Outline Secret communication –Steganography –Cryptography Goal –Sender has message intended only for recipient. How to protect from detection or eavesdropping?

Outline

• Secret communication– Steganography– Cryptography

• Goal– Sender has message intended only for recipient.

How to protect from detection or eavesdropping?

• Definitions• Examples

• Please read:– Chapter 1 in The Code Book

Steganography

• Secret message is hidden inside larger document

• How?• Microdotting

– requires special equipment– Having this equipment makes you target of suspicion

• Sprinkle the message into much larger area– Ex. Add a letter to every 7th page of a book– Slightly modify pixels of an image

Cryptography

• Modify the message so that if it’s discovered, only the recipient can understand it.

• A “cipher system” consists of the following:

• Plaintext = the message you want to send/conceal

• Ciphertext = what actually gets sent

• Encryption and decryption functions– Each function requires a key

– To encrypt a message, sender uses the encryption function: inputs are the encryption key and plaintext message.

– Receiver decrypts the message: uses the decryption function: inputs are the decryption key & ciphertext.

Cryptography (2)

• Cryptography is the science of developing good cipher systems– What encryption and decryption functions should we

use?– What are good key values?– Should the keys be the same or different?

• Cryptanalysis = trying to figure out plaintext from the ciphertext, when you don’t have the key– Who would want to do that?

Frequency analysis

• Top 10 letters

• Sources:"Secret Codes and Cryptograms" by Elonka Dunin:

http://www.lionelwindsor.net/bibleresources/koine/grabble/frequency.htm

Language 1 2 3 4 5 6 7 8 9 10

English E T A O N I S R H D

Spanish E A O S R N I D L C

French E A S I N T R U L O

Russian O E I A N T S R V L

Greek A E O I N S T U H K

ASCII code

• To manipulate text, we need to treat each letter in a message like a number.

• “American Standard Code for Information Interchange”

• The letters A – Z are assigned the consecutive values 65 thru 90. Examples:– ‘A’ + 10 = ‘K’– ‘K’ – 10 = ‘A’

• ASCII codes are also assigned for lowercase letters and all other symbols you can type

Caesar cipher

• The key is a secret number from 1-25. This number gets added to each letter.

• Julius Caesar liked the number 3• How do you decrypt the message?

• What happens if we add 3 to X, Y or Z?

• Cryptanalysis: How does one try to “break” the code?

OAAW FTQ DAMEF UZ HUZQSMD

Encryption

• Simple methods of encryption• Transposition• Substitution• Better substitution methods

• Important fact: the method you use might not be a secret, but the key must be!

• Please read chapter 2 in Code Book

Transposition

• Change the order of the letters in our plaintext message

• Easy approach: collect the odd # letters (1st, 3rd, 5th, 7th, …), then the even # letters (2nd, 4th, 6th, 8th, …). – In this case, we say that the period or key is 2.

• Can try a larger key, which means a longer period.– Ex. Key = 4 means collect the 1st, 5th, 9th, 13th, … followed

by the 2nd, 6th, 10th, 14th, etc.

– In other words: Write your message in rows 4 letters long. Add Z’s to end to make last row complete. The ciphertext is obtained by reading columns down!

Substitution

• Most cipher systems use substitution: instead of moving letters around, change each letter into a different symbol. We can get very creative!

• Caesar cipher– Easy to use, but only 26 possible keys (including a

bad one)

• The general substitution cipher– Not restricted in merely shifting the alphabet– We have 26! keys instead of 26

continued

• Instead of adding a constant to each letter, scramble the assignment more randomly

• One problem is how to “remember” the key. The key is not a number, but the sequence of 26 letters.– Ex. Identify a key by the letters of some word or phrase.

