topic 3 cryptography

8/11/2019 Topic 3 Cryptography

1/89

TOPIC 3:CRYPTOGRAPHY


2/89

Outline

History Terms & Defnitions

Overview o Cryptor!p"y #ymmetri$ %ey Cryptor!p"y Puli$ %ey Cryptor!p"y

'ess!e interity !n( (iit!lsin!tures


3/89

Intro(u$tion

3

Hidden writing Increasingly used to protect

informationCan ensure condentiality

Integrity and Authenticity too


4/89

Introduction

Cryptography Greek for hidden and writing isa means of transforming data in a way thatrenders it unreadale y anyone e!cept the

intended recipient" #hat was originally used almost e!clusi$ely y

go$ernments for espionage has ecome apowerful tool for personal pri$acy today"

%$ery modern computer system uses moderncryptographic methods to secure passwordsstored and pro$ides the trusted ackone fore&commerce


5/89

Introduction

Cryptography ts into the CIA triad &used to ensure condentiality andintegrity of a message" 'ome forms alsopro$ide for sender authenticity and proof

of deli$ery" (ut cryptography doesn)taddress a$ailaility as some other formsof security do"

Although forgetting a password for your

user account can certainly lead to adenial of ser$ice attack" Cryptography is used in many access

control systems


6/89

6

IntroductionAttacks

*pponent whose goal is to reakcryptosystem is the adversary 'tandard cryptographic practice+ Assume

ad$ersary knows algorithm used, ut not the

key -hree types of attacks+

ciphertext only+ ad$ersary has only cipherte!t.goal is to nd plainte!t, possily key

known plaintext+ ad$ersary has cipherte!t,

corresponding plainte!t. goal is to nd key chosen plaintext+ ad$ersary may supply

plainte!ts and otain correspondingcipherte!t. goal is to nd key


7/89

7

Introduction (asis for

Attacks '!t"em!ti$!l !tt!$)s (ased on analysis of underlying

mathematics

#t!tisti$!l !tt!$)s /ake assumptions aout the distriutionof letters, pairs of letters 0diagrams1,triplets of letters 0trigrams1, etc. Called models of the language %"g" Caesar Cipher, letter %

%!amine cipherte!t, correlate propertieswith the assumptions"


8/89

History

!* '!nu!l +r! 2ates ack to at least 3444 ("C" 5en and 5aper Cryptography %!amples

'cytale Atash

Caesar 6igen7re


9/89

History

* 'e$"!ni$!l +r!

In$ention of cipher machines %!amples

Confederate Army)s Cipher 2isk 8apanese 9ed and 5urple /achines

German %nigma


10/89

'o(ern +r!

Computers:

%!amples+ ;ucifer. 9i


11/89

Cryptosystem #ervi$es

Condentiality *nly authori=ed entities areallowed to $iew

Integrity %nsures the message was not altered

y unauthori=ed indi$iduals Authenticity 6alidates the source of a message,

to ensure the sender is properly identied

>onrepudiation %stalishes sender identity so

that the entity cannot deny ha$ing sent themessage

Access Control Access to an o


12/89

#ome ,!si$ Terminoloy

pl!inte-t& original message

$ip"erte-t& coded message

$ip"er& algorithm for transforming plainte!t to cipherte!t

)ey& info used in cipher known only to sender@recei$er en$ip"er .en$rypt*& con$erting plainte!t to cipherte!t

(e$ip"er .(e$rypt*& reco$ering plainte!t from cipherte!t

$ryptor!p"y& study of encryption principles@methods

$rypt!n!lysis .$o(ere!)in*& study of principles@methods of deciphering cipherte!t withoutknowing key

$ryptoloy& eld of oth cryptography and cryptanalysis


13/89

Cryptography

CSE2500 System Security and Privacy

13

plaintext (data file or messages)

encryption

ciphertext (stored or transmitted safely)

decryption

plaintext (original data or messages)


14/89

Cryptosystem$omponents5lainte!t 0p1 original messageCipherte!t 0c1 encrypted

messageey 0k1 pri$ate information%ncryption algorithm c B %0p,k1

2ecryption algorithm p B 20c,k1


15/89

Cryptor!p"i$

#ystems


16/89

Cryptography

can characteri=e cryptographic system y+ type of encryption operations used

'ustitution & 9eplacing one letter with another-ransposition & 9earranging or reordering the letters product

numer of keys used single&key or pri$ate & symmetric two&key or pulic asymmetric Hash functions+ no key

way in which plainte!t is processed (lock& processes the input one lock of elements at a

time, producing an output lock for each input lock 'tream& processes the input elements continuously,

producing output one element at a time


17/89

'teganography

Hiding a message within another medium, such asan image

>o key is re?uired 0old steganography1

%!ample /odify color map of 85%G image

In$isile ink, hidden tattoos, and microdots are alle!amples of steganography"

