Upload
kevin-mo
View
215
Download
0
Embed Size (px)
DESCRIPTION
yeah
Citation preview
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 1/33
Lecture 5
Encryption
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 2/33
Agenda
!
Overview of encryption
!
How public-key encryption works
!
How to use it for security on the web(next lecture)
2
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 3/33
Encryption as Function!
Plaintext string s
!
Encryption key K enc
!
Decryption key K dec
! Encrypt s with K enc to obtain ciphertextK enc (s)
!
Decrypt K enc (s) with decryption key K dec
to reobtain s
!
K dec (K enc (s)) = s
3
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 4/33
Encryption in Words!
Encryption applies a reversible fn to
some piece of data, yielding somethingunreadable
!
Decryption recovers the original data
from the unreadable encryption-output!
The encryption/decryption algorithmassumed known; the key is secret
4
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 5/33
A Brief History!
Caesar cipher rotates alphabet by 3
5
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 6/33
A Brief History
6
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 7/33
Substitution Ciphers!
No need to shift 3 chars
! You could do 2! Or even 4!
!
You also don’t have to shift thealphabet at all. Just arbitrary 1:1
mapping of alphabet chars, using asubstitution table
!
All of these are vulnerable to frequency
analysis!
Letter
! Word
! Common phrases7
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 8/33
Polygram Cipher!
Translate n-grams, not chars
!
How big is substitution table?
!
A n
entries, where A is size of alphabet!
A=26,n=3; 17576 entries
! A=100,n=6; 1T entries
!
Still vulnerable, but requires more text8
plaintext ciphertext
AAA QWE
AAB RTY
AAC ASD
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 9/33
Substitution Rules!
Don’t store table explicitly; derive table
rows using substitution rule! E.g., s XOR k , where k is key
! Remember: security level depends on size
of key! Key of len b => 2b possible keys
9
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 10/33
Substitution Rules!
XOR “flips a bit” for input bits that
correspond to key’s “1” ! Correspond to a 0? No change
!
Encrypted string should ideally show nopattern for frequency analysis attack
!
Use key long enough to makeciphertext appear random
10
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 11/33
Substitution Rules (2)!
What’s the right size key?
! Who is trying to break the scheme?
! 3GHz CPU => 300 inst for possible key test
! 1 sec, 10M keys
! 1 day, 1T keys!
60-bit key takes 100 CPUs 3 years
!
Is that good enough?
! Also, use statistical techniques todetermine ideal key length
11
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 12/33
Data Encryption Standard!
DES is a block cipher with 56-bit key
! 64-bits at a time
! Perform 16 rounds of encryption, w/std.
permutations of keys and data
! DES is not secure
!
Data xmitted in 64-bit blocks, each may
be coded independently
12
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 13/3313
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 14/33
DES in 64-bit blocks
14
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 15/33
Triple DES!
Triple-DES is 168 bits
!
Break the key into 3 parts
!
DES’ bit-logic techniques make it fast
15
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 16/33
Review of Crypto!
The key in traditional crypto is used to
encode the substitution rule! Needed to encrypt and decrypt
! DES and Triple-DES use this technique
! Key distribution is the weak link!
Hard to revoke
! Disastrous if “codebook ” is compromised
! Hard to distribute (requires initial out-of-band secure exchange)
! Impossible for the Web
! All of this changed in the 1970s…16
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 17/33
Public-Key Cryptography!
Secure comm without key exchange
!
Each party has a pair of related keys:public and private
! A public key is published freely
! A private key is shared with no one
!
A message encrypted with one can bedecrypted with the other
! You can’t derive one from the other! This is critical!
!
Original idea due to Diffie, Hellman, but
RSA (Rivest, Shamir, Adelman) popular17
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 18/33
Two Modes!
Public-key cryptography
!
Anyone can encrypt; only S can decrypt
! Used for data confidentiality18
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 19/33
Two Modes!
Digital Signatures
!
Only S can encrypt; anyone decrypts
! Used for authenticity19
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 20/33
How Does it Work?!
Public key cryptography relies on so-
called trapdoor functions! A fn that is easy to compute, but hard to
invert without special info
!
“Easy
” and
“hard
” meant computationally
!
