Securing Data:

Cryptography

1
Cryptography
Crypto + graphy = secret + writing
• to make information secret, use a cipher, an algorithm that converts
plain text to ciphertext, which is gibberish unless you have a key that
undo the cipher.
• encryption: the process of making text secret
• decryption: the reverse process, unscrambling gibberish text to
plaintext

Julius Caesar uses a Caesar cipher; he shifts all of the letters forward by
three.
• A becomes D and “brutus” becomes “euxwxv”.
• to decipher, you need both the algorithm and the shift number, which
acts as the key. In this case, the key is 3.
• The Caesar cipher uses 26 keys and is easy to break.

2
Substitution Cipher
Caesar cipher is an example of a larger class of ciphers called substitution
cipher.
• every letter is replaced by a different letter.
• one drawback of basic substitution cipher is letter frequency is preserved.
• the letter e is the most common letter in English. If cipher translates e to x, then x
would be the most common letter in ciphertext.
• it was the breaking of a substitution cipher that led to the execution of Mary,
Queen of Scots, in 1587, for plotting to kill Queen Elizabeth.

3
Enigma(optional)
In the 1900s, cryptography was performed using machines.
The German Enigma was an example of one such machine. It encrypt wartime
communication.
The Enigma was a typewriter-like machine with a keyboard with the full alphabet
and configurable rotors that were the key to the encryption.

4
5
The Enigma(optional)
To prevent it from being simple substitution cipher, after every letter, the
rotor rotate by one, changing both the cipher and key.
• For example “AAA” might be encoded as “BDK”

The enigma was hard to crack but Alan

Turing and his team at Bletchley Park
were able to solve it and even automate
the entire process!

One of Enigma’s flaw was every

letter can’t be mapped into itself.

(for a movie version of this story,

watch “The Imitation Game”, Benedict Cumberbatch.) 6
DES(optional)
One of the earliest widespread software ciphers was the Data Encryption
Standard(DES) developed by NASA and IBM in 1977.

It was a 56-bit encryption and thus has 2^56 keys which is 72

quadrillion(thousand trillions).

Back in 1977, no one has the computing power to brute force that many keys.

In 1999, powerful computers can begin to crack DES.

7
AES(optional)
In 2001, Advanced Encryption Standard(AES) was published
• uses up to 256 bits, brute force is virtually impossible.
• For example, even with 128 bits, if you use every computer on the planet, it’ll take trillion of
years to try every combination of keys. With 256 bits, it would take up about the age of the
universe to crack.
AES chops data into 16-byte chunks, perform a series of permutations and
substitutions and other operations to obscure the message, then repeat 10 or
more times.
• No fancy math, unlike the other popular alternative, RSA.

AES is used everywhere.

• encrypting files on the Iphone.
• encrypting data over WiFI with WPAS and HTTPS protocol.

In October 2017, “Krack Attack” was leveraged against WPA2 by researchers,

particularly its handshake protocol.
• The vulnerability was not with the AES algorithm but its implementation.

8
Symmetric Encryption
Cryptographic techniques so far rely on keys known by both sender and receiver. The
sender encrypt message with a key and the receiver decrypt it with the same key.

Symmetric encryption: encryption technique that uses the same key for both
encryption and decryption.
• For example, in the Caesar cipher, if encryption is shifting right by 3 letters, decryption
is shifting left by 3 letters. Both uses the key = 3. Thus the Caesar cipher is a
symmetric encryption technique.
In the old days, keys are shared physically or by voice.
• Germans use codebooks with daily settings for Enigma machines.

Today, server needs to send a key over the internet.

• making a purchase on Amazon, login on to Gmail, etc.
• keys can be intercepted.

9
Key Exchange(optional)
Solution is to use key exchange.

key exchange: an algorithm that allows two computer to agree on a key

without sending one!

This is done using one-way functions.

A one-way function is a function that is easy to compute but hard to

invert.
• it’s easy to mix colors but hard to unmix, i.e., figure out the component
colors used to get a mixed color.

We’ll use painting to illustrate how this is done conceptually.

10
Key Exchange(optional)
Alice and Bob want to establish a shared secret key for encryption/decryption.
Each starts with a secret color.
Eve is listening.
(Eve for "eavesdrops")

1. Bob’s
1. Alice’s secret
secret color
color

11
Key Exchange(optional)
Eve is listening.

1. Alice’s 1. Bob’s
secret secret
color color

2. Mix in
2. Mix in
public
public
color
color

Both mix the public color with their secret color.

12
Key Exchange(optional)
Eve is listening.

1. Bob’s
1. Alice’s
secret
secret
color
color
2. Mix in
2. Mix in public
public color
color
3. Send 3. Send
to Bob to Alice

Then send it to each other publicly. Then what?

13
Key Exchange(optional)
Eve is listening.

1. Bob’s
1. Alice’s
secret
secret
color
color
2. Mix in
2. Mix in public
public color
color
3. Send 3. Send
to Bob to Alice

4. Mix in 4. Mix in
secret secret
color color
Each then adds in his/her secret color to obtain a shared secret color(key).
The key is then used for symmetric encryption.
14
Diffie-Helman(optional)
Diffie-Helman key exchange uses modular exponentiation as its one-way
function.

