Modern Cryptography - dhat.ch

David HatchGrade 10Northport High SchoolMr. Frisch

Modern Cryptography

Introduction 1

The Computing Evolution Leads to Digital Cryptography 2

Symmetric Key Cryptography 3

Invention of the DES Algorithm 3

The Importance of Key Length 6

Categories of Symmetric Key Cryptography 7

Cracking the DES Standard 7

Advanced Encryption Standard (AES) 8

Key Distribution Problem 9

Public Key Cryptography 9

Modular Arithmetic 10

RSA Algorithm 10

Mathematics Behind RSA 11

Proving RSA Correctness (Johnston) 11

Why RSA Stays Secure 14

Cryptographic Hash Functions 14

Applications of Cryptography 15

Hybrid Encryption Schemes 15

Trust Models 16

PGP (Pretty Good Privacy) 16

Certificates 16

SSL/TLS (Secure Sockets Layer/Transport Layer Security) 17

Conclusion 19

Works Cited 20

Introduction

Secrets are an integral part of human nature and have likely been in existence since the beginning of the human race. As civilizations rose, and more complex government and military structures were introduced, the need to maintain secrecy while transferring a message between certain trusted people increased. With the invention of writing, a natural evolution coming from more advanced political and economic structures whose details and methodologies surpassed the capability of human recall, came the need to transmit secrets in print. Should these messages fall into the wrong hands, nations and empires would fall. Thus, early methods of disguising messages developed. Cryptography is the science of developing these methods of secretive communication.

Perhaps the earliest of example of cryptography was 4,000 years ago, when ancient Egyptians recorded their histories on magnificent monuments in hieroglyphics that were slightly different than those used regularly. In Mesopotamia, a small tablet was found which was dated to 1500 BCE. Inscribed on it was a coded formula for making pottery. This is an early example of the use of cryptography to protect trade secrets and in turn wealth. Other ancient civilizations, including the Babylonians and Greeks developed their own methods of sending coded messages. 1,400 years after the creation of this tablet, the Romans were bursting out of Italy and forging one of the largest empires in history. Julius Caesar, arguably one of the most ingenious politicians and military commanders in the history of mankind, was one of the first to use cryptography to protect political messages on a large scale. Suetonius Tranquilus, an ancient historian, wrote 100 years after Caesar’s death that if Caesar had a confidential message to send, “he wrote it in cipher” (Pincock 11-13).

A cipher is a system for disguising the meaning of a message by using a concise set of rules known as an algorithm. Once a message, known as the plaintext, is encrypted, that is passed through the cipher’s algorithm, it becomes the ciphertext. The ciphertext is then delivered to it’s receiver, who uses the same algorithm, in reverse, to convert it back into the original plaintext. This process is called decryption. More advanced algorithms use a cryptographic key, which is applied in the algorithm to vary it’s usage. This allows for the same message to be encrypted with the same algorithm but with different keys and produce a different ciphertext. The receiver of the message must know the key and the algorithm to decrypt it (Singh 11).

Caesar’s cipher was rather simple in comparison to modern techniques but at the time, it was enough to keep his secrets secure. His cipher involved shifting the letters of a message 3 places to the left. For example, under Caesar’s cipher, A would become D, C would become F, Z becomes C and so on (Pincock 17). If Caesar’s algorithm for shifting his messages was discovered, as it eventually would be, his system would be broken and insecure. This is in violation of one of the most important guiding principles of modern cryptography, conceived by the Dutch Auguste Kerchkhoffs in his paper “Cryptographie militaire.” It states, “The system must not require secrecy and can be stolen by the enemy without causing trouble” (qtd in Sedgewick and Wayne, "Cryptography"). This means that the security of a cipher must not depend on keeping an algorithm secret but rather keeping the key used to transfer

Modern Cryptography! David Hatch

1

a message secret. This principle is known as Kerchkhoffs’ Principle. In fact, the most popular cryptographic systems used today have their algorithms published.

Nearly all modern cryptography is computer based. It is used today to protect our money, ATM transactions, purchases, cell phone messages, phone calls, email, and many other digital processes. Every American likely uses cryptography more than once a day, whether they know it or not. Our modern lives depend on the security of the computer systems we rely on. This security is given to us by modern cryptographic techniques. Most modern cryptographic processes have five elements:

• Confidentiality: the most basic element of cryptography. This is ensuring that only the intended receiver can receive the message

• Authentication: the process of proving the identity of a person involved in a cryptographic transaction.

• Integrity: Ensuring that the message received was not altered by a malicious third party

• Non-Repudiation: A process to prove that the perceived sender actually sent the message.

• Authorization: giving trusted parties a level of access to some resource, whether it be information, a computer file, or other digital asset (Sedgewick and Wayne, "Cryptography").

It has become convention among cryptographers to refer to persons or entities involved in an encrypted communication by specific names. The two communicating people are known as Alice and Bob. If there is a third or fourth person involved in the transaction, they will be referred to as Carol and Dave. Mallory is a malicious third party trying to gain access to the information sent, Eve is an eavesdropper, and Trent is a trusted third party (Kessler, sec. 2).

There are three categories of cryptography which are widely used today. These are:

• Symmetric Key Cryptography: A single key is used for encryption and decryption

• Public Key Cryptography: Two keys are used per message transfer, one for encryption and one for decryption. The keys are mathematically related. Each party publishes one key called their public key, hence the name of this method, and keeps one key secret, called the private key.