Some poor choices for trapdoor fns:
! Add 2; Multiply by 3
! In practice quite difficult to find goodtrapdoor functions
!
Most popular one is related to prime
factorization; others possible20
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 21/33
Prime Factorization!
n = p*q, where p and q are primes
! Given p and q, easy to compute n
! Given n, very hard to find p and q
!
How can we turn this into a crypto
system?!
We need two theorems. First…
21
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 22/33
INTERMISSION
22
3 = 8 (mod 5)
Modular arithmeticnotation!!
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 23/33
Fermat’s Little Theorem!
For any prime p, and any integer a:
ap = a (mod p)
23
a p Ap Ap mod p A mod p
4 3 64 1 1
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 24/33
Fermat’s Little Theorem!
For any prime p, and any integer a:
ap = a (mod p)
24
a p Ap Ap mod p A mod p
4 3 64 1 1
4 5 1024 4 4
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 25/33
Fermat’s Little Theorem!
For any prime p, and any integer a:
ap = a (mod p)
25
a p Ap Ap mod p A mod p
4 3 64 1 1
4 5 1024 4 4
7 11 1977326743 7 7
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 26/33
Fermat’s Little Theorem!
For any prime p, and any integer a:
ap = a (mod p)
26
a p Ap Ap mod p A mod p
4 3 64 1 1
4 5 1024 4 4
7 11 1977326743 7 7
7 12 13841287201 1 7
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 27/33
Fermat’s Little Theorem!
Put another way, if p is prime and a is
not a multiple of p, thenap-1 = 1 (mod p)
27
a p Ap-1 Ap-1 mod p
4 3 16 1
4 5 256 1
7 11 282475249 1
7 12 1977326743 7
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 28/33
Chinese Remainder Theorem!
Consider x = ai (mod pi) for i=1,…k
!
CRT: there’s a solution for x if pi arepairwise relatively prime (i.e. have no
common factors greater than 1).
! E.g. 14 and 15 are relatively prime
!
If all ai are 1, then x = 1 (mod !pi)
28
X = 3 mod 5
X = 6 mod 7
X = 2 mod 11
X = 7 mod 3
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 29/33
OK, back to crypto!
We choose two large primes, p, q
! n = pq
!
Next:
! Set" = (p-1)(q-1)
! Choose e randomly, s.t. e <"
! Choose d, s.t. de = 1 (mod ")
!
n and e serve as public key
! n is product of primes p, q
!
n and d serve as private key
! Choosing d requires e and " 29
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 30/33
OK, back to crypto!
encryptn,e(m) = me (mod n) = c
! decryptn,d(c) = cd (mod n) = m
!
Will decryption always work?
! cd=mde=mk "+1
! mk "+1=m * (m(p-1)(q-1))k
! Recall from Fermat that
! mp-1 = 1 (mod p)
! mq-1 = 1 (mod q)
! Which implies:
! m(p-1)(q-1) = 1 (mod p)
! m(p-1)(q-1) = 1 (mod q)
30
Recall that de = 1 (mod ! )
!= (p-1)(q-1)
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 31/33
OK, back to crypto!
cd = m * (m(p-1)(q-1))k
! Recall from Fermat that
! m(p-1)(q-1) = 1 (mod p)
! m(p-1)(q-1) = 1 (mod q)
! Use the CRT to combine above 2 eqns
! m(p-1)(q-1) = 1 (mod n), where n = pq
!
cd = m * (1)k (mod n)
!
cd = m (mod n)
!
Thus, decrypted ciphertext c = msg m
31
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 32/33
Review!
Encrypting and decrypting involve large
exponentiation; not cheap, but doable! encryptn,e(m) = me (mod n) = c
! decryptn,d(c) = cd (mod n) = m
! Public, private keys require originalprimes to compute
! Only product of primes is ever exposed
! Computationally extremely challenging torecover original primes
32
7/17/2019 Lec 05 Crypto
http://slidepdf.com/reader/full/lec-05-crypto 33/33
Uses1.
Securing message against
eavesdropping: encrypt m usingrecipient’s public key, then send
2.
Sending authenticatable message:
encrypt m using sender’s private key,then send
33