Some Stuff About Crypto

Similar documents
Public Key Cryptography

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Cryptography MIS

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Public-key encipherment concept

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

Chapter 3 Traditional Symmetric-Key Ciphers 3.1

Great Theoretical Ideas in Computer Science. Lecture 27: Cryptography

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

Public Key Cryptography and RSA

Public Key Algorithms

Lecture IV : Cryptography, Fundamentals

Public Key Encryption. Modified by: Dr. Ramzi Saifan

Cryptography and Network Security. Sixth Edition by William Stallings

Chapter 9. Public Key Cryptography, RSA And Key Management

Cryptography. Submitted to:- Ms Poonam Sharma Faculty, ABS,Manesar. Submitted by:- Hardeep Gaurav Jain

Tuesday, January 17, 17. Crypto - mini lecture 1

Study Guide to Mideterm Exam

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Channel Coding and Cryptography Part II: Introduction to Cryptography

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

Chapter 9 Public Key Cryptography. WANG YANG

CS669 Network Security

Applied Cryptography and Computer Security CSE 664 Spring 2018

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

RSA (material drawn from Avi Kak Lecture 12, Lecture Notes on "Computer and Network Security" Used in asymmetric crypto.

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

OVE EDFORS ELECTRICAL AND INFORMATION TECHNOLOGY

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Lecture 6: Overview of Public-Key Cryptography and RSA

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

Security: Cryptography

Encryption Algorithms

Behrang Noohi. 22 July Behrang Noohi (QMUL) 1 / 18

Cryptographic Techniques. Information Technologies for IPR Protections 2003/11/12 R107, CSIE Building

Chapter 3 Public Key Cryptography

CSE 127: Computer Security Cryptography. Kirill Levchenko

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

A Tour of Classical and Modern Cryptography

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Cryptographic Hash Functions

Overview. Public Key Algorithms I

Introduction to Cryptography. Vasil Slavov William Jewell College

Classical Cryptography

Computer Security: Principles and Practice

APNIC elearning: Cryptography Basics

Classical Cryptography. Thierry Sans

Computer Security 3/23/18

CRYPTOGRAPHY & DIGITAL SIGNATURE

Introduction to Cryptography and Security Mechanisms. Abdul Hameed

Chapter 3. Cryptography. Information Security/System Security p. 33/617

Public Key Cryptography

Introduction to Cryptography

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Cryptography Introduction to Computer Security. Chapter 8

LECTURE 4: Cryptography

(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Cryptographic Concepts

Ref:

CSC 474/574 Information Systems Security

ASYMMETRIC CRYPTOGRAPHY

L2. An Introduction to Classical Cryptosystems. Rocky K. C. Chang, 23 January 2015

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

What did we talk about last time? Public key cryptography A little number theory

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Public Key Algorithms

Part VI. Public-key cryptography

An overview and Cryptographic Challenges of RSA Bhawana

Public Key Algorithms

CSC 474/574 Information Systems Security

ENEE 459-C Computer Security. Message authentication

CCNA Security 1.1 Instructional Resource

Cryptography (Overview)

Encryption. INST 346, Section 0201 April 3, 2018

Kurose & Ross, Chapters (5 th ed.)

Assignment 9 / Cryptography

Traditional Symmetric-Key Ciphers. A Biswas, IT, BESU Shibpur

ISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)

Cryptography and Network Security

Cryptographic Hash Functions

Making and Breaking Ciphers

Lecture 2 Applied Cryptography (Part 2)

Winter 2011 Josh Benaloh Brian LaMacchia

Public Key Cryptography and the RSA Cryptosystem

Technological foundation

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Cryptography Introduction

1.264 Lecture 28. Cryptography: Asymmetric keys

Cryptography and Network Security 2. Symmetric Ciphers. Lectured by Nguyễn Đức Thái

Uzzah and the Ark of the Covenant

ECE 646 Fall 2009 Final Exam December 15, Multiple-choice test

Cryptography Intro and RSA

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Garantía y Seguridad en Sistemas y Redes

Transcription:

Some Stuff About Crypto Adrian Frith Laboratory of Foundational Aspects of Computer Science Department of Mathematics and Applied Mathematics University of Cape Town This work is licensed under a Creative Commons Attribution-ShareAlike 2.5 South Africa License. 6 October 2011 Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 1 / 31

What is cryptography? Literally hidden writing hiding information from an adversary The practice and study of techniques for secure communication in the presence of hostile third parties. Traditionally about encryption, i.e. confidentiality, now encompasses authentication and integrity. Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 2 / 31

