This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
CRYPTOGRAPHCRYPTOGRAPHYY
Presented by:Presented by:
Debi Prasad MishraDebi Prasad Mishra
Institute of Technical Education & ReaserchInstitute of Technical Education & Reaserch
Here Y’ ->fraudulent message modified by an interceptor or eavesdropper
Block CiphersBlock Ciphers
•Block ciphers are normally designed in such a way that a small change in an input block of plaintext produces a major change in the resulting output.
•This error propagation property of block ciphers is valuable in authentication in that it makes it improbable for an enemy cryptanalyst to modify encrypted data, unless knowledge of key is available.
Stream ciphersStream ciphers
Whereas block ciphers operate on large data on a block-by-block
basis, stream ciphers operate on individual bits.
Let xn -> Plaintext bit; y ->ciphertext bit; z ->keystream bit at nth instant
A binary additive stream cipher has no error propagation; the decryption of a distorted bit in the ciphertext affects only the corresponding bits of the resulting output.
Stream ciphers are generally better suited for secure transmission of data over error – prone communication channels; they are used in application where high data rates are a requirement (as in secure video) or when a minimal transmission delay is essential.
Requirement of SecrecyRequirement of Secrecy
ASSUMPTION:-
An enemy cryptanalyst has knowledge of the entire mechanism used to perform encryption, except for the secret key.
Requirement of SecrecyRequirement of Secrecy continued…continued…
Attacks employed by enemy cryptanalyst: Ciphertext-only attack
Access to part or all of the ciphertext Known-plaintext attack
Knowledge of some ciphertext:-plaintext pairs formed with the actual secret key
Chosen-plaintext attackSubmit any chosen plaintext message and receive in
return the correct ciphertext for the actual secret key. Chosen-ciphertext attack
Choose an arbitrary ciphertext and find the correct result for its decryption.
Information theoretic Information theoretic approachapproach
• In Shannon model of cryptography (published in Shannon’s 1949 landmark paper on information-theoretic approach to secrecy systems)
ASSUMPTION:-
1. Enemy cryptanalyst has unlimited time & computing power.
2. But the enemy is presumably restricted to ciphertext-only attack.
• The secrecy of the system is said to be broken when decryption is performed successfully, obtaining a unique solution to the cryptogram
Information theoretic Information theoretic approach approach (continued…)(continued…)
Let X = {X1, X2, …, XN} ->N-bit plaintext message, Y = {Y1, Y2, …,YN} ->N-bit cryptogram
Secret key Z is assumed to be determined by some probability distribution
Let H (X) ->uncertainty about x H (X | Y) ->uncertainty about X given knowledge of Y
Now, mutual information between X & Y,
I (X;Y) = H (X) – H(X | Y)
represents a basic measure of security in the Shannon model.
Perfect SecurityPerfect SecurityAssuming that an enemy cryptanalyst can observe only the
cryptogram Y, for perfect security X & Y should be statistically independent.
I (X;Y)=0 =>H (X) = H (X|Y) …………….......(1)Given the secret key Z; H (X|Y) ≤ H (X; Z|Y) = H (Z|Y) + H (X|Y,Z) …(2)H(X|Y,Z)=0; iff Y & Z together uniquely determine XEquation 2 can be rewritten as H(X|Y) ≤ H(Z|Y) ≤ H(Z) …………(3)With equation 3 equation 1 becomes H(Z) ≥ H(X) ……………………………..(4)Is called Shannon’s fundamental bound for perfect security.
Result: The key must be at least as long as the plaintext.
Diffusion & ConfusionDiffusion & Confusion In diffusion, statistical nature of the plaintext is hidden by
spreading out the influence of single bit in plaintext over large number of bits in ciphertext.
In confusion, the data transformations are designed to complicate the determination of the way in which the statistics of ciphertext depend on that of the plaintext.
Practicability of CipherFor a cipher to be of practical value 1. It must be difficult to be broken by enemy cryptanalyst.2. It must be easy to encrypt & decrypt with knowledge of
secret key.
Substitution cipherSubstitution cipherEach letter of plaintext is replaced by a fixed substitute.
For plaintext X = {x1,x2,x3,x4,…)
ciphertext Y ={y1,y2,y3,y4,,…)
={f(x1),f(x2),f(x3),f(x4),….}
Transposition cipherTransposition cipher•The plaintext is divided into groups of fixed period d & the same permutation is applied to each group.
•The particular permutation rule being determined by the secret key.
