• Basic Cryptography

• Classical Cryptography
• Public Key Cryptography
• Cryptographic Checksums
– Hash functions

• September 10, • Introduction to Computer • Slide #8-1

2009 Security
• Enterprise security architecture
 • Overview
• Classical Cryptography
– Cæsar cipher
– Vernam cipher, Vigènere cipher
– RC4
– DES, AES
• Public Key Cryptography
– Diffie-Hellman
– RSA
– Digital signature
– Cryptographic Checksums
– HMAC
– MD5, SHA-1
• September 10, • Introduction to Computer • Slide #8-3
2009 Security
 • What is Cryptography?
• Secret writing.
• Cryptanalysis is the breaking of codes.
• Basic component of cryptography is a
cryptosystem
• The goal of cryptography is to keep
enciphered information secret.

• September 10, • Slide #8-4

2009
 • Cryptosystem
• Quintuple (E, D, M, K, C)
– M set of plaintexts
– K set of keys
– C set of ciphertexts
– E set of encryption functions e: M  K  C
– D set of decryption functions d: C  K  M

• September 10, • Slide #8-5

2009
 • Example
• Example: Cæsar cipher( in which letters are
shifted)
– M = { sequences of letters }
– K = { i | i is an integer and 0 ≤ i ≤ 25 }
– E = { Ek | k  K and for all letters m,
• Ek(m) = (m + k) mod 26 }
– D = { Dk | k  K and for all letters c C,
• Dk(c) = (26 + c – k) mod 26 }
–D=M

• September 10, • Slide #8-6

2009
 • Attacks
• Opponent whose goal is to break
cryptosystem is the adversary
– Assume adversary knows algorithm used, but not key
• Three types of attacks:
– ciphertext only: adversary has only ciphertext; goal is to
find plaintext, possibly key
– known plaintext: adversary has ciphertext, corresponding
plaintext; goal is to find key
– chosen plaintext: adversary may supply plaintexts and
obtain corresponding ciphertext; goal is to find key

• September 10, • Slide #8-7

2009
 • Classical Cryptography
• Sender, receiver share common key
– Keys may be the same, or trivial to derive from one
another
– Sometimes called symmetric key cryptography
– In this system. Dk=Ek-1 (e.g. in Caeser Cipher key are
E3 and D3)
• Two basic types
– Transposition ciphers
– Substitution ciphers
– Combinations are called product ciphers

• September 10, • Slide #8-8

2009
 • Transposition Cipher
• Rearrange letters in plaintext to produce
ciphertext.
• Example (Rail-Fence Cipher)
– Plaintext is HELLO WORLD
– Rearrange as
• HLOOL
• ELWRD
– Ciphertext is HLOOL ELWRD

• September 10, • Slide #8-9

2009
 • Substitution Ciphers
• Change characters in plaintext to
produce ciphertext
• Example (Cæsar cipher)
– Plaintext is HELLO WORLD
– Change each letter to the third letter following it
(X goes to A, Y to B, Z to C)
• Key is 3, usually written as letter ‘D’
– Ciphertext is KHOOR ZRUOG

• September 10, • Slide #8-10

2009
 • Attacking the Cipher
• Exhaustive search
– If the key space is small enough, try all possible
keys until you find the right one
– Cæsar cipher has 26 possible keys

• September 10, • Slide #8-11

2009
 • Cæsar’s Problem
• Key is too short
– Can be found by exhaustive search
– Statistical frequencies not concealed well
• They look too much like regular English letters
• So make it longer
– Multiple letters in key
– Idea is to smooth the statistical frequencies to
make cryptanalysis harder

• September 10, • Slide #8-12

2009
 • Vigènere Cipher
• Like Cæsar cipher, but chooses a sequence of
same key
• The key letters are applied to successive
plaintext. characters.
• Example
– Message: HOW ARE YOU
– Key: BENCH
– Encipher using Vigenere chipher:
• plain Text: HOW ARE YOU
• Key: BEN CHB
ENC
• Cipher Text: ISJ CYF CBW

• September 10, • Introduction to Computer • Slide #8-13

2009 Security
 • Vigenere tableau
• A B C ---• Table rows, columns
Z • Example
•A A B C encipherments:
---Z
•B B C D--- – key C, letter A: follow C
A column down to A row
•C C D E--- (giving “C”)
B – Key E, letter O:” follow
•D D E F---
C E column down to O
•| | | | row(giving “S”)
|
•| | | |
•
• X
September X
10, Y • Introduction to Computer • Slide #8-14
Z----W
2009 Security
 • Useful Terms
• period: length of key
– In earlier example, period is 5
• tableau: table used to encipher and decipher
– Vigènere cipher has key letters on top, plaintext
letters on the left
• polyalphabetic: the key has several different
letters
– Cæsar cipher is monoalphabetic

• September 10, • Introduction to Computer • Slide #8-15

2009 Security
 • Vernam Cipher


Selects the key that is as long as the
plaintext.