Cryptography, page 26: “we hope you enjoy this book” gives the key: wehopyunjtisbkacdfglmqrvxz

• Cryptanalysis?– Newspapers have “cryptogram” puzzles

– Uncover a weakness of substitution method

– Even worse if the message is long

Improvements

1. Nulls: cipher includes symbols/numbers that mean nothing

2. Misspell words: use unusual letters more often

3. Homophonic cipher: common letters can be represented by 1 of several possible values

4. Code words– Pure encoding means we encipher by words, not

letters– Nomenclator: just encode certain words

5. Polyalphabetic cipher: use multiple ciphers and alternate. Useful to hide double letters

Chapter 2

• Pinprick method• Great Cipher of Louis XIV• Vigenère cipher• Book (Beale) cipher• Some implementation details

– Caesar cipher– List of lists for homophonic ciphers

• Please read chapter 3 of Code Book

Early examples

• Pinprick method– Long history from Ancient Greece… Victorian England– Is this steganography or cryptography?

• Great Cipher of Louis XIV– Encode syllables– To thwart the cryptanalyst , also add cipher values

for individual letters (even silent ones)

Backspace symbol to tell decrypter to delete previous symbol

• Homophonic cipher – E.g. Table on page 53

Vigenère cipher

• Example of polyalphabetic cipher• Has the effect of using many Caesar ciphers

simultaneously.• The key is a word or phrase• Cycle through the letters of the key, to tell you

what should be added to the next plaintext letter– Repeat the key as often as needed.– Singh says subtract 1 from your answers. Piper does

not. It doesn’t matter as long as you are consistent.

• Considered unbreakable until mid 19th century.

Breaking Vigenère

• Charles Babbage performed the cryptanalysis, to show this cipher is not perfectly secure

• Look for repetitions of short letter sequences• How far apart are they?• Determine length of the key• Since Vigenère is several Caesar ciphers, do

each pattern separately (1,6,11,16…) ; (2,7,12,17…); etc.

• Compare statistical distribution of letters. Shift it over until it matches A-Z: shift amount is the key.

Book cipher

• Reminiscent of homophonic cipher: each letter can be represented by 1 of several possible numbers

• The key is a long document, e.g. hundreds of words

• Number the words 1,2,3…• Take note of first letter of each word

– E.g. (1)take (2)note (3)of (4)first (5)letter (6)of (7)each (8)word. In this case, ‘o’ may be enciphered by 3 or 6.

Python coding

• See handout for Caesar cipher example• In Python, we need to be able to:

– Open files for reading and writing– Read entire file into a string variable– For each letter in the file, we need to perform

arithmetic on it, before writing it to the output file– Obstacle: Need to convert string’s letter to a number

so we can add/subtract; convert back to letter.

• To do homophonic encoding…– Key is a list of lists! For each letter A-Z, specify what

numbers could represent it.

Chapter 3

• Review Python example– File I/O, loop on characters, change letters– Running the Caesar cipher

• Messages sent by radio• Review polyalphabetic ciphers (Vigenère)

– One time pad improvement

• Please read Code Book, pp. 127-160– covering Enigma

Radio technology

• No longer necessary to send message by– Line of sight– Messenger, mail– Physical wire

• Enemy can just as easily hear your message– Increased demand for cryptography by WW1

• 1 more piece of information: traffic analysis– Can identify radio operators by how they tap Morse

code– Take note of direction and strength of signal– Over time, deduce movement of battalions…

Polyalphabetic

• Vigenère cipher was good

– How does it work?

• Babbage’s cryptanalysis

– We know that the key needs to repeat while enciphering.

– Look for repeated substrings in ciphertext key length

– Once you know key length, you have n Caesar ciphers. Check the letter frequency of each to see how much the alphabet “shifted”

• But also possible to break even if key is very long & no substrings repeat

– Example pp. 117-119

continued• Observations

– Let’s assume that the key is a real word or phrase.– Trial & error in plaintext: find where “the” could be.

See which locations yield possible words in key.

“can” and “ypt” are plausible, but “bsj” is not.– When you find letters in the key that form part of a

word, fill in the remaining letters of the word, to see if more of the plaintext can be deciphered. We know the plaintext has to contain real words.

e.g. key fragment Egypt seems to work, but not apocalyptic

– Once you have a word of the key, see if it’s part of a logical pattern, such as a list of countries.

