1 / 85

Applied Cryptography

Applied Cryptography. Autumn 2019. Lecture times. Regular lecture times: Thursdays 16:30-18:00 and 18:15-19:45 On the first week of September and after each two weeks thereafter (i.e. on the dates 05.09, 19.09, 03.10, 17.10, 31.10, 14.11, 28.11, 12.10(?) ) 413. aud.

wyanet
Download Presentation

Applied Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Applied Cryptography Autumn 2019

  2. Lecture times Regular lecture times: Thursdays16:30-18:00and 18:15-19:45 On the first week of September and after each two weeks thereafter (i.e. on the dates 05.09, 19.09, 03.10, 17.10, 31.10, 14.11, 28.11,12.10(?)) 413. aud. It is likely that few lectures will be rescheduled (hopefully, not too many). The dates and times of these (an of replacement lectures) will be announced when known.

  3. Requirements Attend lectures (if you want to) Collect at least 20 points • 2 practical assignments 20 points each • Written exam 20 points Any of the above is optional The grade will be calculated (approximately) as follows: 10 56-60 6 32-38 9 52-55 5 24-31 8 46-51 4 20-23 7 39-45

  4. Problems covered • Text encryption/decryption • Ciphers • Digital signatures • Hash functions (used also for authentication) • Digital signature algorithms • Protocols • Key generation and exchange • Certificates • Some real cryptographic systems • SSL and TLS standards (+ some others), email security • Smartcards, EMV, data authentication • GSM and cryptograpy, DVD "protection" etc • Security of encryptions. Some attacks

  5. Problems covered • Text encryption/decryption • Ciphers • Symmetric and asymmetric ciphers

  6. Symmetric vs. asymmetric cryptography • Symmetric ciphers – sender and recipient use the same key • Dkey(Ekey(m)) = m • Substitution cipher is an example of a symmetric cipher • Impractical for big systems – number of keys is quadratic in the number of users • The solution – asymmetric algorithms. Think of a locked mailbox! Different keys for encryption and decryption • Dprivate key(Epublic key(m)) = m

  7. Problems covered • Text encryption/decryption • Ciphers • Symmetric and asymmetric ciphers • Which ciphers to use? • Substitution

  8. Simple example – substitution cipher • The key is a permutation of the letters of the alphabet, i.e. a bijection • Encryption is performed by substituting each letter for its corresponding letter • Decryption is the same as encryption with the difference that the inverse is used

  9. Substitution cipher – example • Example: Encrypt MY DOG ATE YOUR CAT using the key U

  10. Breaking the substitution cipher • Substitutionciphersareeasilybrokenusingfrequencyanalysis • Weusethefactthatdifferentletters (orcombinationofletters) occurwithdifferentprobability • Example – break TK IL KQ JKT TK IL TBST CR TBL OULRTCKJ • Frequency of letters in English: ETAOINSHRDLU • Most common two letter words: OF TO IN IS IT BE BY HE AS ON AT OR AN SO IF NO

  11. Problems covered • Text encryption/decryption • Ciphers • Symmetric and asymmetric ciphers • Which ciphers to use? • Substitution • XOR

  12. Vigenère cipher (poly-alphabetic) • Example: Encryption key - string of n characters e.g. "gold" We represent it with numbers corresponding to symbols from alphabet - (6,14,11,13) To encrypt i-th symbol from the block of length n, we add to it i-th number from the key (modulo size of alphabet) U

  13. Vernam cipher (XOR) Message: m1,...,mn n bits Key: k1,...,kn n bits Ciphertext: c1,...,cn, where ci = mi ki U

  14. Vigenère cipher and one time pads Apart from secure key distribution problem Vigenere cipher is unbreakable if key length is not shorter than encrypted text and each key is used only once (so called one-time-pad) U

  15. Problems covered • Text encryption/decryption • Ciphers • Symmetric and asymmetric ciphers • Which ciphers to use? • Substitution • XOR • DES, IDEA, AES etc (symmetric)

  16. Data Encryption Standard (DES) • Financial companies found the need for a cryptographic algorithm that would have the blessing of the US government (=NSA) • First call for candidates in May 73, followed by a new call in August 74 • Not very many submissions (Why?) • IBM submitted Lucifer • NSA worked with IBM in redesigning the algorithm [From Andre L. M. dos Santos ]

