Algebraic Structures and its Applications in Cryptography Dr. Sucheta Chakrabarti Scientist - G Scientific Analysis Group DRDO Delhi E-mail – [email protected] 29/8/2020 IC-W 2020 Outline of the Presentation • Secure Communication & Cryptography • Role of probability and entropy in secure communication from information theoretic approach • Commonly used Algebraic Structures in Cryptography • New Direction of (in) Cryptography based on Non-commutative / Non- associative Algebraic Structures • Quaigroups • Quasigroup –Based Transformations and its cryptographic applications 29/8/2020 IC-W 2020 Secure Communications Over Open Channels Aim : To Protect Information To coordinate operations ( command and control ) To carry out online business transaction ( E- commerce ) Service required for secure communication – • Data confidentiality : It ensures the privacy of data i.e only the authorized person can only access the information • Data Integrity : It ensures the protection from any unauthorized alteration i.e. no insertion, deletion or modification has been done in the information by Non-legitimate party .It provides the assurance that the data is present in its original form as it was sent by the sender. 29/8/2020 IC-W 2020 • Data availability : This means that the data is always available for access whenever required • Authentication : This ensures that the communication is being held among the right individuals. • Non-repudiation : According to this, the sender or the receiver cannot deny being responsible for the data being transmitted. 29/8/2020 IC-W 2020 Fundamental building block of security is Cryptography 1949 is the turning point for cryptography – it turns to scientific based on mathematical grounds by the research article Communication Theory of secrecy system - C.E. Shannon 29/8/2020 IC-W 2020 • Security needs continuous improvement / up gradation against adversary capabilities viz. (i) computational • Computationally unbounded – Unconditional security ( Info. theoretical or perfect secrecy ) • Computationally bounded – Computational security & Provable security (the cryptographic primitive reduced to certain problem which is proved to be (well known )hard problem . It implies breaking of the primitive computationally infeasible ) (ii) other capabilities - • Active - can corrupt parties, inject / modify messages • Passive / eavesdropper – only listens (intercepts) messages • Other resources i.e. ability to decrypt some messages. • Security is based on Arbitrary Adversary Principle (AAP ) – i.e it assume restrictions on adversary capabilities , but not that the adversary is using specific strategies or attacks • Secure electronic identities and information protection are key for digital evolution 29/8/2020 IC-W 2020 In the Modern digital world Cryptography ( Crypto-primitives / algorithms ) deals with information security & secure communications over insecure channels. Mainly deals with Confidentiality , Authenticity , Integrity & Non-repudiation