A Brief History of Cryptography
description
Transcript of A Brief History of Cryptography
![Page 1: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/1.jpg)
A Brief History of Cryptography
Sandy Kutin
CSPP 532
University of Chicago
![Page 2: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/2.jpg)
What is cryptography?• “hidden writing”
• Until recently: military tool
• Like any military technology: methods change over time
• Two sides: designing codes breaking codes (cryptanalysis)
• Computers have changed both
![Page 3: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/3.jpg)
How do we encrypt?
Protocol, or scheme: method of encryption
Cryptovariable, or key: secret information
Symmetric encryption: decryption is the same
cryptovariable
ciphertext
plaintext protocol
![Page 4: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/4.jpg)
Example: Caesar Shift
• Protocol: shift each letter by the same amount
• Cryptovariable: amount to shift
-1
IBM HAL
Veni, vidi, vici
10Foxs, fsns, fsms
• Decryption: shift back the same amount
![Page 5: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/5.jpg)
How could we break this?
• Case I: we don’t know the protocol– Hard problem in cryptanalysis– “Clark Kent” effect
• Case II: we know the protocol– Need to guess the cryptovariable– Only 26 possibilities
![Page 6: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/6.jpg)
auffcuxcpcmuymnchnlymjulnym
Decrypt key = 6 Encrypt key = 20
bvggdvydqdnvznodiomznkvmozncwhhewzereowaopejpnaolwnpaodxiifxafsfpxbpqfkqobpmxoqbpeyjjgybgtgqycqrglrpcqnyprcqfzkkhzchuhrzdrshmsqdrozqsdrgalliadivisaestintrespartes
![Page 7: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/7.jpg)
Substitution Cipher
• Allow any permutation of the alphabet
• Key = permutation; 26! possibilities
• 26! = 403,291,461,126,605,635,584,000,000
• Roughly 288: checking 1 billion per second, would take 12 billion years
• Is there a better way?
• al-Kindi, ninth century: frequency analysis
![Page 8: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/8.jpg)
H EKGGLHQNL KZEL AKGB PL ARHA
ARL CKSGB CHV XNGG KX UHB
VLENSTAF VFVALPV CSTAALZ UF
OLKOGL CRK SLHB HOOGTLB
ESFOAKQSHORF.
- USNEL VERZLTLS, VLESLAV HZB GTLV
L occurs 18 times, A occurs 10 times.
![Page 9: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/9.jpg)
E E E T E T TH EKGGLHQNL KZEL AKGB PL ARHAT EARL CKSGB CHV XNGG KX UHB E T TE TTEVLENSTAF VFVALPV CSTAALZ UF E E E E OLKOGL CRK SLHB HOOGTLB TESFOAKQSHORF. E E E E ET E - USNEL VERZLTLS, VLESLAV HZB GTLV
![Page 10: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/10.jpg)
E E E T E TH TH EKGGLHQNL KZEL AKGB PL ARHATHEARL CKSGB CHV XNGG KX UHB E T TE TTEVLENSTAF VFVALPV CSTAALZ UF E E H E E OLKOGL CRK SLHB HOOGTLB T HESFOAKQSHORF. E H E E E ET E - USNEL VERZLTLS, VLESLAV HZB GTLV
![Page 11: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/11.jpg)
A EA E E T E THATH EKGGLHQNL KZEL AKGB PL ARHATHE A AARL CKSGB CHV XNGG KX UHB E T TE TTEVLENSTAF VFVALPV CSTAALZ UF E E H EA A E OLKOGL CRK SLHB HOOGTLB T A HESFOAKQSHORF. E H E E E ET A E - USNEL VERZLTLS, VLESLAV HZB GTLV
![Page 12: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/12.jpg)
A OLLEA E O E TOL E THATH EKGGLHQNL KZEL AKGB PL ARHATHE O L A LL O AARL CKSGB CHV XNGG KX UHBSE T S STE S TTEVLENSTAF VFVALPV CSTAALZ UF PEOPLE HO EA APPL E OLKOGL CRK SLHB HOOGTLB PTO APHESFOAKQSHORF. E S H E E SE ETS A L ES - USNEL VERZLTLS, VLESLAV HZB GTLV
![Page 13: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/13.jpg)
A COLLEAGUE ONCE TOLD ME THATH EKGGLHQNL KZEL AKGB PL ARHATHE WORLD WAS FULL OF BADARL CKSGB CHV XNGG KX UHBSECURITY SYSTEMS WRITTEN BYVLENSTAF VFVALPV CSTAALZ UF PEOPLE WHO READ APPLIEDOLKOGL CRK SLHB HOOGTLBCRYPTOGRAPHY.ESFOAKQSHORF. BRUCE SCHNEIER, SECRETS AND LIES - USNEL VERZLTLS, VLESLAV HZB GTLV
![Page 14: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/14.jpg)
A harder example
• Shorter = less information
• R occurs 10 times, A occurs 9 times– (all others occur 4 or fewer times)
• Telegraph style; fewer short words
YIRLAZ MRACIRB CR PKORI CRP:
MRPPVAMQAY MRLACZRGA, VAYQAVW RA
![Page 15: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/15.jpg)
A harder example
E E E E E EYIRLAZ MRACIRB CR PKORI CRP: E E E EMRPPVAMQAY MRLACZRGA, VAYQAVW RA
E doesn’t begin any common 2-letter words
![Page 16: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/16.jpg)
A harder example
O O O O O OYIRLAZ MRACIRB CR PKORI CRP: O O O OMRPPVAMQAY MRLACZRGA, VAYQAVW RA
A occurs 9 times. What could it be?