Lesson• To use a Vigenère cipher effectively, the key:

– Should be long, so that repeated letters in ciphertext are not obvious or do not occur

– Should consist of random letters, because real words make it breakable, as we just saw.

e.g. Inserting “the” at various places in the plaintext should not give clues about the key

• The result is called a one-time pad– To get a really long key, you distribute a “code book”

to your agents. – Japanese version: encode entire words. Instead of

replacing with a random number, add to a random number

Random key helps

• Cryptanalyst is forced to try all possible keys to see which one generates meaningful plaintext

• But, many possible messages are possible.– E.g. if message length is 21, then all possible messages of size

21 will be found. Impossible to tell which one is “correct” because key does not have any clues.

• 3 problems with one-time pad– How to distribute it to the field, maintain security– How to create the random key– Too difficult to use under extreme conditions. In some cases, on

a negative acknowledgement, people resend message in plaintext in frustration or desperation.

Improvements

• Lab recap

• Improvements to Vigenère cipher– We want a long, random key – Doing it for Japanese– Automating the process: do it by machine

Enigma, Typex, SIGABA

• Please finish chapter 4 in Code Book

String loop

• Let’s understand the loop we used in steganographyfor i in range (0, len(text)):

if i % 100 == 0 and

i/100 < len(secretMessage):

outFile.write(secretMessage[i/100])

else:

outFile.write(text[i])

• Let’s interpret this in English• For every 100 characters of “text” we write 1 letter of the

secret message. Ex. What happens when i equals 700?

Japan’s code

• One-time pad (e.g. JN-25)– Dictionary table: convert each word to a 5-

digit number– Additive table: add the next random number

to each word– Preface the message by indicating where in

additive table you are starting the encoding– Tables may be periodically changed.– Example: encryption code book.xlsx

Enigma

• Arthur Scherbius, 1918• Used by Germany through WW2• Commercial and military versions• Served as basis for other cipher machines• How to use

– Set machine to today’s starting position– Has usual keyboard– As you type, display lights up the ciphertext letter,

which you need to write down – As you type, scramblers rotate to next position, i.e. to

next letter of the Vigenère “key”

Scrambler

• Disk containing wires that connect each letter on keyboard with different ciphertext letter for display board.– You type “A”, may be connected to “D”– But then the scrambler rotates, so the next “A” may

be connected to a different letter (p. 129)– Effect Vigenère cipher with random key of length

26

• Two scramblers– Effectively means we have two keys. – Plaintext + key1 + key2 = ciphertext– Like odometer, second scrambler rotates less often

Strength of cipher

• Enigma used 3 scramblers out of a possible 5– Length of key = 26 * 26 * 26– Number of scrambler choices = 5 * 4 * 3 = 60– (Similar American device “SIGABA” used 15 scramblers)

• Plugboard– 6 pairs of letters were swapped before entering scrambler

Ex. Change “A” to “B” before adding the cipher keys– This increases # of possible keys, making cryptanalysis more

confusing

• “Code book” tells operator what daily machine settings are

Chapter 4

• Let’s review Vigenère, one-time-pad and Enigma• How do you break a Vigenère cipher?

– Suppose you intercept a message from Brazil. It uses a Vigenère cipher. The ciphertext says TQX.

– We don’t know the key! Can try all possibilities.– If key = AHK, what is the plaintext?– If key = FPI, what is the plaintext?

• Breaking the unbreakable…– Exploit weaknesses in the implementation.– Look for mathematical patterns in rotors.– Consider the plugboard settings separately.

Enigma

• mechanized Vigenère• Breaking the code

– If you can mechanize enciphering, why not mechanize cryptanalysis?

– Intelligence on how Germans used Enigma– The work of Marian Rejewski and Alan Turing

Breaking the code

• What skills are needed to be a cryptanalyst?– Prepare for the worst: The Germans might make

your work in the future more difficult.

• Day key and message key• Four messages today might begin like this

• L and R are encryptions of the same letter, etc.