• Hash Functions: Mathematical methods to irreversibly “encrypt” information. These can be used to ensure the integrity of data or messages because theoretically, there is only one hash for any given message it should be difficult to intentionally create two messages with the same hash.

The Computing Evolution Leads to Digital Cryptography

One of the first programmable computing devices was invented during World War Two. It was called the Colossus machine and was invented primarily for the process of breaking German messages encrypted using the Lorenz cipher. It was completed in December of 1943. Although it consisted of electronic valves, which are no longer used today, it was a distant relative to modern computers. Unfortunately,


2

due to the secrecy revolving around the project, it’s blueprints were destroyed after the war; as a result it’s inventors were not credited with the creation of the first computer.

In 1945, J. Presper Eckert and John W. Mauchly of the University of Pennsylvania completed work on what is considered the first computer ever created. Known as the ENIAC, this massive machine was made of 18,000 electronic valves and could perform 5,000 calculations per second. As computers began to develop, cryptography shifted from being performed using mechanical machines, as it was during the war, to being performed digitally. This method provided many advantages, namely a great increase in speed and the ability to perform more advanced techniques that would be very difficult to perform mechanically (Singh 243-244).

Perhaps the most significant difference in computer performed encryption is the fact that computers must convert messages into the binary number system. Computers represent letters and words in combinations of 1s and 0s. These binary digits, 0s and 1s, are also called bits. The conversion between letters to binary can be performed using various methods; one of the most popular is the ASCII (American Standard Code for Information Interchange) which assigns a 7 bit (digit) binary number to each letter of the alphabet, and to various punctuation and symbols. Thus, all digital encryption is performed on numbers instead of letters (Singh 245).

At first, computerized encryption was limited to those who had access to early computers, mainly the government. A series of incredible technological breakthroughs contributed to the widespread availability of affordable computers. In 1947, AT&T-Bell Labs invented the transistor, a cheap, smaller alternative to the electronic valves used in the ENIAC machine. Soon, companies such as Ferranti began to produce computers. In 1953, IBM introduced it’s first computer and four years later, created one of the earliest programming languages, called FORTRAN. In 1959, the invention of the integrated circuit led to ever faster, smaller, and more affordable computers. Soon, businesses were buying computers and using them for encryption. Slowly, computerized cryptography began to creep into everyday lives. Money transfers and important business negotiations were now encrypted. Now, the need for a standardized encryption method was evermore present, as businesses were currently using various proprietary methods, which meant inter-business communication was still fairly difficult. In 1973, America’s National Bureau of Standards began planning to solve this issue, and put out a request for proposals for a standard encryption system for businesses to use. This was the beginning of the development of a new set of cryptographic algorithms that would continue to be used today (Singh, 247-248)

Symmetric Key Cryptography

Invention of the DES AlgorithmLucifer, an algorithm distributed by IBM, was one of the most popular cipher

systems at the time of the National Bureau of Standard’s request for a standardized encryption algorithm. It had been created by Horst Feistel, a German immigrant. He was placed under house arrest when America entered World War Two because he was still in the process of becoming a US citizen. Once released in 1944, he did not return to his work in cryptography for some time. He was finally able to perform research for


3

several years at IBM’s Thomas J. Watson Laboratory near New York, after being forced into halting his research by the NSA several times. The NSA, responsible for securing military and government communications and intercepting foreign communications, wanted to be the only organization performing cryptographic research. In the early ‘70s, Feistel succeeded in developing the Lucifer system (Singh, 249).

Lucifer first transforms the message into a long string of bits. Then, the string is split into blocks of 64 bits and encryption is performed individually on each block. Each block is divided into two ‘half-blocks‘ of 32 bits each after the bits have been shuffled based on a predefined shuffling algorithm. These blocks are labeled Left0 and Right0. The right block then is passed through a complex substitution algorithm and added to the unchanged Left0 block. This new block becomes Right1 and the original Right0 block becomes Left1. This process performed on the half blocks is called a round. Each round uses a predefined different section of the provided 56 bit key to calculate the encryption. It is repeated for 16 rounds total and then the scrambling done before the encryption rounds took place is undone. Upon completion, the produced ciphertext is formed from the encryption of all 64 bit blocks and then sent to the recipient, where the reverse process is performed to obtain the original plain text (Singh, 249).


4

This process is illustrated in the chart above. This process is secure because the substitution algorithm is based upon the key agreed between the sender and receiver of the message, thus the Kerchkhoffs’ Principle applies (Singh, 249). In computer based cryptography, keys are simply a number of a certain length instead of being formed of words or letters.

Lucifer was generally held to be one of the strongest encryption algorithms available to the general public and was therefore a likely candidate for adoption as the standard encryption algorithm. One thing was in it’s way however; Lucifer was too strong. The NSA would not allow an encryption standard to be accepted that it probably could not break. As a result, the NSA weakened Lucifer by limiting the number of possible keys before allowing it to be adopted. Key length is one of the most important aspects contributing to the strength of an encryption system. If the key

Lucifer Encryption Process

Plaintext Hereʼs my secret message

Bits 10001001010110101001001010100101000101001110000101...

Block 64 Binary Bits Block 64 Binary Bits

Bits Shuffled

Left0 32 Binary Bits Right0 32 Binary Bits

Addition

Right1 32 Binary BitsLeft1 32 Binary Bits

Substitution Algorithm }Round

Repeat For 16 Rounds


5

length is too short, there will be a smaller number of possible keys which makes it possible for a person attempting to intercept a communication to check every key, eventually finding the correct one. The NSA limited the key length to 56 bits (56 binary digits) which would lead to about 100,000,000,000,000,000 possible keys. It was believed that this number was high enough to keep the civilian community secure but that the NSA would have access to computers powerful enough to break into messages by checking every possible key. In November 1976, this weakened version of Lucifer was adopted as the Data Encryption Standard (DES) algorithm (Singh, 250).

