secure encyrption systems chapter 2

CHAPTER 3CHAPTER 3

SECURE ENCRYPTION SYSTEMSSECURE ENCRYPTION SYSTEMS

IntroductionIntroduction

There are two main types of cryptography:There are two main types of cryptography: symmetric (secret key) cryptographysymmetric (secret key) cryptography asymmetric (public key) cryptographyasymmetric (public key) cryptography

Symmetric (Secret Key) Symmetric (Secret Key) CryptographyCryptography

Symmetric (secret key) cryptographySymmetric (secret key) cryptography Data is encrypted using a key.Data is encrypted using a key. The same key must be use to decrypt the data.The same key must be use to decrypt the data. The security of a symmetric cryptography rests in the The security of a symmetric cryptography rests in the

key. key. Divulging the key - anyone could encrypt and decrypt Divulging the key - anyone could encrypt and decrypt

the message.the message. Example : Data Encryption Standard (DES)Example : Data Encryption Standard (DES)

Symmetric (Secret Key) Symmetric (Secret Key) CryptographyCryptography

Problem with Symmetric Cryptography Problem with Symmetric Cryptography (Distribution of Keys)(Distribution of Keys) The main problem is getting the sender and receiver The main problem is getting the sender and receiver

agree on the secret key without anyone else finding out. agree on the secret key without anyone else finding out. If they are in separate physical locations, they must trust If they are in separate physical locations, they must trust

a courier or a phone system or some other transmission a courier or a phone system or some other transmission medium to prevent the disclosure of the secret key being medium to prevent the disclosure of the secret key being communicated.communicated.

Anyone who overhears or intercepts the key in transit Anyone who overhears or intercepts the key in transit can later read, modify and forge all messages encrypted can later read, modify and forge all messages encrypted using that key.using that key.

Asymmetric (Public Key) Asymmetric (Public Key) CryptographyCryptography

Asymmetric (public key) cryptographyAsymmetric (public key) cryptography Different keys used for encryption and decryptionDifferent keys used for encryption and decryption The ciphering algorithm are called the public key The ciphering algorithm are called the public key

algorithms because algorithms because one of the keys used can be one of the keys used can be made publicmade public..

Example : a complete stranger can use the Example : a complete stranger can use the publicpublic encryption key to encryptencryption key to encrypt a message but only a a message but only a specific person with the corresponding specific person with the corresponding secret secret decryption key can decrypt the messagedecryption key can decrypt the message..

In these systems, the encryption key is often called In these systems, the encryption key is often called the public key and the decryption key is often called the public key and the decryption key is often called the private key.the private key.

Example : RSA Example : RSA

Asymmetric (Public Key) Asymmetric (Public Key) CryptographyCryptography

Concern about public key algorithm:Concern about public key algorithm: The concern covers three categories:The concern covers three categories:

Fortitude in providing unbreakable securityFortitude in providing unbreakable security PracticalityPracticality Applicability Applicability

Many of the algorithms are insecureMany of the algorithms are insecure Among secure algorithm, many are impractical – Among secure algorithm, many are impractical –

key size too large or ciphertext is much larger than key size too large or ciphertext is much larger than plaintextplaintext

Only few algorithms are both secure and practical :Only few algorithms are both secure and practical : Some are only suitable for key distributionSome are only suitable for key distribution Some are only suitable for encryptionSome are only suitable for encryption

Merkle-Hellman KnapsackMerkle-Hellman Knapsack

One of the earliest public key cryptosystem invented by One of the earliest public key cryptosystem invented by Ralph Merkle and Martin Hellman in 1978.Ralph Merkle and Martin Hellman in 1978.

Is based on the Is based on the subset sum problemsubset sum problem (a special case of the (a special case of the knapsack problemknapsack problem): given a list of numbers and a third ): given a list of numbers and a third number, which is the sum of a subset of these numbers, number, which is the sum of a subset of these numbers, determine the subset. determine the subset.

In general, this problem is known to be In general, this problem is known to be NP-completeNP-complete; ; however, there are some 'easy' instances which can be however, there are some 'easy' instances which can be solved efficiently. solved efficiently.

However, the scheme was broken by Adi Shamir, not by However, the scheme was broken by Adi Shamir, not by attacking the knapsack problem, but rather by breaking the attacking the knapsack problem, but rather by breaking the conversion from an easy knapsack to a hard one.conversion from an easy knapsack to a hard one.

