cryptography presentation by jyoti goyal
TRANSCRIPT
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
2
CRYPTOGRAPHY
The word cryptography in Greek means “secret writing.” The term today The word cryptography in Greek means “secret writing.” The term today refers to the science and art of transforming messages to make them refers to the science and art of transforming messages to make them secure and immune to attacks.secure and immune to attacks.
Cryptography components
The original message before being transformed, is called Plaintext.After the message is transformed is called Cipher text. An encryption algorithm transforms the plaintext to cipher text, and adecryption algorithm transforms the cipher text to plaintext.
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
3
CIPHER
4
A cipher is an algorithm for performing encryption or decryption — a series of well-defined steps that can be followed as a procedure.
Also called as encipherment.
.
5
CIPHER
SUBSTITUTION
TRANSPOSITION
CLASSICAL MODERN
INPUT SIZE BASED
KEY BASED
BLOCK CIPHER
STREAM CIPHER
SYMMETRIC KEY ALGO
ASYMMETRIC KEY ALGO
Classical cipher:--
6
7
Substitution Encryption Method - Caesar Cipher
A cipher using the substitution method substitutes one symbol with another.
For example, we can replace character A with D and T with Z, 0 with 3 and 2 with 7.
The first cipher text was used by Julius Caesar and is still called Caesar Cipher. The cipher is shift key characters down.
8
9
Transposition cipher
In transposition cipher, the characters retain theirplaintext form but change their positions to create thecipher text.
The text is organized into two dimensional table, andthe columns are interchanged according to a key.
10
Plaintext: attackxatxdawn
Permute rowsand columns
Cipher text: xtawxnattxadakc Key: matrix size and permutations (3,5,1,4,2)
and (1,3,2)
e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111
h e i l h i t l e r
001 000 010 100 001 010 111 100 000 101
111 101 110 101 111 100 000 101 110 000
110 101 100 001 110 110 111 001 110 101
s r l h s s t h s r
Encryption: Plaintext Key = Ciphertext
Plaintext:
Key:
Ciphertext:
e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111
s r l h s s t h s r
110 101 100 001 110 110 111 001 110 101
111 101 110 101 111 100 000 101 110 000
001 000 010 100 001 010 111 100 000 101
h e i l h i t l e r
Decryption: Cipher text Key = Plaintext
Cipher text:
Key:
Plaintext:
14
(INPUT SIZE BASED CIPHER)
Block ciphers - By whether they work on blocks of symbols usually of a fixed size.
Stream ciphers - By whether they work on a continuous stream of symbols.
Modern cipher:--
15
WHAT IS A KEY ?????
A Key is a number (value) that the cipher, as algorithm, operates on.
Key BASED CIPHER
16
Symmetric-key cryptography
17
In symmetric-key cryptography, the same key is used in both directions.
The same key is used by the sender (for encryption) and receiver (for decryption)
Some examples of popular and well-respected symmetric algorithms
Include DES, AES , Blowfish, TDES, and IDEA.
McGraw-Hill ©The McGraw-Hill Companies, Inc., 200018
DES Numerology
19
Data Encryption Standard (DES)
Data Encryption Standard (DES) was designed by IBM and used byU.S. government.
DES algorithm encrypts a 64-bit Plaintext using a 56-bit key.
DES has two transposition blocks,one swapping block and 16 complex blocks called iteration blocks.
DES is a feistel cipher
20
Iteration block16 iteration blocks are conceptually the same. Each block use different key derived from the original key. The whole DES cipher block is a substitution block that changes a 64-bit plaintext to a 64-bit cipher text.
The DES cipher uses the same concept as the Caesar cipher, but the encryption/ decryption algorithm is much more complex.
Feistel cipher refers to a type of block cipher design, not a specific cipher
Split plaintext block into left and right halves: Plaintext = (L0,R0)
For each round i=1,2,...,n, computeLi= Ri1 Ri= Li1 F(Ri1,Ki)where F is round function and Ki is sub key
Cipher text = (Ln,Rn)
L R
expand shiftshift
key
key
S-boxes
compress
L R
2828
2828
2828
48
32
48
32
32
32
32
OneRoun
d of
DES
48
32
Ki
P box
Decryption: Cipher text = (Ln,Rn) For each round i=n,n1,…,1, compute
Ri1 = Li
Li1 = Ri F(Ri1,Ki)where F is round function and Ki is sub key
Plaintext = (L0,R0) Formula “works” for any function F But only secure for certain functions F
Plaintext and cipher text consists of fixed sized blocks
Cipher text obtained from plaintext by iterating a round function
Input to round function consists of key and the output of previous round
Usually implemented in software
P-box (permutation box)-is a method of bit-shuffling used to permute or transpose bits across S-boxes inputs, retaining diffusion while transposing.