The Importance of Key LengthIt is shortened key length that would lead to the eventual cracking of DES. A

brute force attack is an attack that involves cycling through all possible keys instead of attacking the mathematics behind an encryption system. This attack is evermore possible with more powerful computers. In 1975, the key length of 56 bits may have been sufficient protection. An important factor to keep in mind when considering necessary key lengths is Moore’s Law. This law states that computing power will double every 18 months. The below table shows the necessary key lengths for adequate protection from attackers of various budgets in late 1995.

Type of Attacker Budget Tool Time and CostPer Key Recovered

Time and CostPer Key Recovered

Key Length NeededFor ProtectionIn Late-1995

Type of Attacker Budget Tool

40 bits 56 bits

Key Length NeededFor ProtectionIn Late-1995

Pedestrian Hacker Tiny Scavengedcomputer

time

1 week Infeasible 45Pedestrian Hacker

$400 FPGA 5 hours($0.08)

38 years($5,000)

50

Small Business $10,000 FPGA 12 minutes($0.08)

18 months($5,000)

55

Corporate Department

$300K FPGA 24 seconds($0.08)

19 days($5,000)

60Corporate Department

$300K

ASIC 0.18 seconds($0.001)

3 hours($38)

60

Big Company $10M FPGA 7 seconds($0.08)

13 hours($5,000)

70Big Company $10M

ASIC 0.005 seconds($0.001)

6 minutes($38)

70

Intelligence Agency $300M ASIC 0.0002 seconds($0.001)

12 seconds($38)

75

This data shows that a 70-bit-key would be needed by 1995 to offer equal protection as was offered in 1975. A bit has two possible values, therefore adding a single bit to a key doubles the number of possible keys. It may be easier to think about this concept in our traditional system of counting. If we only have one digit, there are


6

10 possible numbers we can have (0 to 9). By adding a second digit, we can have 100 possible values (0 to 99). In our standard number system, adding another digit will multiply the possible numbers by a factor of 10. This is because we work in a base 10 number system. In binary, which is base two, adding another digit will double the number of possible values. DES was designed to provide security all the way up to the “Big Company” level shown in this table. 35 years have passed since it’s invention. If we take Moore’s Law into account, computer power doubled about 23 times over the course of 35 years. This gives us computers 223 times faster than in 1975. Therefore, we should also increase our number of possible keys by this factor. Adding 23 bits to a 56 bit key means that a 79 bit key would be necessary to give us equal protection today.

Current modern encryption standards of the Symmetric Key type offer up to 256

bit keys. This is approximately 177 bits longer than needed from protection from the “Big Company” level in the table above today. Computing power must increase by a factor of 2177 for us to need to change encryption systems. Based on Moore’s Law this would take about 265 years to happen so today we are sufficiently protected. This can be determined by multiplying 177 by 18 to find out how many months it would take to double 177 times and then dividing by 12 to convert that to years.

Categories of Symmetric Key CryptographySymmetric Key algorithms usually are in one of two general categories. These

categories are: Block Ciphers and Stream Ciphers. The DES algorithm is a block cipher which operates on 64 bit blocks (Kessler, sec. 3.1). Block ciphers operate by encrypting one block of data at a time using the same key and rules on each block. Generally, the same plaintext encrypted with the same key will always become the same ciphertext with a block cipher. Stream ciphers on the other hand, will usually result in different ciphertexts even when using the same key. They operate on a bit by bit basis. Their output can vary because the key is always modified during the encryption process via some form of feedback mechanism. This means that the output of the encryption of the previous bit will directly effect the output of the next bit’s encryption. Other factors can influence the encryption of each bit such as how far the bit is in the overall encryption process (Kessler, sec. 3.1).

Cracking the DES StandardBy the mid-‘90s, the 56-bit key used by the DES standard was widely held to be

too short to be considered secure. The NSA still maintained that it was virtually unbreakable. In response to this statement, the RSA Laboratories sponsored various challenges to prove that the DES standard was no longer secure. The first challenge in March of 1997 was completed in 84 days using thousands of computers across the internet to work simultaneously on cracking the algorithm. The second challenge in early 1998 lasted only 40 days, once again using thousands of computers across the internet. By the end of the challenge, 28 billion keys were being processed per second. This challenge was completed a second time by the EFF (Electronic Frontier Foundation), an organization devoted to electronic privacy matters, in less than 3 days in July of the same year (Kessler, sec. 5.4).


7

They achieved this by building a machine called Deep Crack that could brute force attack a DES key in an average of 4.5 days. It sped through 90 billion keys per second and cost $220,000 dollars to build including the design prices. The design they used would be scalable so with an increased budget, machines could be built to crack DES encryption in even less time (Kessler, sec. 5.4).

The final DES challenge in January of 1999 was broken in less than a day using the Deep Crack machine and computers across the internet. The algorithm used by the Deep Crack machine differed from the methods used in most other attempts at cracking DES. This allowed it to function at a faster pace than that of other systems. It checked for the first decrypted block to contain alphanumeric characters, spaces, or punctuation. If it did, it continued to examine the key further by decrypting the next 64-bit block. Only if this block contained these characters did it continue checking the key. Even if the key which resulted in these appropriate characters was not the correct key, once a key which caused alphanumeric characters to appear in two consecutive blocks was found, only 16 million keys needed further examining. This greatly increased the speed of the cracking process as opposed to using standard brute-force methods (Kessler, sec. 5.4).

