Upload
duongtuong
View
233
Download
4
Embed Size (px)
Citation preview
CHAPTER 1INTRODUCTION TO CRYPTOGRAPHY
Badran Awad
Computer Department
Palestine Technical college
CHAPTER 1
• Introduction
• Historical ciphers
• Information theoretic security
• Computational security
• Cryptanalysis techniques
• Security of Algorithms
INTRODUCTION
• Who has used cryptography?• Within the last 10 minutes
• Today?
• In your whole life?
Cryptography: Multi-Disciplinary
Cryptography: Multi-Disciplinary
Algebraic Geometry
Probability
Coding Theory
Security
Complexity
Engineering
Number Theory
Algebraic Geometry
Probability
Coding Theory
Security
Complexity
Engineering
Number Theory
Cryptography: Multi-Disciplinary
What is cryptography about?
• Adversary: a clever person with powerful computer
• Main goals:• Data privacy.
• Data integrity.
Data Privacy
• Adversary: does not learn any information about m.
• Example: m is a credit-card number sent to Bob, we want to make a sure Adversary does not learn it.
Data Integrity
• Goal:• m really comes from Alice
• m has not modified in transit
Ideal World
• Kryptonite pipe: cannot see inside or alter content.
• All our goals would be achieved.• But: hard to implement in practice.
Kryptonite pipe
Cryptography!!!
Cryptographic Schemes
• Enc: encryption algorithm.• Dec: decryption algorithm• Ke: encryption key• Kd: decryption key
Cryptographic Schemes
• Cryptographer goals:• How to define security goals?
• How to define Enc, Dec?
• How to gain confidence that Enc, Dec achieve goals?
Encryption Schemes
Encryption Schemes
Encryption Schemes
Encryption Schemes
Encryption Schemes
Encryption Schemes
Encryption Schemes
Provable security
Provable security
Provable security
Provable security – the motivation
Provable security – the motivation
Provable security – the motivation
Provable security – the motivation
Provable security – the motivation
Provable security – the motivation
Kirchhoff's principle
Kirchhoff's principle
A more refined picture
A more refined picture
A more refined picture
Kirchhoff's principle
Kirchhoff's principle
Kirchhoff's principle
Kirchhoff's principle obscurity
A more mathematical view
A more mathematical view
A more mathematical view
A more mathematical view
A more mathematical view - refined
Shift Cipher
Shift Cipher
Security of the shift cipher
Security of the shift cipher
Security of the shift cipher
Substitution Cipher
Substitution Cipher
Substitution Cipher
How to break the substitution cipher?
• First successful formal attack on ciphers was
established by Al-Kindi (801-873).
• It was probably religiously motivated textual
analysis of the Qur'an which led to the
invention of the frequency analysis technique
for breaking monoalphabetic substitution
ciphers by al-Kindi sometime around AD 800.
How to break the substitution cipher?
• Brute force attack: 26! ≈ 1026
• Use statistical patterns of the language.
• For example: the frequency tables
• Texts of 50 characters can be usually be
broken this way.
• Look at the example from the textbook.
Other famous historical cipher
The Vigenere Cipher (Polyalphabetic)
• The Vigenere Cipher (Polyalphabetic)
• It uses 2 or more cipher alphabets, switching
between them during encryption, thereby
confusing potential cryptanalysis. Able to
produce different cipher for same alphabet.
• The Vigenere square can be used for
encryption and decryption.
Blaise de Vigenere(1523 ‐ 1596)
Leon Battista Alberti(1404 - 1472)
The Vigenere Cipher
• First one choose akeyword, exampleLEMON.
• Then one writes it overand over again on theplaintext.
PLAINTEXT: ATTACKATDAWN
KEYWORD: LEMONLEMONLE
CIPHERTEXT: LXFOPVEFRNHR
The Vigenere Cipher
• So, is it still secure????• No. In 1854 Charles Babbage developed a test that
succeeded to attack this cipher.
• In 1863 Friedrich Kasiski was the first to publish asuccessful attack on the Vigenere cipher.
• The primary weakness of the Vigenere cipher is therepeating nature of its key.
• This cipher was secure from about 1553 till 1854(301 years!!!)
• What’s next????
The Enigma machine.
The Enigma machine.
The Enigma machine.
Exercises
• Write a program that can encrypt and decrypt using the general Caesar cipher.
• Write a program that can perform a letter frequency attack on an additive cipher without human intervention. Your software should produce possible plaintexts in rough order of likelihood. It would be good if your user interface allowed the user to specify “give me the top 10 possible plaintexts.”
• Write a program that can perform a letter frequency attack on any mono-alphabetic substitution cipher without human intervention. Your software should produce possible plaintexts in rough order of likelihood. It would be good if your user interface allowed the user to specify “give me the top 10 possible plaintexts.”
How to define security of an encryption scheme?
How to define security of an encryption scheme?
How to define security of an encryption scheme?