Two positive integers x and y are congruent modulo n, denoted

x = y mod n, if x % n == y % n.
Note: a % b is the remainder of a divided by b.
For example, 7 = 2 mod 5 since both 2 and 7 when divided by 5 give a remainder
of 2.
• 13 = 25 mod 2 = 1 mod 2 (Thus 13, 25 and 1 are all congruent modulo 2)
• 3 = 15 mod 12 = 27 mod 12(Thus 3, 15 and 27 are all congruent modulo 12)

When performing math operations, we reduce modulo n so that the result is a

remainder from 0 to n- 1.
• 3^5 mod 31 = 243 mod 31 = 26 mod 31

15
Diffie-Helman (optional)
Modular exponentiation is a one-way function because it is easy to raise a
power but hard to invert.

For example, it is easy to compute 3^5=26 mod 31.(One line of Python code.) But
it’s hard to find x such that 3^x=26 mod 31 if the base and modulo are very large
integers(hundreds of digits long).
• This is called the discrete logarithm problem.

The base that is used for the modulo is a large prime(hundreds of digits long).
Solve this:
298742039473927847494324^x = 7646787876034389839493034 mod
85620542843242379862561534532898765235
Diffie-Helman is an algorithm that uses this one-way function of modular
exponentiation to do key exchange. The process is similar to the painting example
earlier. 16
Diffie-Helman Key Exchange (optional)
Eve is listening.
Public:
Base B 1. Bob’s
1. Alice’s Secret Secret
Modulo M secret
secret Exponent Exponent
exponent
exponent X Y

2. Compute B^X mod M B^Y mod M 2. Compute

3. Send 3. Send
B^Y mod M B^X mod M
to Bob to Alice

4. Compute 4. Compute
(B^Y)^X mod M) (B^X)^Y mod M)
B^{XY} mod M B^{XY} mod M

B^{XY} mod M is the shared key.

17
An Example (optional)
Eve is listening.
Public:
Base 3 1. Bob’s
1. Alice’s Secret Secret
Modulo 17 secret
secret Exponent Exponent
exponent
exponent 15 13

2. Compute 315 = 6 mod 17 <latexit sha1_base64="ID7bPI18AL5ScYrCxZKFvF3IRUk=">AAAB73icdZDLSgMxFIYzXmu9VV26CRbB1ZBR62UhFty4rODYSjuWTJq2oUlmSDJCGfoUblRU3PoIvoY738ZML6CiPwR+vv8ccs4JY860QejTmZqemZ2bzy3kF5eWV1YLa+tXOkoUoT6JeKRqIdaUM0l9wwyntVhRLEJOq2HvLMurt1RpFslL049pIHBHsjYj2Fh0vXeTeqXByQFsForILaFMELloYsbEG5Pi6ftDpsdKs/DRaEUkEVQawrHWdQ/FJkixMoxwOsg3Ek1jTHq4Q+vWSiyoDtLhwAO4bUkLtiNlnzRwSL93pFho3RehrRTYdPXvLIN/ZfXEtI+ClMk4MVSS0UfthEMTwWx72GKKEsP71mCimJ0Vki5WmBh7o7w9wmRT+L/xd91jF114xfI+GCkHNsEW2AEeOARlcA4qwAcECHAHnsCzo5x758V5HZVOOeOeDfBDztsXwqGTsQ==</latexit>

sha1_base64="Sa4vQkqgxaQJHTUnHZHSP7ZnL8E=">AAAB73icdZDLSsNAFIZP6q3WW9Wlm8EiuAqJWi8LseDGZQVjK20sk+mkHTq5MDMRSuhTuLGg0q2P4Gu4822c9AIq+sPAz/efw5xzvJgzqSzr08jNzS8sLuWXCyura+sbxc2tWxklglCHRDwSdQ9LyllIHcUUp/VYUBx4nNa83mWW1x6okCwKb1Q/pm6AOyHzGcFKo7vD+9QuD86PUatYssyylQlZpjUzU2JPSenifTgcAUC1VfxotiOSBDRUhGMpG7YVKzfFQjHC6aDQTCSNMenhDm1oG+KASjcdDzxAe5q0kR8J/UKFxvR7R4oDKfuBpysDrLryd5bBv7JGovxTN2VhnCgakslHfsKRilC2PWozQYnifW0wEUzPikgXC0yUvlFBH2G2KfrfOAfmmWld26XKEUyUhx3YhX2w4QQqcAVVcIBAAI/wDC+GMJ6MV2M0Kc0Z055t+CHj7QtnKZHs</latexit>
<latexit sha1_base64="w4g/kWeGVYbp/uaJaL+oXWf1jkk=">AAAB6XicdZDLSgMxFIYz9VbrrerSTbAIroaMKOrKghuXFR1baIeSyWTa0GQyJBmhDH0ENy68dOtT+BrufBszvYCK/hD4+f5zyDknTDnTBqFPp7SwuLS8Ul6trK1vbG5Vt3futMwUoT6RXKpWiDXlLKG+YYbTVqooFiGnzXBwWeTNe6o0k8mtGaY0ELiXsJgRbCy6ETLqVmvIPUGFIHLR3MyINyO1i/fXQuNGt/rRiSTJBE0M4VjrtodSE+RYGUY4HVU6maYpJgPco21rEyyoDvLJqCN4YEkEY6nsSwyc0O8dORZaD0VoKwU2ff07K+BfWTsz8VmQsyTNDE3I9KM449BIWOwNI6YoMXxoDSaK2Vkh6WOFibHXqdgjzDeF/xv/yD130bVXqx+DqcpgD+yDQ+CBU1AHV6ABfEBADzyAJ/DscOfReXHG09KSM+vZBT/kvH0B9HOSMw==</latexit>
sha1_base64="dQMSDlTkE6W4+QRREJzy//wKdr0=">AAAB6XicdZDLSgMxFIbPeK31VnXpJlgEV0NGFHVlwY3Lio4ttEPJZDJtaOZCkhHK0Edw40KtK8Gn8DXc+TZmegEV/SHw8/3nkHOOnwquNMaf1tz8wuLScmmlvLq2vrFZ2dq+VUkmKXNpIhLZ9IligsfM1VwL1kwlI5EvWMPvXxR5445JxZP4Rg9S5kWkG/OQU6INuo6SoFOpYvsYF0LYxjMzJc6UVM/fR6NXAKh3Kh/tIKFZxGJNBVGq5eBUezmRmlPBhuV2plhKaJ90WcvYmERMefl41CHaNyRAYSLNizUa0+8dOYmUGkS+qYyI7qnfWQH/ylqZDk+9nMdppllMJx+FmUA6QcXeKOCSUS0GxhAquZkV0R6RhGpznbI5wmxT9L9xD+0zG1851doRTFSCXdiDA3DgBGpwCXVwgUIX7uERnixhPVjP1sukdM6a9uzAD1lvX5j7kG4=</latexit>