After DES was proven broken by these three challenges, a few variants appeared but none of them ever entered into widespread use. Work on the successor to DES, called the Advanced Encryption Standard (AES) began in 1997 by the NIST (the renamed National Bureau of Standards who initiated the work on the DES).

Advanced Encryption Standard (AES)In August of 1998, a formal request was put out for algorithms to consider for

the AES. Remarkably, the process was performed very publicly and had a large international nature. Also importantly, perhaps learning from the issues that resulted in the DES, the government choose not to limit the key length in the algorithm, resulting in a high level of security. After two rounds of selection, a final algorithm was chosen. This algorithm was called the Rijndael algorithm, chosen in 2000. It was developed by Joan Daemen and Vincent Rijmen, both Belgian, and officially accepted in 2001. It is a block cipher like DES. It can perform encryption using 128, 192 or 256 bit key lengths and 128, 192 or 256 bit block lengths; this allows for 9 possible very secure combinations. The design of the algorithm allows key and block length to be extended easily by 32 bits and also runs efficiently in both hardware and software versions (Kessler, sec 5.9).

During the encryption process, the initial input block and key go through multiple cycles of transformations before encryption is complete. This is very similar to how DES works but in AES, each cycle is called a state as opposed to a round. Throughout each cycle, a number of transformations are applied to the blocks before the final output is produced. One difference that between the AES standard and the original Rijndael algorithm is that AES only supports the 128 bit block size. AES variations are named according to the different key sizes. Therefore, the three AES versions are called AES-128, AES-192 and AES-256 (Kessler, sec 5.9).


8

Key Distribution ProblemSymmetric Key Cryptography is excellent in that it is generally relatively fast to

perform encryption and decryption, especially on today’s computers. There is a large issue though that is not unique to this cryptography method and that is managing key distribution. Symmetric Key Cryptography relies on the sender and receiver sharing the same secret key for distributing messages. Once that key is in place, messages can theoretically be sent over an unsecured channel without concern because the messages will be encrypted. Without a key already in place though, there is no way to transmit the key to use without an assurance of security asides from having physical contact with the recipient.

Even the government was struggling with the problem of key distribution. In fact, an entire organization, known as COMSEC, was dedicated to distributing keys for the government during the ‘70s. The banking industry was also struggling with distributing keys. The current system the banks were using involved sending specially selected courier riders across the world to physically distribute keys to people who would receive messages in the next week. This was very difficult to coordinate and incredibly expensive. If the government, military and financial system could only solve this issue using exorbitant amounts of money it would be practically infeasible for individuals to hope to distribute keys. No matter how secure the encryption method, the key distribution method will always be the weakest link. It was not until the late 1970s that this was solved through what is considered to be the most significant advance in the field of cryptography for centuries (Singh, 250-251).

Public Key Cryptography

Public Key Cryptography was designed as the solution to the Key Distribution problem. It is also known as Asymmetric Key Cryptography because it functions using two different but mathematically related keys (both of which are essentially very large numbers) (Pincock, 128-129). It was first described publicly in 1976 by Stanford University professor Martin Hellman and MIT graduate Whitfield Diffie. With Public Key Cryptography, a message may be sent between two people without the need to securely exchange a shared key. This problem was generally considered unsolvable before the research published by Hellman and Diffie (Singh, 254-255).

Although their research was performed before the internet was available for public use, Diffie foresaw the internet being used as it is today for private transactions of sensitive information. If the key distribution problem was difficult for government organizations to solve, how could the general public possibly hope to transmit the keys needed for secure transactions? Diffie was afraid that the general public would be denied the right to digital privacy because no method existed that did not require the sharing of a single secure key. Even the most common internet operations require public key cryptography; a widespread example today is e-commerce (Singh, 254-255).

After numerous failures, the paper published by Diffie and Hellman heralded a new era for cryptography and allowed much more widespread use. This paper described a scheme where each involved person has two keys, a public key and a


9

private key. The public key should be available to anyone who would like to communicate securely to this person. The private key, just like the key in Symmetric Key Cryptography, must be kept secret. These two keys form a person’s key pair. Knowledge of one key must not allow a person to gain knowledge of the other (Kessler, sec. 3.2). They are related through a type of mathematical function called a one-way function. Most mathematical functions are two-way because they are easy to undo. For example, addition is two way because all that needs to be done to undo it is subtraction (Kessler, sec. 3.2). An area of mathematics where one-way functions can frequently be found in is modular arithmetic.

Modular ArithmeticModular arithmetic allows us to relate a number to other numbers with the same

remainder when divided by a given integer. The basic structure of a modular congruency is a ≡ x (mod m). This means that a is equivalent to x modulo m, meaning that the remainders of a and x are the same when divided by m. A good way to think of congruencies are like a clock. For example, when we are adding hours on a clock, we can use modular arithmetic: 9 + 5 = 14. 14 ≡ 2 (mod 12). There are multiple values of a which could satisfy this equation. For example, 6 ≡ 2 (mod 4), 10 ≡ 2 (mod 4), and 14 ≡ 2 (mod 4). Using the ≡ (congruency) sign is one way to write modular equations. From these equations we can write the equivalency x + mk ≡ x (mod m) where k is an integer. We can also write them using the = sign which gives them a slightly different meaning. The equation a = x mod m means that a is the remainder of x when divided by m. Some examples of equations written in this style are 2 = 6 mod 4 and 3 = 21 mod 9. In the second case, mod is acting as an operation, like addition or subtraction, but in the first case, mod is describing an equivalency. The second style uses mod as a binary operator to perform an operation on two numbers, while the first uses mod as a binary equivalency to state a relation between two numbers.

