based on applied cryptography by schneier chapter 1: foundations dulal c. kar
TRANSCRIPT
Based on Applied Cryptography by Schneier
Chapter 1: Foundations
Dulal C. Kar
Terminology
• Sender and Receiver
• Messages and Encryption– Encryption and decryption– Plaintext and ciphertext– Cryptography and cryptographers– Cryptanalysis and cryptanalysts– Cryptology and cryptologists
Encryption and Decryption
• Notations– Message, M– Plaintext, P– Ciphertext, C– Encryption function, E
• E(M) = C– Decryption function, D
• D(C) = M
• Identity: D(E(M)) = M
Encryption Decryption
Plaintext Ciphertext OriginalPlaintext
Authentication, Integrity, and Nonrepudiation
• In addition to providing confidentiality (privacy), other cryptographic services are:– Authentication
• Ascertaining a message’s true origin
– Integrity• Verifying that a message has not been modified in
transit
– Nonrepudiation• A sender should not be able to falsely deny later that
he sent a message
Algorithms and Keys
• Cryptographic algorithm– Also called cipher– Mathematical function for encryption and
decryption
• Restricted algorithm– Secret algorithm, popular for low security
applications, no standard
• Modern cryptography– Key, K– Keyspace
• Range of possible values of the key
Key-Based Cryptography
• Key-based encryption and decryption– Ek(M) = C– Dk(C) = M
• Identity– Dk(Ek(M)) = M
Encryption Decryption
Plaintext Ciphertext OriginalPlaintext
Key Key
Different Keys for Encryption and Decryption
• Encryption key, K1
• Decryption key, K2
• Ek1(M) = C• Dk2(C) = M• Dk2(Ek1(M)) = M
Encryption Decryption
Plaintext Ciphertext OriginalPlaintext
Encryption Key Decryption Key
Cryptosystem
• An algorithm, plus all possible plaintexts, ciphertexts, and keys
Symmetric Algorithms
• Same key for encryption and decryption• Also called, secret-key algorithms, one-key
algorithms, single-key algorithms
• Ek(M) = C
• Dk(C) = M
• Two categories– Stream algorithms or stream ciphers (operate on a
single bit or sometimes bytes)– Block algorithms or block ciphers (a typical block size
is 64 bits for modern computer algorithms)
Public-Key Algorithms
• Key used for encryption is different from key used for decryption
• Encryption key is often called the public key• Decryption key is often called the private key• Decryption key cannot be calculated from encryption key
in any reasonable amount of time• Also called asymmetric algorithms• Ek1(M) = C• Dk2(C) = M• For digital signatures, messages are encrypted with the
private key and decrypted with the public key
Cryptanalysis
• Science of recovering plaintext of a message without access to the key
• An attempted cryptanalysis is called an attack
• Kerckhoffs’ assumptions in cryptanalysis– Cryptographic algorithm and implementation
known – Secrecy resides only in the key
Cryptanalytic Attacks• Ciphertext-only attack
– Given ciphertext of several messages, recover plaintext, key(s), or algorithm
– Formally
Given: C1 = Ek(P1), C2 = Ek(P2), . . ., Ci = Ek(Pi)
Deduce: Either P1, P2, . . . Pi; k; or an algorithm to infer Pi+1 from Ci+1 = Ek(Pi+1)
• Known-plaintext attack– Given ciphertext and corresponding plaintext of several
messages, deduce the key(s) or algorithm– Formally
Given: (P1, C1), (P2, C2), . . ., (Pi, Ci) where Ci = Ek(Pi)
Deduce: Either k, or an algorithm to infer Pi+1 from Ci+1 = Ek(Pi+1)
Cryptanalytic Attacks (cont’d)• Chosen-plaintext attack
Given: (P1, C1), (P2, C2), . . ., (Pi, Ci) where the cryptanalyst gets to choose P1, P2, . . ., Pi
Deduce: Either k, or an algorithm to infer Pi+1 from Ci+1 = Ek(Pi+1)
• Adaptive-chosen-plaintext attack– A special case of chosen-plaintext attack– Cryptanalyst modifies his or her choice of plaintext based
on the results of previous encryption• Chosen-ciphertext attack
– Given: C1, P1 = Dk(C1), C2, P2 = Dk(C2), . . ., Ci, Pi = Dk(Ci)– Deduce: k– Primarily applicable to public-key algorithms– Sometimes effective against a symmetric algorithm as well
Cryptanalytic Attacks (cont’d)• Chosen-key attack
