251959084756578934940271832400483985714 292821262040320277771378360436620207075 955562640185258807844069182906412495150 821892985591491761845028084891200728449.

25195908475657893494027183240048398571429282126204032027777137836043662020707595556264018525880784406918290641249515082189298559149176184502808489120072844992687392807287776735971418347270261896375014971824691165077613379859095700097330459748808428401797429100642458691817195118746121515172654632282216869987549182422433637259085141865462043576798423387184774447920739934236584823824281198163815010674810451660377306056201619676256133844143603833904414952634432190114657544454178424020924616515723350778707749817125772467962926386356373289912154831438167899885040445364023527381951378636564391212010397122822120720357

Breaking Cryptography

Parallel Decryption

Brad HeapMay 2009

Encryption 101

Requires Code Breaking

Sender

Receiver

Message Compromised Without Encryption

Types of Algorithms

• Symmetric Key– Both sender and receiver need the same key to

encrypt and decrypt message.– Fast to encode and decode.– Some algorithms allow for multiple encoding

passes.

Types of Algorithms

• Asymmetric Key (Public/Private Key)– Sender and receiver need different keys to encrypt

and decrypt messages. – Public Key is a semi-prime calculated from two

long prime numbers (the private key)– Sender encodes messages as blocks raised to nth

power.– Slow to encode and decode.– Often Symmetric Key is encoded in Asymmetric at

start of message and rest of message is Symmetric.

One Way Messages

• One Way– Primarily used as a check or where the plaintext is

irrelevant... e.g.:• EFTPOS Card Pin Numbers.• Data Integrity... MD5 Checksum.

– Vulnerable to collisions. • e.g. Pin: 1234, Checksum: 1 + 2 + 3 + 4 = 9 • Another pin was 2341, Checksum 2 + 3 + 4 +1 = 9. • In this example a wrong pin number could still give out

cash.

Breaking the Key

• Brute Force– E.g. 1 You know a key is a 16 digit number• 10 Possible Numbers Per digit• Permutations: 9,999,999,999,999,999 combinations to

check. • Checking Process is naturally parallel.• Assume 256 node cluster at 100 checks per second.• Maximum Time: 390,624,999,999 seconds (12,735

years)

Breaking the Key

• Brute Force– E.g. 2 You know a key is 8 alphanumeric

characters.• 90 Possible Characters Per character.• Permutations: 4,304,672,100,000,000 combinations to

check. • Checking Process is naturally parallel.• Assume 256 node cluster at 100 checks per second.• Maximum Time: 168,151,253,906 seconds (131,573

years)

Breaking the Key

• With modern codes Brute Force is often not a viable solution.

• However knowledge is power, and the more we know about the design of the key and/or algorithm used for encoding the more that we can learn about its structure...

• Therefore we can dramatically reduce the number of keys to check.

Dictionary Attack

• E.g. 1 Assume we have learnt that the 16 digit number is a prime. There are 29,844,570,422,669 16 digit primes.

• Assuming same computing power as before it would now only take a maximum of 1,165,803,532 seconds (912 years) to break.

Dictionary Attack

• E.g. 2 Assume we have learnt that the 8 characters spell a word. There are around 100,000 words in English.

• Let us assume it can have a number and order of capital and lowercase letters, leaving us with 2,965,420,000 possible orders.

• Assuming same computing power as before it would now only take a maximum of 115,836 seconds (32 hours) to break.

Random Numbers

• A secure key or encryption algorithm routine is one that is relies completely random numbers and cannot be guessed or predicted.

• However generating true random numbers is very hard.

• Both humans and computers are vulnerable to creating “random” numbers through patterns or sequences which can be worked out.

Random Number Conjecture

• If it is possible to build a true random mechanical random number generator, would it be possible to generate a computer simulation of this number generator?

• If so is the mechanical simulator truly random?

Trapdoor Function

• Some encryption algorithms have special functions that can be applied to the encrypted data without a key to reveal the encoded messages.

• These functions are often deliberately encoded into an algorithm so that the government or other source of authority can still check/read the data.

• Without knowledge of a trapdoor breaching it is a very complex and time consuming task.

Breaking the Text - Pattern Matching

• Sometimes in it impractical to try and break the key. In this case trying to work out words contained in the encoded text can lead to a break through.

• E.g:• Cipher Text: +83(88• Guessing that the ‘8’ is really a ‘e’: +e3(ee• Plain Text: degree

Pattern Matching – Image Example

• Messages are not always hidden in text format.

• Data can be hidden in images. Guessing the algorithm or where the data is stored can be tricky. E.g.

• By removing all but the last 2 bits of each color component, an almost completely black image results.

• Making the resulting image 85 times brighter results in:

Permutations

• A curse of the brute force attack is the numbers of permutation of numbers that need to be checked.

• In permutations of a set alphabet there will be a huge number of permutations that are so similar to the original alphabet that they will never be used in code.

• For instance a 4 letter alphabet ABCD.• There are 24 permutations. However 21 of the

Permutations either transpose or reverse onto themselves.

Permutations

• For instance Permutation: DACB. • Cannot be used because C will also transpose

to C hence so will never been encoded.• For instance Permutation: BADC• Cannot be used because if you encode text a

second time with the Permutation you will decode it.

• Only DCBA, CDAB, BADC are permutations that do not transpose onto themselves.

Permutations

• Having Permutations that transpose onto themselves is a weakness in a code because it can fail to encode some data.

• However limiting what permutations of a set alphabet that can be used can make the code weaker as there is less permutations to check.

• “Damned if you do, damned if you don’t.”

Summary

• Code cracking is a naturally Parallel exercise. • Even with the most powerful systems a brute

force attack is practically impossible.• However, the more you can learn about how a

code operates the more easy it becomes to crack.

Further Thoughts

• Other Ways to Keep a Secret:– CA Authority– Salting– One Time Pad– Quantum Encryption

Quantum Encryption

Further Reading

• Code Breaking. Rudolf Kippenhahn. 1999.• The Code Book. Simon Singh. 2000.• A good maths text-book. Particularly something on discrete

mathematics. • How Encryption Works. Jeff Tyson.

http://computer.howstuffworks.com/encryption.htm• How Quantum Cryptology Works. Josh Clark.

http://science.howstuffworks.com/quantum-cryptology.htm

• Cryptanalysis. Wikipedia. http://en.wikipedia.org/wiki/Cryptanalysis