RSA Algorithm

It is important to note that although Diffie and Hellman were the first to publish the concept of Public Key Cryptography, they did not have an actual working encryption algorithm. The RSA Algorithm, invented by three MIT mathematicians, Ronald Rivest, Adi Shamir and Leonard Adleman, was the first working Public Key Algorithm and is still the most commonly used today. They had two main goals for the algorithm they hoped to create:

1. A user must create a public key which is published such that every other person can use it to send messages to him. It must be impossible for anybody but the intended recipient to use this key to decrypt the messages.

2. The recipient must have a private key which is used to decrypt messages being sent to her, reversing the effects of encryption via the public key.

These goals, when combined, produce an algorithm that requires no transfer of private information between users before it can be used (Singh, 273-274).

After a year of work and repeated failure on discovering an asymmetric key algorithm, Rivest had a sudden breakthrough and wrote what was essentially a


10

complete paper on his method in one night. Although he wrote this paper alone, it grew out of his collaborative works with Shamir and Adleman (Singh, 274-275).

The security of RSA relies on the relative difficulty of factoring extremely large numbers created by multiplying two primes. Typically, during an attempt to factor, the number being factored is divided by every possible factor. If a division produces a quotient without a remainder, the divisor is a factor. This method may only take a brief amount of time for small numbers, but the numbers used in the RSA algorithm typically have lengths of about 10308 or even longer. Although there are some faster methods of factoring such as the quadratic sieve, number field sieve, or elliptic curve method, none of them are fast enough to factor a number this large in a reasonable amount of time, even when the calculations are being performed by computers. Until a faster method of factoring is discovered, which will likely not happen in the foreseeable future considering many mathematicians believe that there is a mathematical law which prevents any shortcut, RSA will remain virtually impregnable (Singh, 278).

Mathematics Behind RSAHow then does this security fit into RSA? The basic concept is relatively simple.

Alice, wishing to encrypt a message, chooses two primes, p and q, and multiples them together to produce a value, N. N is used as her public key. The one way function discovered by Rivest, which is based largely on modular arithmetic, can be altered depending upon the value of N used with it. Bob, knowing Alice’s chosen value of N encrypts a message using this function and N. (This message will have first been converted into a numerical format.) With only knowledge of N, reversing this function is impossible, but the key to RSA is that Rivest was able to design the one way function such that with knowledge of p and q it is reversible. Alice never published p and q so only she can decrypt the message. These two numbers form the private key (Singh).

The actual process is slightly more complex than described above. After Alice chooses her two primes she must choose a value of e. The value of e must be relatively prime to (p-1)(q-1), meaning it cannot divide evenly into this value. N and e are the values that actually form the public key. The message is first converted to number form, as they are in other encryption systems and then are encrypted using the encryption formula C = Me mod N. This is calculated by first evaluating Me then determining it’s representation in mod N. Alice must then calculate her decryption key d based on the values of p and q which only she knows. d is calculated using the formula ed ≡ 1 (mod (p-1)(q-1)). d could have multiple values. To decrypt the message, Alice uses the formula M = Cd mod N (Singh, 379-381).

Proving RSA Correctness (Johnston)There are multiple theorems that can be applied to prove the correctness of the

RSA process. The first of these is the Chinese Remainder Theorem. It provides a way to combine two modular expressions that use different moduli. It states that for x ≡ y (mod p) and x ≡ y (mod q), where p and q are coprime, meaning their largest shared factor is 1, x ≡ y (mod pq). This can be proven to be correct by looking at the following numerical example:

74/9 = 8 r2 => 74 ≡ 2 (mod 9)


11

74/8 = 9 r2 => 74 ≡ 2 (mod 8)74/72 = 1 r2 => 74 ≡ 2 (mod 72)The Fermat/Euler Theorem allows us to make a comparison between an

exponent and a modulus. It states that xp-1 ≡ 1 (mod p) when p is prime and x ≠ 0. The proof for this is slightly more difficult to understand than the proof for the Chinese Remainder Theorem.

Prove: xp-1 ≡ 1 (mod p)

Q = {1, 2, … p-1} This is the set of all numbers 1, 2, … p - 1. Every number in this set is coprime to p. It

is also the set of all numbers in (mod p) excluding 0 because 0 is not coprime to p.

U = Q * (x mod p) Each element in U is coprime to p as well.Consider this example:

p = 5Q = {1, 2, 3, 4}

U = Q * (3 mod 5)U = {3, 6, 9, 12}

Every element in U is coprime to 5 (p).

U mod p has all numbers that are coprime to p.

Considering the example from the previous step,

U mod 5 = {3, 1, 4, 2}

U is a permutation of Q in mod p

U1 · U2 ··· Up-1 ≡ Q1 · Q2 ··· Qp-1 (mod p) The product of the sets must be equal (multiplication is commutative)

xQ1 · xQ2 ··· xQp-1 ≡ Q1 · Q2 ··· Qp-1 (mod p)

As long as the whole operation is performed in mod p, multiplying the set Q by a common factor will make it remain

equal to Q (although in a different permutation).

