Cryptography 1
CS432
Overview
 What
is cryptography and cryptology?
 The main components of a crypto system.
 Problems solved by cryptography.
 Basic concepts: symmetric cryptography,
asymmetric cryptography, digital
signatures.
 Types of algorithms and related concepts.
Cryptography and Cryptology

Encryption: transformation of intelligible,
understandable information into unintelligible form to
disguise its meaning and intent from intruders.
 Decryption: The inverse transformation of encrypted
information into intelligible form
 Both encryption and decryption are based on keys. It
should be difficult or impossible to decrypt a message
without knowing the key.
 Cryptography: encryption + decryption.
 Cryptanalysis: analyzing encrypted information with the
intent of recovering the original plain information, without
knowing the key.
 Cryptology: cryptography + cryptanalysis.
The Encryption and Decryption
Process
 The
encryption model
The major components of a crypto
system (the model)






Plain text: the original message before encryption.
Encryption Algorithm: the algorithm used to transform
the plaintext into unintelligible form (the cipher text).
The cipher text: the encrypted text.
Encryption key: the encryption process is always based
on a key.
Decryption Algorithm: used to transforms cipher text
back to plaintext.
The Decryption key: the key used in the decryption
process.
All algorithms must be public; only the keys are secret.
Intruders and Cryptanalysis
 It
is assumed that there is an intruder
who listens to all communications and
he may copy or delete any message


An active intruder modifies some
messages and re-inserts them
A passive intruder just listens
 To
decrypt a message without having a
key, an intruder practices the art of
cryptanalysis
What Does Cryptography Solve?

Confidentiality


Integrity


You can verify that you are talking to the entity you think you are
talking to
Identity


Ensure that message has not been modified during the
transmission
Authenticity


Ensure that nobody can get knowledge of what you transfer even if
listening to the whole conversation
You can verify who is the specific individual behind that entity
Non-repudiation

The individual behind that asset cannot deny being associated with
it
Symmetric Encryption
Clear-text input
Clear-text output
Cipher-text
“An introduction
to cryptography”
“An introduction
to cryptography”
“AxCvGsmWe#4^,
sdgfMwir3:dkJeTs
Y8R\s@!q3%”
DES
DES
Encryption
Decryption
Same key
(shared secret)
Asymmetric Encryption
Clear-text Input
Cipher-text
Clear-text Output
“Py75c%bn&*)9|f
De^bDzjF@g5=&
nmdFgegMs”
“An
introduction to
cryptography”
“An introduction
to cryptography”
RSA
RSA
Encryption
Decryption
Different keys
Asymmetric Encryption

Things to remember about asymmetric keys:

The relation between the two keys is unknown and from one
key you cannot gain knowledge of the other, even if you
have access to clear-text and cipher-text

The two keys are interchangeable. All algorithms make no
difference between public and private key. When a key pair
is generated, any of the two can be public or private
g$5knvMd’rk
vegMs”
Clear
text
Encryption
?
Example: Confidentiality
Clear-text Input
Cipher-text
“An
introduction to
cryptography”
“Py75c%bn&*)9|f
De^bDzjF@g5=&
nmdFgegMs”
public
“An
introduction to
cryptography”
Decryption
Encryption
Recipient’s
public key
Clear-text Output
Different keys
private
Recipient’s
private key
Example: Authenticity
Clear-text Input
Cipher-text
“An introduction
to cryptography”
“Py75c%bn&*)9|f
De^bDzjF@g5=&
nmdFgegMs”
Sender’s
public key
“An introduction
to cryptography”
Decryption
Encryption
public
Clear-text Output
Different keys
private
Sender’s
private key
Creating a Digital Signature
Message or File
Message Digest
This is the
document
created by
Gianni
Ahmed
Digital Signature
(Typically 128 bits)
3kJfgf*£$&
Py75c%bn
RSA
SHA, MD5
Asymmetric
Encryption
Generate
Hash
Calculate a short message
digest from even a long input
using a one-way message
digest function (hash)
priv
Signatory's
private key
Signed
Document
Verifying a Digital Signature
This is the
document
created by
Ahmed
Message Digest
Generate
Hash
Py75c%bn
3kJfgf*£$&
Signed
Document
pub
Gianni's public key
(from certificate)
Digital
Signature
Asymmetric
Decryption
? Compare ?
Py75c%bn
Classification of Ciphers
 Substitution


ciphers
Cesar’s cipher
Affine transformation ciphers
 Transposition
 One-time
ciphers
pad
 Block ciphers
 Exponentiation ciphers

