Cryptography: RSA & DES Marcia Noel Ken Roe Jaime Buccheri
Jan 23, 2016
Cryptography: RSA & DES
Marcia NoelKen RoeJaime Buccheri
Cryptography is the science of writing in secret code. The first documented use of cryptography in writing dates back to circa 1900 B.C. by an Egyptian scribe.
Primary users of cryptography were…. Government classified systems Military Financial Institutions
Today it is used for… email credit card transactions sensitive company info personal info passwords
The basis of cryptography is to protect data from theft or alteration when communicating over an un-trusted medium.
Some specific security requirements for application to application communication:
. Authentication: proving ones identity. Privacy/confidentiality: ensuring that no one except
intended receiver can read the message. Integrity: assuring the receiver, the received message
has not been altered in any way from the original. Non-repudiation: proving that the sender really sent
the message. Prevents the sender from denying having sent the message.
Three types of cryptographic schemes used to accomplish these goals:
Secret key cryptography (symmetric) uses a single key for both encryption and decryption.
Public key (asymmetric) uses one key for encryption and another for decryption.
Hash functions uses mathematical transformation to irreversibly “encrypt information”.
Two Key Words In Cryptography
Encryption: transformation of data into a form that is close to impossible to read without a key.
Decryption: the transformation of encrypted data back to an intelligible form.
Public Key Encryption
Alice wants to send a message (plaintext) to Bob… She encrypts the message (ciphertext)
using the public key ( which can be
advertised to the public), and sends it to
Bob. Using his private key, Bob converts
the ciphertext back into plaintext.
Message Authentication
This could also be used to prove that Alice sent the message to Bob…
Alice encrypts the message with her
private key, and sends the message with the
digital signature attached, to Bob.
Bob would decrypt the signature using the
public key. If the result is the same, he
knows Alice sent the message.
Private (Secret) Key Encryption
A single key is used to both encrypt and decrypt the message.
Sender and receiver must agree and exchange a key without someone else eavesdropping.
Cryptographic Hash Functions
Cryptographic hash functions are typically used for creating digital signatures.
A hash function compresses the bits of a message to a fixed-size hash value.
Sender computes the hash value of the message, then encrypts with their private key. Recipient decrypts the hash value with the senders public key. Then computes the hash value of the message and
compares the calculated hash value with the received hash value.
A match proves the message and signature are authentic.
Components of Cryptographic Algorithms
Cryptographic algorithms, also called ciphers are based on the underlying mathematics and the possible number and length of the keys (which are expressed as a number of bits).
The above statement determines the strength of a system.
Information theory: allows us to examine communication and understand what message is really being sent, and how much is unnecessary.
Complexity theory: the study of the computational complexity of different cryptographic techniques.
Number Theory: prime numbers… gcd(m, n) modular arithmetic…
a = b(mod n) if a = b + k*n for some integer k
Factoring: finding prime factors of a number. ex. 80 2 * 2 * 2 * 2 * 5
Discrete Logarithms: inverse of modular exponentiation.
find x where ax = b(mod n)
ex. If 3x = 15 mod 17, then x = 6
Cryptanalysis
The art of deciphering encrypted communications without knowing the proper keys.
Basically an unauthorized third party wages an attack against a key or a message.
Cryptanalysis Techniques
Ciphertext-only attack: The attacker must work from the ciphertext only.
Known-plaintext attack: The attacker knows or can guess the plaintext for some parts of the ciphertext. The task is to decrypt the rest of the ciphertext blocks using this info.
Brute-force attack: where every possible key combination is tried.
Chosen-plaintext attack: The attacker is able to have any text he likes encrypted with the unknown key.
Man-in-the-middle attack: This attack is relevant for cryptographic communication and key exchange protocols. An adversary intercepts the communication and alters it.
Time Complexity
Classical complexity theory deals with worst-case complexity, a concept useless in cryptography where breaking a system must be hard for almost all instances, not just for some of them.
Much of modern cryptography is based on NP-complete problems. If these algorithms could be solved in polynomial time (P) cryptographic systems would be worthless.
Secure Hash Algorithm (SHA)
A hash algorithm which is the US federal standard for use with DSA (Digital Signature Algorithm) for digital signatures and storing passwords.
