Introduction to CryptographyDepartment of Mathematics, Shanghai Jiao Tong University Sep. 17th, 2013 Cryptography Cryptography: the art and science of keeping message secure. Confidentiality;

Introduction to Cryptography

Jiyou Lilijiyou at sjtu.edu.cn

Department of Mathematics, Shanghai Jiao Tong University

Sep. 17th, 2013

Cryptography

Cryptography: the art and science of keeping messagesecure.

Confidentiality;Authentication;Integrity;Nonrepudiation; Electronic payment; Anonymity; Electronicvotes; Zero-knowledge...

Cryptography

Cryptography: the art and science of keeping messagesecure.Confidentiality;

Authentication;Integrity;Nonrepudiation; Electronic payment; Anonymity; Electronicvotes; Zero-knowledge...

Cryptography

Cryptography: the art and science of keeping messagesecure.Confidentiality;Authentication;

Integrity;Nonrepudiation; Electronic payment; Anonymity; Electronicvotes; Zero-knowledge...

Cryptography

Cryptography: the art and science of keeping messagesecure.Confidentiality;Authentication;Integrity;

Nonrepudiation; Electronic payment; Anonymity; Electronicvotes; Zero-knowledge...

Cryptography

Cryptography: the art and science of keeping messagesecure.Confidentiality;Authentication;Integrity;Nonrepudiation; Electronic payment; Anonymity; Electronicvotes; Zero-knowledge...

The Origins of Cryptography

Diplomacy: Zimmerman telegram;

War: Enigma machine, Purple;Individual or corporate privacy;Electronic Commerce...

The Origins of Cryptography

Diplomacy: Zimmerman telegram;War: Enigma machine, Purple;

Individual or corporate privacy;Electronic Commerce...

The Origins of Cryptography

Diplomacy: Zimmerman telegram;War: Enigma machine, Purple;Individual or corporate privacy;

Electronic Commerce...

The Origins of Cryptography

Diplomacy: Zimmerman telegram;War: Enigma machine, Purple;Individual or corporate privacy;Electronic Commerce...

Enigma

Cryptanalysis

Cryptanalysis: the art and science of breaking cipher systems,recovering the plaintext of a message without access to the key.Attack: a attempted cryptanalysis is called an attack.

The n2 Problem;The Kerckhoffs Principle;The Moore Law;The Murphy Law.

Cryptanalysis

Cryptanalysis: the art and science of breaking cipher systems,recovering the plaintext of a message without access to the key.Attack: a attempted cryptanalysis is called an attack.

The n2 Problem;

The Kerckhoffs Principle;The Moore Law;The Murphy Law.

Cryptanalysis

Cryptanalysis: the art and science of breaking cipher systems,recovering the plaintext of a message without access to the key.Attack: a attempted cryptanalysis is called an attack.

The n2 Problem;The Kerckhoffs Principle;

The Moore Law;The Murphy Law.

Cryptanalysis

Cryptanalysis: the art and science of breaking cipher systems,recovering the plaintext of a message without access to the key.Attack: a attempted cryptanalysis is called an attack.

The n2 Problem;The Kerckhoffs Principle;The Moore Law;

The Murphy Law.

Cryptanalysis

Cryptanalysis: the art and science of breaking cipher systems,recovering the plaintext of a message without access to the key.Attack: a attempted cryptanalysis is called an attack.

The n2 Problem;The Kerckhoffs Principle;The Moore Law;The Murphy Law.

Cryptanalytic Attacks

Ciphertext-only attack;

Known plaintext attack ;Chosen plaintext attack;Chosen ciphertext attack.

Cryptanalytic Attacks

Ciphertext-only attack;Known plaintext attack ;

Chosen plaintext attack;Chosen ciphertext attack.

Cryptanalytic Attacks

Ciphertext-only attack;Known plaintext attack ;Chosen plaintext attack;

Chosen ciphertext attack.

Cryptanalytic Attacks

Ciphertext-only attack;Known plaintext attack ;Chosen plaintext attack;Chosen ciphertext attack.

Some Cryptographic Protocols

Bits Commitment;

Key Exchange;Secret Sharing Scheme;Digital Signatures;Cloud Computing Security...

Some Cryptographic Protocols

Bits Commitment;Key Exchange;

Secret Sharing Scheme;Digital Signatures;Cloud Computing Security...

Some Cryptographic Protocols

Bits Commitment;Key Exchange;Secret Sharing Scheme;

Digital Signatures;Cloud Computing Security...

Some Cryptographic Protocols

Bits Commitment;Key Exchange;Secret Sharing Scheme;Digital Signatures;

Cloud Computing Security...

