Modern CryptographyModern Cryptography

Code: ICE0605 Credit/Hour : 3/3 Prof : Kwangjo Kim (Tel. x6118),

kkj@icu.ac.kr, http://vega.icu.ac.kr/~kkj

TA :Hyunrok Lee (tank@icu.ac.kr) Hour : Mon./Wed.19:00-20:15 Web page :

http://caislab.icu.ac.kr/Lecture/data/2008/spring/ice605

1

Syllabus Syllabus

1. Course Description As an introductory course to cryptography and information security, this

lecture introduces the security notions and basic building blocks of modern cryptography. We discuss two typical cryptosystems- symmetric cryptosystems that include block ciphers (DES and AES) and stream ciphers, and public key (asymmetric) cryptosystems like RSA, ElGamal, Elliptic Curve Cryptosystem, etc. The hash function, digital signature, key management and identification scheme including zero knowledge proof are also discussed. No prerequisites are required.

2. Textbook - Main Textbook : Douglas R. Stinson, Cryptography-Theory and Practice, 3rd Ed. CRC Press, 2006, ISBN 1-58488-508-4 - Recommended Reading Material : Menezes et al, Handbook of Applied

Cryptography, CRC Press, 1997, ISBN 0-8493-8523-7

- Handouts

3. Test and Evaluation - Midterm Exam: 20%, Final Exam:25% - Homework: 15% , Quiz:10%, Term Project : 25% , Attendance 5%

2

Weekly LectureWeekly LectureWk Contents Cmt Wk Contents Cmt

1 Introduction/Conventional Cipher

9 Public Key Cryptosystem (II) Hw#3

2 Block Cipher (I) Hw#1 10 Digital Signature (I) Qz#3

3 Block Cipher (II) Qz#1 11 Digital Signature (II) Hw#4

4 Cryptanalysis Hw#2 12 Identification Qz#4

5 Stream Cipher Qz#2 13 ZKIP/Key Management Hw#5

6 Hash Functions/ MAC TR#1 14 TP Presentation TR#2

7 Midterm Exam 15 Final Exam

8 Public Key Cryptosystem (I)

3

4

Related Subject

• Mathematics - Number Theory - Algebra : Group, Ring & Field Theory - Elliptic curves• Probability/ Statistics• Information Theory / Coding Theory• Computational Complexity - algorithm, Turing machine - NP-completeness• Quantum Computing, etc

5

Who is interested in cryptology ?

• Government• Diplomatic• Military• Finance• Police

• Industrial• Academic• Standard • Electronic Commerce• Service Provider• DRM/ Digital Watermark• Ubiquitous Security• Rule and Regulations• etc.

Traditional

Emerging Applications

Security anywhere

6

Worldwide Academic Research

• USA - IACR (International Association for Cryptologic Research) http://www.iacr.org/ : Crypto(‘81-), Eurocrypt(’82-), Asiacrypt(’91-), FSE, PKC, CHES - IEEE(Symposium on Privacy and Security) - ACM-CCS (Comp. & Comm. Security) - PKI Workshop(’01-), etc.

• Europe - ESORICS(European Symposium on Research in Computer Security) - EuroPKI(’04-), etc.

• Asia - Australia : Auscrypt(‘90-’92), ACISP (‘95-) - Japan : SCIS(‘84-), CSS(’02-), IWSEC(’06-) , Pairing(’07-) - Korea : KIISC (Korea Institute of Information Security and Cryptology) (’89-) http://www.kiisc.or.kr/, ICISC(‘97-), IWDW(’02-), WISA(’0-), IWAP(’00-) - China : ICICS(‘00-),ACNS(’02-) - Malaysia : Mycrypt(’05-) - India : Indocrypt (’99-), -Vietnam: Vietcrypt(’06-)

History of AsiacryptHistory of Asiacrypt

1900BC : Non-standard hieroglyphics1500BC : Mesopotamian pottery glazes 50BC : Caesar cipher1518 : Trithemius’ cipher book1558 : Keys invented1583 : Vigenere’s book1790 : Jefferson wheel1854 : Playfair cipher1857 : Beaufort’s cipher1917 : Friedman’s Riverbank Labs1917 : Vernam one-time pads

7

Term Projects(Term Projects(ExEx.).)

Cryptographic application of your majoring fieldDesign and/or Cryptanalysis of Block Cipher or

Stream cipherDesign and/or Cryptanalysis of Public Key

CryptographyDesign of cryptographic protocols for key

management or authentication, etc.New applications of cryptographic protocols for

secure e-voting, secure WSN, etcEfficient Implementation of cryptographic library in

RFID etc.

8

Why are you taking this Why are you taking this course?course?

What do you expect What do you expect after this course?after this course?