A note about names Cryptography versus cryptanalysis making versus breaking The distinction is not very useful Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 3 / 31

Some encryption terminology The plaintext is the message to be protected. Encryption converts the plaintext to a ciphertext, using a key. Decryption is the reverse. Encryption algorithm + decryption algorithm = cipher. (Don t say code!) A cryptosystem consists of a cipher plus keys, procedures, etc. Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 4 / 31

Substitution ciphers Consistently map alphabet to alphabet Caesar cipher: alphabetic shift with rotation. E.g. attack at dawn, with a shift of 5, becomes fyyfhp fy ifbs Hebrew atbash: reverse the alphabet Generic substitution cipher: some permutation of the alphabet Vulnerable to frequency analysis: different characters appear with different frequencies In English: E T A O I N S H R D L U... Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 5 / 31

Variations on the theme Homophony: map smaller alphabet into larger alphabet to disguise frequency Nomenclator: combine a cipher with a codebook State of the art from 1400s to 1700s Great Cipher of France unbroken for 150 years Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 6 / 31

The Babington Plot Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 7 / 31

The Voynich Manuscript Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 8 / 31

Polyalphabetic substitution Many alphabets Cycle through different mappings from plaintext alphabet to ciphertext alphabet Le chiffre indéchiffrable - but it wasn t! Broken by Charles Babbage in the 1850s Use of repetions + frequency analysis Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 9 / 31

The Vigenère square Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 10 / 31

World War I the Zimmermann telegram Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 11 / 31

World War II Enigma 6 5 5 5 4 A S D F 1 A 2 9 S D F 3 7 A S D F 8 Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 12 / 31

Modern cryptography Arises out of World War II work tied closely to development of the computer Claude Shannon information theory Cold War government secrecy DES 1977 first public crypto standard The problem of key distribution Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 13 / 31

Asymmetric encryption Diffie-Hellman key exchange (1976) see later Asymmetric cryptosystems RSA (1978) and others Crypto politics publication in the open literature Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 14 / 31

The structure of modern crypto Symmetric ciphers Block ciphers Stream ciphers Asymmetric ciphers Hash functions Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 15 / 31

Diffie-Hellmann key exchange The aim: Alice and Bob want to derive a shared secret key by exchanging information over a public channel (A diversion into modular arithmetic, if necessary.) 1 Alice chooses a prime p and a generator g and sends them to Bob. 2 Alice generates a random natural x a and Bob generates a random natural x b. 3 Alice calculates y a = g xa mod p and Bob calculates y b = g x b mod p. 4 Alice sends y a to Bob and Bob sends y b to Alice. 5 Alice calculates y xa 6 y xa b gx bx a g xax b y x b b mod p and Bob calculates y x b a mod p. a! Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 16 / 31

RSA encryption Rivest, Shamir, Adleman at MIT in 1978 Previously discovered by Cocks at GCHQ in 1973 One of the earliest, still the most used Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 17 / 31

RSA key generation 1 Choose two primes p and q. 2 Compute the modulus n = pq. 3 Compute ϕ(n) = (p 1)(q 1). (Size of the multiplicative group of integers mod n.) 4 Choose e such that 1 < e < ϕ(n) and e and ϕ(n) are relatively prime. 5 Calculate d = e 1 mod ϕ(n). (Extended Euclidean algorithm.) 6 The public key is (n, e) and the private key is (n, d). Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 18 / 31

RSA encryption and decryption Alice publishes her public key (n, e) and secures her private key (n, d). To encrypt a message m, Bob calculates c = m e mod n. To decrypt, Alice calculates c d mod n. Why does this work? c d m ed mod n. Remember ed 1 mod ϕ(n). Euler s theorem says a ϕ(n) 1 mod n. Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 19 / 31

Some computation shortcuts Square-and-multiply for exponentiation a b mod n: 1 Let b t b t 1 b t 2...b 2 b 1 b 0 be the binary expansion of b. 2 Let z := 1. 3 Let y := a 4 For i in 0 to t: 1 If b i = 1 then let z := zy mod n. 2 Let y = yy mod n. 5 Return z. Optimize decryption with Chinese remainder theorem Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 20 / 31

Cryptographic Hash Functions A Very Brief Summary Definition A hash function maps bitstrings of arbitrary length ( messages ) to bitstrings of a fixed length n ( hashes ). A cryptographically secure hash function is: first-preimage resistant: given an n-bit string, it is infeasible to find a message that hashes to that string. second-preimage resistant: given a message, it is infeasible to find a different message with the same hash. collision resistant: it is infeasible to find a pair of messages which share a hash. Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 21 / 31

