Chapter 2 - Elementary Cryptography

Security in Computing, 4th Ed, Pfleeger
Chapter 2
Elementary Cryptography
By Mohammed Al-Saleh / JUST
Chapter 2
In this chapter
Concepts of encryption
Cryptanalysis: how encryption systems are
"broken"
Symmetric (secret key) encryption and the DES
and AES algorithms
Asymmetric (public key) encryption and the RSA
algorithm
Key exchange protocols and certificates
Digital signatures
Cryptographic hash functions
Chapter 2
Cryptography
Cryptography (secret writing) is the strongest

tool for controlling against many kinds of security
threats.
Well-disguised data cannot be read, modified, or

fabricated easily.
Cryptography is rooted in higher mathematics
Group and field theory, computational complexity, and

even real analysis, not to mention probability and
statistics.
Fortunately, it is not necessary to understand the
underlying mathematics to be able to use
cryptography.
Chapter 2
Terminology and Background

Consider the steps involved in sending
messages
from a sender, S
to a recipient, R
If S entrusts the message to T, who then delivers it to
R, T then becomes the transmission medium.
If an outsider, O, wants to access the message (to
read, change, or even destroy it), we call O an
interceptor or intruder.
Encryption is a means of maintaining secure data in
an insecure environment.
Chapter 2
Terminology
Encryption is the process of encoding a
message so that its meaning is not obvious
Decryption is the reverse process, transforming
an encrypted message back into its normal,
original form.
Alternatively, the terms encode and decode or
encipher and decipher are used instead of
encrypt and decrypt
A system for encryption and decryption is called
a cryptosystem.
Chapter 2
Terminology
The original form of a message is known as
plaintext, and the encrypted form is called
ciphertext.
Chapter 2
Terminology
The original form of a message is known as
plaintext, and the encrypted form is called
ciphertext.
For convenience, we denote a plaintext message P

as a sequence of individual characters
P = <p1, p2, , pn>.
Similarly, ciphertext is written as
Chapter 2
Terminology
C = <c1, c2, , cm>.
We write C = E(P) and P = D(C), where C represents

the ciphertext, E is the encryption rule, P is the
plaintext, and D is the decryption rule.
What we seek is a cryptosystem for which P = D(E(P)). In other

words, we want to be able to convert the message to protect it
from an intruder, but we also want to be able to get the original
message back so that the receiver can read it properly.
Chapter 2
Encryption Algorithms
The cryptosystem involves a set of rules for how
to encrypt the plaintext and how to decrypt the
ciphertext.
The encryption and decryption rules, called
algorithms, often use a device called a key,
denoted by K, so that the resulting ciphertext
depends on the original plaintext message, the
algorithm, and the key value.
C = E(K, P)
Chapter 2
It would be very expensive for you to contract with
someone to invent and make a lock just for your house.
Also, you would not know whether a particular inventor's lock

was really solid or how it compared with those of other inventors.
A better solution is to have a few well-known, well-respected
companies producing standard locks that differ according to the
(physical) key
Then, you and your neighbor might have the same model of lock,
but your key will open only your lock.
In the same way, it is useful to have a few well-examined
encryption algorithms that everyone could use, but the differing
keys would prevent someone from breaking into what you are
trying to protect.
10
Chapter 2
Sometimes the encryption and decryption keys

are the same, so P = D(K, E(K,P)). This form is
called symmetric encryption because D and E
are mirror-image processes.
At other times, encryption and decryption keys
come in pairs. Then, a decryption key, KD, inverts
the encryption of key KE so that
P = D(KD, E(KE,P)). Encryption algorithms of this
form are called asymmetric
An encryption scheme that does not require the
use of a key is called a keyless cipher.
11
Chapter 2
12
Cryptography means hidden writing, and it

refers to the practice of using encryption to
conceal text.
Cryptanalyst studies encryption and encrypted

messages, hoping to find the hidden meanings.
Chapter 2
cryptology
13
Chapter 2
cryptology
Both a cryptographer and a cryptanalyst attempt

to translate coded material back to its original
form. Normally, a cryptographer works on behalf
of a legitimate sender or receiver, whereas a
cryptanalyst works on behalf of an unauthorized
interceptor.
Cryptology is the research into and study of
encryption and decryption; it includes both
cryptography and cryptanalysis.
14
Chapter 2
Cryptanalysis
A cryptanalyst's chore is to break an encryption.
cryptanalyst attempts to deduce the original meaning

of a ciphertext message.
Better yet, he or she hopes to determine which
decrypting algorithm matches the encrypting algorithm
so that other messages encoded in the same way can
be broken.
15
Chapter 2
Cryptanalyst can attempt to do