– Cryptanalyst has some knowledge about the relationship between different keys
– Not very practical
• Rubber-hose cryptanalysis– Cryptanalyst threatens, blackmails, or tortures someone to get the key
• Purchase-key attack– Bribe someone to get the key
• Author’s Comments – The best cryptographic algorithms are the ones that have been made
public, have been attacked by the world’s best cryptographers for years, and are still unbreakable
– Those who claim to have an unbreakable cipher simply because they cannot break are either geniuses or fools
– Good cryptographers rely on peer review to separate the good algorithms from the bad
Security of Algorithms• Different algorithms offer different degrees of security• Cost of breaking must be greater than the value of
encrypted data• Value of most data decreases over time• An algorithm is unconditionally secure if, no matter how
much ciphertext a cryptanalyst has, there is not enough information to recover the plaintext (ex: one-time pad)
• Cryptography is concerned with cryptosystems that are computationally infeasible to break
• An algorithm is considered computationally secure (also called strong) if it cannot be broken with available resources, either current or future.
Complexity Measures of An Attack
• Data complexity– Amount of data needed as input to the attack
• Processing complexity (also called work factor)– Time needed to perform the attack
• Storage requirements– Amount of memory needed to do the attack
• As a rule of thumb, the complexity of an attack is taken to be the minimum of the three factors
• Some attacks involve trading off the three complexities
Steganography
• Existence of a secret message is concealed by hiding it in other messages
• Example– Hiding secret messages in graphic images
Substitution Ciphers and Transposition Ciphers
• Substitution Ciphers– Classical cryptography– Each character in the plaintext is substituted for another
character in the ciphertext. Ex: Caesar Cipher
• Transposition Ciphers– Plaintext remains the same, but the order of characters is
shuffled around. Ex: columnar transposition cipher
• Rotor Machines– Enigma machine– Used by the Germans during World War II– A team of Polish cryptographers broke the first German Enigma
Simple XOR
• A symmetric algorithm– Plaintext is XORed with a keyword to generate ciphertext
• Not secured at all; trivial to break• How to break
– Discover the length of the key by a procedure known as counting coincidences
– Shift the ciphertext by that length and XOR it with itself
PKC
CKP
One-Time Pads
• Perfect encryption scheme, primarily used for ultra-secure low bandwidth channels
• Invented by Major Joseph Mauborgne and AT&T’s Gilbert Vernam in 1917
• Start by representing the message as a sequence of 0s and1s• Key is a random sequence of 0s and 1s of the same length as the
message• Add the key to the message mod 2, bit by bit (Actually XOR
operation)
• Discard the key, once used and never use again (plaintext) 00101001
(key) + 10101100------------------------------------(ciphertext) 10000101
A Variation of One-Time Pads• Consider plaintext as a sequence of letters• Key is a random sequence of shifts, each one between 0 and 25• Decryption uses the same key, but subtracts instead of adding the
shifts• This encryption is completely unbreakable for a ciphertext only
attack• Example: Assume A 1, B 2, . . ., Z 0
Plaintext: ONETIMEPAD key:TBFRGFARFMCiphertext: IPKLPSFHGQHow? O+T mod 26 = I
N + B mod 26 = Petc.
• Caveats: – key letters have to be generated randomly. Using pseudo-random
number generator is not useful. – No authenticity.
Computer Algorithms
• Thee most common cryptographic algorithms– DES (Data Encryption Standard)
• Most popular symmetric key algorithm• 3DES
– AES (Advanced Encryption Standard)– RSA (Rivest, Shamir, and Adleman)
• Most popular public-key algorithm• Can be used for both encryption and digital signatures
– DSA (Digital Signature Algorithm)• A public-key algorithm; cannot be used for encryption, but
only for digital signatures