Iterated Hash Functions a.k.a. the Merkle-Damgård Construction Definition A compression function maps bitstrings of length m to bitstrings of length n, where m > n. We construct a hash function F from a compression function f as follows: 1 Divide message M into l blocks of length m n. 2 Let h 0 be some fixed n-bit initialization vector. 3 For i in 1 to l: let h i = f(h i 1 m i ). 4 The final hash F(M) = h l. Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 22 / 31

Iterated Hash Functions m 1 m 2 m l 1 m l h 0 f h 1 f h 2 h l 2 f h l 1 f h l With some caveats, this is the basis for MD5, SHA-1, SHA-2, etc. Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 23 / 31

The Long Message Attack In hashing a 2 R -block message, 2 R intermediate hash values will be produced: h 1 through h 2 R. Find a message block m that hashes to one of these values, i.e. f(h 0 m ) = h i for some i in 1 through 2 R. Then F(M) = F(m m i+1 m i+2 m 2 R 1 m 2 R). m h 0 h i 1 m i h i m i+1 h i+1 h 2 R Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 24 / 31

The Long Message Attack Finding the Linking Block Calculate h = f(h 0 m ) for a random block m. h has 2 n possible values: therefore a 2R 2 n probability that it matches one of the intermediate values. Geometric distribution with p = 2 R n says we must test on average 2 n R random blocks before finding one that matches. Better than brute force 2 n. Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 25 / 31

Merkle-Damgård Strengthening Avoiding the Long Message Attack Simple fix: append a final block to the message, containing a binary representation of the message s length. This can be worked around by using an expandable message. Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 26 / 31

Expandable Messages Definition An expandable message is set of messages of different lengths, all of which have the same hash value when the Merkle-Damgård strengthening is not applied. Definition An (a, b)-expandable message is an expandable message containing messages of every length from a to b inclusive. Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 27 / 31

Fixed-Point Expandable Messages A fixed point is a pair (h, m) such that f(h m) = h. To create an expandable message: 1 Generate 2 n/2 random fixed points: (h 1, m 1 ) through (h 2 n/2, m 2 n/2). 2 Generate 2 n/2 random blocks: m 1 through m. 2 n/2 3 Find a match where the hash of one of the random blocks is the same as the hash value in the fixed point: h i = f(h 0 m j ). Better than 1 2 probability that such a match exists. We can create a message of any length l by appending l 1 copies of m i after m j. This is a (1, )-expandable message. Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 28 / 31

Generic Expandable Messages The Method of Kelsey and Schneier Method for constructing a (R, R + 2 R 1)-expandable message for any iterated hash function. Based on an method for creating a 1-block message and an k-block message that hash from the same intermediate value to the same intermediate value: 1 Generate 2 n/2 1-block messages. 2 Generate 2 n/2 k-block messages. 3 Check for a collision; one will exist with better than 1 2 probability. To create the expandable message, let i iterate from 1 to R and: 1 Find 1-block message m i and (2 i 1 + 1)-block message m i such that f(h i 1 m i ) = f(h i 1 m i ) 2 Let h i = f(h i 1 m i ). continues... Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 29 / 31

Generic Expandable Messages Constructing a k-block Message A k-block message (where R k R + 2 R 1) can be constructed as follows: 1 Let M be the empty message. 2 Let d = k R. Then 0 d 2 R 1. 3 Let s 1 s 2 s R be the binary representation of d with least significant bit first. 4 Let i iterate from 1 to R: If si = 0, append m i to M. If si = 1, append m i to M 5 Return M. The final hash value h R is always the same. This gives us an (R, R + 2 R 1)-expandable message. Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 30 / 31

Using the Expandable Message Consider a message M of 2 R + R blocks. 1 Create an (R, R + 2 R 1)-expandable message. Let h e be the hash value shared by all the messages in the expandable message. 2 Use the basic long message attack to find a single block m link that hashes from h e to one of the intermediate values from h R+1 through h 2 R +R. Call this intermediate value h j. 3 Use the expandable message to create a (j 1)-block message m that hashes to h e. 4 Return the message M = m m link m j+1 m j+2 m 2 R +R. Bouillaguet and Fouque prove that this is the optimal generic second-preimage attack on an Merkle-Damgård hash function. Adrian Frith (University of Cape Town) Some Stuff About Crypto 6 October 2011 31 / 31

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback