Professional Documents
Culture Documents
Cryptography
Cryptography
Chapter – Cryptography
Outline
2.1 Introduction
2.2 Basic Cryptography Terminology covering:
2.2.1 Notions pertaining to the different (communication)
partners.
2.2.2 Secure/unsecure channel
2.2.3 Attackers and their capabilities
2.2.4 Encryption
2.2.5 Decryption
2.2.6 Keys and their characteristics, signatures.
2.3 Cipher types (e.g., Caesar cipher, affine cipher)
2.4 Cryptographic Algorithms.
2.5 Cryptographic Tools and its challeges
Learning Outcome
At the end of this chapter the students able to
• Define the cryptography definition
• Explain the terminologist use in cryptography.
• Apply some cryptography techniques/ approaches.
• Understand the concept of Public Key Infrastructure .
• Understand the challenge of Public Key
Infrastructure.
Introduction – Cryptography
• Originate from Greek – “kryptos” (secret) and
“graphia” (writing).
• Cryptography defined as secret writing.
• In technical, cryptography is a mapping of readable
text to a format that cannot be read (unreadable).
• e.g. ‘ME’ to ‘NB’
• In the early days, cryptography used to be performed
by using manual techniques.
Introduction – Cryptography
• 5 Century SM, Sparta people used a method to encrypt
message using a paper made from ‘daun lontar’ attach to
a wood.
• Then, information to be hid will be wrote on the ‘daun
lontar’.
• When the paper opened from the wood, the words
written will be scattered and hard to understand.
• To get back the original message, the paper must be
attached back to the same wood.
• In this case – the paper and wood used are key to this
system. This encrypted method called Scytale.
Introduction – Cryptography
• In Julius Caesar (around 2000 years ago), he used substitution
cryptography system created by himself.
• In this method – each word in text are move 2 places afterwards in
the ABC character table.
• e.g. word A substitute with C, B with D and so on.
• This method called Caesar cipher.
• However, this method had been broken through analysis towards
cipher text. Arabian is the first race that did the analysis towards
substitution cipher code.
• Qalqashandi created technique to solve the code by collecting all
the cipher characters and counting the frequency usage of each
character.
• Base on this table of frequency, cipher text could be decrypted to
get back the original text.
Simple Message Transmission
Sender Transmission Recipient
Outsider
(Block it , intercept , modify, fabricate )
(Intruder)
Original
Plaintext Ciphertext
Plaintext
Encryption Decryption
P = D (KD, E(KE,P))
Encryption Key 1 Encryption Key 2
Original
Plaintext Ciphertext
Plaintext
Encryption Decryption
L E D A N
G B C F H
I/J K M O P
Q R S T U
V W X Y Z
Playfair Cipher
• plaintext is encrypted two letters at a time
• Below are set of rules of Playfair Cipher:
– divide plain text to a group of 2 alphabets each. DA, TA, NE, TW,
OR, KS, EC, UR, IT, Y. If a group is lack of one alphabet, fill it with
X. Y become YX.
– if a pair is a repeated letter, insert filler like 'X’
– if both letters fall in the same row, replace each with letter to
right (wrapping back to start from end)
– if both letters fall in the same column, replace each with the
letter below it (wrapping to top from bottom)
– otherwise each letter is replaced by the letter in the same row
and in the column of the other letter of the pair
Playfair Cipher
• DA, TA, NE, TW, OR, KS, EC, UR, IT, YX.
d f n t e a t a l
e e d h e s w l
decryption: dfnteataleedheswl
Rail Fence Technique
• encryption process for the Rail Fence Cipher involves
reconstructing the diagonal grid used to encrypt the
message.
• write the message, but leaving a dash in place of the
spaces yet to be occupied.
• Then, replace all the dashes with the corresponding
letters, and read off the plaintext from the table.
• eg. Decrypt msg “dfnteataleedheswl” with key is 2
d f n t e a t a l
- - - - - - - -
d f n t e a t a l
e e d h e s w l
asymmetric
publicly • uses two
separate keys some form of
proposed by based on
• public key and protocol is
Diffie and mathematical private key needed for
Hellman in functions • public key is distribution
1976 made public for
others to use
Asymmetric Encryption
• One of the 2 keys is called as public key and the other is
the private key.
• The private key remains with you as a secret.
• The private key must not disclose to anybody
• However, the public key is for the general public.
• It is disclosed to all parties that you want to
communicate with.
• In this scheme, in fact, each party publishes its public key.