RSA
Substitution Ciphers

Each symbol is replaced by another symbol (Example:
with Latin alphabet, in monoalphabetic substitution, the key
is a 26-letter string that represents the substituting
permutation of the alphabet, so 26! keys are available)
Case study: Caesar cipher (A -> D, B -> E, C->F, …Z->C ),
or
ord (s) = [ord(s) + 3] mod 26.
Letters are packed in equal blocks to prevent cryptanalysis
based on the word length
Case Study: Cesar’s Cipher
Plaintext: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Ciphertext: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
THIS MESSAGE IS TOP SECRET
THISM ESSAG EISTO PSECR ET
19 7 8 18 12 | 4 18 18 0 6 | 4 8 18 19 14 |
15 18 4 2 17 | 4 19|
WKLVP HVVDJ HLVWR SVHFU HW
22 10 11 21 15 | 7 21 21 3 9 | 7 11 21 22
17 | 18 21 7 5 20 | 7 22
Substitution Ciphers
Substitution ciphers are easy to break with a
relatively small amount of ciphertext, using
statistical properties of the language
(frequency of letters, bigrams, trigrams, etc.)
A Cryptanalysis Example
The frequencies of occurrence of letters in English text:
Letter
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Frequency 7 1 3 4 13 3 2 3 8 <1 <1 4 3 8 7 3 <1 8 6 9 3 1 1 <1 2 <1
(Suppose, we know that shift transformation cipher was used)
Ciphertext: YFXMP CESPZ CJTDF DPQFW QZCPY NTASP CTYRX PDDLR PD
Analysis of the frequencies of occurrence of letters in the ciphertext:
Letter
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Frequency 1 0 4 5 1 3 0 0 0 1 0 1 1 1 0 7 2 2 2 3 0 0 1 2 3 2
Guess: P(7) = E(13) => 15 = 4 + k (mod 26) => k = 11.
Plaintext: NUMBE RTHEO RYISU SEFUL FOREN CIPHE RINGM ESSAG ES
(NUMBER THEORY IS USEFUL FOR ENCIPHERING MESSAGES)
Transposition Cipher

All symbols are reordered according to a
permutation specified by the key
Example: WISPER
6253 14
the key—must have no repeated symbols
the relative order of each symbol in the key
“CIS IS THE BEST COLLEGE IN TOWN”
CISIST
HEBEST
COLLEG
EINTOW
Nxxxxx
plaintext is written in rows of the key’s size
the last row is padded
Transposition ciphers can also be broken by guessing the key
1 using
2 3 statistical
4
5 analysis
6
size and
when the cryptanalyst knows
SOXLEIEEGTTHUTTMNY (ciphertext is written in columns
that permuted
it is a transposition
in the order cipher.
of key’s symbols)
Transposition Ciphers
CISIST
HEBEST
COLLEG
EINTOW
Nxxxxx
plaintext is written in rows of the key’s size
the last row is padded
WISPER
6253 14
SIITSC
SEETBH
EOLGLC
OITWNE
XXXXXN
Cipher Text:
SSEOX IEOIX IELTX TTGWX SBLNX CHCEN
One-Time Pad Ciphers
Any bit sequence the size of plaintext can be a key. Each bit of
plaintext is XOR-ed with the corresponding bit of the key to
produce a bit of the ciphertext
K E  K=D
Example:
x  y  ( x  y )  ( y x )
+ (XOR)
0
1
0
0
1
1
1
0
Plaintext: 001110011010010110
Key: 100100100111110110
Ciphertext: 101010111101100000
One-time Pad is unbreakable;
however key distribution is a big
problem…
Block Ciphers (Affine Transformation)
 Key:


A is a square integer matrix of order n
such that (|A|, 26) = 1
B is an n-vector of integers
 The
ciphertext is split into blocks of
length n; the last block is padded
 For each block P, compute
C = (AP + B) (mod 26)
Exponentiation Ciphers
Given:
 p is a prime
 The key, e > 0 satisfies: (e, p-1) = 1
Plaintext: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
1. Group the resulting numbers into blocks of 2m decimal digits, where m is
the largest even integer such that the decimal value of each block is less
than p
e
2. For each plaintext block, P, compute a ciphertext block C = P (mod p)
d
3. To decipher, find d such that de ≡ 1 (mod p-1) and compute P = C (mod p)
d
C ≡P
ed P ≡ Pk(p-1)+1 ≡ [P (p-1)]kP ≡ P (mod p) (By Fermat’s Little Theorem)
Plaintext: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Exponentiation Ciphers: An Example



