Lec 05 Crypto

7/17/2019 Lec 05 Crypto

http://slidepdf.com/reader/full/lec-05-crypto 1/33

Lecture 5

Encryption

7/17/2019 Lec 05 Crypto


Agenda

!

Overview of encryption

!

How public-key encryption works

!

How to use it for security on the web(next lecture)

2

7/17/2019 Lec 05 Crypto


Encryption as Function!

Plaintext string s

!

Encryption key K enc

!

Decryption key K dec

! Encrypt s with K enc to obtain ciphertextK enc (s)

!

Decrypt K enc (s) with decryption key K dec

to reobtain s

!

K dec (K enc (s)) = s

3

7/17/2019 Lec 05 Crypto


Encryption in Words!

Encryption applies a reversible fn to

some piece of data, yielding somethingunreadable

!

Decryption recovers the original data

from the unreadable encryption-output!

The encryption/decryption algorithmassumed known; the key is secret

4

7/17/2019 Lec 05 Crypto


A Brief History!

Caesar cipher rotates alphabet by 3

5

7/17/2019 Lec 05 Crypto


A Brief History

6

7/17/2019 Lec 05 Crypto


Substitution Ciphers!

No need to shift 3 chars

! You could do 2! Or even 4!

!

You also don’t have to shift thealphabet at all. Just arbitrary 1:1

mapping of alphabet chars, using asubstitution table

!

All of these are vulnerable to frequency

analysis!

Letter

! Word

! Common phrases7

7/17/2019 Lec 05 Crypto


Polygram Cipher!

Translate n-grams, not chars

!

How big is substitution table?

!

A n

entries, where A is size of alphabet!

A=26,n=3; 17576 entries

! A=100,n=6; 1T entries

!

Still vulnerable, but requires more text8

plaintext ciphertext

AAA QWE

AAB RTY

AAC ASD

7/17/2019 Lec 05 Crypto


Substitution Rules!

Don’t store table explicitly; derive table

rows using substitution rule! E.g., s XOR k , where k is key

! Remember: security level depends on size

of key! Key of len b => 2b possible keys

9

7/17/2019 Lec 05 Crypto


Substitution Rules!

XOR “flips a bit” for input bits that

correspond to key’s “1” ! Correspond to a 0? No change

!

Encrypted string should ideally show nopattern for frequency analysis attack

!

Use key long enough to makeciphertext appear random

10

7/17/2019 Lec 05 Crypto


Substitution Rules (2)!

What’s the right size key?

! Who is trying to break the scheme?

! 3GHz CPU => 300 inst for possible key test

! 1 sec, 10M keys

! 1 day, 1T keys!

60-bit key takes 100 CPUs 3 years

!

Is that good enough?

! Also, use statistical techniques todetermine ideal key length

11

7/17/2019 Lec 05 Crypto


Data Encryption Standard!

DES is a block cipher with 56-bit key

! 64-bits at a time

! Perform 16 rounds of encryption, w/std.

permutations of keys and data

! DES is not secure

!

Data xmitted in 64-bit blocks, each may

be coded independently

12

7/17/2019 Lec 05 Crypto


7/17/2019 Lec 05 Crypto


DES in 64-bit blocks

14

7/17/2019 Lec 05 Crypto


Triple DES!

Triple-DES is 168 bits

!

Break the key into 3 parts

!

DES’ bit-logic techniques make it fast

15

7/17/2019 Lec 05 Crypto


Review of Crypto!

The key in traditional crypto is used to

encode the substitution rule! Needed to encrypt and decrypt

! DES and Triple-DES use this technique

! Key distribution is the weak link!

Hard to revoke

! Disastrous if “codebook ” is compromised

! Hard to distribute (requires initial out-of-band secure exchange)

! Impossible for the Web

! All of this changed in the 1970s…16

7/17/2019 Lec 05 Crypto


Public-Key Cryptography!

Secure comm without key exchange

!

Each party has a pair of related keys:public and private

! A public key is published freely

! A private key is shared with no one

!

A message encrypted with one can bedecrypted with the other

! You can’t derive one from the other! This is critical!

!

Original idea due to Diffie, Hellman, but

RSA (Rivest, Shamir, Adelman) popular17

7/17/2019 Lec 05 Crypto


Two Modes!

Public-key cryptography

!

Anyone can encrypt; only S can decrypt

! Used for data confidentiality18

7/17/2019 Lec 05 Crypto


Two Modes!

