Cryptography Cryptography comes from the two Greek words meaning “secret writing” and and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. Basically, what we have is Def: A cryptosystem is a 5-tuple (E, D, M, K, C), where M is the set of plaintexts, K is the set of keys, C is the set of ciphertexts, E: M K C is the set of enciphering functions, and D: C K M is the set of deciphering functions A classical example of a cryptosystem is the Caesar cipher where letters in the plaintext are shifted to get the ciphertext. Suppose that we have the message “GO CLEMSON”, and we want to encrypt that message using the Caesar cipher. Our key might be 2. The plaintext “GO CLEMSON” would turn into the ciphertext “IQ ENGOUQP”. Our cryptosystem would be: M = { all sequences of letters } K = { integers from 1 to 25 } C = { all sequences of letters } E = { Ek | k K and m M Ek(m) = (m+k) mod 26 } D = { Dk | k K and c C Dk(c) = (26+c-k) mod 26 } The goal of cryptography is to keep enciphered information secret. We assume that an adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that the adversary knows the algorithm used to encipher the plain text. The adversary does not know the specific cryptographic key. Hence, D and E are known. Key Dates 800 AD Al-Kindi, an Arab scholar and mathematician living in Baghdad, writes Manuscript for Deciphering Cryptographic Messages. It has the first known description of frequency analysis and other cryptanalysis techniques. 1586 Thomas Phelippes uses frequency analysis to decrypt messages between Mary I of Scotland and conspirators against Elizabeth I of England. Mary and the conspirators are all executed. 1918 Major Joseph O. Mauborgne of the U.S. Army and Gilbert Vernam of AT&T Bell Laboratories invent the one-time pad, in which the random, secret key is as long as the message itself and is only ever used once. 1944 At Bietchley Park in England, Colossus (the first vacuum-tube-based, programmable computing machine) decrypts German High Command messages, providing invaluable information prior to the D-day invasion of Normandy. 1945 Claude Shannon of AT&T Bell Laboratories proves that the one-time pad is unbreakable even against an adversary with unlimited computational power. This definition of secrecy is so strong, however, that he also proves that the one-time pad is the only possible cryptosystem satisfying it. 1976 Whitfield Diffie and Martin E. Hellman, both at Stanford University, propose public-key encryption and authentication. 1977 Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman, all at the Massachusetts Institute of Technology, construct the first public-key cryptosystem, the RSA algorithm. August 1977 In Martin Gardner’s Scientific American column, Rivest et al. challenge readers to decrypt a message encrypted by the RSA algorithm with a 129-digit key (RSA-129). They estimate that doing so may take 40 quadrillion years. 1982 Shafi Goldwasser and Silvio Micali, then PhD students at the University of California, Berkeley, developed the definitional foundations of modern cryptography, including a practical definition of security. 1985 Goldwasser, Micali, and Charles Rackoff of the University of Toronto invent zero-knowledge proofs. A year late Oded Goldrecih of Technion Israel Institute of Technology in Haifa, Avi Wigderson of the Hebrew University of Jerusalem, and Micali devise the zero-knowledge proof for graph three- colorability 1987 Goldreich, Wigderson, and Micali construct protocols for multiparty computation, or secure function evaluation, building on a two-party protocol developed by Andrew C. Yao of Princeton University. 1994 Netscape Communications releases the Secure Sockets Layer protocol, which employs public-key encryption to provide security for transaction on the World Wide Web. 1994 Arjen K. Lenstra of Bell Communications Research and more than 600 volunteers on the internet, using about 1,600 computers running recently developed factoring algorithms, take eight months to factor RSA-129. They reveal the message, “THE MAGIC WORDS ARE SQUEAMISH OSSIFRAGE.” 