Top Banner
MS 1 Cryptography istory & Puzzles istory & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues “Applied Cryptography”, Bruce Schneier “Cracking DES”, Electronic Frontier Foundatio “The Code Book”, Simon Singh
46

MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

Mar 31, 2015

Download

Documents

Kaden Whitaker
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 1

Cryptography

History & PuzzlesHistory & PuzzlesSubstitution CiphersThe birth of Cryptanalysis

Modern TimesModern TimesDESDiffie-Hellman key exchangeRSAPGPContentious Issues

“Applied Cryptography”, Bruce Schneier“Cracking DES”, Electronic Frontier Foundation“The Code Book”, Simon Singh

Page 2: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 2

Good IdeaGood Idea

Cryptography

The Basic Idea:The Basic Idea:

plaintext

algorithm

Key

ciphertext

Two approaches:Two approaches:

1) Make algorithm secret and don’t use a key.

2) Make algorithm public but keep the key secret.

Bad Idea

Bmp example

Page 3: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 3

Before ComputersSubstitution ciphers ruled:

A B C D E F G H I J K L M N O P Q R S T U V W X Y ZD E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Caesar (Shift by N): 26 possibilities, easy to decode

A B C D E F G H I J K L M N O P Q R S T U V W X Y ZB U S H A N D G O R E F I J K L M P Q T V W X Y Z C

Key Phrase: Lots of possibilities, a bit harder to decode

A B C D E F G H I J K L M N O P Q R S T U V W X Y ZN D T V G K L M R E P O F I J Q U S W X B H A Y Z C

Random Mapping: 4 x 1026 possibilities, harder to decode

Page 4: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 4

Before ComputersCryptanalysis:

First known publication:“A Manuscript on Deciphering Cryptographic Messages”

By the ninth century Arab scholar:Abu Yusuf Ya’qub ibn Is-haq ibn as-Sabbah ibn ‘omran ibn Ismail al-Kindi

Statistical “Frequency Analysis” of letters & words can easilybreak any mono-alphabetic substitution cipher.

In English: most common letters: E, T, A, O, I, N, S, … most common 2 letters words: ON, AS, TO, AT, IT… most common 3 letters words: THE, AND, FOR, WAS,…

Page 5: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 5

ORITFSIMU YKFMUNM WIUNIS UEI HFKK RIMIXFMD UEI PVUENRFUA NC UEI MPUFNM'T FMUIKKFDIMYI PDIMYFIT HIYPVTI FU YNMUPFMT XEPU EI YPKKIS P ORNWFTFNM UEPU XNVKS LPJI FU P YRFLI CNR P DNWIRMLIMU NCCFYFPK UN SFTYKNTI YKPTTFCFIS FMCNRLPUFNM.

ORITFSIMU YKFMUNM WIUNIS UEI HFKK RIMIXFMD UEI PVUENRFUA NC--------- ------- ------ --- ---- -------- --- --------- --UEI MPUFNM'T FMUIKKFDIMYI PDIMYFIT HIYPVTI FU YNMUPFMT XEPU --- ------'- ------------ -------- ------- -- -------- ----EI YPKKIS P ORNWFTFNM UEPU XNVKS LPJI FU P YRFLI CNR P -- ------ - --------- ---- ----- ---- -- - ----- --- - DNWIRMLIMU NCCFYFPK UN SFTYKNTI YKPTTFCFIS FMCNRLPUFNM. ---------- -------- -- -------- ---------- -----------.

ORITFSIMU YKFMUNM WIUNIS UEI HFKK RIMIXFMD UEI PVUENRFUA NC--e---e-t ----t-- -et-e- the ---- -e-e---- the --th---t- --UEI MPUFNM'T FMUIKKFDIMYI PDIMYFIT HIYPVTI FU YNMUPFMT XEPU the --t---'- --te----e--e --e---e- -e----e -t -------- -h-tEI YPKKIS P ORNWFTFNM UEPU XNVKS LPJI FU P YRFLI CNR P he ----e- - --------- th-t ----- ---e -t - ----e --- - DNWIRMLIMU NCCFYFPK UN SFTYKNTI YKPTTFCFIS FMCNRLPUFNM. ---e---e-t -------- t- -------e --------e- -------t---.

