JARAMOGI OGINGA ODINGA UNIVERSITY

OFSCIENCE AND TECHNOLOGY

SCHOOL OF INFORMATICS AND INNOVATIVE SYSTEMS

BSc. Computer Security and Forensics

IIT 3218 INTRDUCTION TO NUMBER THEORY

Application of Number theory in Computing

GROUP MEMBERS

1.Lilian Mwende I132/0870/2013

2.Dennis Ruhiu I132/0867/2013

3.Jeremiah Kirui I132/0871/2013

4.Masinde Kenan Kevin W. I132/0859/2013

5. Einstein Nyarwega I132/0879/2013

LECTURER: DR. BERNARD OKELLO

Outline

Cryptography

Definition of cryptography

History of cryptography

Cryptographic systems

Uses of cryptography

Types of cryptography

Conclusion (future in cryptography)

1.1.1

INTRODUCTION

Cryptography definition:

Cryptography is the science of secret writing.

– A cipher is a secret method of writing, where by plaintext (clear text) is transformed into a

cipher text.

– The process of transforming plaintext into cipher text is called encryption.

– The reverse process of transforming cipher text into plaintext is called decipherment or

decryption.

– Encryption and decryption are controlled by cryptographic keys.

Cypher/cipher- is a pair of algorithms that create the encryption and the reversing decryption.

The detailed operation of a cipher is controlled both by the algorithm and in each instance by a

"key". This is a secret usually a short string of characters, which is needed to decrypt the cipher

text

Cryptosystem –is the ordered list of elements of finite possible plaintexts, finite possible cypher

texts, finite possible keys, and the encryption and decryption algorithms which correspond to

each key.

History of cryptography

Before the modern era, cryptography was concerned solely with message confidentiality (i.e.,

encryption)—conversion of messages from a comprehensible form into an incomprehensible one

and back again at the other end, rendering it unreadable by interceptors or eavesdroppers without

secret knowledge (namely the key needed for decryption of that message). Encryption was used

to (attempt to) ensure secrecy in communications, such as those of spies, military leaders, and

diplomats. In recent decades, the field has expanded beyond confidentiality concerns to include

techniques for message integrity checking, sender/receiver identity authentication, digital

signatures, interactive proofs and secure computation, among others.

The earliest forms of secret writing required little more than writing implements since most

people could not read. More literacy, or literate opponents, required actual cryptography. The

main classical cipher types are transposition ciphers, which rearrange the order of letters in a

message (e.g., 'hello world' becomes 'ehlol owrdl' in a trivially simple rearrangement scheme),

and substitution ciphers, which systematically replace letters or groups of letters with other

letters or groups of letters (e.g., 'fly at once' becomes 'gmz bu podf' by replacing each letter with

the one following it in the Latin alphabet). Simple versions of either have never offered much

confidentiality from enterprising opponents. An early substitution cipher was the Caesar cipher,

in which each letter in the plaintext was replaced by a letter some fixed number of positions

further down the alphabet. Suetonius reports that Julius Caesar used it with a shift of three to

communicate with his generals. Atbash is an example of an early Hebrew cipher. The earliest

known use of cryptography is some carved ciphertext on stone in Egypt (ca 1900 BCE), but this

may have been done for the amusement of literate observers rather than as a way of concealing

information.

Cryptosystems.

A cryptographic system has five components:

– A plaintext message space, M

– A cipher text message space, C

– A key space, K

– A family of enciphering transformations Ek: M→C.

– A family of deciphering transformations DK :C→M.

M

Plain text Cypher text Plaintext

Dk(Ek(m))=m, for key k

Cryptosystem requirements:

– Efficient enciphering/deciphering

– Systems must be easy to use

– The security of the system depends only on the keys, not the secrecy of E or D

Secure cipher

Unconditionally secure:

– A cipher is unconditionally secure if no matter how much cipher text is intercepted, there is not

enough information in the cipher text to determine the plaintext uniquely.

Computationally secure:

– A cipher is computationally infeasible to break.

EK DKC M

Secrecy Requirements

-It should be computationally infeasible to systematically determine the deciphering

transformation Dk from intercepted c, even if corresponding m is known.

-It should be computationally infeasible to systematically determine m from intercepted c

Protected

Message

Disallowed Message

Authenticity requirements

-It should be computationally infeasible to systematically determine the enciphering

transformation given c, even if corresponding m is known.

-It should be computationally infeasible to systematically find c’ such that Dk(c’) is a valid

plaintext in M.

disallowed

message

CEk Dk

Message

CEK DkM M

protected

Types of cryptography

Symmetric-key cryptography

Symmetric-key cryptography refers to encryption methods in which both the sender and receiver

share the same key (or, less commonly, in which their keys are different, but related in an easily

computable way).

Symmetric key ciphers are implemented as either block ciphers or stream ciphers. A block cipher

enciphers input in blocks of plaintext as opposed to individual characters, the input form used by

a stream cipher.

