Trust ● The “fabric” of life! ● Holds civilizations together ● Develops by a natural process ● Advancement of technology results in faster evolution of societies – Weakening the natural bonds of trust – From time to time artificial mechanisms need to be introduced – eg – photo ids ● Cryptography is a “trust building mechanism” ● We are at a point (or about to arrive at a point) where cryptography needs to be part of our day-to-day lives
54
Embed
Trust ● The “fabric” of life! ● Holds civilizations together ● Develops by a natural process ● Advancement of technology results in faster evolution of.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Trust
● The “fabric” of life!● Holds civilizations together● Develops by a natural process● Advancement of technology results in faster
evolution of societies– Weakening the natural bonds of trust– From time to time artificial mechanisms need to be
introduced – eg – photo ids● Cryptography is a “trust building mechanism”● We are at a point (or about to arrive at a point)
where cryptography needs to be part of our day-to-day lives
Shared Secret = Trust
● At the crux of cryptography is the assumption that
TRUST = SHARED SECRET● How do we leverage shared secret to build trust?● Components of Trust
● (457, 283)● 457 = 1*283+174 1 = 135*457 + (-218)*283● 283 = 1*174+109 (-218*283) = 1 + (-135)*457● 174 = 1*109+65 (-218*283) 1 mod 457● 109 = 1*65 + 44 -218 239 mod 457● 65 = 1*44 + 21 (239*283) 1 mod 457● 239 is the inverse of 283 mod 457● 239*283 = 67637 = 1 + 148*457
Prime Modulus
● What if m is prime?● We have Z
m = {0,1,2,...,m-1}
● Every number is relatively prime to a prime number!
● So every number 1 ... m-1 has an inverse!● Z
m forms a FIELD
● Normally referred to as prime field Zp
Why prime modulus?
● It is a field– Almost all mathematical operations are
supported.– Crunch away!
● Cannot decipher “patterns”– Deterministic mathematical functions – yet the
results seem random!– Good for cryptography!
How about Exponentiation?
● Just repeated multiplication!● Lets choose a large prime p and a generator
g – both are public● Choose some number a, and calculate
– A ga mod p– There is a simple algorithm for exponentiation
involving repeated squaring - complexity O(log(a))– No algorithm for determining a from A! (complexity
O(p))!– Why is this feature useful?
Diffie-Helman Key Exchange!(Sneak Peak)
● Alice and Bob agree on a large prime p and a generator g
● Alice chooses a secret a, and calculates– A ga mod p – A is Alice's public key
● Bob chooses a secret b, and calculates– B gb mod p – B is Bob's public key
● Alice and Bob exchange A and B in public– Alice calculates S Ba mod p gba mod p– Bob calculates S Ab mod p gab mod p
● Nobody else can calculate S – even if they know A,B,g and p!– only ga+b mod p (or ga-b)– not very useful!
RECAP
● Zm = {0,1,2,...,m-1}
– Zm is a ring – addition, multiplication...
– Multiplicative inverse of a in Zm exists only if ● (a,m)=1;● GCD – Euclidean algo● Multiplicative Inverse – Extended Euclidean Algorithm
● If m = p (a prime) then Zp is a field
– Supports all regular operations – addition, subtraction, multiplication and multiplicative inverses
– All elements of the field (except additive identity) has a multiplicative inverse.
Matrix Operations in a Field
A1 2 34 5 78 6 4
mod 11
A 1 det A 1adj A mod 11det A 10 mod 11 ; inv 10 mod 11 10 mod 11
adj A20 42 16 56 24 40
8 18 4 24 6 1614 15 7 12 5 8
T
mod 11
adj A22 40 1610 20 10
1 5 3
T
mod 110 7 610 2 1010 5 8
T
A 1 100 10 107 2 56 10 8
0 1 14 9 65 1 3
mod 11
Matrix Operations in a Ring
A1 2 34 5 78 6 4
mod 26
A 1 det A 1adj A mod 26det A 10 mod 26inv 10 mod 26 ???
10,26 1 Not Invertible ? Not necessarily No unique inverse
Hill Cipher
K17 17 521 18 212 2 7
mod 26
det K 1 11 mod 26
K 110 9 37 17 2210 0 19
mod 26
P435
mod 26 ;C KP17 17 521 18 212 2 7
435
149
23 mod 26
K 1C10 9 37 17 2210 0 19
149
23
435
HILL CIPHER
● In Hill cipher the encoding key is K and the decoding key is K-1 – does this mean Hill cipher is an “asymmetric” cipher ? Why?
● For a 3x3 Hill cipher there are 9 “secrets.” How many known plain-text cipher-text pairs do we need to break the secret?
ATTACK ON HILL CIPHER
K17 17 521 18 212 2 7
mod 26 ;K 110 9 37 17 2210 0 19
mod 26
P1
435
mod 26 ;P2
42118
mod 26 ;P2
7168
mod 26
C1 KP1
14923
mod 26 ;C2
21820
mod 26 ;C3
155
24 mod 26 ;
14 21 159 8 5
23 20 24K
4 4 73 21 165 18 8
or P KCmod 26
K PC 1 mod 26
HW - 1
P1
12345
;P2
3627642
;P3
4453662312
;P4
4443232133
;P5
276394752
;
C1
2329786440
;C2
6635287
;C3
33369757
;C4
7149524913
;C5
6635516128
;
in mod 79. Find K
Brute-force Attacks on Ciphers● C = E(P,K). We have P● Try every possible key K● P
i = D(C,K
i)
● How do we know when to stop? Under any key there will be a corresponding P
i
● How do we know that a particular Pi is the correct
plaintext?● Does this mean brute force attacks are not
possible?
Entropy of Plain Text● Think of all possible 100 character strings that
“make sense”● For example, say a billion books, each with 1 billion
“strings that make sense” - still makes it only 1018 possible phrases!
● How many total strings of length 100? – 26100. That is more than 3 x 10141 !
● Say we encrypt a meaningful string with a 64 bit key, – the ciphertext is decrypted with another key– What is the probability that the wrong key results in a
string that makes sense?– 264 * 1018/(3*10141) < 6 * 10-105 – Which is good news for the attacker...
Vernam Cipher The Ultimate Cipher?
● What if we make the number of possible keys the same as the number of possible plain text messages?
● One-time pad – Vernam Cipher● Cannot try out keys any more! There is
always a key which maps cipher text to every possible plain text
● No way an attacker can eliminate any message – all messages are equally likely– The attacker learns NOTHING!– Perfect Secrecy
Symmetric Cryptography
● C = E(P,K)● P = D(C,K)● Requirements
– Given C, the only way to obtain P should be with the knowledge of K
– Any attempt to attack the cipher should be comparable in complexity to brute-force method
– Should resist known cipher text attacks – given one or even many C and P attacker should not be able to determine K.
– Should be very efficient!
Desired Characteristics
● Confusion – How does changing a bit of the key affect the ciphertext?
● Diffusion – How does changing one bit of the plaintext affect the ciphertext?
Two Basic Types
● Block Ciphers– Typically 64, 128 bit blocks– A k-bit plaintext block maps to a k-bit ciphertext block– Can be seen as a “substitution cipher” which uses a size
2k look-up table (for each key!) – Usually employ Fiestel structure.
● Stream Ciphers– A key is used to generate a stream of pseudo-random
bits – key stream– Just XOR plaintext bits with the key stream for encryption– For decryption generate the key stream and XOR with