Break a single message
Recognize patterns in encrypted messages, to
be able to break subsequent ones by applying a
straightforward decryption algorithm
Infer some meaning without even breaking the
encryption, such as noticing an unusual
frequency of communication or determining
something by whether the communication was
short or long
16
Chapter 2
Cryptanalyst can attempt to do (cont.)
Deduce the key, to break subsequent messages

easily
Find weaknesses in the implementation or
environment of use of encryption
Find general weaknesses in an encryption
algorithm, without necessarily having intercepted
any messages
17
Chapter 2
Information needed by a cryptanalyst
A cryptanalyst works with a variety of pieces of

information: encrypted messages, known encryption
algorithms, intercepted plaintext, data items known or
suspected to be in a ciphertext message, mathematical
or statistical tools and techniques, properties of
languages, computers, and plenty of ingenuity and luck.
Each piece of evidence can provide a clue, and the

analyst puts the clues together to try to form a larger
picture of a message's meaning in the context of how the
encryption is done.
18
Chapter 2
Attack models
Attack models for the cryptanalysis
Ciphertext-only:
Known-plaintext
is an attack model for cryptanalysis where the attacker is assumed to have

access only to a set of ciphertexts.
The attack is completely successful if the corresponding plaintexts can be
deduced, or even better, the key.
is an attack model for cryptanalysis where the attacker has samples of both
the plaintext and its encrypted version (ciphertext). These can be used to
reveal further secret information such as secret keys.
Chosen-plaintext
is an attack model for cryptanalysis which presumes that the attacker has the
capability to choose arbitrary plaintexts to be encrypted and obtain the
corresponding ciphertexts.[1] The goal of the attack is to gain some further
information which reduces the security of the encryption scheme.
19
Chapter 2
Breakable Encryption
An encryption algorithm is called breakable
when, given enough time and data, an analyst
can determine the algorithm.
However, an algorithm that is theoretically breakable

may in fact be impractical to try to break.
Ex., consider a 25-character message that is
expressed in just uppercase letters. A given cipher
scheme may have 2625 (approximately 1035) possible
decipherments
If your computer could perform on the order of 1010

operations per second, finding this decipherment would
require on the order of 1025 seconds.
Infeasible to compute
20
Chapter 2
Breakable Encryption
Two other important issues must be addressed when

considering the breakability of encryption algorithms.
First, the cryptanalyst cannot be expected to try only the
hard, long way.
ingenious approach might require only 10 15 operations. => 1015

operations take slightly more than one day
Second, estimates of breakability are based on current

technology.
Things that were infeasible in 1940 became possible by the 1950s

A conjecture known as "Moore's Law" asserts that the speed of
processors doubles every 1.5 years, and this conjecture has been true
for over two decades.
It is risky to pronounce an algorithm secure just because it cannot be
broken with current technology, or worse, that it has not been broken
yet.
21
Chapter 2
Representing Characters
We begin with the encryption of messages
written in the standard 26-letter Englishalphabet, A through Z.
Convention: plaintext is written in UPPERCASE

letters, and ciphertext is in lowercase letters
Because most encryption algorithms are based on
mathematical transformations, they can be explained
or studied more easily in mathematical form.
22
Chapter 2
Representing Characters
Consider performing arithmetic on the "letters" of

a message
Expressions such as A + 3 = D or K - 1 = J have their

natural interpretation.
Arithmetic is performed as if the alphabetic table were
circular (modular arithmatic)
every result of an arithmetic operation is between 0 and 25

Ex. Y + 3 = B (and B 3 = Y)
Two simple forms of encryption:
substitutions, in which one letter is exchanged for another

transpositions, in which the order of the letters is
rearranged
23
Chapter 2
Substitution Ciphers
The Caesar Cipher
ci = E(pi) = pi + 3
A full translation chart of the Caesar cipher is shown

here.
Using this encryption, the message
TREATY IMPOSSIBLE
would be encoded as
T R E AT Y I M P O S S I B LE
wuhd wb l p s r vvl eo h
The pattern pi + 3 was easy to memorize and

implement, however, it is easy break
24
Chapter 2
Cryptanalysis of the Caesar Cipher
Many clues on the "TREATY IMPOSSIBLE

ciphertext
the space between the two words is preserved in the

ciphertext
double letters are preserved: The SS is translated to
vv
when a letter is repeated, it maps again to the same
ciphertext as it did previously. So the letters T, I, and E
always translate to w, l, and h.
These clues make this cipher easy to break.
25
Chapter 2
Suppose you are given the following ciphertext message,

and you want to try to determine the original plaintext.
Ciphertext: wklv phvvdjh lv qrw wrr kdug wr euhdn