(y taking a color digital image and slightly alteringthe color of each pi!el, you can hide a message inthe image without noticealy altering theappearance" -he recei$er can then e!tract themessage if they ha$e the original, unaltered image"


18/89

%er$)"o/s0s Prin$iple

%er$)"o/s0s Prin$iple: -he cipher method must not e re?uired to e

secret, and it must e ale to fall into the hands ofthe enemy without incon$enience

#"!nnon0s m!-im+ -he enemy knows the system" *pen design. 'ecurity y oscurity doesn)t

work

'hould assume that the ad$ersary knows thealgorithm. the only secret the ad$ersary isassumed to not know is the key 9e$erse engineering, careful re$iew of algorithm,

etc"


19/89

Conusion !n( Di/usion

In cryptography, $onusionand (i/usionare two properties of the operation of asecure cipherwhich were identied y

Claude 'hannon confusionrefers to making the

relationship etween the cipherte!tandthe symmetric keyas comple! and

in$ol$ed as possile. diusionrefers todissipating the statistical structure ofplainte!to$er ulk of cipherte!t"
http://en.wikipedia.org/wiki/Cryptographyhttp://en.wikipedia.org/wiki/Cipherhttp://en.wikipedia.org/wiki/Claude_Elwood_Shannonhttp://en.wikipedia.org/wiki/Ciphertexthttp://en.wikipedia.org/wiki/Symmetric_keyhttp://en.wikipedia.org/wiki/Plaintexthttp://en.wikipedia.org/wiki/Ciphertexthttp://en.wikipedia.org/wiki/Ciphertexthttp://en.wikipedia.org/wiki/Plaintexthttp://en.wikipedia.org/wiki/Symmetric_keyhttp://en.wikipedia.org/wiki/Ciphertexthttp://en.wikipedia.org/wiki/Claude_Elwood_Shannonhttp://en.wikipedia.org/wiki/Cipherhttp://en.wikipedia.org/wiki/Cryptography


20/89

Conusion !n(Di/usion1 Aim o $onusion is to m!)e it very "!r( to

fn( t"e )ey even i one "!s ! l!renumer o pl!inte-t2$ip"erte-t p!irspro(u$e( wit" t"e s!me )ey" -herefore,each it of the cipherte!t should depend on theentire key, and in diDerent ways on diDerentits of the key" In particular, changing one it ofthe key should change the cipherte!tcompletely"

simplest way to achie$e oth diDusion and confusion

is to use a sustitution&permutation network" In thesesystems, the plainte!t and the key often ha$e a $erysimilar role in producing the output, hence the samemechanism ensures oth diDusion and confusion"
http://en.wikipedia.org/wiki/Substitution-permutation_networkhttp://en.wikipedia.org/wiki/Substitution-permutation_network


21/89

Defnin #e$ure+n$ryption

Ad$ersary should not e ale to

E" 9eco$er the key

3" Find the plainte!t corresponding to a

cipherte!t" Cannot determine any character of the

plainte!t

" Can deri$e any meaningful information

aout the plainte!t

" Can compute any function of the plainte!t


22/89

22


23/89

23


24/89

Cryptor!p"i$ 'et"o(s

Cryptographic Algorithms generally fall into oneof two diDerent categories, or are a cominationof oth"

Symmetric 'ame key for encryption and decryption ey distriution prolem

Asymmetric

/athematically related key pairs for encryptionand decryption

5ulic and pri$ate keys


25/89

E" 'ymmetric %ncryption

Con$entional @ pri$ate&key @ single&key sender and recipient share a common

key

all classical encryption algorithms arepri$ate&key was only type prior to in$ention of pulic&

key in EJK4)s and y far most widely used 0still1 is signicantly faster than pulic&key

crypto


26/89

E" 'ymmetric Cipher /odel


27/89

CSE2500 System Security and Privacy

27

ED

Message(cleartext, plaintext)

Encrypted message(ciphertext)

Encrypted message(ciphertext)

