Cryptography1 Intro PA5

8/21/2019 Cryptography1 Intro PA5

1/50

Advanced Cryptography

Master Module MK 105

Prof. Dr.-Ing. Ulrich Jetzek

University of Applied Sciences Kiel

Institute for Communications Technology and Microelectronics


2/50

Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 2 Rev. PA2Unit1: introduction

Overview

1. Introduction to Cryptography and Data Security2. Stream Ciphers

3. Data Encryption Standard (DES) and Alternatives

4. Advanced Encryption Standard (AES)5. (More About Block Ciphers)

6. Introduction to Public Key Cryptography

7. The RSA Cryptosystem8. Public-Key Cryptosystems based on the Discrete

Logarithm Problem

9. Elliptic Curve Cryptography10. Digital Signatures

11. Hash Functions


3/50


Examination

Format: Written Examination Duration: 90 Minutes

Permitted Material:

Lecture Notes (Slides) All handwritten lecture notes

Exercises, including handwritten notes/solutions

Pocket calculator

Cryptool script

Not permitted Material:

Books

Laptops or other electronic equipment (exception: pocketcalculator)


4/50


Project work

Plan is: Not yet defined

Ideas are:

Programming of Cyclic Redundancy Check for 16- or 32-bitCRC

Programming of Exensions Field calculations for some givenExtension Fields (e.g. GF(28))

Mandatory (project would count for a specific percentage of yourgrade (e.g. 10% oder 20%) OR

Optional project would only provide some bonus points to yourexam (e.g. 5 or 10% of bonus points).


5/50


Overview: 1. Introduction to Cryptography

References and useful material1. Overview of Cryptology

1. Information exchange today

2. Requirements on information exchange

2. Symmetric cryptography1. Basics

2. Substitution ciphers

3. Cryptanalysis1. General thoughts on breaking cryptosystems2. How many bits are enough?

4. Modular Arithmetic and more historical cicphers

1. Modular arithmetic2. Integer Rings

3. Shift Cipher (or Caesar Cipher)

4. Affine Cipher


6/50












4. Affine Cipher


7/50


References

Excellent textbook oncryptography

Published 2010

Well-structured

Clear

Mathematically precise

Explains very well WHYdesigns, algorithms are made

the way they are.

Internet-site:

http://www.crypto-textbook.com/


8/50


Material

Cryptool http://www.cryptool.de/ CrypTool - program to learn/try out cryptography and

cryptanalysis

Free ware program to learn and try out cryptographical algorithmsand methods.

Initiator and father of this program: Prof. Dr. Bernhard Esslinger(Universitt Siegen, Germany)


9/50












4. Affine Cipher


10/50


Goals of this lecture

Within this lecture you shall learn:1. General rules of cryptography

2. Key lengths for short-, medium- and long term security

3. Difference between different types of attacks against ciphers

4. Some historical ciphers (e.g. Caesar cipher)

5. The basics about modular arithmetic an important field formodern cryptography

6.

Why you should ONLY use well-established encryptionalgorithms


11/50


1.1 Overview of Cryptology

Source: Paar, Pelzl: Understanding cryptography, chapter 1


12/50


Historical background

In EARLIER days: Lowinformation flow and exchange.

Specific information had to be transmitted from A to B AND had tobe kept secret e.g. in case of wars

even in ancient times people developed methods to encrypt /decrypt information.

However information only existedin

Written form

was mainly transmitted by hand, resp. a messenger

THESE days are the age of

Information technology

Computer networks (LANs, WLANs, WANs, Internet, ) Mobile communication systems

Huge amount of information exchanged every secondworldwide.


13/50


Information Exchange today

Business information R&D information (patents, software design, hardware design, )

being exchanged

Within a development site (intra-site exchange)

Between development sites national/international Banking information

Banking transactions

Trading information (stock exchange)

Travel information Education and research information

Within and between universities

Voice communication fixed line cordless phones

mobile communication systems


14/50


Information Exchange today

Message services SMS

MMS,

Email-exchange Private, Business, Commercial

Online Services Internet shopping

Online banking, etc.

