Crypto Basics

Home , Index of coincidence, ROT13

Crypto Basics

Symmetric

Source: Wikipedia

Caesar Cipher (~49 BC)

HELLO WORLD LIPPS ASVPH

Caesar Cipher (~49 BC)

HELLO WORLD LIPPS ASVPH

Special case of Viginere cipher

Viginere Cipher (1553)

HELLO WORLD LFNPP YSSNH

Key is “412” Key as long as message == “One Time Pad”

William and Elizabeth Friedman

● Met while analyzing Shakespeare ciphers at Riverbank Laboratories

– “William Friedman wrote Shakespeare's plays”

● Elizabeth solved ciphers of alcohol and drug smugglers

● William led a team that solved PURPLE

The Codebreakers by David Kahn

Index of coincidence

● Measures the unevenness of the cipher letter frequencies

● How likely it is to draw the same letter twice from a given text

● Calculate for different Viginere cipher key lengths, incorrect lengths will have lower ICs

● From Wikipedia article on “Index of Coincidence”: – English: 1.73 – French 2.02 – Italian 1.94

Substitution Cipher (before 49 BC?)

HELLO WORLD TNWWX DXPWE

Zodiac cipher

Image from wikia

Permutations of ABCD

ABCD ABDC ACBD ACDB ADBC ADCB BACD BADC BCAD BCDA BDAC BDCA CABD CADB CBAD CBDA CDAB CDBA DABC DACB DBAC DBCA DCAB DCBA

Bitwise XOR 00101010 b ⊕10000110 b =10101100 b

Bitwise XOR as a cipher itself

● Typically used by malware, 8 or 32 bits – WEP had similar problems

● (B xor K) xor K = B

● (A xor K) xor (B xor K) = A xor B

● (0 xor K) = K

● (K xor K) = 0

● Frequency analysis or brute force

Data Encryption Standard (1977)

Feistel structure

Source: Wikipedia

56 bit key

What 56 bits looks like By The original uploader was Matt Crypto at English Wikipedia Later versions were uploaded by Ed g2s at en.wikipedia. - http://w2.eff.org/Privacy/Crypto/Crypto_mi 0100010011101110111000101011 sc/DESCracker/ (Via en:)., CC BY 3.0 us, https://commons.wikimedia.org/w/index.ph 0101001001001111011111010001 p?curid=2437815

256 = 7.2 * 1016, or 72 quadrillion

Source: Wikipedia

Advanced Encryption Standard (2001)

Substitution Permutation Network

Source: Wikipedia

What 128 bits look like 1010010101010101 0100010110010101 0100100101011101 1111011011011100 0010001010101110 1110110110001100 0001011101100001 1111110000110001

2128 =

340,282,366,920,938,463, 463,374,607,431,768,211, 456 ...or, ~340 undecillion

2256 = Roughly 1.15 * 1077 Estimated number of molecules in the known universe is between 1078 and 1082

Common symmetric algorithms

● DES (56-bit) and 3-DES (56, 112, or 168 bits) – DES is outdated, no good reason to use 3- DES that I know of

● AES (128, 192, or 256 bits) – Recognized standard

● Blowfish (32 to 448 bits, see also twofish and threefish) – Common, fairly good choice

● TEA (128 bits) – Simple to implement

Common symmetric algorithms (continued...) ● RC4 (40-2048 bits) – Stream cipher, don't reuse key material

● IDEA (128 bits) – Cannot be expanded to larger key sizes

● Camellia (128, 192, or 256 bits) – Good alternative to AES

● Bitwise XOR (8 or 32 bits), ROT13 (e.g., WHAT→JUNG) – Terrible choices, but you'll see them...

Cipher modes

● ECB, CBC discussed on next slides

● Also Counter Mode, Galois Counter Mode, Cipher Feedback, Output Feedback – Parallelization and other features

Electronic Codebook (ECB)

Image stolen from Wikipedia

Cipher Block Chaining (CBC)

Image stolen from Wikipedia

ECB is generally bad

Image stolen from Wikipedia

Hash algorithms

Image stolen from Wikipedia

Common hash algorithms

● MD5 (128 bits) – Flawed, but still very common

● SHA-1 (160 bits) – “Not considered secure against well- funded opponents” -Wikipedia

● SHA-3 (224 to 512 bits) – Adopted in August 2015

● CRC32 – Not cryptographic, very poor choice

MAC

● Message Authentication Code – Effectively a keyed hash function

● Why not just hash the ciphertext and encrypt that?

Preview of asymmetric crypto

● Key agreement

● Signatures

● Other applications of asymmetric crypto

● Quantum computers

Symmetric

Source: Wikipedia

Preview of cryptanalysis...

● Symmetric attack types: Ciphertext-only, known plaintext (e.g., linear cryptanalysis), and chosen plaintext (e.g., differential cryptanalysis) – Chosen ciphertext for, e.g., padding oracles

● Asymmetric desired properties: Indistinguishability under Chosen Plaintext (IND-CPA), Chosen Ciphertext (IND-CCA, IND-CCA2) – Malleability of RSA (need something like OAEP)

● Man-in-the-middle attacks

● Birthday attacks

● Attacks on hash functions, like preimage attacks

Cryptography Engineering by Ferguson et al.