Encryption COMP620 Information Privacy & Security
“There are two types of encryption: one that will
prevent your sister from reading your diary and
one that will prevent your government.”
Bruce Schneier
Cryptography
• Cryptography in general represents the process of encrypting a plain-text file into unreadable cipher text so that it can be stored and decrypted by the intended recipient
• Plaintext can be any bunch of bits, text, graphics, program, etc.
Plaintext Encryption Decryption Plaintext
Key Key
Historical Encoding• People have been writing secret messages for millennia
• The Caesar cipher (shift cipher) is said to have been used by Julius Caesar
• Computational efficiency was very important before computers
Encryption Media
• Encryption can be used to secure information sent over a network (data in motion)
• Encryption can also be used to secure data stored on a computer (data at rest)
Caesar or Shift Cipher
• The letters of the alphabet are shifted by a fixed amount
• Key is the number of letters to shift
• Can easily be defeated by trying all 26 possible shifts
Decryption by Brute Force
• Frpsxwhuv duh ixq
• Eqorwvgtu ctg hwp
• Dpnqvufst bsf gvo
• Computers are fun
Types of AttacksWe assume that an adversary knows the encryption algorithm and has:
• Ciphertext only – samples of ciphertext without information about the content
• Known plaintext – examples of ciphertext and the corresponding plaintext
• Chosen plaintext – adversary can get ciphertext samples of plaintext of their choosing
Substitution Cipher
• Letters are mapped to symbols or letters
• Key – An alphabetical list of the symbols
• There are 26! = 4x1026 possible keys
A known plaintext attack against asubstitution cipher takes per character
A. O(1)
B. O(n)
C. O(n2)
D. O(2n)
Letter FrequencyThe frequency of the use of a letter in English
The frequency of letter pair, triples, and short words are also available on the web
Cipher Text
What does this say?
welcome to north carolina
agricultural and technical
state university! as you
explore our website, you will have the opportunity to
discover a&t’s rich and storied history and learn about our
award-winning faculty, intensive research programs, and student-led community service
initiatives.
Chancellor Martin
Effectiveness of Frequency Decryption
• Sample substitution cipher text was partially decrypted using only the letter frequency.
Guess what it sayswelrome to nohtu raholina abhirdltdhal anc
teruniral state dnipehsitg! as god ekylohe
odh wevsite, god will uape tue oyyohtdnitg
to cisropeh a&t’s hiru anc stohiec uistohg
anc leahn avodt odh awahc-winninb fardltg,
intensipe heseahru yhobhams, anc stdcent-
lec rommdnitg sehpire initiatipes.
Chancellor Martin
Original Text
welcome to north carolina agricultural and
technical state university! as you explore
our website, you will have the opportunity
to discover a&t’s rich and storied history
and learn about our award-winning faculty,
intensive research programs, and student-
led community service initiatives.
Chancellor Martin
A cipher is a
A. many to one mapping
B. one to one mapping
C. one to many mapping
D. no mapping at all
between plaintext and ciphertext.
Vigenère Cipher
• Originally described by GiovanBattista Bellaso in 1553
• A text key is repeated for the length of plaintext
Ci = (Pi + Ki) mod 26 to encrypt
Pi = (Ci - Ki) mod 26 to decrypt
welcometonorthcarolina plaintext
informationprivacyinfo key
erqqfyemwbbgkpxatmtvso ciphertext
Vigenère Cryptanalysis
• For long text and short keys, character frequency analysis provides a lot of information
• Sometimes the same plaintext letter will be encrypted by the same key character
• Statistical analysis on the frequency and distance between matches gives an indication of the key size
Running key cipher
• The running key cipher is similar to the Vigenèrecipher, but a long, non-repeating key is used
• Typically the key is some common publication, such as a book or periodical
• Example using well known C bookPlaintext: f l e e a t o n c e w e a r e d i s c o v e r e d
Running key: E R R O R S C A N O C C U R I N S E V E R A L P L
Ciphertext: J C V S R L Q N P S Y G U I M Q A W X S M E C T O
One-Time Pad
• With one-time pad encryption, the bit stream of the message is XOR with a random key
• The key must be at least as long as the message so it is not repeated
• The key must be truly random, not just pseudo-random
Perfect Encryption
• One-time pad is a perfect encryption technique that cannot be broken
• A given cipher text can be decrypted into any possible plain text by using the appropriate key
011001010 cipher text
010101010 with key 001100000
000011111 with key 011010101
Running Key Analysis
• If the key text for the running key is perfectly random, then it is the same as one-time pad
• Usually human text is far from random making it a relatively poor key
• If you know part of the plaintext, you can subtract it along the whole string and look for readable text, which is probably part of the key
Diffusion and Confusion
• Diffusion – spread the plain text data across the cipher text. A byte of plain text should impact many bytes of cipher text
– With DES and AES, if you change one bit on the plaintext, it will change about half the ciphertext bits
• Confusion – change the bits of the plain text according to some rule
Types of Encryption
• Symmetric Key or Secret Key
– The encryption key is the same as the decryption key
– Sender and receiver have to securely share a key
• Asymmetric Key or Public Key
– The key to decrypt is different, but related to, the key to encrypt
– The encryption key can be made public while the decryption key is kept secret
Symmetric Key Cryptography• Keys exchanged prior to communications
• Key to encrypt message is the same as key to decrypt
• DES and AES are examples of Symmetric Key Cryptography
Plaintext
D
Secret Key Same Secret Key
E
Plaintext Ciphertext
Network
Ciphertext
User1 User2
Asymmetric Key Cryptography
• Public key different from private key
• RSA encryption is an example of Asymmetric Key Cryptography
Plaintext
D
Private Key
E
Plaintext Ciphertext
Network
Ciphertext
User1User2
Remote Public Key Directory:
User2
Why Publish a Standard?
