CRYPTOGRAPHY

1
 Good Guys and Bad Guys
❑ Alice and Bob are the good guys

❑ Trudy is the bad guy

❑ Trudy is our generic “intruder”

Intro 2
 Good Guys and Bad Guys
❑ Alice and Bob want to communicate securely
o Typically, over a network
❑ Alice or Bob might also want to store their
data securely
❑ Trudy wants to read Alice and Bob’s secrets
❑ Or Trudy might have other devious plans…
o Cause confusion, denial of service, etc.

Intro 3
 CIA
❑ Confidentiality, Integrity and Availability
❑ Confidentiality: prevent unauthorized
reading of information
❑ Integrity: prevent unauthorized writing of
information
❑ Availability: data is available in a timely
manner when needed
o Availability is a “new” security concern
o Due to denial of service (DoS) threats

Intro 4
 Crypto
❑ Cryptology ⎯ The art and science of
making and breaking “secret codes”
❑ Cryptography ⎯ making “secret
codes”
❑ Cryptanalysis ⎯ breaking “secret
codes”
❑ Crypto ⎯ all of the above (and more)

Intro 5
 How to Speak Crypto
❑ A cipher or cryptosystem is used to encrypt
the plaintext
❑ The result of encryption is ciphertext
❑ We decrypt ciphertext to recover plaintext
❑ A key is used to configure a cryptosystem
❑ A symmetric key cryptosystem uses the same
key to encrypt as to decrypt
❑ A public key cryptosystem uses a public key
to encrypt and a private key to decrypt
o Private key can be used to sign and public key used
to verify signature (more on this later…)

Intro 6
 Crypto
❑ Underlying assumption
o The system is completely known to Trudy
o Only the key is secret
❑ Also known as Kerckhoffs Principle
o Crypto algorithms are not secret
❑ Why do we make this assumption?
o Experience has shown that secret algorithms
are often weak when exposed
o Secret algorithms never remain secret
o Better to find weaknesses beforehand

Intro 7
 Crypto as a Black Box
key key

Pi Ci Pi
plaintext encrypt decrypt plaintext
ciphertext

❑ Note Pi is ith “unit” of plaintext

❑ And Ci is corresponding ciphertext
❑ “Unit” may be bit, letter, block of bits, etc.

Intro 8
 Who Knows What?
Alice key Trudy key Bob

Pi Ci Pi
plaintext encrypt decrypt plaintext
ciphertext

❑ Trudy knows the ciphertext

❑ Trudy knows the cipher and how it works
❑ Trudy might know a little more
❑ Trudy does not know the key

Intro 9
 Taxonomy of Cryptography
❑ Symmetric Key
o Same key for encryption as for decryption
o Stream ciphers and block ciphers
❑ Public Key
o Two keys, one for encryption (public), and one
for decryption (private)
o Digital signatures ⎯ nothing comparable in
symmetric key crypto
❑ Hash algorithms

Intro 10
 Cryptanalysis
❑ Thiscourse focused on cryptanalysis
❑ Trudy wants to recover key or plaintext
❑ Trudy is not bound by any rules
o For example, Trudy might attack the
implementation, not the algorithm itself
o She might use “side channel” info, etc.

Intro 11
 Exhaustive Key Search
❑ How can Trudy attack a cipher?
❑ She can simply try all possible keys and
test each to see if it is correct
o Exhaustive key search
❑ To prevent an exhaustive key search, a
cryptosystem must have a large keyspace
o Must be too many keys for Trudy to try them
all in any reasonable amount of time

Intro 12
 Beyond Exhaustive Search
❑ A large keyspace is necessary for security
❑ But a large keyspace is not sufficient
❑ Shortcut attacks might exist
❑ We’ll see many examples of shortcut attacks
❑ In cryptography we can (almost) never prove
that no shortcut attack exists
❑ This makes cryptography interesting…

Intro 13
 Taxonomy of Cryptanalysis
❑ Ciphertext only — always an option
❑ Known plaintext — possible in many cases
❑ Chosen plaintext
o “Lunchtime attack”
o Protocols might encrypt chosen text
❑ Adaptively chosen plaintext
❑ Related key
❑ Forward search (public key crypto only)
❑ “Rubber hose”, bribery, etc., etc., etc.

Intro 14
 Definition of Secure
❑A cryptosystem is secure if the best
know attack is to try all possible keys
❑ Cryptosystem is insecure if any
shortcut attack is known
❑ By this definition, an insecure system
might be harder to break than a
secure system!

Intro 15
 Definition of Secure
❑ Why do we define secure this way?
❑ The size of the keyspace is the
“advertised” level of security
❑ If an attack requires less work, then false
advertising
❑ A cipher must be secure (by our definition)
and have a “large” keyspace
o Too big for an exhaustive key search

Intro 16
 Theoretical Cryptanalysis
❑ Spse that a cipher has a 100 bit key
o Then keyspace is of size 2100
❑ On average, for exhaustive search
Trudy tests 2100/2 = 299 keys
❑ Spse Trudy can test 230 keys/second
o Then she can find the key in about 37.4
trillion years

Intro 17
 Theoretical Cryptanalysis
❑ Spse that a cipher has a 100 bit key
o Then keyspace is of size 2100
❑ Spse there is a shortcut attack with
“work” equal to testing about 280 keys
❑ If Trudy can test 230 per second
o Then she finds key in 36 million years
o Better than 37 trillion, but not practical

Intro 18
 Applied Cryptanalysis
❑ In this class, we focus on attacks
that produce plaintext
o Not interested in attacks that just show
a theoretical weakness in a cipher
❑ We call this applied cryptanalysis
❑ Why applied cryptanalysis?
o Because it’s a lot more fun…
o And it’s a good place to start

Intro 19
Applied Cryptanalysis: Overview
❑ Classic (pen and paper) ciphers
o Transposition, substitution, etc.
o Same principles appear in later sections
❑ World War II ciphers
o Enigma, Purple, Sigaba
❑ Stream ciphers
o Shift registers, correlation attack,
ORYX, RC4, PKZIP

Intro 20
Applied Cryptanalysis: Overview
❑ Block ciphers
o Hellman’s TMTO, CMEA, Akelarre, FEAL
❑ Hash functions
o Nostradamus attack, MD4, MD5
❑ Public key crypto
o Knapsack, Diffie-Hellman, Arithmetica,
RSA, Rabin, NTRU, ElGamal
o Factoring, discrete log, timing, glitching

Intro 21
 Why Study Cryptography?
❑ Information security is a big topic
o Crypto, Access control, Protocols, Software
o Real world info security problems abound
❑ Cryptography is the part of information
security that works best
❑ Using crypto correctly is important
❑ The more we make other parts of security
behave like crypto, the better

Intro 22
 Why Study Cryptanalysis?
❑ Study of cryptanalysis gives insight into all
aspects of crypto
❑ Also gain insight into attacker’s mindset
o “black hat” vs “white hat” mentality
❑ Cryptanalysis is more fun than cryptography
o Cryptographers are boring
o Cryptanalysts are cool
❑ But cryptanalysis is hard

Intro 23