Video services

Video on demand (IP TV)

Internet video platforms (e.g. YOU TUBE)

Video telephony (skype)

Every day applications

Gaming and fun

There is an app for almost everything (iphone)


15/50


Information Exchange model

Channel media are: Twisted pair cable

Coaxial cable

Optical fibre

Radio communication

DECT WLAN

GSM, UMTS, LTE

Satellite communication

Various methods exist to monitordata while being transmitted overmedia.

Third party monitoring of data overmedia can neverbe avoided

Informationsource

Informationreceiver

Channel


16/50


Consequences due to information exchange

Question: Which requirements exist when information isbeing exchanged?

Business information:

Information must be secured against third party attacks to avoid Industrial espionage and

economic damage

Hint: recent estimates (2010) quote that industrial espionage only inGermany causes economic damage in the order of billions of Europer year (3 50 billion Euro).

http://www.news.de/wirtschaft/855073466/abgehoert-und-ausgespaeht/1/


17/50


Consequences due to information exchange

Commercial security: Banking, trading and online shopping transactions need to be

secured against

Manipulation of sender, receiver, account numbers, money

amounts, etc.

Monitoring of data

Privacy:

Voice communication, Emails and other information need to besecured for

Privacy reasons

Cost control

Authentication (to make sure that no bad guy prevents to besomeone else, e.g. your good friend, whom you always trust.)


18/50


Do other security needs (security services) exist, whichneed to be fulfilled by corresponding crypto-systems?

Confidentiality (provided by symmetric cryptosystems)

information kept secret from all but authorized parties.

Data Integrity

message has not been modified in transit.

Authentication

The sender of a message is authentic.

Alternative term is data origin authentication.

Non-repudiation

The sender of a message can not deny the creation of the

message.

Motivation for Digital Signatures

Source: Paar, Pelzl: Understanding Cryptography, chapter 10


19/50








3. Cryptanalysis1. General thoughts on breaking cryptosystems

2. How many bits are enough?




4. Affine Cipher


20/50


1.2.1 Symmetric Cryptography - Basics

Alternative names: private-key, single-key or secret-keycryptography.

Problem Statement:

1. Alice and Bob would like to communicate via an

unsecure channel (e.g. WLAN or Internet).2. A malicious third party Oscar (the bad guy) has channel

access but should not be able to understand thecommunication.


message x message x


21/50


1.2.1 Symmetric cryptography Basics

x: plaintext

y: ciphertext

K: key

Set of all keys {K1, K2, ...,Kn}: key space


Solution:Encryption with symmetric cipher.

Oscar obtains only ciphertext y, thatlooks like random bits


22/50


What can cryptography NOT do ?

Avoid that Oscar may manipulate data (he just cannot do itunnoticed).

Avoid that Oscar might monitor and store data however,he can not use the data if he cannot decrypt them

Avoid that sabotage is being done to data lines and

infrastructure. However, this does not help Oscar toaccess the information (plain text!) itself.


23/50



Advantages: High encryption and decryption speed due to rather simple base

operations

Disadvantages:

Key management key must be exchanged over a SECUREchannel before communication starts.

Within data networks: many different keys are needed. For n participants: n * (n-1)/2 keys are needed.

N Key space N Key space

2 1 100 4.950

3 3 1000 499.500

4 6 10000 49.995.000

5 10 100000 4.999.950.000

?


24/50



Encryption equation y = eK(x)Decryption equation x = dK(y)

Encryption and decryption are inverse operationsif the same key

K is used on both sides.


xxedyd KKK == ))(()(

Important: key must be transmitted via secure channel between

Alice and Bob. secure channel can be realized, e.g., by

manually installing the key for the Wi-Fi Protected Access (WPA)protocol or

a human courier.