Xp-1 ≡ 1 (mod p) Cancel out Q1 · Q2 ··· Qp-1 from both sides

We can see that this theorem is valid from the proof provided above. This theorem will help us in the RSA Proof due to the exponents used in both the encryption and decryption functions. (Johnston)

RSA’s validity can be proven by using these two theorems.


12

Given: Me ≡ C (mod N)

Cd ≡ M’ (mod N)Values of (d, e, N) are a valid RSA key; N = pq; p and q are prime

Prove: M ≡ M’ (mod N)

These two equations are the RSA encryption equation and the RSA

decryption equation in congruence form (so we can apply the theorems as stated).

We are proving M’ = M (mod N) [which essentially proves that M = M’ when M <

N, which is a requirement for RSA]

M ≡ M’ (mod N)

(Me)d ≡ M’ (mod N)

Substitution for C from the equation Me ≡ C (mod N)

Med ≡ M’ (mod N) Use laws of exponents to combine exponents by multiplying

Mk(p-1)(q-1) +1 ≡ M’ (mod N) Based on the description of RSA found above, d is generated so ed ≡ 1 (mod

(p-1)(q-1)) is true. We can convert this so it does not include the modulo by using

the equivalency mk + x ≡ x (mod m). This gives us ed = k(p-1)(q-1) + 1 to substitute

for ed.

M · Mk(p-1)(q-1) ≡ M’ (mod N) Separate the exponent using laws of exponents. X1 · X1 = X1+1 = X2

X = Mk(p-1)(q-1) Separating the equation to make this portion easier to work with

X = (M(p-1))k(q-1) Separating exponents by laws of exponents. Xab = (Xa)b

M(p-1) ≡ 1 (mod p) This substitution was proven in the Fermat/Euler theorem.

X ≡ 1k(q-1) (mod p) Substitute previous step into X = (M(p-1))k(q-1)

X ≡ 1 (mod p) 1 raised to any power will be 1

X ≡ 1 (mod q) By a similar method, but by beginning with (M(q-1))k(p-1) instead.

X ≡ 1 (mod pq)

X ≡ 1 (mod N)

Because p and q are both primes (making them coprimes to each other as well) we

can use the Chinese Remainder Theorem to combine them.


13

M · 1 ≡ M’ (mod N) Substituting X back into M · Mk(p-1)(q-1) ≡ M’ (mod N) can be done because both congruences are in the same modulo.

M ≡ M’ (mod N) Anything times 1 is itself.

This proof1 shows RSA’s correctness but does not prove that it is still secure today. We must return to the problem of factoring and key length to consider it’s security.

Why RSA Stays SecureAlthough RSA was invented in the late ‘70s, it is still incredibly secure today. It

is possible to generate an RSA key pair with a length of 4096 bits on even a relatively slow personal computer. For any number system, the number of possible values achievable with n digits can be described as bn where b is the base of the number system. We can confirm this by examining base ten. If we use one digit, we can produce the numbers 0,1,2,3,4,5,6,7,8, and 9. This is 10 possible numbers or 101. In binary, a 2 bit number could be, 00, 01, 10, or 11. This is 4 numbers or 22. A key length of 4096 bits would therefore have 24096 possible values. As you can imagine, this is an incredibly large number. We can express this number in a more understandable form using the properties of logarithms. Since 10log10(24096) = 24096, 24096 is approximately, 101233.01886. The number of possible factors for this number is understandable huge, therefore it is effectively impossible to compute the prime factors with current technology in a reasonable amount of time.

Cryptographic Hash Functions

Cryptographic Hash Functions are used to ensure data integrity, that is make sure that information has not changed during the sending of a message. A hash irreversibly “encrypts” information, producing a hash value. Theoretically, a well designed hash function will make it incredibly difficult to discover two messages that have the same hash value, providing a ‘digital fingerprint’ for the information. It is important to note that there are messages with the same hash value, it is just must be incredibly difficult to discover how to create a message with the same hash value as another message. Hash values are typically used to ensure that computer files have not been modified by viruses, modified in transit, or had other changes made to them. They are also used to store passwords of users in most computer systems. It is impossible to obtain the original message from a hash value. If two messages are discovered which share the same hash value, it is said that there is a hash collision. Hash collisions are typically signs that a hash is insecure. Currently the most popular hashes are MD-5 and SHA. MD-5 was designed by Rivest and SHA was developed for


14

1 Proof is based on work in (Johnston, “RSA: Mathematics”) but is modified slightly.

the NIST’s Secure Hash Standard and later a second SHA algorithm was developed for use in the NIST’s Digital Signature Standard (Kessler, sec 3.3).

Both these hash functions have had weaknesses discovered in them (Kessler, sec 3.3). Potential issues with MD-5 were reported by Hans Dobbertin in 1996. Practical methods of forcing hash collisions in SHA, MD-5 and various other hashes were discovered by researchers in 2004. Currently a competition is being held by the NIST to choose a SHA-3 Algorithm for a new Secure Hash Standard, similar to the competition held to select Rijndael for the AES standard. The entrants have gone through 2 rounds of eliminations so far and currently 5 hash functions are being considered in the final round. According to the competition website, the next SHA hash is targeted to be chosen by the end of 2012.

