 No huge numbers and it’s efficient! CS 450/650 Lecture 6: RSA 26

28 RSA key-length strength RSA has challenges for different key-lengths – RSA-140 Factored in 1 month using 200 machines in 1999 – RSA-155 (512-bit) Factored in 3.7 months using 300 machines in 1999 – RSA-160 Factored in 20 days in 2003 – RSA-200 Factored in 18 month in 2005 – RSA-210, RSA-220, RSA-232, … RSA-2048 27 CS 450/650 Lecture 6: RSA

29 Group Work Find keys d and e for the RSA cryptosystem with p = 7 and q = 11 Solution – p*q = 77 – (p-1) * (q-1) = 60 – e = 37 – d = 13 – n = 13 * 37 = 481 = 1 mod 60 28 CS 450/650 Lecture 6: RSA

Download ppt "Lecture 5 Overview Does DES Work? Differential Cryptanalysis Idea – Use two plaintext that barely differ – Study the difference in the corresponding."

Similar presentations

CSE331: Introduction to Networks and Security Lecture 19 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 19 Fall 2002.
Public Key Encryption Algorithm

Public Key Encryption Algorithm
1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong.

1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong.
RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem

RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.
Public Encryption: RSA

Public Encryption: RSA
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.

Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
Chapter 3 Encryption Algorithms & Systems (Part B)

Chapter 3 Encryption Algorithms & Systems (Part B)
Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
“RSA”. RSA  by Rivest, Shamir & Adleman of MIT in 1977  best known & widely used public-key scheme  RSA is a block cipher, plain & cipher text are.

“RSA”. RSA  by Rivest, Shamir & Adleman of MIT in 1977  best known & widely used public-key scheme  RSA is a block cipher, plain & cipher text are.
Codes, Ciphers, and Cryptography-RSA Encryption

Codes, Ciphers, and Cryptography-RSA Encryption
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.

Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
The RSA Algorithm Based on the idea that factorization of integers into their prime factors is hard. ★ n=p . q, where p and q are distinct primes Proposed.

The RSA Algorithm Based on the idea that factorization of integers into their prime factors is hard. ★ n=p . q, where p and q are distinct primes Proposed.
1 Introduction to Codes, Ciphers, and Cryptography Michael A. Karls Ball State University.

1 Introduction to Codes, Ciphers, and Cryptography Michael A. Karls Ball State University.
Chapter 12 Cryptography (slides edited by Erin Chambers)

Chapter 12 Cryptography (slides edited by Erin Chambers)
Prime Numbers Prime numbers only have divisors of 1 and self

Prime Numbers Prime numbers only have divisors of 1 and self

Similar presentations

Ads by Google