L O K R G M

M V T X Z E

J K T M P E

D V Y P Z X

Letter chains

• Look for patterns! Example: A F W A

• All letters belong to some chain• The length of the chain is a fingerprint of the

scrambler settings for today.• We separate out the problem of the letter

identity• Bombe: automatically try all 263 settings.• Plugboard? Look for words that are almost

spelled right.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

F Q H P L W O G B M V R X U Y C Z I T N J E A S D K

German mistakes

• Repeating the message key• Not allowing a scrambler to be in the same

position (left, middle, right) two days in a row• Plugboard cannot link 2 letters next to each

other on keyboard• Predictable structure of message, time of

message

Alan Turing

• Bletchley Park contributions– Extending the work of Rejewski – Relied on fact that weather reports start with word

“wetter” and used this to deduce initial scrambler setting

But what if you are off by a couple of letters? Fortunately, more help from German constraints.

• Turing Machine– He was interested in theoretical boundaries of what a

computer could accomplish– Machine has: instructions, internal memory, tape– Turing proved that not all problems can be solved

By the numbers

• New flavor of cryptography: numbers– Transpose bits– “add” bits– Data encryption standard

• Problem of sharing keys… solved!– Diffie-Hellman protocol

• Please finish reading chapter 6 in Code Book

Binary

• Computers represent all data, including text, in the form of binary numbers

• p. 246: ASCII codes for capital letters• Cryptography can now be done at a minute

level: manipulate individual bits• Transposition cipher

– E.g. Every 3rd bit swaps with bit to its right– It’s possible the last bit of a letter swaps with first bit

of the next letter

Vigenère in binary

• If we adapt the Vigenère cipher to the binary representation of text, we get XOR cipher

• Example p. 247• Line up the bits for the addition:

0 + 0 = 0 1 + 1 = 0 0 + 1 = 1 1 + 0 = 1– In other words, if the bits are the same, result is 0. If

bits differ, result is 1. There is no carry.

• Data Encryption Standard– Performs many successive steps of transposition and

XOR– Key length 56, later increased.

Key problem

• One lingering problem since antiquity: how do 2 people share the key privately?– Need to coordinate in person periodically, or– Hire a trusted 3rd party to relay your keys– Expensive

• Whitfield Diffie’s vision– People will need privacy online– Handling keys in person only is impractical– Is there a technological solution? Yes! – Collaborated with Martin Hellman and Ralph Merkle at

Stanford

Math idea

• Some functions are 2-way (easy to undo)• We need a 1-way function (hard to undo) so that

an eavesdropper cannot discover the key– The 1-way function they used was “mod” or remainder

calculations.

• Example, f(n) = 3n mod 19?– Given a value of n, calculating f(n) isn’t too hard.– But given a value of f(n), there is no obvious way to

determine n except trial and error!– In practice, the “19” should be replaced by a much

larger number.

Diffie - Hellman

• Method for 2 people to establish a private key • Choose values p (prime) and q• Sender

– chooses secret value a, and computes A = qa mod p– Sends A, p, q– Eavesdropper cannot easily determine a

• Receiver– Chooses secret value b– Computes B = qb mod p and K = Ab mod p– Sends B back to sender, who can compute K = Ba mod p

• Both methods of computing secret K are equivalent– Ab mod p = (qa)b mod p– Ba mod p = (qb)a mod p

Calculations

• Recap Diffie-Hellman protocol – what is it?• How to calculate something like qa mod p?• Asymmetric cipher system: RSA

• Review chapter 6

“mod” properties

• (In Python, the symbol for mod is %)• x mod y is always less than y• If x < y, the answer is x.• If x is a multiple of y, the answer is 0.

• The 10th day of the year is in which month?– What about the 20th day, the 40th, the 100th ? These

are essentially mod calculations, except that the month lengths are not quite the same!

• What time is it, 75 hours after midnight?

Asymmetric ciphers

• Perennial problem in cryptography: key security• One solution is Diffie-Hellman protocol• Diffie thought of another approach

– Use separate keys for encrypting and decrypting (this is why it’s called asymmetric)

– Each person has a public encryption key, and a private decryption key

– These keys don’t need to change often– No messages need to be passed to compute value of

keys. It can be arbitrary & predetermined.

Challenge

• What kind of math formula can support asymmetric ciphers?

• Goal: we want secure decryption key, but publicly known encryption key.

