a cryptography tutorial jim xu college of computing georgia tech jx
Post on 23-Dec-2015
213 Views
Preview:
TRANSCRIPT
A Cryptography Tutorial
• Jim Xu
• College of Computing
• Georgia Tech
• http://www.cc.gatech.edu/~jx
Why Cryptography?
• Network information needs to be communicated through insecure channel.
• Stored information may be accessed without proper authorization.
• Cryptography is a systematic way to make that harder.
Common Security Requirements
• Secrecy(encryption)
• Authenticity(signature/encryption)
• Integrity (signature/encryption)
• Non-repudiation (signature)
What Cryptography can do?
• Encryption: only the authorized party can understand the encrypted message.
• Signature: allow people to verify the authenticity of the message.
Classical Cryptography
• Shift Cipher (a special case used by Caesar)
• Substitution Cipher
• Affine Cipher
• Vigenere Cipher
• Hill Cipher
• Permutation Cipher
Cryptoanalysis
• Ciphertext-only attack
• Known plaintext attack
• Chosen plaintext attack
• Adaptive Chosen plaintext attack
Cryptoanalysis
• Shift Cipher: English histogram
• Substitution Cipher: histogram again
• Affine Cipher: histogram
• Vigenere Cipher: more complicated stat
• Hill Cipher: Known plaintext attack
• Permutation Cipher: histogram + semantics
How to achieve perfect secrecy?
• One-pad: have a key as long as the plaintext
• For example, shift cipher is perfectly secure if the key is random and it is only used to encrypt one character!
• Spurious keys: S(n) >= |K|/(|P|^(n*R))-1
• Unicity distance: that n to make S(n) zero
Shared-key cryptography
• Rooted in computational complexity
• Sender has M
• Sender sends (M XOR f(x, k), x)
• f is a random function
• Algorithms:– DES, Various fishes, Lucifer, Fiestel, AES
standards (Rijendel), ...
DES
• A round can be described as:– Li = Ri-1
• The key generation is performed– An initial permutation PC1 which selects 56 bits and
divide them in two halves
– In each round• Select 24 bits from each half using a permutation function PC2
• Rotate left each half by one or two position
)))(((11 KRLR iiii
ESP
Rich theory on pseudorandomness
• Pseudorandom number/bit generator
• Pseudorandom functions (ideal cryptographic hash functions)
• Stretch a small completely random string into a longer but less random string
• Though less random, indistinguishable to “naked eyes”
Public Key Cryptography
• Public/private key pair
• Only the owner knows the private key, but everyone knows the public key
• If the message is encrypted with the private key, then everyone with the public key can recover the message, but only the owner can generate the encrypted message
Continued
• If the message is encrypted with the public key, only the owner can decrypted it using its private key
• The first property can be used for signature and the second property can be used for encryption.
Digital signature
• Sender sends M, T=E(hash(M), private)
• The receiver compares E(T, public) and compares it with hash(M)
• M is considered genuine if they match
RSA
• Find two big prime numbers p and q
• Let B = p*q
• Choose private key C to be a number that is coprime with (p-1)*(q-1)
• Choose public key D such that C*D=1 mod (p-1)*(q-1)
Continued
• Encrypt M: T=M^C (or M^D)
• Decrypt M: M = T^D (or T^C)
• Theorem: (M^C)^D = M mod B
• Why: all the numbers that is coprime with B form a group, and the size of that group is (p-1)(q-1)
Security of RSA
• Hinge upon how hard the factorization is
• If one can break down B into p and q
• then finding C: C*D = 1 mod (p-1)(q-1) is easy
• Factorization is found to be quite hard, at least for now.
Cryptographic Protocols
• System needs are more complicated than what the primitives can provide
• Improperly designed, be broken even if none of the underlying primitives are broken
• Hard to check whether it is properly designed (proof logic/model checking/theorem proving methods are involved)
Key exchange
• Diff-Hellman
• Based on the assumption that knowing prime p and p^n, finding n will be hard
• Allow two party to share a key
• A senders B p^a and remembers a
• B senders A p^b and remembers b
• Both sides can generate p^(ab)
• Third party can not do that!
Man in the middle
• C can establish a key with both A and B, by posing as B and A respectively
• Solution: introduce public key or using return address as authentication method
Public Key Infrastructure
• Need this infrastructure to prevent A from claiming that B uses the public key that A generates
• Both hierachical and flat infrastructure are proposed
• Revocation list a major headache
top related