cryptography - qmul mathsfjw/goldsmiths/2009/pk/cryptography.pdf · cryptography peter keevash...

Cryptography

Peter Keevash

School of Mathematical Sciences, Queen Mary, University of London.

[email protected]

Peter Keevash (QMUL) Cryptography

Introduction

Secure CommunicationHow can one send a secret message?

Steganography (hiding the message)

Modern methodsInvisible ink, hidden words, microdots, DNA, watermarks...

Introduction

Cryptography

The model

Alice and Bob share a secret key, unknown to Eve "Eavesdropper"

Alice encrypts theplaintext messagewith the key, forminga ciphertext.

Bob decrypts the ciphertext with thekey, obtaining the original plaintext.

Eve also receives the ciphertext, but cannot understand it .

Ciphers

Encryption/decryption methodsSubstitutions, codebooks, permutations, pseudorandom generators...

Kerckhoffs’ PrincipleEve knows the system. Only the key is secret.

Efficiency goalKnowing the key makes it easy to communicate.Not knowing the key makes it hard to eavesdrop.

Ciphers

Substitution ciphers

Monoalphabetic substitutionEach letter is consistently replaced by another.

ExampleReversed alphabet: A→ Z, B→ Y, C→ X, . . . HELLO→ SVOOL.

PermutationsThe key is a permutation of the alphabet: a bijective map

σ : {A, . . . ,Z} → {A, . . . ,Z}.

Encryption: apply σ to each letter. Decryption: apply the inversepermutation σ−1 to each letter (σ(x) = y ↔ σ−1(y) = x).

σ : {A, . . . ,Z} → {A, . . . ,Z}.

Cryptanalysis

The security of a cipherHow easy/hard is it to break? (Understand message / obtain key).

Brute forceAny cipher can be broken by trying all possible keys.

How long will it take?Number of substitution cipher keys 26! = 26× 25× · · · × 1= 403291461126605635584000000 = age of universe innanoseconds!

Computational feasibilitySecurity is relative to our powers of computation.

Cryptanalysis

Statistical analysis

Letter frequenciesSome letters are more common than others. The most common lettersin English writing are E, T, A, O, I/N, H/S/R, . . .

Frequency analysisCount letter frequencies in the ciphertext; replace the most commonones by E, T, A, etc.; try to guess the others.

zh grqw jhw shdu wduwv iurp shdfk wuhhvzE grqT jET sEAu TAuTv iurp sEAfk TuEEvzE grqT jET sEAR TARTS iRrp sEAfk TREESzE gOqT jET sEAR TARTS iROp sEAfk TREESWE DONT GET PEAR TARTS FROM PEACH TREES

zh grqw jhw shdu wduwv iurp shdfk wuhhv

zE grqT jET sEAu TAuTv iurp sEAfk TuEEvzE grqT jET sEAR TARTS iRrp sEAfk TREESzE gOqT jET sEAR TARTS iROp sEAfk TREESWE DONT GET PEAR TARTS FROM PEACH TREES

zh grqw jhw shdu wduwv iurp shdfk wuhhvzE grqT jET sEAu TAuTv iurp sEAfk TuEEv

zE grqT jET sEAR TARTS iRrp sEAfk TREESzE gOqT jET sEAR TARTS iROp sEAfk TREESWE DONT GET PEAR TARTS FROM PEACH TREES

zh grqw jhw shdu wduwv iurp shdfk wuhhvzE grqT jET sEAu TAuTv iurp sEAfk TuEEvzE grqT jET sEAR TARTS iRrp sEAfk TREES

zE gOqT jET sEAR TARTS iROp sEAfk TREESWE DONT GET PEAR TARTS FROM PEACH TREES

zh grqw jhw shdu wduwv iurp shdfk wuhhvzE grqT jET sEAu TAuTv iurp sEAfk TuEEvzE grqT jET sEAR TARTS iRrp sEAfk TREESzE gOqT jET sEAR TARTS iROp sEAfk TREES

WE DONT GET PEAR TARTS FROM PEACH TREES

Modular arithmetic

Caesar cipherPrevious example used shift by 3: A→ D, B→ E, C→ F, . . . , Z→ C.

A numerical interpretationIdentify A, . . . ,Z with 0, . . . ,25. Encode e(x) = x + 3 mod 26.Decode d(x) = x − 3 mod 26.

General shiftsSuppose we use an m-letter alphabet, identified with 0, . . . ,m − 1.Encode en(x) = x + n mod m. Decode dn(x) = x − n mod m.

Modular arithmetic

Caesar’s revenge

The one-time padKeep changing amount we shift by! Let’s use binary alphabet {0,1}.

The secret key is a random binary string, say k = 01100110.

Encryption, decryption both m 7→ m + k (bitwise addition mod 2): e.g.e(10101010) = 10101010 + 01100110 = 11001100,d(11001100) = 11001100 + 01100110 = 10101010.

