class 17

Cryptography, Codes and Cipher, Data Encryption

standard

Cryptography• Cryptography is a method of storing and

transmitting data in a particular form so that only those for whom it is intended can read and process it.

Some Basic Terminology• plaintext - original message • ciphertext - coded message • cipher - algorithm for transforming plaintext to

ciphertext • key - info used in cipher known only to

sender/receiver • encipher (encrypt) - converting plaintext to

ciphertext • decipher (decrypt) - recovering ciphertext from

plaintext• cryptography - study of encryption

principles/methods• cryptanalysis (codebreaking) - study of

principles/ methods of deciphering ciphertext without knowing key

• cryptology - field of both cryptography and cryptanalysis

History – The Manual Era• Dates back to at least 2000 B.C.• Pen and Paper Cryptography

– Scytale – Spartan method involved wrapping a belt around a rod of a given diameter and length

– Atbash – Hewbrew cipher which mirrored the normal alphabet (shown in The DaVinci Code)

– Caesar – Shift all letters by a given number of letters in the alphabet

– Vignère – Use of a key and multiple alphabets to hide repeated characters in an encrypted message

History – The Mechanical Era• Invention of cipher machines• Examples

– Confederate Army’s Cipher Disk– Japanese Red and Purple Machines– German Enigma

History – The Modern Era• Computers!• Examples

– Lucifer– Rijndael– RSA– ElGamal

Cryptosystem Services• Confidentiality – Only authorized entities are

allowed to view• Integrity – Ensures the message was not altered

by unauthorized individuals• Authenticity – Validates the source of a message,

to ensure the sender is properly identified• Nonrepudiation – Establishes sender identity so

that the entity cannot deny having sent the message

• Access Control – Access to an object requires access to the associated crypto keys in many systems (e.g. login)

Cryptographic Methods• Symmetric

– Same key for encryption and decryption– Key distribution problem

• Asymmetric– Mathematically related key pairs for

encryption and decryption– Public and private keys

Symmetric• Fast• Only provide confidentiality• Need secure channel for key distribution• Key management headaches from large

number of key pairs to maintain

Symmetric or Private Key

Asymmetric• Large mathematical operations make it slower

than symmetric algorithms• No need for out of band key distribution (public

keys are public!)• Scales better since only a single key pair

needed per individual• Can provide authentication and nonrepudiation

Asymmetric or Public Key

Hybrid• Combines strengths of both methods• Asymmetric distributes symmetric key

– Also known as a session key

• Symmetric provides bulk encryption• Example:

– SSL negotiates a hybrid method

Key Distribution• Given parties A and B have various key

distribution alternatives:• A can select key and physically deliver to

B• third party can select & deliver key to A &

B• if A & B have communicated previously

can use previous key to encrypt a new key

• if A & B have secure communications with a third party C, C can relay key between A & B

Key Distribution Scenario

Ciphertext• PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV ZCJPO

EYPD KBXBJYUXJ LBJOO KCPK. CP LBO LBCMKXPV XPV IYJKL PYDBL, QBOP KBO BXV OPVOV LBO LXRO CI SX'XJMI, KBO JCKO XPV EYKKOV LBO DJCMPV ZOICJO BYS, KXUYPD: 'DJOXL EYPD, ICJ X LBCMKXPV XPV CPO PYDBLK Y BXNO ZOOP JOACMPLYPD LC UCM LBO IXZROK CI FXKL XDOK XPV LBO RODOPVK CI XPAYOPL EYPDK. SXU Y SXEO KC ZCRV XK LC AJXNO X IXNCMJ CI UCMJ SXGOKLU?'

Any Guesses???

THE SOLUTIONCode• X Z A V O I D B Y G E R S P C F H J K L M N Q T U

W• A B C D E F G H I J K L M N O P Q R S T U V W X Y

Z

Plaintext• Now during this time Shahrazad had

borne King Shahriyar three sons. On the thousand and first night, when she had ended the tale of Ma'aruf, she rose and kissed the ground before him, saying: 'Great King, for a thousand and one nights I have been recounting to you the fables of past ages and the legends of ancient kings. May I make so bold as to crave a favour of your majesty?’

Data Encryption Standard (DES)• The most widely used private key block

cipher, is the Data Encryption Standard (DES).

• It was adopted in 1977 by the National Bureau of Standards as Federal Information Processing Standard 46 (FIPS PUB 46).

• DES encrypts data in 64-bit blocks using a 56-bit key.

• The DES enjoys widespread use.

DES History• IBM developed Lucifer cipher

– by team led by Feistel in late 60’s– used 64-bit data blocks with 128-bit key

• then redeveloped as a commercial cipher with input from NSA and others

• in 1973 NBS issued request for proposals for a national cipher standard

• IBM submitted their revised Lucifer which was eventually accepted as the DES

Multiple Encryption & DES• clear a replacement for DES was needed

– theoretical attacks that can break it– demonstrated exhaustive key search attacks

• AES is a new cipher alternative– prior to this alternative was to use multiple

encryption with DES implementations– Triple-DES is the chosen form

Double-DES?• could use 2 DES encrypts on each block

– C = EK2(EK1(P))

• issue of reduction to single stage• and have “meet-in-the-middle” attack

– works whenever use a cipher twice– since X = EK1(P) = DK2(C)– attack by encrypting P with all keys and store– then decrypt C with keys and match X value– takes O(256) steps

Triple-DES with Two-Keys• hence must use 3 encryptions

– would seem to need 3 distinct keys

• but can use 2 keys with E-D-E sequence– C = EK1(DK2(EK1(P)))– nb encrypt & decrypt equivalent in security– if K1=K2 then can work with single DES

• standardized in ANSI X9.17 & ISO8732• no current known practical attacks

– several proposed impractical attacks might become basis of future attacks

Triple-DES with Three-Keys• although no practical attacks on two-key

Triple-DES have some concerns– Two-key: key length = 56*2 = 112 bits– Three-key: key length = 56*3 = 168 bits

• can use Triple-DES with Three-Keys to avoid even these– C = EK3(DK2(EK1(P)))

• has been adopted by some Internet applications, eg PGP, S/MIME

Triple DES

Public Key Infrastructure• All components needed to enable secure

communication– Policies and Procedures– Keys and Algorithms– Software and Data Formats

• Assures identity to users• Provides key management features

– Issuance– Revocation – Recovery – Distribution – History

PKI Components• Digital Certificates

– Contains identity and verification info

• Certificate Authorities– Trusted entity that issues certificates

• Registration Authorities– Verifies identity for certificate requests

• Certificate Revocation List (CRL)