![Page 17: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/17.jpg)
A harder example
O N ON O O O OYIRLAZ MRACIRB CR PKORI CRP: O N N O N O N N N ONMRPPVAMQAY MRLACZRGA, VAYQAVW RA
![Page 18: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/18.jpg)
A harder example
O N ONT O TO O TOYIRLAZ MRACIRB CR PKORI CRP: O N N O NT O N N N ONMRPPVAMQAY MRLACZRGA, VAYQAVW RA
![Page 19: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/19.jpg)
A harder example
G O N ONT O TO O TOYIRLAZ MRACIRB CR PKORI CRP: O N ING O NT O N NGIN ONMRPPVAMQAY MRLACZRGA, VAYQAVW RA
![Page 20: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/20.jpg)
A harder example
GROUND CONTROL TO MAJOR TOM:YIRLAZ MRACIRB CR PKORI CRP:COMMENCING COUNTDOWN, ENGINES ONMRPPVAMQAY MRLACZRGA, VAYQAVW RA
![Page 21: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/21.jpg)
What have we learned?
• A large space of keys is not enough
• Some of the key never got used (Q, Z, X)
• We were able to guess a little bit at a time
• Features of the plaintext can show through
• The more plaintext we have, the easier it is to decode
• Don’t use the same key too often
![Page 22: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/22.jpg)
The perfect cryptosystem• One-time pad: encrypt each letter with its own
key
• Example: Caesar shift each letter separately
• Ci = Pi + Ki (mod 26)
• To encrypt n bits, use n bits of key
• This uses up lots of key bits; need to prearrange
• How do you generate key bits?
![Page 23: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/23.jpg)
Vigenère Cipher
• Blaise de Vigenère (c. 1562)
• Ci = Pi + Ki (mod 26)
• Key repeats with a short cycle
• Frequency analysis doesn’t work
• Caught on with the telegraph, considered “unbreakable”
• Broken by Babbage, Kasiski (c. 1860)
![Page 24: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/24.jpg)
Enigma Machine
• German cryptosystem in World War II
• Same idea: modify letters
• Scrambler disks implement permutation
• Rotate after each letter, so many different permutations used
• Additional permutation provided by plugboard
![Page 25: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/25.jpg)
![Page 26: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/26.jpg)
![Page 27: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/27.jpg)
Enigma Key
• Key changed daily
• 3 scramblers in one of 6 orders– In 1938: 3 of 5, so 60 arrangements
• 263 = 17,576 settings for scramblers
• Billions of plugboard settings
• Alan Turing: bypassed plugboard
• Used known plaintext, exhausted over space
• British were able to read traffic
![Page 28: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/28.jpg)
Navajo Code Talkers
• Americans in the Pacific during WWII
• Each troop had one Navajo
• Even after figuring out system, Japanese couldn’t break it
• Like a one-time pad: prearranged secret is a whole language
• May not be feasible today
![Page 29: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/29.jpg)
Modern Symmetric Cryptography• Assume the protocol is known to the enemy• Only the key is secret• Encryption, cryptanalysis use computers• Operate on bits, rather than letters• DES, AES• Open standards; let everyone try to break it• Closed design often fails (cell phones)• Don’t try this in-house
![Page 30: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/30.jpg)
Intermission
![Page 31: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/31.jpg)
Key Distribution
• Secure communication requires a key
• How do you exchange keys securely?
• Military: codebooks in field could fall into enemy hands
• Commerce: might not meet face-to-face
• Seems to be a Catch-22
![Page 32: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/32.jpg)
Paradigm Shift
• Alice wants to mail Bob a letter securely
• If they share a “key”, Alice locks, Bob unlocks
• If not: Alice puts on padlock, sends box to Bob
• Bob adds his padlock, sends box back to Alice
• Alice removes her padlock, sends box to Bob
• Bob unlocks box, reads letter
• Problem: how to translate this to mathematics
![Page 33: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/33.jpg)
Alice, Bob agree on information Y
Alice computes A(Y)Mails it to Bob
Bob computes B(Y)Mails it to Alice
Alice computes A(B(Y)) Bob computes B(A(Y))
A(B(Y)) = B(A(Y)) = secret key
“Eve” knows Y, A(Y), B(Y), but can’t compute key
Problem: how do you make A(B(Y)) = B(A(Y))?
