CRYPTOGRAPHY

Lecture 1

1
 A Note on Security
☞ In this course, you will be exposed to information about
security problems and vulnerabilities with computing
systems and networks.
☞ To be clear, you are not to use this or any other similar
information to test the security of, break into,
compromise, or otherwise attack, any system or network
without the express consent of the owner.
☞ In particular, you will comply with all my instructions
when doing the labs.
☞ Any violation is at YOUR RISK!
And may result in severe consequences.
10 June 2020 2
 In this course
We will discuss…

• Securing data (Encryption and decryption).

• Authentication.
• Digital Signature.
• Applications.
• Case studies.

10 June 2020 3
What is our goal in this course?
☞ Our primary goal is to be able to identify security and privacy issues in
various aspects of computing, including:
– Communication and networking
– Operating systems
– Internet applications
– Databases
– Cloud and IoT
– Mobile applications
☞ Secondarily, to be able to use this ability to
design systems that are more protective
of security and privacy.

4
 What is Cryptography?

10 June 2020 5
 Cryptography
“The discipline that embodies the principles, means, and methods for the
transformation of data in order to hide their semantic content, prevent their
unauthorized use, or prevent their undetected modification“.
Source: NIST

10 June 2020 6
 The CIA Triad - Core Security Principles

☞ Secrecy – Data hiding

☞ Confidentiality – Maintaining secrecy and Privacy

☞ Integrity - being honest

☞ Availability

Source: NIST standard FIPS 199

(Standards for Security Categorization of Federal Information and Information Systems)

10 June 2020 7
 Vulnerabilities, Threats and Attacks
☞ Categories of vulnerabilities
• Corrupted (loss of integrity)
• Leaky (loss of confidentiality
• Unavailable or very slow
☞Threats:
• Loss of Keys

10 June 2020 8
 Vulnerabilities, Threats and Attacks
☞ Attacks (threats carried out)
☞ Passive – attempt to learn or make use of
information from the system

☞ Active – attempt to alter data.

10 June 2020 9
 Security and Reliability
☞ Security has a lot to do with reliability
☞ A secure system is one you can rely on to (for
example):
• Keep your personal data confidential
• Allow only authorized access or modifications to
resources
☞ Give you correct and meaningful results when you
want them

10 June 2020 10
 What is Privacy?
There are many definitions of privacy

☞A useful one: “informational self-determination”

• This means that you get to control information about you
• “Control” means many things:
● Who gets to see it
● Who gets to use it
● What they can use it for
● Who they can give it to

10 June 2020 11
Context of Cryptography
• Cryptology: the study of cryptosystems has two
subdivisions
• Cryptography

The art and science of making a cryptosystem that can

provide information security.
• Cryptanalysis

The art and science of breaking the cipher text is known

as cryptanalysis.

12
Crypto system

13
 Thank You!
Next Class
☞ Mandatory reading for the next class
☞ https://ifca.ai/pub/fc97/r4.pdf

10 June 2020 14
Basic Cryptographic Primitives
Building blocks

15
Cryptographic primitive

• Cryptographic primitives are well-established, low-

level cryptographic algorithms that are frequently used to
build cryptographic protocols for computer security systems.

16
Cryptographic protocols

• Used for secure application-level data transport

• Incorporates the following aspects
• Key agreement or establishment
• Entity authentication
• Symmetric encryption and message authentication material construction
• Non-repudiation methods
• Secret sharing methods
• Secure multi-party computation
• Examples: IPsec, Kerberos, Secure Shell (SSH) etc..,
17
Cryptographic primitives
• Mainly divided as
• Unkeyed primitives
• Symmetric-key primitives
• Public-key primitives

18
Unkeyed primitives
• Unkeyed includes
• Hashing, SHA-family
• One-way permutations
• Use
• Hash and sign

19
Simmitric – key primitive

• Single key shared between sender and receiver

• Design principles
• Block size
• Key size
• Number of rounds
• Subkey generation
• Round function
• Fast software en/decryption
20
Symmetric- key primitives
• Block ciphers
• Stream ciphers, RC4 - also can come from
• Mode of block ciphers
• PRNG - pseudo-random number generators

21
Public key primitives
• Participant possesses a private and a public key.
• Message encrypted from public key can be decrypted using private key
• Message encrypted from private key can be decrypted using public key
• Main ingredients of public key system:
• Plaintext
• Encryption algorithm
• Private key
• Public key
• Decryption algorithm
• Ciphertext

22
Public key primitives

• Public-key cryptosystems
• Signatures
• PKI - public-key infrastructure, only if we had it right :-(