Asymmetric Encryption
• Suppose A wants to send a message to B without having
to worry about its security.
• Then, A and B should each have a private key and a
public key.
– A should keep her private key secret
– B should keep her private key secret
– A should inform B about her public key
– B should inform A about her public key
• Thus, we have a matrix as shown next.
Asymmetric Encryption
Key details A should know B should know
A encrypts the message using B’s public key. Therefore only B can
decrypt the message back to its original form, using her private
key.
PUBLIC KEY CRYPTOSYSTEM
PUBLIC KEY CRYPTOSYSTEM
A public-key encryption scheme has six ingredients
Plaintext: This is the readable message or data that is fed into the algorithm as
input.
•Encryption algorithm: The encryption algorithm performs various
transformations on the plaintext.
•Public and private keys: This is a pair of keys that have been selected so that if
one is used for encryption, the other is used for decryption. The exact
transformations performed by the algorithm depend on the public or private key
that
is provided as input.
•Ciphertext: This is the scrambled message produced as output. It depends on the
plaintext and the key. For a given message, two different keys will produce two
different ciphertexts.
• Decryption algorithm: This algorithm accepts the ciphertext and the matching
key and produces the original plaintext.
PUBLIC KEY CRYPTOSYSTEM
The essential steps are the following.
1.Each user generates a pair of keys to be used for the encryption and decryption
of messages.
2.Each user places one of the two keys in a public register or other accessible file.
This is the public key. The companion key is kept private. As Figure 9.1a suggests,
each user maintains a collection of public keys obtained from others.
3.If Bob wishes to send a confidential message to Alice, Bob encrypts the message
using Alice’s public key.
4.When Alice receives the message, she decrypts it using her private key. No
other recipient can decrypt the message because only Alice knows Alice’s
private key.
With this approach, all participants have access to public keys, and private
keys are generated locally by each participant and therefore need never be
distributed. As long as a user’s private key remains protected and secret, incoming
communication is secure. At any time, a system can change its private key and
publish the companion public key to replace its old public key.
RSA ALGORITHM
• A number of algorithms have been proposed for public-key cryptography. One
of the first successful responses to the challenge was developed in 1977 by Ron
Rivest, Adi Shamir, and Len Adleman at MIT and first published in 1978.
• The Rivest-Shamir-Adleman (RSA) scheme has since that time reigned supreme
as the most widely accepted and implemented general-purpose approach to
public-key encryption.
• The RSA scheme is a block cipher in which the plaintext and ciphertext are
integers between 0 and n - 1 for some n
RSA ALGORITHM
RSA ALGORITHM
RSA ALGORITHM -EXAMPLE
RSA ALGORITHM -EXAMPLE
Real Life Implementation
• We can consider a practical situation that describes
asymmetric cryptography as used in real life.
• Suppose a bank accepts many requests for transaction
from its customers over an insecure network.
• The bank can have a private key-public key pair. The bank
can publish its public key to all its customers.
• The customers can use this public key of the bank for
encrypting messages before they send them to the bank.
The bank can decrypt all these encrypted messages with
its private key, remains with itself.
Applications for Public-Key Cryptosystems
Requirements for Public-Key Cryptosystems
computationally easy to
create key pairs
computationally easy
useful if either key can for sender knowing
be used for each role public key to encrypt
messages
computationally
computationally easy
infeasible for
for receiver knowing
opponent to
private key to decrypt
otherwise recover
ciphertext
original message
computationally
infeasible for opponent
to determine private
key from public key
RSA (Rivest, most widely accepted and
block cipher in which the
Standard (DSS)
Elliptic curve
cryptography security like RSA, but with
much smaller keys
(ECC)
Key Exchange/Distribution
• How nice to combine two cryptography mechanisms?
Problems before?
• Combination must meet following obj:
– Solution completely secure
– Encryption & decryption -> not take a long time
– Generated cipher text -> compact in size
– Solution scale to a large number of users
– Key distribution problem must be solved
• In practice, symmetric & asymmetric are combined ->
very efficient security solution
Key Exchange/Distribution
• Suppose you need to send a protected message to
someone you do not know and who does not know
you
• Eg. Online income tax return
• You want the information to be protected
• And you do not necessarily know the person who is
receiving the information
• Situation : being able to exchange encryption key
nobody can intercept it
Diffie-Hellman Key
• Whitefield Diffie and Martin Hellman
– devised an amazing solution to the problem
– called Diffie-Hellman Key Exchange/Agreement
Algorithm.