p = 2633;
d = 2269
the key e = 29; (e, p-1) = (29, 2632) =
2269*2622 ≡ 1 (mod 2622)
1;
BlockTHIS
length
is 4EXAMPLE
(m=2)
IS AN
OF AN EXPONENTIATION CIPHER
190729 ≡ 2199 (mod 2633)
1907 0818 0818 0013 0423 0012 1511 0414 0500 1304 2315 1413 0413 1908 0019
0814 1302 0815 0704 1723
2199 1745 1745 1206 2437 2425 1729 1619 0935 0960 1072 1541 1701 1553 0735
2064 1351 1794 1841 1459
21992269 ≡ 1907 (mod 2633)
One Immediate Application:
The Diffie-Hellman Algorithm
Problem: Establish common keys (for symmetric cryptography) to be used by two
individuals so that intruders cannot discover them in a feasible amount of computer time.
Let
These are known to all!
• p be a large prime
• a be an integer relatively prime to p
Pick k1 relatively prime
to p-1
Pick k2 relatively prime
to p-1
y1  a k1 (mod p), 0  y1  p
y2  a k2 (mod p), 0  y2  p
K  y2 1 (mod p)  a k 2 k1 (mod p ), 0  K  p
k
= K  y1
k2
(mod p)  a k1k2 (mod p), 0  K  p
A Simple Example of a DH
Exchange
p =17
a=2
k1 = 3
k2 = 5
y1  a k1 (mod p)  8(mod 17)  8
y2  a k2 (mod p)  32(mod17)  15
K  y2 1 (mod p)  3375(mod 17)  9
k
=
K  y1 2 (mod p)  32768 (mod 17)  9
k
KD  KE
Modern Symmetric-Key Algorithms
 Combine
transpositions and
substitutions and cascade them to
make the algorithms very complex (to
prevent cryptanalysis even when large
amounts of ciphertext are available)S S
4 to 2 encoder
 Often use block ciphers
T S T S
2 to 4 decoder
T
4-bit transposition (T)
2-bit substitution (S)
S
S
T
S
S
Cascading into a
product
Some Common Symmetric-Key
Cryptographic Algorithms
(after A. Tanenbaum)
Cipher
Key size (bits)
Characteristics
Rijndael
Triple DES
Serpent, Twofish
128-256
168
128-256
Best
Second best
Very strong
IDEA
RC5
RC4
128
128-256
1-2048
Good (but patented)
Good (but patented)
Some keys are weak
DES
56
Weak
Public-Key Cryptography
A (public key, private key) pair


Publish the public key (= encryption key) K E
Keep the private key (= decryption key) K D secret
Two essential requirements:
1) K D  K E  I
2) It is very hard (i.e, computationally infeasible)
to obtain K D from K E
K E (M );

To send a message M to you, I send

You decrypt it, obtaining: K D ( K E (M ))  M .
RSA (Rivest, Shamir, Adleman)

Parameters: p, q, n, z, d, e






The probability that P and
n are not relatively prime
is extremely low!
Choose, large (1024 bits) primes: p, q
Compute n = pq, z = φ(n) = (p-1)(q-1)
Choose the exponent e relatively prime to z
Find d: ed ≡ 1(mod z)
Keys: public, (e, n); private, (d, n);
Encryption and decryption:



Brake the plaintext into largest equal even-digit blocks (P) shorter than n
bits
Encrypt each block P by computing C = E(P) ≡ Pe (mod n)
Decrypt C by computing D(C) ≡ Cd (mod n) ≡ Ped (mod n) ≡ Pkφ(n)+1
(mod n) ≡ Pkφ(n) P(mod n) ≡ P(mod n)
Euler’s Theorem:
If n > 0 and e and d are integers, such that (a, m) = 1, then aφ(m) ≡ 1 (mod m).
Plaintext: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
RSA: An Example



Public key: (13, 2357)
Private key: (937, 2357)
p = 43, q=59; n = 43*59 = 2357; φ(n) = 42*58 =2436
d = 937
937* 13 ≡ 1 (mod 2436)
Exponent e = 13; (e, φ(n) ) = (13, 42*58) = 1;
Block length is 4
PUBLIC KEY CRYPTOGRAPHY
152013 ≡ 95 (mod 2537)
1520 0111 0802 1004 2402 1724 1519 1406 1700 1507 2423
E(P) ≡ Pe (mod n)
0095 1648 1410 1299 0811 2333 2132 0370 1185 1457 1084
0095937 ≡ 1520 (mod 2537)
P ≡ Cd (mod n)
Properties of RSA



The algorithm is secure because of the difficulty of
factoring N. Factoring a 500-digit number should
take 1025 years using a CPU with 1 microsecond
instruction time
Encryption and decryption are inverse and
commutative (an important property for digital
signatures)
The algorithm is slow (compared to DES and other
symmetric algorithms with much shorter keys)
RSA may be prohibitively slow when dealing with large blocks
of data. It is typically used for one-time session key distribution
for a symmetric-key algorithm (such as triple-DES)