27-symbol alphabet: A through Z plus the "blank" character
Start with small words: English has relatively few small words,
such as am, is, to, be, he, we, and, are, you, she, and so on.
substitute known short words at appropriate places in the
ciphertext until you have something that seems to be meaningful.
Once the small words fall into place, you can try substituting for
matching characters at other places in the ciphertext.
There is a strong clue in the repeated r of the word wrr.
two very common three-letter words having the pattern xyy are see and too.
other less common possibilities are add, odd, and off
26
Chapter 2
Note that the combination wr appears in the ciphertext
if wrr is SEE, wr would have to be SE, which is unlikely

However, if wrr is TOO, wr would be TO, which is quite reasonable.
Substituting T for w and O for r, the message becomes
The OT could be cot, dot, got, hot, lot, not, pot, rot, or tot; a likely choice is not.
Unfortunately, q = N does not give any more clues because q appears only once
in this sample.
The word lv is also the end of the word wklv, which probably starts with T.
Likely two-letter words that can also end a longer word include so, is, in, etc.
However, so is unlikely because the form T-SO is not recognizable;

IN is ruled out because of the previous assumption that q is N
A more promising alternative is to substitute IS for lv throughout, and continue to analyze the message
in that way.
By now, you might notice that the ciphertext letters uncovered are just three
positions away from their plaintext counterparts.
27
The cryptanalysis described here is ad hoc, using

deduction based on guesses instead of solid principles.
But you can take a more methodical approach,
considering
Chapter 2
which letters commonly start words

which letters commonly end words
which prefixes and suffixes are common
Cryptanalysts have compiled lists of common prefixes,

common suffixes, and words having particular patterns.
(For example, sleeps is a word that follows the pattern abccda.)
28
Chapter 2
Other Substitutions
In substitutions, the alphabet is scrambled, and

each plaintext letter maps to a unique ciphertext
letter.
mathematical way description:
permutation is a reordering of the elements of a sequence

For instance, we can permute the numbers l to 10 in many
ways, including:
A permutation is a function, so we can write expressions such

as 1(3) = 5
1 = 1, 3, 5, 7, 9, 10, 8, 6, 4, 2; and 2 = 10, 9, 8, 7, 6, 5, 4, 3, 2, 1
meaning that the letter in position 3 is to be replaced by the fifth letter

If the set is the first ten letters of the alphabet, 1(3) = 5 means that C is
transformed into e
29
Chapter 2
Other Substitutions
Alternative to using the permutation ()

One way to scramble an alphabet is to use a key
a word that controls the permutation

For instance, if the key is word, the sender or receiver
first writes the alphabet and then writes the key under
the first few letters of the alphabet.
The sender or receiver then fills in the remaining
letters of the alphabet, in some easy-to-remember
order, after the keyword.
30
Chapter 2
Complexity of Substitution Encryption and

Decryption
An important issue in using any cryptosystem is the time
it takes to turn plaintext into ciphertext, and vice versa.
it is essential that the scrambling and unscrambling not
deter the authorized parties from completing their
missions
The timing is directly related to the complexity of the encryption

algorithm
encryption and decryption with substitution ciphers can be
performed by direct lookup in a table illustrating the
correspondence
Transforming a single character can be done in a constant
amount of time, so we express the complexity of the algorithm by
saying that the time to encrypt a message of n characters is
proportional to n ( O(n) )
31
Chapter 2
Cryptanalysis of Substitution Ciphers
The techniques described for breaking the Caesar cipher

can also be used on other substitution ciphers
Short words, words with repeated patterns, and common initial

and final letters all give clues for guessing the permutation.
breaking the code is a lot like working a crossword puzzle. You
try a guess and continue to work to substantiate that guess until
you have all the words in place or until you reach a contradiction
Using brute force attack, the cryptanalyst could try all 26!
permutations of a particular ciphertext message
We can use our knowledge of language to simplify this problem.
For example, in English, some letters are used more often than
others. The letters E, T, O, and A occur far more often than J, Q,
X, and Z, for example.
Encryption, even in a simple form, will deter the casual observer.
32
Chapter 2
The Cryptographer's Dilemma

An encryption algorithm must be regular for it to
be algorithmic and for cryptographers to be able
to remember it. Unfortunately, the regularity
gives clues to the cryptanalyst
There is no solution to this dilemma
33
Chapter 2
One-Time Pads
A one-time pad is sometimes considered the

perfect cipher
large, nonrepeating set of keys is written on sheets of

paper, glued together into a pad.
if the keys are 20 characters long and a sender must
transmit a message 300 characters in length
the sender would tear off the next 15 pages of keys

