cryptography. alice and bob plaintext cyphertext plaintext
TRANSCRIPT
Cryptography
Alice and Bob
Plaintext Cyphertext Plaintext
Caesar Cipher
Substitution Cipher
The U.S. government is still struggling with key cybersecurity issues more than a year after President Obama deemed the protection of computer systems a national priority. In 2009 the administration revealed a cyberspace policy review, while the president appointed White House cybercoordinator Howard Schmidt to bring the government's initiatives into sync--but the administration is still debating whether it requires new legal authorities or whether such actions are permitted by existing statutes. Critics also charge that officials have failed to allay privacy fears or determine the extent to which the government should regulate or cooperate with the private sector to ensure that critical industries are shielded against hackers. Meanwhile, Congress has drafted numerous cybersecurity bills, but the White House has yet to assume a stance on any of them. "You've got a lot of agreement on what the problem is but very little agreement on the solution, both within the government and outside," notes James A. Lewis with the Center for Strategic and International Studies. Deputy Defense secretary William J. Lynn III recently said that the threat to the intellectual property of the government, universities, and businesses may represent "the most significant cyberthreat" facing the United States. Schmidt stresses the importance of private-public collaboration to secure the U.S.'s computer networks, and says that progress has been made.
http://25yearsofprogramming.com/fun/ciphers.htm
Substitution Cipher
http://www.cryptograms.org/letter-frequencies.php
Too Easy to Crack
http://www.simonsingh.net/The_Black_Chamber/maryqueenofscots.html
Vigenère Cipher
Plaintext: ATTACKATDAWN
Key: LEMONLEMONLE
Ciphertext: LXFOPVEFRNHR
Vigenère Cipher
http://sharkysoft.com/misc/vigenere/
Four score and seven years ago our fathers brought forth on this continent, a new nation, conceived in Liberty, and dedicated to the proposition that all men are created equal. Now we are engaged in a great civil war, testing whether that nation, or any nation so conceived and so dedicated, can long endure. We are met on a great battle-field of that war. We have come to dedicate a portion of that field, as a final resting place for those who here gave their lives that that nation might live. It is altogether fitting and proper that we should do this. But, in a larger sense, we can not dedicate -- we can not consecrate -- we can not hallow -- this ground. The brave men, living and dead, who struggled here, have consecrated it, far above our poor power to add or detract. The world will little note, nor long remember what we say here, but it can never forget what they did here. It is for us the living, rather, to be dedicated here to the unfinished work which they who fought here have thus far so nobly advanced. It is rather for us to be here dedicated to the great task remaining before us -- that from these honored dead we take increased devotion to that cause for which they gave the last full measure of devotion -- that we here highly resolve that these dead shall not have died in vain -- that this nation, under God, shall have a new birth of freedom -- and that government of the people, by the people, for the people, shall not perish from the earth.
Vigenère Cipher
A reproduction of the U.S. Confederacy’s cipher disk.
Vigenère Cipher
Letter frequencies are less obvious, but there is still information because a single key repeats.
Enigma
Try it: http://russells.freeshell.org/enigma/
Early 1920’s – post WWII
Cracking the Enigma
• An Enigma machine captured by the Poles in 1928.
• Poles and British built “Bombes”, analog computers that searched for the right combinations.
• Cat and mouse game and Germans upgraded machines and Allies broke new codes.
• Exact role disputed, but some estimate that breaking the Enigma code shortened the war in Europe by two years.
Alan Turing
• (1912 – 1954) British mathematician
• (1937) Defined a simple formal model of computing and showed that there are uncomputable functions
• (WW II) Worked on the breaking the Enigma code
• (1950) Described a test for intelligence
• (1948 -1952) Described a chess-playing algorithm
• (1954) Committed suicide
• (2009) British government apologizes
One-Time Pads
How Hard is Brute Force?1 2 23 8388608
2 4 24 16777216
3 8 25 33554432
4 16 26 67108864
5 32 27 134217728
6 64 28 268435456
7 128 29 536870912
8 256 30 1073741824
9 512 31 2147483648
10 1024 32 4294967296
11 2048 33 8589934592
12 4096 34 17179869184
13 8192 35 34359738368
14 16384 36 68719476736
15 32768 37 137438953472
16 65536 38 274877906944.00
17 131072 39 549755813888.00
18 262144 40 1099511627776.00
19 524288 41 2199023255552.00
20 1048576 42 4398046511104.00
21 2097152 43 8796093022208.00
22 4194304 44 17592186044416.00
Moore’s Law
http://www.intel.com/technology/mooreslaw/
How It Has Happened
Public Key Encryption
Encrypt(Plaintext, Public key) Cyphertext Decrypt(Cyphertext, Private key)
Public key
Public Key Encryption
• Different keys used for encryption and decryption
• No need for secrecy in transmitting keys:• The encryption key is public.• The decryption key is private and doesn’t need to be
transmitted at all.