Digital Signatures

!

Only S can encrypt; anyone decrypts

! Used for authenticity19

7/17/2019 Lec 05 Crypto


How Does it Work?!

Public key cryptography relies on so-

called trapdoor functions! A fn that is easy to compute, but hard to

invert without special info

!

“Easy

” and

“hard

” meant computationally

!

Some poor choices for trapdoor fns:

! Add 2; Multiply by 3

! In practice quite difficult to find goodtrapdoor functions

!

Most popular one is related to prime

factorization; others possible20

7/17/2019 Lec 05 Crypto


Prime Factorization!

n = p*q, where p and q are primes

! Given p and q, easy to compute n

! Given n, very hard to find p and q

!

How can we turn this into a crypto

system?!

We need two theorems. First…

21

7/17/2019 Lec 05 Crypto


INTERMISSION

22

3 = 8 (mod 5)

Modular arithmeticnotation!!

7/17/2019 Lec 05 Crypto


Fermat’s Little Theorem!

For any prime p, and any integer a:

ap = a (mod p)

23

a p Ap Ap mod p A mod p

4 3 64 1 1

7/17/2019 Lec 05 Crypto




ap = a (mod p)

24


4 3 64 1 1

4 5 1024 4 4

7/17/2019 Lec 05 Crypto




ap = a (mod p)

25


4 3 64 1 1

4 5 1024 4 4

7 11 1977326743 7 7

7/17/2019 Lec 05 Crypto




ap = a (mod p)

26


4 3 64 1 1

4 5 1024 4 4

7 11 1977326743 7 7

7 12 13841287201 1 7

7/17/2019 Lec 05 Crypto



Put another way, if p is prime and a is

not a multiple of p, thenap-1 = 1 (mod p)

27

a p Ap-1 Ap-1 mod p

4 3 16 1

4 5 256 1

7 11 282475249 1

7 12 1977326743 7

7/17/2019 Lec 05 Crypto


Chinese Remainder Theorem!

Consider x = ai (mod pi) for i=1,…k

!

CRT: there’s a solution for x if pi arepairwise relatively prime (i.e. have no

common factors greater than 1).

! E.g. 14 and 15 are relatively prime

!

If all ai are 1, then x = 1 (mod !pi)

28

X = 3 mod 5

X = 6 mod 7

X = 2 mod 11

X = 7 mod 3

7/17/2019 Lec 05 Crypto


OK, back to crypto!

We choose two large primes, p, q

! n = pq

!

Next:

! Set" = (p-1)(q-1)

! Choose e randomly, s.t. e <"

! Choose d, s.t. de = 1 (mod ")

!

n and e serve as public key

! n is product of primes p, q

!

n and d serve as private key

! Choosing d requires e and " 29

7/17/2019 Lec 05 Crypto


OK, back to crypto!

encryptn,e(m) = me (mod n) = c

! decryptn,d(c) = cd (mod n) = m

!

Will decryption always work?

! cd=mde=mk "+1

! mk "+1=m * (m(p-1)(q-1))k

! Recall from Fermat that

! mp-1 = 1 (mod p)

! mq-1 = 1 (mod q)

! Which implies:

! m(p-1)(q-1) = 1 (mod p)

! m(p-1)(q-1) = 1 (mod q)

30

Recall that de = 1 (mod ! )

!= (p-1)(q-1)

7/17/2019 Lec 05 Crypto


OK, back to crypto!

cd = m * (m(p-1)(q-1))k

! Recall from Fermat that

! m(p-1)(q-1) = 1 (mod p)

! m(p-1)(q-1) = 1 (mod q)

! Use the CRT to combine above 2 eqns

! m(p-1)(q-1) = 1 (mod n), where n = pq

!

cd = m * (1)k (mod n)

!

cd = m (mod n)

!

Thus, decrypted ciphertext c = msg m

31

7/17/2019 Lec 05 Crypto


Review!

Encrypting and decrypting involve large

exponentiation; not cheap, but doable! encryptn,e(m) = me (mod n) = c

! decryptn,d(c) = cd (mod n) = m

! Public, private keys require originalprimes to compute

! Only product of primes is ever exposed

! Computationally extremely challenging torecover original primes

32

7/17/2019 Lec 05 Crypto


Uses1.

Securing message against

eavesdropping: encrypt m usingrecipient’s public key, then send

2.

Sending authenticatable message:

encrypt m using sender’s private key,then send

33

Documents

Lec 05 Crypto