Basic Cryptography

Lecture 1 & 2
Koloseni, Daniel (MSc Info. Security & Biometrics, PhD)
 Outline

• Basic terms
• Cryptographic algorithms
• Concepts of using Cryptography
• Properties of Algorithms
• Modern Cryptography
 Basic terms
• Cryptography :The art and science of crafting ciphers (Cipher
means secret).
• Cryptanalysis: The art and science of breaking ciphers.
• Cryptology: Both of them (Cryptography and Cryptanalysis)
• Cryptosystem :Also called a cipher system. A system that
provides a method for protecting information by encrypting it in
manner that it can only be accessed and used by authorised
users or system (s).
• The basic model of a cryptosystem will be illustrated later.
 Goals of Cryptography

• The most fundamental problem cryptography addresses:

ensure security of communication over insecure medium
• What does secure communication mean?
 Privacy (secrecy, confidentiality) only the intended
recipient can see the communication.
 Authenticity (integrity) the communication is generated by
the alleged sender.
• More generally, achieve objectives even when there may be
adversaries (bad guys)
 Approaches to Secure Communication

• Steganography
 “covered writing”
 hides the existence of a message

• Cryptography
 “hidden writing”
 hide the meaning of a message
 Cryptosystem

Cipher
Plain text Encryption Decryption Plain text
text

Note: Encryption means changing plain text into cipher text and decryption is changing
cipher text back to plain text
 Cryptographic algorithms
• The history of cryptography dates back to ancient Assyrians and
Egyptians.
• Ciphering of the messages were done manually. The use of machines
in cryptography started in twentieth century.
• It is important due to increased concerns over security of sensitive
data and information transacted over the internet.
• A practical way to solve the problem is to deploy cryptography in the
form of cryptographic algorithms.
 Cryptographic algorithms
• Algorithm is the step by step procedure for solving a particular
problem.
• In relation to encryption, algorithms, defines how the encryption will
be applied, how the data will be held by the cryptosystem is
encrypted and how data is decrypted by the receiving system(s).

• Why do we need know about the algorithms?

• Knowing the performance and how secure is it (Cryptographic strength ) –
Crucial information for choosing algorithms based on the task at hand.
 Cryptographic strength
• Generally it is measured in terms of the number of trials needed to
break the cipher in a given situation.
• For example: For Brute force attack, this is likely to relate to the
effective key size of cipher – e.g. a 16 bit key needs 28 trials on
average to guess a key.
• However, given the existence of back doors such as knowledge of
properties of ciphers by an attacker this number of trials can
significantly be reduced.
 Cryptographic Strength and Attacks

• For example : Consider SHA-1 which takes any length of an input

(message) and generates a fixed 160 bit (hash), can be broken down
in 2 63 trials rather than 2 80 trials.
• Attacks on ciphers takes different forms.
• Brute force : Try all cases with assumption that you can succeed!
• Currently, specialised hardware can do more than 10 11 key tests
• Known plain text or cipher texts: This shortcut brute force costs by having
examples of matching plain or cipher texts.
• Can be achieved by injecting plain texts to see cipher text or injecting known cipher text
to see decrypted cipher text.
Cryptographic Strength and Attacks
• Differential attacks : The attacker explore the differences in an input
to see if it can affect the resultant differences at the output.
• For example, in data stream where, (C1 – C2) = (P1 – P2) (a non random
behaviour), an attacker can exploit the patterns.
• In cipher block , can trace the differences through the network
transformations to see where the cipher exhibits non random
patterns.
• Use that information to discover the key.
Cipher’s Blocks and Properties
• The simplest building blocks of ciphers are
• Substitution block : Each letter or symbol is exchanged for another.
• Permutation (transposition) block : Letters or symbols are re-arranged or
moved around.
• One way of constructing cipher block is using a series of
substitutions/ permutations stages
• For example using a small reversible arbitrary substitution units (S-
Boxes)
• See next slide for the illustration.
S-Box and P-Box
Substitution ciphers
A simple example

• Substitution is fixed for each letter or symbol.