Is different because:
How RSA Works
• Bob chooses a private key.
• Bob computes and publishes his public key:
public = f(private)
• Alice exploits Bob’s public key to compute:
ciphertext = encrypt(plaintext, public)
• Bob exploits his private key to compute:
plaintext = decrypt(ciphtertext, private).
Assume that Alice wants to send a message to Bob:
In order for this last step to work, encrypt and decrypt must be designed so that one is the inverse of the other.
What About Eve?
• Eve knows the algorithms encrypt and decrypt.
• She could eavesdrop if she could: – infer Bob’s private key from his public one, or – compute decrypt without knowing Bob’s private key.
• RSA guarantees that Bob and Alice can perform their tasks efficiently but Eve cannot, because of:– the mathematical properties of modular arithmetic, and– the computational properties of prime numbers.
Encrypt(plaintext,public) Decrypt(ciphertext,private)
ciphertextAlice Bob
Eve
public
Modular Arithmetic
Define (for integer p and positive integer n):
p (mod n) = remainder when dividing p by n
Modular Arithmetic
Define (for integer p and positive integer n):
p (mod n) = remainder when dividing p by n
Examples: 9 mod 7 =
52 mod 7 =
52 mod 5 =
Using RSA – Before the Message is Sent
• Bob constructs his public and private keys:
• Bob chooses two large prime numbers p and q. He computes n = p q.
• Bob finds a value e : 1 < e < p q and gcd(e, (p - 1)(q - 1))
= 1
• Bob publishes (n, e) as his public key.
• Bob computes his private key, a value d such that:
d e (mod (p – 1) (q - 1)) = 1.
Using RSA – Sending and Receiving
• Alice breaks plaintext into segments such that no segment corresponds to a binary number that is larger than n. Then, for each plaintext segment, Alice computes:
ciphertext = plaintexte (mod n).
Then she send ciphertext to Bob.
• Bob recreates Alice’s original message by computing:
plaintext = ciphertextd (mod n).
Why RSA Works
• The functions encrypt and decrypt are inverses of each other. The proof follows from Euler’s generalization of Fermat’s Little Theorem.
Recall:
e and (p - 1)(q -1) are relatively prime.
d e (mod (p – 1) (q - 1)) = 1.
encrypt(plaintext) = plaintexte (mod n).
decrypt(cyphertext) = ciphertextd (mod n).
Why RSA Works
• Bob can choose primes efficiently using the following algorithm:
1. Randomly choose two large numbers as candidates.
2. Check the candidates to see if they are prime.
There exist efficient algorithms to test whether a number p is prime.
But these algorithms just say “prime” or “not prime”. They do not report factors of non-primes.
Why RSA Works
• Bob can choose primes efficiently using the following algorithm:
1. Randomly choose two large numbers as candidates.
2. Check the candidates to see if they are prime. 3. Repeat steps 1 and 2 until two primes have been
chosen. By the Prime Number Theorem, the probability of a number near x being prime is about 1/ln x. So, for example, suppose Bob wants to choose a 1000 bit number. The probability of a randomly chosen number near 21000 being prime is about 1/693. So he may have to try 1000 or so times for each of the two numbers that he needs.
Why RSA Works
• Bob can check gcd efficiently, so he can compute e.
gcd-obvious(n, m: integers) = 1. Compute the prime factors of both n and m. 2. Let k be the product of all factors common to n and m (including duplicates). 3. Return k.
Example: The prime factors of 40 are {2, 2, 2, 5}. The prime factors of 60 are {2, 2, 3, 5}.
So gcd(40, 60) = 225 = 20.
But no efficient algorithm for prime factorization is known.
GCD
gcd-Euclid(n, m: integers) = If m = 0 return n. Else return gcd-Euclid(m, n (mod m)).
Example: gcd-Euclid(40, 60) =gcd-Euclid(60, 40) =gcd-Euclid(40, 20) =gcd-Euclid(20, 0) =20
Euclid’s Algorithm
gcd-Euclid(n, m: integers) = If m = 0 return n. Else return gcd-Euclid(m, n (mod m)).
Example: gcd-Euclid(2546, 1542) =gcd-Euclid(1542, 984) =gcd-Euclid(984, 558) =gcd-Euclid(558, 426) =gcd-Euclid(426, 132) =gcd-Euclid(132, 30) =gcd-Euclid(30, 12) =gcd-Euclid(12, 6) =gcd-Euclid(6, 0) =6
Try it yourself.
Euclid’s Algorithm
Why RSA Works
• Bob can check gcd efficiently (using Euclid’s algorithm), so he can compute e.
