06-20008 Cryptography The University of Birmingham Autumn Semester 2009 School of Computer Science Volker Sorge 29 September, 2009 Handout 0 General Information Staff Dr Volker Sorge Teaching Assistant Office: 207 Ms Katrina Samperi Tel: 43746 Office: 117 Email: [email protected] Tel: 43707 Office hours: Tuesdays, 3–4pm Email: [email protected] URL: www.cs.bham.ac.uk/∼vxs URL: www.cs.bham.ac.uk/∼kxs401 Lectures Tuesdays, 2pm–3pm, Watson LTC (Building R15 on the Campus Map) Friday, 11am–12pm, Gisbert Kapp LT1 (Building G8 on the Campus Map) Exercises Friday, 3pm–4pm, Sport & Exercise Science LT3, (Building Y14 on the Campus Map) There will be no exercise class in the first week of term! Handouts ... will be provided (normally) on a weekly basis. Sources for all handouts (in PS and PDF format) will be kept on the webpage. Spare copies are kept in the School Library. The handouts will come in three parts: General lecture notes, Mathematical topics, and a Glossary. The latter two are intended for looking things up when going through the lecture notes. Assessment ... is in two parts: Exam: 80% of your course mark will be determined by a 1.5-hour examination in May (or early June). Continuous Assessment:20% of the mark is determined by continuous assessment. Most handouts will contain an exercise section together with a deadline for handing in the solutions (usually every week). Each exercise is worth a certain number of points. The total number of points throughout the term will add up to 120% of marks. However, maximally 100% of marks can be counted for he assessment mark, and every mark above 100% will be capped at 100%. Homework must be handed in through one of the departmental pigeon holes on the Ground Floor (next to the General Office) by the given deadline. Late submissions will not be accepted because I will provide model answers to all exercises. Exercises are of a style similar to those appearing in the May examination and they will be discussed in the exercise classes. However, I will throw in the occasional programming exercise. Programming exercises can be done in a programming language of your choice, provided that it is available under Linux on the School computers. Solutions to programming exercises consist of the (commented) code, brief instructions how to run it, and solutions to the questions posed in the exercises. Instructions how exactly to hand in programming exercises will be given later. 1 Policy on plagiarism: As preparation for the May exam I recommend that you attempt the exercises individually, but you may still find it helpful to discuss the assignments with others. In any case, work submitted must be formulated by yourself. If I find evidence of plagiarism then I will award zero marks, irrespective of whether you copied from others or whether your work was copied by others. More serious cases will be dealt with according to the School’s policy on plagiarism, a copy of which is kept at http: //www.cs.bham.ac.uk/resources/studentinfo/plagiarism.htm Anonymous marking and Data Protection Act: We are required to mark anonymously wherever possible. There is no reason why I should not follow this rule for the exercises in this course. Please note, however, that this means that you always have to write your registration number on your submitted work. Since lecturing staff are not allowed to see lists which contain both name and registration number of students I cannot infer your registration number from your name. Scripts which do not contain the registration number will have to be ignored. Scripts with both registration number and name can not be returned! Resits There is one resit opportunity for this course in September 2008 for students that are eligible. Please consult http://www.cs.bham.ac.uk/internal/modules/resit.html for eligibility cri- teria. Textbooks It is not necessary for you to buy a textbook for this course as the handouts should be sufficiently detailed for revision and self-study. Some students, however, do like to see the material explained by another au- thor and this can help to understand the more difficult parts. You can examine some of these textbooks in the Central Library and the School Library. Texts accompanying the lecture: Fergueson, Schneier: Practical Cryptography. John Wiley & Sons, 2003. Schneier: Applied Cryptography. John Wiley & Sons, 1996. Second edition. Menezes, Oorschot, Vanstone: Handbook of Applied Cryptography, CRC Press, 1996. http://www.cacr.math.uwaterloo.ca/hac/ Smart: Cryptography: An Introduction. McGraw Hill, 2003. [The book is no longer in print, but you can download a newer edition at: http://www.cs.bris.ac.uk/∼nigel/Crypto Book/book.ps] A book on programming: Hook: Beginning Cryptography with Java. John Wiley & Sons, 2005. Some more advanced, mathematical material: Catalano, Cramer, Damgard, diCrescenzo, Pointcheval, Takagi: Contemporary Cryptology. Springer, 2005. Web page There is additional information about the syllabus and textbooks on the web page at http://www.cs.bham.ac.uk/∼vxs/teaching/crypt/ 2 Tentative Syllabus • Overview on Historical