classical cryptography - thierry sans · 2019-12-03 · breaking the cipher - the attacker's...
TRANSCRIPT
![Page 1: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/1.jpg)
Classical Cryptography
Thierry Sans
![Page 2: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/2.jpg)
Example and definitions of a cryptosystem
![Page 3: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/3.jpg)
Caesar Cipher - the oldest cryptosystem
A shift cipher – attributed to Julius Caesar (100-44 BC)
MEET ME AFTER THE TOGA PARTY
PHHW PH DIWHU WKH WRJD SDUWB
Shift the alphabet 3 places further down and substitute lettersa b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
![Page 4: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/4.jpg)
Communication over an insecure medium
![Page 5: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/5.jpg)
Threat 1 - Interception
๏ Interception : an attacker can read messages
![Page 6: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/6.jpg)
Threat 2 - Modification
๏ Modification : an attacker can modify messages
![Page 7: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/7.jpg)
Threat 3 - Fabrication
๏ Fabrication : an attacker can inject messages
![Page 8: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/8.jpg)
Threat 4 - Interruption
๏ Interruption : an attacker can block messages
![Page 9: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/9.jpg)
Confidentiality and Integrity of communications
➡ Implement a virtual trusted channel over an insecure medium
![Page 10: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/10.jpg)
Definitions
Plaintext The message in its clear form (the original message)
Ciphertext The message in its ciphered form (the encrypted message)
Encryption Transform a plaintext into ciphertext
Decryption Transform a ciphertext into a plaintext
![Page 11: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/11.jpg)
Definitions
Cryptographic algorithm The method to do encryption and decryption
Cryptographic keyAn input variable used by the algorithm for the transformation
N-bit security entropy (a.k.a. the key space)The number of bits necessary to encode the number of possible keys (could be different than the key length)
![Page 12: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/12.jpg)
Representing data as numbers
Cryptographic algorithms are mathematical operations
➡ messages and keys must be represented as numbersfor instance : ASCII encoding
![Page 13: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/13.jpg)
Back to Caesar Cipher
Algorithm : shift the alphabet of a certain number of positions Key : the number of positions to shiftKey space : 25 possible rotations ( ~ 5 bits security )Encoding :a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Encrypting and decrypting one character is obtained as follows:c = E(k,p) = (p + k) mod 26p = D(k,c) = (c – k) mod 26
![Page 14: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/14.jpg)
The big picture
E D
encryption decryption
plaintext plaintextciphertext
keykey
![Page 15: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/15.jpg)
Breaking the cipher
![Page 16: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/16.jpg)
The Kerckhoffs' principle (1883)
“The enemy knows the system” - the security of a communication should not rely on the fact that the algorithms are secrets
➡ A cryptosystem should be secure even if everything about the system, except the key, is public knowledge
No security by obscurity
![Page 17: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/17.jpg)
Breaking the cipher - the attacker's model
• Exhaustive Search (a.k.a brute force)Try all possible n keys (in average it takes n/2 tries)
• Ciphertext onlyYou know one or several random ciphertexts
• Known plaintext You know one or several pairs of random plaintext and their corresponding ciphertexts
• Chosen plaintextYou know one or several pairs of chosen plaintext and their corresponding ciphertexts
• Chosen ciphertextYou know one or several pairs of plaintext and their corresponding chosen ciphertexts
➡ A good crypto system resists all attacks
![Page 18: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/18.jpg)
Breaking Caesar cipher
Exhaustive search Yes
ciphertext only Statistical Analysis
known plaintext Look at the first letter and get the shift
chosen plaintext Choose “A” and get the shift
chosen ciphertext Choose “A” and get the shift
![Page 19: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/19.jpg)
Statistical Cryptanalysis
➡ Monoalphabetic ciphers do not change the relative frequency of letters in a message
![Page 20: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/20.jpg)
Evolution of cryptosystems
![Page 21: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/21.jpg)
A brief history of cryptography
~ 2000 years ago Substitution ciphers (a.k.a mono alphabetic ciphers)
few centuries later Transposition ciphers
Renaissance Polyalphabetic ciphers
1844 Mechanization
1976 Public key cryptography
![Page 22: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/22.jpg)
Substitution ciphers (a.k.a mono alphabetic ciphers)