How to define security of an encryption scheme?
Idea 1
Idea 1
Idea 2
Idea 2
Idea 3
Idea 3
Idea 4
Idea 4
How to formalize the “Idea 4”?
What does it mean to achieve secure encryption?
• Adversary cannot find the secret key.
• Adversary cannot find plaintext corresponding to ciphertext.
• Adversary cannot determine any character of plaintext that
corresponds to the ciphertext.
• Adversary cannot determine any meaningful information about
plaintext from ciphertext.
• Adversary cannot compute any function of plaintext from
ciphertext.
Cryptographic goals
• Confidentiality – to keep the content of information
from al but those who are authorized to have them.
• Data integrity – to be able to detect alteration of data.
• Authentication – to be able to identify entities in
communication.
• Non-repudiation – to prevent an entity from denying
previous commitments or actions.
Types of attacks (cryptanalysis techniques)
1. Ciphertext only attack• The cryptanalyst has the ciphertext of several messages,
which are encrypted using the same algorithm. Thecryptanalyst job is to:• Deduce the plaintext
• Or better deduce the key used to encrypt the message in orderto decrypt other messages encrypted with the same keys.
• That is,
Given : 𝐶1 = 𝐸𝑘 𝑃1 , 𝐶2 = 𝐸𝑘 𝑃2 , … , 𝐶𝑖 = 𝐸𝑘(𝑃𝑖)
Deduce : 𝑃1, 𝑃2, … , 𝑃𝑖 𝑜𝑟 𝑘
Types of attacks (cryptanalysis techniques)
2. Known plaintext attack
• The cryptanalyst has access to not only the ciphertext of several
messages, but also to the plaintext of those messages. The cryptanalyst
job is to:
• Deduce the key(s) used to encrypt the messages.
• Deduce the algorithm to decrypt any new messages encrypted with the same
key (from step (a))
• That is,
Given: 𝑃1, 𝐶1 = 𝐸𝑘 𝑃1 , … , 𝑃𝑖, 𝐶𝑖 = 𝐸𝑘(𝑃𝑖)
Deduce : Either k or an algorithm to infer 𝑃𝑖 + 1 from
𝐶𝑖 + 1 = 𝐸𝑘(𝑃𝑖+ 1)
Types of attacks (cryptanalysis techniques)
3. Chosen plaintext attack• The cryptanalyst not only has access to the ciphertext and
associated plaintext for several messages, but he alsochooses the plaintext to be encrypted. The cryptanalystjob is to:• Deduce the key(s) used to encrypt the messages• Deduce the algorithm to decrypt any new messages encrypted
with the same key (from step (a))• That is,Given: 𝑃1, 𝐶1 = 𝐸𝑘 𝑃1 , … , 𝑃𝑖, 𝐶𝑖 = 𝐸𝑘 𝑃𝑖 Where the cryptanalystgets to choose 𝑃1, 𝑃2, … , 𝑃𝑖
Deduce: Either k or an algorithm to infer 𝑃𝑖 + 1 from𝐶𝑖 + 1 = 𝐸𝑘(𝑃𝑖
+ 1)
Types of attacks (cryptanalysis techniques)
4. Chosen ciphertext attack
• The cryptanalyst can choose different ciphertext to be
decrypted and has access to the decrypted plaintext.
The cryptanalyst job is to:
• Deduce the key
• That is,
Given : 𝐶1, 𝑃1 = 𝐷𝑘 𝐶1 , … , 𝐶𝑖, 𝑃𝑖 = 𝐷𝑘(𝐶𝑖)
Deduce : 𝑘
Types of attacks (cryptanalysis techniques)
5. Chosen key attack
• The cryptanalyst has SOME knowledge about the relationship
between different keys. Not practical.
6. Brute force attack
• The cryptanalyst will try every possible key one-by-one and
checking whether the resulting plaintext is meaningful.
7. Rubber hose attack
• Torture, blackmail etc.
Security of Algorithms
• Different algorithms offer different degrees of security.
• Cost to break algorithm > value of data (SAFE)
• Time to break algorithm > time encrypted data must
remain secret (SAFE)
• Amount of data encrypted with a single key < amount of
data necessary to break the algorithm (SAFE)
Complexity of an attack
• One can measure the complexity of an attack in
different ways:
• Data complexity: The amount of data needed as input to
the attack.
• Processing complexity: The time needed to perform the
attack. Also known as work factor.
• Storage requirements: The amount of memory needed to
do the attack.
Exercises
• Read about ‘The Wassenaar Arrangement andInternational Traffic in Arms Regulation (ITAR) then answerthese questions.• Has it always been legal for American to teach cryptography outside
of US? And Why?• Give me a Case Study.
• From regulations mentioned in question 1, what is themaximum key length allowed to be embedded on exportedcryptography machine?
• What is the minimum key length for a cryptography systemsto be secure if based on the Discrete Log Problem?
• Solve the exercises at the end of chapter 1.