Crypto Basics
Symmetric
Source: Wikipedia
Caesar Cipher (~49 BC)
HELLO WORLD LIPPS ASVPH
Caesar Cipher (~49 BC)
HELLO WORLD LIPPS ASVPH
Special case of Viginere cipher
Viginere Cipher (1553)
HELLO WORLD LFNPP YSSNH
Key is “412” Key as long as message == “One Time Pad”
William and Elizabeth Friedman
● Met while analyzing Shakespeare ciphers at Riverbank Laboratories
– “William Friedman wrote Shakespeare's plays”
● Elizabeth solved ciphers of alcohol and drug smugglers
● William led a team that solved PURPLE
The Codebreakers by David Kahn
Index of coincidence
● Measures the unevenness of the cipher letter frequencies
● How likely it is to draw the same letter twice from a given text
● Calculate for different Viginere cipher key lengths, incorrect lengths will have lower ICs
● From Wikipedia article on “Index of Coincidence”: – English: 1.73 – French 2.02 – Italian 1.94
Substitution Cipher (before 49 BC?)
HELLO WORLD TNWWX DXPWE
Zodiac cipher
Image from wikia
Permutations of ABCD
ABCD ABDC ACBD ACDB ADBC ADCB BACD BADC BCAD BCDA BDAC BDCA CABD CADB CBAD CBDA CDAB CDBA DABC DACB DBAC DBCA DCAB DCBA
Bitwise XOR 00101010 b ⊕10000110 b =10101100 b
Bitwise XOR as a cipher itself
● Typically used by malware, 8 or 32 bits – WEP had similar problems
● (B xor K) xor K = B
● (A xor K) xor (B xor K) = A xor B
● (0 xor K) = K
● (K xor K) = 0
● Frequency analysis or brute force
Data Encryption Standard (1977)
Feistel structure
Source: Wikipedia
56 bit key
What 56 bits looks like By The original uploader was Matt Crypto at English Wikipedia Later versions were uploaded by Ed g2s at en.wikipedia. - http://w2.eff.org/Privacy/Crypto/Crypto_mi 0100010011101110111000101011 sc/DESCracker/ (Via en:)., CC BY 3.0 us, https://commons.wikimedia.org/w/index.ph 0101001001001111011111010001 p?curid=2437815
256 = 7.2 * 1016, or 72 quadrillion
Source: Wikipedia
Advanced Encryption Standard (2001)
Substitution Permutation Network
Source: Wikipedia
What 128 bits look like 1010010101010101 0100010110010101 0100100101011101 1111011011011100 0010001010101110 1110110110001100 0001011101100001 1111110000110001
2128 =
340,282,366,920,938,463, 463,374,607,431,768,211, 456 ...or, ~340 undecillion
2256 = Roughly 1.15 * 1077 Estimated number of molecules in the known universe is between 1078 and 1082
Common symmetric algorithms
● DES (56-bit) and 3-DES (56, 112, or 168 bits) – DES is outdated, no good reason to use 3- DES that I know of
● AES (128, 192, or 256 bits) – Recognized standard
● Blowfish (32 to 448 bits, see also twofish and threefish) – Common, fairly good choice
● TEA (128 bits) – Simple to implement
Common symmetric algorithms (continued...) ● RC4 (40-2048 bits) – Stream cipher, don't reuse key material
● IDEA (128 bits) – Cannot be expanded to larger key sizes
● Camellia (128, 192, or 256 bits) – Good alternative to AES
● Bitwise XOR (8 or 32 bits), ROT13 (e.g., WHAT→JUNG) – Terrible choices, but you'll see them...
Cipher modes
● ECB, CBC discussed on next slides
● Also Counter Mode, Galois Counter Mode, Cipher Feedback, Output Feedback – Parallelization and other features
Electronic Codebook (ECB)
Image stolen from Wikipedia
Cipher Block Chaining (CBC)
Image stolen from Wikipedia
ECB is generally bad
Image stolen from Wikipedia
Hash algorithms
Image stolen from Wikipedia
Common hash algorithms
● MD5 (128 bits) – Flawed, but still very common
● SHA-1 (160 bits) – “Not considered secure against well- funded opponents” -Wikipedia
● SHA-3 (224 to 512 bits) – Adopted in August 2015
● CRC32 – Not cryptographic, very poor choice
MAC
● Message Authentication Code – Effectively a keyed hash function
● Why not just hash the ciphertext and encrypt that?
Preview of asymmetric crypto
● Key agreement
● Signatures
● Other applications of asymmetric crypto
● Quantum computers
Symmetric
Source: Wikipedia
Preview of cryptanalysis...
● Symmetric attack types: Ciphertext-only, known plaintext (e.g., linear cryptanalysis), and chosen plaintext (e.g., differential cryptanalysis) – Chosen ciphertext for, e.g., padding oracles
● Asymmetric desired properties: Indistinguishability under Chosen Plaintext (IND-CPA), Chosen Ciphertext (IND-CCA, IND-CCA2) – Malleability of RSA (need something like OAEP)
● Man-in-the-middle attacks
● Birthday attacks
● Attacks on hash functions, like preimage attacks
Cryptography Engineering by Ferguson et al.