<latexit sha1_base64="ZuC19/d2dLPnkoHxPNJTdSc65k8=">AAAB6HicdZDNSgMxFIXv1L9a/6ou3QSL4GrIiFJdWXDjsopjC+1QMmmmDc1khiQjlNI3cONCpS59C1/DnW9jpq2gogcCh+/cS+69YSq4Nhh/OIWFxaXlleJqaW19Y3OrvL1zq5NMUebTRCSqGRLNBJfMN9wI1kwVI3EoWCMcXOR5444pzRN5Y4YpC2LSkzzilBiLrr1qp1zB7gnOhbCLv8yceHNSOX+b5Hqpd8rv7W5Cs5hJQwXRuuXh1AQjogyngo1L7UyzlNAB6bGWtZLETAej6aRjdGBJF0WJsk8aNKXfO0Yk1noYh7YyJqavf2c5/CtrZSY6DUZcpplhks4+ijKBTILytVGXK0aNGFpDqOJ2VkT7RBFq7HFK9ghfm6L/jX/knrn4yqvUjmGmIuzBPhyCB1WowSXUwQcKEdzDIzw5A+fBeXYms9KCM+/ZhR9yXj8Bh9+RUQ==</latexit>
sha1_base64="5FOxbat5JzSW/PmrF77+OzhF/vI=">AAAB6HicdZDLSgMxFIbP1Futt6pLN8EiuBoyolRXFty4rOLYQjuUTJppQzOZIckIZegbuHGh0p34Fr6GO9/G9CKo6A+Bn+8/h5xzwlRwbTD+cAoLi0vLK8XV0tr6xuZWeXvnVieZosyniUhUMySaCS6Zb7gRrJkqRuJQsEY4uJjkjTumNE/kjRmmLIhJT/KIU2IsuvaqnXIFuyd4IoRd/GXmxJuTyvnbePwCAPVO+b3dTWgWM2moIFq3PJyaICfKcCrYqNTONEsJHZAea1krScx0kE8nHaEDS7ooSpR90qAp/d6Rk1jrYRzaypiYvv6dTeBfWSsz0WmQc5lmhkk6+yjKBDIJmqyNulwxasTQGkIVt7Mi2ieKUGOPU7JH+NoU/W/8I/fMxVdepXYMMxVhD/bhEDyoQg0uoQ4+UIjgHh7hyRk4D86zM56VFpx5zy78kPP6CSxnj4w=</latexit>