U=tE=hI=e

Page 6: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 6

ORITFSIMU YKFMUNM WIUNIS UEI HFKK RIMIXFMD UEI PVUENRFUA NC--e-i-e-t --i-to- -etoe- the -i-- -e-e-i-- the a-tho-it- o-UEI MPUFNM'T FMUIKKFDIMYI PDIMYFIT HIYPVTI FU YNMUPFMT XEPU the -atio-'- i-te--i-e--e a-e--ie- -e-a--e it -o-tai-- -hatEI YPKKIS P ORNWFTFNM UEPU XNVKS LPJI FU P YRFLI CNR P he -a--e- a --o-i-io- that -o--- -a-e it a --i-e -o- a DNWIRMLIMU NCCFYFPK UN SFTYKNTI YKPTTFCFIS FMCNRLPUFNM. -o-e---e-t o--i-ia- to -i---o-e --a--i-ie- i--o--atio-.

F=iN=o

ORITFSIMU YKFMUNM WIUNIS UEI HFKK RIMIXFMD UEI PVUENRFUA NC--e---e-t ----t-- -et-e- the ---- -e-e---- the a-th---t- --UEI MPUFNM'T FMUIKKFDIMYI PDIMYFIT HIYPVTI FU YNMUPFMT XEPU the -at---'- --te----e--e a-e---e- -e-a--e -t ---ta--- -hatEI YPKKIS P ORNWFTFNM UEPU XNVKS LPJI FU P YRFLI CNR P he -a--e- a --------- that ----- -a-e -t a ----e --- a DNWIRMLIMU NCCFYFPK UN SFTYKNTI YKPTTFCFIS FMCNRLPUFNM. ---e---e-t ------a- t- -------e --a-----e- ------at---.

P=a

Page 7: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 7

ORITFSIMU YKFMUNM WIUNIS UEI HFKK RIMIXFMD UEI PVUENRFUA NC-re-i-e-t --i-to- -etoe- the -i-- re-e-i-- the a-thorit- ofUEI MPUFNM'T FMUIKKFDIMYI PDIMYFIT HIYPVTI FU YNMUPFMT XEPU the -atio-'- i-te--i-e--e a-e--ie- -e-a--e it -o-tai-- -hatEI YPKKIS P ORNWFTFNM UEPU XNVKS LPJI FU P YRFLI CNR P he -a--e- a -ro-i-io- that -o--- -a-e it a -ri-e for a DNWIRMLIMU NCCFYFPK UN SFTYKNTI YKPTTFCFIS FMCNRLPUFNM. -o-er--e-t offi-ia- to -i---o-e --a--ifie- i-for-atio-.

C=fR=r

ORITFSIMU YKFMUNM WIUNIS UEI HFKK RIMIXFMD UEI PVUENRFUA NC-re-i-e-t cli-to- -etoe- the -ill re-e-i-- the authority ofUEI MPUFNM'T FMUIKKFDIMYI PDIMYFIT HIYPVTI FU YNMUPFMT XEPU the -atio-'- i-telli-e-ce a-e-cie- -ecau-e it co-tai-- -hatEI YPKKIS P ORNWFTFNM UEPU XNVKS LPJI FU P YRFLI CNR P he calle- a -ro-i-io- that -oul- -a-e it a cri-e for a DNWIRMLIMU NCCFYFPK UN SFTYKNTI YKPTTFCFIS FMCNRLPUFNM. -o-er--e-t official to -i-clo-e cla--ifie- i-for-atio-.

Y=cK=lV=uA=y

Page 8: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 8

O=pT=sS=dM=nL=m

ORITFSIMU YKFMUNM WIUNIS UEI HFKK RIMIXFMD UEI PVUENRFUA NCpresident clinton -etoed the -ill rene-in- the authority ofUEI MPUFNM'T FMUIKKFDIMYI PDIMYFIT HIYPVTI FU YNMUPFMT XEPU the nation's intelli-ence a-encies -ecause it contains -hatEI YPKKIS P ORNWFTFNM UEPU XNVKS LPJI FU P YRFLI CNR P he called a pro-ision that -ould ma-e it a crime for a DNWIRMLIMU NCCFYFPK UN SFTYKNTI YKPTTFCFIS FMCNRLPUFNM. -o-ernment official to disclose classified information.