23
Math in primitives

• Keyless: so far mostly bit swapping

• Shared-key:
• Mostly around binary Galois fields GF()
• Public-key: mostly use number theory,
• Now essentially in all Public key cryptography, including ECC

24
Math in cryptanalysis
• Probability and statistics, random oracle models
• Number theoretical algorithms: primality, factoring
• Discrete logarithms: cyclic group discovery, index calculus,
• counting points on elliptic curves, theory of elliptic curves

25
Cryptographic primitive evaluation
• Primitives should be evaluated with respect to various criteria such as:
• Level of security - is usually difficult to quantify.
• Functionality - primitives will need to be combined to meet various information
security objectives.
• Mode of operation - primitives, when applied in various ways and with various
inputs, will typically exhibit different characteristics.
• Performance - refers to the efficiency of a primitive in a mode of operation.
• Ease of implementation – refers to the difficulty of realizing the primitive in a
practical instantiation.

26
Classical cryptography
Most of them not in use nowadays

27
Olden days cryptography
• Used historically
• Practically computed and solved by hand
• Most of it was “the art of writing or solving codes”
• Letter coding
• Number coding
• Mixed coding

28
Letter coding
• If TAP is coded as SZO then how is freeze coded

solution:
F------E
R------Q
E------D
E------D
Z-------Y
E-------D

29
Number Coding
• If P A I N T is coded as 74128 and E X C E L is coded as 93596, then
how would you encode A C C E P T?

A C C E P T
4 5 5 9 7 8

30
Example
• If ‘tee see pee’ means ‘drink fruit juice’ ‘see kee mee’ means ‘juice is
sweet’ and ‘fee ree mee’ means ‘he is intelligent’ which world means
‘sweet’?
“Drink fruit juice” and “Juice is sweet”----juice is common word
“tee see pee” and “see kee mee” ---- see is common
so juice is coded as see
similarly from “juice is sweet” and “he is intelligent” -- ‘is’ common
so is is coded as “mee” remaining word from “juice is sweet” is
sweet
so the sweet is coded as “kee”
31
cryptosystem
•

32
Classical cipher
• The classical algorithms are those invented pre-computer up until
around the 1950's.
• Mainly
• Substitution ciphers
• Transposition cipher
• Combined

33
Substitution cipher
• Encrypt the plaintext by swapping each letter or symbol in the plaintext
by a different symbol as directed by the key.
• Monoalphabetic cipher
• Polyalphabetic cipher
• polygraphic cipher

34
Substitution example
• If cook is called butler, butler is called manager, manager is called
teacher, teacher is called clerk and finally clerk is called principal,
who will teach in class

teacher is called clerk so clerk teaches in class

35
Monoalphabetic substitution cipher
• Simple substitution cipher
• Fixed substitution over the entire message
• Example:
• Caesar cipher

36
Caesar cipher
• Simple monoalphabetic substitution cipher
• Substitute one letter for another

• A in plaintext is replace with D in ciphertext, B in plaintext is replaced

with E in ciphertext

37
Caesar cipher example
• Plaintext “begin the attack now”
• Key: Shift index by 3
• Cipher: Caesar cipher

38
solution

• Ciphertext: EHJLQWKHDWWDFNQRZ

39
Polyalphabetic substitution cipher
• Cipher alphabet for the plain alphabet may be different at different
places during the encryption process.
• Examples:
• Playfair cipher
• Vigenere cipher

40
Playfair cipher
• Encrypting and Decrypting:
• Plaintext encrypted two letters at a time:
• STEP1: if a pair is a repeated letter, insert a filler like 'X', eg. "balloon"
encrypts as "ba lx lo on"
• STEP2: If both letters fall in the same row, replace each with letter to right
(wrapping back to start from end)
• STEP3: if both letters fall in the same column, replace each with the letter
below it (again wrapping to top from bottom)
• STEP4: otherwise each letter is replaced by the
one in its row in the column of the other
letter of the pair
41
Playfair example
• Plain text = classical ciphers are easily breakable.
• Key = ENCRYPT
• Cipher system = playfair
E N C R Y
P T A B D
F G H I/J K
L M O Q S
U V W X Z

42
Playfair cipher steps:
• Two letters at a time
• Plaintext: “tell him about me”
TE LL HI MA BO UT ME

• Step1: if a pair is a repeated letter, insert a filler

TE LX LH IM AB OU TM EX

• Step2-step4
TE LX LH IM AB OU TM EX
PN QU OF GQ BD LW GV RU

Ciphertext: PNQUOFGQBDLWGVRU

43
Vigenere Cipher
• Idea: Uses Caesar's cipher with various shifts, in order to hide the
distribution of the letters.
• A key defines the shift used in each letter in the text
• A key word is repeated as many times as required to become the
same length