It needs set of elements and specific operations that are applied to the elements of the set is called Algebraic Structures 29/8/2020 IC-W 2020 Basic Components of Cryptography Functions • one – one • one-way • trapdoor one way • encryption / decryption 29/8/2020 IC-W 2020 Encryption/Decryption function has to satisfy the following condition : For E∈ E and 푘푒 ≡ 푒 ∈ 풦 , 퐸푒 : ℳ → 풞 is a 1-1 mapping & so there exists a corresponding D ∈ D and 푘푑 ≡ 푑 ∈ 풦 such that 퐷푑 : 풞 → ℳ and 퐷푑 퐸푒 푚 = 푚 푓표푟 푎푙푙 푚 ∈ ℳ In other words Cryptographic Algorithms - consist of ℳ , 풞, 풦 and set 퐸푒, 푒 ∈ 풦 of encryption transformations and corresponding set 퐷푑, 푑 ∈ 풦 of decryption transformations with the property that for −1 each 푒 ∈ 풦 there exists a unique , 푑 ∈ 풦 s.t 퐷푑 ≡ 퐸푒 i.e 퐷푑 퐸푒 푚 = 푚 푓표푟 푎푙푙 푚 ∈ ℳ 29/8/2020 IC-W 2020 Domain & Codomain of Encryption / Decryption Functions • Alphabet set - A • Message space - ℳ • Crypt space - 풞 • Key space - 풦 Set of encryption and decryption functions are denoted by E & D respectively 29/8/2020 IC-W 2020 Cryptosystems Three Sets : Message / Plaintext – ℳ Ciphertext - 풞 Keys - 풦 Three randomized algorithms : 퐾퐺, 퐸, 퐷 Key generation Algo 퐾퐺: 푆∗ → 풦 Encryption Algo 퐸: 풦 × ℳ → 풞 Decryption Algo 퐷 ∶ 풦 × 풞 → ℳ For any key 푘 ∈ 풦 and 푚 ∈ ℳ holds 퐷푘 퐸푘 푚 = 푚 So a cryptosystem consists of five tuples which represent as ℳ, 풞 , 풦 , 퐸, 퐷 29/8/2020 IC-W 2020 Probability & Entropy Concepts for Secure Communication The concept of entropy has evolved in probability theory to create information theoretical model for secure communication . In 1947-48 by classic work of C. Shannon gives birth of Information theory , a new branch in applied probability theory to handle practical problem of communication. Security generally expressed in terms of probability and amount of information (entropy) Here we will discuss some important concepts of discrete probabilities Probability Space : 핏, 푃푟 , where • 핏 − the sample space which is a finite set of possible outcomes ( events) • 푃푟 – a function from 풫 핏 → 0,1 such that 푃푟 핏 = 1, 푃푟 Φ = 0, 푃푟 푋 ∪ 푌 = 푃푟 푋 + 푃푟 푌 if 푋 ∩ 푌 = Φ (iv) 푃푟 푋 ∩ 푌 = 푃푟 푋 푃푟 푌 if 푋 ∩ 푌 = Φ 푃푟 is called a probability distribution , a probability measure or just a probability 푃푟 of X ∈ 풫 핏 determined by 푃푟 푥 ∀ 푥 ∈ 푋 29/8/2020 IC-W 2020 Joint Probabilities : Two probability spaces viz. 핏, 푃푟1 핐, 푃푟2 It can create joint probability space 핏 × 핐, 푃푟 where 푃푟 define as follows: 푃푟 푥, 푦 = 푃푟1 푥 푃푟2 푦 Conditional Probability • 푃푟 푋 푌 = 푃푟 푋 ∩ 푌 /푃푟 푌 - only defined if 푃푟 푌 > 0 • 푋 and 푌 are independent if 푃푟 푋 = 푥|푌 = 푦 = Pr 푋 = 푥 or 푃푟 푥| 푦 = 푃푟 푥 & also 푃푟 푋 = 푥 ∩ 푌 = 푦 = Pr 푋 = 푥 Pr 푌 = 푦 ∀푥, 푦 푃푟 푋 푃푟(푌|푋) Bayes Theorem : 푃푟 푋|푌 = 푃푟 푌 29/8/2020 IC-W 2020 Random Variables • A random variable 푋 is a function from underlying set of probability space (all possible outcomes 핏 ) to some set of values ( some set of 풫 핏 ) • Given a probability space and a random variable 푋, the probability that the random variable 푋 takes value 푥 is 푃푟 푤 푋 푤 = 푥 