10

Questions

Basic Concepts(I)Basic Concepts(I)

Cryptology = Crypto(Hidden) + Logos (word) = Cryptography + Cryptanalysis = Code Writing + Code BreakingEncryption(Decryption),Key,Plaintext,Ciphertext,

Deciphertext

11

E() D()

Key

Adversary

Ke Kd

C

C=E(P,Ke) P=D(C,Kd)

Insecure channel

Secure channel

P D

Basic Concepts(II)Basic Concepts(II)

Channel ◦ Secure : trust, registered mail, tamper-proof device◦ Insecure : open, public channel

Entity ◦ Sender (Alice)◦ Receiver (Bob)◦ Adversary (Charlie)

Passive attack : wiretapping ->PrivacyActive attack : modification,impersonation -> Authentication

12

Basic Concepts(III)Basic Concepts(III)

Classification of crypto algorithms◦by date

Traditional( ~19C): CaesarMechanical(WW I, II ): Rotor Machine, PurpleModern(‘50~): DES, IDEA, AES and RSA, ECC

◦by number of keysConventional: {1,single,common} key,

symmetric Public key cryptosystem: {2,dual} keys,

asymmetric◦by size of plaintext

Block CipherStream Cipher

13

14

Security Requirements - Privacy

Attacker (Eavesdropper)

※ Pictures are taken from the CryptMail User's Guide, Copyright (C) 1994 Utimaco Belgium,

Eavesdropping

A B

C

“Keeping information secret from

all but those who are authorized to it.”

15

Security Requirements - Authentication

Impersonation

A B

C

Entity authentication (or identification) :

Corroboration of the identity of an entity

(e.g., a person, a computer terminal, etc) Message authentication :

Corroboration the source of information

also known as data origin authentication

= data integrity

16

Security Requirements - Integrity

“ Ensuring information has not been altered by unauthorized or unknown means.”

Modification

A B

C

17

Security Requirements - Non-repudiation

Repudiation

A B

I sent this

message to you No, I didn’t

receive it.

“Preventing the denial of previous

commitment or actions.”

Basic SecurityBasic Security RequirementsRequirements

Privacy (or confidentiality) : keeping information secret from all but those who are authorized to it.

Data integrity : ensuring information has not been altered by unauthorized or unknown means

AuthenticationEntity authentication (or identification) : corroboration of the identity of

an entity (e.g., a person, a computer terminal, etc) Message authentication: corroboration the source of information ; also

known as data origin authentication Signature: a means to bind information to an entity Access control: restricting access to resources to privileged

entities. Non-repudiation: preventing the denial of previous commitment or

actions.

18

Advanced Security Advanced Security RequirementsRequirements

Authorization: conveyance, to another entity, of official sanction to do or be something.

Validation: a means to provide timeliness of authorization to use or manipulate information or services

Certification: endorsement of information by a trusted entity Revocation: retraction of certification or authorization Time stamping: recording the time of creation or existence of

information Witnessing : verifying the creation or existence of information by an

entity other than the creator Receipt: acknowledgement that information has been received Ownership: a means to provide an entity with the legal right to use

or transfer a resource to others Anonymity: concealing the identity of an entity involved in some

process

19

A taxonomy of cryptographic primitivesA taxonomy of cryptographic primitives

20

Unkeyed

Primitives

Symmetric-key

Primitives

Public-key

Primitives

arbitrary length hash functions

1-way permutations

RNG, PUF

symmetric-key ciphers

arbitrary length (keyed) hash functions(MAC)

Identification primitives

Identification primitives

signatures

public-key ciphers

Security

Primitives

block ciphers

stream ciphers

signatures

RNG(Random Number Generator), PUF(Physically Unclonable Function)

Attacking Model(I)Attacking Model(I)

By available information to attacker ◦COA (Ciphertext Only Attack)◦KPA (Known Plaintext Attack)◦CPA (Chosen Plaintext Attack)◦CCA (Chosen Ciphertext Attack) •Kerckhoff’s principle: knows the cryptosystem being used

22

23

Attacking Model (II)

• Exhaustive Key Search : Time = O(n), Space=O(1)

• (Pre-computed) Table Lookup : Time=O(1), Space= O(n),

• Time-Memory Tradeoff : Time =O(n2/3) , Space =O(n2/3)

Classification of SecurityClassification of Security

Unconditionally secure : unlimited power of adversary, perfect (ex. : one-time pad)

Provably secure : under the assumption of well-known hard mathematical problem

Computationally secure : amount of computational effort by the best known methods (Practical Secure)

24

Brief History of Modern Brief History of Modern CryptologyCryptology

25

1949

Shannon, The Communication Theory of Secrecy Systems

1975

Diffie and Hellman

1978

RSA

1977

DES

2001

AES – FIPS 197SHA-2IBE from Pairing

2004

ID based PKC w/o Random Oracle

2003

Certificateless PKC

1996

DifferentialFaultAnalysis

1985/1987

ECC

1994

OAEP

1993

Random Oracle Model

1988

Zero Knowledge Proof

Linear Cryptanalysis

1992

Differential Cryptanalysis

1990

2002

E-Voting (Votopia)

1995

SHA-1

2000

Polynomial based PKC

1998

ImpossibleDifferentialCryptanalysis

2006

Power of the Randomized Iterate   

DSA

1991

2005

Collisions on Hash Functions

2007

Cryptography with Constant Input Locality