Encryption Decryption

key

Alice

Bob

Private key cipherPrivate key cipher

Message(cleartext,plaintext)


28/89

E" 'ymmetric Algorithm

'ecret algorithm+ additional hurdle

Hard to keep secret if used widely+ 9e$erse engineering, social engineering

Commercial+ pulished #ide re$iew, trust

/ilitary+ a$oid gi$ing enemy good ideas


29/89

E" 'ymmetric

L Fast

L *nly pro$ide condentiality

L >eed secure channel for key distriution

L

ey management headaches from large numerof key pairs to maintain >0>&E1@3

L -hat)s o$er M" million key pairs to let all M5urdue A@5 staD memers e!change encrypted

messagesL -o do the same for all students would re?uire o$er

half a illion key pairs:

L %!amples+ 2%', A%', (lowsh, 9C, 9C


30/89

%!amples of 'ymmetric Algorithm

2%' /odes+ %C(, C(C, CF(, *F(, C/

2%' A%' I2%A (lowsh


31/89

%!amples of 'ymmetric Algorithm

9C

9C

CA'-

'AF%9 -wosh


32/89

5ri$ate ey %ncryption

5ri$ate ey %ncryption can e used+ -ransmitting data o$er an insecure channel 'ecure stored data 0encrypt N store1

5ro$ide integrity check+ 0ey O /es"1 &P /AC 0message authentication

code1


33/89

Reuirements o #ymmetri$+n$ryption

-wo re?uirements for secure use ofsymmetric encryption+ a strong encryption algorithm a secret key known only to sender @ recei$er

/athematically ha$e+Y B %0,X1X B 20, Y1

Assume encryption algorithm is known erckhoD)s 5rinciple+ security in secrecy of key

alone, not in oscurity of the encryptionalgorithm Implies a secure channel to distriute key

Central prolem in symmetric cryptography


34/89

Desin o Priv!te %ey Cip"ers

A Cryptographic algorithm should e e4$ientforgood use It should e fast and key length should e of the right

length e"g". not too short Cryptographic algorithms are not impossile to

reak without a key If we try all the cominations, we can get the original

message -he security of a cryptographic algorithm depends

on how much work it takes for someone to reak it

%"g If it takes E4 mil" years to reak a cryptographicalgorithm Q using all the computers of a state, Q can ethought of as a secure one reason+ cluster computersand ?uantum computers are powerful enough to crackmany current cryptographic algorithms"


35/89

3" Asymmetri$5Puli$ %ey +n$ryption

Asymmetric %ncryption

L ;arge mathematical operations make it slowerthan symmetric algorithms

L

>o need for out of and key distriution 0pulickeys are pulic:1

L 'cales etter since only a single key pair neededper indi$idual

L

Can pro$ide authentication and nonrepudiationL %!amples+ 9'A, %l Gamal, %CC, 2iRe&Hellman


36/89

Comple!ity Classes

Answer in polynomial spacemay need e!hausti$e search

If yes, can guess and check inpolynomial time

Answer in polynomial time,with high proaility

Answer in polynomial timecompute answer directly

P

BPP

NP

PSpace

easy

hard


37/89

Puli$ )ey lueprint

-he keys used to encrypt and decrypt are diDerent"

Anyone who wants to e a recei$er needs topulish an encryption key, which is known as thepulic key"

Anyone who wants to e a recei$er needs a uni?uedecryption key, which is known as the pri$ate key"

It should not e possile to deduce the plainte!t fromknowledge of the cipherte!t and the pulic key"

'ome guarantee needs to e oDered of theauthenticity of a pulic key"


38/89

+-!mples o Asymmetri$Alorit"ms

Diffie-Hellman-Provides means for secure key

ec!an"e over insecure c!annel

RSA-Stands for inventors names# $ivest# S!amir# and

Adleman% $elies on difficulty of findin" prime

factori&ation of lar"e numbers

' El amal - Based on (iffie-)ellman met!od of

computin" discrete lo"arit!ms% Can also be used for

messa"e confidentiality and di"ital si"nature services

Elliptic !"rve !rypt#$raphy-$elies on computin"

discrete lo"arit!ms over elliptic curve "roup% (ue to

difficulty of problem# key si&es can be muc! smaller t!an

$SA and still retain stren"t!


