Distributed Systems Ngywioggazhon Pystemp Auesfnsicutiwf & Moiiunocaiwn Piqtoaoyp Introduction to Cryptography
Paul Krzyzanowski [email protected]
Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Page 1 Page 2
cryptography Cryptographic Systems κρυπός γραφία Authentication & Communication Protocols hidden writing
A secret manner of writing, … Generally, the art of writing or solving ciphers. — Oxford English Dictionary
Page 3 Page 4
Cryptography Security
cryptology Cryptography may be a component of a secure system
κρυπός λογια Adding cryptography may not make a system secure
hidden speaking
1967 D. Kahn, Codebreakers p. xvi, Cryptology is the science that embraces cryptography and cryptanalysis, but the term ‘cryptology’ sometimes loosely designates the entire dual field of both rendering signals secure and extracting information from them. — Oxford English Dictionary
Page 5 Page 6
1 Terms Terms: types of ciphers
Plaintext (cleartext), message M • restricted cipher encryption, E(M) • symmetric algorithm produces ciphertext, C=E(M)
• public key algorithm decryption: M=D(C)
Cryptographic algorithm, cipher
Page 7 Page 8
Restricted cipher The key
Secret algorithm
• Leaking • Reverse engineering – HD DVD (Dec 2006) and Blu-Ray (Jan 2007) – RC4 – All digital cellular encryption algorithms – DVD and DIVX video compression – Firewire – Enigma cipher machine – Every NATO and Warsaw Pact algorithm during Cold War
Page 9 BTW, the above is a bump key. See http://en.wikipedia.org/wiki/Lock_bumping.Page 10
The key The key
Source: en.wikipedia.org/wiki/Pin_tumbler_lock Source: en.wikipedia.org/wiki/Pin_tumbler_lock
Page 11 Page 12
2 The key Symmetric algorithm
Secret key • We understand how it works: – Strengths – Weaknesses C = EK(M ) • Based on this understanding, we can assess how much to trust the key & lock. M = DK(C )
Source: en.wikipedia.org/wiki/Pin_tumbler_lock
Page 13 Page 14
Public key algorithm McCarthy’s puzzle (1958)
Public and private keys The setting: • Two countries are at war C = E (M ) 1 public • One country sends spies to the other country M = Dprivate(C1 ) • To return safely, spies must give the border guards a password also: • Spies can be trusted C = E (M ) 2 private • Guards chat – information given to them may M = D (C ) public 2 leak
Page 15 Page 16
McCarthy’s puzzle Solution to McCarthy’s puzzle
Challenge Michael Rabin, 1958
How can a guard authenticate a person without Use one-way function, B = f (A) knowing the password? – Guards get B … • Enemy cannot compute A Enemies cannot use the guard’s knowledge to – Spies give A, guards compute f(A) introduce their own spies • If the result is B, the password is correct.
Example function: Middle squares • Take a 100-digit number (A), and square it • Let B = middle 100 digits of 200-digit result
Page 17 Page 18
3 One-way functions McCarthy’s puzzle example
• Easy to compute in one direction Example with an 18 digit number • Difficult to compute in the other A = 289407349786637777 A2 = 83756614110525308948445338203501729110525308948445338 Examples: Middle square, B = 110525308948445338 Factoring: pq = N EASY find p,q given N DIFFICULT Given A, it is easy to compute B Discrete Log: Given B, it is extremely hard to compute A ab mod c = N EASY find b given a, c, N DIFFICULT
Page 19 Page 20
More terms More terms
• one-way function • Stream cipher – Rabin, 1958: McCarthy’s problem – Encrypt a message a character at a time – middle squares, exponentiation, … • [one-way] hash function • Block cipher – Encrypt a message a chunk at a time – message digest, fingerprint, cryptographic checksum, integrity check • encrypted hash – message authentication code – only possessor of key can validate message
Page 21 Page 22
Yet another term Cryptography: what is it good for?
• Digital Signature • Authentication – Authenticate, not encrypt message – determine origin of message – Use pair of keys (private, public) • Integrity – Owner encrypts message with private key – verify that message has not been modified – Sender validates by decrypting with public key – Generally use hash(message). • Nonrepudiation – sender should not be able to falsely deny that a message was sent
• Confidentiality – others cannot read contents of the message
Page 23 Page 24
4 Cryptographic toolbox
• Symmetric encryption
• Public key encryption
• One-way hash functions Classic Cryptosystems • Random number generators
Page 25 Page 26
Cæsar cipher
Earliest documented military use of cryptography – Julius Caesar c. 60 BC – shift cipher: simple variant of a substitution cipher – each letter replaced by one n positions away modulo alphabet size n = shift value = key Substitution Ciphers Similar scheme used in India – early Indians also used substitutions based on phonetics similar to pig latin
Last seen as ROT13 on Usenet to keep the reader from seeing offensive messages unwillingly
Page 27 Page 28
Cæsar cipher Cæsar cipher
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T shift alphabet by n (6)
Page 29 Page 30
5 Cæsar cipher Cæsar cipher
MY CAT HAS FLEAS MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
G
Page 31 Page 32
Cæsar cipher Cæsar cipher
MY CAT HAS FLEAS MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
GS GSW
Page 33 Page 34
Cæsar cipher Cæsar cipher
MY CAT HAS FLEAS MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
GSWU GSWUN
Page 35 Page 36
6 Cæsar cipher Cæsar cipher
MY CAT HAS FLEAS MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
GSWUNB GSWUNBU
Page 37 Page 38
Cæsar cipher Cæsar cipher
MY CAT HAS FLEAS MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
GSWUNBUM GSWUNBUMZ
Page 39 Page 40
Cæsar cipher Cæsar cipher
MY CAT HAS FLEAS MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
GSWUNBUMZF GSWUNBUMZFY
Page 41 Page 42
7 Cæsar cipher Cæsar cipher
MY CAT HAS FLEAS MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
GSWUNBUMZFYU GSWUNBMUFZYUM
Page 43 Page 44
Cæsar cipher Ancient Hebrew variant (ATBASH)
MY CAT HAS FLEAS MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T Z Y XW V U T S R Q P O N M L K J I H G F E D C B A
GSWUNBMUFZYUM NBXZGSZHUOVZH • Convey one piece of information for decryption: • c. 600 BC shift value • No information (key) needs to be conveyed!
• trivially easy to crack (26 possibilities for a 26 character alphabet)
Page 45 Page 46
Substitution cipher Substitution cipher
MY CAT HAS FLEAS Easy to decode: A B C D E F G H I J K L M N O P Q R S T U V WX Y Z – vulnerable to frequency analysis M P S R L Q E A J T N C I F Z WO Y B X G K U D V H Moby Dick Shakespeare IVSMXAMBQCLMB (1.2M chars) (55.8M chars) • General case: arbitrary mapping e 12.300% e 11.797% • both sides must have substitution alphabet o 7.282% o 8.299% d 4.015% d 3.943% b 1.773% b 1.634% x 0.108% x 0.140%
Page 47 Page 48
8 Statistical Analysis Polyalphabetic ciphers
Designed to thwart frequency analysis techniques Letter frequencies – different ciphertext symbols can represent the E: 12% same plaintext symbol A, H, I, N, O, R, S, T: 6 – 9% • 1 many relationship between D, L: 4% letter and substitute B, C, F, G, M, P, U, W, Y: 1.5 – 2.8% Leon Battista Alberti: 1466: invented key J J, K, Q, V, X, Z: < 1% – two disks A Common digrams: – line up predetermined letter on inner disk with outer disk TH, HE, IN, ER, AN, RE, … – plaintext on inner ciphertext on Common trigrams outer THE, ING, AND, HER, ERE, … – after n symbols, the disk is rotated to a new alignment encrypt: AJ decrypt: J A
