LEC 3 & LEC4

Outline

1. An Overview of Cryptography 2. Algorithms:

1. Substitution 2. Transpositions 3. Steganography 4. Xor Function

5. Data Encryption Standard (DES)

6. Public Key Encryption

An Overview of Cryptography

Cryptography

is the art of concealing information

 Encryption (or encipher )

 Decryption (or decipher )

 Plaintext (P)

 Ciphertext (C)

 Cryptographer

 Cryptanalysts

Cipher Environment

Cipher System

…

Categories:

 Physical

 Substitutions: exchange one letter for another

 Transpositions: rearrange the order of the letters

 Steganography: Hiding Information within another information

 Mathematical

 using mathematical processes on characters or messages

.

(ex. Hashing)

 Quantum

…

Categories based on keys (k)

 Symmetric Algorithm

 Asymmetric Algorithm

Algorithms

1. Substitution 2. Transpositions 3. Xor Function

4. Data Encryption Standard (DES)

5. Public Key Encryption

Substitution : Shift (Caesar) Cipher

 Rule:

 C_i = E(p_i)= p_i + k mod 26

 P_i = D(c_i) = c_i– k mod 26

 Example 1 : (k=3): (Rot3)

 P= TREATY IMPOSSIBLE

 C= wuhdwb lpsrvvleoh

 Example 2 : See if you can solve this:

 C= Gel lbhe unaq ng chmmyrf.

 Hint: Rot13

Letter: A B …… Y Z Code : 0 1 …… 24 25

Can we do arithmetic on letters?

Example:A+2=C, Y- 1=X, etc.

What if you go past the end (Y+4)?

The Caesar cipher (cnt’d)

Outer: plaintext Inner: ciphertext

The Caesar cipher (cnt’d)

K=3

Substitution : Keyword Mixed Alphabet

 Rule:

 pick a keyword

 spell it without duplicates

 then, fill in the rest of the alphabet in order

 Example, keyword VACATION

 A: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

 C: V A C T I O N B D E F G H J K L M P Q R S U W X Y Z

DQBK SGTA

 Encrypt “

I should be sailing

^{” as:}

IQVD GDJN

Substitution : Vernam Cipher



Type of one-time pad

P V E R N A M C I P H E R

N 21 4 17 13 0 12 2 8 15 7 4 17

+R 76 48 16 82 44 03 85 11 60 05 48 88

= 97 52 33 95 44 15 60 19 75 12 52 105

% 26 19 0 7 17 18 15 8 19 23 12 0 1 C t a h r s p i t x m a b

 D(t) = 19-76 = -57 % 26 = -5 out of 26 = 21 (V)

Substitution : Vigenere Cipher

 They use an already agree-on table (a Vigenère tableau) that has all 26 letters in each column, in some scrambled order.

Example.

For the message COMPUTING GIVES INSIGHT

and keyword LUCKY we proceed by

repeating the keyword as many times as

needed above the message, as follows^.

Substitution : Vigenere Cipher

C O M P U T I N G G I V E S I N S I G H T L U C K Y L U C K Y L L U C K Y L U C K Y

For each letter of the message

 use the letter of the

keyword to determine a row

 go across the row to the column headed by the

corresponding letter of the message

 E(C) = n

 E(O) = i

Substitution : Vigenere Cipher Decryption

 use the letter of the keyword to determine a row

 find the position of the ciphertext letter in this row

 take the label of the column in which it appears as the plaintext

 D(n) = C

D(i) = O

Transpositions (permutations):

 Rearrange P to get C

 Example:

 P = BOREDOM

 C = MOODERB

 Transpositions leave the plaintext letters

intact

Transpositions : Columnar Transposition

 Use a two-dimensional array ( matrix )

 P = “NARCOLEPTIC”

1 2 3 4 N A R C O L E P

T I C .

 C formed by reading down columns

 “NOTALIRECCP”

 To decipher it, the recipient has to work out

the column lengths by dividing the message

length by the key length.