• For example, if letter “y” is encrypted to “V”, then every time a system
found letter “y” it replace it with letter “V” during encryption.

• Try this ..
Decrypt this message “ UBZBSJOJNFJTIBGJLB”. Each letter can be decrypted
by replacing it with a next letter in the alphabet.
• They are weak and therefore very easy to break.
Substitution ciphers
Additional example: Caesar Cipher
• Originally used by Julius Caesar during war.
• Changed the order of the letters of the alphabet to generate ciphers
• Substitute each fourth letter with others. For example “A "was
substituted by “D”.
Encryption steps
• Create a cipher text alphabet (see a shift of 3 example)
Substitution ciphers

• A shift of 3
Plain A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Cipher D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

A simple exercise :
Create a shift of 7 Cipher
Substitution ciphers
Encryption steps

A simple exercise 3
Use the table to encrypt the following messages

• “A user is the weakest link in information security chain”

• “Firewalls help to protect the organization and its data”
Note : The secret key is shift of 3
Substitution ciphers

A simple exercise :

Decrypt the message “F R Q J U D W X O D W L R Q V B R X J R W L W”

using the Caesar shift of 3 substitution cipher.
Key properties of Algorithms
• Confusion : Involves transforming information in plain text so that can not
be extracted if intercepted.
• This property make it hard to relate plain text symbol to cipher text symbol.
• Diffusion : Spreading the information from a region of plain text widely
over the cipher text.
• Diffusion means that if we change a character of the plaintext, then several
characters of the cipher text change and if we change a character of the
cipher text, several characters of the plaintext change.
• This property make the effect of changing one plain text to spread through
out the whole message.
• In most cases substitution is good at confusion and permutation /
transposition is good at diffusion.
Current Generation of Ciphers
• Most current systems use block ciphers instead of stream ciphers.

Why?
• Its easy to integrate with packet transmission.
• Have good diffusion properties.
• Larger blocks contribute to increased cryptographic strength
• However, some specialised areas use stream ciphers
• Such as some communications applications
• Situations where resources are limited
Take home: Read and write short notes on stream and block ciphers
 Modern Cryptography
• Modern cryptosystems use computationally complex algorithms to
protect data and information
• Types of Cryptographic algorithms : Hashing, Symmetric and
Asymmetric.
• The main difference between modern and old cryptosystems is on the
use of cryptographic key.
• Old systems relied on secrecy of the algorithms while modern systems
rely on secrecy of the cryptographic key.
 Symmetric Key Algorithms
• Is based on shared secret, where both parties know the same secret
(something I know).
• A “shared secret” encryption key that is distributed to all participating
parties in the communications.
• The “shared secret” used by all parties for encrypting and decrypting ,
so the sender and the receiver both possess a copy of the shared key.
• It is primarily suitable for bulk encryption and only provides for the
security service of confidentiality.
• See next slide for the illustration.
Cryptography Definitions

• Symmetric key cryptography: encryption and decryption keys are identical,

so the key must be kept secret. (This approach is also called secret key
cryptography.)
• Public key cryptography: different keys for encryption and decryption (one
public, the other private).
Symmetric Key Algorithms -
Illustration

Cipher Cipher
Plain text Encryption Decryption Plain text
text text

Secret key Secret key

 Symmetric Encryption Models /
Categories

• One-Time Pad
• Stream Ciphers
• Block Ciphers
One-Time Pad
• A one-time pad is a system in which a private key generated
randomly is used only once to encrypt a message that is then
decrypted by the receiver using a matching one-time pad and
key.

