CHAPTER 1INTRODUCTION TO CRYPTOGRAPHY

Badran Awad

Computer Department

Palestine Technical college

CHAPTER 1

• Introduction

• Historical ciphers

• Information theoretic security

• Computational security

• Cryptanalysis techniques

• Security of Algorithms

INTRODUCTION

• Who has used cryptography?• Within the last 10 minutes

• Today?

• In your whole life?

Cryptography: Multi-Disciplinary

Cryptography: Multi-Disciplinary

Algebraic Geometry

Probability

Coding Theory

Security

Complexity

Engineering

Number Theory

Algebraic Geometry

Probability

Coding Theory

Security

Complexity

Engineering

Number Theory

Cryptography: Multi-Disciplinary

What is cryptography about?

• Adversary: a clever person with powerful computer

• Main goals:• Data privacy.

• Data integrity.

Data Privacy

• Adversary: does not learn any information about m.

• Example: m is a credit-card number sent to Bob, we want to make a sure Adversary does not learn it.

Data Integrity

• Goal:• m really comes from Alice

• m has not modified in transit

Ideal World

• Kryptonite pipe: cannot see inside or alter content.

• All our goals would be achieved.• But: hard to implement in practice.

Kryptonite pipe

Cryptography!!!

Cryptographic Schemes

• Enc: encryption algorithm.• Dec: decryption algorithm• Ke: encryption key• Kd: decryption key

Cryptographic Schemes

• Cryptographer goals:• How to define security goals?

• How to define Enc, Dec?

• How to gain confidence that Enc, Dec achieve goals?

Encryption Schemes

Encryption Schemes

Encryption Schemes

Encryption Schemes

Encryption Schemes

Encryption Schemes

Encryption Schemes

Provable security

Provable security

Provable security

Provable security – the motivation

Provable security – the motivation

Provable security – the motivation

Provable security – the motivation

Provable security – the motivation

Provable security – the motivation

Kirchhoff's principle

Kirchhoff's principle

A more refined picture

A more refined picture

A more refined picture

Kirchhoff's principle

Kirchhoff's principle

Kirchhoff's principle

Kirchhoff's principle obscurity

A more mathematical view

A more mathematical view

A more mathematical view

A more mathematical view

A more mathematical view - refined

Shift Cipher

Shift Cipher

Security of the shift cipher

Security of the shift cipher

Security of the shift cipher

Substitution Cipher

Substitution Cipher

Substitution Cipher

How to break the substitution cipher?

• First successful formal attack on ciphers was

established by Al-Kindi (801-873).

• It was probably religiously motivated textual

analysis of the Qur'an which led to the

invention of the frequency analysis technique

for breaking monoalphabetic substitution

ciphers by al-Kindi sometime around AD 800.

How to break the substitution cipher?

• Brute force attack: 26! ≈ 1026

• Use statistical patterns of the language.

• For example: the frequency tables

• Texts of 50 characters can be usually be

broken this way.

• Look at the example from the textbook.

Other famous historical cipher

The Vigenere Cipher (Polyalphabetic)

• The Vigenere Cipher (Polyalphabetic)

• It uses 2 or more cipher alphabets, switching

between them during encryption, thereby

confusing potential cryptanalysis. Able to

produce different cipher for same alphabet.

• The Vigenere square can be used for

encryption and decryption.

Blaise de Vigenere(1523 ‐ 1596)

Leon Battista Alberti(1404 - 1472)

The Vigenere Cipher

• First one choose akeyword, exampleLEMON.

• Then one writes it overand over again on theplaintext.

PLAINTEXT: ATTACKATDAWN

KEYWORD: LEMONLEMONLE

CIPHERTEXT: LXFOPVEFRNHR

The Vigenere Cipher

• So, is it still secure????• No. In 1854 Charles Babbage developed a test that

succeeded to attack this cipher.

• In 1863 Friedrich Kasiski was the first to publish asuccessful attack on the Vigenere cipher.

• The primary weakness of the Vigenere cipher is therepeating nature of its key.

• This cipher was secure from about 1553 till 1854(301 years!!!)

• What’s next????

The Enigma machine.

The Enigma machine.

The Enigma machine.

Exercises

• Write a program that can encrypt and decrypt using the general Caesar cipher.

• Write a program that can perform a letter frequency attack on an additive cipher without human intervention. Your software should produce possible plaintexts in rough order of likelihood. It would be good if your user interface allowed the user to specify “give me the top 10 possible plaintexts.”

• Write a program that can perform a letter frequency attack on any mono-alphabetic substitution cipher without human intervention. Your software should produce possible plaintexts in rough order of likelihood. It would be good if your user interface allowed the user to specify “give me the top 10 possible plaintexts.”

How to define security of an encryption scheme?

How to define security of an encryption scheme?

How to define security of an encryption scheme?

How to define security of an encryption scheme?