W=vH=bD=gM=nL=mX=wJ=k

ORITFSIMU YKFMUNM WIUNIS UEI HFKK RIMIXFMD UEI PVUENRFUA NCpresident clinton vetoed the bill renewing the authority ofUEI MPUFNM'T FMUIKKFDIMYI PDIMYFIT HIYPVTI FU YNMUPFMT XEPU the nation's intelligence agencies because it contains whatEI YPKKIS P ORNWFTFNM UEPU XNVKS LPJI FU P YRFLI CNR P he called a provision that would make it a crime for a DNWIRMLIMU NCCFYFPK UN SFTYKNTI YKPTTFCFIS FMCNRLPUFNM. government official to disclose classified information.

Page 9: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 9

There are patches to try to increase the security ofthe mono-alphabetic substitution cipher:-Eliminate spaces-Use many to one mappings that level the frequencies-Lots of other clever ideas…

Still very weak! Clever cryptanalysists knew how to beat them all hundreds of years ago !!

Polyalphabetic substitution ciphers provided the next big step. (Worked OK until the dawn of modern computers).

Idea: Use many different substitution alphabets; different ones for different letters.

Page 10: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 10

Vigenere square (1586)

a b c d e f g h i j k l m n o p q r s t u v w x y z 1 B C D E F G H I J K L M N O P Q R S T U V W X Y Z A 2 C D E F G H I J K L M N O P Q R S T U V W X Y Z A B 3 D E F G H I J K L M N O P Q R S T U V W X Y Z A B C 4 E F G H I J K L M N O P Q R S T U V W X Y Z A B C D 5 F G H I J K L M N O P Q R S T U V W X Y Z A B C D E 6 G H I J K L M N O P Q R S T U V W X Y Z A B C D E F 7 H I J K L M N O P Q R S T U V W X Y Z A B C D E F G 8 I J K L M N O P Q R S T U V W X Y Z A B C D E F G H 9 J K L M N O P Q R S T U V W X Y Z A B C D E F G H I 10 K L M N O P Q R S T U V W X Y Z A B C D E F G H I J 11 L M N O P Q R S T U V W X Y Z A B C D E F G H I J K 12 M N O P Q R S T U V W X Y Z A B C D E F G H I J K L 13 N O P Q R S T U V W X Y Z A B C D E F G H I J K L M 14 O P Q R S T U V W X Y Z A B C D E F G H I J K L M N 15 P Q R S T U V W X Y Z A B C D E F G H I J K L M N O 16 Q R S T U V W X Y Z A B C D E F G H I J K L M N O P 17 R S T U V W X Y Z A B C D E F G H I J K L M N O P Q 18 S T U V W X Y Z A B C D E F G H I J K L M N O P Q R 19 T U V W X Y Z A B C D E F G H I J K L M N O P Q R S 20 U V W X Y Z A B C D E F G H I J K L M N O P Q R S T 21 V W X Y Z A B C D E F G H I J K L M N O P Q R S T U 22 W X Y Z A B C D E F G H I J K L M N O P Q R S T U V 23 X Y Z A B C D E F G H I J K L M N O P Q R S T U V W 24 Y Z A B C D E F G H I J K L M N O P Q R S T U V W X 25 Z A B C D E F G H I J K L M N O P Q R S T U V W X Y 26 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Page 11: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 11

Vigenere square

a b c d e f g h i j k l m n o p q r s t u v w x y z 1 B C D E F G H I J K L M N O P Q R S T U V W X Y Z A 2 C D E F G H I J K L M N O P Q R S T U V W X Y Z A B 3 D E F G H I J K L M N O P Q R S T U V W X Y Z A B C 4 E F G H I J K L M N O P Q R S T U V W X Y Z A B C D 5 F G H I J K L M N O P Q R S T U V W X Y Z A B C D E 6 G H I J K L M N O P Q R S T U V W X Y Z A B C D E F 7 H I J K L M N O P Q R S T U V W X Y Z A B C D E F G 8 I J K L M N O P Q R S T U V W X Y Z A B C D E F G H 9 J K L M N O P Q R S T U V W X Y Z A B C D E F G H I 10 K L M N O P Q R S T U V W X Y Z A B C D E F G H I J 11 L M N O P Q R S T U V W X Y Z A B C D E F G H I J K 12 M N O P Q R S T U V W X Y Z A B C D E F G H I J K L 13 N O P Q R S T U V W X Y Z A B C D E F G H I J K L M 14 O P Q R S T U V W X Y Z A B C D E F G H I J K L M N 15 P Q R S T U V W X Y Z A B C D E F G H I J K L M N O 16 Q R S T U V W X Y Z A B C D E F G H I J K L M N O P 17 R S T U V W X Y Z A B C D E F G H I J K L M N O P Q 18 S T U V W X Y Z A B C D E F G H I J K L M N O P Q R 19 T U V W X Y Z A B C D E F G H I J K L M N O P Q R S 20 U V W X Y Z A B C D E F G H I J K L M N O P Q R S T 21 V W X Y Z A B C D E F G H I J K L M N O P Q R S T U 22 W X Y Z A B C D E F G H I J K L M N O P Q R S T U V 23 X Y Z A B C D E F G H I J K L M N O P Q R S T U V W 24 Y Z A B C D E F G H I J K L M N O P Q R S T U V W X 25 Z A B C D E F G H I J K L M N O P Q R S T U V W X Y 26 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Keyword VOTEVOTEVOTEVOTEVOTE…Plaintext ihavethreestinkydogs…Ciphertext DVTZZHAVZSLXDBDCYCZW… Immune to frequency analysis !