Merkle-Hellman KnapsackMerkle-Hellman Knapsack What is a knapsack problem?What is a knapsack problem?

Given N = {17, 38, 73, 4, 11, 1} Find a subset of N whose elements adds up to 53. Is it 73? No! How about 17? If 17, the balance would be 36 and therefore it

cannot be 17. 38? 53 - 38 = 15 = 4 + 11. Therefore {38, 11, 4} is the solution

Generally to solve it, what it needs is an NP-Complete complexity, exponential time behavior in term off the size of the problem, in this case the number of integers. needs to backtrack, discard etc….


The scheme is to encode a binary message as a solution to a knapsack problem, reducing the ciphertext to the target sum obtained by adding terms corresponding to 1s in the plaintext.

PlaintextPlaintext 11 00 11 00 00 11 00 11 11 00 11 00

KnapsackKnapsack 11 22 55 99 2020 4343 11 22 55 99 2020 4343

Target Sum = 1 + 5 + 43 2 + 5 + 20 = 49 = 27


Superincreasing Knapsack When the elements of the set are arranged strictly such

thatak > aj from j = 1 to k-1

the knapsack problem becomes simpler This kind of arrangement are called superincreasing.

Example: Set of {1, 4, 11, 17, 38, 73} Because the elements are ordered, and an element ai is

always > sum of all the lower elements, it is easy to decide whether to discard or to include.


Encryption Technique It is a public-key cryptosystem:

public key : is the set of integers of a knapsack problem

(non-superincreasing knapsack – NSI) private key : is the corresponding superincreasing

knapsack - SI

Genius of Merkle Hellman was to discover a means to transform an SI knapsack to NSI knapsack.

The transformation is not obvious but reversible.


Transforming SI (Superincreasing) to NSI (Non – Superincreasing)

Let s = {s1, s2, s3, ……sM}. Choose a multiplier w and a modulus n such that

n > sM

(w, n) is relatively prime (no common factor)

Then h = {h1, h2, h3, ……hM} such thath1 = w * s1 mod n, h2 = w * s2 mod n, and so on.


Example of transforming SI to NSIExample of transforming SI to NSISuppose s = {1, 2, 4, 9} and suppose w = 15 and n = 17

1 * 15 mod 17 = 152 * 15 mod 17 = 134 * 15 mod 17 = 99 * 15 mod 17 = 16

So H = {15, 13, 9, 16} and this is NSI.


Example (Encrypt Process) Given S = {1, 2, 4, 9} (private key) and H = {15,

13, 9, 16} (public key) with w = 15, n = 17 and m = 4 (divide the block into m bits). Message is 0100 1011 1010 0101.

With H = {15, 13, 9, 16} the message is encoded as follows:

[0 1 0 0] * [15, 13, 9, 16] = 13[1 0 1 1] * [15, 13, 9, 16] = 40[1 0 1 0] * [15, 13, 9, 16] = 24[0 1 0 1] * [15, 13, 9, 16] = 29


Example Decryption Process To decrypt, we first need to find the inverse of

15 mod 17 and this is equal to 8. Multiply all the encrypted message C with 8 mod 17 to get the sum si.

Note : S = {1, 2, 4, 9} (private key)

13 * 8 mod 17 = 2 = [0100]40 * 8 mod 17 = 14 = [1011]

24 * 8 mod 17 = 5 = [1010] 29 * 8 mod 17 = 11 = [0101]

The recovered message is 0100101110100101


Inverse 15 mod 17Inverse 15 mod 17

15 * y mod 17 = 115 * y mod 17 = 1

15 * 1 mod 17 = 15 mod 17 = 1515 * 1 mod 17 = 15 mod 17 = 1515 * 2 mod 17 = 30 mod 17 = 1315 * 2 mod 17 = 30 mod 17 = 1315 * 3 mod 17 = 45 mod 17 = 1115 * 3 mod 17 = 45 mod 17 = 1115 * 4mod 17 = 60 mod 17 = 915 * 4mod 17 = 60 mod 17 = 915 * 5 mod 17 = 75 mod 17 = 715 * 5 mod 17 = 75 mod 17 = 715 * 6 mod 17 = 80 mod 17 = 515 * 6 mod 17 = 80 mod 17 = 515 * 7 mod 17 = 105 mod 17 = 3 15 * 7 mod 17 = 105 mod 17 = 3 15 * 8 mod 17 = 120 mod 17 = 115 * 8 mod 17 = 120 mod 17 = 1

RSA AlgorithmRSA Algorithm

The RSA algorithm is named after Ron Rivest, Adi Shamir and Leonard Adleman who invented it in 1977.