It works on binary bits than letters

Ci=pi X-OR ki

Where ith cipher bit is equal to ith
plaintext bit X-OR with ith key bit.
 • One-Time Pad
• A Vigenère cipher with a random key at least
as long as the message
• Example: (letter numbers from 0 to 25)
• Plain Text: H O W A R E Y O U
• 7 14 22 0 17 4 24 14 20
• One time pad N C B T Z Q A R X
• 13 2 1 19 25 16 0 17 23
• Initial total 16 23 19 42 20 24 31 43
• Substract 26 20 16 23 19 16 20 24 5 17
• ( if > 25)
• Cipher text UQXTQUYFR

• September 10, • Slide #8-17

2009
 • End

• September 10, • Introduction to Computer • Slide #8-18

2009 Security
• Move to public key cryptography

• September 10, • Introduction to Computer • Slide #8-19

2009 Security
 • Overview of the DES
• A block cipher:
– encrypts blocks of 64 bits using a 64 bit key
– outputs 64 bits of ciphertext
• A product cipher
– basic unit is the bit
– performs both substitution and transposition (permutation)
on the bits
• Cipher consists of 16 rounds (iterations) each with
a round key generated from the user-supplied key

• September 10, • Introduction to Computer • Slide #8-20

2009 Security
 • Generation of Round Keys
key
• Round keys are 48
PC-1 bits each
C0 D0

LSH LSH
PC-2 K1

C1 D1

LSH LSH
PC-2 K16

• September 10, • Introduction to Computer • Slide #8-21

2009 Security
 • Encipherment
input

IP

L0 R0

 f K1

L1 = R0 R1 = L0  f(R0 , K1)

R16 = L15 ­ f (R15, K16) L16 = R15

IPŠ1

output

• September 10, • Introduction to Computer • Slide #8-22

2009 Security
 • The f Function
R iŠ1 (32 bits) Ki (48 bits)

R iŠ1 (48 bits)  6 bits into each

S1 S2 S3 S4 S5 S6 S7 S8

4 bits out of each

32 bits

• September 10, • Introduction to Computer • Slide #8-23

2009 Security
 • Controversy
• Considered too weak
– Diffie, Hellman said in a few years technology
would allow DES to be broken in days
• Design using 1999 technology published
– Design decisions not public
• S-boxes may have backdoors

• September 10, • Introduction to Computer • Slide #8-25

2009 Security
 • Undesirable Properties
• 4 weak keys
– They are their own inverses
• 12 semi-weak keys
– Each has another semi-weak key as inverse
• Complementation property
– DESk(m) = c  DESk(m) = c
• S-boxes exhibit irregular properties
– Distribution of odd, even numbers non-random
– Outputs of fourth box depends on input to third box

• September 10, • Introduction to Computer • Slide #8-26

2009 Security
 • Differential Cryptanalysis
• A chosen ciphertext attack
– Requires 247 plaintext, ciphertext pairs
• Revealed several properties
– Small changes in S-boxes reduce the number of pairs
needed
– Making every bit of the round keys independent does not
impede attack
• Linear cryptanalysis improves result
– Requires 243 plaintext, ciphertext pairs

• September 10, • Introduction to Computer • Slide #8-27

2009 Security
 • DES Modes
• Electronic Code Book Mode (ECB)
– Encipher each block independently
• Cipher Block Chaining Mode (CBC)
– Xor each block with previous ciphertext block
– Requires an initialization vector for the first one
• Encrypt-Decrypt-Encrypt Mode (2 keys: k, k)
– c = DESk(DESk–1(DESk(m)))
• Encrypt-Encrypt-Encrypt Mode (3 keys: k, k, k)
– c = DESk(DESk (DESk(m)))