2008 An RSA key of recommended length (2,048) would take more than a quadrillion years to break on a modern PC. Attacks There are 3 attacks methods: 1. In a ciphertext only attack, the adversary has only the ciphertext a. The goal is to find the corresponding plaintext b. The adversary may also try to find the key 2. In a know plaintext attack, the adversary has the ciphertext and the plaintext that was enciphered. a. The goal is to find the key 3. In a chosen plaintext attack, the adversary may specify specific plaintexts to be enciphered. The adversary then has specific plaintexts and their corresponding ciphertexts. a. The goal is to find key that was used to encipher the plaintexts. A good cryptosystem protects against all three types of attacks. Attacks can use both mathematical and statistical techniques. Confusion and Diffusion Two additional important concepts are related to the amount of work required to perform an encryption. An encrypting algorithm should take the information from the plaintext and transform it so that the interceptor cannot readily recognize the message. The interceptor should not be able to predict what will happen to the ciphertext by changing one character in the plaintext. We call this characteristic confusion. An algorithm providing good confusion has a complex function relationship between the plaintext/key pair and the ciphertext. The cipher should also spread the information from the plaintext over the entire ciphertext so that changes in the plaintext affect many parts of the ciphertext. This principle is called diffusion, the characteristic of distributing the information from single plaintext letters over the entire ciphertext. Good diffusion means that the interceptor needs access to much of the ciphertext to be able to infer the algorithm. Symmetric Cryptosystems Symmetric or single-key cryptosystems are most common. They have been in use for centuries and are significantly used by the military. Consider the following picture. P = D ( K, E( K, P ) ) Public Key Cryptosystems In 1976 a new approach to cryptosystem was proposed where there was one key to encrypt the plaintext and a different key used to decrypt the ciphertext. The key used to encode the message is public, i.e. it is know to the world. The key that is used to decode the encoded message is private, i.e. this key is only known to the individual. Pictorially we have P = D ( KD, E ( KE, P ) ) 3 Characteristics 1. It must be computationally easy to encipher and decipher a message given the appropriate key. 2. It must be computationally infeasible to derive the private key from the public key 3. It must b e computationally infeasible to determine the private key from a chosen plaintext attack. The above depiction of encoding and decoding a message using public and private keys can be expressed as P = D ( KPub, E(KPri, P)) where KPri is the private key and KPub is the public key. Note: The Public & Private key can be applied in either order. Classical Cryptosystems There are two classical symmetric key ciphers: transposition ciphers and substitution ciphers. We will look at both of these examples. Transposition Cipher Rearrange the characters in the plaintext to form the ciphertext. The letters are not changed. This is really a permutation function. The best attack is a statistical frequency attack. An example of a transposition cipher is the rail fence cipher. Rail Fence Cipher P: H E L L O W O R L D H L W L E O O D L R C: H L W L E O O D L R Susceptible to a frequency of occurrence to discover the transposition Substitution Cipher A substitution cipher changes the characters in the plaintext to produce the ciphertext. The Caesar cipher is an example of a substitution cipher and is shown below. Caesar Cipher The idea again with the Caesar cipher is to shift letters n characters with wrap around. ABCDEFGHIJKLMNOPQRSTUVWXYZ Let’s do a 4 shift P H E L L O C L I P P S P = C = { all sequences of letters } K = { I | I is an integer o I 25 } E = { Ek | k K and p P, Ek(p) = (p + k) mod 26 } D = { Dk | k K and c C, Dk(p) = (26 + c - k) mod 26 } Caesar ciphers are susceptible to statistical attacks. Good Cipher Characteristics In 1949 Shannon proposed the following characteristics for a good cipher: 1. The amount of secrecy needed should determine the amount of labor appropriate for the encryption and decryption This is just common sense in that why spend tons of money on protecting something that has little value? 2. The set of keys and the enciphering algorithm should be free from complexity This implies that we should restrict neither the choice of keys nor the types of plaintext on which the algorithms can work. If the process is too complex, it will not be used. Furthermore, the key must be transmitted, stored, and remembered, so it must be short. 3. The implementation of the process should be as simple as possible. This principle reflects the date when the characteristics were proposed. It references a hand implementation of an encryption algorithm. Today with the computational power that we have, we have very complex encryption algorithms. Still keeping it as simple as possible is a good idea. 4. Errors in ciphering should not propagate and cause corruption of further information in the message. Principle 4 acknowledges that there are errors in the enciphering process, errors in computing, transmission, or human entry.