  17. Data Encryption Standard (DES) • Key length: 56 + 8 parity bits = 64 bits • 8 bits are used for parity check, why is that? to make it 265 times less secure! read why 56 bits? section in the textbook. • How secure is DES? In 1998 $150K machine can break the key in 5 days! For added security, triple DES is 256more secure. [From Ravi Mukkamala]

  18. DES Enciphering Computation [From Sai Kovvuri]

  19. DES [From Henric Johnson]

  20. Feistel ciphers Li-1 Ri-1 f(Ri-1,K) K + Li Ri U

  21. AES - Single round

  22. Time to break a code (106 decryptions/µs) [From Henric Johnson]

  23. Problems covered • Text encryption/decryption • Ciphers • Symmetric and asymmetric ciphers • Which ciphers to use? • Substitution • XOR • DES, IDEA, AES etc (symmetric) • RSA etc (asymmetric)

  24. Asymmetric cryptography • Each user has a public and a private key • The public key is published in a “phone book” • The private key is kept secret • Messages encrypted with the public key can be decrypted with the private key • To send a message to Mårten, look up Mårten’s public key in the “phone book”. • Mårten can then decrypt the message with his private key • Number of keys is linear in the number of users

  25. RSA • Asymmetric cryptographic algorithm published in 1978 (Rivest, Shamir, Adleman) • The most popular asymmetric algorithm used today • Now free to use – patent expired in 2000 • Relies on the hardness of factoring a number consisting of two primes • Actually invented by Cocks (from UK) in 1973, unfortunately the work was classified...

  26. Public-key cryptosystems P: *  * public key S: *  * secret key For an arbitrary message M* we must have: • M = S(P(M)), and • M = P(S(M))

  27. Public-key cryptosystems - Encryption [Adapted from T.Cormen, C.Leiserson, R. Rivest]

  28. The RSA public-key cryptosystem p,q - two large primes (100 digits or more) n = pq e - small odd integer that is relatively prime to (p– 1)(q– 1) d - integer such that de  1 (mod(p– 1)(q– 1)) (it can be shown that it always exists) P = (e,n) - public key S = (d,n) - secret key Encoding: P(M) = Me(mod n) Decoding: S(C) = Cd(mod n) It works!

  29. RSA - Correctness n = pq e - odd and relatively prime to (p – 1)(q – 1) d - such that de  1(mod(p– 1)(q– 1)) P(M) = Me(mod n), S(C) = Cd(mod n) P(S(M)) = S(P(M)) = Med (mod n), ed = 1 + k(p– 1)(q– 1) M 0 (mod p)  MedM(Mp–1)k(q–1) (mod p)  M(1)k(q–1) (mod p)  M(mod p) M 0 (mod p)  Med M(mod p)

  30. RSA - Correctness Med M(mod p) Med M(mod q) Thus Med M(mod n)

  31. RSA - Complexity Encoding: P(M) = Me(mod n) Decoding: S(C) = Cd(mod n)

  32. Breaking RSA • If we can factor n we can break RSA • Suppose we know p, q such that pq = n • We can compute (p – 1)(q – 1) • It is now trivial to compute d = e-1 mod ((p – 1)(q – 1)) • The largest number that is (publicly) known to have been factored today is 512 bits

  33. Breaking RSA • If we can factor n we can break RSA • Suppose we know p, q such that pq = n • We can compute (p – 1)(q – 1) • It is now trivial to compute d = e-1 mod ((p – 1)(q – 1)) • The largest number that is (publicly) known to have been factored today is 512 bits • As of 2005 the largest number factored by general-purpose methods was 663 bits long

  34. Breaking RSA • If we can factor n we can break RSA • As of 2005 the largest number factored by general-purpose methods was 663 bits long • RSA keys are typically 1024–2048 bits long. Some experts believe that 1024-bit keys may become breakable in the near term (though this is disputed); few see any way that 4096-bit keys could be broken in the foreseeable future. • Other attacks exist for certain uses of RSA

  35. Problems covered • Text encryption/decryption • Ciphers • Symmetric and asymmetric ciphers • Which ciphers to use? • Substitution • XOR • DES, IDEA, AES etc (symmetric) • RSA etc (asymmetric) • Stream ciphers and block ciphers

