1

Cryptography

• encryption

• authentication

• digital signatures

• one-way functions

• hash algorithms

• key generation, exchange and management

2

Encryption

• Transforming a message - the plaintext, into an unrecognisable (encrypted) form, called the ciphertext.

• To the layman this is known as coding and decoding messages. The proper terms are encrypting and decrypting.

3

• The intention is that if an encrypted message is intercepted, then the interceptor will not be able to interpret the ciphertext.

• Messages have been encrypted for many years using letter substitution for example.

• These days mathematical algorithms are used to encrypt and decrypt messages using computers.

4

Caesar’s Cipher• To encrypt a message written using the

English alphabet A..Z

• Each letter in the plaintext message is replaced by the letter k places along in the alphabet (where k is between 0 and 25 inclusive) wrapping around to the beginning of the alphabet if necessary.

• To decrypt the message, each letter is replaced by the letter 26-k places along.

5

Caesar’s cipher with k=5

Message: A B C D E F G H I J K L MCiphertext: F G H I J K L M N O P Q R

Message: N O P Q R S T U V W X Y ZCiphertext: S T U V W X Y Z A B C D E

6

Substitution cipher

Message: A B C D E F G H I J K L MCiphertext: J P I O T M F W Q C D Y B

Message: N O P Q R S T U V W X Y ZCiphertext: Z A E S H V R L G N K U X

7

Substitution cipher 2 (using Brighton Rock)

Message: A B C D E F G H I J K L MCiphertext: H A L E K N W B F O R D I

Message: N O P Q R S T U V W X Y ZCiphertext: G T U S Y M C V Q P Z J X

8

The Key

Ciphertext: A B C D E F G H I J K L M Plaintext: G A O U X C N D R B W

Ciphertext: N O P Q R S T U V W X Y Z Plaintext: Y M I S F P T K L V E H

One of the reasons for enciphering this text is to show the reader how easily this type of cipher can be broken…...

9

Definitions• The sender A (Alice) wants to send a message

m (the plaintext) to a receiver B (Bob).

• Alice encrypts the message using an encryption key e and an encryption algorithm f to produce a ciphertext c=f(m,e)

• To decrypt the ciphertext c, Bob uses his decryption key d and a decryption algorithm g to obtain the original message m=g(c,d)

10

A property of the encryption process must be that Bob retrieves the original message. Thus for a particular pair of keys e,d, it must be true that for every m in M, if m encrypts to c, then c decrypts to m. Hence for every m in M:

if c=f(m,e) then m=g(c,d)

or

g(f(m,e),d)=m

11

• Alice keeps the encryption key e secret and Bob keeps the decryption key d secret.

• Alice and Bob may know each others keys (this is true for symmetric key algorithms) or they might not (in public key cryptosystems).

• If the message is very long it might be broken up into shorter blocks. Each block is then encrypted and decrypted separately.

12

• The characters of the message come from a message alphabet M and the ciphertext will be characters of the ciphertext alphabet C

• The two alphabets M and C may be the same but they could be different.

• A cryptosystem refers to all the aspects of a particular encryption system, so includes the information about the message and ciphertext alphabets, the encryption and decryption algorithms, the method of blocking and the allowable keys.

13

• The keyspace K is the set of all possible encryption keys. We usually include the trivial keys in the key space even though they will not be used.

• The enemy in the cryptosystem is the person who intercepts the message and tries to gain unauthorised information. Such a person is called a cryptanalyst and is usually given the name Charles.

• A cryptographer is someone who studies all aspects of cryptosystems.

14

What Charles might try to do:• Determine the message without determining

either key

• Determine the decryption key so that he can decrypt the message (and other messages encrypted using the same encryption key)

• Determine the encryption key so that he can determine the decryption key

• Determine the encryption key so that he can masquerade as Alice

15

• When considering the security of an encryption algorithm, it is best to assume that Charles, the enemy, has knowledge of the encryption and decryption algorithms, the key space and the methods of blocking.

• In fact assume that Charles knows everything except the keys used.

• Also assume that Charles has adequate computing power, finance and expertise on his side.

16

Attacks on a cryptosystem

We always assume that Charles has all the information on a particular cryptosystem except for the keys used. What sort of attack he can launch depends on what other information he has.

Types of attack are called:

17

Types of attack:

• ciphertext only

• known message

• probable known message

• chosen message

• chosen ciphertext

• chosen message and ciphertext

18

Methods of Attack

The cryptanalyst has various strategies that he can use. Following are brief explanations of three of them:

19

1. Try all possible decryption keys

• The success of this will depend on– the size of the keyspace– the redundancy in the message

• How long it takes to recover the key depends on– the number of keys– how long it takes to investigate each key

20

2. Analyse the ciphertext statistically

• For example, if the cryptosystem uses a substitution cipher on an English text message, a frequency count on the letters of the ciphertext will give an indication of the substitutions used for the most commonly used letters.

• Redundancy in the English language will give away the rest of the key.

21

• Blocking the message into groups of say 8 characters makes this kind of attack much harder.

• For example, the ciphertext G QT Q TQZ

can be decrypted quite easily

• However, a similar message (encrypted with a different key and blocked together) is SRYSRSP

which isn’t quite so easy to decrypt.

22

3. Differential Cryptanalysis

This method requires Charles to generate a large number of messages which only differ by a small amount, persuading Alice to encrypt them, and then analysing the corresponding ciphertexts.

23

Properties of a good cryptosystem

• A large alphabet M to make it hard to do statistical analysis

• A large keyspace to make it hard to do exhaustive keyspace search

• Speed of execution (for high message throughput)

• The same algorithm for encryption and decryption (to reduce costs)