SHA Overview
Pad the messages so the length is a multiple of 512 bits. This is done with a series of 1’s and 0’s.
Initialize the 5 word (160 bits) buffer(A,B,C,D,E) to a set of standard hex values.
word A: 67 45 23 01
word B: EF CD AB 89
Each 32 bit register (A,B,C,D,E) is an input variable into a set of four auxiliary functions which perform bitwise operations.
F(X,Y,Z) = XY v not(X) Z
G(X,Y,Z) = XZ v Y not(Z)
H(X,Y,Z) = X xor Y Xor Z
I(X,Y, Z) = Y xor (X v not(Z))
Process the message in 16 word(512 bit) chunks, using
four rounds of 20 bit operations on each buffer and the chunks….
for(i to 15) do{ /*i = 0, j = 0*/ for(j to 15) copy into X[j] = (32) bits from 512 bit message
block
/* let [abcd k s i] denote an operation*/ a = b + ((a + F(b,c,d) + X[k] + T [i])<<<s)
/*do the following 16 operations*/[ABCD 0 7 1] [DABC 1 12 2] [CDAB 2 17 3] [BCDA 3 22 4][ABCD 4 7 5] [DABC 5 12 6] [CDAB 6 17 7] [BCDA 7 22 8] [ABCD 8 7 9] [DABC 9 12 10] [CDAB 10 17 11] [BCDA 11 22 12][ABCD 12 7 13] [DABC 13 12 14] [CDAB 14 17 15] [BCDA 15 22 16]
Increment the buffers}end ../*T is a pre-determined table constructed from the sin function.*/
The output is a 160 bit message digest which is entered as a variable into the DSA algorithm.
It would take about 2n steps to find a message with the same message digest.
RSA Background
RSA was invented by three MIT researchers: Ronald Rivest, Adi Shamir, Leonard Adleman
Searching for a more complete Public Key Cryptography approach than Diffie-Hellman.
First published in 1977 in Scientific American.
NSA asked them to stop distributing their report detailing RSA, but had no legal reason for them to stop distribution.
Patented until September 2000.
RSA Overview
RSA is a public key, or asymetric cryptography system.
Two sets of keys, one public and one private. The public key pair is published, while the private is not.
Strength of RSA comes from the difficulty of factoring large prime numbers.
A message encrypted with the public key pair, can only be decrypted using the private key pair. A message encrypted using the private key pair can only be decrypted using the public key pair.
RSA Concepts
We have two functions, P(M) using the public key pair (e, n) and S(M) using the private key pair (d, n).
The two functions are inverse functions.
EXAMPLE – Function: X 2
Inverse Function: sqrt (X)
Either of the functions can be used to encrypt a message, but the opposite must be used to decrypt.
Encrypt P(M) C Decrypt S(C) M
---------------------------------------------------------------------------
Encrypt S(M) C Decrypt P(C) M
M is the message to be encrypted
C is the ciphertext (encrypted message)
RSA Concepts – Key Generation
Properly generating keys is essential to the strength of RSA
We are trying to generate two pairs of keys, the public key pair and the private key pair. They will be denoted as follows:
Public: (e, n) Private: (d, n)
e is the public exponent
d is the private exponent
n, the modulus, is common to both pairs.
RSA Concepts – Steps to Generate RSA Keys
1.) Select two prime numbers: p, q.
2.) Find the modulus n = pq. This will be the n in our public and private key pairs.
3.) Find e, the public exponent. e must be relatively prime to (p-1)(q-1).
4.) Find d, the private exponent. d must be chosen so (ed-1)/(p-1)(q-1) is an integer. If d satisfies this equation, then d will be the multiplicative inverse of e.
5.) Discard p and q, only the public key (e, n) and private key (d, n) pairs are needed now.
RSA Concepts - Encryption
If Bob wanted to send Alice a message that only Alice can read, he would do the following:
Obtain Alice’s public key pair (e, n)
Encrypt a message using Alice’s public key to create the ciphertext.
Symbolic Function: P(M) C
Mathematical Function: C = Me mod n
Bob sends this ciphertext to Alice. The original message is protected during transmission.
