380 likes | 519 Views
Cryptography. The Science, Mathematics, and Art of Secrecy. Who is the largest of employer of mathematicians in the world (and a significant employer of computer scientists). Click for the Answer. Terms. Information Assurance Securing systems from unauthorized entry
E N D
Cryptography The Science, Mathematics, and Art of Secrecy
Who is the largest of employer of mathematicians in the world(and a significant employer of computer scientists) Click for the Answer
Terms • Information Assurance • Securing systems from unauthorized entry • Study of malicious software • Cryptology • Study of communication over insecure channels • Cryptography: designing secure communication channels • Cryptanalysis: breaking such systems
Two Early Examples From Sonnet 29 Like to the lark at break of day arising • Drop every other letter down a row L K T T E A K T R A O D Y I E O H L R A B E K F A • Append the bottom row to the tip LKTTEAKTRAODYIEOHLRABEKFA Leads to the first recorded military cryptographic deviceScytale
Scytale • Sparta 5th Century BCE
Suetonius: Life of Julius Caesar “If he had anything confidential to say, he wrote it in cipher, that is, by so changing the order of the letters of the alphabet, that not a word could be made out. If anyone wishes to decipher these, and get at their meaning, he must substitute the fourth letter of the alphabet, namely D, for A, and so with the others.”
Formalizing (and generalizing) the Caesar Cipher To encrypt a character: • Determine its position in the range [0..25] • Add a shift to that value (Caesar added 3) • Mod the result by 26 enc(ch) = (pos(ch) + shift) % 26 To decrypt a character: • Determine its position in the range [0..25] • Subtract a shift amount in the range [0..25] • Add 26 • Mod the result by 26 dec(ch) = ((pos(ch) – shift) + 26) % 26
The Key is the Key • The shift value in the Caesar cipher is called the key. • From the time of the Greeks until 1883, the algorithms were kept secret • Dutch Linguist Auguste Kerchoffs von Nieuwenhof: “The security of a cryptosystem must not depend on keeping secret the crypto-algorithm. The security depends only on keeping secret the key.” • Known as Kerchoffs’ principle
Two Key Issues • The key can be stolen • Called the Key Distribution Problem: the central problem in cryptography • The key can be guessed • Enlarge the key space
How Large is the Key Space for the Substitution Cipher? • {0..25} 26 • Affine Cipher • Without changing the algorithm significantly we can expand the key space to 311 • Instead of just adding a value to a characters position, multiply first by some a in the range [0..25] • enc(ch) = (ch * a + b) % 26 • a is the shifter • b is the multiplier
Problem With Decryption Think of this in functional terms: y = ax + b (mod 26) That is, encryption maps a value from x to y For decryption to work, this has to be a one-to-one and on-to function Solve for x in terms of y. • ax = y – b (mod 26) Next step: Divide both sides by a. Not so fast. Can’t assume that we have a multiplicative inverse mod 26 for all integers. To divide both sides by a, there has to be some integer a-1, such that a* a-1 = 1. 2. x = a-1y-a-1b (mod 26)
When Does a Multiplicative Inverse Exist in Modular Arithmetic(and how do we find it?) • Method has to do with running Euclid’s algorithm for finding the greatest common divisor in reverse • It can be shown that all odd integers in the set {1..25} except 13 are invertible mod 26 • Ex: (3 * 9) mod 26 = 1 • So, 3 is the multiplicative inverse of 9
How Large is the Affine Key Space? • How large is the affine key space • For each of the 12 multipliers except 1, there are 26 keys • For 1, there are 25 (because shift = 0 with a multiplier of 1, maps the plaintext to itself) (3 * x + 1 3 * x + 2 …) --giving us 11* 26 + 25 = 311 keys.
How Many Encryption Alphabets? Think of an encryption algorithm as a function from a cipher text to a plain text. The simplest encryption alphabet is [a..z] That is, a maps to a, b to b and so on. So, there are as many encryption alphabets as there permutations of the 26 letters: 26! This is an unimaginably large number of which we have used 311.
