1. An introduction to cryptography By-Aditya Raina [email protected] I have given history short-shrift in my attempt to get to modern cryptography as quickly as possible.Any mistakes in this document are mine. Please notify me of any that you find at the above e-mail address. Table of contents Part I: Introduction 1 Vocabulary 2 Concepts 3 History 4 Crash Course in Number Theory Part II: Cryptography 5. Simple Cryptosystems 6. Symmetric key cryptography 7. Cryptography Algorithms 7.1 Symmetric key Algorithms 1. Block Ciphers 1. A RIJNDAEL 1. B CAMELLIA 2. Stream Ciphers 2. A RABBIT 8.Finite Fields 9. Modern Stream Ciphers 9.1 RC4 9.2 One-Time Pads 10. Modern Block Ciphers 10.1 Modes of Operation of a Block Cipher 10.2 The Block Cipher DES 10.3 The Block Cipher AES 11. Public Key Cryptography 11.1 Public Key Algorithms 11.1.1. RSA 11.2. Key Management 11.2 .1 Finite Field Discrete Logarithm Problem 11.2.2. Diffie-Hellman Key Agreement 11.3. Elliptic Curve Cryptography 12. Hash functions and Message Authentication Codes 12. a SHA-0, SHA-1 12. b The MD5 hash function 12. c WHIRLPOOL 12. d RIPEMD 12. e SHACAL 12.1 Security of Hash Functions 12.2 MAC 13 Signatures and Authentication 13.1 Public Key digital signatures
2. Part III: Applications of Cryptography 14.1 E-mail Security 14.2 IP-Security 14.3 Web Security 15 Time-stamping 16 KERBEROS 17 Key Management and Salting 18 Quantum Cryptography Part IV: Introduction to System Security 19. Intruders 19.1 Intrusion Detection 20. Password Management 20.1 Password Protection 21. Firewalls 21.1 Firewall Characteristics 22. Cryptography Failures Part V: Cryptanalysis 23 Basic Concepts of Cryptanalysis 23.1 Cryptanalytic Attacks
3. Introduction To Cryptography: A Black Art Cryptography is a fundamental building block for buildinginformation systems, and as we enter the so-called "information age" of global networks, ubiquitous computing devices, and electronic commerce, we can expect that the cryptography will become more and more important with time.It is used to hide information. It is not only use by spies but for phone, fax and e-mail communication, bank transactions, bank account security, PINs, passwords and credit card transactions on the web. It is also used for a variety of other information security issues including electronic signatures, which are used to prove who sent a message. The main goal of cryptography is to adequately address the following four areas in both theory and practice: a)Confidentiality is a service used to keep the content of information from all but those authorized to have it. Secrecyis a term synonymous with confidentiality and privacy. There are numerous approaches to providing confidentiality, ranging from physical protection to mathematical algorithms which render data unintelligible. b)Data integrity is a service which addresses the unauthorized alteration of data. To assure data integrity, one must have the ability to detect data manipulation by unauthorizedparties. Data manipulation includes such things as insertion, deletion, and substitution. 3)Authentication is a service related to identification. This function applies to both entities and information itself. Two parties entering into a communication should identify each other. Information delivered over a channel should be authenticated as to origin, date of origin, data content, time sent, etc. For these reasons this aspect of cryptography is usually subdivided into two major classes: entity authentication and data origin authentication. Data origin authentication implicitly provides data integrity (for if a message is modified, the source has changed). 4)Non-repudiation is a service which prevents an entity from denying previous commitments or actions. When disputes arise due to an entity denying that certain actions were taken, a means to resolve the situation is necessary. For example, one entity may authorize the purchase of property by another entity and later deny such authorization was granted. A procedure involving a trusted third party is needed to resolve the dispute. 1 Vocabulary A plaintext message, or simply a plaintext, is a message to be communicated. A misguided version of a plaintext message is a ciphertext message or simply a ciphertext. The process of creating a ciphertext from a plaintext is called encryption. The process of turning a ciphertext back into a plaintext is called decryption. The verbs encipher and decipher are synonymous with the verbs encrypt and decrypt. In England, cryptology is the study of encryption and decryption and cryptography is the application of them. In the U.S., the terms are synonymous, and the latter term is used more commonly. In non-technical English, the term encode is often used as a synonym for encrypt. To encode a plaintext changes the plaintext into a series of bits (Usually) or numbers (traditionally). A bit is simply a 0 or a 1. There is nothing secret about encoding. A simple encoding of the alphabet would be A! 0,Z! 25. Using this, we could encode the message HELLO as 7 4 11 11 14. The most common method of encoding a message nowadays is to replace it by its ASCII equivalent, which is an 8 bit representation for each symbol. Decoding turns bits or numbers back into plaintext.