• Bob can compute d efficiently, using an extension of Euclid’s algorithm that exploits the quotients that it produces at each step.
Why RSA Works
• Alice can implement encrypt efficiently. It is not necessary to compute plaintexte and then take its remainder mod n. Modular exponentiation can be done directly by successive squaring.
• Similarly, Bob can implement decrypt efficiently.
Why RSA Works
• Eve can’t recreate plaintext because:• She can’t simply invert encrypt because modular
exponentiation isn’t invertible. She could try every candidate plaintext and see if she gets one that produces ciphertext, but there are too many of them for this to be feasible.
• She can’t compute d from n and e. If she could factor n into p and q, she could. But no efficient factoring algorithm is known.
Recall:
n = p q.d e (mod (p – 1) (q - 1)) = 1. encrypt(plaintext) = plaintexte (mod n). decrypt(cyphertext) = ciphertextd (mod n).
The Prime Factorization Problem
Let’s factor 636:
The Prime Factorization Problem
So the number of candidates grows as .n
But now consider just binary numbers.
Suppose we add a bit: 10101
101011
Now what’s the largest number we can represent?
Largest Number That Uses n Bits
1 2 23 8388608
2 4 24 16777216
3 8 25 33554432
4 16 26 67108864
5 32 27 134217728
6 64 28 268435456
7 128 29 536870912
8 256 30 1073741824
9 512 31 2147483648
10 1024 32 4294967296
11 2048 33 8589934592
12 4096 34 17179869184
13 8192 35 34359738368
14 16384 36 68719476736
15 32768 37 137438953472
16 65536 38 274877906944.00
17 131072 39 549755813888.00
18 262144 40 1099511627776.00
19 524288 41 2199023255552.00
20 1048576 42 4398046511104.00
21 2097152 43 8796093022208.00
22 4194304 44 17592186044416.00
An Example
1. Bob is expecting to receive messages. So he constructs his keys as follows:
1. He chooses two prime numbers, p = 19 and q = 31. He computes n = pq = 589.
2. He finds an e that has no common divisors with 1830 = 540. The e he selects is 49.
3. He finds a value d = 1069. Notice that 106949 = 52,381. Bob needs to assure that the remainder, when 52,381 is divided by 540, is 1. And it is: 52,381 = 54097 +1. Bob’s private key is now 1069.
2. Bob publishes (589, 49) as his public key.
An Example, Continued
3. Alice wishes to send the simple message “A”. The ASCII code for A is 65. So Alice computes:
6549 (mod 589).
She does this without actually computing 6549. Instead, she exploits two facts about modular exponentiation:
Modular Exponentiation
Two important facts:
ni+j = ninj.
(nm) (mod k) = (n (mod k)m (mod k)) (mod k). Combining these, we have:
ni+j (mod k) = (ni(mod k)nj(mod k)) (mod k).
Modular Exponentiation
Suppose that we want to compute 6549(mod 589). 49 can be expressed in binary as 110001. So 49 = 1 + 16 + 32. Thus 6549 = 651+16+32.
651 (mod 589) = 65. 652 (mod 589) = 4225 (mod 589) = 102. 654 (mod 589) = 1022 (mod 589) = 10404 (mod 589) = 391. 658 (mod 589) = 3912 (mod 589) = 152881 (mod 589) = 330. 6516 (mod 589) = 3302 (mod 589) = 108900 (mod 589) = 524. 6532 (mod 589) = 5242 (mod 589) = 274576 (mod 589) = 102.
6549 (mod 589) = 65(1+16+32) (mod 589). = (65165166532) (mod 589). = ((651 (mod 589))(6516 (mod 589))(6532 (mod 589)))
(mod 589). = (65524102) (mod 589). = ((34060 (mod 589))102) (mod 589). = (487102) (mod 589). = 49674 (mod 589). = 198.
An Example, Continued
Alice sends Bob the message 198.
4. Bob uses his private key (1069) to recreate Alice’s message by computing 1981069 (mod 589). Using the same process Alice used, he does this efficiently and retrieves the message 65.
What Would Kill RSA?
Public Key Cryptography
Another Example of the Security vs Commercial Application Tradeoff
Another Example of the Security vs Commercial Application Tradeoff
GPS
• GPS includes a Selective Availability (SA) featuare that adds intentional, time varying errors of up to 100 meters (328 ft) to the publicly available navigation signals.
GPS
• GPS includes a Selective Availability (SA) featuare that adds intentional, time varying errors of up to 100 meters (328 ft) to the publicly available navigation signals.
• In 1996, President Clinton signed an executive order declaring GPS to be a “dual use” technology. It required that SA be set to 0 by 2006.
• It was set to 0 in 2000.
But We Keep Going Back and Forth
http://www.nytimes.com/2010/09/27/us/27wiretap.html?_r=1