The sender would write the keys one at a time above the
letters of the plaintext and
encipher the plaintext with a prearranged chart (called a
Vigenre tableau) that has all 26 letters in each column, in
some scrambled order
34
Chapter 2
One-Time Pads
key
Plaintext
ciphertext
because row M column i is u, row

A column a is a, and so on.
The one-time pad method has two problems:
the need for absolute synchronization between

sender and receiver, and
the need for an unlimited number of keys.
35
Chapter 2
Transpositions (Permutations)
The goal of substitution is confusion
the encryption method is an attempt to make it

difficult for a cryptanalyst or intruder to determine how
a message and key were transformed into ciphertext.
A transposition (permutation) is an encryption

in which the letters of the message are
rearranged.
the cryptography aims for diffusion
36
Chapter 2
Columnar Transpositions
rearrangement of the characters of the plaintext
into columns
The following set of characters is a five-column
transposition.
37
For instance, suppose you want to write the plaintext

message THIS IS A MESSAGE TO SHOW HOW A
COLUMNAR TRANSPOSITION WORKS. We arrange
the letters in five columns
The resulting ciphertext would then be read down the

columns as
Chapter 2
Columnar Transpositions
38
Chapter 2
Encipherment/Decipherment Complexity
This cipher involves no additional work beyond arranging

the letters and reading them off again.
Therefore, the algorithm requires a constant amount of work per

character, and the time needed to apply the algorithm is
proportional to the length of the message.
we cannot produce output characters until all the message's
characters have been read. This restriction occurs because all
characters must be entered in the first column before output of
the second column can begin, but the first column is not
complete until all characters have been read.
Thus, the delay associated with this algorithm also depends on
the length of the message, as opposed to the constant delay we
have seen in previous algorithms
39
Chapter 2
Digrams, Trigrams, and Other Patterns

Just as there are characteristic letter frequencies, there
are also characteristic patterns of pairs of adjacent
letters, called digrams.
Letter pairs such as -re-, -th-, -en-, and -ed- appear very
frequently.
40
Chapter 2
Cryptanalysis by Digram Analysis
The first step in analyzing the transposition is

computing the letter frequencies.
If we find that in fact all letters appear with their

normal frequencies, we can infer that a transposition
has been performed.
The problem is to find where in the ciphertext a pair of
adjacent columns lies and where the ends of the
columns are
41
Assume the block being

compared is seven characters
The first comparison is c1 to c8,
c2 to c9, , c7 to c14. Then, we
try a distance of eight
characters, and so the window
of comparison shifts and c1 is
compared to c9, c2 to c10, and
continuing..
For each window position, we
ask two questions. First, do
common digrams appear, and
second, do most of the
digrams look reasonable?
Chapter 2
Cryptanalysis by Digram Analysis
Figure 2-5Moving Comparisons.
42
Chapter 2
Combinations of Approaches
Substitution and transposition can be considered

as building blocks for encryption.
A combination of two ciphers is called a product
cipher.
Product ciphers are typically performed one after

another, as in E2(E1(P,k1), k2)
43
Chapter 2
Making "Good" Encryption Algorithms

What Makes a "Secure" Encryption
Algorithm?
What does it mean for a cipher to be "good"?
The meaning of good depends on the intended use of the

cipher
A cipher to be used by military personnel in the field has
different requirements from one to be used in a secure
installation with substantial computer support
In this section, we look more closely at the different

characteristics of ciphers
44
The amount of secrecy needed should determine the

amount of labor appropriate for the encryption and
decryption.
Chapter 2
Shannon's Characteristics of "Good" Ciphers
reiteration of the principle of timeliness from Chapter 1
The set of keys and the enciphering algorithm should be

free from complexity
If the process is too complex, it will not be used

we should restrict neither the choice of keys nor the types of
plaintext on which the algorithm can work
For instance, an algorithm that works only on plaintext having an equal

number of A's and E's is useless.
Similarly, it would be difficult to select keys such that the sum of the values of
the letters of the key is a prime number.
Furthermore, the key must be transmitted, stored, and

remembered
45
Chapter 2
The implementation of the process should be as simple

as possible
formulated with hand implementation in mind

A complicated algorithm is prone to error or likely to be forgotten
With the development and popularity of digital computers,
algorithms far too complex for hand implementation became
feasible
Still, the issue of complexity is important. People will avoid an
encryption algorithm whose implementation process severely
hinders message transmission
And a complex algorithm is more likely to be programmed
incorrectly.
46
Errors in ciphering should not propagate and cause

corruption of further information in the message
Chapter 2
One error early in the process should not throw off the entire
remaining ciphertext
For example, dropping one letter in a columnar transposition
throws off the entire remaining encipherment
The size of the enciphered text should be no larger than

the text of the original message
ciphertext that expands dramatically in size cannot possibly carry

more information than the plaintext
it gives the cryptanalyst more data from which to infer a pattern
longer ciphertext implies more space for storage and more time
to communicate
47
When we say that encryption is "commercial grade," or