The RSA algorithm can be used for both public key encryption and digital signatures (authentication).


In RSA algorithm, there are 3 important In RSA algorithm, there are 3 important steps:steps:Key generation algorithmKey generation algorithmEncryptionEncryptionDecryptionDecryption


Key Generation AlgorithmKey Generation Algorithm Generate two large random primes, p and q of Generate two large random primes, p and q of

approximately equal size such that their product n = pq is approximately equal size such that their product n = pq is of the required bit length (e.g: 1024 bits)of the required bit length (e.g: 1024 bits)

Compute n = pq and Compute n = pq and phi phi ((ΦΦ) = (p-1) (q-1)) = (p-1) (q-1) Choose an integer e, 1< e < phi, such that gcd (e, phi) = 1Choose an integer e, 1< e < phi, such that gcd (e, phi) = 1 Compute the secret exponent d, 1 < d < phi, such that Compute the secret exponent d, 1 < d < phi, such that

ed = 1 (mod phi)ed = 1 (mod phi)

The public key is (n, e) and the private key is (n, d)The public key is (n, e) and the private key is (n, d)


Encryption processEncryption processObtains the recipient B’s public key (n, e)Obtains the recipient B’s public key (n, e)Represent the plaintext message as Represent the plaintext message as

positive integer m.positive integer m.Compute the ciphertext c = mCompute the ciphertext c = mee mod n mod nSends the ciphertext c to B (recipient)Sends the ciphertext c to B (recipient)


Decryption processDecryption processRecipient B does the following:Uses his private key (n, d) to compute

m = cd mod nExtracts the plaintext from the integer

representative m.


Example :Key Generation: Let p = 11, q = 13, so

n = p*q = 143(ΦΦ) = (p-1)(q-1) = 10 * 12 = 120

Choose e relatively prime to (ΦΦ), say e = 11 e * d mod ΦΦ = 111 * d mod 120 = 1Therefore d = 11

Now we know : Public key ( e = 11, n = 143) : Private key (d = 11)

p & q – prime number

n = p * q

(ΦΦ) = (p-1) (q-1)

e, n public key

d private key


Example :

Encryption process: If plaintext m = 7,

C = me mod n

711 mod 143 = 106

Decryption process: To decrypt, since c = 106 m = cd mod n = 10611 mod 143 = 7


How do you calculate 711 mod 143 = 106??

711 mod 143 =

74 mod 143 * 74 mod 143 * 72 mod 143 * 71 mod 143

= 113 * 113 * 49 * 7 (mod 143)

= 12769 * 343 (mod 143)

= 42 * 57 (mod 143)

= 2394 mod 143

= 106

DES (Data Encryption Standard)DES (Data Encryption Standard)

Invented by a team (led by Walter Tuchman) based on a concept originated by Horst Feistel of IBM and known as Lucifer

Its proper name is DEA (Data Encryption Algorithm) in US and DEA1 in other countries.

Mandated for encryption by all federal agencies for sensitive data.

When used for communication, both sender and receiver must know the same secret key, which can be used to encrypt and decrypt the message


DES CharacteristicsDES Characteristics Symmetric Encryption Combination of substitution technique and transposition

technique. Provide confusion by systematically substituting some

bit patterns for others. Provide diffusion by reordering bits.

Uses only standard arithmetic and logical operations. Plaintext is encrypted in blocks of 64 bits 56-bit key - Choosing 56 bits also allowed DES to be

implemented on a single chip 64-bit key-block (8 parity bits embedded)


Refer to your extra notes !Refer to your extra notes !


DecryptionOne advantage of DES is that decryption

is essentially the same as encryption. The key schedule is reversed. This is due to the fact that DES is based

on a Feistel network.

DES Weak Keys

• Because of the way the key is modified at each round to get the sub-key, certain keys are weak keys.