Page 49 Page 50
Vigenère polyalphabetic cipher
• Blaise de Vigenère, court of Henry III of France, 1518 • Use table and key word to encipher a message • repeat keyword over text: (e.g. key=FACE) FA CEF ACE FACEF .... MY CAT HAS FLEAS • encrypt: find intersection: row = keyword letter column = plaintext letter • decrypt: column = keyword letter, search for intersection = ciphertext letter • message is encrypted with as many substitution ciphers as there are letters in the keyword
Page 51 Page 52
Vigenère polyalphabetic cipher Vigenère polyalphabetic cipher
plaintext letter FA CEF ACE FACEF MY CAT HAS FLEAS A B C D E F G H I J K L M N O P Q R S T R A B C D E F G H I J K L M N O P Q R S T B C D E F G H I J K L M N O P Q R S T U A B C D E F G H I J K L M N O P Q R S T U V WX Y Z C D E F G H I J K L M N O P Q R S T U V B C D E F G H I J K L M N O P Q R S T U V WX Y Z A D E F G H I J K L M N O P Q R S T U V W C D E F G H I J K L M N O P Q R S T U V WX Y Z A B keytext E F G H I J K L M N O P Q R S T U V WX D E F G H I J K L M N O P Q R S T U V WX Y Z A B C letter F G H I J K L M N O P Q R S T U V WX Y E F G H I J K L M N O P Q R S T U V WX Y Z A B C D F G H I J K L M N O P Q R S T U V WX Y Z A B C D E ciphertext letter G H I J K L M N O P Q R S T U V WX Y Z A B C D E F H I J K L M N O P Q R S T U V WX Y Z A B C D E F G
Page 53 Page 54
9 Vigenère polyalphabetic cipher Vigenère polyalphabetic cipher
FA CEF ACE FACEF FA CEF ACE FACEF MY CAT HAS FLEAS MY CAT HAS FLEAS RY RY E
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G
Page 55 Page 56
Vigenère polyalphabetic cipher Vigenère polyalphabetic cipher
FA CEF ACE FACEF FA CEF ACE FACEF MY CAT HAS FLEAS MY CAT HAS FLEAS RY EE RY EEY
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G
Page 57 Page 58
Vigenère polyalphabetic cipher Vigenère polyalphabetic cipher
FA CEF ACE FACEF FA CEF ACE FACEF MY CAT HAS FLEAS MY CAT HAS FLEAS RY EEY H RY EEY HC
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G
Page 59 Page 60
10 Vigenère polyalphabetic cipher Vigenère polyalphabetic cipher
FA CEF ACE FACEF FA CEF ACE FACEF MY CAT HAS FLEAS MY CAT HAS FLEAS RY EEY HCW RY EEY HCW K
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G
Page 61 Page 62
Vigenère polyalphabetic cipher Vigenère polyalphabetic cipher
FA CEF ACE FACEF FA CEF ACE FACEF MY CAT HAS FLEAS MY CAT HAS FLEAS RY EEY HCW KL RY EEY HCW KLG
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G
Page 63 Page 64
Vigenère polyalphabetic cipher Vigenère polyalphabetic cipher
FA CEF ACE FACEF FA CEF ACE FACEF MY CAT HAS FLEAS MY CAT HAS FLEAS RY EEY HCW KLGE RY EEY HCW KLGEX
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G
Page 65 Page 66
11 Vigenère polyalphabetic cipher
"The rebels reposed their major trust, however, in the Vigenere, sometimes using it in the form of a brass cipher disc. In theory, it was an excellent choice, for so far as the South knew the cipher was unbreakable. In practice, it proved a dismal failure. For one thing, transmission errors that added or subtracted a letter ... unmeshed the key from Transposition Ciphers the cipher and caused no end of difficulty. Once Major Cunningham of General Kirby-Smith's staff tried for twelve hours to decipher a garbled message; he finally gave up in disgust and galloped around the Union flank to the sender to find out what it said."