Applications of Cryptography

Hybrid Encryption SchemesAt this point, it may not be obvious why there are three different encryption

schemes. Once Public Key Encryption was invented, solving key distribution, why do we still need to keep Symmetric Key Cryptography around? And why do we need cryptographic hashes when encryption should guarantee that our data can’t be changed? Typically, these three systems are combined to create a hybrid encryption scheme that includes all aspects of encryption, including data integrity, non-repudiation, confidentiality and authentication. When these encryption methods are combined, what is formed is known as a hybrid encryption scheme. The figure

Symmetric Key Crypto

(Kessler, sec 3.4) above shows a hybrid encryption scheme used to send an encrypted message from Alice to Bob. The message is sent in a package including the digital signature and a digital envelope.


15

The digital signature is used to ensure data integrity and non-repudiation. Alice first performs a hash function on the message, then encrypts the hash produced with her private key. This means that Bob must use her public key to decrypt the hash, proving that only Alice could have sent the message, thus solving the non-repudiation portion of cryptography. Bob can also recalculate the hash once he has decrypted the message, proving that the message he received is the one Alice sent.

Inside the digital envelope is the message, and a key with which to decrypt it. The message itself is encrypted with Symmetric Key Cryptography. The key is encrypted with Public Key Cryptography using Bob’s public key, meaning that only he can decrypt the session key, randomly generated for use with this transaction, with which to decrypt the message. The reason Symmetric Key Cryptography is used to encrypt the message instead of just encrypting the message with Public Key Cryptography and forgoing Symmetric Key Cryptography is because Symmetric Key Cryptography can encrypt and decrypt messages up to 1000 times faster (Kessler, sec 3.4). On small messages, this does not make much of a difference. But for large transactions, this is a huge advantage. The Public Key Cryptography provides the authentication to ensure that only Bob can receive the message, while the Symmetric Key Cryptography ensures that the message stays confidential. In this case, Public Key Cryptography is only used to solve the problem it was designed to overcome: Key Distribution.

Trust ModelsThere is one issue that may not be immediately obvious with this scheme. What

if Mallory, trying to steal information, pretends to be Bob, and publishes a public key, claiming it is Bob’s and is able to give it to numerous people trying to communicate with Bob? Then, Alice believes she is encrypting messages and sending them to Bob but in reality, Mallory can decrypt their contents. This problem is solved by using various systems known as Trust Models to link keys with their owners.

PGP (Pretty Good Privacy)Pretty Good Privacy (PGP) was invented by Phillip Zimmermann in the early

1990s. It was a system for sending secure emails between individual persons and was one of the earliest Hybrid Encryption Schemes. A user of PGP maintains a “keyring” containing the public keys of other people, associated by email address. To find out an unknown public key, the user can either ask for it in email, download it from a published server, or take it from another person who claims to know it. The user must decide which of these other sources he trusts most and that trust is the trust level he will be able to have for the key. If two keys for one person are published, the user will take the key from the most trusted source. Although PGP provides no method or standard for deciding who is trusted, some similar tools based on it do provide guidelines. PGP allows for the encryption and signing of emails in a similar method as was described in the Hybrid Encryption Scheme section. There is also an option to sign emails without encrypting the body contents (Kessler, sec 4.1).

CertificatesCertificates are the primary trust scheme used on the internet today and are

mainly used in the e-commerce and business world, although they do have other uses.


16

A Certificate is issued to a holder by a Certificate Authority (CA) which has certain practices for ensuring the identity of the holder. Certificates establish the identity of the key holder and dictate what actions that holder can perform with the key. Typically their contents are a public key, holder name, expiration date, name of the authority which issued the certificate, policies describing how the certificate may be used and was issued, a digital signature of the issuer and possibly other information. Certificate Authorities have ‘root level’ certificates that generally come provided with popular browsers and are used to ensure the identity of the Certificate Authority (Kessler, sec. 4.3).

A Certificate Authority could be any entity which issues certificates. For example, a company may issue certificates to it’s employees, and that company, acting as a Certificate Authority, may have a certificate provided by another Certificate Authority. The Certificate Authority which provided the company with it’s certificate is trusting the certificates issued by the company. This process begins the formation of trust relationships between various Certificate Authorities which further increase the availability and trust associated with the certificates they provide. The amount of trust bestowed upon a Certificate Authority comes from their policies regarding the checking of identity of certificate holders. Certificate Authorities also have the ability to revoke certificates, removing the trust they place in them, when the key related to them is being used for malicious purposes or is lost. This will typically result in a warning in the end-user’s browser indicating that the site they are attempting to visit should not be trusted.

SSL/TLS (Secure Sockets Layer/Transport Layer Security)The Certificate system provides a layer for transporting public keys around the

web. The system that provides us with actual security in almost every secured internet based transaction is called SSL and relies heavily on the certificate system. This is the system that encrypts credit card numbers and other transaction data which we provide to e-commerce sites and passwords we use to access our emails.

SSL was invented by Netscape Communications to provide a layer for authenticating, establishing an agreed Symmetric Key Encryption method for session data, and transmitting the session key. SSL is application independent. This means that it can be used for different protocols including HTTP (HyperText Transfer Protocol, used to transfer web pages between web servers and clients), FTP (File Transfer Protocol, used for transferring files to servers or downloading them), and SSH (Secure SHell). SSL was iterated through 3 versions and was then extended by TLS, an open backwards compatible version of SSL, after SSL version 3 was found to be insecure. TLS is still commonly known as SSL (sometimes called SSL 3.1) and fixes the security problems in SSL version 3.

The basic SSL/TLS authentication involves a client and a server. The client is requesting or sending some form of data to the server. SSL provides a method for the client to begin a secure connection. The client begins the transaction process which proceeds as follows (Kessler, sec 5.7):

1. Client sends a ClientHello message containing the Session identifier, highest SSL version supported by the client, and a list of supported encryption methods and compression methods (in preference order).