44
Vigenere Cipher examples
Example1:
Plain text: I attack
Key: 234
Ciphertext: KDXVDGM
Example 2:
Plain text : I attack
Key: exam
Ciphertext: NYRGFAL

45
Polygraphic substitution cipher
• Works on multiple letters at the same time
• Hill cipher

46
Hill cipher
•

3 0 2
2 0 -2
0 1 1

0.2 0.2 0
-0.2 0.3 1
0.2 -0.3 0

47
To encrypt plaintext using matrix M
• Plaintext=‘abc’
• Key = matrix M
• Cipher = Hill cipher considering a=1, b=2, c=3
• Encryption achieved my multiplying matrix M by values of
plaintext grouped 3 letters at a time
3 0 2 0 4
Ciphertext C= 2 0 -2 . 1 = -4
0 1 1 2 3

48
Decryption hill cipher
•

0.2 0.2 0 4 0
-0.2 0.3 1 -4 1
0.2 -0.3 0 3 2

49
Next Class
☞ Mandatory reading for the next class
https://ieeexplore.ieee.org/document/8686758

50
Classical cryptography
Most of them not in use nowadays

51
Classical transposition cipher
• Is a method of encryption by which the positions held by units
of plaintext (which are commonly characters or groups of
characters) are shifted according to a regular system, so that
the ciphertext constitutes a permutation of the plaintext.
• Transposition cipher, simple data encryption scheme in which
plaintext characters are shuffled in some regular pattern to
form cipher text.
• Rail Fence cipher
• Columnar transposition
• Double transposition
52
Rail fence cipher
• The rail fence cipher (sometimes called zigzag cipher) is a
transposition cipher that jumbles up the order of the letters of
a message using a basic algorithm.
• The rail fence cipher works by writing your message on
alternate lines across the page, and then reading off each line
in turn.

53
Rail fence example
• Plaintext: “this is a secret message”
• Key =2
• Cipher system: rail fence
• Ciphertext:
T I I A E R T E S G

H S S S C E M S A E

• TIIAERTESGHSSSCEMSAE

54
Columnar transposition cipher
• In a columnar transposition, the message is written out in rows
of a fixed length, and then read out again column by column,
and the columns are chosen in some scrambled order.
• Both the width of the rows and the permutation of the columns
are usually defined by a keyword.
• For example, the keyword ZEBRAS is of length 6, and the
permutation is defined by the alphabetical order of the letters in
the keyword. In this case, the order would be "6 3 2 4 1 5".
• In a regular columnar transposition cipher, any spare spaces are
filled with nulls;

55
Encryption:
• For example, suppose we use the keyword ZEBRAS and the message WE ARE DISCOVERED. FLEE
6 3 2 4 1 5
AT ONCE.
Z E B R A S
W E A R E D
I S C O V E
R E D F L E
E A T O N C
• providing five nulls (QKJEU), these letters can be
E X- X- X-J X-E X-
randomly selected as they just fill out the incomplete Q K U

columns and are not part of the message.

• The cipher text is then read off as:
• EVLNE ACDTK ESEAQ ROFOJ DEECU WIREE
56
Columnar transposition decryption
• To decipher it, the recipient must work out the column lengths
by dividing the message length by the key length.
• Then, write the message out in columns again, then re-order
the columns by reforming the key word.

57
Double transposition Cipher
• Double Transposition consists of two applications of columnar
transposition to a message. The two applications may use the
same key for each of the two steps, or they may use different
keys.

58
Example
2 1 3 4
• Plaintext “We are discovered flee at once”H E L P

• Key1: zebras E V L N
E A C D
• Key2: help T K E S
• Ciphertext after key1: E A Q R

EVLNE ACDTK ESEAQ ROFOJ DEECU WIREE O F O J

D E E C
• Ciphertext after key2: U W I R
EVAKAFEWEEETEODUELCEQOEIKNDSRJCRG E E X- X-
K G

59
Steganography
Uses of Steganography
• Governments

• Businesses: Digital Watermarking

• Individuals
Steganography & Cryptography
• Steganography and Cryptography are closely related
• The difference is in their goals...
• Cryptography: although encypted and unreadable, the
existence of data is not hidden
• Steganography: no knowledge of the existence of the data
• Steganography and Cryptography can be used together to
produce better protection
Digital Watermarking