However, system is only secure if an attacker does not get toknow the key K!

The problem of secure communication is reduced to securetransmission and storage of the key K.


25/50


1.2.2 Substitution ciphers

Historical cipher Great tool for understanding brute-force vs. analytical attacks

Encrypts letters rather than bits (like all ciphers until after WW II)

Idea: replace each plaintext letter by a fixed other letter.


Example: ABBA kddk

Example (ciphertext):iq ifcc vqqr fb rdq vfllcq na rdq cfjwhwz hr bnnb hcc hwwhbsqvqbre hwq vhlq

How secure is the Substitution Cipher? Lets look at attacks

Plaintext ciphertext

A K

B D

C W


26/50


1.2.2 Attacks against substitution ciphers

1. Attack: Exhaustive Key Search (Brute-Force Attack) Simply try every possible subsititution table until an intelligent

plaintext appears

NOTE: each substitution table is a key!

How many substitution tables (= keys) do exist?26 x 25 x x 3 x 2 x 1 = 26! 288 41026

Search through 288 keys is completely infeasible with todayscomputers!

Q: Can we now conclude that the substitution cipher is secure since abruteforce attack is not feasible?

A: No! We have to protect against all possible attacks



27/50



2. Attack: Letter Frequency Analysis Letters have very different frequencies in the English language

Moreover: the frequency of plaintext letters is preserved in theciphertext.

For instance, e is the most common letter in English; almost 13% ofall letters in a typical English text are e.

The next most common one is t with about 9%.



28/50



2. Attack (contd): Letter Frequency Analysis Lets return to our example and identify the most frequent letter:

iq ifcc vqqr fb rdq vfllcq na rdq cfjwhwz hr bnnb hcc

hwwhbsqvqbre hwq vhlq

We replace the ciphertext letter q by E and obtain:

iE ifcc vEEr fb rdE vfllcE na rdE cfjwhwz hr bnnb hcc

hwwhbsEvEbre hwE vhlE

By further guessing based on the frequency of the remaining letterswe obtain the plaintext:

WE WILL MEET IN THE MIDDLE OF THE LIBRARY AT NOON ALL

ARRANGEMENTS ARE MADE



29/50


1.2.2 Letter Frequency Attack

In practice, not only frequencies of individual letters can beused for an attack, but also the frequency of

letter pairs (i.e., th is very common in English),

letter triples

Common letter groups / words

Important lesson: Although the substitution cipher has asufficiently large key space of appr. 288, it can easily bedefeated with analytical methods. This is an excellent

example that an encryption scheme must withstand all

types of attacks.



30/50



References and useful material

1. Overview of Cryptology1. Information exchange today









4. Affine Cipher


31/50


1.3 Cryptanalysis

ClassicalCryptanalysis

ImplementationAttacks

SocialEngineering

Cryptanalysis

MathematicalAnalysis

Brute-ForceAnalysis



32/50


1.3.1 General thoughts on breaking cryptosystems.

Kerkhoffs Principle:A cryptosystem should be secure even if the attacker(Oscar) knows all details about the system, with theexception of the secret key. In particular, the system

should be secure when the attacker knows the encryptionand decryption algorithms.

Important Lesson:

An attacker always looks for the weakestlink in your

cryptosystem. That means we have to choose strongalgorithms andwe have to make sure that socialengineering and implementation attacks are not practical.



33/50


1.3.2 How many bits are enough?

Discussion on key length ONLY relevant, if brute-force attack is the best known attack.

Compare security analysis of substitution ciphers!

Key lengths of symmetric and asymmetric algorithms are

much different: Example: 80-bit symmetric key provides roughly same security as

1024-bit RSA key (asymmetric cryptosystem).

What keys lengths are being used in symmetriccryptosystems?