313 = 12 mod 17
<latexit sha1_base64="kmdEKkCG0pG4E7bVSbzaQNCWxBI=">AAAB73icdVDLSsNAFL2pr1pfVZduBovgqiStoC7EghuXFYyttLFMppN26MwkzEyEEvoVblRU3PoJ/oY7/8akVaivAxcO59zLPff6EWfa2Pa7lZuZnZtfyC8WlpZXVteK6xsXOowVoS4JeaiaPtaUM0ldwwynzUhRLHxOG/7gJPMb11RpFspzM4yoJ3BPsoARbFLpsnqVONXRkVPpFEtO2R4D2b/Il1U6fr3LcF/vFN/a3ZDEgkpDONa65diR8RKsDCOcjgrtWNMIkwHu0VZKJRZUe8k48AjtpEoXBaFKSxo0VqcnEiy0Hgo/7RTY9PVPLxP/8lqxCQ68hMkoNlSSyaIg5siEKLsedZmixPBhSjBRLM2KSB8rTEz6o8L0E/4nbqV8WLbPnFJtDybIwxZswy44sA81OIU6uEBAwA08wKOlrFvryXqetOasz5lN+Abr5QPGLJOz</latexit>
sha1_base64="JVCDuxbNkANqfQt9pzTLNZ2aMHU=">AAAB73icdVDLSgNBEOyNrxhfUY9eBoPgKewmgnoQA148RnBNJK5hdjJJhszMLjOzQljyFV4MqOTqJ/gb3vwbJ4lCfBU0FFXddHWHMWfauO67k5mbX1hcyi7nVlbX1jfym1tXOkoUoT6JeKTqIdaUM0l9wwyn9VhRLEJOa2HvbOzX7qjSLJKXph/TQOCOZG1GsLHSdfk29cqDE6/UzBe8ojsBcn+RL6tw+jocjgCg2sy/3bQikggqDeFY64bnxiZIsTKMcDrI3SSaxpj0cIc2LJVYUB2kk8ADtGeVFmpHypY0aKLOTqRYaN0Xoe0U2HT1T28s/uU1EtM+ClIm48RQSaaL2glHJkLj61GLKUoM71uCiWI2KyJdrDAx9ke52Sf8T/xS8bjoXniFygFMkYUd2IV98OAQKnAOVfCBgIB7eIQnRzkPzrMzmrZmnM+ZbfgG5+UDarSR7g==</latexit>
<latexit sha1_base64="INdp1MziJ9tWF/Pa3ZFcIW1gmvU=">AAAB6XicdVDLSsNAFL2pr1pfVZduBovgqiQiqCsLblxWNLbQhjKZTNqhk5kwMxFK6Ce4ceGjW7/C33Dn3zhpFXweuHA4517uuTdMOdPGdd+c0tz8wuJSebmysrq2vlHd3LrWMlOE+kRyqdoh1pQzQX3DDKftVFGchJy2wuFZ4bduqNJMiiszSmmQ4L5gMSPYWOkykVGvWvPq7hTI/UU+rdrpy1OBSbNXfe1GkmQJFYZwrHXHc1MT5FgZRjgdV7qZpikmQ9ynHUsFTqgO8mnUMdqzSoRiqWwJg6bq14kcJ1qPktB2JtgM9E+vEP/yOpmJj4OciTQzVJDZojjjyEhU3I0ipigxfGQJJorZrIgMsMLE2O9Uvj7hf+If1E/q7oVXaxzCDGXYgV3YBw+OoAHn0AQfCPThFu7hweHOnfPoTGatJedjZhu+wXl+B+dqkio=</latexit>
sha1_base64="Oz0TGJee4duk7Ehl7gdci6qf7Q4=">AAAB6XicdVDLSgNBEOyNrxhfUY9eBoPgKeyKoJ4MePEY0TWBZAmzs7PJkJmdZWZWCEs+wYsHNZ4Ev8Lf8ObfOEkU4qugoajqpqs7TDnTxnXfncLc/MLiUnG5tLK6tr5R3ty61jJThPpEcqmaIdaUs4T6hhlOm6miWIScNsL+2dhv3FClmUyuzCClgcDdhMWMYGOlSyGjTrniVd0JkPuLfFmV09fR6BkA6p3yWzuSJBM0MYRjrVuem5ogx8owwumw1M40TTHp4y5tWZpgQXWQT6IO0Z5VIhRLZSsxaKLOTuRYaD0Qoe0U2PT0T28s/uW1MhMfBzlL0szQhEwXxRlHRqLx3ShiihLDB5ZgopjNikgPK0yM/U5p9gn/E/+gelJ1L7xK7RCmKMIO7MI+eHAENTiHOvhAoAu3cA8PDnfunEfnadpacD5ntuEbnJcPi/KQZQ==</latexit> <latexit sha1_base64="J7zjEnpY3XohdNRCTI3XTPW0Nmk=">AAAB6HicdVDLSgNBEOyNrxhfUY9eBoPgKeyKED0Z8OIximsCyRJmJ7PJkJnZZWZWCEv+wIsHlXj0L/wNb/6Ns4lCfBU0FFXddHWHCWfauO67U1hYXFpeKa6W1tY3NrfK2zs3Ok4VoT6JeaxaIdaUM0l9wwynrURRLEJOm+HwPPebt1RpFstrM0poIHBfsogRbKx05dW65YpXdadA7i/yZVXOXic5nhvd8lunF5NUUGkIx1q3PTcxQYaVYYTTcamTappgMsR92rZUYkF1kE2TjtGBVXooipUtadBUnZ/IsNB6JELbKbAZ6J9eLv7ltVMTnQQZk0lqqCSzRVHKkYlRfjbqMUWJ4SNLMFHMZkVkgBUmxj6nNP+E/4l/VD2tupdepX4MMxRhD/bhEDyoQR0uoAE+EIjgDh7g0Rk6986TM5m1FpzPmV34BuflA3rWkUg=</latexit>
sha1_base64="YOry+Flwf9K65SsBXK++daSf86o=">AAAB6HicdVDLSgNBEOyNrxhfUY9eBoPgKeyKED0Z8OIximsCyRJmJ73JkNnZZWZWCCF/4MWDSm7iX/gb3vwbJ4lCfBU0FFXddHWHqeDauO67k1tYXFpeya8W1tY3NreK2zs3OskUQ58lIlGNkGoUXKJvuBHYSBXSOBRYD/vnE79+i0rzRF6bQYpBTLuSR5xRY6Urr9IulryyOwVxf5Evq3T2Oh4/A0CtXXxrdRKWxSgNE1TrpuemJhhSZTgTOCq0Mo0pZX3axaalksaog+E06YgcWKVDokTZkoZM1fmJIY21HsSh7Yyp6emf3kT8y2tmJjoJhlymmUHJZouiTBCTkMnZpMMVMiMGllCmuM1KWI8qyox9TmH+Cf8T/6h8WnYvvVL1GGbIwx7swyF4UIEqXEANfGAQwR08wKPTd+6dJ2c8a805nzO78A3OywcfXo+D</latexit>
2. Compute

