1 / 75

Cryptology

SECURITY. Cryptology. We are here. cryptanalysis. cryptography Symmetric Asymmetric Protocols. Stream block Ciphers ciphers. Random Number Generators. For us:

ernestos
Download Presentation

Cryptology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SECURITY Cryptology We are here cryptanalysis cryptography Symmetric Asymmetric Protocols Stream block Ciphers ciphers

  2. Random Number Generators

  3. For us: 3 classes of random number generation True random number generators TRNG True random numbers come from physical processes (random process or just not-understood?)

  4. Coin flipping, lottery, dice, roulette, thermal noise, timing, mouse movement disk speed variance, radioactive decay (but humans are terrible) hard to integrate into your program, maybe use mturk Truly random – you can’t recreate them, they can be slow

  5. 2. Pseudo random number generators PRNG The distribution of the values is uniform, but they are computed/deterministic S0 = seed Si+1 = f(Si)

  6. Rand function in c, srand, drand, drand48, Java stuff S0 = 12345 Si+1 = (1103515245 * Si + 12345) % 231

  7. 3. Cryptographically secure pseudo random number generator CPRNG PRNG with the following property: generated values are unpredictable which means that if I give you N output bits it is not computationally feasible to compute Si+n (the next one)

  8. There are any applications where you need random numbers PRNG’s are well understood and almost always suitable for you application Except for cryptographic applications, where they are unusable

  9. Perfect Encryption

  10. One Time Pad OTP A “perfect” encryption algorithm: A cipher is “unconditionally secure” if it can’t be broken with infinite computing resource

  11. Say you have 10000 key bits An exhaustive search would try up to 210000combination Computational infeasible But it is not secure (“infinite”, remember?)

  12. Ciphers in use are (mostly) practically secure, but they are not unconditionally secure OTP is a *stream* cipher where The key stream bits come from a TRNG One bit for each message bit Each key stream bit is used only one time

  13. Extremely powerful Extremely simple Crypto solved?

  14. Each side needs to know the key The key is unique each time Sending the key to the other side is the same problem as sending the message

  15. Stream Ciphers

  16. Stream cipher works bit by bit E(Yi) = (yi+ si) mod 2 D(Xi) = (xi + si) mod 2 Why are they the same? Why not minus?

  17. Addition and subtraction are the same operation Ꚛ s4, s3, s2, s1, s0 s4, s3, s2, s1, s0 Ꚛ Ꚛ …x4, x3, x2, x1, x0  …x4, x3, x2, x1, x0   … y4, y3, y2, y1, y0 

  18. Xi Si Yi = Xi Si ------------------------------------------------------------------------------------------------ 0 0 0 0 1 1 1 0 1 1 1 0 In both cases each plaintext bit can become either 0 or 1 Key bit == 0, m stays the same Key bit == 1, m flips

  19. Xor is its own inverse A B A xor B (A xor B) xor A (A xor B) xor B -------------------------------------------------------------------------------------------------- 0 0 0 0 0 0 1 1 1 0 0 1 0 1 1 1 0 1 1

  20. If Key bit is a zero, stay the same If key bit is a one, flip it So it comes down to ‘where are the 1’s in the key stream’? If the key stream is ½ 1’s and ½ 0’s, then ½ of the ciphertext bits are in clear text

  21. There should be no discernable pattern in the key stream

  22. Addition and subtraction are the same operation Ꚛ k k PRNG PRNG Ꚛ Ꚛ …x4, x3, x2, x1, x0  …x4, x3, x2, x1, x0   … y4, y3, y2, y1, y0 

  23. Key stream Si from a PRNG Linear congruential generator (LCG) S0 = seed Si+1 = A * Si + B mod m, A,B are constants, A,B,S elements of Zm Key K = (A,B) https://en.wikipedia.org/wiki/Linear_congruential_generator

  24. Addition and subtraction are the same operation K = a,b K = a,b LCG LCG Ꚛ Ꚛ …x4, x3, x2, x1, x0  …x4, x3, x2, x1, x0   … y4, y3, y2, y1, y0 

  25. background

  26. and,or,not,nand gates; the flip flop/latch, how a bit is remembered how they are joined to make a shift register, feedback The Linear Feedback Shift Register (LFSR) and how it is used to create a stream cipher The mathematics behind it all, and the general LFSR case More math Polynomial representation Cryptanalysis techniques to break them

  27. Logic Gates: AND given: If Fred is strong and Bob is strong, we will win the football game (“strong” means benches >= 275 pounds)‏ Fred benches 290, Bob benches 310 - Will we win? Fred benches 290, Bob benches 210 – Will we win? Fred benches 135, Bob benches 80 – Will we win? Fred benches 110, Bob benches 300 – Will we win?

  28. AND If Fred is strong and Bob is strong, we will win the football game, otherwise we will lose the football game (“strong” means benches >= 275 pounds)‏ Fred benches 290, Bob benches 310 - Will we win? Fred benches 290, Bob benches 210 – Will we win? Fred benches 190, Bob benches 275 – Will we win? Fred benches 135, Bob benches 80 – Will we win?

