ICT 6102/6541:

Applied Cryptography
Dr. Hossen Asiful Mustafa
https://hossenmustafa.buet.ac.bd
 Reference Book
 Applied Cryptography: Protocols, Algorithms, and
Source Code in C by Bruce Schneier

 Handbook of Applied Cryptography by Alfred J.

Menezes, Paul C. van Oorschot and Scott A. Vanstone

2
 Assessment
Type Percent
Midterm Exam (2) 40

Paper Review and Presentation 10

Term Project 10

Final Exam 40

3
 Tentative Dates
Type Class
Midterm Exam-1 5

Midterm Exam-2 9

Paper Presentation 12

Term Project TBD

4
 Respond in Teams
 Q1. What is Cryptography?

 Q2. Crypto and Cryptography same

thing?

5
 Basic Communication

Alice talking to Bob

Alice Bob

6
 Eavesdropping

Eve listening the conversation

Alice Bob

7
 Secure Communication

Eve listening to the conversation

Original
Plaintext Plaintext
Encryption Decryption
Ciphertext

Alice Bob
End-to-End Encryption
8
 “Lawful” Interception (LI)

Intercept the conversation

Original
Plaintext Plaintext
Encryption Decryption
Ciphertext

Alice LI

Decryption Encryption
Ciphertext
Bob
9
 Cryptography
 Generate ciphertext from a plaintext to keep the
plaintext secret from the attacker
 Assumes that:
 The attacker has complete access to the communication
channel
 The attacker knows the algorithm that generates ciphertext

10
 Notation
 Plaintext/Message = P/M
 Ciphertext = C
 Encryption = E
 Decryption = D
 Keys = K
 EK1(M) = C
 DK2(C) = M
 DK1(EK2(M)) = M
11
 Security Principles
Authentication:
It should be possible for the receiver of a message to ascertain
its origin; an intruder should not be able to masquerade as
someone else.

Integrity:
It should be possible for the receiver of a message to verify that
it has not been modified in transit; an intruder should not be
able to substitute a false message for a legitimate one.

12
 Security Principles
Non-repudiation:
A sender should not be able to falsely deny later that he sent a
message.

Secrecy:
A transferred message can only be read by the receiver.

13
 Types of Algorithm

14
 Symmetric Algorithms
 The encryption key can be calculated from the
decryption key and vice versa.
 In most symmetric algorithms, the encryption key and
the decryption key are the same.
 It requires that the sender and receiver agree on a
key before they can communicate securely.
 The security of a symmetric algorithm rests in the key;
divulging the key means that anyone could encrypt
and decrypt messages.
15
 Asymmetric Algorithms
 Also known as public-key algorithms
 Are designed so that the key used for encryption is
different from the key used for decryption.
 Furthermore, the decryption key cannot be calculated
from the encryption key.
 The algorithms are called “public-key” because the
encryption key can be made public
 The encryption key is often called the public key, and
the decryption key is often called the private key
16
 Cryptanalysis
 Cryptanalysis is the science of recovering the
plaintext of a message without access to the key.
 Successful cryptanalysis may recover the plaintext or
the key.
 It also may find weaknesses in a cryptosystem that
eventually lead to the previous results.
 The loss of a key through non-cryptanalytic means is
called a compromise.
 An attempted cryptanalysis is called an attack
17
 Cryptanalytic Attacks
 Ciphertext-only attack:
 The cryptanalyst has the ciphertext of several messages, all
of which have been encrypted using the same encryption
algorithm.
 Given: C1 = Ek(P1), C2 = Ek(P2),...Ci = Ek(Pi)
 Deduce:
• Either P1, P2,...Pi or
• k or
• an algorithm to infer Pi+1 from Ci+1 = Ek(Pi+1)

18
 Cryptanalytic Attacks
 Known-plaintext attack:
 The cryptanalyst has access to
• the ciphertext of several messages, and
• the plaintext of those messages.
 Given: <P1, C1 = Ek(P1)>, <P2, C2 = Ek(P2)>,...<Pi, Ci = Ek(Pi)>
 Deduce:
• Either k, or
• an algorithm to infer Pi+1 from Ci+1 = Ek(Pi+1)

