A Cryptography Tutorial

• Jim Xu

• College of Computing

• Georgia Tech

• http://www.cc.gatech.edu/~jx

Why Cryptography?

• Network information needs to be communicated through insecure channel.

• Stored information may be accessed without proper authorization.

• Cryptography is a systematic way to make that harder.

Common Security Requirements

• Secrecy(encryption)

• Authenticity(signature/encryption)

• Integrity (signature/encryption)

• Non-repudiation (signature)

What Cryptography can do?

• Encryption: only the authorized party can understand the encrypted message.

• Signature: allow people to verify the authenticity of the message.

Classical Cryptography

• Shift Cipher (a special case used by Caesar)

• Substitution Cipher

• Affine Cipher

• Vigenere Cipher

• Hill Cipher

• Permutation Cipher

Cryptoanalysis

• Ciphertext-only attack

• Known plaintext attack

• Chosen plaintext attack

• Adaptive Chosen plaintext attack

Cryptoanalysis

• Shift Cipher: English histogram

• Substitution Cipher: histogram again

• Affine Cipher: histogram

• Vigenere Cipher: more complicated stat

• Hill Cipher: Known plaintext attack

• Permutation Cipher: histogram + semantics

Frequency of Letter Occurance

How to achieve perfect secrecy?

• One-pad: have a key as long as the plaintext

• For example, shift cipher is perfectly secure if the key is random and it is only used to encrypt one character!

• Spurious keys: S(n) >= |K|/(|P|^(n*R))-1

• Unicity distance: that n to make S(n) zero

Modern Cryptography

• Two broad classes– 1. Shared-key cryptography– 2. Public-key cryptography

Shared-key cryptography

• Rooted in computational complexity

• Sender has M

• Sender sends (M XOR f(x, k), x)

• f is a random function

• Algorithms:– DES, Various fishes, Lucifer, Fiestel, AES

standards (Rijendel), ...

DES

• A round can be described as:– Li = Ri-1

• The key generation is performed– An initial permutation PC1 which selects 56 bits and

divide them in two halves

– In each round• Select 24 bits from each half using a permutation function PC2

• Rotate left each half by one or two position

)))(((11 KRLR iiii

ESP

Rich theory on pseudorandomness

• Pseudorandom number/bit generator

• Pseudorandom functions (ideal cryptographic hash functions)

• Stretch a small completely random string into a longer but less random string

• Though less random, indistinguishable to “naked eyes”

Public Key Cryptography

• Public/private key pair

• Only the owner knows the private key, but everyone knows the public key

• If the message is encrypted with the private key, then everyone with the public key can recover the message, but only the owner can generate the encrypted message

Continued

• If the message is encrypted with the public key, only the owner can decrypted it using its private key

• The first property can be used for signature and the second property can be used for encryption.

Digital signature

• Sender sends M, T=E(hash(M), private)

• The receiver compares E(T, public) and compares it with hash(M)

• M is considered genuine if they match

RSA

• Find two big prime numbers p and q

• Let B = p*q

• Choose private key C to be a number that is coprime with (p-1)*(q-1)

• Choose public key D such that C*D=1 mod (p-1)*(q-1)

Continued

• Encrypt M: T=M^C (or M^D)

• Decrypt M: M = T^D (or T^C)

• Theorem: (M^C)^D = M mod B

• Why: all the numbers that is coprime with B form a group, and the size of that group is (p-1)(q-1)

Security of RSA

• Hinge upon how hard the factorization is

• If one can break down B into p and q

• then finding C: C*D = 1 mod (p-1)(q-1) is easy

• Factorization is found to be quite hard, at least for now.

Cryptographic Protocols

• System needs are more complicated than what the primitives can provide

• Improperly designed, be broken even if none of the underlying primitives are broken

• Hard to check whether it is properly designed (proof logic/model checking/theorem proving methods are involved)

Key exchange

• Diff-Hellman

• Based on the assumption that knowing prime p and p^n, finding n will be hard

• Allow two party to share a key

• A senders B p^a and remembers a

• B senders A p^b and remembers b

• Both sides can generate p^(ab)

• Third party can not do that!

Man in the middle

• C can establish a key with both A and B, by posing as B and A respectively

• Solution: introduce public key or using return address as authentication method

Public Key Infrastructure

• Need this infrastructure to prevent A from claiming that B uses the public key that A generates

• Both hierachical and flat infrastructure are proposed

• Revocation list a major headache

Advanced Issues

• Group encryption/signature

• Forward security

• Everlasting security