RSA Concepts - Decryption
Now that Alice has received the ciphertext, she needs to decrypt it to get the original message back:
Use the secret key pair (d, n) known only to Alice to convert the Ciphertext back to the original message.
Symbolic Function: S(C) M
Mathematical Function: M = Cd mod n
Now Alice has retrieved the original message.
RSA Example – Key Generation
1.) Select two primes p, q: p = 3, q = 5
2.) Find modulus n = pq: n = 15
3.) Find e relatively prime to (p-1)(q-1): (3-1)(5-1) = 8.
Factors of 8 are 8, 4, 2, 1.
Let e be 3 – gcd(8, 3) = 1, so this works.
4.) Find d where the equation (ed-1)/(p-1)(q-1) is an integer: (3d-1)/8.
Let d = 11 since (3*11-1)/8 = 4.
5.) Discard p, q. Our pairs are:
Public: (3, 15) Private: (11, 15)
RSA Example – Encryption
If Alice wants to send a message to Bob that can only be viewed by Bob, she needs to encrypt the message using Bob’s public key. This message can only be decrypted using Bob’s private key, so he will be the only one able to view it.
Public: (3, 15)
The message she wants to encrypt is “GO”. We take this one character at a time representing each as a number based on it’s position in the alphabet.
M = 7, since the letter ‘G’ is mapped to the number 7
Using the equation C = Me mod n we create the ciphertext C.
C = 73 mod 15
C = 13
Alice sends C to Bob without worrying about it being intercepted.
RSA Example – Decryption
Bob has received this ciphertext and wishes to decrypt it. He applies the RSA function to the Ciphertext C using his private keys to get the original message back.
Private: (11, 15)
C = 13
M = 1311 mod 15
M = 7 = “G”
In reality, we would use ASCII values to represent characters in the message, but this would require much larger primes since the largest value a message can have is the value of n, the modulus, minus 1 (in this case 14 is the max value).
RSA Concepts – Digital Signatures
Alice wants to send Bob a message in a way that Bob can be certain that M came from Alice and is authentic.
Alice takes the message M, and creates a signature S by encrypting the message using her secret key pair.
S(M) S
She then sends Bob S and M (note M is not encrypted).
•Bob uses Alice’s public key pair to decrypt the signature S and verifies that this matches M.
P(S) M
If the decrypted signature matches the message, it must have come from Alice and be unaltered, since only Alice could have created S using her secret key pair.
RSA - Efficiency
To maximize efficiency, public exponent e chosen should be small to make computing the ciphertext easier.
This makes encryption faster than decryption, and verification faster than signing in the case of digital signatures.
Using typical modular exponentiation algorithms, here are the efficiencies (where k = the number of bits in the modulus n):
Public Key Operations: O(k2) steps
Private Key Operations: O(k3) steps
Key generation: O(k4) steps
RSA – Advantages/Disadvantages
Advantages:
Increased security – Keys never need to be transferred. Transferring keys is a security risk.
Digital Signatures – RSA can be used for authentication and verification of message integrity.
Disadvantages:
Speed – Most secret key (symetric) encryption methods are faster than public key cryptosystems. In software, DES is generally 100 times faster than RSA, in hardware DES is between 1,000 and 10,000 times as fast.
RSA – Breaking RSA
General Methods – ways of finding the secret key d
Method 1: Factor modulus, n, into prime factors to find p, q
- Integrity of RSA depends on factoring n being difficult.
- Protect against by using proper key lengths.
- Improvements in hardware will not make this easier if long keys are used.
- It is much easier to multiply two numbers than to determine which numbers create a given product.
EXAMPLE - 6 x 4 = 24
What are the two numbers multiplied together that gave you 24?
1 x 24 = 24 2 x 12 = 24 3 x 8 = 24 4 x 6 = 24
RSA – Breaking RSA
General Methods – ways of finding the secret key d
Method 2: Compute the eth roots mod n.
- Since C = Me mod n, the eth root of c mod n is the message.
- There is no algorithm to accomplish this.
Key lengths are critical to strength of RSA
- In 1997 it was estimated that 512-bit RSA keys could be factored for less than $1,000,000 in cost and eight months of effort.
- RSA Laboratories reccoments 1024 bit key length for corporate use, and 2048 bit key length for extremely important uses.