39/89

Desin o ! puli$ )ey !lorit"m

In a pulic key system, if e$eryoneknows e$erything necessary+ theencryption algorithm !n(the

encryption key to determine thecipherte!t then how is it possilethat they cannot then work out what

the plainte!t 0decryption key1 is fromthis informationS


40/89

#ymmetri$ vs Asymmetri$+n$ryption

symmetric)ey$rypto

re?uires

sender, recei$erknow sharedsecret key

Fast encryption 5ro$ides low

security

%&

publickey crypto"rap!y

sender# receiver do not

s!are secret key

public encryption keykno*n toall

privatedecryption key

kno*n only to receiver

Slo*er encyption Provides !i"!er

security


41/89

Puli$ )ey $ryptor!p"y

%1

plaintet

messa"e# m

cip!ertetencryption

al"orit!mdecryption

al"orit!m

Bob+s public

key

plaintet

messa"e, m.

B

/

,B

/

Bob+s private

key,

B

-

m , , m..B

/

B

-


42/89

Puli$ )ey en$ryption!lorit"ms

%2

need and such thatB B

. .

"iven public key , # it s!ould be impossible to

compute private key ,

B

B

$e1uirements

1

2

$SA$ivest# S!amir# Adelson al"orit!m

/ -

, , m.. mBB

- /

/

-


43/89

36 Hyri( +n$ryption

Comines strengths of oth methods comines the scalaility and key management

features of the asymmetric algorithms with thespeed of symmetric ones"

Asymmetric distriutes symmetric keyAlso known as a session key

'ymmetric pro$ides ulk encryption

'ecure 'ockets ;ayer 0'';1 protocol negotiateswhich asymmetric and symmetric algorithms touse in a hyrid system to protect -C5connections, such as an H--5 connection

etween a we rowser and we ser$er


44/89

Comining 5ulic@5ri$ateey 'ystemsPublic key encryption is more expensive than symmetric key encryptionFor efficiency, combine the two approaches

(2) Use symmetric key for encrypting subsequent ata transmissions

3.

2.A B

(!) Use public key encryption for authentication" once

authenticate, transfer a share secret symmetric key


45/89

7* H!s"in Alorit"ms

'D8 /2& is ased on /2& and was created to address

$ulnerailities found in /2&" /2 generates E3T&it hash $alues o$er E3&it locks in rounds of EMsteps each"

Computes E3T&it hash $alue #idely used for le integrity checking

#HA29

'HA&E also operates on E3&it locks, ut producesa EM4&it hash $alue in rounds of 34 steps each

Computes EM4&it hash $alue >I'- appro$ed message digest algorithm


46/89

Crypt!n!lysis

-he study of methods to reak cryptosystems

*ften targeted at otaining a key

*


47/89

Cryptanalysis

erckhoD)s 5rinciple -he only secrecy in$ol$ed with a

cryptosystem should e the key

Cryptosystem 'trength How hard is it to determine the secret

associated with the systemS


48/89

Types o $rypt!n!lysis

2epending on what a cryptanalyst has towork with, attacks can e classied into cipherte!t only attack

known plainte!t attack chosen plainte!t attack chosen cipherte!t attack 0most se$ere1


49/89

!* Crypt!n!lyti$ Att!$)s

$ip"erte-t only only know algorithm N cipherte!t, is

statistical, can identify plainte!t & the onlydata a$ailale is a target cipherte!t

)nown pl!inte-t know@suspect plainte!t N cipherte!t&a target

cipherte!t. pairs of other cipherte!t andplainte!t 0say, pre$iously roken or guessing1

$"osen pl!inte-t select plainte!t and otain cipherte!t. can

feed encryption algorithm with plainte!ts and

otain the matching cipherte!ts


50/89

a1 Cryptanalytic Attacks

$"osen $ip"erte-t select cipherte!t and otain

plainte!t

can feed decryption algorithm withcipherte!ts and otain thematching plainte!ts

$"osen te-t select plainte!t or cipherte!t toen@decrypt


51/89

4all# 2005CPSC66 7nformation Security 8ana"ement

Chosen&5lainte!t Attack

Crook UE changeshis 5I> to a numerof his choice

cipher0key,5I>1

5I> is encrypted andtransmitted to ank

Crook U3 ea$esdropson the wire and learnscipherte!t correspondingto chosen plainte!t 5I>

repeat for any 5I> $alue


52/89

a1 Cryptanalytic Attacks

9!e most difficult problem to be break is presented

*!en all t!at is available is t!e cip!ertet only%

7n some cases# not even t!e encryption al"orit!m

is kno*n# but o*n-plaintin "eneral *e can assumet!at t!e opponent does kno* t!e al"orit!m used

for encryption%

9!en *it! increasin" information !ave t!e ot!er

attacks% :enerally# an encryption al"orit!m is desi"ned to

*it!stand cryptanalytic attack%


53/89

Cip"er #trent"

n$on(ition!l se$urity& if t!e cip!ertet"enerated by t!e sc!eme does not contain enou"!