Ciphers • Symmetric Ciphers – Block Ciphers ∗ DES (Feistel) ∗ AES (RIJNDAEL) ∗ Cryptomeria, AACS – Stream Ciphers ∗ Pseudo-random generators/functions ∗ LFSR ∗ RC4, CSS – Key Exchange and Management ∗ Diffie-Hellman-Merkle, Needham-Schroeder – Cryptographic Hash Functions ∗ Merkle-Damg˚ard ∗ MD4, MD5, SHA-1 – Message Authetication Codes • Asymmetric Ciphers – Public Key Cryptography – ElGamal, Cramer Shoup – Diffie-Hellman, RSA • Digital Signatures – Schnorr Signatures, DSA • Certificates – VeriSign, PGP • Commitment Schemes, Zero Knowledge Proofs • Quantum Cryptography (A guest lecture by Iain Styles) Some of the Mathematical topics we will touch on: • Permutations • Modular Arithmetic and Residue Classes • Finite Fields • Matrix Arithmetic • Discrete Logarithm and Subgroups • Arithmetic Modulo a Composite ; 3 06-20008 Cryptography The University of Birmingham Autumn Semester 2009 School of Computer Science Volker Sorge 29 September, 2009 Handout 1 Summary of this handout: Overview of historical cryptographic techniques — Definition of some im- portant cryptographic concepts — Math: Permutations and Residue Classes I. Historical Overview 1. Secret Writing Communicating secretly in writing is probably as old as writing itself. Already the Egyptians are known to have included secret hieroglyphs in their writing. In ancient times secret writing has mainly been used for religious purposes and mysticism. In the classical antiquity are the first accounts of secret writing being used for military purposes by the ancient Greeks. From there on the ability to secretly pass messages was a major factor for military and diplomatic communication. It is therefore little surprising that many of the techniques for secret communication known today have been developed by government agencies and often only made known to the public long after their invention. Since the ancient Greeks many methods of exchanging secret messages have been developed (and successfully broken). This handout gives an overview over some of the historical techniques and also introduces some basic and simple mathematical concepts used. The Science of Secret Writing can be roughly divided into the following branches: Steganography Code Secret Writing Substitution Cryptography Cipher Transposition 2. Hiding Messages The best form of sending a secret message is by concealing that a message has been sent. The study of how to effectively hide messages such that only the intended receiver can find them is called Steganog- raphy. Traditionally secret messages used to be hidden physically, for instance by using invisible ink, or within unobtrusive communications. Nowadays there are many more ways of sending concealed mes- sages, for instance by hiding them in unsuspicious file formats, such as pictures or sound files, or in propaganda videos. In this course we will be not concerned with techniques to hide messages but only with hiding the information contained in a message. 3. Scrambling Messages In many situations it is obvious that messages are sent. For instance, it is clear that during a phone conversation some information is communicated, thus “hiding the message” is essentially impossible. To guard against interception or eavesdropping, messages can be scrambled in a way that they only make sense to the receiver but not to an uninitiated eavesdropper. The scientific study of scrambling messages is the mathematical discipline of Cryptography. In this handout I will give a short overview over some historical cryptographic techniques and their underlying mathematics. 4. Cryptography can be divided into two main branches: Transposition techniques encrypt messages by permuting the components of a message within itself. Substitution techniques encrypt messages by replacing the components of a message. There are two main branches for substitution techniques: 4 Codes are algorithms that substitute entire words or phrases of a message, i.e. they work on a level of meaning. Ciphers are algorithms that substitute the single letters or characters of a message, i.e. they work on a level of individual letters, small groups of letters, or individual bits. 5. Some basic definitions Let’s first define some more concepts that will be useful throughout the lecture. Encrypt The process of scrambling a message. Decrypt The process of unscrambling a message. Encode The process of encrypting a message with respect to some code. Decode The process of decrypting a message with respect to some code. Encipher The process of encrypting a message with respect to some cipher. Decipher The process of decrypting a message with respect to some cipher. Plaintext A message before it is encrypted. Codetext An encoded message. Since we will concentrate on ciphers in this lecture we will rarely use this term. Ciphertext An enciphered message. Cryptography The science of keeping messages secure. Cryptographer A practitioner of cryptography. Cryptanalysis The science of breaking ciphertexts. While we will mainly concentrate on cryptography in this course I will also discuss some cryptanalytic techniques.