Page 12: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 12

Keyword VOTEVOTEVOTEVOTEVOTE…Plaintext ihavethreestinkydogs…Ciphertext DVTZZHAVZSLXDBDCYCZW…

This can still be cryptanalyzed:- just N monoaphabetic substitution ciphers (N is length of key)- so, just solve the N monoaphabetic problems as before

DZZDY…

VHSBC…

TALDZ…

ZVXCW…

Do frequency analysis on these separately

Page 13: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 13

OK, so make the key longer.Make it as long as the message !

If there are patterns in the key (for example, words), the message can still be decrypted with a bit of work.

Keyword VOTINGISIMPORTANTFOR…Plaintext ihavethreestinkydogs…Ciphertext DVTDRZPJMQPHAGKLWTUJ…

Enigma: Repeated after 263 = 17,576 lettersSuccessfully broken by Rajewski, Turing et al.(a lot of work…protocol important)

Page 14: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 14

However:

IF If the key is as long as the messageAND The key is completely randomTHEN

The encryption is perfect (can’t be broken) !!!

This is called a “One Time Pad”

Page 15: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 15

The proof that a one time pad gives perfect security is simple:Suppose you have the ciphertextSince all keys are equally likely, thenall decoded messages are equally likely !

Keyword ASDFPlaintext dogsCiphertext DGJX

Ciphertext DGJXKeyword ASDFPlaintext dogs

Ciphertext DGJXKeyword BGQFPlaintext cats

How message was encoded:

How it should be decodedgiven the correct key:

How it could be decodedgiven an equally likely key:

Page 16: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 16

Along come computers

*Computing engines were spawned from code-breaking efforts during WW-II (Turing).

Tailor made for both code making & braking*

Represent message as a list of numbers (bits) andoperate on these with your favorite algorithm.

Simplest Case: Exclusive OR

Plaintext DEAD 1101 1110 1010 1101

0 0 = 01 0 = 10 1 = 11 1 = 0

Key BEEF 1011 1110 1110 1111

Ciphertext 0110 0000 0100 0010 = 6042

=

Page 17: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 17

This is an example of Symmetric Key Encryption

Plaintext DEAD 1101 1110 1010 1101

Key BEEF 1011 1110 1110 1111

Ciphertext 0110 0000 0100 0010 = 6042

=

Key BEEF 1011 1110 1110 1111Plaintext 1101 1110 1010 1101 = DEAD=

Ciphertext 6042 0110 0000 0100 0010

Real Simple: Same key to encode and decode

Page 18: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 18

SO: Just generate a long “one time pad” bitstream, do the simple XOR, and we have perfect security.

This has two problems:

1) It’s hard to generate a long truly random bitstream.

2) Sender and receiver must both have the same one time pad (i.e. the key).

If we make the algorithm more sophisticated we canmake the minimum length of a secure key much shorter.

Page 19: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 19

plaintext block

fN bit Key

ciphertext block

Suppose we have an algorithm that takes a block of plaintextand converts it into a block of ciphertext using an N bit key.

Suppose that changing any single bit in the key completely changesthe ciphertext.

We could only break this bytrying all 2N possible keys.

If N = 128, the time required is way beyond the age of the universe.

DES (Digital Encryption Standard)

Page 20: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 20

DES64 bit plaintext block

IP

L0 R0

L1=R0 R1=L0 + f(R0,K1)

fK1 (derived from 56 bit key)

L16=R15

fK16 (derived from 56 bit key)

IP-1

repeat 16 times…

64 bit ciphertext block

R16=L15 + f(R15,K16)

32 32

Page 21: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 21

IP (Initial Permutation):

8 16 24 32 40 48 56

8 16 24 32 40 48 56

Page 22: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 22

L0 R0

L1 R1

48 bit subkeyGeneratorK48 = g(i,K56)

(The key for each round isdeterministicallyfound from the input 56 bit key).