http://rz1.razorpoint.com/index.html
Page 67 Page 68
Transposition ciphers Transposition ciphers: staff cipher
• Permute letters in plaintext according to rules MYCATHASFLEAS
• Knowledge of rules will allow message to be decrypted MHE
• Earliest version used by the Spartans in the th 5 century BC – staff cipher M H E
Page 69 Page 70
Transposition ciphers: staff cipher Transposition ciphers: staff cipher
MYCATHASFLEAS MYCATHASFLEAS
MHE YAA MHE YAA CSS
Y C A S A S
Page 71 Page 72
12 Transposition ciphers: staff cipher Transposition ciphers: staff cipher
MYCATHASFLEAS MYCATHASFLEAS
MHE YAA CSS AFx MHE YAA CSS Afx TLy
A T F Pad out the text. This is a L x block cipher versus a y stream cipher
Page 73 Page 74
Transposition cipher Transposition cipher
Table version of staff cipher Table version of staff cipher – enter data horizontally, read it vertically – enter data horizontally, read it vertically – secrecy is the width of the table – secrecy is the width of the table
M Y C A M Y C A T H A S T H A S MYCATHASFLEAS MYCATHASFLEAS MTFS F L E A F L E A S x y z S x y z
Page 75 Page 76
Transposition cipher Transposition cipher
Table version of staff cipher Table version of staff cipher – enter data horizontally, read it vertically – enter data horizontally, read it vertically – secrecy is the width of the table – secrecy is the width of the table
M Y C A M Y C A T H A S T H A S MYCATHASFLEAS MTFSYHLx MYCATHASFLEAS MTFSYHLxCAEy F L E A F L E A S x y z S x y z
Page 77 Page 78
13 Transposition cipher Transposition cipher with key
Table version of staff cipher – permute letters in plaintext according to key – enter data horizontally, read it vertically – read down columns, sorting by key – secrecy is the width of the table
Key: 3 1 4 2 M Y C A M Y C A T H A S MYCATHASFLEAS MTFSYHLxCAEyASAz MYCATHASFLEAS T H A S F L E A F L E A S x y z S x y z
Page 79 Page 80
Transposition cipher with key Transposition cipher with key
– permute letters in plaintext according to key – permute letters in plaintext according to key – read down columns, sorting by key – read down columns, sorting by key
Key: 3 1 4 2 Key: 3 1 4 2 M Y C A M Y C A MYCATHASFLEAS T H A S YHLx MYCATHASFLEAS T H A S YHLxASAz F L E A F L E A S x y z S x y z ASAz YHLx
Page 81 Page 82
Transposition cipher with key Transposition cipher with key
– permute letters in plaintext according to key – permute letters in plaintext according to key – read down columns, sorting by key – read down columns, sorting by key
Key: 3 1 4 2 Key: 3 1 4 2 M Y C A M Y C A MYCATHASFLEAS T H A S YHLxASAzMTFS MYCATHASFLEAS T H A S YHLxASAzMTFSCAEy F L E A F L E A S x y z S x y z CAEy
MTFS
Page 83 Page 84
14 Transposition cipher with key Combined ciphers
– permute letters in plaintext according to key • Combine transposition with substitution – read down columns, sorting by key ciphers – German ADFGVX cipher (WWI)
Key: 3 1 4 2 M Y C A • can be troublesome to implement MYCATHASFLEAS T H A S YHLxASAzMTFSCAEY – may require a lot of memory F L E A S x y z – may require that messages be certain lengths
• Difficult with manual cryptography
Page 85 Page 86
Rotor machines
1920s: mechanical devices used for automating encryption
Rotor machine:
– set of independently rotating cylinders through which electrical Electro-mechanical pulses flow – each cylinder has input & output pin for each letter of the cryptographic engines alphabet – implements a version of the Vigenère cipher
– each rotor implements a substitution cipher
– output of each rotor is fed into the next rotor
Page 87 Page 88
Rotor machines Single cylinder rotor machine
• Simplest rotor machine: single cylinder A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z G V I L C M B Q F K D O S P Z H R E U Z N X A T W J A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
rotate • after a character is entered, the cylinder rotates one position A B C D E F G H I J K L M N O P Q R S T U V W X Y Z – internal combinations shifted by one A B C D E F G H I J K L M N O P Q R S T U V W X Y Z – polyalphabetic substitution cipher with a period of 26 K H W J M D N C R G L E P T Q Z I S F V A O Y B U X
