1 / 54

CIS 628 Crypto

CIS 628 Crypto. Dr. Leonard Popyack Fall 2007. Secure Encryption Systems. The computer has given us: more advanced ways to perform cryptanalysis more capability to implement advanced algorithms. Algorithms too difficult to perform by hand First half century - mechanical machines. 1970’s.

aliya
Download Presentation

CIS 628 Crypto

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CIS 628 Crypto Dr. Leonard Popyack Fall 2007

  2. Secure Encryption Systems • The computer has given us: • more advanced ways to perform cryptanalysis • more capability to implement advanced algorithms. Algorithms too difficult to perform by hand • First half century - mechanical machines

  3. 1970’s • Three Public key encryption algorithms • Merkle-Hellman Knapsack • Rivest-Shamir-Adelman (RSA) • Data Encryption Standard (DES)

  4. Complexity • Simple algorithms are susceptible to brute force attacks A brute force attack simply tries all possible solutions to discover: 1. The Key used for the encryption 2. The encryption algorithm 3. The plaintext 4. All of the above.

  5. Principle of Easiest Work We cannot expect the interceptor to choose the hard way to do something

  6. Encryption System Trends • Consider problems which are hard to solve • Number of possible solutions is large • No easy solution

  7. Private Key Encryption Systems A channel is a pathway for information flow (A private channel) n user system requires n*(n-1)/2 keys

  8. Private Key Encryption Systems Adding new users is tedious and generates many new keys

  9. Public Key Encryption Systems • Each user has two keys: a public key and a private key • The keys operate as inverses: • P=D(kpriv,E(kpub,P))

  10. Merkle-Hellman Knapsacks Knapsack problem: How to find the optimal way to pack a knapsack enclosing the maximum number of objects. Numerically: target sum: 17 set S {4, 7, 1,12,10} one solution set: {4, 1,12 }=17 V {1, 0, 1, 1, 0 }

  11. N-P Complete • Properties on page 76 • basically: an NP complete problem has a deterministic exponential time solution. For example, 2n • This allows us to control the brute force attack. Ie, make time to break very large!

  12. Merkle-Hellman Knapsacks

  13. Merkle-Hellman Knapsacks T T is the Target

  14. MH Knapsack • Each element is larger than the previous • Example a1, a2, a3, a4, a5, … ak-1, ak • sums between ak and ak+1 must contain ak • superincreasing knapsack-each integer is >  ak • also called simple knapsack • S=[1,4,11,17,38,73] is a superincreasing knapsack

  15. Diffie-Hellman Diffie-Hellman found a way to break the superincreasing sequence of integers. w * x mod n. If w and n are relatively prime, w will have a multiplicitive inverse. w * w-1 = 1 mod n. (w*q) w-1 = q

  16. Why so important? • This allows us to create a public knapsack (Hard) which can be based on a secret simple knapsack and a secret w, and n.

  17. Example Create a Superincreasing (or simple) knapsack S=[1,2,4,9,19] m=5

  18. example S=[1,2,4,9,19] m=5 Choose a multiplier w, and modulus n n should be larger than the largest integer in your knapsack Hint: Choose modulus (n) to be a prime number. Generate the Hard knapsack by hi=w * si mod n H=[h1, h2, h3, .. Hm]

  19. example S=[1,2,4,9] hi=w * si mod n Let w=15 Let n=17 1*15 = 15 mod 17 = 15 2*15 = 30 mod 17 = 13 4*15 = 60 mod 17 = 9 9*15 = 135 mod 17= 16 H=[15,13,9,16] - public key!

  20. example S=[1,2,4,9] P = 0100101110100101 P = 0100 1011 1010 0101 [0,1,0,0]*[15,13,9,16]=13 [1,0,1,1]*[15,13,9,16]=40 [1,0,1,0]*[15,13,9,16]=24 [0,1,0,1]*[15,13,9,16]=29 H=[15,13,9,16] Encrypted message C is 13, 40, 24, 29 with H public key

  21. Example (decipher) To decipher multiply each Ci by w-1 using your secret knapsack. H=[15,13,9,16] S=[1,2,4,9] C =[13, 40, 24, 29] W=15 15-1 mod 17 = 8 (algorithm page 81) 13*8 = 104 mod 17 = 2 = [0100] 40*8 = 320 mod 17 = 14 = [1011] 24*8 = 192 mod 17 = 5 = [1010] 29*8 = 232 mod 17 = 11 = [0101]

  22. MH Practical Implementations • Choose value of n to be large, 100 to 200 binary digits. • Each element in the knapsack is 2200 apart • 200 terms in the knapsack • large S and H make it infeasible to use brute force. 2200 for each element in S, 1047 years to crack.