3. Send 3. Send
to Bob to Alice

4. Compute 4. Compute
15 13
12
<latexit sha1_base64="7lG64OqRns/P7krPrmElVgasE9E=">AAAB8HicbZDNSgMxFIXv1L9a/6ou3QSL4KpMiqIuxIIblxUcW2zHkkkzbWgmMyQZoQx9CzcVVNz6Br6GO9/GtHWhrQcCH+fcS+69QSK4Nq775eQWFpeWV/KrhbX1jc2t4vbOrY5TRZlHYxGrRkA0E1wyz3AjWCNRjESBYPWgfznO6w9MaR7LGzNImB+RruQhp8RY6w5X7jN8PDzHbrtYcsvuRGge8A+ULj5GYz3V2sXPViemacSkoYJo3cRuYvyMKMOpYMNCK9UsIbRPuqxpUZKIaT+bTDxEB9bpoDBW9kmDJu7vjoxEWg+iwFZGxPT0bDY2/8uaqQlP/YzLJDVM0ulHYSqQidF4fdThilEjBhYIVdzOimiPKEKNPVLBHgHPrjwPXqV8Vnavcal6BFPlYQ/24RAwnEAVrqAGHlCQ8AjP8OJoZ+S8Om/T0pzz07MLf+S8fwMz+JPs</latexit>
sha1_base64="hwBP03T/7D+zzT0g8FG1xIdMXss=">AAAB8HicbZDLSgMxFIbP1Futt6pLN8EiuCqToqgLseDGZQXHFtuxZNJMG5rJDElGKEPfwk0X3ra+ga/hzrcxbV1o6w+Bj/8/h5xzgkRwbVz3y8ktLC4tr+RXC2vrG5tbxe2dWx2nijKPxiJWjYBoJrhknuFGsEaiGIkCwepB/3Kc1x+Y0jyWN2aQMD8iXclDTomx1h2u3Gf4eHiO3Xax5JbdidA84B8oXXyMRq8AUGsXP1udmKYRk4YKonUTu4nxM6IMp4INC61Us4TQPumypkVJIqb9bDLxEB1Yp4PCWNknDZq4vzsyEmk9iAJbGRHT07PZ2Pwva6YmPPUzLpPUMEmnH4WpQCZG4/VRhytGjRhYIFRxOyuiPaIINfZIBXsEPLvyPHiV8lnZvcal6hFMlYc92IdDwHACVbiCGnhAQcIjPMGzo52R8+K8TUtzzk/PLvyR8/4N2HGSJw==</latexit>
= 10 mod 17
<latexit sha1_base64="csB3Us7ZLnWfQcpECxVUMovIUBY=">AAAB6XicbZDLSsNAFIZPvNZ6q7p0EyyCq5KIoK4suHFZ0dhCG8pkMmmHziXMTIQS+ghuXHjp1qfwNdz5Nk7aLrT1h4GP/z+HOedEKaPaeN63s7S8srq2Xtoob25t7+xW9vYftMwUJgGWTKpWhDRhVJDAUMNIK1UE8YiRZjS4LvLmI1GaSnFvhikJOeoJmlCMjLXuuIy7lapX8yZyF8GfQfXq873QuNGtfHViiTNOhMEMad32vdSEOVKGYkZG5U6mSYrwAPVI26JAnOgwn4w6co+tE7uJVPYJ407c3x054loPeWQrOTJ9PZ8V5n9ZOzPJRZhTkWaGCDz9KMmYa6Rb7O3GVBFs2NACworaWV3cRwphY69Ttkfw51dehOC0dlnzbv1q/QymKsEhHMEJ+HAOdbiBBgSAoQdP8AKvDnOenTdnPC1dcmY9B/BHzscP5euSKQ==</latexit>
sha1_base64="pih2pBlqfgjeKeocukDnxQlQUVo=">AAAB6XicbZDLSgMxFIbP1Futt6pLN8EiuCozIqgrC25cVnRsoR1KJpNpQ5PJkGSEMvQR3LhQ60rwKXwNd76N6WWhrT8EPv7/HHLOCVPOtHHdb6ewtLyyulZcL21sbm3vlHf37rXMFKE+kVyqZog15SyhvmGG02aqKBYhp42wfzXOGw9UaSaTOzNIaSBwN2ExI9hY61bIqFOuuFV3IrQI3gwql5+j0TsA1Dvlr3YkSSZoYgjHWrc8NzVBjpVhhNNhqZ1pmmLSx13asphgQXWQT0YdoiPrRCiWyr7EoIn7uyPHQuuBCG2lwKan57Ox+V/Wykx8HuQsSTNDEzL9KM44MhKN90YRU5QYPrCAiWJ2VkR6WGFi7HVK9gje/MqL4J9UL6rujVepncJURTiAQzgGD86gBtdQBx8IdOERnuHF4c6T8+q8TUsLzqxnH/7I+fgBinOQZA==</latexit> <latexit sha1_base64="6E0JuEMVhDKACoeL0AgqrEOg0rc=">AAAB6HicbZDNSgMxFIXv1L9a/6ou3QSL4KrMiFBdWXDjsopjC+1QMmmmDU0yQ5IRytA3cONCpS59C1/DnW9jpu1CWw8EPs65l9x7w4QzbVz32ymsrK6tbxQ3S1vbO7t75f2DBx2nilCfxDxWrRBrypmkvmGG01aiKBYhp81weJ3nzUeqNIvlvRklNBC4L1nECDbWuvNq3XLFrbpToWXw5lC5+pzkem90y1+dXkxSQaUhHGvd9tzEBBlWhhFOx6VOqmmCyRD3aduixILqIJtOOkYn1umhKFb2SYOm7u+ODAutRyK0lQKbgV7McvO/rJ2a6CLImExSQyWZfRSlHJkY5WujHlOUGD6ygIlidlZEBlhhYuxxSvYI3uLKy+CfVS+r7q1XqZ/DTEU4gmM4BQ9qUIcbaIAPBCJ4ghd4dYbOs/PmTGalBWfecwh/5Hz8AHlXkUc=</latexit>
sha1_base64="8ksD8kqs6k01epykCmnbec85v2I=">AAAB6HicbZDLSgMxFIbP1Futt6pLN8EiuCozIlRXFty4rOLYQjuUTHqmDc1khiQjlNI3cONCpTvxLXwNd76N6WWhrT8EPv7/HHLOCVPBtXHdbye3srq2vpHfLGxt7+zuFfcPHnSSKYY+S0SiGiHVKLhE33AjsJEqpHEosB72ryd5/RGV5om8N4MUg5h2JY84o8Zad16lXSy5ZXcqsgzeHEpXn+PxOwDU2sWvVidhWYzSMEG1bnpuaoIhVYYzgaNCK9OYUtanXWxalDRGHQynk47IiXU6JEqUfdKQqfu7Y0hjrQdxaCtjanp6MZuY/2XNzEQXwZDLNDMo2eyjKBPEJGSyNulwhcyIgQXKFLezEtajijJjj1OwR/AWV14G/6x8WXZvvVL1HGbKwxEcwyl4UIEq3EANfGAQwRO8wKvTd56dN2c8K805855D+CPn4wcd34+C</latexit>