"trustworthy," we mean that it meets these constraints:
Chapter 2
Properties of "Trustworthy" Encryption Systems
It is based on sound mathematics

It has been analyzed by competent experts and found to be
sound
It has stood the "test of time.
Three algorithms are popular in the commercial world

and meet the above criteria: DES (data encryption
standard), RSA (Rivest Shamir Adelman, named after the
inventors), and AES (advanced encryption standard).
48
Chapter 2
Symmetric and Asymmetric Encryption Systems
Two basic kinds of encryptions: symmetric (also called

"secret key") and asymmetric (also called "public key")
Symmetric
One key for enrcyption and decryption
Usually, the decryption algorithm is closely related to the encryption
one
Ex., Caesar cipher: encryption: Pi + 3; decryption Ci - 3
provide a two-way channel to their users
A and B share a secret key, and they can both encrypt information to send to
the other as well as decrypt information from the other
the system also provides authentication proof that a message

received was not fabricated by someone other than the declared
sender
49
Chapter 2
Symmetric Encryption Systems
The symmetry of this situation is a major advantage of

this type of encryption
But, has key distribution problem
By the nature of the public key approach, you can send a

public key in an e-mail message or post it in a public
directory
How do A and B obtain their shared secret key?

In general, n users who want to communicate in pairs need
n * (n - 1)/2 keys
Only the corresponding private key, which presumably is kept

private
So, for all encryption algorithms, key management is a

major issue
involves storing, safeguarding, and activating keys
50
Chapter 2
Stream and Block Ciphers
Most of the ciphers we have presented so far are

stream ciphers
convert one symbol of plaintext immediately into a

symbol of ciphertext
The exception is the columnar transposition cipher
The transformation depends only on the symbol, the

key, and the control information of the encipherment
algorithm
skipping a character in
the key during encryption,
affect the encryption of all
future characters
51
Chapter 2
Stream and Block Ciphers
A block cipher encrypts a group of plaintext

symbols as one block
Ex., The columnar transposition
entire message is translated as one block
Block ciphers work on blocks of plaintext and produce

blocks of ciphertext
52
Chapter 2
Confusion and Diffusion
Two additional important concepts are related to

the amount of work required to perform an
encryption
An algorithm providing good confusion has a

complex functional relationship between the
plaintext/key pair and the ciphertext
it will take an interceptor a long time to determine the relationship

between plaintext, key, and ciphertext
Ex1: Caesar cipher is not good for an analyst who deduces the
transformation of a few letters can also predict the transformation of
the remaining letters, with no additional information
Ex2: one-time pad is good because one plaintext letter can be
transformed to any ciphertext letter at different places in the output
53
Chapter 2
Confusion and Diffusion

Two additional important concepts are related to
the amount of work required to perform an
encryption
Confusion
Diffusion: distributing the information from single
plaintext letters over the entire output
54
Chapter 2
The Data Encryption Standard (DES)

developed for the U.S. government
1976
intended for use by the general public
accepted as a cryptographic standard both in the
United States and abroad
many hardware and software systems have been
designed with the DES
However, recently its adequacy has been questioned
55
Chapter 2
Overview
combination of two fundamental building blocks of

encryption: substitution and transposition
derives its strength from repeated application of these
two techniques
one on top of the other, for a total of 16 cycles

Hard to trace a single bit through 16 iterations
The algorithm begins by encrypting the plaintext as

blocks of 64 bits
The key is 64 bits long
in fact it is only 56-bit (the other bits are used to check digits)
56
Chapter 2

Overview
Leverages the two techniques Shannon identified to

conceal information: confusion and diffusion
ensuring that the output bits have no obvious relationship to

the input bits and spreading the effect of one plaintext bit to
other bits in the ciphertext
Substitution provides the confusion, and transposition
provides the diffusion
57
Chapter 2
A Cycle in the DES.
58
Chapter 2
DES (Cont.)
Types of Permutations.
59
Chapter 2
DES (Cont.)
Details of a Cycle.
60
Chapter 2
DES (Cont. )
61
Double and Triple DES
the DES 56-bit key length is not long enough for some
people to feel comfortable
Computing power has increased dramatically

some researchers suggest using a double encryption for
greater secrecy
Take two keys, k1 and k2
perform two encryptions, one on top of the other: E(k2, E(k1,m)).
Does this make the key as powerful as 112-bit key? NO
Chapter 2
the cryptanalyst works plaintext and ciphertext toward each other