• September 10, • Introduction to Computer • Slide #8-28

2009 Security
 • CBC Mode Encryption

• init. vector • m1 • m2 • …
 

• DES • DES • …

• c1 • c2 • …

• sent • sent

• September 10, • Introduction to Computer • Slide #8-29

2009 Security
 • CBC Mode Decryption

• init. vector • c1 • c2 • …

• DES • DES • …

 

• m1 • m2 • …

• September 10, • Introduction to Computer • Slide #8-30

2009 Security
 • Self-Healing Property
• Initial message
– 3231343336353837 3231343336353837
3231343336353837 3231343336353837
• Received as (underlined 4c should be 4b)
– ef7c4cb2b4ce6f3b f6266e3a97af0e2c
746ab9a6308f4256 33e60b451b09603d
• Which decrypts to
– efca61e19f4836f1 3231333336353837
3231343336353837 3231343336353837
– Incorrect bytes underlined
– Plaintext “heals” after 2 blocks

• September 10, • Introduction to Computer • Slide #8-31

2009 Security
 • Current Status of DES
• Design for computer system, associated
software that could break any DES-enciphered
message in a few days published in 1998
• Several challenges to break DES messages
solved using distributed computing
• NIST selected Rijndael as Advanced
Encryption Standard, successor to DES
– Designed to withstand attacks that were successful on
DES

• September 10, • Introduction to Computer • Slide #8-32

2009 Security
 • Public Key Cryptography
• Two keys
– Private key known only to individual
– Public key available to anyone
• Public key, private key inverses
• Idea
– Confidentiality: encipher using public key,
decipher using private key
– Integrity/authentication: encipher using private
key, decipher using public one

• September 10, • Introduction to Computer • Slide #8-33

2009 Security
 • Requirements
1.It must be computationally easy to
encipher or decipher a message given
the appropriate key
2.It must be computationally infeasible to
derive the private key from the public
key
3.It must be computationally infeasible to
determine the private key from a chosen
plaintext attack
• September 10, • Introduction to Computer • Slide #8-34
2009 Security
 • Diffie-Hellman
• The first public key cryptosystem proposed
• A pair of users use this algorithm to generate a
common key.
• It is based on discrete logarithm problem.
• This problem is to find a value of k such that
n=gk mod p, for given n, g and prime p.
g value is other than 0, 1 and p-1.
• Difficulty increases exponentially as p
increases.
•
• September 10, • Introduction to Computer • Slide #8-36
2009 Security
 • Example
• Alice and Bob have chosen p=53 and g=17,
and private keys to be kAlice=5 and kBob=7.
• Their public keys are KAlice=175 mod 53 =40
and
• KBob= 177 mod 53
=6.
• Suppose Bob wishes to send Alice a
message. So, he computes the shared secret
key by enciphering Alice’s public key using his
private key.
• SBob,Alice = KAlicekBob mod p
•• September 10, = 407• Introduction
mod 53=38 to Computer • Slide #8-37
2009 Security
 • Example
• When Alice gets the message, she computes
the key she shares with Bob as follows
• SAlice,Bob = KBobkAlice mod p
• = 65 mod 53=38
• Now Alice can deciphers the message.
• Here, SB,A=SA,B, by mathematical property.
• Note: As user’s share the same secret key S,
the Diffie-Hellman scheme is the example of
symmetric key exchange protocol.

• September 10, • Introduction to Computer • Slide #8-38

2009 Security
RSA
• (Rivest, Shamir, Adleman)
• Exponentiation cipher
• Relies on the difficulty of determining the
number of numbers relatively prime to a
large integer n

• September 10, • Introduction to Computer • Slide #8-39

2009 Security
 • Background
• Totient function (n)
– Number of positive integers less than n and relatively
prime to n
• Relatively prime means no factors in common with n other than 1.
• Example: (10) = 4
– 1, 3, 7, 9 are relatively prime to 10
• Example: (21) = 12
– 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20 are relatively prime
to 21

• September 10, • Introduction to Computer • Slide #8-40

2009 Security
 • Algorithm
• Choose two large prime numbers p, q
– Let n = pq; then (n) = (p–1)(q–1)
– Choose e < n such that e is relatively prime to
(n).
– Compute d such that ed mod (n) = 1
• Public key: (e, n); private key: (d, n)
• Encipher: c = me mod n
• Decipher: m = cd mod n