 If it's not too difficult to break:

 basic substitutions

 basic permutations

 Use a combination of the two → product cipher

 substitution adds confusion(تشويش)

 transposition adds diffusion)تشتيت(

 E₂( E₁(P,k₁), k₂).

Steganography

Consider the following message:

“Meet the mini me that ate later.”

 The real message is every thirdword:

“Meet me later.”

Mathematical : XOR

a ⊕ a = 0

a ⊕ b ⊕ b =a

i.e. to decrypt a ciphertext just XOR it again with the key

Mathematical : XOR

• P: C h a p

• P(bin) 01000011, 01101000, 01100001, 01110000

• K: 33 72 31 79

• K(bin) 00100001, 01001000, 00011111, 01001111

• P ^XORK: 01100010, 00100000, 01111110, 00111111

• Decrypt: cipher text XOR keystream

for (int i=0; i<plaintext.length(); i++) {

int p= (int)plaintext.charAt(i);

cypher=cypher+(char)(p^ key[i]);

}

System.out.println(cypher);

The Data Encryption Standard (DES)

 Block cipher: 64-bit blocks

 Symmetric: Using the same key to encrypt and decrypt .

 Uses basic techniques of encryption. provides

 confusion (substitutions)

 diffusion (permutations)

 Same process 16 times/block

 Uses standard arithmetic and logical operators

 Efficient hardware implementations

 Decryption: Same as encryption, but done in

The Data Encryption Standard (DES)

 The algorithm can be summarized in the following steps:

 1. Split plaintext into two halves left(L) and right(R)

 2. combine the key(K) with the right half (R)

 3. Make substitution operations on R

 4. Make permutation operations on R

 5. Add L and R using XOR operation

 6. Swap the old R to be the new L

The Data Encryption Standard (DES): Alg

DES:

Initial Permutation

 Done before the 16 rounds

58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7

 Read: “put bit 58 into the 1

^st

position, put 50 into the 2

^nd

position ...”

 Reversed by Inverse Initial Permutation

(after round 16)

DES: f function

expand R_i: 32→48 bits all bits used at least once. some twice.

DES: S Boxes

Each box defines a substitution – 6-bit input

– 4-bit output

DES: S Boxes Example: S box 1

• bit 1 and 6 define the row.

• bit 2-5 define col.

• Example: 010011

 bit 1,6 = 01 → row 1

 bit 2,3,4,5 = 1001 → col 9 – output = 6, i.e. 0110

DES: Keys

• PC1: just a simple permutation (output = 56 bit) selected by Pc1

• key split in half each half 28 bits

• Both halves are shifted lift either 1 or 2 bits (depending on round)

• result of shift fed to PC2

• bits are permuted and 48 of the 56 bits chosen for Subkey 1

28 28

56

The Data Encryption Standard (DES)

 Strength of DES

Strong in 70s. Very weak today (Comp Speed).

Key length is 56 bits long, which is argued to be too short

Being too short means it is easier to break using different techniques e.g. brute force attack

 exhaustive search → average 2⁵⁵ attempts

 In 1997, researchers using 3500 machines in parallel were able to infer a DES key in four months

 In 1998, researchers built a special “DES Cracker”

The Triple Data Encryption Standard (Triple DES)

Triple DES Operation

 For each block:

 encrypt with key 1

 decrypt with key 2

 encrypt with key 1



i.e.

C = E_K1(D_K2(E_K1(P)))

 too slow (esp. in software)

The Triple Data Encryption Standard (Triple DES)

Keying options :

The standards define three keying options:

 Keying option 1: All three keys are independent.

 Keying option 2: K1 and K2 are independent, and K3 = K1.

 Keying option 3: All three keys are identical, i.e.

K1 = K2 = K3.

 Keying option 1 is the strongest, with 3 × 56 = 168 independent key bits.

 Keying option 2 provides less security, with 2 × 56 = 112 key bits.