6
<latexit sha1_base64="Js26AUGbtFGjC+3mdYkSuxqmbzk=">AAAB73icbZDLSgMxFIbPeK31VnXpJlgEV2VGxctCLLhxWcGxlXYsmTTThiaZIckIZehTuFFRcesj+BrufBvTy0Jbfwh8/P855JwTJpxp47rfzszs3PzCYm4pv7yyurZe2Ni80XGqCPVJzGNVC7GmnEnqG2Y4rSWKYhFyWg27F4O8ek+VZrG8Nr2EBgK3JYsYwcZat0d3mXfQP/PcZqHoltyh0DR4Yyiefz4N9FxpFr4arZikgkpDONa67rmJCTKsDCOc9vONVNMEky5u07pFiQXVQTYcuI92rdNCUazskwYN3d8dGRZa90RoKwU2HT2ZDcz/snpqopMgYzJJDZVk9FGUcmRiNNgetZiixPCeBUwUs7Mi0sEKE2NvlLdH8CZXngZ/v3Racq+8YvkQRsrBNuzAHnhwDGW4hAr4QEDAA7zAq6OcR+fNeR+Vzjjjni34I+fjB8ZIk7M=</latexit>
sha1_base64="7zPBBouY6GtF8tV5Q0+OeVuFX9M=">AAAB73icbZDLSgMxFIbP1Futt6pLN8EiuCozKl4WYsGNywqOrbRjyaRpG5pkhiQjlKFP4caCSrc+gq/hzrcxvSy09YfAx/+fQ845YcyZNq777WQWFpeWV7KrubX1jc2t/PbOvY4SRahPIh6paog15UxS3zDDaTVWFIuQ00rYvR7llSeqNIvknenFNBC4LVmLEWys9XD6mHrH/UvPbeQLbtEdC82DN4XC1edgMASAciP/VW9GJBFUGsKx1jXPjU2QYmUY4bSfqyeaxph0cZvWLEosqA7S8cB9dGCdJmpFyj5p0Nj93ZFioXVPhLZSYNPRs9nI/C+rJaZ1HqRMxomhkkw+aiUcmQiNtkdNpigxvGcBE8XsrIh0sMLE2Bvl7BG82ZXnwT8qXhTdW69QOoGJsrAH+3AIHpxBCW6gDD4QEPAMr/DmKOfFeXeGk9KMM+3ZhT9yPn4AatCR7g==</latexit>
= 10 mod 17 <latexit sha1_base64="csB3Us7ZLnWfQcpECxVUMovIUBY=">AAAB6XicbZDLSsNAFIZPvNZ6q7p0EyyCq5KIoK4suHFZ0dhCG8pkMmmHziXMTIQS+ghuXHjp1qfwNdz5Nk7aLrT1h4GP/z+HOedEKaPaeN63s7S8srq2Xtoob25t7+xW9vYftMwUJgGWTKpWhDRhVJDAUMNIK1UE8YiRZjS4LvLmI1GaSnFvhikJOeoJmlCMjLXuuIy7lapX8yZyF8GfQfXq873QuNGtfHViiTNOhMEMad32vdSEOVKGYkZG5U6mSYrwAPVI26JAnOgwn4w6co+tE7uJVPYJ407c3x054loPeWQrOTJ9PZ8V5n9ZOzPJRZhTkWaGCDz9KMmYa6Rb7O3GVBFs2NACworaWV3cRwphY69Ttkfw51dehOC0dlnzbv1q/QymKsEhHMEJ+HAOdbiBBgSAoQdP8AKvDnOenTdnPC1dcmY9B/BHzscP5euSKQ==</latexit>
sha1_base64="pih2pBlqfgjeKeocukDnxQlQUVo=">AAAB6XicbZDLSgMxFIbP1Futt6pLN8EiuCozIqgrC25cVnRsoR1KJpNpQ5PJkGSEMvQR3LhQ60rwKXwNd76N6WWhrT8EPv7/HHLOCVPOtHHdb6ewtLyyulZcL21sbm3vlHf37rXMFKE+kVyqZog15SyhvmGG02aqKBYhp42wfzXOGw9UaSaTOzNIaSBwN2ExI9hY61bIqFOuuFV3IrQI3gwql5+j0TsA1Dvlr3YkSSZoYgjHWrc8NzVBjpVhhNNhqZ1pmmLSx13asphgQXWQT0YdoiPrRCiWyr7EoIn7uyPHQuuBCG2lwKan57Ox+V/Wykx8HuQsSTNDEzL9KM44MhKN90YRU5QYPrCAiWJ2VkR6WGFi7HVK9gje/MqL4J9UL6rujVepncJURTiAQzgGD86gBtdQBx8IdOERnuHF4c6T8+q8TUsLzqxnH/7I+fgBinOQZA==</latexit> <latexit sha1_base64="6E0JuEMVhDKACoeL0AgqrEOg0rc=">AAAB6HicbZDNSgMxFIXv1L9a/6ou3QSL4KrMiFBdWXDjsopjC+1QMmmmDU0yQ5IRytA3cONCpS59C1/DnW9jpu1CWw8EPs65l9x7w4QzbVz32ymsrK6tbxQ3S1vbO7t75f2DBx2nilCfxDxWrRBrypmkvmGG01aiKBYhp81weJ3nzUeqNIvlvRklNBC4L1nECDbWuvNq3XLFrbpToWXw5lC5+pzkem90y1+dXkxSQaUhHGvd9tzEBBlWhhFOx6VOqmmCyRD3aduixILqIJtOOkYn1umhKFb2SYOm7u+ODAutRyK0lQKbgV7McvO/rJ2a6CLImExSQyWZfRSlHJkY5WujHlOUGD6ygIlidlZEBlhhYuxxSvYI3uLKy+CfVS+r7q1XqZ/DTEU4gmM4BQ9qUIcbaIAPBCJ4ghd4dYbOs/PmTGalBWfecwh/5Hz8AHlXkUc=</latexit>
sha1_base64="8ksD8kqs6k01epykCmnbec85v2I=">AAAB6HicbZDLSgMxFIbP1Futt6pLN8EiuCozIlRXFty4rOLYQjuUTHqmDc1khiQjlNI3cONCpTvxLXwNd76N6WWhrT8EPv7/HHLOCVPBtXHdbye3srq2vpHfLGxt7+zuFfcPHnSSKYY+S0SiGiHVKLhE33AjsJEqpHEosB72ryd5/RGV5om8N4MUg5h2JY84o8Zad16lXSy5ZXcqsgzeHEpXn+PxOwDU2sWvVidhWYzSMEG1bnpuaoIhVYYzgaNCK9OYUtanXWxalDRGHQynk47IiXU6JEqUfdKQqfu7Y0hjrQdxaCtjanp6MZuY/2XNzEQXwZDLNDMo2eyjKBPEJGSyNulwhcyIgQXKFLezEtajijJjj1OwR/AWV14G/6x8WXZvvVL1HGbKwxEcwyl4UIEq3EANfGAQwRO8wKvTd56dN2c8K805855D+CPn4wcd34+C</latexit>

