Lorenz Cipher

Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa Spring 2006 David Evans Menu

Class 4: • Some loose ends on WWII Modern •Maurice Burnett Cryptography • Modern Cryptography – Modern symmetric ciphers – Public-key cryptosystems

http://www.cs.virginia.edu/jillcrypto JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 2

British Cipher Machine German Code-Breaking Efforts • Design based on commercial Enigma • About 6,000 people (compare to 12,000 working at Bletchley Park) • 5 rotor wheels (instead • Decentralized: each military branch had of 3 in Enigma) their own, didn’t share what they learned • Multiple rings per rotor • Effective against manual codes: broke • Last 2 rotor wheels about 50% of manually coded messages didn’t rotate • Didn’t attempt to break rotor-based • British attempted to ciphers – so confident Enigma was break it (without unbreakable, didn’t try to Typex and success) similar machines Typex Machine

JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 3 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 4

Lorenz Cipher

From http://www.codesandciphers.org.uk/lorenz/fish.htm

JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 5 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 6

1 Modern Symmetric Ciphers Modern Ciphers A billion billion is a large number, but it's not that large a number. Whitfield Diffie • AES (Rijndael) successor to DES selected 2001 • Same idea but: • 128-bit keys, encrypt 128-bit blocks –Use digital logic instead of • Brute force attack (around 1030 times mechanical rotors harder than Lorenz) –Larger keys (random bits, not rotor – Try 1 Trillion keys per second – Would take 10790283070806000000 years alignments) to try all keys! 12 9 •Lorenz ≈ 5 < 10 – If that’s not enough, can use 256-bit key •Modern ≥ 128 bits > 1037 • No known techniques that do better –Encrypt blocks of letters at a time than brute force search

JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 7 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 8

Terminal

Eve

User Server

JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 9 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 10

The Internet

Ciphertext

Plaintext Encrypt Decrypt Plaintext Key Agreement Demo

K K

User Server (Animated version at C = EncryptK (P) end of slides.)

P = DecryptK (C)

JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 11 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 12

2 Asymmetric Cryptosystems One-Way Functions • Easy to compute, hard to invert • Need a hard problem (like symmetric • Trap-door one way function: cryptosystems) – D (E (M)) = M • With a trap door: if you know a – E and D are easy to compute. secret, the hard problem becomes – Revealing E doesn’t reveal an easy way easy to compute D. – Hence, anyone who knows E can encrypt, but only someone who knows D can decrypt

JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 13 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 14

RSA [Rivest, Shamir, Adelman 78] Security of RSA One-way function: multiplication is easy, factoring is hard • n is public, but not p and q where n = Trap-door: number theory (Euler and Fermat) pq • How much work is factoring n?

Number Field Sieve (fastest known factoring algorithm) is: O(e1.9223((ln (n))1/3 (ln (ln (n)))2/3)

n ~200 digits – would take quintillions of years

JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 15 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 16

Asymmetric Cryptosystems Public-Key Applications: Privacy Bob • Encryption and Decryption are done Alice Ciphertext with different keys Plaintext Encrypt Decrypt Plaintext • Keep one of the keys secret, reveal the other Bob’s Public Key Bob’s Private Key • Alice encrypts message to Bob using EKRA (EKUA (M)) = M Bob’s Public Key

Alice’s Public Key: KUA Only KRA can decrypt • Only Bob knows Bob’s Private Key ⇒ a message encrypted only Bob can decrypt message Alice’s Private Key: KRA using KUA.

JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 17 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 18

3 Signatures Bob Alice Signed The Internet Message Plaintext Encrypt Decrypt Plaintext Ciphertext

Alice’s Private Key Alice’s Public Key Plaintext Encrypt Decrypt Plaintext • Bob knows it was from Alice, since only Alice knows Alice’s Private Key • Non-repudiation: Alice can’t deny signing KUS KRS message (except by claiming her key was stolen!) User Public Key Private Key Server • Integrity: Bob can’t change message (doesn’t know Alice’s Private Key) How does User know the public key to use?

JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 19 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 20

Approach 1: Meet Secretly

• User and Server Operator meet secretly and swap public keys Key Management – If you can do that, might as well agree on a secret (symmetric key) instead – Doesn’t work for Internet transactions

JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 21 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 22

Approach 2: Public Announcement Approach 3: Public Directory • Trusted authority maintains directory • Publish public keys in a public mapping names to public keys forum • Entities register public keys with – Append to email messages authority in some secure way – Post on web site • Authority publishes directory – New York Time classifieds – Print using watermarked paper, special • Easy for rogue to pretend to be fonts, etc. someone else – Allow secure electronic access • Depends on secure distribution of directory’s – Forge email, alter web site, lie to New key York Times

JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 23 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 24

4 Approach 4: Certificates SSL (Secure Sockets Layer) Browser Server VeriSign Hello KUS $$$$ KRCA[Server Identity, KUS]

C = E [“Server”, KU ] Check Certificate S KRVeriSign S using KUCA Request Pick random K KUS[K] Find K using Note: This is slightly CS simplified from the actual KRS SSL protocol. This version User Server is vulnerable to a person-in- the-middle attack! EKUVeriSign (CS) = [“Server”, KUS] Knows KRS Secure channel using K

JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 25 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 26

Data encrypted using secret key exchanged using some public key associated with some certificate.

JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 27 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 28

JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 29 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 30

5 SSL Recap

Browser Server Hello

KRCA[Server Identity, KUS] Check Certificate Questions? using KUCA Pick random K KUS[K] Find K using Note: This is slightly simplified from the actual KRS SSL protocol. This version is vulnerable to a person-in- the-middle attack! Secure channel using K

JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 31 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 32

Padlocked Boxes Animated version of

Asymmetric Cryptography Hi! Demo

Alice

JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 33 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 34

Padlocked Boxes Padlocked Boxes

Alice’s Padlock Shady Sammy’s

Slimy ! i Shipping Alice H Alice Service

Alice’s Padlock Key Alice’s Padlock Key

JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 35 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 36

6 Padlocked Boxes Padlocked Boxes

Bob’s Padlock

! i

Alice Alice H

i H

Alice’s Padlock Key Bob Alice’s Padlock Key Bob Bob’s Padlock Key Bob’s Padlock Key

JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 37 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 38

Padlocked Boxes Padlocked Boxes

! i

Alice H Alice

i H

Alice’s Padlock Key Bob Bob Bob’s Padlock Key Bob’s Padlock Key

JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 39 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 40

Padlocked Boxes

Hi!

Alice

i H

Bob Bob’s Padlock Key

JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 41