Crypto Basics Symmetric Source: Wikipedia Caesar Cipher (~49 BC) HELLO WORLD LIPPS ASVPH Caesar Cipher (~49 BC) HELLO WORLD LIPPS ASVPH Special case of Viginere cipher Viginere Cipher (1553) HELLO WORLD LFNPP YSSNH Key is “412” Key as long as message == “One Time Pad” William and Elizabeth Friedman ● Met while analyzing Shakespeare ciphers at Riverbank Laboratories – “William Friedman wrote Shakespeare's plays” ● Elizabeth solved ciphers of alcohol and drug smugglers ● William led a team that solved PURPLE The Codebreakers by David Kahn Index of coincidence ● Measures the unevenness of the cipher letter frequencies ● How likely it is to draw the same letter twice from a given text ● Calculate for different Viginere cipher key lengths, incorrect lengths will have lower ICs ● From Wikipedia article on “Index of Coincidence”: – English: 1.73 – French 2.02 – Italian 1.94 Substitution Cipher (before 49 BC?) HELLO WORLD TNWWX DXPWE Zodiac cipher Image from wikia Permutations of ABCD ABCD ABDC ACBD ACDB ADBC ADCB BACD BADC BCAD BCDA BDAC BDCA CABD CADB CBAD CBDA CDAB CDBA DABC DACB DBAC DBCA DCAB DCBA Bitwise XOR 00101010 b ⊕10000110 b =10101100 b Bitwise XOR as a cipher itself ● Typically used by malware, 8 or 32 bits – WEP had similar problems ● (B xor K) xor K = B ● (A xor K) xor (B xor K) = A xor B ● (0 xor K) = K ● (K xor K) = 0 ● Frequency analysis or brute force Data Encryption Standard (1977) Feistel structure Source: Wikipedia 56 bit key What 56 bits looks like By The original uploader was Matt Crypto at English Wikipedia Later versions were uploaded by Ed g2s at en.wikipedia. - http://w2.eff.org/Privacy/Crypto/Crypto_mi 0100010011101110111000101011 sc/DESCracker/ (Via en:)., CC BY 3.0 us, https://commons.wikimedia.org/w/index.ph 0101001001001111011111010001 p?curid=2437815 256 = 7.2 * 1016, or 72 quadrillion Source: Wikipedia Advanced Encryption Standard (2001) Substitution Permutation Network Source: Wikipedia What 128 bits look like 1010010101010101 0100010110010101 0100100101011101 1111011011011100 0010001010101110 1110110110001100 0001011101100001 1111110000110001 2128 = 340,282,366,920,938,463, 463,374,607,431,768,211, 456 ...or, ~340 undecillion 2256 = Roughly 1.15 * 1077 Estimated number of molecules in the known universe is between 1078 and 1082 Common symmetric algorithms ● DES (56-bit) and 3-DES (56, 112, or 168 bits) – DES is outdated, no good reason to use 3- DES that I know of ● AES (128, 192, or 256 bits) – Recognized standard ● Blowfish (32 to 448 bits, see also twofish and threefish) – Common, fairly good choice ● TEA (128 bits) – Simple to implement Common symmetric algorithms (continued...) ● RC4 (40-2048 bits) – Stream cipher, don't reuse key material ● IDEA (128 bits) – Cannot be expanded to larger key sizes ● Camellia (128, 192, or 256 bits) – Good alternative to AES ● Bitwise XOR (8 or 32 bits), ROT13 (e.g., WHAT→JUNG) – Terrible choices, but you'll see them... Cipher modes ● ECB, CBC discussed on next slides ● Also Counter Mode, Galois Counter Mode, Cipher Feedback, Output Feedback – Parallelization and other features Electronic Codebook (ECB) Image stolen from Wikipedia Cipher Block Chaining (CBC) Image stolen from Wikipedia ECB is generally bad Image stolen from Wikipedia Hash algorithms Image stolen from Wikipedia Common hash algorithms ● MD5 (128 bits) – Flawed, but still very common ● SHA-1 (160 bits) – “Not considered secure against well- funded opponents” -Wikipedia ● SHA-3 (224 to 512 bits) – Adopted in August 2015 ● CRC32 – Not cryptographic, very poor choice MAC ● Message Authentication Code – Effectively a keyed hash function ● Why not just hash the ciphertext and encrypt that? Preview of asymmetric crypto ● Key agreement ● Signatures ● Other applications of asymmetric crypto ● Quantum computers Symmetric Source: Wikipedia Preview of cryptanalysis... ● Symmetric attack types: Ciphertext-only, known plaintext (e.g., linear cryptanalysis), and chosen plaintext (e.g., differential cryptanalysis) – Chosen ciphertext for, e.g., padding oracles ● Asymmetric desired properties: Indistinguishability under Chosen Plaintext (IND-CPA), Chosen Ciphertext (IND-CCA, IND-CCA2) – Malleability of RSA (need something like OAEP) ● Man-in-the-middle attacks ● Birthday attacks ● Attacks on hash functions, like preimage attacks Cryptography Engineering by Ferguson et al. .