Idea 1

Idea 1

Idea 2

Idea 2

Idea 3

Idea 3

Idea 4

Idea 4

How to formalize the “Idea 4”?

What does it mean to achieve secure encryption?

• Adversary cannot find the secret key.

• Adversary cannot find plaintext corresponding to ciphertext.

• Adversary cannot determine any character of plaintext that

corresponds to the ciphertext.

• Adversary cannot determine any meaningful information about

plaintext from ciphertext.

• Adversary cannot compute any function of plaintext from

ciphertext.

Cryptographic goals

• Confidentiality – to keep the content of information

from al but those who are authorized to have them.

• Data integrity – to be able to detect alteration of data.

• Authentication – to be able to identify entities in

communication.

• Non-repudiation – to prevent an entity from denying

previous commitments or actions.

Types of attacks (cryptanalysis techniques)

1. Ciphertext only attack• The cryptanalyst has the ciphertext of several messages,

which are encrypted using the same algorithm. Thecryptanalyst job is to:• Deduce the plaintext

• Or better deduce the key used to encrypt the message in orderto decrypt other messages encrypted with the same keys.

• That is,

Given : 𝐶1 = 𝐸𝑘 𝑃1 , 𝐶2 = 𝐸𝑘 𝑃2 , … , 𝐶𝑖 = 𝐸𝑘(𝑃𝑖)

Deduce : 𝑃1, 𝑃2, … , 𝑃𝑖 𝑜𝑟 𝑘

Types of attacks (cryptanalysis techniques)

2. Known plaintext attack

• The cryptanalyst has access to not only the ciphertext of several

messages, but also to the plaintext of those messages. The cryptanalyst

job is to:

• Deduce the key(s) used to encrypt the messages.

• Deduce the algorithm to decrypt any new messages encrypted with the same

key (from step (a))

• That is,

Given: 𝑃1, 𝐶1 = 𝐸𝑘 𝑃1 , … , 𝑃𝑖, 𝐶𝑖 = 𝐸𝑘(𝑃𝑖)

Deduce : Either k or an algorithm to infer 𝑃𝑖 + 1 from

𝐶𝑖 + 1 = 𝐸𝑘(𝑃𝑖+ 1)

Types of attacks (cryptanalysis techniques)

3. Chosen plaintext attack• The cryptanalyst not only has access to the ciphertext and

associated plaintext for several messages, but he alsochooses the plaintext to be encrypted. The cryptanalystjob is to:• Deduce the key(s) used to encrypt the messages• Deduce the algorithm to decrypt any new messages encrypted

with the same key (from step (a))• That is,Given: 𝑃1, 𝐶1 = 𝐸𝑘 𝑃1 , … , 𝑃𝑖, 𝐶𝑖 = 𝐸𝑘 𝑃𝑖 Where the cryptanalystgets to choose 𝑃1, 𝑃2, … , 𝑃𝑖

Deduce: Either k or an algorithm to infer 𝑃𝑖 + 1 from𝐶𝑖 + 1 = 𝐸𝑘(𝑃𝑖

+ 1)

Types of attacks (cryptanalysis techniques)

4. Chosen ciphertext attack

• The cryptanalyst can choose different ciphertext to be

decrypted and has access to the decrypted plaintext.

The cryptanalyst job is to:

• Deduce the key

• That is,

Given : 𝐶1, 𝑃1 = 𝐷𝑘 𝐶1 , … , 𝐶𝑖, 𝑃𝑖 = 𝐷𝑘(𝐶𝑖)

Deduce : 𝑘

Types of attacks (cryptanalysis techniques)

5. Chosen key attack

• The cryptanalyst has SOME knowledge about the relationship

between different keys. Not practical.

6. Brute force attack

• The cryptanalyst will try every possible key one-by-one and

checking whether the resulting plaintext is meaningful.

7. Rubber hose attack

• Torture, blackmail etc.

Security of Algorithms

• Different algorithms offer different degrees of security.

• Cost to break algorithm > value of data (SAFE)

• Time to break algorithm > time encrypted data must

remain secret (SAFE)

• Amount of data encrypted with a single key < amount of

data necessary to break the algorithm (SAFE)

Complexity of an attack

• One can measure the complexity of an attack in

different ways:

• Data complexity: The amount of data needed as input to

the attack.

• Processing complexity: The time needed to perform the

attack. Also known as work factor.

• Storage requirements: The amount of memory needed to

do the attack.

Exercises

• Read about ‘The Wassenaar Arrangement andInternational Traffic in Arms Regulation (ITAR) then answerthese questions.• Has it always been legal for American to teach cryptography outside

of US? And Why?• Give me a Case Study.

• From regulations mentioned in question 1, what is themaximum key length allowed to be embedded on exportedcryptography machine?

• What is the minimum key length for a cryptography systemsto be secure if based on the Discrete Log Problem?

• Solve the exercises at the end of chapter 1.