➡ Improvement over Caesar cipherAlgorithm : allow an arbitrary permutation of the alphabet Key : set of substitutionsKey space : 26! possible substitutions ( 4x1026 ~ 89 bits)
a b c d e f g h i j k l m n o p q r s t u v w x y zD K V Q F I B J W P E S C X H T M Y A U O L R G Z N
if we wish to replace lettersWI RF RWAJ UH YFTSDVF SFUUFYA
![Page 23: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/23.jpg)
Breaking substitution ciphers
Exhaustive search Doable with a computer
ciphertext only Statistical analysis
known plaintext Match letters together
chosen plaintext Choose ABCDE … and match letters
chosen ciphertext Choose ABCDE … and match letters
![Page 24: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/24.jpg)
Polyalphabetic ciphers (a.k.a Renaissance Cipher)
➡ Vigenere cipherAlgorithm : combine the message and the keyKey : a wordKey space : the length of the word
wearediscoveredsaveyourself
deceptivedeceptivedeceptive
ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Advantage : Encryption of a letter is context dependent
(mod 26)+
![Page 25: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/25.jpg)
Breaking Polyalphabetic Ciphers
exhaustive search Small key length only
ciphertext only Statistical analysis for small key length and significant amount of ciphertext
known plaintext Subtract plaintext from ciphertext
chosen plaintext Choose AAAAA … and match letters
chosen ciphertext Choose AAAAA … and match letters
![Page 26: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/26.jpg)
OTP - One Time Pad
➡ Improvement over Vigenere cipherAlgorithm : combine the message and the keyKey : an infinite random stringKey space : infinite
whatanicedaytoday yksuftgoarfwpfwelZZZJUCLUDTUNNWGQS
Advantage : this is the perfect cipher !Disadvantage : hard to use in practice, how to transmit the key ?
⊕
![Page 27: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/27.jpg)
The impossibility of breaking OTP
The ciphertext bears no statistical relationship to the plaintext➡ No statistical analysis
For any plaintext and ciphertext, there exists a key mapping one to the other, and all keys are equally probable ➡ A ciphertext can be decrypted to any plaintext of the same
length
![Page 28: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/28.jpg)
Transposition Cipher
Algorithm : switch letters around a permutationKey : a set of permutationKey space : the set of permutations
helloworld
LOLHERDLWO
![Page 29: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/29.jpg)
Breaking Transposition ciphers
brute force Small key length only
ciphertext only Hard
known plaintext Match letters together
chosen plaintext Choose ABCDE … and match letters
chosen ciphertext Choose ABCDE … and match letters
![Page 30: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/30.jpg)
The seeds of modern cryptography
1. Diffusion Mix-up symbolsTransposition Cipher
2. ConfusionReplace a symbol with anotherPolyaphabetic Cipher
3. Randomization Repeated encryption of the same text are differentOTP
![Page 31: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/31.jpg)
Mechanization
![Page 32: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/32.jpg)
Mechanization
1844 Invention of the telegraph
1939World War II
The Enigma Machine
![Page 33: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/33.jpg)
The cryptography toolbox
![Page 34: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/34.jpg)
Cryptography is not just a about confidentiality
Integritydigital signatures, hash functions
Non-repudiation contract-signing
Anonymity electronic cash, electronic voting
…
Availability
![Page 35: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/35.jpg)
The crypto toolbox
• Symmetric cryptography schemes
• Asymmetric cryptography schemes
• Message digests
• Digital signatures
• Certificates
![Page 36: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/36.jpg)
Symmetric encryption
E D
symmetric keysymmetric key
➡ The same key is used for encryption and decryption
![Page 37: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/37.jpg)
Asymmetric encryption a.k.a Public Key Cryptography
E D
private keypublic key
➡ The public key for encryption➡ The private key for decryption
![Page 38: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/38.jpg)
Message digests
Message digests are meant for creating fingerprints of messages
• Un-keyed message digest : hashes, checksum• Keyed message digests : MACs
![Page 39: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/39.jpg)
Digital Signature
E D
public keyprivate key
➡ The private key for encryption➡ The public key for decryption
![Page 40: Classical Cryptography - Thierry Sans · 2019-12-03 · Breaking the cipher - the attacker's model • Exhaustive Search (a.k.a brute force) Try all possible n keys (in average it](https://reader033.vdocuments.mx/reader033/viewer/2022041922/5e6c67c7f354ef5d585093ab/html5/thumbnails/40.jpg)
Certificates - Public Key Infrastructure
Certificates are meant for verifying someone’s identity• Binding between a public key and an owner• Certified by a certification authority