Pseudo-Random Functions 1/22 Encryption as Permutation • Assume cryptosystem correct and P=C • If xx’ then E K (x) E K (x’) • So, no y is hit by more than one x • Therefore all y are hit by some x • E K is a permutation of plaintext space P 000 001 010 011 100 101 110 111 000 001 010 011 100 101 110 111
22
Embed
Pseudo-Random Functions 1/22 Encryption as Permutation Assume cryptosystem correct and P = C If x x’ then E K (x) E K (x’) So, no y is hit by more.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Pse
udo-
Ran
dom
Fun
ctio
ns
1/22
Encryption as Permutation• Assume cryptosystem correct and P=C• If xx’ then EK(x) EK(x’)• So, no y is hit by more than one x• Therefore all y are hit by some x• EK is a permutation of plaintext space P
• There are |P|! such permutations
000 001 010 011 100 101 110 111
000 001 010 011 100 101 110 111
Pse
udo-
Ran
dom
Fun
ctio
ns
2/22
Encryption as Permutation
• On the other hand, any permutation of P can be used to encrypt– Decryption consists of following the arrows in
the backwards direction• Symmetric encryption can be seen as just
permuting the set of possible messages– The applied permutation is the key
000 001 010 011 100 101 110 111
000 001 010 011 100 101 110 111
Pse
udo-
Ran
dom
Fun
ctio
ns
3/22
• The more permutations are used for encryption, the less Oscar knows about which permutation is used
• Why not just use the set of all permutations as the key space?
• To encrypt L-bit strings there are 2L plaintexts and thus 2L! permutations
• Takes b = log2(2L!) ~ L·2L bits to write down one of the permutations (log(n!) ~ n log(n))
000 001 010 011 100 101 110 111
000 001 010 011 100 101 110 111
Encryption as Permutation
Pse
udo-
Ran
dom
Fun
ctio
ns
4/22
Encryption as PermutationL Key Length Comparison
10 10,00020 20,000,00030 30,000,000,000 A long movie
40 4*1013 100 DVDs
50 1017 1000,000 DVDs
64 1021 10,000,000,000 DVDs
128 1041 Atoms in the atmosphere
256 1079 Atoms in the universe
512 10157 Atoms in 1078 universes
1024 10311 ???
Pse
udo-
Ran
dom
Fun
ctio
ns
5/22
Encryption as Permutation
• For all practical cryptosystems the set of encryption functions consists of a relatively very small subset of the possible permutations of the plaintext space
Pse
udo-
Ran
dom
Fun
ctio
ns
6/22
Shift Cipher
• P = K = Z26 = {0,1,…,25}
• Encryption: EK(x) = x + K mod 26
• Decryption: DK(y) = y - K mod 26
• Correctness: follows from the rule: (a + b mod N) + c mod N = a + (b + c mod N) mod N
• Illustrated for K=3 (and11 instead of 26):
0 1 2 3 4 8 9 10
0 1 2 3 4 5 6 7
5 6 7
8 9 10
3
Pse
udo-
Ran
dom
Fun
ctio
ns
7/22
Shift Cipher
• Can of course be seen as encryption of the English alphabet:
a b c d e x y z
A B C D E F G H
w
Z
3
a b c d e x y z
D E F G H Z
w
A B C
3
…
…
…
…
Pse
udo-
Ran
dom
Fun
ctio
ns
8/22
Electronic Codebook
• To encrypt a text, encrypt one letter at a time
• Known as electronic codebook (ECB)• Not a very secure mode!
w h e e l a r r
Z K H H O E
b
D U U
o w
R Z
3
Pse
udo-
Ran
dom
Fun
ctio
ns
9/22
Exhaustive Search
• The shift cipher has too few keys and can therefore be broken by trying them all:
Z K H H O D U U
y j g g n d
E
c c t
R Z
q y
1
Z K H H O D U U
x i f f m c
E
b s s
R Z
q x
2
Z K H H O D U U
w h e e l b
E
a r r
R Z
o w
3
Pse
udo-
Ran
dom
Fun
ctio
ns
10/22
Exhaustive Search
• The set of encryption functions should not be a too small subset of all permutations of the plaintext space
• Currently 264 simple computational operations are considered infeasible to perform, so a key of 64 bits should be enough to protect against exhaustive search
• There are other reasons to have longer keys though!
Pse
udo-
Ran
dom
Fun
ctio
ns
11/22
Substitution Cipher
• P = Z26 = {0,1,…,25}• K = set of permutations of Z26