• The beauty of this scheme – two parties who want to
communicate securely can agree on a symmetric key
using this technique.
• However, must be noted DHKE/AA can be used only for
key agreement but not for encryption or decryption of
messages.
Description and Mathematical Theory of the
Algorithm
• Alice and Bob want to agree upon a key to be used for
encrypting / decrypting messages that be exchanged between
them.
• 1. Firstly, Alice and Bob agree on one prime number, n and one
root number, g. These 2 integers need not be kept secret. Alice
and Bob can use an insecure channel to agree on them.
Let n = 11, g = 7.
Diffie-Hellman Algorithm
Let n = 11, g = 7.
1 23, 5 1 23, 5
3
2 6 56mod 23 = 8 8
1. Alice and Bob agree to use the same two numbers. For example, the base number g=5 and
prime number p=23
2. Alice now chooses a secret number x=6.
3. Alice performs the DH algorithm: gx modulo p = (56 modulo 23) = 8 (Y) and sends the new
number 8 (Y) to Bob.
Using Diffie-Hellman
Alice Bob
Shared Secret Calc Shared Secret Calc
5, 23 5, 23
6 56mod 23 = 8 8 15 4
19 515mod 23 = 19
5 196mod 23 = 2 6 815mod 23 = 2
4. Meanwhile Bob has also chosen a secret number x=15, performed the DH algorithm: gx
modulo p = (515 modulo 23) = 19 (Y) and sent the new number 19 (Y) to Alice.
strength concerns:
• concerns about algorithm
• DES is the most studied encryption algorithm in
existence
• use of 56-bit key
• Electronic Frontier Foundation (EFF) announced in July
1998 that it had broken a DES encryption
Triple DES (3DES)
repeats basic DES algorithm three times using either two
or three unique keys
first standardized for use in financial applications in ANSI
standard X9.17 in 1985
attractions:
168-bit key length overcomes the vulnerability to
brute-force attack of DES
underlying encryption algorithm is the same as in DES
drawbacks:
algorithm is sluggish in software
uses a 64-bit block size
Advanced Encryption Standard (AES)
significantly improved
3DES was not efficiency
published as FIPS
reasonable for long
197
term use
symmetric block cipher
Stream Cipher
• processes the input elements continuously
• produces output one element at a time
• primary advantage is that they are almost always faster and use far less
code
• encrypts plaintext one byte at a time
• pseudorandom stream is one that is unpredictable without knowledge
of the input key
Block Cipher
Encryption
Stream
Encryption
Block Cipher Modes
Electronic Codebook (ECB) Cipher block chaining (CBC)
Message of Five 64-Bit Blocks Message of Five 64-Bit Blocks
Initialization
Vector
DES
DES
DES
DES
DES
DES
DES
DES
DES
DES
Message Authentication
protects against
active attacks
Message
Authentication
Using a
One-Way
Hash Function
Security of Hash Functions
• there are two approaches to attacking a secure hash function:
– cryptanalysis
– exploit logical weaknesses in the algorithm
– brute-force attack
– strength of hash function depends solely on the length of the hash code
produced by the algorithm
• SHA, MD5 and MD4 most widely used hash algorithm
• additional secure hash function applications:
– passwords
» hash of a password is stored by an operating system
– intrusion detection
» store H(F) for each file on a system and secure the hash values
Digital Signatures
• used for authenticating both source and data
integrity
• created by encrypting hash code with private key
• does not provide confidentiality
• even in the case of complete encryption
• message is safe from alteration but not eavesdropping
Digital Envelopes
protects a message
without needing to
first arrange for sender
and receiver to have
the same secret key
Encryption
Alice’s Public
Algorithm Alice transmits the 4 Key
encrypted message Encrypted
2 to Bob Text
Encrypted
Computer Text
3 Computer
Encryption
Algorithm
A B
Alice’s Public Can I get your Public Key please?
Key Here is my Public Key
Signature Confirm
Order 4
Key
____________
Encrypted 0a77b3440…
hash Signature Signature is
2
Algorithm verified with the
The sending device 3 verification
encrypts only the hash key
0a77b3440…
with the private key
of the signer 5
The signature algorithm Verification
generates a digital signature Key
and obtains the public key
13-3 SERVICES
Note
13.105
13.3.2 Message Integrity
The integrity of the message is preserved even if we sign
the whole message because we cannot get the same
signature if the message is changed.
Note
13.106
13.3.3 Nonrepudiation
Figure 13.4 Using a trusted center for nonrepudiation
Note
Note