• September 10, • Introduction to Computer • Slide #8-41

2009 Security
 • Example: Confidentiality
• Take p = 7, q = 11, so n = 77 and (n) = 60
• Alice chooses e = 17, making d = 53
• Bob wants to send Alice secret message
HELLO (07 04 11 11 14)
– 0717 mod 77 = 28
– 0417 mod 77 = 16
– 1117 mod 77 = 44
– 1117 mod 77 = 44
– 1417 mod 77 = 42
• Bob sends 28 16 44 44 42

• September 10, • Introduction to Computer • Slide #8-42

2009 Security
 • Example
• Alice receives 28 16 44 44 42
• Alice uses private key, d = 53, to decrypt
message:
– 2853 mod 77 = 07
– 1653 mod 77 = 04
– 4453 mod 77 = 11
– 4453 mod 77 = 11
– 4253 mod 77 = 14
• Alice translates message to letters to read HELLO
– No one else could read it, as only Alice knows her private
key and that is needed for decryption

• September 10, • Introduction to Computer • Slide #8-43

2009 Security
 • Example:
Integrity/Authentication
• Take p = 7, q = 11, so n = 77 and (n) = 60
• Alice chooses e = 17, making d = 53
• Alice wants to send Bob message HELLO (07 04 11 11 14) so
Bob knows it is what Alice sent (no changes in transit, and
authenticated)
– 0753 mod 77 = 35
– 0453 mod 77 = 09
– 1153 mod 77 = 44
– 1153 mod 77 = 44
– 1453 mod 77 = 49
• Alice sends 35 09 44 44 49

• September 10, • Introduction to Computer • Slide #8-44

2009 Security
 • Example
• Bob receives 35 09 44 44 49
• Bob uses Alice’s public key, e = 17, n = 77, to decrypt message:
– 3517 mod 77 = 07
– 0917 mod 77 = 04
– 4417 mod 77 = 11
– 4417 mod 77 = 11
– 4917 mod 77 = 14
• Bob translates message to letters to read HELLO
– Alice sent it as only she knows her private key, so no one else could have
enciphered it
– If (enciphered) message’s blocks (letters) altered in transit, would not decrypt
properly

• September 10, • Introduction to Computer • Slide #8-45

2009 Security
 • Example: Both (C-I)
• Alice wants to send Bob message HELLO both enciphered and
authenticated (integrity-checked)
– Alice’s keys: public (17, 77); private: 53
– Bob’s keys: public: (37, 77); private: 13
– Providing both (C-I) requires enciphering with the sender’s private
key and the recipient’s public key
• Alice enciphers HELLO (07 04 11 11 14):
– (0753 mod 77)37 mod 77 = 07
– (0453 mod 77)37 mod 77 = 37
– (1153 mod 77)37 mod 77 = 44
– (1153 mod 77)37 mod 77 = 44
– (1453 mod 77)37 mod 77 = 14
• Alice sends 07 37 44 44 14

• September 10, • Introduction to Computer • Slide #8-46

2009 Security
 • Example
• The recipient(Bob) uses his private key to
decipher the message and the senders public
key to authenticate it.
• Bob receives 07 37 44 44 14
• The decipherment is
• (0713 mod77)17 mod77 = 07
• (3713 mod77)17 mod77 = 04
• (4413 mod77)17 mod77 = 11
• (4413 mod77)17 mod77 = 11
• (1413 mod77)17 mod77 = 14

• September 10, • Introduction to Computer • Slide #8-47

2009 Security
 • Security Services
• Confidentiality
– Only the owner of the private key knows it, so
text enciphered with public key cannot be read by
anyone except the owner of the private key
• Authentication
– Only the owner of the private key knows it, so
text enciphered with private key must have been
generated by the owner

• September 10, • Introduction to Computer • Slide #8-48

2009 Security
 • More Security Services
• Integrity
– Enciphered letters cannot be changed
undetectably without knowing private key
• Non-Repudiation
– Message enciphered with private key came from
someone who knew it

• September 10, • Introduction to Computer • Slide #8-49

2009 Security
 • Warnings
• Encipher message in blocks
considerably larger than the examples
here
– If 1 character per block, RSA can be broken using
statistical attacks (just like classical
cryptosystems)
– Attacker cannot alter letters, but can rearrange
them and alter message meaning
• Example: reverse enciphered message of text ON to get
NO
• September 10, • Introduction to Computer • Slide #8-50
2009 Security
 • Cryptographic Checksums
• Mathematical function to generate a set
of k bits from a set of n bits (where k ≤
n).
– k is smaller then n except in unusual
circumstances
• • •Set
n bits message and
of k bit checksum
• Message, re-compute
send
• the checksum and
both
• or message digest • compare it with Alice sent