It only becomes 57-bit key
However, a simple trick does indeed enhance the security of DES
The so-called triple DES procedure is C = E(k 3, E(k2, E(k1,m))).
This process gives a strength equivalent to a 112-bit key
differential and linear cryptanalysis (self study)
62
Chapter 2
The Advanced Encryption Standards(AES)
To solve the DES security problems
Contest to develop a new algorithm

Rijndael (pronounced RINE dahl) algorithm
Won the contest and became the AES
Key lengths are: 128, 192, 256 (and possibly more)

bits
1999
the U.S. government has approved AES for protecting
Secret and Top Secret classified documents
63
Chapter 2
Public Key Encryption
In 1976, Diffie and Hellman proposed a new kind

of encryption system
Each user has two keys:
One is public and the other is private

Also, use one to encrypt and the other to decrypt
In symmetric key system, each pair of users needs a

separate key
64
Chapter 2
Public Key Encryption

In a public key or asymmetric encryption
system, each user has two keys:
a public key and a private key.

The user may publish the public key freely
The keys operate as inverses
one key undoes the encryption provided by the other key

Ex. let kPRIV be a user's private key, and let kPUB be the
corresponding public key
we can write the relationship as
P = D(kPRIV, E(kPUB, P)) = D(kPUB, E(kPRIV, P))
65
Public key system

RSA has been the subject of extensive
cryptanalysis: no serious flaws have yet been
found
Based on an underlying hard problem
Determining the prime factors of a large number

An area of mathematics known as number theory
Chapter 2
Rivest Shamir Adelman (RSA) Encryption
mathematicians study properties of numbers such as their

prime factors
Operates with arithmetic mod n
66
The two keys used in RSA, d and e, are used for

decryption and encryption
They are actually interchangeable
Chapter 2
Either can be chosen as the public key (the other must be

kept private)
P = E(D(P)) = D(E(P))
Any plaintext block P is encrypted as Pe mod n
factoring Pe to uncover the encrypted plaintext is

difficult
legitimate receiver who knows d simply computes
(Pe)d mod n = P and recovers P without having to
factor Pe.
67
Here is how it works
take two large primes, p and q, and compute their product n = pq

n is called the modulus
Choose a number, e, less than n and relatively prime to (p-1)(q-1)
Chapter 2
i.e., e and (p-1)(q-1) have no common factors except 1
Find another number d such that (ed - 1) is divisible by (p-1)(q-1)

The values e and d are called the public and private exponents, respectively.
The public key is the pair (n, e); the private key is (n, d).
The factors p and q may be destroyed or kept with the private key.
It is currently difficult to obtain the private key d from the public key (n, e).
If one could factor n into p and q, then one could obtain the private key d.
Example: Suppose Alice wants to send a message m to Bob. Alice

creates the ciphertext c by exponentiating: c = me mod n, where e and
n are Bob's public key. She sends c to Bob. To decrypt, Bob also
exponentiates: m = cd mod n; the relationship between e and d
ensures that Bob correctly recovers m. Since only Bob knows d, only
Bob can decrypt this message.
68
Chapter 2
RSA Example
Choose p = 3 and q = 11
Compute n = p * q = 3 * 11 = 33
Compute (n) = (p - 1) * (q - 1) = 2 * 10 = 20
the number of positive integers less than n that are co-prime to n

i.e., no common factors with n except 1
1 is included
Choose e such that 1 < e < (n) and e and n are co-prime. Let e = 7
Compute a value for d such that (d * e) % (n) = 1. One solution is d
= 3 [(3 * 7) % 20 = 1]
Public key is (e, n) => (7, 33)
Private key is (d, n) => (3, 33)
The encryption of m = 2 is c = 27 % 33 = 29
The decryption of c = 29 is m = 293 % 33 = 2
69
Chapter 2

http://www.rsa.com/rsalabs/node.asp?id=2214
http://www.rsa.com/rsalabs/node.asp?id=2189
70
Chapter 2
The Uses of Encryption

Cryptographic Hash Functions
Key Exchange
Digital Signatures
Certificates
71
Chapter 2
The Uses of Encryption
Encryption implements protected communications

channels
it can also be used for other duties/applications
Cryptographic Hash Functions, Key Exchange, Digital Signatures,

Certificates
Public key algorithms are useful only for specialized

tasks
very slow; take 10,000 times as long to perform as a symmetric

encryption
underlying modular exponentiation depends on multiplication and division

slower than the bit operations (addition, exclusive OR, substitution, and
shifting) on which symmetric algorithms are based
symmetric encryption is the cryptographers' "workhorse," and public key
encryption is reserved for specialized, infrequent uses, where slow operation
is not a continuing problem
72
Chapter 2
73
Chapter 2