Stream ciphers, in contrast to the 'block' type, create an arbitrarily long stream of key material,

which is combined with the plaintext bit-by-bit or character-by-character, somewhat like the one-

time pad. In a stream cipher, the output stream is created based on a hidden internal state which

changes as the cipher operates. That internal state is initially set up using the secret key material.

Cryptographic hash functions are a third type of cryptographic algorithm. They take a message

of any length as input, and output a short, fixed length hash which can be used in (for example) a

digital signature. For good hash functions, an attacker cannot find two messages that produce the

same hash.

A significant disadvantage of symmetric ciphers is the key management necessary to use them

securely. Each distinct pair of communicating parties must, ideally, share a different key, and

perhaps each cipher text exchanged as well. The number of keys required increases as the square

of the number of network members, which very quickly requires complex key management

schemes to keep them all consistent and secret.

Public key cryptography

Whitfield Diffie and Martin Hellman proposed the notion of public-key (also, more generally,

called asymmetric key) cryptography in which two different but mathematically related keys are

used—a public key and a private key. A public key system is so constructed that calculation of

one key (the 'private key') is computationally infeasible from the other (the 'public key'), even

though they are necessarily related. Instead, both keys are generated secretly, as an interrelated

pair.

In public-key cryptosystems, the public key may be freely distributed, while its paired private

key must remain secret. In a public-key encryption system, the public key is used for encryption,

while the private or secret key is used for decryption. While Diffie and Hellman could not find

such a system, they showed that public-key cryptography was indeed possible by presenting the

Diffie–Hellman key exchange protocol, a solution that is now widely used in secure

communications to allow two parties to secretly agree on a shared encryption key.

Diffie and Hellman's publication sparked widespread academic efforts in finding a practical

public-key encryption system. This race was finally won in 1978 by Ronald Rivest, Adi Shamir,

and Len Adleman, whose solution has since become known as the RSA algorithm.

Public-key cryptography can also be used for implementing digital signature schemes. A digital

signature is reminiscent of an ordinary signature; they both have the characteristic of being easy

for a user to produce, but difficult for anyone else to forge. Digital signatures can also be

permanently tied to the content of the message being signed; they cannot then be 'moved' from

one document to another, for any attempt will be detectable. In digital signature schemes, there

are two algorithms: one for signing, in which a secret key is used to process the message (or a

hash of the message, or both), and one for verification, in which the matching public key is used

with the message to check the validity of the signature.

Cryptography's Benefits, Limitations, and Drawbacks

The benefits of cryptography are well recognized. Encryption can protect communications and stored information from unauthorized access and disclosure. Other cryptographic techniques, including methods of authentication and digital signatures, can protect against spoofing and message forgeries. Practically everyone agrees that cryptography is an essential information security tool, and that it should be readily available to users. I take this as a starting assumption and, in this respect, have no disagreement with the crypto anarchists.

Less recognized are cryptography's limitations. Encryption is often oversold as the solution to all security problems or to threats that it does not address. For example, the headline of Jim Warren's op-ed piece in the San Jose Mercury News reads "Encryption could stop computer crackers" [2]. Unfortunately, encryption offers no such aegis. Encryption does nothing to protect against many common methods of attack including those that exploit bad default settings or vulnerabilities in network protocols or software -- even encryption software. In general, methods other than encryption are needed to keep out intruders. Secure Computing Corporation's Sidewinder[TM] system defuses the forty-two "bombs" (security vulnerabilities) in Cheswick and Bellovin's book, Firewalls and Network Security (Addison Wesley, 1994), without making use of any encryption [3].

Moreover, the protection provided by encryption can be illusory. If the system where the encryption is performed can be penetrated, then the intruder may be able to access plaintext directly from stored files or the contents of memory or modify network protocols, application software, or encryption programs in order to get access to keys or plaintext data or to subvert the encryption process. For example, PGP (Pretty Good Privacy) could be replaced with a Trojan horse that appears to behave like PGP but creates a secret file of the user's keys for later transmission to the program's owner much like a Trojan horse login program collects passwords. A recent penetration study of 8932 computers by the Defense Information Systems Agency showed 88% of the computers could be successfully attacked. Using PGP to encrypt data transmitted from or stored on the average system could be like putting the strongest possible lock on the back door of a building while leaving the front door wide open. Information security requires much more than just encryption -- authentication, configuration management, good design, access controls, firewalls, auditing, security practices, and security awareness training are a few of the other techniques needed.

The drawbacks of cryptography are frequently overlooked as well. The widespread availability of unbreakable encryption coupled with anonymous services could lead to a situation where practically all communications are immune from lawful interception (wiretaps) and documents from lawful search and seizure, and where all electronic transactions are beyond the reach of any government regulation or oversight. The consequences of this to public safety and social and economic stability could be devastating. With the government essentially locked out, computers and telecommunications systems would become safe havens for criminal activity. Even May himself acknowledges that crypto anarchy provides a means for tax evasion, money laundering,

espionage (with digital dead drops), contract killings, and implementation of data havens for storing and marketing illegal or controversial material. Encryption also threatens national security by interfering with foreign intelligence operations. The United States, along with many other countries, imposes export controls on encryption technology to lessen this threat.

Cryptography poses a threat to organizations and individuals too. With encryption, an employee of a company can sell proprietary electronic information to a competitor without the need to photocopy and handle physical documents. Electronic information can be bought and sold on "black networks" such as Black-Net [1] with complete secrecy and anonymity -- a safe harbor for engaging in both corporate and government espionage. The keys that unlock a corporation's files may be lost, corrupted, or held hostage for ransom, thus rendering valuable information inaccessible.

When considering the threats posed by cryptography, it is important to recognize that only the use of encryption for confidentiality, including anonymity, presents a problem. The use of cryptography for data integrity and authentication, including digital signatures, is not a threat. Indeed, by strengthening the integrity of evidence and binding it to its source, cryptographic tools for authentication are a forensic aid to criminal investigations. They also help enforce accountability. Because different cryptographic methods can be employed for confidentiality and authentication, any safeguards that might be placed on encryption to counter the threats need not affect authentication mechanisms or system protocols that rely on authentication to protect against system intrusions, forgeries, and substitution of malicious code.

Implementation SHA1 in cryptography

SHA-1 hashing is also used in distributed revision control systems like Git, Mercurial, and

Monotone to identify revisions, and to detect data corruption or tampering.

These are examples of SHA-1 message digests in hexadecimal and in Base64 binary to ASCII

text encoding

SHA1 ("The quick brown fox jumps over the lazy dog")

Gives hexadecimal: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12

Gives Base64 binary to ASCII text encoding: L9ThxnotKPzthJ7hu3bnORuT6xI=

Even a small change in the message will, with overwhelming probability, result in a completely

different hash due to the avalanche effect. For example, changing dog to cog produces a hash

with different values for 81 of the 160 bits

SHA1 ("The quick brown fox jumps over the lazy cog")

gives hexadecimal: de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3

gives Base64 binary to ASCII text encoding: 3p8sf9JeGzr60+haC9F9mxANtLM=

SHA-1 pseudo code

h0 = 0x67452301

h1 = 0xEFCDAB89

h2 = 0x98BADCFE

h3 = 0x10325476

h4 = 0xC3D2E1F0

ml = message length in bits (always a multiple of the number of bits in a character).

Pre-processing:

append the bit '1' to the message i.e. by adding 0x80 if characters are 8 bits.

append 0 ≤ k < 512 bits '0', thus the resulting message length (in bits)

is congruent to 448 (mod 512)

append ml, in a 64-bit big-endian integer. So now the message length is a multiple of 512 bits.

Process the message in successive 512-bit chunks:

break message into 512-bit chunks

for each chunk

break chunk into sixteen 32-bit big-endian words w[i], 0 ≤ i ≤ 15

Extend the sixteen 32-bit words into eighty 32-bit words:

for i from 16 to 79

w[i] = (w[i-3] xor w[i-8] xor w[i-14] xor w[i-16]) leftrotate 1

Initialize hash value for this chunk:

a = h0

b = h1

c = h2

d = h3

e = h4

Main loop:[39]

for i from 0 to 79

if 0 ≤ i ≤ 19 then

f = (b and c) or ((not b) and d)

k = 0x5A827999

else if 20 ≤ i ≤ 39

f = b xor c xor d

k = 0x6ED9EBA1

else if 40 ≤ i ≤ 59

f = (b and c) or (b and d) or (c and d)

k = 0x8F1BBCDC

else if 60 ≤ i ≤ 79

f = b xor c xor d

k = 0xCA62C1D6

temp = (a leftrotate 5) + f + e + k + w[i]

e = d

d = c

c = b leftrotate 30

b = a

a = temp

Add this chunk's hash to result so far:

h0 = h0 + a

h1 = h1 + b

h2 = h2 + c

h3 = h3 + d

h4 = h4 + e

Produce the final hash value (big-endian) as a 160 bit number:

hh = (h0 leftshift 128) or (h1 leftshift 96) or (h2 leftshift 64) or (h3 leftshift 32) or h4

Conclusion

Cryptography as a field has a bright future, with new research and development prompting new

algorithms and methods. Quantum computing, perhaps the next, largest step in computing, also

provides the newest hopes for cryptography, creating the potential for new cryptographic

methods an algorithms, obsolescing modern applications and algorithms at the same time. By

looking at modern and past methods cryptographers can look to the future with experience,

creating better, more efficient algorithms without recreating the mistakes of the past.

References

1. Cryptographic techniques (pdf) - C.H.HUANG

2. Cryptography in C and C ++ - Michael Welschenbach

3. Cryptography and Data Security, Elizabeth and R. Denning, Purdue University, 1998

4. ØFAQ about Today’s Cryptography, RSA Laboratory, (found in www.rsa.com)

5. Future in cryptography

6. A. Shamir. "How to share a secret." In Communications of the ACM, volume 22, pp. 612–613,

ACM, 1979.

7.The future of cryptography by Dorothy E. Denning, Internet security review

The Future of Cryptography