  36. Block ciphers • A block cipher B is an encryption function Ekey:{0,1}k {0,1}l and a decryption function Dkey:{0,1}l {0,1}k such thatDkey(Ekey(m)) = m. • The value k is called block length. Usually k = l. • Commonly used block ciphers include DES, 3DES and IDEA. Clear (plain) text Cipher text n bits Key

  37. Stream ciphers

  38. Problems covered • Text encryption/decryption • Ciphers • Symmetric and asymmetric ciphers • Which ciphers to use? • Substitution • XOR • DES, IDEA, AES etc (symmetric) • RSA etc (asymmetric) • Stream ciphers and block ciphers • Chaining

  39. Chaining ciphers - ECB Clear text Key Enc Enc Enc Enc Cipher text • What happens when the clear text is longer than the block length k? • Most simple solution — encrypt each block separately. • This mode is called ECB, Electronic Code Book [From Mårten Trolin]

  40. Chaining ciphers - CBC

  41. Problems covered • Text encryption/decryption • Ciphers • Symmetric and asymmetric ciphers • Which ciphers to use? • Substitution • XOR • DES, IDEA, AES etc (symmetric) • RSA etc (asymmetric) • Stream ciphers and block ciphers • Chaining • Libraries of cryptographic functions

  42. Problems covered • Text encryption/decryption • Ciphers • Symmetric and asymmetric ciphers • Which ciphers to use? • Stream and block ciphers • Chaining • Stream ciphers and block ciphers • Chaining • Libraries of cryptographic functions • Digital signatures • Hash functions • MD5, SHA-1 etc

  43. Public-key cryptosystems - Digital signature [Adapted from T.Cormen, C.Leiserson, R. Rivest]

  44. Unix passwords httpd:Nologin:100:22:httpd:/usr/users/httpd:/bin/sh guest:41LYDCYHYJzHQ:200:15:Guest:/usr/users/guest:/bin/tcsh oracle:Nologin:201:200::/usr/users/oracle:/bin/tcsh mysql:LS6qP.LbvchSk:202:202::/usr/users/mysql:/bin/tcsh Andris:Ie7K1yjGLDqsw:203:203::/usr/users/Andris:/bin/tcsh Initially Unix password length was up to 8 characters, encrypted by 1-way hash function crypt(3). Are they safe?

  45. Properties of good hash functions • Let H be a hash function • One-way • Given x, unfeasible to compute an v such that H(v) = x • Collision-free • Unfeasible to find x1 and x2 such that H(x1) = H(x2) and x1x2

  46. MD5 Message Digest Algorithm MD5 • Step 1: Append padding bits • Padded so that its bit length  448 mod 512 (i.e., the length of padded message is 64 bits less than an integer multiple of 512 bits) • Padding is always added, even if the message is already of the desired length (1 to 512 bits) • Padding bits: 1000….0 (a single 1-bit followed by the necessary number of 0-bits) [From H. Yoon]

  47. MD5 Message Digest Algorithm MD5 • Step 1: Append padding bits • Step 2: Append length • 64-bit length: contains the length of the original message modulo 264 • The expanded message is Y0, Y1, …, YL-1; the total length is L  512 bits • The expanded message can be thought of as a multiple of 16 32-bit words • Let M[0 … N-1] denote the word of the resulting message, where N = L  16 [From H. Yoon]

  48. MD5 Message Digest Algorithm    MD5 MD5 processing of a single 512-bit block (MD5 compression function) [From H. Yoon]

  49. Selected as SHA-3 on 2.10.2012. Hash sizes:224,256,384,512 SHA-3 - Keccak The sponge construction for hash functions. pi are input, zi are hashed output. The unused "capacity" c should be twice the desired resistance to collision or preimage attacks. Designed by: G.Bertoni, J.Daemen, M.Peeters, G.Assche. Built upon RadioGatún.

  50. Problems covered • Text encryption/decryption • Ciphers • Symmetric and asymmetric ciphers • Which ciphers to use? • Stream and block ciphers • Chaining • Stream ciphers and block ciphers • Chaining • Libraries of cryptographic functions • Digital signatures • Hash functions • MD5, SHA-1 etc • Digital signature algorithms (DSA etc)

More Related