Thus, the secret shared key is 10. For example, key = 10 can be used in the
Caesar cipher by shifting/unshifting by 10
18
Diffie-Helman (optional)
One shortcoming of the Diffie-Helman key exchange is that it uses
communication overhead to established a shared key.
• Alice and Bob sends back and forth different results of their calculations.

Another shortcoming is if Alice needs to messages to different people, she needs

to exchange different keys.
• if she is a bank for example, she needs thousands of distinct keys to communicate
with each person.
• she would then need to send thousands of messages just to establish these secret
keys with each person.

19
Asymmetric Encryption
James Ellis, a British Engineer, was working on a non-secret encryption in 1977.His
idea is clever yet simple: lock and unlock are inverses. Use this as a one-way
function!
• Easy to lock, but hard to unlock.

Ellis’ idea is an example of asymmetric encryption(public-key cryptography):

encryption which uses a public and a private key. One for encryption and one for
decryption.

Someone can encrypt a message with the public key but only the recipient with
their private key can decrypt.
• the public key is use for encryption, the private key for decryption.
• the reverse is also useful, private key to encrypt and and public key to decrypt(see
digital signatures later in these slides)
The most famous example of asymmetric encryption is RSA named after their inventors
Rivest, Shamir and Adleman.The math behind RSA is beyond scope of the class. There’s an
20
optional video that you can watch at the end of the slides.
Alice has a private key and a lockbox(public key).
She wishes to receive an encrypted message from Bob.
Alice sends Bob the lockbox(public key).

21
Bob put his message inside the lockbox.
Lock it(one-way function, easy to lock)
Sends it back.

22
Alice can open it with her private key and receives the message. (even if the
lockbox is intercepted, it cannot be opened without the private key)

If Alice is a bank, she can duplicates the lockbox(public key) and sends them to
everyone she wishes to receive encrypted messages.
She only has to manage one private key.

23
Digital Signatures
A public digital key can encrypt something that can only be decrypted by a private
digital key.

The reverse is also possible: encrypting with the private key something that can be
decrypted with a public key.
• Use for digital signatures
• Server encrypts data with private key.
• Anyone can decrypt it using the server’s public key.
• This acts as an unforgeable signature that only the owner, using the private key, can encrypt.
• This proves that you’re getting data from the right server/website, not an imposter.
• This is how your browser knows that you are at the correct bankamerica.com and not a fake bank of
America website. The brower knows Bank of America’s public key and can verify. If it’s successful, it
gives you the green padlock confirmation.

Certificate authorities issue digital certificates that validate the ownership of

encryption keys used in secure communications and are based on a trust model. For
example, Google is a certificate authority. A website can apply for a digital certificate
from Google to validate their ownership of their website(green padlock you see when
you go to an https(secure http) website.

We can understand how digital signatures work by looking at hash functions.

24
Hash Functions(optional)
In the abstract, a cryptographic hash function is a mathematical function that takes input data
of any size, performs an operation on it, and returns output data of a fixed size.