S-Box (Substitution-box)-It is a basic component of symmetric key algorithms which performs substitution.
It takes some number of input bits, m, and transforms them into some number of output bits, n: an m×nS-Box can be implemented as a lookup table with 2m words of n bits each. Fixed tables are normally used but in some ciphers the tables are generated dynamically from the key.
25
In DES 6×4-bit S-Box (S5) is used :
26
S5
Middle 4 bits of input
0000
0001
0010
0011
0100
0101
0110
0111
1000
1001
1010
1011
1100
1101
1110
1111
Outer
bits
00001
0110
0010
0000
1011
1101
0101
1011
0100
0010
1001
1111
1110
1000
0111
0100
1
01111
0101
1001
0110
0010
0011
1110
1000
1010
1000
0111
1101
0001
1100
1100
0011
0
10010
0001
0000
1101
1101
0110
1011
1100
0111
1100
1110
0010
1011
0001
1000
0111
0
11101
1100
0110
0011
1000
1111
0001
0110
1011
0111
1000
0100
1101
0010
0010
1001
1
Given a 6-bit input, the 4-bit output is found by selecting the row using the outer two bits(the first and last bits), and the column using the inner four bits. For example, an input "011011" has outer bits "01" and inner bits "1101"; the corresponding output would be "1001".
27
Key Distribution - Diffie-Hellman Protocol
A symmetric key between two parties is useful if it is used only once; it must be created for one session and destroyed when the session is over.
Diffie-Hellman protocol: the two parties use the session key to exchange data without havingto remember or store it for future use.
Before establishing a symmetric key, the two parties need to choose two numbers N and G.
The first number, N, is a large prime number with restriction that (N-1)/2 must also be prime.
The second number G is also prime. The two numbers are not confidential.
The steps for key distribution between Alice and Bob:(1) Alice chooses a larger random number x and calculates R1=G x mod N.(2) Alice sends R1 to Bob. Note that Alice sends R1, not x to Bob.(3) Bob chooses another large number y and calculates R2= Gy mod N.(4) Bob sends R2 to Alice. Again, note that Bob sends R2, not y to Alice.(5) Alice calculates K=(R2)x mod N. Bob also calculates K=(R1)y mod N. Note that K can be proven to be the same calculated by both Alice and Bob. That is the K=Gxy mod N.
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
TCP/IP Protocol Suite 29
Man-in-the-middle attack
TCP/IP Protocol Suite 30
Replay attack: If John has an interest in the data message sent from Alice to Bob. He can intercept both the authentication message and the data message, store them, and resend them later to Bob.
Bob has no way to know if this is a replay of a previous message. There nothing in this procedure to guarantee the freshness of the message.
For example, suppose Alice’s message instruct Bob to pay John for some job he has done. John can resend the message, thereby illegally getting paid twice for the same job.
McGraw-Hill ©The McGraw-Hill Companies, Inc., 200031
32
In public-key cryptography, there are two keys: a private key and a public key.The private key is kept by the receiver. The public key is announced to the public.The public key is used for encryption and is available to public; the private keyis available only to an individual.
33
(Rivest, Shamir and Adleman) RSA
The most common public-key algorithm is called RSA method.
In the method, the private key here is a pair of numbers (N, d); the public key is also a pair of numbers (N, e).
The sender uses the following algorithm to encrypt the message: C=Pe mod N;P is the plaintext, C is cipher text.
The receiver decrypts as following: P=Cd mod N.
34
35
Comparison of symmetric and asymmetric -key cryptography
Symmetric-key cryptography: (1) Advantages: Efficiency, less time to encrypt a message (2) Disadvantages: each pair of users must have a unique key, N users need N(N-1)/2 keys; The key distribution can be difficult.
Asymmetric-key cryptography: (1) Advantages: Easy key distribution, the public key can be used for any users; Each user only needs a pair of keys. (2) Disadvantages: algorithm is complex the public key for a user must be verified.
Applications of cryptography include ATM cards, computer passwords, and electronic commerce.
authentication, digital signatures, interactive proofs
to ensure secrecy in communications, such as those of spies, military leaders, and diplomats
.
Privacy means that the sender and the receiver expect confidentiality. The transmitted message must make sense to only the intended receiver. To all others, the message must be unintelligible.
Hence , cryptography is very important task in order to keep data secure.
No doubt it involves time but that time would be of course, of no use if data goes in other hands.
37
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000