Pro: Unbreakable! If k is random then so is m + k : it contains noinformation about m.Con: Inefficient! k is as long as m: it begs the question of howAlice and Bob managed to agree on k .More efficient: short k and long m, break m into blocks b1,b2, · · · ,encode as b1 + k ,b2 + k , . . . . (But this is breakable.)

Caesar’s revenge

Pro: Unbreakable! If k is random then so is m + k : it contains noinformation about m.

Con: Inefficient! k is as long as m: it begs the question of howAlice and Bob managed to agree on k .More efficient: short k and long m, break m into blocks b1,b2, · · · ,encode as b1 + k ,b2 + k , . . . . (But this is breakable.)

Caesar’s revenge

Pro: Unbreakable! If k is random then so is m + k : it contains noinformation about m.Con: Inefficient! k is as long as m: it begs the question of howAlice and Bob managed to agree on k .

More efficient: short k and long m, break m into blocks b1,b2, · · · ,encode as b1 + k ,b2 + k , . . . . (But this is breakable.)

Caesar’s revenge

Pro: Unbreakable! If k is random then so is m + k : it contains noinformation about m.Con: Inefficient! k is as long as m: it begs the question of howAlice and Bob managed to agree on k .More efficient: short k and long m, break m into blocks b1,b2, · · · ,encode as b1 + k ,b2 + k , . . . . (But this is breakable.)

The Vigenere cipher

We don’t communicate in binary! Cipher easier to remember if weuse A..Z.

The secret key is a word; each letter represents the shift from A tothat letter; e.g. CAESAR↔ +2,+0,+4,+18,+0,+17.Example: ‘The rain in Spain falls mainly on the plain.’

Confusion is created since at different times (i) the same lettermay be encoded differently, and (ii) different letters may beencoded identically!

The Vigenere cipher

We don’t communicate in binary! Cipher easier to remember if weuse A..Z.The secret key is a word; each letter represents the shift from A tothat letter; e.g. CAESAR↔ +2,+0,+4,+18,+0,+17.

Example: ‘The rain in Spain falls mainly on the plain.’

The Vigenere cipher

We don’t communicate in binary! Cipher easier to remember if weuse A..Z.The secret key is a word; each letter represents the shift from A tothat letter; e.g. CAESAR↔ +2,+0,+4,+18,+0,+17.Example: ‘The rain in Spain falls mainly on the plain.’

The Vigenere cipher

We don’t communicate in binary! Cipher easier to remember if weuse A..Z.The secret key is a word; each letter represents the shift from A tothat letter; e.g. CAESAR↔ +2,+0,+4,+18,+0,+17.Example: ‘The rain in Spain falls mainly on the plain.’

Breaking the Vigenere cipher

Much harder than a substitution, but it has weaknesses...

Suppose we know the key length, say it is 5. Just look at theletters in positions 5,10,15,... they are encoded by the same shift:can use frequency analysis! Repeat for other remainders mod 5.

How to get the key length? Could guess. Or use moresophisticated statistics...

Kasiski method: Look for repeated consecutive pairs (digrams) ortriples (trigrams). The key length probably divides the distancebetween them.

Key exchange

A one-time pad attempt:p m k

2 = km1

m m += k3 2m2

m3 m m += k34

Bob = p

Problem! m1 + m2 + m3 = p.

Public key cryptography

Diffie-Hellman idea: method where key is public knowledge?! Howcould this possibly work?

One-way function e: computing e(x) easy; computingd(y) = e−1(y) hard.

RSA cryptosystem: power map e(x) = x` mod n; `,n public.

Inverse problem ‘given y , find x with x` = y mod n’ believed hard.

Trapdoor function: n = pq with p,q large primes, secret key k withk` = 1 mod (p − 1)(q − 1), d(y) = yk mod n.

Issues in modern cryptography

Message Integrity: Can Eve crucially change the meaning of amessage she cannot entirely read (e.g. the amount in a banktransaction)?

Digital Signatures: Eve sees some signed messages, can sheforge a signature?

Communication protocols: Zero-knowledge proof, Multipartysecrets, Elections, Digital cash...

Conclusion

Cryptography concerns secure communication. Unlikesteganography (making the message obscure), the assumption(Kerckhoffs’ Principle) is ‘Eve knows the system; only the key issecret’.

Ciphers are various methods of using the secret key toencrypt/decrypt a message, e.g. Substitution, Vigenere,Permutation, . . .

Security is always relative to computational power, and in fear ofan ingenious unforseen attack.

Public Key Cryptography provides great flexibility, but its securityis only empirical.

Modern cryptography has evolved into a diverse field of theoreticaland practical research.

Conclusion

cryptography - qmul mathsfjw/goldsmiths/2009/pk/cryptography.pdf · cryptography peter keevash...

Documents