  29. AND - ^,juxtaposed Fred Victory Bob F B V 0 0 1 1 0 1 0 1 0 0 0 1 We call this representation a Truth Table

  30. w x y z (w ^ x) ^ (y ^ z)‏ w x w^x y z y^z (w^x) ^ (y^z)‏ 0 0 0 0 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 1 1 1 1 1 1 1

  31. OR If Tabitha competes or Katie competes, the world record will be broken Tabitha competes, Katie does not. Will the world record be broken? Katie competes, Tabitha does not. Will the world record be broken? Both Tabitha and Katie compete. Will the world record be broken? Neither Tabitha nor Katie compete. Will the world record be broken?

  32. OR If Tabitha competes or Katie competes, the world record will be broken, otherwise the world record will not be broken. Tabitha competes, Katie does not. Will the world record be broken? Katie competes, Tabitha does not. Will the world record be broken? Both Tabitha and Katie compete. Will the world record be broken? Neither Tabitha nor Katie compete. Will the world record be broken?

  33. OR - ^,+ Tabitha New world record Katie T K WR 0 0 1 1 0 1 0 1 0 1 1 1 OR Truth Table

  34. NOT - or ' X X'

  35. The basic logic gates, US style

  36. Electronic realization of a nandgate (nand “covers”)

  37. Truth tables of the basic logic gates nand x y o -------------- 0 0 1 0 1 1 1 0 1 1 1 0 nor x y o --------------- 0 0 1 0 1 0 1 0 0 1 1 0 xor x y o -------------- 0 0 0 0 1 1 1 0 1 1 1 0 not x o -------- 0 1 1 0 xnor x y o -------------- 0 0 1 0 1 0 1 0 0 1 1 1 and x y o -------------- 0 0 0 0 1 0 1 0 0 1 1 1 or x y o -------------- 0 0 0 0 1 1 1 0 1 1 1 1

  38. Basic relations of Boolean algebra 1. x + 0 = 9. x + y = 2. x^0 = 10. xy = 3. x + 1 = 11. x + (y + z) = 4. x^1 = 12. x(yz) = 5. x + x = 13. x(y + z) = 6. x ^ x = 14. x + yz = 7. x + x' = 15. (x + y)' = 8. x ^ x' = 16. (xy)' = 17.(x')' = 15,16 == DeMorgan's theorems nand,nor

  39. Basic relations of Boolean algebra 1. x + 0 = x 9. x + y = y + x 2. x^0 = 0 10. xy = yx 3. x + 1 = 1 11. x + (y + z) = (x + y) + z 4. x^1 = x 12. x(yz) = (xy)z 5. x + x = x 13. x(y + z) = xy + xz 6. x ^ x = x 14. x + yz = (x + y)(x + z)‏ 7. x + x' = 1 15. (x + y)' = x'y' 8. x ^ x' = 0 16. (xy)' = x' + y' 17.(x')' = x 15,16 == DeMorgan's theorems nand,nor

  40. Combinational Circuits A connected arrangement of logic gates mapping n inputs to m outputs. n inputs == 2n possible binary input combinations each of which yields exactly one set of outputs m outputs => this is a set of m boolean functions, expressed in terms of the n inputs that completely describe the circuit

  41. The Half Adder x C y S x y c s -------------------- 0 0 0 0 0 1 0 1 1 0 0 1 1 1 1 0

  42. Full Adder Add two binary bits + incoming carry output sum + outgoing carry x S y Z C

  43. Full Adder Truth Table inputs outputs X Y Z S C -------------------------------- 0 0 0 0 0 0 0 1 1 0 0 1 0 1 0 0 1 1 0 1 1 0 0 1 0 1 0 1 0 1 1 1 0 0 1 1 1 1 1 1

  44. Flip-Flops (i.e memory)‏ also called a latch S Q Q' R Asynchronous – feedback paths -instability operates with both inputs normally at 1 application of a momentary '0' to the S(et) input causes Q to go to 1 and Q' to go to 0 application of a momentary '0' to the R(eset) input causes Q to go to 0 and Q' to go to 1

  45. Clocked RS Flip Flop S Q cp Q' R S R Q(t+1)‏ --------------------------- 0 0 Q(t) no change 0 1 0 clear 1 0 1 SET 1 1 ? don't do it

  46. D Flip Flop Same as RS, but an inverter generates R from S' D Q cp Q' D Q(t+1)‏ --------------------------- 0 0 clear 1 1 set

  47. Graphical Symbols Q' Q Q' Q S D R CP CP D Flip-flop RS Flip-flop

  48. JK flip-flop Like the RS, but the 1,1 state is defined as Q(t+1) = Q'(t)‏ Q' Q J K Q(t+1)‏ -------------------------- 0 0 Q(t) no change 0 1 0 clear 1 0 1 set 1 1 Q'(t) compliment J K CP JK Flip-flop

  49. T flip-flop Q' Q T Q(t+1)‏ --------------------- 0 Q(t) no change 1 Q'(t) compliment T CP T Flip-flop

More Related