• RSA system– The key value N is the product of two large prime

numbers N = pq– Given N, there is no algorithm, other than trial and

error, for determining values of p and q.– Ideally, N should be very large, e.g. hundreds of digits.– See Appendix J.

RSA outline

• Alice – Chooses secret primes p and q– Computes N and M– Chooses public encryption key e, and private

decryption key d.– Publishes N and e. Anyone wanting to send Alice a

message uses these values.• Bob

– Has a message x to send to Alice.– Uses x and Alice’s e to compute y. Sends y to Alice.

• Alice– Uses d to decrypt y to reveal the plaintext.

RSA• Choose secret & distinct 512-bit random primes

p and q• Let N = pq, and let M = (p – 1)(q – 1)• Choose (another) public encryption key e: a

value less than and relatively prime to M.– Message is x. Sender transmits: y = xe mod N

• Choose private decryption key d: where ed mod M = 1– e and N are public; outsider should have a tough time

factoring N to obtain p and q to determine d– Recipient converts: z = yd mod N which should equal

x.

Example

• Choose secret primes p,q• N = pq; M = (p – 1)(q – 1)• Choose e < & relatively

prime to M.• Message is x. Compute

and send y = xe mod N

• Pick private decrypt key d where ed mod M = 1

• z = yd mod N, which should equal x.

p = 31, q = 41

N = 1271, M = 1200

e = 7

x = 12

y = 127 mod 1271 = 1047

d = 343

z = 1047343 mod 1271 = 12

It works!

Practical considerations

• What should the relationship between x and N be?– What if x is too large (and how can we tell)?– What if x is too small (and how can we tell)?

• RSA assumes that x is a number.• How do we turn text/image/sound into a number,

let alone a number having about 1000 bits?

Topics in secrecy

• “Perfect secrecy”• Hash functions• Practical considerations

• Piper chapters 7 and 9

Perfect secrecy

• Purpose of cipher system is to protect you in case an eavesdropper finds your ciphertext

• But, even presence of the message itself may be enough information for the enemy– Eve will try to guess plaintext even if no ciphtertext– Don’t be too predictable!

Advice

• Very short message (e.g. 1 char) can’t be broken with any certainty

• Try to have as many possible keys as possible messages. (key length >= message length)

• Cryptography is just 1 facet of overall security– If you notice someone is trying to guess your PIN or

password, how can you tell? What should happen?

Hash functions

• Many applications in CS– An efficient way to store lots of data, for easy retrieval

later– Quickly determine whether data has become

corrupted– Provide password security

• It’s a 1-way function: used to encrypt passwords– When you enter your password, p, the system

computes value of e(p)– Your correct password, c, is already stored in

encrypted form e(c)– If e(p) == e(c), then you are “authenticated”

Hash functions (2)

• Why do it this way?– If password file is compromised, thief really has no

information

– If you lose your password, no one can retrieve it very secure. In this case, a new password is generated

• One way to do it:– Multiply first letter value by 3

– Add 2nd letter value. Multiply answer by 3.

– Add 3rd letter value. Multiply answer by 3. Continue…

– At each point, take mod by a large prime ~ 1 billion

Hash functions (3)

• Another purpose: provide digital fingerprint to a file

• Associate with each file a single numerical value, like a serial number– For example, the file size– There is a slim chance that 2 files will map to the

same number.

• Quick way to determine if your files have been altered or damaged. Saves space.

Collisions

• When using a hash function, it’s possible for two items (e.g. message/file) to have same hash value.– Two passwords might be treated the same, e(p1)

versus e(p2).

• Issues:– Do you want to design a hash function that will handle

all collisions? Or, is it acceptable to have a tiny probability of collision?

– Techniques to handle collision, e.g. add 1

Practical considerations

• One-time pad & RSA are really good cipher systems– But only if used properly. 3 is not a good choice of a

prime number.

• Better security requires higher cost– More computational time, more memory may be

needed

• Questions to consider– Do you really need to encrypt it?– Is the information confidential forever, or might it

become obsolete soon?– What is the cost of compromised data?

Breakability

• Cryptanalysis often relies on “exhaustive key search.” What does this mean?