• Each encryption is unique and bears no relation to the next

encryption so that some pattern can be detected.
 One-Time Pad
How it works
• Generating a random string of characters or numbers that will be at least
as long as the longest message that may be sent.
• The generated values are written down on a pad (or any device that
someone can read or use).
• The pads are given to anyone who may be likely to send or receive a
message.
• Typically, a pad may be issued as a collection of keys, one for each day in
a month.
• When a message is to be sent, the sender uses the secret key to encrypt
each character, one at a time.
One-Time Pad
• If a computer is used, each bit in the character (which is usually eight bits
in length) is exclusively "OR'ed" with the corresponding bit in the secret
key.
• Basically encryption algorithm is simply the XOR operation.

Example1
Message: HELLO ALICE
Key: SGFKPQYEIJ
Cipher text: ALRWERKNLO
One-Time Pad
Example2
• Encryption:
• 1001001 1000110 Plain text
• 1010110 0110001 Key
• 0011111 1110111 Cipher text
• Decryption:
• 0011111 1110111 Cipher text
• 1010110 0110001 Key
• 1001001 1000110 Plain text
Stream Ciphers
• A stream cipher is an encryption algorithm that encrypts 1 bit or
byte of plaintext at a time.
• A stream cipher encrypts plaintext streams continuously and
therefore needs to maintain an internal state in order to avoid
obvious duplication of encryptions.
• For a stream cipher implementation to remain secure, its
pseudorandom generator should be unpredictable and the key
should never be reused.
Block Ciphers
• A block cipher is an encryption algorithm that encrypts a fixed size of n-bits
of data - known as a block - at one time.
• The usual sizes of each block are 64 bits, 128 bits, and 256 bits. So for
example, a 64-bit block cipher will take in 64 bits of plaintext and encrypt it
into 64 bits of cipher text.
• In cases where bits of plaintext is shorter than the block size, padding
schemes are called into play. Majority of the symmetric ciphers used today
are actually block ciphers.
• DES, Triple DES, AES, IDEA, and Blowfish are some of the commonly
used encryption algorithms that fall under this group.
Block Ciphers Encryption Modes

How to encrypt a message

• A message is divided into blocks
• Different encryption modes may be used

• Electronic Code Book (ECB)

• Cipher Block Chaining (CBC)
• Cipher Feedback (CFB)
• Output feedback (OFB)
• Counter Mode (CTR)
Block Cipher Encryption Modes: ECB
• Each possible block of plain text has a defined corresponding cipher
text and vice versa.
• In other words, the same plaintext value will always result in the same
cipher text value.
• Electronic Code Book is used when a volume of plaintext is separated
into several blocks of data, each of which is then encrypted
independently of other blocks.
• In fact, Electronic Code Book has the ability to support a
separate encryption key for each block type.
Block Cipher Encryption Modes: ECB
• Not secure: It is deterministic, the same data gets encrypted the same
way, vulnerable if data repeats, reordering cipher text determines
reordered plaintext.
ECB

• Original ECB
Block Cipher Encryption Modes: CBC
• Cipher Block Chaining mode (CBC)
– each block XOR'd with previous block
– start with a random Initialization Vector (IV)
– helps overcome replay attack.
• Suppose the plain text is B1, B2, ..., Bn.
IV = random number (sent in the clear)
C1 = encrypt(B1 xor IV),
C2 = encrypt(B2 xor C1).
….. Ci = encrypt(Bi xor Ci-1).
CBC
Block Cipher Modes

Original ECB CBC

DES: Data Encryption Standard
• The United States government published the Data Encryption Standard
(DES) in 1977 as a proposed standard cryptosystem for all government
communications.
• Many US government entities continue to use DES for cryptographic
applications today, despite the fact that it was superseded by the
Advanced Encryption Standard (AES) in December 2001.
• DES is a 64-bit block cipher that has four modes of operation: ECB mode,
CBC mode, CFB mode, and Output Feedback OFB mode.
• All of the DES modes operate on 64 bits of plaintext at a
time to generate 64-bit blocks of cipher text.
• The key used by DES is 56 bits long. DES utilizes a long series of
exclusive OR (XOR) operations to generate the cipher text.
• This process is repeated 16 times for each encryption/decryption
operation.
DES: Data Encryption Standard

• How secure is DES?