Since data(file, images, audio, video) can be encoded into a string of 0's and 1's, a hash function
is simply a function f(x) which accepts a string input of any length and returns a fixed-length
string output. Here's an implementation of such a hash function using the popular SHA256
algorithm(outputs 256-bit strings):
import hashlib
def hash(mystring):
hash_object= hashlib.sha256(mystring.encode())
return hash_object.hexdigest()
print(hash("hello")) a small change to a message should change
print(hash("Hello")) the hash value extensively
Output:
'2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824'
'185f8db32271fe25f561a6fc938b2e264306ec304eda518007d1764826381969'

25
Properties of Hash Functions(optional)
The ideal cryptographic hash function has the following main properties:
• it is deterministic meaning that the same message always results in the same
hash
• it is quick to compute the hash value for any given message
• it is infeasible to generate a message that yields a given hash value i.e. to
reverse the process that generated the given hash value. This problem is hard to
solve:
Given
y = 'e3824dba5fb0a30e26e8352ac5b9e29e1b161e5c1fa7425e73043362938b9829'
It is hard to find x so that hash(x) = y.

• it is infeasible to find two different messages with the same hash value
• a small change to a message should change the hash value so extensively that a
new hash value appears uncorrelated with the old hash value
26
Digital Signature
When a signer electronically signs a document, the signature is created using the
signer’s private key, which is always securely kept by the signer.

The mathematical algorithm acts like a cipher, creating data matching the signed
document using the hash function and encrypting that data.

The resulting encrypted data is the digital signature. The signature is also marked
with the time that the document was signed.

If the document changes after signing, the digital signature is invalidated. The
image in the next slide explains this process.

27
Digital Signatures Attach the encrypted
Hash the document Encrypt the hash value hash value to document.
to get hash value. using private key.

Send the document and encrypted

1) hash document to get hash value hash value across the internet.
2) use public key to decrypt encrypted
hash value
3) If 1) = 2), then successfully verified.
So clever!

28
How HTTPS Work
The “key” parts of modern cryptography:
• symmetric encryption
• key exchange
• public-key cryptography
When you connect to a secure website, such as Facebook, using HTTPS that has the
green padlock, you know that cryptography was used to encrypt data.

When information is sent over regular HTTP, the information is broken into packets of
data that can be easily “sniffed” using free software. This makes communication over
the an unsecure medium, such as public Wi-Fi, highly vulnerable to interception.

In fact, all communications that occur over HTTP occur in plain text, making them
highly accessible to anyone with the correct tools, and vulnerable to on-path attacks.

Technically speaking, HTTPS is not a separate protocol from HTTP. It is simply using
TLS/SSL encryption over the HTTP protocol. 29
How HTTPS Work
Here's how HTTPS work:

• Youtube receives a digital certificate from a certificate authority(CA) which

includes a public and private key. The private key lives on Youtube's server. The
public key is available for anyone who wants to access Youtube.
• When a user connects to youtube.com, Youtube will send over its SSL certificate
which contains the public key necessary to start the secure session. How do we
know that this certificate is authentic?
• Youtube's certificate authority is Google. Google encrypts this certificate with its
private key.
• Your browser which has access to secure information from certificate authorities
uses Google's known secure public key and decrypt this certificate. If the public
key successfully decrypt the certificate, then your browser knows that this is the
real Youtube server. The greenpad lock is the indicator for verification process.
• If Youtube is down, a hacker can’t create a clone of Youtube without a valid
certificate.
30
How HTTPS Work(optional)
In websites without HTTPS, it is possible for Internet service providers (ISPs) or other
intermediaries to inject content into webpages without the approval of the website
owner.
This commonly takes the form of advertising, where an ISP looking to increase
revenue injects paid advertising into the webpages of their customers.

Unsurprisingly, when this occurs, the profits

for the advertisements and the quality
control of those advertisements are in no
way shared with the website owner.

HTTPS eliminates the ability of

unmoderated third parties to inject
advertising into web content.
31
Cryptocurrency(optional)
A cryptocurrency (or crypto currency) is a digital asset designed to work as a
medium of exchange that uses cryptography to secure its transactions, to control
the creation of additional units, and to verify the transfer of assets.

cryptocurrency:
• decentralized currency
• Bitcoin was the first, established in 2009. Since then, other coins have been established, called
altcoins.
• Bitcoin was invented by Satoshi Nakamoto.(Even today, no one knows who he is.)
• Uses public-key cryptography to make, secure transactions, verify ownerships, etc...
• Security is guaranteed by a concept known as "proof of work". Bitcoin miners are rewarded
with bitcoins for this proof of work.
• Uses advanced math(elliptic curves) to do encryption.

Here's a reference on how bitcoins work:

https://www.youtube.com/watch?v=Lx9zgZCMqXE
32
Some Supplementary Videos(Optional)

1)Read and reread these lecture notes.

2)Watch(optional):
a)How bitcoin works(non technical)
https://www.youtube.com/watch?v=l9jOJk30eQs
3)Optional:
a)How RSA works. This is technical with some math but still accessible.
https://www.youtube.com/watch?v=wXB-V_Keiu8
b)How bitcoin works under the hood. Technical but still accessible. May need to rewatch, rewind
several times.
https://www.youtube.com/watch?v=Lx9zgZCMqXE
c)Most of this lecture’s material including some images come from PBS Digital Video on
Cryptography.
https://www.youtube.com/watch?v=jhXCTbFnK8o
33
References

Part of this lecture is a recap of the following an episode from

PBS Crash Course in Computer Science series.
PBS Crash Course in Computer Science. Cryptography. Retrieved
from https://www.youtube.com/watch?v=jhXCTbFnK8o

34