The shift

cipher
Consider encrypting English
text
Associate a with b with … z with
0; 1; ; 25
k  {0, …, 25}
To encrypt using key k, shift every letter of
the ositions (with wraparou
plaintext
Decry by kdoes
tion just p helloworldz
the reverse
p nd)
ccccccccccc
jgnnqyqtnfb
Modular
arithmetic
x = x’ mod N if and only if N divides x-x’
• [x mod N] = The remainder when x is
divided by N
• I.e., The unique value x’{0, …, N-1}
such that
25 =x35= mod
x’ mod N
10
25 ≠ [35 mod
10]
5 = [35 mod
10]
The shift cipher,
formally
M = {strings over lowercase English
alphabet}
Gen: choose uniform k{0, …, 25}
Enck(m1…mt): output c1…ct, where
ci := [mi + k mod 26]
Deck(c1…ct): output m1…mt, where
mi := [ci - k mod 26]

Can verify that correctness

holds…
 Is the shift cipher
secure?
No -- only 26 possible keys!
• Given a ciphertext, try decrypting with every
possible key
• If ciphertext is long enough (and plaintext is
normal
English), only one possibility will “make sense”
Exampl
e
Ciphertext uryybjbeyq
Try every possible
key…
• tqxxaiadxp
• spwwzhzcwo
• …
• helloworld
Kerckhoffs’s
principle
The encryption scheme is not
secret
• The only secret is the key
• The key must be chosen at kept
random, secret
Som arguments in favor of this principle
e Easier to keep secret key than secret
• algorithm Easier to change key than to
• change algorithm Standardization
• • Ease of deployment
• Public validation
Sufficient key space
principle
The key space should be large enough to
prevent
“brute-force,” exhaustive-search attacks
Sufficient key space
principle
If an encryption scheme has a key space that
is too
small, then it will be vulnerable to
exhaustive-
search attacks
The Vigenère
cipher
The key is now a string, not just a character
To encrypt, shift each character in the
plaintext by the amount dictated by the
next character of the key
• Wrap around in the key as needed
Decryption just reverses the
process
tellhimaboutme
cafecafecafeca
veqpjiredozxoe
The Vigenère
cipher
Size of key space?
• If keys are 14-character strings; spac
then
haskey 261  266 e
• size
4
Brute-force search
expensive/impossible
Is the Vigenère cipher
secure?
(Believed secure for many
years…)
 Attacking the Vigenère
cipher
(Assume a 14- key)
character
Observatio ever 14th charact is “encrypted usin the
n: y er ” g
same
shift
Lookin at every 14th character is
g st) like looking at ciphertext
(alm pted with the shift cipher
o ough brute-force attack from
encrbefor doesn’t
ye work…
• Th
Using plaintext letter
frequencies
Attacking the Vigenère
cipher
Look at every 14th character of the ciphertext, starting
the first with
Let  be the most common character appearing
in this
portion of the ciphertext
Most likely, this character corresponds to the most
common
plaintext character (‘e’)
• Guess the first character of the key is  - ’e’
Better (more
Repeat for all complicated) attacks also
other positions
possible
 Back to the drawing
board…
So far: “ad hoc”
constructions;
construct, break, repeat,
…
Can we prove that some schem
encryption e
is secure?
First need to define what we mean by in the
“secure” first
place…
 Cryptography
characterize cryptographic system by:
• type of encryption operations used
• substitution / transposition / product
• number of keys used
• single-key or private / two-key or public
• way in which plaintext is processed
• block cipher, in/out is one block of
elements
• Stream cipher, in/out is one continuous
element
 Cryptanalys
is
objective is to recover not just
key message
general approaches:
• cryptanalytic
• rely on the nature of the algorithm
attack
• plus general characteristics of the plaintext
• or some sample pairs of plaintext-
ciphertext.
• brute-force attack
• try every possible key
Cryptanalytic
Attacks
ciphertext only
• only know algorithm & is
ciphertext, know or can statistical,
identify plaintext
known plaintext plaintext & ciphertext
• know/suspect
chosen plaintext
• select plaintext and obtain ciphertext
chosen ciphertext
• select ciphertext and obtain plaintext
chosen text
• select plaintext or ciphertext to
en/decrypt
 More Definitions
unconditional security
•no matter how much computer power or
time is available, the cipher cannot be
broken since the ciphertext provides
insufficient information to uniquely
determine the corresponding plaintext
computational security
• given limited computing resources (eg time
needed for calculations is greater than age of
universe), the cipher cannot be broken
 Brute Force
Search
always possible to simply try every key
most basic attack, proportional to key
size assume either know / recognise
plaintext
Key Size (bits) Number of Alternative Time required at 1 Time required at 106
Keys decryption/µs decryptions/µs
32 232 = 4.3  109 231 µs = 35.8 minutes 2.15 milliseconds
56 256 = 7.2  1016 255 µs = 1142 years 10.01 hours
128 2128 = 3.4  1038 2127 µs = 5.4  1024 years 5.4  1018 years