![Page 34: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/34.jpg)
Diffie-Hellman-Merkle (1976)
• Modular Arithmetic• Choose Y, modulus p• Alice’s function is YA (mod p)• Bob’s function is YB (mod p)• Key is YAB YBA (mod p)• Eve can’t compute YAB from Y, YA, YB
• We think (no one can prove it)• One problem: must communicate to get key
![Page 35: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/35.jpg)
One-way Functions
• Easy to compute, hard to reverse
• Example: f (A) = YA (mod p)
• f -1(YA) is called “discrete log”
• Hard to compute (we think)
• Could always do exhaustive search
• Here, there are p-1 choices
![Page 36: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/36.jpg)
Cryptographic Primitives• Building blocks for algorithms
– Example: one-way functions
• Protocols built out of primitives– Example: Diffie-Hellman-Merkle
• Protocols built out of other protocols– Example:
• 1. Use Diffie-Hellman to exchange key
• 2. Use symmetric encryption, key to encode message
• Good, “modular” design
![Page 37: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/37.jpg)
Trapdoor one-way functions
• Another useful primitive
• f (X) is easy to compute
• f -1(Y) is hard for most people to compute
• But: easy to compute if you know a secret
• There are trapdoor one-way functions
• Found by Rivest-Shamir-Adleman, 1977
• Rely on difficulty of factoring large integers
![Page 38: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/38.jpg)
Idea behind public key
• Bob publishes design specs for a padlock
• Alice wants to send Bob a box
• Alice builds a Bob padlock, locks the box
• Bob unlocks box using his key
• Eve intercepts box, knows design specs
• Goal: Eve still can’t build a key
• Padlock = trapdoor one-way function
![Page 39: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/39.jpg)
Public Key Cryptography
• Alice wants to talk to Bob: computes key X
• Alice sends Bob fB (X) (Bob’s function)
• Bob computes fB-1 (fB (X)) = X
• Both Alice and Bob know X, use as key for symmetric encryption
• Eve knows fB (X); can’t compute X
• Asymmetric encryption• Whitfield Diffie, 1975
![Page 40: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/40.jpg)
Digital Signature Scheme
• Alice wants to send Bob a message, sign it
• Alice sends Bob X and S = fA-1 (X)
• Bob checks that fA (S) = X
• Therefore Bob knows that S = fA-1 (X)
• Only Alice can compute fA-1 (X) easily, so
Alice must have sent the message• Same primitive, new protocol
![Page 41: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/41.jpg)
Revolution
• New ideas made cryptography an option for commerce
• PCs gave everyone computing power
• Zimmerman’s PGP: gave everyone access
• SSL in web browsers
• I use ssh every day
![Page 42: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/42.jpg)
A COLLEAGUE ONCE TOLD ME THATH EKGGLHQNL KZEL AKGB PL ARHATHE WORLD WAS FULL OF BADARL CKSGB CHV XNGG KX UHBSECURITY SYSTEMS WRITTEN BYVLENSTAF VFVALPV CSTAALZ UF PEOPLE WHO READ APPLIEDOLKOGL CRK SLHB HOOGTLBCRYPTOGRAPHY.ESFOAKQSHORF. BRUCE SCHNEIER, SECRETS AND LIES - USNEL VERZLTLS, VLESLAV HZB GTLV
![Page 43: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/43.jpg)
You are the weakest link
• Cryptographic system only as strong as the weakest link– Example
• 1. Use RSA to exchange a key
• 2. Use key to generate permutation of 26 letters
• 3. Encrypt message with substitution cipher
• Schneier: defend castle with 100-foot pole
• Often, users are the weakest link
![Page 44: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/44.jpg)
Quantum Computation
• Computers revolutionized cryptographic design and cryptanalysis
• Quantum computers may one day do the same
• Quantum key exchange: guaranteed secure
• A quantum computer could factor large integers in polynomial time
• We may never live to see one
![Page 45: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/45.jpg)
Where do we go from here?
• Math necessary to understand RSA, DES• Protocols using mathematics• Implementation issues:
– Software (bugs, patches)– Hardware (tamper-resistant mechanisms)– Wetware (social engineering)
• Politics (who makes cryptographic decisions)• Religion (Microsoft)
![Page 46: A Brief History of Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815a9a550346895dc815f0/html5/thumbnails/46.jpg)
Recommended Reading
Stallings, Chapter 2