19
 Cryptanalytic Attacks
 Chosen-plaintext attack:
 The cryptanalyst has access to the ciphertext and associated plaintext for
several messages,
 He can choose the plaintext that gets encrypted.
 This is more powerful than a known-plaintext attack, because the cryptanalyst
can choose specific plaintext blocks to encrypt, ones that might yield more
information about the key.
 Given: <P1, C1 = Ek(P1)>; <P2, C2 = Ek(P2)>,...<Pi, Ci = Ek(Pi)>,
• where the cryptanalyst gets to choose P1, P2,...Pi
 Deduce:
• Either k, or
• an algorithm to infer Pi+1 from Ci+1 = Ek(Pi+1)

20
 Cryptanalytic Attacks
 Adaptive-chosen-plaintext attack:
 This is a special case of a chosen-plaintext attack.
 Not only can the cryptanalyst choose the plaintext that is
encrypted, but he can also modify his choice based on the
results of previous encryption.
 In a chosen-plaintext attack,
• a cryptanalyst might just be able to choose one large block of
plaintext to be encrypted;
 In an adaptive-chosen-plaintext attack,
• he can choose a smaller block of plaintext and then choose
another based on the results of the first, and so forth.
21
 Cryptanalytic Attacks
 Chosen-ciphertext attack:
 The cryptanalyst can choose different ciphertexts to be
decrypted and has access to the decrypted plaintext.
 For example, the cryptanalyst has access to a tamperproof
box that does automatic decryption. His job is to deduce the
key.
 Given: <C1, P1 = Dk(C1)>, <C2, P2 = Dk(C2)>,...<Ci, Pi = Dk(Ci)>
 Deduce: k

22
 Cryptanalytic Attacks
 Chosen-key attack:
 This attack doesn’t mean that the cryptanalyst can choose the
key; it means that he has some knowledge about the
relationship between different keys.
 It’s obscure, and not very practical

23
 Cryptanalytic Attacks
 Rubber-hose cryptanalysis:
 The cryptanalyst threatens, blackmails, or tortures someone
until they give him the key.
 Bribery is sometimes referred to as a purchase-key attack.
 These are all very powerful attacks and often the best way to
break an algorithm.

24
 Remember!
 Security by obscurity doesn’t work!
 Cannot assume that the attacker doesn’t know algorithm’s
inner working
 Cannot assume that the attacker cannot disassemble your
code or reverse-engineer your algorithm
 The best algorithms we have are the ones that
 have been made public,
 have been attacked by the world’s best cryptographers for
years, and
 are still unbreakable.
25
 Algorithm Security
 Total break: A cryptanalyst finds the key, K, such that DK(C) = P.
 Global deduction: A cryptanalyst finds an alternate algorithm, A,
equivalent to DK(C), without knowing K.
 Instance (or local) deduction: A cryptanalyst finds the plaintext of
an intercepted ciphertext.
 Information deduction: A cryptanalyst gains some information
about the key or plaintext. This information could be a few bits of the
key, some information about the form of the plaintext, and so forth.
 Unbreakable: An algorithm is unconditionally secure if, no matter
how much ciphertext a cryptanalyst has, there is not enough
information to recover the plaintext.
 In point of fact, only a one-time pad is unbreakable given infinite resource.
26
 Brute Force Attack
 Try all possible combinations to break an algorithm
 Is not feasible in most cases;
 Example:
 If an algorithm has a processing complexity of 2128, then 2128
operations are required to break the algorithm.
 Assume that you have enough computing speed to perform a
million operations every second, and
• A million parallel processors are set against the task
• 106 X 106 = 1012 operations per second
 It will still take over 1019 years to recover the key. That’s a
billion times the age of the universe.
27
 Cryptography Examples
 Ciphertext
 APWNRM
 FUBSWR
 122734252926

 What is the plaintext?