RSA – Breaking RSA
Single Message Attacks – finds the contents of a particular message but does not expose keys.
Guessed plaintext attack
-The attacker guesses the contents of the message, and encrypts it using the public key. If it matches the intercepted cyphertext, the attacker knows he is right.
- Can be defended against by appending some random bits to the message.
DES Background
DES was originally developed as Lucifer in the early 1970s by IBM
Its original purpose was to provide a standard method for protecting sensitive commercial and unclassified data
NSA (National Security Agency) and NIST (National Institute of Standards andTechnology ) created a modified version of Lucifer and named it DES
DES officially became a federal standard in November of 1976
DES Overview
DES is a private or symmetric key cryptographic method
Algorithm depends on the secrecy of the key
There are 72 quadrillion or more potential keys that may be used
DES is a block cipher--meaning it operates on plaintext blocks of a given size and returns cipher text blocks of the same size
DES Steps
1. Subkey generation
2. Encrypting the message
3. Applying the final permutation
Components of DES
XOR
Left Shift/Rotation
Permutations-reorder bits
Substitutions- S boxes, have never been made public
The f Function
Components of DES
XOR operator:0 False, 1 True
0 0 =
0 1 =
1 0 =
1 1 =
0
0
1
1
Components of DES
Example of XOR operator:
1 0 1 0 1 0 1 1 1
0 1 1 0 1 0 1 0 1
1 1 0 0 0 0 0 1 0
Components of DES
DES uses a circular left shift for its key generation
A one bit shift would yield the following results:
1 1 0 0 1 1 1 0
1 0 0 1 1 1 0 1
Left Shift/ Rotations:
Components of DES
Permutations:
Permuted Message
Initial Message
Permutation Table
3 5 2 7 4 6 8 1
1 1 0 0 1 1 1 0
0 1 1 1 0 1 0 10 1 1 1 0 01 1
Permuted Message
DES Structure
The goal of DES is to scramble the data and key so that every bit of ciphertext depends on every bit of data and every key
The keys are stored in 64 bit blocks
Let K be the key in hexadecimal: 133457799BBCDFF1
Rewritten in binary we get:
K = 0001 0011 0011 0100 0101 0111 0111 1001 1001 1011 1011 1100 1101 1111 1111 0001 1 3 3 4 5 7 7 9 9 B B C D F F 1
Example of DES Encryption:Step 1: Subkey Generation
Example: DES EncryptionStep 1: Subkey Generation - Creating the keys PC-1
The 64-bit key is permuted to a 56-bit key according to the following table:
The 8th bit is ignored and the resulting seven most significant bytes are used resulting in a length of 56 bits
Example: DES EncryptionStep 1: Subkey Generation - Splitting the keys
split the permuted 56 bit key into left and right halves ( 28 bit segments) L0 and R0
K = 1111000 0110011 0010101 0101111 0101010 1011001 1001111 0001111
L0 R0
Example: DES EncryptionStep 1: Subkey Generation - Left shifts
Use left shifts to create 16 blocks while cycling from 1 to 16The shifts are determined from the Subkey Rotation Table:
Using the key we just permuted:
1111000 0110011 0010101 0101111 0101010 1011001 1001111 0001111 L0 R0
We determine the round numberAnd apply shifts according to the specified number of bits to rotate:
Round 1: L0 = 1110000110011001010101011111Round 1: R0 = 1010101011001100111100011110
We use the table and apply shifts to to preceding R0 L0 for 16 rounds, resulting in 16 key pairs
Example: DES EncryptionStep 1: Subkey Generation - Creating the Keys PC-2
Next we apply the following permutation to each of our 16 keys
This results in our 56 bit keys permuting into 48 bit keys
Example: DES EncryptionStep 1: Subkey Generation - Creating the Keys PC-2
For the first key we have :
L1R1 = 1110000 1100110 0101010 1011111 1010101 0110011 00111100 001111
which, after we apply the permutation PC-2, becomes
K1 = 000110 110000 001011 101111 111111 000111 000001 110010
*Note that PC-2 is applied to each of our keys
We now have generated our 16 subkeys
M - plain text message M = 0123456789ABCDEF, where M is in hexadecimal (base 16) format. Rewriting M in binary format, we get the 64-bit block of text:
