CS 568: Applied CryptographyProf. Mayank Varia

Syllabus

• Instructors: Mayank Varia, Nicolas Alhaddad, and Omar Sagga

• Course websites: piazza.com for discussion, gradescope.com for labs

• Weekly assignments: programming-based labs + textbook reading

• Midterm on Thurs 2/21, final exam on Sat 5/11

• Grading: 40% labs, 30% final, 20% midterm, 10% participation

• Always follow the BU academic conduct code & collaboration policy!

What is cryptography?

Crypto = Scientific field at intersection of many disciplines

Complexity theory Known for reductions. Primarily found inAmerican academia.

Engineering Known for software devand side channel attacks. Primarily found in industry.

Mathematics Known for cryptanalysis. Primarily found ingovernment.

!

"

Algorithms Known for cipher design. Primarily found inEuropean academia. A⇒B

This class

–Ben Adida

“Cryptography is how people get things done when they need one another, don’t fully trust one another, and have adversaries actively trying to screw things up.”

Source: benlog.com/2018/01/07/crypto-as-in-crypto/

The Internet, 1968

Source: twitter.com/pwnallthethings/status/935395453482520576

–Jon Stewart“The Internet is just the world passing notes in a classroom.”

Source: news.bbcimg.co.uk/media/images/75643000/jpg/_75643557_passing-notes.jpg

Facebook friendship graph, 2010

Source: www.facebook.com/note.php?note_id=469716398919

Talking over the Internet

Client-server crypto

End-to-end crypto

Why does crypto matter?

Why does crypto matter?1. We use it all the time

2. It has social consequences, as Rogaway said

3. It has geopolitical consequences

4. It influences how law and regulations are applied and modernized to the digital world

Encrypted web traffic in Firefox

Source: letsencrypt.org/stats

https://www.google.com

BU’s login page

The Signal double ratchet protocol

Used in a messaging system near you!

Signal (formerly TextSecure)

WhatsApp

Facebook Messenger

Google Allo (opt-in)

Skype (opt-in)

Source: whispersystems.org/docs/specifications/doubleratchet

–Phillip Rogaway

“Cryptography rearranges power: it configures who can do what, from what. This makes cryptography an inherently political tool, and it confers on the field an intrinsically moral dimension.”

Source: web.cs.ucdavis.edu/~rogaway/papers/moral.html

Crypto Wars: early 20th century editionWorld War I: Zimmerman telegram World War II: Enigma machine

Source: www.bbc.com/news/uk-38581861 Source: en.wikipedia.org/wiki/Enigma_machine

Zimmerman telegram

Source: www.bbc.com/news/uk-38581861

Zimmerman telegram

"I've got something here which - well, it's a rather astonishing message which might do the trick if we could use it.”Source: www.bbc.com/news/uk-38581861

Crypto, meet the Bill of Rights1. Bernstein v. United States established code == speech

2. Crypto used to be regulated as a munition

3. 1990s Clipper chip: government in all computers

4. Crypto !-> reasonable expectation of privacy?

5. Can government request your help to unlock phone?

What is the objective of crypto?

Cryptography Cryptanalysisthe art of making codes the art of breaking codes

Cryptologykryptos = secret, hidden

Schneier’s law: Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break.

Course outline1. Protecting data at rest

3. Protecting data in transit

5. Protecting data during use

2. Attacking data at rest

4. Crypto law and policy

6. Design + cryptanalysis of crypto building blocks

Protecting data in transit

messageM

encodeC=E(M)

decodeM=D(C)

???

keyK keyK

encryptC=E(K,M)

decryptM=D(K,C)

keyagreement

What protections do we want?

Source:Handbook of Applied Cryptography,Table 1.1

Confidentiality

Integrity

Availability

Confidentiality

Integrity

Availability

Private Deniable Withstand device compromise

Authenticated Binding / non-malleable Fresh

Eve’s powers we can handle

• Control over the network: add, drop, alter, re-order packets

• Intermittent control of an endpoint: we can still provide confidentiality at other times

Eve can still learn metadata

• No anonymity:Eve knows Alice and Bob are communicating

• No hiding message length:Eve sees how much data is flowing across the wire

Sources: • www.wyden.senate.gov/imo/media/doc/

Letter%20to%20Tinder%20on%20Cybersecurity.pdf • www.wyden.senate.gov/imo/media/doc/

Match%20response%20to%20wyden%206-27-18%20-%20signed.pdf

Formal security guarantee

gibberishEnc

Dec “I refuse”

Protecting data at rest

messageM

???

keyK keyK

decryptM=D(K,C)

encryptC=E(K,M)

How can Alice encode messages so Eve cannot read them?

Source: www.simonandschuster.com/books/The-Klingon-Dictionary/Marc-Okrand/Star-Trek/9780671745592

Goal 1: Unintelligible to Eve

Plain word Coded wordaba nrqabs mbkace ybdact wxvadd jenado hhgaft uxvage zmxago dgsaha aseaid ktf

⋮ ⋮

zip cyuzoo dux

Goal 1: Unintelligible to Eve Goal 2: Simple for Alice

• Fast + easy to compute

• Secret key is smalland easy to change

• Infinitely reusable

Plain word Coded wordaba nrqabs mbkace ybdact wxvadd jenado hhgaft uxvage zmxago dgsaha aseaid ktf

⋮ ⋮

zip cyuzoo dux

✘ Slow

✘ Big

✘ Frequency✘ analysis

Foreshadowing: block ciphers

Block cipher = family of codebooks

• Each key yields a different codebook

• Fast to compute: throughput of ~3-4 GB/sec

BKK

B

X

Y

K BK

X

Y

or

Foreshadowing: block ciphers

Block cipher = family of codebooks

• Each key yields a different codebook

• Fast to compute: throughput of ~3-4 GB/sec

BKK

B

X

Y

K BK

X

Y

or

Mode of operation = variability

• Allows long message with short key

• Thwarts frequency analysis

BK

M1

C1

R

BK

M2

C2

BK

M3

C3