Page 89 Page 90
15 Single cylinder rotor machine Single cylinder rotor machine
MY CAT HAS FLEAS MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
S SU
Page 91 Page 92
Single cylinder rotor machine Single cylinder rotor machine
MY CAT HAS FLEAS MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
SUI SUIU
Page 93 Page 94
Single cylinder rotor machine Single cylinder rotor machine
MY CAT HAS FLEAS MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
SUIUV SUIUVA
Page 95 Page 96
16 Single cylinder rotor machine Single cylinder rotor machine
MY CAT HAS FLEAS MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
SUIUVAY SUIUVAYO
Page 97 Page 98
Single cylinder rotor machine Single cylinder rotor machine
MY CAT HAS FLEAS MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
SUIUVAYOI SUIUVAYOIN
Page 99 Page 100
Single cylinder rotor machine Single cylinder rotor machine
MY CAT HAS FLEAS MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
SUIUVAYOINK SUIUVAYOINKB
Page 101 Page 102
17 Single cylinder rotor machine Multi-cylinder rotor machines
MY CAT HAS FLEAS Single cylinder rotor machine – substitution cipher with a period = length of alphabet (e.g., 26) A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Multi-cylinder rotor machine – feed output of one cylinder as input to the next one – first rotor advances after character is entered A B C D E F G H I J K L M N O P Q R S T U V W X Y Z – second rotor advances after a full period of the first – polyalphabetic substitution cipher SUIUVAYOINKBY • period = (length of alphabet)number of rotors • 3 26-char cylinders 263 = 17,576 substitution alphabets • 5 26-char cylinders 265 = 11,881,367 substitution alphabets
Page 103 Page 104
Enigma Enigma
Rotors • Enigma machine used in Reflector Germany during WWII • Three rotor system – 263 = 17,576 possible rotor positions • Input data permuted via patch panel before sending to rotor engine Plugboard • Data from last rotor reflected back through rotors makes encryption symmetric Glowlamps • Need to know initial settings of rotor (results) – setting was f(date) – find in book of codes Keyboard • broken by group at Bletchley Park (Alan Turing) (input)
Page 105 Page 106
One-time pads One-time pads
Only provably secure encryption scheme If pad contains M + K mod 26 = W • invented in 1917 KWXOPWMAELGHW… Y + W mod 26 = U and we want to encrypt C + X mod 26 = Z MY CAT HAS FLEAS A + O mod 26 = O • large non-repeating set of random key letters written T + P mod 26 = I on a pad H + W mod 26 = D Ciphertext: • each key letter on the pad encrypts exactly one A + M mod 26 = M WUZOIDMSJWKHO plaintext character S + A mod 26 = S – encryption is addition of characters modulo 26 F + E mod 26 = J L + L mod 26 = W • sender destroys pages that have been used E + G mod 26 = K A + H mod 26 = H • receiver maintains identical pad S + W mod 26 = O
Page 107 Page 108
18 One-time pads One-time pads
The same ciphertext can W - D mod 26 = W Can be extended to binary data decrypt to anything U - N mod 26 = U depending on the key! Z - V mod 26 = Z – random key sequence as long as the message O - L mod 26 = O – exclusive-or key sequence with message Same ciphertext: I - U mod 26 = I – receiver has the same key sequence D - X mod 26 = D WUZOIDMSJWKHO M - E mod 26 = M With a pad of: S - A mod 26 = S KWXOPWMAELGHW… J - C mod 26 = J Produces: W - W mod 26 = W THE DOG IS HAPPY K - V mod 26 = K H - S mod 26 = H O - Q mod 26 = O
Page 109 Page 110
One-Time Pad One-time pads
void onetimepad(void) Problems with one-time pads: { FILE *if = fopen(“intext”, “r”); – key needs to be as long as the message! FILE *kf = fopen(“keytext”, “r”); FILE *of = fopen(“outtext”, “w”); – key storage can be problematic int c, k; • may need to store a lot of data