M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111 0 1 2 3 4 5 6 7 8 9 A B C D E F
Example of DES Encryption:Step 2: Encrypting the Message - M
Example: DES EncryptionStep 2: Encrypting the Message - IP
An initial permutation(IP) is performed on the 64 bits of data message M, which rearranges the bits according to the table below
Applying the initial permutation to the block of text M, we get:
IP = 1100 1100 0000 0000 1100 1100 1111 1111 1111 0000 1010 1010 1111 0000 1010 1010
M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111
Example: DES EncryptionStep 2: Encrypting the Message - divide the IP block
1111 0000 1010 1010 1111 0000 1010 1010
Next divide the permuted block IP into a left half of 32 bits and a right half of 32 bits
Example: From IP, we get L0 and R0:
1100 1100 0000 0000 1100 1100 1111 1111
L0 R 0
IP = 1100 1100 0000 0000 1100 1100 1111 1111 1111 0000 1010 1010 1111 0000 1010 1010
is now…
Example: DES EncryptionStep 2: Encrypting the Message
The resulting 64 bits are then encrypted using the 16 subkeys
The next step is to proceed through 16 iterations using a function f which operates on two blocks of data:
Block 1: is a data block of 32 bits
Block 2: key Kn of 48 bits
Example: DES EncryptionStep 2: Encrypting the Message - Block 1
First, we need to calculation Block 1 from the original divided 64 bit data block and the keys
Going from n-16 we calculate:
Rn = Ln-1 + f(Rn-1,Kn) : For the right 32 bits in the current
step, we XOR the left 32 bits of the previous step with the calculation f
Our first step is to determine f
Example: DES EncryptionStep 2: Encrypting the Message - Block 1, Function f
Determining f consists of 4 steps:
1. E operator: expands each block Rn-1 from 32 bits to 48 bits
2. XOR: the result of step 1 is XOR’d with the key Kn
3. S-Boxes:The remaining groups are used as addresses in tables
called S-boxes
4. P: A permutation of the S-box output is done to obtain the
final value of f
Take 32 bits from previous step and expand to 48 bits using expansion operator E
The expansion operator E is necessary in order to have one bit of input affect more than one bit of output.
The expansion operator begins with bit 32 and cycles back to the beginning using all the bits in order and repeating every 4th and 5th bit
Example: DES EncryptionStep 2: Encrypting the Message - E Operator
Input 1 2 3 4 5 6 7 8 9 28 29 30 31 32
E
output 1 2 3 4 5 6 7 8 9 10 11 12 13 14 41 42 43 44 45 46 47 48
Example: DES EncryptionStep 2: Encrypting the Message - E Operator
R0 = 1111 0000 1010 1010 1111 0000 1010 1010 E(R0) = 011110 100001 010101 010101 011110 100001 010101 010101
(Note that each block of 4 original bits has been expanded to a block of 6 output bits.)
Use XOR with one of the 48 subkeys to produce a different 48 bits
Example: For K1 , E(R0), we have:
Example: DES EncryptionStep 2: Encrypting the Message - XOR
K1 = 000110 110000 001011 101111 111111 000111 000001 110010
E(R0) = 011110 100001 010101 010101 011110 100001 010101 010101
K1+E(R0) = 011000 010001 011110 111010 100001 100110 010100 100111
We are left with eight groups each containing six bits which will be used as addresses in tables called S-boxes:
B1 B2 B3 B4 B5 B6 B7 B8
011000 010001 011110 111010 100001 100110 010100 100111
Example: DES EncryptionStep 2: Encrypting the Message
To determine S1(B1) :
i : The first and last bits of B represent in base 2 a number in the binary range 00 to 11
i = 011000j: The middle 4 bits of B represent in base 2 a number in the binary range 0000 to 1111
j = 011000
Located at that address will be a 4-bit number which will replace the original 6 bits
The result is that eight groups of 6 bits are transformed into eight groups of 4 bits (32 bits)
011000
011000
Example: DES EncryptionStep 2: Encrypting the Message - S-Boxes
Look up in the table the number in the i-th row and j-th column. It is a number in the range 0 to 15 and is uniquely represented by a 4 bit block. That block is the output S1(B) of S1 for the input B.