The most widely used cryptographic hash functions are
MD4, MD5 (where MD stands for Message Digest)
SHA/SHS (Secure Hash Algorithm or Standard).
MD5 is an improved version of MD4

Any message will have 128-bit digest
it produces a 160-bit digest
http://md5-hash-online.waraxe.us
http://sha1-hash-online.waraxe.us/
cryptanalysis attacks on SHA, MD4, and MD5
For SHA, the attack is to find two plaintexts that produce the
same hash digest (collision)
263 steps, far short of the 280 steps that would be expected of a 160-bit
hash function
74
Chapter 2
Birthday Attack
In probability theory, the birthday problem or birthday paradox
concerns the probability that, in a set of n randomly chosen people,
some pair of them will have the same birthday.
By the pigeonhole principle, the probability reaches 100% when the
number of people reaches 367 (since there are 366 possible
birthdays, including February 29).
However, 99% probability is reached with just 57 people, and 50%
probability with 23 people.
These conclusions are based on the assumption that each day of
the year (except February 29) is equally probable for a birthday.
The mathematics behind this problem led to a well-known
cryptographic attack called the birthday attack, which uses this
probabilistic model to reduce the complexity of cracking a hash
function.
75
Chapter 2
Birthday Attack
A list of 23 people, comparing the birthday of the

first person on the list to the others allows 22
chances for a matching birthday, the second
person on the list to the others allows 21
chances for a matching birthday, third person
has 20 chances, and so on. Hence total chances
are: 22+21+20+....+1 = 253, so comparing every
person to all of the others allows 253 distinct
chances (combinations): in a group of 23 people
there are (23 * 22) / 2 = 253 pairs.
76
Chapter 2
Key Exchange
We talk about symmetric keys here
The problem is almost circular: To establish an
encrypted session, you need an encrypted
means to exchange keys.
77
Chapter 2
Key Exchange
Public key cryptography can help
To see how, suppose S and R want to derive a shared

symmetric key
kPRIV-S, kPUB-S, kPRIV-R, and kPUB-R, are the private and public keys
for S and R, respectively
S chooses any symmetric key K
S sends E(kPRIV-S,K) to R
R takes S's public key, removes the encryption, and obtains K
let S send E(kPUB-R, K) to R. Then, only R can decrypt K
Ooops, any eavesdropper who can get S's public key can also obtain K
Ooops, R has no assurance that K came from S
The solution is for S to send to R:

E(kPUB-R, E(kPRIV-S, K))
78
Chapter 2
Key Exchange
79
Chapter 2
Key Exchange
Another key exchange approach
Diffie-Hellman key exchange protocol
S and R use some simple arithmetic to exchange a secret

They agree on a field size n and a starting number g
they can communicate these numbers in the clear
Each thinks up a secret number, say, s and r.

S sends to R gs and R sends to S gr
S computes (gr)s and R computes (gs)r ,which are the same,
so grs = gsr becomes their shared secret
computations are done over a field of integers mod n (omitted for

simplicity)
http://dkerr.home.mindspring.com/diffie_hellman_calc.html
Diffie-Hellman, however, does NOT provide authentication
You can not be sure if you are talking to the right person
80
Chapter 2
Digital Signatures
A digital signature is a protocol that produces

the same effect as a real signature:
It is a mark that only the sender can make

but other people can easily recognize as belonging to
the sender
81
Chapter 2
Digital Signatures
Two conditions
It must be unforgeable:
If person P signs message M with signature S(P,M), it is

impossible for anyone else to produce the pair [M, S(P,M)]
It must be authentic: If a person R receives the pair

[M, S(P,M)] purportedly from P, R can check that the
signature is really from P
Only P could have created this signature, and the signature is

firmly attached to M
82
Chapter 2
Digital Signatures
83
Chapter 2
Digital Signatures
Two more properties
It is not alterable. After being transmitted, M cannot be

changed by S, R, or an interceptor.
It is not reusable. A previous message presented
again will be instantly detected by R.
84
Chapter 2
Digital Signatures
Public Key Protocol
ideally suited to digital signatures.

