fnnc dudmhmf !
DESCRIPTION
FNNC DUDMHMF !. Sghr kdbstqd hr zants dmbqxoshnm. The Caesar Cipher (Suetonius). - PowerPoint PPT PresentationTRANSCRIPT
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 11
FNNC DUDMHMF !
FNNC DUDMHMF !Sghr kdbstqd hr
zants dmbqxoshnm
Sghr kdbstqd hr zants
dmbqxoshnm
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 22
The Caesar Cipher (Suetonius)
The Caesar Cipher (Suetonius)“If Caesar had anything
confidential to say, he wrote it in cipher, that is, by so changing the order of the letters of the alphabet, that not a word could be made out. If anyone wishes to decipher these, and get at their meaning, he must substitute the fourth letter of the alphabet, namely D, for A, and so with the others.”
“If Caesar had anything confidential to say, he wrote it in cipher, that is, by so changing the order of the letters of the alphabet, that not a word could be made out. If anyone wishes to decipher these, and get at their meaning, he must substitute the fourth letter of the alphabet, namely D, for A, and so with the others.”
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 33
Caesar cipherCaesar cipher
a b c d e f g h i j k l mn o p q r s t u v w x y z
X Y Z A B C D E F G H I J K L MN O P Q R S T U V W
Replace each letter by the letter that comes some fixed distance before or after it in the alphabet.
Replace each letter by the letter that comes some fixed distance before or after it in the alphabet.
Shift = 3
Gallia est omnis divisa in partes tres
JDOOLD HVW RPQLV GLYLVD LQ SDUWHV WUHV
Cryptography and National Security
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 55
Unless the issue of encryption is resolved soon, criminal conversations over the telephone … will become indecipherable by law enforcement. This, as much as any issue, jeopardizes the public safety and national security of this country.
FBI Director Louis Freeh, March 30, 1995
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 66
The Stakes Rise After 9/11
The Stakes Rise After 9/11
Sept. 13, 2001: Sen. Judd Gregg (NH) calls for encryption regulations, saying encryption makers should be required to include decryption methods for government agents.
US market force would be used to constrain foreign makers of encryption products
Sept. 13, 2001: Sen. Judd Gregg (NH) calls for encryption regulations, saying encryption makers should be required to include decryption methods for government agents.
US market force would be used to constrain foreign makers of encryption products
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 77
A month later, encryption is OK!
A month later, encryption is OK!
October 24, 2001: USA PATRIOT Act passes
Vastly enhanced authorization for government surveillance in the interest of national security
Not one word about encryption!Why did US Congress drop its
efforts to control encryption, barely a month after the attack on the US?
October 24, 2001: USA PATRIOT Act passes
Vastly enhanced authorization for government surveillance in the interest of national security
Not one word about encryption!Why did US Congress drop its
efforts to control encryption, barely a month after the attack on the US?
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 88
Electronic Commerce!Electronic Commerce!
Treatise on the Astrolabe, 1391
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 1010
Letter Frequencies Letter Frequencies
Source: Wikipedia
Treatise on the Astrolabe, 1391
Treatise on the Astrolabe, 1391
Treatise on the Astrolabe, 1391
ee
ee
e
e
e
e
e
ee
e
Treatise on the Astrolabe, 1391
ee
ee
e
e
e
e
e
ee
t
t
tt
t
t
t
t
t
e t
Treatise on the Astrolabe, 1391
ee
ee
e
e
e
e
e
ee
t
t
tt
t
t
t
t
t
te
h
h
h
h
h
Treatise on the Astrolabe, 1391
ee
ee
e
e
e
e
e
ee
t
t
tt
t
t
t
t
t
te
h
h
h
h
h
oo
o
o
oo
o
o
Treatise on the Astrolabe, 1391
ee
ee
e
e
e
e
e
ee
t
t
tt
t
t
t
t
t
te
h
h
h
h
h
oo
o
o
oo
o
o
isi
i
i
i
s
si
Treatise on the Astrolabe, 1391
ee
ee
e
e
e
e
e
ee
t
t
tt
t
t
t
t
t
t
h
eh
h
h
h
oo
o
o
oo
o
o
isi
i
i
i
s
si
r
r
r
r
Treatise on the Astrolabe, 1391
ee
ee
e
e
e
e
e
ee
t
t
tt
t
t
t
t
t
t
h
eh
h
h
oo
o
o
oo
o
o
isi
i
i
i
s
si
r
r
r
r
h
f aa b
a b
l
l
f
v
nn
nn
n
fc
uq
d
m
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 2020
Substitution cipherSubstitution cipher
Replace each character of the message by another character
In generalOriginal message is called the plaintextEncrypted result is called the ciphertext
Substitution ciphers easily cracked by frequency analysis
Replace each character of the message by another character
In generalOriginal message is called the plaintextEncrypted result is called the ciphertext
Substitution ciphers easily cracked by frequency analysis
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 2121
CryptosystemsCryptosystems
ATTACKER
key
encrypt plaintext message
retreat at dawn
key
decrypt
ciphertext
plaintext message
retreat at dawn
SENDERciphertext
sb%6x*cmf
RECEIVER
Alice Bob
Eve
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 2222
Yaqub Ibn Ishaq al-Kindi (801-873)
Cracking ciphersCracking ciphers
Frequency analysis has been known since the 9th century.