Expansion Permutation

S-Box Substitution

P-Box Permutation

32

4848

48

32

32

3232

32

Page 23: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 23

1 4 5 8 9 12 13 16 17 20 21 24 25 28 29 32

1 48

Expansion Permutation

32

48

Page 24: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 24

1 48

X-OR with 48 bit key

1 48

4848

48

Page 25: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 25

S-box1

S-box2

S-box3

S-box4

S-box5

S-box6

S-box7

S-box8

1 4 5 8 9 12 13 16 17 20 21 24 25 28 29 32

1 48

S-Box Substitution

48

32

Page 26: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 26

S-box1

14 4 13 1 2 15 11 83 10 6 12 5 9 0 7

0 15 7 4 14 2 13 110 6 12 11 9 5 3 8

4 1 14 8 13 6 2 1115 12 9 7 3 10 5 0

15 12 8 2 4 9 1 75 11 3 14 10 0 6 13

Pag

e se

lect

How an S-Box works

Page 27: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 27

1 4 5 8 9 12 13 16 17 20 21 24 25 28 29 32

P-Box Permutation

32

32

1 4 5 8 9 12 13 16 17 20 21 24 25 28 29 32

Page 28: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 28

IP-1 (Final Permutation):

8 16 24 32 40 48 56

8 16 24 32 40 48 56

Page 29: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 29

Initial Key Permutation

8 16 24 32 40 48 56

8 16 24 32 40 48 56

64

Page 30: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 30

Key Split & Shift & Compress

8 16 24 32 40 48 56

Shift left by Ni Shift left by Ni

8 16 24 32 40 48 56

Ni = {1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1}

8 16 24 32 40 48

Shift accumulates every round

K48

K56

Page 31: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 31

plaintext block

f56 bit Key

ciphertext block

Very Fast: Ideally suited for implementationin hardware (bit shifts, look-ups etc).

Dedicated hardware (in 1996) couldrun DES at 200 Mbyte/s.

DES Advantages:DES Advantages:

Well suited for voice, video etc.

Page 32: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 32

plaintext block

f56 bit Key

ciphertext block

Not too good: Trying all 256 possible keys is not that hard these days.

If you spend ~$25k you can builda DES password cracker that can will succeed in a few hours.

DES Security:DES Security:

(Thank the NSA for this)

Back in 1975 this would have costa few billion $$. It is widely believedthat the NSA did this.

Similar algorithms with longer keys are available today (IDEA).

EFF

Page 33: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 33

With any symmetric algorithm, the key must be agreed upon by sender and receiver in a secure way.

Other Issues:Other Issues:

Then along came Diffie & Hellman…

Before 1976, key exchange was by far the biggest problem in secure communications !

Page 34: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 34

Modular ArithmeticModular Arithmetic to the Rescue:Diffie–Hellman Key Exchange

How Alice and Bob want to come up with the same key by talking on the phone without giving it away to a third party listening to the conversation.

1) They agree on a large prime number p and a small integer g. These numbers are not secret.

2) Alice picks a large random integer a, and calculates A = ga mod pAlice tells Bob what A is.

3) Bob picks a large random integer b, and calculates B = gb mod pBob tells Alice what B is.

4) Alice computes Ka = Ba mod p.5) Bob computes Kb = Ab mod p.

Low and behold: Ka = Kb = gab mod p.

Someone spying on the phone can not get the key without knowing a and b, which were never spoken. Figuring out a and b from A, B, g, and p is as hard as it is to factor numbers the same size as p, hence p should be big (hundreds of digits).

Page 35: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 35

Generating Huge Primes:

Idea:Idea:

1) Pick a big random number.2) Test to see if it’s prime.

There are several probabilistic methods:

Choose a possible prime p=33209533878488951298293621905948288497515233544999

Choose a “witness” random number a = 7229265988

Calculate j = a(p-1)/2 mod p (= 1 in this case)

If j = +1 or –1 then the chance that p is not prime is no more than 50%

Choose another “a” and test again. Repeat until desired confidence is reached.

Don’t do this the hard way (factoring)…

Page 36: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 36

Are there enough Huge Primes?