Key length Security estimation

56-64 bits Short term: a few hours or days

112-128 bits Long term: several decades in the absence of quantumcomputers

256 bits Long term: several decades even with quantum

computers

O i 1 I d i C h


34/50



References and useful material

1. Overview of Cryptology1. Information exchange today









4. Affine Cipher

1 4 1 M d l ith ti


35/50


1.4.1 Modular arithmetic

Remainder is NOT unique For any given number a and module, there exists an infinite

number of equivalent numbers modulo m !

Example: Look at: 12 : 9 = 1, Remainder 3

21 : 9 = 2, Remainder 3

30 : 9 = 3, Remainder 3

39 : 9 = 4, Remainder 3 48 : 9 = 5, Remainder 3

OR:

3 mod 9

12 mod 9

21 mod 9

30 mod 9

39 mod 9

The set of numbers: {, -15, -6, 3, 12, 21, 30, 39, 48, } is

called an equivalence class modulo 9

1 4 1 M d l ith ti


36/50



Remainder is NOT unique The following sets are all 9 equivalence classes modulo 9:

....}26,35,17,,81,-10,-19,-.,{

....}30,21,12,,36,-15,-24,-{....,

.}28,19,10,,18,-17,-26,-.,{

}.27,18,9,,09,-18,-27,-.,{

M

M

ALL members of a single equivalence class modulo mbehave equivalently in the sense, that any of them yields

the SAME remainder if divided by m.

1 4 1 Mod lar arithmetic


37/50



Computation of the remainder

Any integer a can be written as:

a = q m + r for 0 r < m

where

a : m = q with remainder r

is an integer operation.AND

r {0, 1, 2, 3, , m-1}

Example:42 : 9 = 4, remainder 6 OR

42 6 mod 9

1 4 1 Modular arithmetic


38/50



Definition 1.4.1: Modulo Operation:

remaindercalledisandmoduluscallediswhere

dividesif

mod

:defineWe0.mandmr,a,Let

rm

a-rm

mra

>



39/50



Common problem in public key cryptosystems:xe mod m = ?

for large integers (e.g. 2048 bits each)

Using the property of an equivalence class, this problemcan be split up by so called Modular reduction.

Example: 38mod 7=? 1. Approach: straightforward

38= 6561 2 mod 7

LARGE intermediate result 6561 even though we knowthat the final result cant be larger than 6.



40/50



2. Approach: Exponentiation with intermediate modular reduction38= 3232 32 32= 9 9 9 9

Problem is reduced to:

38mod 7 = (9 9 9 9) mod 7 ((9 mod 7)4) mod 7

(2 2 2 2) mod 7 16 mod 7 2 mod 7

Note that we can perform all these multiplications without

pocket calculator, whereas mentally computing 38 = 6561is a bit challenging for most of us.

General rule: Reduce intermediate resultsas soon as possible.



41/50



Which element of an equivalence class do we choose?

Agreement: we use the (smallest positive) integer r suchthat

0 r


42/50


1.4.2 Integer Rings

=

=+

+

=

m, dda x b

m, ccba

xm

mod2.

mod1.

such thatba,allfor""and""operationstwo.2}1,...,2,1,0{setthe1.

:ofconsistsRingintegerAn

RingInteger:Definition

m

1 4 2 Properties of Integer Rings


43/50


1.4.2 Properties of Integer Rings

1. Ring is closed: The result of anyaddition or multiplication alwaysisan element of the ring.

2. Associativity:

(a + b) + c = a + (b + c)

(a x b) x c = a x (b x c)

3. Neutral Element of addition:

a + 0 a mod m, a m4. Neutral element of multiplication:

a x 1

a mod m,

a

m

5. Inverse element w.r.t. addition:

a + (-a) 0 mod m, a m6. Inverse element w.r.t. multiplication:

a x a-1 1 mod m, an inverse element exists for someelements aNOTE: up to here: no restriction on the choice of m has been made..

7. Distributivity:

a x (b + c) = (a x b) + (a x c) a,b,c m

1 4 3 Shift (or Caesar) cipher


44/50


1.4.3 Shift (or Caesar) cipher

Ancient cipher, supposed to be used by Julius Caesar

Replaces each plaintext letter by another one.