Image “painted” with the watermark: “Invisible Man” © 1997, Neil F. Johnson
Digital Watermarking
• Used primarily for identification
• Embedding a unique piece of information within a medium
(typically an image) without noticeably altering the medium
• Almost impossible to remove without seriously degrading an
image
Types of Digital Steganography
• Hiding a Message inside Text
• Hiding a Message inside Images
• Most popular technique
• Hiding a Message inside Audio and Video Files
Hiding a Message inside Text
• Partially effective

randoM capitalosis is a rarE disEase ofTen

contrAcTed by careless inTernet users. tHis sad
illnEss causes the aFfected peRsON To randomly
capitalize letters in a bOdy oF texT. please
do not confuse this disease witH a blatant
attEmpt aT steganogRAPhy.

Reveals: MEET AT THE FRONT OF THE TRAP

Hiding a Message inside Text

• First-letter algorithm
• Every n-th character
• Altering the amount of whitespace
• Using a publicly available cover source
Hiding a Message inside Images
• The most popular medium!

• Least-significant bit (LSB) modifications

• 24-bit vs. 8-bit images
• Tools to implement LSB: EzStego and S-Tools
• Masking and Filtering
• Algorithms and Transformations
Hiding an Image within an Image
 Removing all but the two least significant bits of each color component produces an almost completely
black image. Making that image 85 times brighter produces the image below

 source: wikipedia.org
Next Class
☞ Mandatory reading for the next class
☞ https://users.encs.concordia.ca/~youssef/Publications/Papers/C
ryptanalysis%20of%20Simple%20Substitution%20Ciphers%20Usi
ng%20Particle%20Swarm.pdf

70
Classical ciphers cryptanalysis
Without key get the secret data

71
Cryptanalysis
• This video focus on cryptanalysis
• hacker wants to recover key or plaintext
• hacker is not bound by any rules
• For example, hacker might attack the implementation, not the
algorithm itself

72
Definition of Secure
• A cryptosystem is secure if the best know attack is to try all
possible keys
• Cryptosystem is insecure if any shortcut attack is known
• By this definition, an insecure system might be harder to break
than a secure system!

73
Cryptanalysis attack

74
Cryptanalytic Attacks
• Ciphertext only
• only know algorithm & ciphertext, is statistical, know
or can identify plaintext
• Known plaintext
• know/suspect plaintext & ciphertext
• Chosen plaintext
• select plaintext and obtain ciphertext
• Chosen ciphertext
• select ciphertext and obtain plaintext

75
Ciphertext-Only Attack
• Ciphertext-only attack: only know algorithm & ciphertext, is
statistical, know or can identify plaintext

76
Known-Plaintext Attack
• know/suspect plaintext & ciphertext

77
Chosen-Plaintext Attack
• select plaintext and obtain ciphertext

78
Chosen-Ciphertext Attack
• select ciphertext and obtain plaintext

79
Theoretical Cryptanalysis
• Think that a cipher has a 100 bit key
• Then keyspace is of size 2100
• Think there is a shortcut attack with “work” equal to testing about
280 keys
• If hacker can test 230 per second
• Then she finds key in 36 million years
• Better than 37 trillion, but not practical

80
Why Study Cryptanalysis?

• Study of cryptanalysis gives insight into all aspects of

crypto
• Gain insight into attacker’s mindset
• “black hat” vs “white hat” mentality
• Cryptanalysis is more fun than cryptography
• Cryptographers are boring
• Cryptanalysts are cool
• But cryptanalysis is hard
81
Exhaustive Key Search

• try all possible keys and test each to see if it is correct

• Exhaustive key search
• To prevent an exhaustive key search, a cryptosystem
must have a large keyspace
• Must be too many keys for Trudy to try them all in any
reasonable amount of time

82
Cryptanalysis of Caesar cipher

what is this? can you try find the sentence written here?
FRPPRQFDHVDUFLSKHULVHDVLOBGHFUHSWHG

plaintext: common, caesar cipher is easily decrepted.

83
Cryptanalysis of the Columnar Transposition Cipher

• The first step in attacking a columnar transposition cipher is to

try all possible short keywords. If we check all keywords up to a
length of 9 or so, we don't have to wait very long.
• For every keyword permutation we score the deciphered text,
then choose the text with the highest score as our best
candidate.
• The number of possible rearrangements of a
length N key is N! (N factorial). This number
grows very quickly as N gets larger.

84
Next Class
☞ Mandatory reading for the next class
☞ https://brilliant.org/courses/probability/

85
 S Rajashree
Computer Science and Engineering
BNMIT, Bengaluru

10 June 2020 86