• The Data Encryption Standard (DES) and Advanced Encryption Standard (AES) algorithms are published and well known
• Why not keep the algorithm secret?
• To be useful, others have to implement it
• A good encryption algorithm will allow only those with a key to access the data. Knowing the algorithm does not give you access.
Encryption Performance
• RSA asymmetric key encryption is slower than DES or AES
• DES and AES are easy to implement in hardware
• AES can be efficiently implemented in software
• Hybrid encryption uses both asymmetric and symmetric key systems
Key Strength
• The longer they key, the harder it is to defeat the encryption by brute force
• If the key is n bits, it requires 2n guesses to try all possible keys. You are likely to guess correctly in 2n-1 tries.
• Asymmetric key algorithms require a mathematical relation between the keys so not every bit string can be a key
Key Lengths
• DES uses a 56 bit key
• Triple DES or DES3 uses two DES keys for a total of 112 bits
• AES uses 128, 192 or 256 bit keys
• RSA uses variable length keys, frequently 512, 1024 or 2K bits in length
Substitution Permutation Ciphers
• A Substitution Permutation encryption algorithm typically involves three phases, which are often repeated
• Substitution – the substitution of a bit pattern with another
• Permutation – the rearrangement of the bits
• Exclusive OR with a key
• DES and AES are forms of Substitution Permutation ciphers
Substitution Permutation stages
• The K box XORs the input with the key for that round
• The S box performs a substitution
diagram from “Cryptography Theory and Practice”, 3rd ed. by Douglas Stinson
S Box
• An S box performs a substitution.
• The substitution can be efficiently implemented by a look up table
• Example of a 3 bit to 3 bit substitution
input 000 001 010 011 100 101 110 111output 101 010 110 000 111 001 011 100
S Box Expansion or Contraction
• The number of bits on the input of an S box does not have to match the number of bits on the output
• Example of a 3 bit input with 2 bit output
input 000 001 010 011 100 101 110 111output 10 01 11 01 11 00 10 00
Permutation Expansion
• The number of bits on the output of a permutation does not need to match the input
• Some input bits can go to multiple output bits
Key Stages
• The key used at each stage is a function of the original key
• Before each stage the key is modified to produce a unique key for that stage
• Some stages might use only some of the key bits
Data Encryption Standard
• Originally developed by IBM
• Adopted as a standard in 1977
• Was the most widely used cryptosystem in the world
• DES uses a 56 bit key
• 64 bit blocks of data are encrypted
DES Algorithm
• DES is a substitution permutation cipher
• There are 16 stages
• The data is split into the left and right half. Each 32 bit half is handled differently
• The 56 bit key is divided into two 28 bit halves which are used to create unique 48 bit keys for each stage
DES Key Schedule
• The 56 bit key is split into two 28 bit halves
• Each half is rotated 1 or 2 bits to the left
• 48 of the 56 bits are selected for the stage key
• Each bit is used in 14 of the 16 stages
Brute Force Decryption
• Brute force tries all possible keys
• In 1998 the Electronic Frontier Foundation built a device that could brute-force a DES key in a little more than 2 days
DES Effectiveness
• Analysis has found a few weaknesses in DES
• Differential cryptanalysis can find the key with 247
chosen plaintext/ciphertext pairs
• The DES key is too short
• Brute force attacks can defeat DES
Brute Force Time Estimate
If you can try 1 million keys a second, how long does it take to try 247 keys?
A. 10 hours
B. 4 months
C. 4 ½ years
D. 47 years
Triple DES
• To improve security while still using DES, triple DES is usually used.
ciphertext = EKey3(DKey2(EKey1(plaintext)))
• The three keys can be:
– All different – best security using 168 bit keys
– Key1 = Key3, Key2 different – Good with 112 bit keys
– All identical – same as single DES
Advanced Encryption Standard
• AES is also known as the Rijndael algorithm
• Selected in 2000 as the new standard after an open international competition
• Created by Belgian researchers Rijmen and Daemen
• Available world-wide royalty free
• AES encrypts blocks of 128 bits
• Keys can be either 128 bits, 194 bits or 256 bits
• AES operates on a 4×4 array of bytes, termed the state
Multiple Rounds or Stages
• 10 rounds for 128-bit keys
• 12 rounds for 192-bit keys
• 14 rounds for 256-bit keys
AES Algorithm
Initial Stage
• AddRoundKey
Each Stage
• SubBytes—a substitution step
• ShiftRows—rows are shifted cyclically
• MixColumns—each column of the state is multiplied with a fixed polynomial
• AddRoundKey—each byte is XOR with the stage key
Final Stage(no MixColumns)
• SubBytes
• ShiftRows
• AddRoundKey
SubBytes Step
• Each byte in the array is updated using an 8 bit substitution box, the Rijndael S-box.
MixColumns Step
• Each column is multiplied by a fixed polynomial. All four input bytes determine the four output bytes.
AES Implementation• It is possible to speed up execution of this cipher by
combining SubBytes and ShiftRows with MixColumns, and transforming them into a sequence of table lookups
• This requires 4KB of lookup tables
• A stage can now be done with 16 table lookups and 12 XOR, followed by four XOR in the AddRoundKey step
• Intel and AMD have added instructions to their processors to perform an AES stage
AES Security
• There have been no published methods that practically defeat AES better than brute force
• An attack was found that allows an attacker to defeat the encryption 4 times faster than brute force
• The Snowden documents claim the NSA is looking into techniques to defeat AES