while ((c = getc(if)) != EOF) { – keys have to be generated randomly k = getc(kf); • cannot use pseudo-random number generator putc((c^k), of); } – cannot reuse key sequence fclose(if); fclose(kf); fclose(of); } – sender and receiver must remain synchronized (e.g. cannot lose a message)
Page 111 Page 112
Digression: random numbers
• “anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin” – John vonNeumann Computer Cryptography • Pseudo-random generators – Linear feedback shift registers – Multiplicative lagged Fibonacci generators – Linear congruential generator
• Obtain randomness from: – Time between keystrokes – Various network/kernel events – Cosmic rays – Electrical noise – Other encrypted messages
Page 113 Page 114
19 DES DES
64 bit plaintext block 48-bit subkey • Data Encryption Standard permuted from key – adopted as a federal standard in 1976 initial permutation, IP
• block cipher, 64 bit blocks left half, L1 right half, R0 f • 56 bit key K1 – all security rests with the key 16 rounds • substitution followed by a permutation L1= R0 R1 = L0 f(R0, K1)
(transposition) L15= R14 R15 = L14 f(R14, K15) – same combination of techniques is applied on the f plaintext block 16 times K16
R16 = L15 f(R15, K16) L16 = R15
final permutation, IP-1
64 bit ciphertext block Page 115 Page 116
DES: f DES: S-boxes
• After compressed key is XORed with expanded block DATA: right 32 bits KEY: 56 bits – 48-bit result moves to substitution operation via eight substitution boxes (s-boxes)
48 bits 48 bits • Each S-box has – 6-bit input – 4-bit output • 48 bits divided into eight 6-bit sub-blocks S S S S S S S S • Each block is operated by a separate S-box • key components of DES’s security • net result: 48 bit input generates 32 bit output New DATA: DATA: left 32 bits right 32 bits
Page 117 Page 118
Is DES secure? The power of 2
56-bit key makes DES relatively weak Adding an extra bit to a key doubles the search – 7.2×1016 keys space. – Brute-force attack Suppose it takes 1 second to attack a 20-bit key: Late 1990’s: – DES cracker machines built to crack DES keys in a few hours •21-bit key: 2 seconds – DES Deep Crack: 90 billion keys/second – Distributed.net: test 250 billion keys/second •32-bit key: 1 hour •40-bit key: 12 days •56-bit key: 2,178 years •64-bit key: >557,000 years!
Page 119 Page 120
20 Increasing The Key Double DES
Can double encryption work for DES? Vulnerable to meet-in-the-middle attack
– Useless if we could find a key K such that: If we know some pair (P, C), then: 56 [1] Encrypt P for all 2 values of K1 EK(P) = EK2(EK1(P)) 56 [2] Decrypt C for all 2 values of K2
– This does not hold for DES For each match where [1] = [2] – test the two keys against another P, C pair – if match, you are assured that you have the key
Page 121 Page 122
Triple DES Triple DES
Triple DES with two 56-bit keys: Prevent meet-in-the-middle attack with – three stages C = EK1(DK2(EK1(P))) – and two keys Triple DES with three 56-bit keys: Triple DES: C = EK3(DK2(EK1(P))) C = EK1(DK2(EK1(P))) Decryption used in middle step for compatibility Decryption used in middle step for compatibility with DES (K1=K2=K3) with DES C = E (D (E (P))) C = E (P) K K K K1 C = EK(DK(EK(P))) C = EK1(P)
Page 123 Page 124
Popular symmetric algorithms AES
IDEA - International Data Encryption Algorithm From NIST: – 1992 Assuming that one could build a machine that could – 128-bit keys, operates on 8-byte blocks (like DES) recover a DES key in a second (i.e., try 256 keys per – algorithm is more secure than DES second), then it would take that machine RC4, by Ron Rivest approximately 149 trillion years to crack a 128-bit – 1995 AES key. To put that into perspective, the universe – key size up to 2048 bits is believed to be less than 20 billion years old. – not secure against multiple messages encrypted with the same key AES - Advanced Encryption Standard – NIST proposed successor to DES, chosen in October 2000 – based on Rigndael cipher – 128, 192, and 256 bit keys
http://csrc.nist.gov/encryption/aes/
Page 125 Page 126
21 The end.
Page 127
22