 DES Challenge: 56-bit-key-encrypted phrase (“Strong
cryptography makes the world a safer place”) decrypted (brute
force tested 18 quadrillion keys) in 4 months in 1997.
• In 1999 it took only a little over 22 hours.
 No known “backdoor” decryption approach.

• Making DES more secure:

 Use three keys sequentially (3DES) on each datum.
 Use cipher-block chaining.
Triple DES (3DES
• DES is no longer considered adequate in the face of modern
cryptanalytic techniques and supercomputing power.
• To replace DES, Triple DES (3DES), which uses the same
algorithm to produce a more secure encryption was developed.
• There are four versions of 3DES.

• The first simply encrypts the plaintext three times, using three different
keys: K1, K2, and K3.
Triple DES (3DES
• It is known as DES-EEE3 mode (the Es indicate that there are
three encryption operations, whereas the numeral 3 indicates
that three different keys are used).

• DES-EEE3 can be expressed using the following notation,

where E(K,P) represents the encryption of plaintext P with key
 K:E(K1,E(K2,E(K3,P)))

• DES-EEE3 has an effective key length of 168 bits.

Triple DES (3DES
• The second variant (DES-EDE3) also uses three keys but
replaces the second encryption operation with a decryption
operation: E(K1,D(K2,E(K3,P))).
• The third version of 3DES (DES-EEE2) uses only two keys, K1
and K2, as follows : E(K1,E(K2,E(K1,P))).
• The fourth variant of 3DES (DES-EDE2) also uses two keys but
uses a decryption operation in the middle : E(K1,D(K2,E(K1,P))).
• Both the third and fourth variants have an effective key length of
112 bits.
• Expected to be good until 2030 and mostly used in bank cards
and RFID chips.
Others
Symmetric Key Cryptography: Key Issues

• Symmetric key cryptography: Bob and Alice share the same (symmetric)
key: K (For example, encryption algorithm is DES).
• Question: How do Bob and Alice agree on key value?
• What if Bob and Alice have never “met” before?
• Even Better Question: How is the agreed upon key distributed to both Bob
and Alice in a secure fashion?
Symmetric Key Cryptography: Key Issues
• Secret key management- should be a secure method of exchanging
the secret key without anybody else eavesdropping.
• Difficult to implement nonrepudiation, because any communicating
party can encrypt and decrypt messages with the shared secret key,
there is no way to tell where a given message originated.
• Not easily scalable
• Difficult for large groups to communicate. Why?
• Secure private communication between individuals in the group
could be achieved only if each possible combination of users
shared a private key.
• Keys regeneration - Each time a participant leaves the group, all
keys that involved that participant must be discarded.
Scalability issue explained

• The total number of keys required to completely connect n

parties is given by the following formula:
Number of Keys = [n* (n- 1)]/2
• For small systems it okay! However, for larger systems it very
difficult
Consider:
Parties shared keys required
2 1
3 3
10,000 49,995,000
Scalability issue explained
• Any possible solutions?

• Use asymmetric encryption/ Public Key Encryption

• Use Key exchange protocol such Diffie Hellman,
• RSA

• Despite its drawbacks, it is easy to implement and typically

faster as compared to other methods.
 Asymmetric Key Algorithms
• Often referred to as public key algorithms
• Very special, uses two different keys that are mathematically related
but not possible to derive one from the other!
• Keys are generated together as a pair (a public and private key).