168 2168 = 3.7  1050 2167 µs = 5.9  1036 years 5.9  1030 years

26 characters 26! = 4  1026 2  1026 µs = 6.4  1012 years 6.4  106 years
(permutation)
Summar
y
Symmetric
encryption
Public encryption
Digital Signature
Private-key
cryptography
Private-key cryptography allows two users who
share a
secret key to establish a “secure channel”
The need to share a secret key incurs
several
drawbacks…
The key-distribution
problem
How do users share a key in the first
place?
• Need to share the key using a secure
channel…
Thi problem can be solved in some
s settings…
• E.g., physical proximity, trusted
• courier
…but(Note: this does
not others (or atnot make
least not
private-key cryptography useless)
cheaply)
The key-management
problem
Imagine an organization with N employees, eac
where h
pair of employees might need to
communicate
securely
Solution using private-key cryptography:
• Each user shares a key with all other
users
 Each user must store/manage N-1 secret
keys!
 O(N2) keys overall!
Lack of support for “open
systems”
Say two users who have no prior relationship
want to
communicate securely
• When would they ever have shared a key?

This is not at all far-fetched!

• Customer sending credit-card data to
merchant
• Sending an email to a colleague
 “Classical”
cryptography
offers no
solution
to these
problems!
New
directions…
Key ideas:
• Some problems exhibit asymmetry –
easy to
compute, but hard to invert (think
factoring)
• Use this asymmetry to enable two
parties to agree on a shared secret key
using public discussion(!)
• Key exchange
Public-Key
Cryptography
probably most significant advance in the 3000
year
history of cryptography
uses two keys – a public & a private key
asymmetric since parties are not equal
uses clever application of number theoretic
concepts
to function
complements rather than replaces private key
crypto
 Th language cryptograp
e of hy
Alice’s Bob’s
K encryption K decryption
A
key B
key

plaintext encryptio ciphertext decryptio plaintext

n n
algorithm algorith
m

symmetri key crypto: sender, key identica

c receiverencryption key public,
crypto: s l
decryption
public- key
secre (private
key
t )
Public-Key
Cryptography
Summar
y
Symmetric
encryption
Public encryption
Digital Signature
Digital Signatures

Cryptographic technique
analogous to hand-written
signatures.
sender (Bob) digitally signs document,
establishing he is document
verifiable, nonforgeable: recipient (Alice) can
owner/creator.
prove to someone Bob, and no one
that (including else have signed
Alice), must
document
Digital Signatures
Simple digital signature for
message m:
Bob- signs m by encrypting with- his
private
Bob’s message,key
m KB, creating
K Bob’s “signed”
- private
K
-
(m)
B key B
message,
Dear Alice KB(m)
Oh, how I have missed
Bob’s message, m,
you. I think of you all the Public key signed (encrypted)
time! …(blah blah blah) encryptio with his private key
Bob n
algorithm