i = the first bit is 0 and the last bit is 0 giving us 00 as the row 0j =1100 giving us 12 as the column
In row 0, column 12 appears 5 in the S1 table. This determines the output; 5 is binary 0101, so that the output is 0101. Hence S1(011001) = 0101
Example: DES EncryptionStep 2: Encrypting the Message - S-Boxes
K1 + E(R0) = 011000 010001 011110 111010 100001 100110 010100 100111
S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8) =
0101 1100 1000 0010 1011 0101 1001 0111
After taking the XOR result
And applying the eight S-boxes, we get:
Example: DES EncryptionStep 2: Encrypting the Message - P
The final stage in the calculation of f is to do a permutation of the S-box output to obtain the final value of f
f = P(S1(B1)S2(B2)...S8(B8))
From: 0101 1100 1000 0010 10110101 1001 0111
f = 0010 0011 0100 1010 1010 1001 1011 1011
Example: DES EncryptionStep 3: Encrypting the Message - P Equation Completion
Now that we have determined f we can complete the equation: R1 = L0 + f(R0 , K1 )
= 1100 1100 0000 0000 1100 1100 1111 1111 + 0010 0011 0100 1010 1010 1001 1011 1011
= 1110 1111 0100 1010 0110 0101 0100 0100
In the next round, we must calculate R2 =L1 + f(R1, K2), and so
on for 16 rounds.
on the 16th round we get:
L16 = 0100 0011 0100 0010 0011 0010 0011 0100
R16 = 0000 1010 0100 1100 1101 1001 1001 0101
Example: DES EncryptionStep 3: Encrypting the Message - IP-1
We reverse the order of these two blocks :L16R16 = 0100 0011 0100 0010 0011 0010 0011 0100 0000 1010 0100 1100 1101 1001 1001 0101
and apply the final permutation, which leaves us with 56 bits:
R16L16 = 0000 1010 0100 1100 1101 1001 1001 0101 0100 0011 0100 0010 0011 0010 0011 0100
IP-1 = 10000101 11101000 00010011 01010100 00001111 00001010 10110100 00000101
This is the encrypted form of M = 0123456789ABCDEF: C = 85E813540F0AB405
Decryption Is the inverse of encryption, following the same steps as above, but reversing the order in which the subkeys are applied
DES-Efficiency
Generating the subkeys is done in O(K*16)
Encrypting the message is done in O(M)
DES cannot be broken in Polynomial Time(NP-Complete)
DES-Strengths
Simplicity and Speed
DES can be implemented by hardware or software
DES-Criticisms and Weaknesses
2^56 key space too smallwas safe in the 70’s but with faster processors no longer safeMassively parallel system could try all keys in one day-vulnerable to BRUTE FORCE attacks
Key Space
Linear computations With the exception of s-boxesCan “work backwards” and discern the keyGiven a particular file, it is always encrypted the same way given the same key
Triple-DESPotential solution to above problemsPerforms DES algorithm three times with three separate keys and has the strength o f a 168-bit key *DES should be avoided whenever possible
DES-Controversies
Regarding the security of DES:
Was originally proposed with a key length of 64 bits. It is suspected that the US Government may have prompted the key to be changed to 56 bits before it was made the standard.
Questioned because it makes a search for the key feasible onfast computers, and only the Government at that time had access to such fast computers.
May have wanted to reduce the key space to crack the code if necessary.
S-boxes: complete design criteria was never published. There is suspicion that a “trapdoor” may have been included.
DES-Breaking DES
1. Exhaustive key search
2. A dedicated machine1998 the EFF built a machine called Deep Crack for $200000 that was able to recover the key with the help of an exhaustive search on the average of 4 days checking 92 keys each second
3. A huge computer clusterCheaper way to break DES1999, an organization called DistributedNet broke DES in 23 hours
4. Differential Cryptoanalysis
In 1990, Biham and Shamir, two Israeli cryptographers invented a new generic technique to break symmetric algorithms called the differential cryptanalysis. It was the first time that a method could break DES in less time than an exhaustive search..
Deep Crack Machine