• Private key – Only known to the owner

• Public key – Known to everyone
• Some rules
• The public key can never be used to decrypt a message it was used to
encrypt
• Private keys should never be able to determined through the public key
• Each key should be used to decrypt a message made with each other
Asymmetric Key Algorithms
Asymmetric Key Algorithms
Asymmetric Key Algorithms
• Asymmetric key algorithm is useful for authentication and
confidentiality.
For example:
• A message that has been enciphered by the private key of
sender (Alice) can be deciphered by anyone, but can only have
come from the sender (Alice) – This a basis of authentication!
• A message that has been enciphered by the public key of the
receiver (Bob), can be generated by anyone, but can only be
read by the receiver (Bob) – This is basis of confidentiality!
Asymmetric Key Algorithms
• Because nothing can be done with public key, it is useful over
unsecure networks where data can pass through many hands and is
vulnerable to interception attacks.
• However, it needs additional computation power to use and time
consuming.
• For example, each message router will need to decrypt the message
to know where to send it to.
• Possible solution- need to encrypt a summary or use hash of the
message – will see later.
• Take home: Write short notes on the most popular asymmetric
encryption algorithms (RSA and Diffie-Hellman Key Exchange)
Asymmetric Key Algorithms: Diffie-Hellman

• In some cases, neither public key encryption nor offline distribution is

sufficient.
• Two parties might need to communicate with each other but no
physical means to exchange key and no public key infrastructure to
facilitate the exchange of secret keys.
• In situations like this, key exchange algorithms like the Diffie-
Hellman algorithm prove to be extremely useful mechanisms.
• The Diffie-Hellman algorithm represented a major advance in the
state of cryptographic science when it was released in 1976.
• It’s still in use today.
Asymmetric Key Algorithms: Diffie-Hellman

• Diffie-Hellman is a widely used key agreement protocol.

• It relies on some number theory ( modulus operation):
 a mod b = n where for some “m” : a = m.b + n
• The protocol uses two public parameters
 generator “g” (often 160 bits long)
 prime “p” (often 1024 bits long)
Asymmetric Key Algorithms: Diffie-
Hellman
• You can use this technique to create an encryption key with
someone, and then start encrypting your traffic with that key.
• And even if the traffic is recorded and later analysed, there's
absolutely no way to figure out what the key was, even though the
exchanges that created it may have been visible.
• Nobody analysing the traffic at a later date can break in because the
key was never saved, never transmitted, and never made visible
anywhere.
Asymmetric Key Algorithms: Diffie-Hellman
The basic idea works like this:
• I come up with two prime numbers g and p and tell you what they are.
1) You then pick a secret number (a), but you don't tell anyone.
2) Instead you compute ga mod p and send that result back to me. (We
will call that A since it came from a).
3) I do the same thing, but we will call my secret number b and the
computed number B. So I compute gb mod p and send you the result
(called "B")
4) Now, you take the number I sent you and do the exact same
operation with it. So that's Ba mod p.
5) I do the same operation with the result you sent me, so: Ab mod p.
Asymmetric Key Algorithms: Diffie-Hellman
• The answer I get at step 5 is the same number you got at step 4.
• Deffie- Hellman employ the property of modulo exponents.
Specifically:

(ga mod p)b mod p = gab mod p

(gb mod p)a mod p = gba mod p

• That result, in step 4 and 5, is our shared secret key.

• And we can be certain that nobody else, nobody but us, knows the
key that we created together.
• An important distinction: You're not sharing information during
the key exchange, you're creating a key together.
RSA (Rivest–Shamir–Adleman)

Read about it
Hybrid Secret-Public Key Cryptography

• Ideally, combines the strengths of symmetric and public key

cryptography, and avoid their weaknesses.
• We want the efficiency of symmetric cryptography combined with the
ease of use and convenience of public key cryptography.
• When two parties want to communicate securely, public key
cryptography is used to exchange a random symmetric session key.
• Since the session key is encrypted, we can ensure secrecy and
mutual authentication.
• Thus, key distribution and setup is easy and risk-free.
Hybrid Secret-Public Key Cryptography
• To communicate, symmetric cryptography is used with the session
key.

 Since only these two parties know the session key, the messages are secure.
 Since secret key cryptography is used, this can be done relatively efficiently.

• When done, both parties destroy the session key, if communication

is required in the future, this process is repeated from the beginning
to obtain a completely new session key.
• This general approach is used in Pretty Good Privacy (PGP) and
elsewhere.