28
 Substitution Ciphers
 Each character in the plaintext is substituted for
another character in the ciphertext.
 The receiver inverts the substitution on the ciphertext
to recover the plaintext.
 4 Types:
 A simple substitution cipher (Caesar: A -> D)
 A homophonic substitution cipher (A -> 7, 12, 25,…)
 A polygram substitution cipher (AB ->SE, AC -> ES)
 A polyalphabetic substitution cipher (A -> D -> G ->J)

29
 More on Ciphers
 Transposition Ciphers
 The plaintext remains the same, but the order of characters is
shuffled around.
 Example: rtocpy
 Rotor Machine
 Multiple rotors
 Each rotor performs a simple substitution cipher
 It is the combination of several rotors and the gears moving them
that makes the machine secure.
 Because the rotors all move at different rates, the period for an n-
rotor machine is 26n.
 The best-known rotor device is the Enigma
30
 Arithmetic Review

31
 Greatest Common Divisors
 gcd(A , B) = gcd(B , A – B)
 since any common factor of A and B is also a factor of A – B
and
 since any common factor of B and A – B is also a factor of A.

32
 Greatest Common Divisors
 gcd(A , B) = gcd(B , A – B)

 gcd(21,12) = gcd(12,9)
= gcd(9,3)
= gcd(3,6)
= gcd(6,3)
= gcd(3,3)
= gcd(3,0)
33
=3
 Greatest Common Divisors
 gcd(A , B) = gcd(B , A – kB) for any integer k.

 gcd(21,9) = gcd(9 , 21 – 2x9)

= gcd(9, 3)
= gcd(3,0)
=3

34
 Greatest Common Divisors
 gcd(A , B) = gcd(B , A mod B)

 gcd(21,12) = gcd(12,9)
= gcd(9,3)
= gcd(3,0)
=3

35
 Modular Arithmetic
 Z mod N is the integer remainder when Z is divided by
N.
 Example:
 10 mod 3 = 1
 10 mod 2 = 0
 10 mod 7 = 3
 10 mod 11 = 10

36
 Modular Arithmetic
 Z mod N is the integer remainder when Z is divided by
N.
 The Division Theorem
 For all integers Z and N>0, there exist unique integers Q and
R such that
Z = QN + R and 0  R  N.

37
 Modular Arithmetic
 Z mod N is the integer remainder when Z is divided by
N.
 The Division Theorem
 For all integers Z and N>0, there exist unique integers Q and
R such that
Z = QN + R and 0  R  N.
 By definition, this unique R = Z mod N.

38
 Modular Arithmetic
 To compute (A+B) mod N,
 compute (A+B) and take the result mod N.
 To compute (A-B) mod N,
 compute (A-B) and take the result mod N.
 To compute (A×B) mod N,
 compute (A×B) and take the result mod N.
 Computing (A÷B) mod N is complex!

39
 Modular Division
 What is the value of (1÷2) mod 7?
 We need a solution to 2x mod 7 = 1
 Try x = 4.
 (1÷2) mod 7 = 4 mod 7 = 4

40
 Modular Division
 What is the value of (1÷2) mod 7?
 We need a solution to 2x mod 7 = 1
 Try x = 4.
 (1÷2) mod 7 = 4 mod 7 = 4
 What is the value of (7÷5) mod 11?
 We need a solution to 5x mod 11 = 1
 Try x = 9

41
 Modular Division
 What is the value of (1÷2) mod 7?
 We need a solution to 2x mod 7 = 1
 Try x = 4.
 (1÷2) mod 7 = 4 mod 7 = 4
 What is the value of (7÷5) mod 11?
 We need a solution to 5x mod 11 = 1
 Try x = 9
 (7÷5) mod 11 = 7*(1÷5) mod 11 = 7*9 mod 11 = 8

42
 Modular Division
 Is modular division always well-defined?
 (1÷3) mod 6 = ?
 3x mod 6 = 1 has no solution!

43
 Modular Division

Fact 1
(A÷B) mod N always has a solution when
gcd(B,N) = 1

Fact 2
(A÷B) mod N never has a solution when
gcd(A,B) = 1 and gcd(B,N) ≠ 1

44
 Next Class:
Online on 17 October
After Magrib

45