29/8/2020 IC-W 2020 Application to Cryptography for security analysis Plaintext Distribution : • 푋 discrete random variable over the plaintext set ℳ • Sender choose 푥 from ℳ based on some probability distribution - Let Pr 푋 = 푥 be the probability that 푥 is chosen - This probability may depend on the language Key Distribution: Sender & Receiver agree on a key 푘 chosen from a key set 풦 • 퐾 discrete random variable over 풦 • Pr 퐾 = 푘 ,the probability that 푘푒푦 푠 푘 Note that here Probability space ( Plaintext , Key) 29/8/2020 IC-W 2020 Ciphertext Probability Distribution 푌 is a discrete random variable over the set 풞 The probability of obtaining a particular ciphertext 푦 depends on the probability of Plaintext and key - 푃푟 푦 = σ 푃푟 푥 푃푟(푘) = σ 푃푟 푘 푃푟(푑 (y)) 푥,푘|푒푘 푥 =푦 푘 푘 Attacker Aims to determine the plaintext 푥 • Attacker’s does not know /observe ciphertext 푦 o Probability (a priori probability ) that the plaintext is 푥 : 푃푟 푋 = 푥 ≡ Pr(푥) o It depends on plaintext distribution i.e language characteristics • Attacker’ s knows / observes ciphertext 푦 o Probability ( a posteriori probability)that the plaintext is 푥– 푃푟 푋 = 푥|푌 = 푦 ≡ 푃푟 푥|푦 Computation of attacker’s a posterior (conditional) probabilities • Apply Bayes theorem 29/8/2020 IC-W 2020 푃푟 푋 = 푥|푌 = 푦 ≡ 푃 푟 푥|푦 푃푟 푥 ×푃푟 푦|푥 = 푃푟 푦 Here 푃푟 푥 - Probability of the plaintext 푃푟 푦 - Probability of this ciphertext –It induced by probability of plaintext and key distributions 푃푟 푦 = ෍ 푃푟 푥 푃푟 푘 푥,푘|푒푘 푥 =푦 푃푟 푦|푥 - probability that the 푦 is obtained for a given 푥 depends on the keys which provide such a mapping from plaintext domain (Message space ) to ciphertext domain (Cipher space) - 푃푟 푦|푥 = ෍ 푃푟 푘 푘|푒푘 푥 =푦 표푟푑푘 푦 =푥 29/8/2020 IC-W 2020 Example : A Cryptosystem is given below : ℳ − 푀푒푠푠푎푔푒 푆푝푎푐푒 푎, 푏, 푐 , 풦 − 퐾푒푦 푆푝푎푐푒 푘1, 푘2 & 풞 − 퐶푟푦푝푡 푆푝푎푐푒 푃, 푄, 푅 Plaintext Distribution 1 1 1 Plaintext Probability - 푃푟 푎 = , 푃푟 푏 = , 푃푟 푐 = 2 3 6 3 1 Key Probability - 푃푟 푘 = , 푃푟 푘 = 1 4 2 4 Encryption (mapping) under the keys : 푒푘1 푎 = 푅, 푒푘1 푏 = 푄, 푒푘1 푐 = 푃 푒푘2 푎 = 푄, 푒푘2 푏 = 푅, 푒푘2 푐 = 푃 29/8/2020 IC-W 2020 Attackers knowing the system and plaintext & key probabilities can compute 푃푟 푦 1 3 1 1 1 ⇒ 푃푟 푃 = σ 푃푟 푥 푃푟 푘 = 푃푟 푐 푃푟 푘 + 푃푟 푐 푃푟 푘 = × + × = 푥,푘|푒푘 푥 =푦 1 2 6 4 6 4 6 1 3 1 1 3 푃푟 푄 = × + × = 3 4 2 4 8 1 3 1 1 11 푃푟 푅 = × + × = 2 4 3 4 24 푃푟 푦|푥 , i.e 푃푟 푃|푎 = 0, 푃푟 푃|푏 = 0 , 푃푟 푃|푐 = 푃푟 푘1 + 푃푟 푘2 =1 1 3 푃푟 푄|푎 = , 푃푟 푄|푏 = , 푃푟 푄|푐 =0, 4 4 3 1 푃푟 푅|푎 = , 푃푟 푅|푏 = , 푃푟 푅|푐 = 0 4 4 1 9 ⇒ Posterior probability 푃푟 푎|푃 = 0, 푃푟 푎|푄 = , 푃푟 푎|푅 = , 푃푟 푏|푃 = 0, 3 11 2 2 푃푟 푏|푃 = 0 , 푃푟 푏|푄 = , 푃푟 푏|푅 = , 3 11 푃푟 푐|푃 = 1, 푃푟 푐|푄 = 0, 푃푟 푐|푅 = 0 29/8/2020 IC-W 2020 Attacker if observes ciphertext 푃 then he knows that the plaintext is exactly 푐 Attacker if observes ciphertext 푅 then he knows the most probable plaintext is 푎 The cryptosystem not providing strong security To provide perfect secrecy, the cryptosystem has to satisfies the following condition 푃r 푋 = 푥 ≡ 푃푟 푥 = 푃푟 푋 = 푥|푌 = 푦 ≡ 푃 푟 푥|푦 ∀푥, 푦 i.e.