information to determine uni1uely t!e correspondin"

plaintet# no matter !o* muc! cip!ertet is available -

#ne-time pad% !#mp"tati#nally sec"re- if eit!er t!e cost of breakin"

t!e cip!er eceeds t!e value of t!e encrypted

information# or t!e time re1uired to break t!e cip!er

eceeds t!e useful lifetime of t!e information% 4or all reasonable encryption al"orit!ms# *e !ave to

assume computational security *!ere it eit!er takes too

lon"# or is too epensive# to bot!er breakin" t!e cip!er%


54/89

* ,rute ;or$e #e!r$"

In$ol$es trying e$ery possile key until an intelligile translation ofthe cipherte!t into plainte!t is otained

*n a$erage, half of all possile keys must e tried to achie$esuccess

-ime re?uired to conduct a rute&force attack, for $arious commonkey si=es 02%' is M, A%' is E3T, -riple&2%' is EMT

Key Size (bits) Number of Alternative Keys Time required at 1 decryption/ s Time required at 106

decryptions/s

32 232 = 4.3 109 231s = 35.8 minutes 2.15 milliseconds

56 256 = 7.2 1016 255s = 1142 years 10.01 hours

128 2128 = 3.4 1038 2127s = 5.4 1024years 5.4 1018years

168 2168 = 3.7 1050 2167s = 5.9 1036years 5.9 1030years

26 characters

(permutation)26! = 4 1026 2 1026s = 6.4 1012years 6.4 106years


55/89

Cl!ssi$!l #ymmetri$Cip"er

#ustitution Cip"er Tr!nsposition Cip"er


56/89

9 #ustitution Cip"ers

;etters of plainte!t are replaced y otherletters or y numers or symols

5lainte!t is $iewed as a se?uence of its,

then sustitution in$ol$es replacingplainte!t it patterns with cipherte!t itpatterns


57/89

a1 Caesar Cipher

%arliest known sustitution cipher y 8uliusCaesar

First attested use in military aDairs 9eplaces each letter y rd letter@yte with

another %!ample+meet me after the toga party

PHHW PH DIWHU WKH WRJD SDUWB 'till call any cipher using a simple letter shift

a caesar cipher, not


58/89

Caesar Cipher

can dene transformation as+a b c d e f g h i j k l m n o p q r s t u v w x y z =

IN

D E F G H I J K L M N O P Q R S T U V W X Y Z A B C =

OUT

mathematically gi$e each letter anumera b c d e f g h i j k l m n o p q r s t u v w x y z

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

C t l i f C


59/89

Cryptanalysis of CaesarCipher *nly ha$e 3 possile ciphers

A maps to (,""V 0mapping A to A etc doesnWtreally oscure the message1

Gi$en cipherte!t,


60/89

* 'ono!lp"!eti$ Cip"er

9ather than


61/89

'ono!lp"!eti$ Cip"er #e$urity

>ow ha$e a total of 3M: keys Is that secureS 5rolem is language characteristics Human languages are re(un(!nt ;etters are not e?ually commonly

used


62/89

#e donWt actually need all the letters in orderto understand written %nglish te!t

Human languages arere(un(!nt

e"g", th lrd s m shphrd shll nt wnt ;etters are not e?ually commonly used In %nglish %is y far the most common letter

followed y -,9,>,I,*,A,' *ther letters like V,8,,Y,Q are fairly rare Ha$e tales of single, doule N triple letter

fre?uencies for $arious languages

+nlis"


63/89

+nlis"


64/89

+nlis"


65/89

pp

;!at kind of cip!er is t!is


66/89

pp

X i C t l i


67/89

Xse in Cryptanalysis

ey concept & monoalphaetic sustitutionciphers do not change relati$e letterfre?uencies

2isco$ered y Araian scientists in Jthcentury-hese ciphers are easy to reak ecause they

re[ect the fre?uency data of the originalalphaet"

