Concepts in Concepts in CryptographyCryptography

“… the history of crypto is strewn with the wreckage of cryptosystems invented by arrogant dilettantes and soon demolished by clever codebreakers.”

--Enoch Root, “The Cryptonomicon”

This, that, and the This, that, and the other…other…

• Cryptography:Cryptography: the art of secret writing. the art of secret writing.• Plaintext:Plaintext: human readable text (cleartext). human readable text (cleartext).• Ciphertext:Ciphertext: encrypted (scrambled?) text. encrypted (scrambled?) text.• Cipher:Cipher: function used to turn plaintext into function used to turn plaintext into

ciphertext and vice versa.ciphertext and vice versa.• Key:Key: secret piece of the cipher. secret piece of the cipher.• Keyspace:Keyspace: the range of the possible values the range of the possible values

a key can have.a key can have.• Cryptosystem:Cryptosystem: algorithm, plus plaintext, algorithm, plus plaintext,

ciphertext, and keys.ciphertext, and keys.• Cryptanalysis:Cryptanalysis: the art of breaking ciphers. the art of breaking ciphers.

Encryption & DecryptionEncryption & Decryption

• Encryption: process of turning Encryption: process of turning plaintext to ciphertext.plaintext to ciphertext.

• Decryption: turning ciphertext to Decryption: turning ciphertext to plaintext.plaintext.

E( P ) = C

D( C ) = P

Transposition CiphersTransposition Ciphers

• Character retains its value, but changes Character retains its value, but changes its position ( Spartan scytale).its position ( Spartan scytale).

ATTACK AT DAWNATTACK AT DAWN

A T C A D WA T C A D W T A K T A NT A K T A N

ATCADWTAKTANATCADWTAKTAN

Substitution CiphersSubstitution Ciphers

• Character changes its meaning while Character changes its meaning while retaining its position (i.e. Caesar’s retaining its position (i.e. Caesar’s cipher).cipher).

… …G H I J K L M N O…G H I J K L M N O…… … J K L M N O P Q R…J K L M N O P Q R…

ATTACK AT DAWNATTACK AT DAWN

DWWDFN DW GDZQ DWWDFN DW GDZQ

A Bit More on A Bit More on SubstitutionSubstitution

• Monoalphabetic Monoalphabetic substitution:substitution: a plaintext a plaintext character has only one character has only one ciphertext meaning.ciphertext meaning.

• Polialphabetic Polialphabetic substitution:substitution: there are there are several meanings for the several meanings for the same plaintext character.same plaintext character.

• Homophonic Homophonic substitution:substitution: the number the number of meanings for a character of meanings for a character depends on its frequency depends on its frequency distribution.distribution.

The One-Time PadThe One-Time Pad

• Truly secure cipher.Truly secure cipher.• Relies on randomness.Relies on randomness.• ““Dirty coat meeting.”Dirty coat meeting.”• Reuse of pads increases Reuse of pads increases

vulnerability.vulnerability.

A X H E W S K A E L A K A X H E W S K A E L A K

A T T A C K A T D A W NA T T A C K A T D A W N

B R B F Z D L U I M X YB R B F Z D L U I M X Y

EnigmaEnigma

• A shift from paper A shift from paper and pencil ciphers.and pencil ciphers.

• A combination of A combination of electrical and electrical and mechanical mechanical systems.systems.

• Uses rotors and Uses rotors and employs employs polialphabetic polialphabetic substitution.substitution.

Computer Age CiphersComputer Age Ciphers

• Symmetric Ciphers:Symmetric Ciphers: Use same key for Use same key for encryption and decryption.encryption and decryption.

EEkk( P ) = C( P ) = C

DDkk( C ) = P( C ) = P

• Asymmetric Ciphers:Asymmetric Ciphers: Different keys for Different keys for encryption and decryption.encryption and decryption.

EEk1k1( P ) = C( P ) = C

DDk2k2( C ) = P( C ) = P

• Hash Functions:Hash Functions: Mathematic function Mathematic function that produces a “unique” hash value for a that produces a “unique” hash value for a given input.given input.

DESDES

• Created by IBM, codenamed ‘Lucifer’.Created by IBM, codenamed ‘Lucifer’.• First “strong” cipher to be adopted by First “strong” cipher to be adopted by

an audience other than the military.an audience other than the military.• Got the NSA seal of approval (which Got the NSA seal of approval (which

meant a lot of things).meant a lot of things).• A Block Cipher, splits plaintext into A Block Cipher, splits plaintext into

blocksblocks• Eventually broken (DESCHALL).Eventually broken (DESCHALL).• Variations (triple-DES).Variations (triple-DES).

Hash FunctionsHash Functions

• Mathematical function Mathematical function that returns a “unique” that returns a “unique” value to a given input.value to a given input.