YES!YES!

• For numbers near n the chance of a number being prime is one in ln(n)

• There are about 10150 prime numbers containing 512 bits (155 digits).

• If every atom in the universe needed a billion primes every microsecond from the beginning of time until now, we would only use 10110 primes.

Page 37: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 37

Public Key Cryptography:RSA RSA (Rivest, Shamnir, Adleman: 1977)

IDEA:IDEA: Alice has a “public” encryption key that everyone knows, and a “private” decryption key that only she knows. Bob looks up her public key, encrypts his message, and sends it to her. She decrypts it with her private key.

1) Pick two large prime numbers p and q. These are secret.2) Calculate n = pq 3) Pick another number e such that e and (p-1)(q-1) are relatively prime.4) The numbers n and e make up your public key. Publish them!

5) Calculate d such that ed = 1 mod (p-1)(q-1) {i.e. d = e-1 mod (p-1)(q-1) }6) The number d is your private key.

Encrypt message m via c = me mod n

Decrypt the ciphertext c via m = cd mod n

This is what happens when you buy a book from Amazon.com

example

Page 38: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 38

RSA Drawbacks:RSA Drawbacks:

RSA is slow (i.e. computationally intensive).Message must be broken into chunks ~ n in size, and each block is encrypted separately.

Does not really lend itself to hardware implementation:Most RSA chips (in 1996) needed ~106 clock cyclesper 512 bit encryption.

Page 39: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 39

RSA Security:RSA Security:

RSA is secure because its very hard to factor n to find p and q if n is sufficiently big. (Discrete logarithms).

“Hard” means that all the computers on earth could not do it inthe age of the universe.

“Sufficiently Big” means ~2048 bits

Symmetric key algorithms can provide the same “raw” securitywith key-lengths between 64 and 128 bits.

Page 40: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 40

The PGP SolutionThe PGP Solution(had Phil Zimmerman in very hot water from 1992 to 1996)

PGP = Pretty Good PrivacyUse IDEA for encryption (similar to DES except 128 bit key)Use RSA for key IDEA key-exchange. (RSA key-lengths up to 2048 bits supported).

Made available as freeware (www.pgp.com).In 1993 Zimmerman was charged with “illegally exporting weapons”.

The FBI & DOJ hounded him until 1996 whenthe charges were dropped.

Page 41: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 41

Todays Issues

CLIPPER & CAPSTONEEncryption chips developed by the NSA.Uses Escrowed Encryption Standard (EES)Each chip has a “back door” that the government has a key to.They can use this key in the same sense as they can now do a phone wiretap.

Not very popular, not (yet) required by law.

(These things really piss off the encryption community; the NSA loves them)

TempestTempest

Page 42: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 42

Quantum Cryptography(Kwiat @ UIUC !)

Suppose Alice can send binary information usingpolarized photons.

1 0 1 0

There are 2 distinct encodingschemes: + and x.

How Bob and Alice can agree on a perfectly secret one-time pad:How Bob and Alice can agree on a perfectly secret one-time pad:

Page 43: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 43

Quantum Cryptography(Kwiat @ UIUC !)

Alice randomly switches between + and x schemes, and sends arandom string of 1’s and 0’s to Bob. (Alice keeps track of the schemes she used and the bits she sent).

1 01 01 0 10 00

Page 44: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 44

Quantum Cryptography(Kwiat @ UIUC !)

Bob measures these photons with his own random choice ofscheme (he does not know what Alice has done).Sometimes he gets it right, sometimes he gets it wrong:

1 01 01 0 10 0

Alice’smessage

1 01 01 010 00

Bobmeasures

0

Page 45: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 45

Quantum Cryptography(Kwiat @ UIUC !)

Alice phones Bob and tells him how her schemes were chosen.Bob tell Alice which schemes he guessed right.Considering only these, they now agree on a subset of bits sent.

001 1 0

Alice’smessage

001 01 0

Bobmeasures

0

Page 46: MS 1 Cryptography History & Puzzles Substitution Ciphers The birth of Cryptanalysis Modern Times DES Diffie-Hellman key exchange RSA PGP Contentious Issues.

MS 46

Quantum Cryptography(Kwiat @ UIUC !)

Someone listening on the phone only knows which schemes wereused, but not what the polarization was.

Any attempt to intercept photons will alter their state, which Aliceand Bob can detect by comparing some of their bits to make surethey agree (and discarding these).

001 1 0 One time pad !0