Al Kindi’s Manuscript on Deciphering Cryptographic Messages
Frequency analysis has been known since the 9th century.
Al Kindi’s Manuscript on Deciphering Cryptographic Messages
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 2323
Mary Stuart, 1587Mary Stuart, 1587
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 2424
The Koan of the YogiThe Koan of the Yogi
“In theory there is no difference between theory and practice. In practice, there is.”
“In theory there is no difference between theory and practice. In practice, there is.”
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 2525
Cryptologic lessonsCryptologic lessons
Breakthroughs can render previously reliable cryptographic methods insecure
News of cryptanalytic breakthroughs travels slowly
Making strong encryption systems available does not guarantee they will be used
Breakthroughs can render previously reliable cryptographic methods insecure
News of cryptanalytic breakthroughs travels slowly
Making strong encryption systems available does not guarantee they will be used
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 2626
Vigenère EncryptionVigenère Encryption Use several
Caesar substitutions and cycle through them
Sequence of substitutions determined by a secret key
Use several Caesar substitutions and cycle through them
Sequence of substitutions determined by a secret key
Blaise de Vigenere (1523-1596)
a b c d e f g h i j k l m n o p q r s t u v w x y z
S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Fight fiercely, Harvard! Fight! Fight! Fight!
H JQRR ZPRU NOEJ GQXK LTVM IBWL YVGXWTNU NZ
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 2828
Breaking Vigenère – (1)Breaking Vigenère – (1)
If the key has length K, then the ciphertext letters K positions apart are specified by the same character in the key …
And thus is the result of a simple substitution And thus can be attacked by frequency
analysis Example: Suppose the key length is three:
If the key has length K, then the ciphertext letters K positions apart are specified by the same character in the key …
And thus is the result of a simple substitution And thus can be attacked by frequency
analysis Example: Suppose the key length is three:
DJBK FJWO VJSW FKDS GFJD RKEM CNEJ JKSJ FKDJ SJSS
So the decryption reduces to doing frequency analysis K times – provided we know K
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 2929
Breaking Vigenère – (2)Breaking Vigenère – (2)
To find the length of the key: Try different values for K, looking at every Kth
letter of the ciphertext, and pick the one for which the frequency distribution looks like the frequency distribution for English.
Clever methods to do this by hand: Babbage, Kasiski: counting double letters
(1850s, 1860s) Friedman: Index of Coincidence (1920s)
With computers, we don’t need to be clever: Can do brute-force statistics
To find the length of the key: Try different values for K, looking at every Kth
letter of the ciphertext, and pick the one for which the frequency distribution looks like the frequency distribution for English.
Clever methods to do this by hand: Babbage, Kasiski: counting double letters
(1850s, 1860s) Friedman: Index of Coincidence (1920s)
With computers, we don’t need to be clever: Can do brute-force statistics
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 3030
Theory vs.
Practice
1917
Theory vs.
Practice
1917
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 3131
One-Time Pad: Key as long as plaintext
One-Time Pad: Key as long as plaintext
The Only Provably Secure CryptosystemNo patterns, so nothing to analyzeBut getting the keys from Alice to Bob
securely is just as hard as getting an unencrypted message!
Unsuitable for e-commerceWhat would it mean to “meet” Amazon to get a key?
The Only Provably Secure CryptosystemNo patterns, so nothing to analyzeBut getting the keys from Alice to Bob
securely is just as hard as getting an unencrypted message!
Unsuitable for e-commerceWhat would it mean to “meet” Amazon to get a key?
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 3232
Beware Security Through Obscurity
Beware Security Through Obscurity
Kerckhoffs Principle (1883): “The system must not require secrecy, and it
could fall into the hands of the enemy without causing trouble. If a system requiring secrecy were to find itself in the hands of too many individuals, it could be compromised upon each engagement in which any of them take part.”
Still regularly violated by Internet security start-ups and their credulous investors
Kerckhoffs Principle (1883): “The system must not require secrecy, and it
could fall into the hands of the enemy without causing trouble. If a system requiring secrecy were to find itself in the hands of too many individuals, it could be compromised upon each engagement in which any of them take part.”
Still regularly violated by Internet security start-ups and their credulous investors
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 3333
DES: The Data Encryption Standard
DES: The Data Encryption Standard
A 1976 public standard 56 bit keyLong enough in 1976With today’s more powerful computers a brute
force search through possible keys takes only a day
Superceded by Advanced Encryption Standard or “AES”: 128, 192, or 256 bit key
AES has not been cracked as far as we know
A 1976 public standard 56 bit keyLong enough in 1976With today’s more powerful computers a brute
force search through possible keys takes only a day
Superceded by Advanced Encryption Standard or “AES”: 128, 192, or 256 bit key
AES has not been cracked as far as we know
October 27, 2008October 27, 2008 Harvard CSCI E-2aHarvard CSCI E-2a 3434
But the Big Problem Remains:
But the Big Problem Remains:
How to Get the Key securely from Alice to Bob?
How to Get the Key securely from Alice to Bob?
??