Replacement rule is very simple: Take letter that follows after kpositions in the alphabet (cyclic shift)

Needs mapping from letters

numbers:

Example: key K=7: y = x + 7 mod 26

Plaintext = A T T A C K = 0, 19, 19, 0, 2, 10

Ciphertext = H A A H J R = 7, 0, 0, 7, 9, 17

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25


H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 0 1 2 3 4 5 6



45/50



Substitution is done by a cyclic shift, whichmathematically corresponds to a modulo operation:

e.g., (20 + 7)mod 26 = 27 mod 26 1


Disadvantage:

extremely small key space of size 26 only

Brute-force-attack easily possible

Letter-analysis-attack easily possible.

26mod)(:Decryption

26mod)(:Encryption

LetcipherCaesar)(orShift:Definition

kyyd

kxxe

x,y,k

k

k

=

+=

1.4.3 Shift Cipher: Quiz


46/50


1.4.3 Shift Cipher: Quiz

Following cipher text is Caesar encrypted: Try to decrypt it.

Plain text

Sahykiabwjo kb

ynulpkcnwldu

Ciphertext Plain text

key key


0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

1.4.4 Affine Cipher


47/50


e C p e

Due to the restriction gcd(a,26)=1:

a {1,3,5,7,9,11,15,17,19,21,23,25}

NOTE: even numbers and 13 not contained, since 26 = 2 * 13

Why is the restriction gcd(a,26)=1 needed?

Since a multiplicative inverse of a, namely a-1, exists if and only ifgcd (a,26)=1

y]andxofdivisorcommongreatest:y)[gcd(x,

126gcd:nrestrictiotheandkeywith

26mod))(()(:Decryption

26mod)()(:Encryption

LetCipherAffine:Definition

1

==

=

+=

)(a,(a,b)k

byaxyd

bxayxe

x,y,a,b

k

k

1.4.4 Affine Cipher - Quiz


48/50


p

1. Given is the key k=(a,b)=(9,13) and thePlaintext: x = ATTACK = 0,19,19,0,2,10

Calculate the cipher text y = a x +b mod 26

Solution:X1=0: y1 = (9 0 +13) mod 26 = 13 y1 = n

X2=19: y2 = (9 19+13) mod 26 = 184 mod 26 = 2 y2 = c

X5=2: y5 = (9 2 +13) mod 26 = 31 mod 26 = 5 y5 = f

X6=10: y6 = (9 10+13) mod 26 = 103 mod 26 = 25 y6 = z

Y = nccnfz


0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

1.4.4 Affine Cipher - Quiz


49/50


p

2. How large is the key space of an affine cipher ?Solution:

3122612

b)ofvaluesofnumber(#a)ofvalues(#spacekey

==

=

3. Is the affine cipher secure?

Solution:

No, for 2 reasons:

1. Key space of 312 can be broken in a fraction of a second with

todays PCs.2. Mapping of plaintext and ciphertext letters is fixed Letter

frequency analysis also possible.

Lessons learned


50/50


Never ever develop your own crypto algorithm unless you have ateam of experienced cryptanalysts checking your design.

Do not use unproven crypto algorithms or unproven protocols.

Attackers always look for the weakest point of a cryptosystem. Forinstance, a large key space by itself is no guarantee for a cipher beingsecure; the cipher might still be vulnerable against analytical attacks.

Key lengths for symmetric algorithms in order to thwart exhaustivekey-search attacks:

64 bit: insecure except for data with extremely short-term value

128 bit: long-term security of several decades, unless quantum computersbecome available (quantum computers do not exist and perhaps neverwill)

256 bit: as above, but probably secure against attacks by quantum

computers. Modular arithmetic is a tool for expressing historical encryption

schemes, such as the affine cipher, in a mathematically elegant way.


Documents

Cryptography1 Intro PA5