• Weak keys are those which are unmodified at each round, because they contain all 1’s or all 0’s in each half of the key.

Weak Key 64-bit value Actual subkey values after(with parity) initial permutation (2x28)0101 0101 0101 0101 00000000 000000001F1F 1F1F 1F1F 1F1F 00000000 FFFFFFFFE0E0 E0E0 E0E0 E0E0 FFFFFFFF 00000000FEFE FEFE FEFE FEFE FFFFFFFF FFFFFFFF

DES Semi-Weak Keys

• Some pairs of keys will encrypt a given plaintext to the same ciphertext.

• This is because they yeild only two different subkeys, each of which is used 8 times in the algorithm.

• These pairs are known as semi-weak keys

01FE 01FE 01FE 01FE FE01 FE01 FE01 FE011FE0 1FE0 1FE0 1FE0 E01F E01F E01F E01F01E0 01E0 01E0 01E0 E001 E001 E001 E001

Security of DES

• There have been two major points of criticism about DES :– key size is too small,– the S-boxes contained secret design criteria.

• With advances in the field of cryptanalysis and the huge increase in available computing power, DES is no longer considered to be very secure.

Triple-DES Algorithm

• Triple-DES is a secure variation of the Data Encryption Standard first developed by IBM, and later in 1977 adopted by the U.S.government.

• Triple-DES is a 192 bit (24 characters) cipher that uses three separate 64 bit keys and encrypts data using the DES algorithm three times. ABI- CODER uses a variation that takes a single 192 bit (24 characters) key and then; – encrypts data using first 64 bits (8 characters)

– decrypts same data using second 64 bits (8 characters)

– encrypts same data using the last 64 bits (8 characters)

Triple DES

3 or 2 Keys?

Security of DESSecurity of DES

1997 – 3500 machines parallel infer a 1997 – 3500 machines parallel infer a DES key in four month.DES key in four month.

1998 - $100,000; researchers built ‘DES 1998 - $100,000; researchers built ‘DES cracker’ – DES key in four days.cracker’ – DES key in four days.

DES secure? – great deal of cooperation DES secure? – great deal of cooperation & money. 3 DES still beyond the power of & money. 3 DES still beyond the power of these attacks.these attacks.

New algorithmNew algorithm

Increasing power of computer, US Increasing power of computer, US National Institute of Standards and National Institute of Standards and Technology began the search for new, Technology began the search for new, strong algorithm in 1995.strong algorithm in 1995.

Many participated (15 -> 5).Many participated (15 -> 5).Based on not just security but also cost Based on not just security but also cost

(efficiency) & ease of implementation.(efficiency) & ease of implementation.Winner – Rijndael a.k.a Advanced Winner – Rijndael a.k.a Advanced

Encryption Standard (AES).Encryption Standard (AES).

DesignDesign

UnclassifiedUnclassifiedPublicly disclosedPublicly disclosedAvailable royalty-fee worldwideAvailable royalty-fee worldwideSymmetric block cipher algorithms (128 Symmetric block cipher algorithms (128

bits)bits)Usable with key size 128, 192, and 256 Usable with key size 128, 192, and 256

bitsbits

AES (Rijndael)AES (Rijndael)

Created by Vincent Rijmen & Joan Created by Vincent Rijmen & Joan Daemen (Dutch cryptographers).Daemen (Dutch cryptographers).

Adopted for use by US government in Dec Adopted for use by US government in Dec 2001.2001.

Fast on simple processors.Fast on simple processors.Repeat cycles.Repeat cycles.10, 12, 14 cycles for keys of 128, 192 and 10, 12, 14 cycles for keys of 128, 192 and

256 bits.256 bits.

AES cycle (round)AES cycle (round)

Byte substitution – S-box substituting 128-Byte substitution – S-box substituting 128-bit block.bit block.

Shift row – Transposition.Shift row – Transposition.Mix column – left shift & XOR.Mix column – left shift & XOR.Add Subkey – subkey XORed with cycle.Add Subkey – subkey XORed with cycle.

-THE END-THE END- Summary / Discussion time! Summary / Discussion time!

secure encyrption systems chapter 2

Technology

private key

messagedecryption key

encryptencryption key

calledthe public key

secret key beingmedium

publicpublic encryption

public keythe

publicmade public