• How does Moore’s Law relate?• What can an attacker do to speed up a search?• RSA & Diffie-Hellman rely on unsolvability of

certain number theory problems– (we have faith in them)– But will someone discover short cuts?

• We should be seeking out better 1-way functions just in case! Learn from history.

Uses

• Uses of cryptography– It’s not just to thwart eavesdroppers– Data Integrity– Authenticating people or data– Non-repudiation– Examples in chapter 9

• For W, Please read last chapter (8) in Singh• Lab today on RSA

Data integrity

• A hacker might not care what your message says

• Wants to modify / corrupt it• Just encrypting your data won’t help• Need to

– Recognize genuine data, unchanged from the source– Detect unauthorized access or change (security)

• Preventing the attack might not be necessary– We have backups of the data

Attacker strategy

• Look for a long file/message to decrypt• Cryptanalysis• Once you discover the key, insert your own

message in the original’s place

• How to make attacker’s job harder: – During the message, modify the key so that it

depends on an earlier part of the message– In effect, you are sending several messages, each

with different keys

Authentication

• “How do I know it’s from you?”• 2 types: for “entities” and data• Ways to authenticate users:

– Something known (password)– Something possessed (physical key/token/file)– Intrinsic property (retina, static IP address)

• 1-way & 2-way authentication– When you set up your account, you can ask bank to

always display some message when it asks for password

– Fake login scams

Data integrity• A sends message to B. (p. 95)

– B wants to be assured data hasn’t been altered.– B wants to verify it really came from A, not someone

else.• Some encryption algorithm is used as the “authentication

function,” with a key• Both A & B share a secret key – very common in

cryptography– Can be set up ahead of time or with Diffie-Hellman

• A computes message’s authentication value, and appends it to message

• B performs same computation for verification

Digital signature

• Data integrity with extra feature: proof of origin– Sender can’t later deny sending message!– In ordinary authentication, an imposter could have

used Diffie-Hellman to pretend being A.

• DS relies on sender’s public and private keys– The two keys are mathematically related– Sender must use private key to compute the

message’s digital signature (analogous to authentication value)

– Receiver uses sender’s public key to verify origin

– Why is the message “hashed”?

Attacker strategy

• Impersonating you: “Hey, I just changed my public key.”– Computes new public and private key, and claims

they belong to you, so he really looks like you online– Can now perform digital signatures just like they came

from you

• Response: 3rd party trust– Your public key needs to be verified by a Certification

Authority, known to your Web browser and the receiver of your message.

– E.g. Verisign

Case Study: ATM

• Features both privacy and data integrity

• Attacker’s plans– Impersonate you– Intercept communication to bank– Alter amount of money bank knowing– Duplicating transaction without bank knowing

Quantum

Imagine the future of cryptography…• What if there were no such thing?

– i.e. encryption futile because every computer has capability to break the code

– Quantum computer: test every possible key simultaneously

• Other extreme: What if there existed an unbreakable cipher system?– Quantum cryptography: securely establish a random

key

• (This view of future depends on our current understanding of physics)

Intro notes

• Some research is done in secret– We may be unaware of state of the art

• Cat/mouse game– Cryptographers want better cipher system– Cryptanalysts want better computer

• There is more to security than just finding/breaking a secure message– Knowing message exists may be enough information– Knowing source or destination may be enough– Much traffic is poorly or not encrypted anyway– Cipher system software may be hacked (e.g.

backdoor)

Quantum computer

• Similar to idea of parallel computing• No one has built one yet, still a theory (or Sci Fi)

– Charles Babbage had the same problem

• What does “quantum” mean?– When you are not looking at something, it may exist in

different states simultaneously.– Sounds bizarre, but idea works well in physics

already.

• HW trend: chips keep getting smaller– So, let subatomic particles represent basic units of

information, the 0 and 1, depending on its spin.

continued

• 0 and 1 are different spins of a particle• Hit a particle with burst of energy to change it• Hit it with less energy: enters indeterminate state

enters both (i.e. 2) states!• Hit n particles with low energy can represent any

number from 1 to 2n.• Ex. Which number from 1 to 128 has a certain property?