• It requires a mix of It requires a mix of randomness and randomness and determinism.determinism.

• One way functions.One way functions.• Used for Used for

authentication and authentication and integrity checks.integrity checks.

• MD5, SHA-1 (flawed), MD5, SHA-1 (flawed), RIPEMD-160.RIPEMD-160.

Public Key CryptographyPublic Key Cryptography

• Solves the problem Solves the problem with key distribution.with key distribution.

• Different keys for Different keys for encryption and encryption and decryption.decryption.

• Digital signatures.Digital signatures.• A one-way trapdoor A one-way trapdoor

function.function.

Whitfield Diffie Martin Hellman

Alice Bob

Bob’s Public Key

Bob’s Private Key

Alice's Private Key

Alice's Public Key

RSARSA

• Rives, Shamir, and Rives, Shamir, and Adleman.Adleman.

• First implementation of First implementation of public-key encryption.public-key encryption.

• Strength relies on Strength relies on factoring large numbers factoring large numbers into their prime factors.into their prime factors.

• Given large enough Given large enough prime numbers, RSA is prime numbers, RSA is unbreakable within our unbreakable within our lifetime.lifetime.

Pretty Good PrivacyPretty Good Privacy• Brainchild of Phil Brainchild of Phil

Zimmermann.Zimmermann.• Brought strong crypto to Brought strong crypto to

regular people.regular people.• RSA was too slow to RSA was too slow to

encrypt full messages (at encrypt full messages (at least on a PC).least on a PC).

• Zimmerman’s idea speeds Zimmerman’s idea speeds up the encryption.up the encryption.

• Combines asymmetric and Combines asymmetric and symmetric ciphers.symmetric ciphers.

• PGP uses RSA and IDEA.PGP uses RSA and IDEA.• Intellectual property Intellectual property

issues.issues.• Legal issues.Legal issues.

PGP MechanicsPGP Mechanics

• A symmetric cipher can be as secure as RSA, A symmetric cipher can be as secure as RSA, the problem lies in key distribution. So PGP:the problem lies in key distribution. So PGP:

– Uses a symmetric cipher to encrypt message Uses a symmetric cipher to encrypt message (IDEA).(IDEA).

– IDEA key is randomly generated.IDEA key is randomly generated.– Uses RSA to encrypt the symmetric cipher’s key.Uses RSA to encrypt the symmetric cipher’s key.– Implements digital signatures (a Diffie-Hellman Implements digital signatures (a Diffie-Hellman

idea).idea).

Crypto, Law, and SocietyCrypto, Law, and Society

• Cypherpunk movement of the 90s (May and Cypherpunk movement of the 90s (May and Hughes).Hughes).

• The case of Phil Zimmermann.The case of Phil Zimmermann.• Anonymous remailers.Anonymous remailers.• The criminal use of strong crypto.The criminal use of strong crypto.• Key Escrow and the Clipper Chip.Key Escrow and the Clipper Chip.• Export control laws (Cryptography as Export control laws (Cryptography as

munitions).munitions).• Privacy.Privacy.• ““When strong crypto is made illegal, only When strong crypto is made illegal, only

criminal will use strong crypto.”criminal will use strong crypto.”

CryptanalysisCryptanalysis• Breaking ciphers, it extends to finding Breaking ciphers, it extends to finding

flaws and vulnerabilities in ciphers.flaws and vulnerabilities in ciphers.• Dependent on resources and time.Dependent on resources and time.• Brute force attacks (linear search).Brute force attacks (linear search).• Frequency analysis.Frequency analysis.• Deeply based in guesswork and cunning.Deeply based in guesswork and cunning.• Most ciphers nowadays rely on key secrecy Most ciphers nowadays rely on key secrecy

and key length (unfeasible brute force and key length (unfeasible brute force attack).attack).

• Nothing is 100% secure forever (quantum Nothing is 100% secure forever (quantum encryption??).encryption??).

SteganographySteganography

• Art of hidden writing.Art of hidden writing.• Conceals existence of Conceals existence of

message, but not its message, but not its meaning (i.e. the meaning (i.e. the microdot fiasco).microdot fiasco).

• Invisible inks (the case Invisible inks (the case of MI6).of MI6).

• An extra security layer An extra security layer ( crypto + ( crypto + steganography).steganography).

Sources and Further Sources and Further ReadingReading

• ““Applied Cryptography” by Bruce Applied Cryptography” by Bruce Schneier.Schneier.

• ““Crypto” by Steven Levy.Crypto” by Steven Levy.• ““Brute Force: How DES got Broken” Brute Force: How DES got Broken”

by Matt Curtin.by Matt Curtin.• ““The Code Book” by Simon Singh.The Code Book” by Simon Singh.• ““The Cyphernomicon” by Tim May.The Cyphernomicon” by Tim May.