CH02
CH02
Cryptographic Tools
Symmetric Encryption
• The universal technique for providing
confidentiality for transmitted or stored data
• Also referred to as conventional encryption or
single-key encryption
Strength concerns:
• Concerns about the algorithm itself
• DES is the most studied encryption
algorithm in existence
• Concerns about the use of a 56-bit
key
• The speed of commercial off-the-shelf
processors makes this key length woefully
inadequate
Table 2.2
Significantly
3DES was not improved efficiency
Published as
reasonable for
long term use FIPS 197
Symmetric block
cipher
Stream
Cipher
• Processes the input elements continuously
• Produces output one element at a time
• Primary advantage is that they are almost always faster
and use far less code
• Encrypts plaintext one byte at a time
• Pseudorandom stream is one that is unpredictable
without knowledge of the input key
Message
Authentication
Protects against
active attacks
• Contents have not been
Verifies received altered
message is • From authentic source
• Timely and in correct
authentic sequence
Can use
• Only sender and receiver
conventional share a key
encryption
Message Authentication
Without Confidentiality
• Message encryption by itself does not provide a secure
form of authentication
• It is possible to combine authentication and confidentiality
in a single algorithm by encrypting a message plus its
authentication tag
• Typically message authentication is provided as a separate
function from message encryption
• Situations in which message authentication without
confidentiality may be preferable include:
• There are a number of applications in which the same message is broadcast to
a number of destinations
• An exchange in which one side has a heavy load and cannot afford the time to
decrypt all incoming messages
• Authentication of a computer program in plaintext is an attractive service
Cryptanalysis Passwords
• Exploit logical • Hash of a password is
weaknesses in the stored by an operating
algorithm system
Asymmetri
c
Publicly • Uses two Some form
proposed Based on separate of protocol
by Diffie mathemati keys is needed
and cal • Public key for
Hellman in functions and private distributio
1976 key n
• Public key
is made
public for
others to
use
Plaintext
Readable message or data that is fed into the algorithm as input
Encryption algorithm
Performs transformations on the plaintext
Public and private key
Pair of keys, one for encryption, one for decryption
Ciphertext
Scrambled message produced as output
Decryption key
Produces the original plaintext
User encrypts data using his or
her own private key
Anyone who knows the
corresponding public key will be
able to decrypt the message
Table 2.3
Computationally
Useful if either key easy for sender
can be used for knowing public key
each role to encrypt
messages
Computationally Computationally
infeasible for easy for receiver
opponent to knowing private key
otherwise recover to decrypt
original message ciphertext
Computationally
infeasible for
opponent to
determine private
key from public key
Digital Signatures
NIST FIPS PUB 186-4 defines a digital signature as:
”The result of a cryptographic transformation of data that,
when properly implemented, provides a mechanism for
verifying origin authentication, data integrity and
signatory non-repudiation.”
Thus, a digital signature is a data-dependent bit pattern,
generated by an agent as a function of a file, message, or other
form of data block
FIPS 186-4 specifies the use of one of three digital signature
algorithms:
Digital Signature Algorithm (DSA)
RSA Digital Signature Algorithm
Elliptic Curve Digital Signature Algorithm (ECDSA)
Caesar Cipher (Classical
Encryption Example)
p = DK(c) = (c – k) mod 26
• Can be generalized with any alphabet.
• Key space: {0, 1, ..., 25}
• Vulnerable to brute-force attacks. 28
Monoalphabetic Substitution Cipher
(Classical Encryption Example)
• Shuffle the letters and map each plaintext letter to a
different random ciphertext letter:
Plain letters: abcdefghijklmnopqrstuvwxyz
Cipher letters: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
29
Monoalphabetic Cipher Security
• Now we have a total of 26! = 4 x 1026 keys.
• With so many keys, it is secure against brute-
force attacks.
• But not secure against some cryptanalytic
attacks.
• Problem is language characteristics.
30
Language Statistics and Cryptanalysis
31
Statistics for double & triple letters
• In decreasing order of frequency
• Double letters:
th he an in er re es on, …
• Triple letters:
the and ent ion tio for nde, …
32