The Triple Data Encryption Standard (Triple DES)

Public Key Encryption

For N users:

 How many keys necessary for

n

people?

 1 person needs 0 keys

 2 people need 1 key

 3 people need 3 keys

 4 people need 6 keys

 5 people need 10 keys

How do you create and distribute the keys?

Public Key Encryption

 In a public key, each user has two keys: a public key and a private key.

 Who knows what?

• Everyone can know your public key

• Nobody should ever know your private key

 The keys are inverses of each other:

• Anything encrypted with your public key can only be decrypted with your private key.

• Anything encrypted with your private key can only be decrypted with your public key.

Public Key Encryption

Public Key Encryption

Sending an Encrypted Message

Public Key Encryption

Private Key (Symmetric) Public Key (Asymmetric)

Number of 1 2

keys

Protection Must be kept secret One key must be kept secret ;

of key the other can be freely

exposed

Best uses Cryptographic workhorse; Key exchange, authentication secrecy and integrity of data,

single characters to blocks of data, messages, files

Key Must be out-of-band Public key can be used to

distribution distribute other keys

Speed Fast Slow; typically, 10,000 times

Public Key Encryption

Public Key Encryption: RSA (Rivest-Shamir-Adelman)

Calculate (Phi) φ(n) = (p-1)(q-1)

RSA Steps

 Choose large primesp, q; p≠q

 Calculate n = pq



 Choose e where gcd(e, φ(n))=1;

 1 < e < φ(n)

 gcd(a, b) is the largest positive integer which divides a and b

 Examples: gcd(12, 8)=4; gcd(7, 3)=1

 relatively prime: a and b are relatively prime if gcd(a,b)=1

 Compute d see slide 50

 public key = {e, n}

 private key = {d, n}

 Encryption: C = P^e mod n

 Dycryption: P = C^d mod n

RSA: Example

 p = 17, q=13

 n = p*q= 17*13 = 221

 φ(n) = (p-1)(q-1)= 16*12 = 192

 then throw away p and q. we don't need themanymore.

 choose e=11; gcd(11, 192)=1

 choose d=35;

 encryption key: {e=11, n=221}

 decryption key: {d=35, n=221}

How to Compute D

N R A B K

1 φ(n) 1 0 -

2 E 0 1 R1/R2

3 R1-R2*K2 A1-A2*K2 B1-B2*K2 R2/R3

4 R2-R3*K3

A2-A3*K3 B2-B3*K3 R3/R4

How to compute the Mod operation

 let's have an example :

 solve 50 mod 3 ?

 (1) 50/3 = 16.66666667

 (2) 16.66666667- 16 = 0.66666667

 (3) 0.66666667* 3 = 2

 Therefore 50 mod 3 = 2

Note: On line 2, we got the "-16" by looking at the result from

RSA: Example

Encrypt “FAMILY GUY”

 P= M “text “ : F A M I L Y G U Y

 P= M “Num” : 5 0 12 8 11 24 6 20 24

 Encryption : p

^e

mod n: p

¹¹

mod 221

 C: 164 0 142 70 97 201 141 41 201

 Decryption : c

^d

mod n: c

³⁵

mod 221

 P: 5 0 12 8 11 24 6 20 24

RSA: RSA Security

 RSA is thought to be secure because:

• to find d (inverse of e mod φ(n): d*e  1 mod φ(n); )

• need to know φ(n)

• given n it's very difficult to find φ(n)

 thought to be no easier than factoring n

 Note: when p and q are 100 decimal digits

• n is about 200 decimal digits

• millions of years of computer time needed to factor

public key = {e, n}

private key = {d, n}

E: C = P^e mod n

Some RSA Practice Problems

1. p=3, q=7, e=5, m=the msg to encrypt = 4

2. p=3, q=13, e=5, m=the msg to encrypt = 2

3. p=7, q=13, e=7, m=the msg to encrypt = 3

4. p=5, q=11, e=7, m=the msg to encrypt = 2

End of Chapter 2 (1/2)

Elementary Cryptography