Professional Documents
Culture Documents
Evolution of Ciphers
Terminology
Encryption: plaintext (cleartext) M is converted
into a ciphertext C under the control of a key k.
We write C = E(M, k).
Decryption with key k recovers the plaintext M
from the ciphertext C.
We write M = D(C, k).
Symmetric ciphers: the secret key is used for both
encryption and decryption.
Asymmetric ciphers: Pair of private and public
keys where it is computationally infeasible to
derive the private decryption key from the
corresponding public encryption key.
L02 Cryptography IN2120 - UiO 2019 7 L02 Cryptography IN2120 - UiO 2019 8
Strength of Ciphers
Symmetric cryptography (secret key)
Factors for cryptographic strength:
Key size.
Alice Bob
Secret key Secret key Exhaustive key-search time depends on the key size.
Typical key size for a symmetric cipher is 256 bit.
Attacker must try 2256/2 keys on average to find the key,
Message Message which would take millions of years, which is not practical.
With N different keys, the key size is log2(N).
Algorithm Algorithm
Ciphertext Algorithm strength.
encryption decryption Key discovery by cryptanalysis can exploit statistical
Plaintext Plaintext regularities in the ciphertext.
To prevent cryptanalysis, the bit-patterns / characters in
the ciphertext should have a uniform distribution, i.e. all
between entities who are authorized to encrypt and decrypt bit-patterns / characters should be equally probable.
L02 Cryptography IN2120 - UiO 2019 9 L02 Cryptography IN2120 - UiO 2019 10
M1 M2 Mn
C1 C2 Cn
M1 M2 Mn
L02 Cryptography IN2120 - UiO 2019 17 L02 Cryptography IN2120 - UiO 2019 18
Mode encryption
ci = mi ki
Ciphertext decryption
mi = ci ki
c1, c2, c3 ci
bitwise bitwise
Plaintext XOR addition XOR-addition Plaintext
message M message M
Property of bitwise XOR addition:
ki ki = 0 and mi = ci ki = mi ki ki
OTP offers perfect security assuming the OTP key is perfectly
random, of same length as the message, and only used once
L02 Cryptography L02 Cryptography IN2120 - UiO 2019 20
The perfect cipher: One-Time-Pad
Ralph Merkle, Martin Hellman and Diffie-Hellman key agreement (key exchange)
Whitfield Diffie (provides no authentication)
L02 Cryptography IN2120 - UiO 2019 37 L02 Cryptography IN2120 - UiO 2019 38
Asymmetric Encryption:
Asymmetric Ciphers:
Basic encryption operation
Examples of Cryptosystems
Alice public-key
Bob
RSA: best known asymmetric algorithm.
ring
RSA = Rivest, Shamir, and Adleman (published 1977)
Historical Note: U.K. cryptographer Clifford Cocks private key
public
Plaintext M key Ciphertext C Plaintext M
ElGamal Cryptosystem
Based on the difficulty of solving the discrete log Asymmetric Asymmetric
encryption decryption
problem.
Elliptic Curve Cryptography C = E(M,Kpub(B)) M = D(C,Kpriv(B))
Based on the difficulty of solving the EC discrete log
problem. In practical applications, large messages are not
Provides same level of security with smaller key sizes. encrypted directly with asymmetric algorithms.
Hybrid systems are used.
L02 Cryptography IN2120 - UiO 2019 39 L02 Cryptography IN2120 - UiO 2019 40
Confidentiality Services:
Hybrid Cryptosystems Hybrid Cryptosystems
Symmetric ciphers are faster than asymmetric Alice Bob
public-key
ciphers (because they are less computationally ring
expensive ), but ... private key
Asymmetric ciphers simplify key distribution, public key Kpub(B)
Kpriv(B)
therefore ... Generate secret
symmetric key K E(K,Kpub(B))
a combination of both symmetric and asymmetric Asymmetric Asymmetric Shared secret
encryption Encrypted decryption symmetric key K
ciphers can be used a hybrid system: key K
The asymmetric cipher is used to distribute a randomly
chosen symmetric key. Symmetric Ciphertext C Symmetric
encryption decryption
The symmetric cipher is used for encrypting bulk data.
C = E(M,K) M = D(C,K)
Plaintext M Plaintext M
L02 Cryptography IN2120 - UiO 2019 41 L02 Cryptography IN2120 - UiO 2019 42
Quantum Computing (QC) uses quantum superpositions compute discrete logarithms efficiently. With a powerful
instead of binary bits to perform computations.
would be devastating to traditional public key crypto algorithms.
Experimental
Quantum
Computer
brute-force search for a k-bit secret key with an effort of only
2k 2k / 2
which effectively doubles the required key sizes for ciphers.
Quantum algorithms, i.e. algorithms for quantum computers,
can solve certain problems much faster than classical QC has been dismissed by most cryptographers until recent
computer algorithms. years. General purpose quantum computers do not currently
exist, but are predicted to be built in foreseeable future.
L02 Cryptography IN2120 - UiO 2019 49 L02 Cryptography IN2120 - UiO 2019 50
?
1000
50 qubit -
computer which is resistant to powerful quantum computers.
0 Year Many organizations plan to start using PQC just to
2020 2030 2040 2050 2060 2070 2080 2090 be on the safe side, and not risk bad publicity.
L02 Cryptography IN2120 - UiO 2019 53 L02 Cryptography IN2120 - UiO 2019 54
End of lecture