a cryptography tutorial

24
A Cryptography Tutorial • Jim Xu • College of Computing • Georgia Tech • http://www.cc.gatech.edu/~jx

Upload: fraley

Post on 23-Feb-2016

51 views

Category:

Documents


0 download

DESCRIPTION

A Cryptography Tutorial. Jim Xu College of Computing Georgia Tech http://www.cc.gatech.edu/~jx. Why Cryptography?. Network information needs to be communicated through insecure channel. Stored information may be accessed without proper authorization. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: A Cryptography Tutorial

A Cryptography Tutorial

• Jim Xu• College of Computing

• Georgia Tech• http://www.cc.gatech.edu/~jx

Page 2: A Cryptography Tutorial

Why Cryptography?

• Network information needs to be communicated through insecure channel.

• Stored information may be accessed without proper authorization.

• Cryptography is a systematic way to make that harder.

Page 3: A Cryptography Tutorial

Common Security Requirements

• Secrecy(encryption)• Authenticity(signature/encryption)• Integrity (signature/encryption)• Non-repudiation (signature)

Page 4: A Cryptography Tutorial

What Cryptography can do?

• Encryption: only the authorized party can understand the encrypted message.

• Signature: allow people to verify the authenticity of the message.

Page 5: A Cryptography Tutorial

Classical Cryptography

• Shift Cipher (a special case used by Caesar)• Substitution Cipher• Affine Cipher• Vigenere Cipher• Hill Cipher• Permutation Cipher

Page 6: A Cryptography Tutorial

Cryptoanalysis

• Ciphertext-only attack• Known plaintext attack• Chosen plaintext attack• Adaptive Chosen plaintext attack

Page 7: A Cryptography Tutorial

Cryptoanalysis

• Shift Cipher: English histogram• Substitution Cipher: histogram again• Affine Cipher: histogram• Vigenere Cipher: more complicated stat• Hill Cipher: Known plaintext attack• Permutation Cipher: histogram + semantics

Page 8: A Cryptography Tutorial

Frequency of Letter Occurance

Page 9: A Cryptography Tutorial

How to achieve perfect secrecy?

• One-pad: have a key as long as the plaintext• For example, shift cipher is perfectly secure

if the key is random and it is only used to encrypt one character!

• Spurious keys: S(n) >= |K|/(|P|^(n*R))-1• Unicity distance: that n to make S(n) zero

Page 10: A Cryptography Tutorial

Modern Cryptography

• Two broad classes– 1. Shared-key cryptography– 2. Public-key cryptography

Page 11: A Cryptography Tutorial

Shared-key cryptography

• Rooted in computational complexity• Sender has M• Sender sends (M XOR f(x, k), x)• f is a random function• Algorithms:

– DES, Various fishes, Lucifer, Fiestel, AES standards (Rijendel), ...

Page 12: A Cryptography Tutorial

DES

• A round can be described as:– Li = Ri-1

• The key generation is performed– An initial permutation PC1 which selects 56 bits and

divide them in two halves– In each round

• Select 24 bits from each half using a permutation function PC2• Rotate left each half by one or two position

)))((( 11 KRLR iiii ESP

Page 13: A Cryptography Tutorial

Rich theory on pseudorandomness

• Pseudorandom number/bit generator• Pseudorandom functions (ideal

cryptographic hash functions)• Stretch a small completely random string

into a longer but less random string• Though less random, indistinguishable to

“naked eyes”

Page 14: A Cryptography Tutorial

Public Key Cryptography

• Public/private key pair• Only the owner knows the private key, but

everyone knows the public key• If the message is encrypted with the private

key, then everyone with the public key can recover the message, but only the owner can generate the encrypted message

Page 15: A Cryptography Tutorial

Continued

• If the message is encrypted with the public key, only the owner can decrypted it using its private key

• The first property can be used for signature and the second property can be used for encryption.

Page 16: A Cryptography Tutorial

Digital signature

• Sender sends M, T=E(hash(M), private)• The receiver compares E(T, public) and

compares it with hash(M)• M is considered genuine if they match

Page 17: A Cryptography Tutorial

RSA

• Find two big prime numbers p and q• Let B = p*q• Choose private key C to be a number that is

coprime with (p-1)*(q-1)• Choose public key D such that C*D=1 mod

(p-1)*(q-1)

Page 18: A Cryptography Tutorial

Continued

• Encrypt M: T=M^C (or M^D)• Decrypt M: M = T^D (or T^C)• Theorem: (M^C)^D = M mod B• Why: all the numbers that is coprime with B

form a group, and the size of that group is (p-1)(q-1)

Page 19: A Cryptography Tutorial

Security of RSA

• Hinge upon how hard the factorization is• If one can break down B into p and q• then finding C: C*D = 1 mod (p-1)(q-1) is

easy• Factorization is found to be quite hard, at

least for now.

Page 20: A Cryptography Tutorial

Cryptographic Protocols

• System needs are more complicated than what the primitives can provide

• Improperly designed, be broken even if none of the underlying primitives are broken

• Hard to check whether it is properly designed (proof logic/model checking/theorem proving methods are involved)

Page 21: A Cryptography Tutorial

Key exchange

• Diff-Hellman• Based on the assumption that knowing prime p

and p^n, finding n will be hard• Allow two party to share a key• A senders B p^a and remembers a• B senders A p^b and remembers b• Both sides can generate p^(ab)• Third party can not do that!

Page 22: A Cryptography Tutorial

Man in the middle

• C can establish a key with both A and B, by posing as B and A respectively

• Solution: introduce public key or using return address as authentication method

Page 23: A Cryptography Tutorial

Public Key Infrastructure

• Need this infrastructure to prevent A from claiming that B uses the public key that A generates

• Both hierachical and flat infrastructure are proposed

• Revocation list a major headache

Page 24: A Cryptography Tutorial

Advanced Issues

• Group encryption/signature• Forward security• Everlasting security