4. Plaintext encryption cipher text decryptionplaintext Figure1-1. Encryption and decryption A stream cipher operates on a message symbol-by-symbol, or nowadays bit-by-bit. A block cipher operates on blocks of symbols. A digraph is a pair of letters and a trigraph is a triple of letters. These are blocks that were used historically in cryptography. The Advanced EncryptionStandard (AES) operates on 128 bit strings. So when AES is used to encrypt a text message, it encrypts blocks of 128/8 = 16 symbols. A transposition cipher rearranges the letters, symbols or bits in a plaintext. A substitution cipher replaces letters, symbols or bits in a plaintext with others without changing the order. A product cipher alternates transposition and substitution. The concept of stream versus block cipher really only applies to substitution and productciphers, not transposition ciphers. An algorithm is a series of steps performed by a computer (nowadays) or a person (traditionally) to perform some task. 2. Cryptosystem: In this meaning, the term Cryptosystem is used as shorthand for "cryptographic system". A cryptographic system is any computer system that involves cryptography. Such systems include for instance, a system for secure electronic mail which might include methods for digital signatures, cryptographic hash functions, key management techniques, and so on. Cryptographic systems are made up of cryptographic primitives, and are usually rather complex. Because of this, breaking a cryptosystem is not restricted to breaking the underlying cryptographic algorithms usually it is far easier to break the system as a whole, e.g., through the not uncommon misconceptions of users in respect to the cryptosystem. The systematic arrangement of cypher text can abide the security. Meaning in the context of cryptography: In this meaning, a Cryptosystem refers to a suite of algorithms needed to implement a particular form of encryption and decryption. Typically, a cryptosystem consists of three algorithms: 1. for key generation, 2. for encryption, and 3. for decryption. The term cipher (sometimes cypher) is often used to refer to a pair of algorithms, one for encryption and one for decryption. Therefore, the term "cryptosystem" is most often used when the key generation algorithm is important. For this reason, the term "cryptosystem" is commonly used to refer to public key techniques; however both "cipher" and "cryptosystem" are used for symmetric key techniques. CRYPTOSYSTEMS AND KEYS By definition, a cryptosystem is the combination of three elements: an encryptionengine, keying information, and operational procedures for their secure use.
5. In order to cryptographically secure high-value data on a hard disk (or on back-up media), it is necessary to employ a high-grade cryptosystem: one which even an attacker possessing both a copy of your encryption engine and knowledge of your operating procedures cannot break without your keying information. Cryptanalysis is the process by which the enemy tries to turn Cipher text into Plaintext. It can also mean the study of this. Cryptosystems come in 3 kinds: 1. Those that have been broken (most). 2. Those that have not yet been analysed (because they are new and not yet widely used). 3. Those that have been analysed but not broken. (RSA, Discrete log cryptosystems, Triple-DES, AES). # Three most common ways for the enemy to turn ciphertext into plaintext: 1. Steal/purchase/bribe to get key 2. Exploit sloppy implementation/protocol problems (hacking). Examples: someone usedspouses name as key, someone sent key along with message 3. Cryptanalysis Alice is the sender of an encrypted message. Bob is the recipient. Eve is the eavesdropper who tries to read the encrypted message. 3 History 400 BC Spartan sky tale cipher (sounds like Italy). Example of transposition cipher. Letters were written on a long thin strip of leather wrapped around a cylinder. The diameter of the cylinder was the key. _____________________________ /T/H/I/S/I/S/_/ / / /H/O/W/I/T/ || / /W/O/U/L/D/ / -----------------------------------------------Julius Caesars substitution cipher. Shift all letters three to the right. In our alphabet that would send A! D, B! E, Z! C. Cryptography has a long and fascinating history. The predominant practitio