E: use the public key in transformation
D: use the private key in transformation
85
Chapter 2
Certificates
A public key and user's identity are bound together in a
certificate, which is then signed by someone called a
certificate authority, certifying the accuracy of the
binding.
86
The algorithms to generate a matched pair of

public and private keys are publicly known, and
software that does it is widely available.
So if Alice wanted to use a public key cipher, she
could generate her own pair of public and private
keys, keep the private key hidden, and publicize
the public key.
But how can she publicize her public key
assert that it belongs to herin such a way that
other participants can be sure it really belongs to
her?
Chapter 2
Certificates
87
Chapter 2
Certificates
A complete scheme for certifying bindings between public

keys and identities what key belongs to whois called
a Public Key Infrastructure (PKI).
A PKI starts with the ability to verify identities and bind
them to keys out of band. By out of band, we mean
something outside the network and the computers that
comprise it, such as in the following scenarios.
If Alice and Bob are individuals who know each other,
then they could get together in the same room and Alice
could give her public key to Bob directly, perhaps on a
business card.
88
If Bob is an organization, Alice the individual

could present conventional identification,
perhaps involving a photograph or fingerprints.
If Alice and Bob are computers owned by the
same company, then a system administrator
could configure Bob with Alices public key.
A digitally signed statement of a public key
binding is called a public key certificate, or
simply a certificate
Chapter 2
Certificates
89
One of the major standards for certificates is

known as X.509. This standard leaves a lot of
details open, but specifies a basic structure. A
certificate clearly must include
Chapter 2
Certificates
the identity of the entity being certified

the public key of the entity being certified
the identity of the signer
the digital signature
a digital signature algorithm identifier (which
cryptographic hash and which cipher)
90
Chapter 2
Certificates
Certification Authorities
A certification authority or certificate authority (CA) is

an entity claimed (by someone) to be trustworthy for
verifying identities and issuing public key certificates.
There are commercial CAs, governmental CAs, and
even free CAs.
To use a CA, you must know its own key. You can
learn that CAs key, however, if you can obtain a chain
of CA-signed certificates that starts with a CA whose
key you already know.
Then you can believe any certificate signed by that
new CA
91

Chapter 2 - Elementary Cryptography

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Chapter 2 - Elementary Cryptography

Caricato da

Copyright:

Formati disponibili

Security in Computing, 4th Ed, Pfleeger

By Mohammed Al-Saleh / JUST

By Mohammed Al-Saleh / JUST

Cryptography (secret writing) is the strongest

Well-disguised data cannot be read, modified, or

Cryptography is rooted in higher mathematics

Group and field theory, computational complexity, and

By Mohammed Al-Saleh / JUST

Terminology and Background

By Mohammed Al-Saleh / JUST

By Mohammed Al-Saleh / JUST

By Mohammed Al-Saleh / JUST

By Mohammed Al-Saleh / JUST

For convenience, we denote a plaintext message P

P = <p1, p2, , pn>.

Similarly, ciphertext is written as

C = <c1, c2, , cm>.

We write C = E(P) and P = D(C), where C represents

What we seek is a cryptosystem for which P = D(E(P)). In other

By Mohammed Al-Saleh / JUST

By Mohammed Al-Saleh / JUST

Also, you would not know whether a particular inventor's lock

By Mohammed Al-Saleh / JUST

Sometimes the encryption and decryption keys

By Mohammed Al-Saleh / JUST

By Mohammed Al-Saleh / JUST

Cryptography means hidden writing, and it

Cryptanalyst studies encryption and encrypted

By Mohammed Al-Saleh / JUST

Both a cryptographer and a cryptanalyst attempt

By Mohammed Al-Saleh / JUST

cryptanalyst attempts to deduce the original meaning

By Mohammed Al-Saleh / JUST

Cryptanalyst can attempt to do

By Mohammed Al-Saleh / JUST

Cryptanalyst can attempt to do (cont.)

Deduce the key, to break subsequent messages

By Mohammed Al-Saleh / JUST

Information needed by a cryptanalyst

A cryptanalyst works with a variety of pieces of

Each piece of evidence can provide a clue, and the

By Mohammed Al-Saleh / JUST

is an attack model for cryptanalysis where the attacker is assumed to have

By Mohammed Al-Saleh / JUST

However, an algorithm that is theoretically breakable

If your computer could perform on the order of 1010

By Mohammed Al-Saleh / JUST

Two other important issues must be addressed when

ingenious approach might require only 10 15 operations. => 1015

Second, estimates of breakability are based on current

By Mohammed Al-Saleh / JUST

Things that were infeasible in 1940 became possible by the 1950s

Convention: plaintext is written in UPPERCASE

By Mohammed Al-Saleh / JUST

Consider performing arithmetic on the "letters" of

Expressions such as A + 3 = D or K - 1 = J have their

every result of an arithmetic operation is between 0 and 25

Two simple forms of encryption:

substitutions, in which one letter is exchanged for another

By Mohammed Al-Saleh / JUST

A full translation chart of the Caesar cipher is shown

Using this encryption, the message

The pattern pi + 3 was easy to memorize and