Some Cryptographic Protocols

Bits Commitment;Key Exchange;Secret Sharing Scheme;Digital Signatures;Cloud Computing Security...

A Cryprtographic Communication Model

Encryption: A key

Ciphertext

Plaintext

Channel Ciphertext

Decryption: A key

Plaintext

&%'$Eve!

��

��

BB

BB

The History of Cryptography

1. B.C.?-1949: Classical Cryptography (Substitutions andpermutations);2. 1949-1976: Symmetric Cryptography (Block Dipher andStream Cipher, based on Shannon’s Theorem);3. 1976-present: Modern Cryptography (Public-Key andasymmetric...).

Caesar Cipher

ABCDEFGHIJKLMNOPQRSTUVWXYZKey = 3DEFGHIJKLMNOPQRSTUVWXYZABCPlaintext: JIAOTONGUNIVERSITYEncryption: Shift by KEY = 3Ciphertext: MLDRWRQJXQLYHUVLWBDecryption: Shift backwards by KEY = 3

Vigenere Cipher

Plaintext: thi sis adu mmy mes sag eKey: ABC ABC ABC ABC ABC ABC ACiphertext: TIK SJU AEW MNA MFU SBI EDecryption: "Subtract0the key ABC from ciphertext mod 26.

Vernam Ciphers

Plaintext: MATHISUSEFULANDFUNKey: NGUJKAMOCTLNYBCIAZEncryption: /Add0key to message mod 26Ciphertext: BGO,..Decryption: /Subtract0key from ciphertext mod 26.

Permutation Cipher

Example: Plaintext: JIAOTO NGUNIV ERSITYEncryption: Group action by KEY =(135246)Ciphertext: OTJIAO VINGUN YTERSIDecryption: Inverse action by KEY =(164253)

Hebern machine

Enigma: invented by Arthur Scherbius

Rotors

Reflector

Plugboard

Electrical pathway

Electrical pathway

Mathematics in Enigma

E(xi) = P ◦ Ri1 ◦ Mi2 ◦ Li3 ◦ U ◦ L−1i3

◦ M−1i2

◦ R−1i1

◦ P−1(xi),

where P, R, M, L, U ∈ S26, Ri1 = ρ−i ◦ R ◦ ρi and U is aconvolution.

Bomber

A Cipher

1. A plaintext space M, a ciphertext space C and a key space K;2. A key generation algorithm;3. An encryption algorithm E;4. A decryption algorithm D.

Do we have unconditionally secure encryption?

TheoremPerfect secrecy is equivalent to H(M|C) = H(M) and to thestatistic independence between M and C.

Theorem (Shannon, 1949)Perfect secrecy implies H(K ) ≥ H(M).

One-Time Pads: Vernam Ciphers

Plaintext: MATHISUSEFULANDFUNKey: NGUJKAMOCTLNYBCIAZEncryption: /Add0key to message mod 26Ciphertext: BGO,..Decryption: /Subtract0key from ciphertext mod 26.

One-Time Pads

One-Time Pads is unconditionally secure;

Problem: Exchanging the key;There are some clever ways to exchange the key; we willstudy some of them!

One-Time Pads

One-Time Pads is unconditionally secure;Problem: Exchanging the key;

There are some clever ways to exchange the key; we willstudy some of them!

One-Time Pads

One-Time Pads is unconditionally secure;Problem: Exchanging the key;There are some clever ways to exchange the key; we willstudy some of them!

Stream Ciphers

1. Making OTP practical;2. Idea: replace "random" key by "pseudorandom" key;3. The security depend on specific pseudorandom generators.

Public-Key Cryptography (1976-)

Discovered by Diffie & Hellman (1976) and now known atGCHQ years before;Uses one-way (asymmetric) functions, public keys, and privatekeys;Mainly based on two hard problems: Factoring large integersand the discrete logarithm problem.

Coding Theory and Cryptography

Cryptography needs reliability�

Mathematics in Cryptography

Linear AlgebraAbstract AlgebraNumber TheoryAlgebraic GeometryProbabilityStatisticsCombinatoricsComputing...

References

1. A classical introduction to modern cryptography, S.Vaudenay, Springer, 2005.2. �èÆ�Ú,¾�I��½�Í,�ÆÑ��, 1999.

Exercises

4. Suppose the one time pad encryption of the message"attackatdawn" is "wxtygcjmxenf". What is the one time padencryption of the message "attackatdusk" under the same key?5. Let M = C = K = {0, 1, . . . , 63} and consider the followingcipher (M, C, K) defined by:

E(k , x) = x + k mod 64.

Does this cipher have perfect secrecy?