17

2. Server checks to see if the Session ID is in it’s cache (a list of previous sessions which contains information about them). If it is, the server will use the information stored to continue the previous data transfer session. If it is not, it will continue the process of establishing a new session by sending a ServerHello message which will contain the SSL version which will be used for the connection (the highest version supported by both the client and the server), and the encryption and compression methods to be used for the new connection (the method chosen is the first method supported by the server in the client’s list).

3. The server may also send various optional messages including:3.1. Certificate - the public key certificate (as described in the earlier

certificate section). This is usually sent unless another method is pre-agreed upon for key exchange.3.2. ServerKeyExchange - used in some key exchange schemes which don’t

involve certificates or where the certificate does not contain enough information to create the private session.3.3. CertificateRequest - this will be sent if the server needs a copy of the

client’s certificate for authentication. It will not be sent when the server does not require authentication of the client.3.4. SeverHelloDone - sent when the server is finished sending it’s

messages.4. The client responds with some required and some optional messages

including:4.1. Certificate - the client’s certificate. Sent in response to a

CertificateRequest message from the server.4.2. ClientKeyExchange - the secret key to be used for the data transfer

session. Encrypted with the server’s public key which was provided in it’s certificate.4.3. CertificateVerify - used if the server needs authentication from the

client.5. The TLS protocol has an added ChangeCipherSpec message which is

encrypted and compressed used the current agreed upon encryption scheme. It can be sent by either the client or server to notify the other that a new set of keys and cipher system will be used for following messages.

6. Finished will be sent if the ChangeCipherSpec is successful.7. Session data is exchanged using the key negotiated and sent in the

ClientKeyExchange or the most recent ChangeCipherSpec transaction.This list of transactions makes up the most widely used Hybrid Encryption

System. SSL is most commonly used in a one-way fashion, providing only authentication of the server in e-commerce transactions. In these types of transactions, the client is considered authenticated once their payment info has been authenticated by the bank via a transaction between the server and their bank’s system (Kessler, sec 5.7).


18

Conclusion

At first glance, Cryptography may seem like an incredibly uninteresting and unimportant topic only cared about by paranoid, secretive people and governments. In fact, Cryptography provides the basis for the functioning of the world and is used by nearly every person, with or without their knowledge, daily. Every cell phone conversation and text message is encrypted using a cryptographic system. Every time we pay a bill, or make a purchase at the supermarket with our credit cards Cryptography is used. A large majority of the time we spend on the internet is encrypted using Cryptography and perhaps all of it will be eventually. Whether we are just signing into Facebook, making hotel reservations, or booking a flight to fly across the country, encryption will be used.

Surprisingly, the most secure cryptographic scheme is the oldest algorithm that has not had discovered vulnerabilities. Cryptography is one of the few fields that employs a “don’t fix it until it’s broken” mentality. That said, it is important to keep Moore’s law in mind to make sure technology doesn’t catch up with encryption schemes before new ones, using longer key lengths or a more difficult mathematical calculation are created, and it is good to always stay prepared for the future.

Cryptography is also an important tool in maintaining free speech and avoiding government snooping, with encryption available that would take years for even the fastest computer to crack. Thus, keeping high security, up-to-date cryptography publicly available is very important. Cryptography must never become privatized and must remain an open technology with a high availability. Without cryptography, our high-tech, information hungry society would not be able to function and our government would have further troubles keeping it’s classified information secure.


19

Works Cited

Johnston, Paul. "Cryptography: RSA: Mathematics." Paj's Home. 23 Aug. 2010. Web.

23 Dec. 2010. <http://pajhome.org.uk/crypt/rsa/maths.html>.

Kessler, Gary C. "An Overview of Cryptography." GaryKessler.net Home Page. 9 Nov.

2010. Web. 20 Nov. 2010. <http://www.garykessler.net/library/crypto.html>.

Pincock, Stephen. "Originality." Codebreaker: the History of Codes and Ciphers, from

the Ancient Pharaohs to Quantum Cryptography. New York: Walker, 2006. 11-41.

Print.

Sedgewick, Robert, and Kevin Wayne. "Cryptography." Introduction to Programming in

Java. Princeton University, 2010. Web. 6 Dec. 2010. <http://

www.cs.princeton.edu/introcs/78crypto/>.

Singh, Simon. The Code Book: the Evolution of Secrecy from Mary, Queen of Scots, to

Quantum Cryptography. New York: Doubleday, 1999. Print.

Weisstein, Eric W. "Common Residue." MathWorld. Wolfram. Web. 1 Jan. 2011.

Weisstein, Eric W. "Congruence." MathWorld. Wolfram. Web. 1 Jan. 2011.

Weisstein, Eric W. "Modulus." MathWorld. Wolfram. Web. 1 Jan. 2011.

Wright, David J. "Solving Congruences: The Chinese Remainder Theorem." OSU

Mathematics. Web. 2 Jan. 2011. <http://www.math.okstate.edu/~wrightd/crypt/

lecnotes/node21.html>.

20

http://pajhome.org.uk/crypt/rsa/maths.html

http://pajhome.org.uk/crypt/rsa/maths.html

http://www.garykessler.net/library/crypto.html

http://www.garykessler.net/library/crypto.html

http://www.cs.princeton.edu/introcs/78crypto/




http://www.math.okstate.edu/~wrightd/crypt/lecnotes/node21.html




Modern Cryptography - dhat.ch

Documents