Data Encryption StandardData Encryption Standard(DES)(DES)
It is the most widely used secret-key cryptalgorithm. It operates on 64-bit plaintext and uses 56-bit key. The overall procedure can be given as
P-1{F[P(X)]}
where, X->plaintext
P->certain permutation
F->certain transposition & substitution
F is obtained by cascading a certain function f, with each stage of cascade referred as around.
There are 16 rounds employed here.
How DES works?How DES works?
DES operates on 64-bit of data. Each block of 64 bits is divided into two blocks of 32 bits each, a left half block L and a right half R.
Courier service or registered mail for key distribution is costly, inconvenient & slow
Requirement of large network
For n user channels required n*(n-1)/2
This large network leads to use of insecure channel for key distribution & secure message transmission.
Public-key CryptographyPublic-key Cryptography It contains two components.
Private component, known to the authorised user only
Public component, visible to everybody Each pair of keys must have two basic properties.
Whatever message encrypted with one of the keys can be decrypted by the other key.
Given knowledge of the public key, it is computationally infeasible to compute the private key.
The key management here helps in development of large network.
Diffie-HellmanDiffie-Hellman Public-key Distribution Public-key Distribution
It uses the concept that, it is easy to calculate the discrete exponential but difficult to calculate discrete logarithm.
Discrete exponential : Y = αX mod p, for 1≤ X ≤p-1
Discrete logarithm : X = logαY mod p, for 1≤ Y≤p-1
All users are assumed to know both α, p.
A user i, selects an independent random number Xi,
uniformly from the set of integers {1, 2,…, p} that is kept private.
But the discrete exponential Yi = αXi mod p is made public.
Diffie-HellmanDiffie-Hellman Public-key Distribution Public-key Distribution
continued… continued… Now, user I & j want to communicate. To proceed, user i fetches Yj from public directory & uses the private Xi
to compute
Kji =(Yj)Xi mod p
=(αXj)Xi mod p
=αXjXi mod p In a similar way, user j computes Kij. But we have
Kij = Kji
For an eavesdropper must compute Kji from Yi & Yj applying the formula
Kji =(Yj)log Yi mod p
Since it involves discrete logarithm not easy to calculate.
Rivest-Shamir-AdlemanRivest-Shamir-Adleman(RSA) System(RSA) System
It is a block cipher based upon the fact that finding a random prime number of large size (e.g., 100 digit) is computationally easy, but factoring the product of two such numbers is considered computationally infeasible.
RSA algorithmRSA algorithm1. Key Generation
2. Generate two large prime numbers, p and q
3. Let n = p*q
4. Let m = (p-1)*(q-1)
5. Choose a small number e, coprime to m
6. Find d, such that de % m = 1
Encryption
C = Pe % n
Decryption
P = Cd % n
x % y means the remainder of x divided by y
Publish e and n as the public key.
Keep d and n as the secret key.
To be secure, very large numbers must be used for p and q - 100 decimal digits at the very least.
RSA : An IllustrationRSA : An Illustration Generate two large prime numbers, p and q
To make the example easy to follow I am going to use small numbers, but this is not secure.
Lets have: p = 7;q=19 Let n = p*q = 7 * 19 = 133 Let m = (p - 1)*(q - 1) = (7 - 1)(19 - 1) = 6 * 18 = 108 4) Choose a small number, e coprime to m
n = 0 => d = 1 / 5 (no); n = 1 => d = 109 / 5 (no);n = 2 => d = 217 / 5 (no); n = 3 => d = 325 / 5 = 65 (yes!)
RSA : An IllustrationRSA : An Illustration continued…continued…
Public Key: n = 133; e = 5 Secret Key: n = 133; d = 65
Encryption lets use the message "6" .
C = Pe % n = 65 % 133= 7776 % 133 = 62
Decryption
P = Cd % n = 6265 % 133 = 6
Digital Signature:Digital Signature: A hybrid approachA hybrid approach
The most useful requirements for a digital signature is
authenticity and secrecy.
RSA provide an effective method for key management,
but they are inefficient for bulk encryption of data.
DES provide better throughput, but require key
management.
So, a combinational approach can be considered for
practical usability, e.g., RSA may be used for
authentication and DES used for encryption.
ReferenceReference Simon Haykin, Communication Systems, 4th ed. (New York: John
Wiley & Sons, 2004) Martin A. Hellman, “An overview of public key cryptography,” IEEE
communications magazine, vol. 16, no. 6, November 1978. C. E. Shannon, “A mathematical theory of communication,” Bell
system technical journal, p. 623, July 1948. Gary C. Kessler, “An overview of cryptography,” May 1998 edited version of Handbook on Local Area Networks
(Auerbach, September 1998) http://orlingrabbe.com/ www.rsasecurity.com www.wikipedia.com www.bambooweb.com