Calculate letter fre?uencies for cipherte!t Compare counts@plots against known $alues If caesar cipher look for common peaks@troughs

peaks at+ A&%&I triple, >&* pair, 9&'&- triple troughs at+ 8&, X&6&Q&\&V

Amount of cipherte!t is important statistics:


68/89

%!ample Cryptanalysis

gi$en cipherte!t+

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPPESXUDBME!SX"IZ

VUEPHZHMDZSHZOWSP"PPD!SVPQUZW#MXUZUHSX

EP#EPOPDZSZUPOMBZWPUPZHMDJUD!MOHMQ

guess 5 N V are e and t guess V# is th and hence V#5 is the proceeding with trial and error nally get+

$t %a& '$&()o&e' ye&ter'ay that &e*era)

$+forma) ,-t'$re(t (o+ta(t& ha*e ,ee+ ma'e %$th po)$t$(a)

repre&e+tat$*e& of the *$et (o+g $+ mo&(o%

* Pl i Ci "


69/89

$* Pl!y!ir Cip"er

>ot e$en the large numer of keys in amonoalphaetic cipher pro$ides security

*ne approach to impro$ing security was toencrypt multiple letters & thePl!y!ir Cip"er

is an e!ample In$ented y Charles #heatstone in ET, ut

named after his friend (aron 5layfair 9educes the spikyness of natural language

te!t, since if


70/89

5layfair ey /atri!

a Q matri! of letters ased on akeyword

ll in letters of keyword 0sans duplicates1 ll rest of matri! with other letters eg" using the keyword /*>A9CH\88 == NN AA $$

CC )) >> BB ((

EE 44 :: 7?@7?@ ,,

PP SS 99

DD ;; FF

5l f i / t i


71/89

5layfair ey /atri!

9!e best-kno*n multiple-letter encryption

cip!eris t!e Playfair# *!ic! treats di"rams in

t!e plaintet as sin"le units and translates

t!ese units into cip!ertet di"rams 9!e rules for fillin" in t!is 55 matri are to

$# top to bottom# first *it! key*ord after

duplicate letters !ave been removed# and t!en

*it! t!e remain letters# *it! 7?@ used as a

sin"le letter

' it f 5l f i Ci h


72/89

'ecurity of 5layfair Cipher

security much impro$ed o$er monoalphaetic since ha$e 3M ! 3M B MKM digrams would need a MKM entry fre?uency tale to

analyse 0$ersus 3M for a monoalphaetic1 and correspondingly more cipherte!t was widely used for many years

eg" y X' N (ritish military in ##E it $!ne roken, gi$en a few hundred letters since still has much of plainte!t structure

% ti d 2 ti


73/89

%ncrypting and 2ecrypting

plainte!t is encrypted two letters at a timeE" if a pair is a repeated letter, insert ller like

WQ)3" if oth letters fall in the same row, replace

each with letter to right 0wrapping ack tostart from end1" if oth letters fall in the same column,

replace each with the letter elow it0wrapping to top from ottom1

" otherwise each letter is replaced y the letterin the same row and in the column of theother letter of the pair


74/89

5layfair %!ample

/essage B /o$e forward 5lainte!t B mo $e fo rw ar d! Here ! is XF 5H >V 9/ (V88 == NN AA $$

CC )) >> BB ((EE 44 :: 7?@7?@ ,,

PP SS 99

DD ;; FF

mo -G =NHmo -G =NH ve -G 4Hve -G 4H fo -G P)# etc%fo -G P)# etc%

(* O Ti P ( .OTP*


75/89

(* One2Time P!( .OTP*

Xses a random key that was truly as long asthe message, with no repetitions, which thustotally oscures the original message

If a truly random key as long as the messageis used, is unreakale since cipherte!t earsno statistical relationship to the plainte!t

It produces random output that ears no

statistical relationship to the plainte!t Cipherte!t contains no information whatsoe$er

aout the plainte!t

(* One Time P!( .OTP*


76/89

(* One2Time P!( .OTP*1

'ince for !ny pl!inte-tN !ny$ip"erte-tthere e!ists a key mappingone to other

Can only use the key once Challenges&prolem of making large

?uantities of random keys. prolem of safekey distriution and protection"

useful primarily for lo*-band*idt! c!annels re1uirin"

very !i"! security% 9!e one-time pad is t!e only

cryptosystem t!at e!ibits *!at is referred to as

perfect secrecy.