  23. Cryptanalysis Reality! • Merkle-Hellman was cracked in 1980 by Shamir and Zipple • interceptor does not have to solve the basic knapsack problem to break the encryption. • Shamir points out another flaw:

  24. Merkle Hellman Flaw

  25. RSA Algorithm • Rivest - Shamir - Adelman (RSA) • introduced in 1978 • no serious flaws have been discovered. • Similar to Merkle-Hellman • relies on the difficulty to compute large prime numbers in the target • Also operates in mod n

  26. RSA Algorithm • Two interchangeable keys are used d and e • P is encrypted as Pe mod n • factoring Pe is difficult. • d is chosen carefully so that (Pe)d mod n = P • The encryption algorithm is based on the underlying problem used to factor large numbers.

  27. RSA Notes • Choosing keys: encryption pair (e,n) also decryption pair (d,n) • n should be large. Product of two primes, p & q. • p & q typically 100 digits long (n is 200 digits or larger) 512 bits or more. • e is large, relatively prime.

  28. El Gamal & Digital Signature • Used to ‘sign’ digital documents • 1984 • Relies on the difficulty of computing discrete logarithms over finite fields. • Similar to RSA • US Digital Signature Algorithm is the El Gamal algorithm, with certain restrictions. • Adopted in 1994

  29. Hash Algorithms • A hash is a check which protects against most modification. • Hash is a reduction to a check value. (book uses digest) • A cryptographic hash function uses a cryptographic function as part of the hash function.

  30. Secure Hash Algorithm

  31. Secret Key Systems

  32. Data Encryption Standard • Developed for the US Government for use by the general public. Approved 1977 NBS • Early 1970s Need for secure communications in business and finance. • There existed several private systems at the time, but no standard. • NBS issued a call for proposals.

  33. DES Call for Proposals • Provide a high level of security • Completely specified and easy to understand • The algorithm itself must supply the security (not secrecy of the algorithm) • Available to all users • Adaptable for use in diverse applications

  34. DES Call for Proposals • Economical to implement in electronic devices • It must be efficient to use. • It must be able to be validated. • It must be exportable

  35. DES RFP response • Not encouraging! • A second call was issued in Aug 74 • The idea most promising was Lucifer algorithm developed by IBM • Basic algorithm was published and subjected to scrutiny & validation • Not arithmetic based (Like Merkle-Hellman and RSA – 100 to 200 digit numbers)

  36. Lucifer • Used simple logical expressions • Algorithm could be implemented on hardware or software easily. • IBM developed DES based on Lucifer • Proper name: Data Encryption Algorithm (DEA) • DEA (US Only) • DEA1 (other countries)

  37. des • National Security Agency analyzed the strength of the algorithm • Adopted as a US standard 23 Nov 1976 • Later ISO adopted it as an international standard.

  38. DES Overview • Careful and complex combination of two fundamental building blocks: substitution and permutations (transposition). • Algorithm gets it strength from repeated application of these two techniques. • 16 cycles long. Far too complex to trace. • Plaintext is encrypted in blocks of 64 bits

  39. DES Overview • The key is 64 bits long. However, only 56 bits are used. User has control of the key. • Uses two main principles of Shannon’s theory of information secrecy [1949] (confusion and diffusion) • Confusion: output has no obvious relation to the input • Diffusion: spread the effect of one plaintext bit to other bits in the ciphertext.

  40. DES Details • 56 bits of the key is used • Other bits represent parity (drop bits 8,16,24..64) • Initial permutation • Data is broken into a left half and right half (each 32 bits wide) • Key is shifted left by a number of bits then permuted. • Key is combined with the right half then the left half. This is a cycle.

  41. Types of permutations

  42. Cycle details Expansion permutation

  43. Substitution Blocks

  44. Questions about security of DES • Many controversial issues about the security provided • certain features have never been revealed. • Design of the algorithm. • NSA says key elements of the algorithm are “sensitive” and would not be made public. • Includes rational behind the transforms by S-boxes and P-boxes, and key changes.

  45. DES Concerns • Fear of a trapdoor. Ie, and easy means available to covertly decode DES encrypted messages. Gives NSA the ability to monitor private communications. • 1988: Congressional inquiry (classified). Summary exonerates NSA from any improper involvement in DES design.

  46. DES Concerns • Possibility of a design flaw will (or has) been discovered by a cryptanalyst. • Bell labs and Lexan Corp scrutinized the operation of the S-Boxes. No weakness found.

More Related