• September 10, • Introduction to Computer • Slide #8-51

• Alice
2009 Security
 • Example Use
• Example: ASCII parity bit
– ASCII has 7 bits; 8th bit is “parity”
– Even parity: even number of 1 bits
– Odd parity: odd number of 1 bits
• Bob receives “10111101” as bits.
– Sender is using even parity; 6 1 bits, so character was
received correctly
• Note: could be garbled, but 2 bits would need to have been changed
to preserve parity
– Sender is using odd parity; even number of 1 bits, so
character was not received correctly

• September 10, • Introduction to Computer • Slide #8-52

2009 Security
 • Definition
• Cryptographic checksum (or Hash function):
• h: AB: has the following properties
1.For any x  A, h(x) is easy to compute
2.For any y  B, it is computationally infeasible to find x  A such that
h(x) = y
3.It is computationally infeasible to find two inputs x, x  A such that
x ≠ x and h(x) = h(x)
– Alternate form (stronger): Given any x  A, it is computationally infeasible
to find a different x  A such that h(x) = h(x).

• September 10, • Introduction to Computer • Slide #8-53

2009 Security
 • Collisions
• If x ≠ x and h(x) = h(x), x and x
are a collision
– Pigeonhole principle: if there are n containers for
n+1 objects, then at least one container will have
2 objects in it.
– Application: if there are 32 files and 8 possible
cryptographic checksum values, at least one value
corresponds to at least 4 files

• September 10, • Introduction to Computer • Slide #8-54

2009 Security
 • Keys
• Keyed cryptographic checksum: requires
cryptographic key
– DES in chaining mode: encipher message, use
last n bits. Requires a key to encipher, so it is a
keyed cryptographic checksum.
• Keyless cryptographic checksum: requires
no cryptographic key
– MD5 and SHA-1 are best known; others include
MD4, HAVAL, and Snefru

• September 10, • Introduction to Computer • Slide #8-55

2009 Security
 • HMAC
• Make keyed cryptographic checksums from
keyless cryptographic checksums
• h keyless cryptographic checksum function
that takes data in blocks of b bytes and
outputs blocks of l bytes. k is
cryptographic key of length b bytes. -If
short, pad with 0 bytes; if long, hash to length b
• ipad is 00110110 repeated b times
• opad is 01011100 repeated b times
• HMAC-h(k, m) = h(k  opad || h(k  ipad
|| m))
  exclusive or, || concatenation
• September 10, • Introduction to Computer • Slide #8-56
2009 Security
 • Digital Signature


Definition: A digital signature is a construct that authenticates both the
origin and contents of a message in a manner that is provable to a
disinterested third party.

RSA Digital signature:

suppose Alice is sending Bob her signature on a confidential contract m.
She enciphers it first and then signs it.

C= (meBob mod nBob )dAlice mod nAlice
 • El Gamal Digital Signature


Similar
to Diffie-Hellman scheme and relies on the solving
of discrete log problem.

Choose a prime p and two random numbers g and d both
less than p.

Compute y= g d mod p ;

Public key is (y,g,p) , private key is d.

Supose Alice wants to send Bob a signed contract m.
Alice selects a number k that is relatively prime to p-1.

Computes a =g k mod p and find b using m=(da+kb) mod
p-1.

The pair (a,b) is the signature.

To verify the signature, check that; yaab mod p = g m
mod p
 • El Gamal: Example


Alice chooses p=29 , g=3, and dAlice=6, yielding y =4.

She wants to send Bob the signed contract X(23).
She choose k=5, which is relatively prime to 28.

She computes a= 35 mod29=11. Solve for b using.
23=(6*11+5*b) mod 28. yields b= 25.

Alice send Bob m=23 and the signature (11, 25)

Bob wants to verify the signature, so he computes,


yaab mod p = 411 *1125 mod 29 =8, and

gm
mod p =323 mod 29 =8

Because the two match, Alice signed the message.
 • Key Points
• Two main types of cryptosystems: classical
and public key
• Classical cryptosystems encipher and
decipher using the same key
– Or one key is easily derived from the other
• Public key cryptosystems encipher and decipher
using different keys
– Computationally infeasible to derive one from the other
• Cryptographic checksums provide a check on
integrity

• September 10, • Introduction to Computer • Slide #8-60

2009 Security