'imple Idea+ *ne&-ime 5ad


77/89


'imple Idea+ *ne -ime 5ad

B E4EEEE4E

&&&&&

&&&&&&&&&&

B 44EE44E4

E444EEEE44EE44E4

E4EEEE4E

ey is a ne$er&repeating itse?uence as long as plainte!t

%ncrypt y itwise Q*9 ofplainte!t and key+cipherte!t Bplainte!t key

2ecrypt y itwise Q*9 of

cipherte!t and key+cipherte!t key B0plainte!t key1 key Bplainte!t 0key key1 Bplainte!t

Cipher achie$esperfect secrecyif and only ifthere are as many possile keys as possile plainte!ts,e$ery key is e?ually likely 0Claude 'hannon)s result1

Ad t f *


78/89


Ad$antages of *ne&

-ime 5ad

%asy to compute

%ncryption and decryption are the same operation (itwise Q*9 is $ery cheap to compute

As secure as possile Gi$en a cipherte!t, all plainte!ts are e?ually likely,

regardless of attacker)s computational resources as long as the key se?uence is truly random

-rue randomness is e!pensi$e to otain in large?uantities

as long as each key is same length asplainte!t (ut how does the sender communicate the key to

recei$erS

5rolems with *ne


79/89


5rolems with *ne&-ime 5ad ey must e as long as plainte!t

Impractical in most realistic scenarios 'till used for diplomatic and intelligence

traRc

2oes not guarantee integrity *ne&time pad only guarantees condentiality Attacker cannot reco$er plainte!t, ut can

easily change it to something else

Insecure if keys are reused Attacker can otain Q*9 of plainte!ts

=*


80/89

=*Tr!nsposition5Permut!tion

Cip"ers )ides t!e messa"e by rearran"in" t!e letterorder *it!out alterin" t!e actual letters used

4orms t!e second basic buildin" block of

cip!ers 9!e core idea is to rearran"e t!e order of

basic units letters?bytes?bits. *it!out

alterin" t!eir actual values%

9ow -ransposition Ciphers


81/89


9ow -ransposition Ciphers

a more comple! scheme write letters of message out in rows o$er

a specied numer of columns then reorder the columns according to

some key efore reading oD the rowsey: 7 8 9 ; < =

Plaintext: a t t a c k p

o s t p o n e

d u n t i l t

w o a m x y z

Ciphertext: ,,6//P,-,)01/1D'C1$*62.P(,5

!* R!il ;en$e $ip"er


82/89

!* R!il ;en$e $ip"er

5lainte!t is written down as a se?uence ofdiagonals and then read oD as a se?uenceof rows"

#rite message letters out diagonally o$er

a numer of rows then read oD cipher rowy row

eg" write message out as+m e m a t r h t g p r y

e t e f e t e o a a t

gi$ing cipherte!tMEM"!RH!GPR#E!EE!EO""!

* R i "


83/89

* Route $ip"er

In a route cipher, the plainte!t is rstwritten out in a grid of gi$endimensions, then read oD in a pattern

gi$en in the key

$* Column!r tr!nsposition


84/89

$* Column!r tr!nsposition

-he message is written out in rows of a !ed length,and then read out again column y column, and thecolumns are chosen in some scramled order"

(oth the width of the rows and the permutation of thecolumns are usually dened y a keyword

For e!ample, the word V%(9A' is of length M 0so therows are of length M1, and the permutation is denedy the alphaetical order of the letters in the keyword"In this case, the order would e M 3 E "

-he keyword V%(9A' and the message #% A9%2I'C*6%9%2" F;%% A- *>C%"

5ro$iding $e nulls 0Y8%X1 at the end"


85/89

Pro(u$t Cip"ers

5roduct Ciphers


86/89

5roduct Ciphers

Ciphers using sustitutions or transpositions arenot secure ecause of language characteristics

Hence consider using se$eral ciphers in

succession to make harder, ut+ -wo sustitutions make a more comple!sustitution

-wo transpositions make more comple!

transposition (ut a sustitution followed y a transposition

makes a new much harder cipher

-his is ridge from classical to modern ciphers

;imitations of cryptography


87/89

;imitations of cryptography

'ost se$urity prolems !re not $rypto prolems -his is good

Cryptography works: -his is ad

5eople make other mistakes. crypto doesn)t sol$ethem

/isuse of cryptography is fatal for security

#%5 ineDecti$e, highly emarrassing for industry *ccasional une!pected attacks on systems

su


88/89


89/89

,

topic 3 cryptography

Documents