There things stood until • 1460: Battista Alberti did significant work in expanding the key space. Also the author of: • A funeral oration for his dog • Treatise on the house fly • 1523: Blaise de Vignere • French diplomat to Rome • Developed the first known polyalphabetic cipher. • Notice each substitution cipher uses one of the 26! possible alphabets • Vignere proposed using a different alphabet for each character (in theory) in the cipher text
The Vignere SquareLe Chiffre Indechiffrable ABCDEFGHIJKLMNOPQRSTUVWXYZ BCDEFGHIJKLMNOPQRSTUVWXYZA (shift = 1) CDEFGHIJKLMNOPQRSTUVWXYZAB (shift = 2) DEFGHIJKLMNOPQRSTUVWXYZABC (shift = 3) ... GHIJKLMNOPQRSTUVWXYZABCDEF (shift = 6) ... 0PQRSTUVWXYZABCDEFGHIJKLMN (shift = 14) … TUVWXYZABCDEFGHIJKLMNOPQRS (shift = 19) … ZABCDEFGHIJKLMNOPQRSTUVWXY (shift = 25) ABCDEFGHIJKLMNOPQRSTUVWXYZ (shift = 26) Every letter of key has an associated alphabet Key d o g Plain Text: C A T Cipher Text: F O Z
More Modulus The Vignere cipher can be expressed as a periodic mapping of the key to the cipher, adding the positional values of the characters involved and modding by 26. d o g d o g d o g d o g d h a d w e b u t w o r l d k o k z …
How Good? • The Vignere Cipher puzzled cryptographers for 300 hundred years until Babbage (of computer fame) showed that it could be broken with clever frequency analysis
Many Ciphers After Vignere Highlights: • ADFGVX • Used in WWI by British forces in the boer war • Cipher 13040 • Used in the famous Zimmerman letter that promised Mexico Arizona if it would attack the US from the South (during the early years of WWI). • Enigma • Developed in the 20’s both for diplomatic and financial communications • Used by Germans during WWII • Broken by a team lead by Alan Turing at Bletchley Park • DES • About which more later
Bletchley Park Golf Club and Chess Society (Government Code and Cipher School)
The Only Unbreakable Cipher One Time Pad • Key is randomly generated • Key is as long as the message • Key is used only once • Encode message as a sequence of bits • XOR each bit with the key • XOR ing the ciphertext with the key produces the plain text (A xor B) cipher (A xor B) xor B A xor (B xor B) A xor 0 A Since the key is never reused, randomly generated, and as long as the plaintext, any plaintext hypothesis is as likely as any other. Problem: Key is difficult to produce and distribute
Kerchoff in Action • DES • 1973 National Bureau of Standards issued a public request for a cryptographic algorithm • FIPS 46 (Federal Information Processing Standards) • 1975 NBS (now NIST) released DES along with a free license for its use • IBM responded with its LUCIFER algorithm • Block cipher: breaks text into blocks of 64 bits • Encrypts each separately through something called a Feistel Network. • Still the most widely used cipher in banking • Use a public key method (about which more next) to exchange a key • Use DES to encrypt the datafast and reasonably secure • AES (Rijndael) • 56 bit DES key is too small for modern computing • 1997 NIST put out a call for candidates to replace DES • Key size must be 128, 192, 256 bits • On target to replace DES
The Key Distribution Problem • All algorithms considered so far have been symmetric key • Encryption and decryption key are the same or • Decryption key can be easily calculated from encryption key • The key distribution problem plagued cryptographers since Roman times
The Parable of Letter Alice wants to send a letter to Bob, but they live in a country where the postal service employees are thieves. • Alice puts the letter in box • Alice locks the box with a padlock • Bob receives the box but can’t open it. Solution: Put the key in another padlocked boxBut Bob can’t open that one either
Clever Bob and Alice: The Importance of Protocol • Alice sends the locked box to Bob • Bob puts a second lock on the box and returns it to Alice • Alice removes her lock and sends the box back to Bob
Public Key CiphersDiffie & Hellman • Alice wants to send a message to Bob • Bob has two keys that are derived through a common set of functions • Public key that is published on the internet • Private key that only he knows • 2. Alice downloads Bob’s public key and encrypts a message • 4. Alice sends the message over an insecure network (like the internet) • 5. Bob decrypts the message using his private key
Important Public Key Algorithms • Diffie-Hillman-Merkle Key exchange protocol • RSA • El Gamal • All rely on the idea of a 1-way function • Easy to compute • Hard to invert
Examples • RSA • Multiply two very large primes: n = pq • Given n, it’s hard to find p and q • Relies on the difficulty of the integer factorization problem • El Gamal & Diffie-Hillman • Def: • If x – y is a multiple, m, of n • So 32 is congruent to 7 mod 5 • It’s easy to compute • Where p is prime and xe is approximately 10140 • But, given y, it’s hard to find e • Relies on the difficulty of the discrete log problem
Quick Diffie Hillman Example Step 1 • Bob and Alice agree on a 1-way function (yx mod p) (e.g., let y = 7 and p = 11) • Alice chooses a secret integer A (e.g., 3) • Bob chooses a secret integer B (e.g., 6) Step 2 • Alice computes • Bob computes Step 3 • Alice send Bob i and Bob sends Alice j Step 4 • Alice computes • Bob computes
Why It Works In practice, p is a large prime and y has a particular relationship to p
Problems Public Key Crypto is slow and compute-intensive • Solution: Use public key algs to encrypt and exchange the keys. Use DES/AES with the key encrypted by RSA to encrypt a message The evil Eve: The Woman in the Middle Attack • Bob tries to publish his public key, but Eve, intercepts it and substitutes her own public key • Alice downloads Eve’s key, thinking it’s Bob’s and encrypts it • Eve intercepts Alice’s message to Bob, decrypts it using her key. • Eve then encrypts the plaintext message using Bob’s key and sends cipher text on to Bob. • Solution: Public Key Infrastructure
Public Key Infrastructure • A framework of policies under which crypto systems operate • Two parts • Certification • Binds a public key to an entity, say, Alice • Validation • Guarantees that the certificate is valid • Certificate • Generated by a certificate authority (e.g., verisign) • Contains email address and list of public keys for the entity
Simple PKI Protocol • Alice has purchased a certificate from a trusted CA (certificate authority) • CA encrypts the certificate and puts it in a public place • Bob uses the public key of the CA which is on his browser to extract Alice’s public key.
X.509 (basis of SSL) • X.509 • international standard to provide authentication across networks • SSL certificate contains (among other things) • Which version the certificate conforms to • Validity period • User’s public key information • Trust policies, i.e., what the holder of the certificate is trusted to do.
SSL Operation • You contact a secure website • Lock appears in the bottom right corner of your browser • Site responds by sending an encrypted public key in a certificate of authenticity • Browser decrypts the certificate, obtaining the public key • Browser generates a session key • Browser encrypts your password/credit card number with the session key • Browser encrypts the session key with the public key • Browser sends the encrypted session key and encrypted data to the site. • Site decrypts the session key with its private key • Site decrypts the encrypted data with the session key
Lots, Lots More • Digital Signatures • Message digests • Many other protocols • Digital cash • Lots of number theory • Significant information theory • Error Correcting codes • Quantum cryptography • Etc.