– Create a number x consisting of 7 particles. – Bombard x with low energy. Meanwhile, tell x to test

itself.– The correct x will print itself as the solution.

Challenges

• HW: We don’t even know if we can create a quantum computer

• SW: How to write a program for such a machine– Need to maintain indeterminate state for long enough

for the computation to finish– Need to conceive of a new way to write programs– Some success (p. 330)– But we still can’t test it, since no machine exists

• If we overcome these problems, what do we have?– The means to try all keys simultaneously– Can quickly break anything

Quantum cryptography

• More realistic possibility• Based on vibration or “polarization” of photons• When we transmit light particles, we can set

orientation of each, e.g. the 4 directions: | – \ / a means of encoding messages

• Receiver detects orientation of photon using a Polaroid filter– We’d like a perfect filter: e.g. a vertical one accepting

| photons and rejecting all other types.– No such luck! 50% of / and \ get through due to

physical nature of light. These will look like | too: p. 333.

continued

• Suppose you set up a | filter.– If a photon passes through, you only know it is not – .

– If a photon is blocked, you only know it is not | .

– Same kind of problem with any other filter.

• In order to be sure, you have to know the orientation of the filter to use.– If you know a photon is either | or –, you can use a | filter.

– If you know it’s either \ or /, then you can use a / filter.

– Sender may send | – \ or /: choice of orientation may change on each photon.

– List of orientations (rectilinear or diagonal) becomes key!

Message

• To send a message:– Convert it to binary, e.g. 101100110011 …– For each bit, also select photon orientation (|– , or \/)– So, each bit of your message is one of 4 possible

values– In effect, the message key is as long as the message.– See pp. 340, 342, 343.

• Eavesdropper (Eve) has to guess at orientation of each photon. – Often wrong, e.g. passing thru | could mean | or \ or /.

• Alice & Bob need to establish the key securely– Follow example, and try card analogy (pp. 344-345)

Making the key

• Eve doesn’t know which bits to discard. • Key will be random, so can use it in a 1-time pad• Method has been shown to work for short

distances.

Alice wants to send 101100110011

Arbitrarily chooses directions ++X+XXX+X++X

Therefore she transmits |-/|\\/|\-|/

Bob guesses directions +X++XX++X+XX

Bob observes thru filter: 100100110001

(When was Bob lucky?) _yn___y___n_

After sharing orientations, which bits do we keep?

1--100-100-1

E-commerce

• What are the relationships among:– Client (i.e. you)– Server – Bank– Certification authority

• Other things to consider:– How to set up your own online business– The steps of a secure session– Authentication– Digital signature

Setting it up

• You have products to sell• Create a Web site

– Subscribe for Web hosting, acquire HW/SW as needed

• Need accounts with a bank, and individual credit card merchant accounts, PayPal, etc.

• Subscribe to SSL service– E.g. Verisign is now owned by Symantec

• Maintain database of transactions– E.g. individual purchases

Secure Web session

Here’s one way to do it.•Client wants to buy goods on server’s secure site.•Server sends its public key & authentication certificate to client.

– Client’s Web browser verifies certificate with CA

•Client uses RSA with server’s public key to encrypt DES key. Send to server.•Server uses own RSA-private key to decrypt DES key.•Now, both parties can communicate with DES.

Notes

• Why not just use RSA for everything?– DES is much faster. We just use RSA to

communicate the DES key.

• Client & server have “agreed” on a key, but we did not use Diffie-Hellman.– DES key was chosen by the client, sent to server

securely.– Diffie-Hellman by itself can’t authenticate.

• Authentication goes both ways– CA verifies server identity to client (you).– Bank verifies client (you) to the server.

Digital signature

• A closely related concept using RSA• Purpose: verify sender & integrity of message

– Useful when resolving disputes: non-repudiation

• When A sends message to B– Message private key D.S.– Append D.S. to the message

• B receives message (with D.S.) from A– Separate the D.S. from body of the message.– D.S. public key output– Verify that the output matches the message.

• (To save time, the message is usually “hashed”)