October 31, 2009Smithsonian Institutecrypto/smithsonian/Smithsonian-part3.pdf · Provably perfect...
Transcript of October 31, 2009Smithsonian Institutecrypto/smithsonian/Smithsonian-part3.pdf · Provably perfect...
Making and B
reaking Ciphers
Ralph M
orelli
Trinity C
ollege, Hartford
(ralph.morelli@
trincoll.edu)
Sm
ithsonian InstituteO
ctober 31, 2009
This presentation w
as created using Open O
ffice 3.0, free and open source softw
are. http://w
ww
.openoffice.org/
© 2009 R
alph Morelli
You are free to reuse and rem
ix this presentation under a creative comm
ons license provided you give credit to the author. http://creativecom
mons.org/licenses/by/3.0/us/
Part III: Com
puterized Cryptology
Outline
V
ernam C
ipher – perfect secrecy
Com
puterization: From L
etters to Bits
D
ES
T
he Key E
xchange Problem
Public Key C
ryptography
Quantum
Cryptography
Perfect Secrecy
Vernam
Cipher
G
ilbert S. V
ernam, A
T&
T, 1919
Morse code – 5 pulses per character.
A
= (m
ark mark space space space)
V
ernam's: A
dd a key tape to the m
essage:
C DPlaintext
Key
Ciphertext
mark
mark
space
mark
spacem
ark
spacem
arkm
ark
spacespace
space
R
eversible, one-step encryption and decryption using a key loop tape.
Flaw
: repeating key is polyalphabetic.
One T
ime P
ad
Generalization of V
ernam: m
ake the key as long as the m
essage.
P
rovably perfect secrecy (Claude S
hannon, 1942):
Secret key.
O
f truly random characters.
A
s long as the message.
U
sed only once and then discarded.
E
xample:
10
1 0
0 1
1 0
Key
Plain
Cip
her
XO
R O
peratio
n
Plaintext: 01101 10101 01111 10110 10101
Key: 01010 10100 11101 01011 10110
Ciphertext: 00111 00001 10010 11101 00011
Key: 01010 10100 11101 01011 10110
Plaintext: 01101 10101 01111 10110 10101
Encrypt
Decrypt
Theoretical P
rinciples
C
laude Shannon, 1949, “C
omm
unication T
heory of Secrecy S
ystems,” B
ell Labs.
Perfect secrecy property.
C
onfusion – maxim
um com
plexity between the
key and ciphertext.
Diffusion – plaintext uniform
ities (statistics) are dissipated in the ciphertext.
A
cipher system should be secure even if its
algorithm is know
n (Kerchoff's principle).
AS
CII C
ode
D
eveloped from telegraph codes.
1963 S
tandard
1966 chart
A=
100 0001
B=
100 0010
C=
100 0011
1000011 1010010 1011001 1010000 1010100 1011111
C R
Y P
T O
Transposition and S
ubstitution
T
ransposition
1000011 1010010 1011001 1010000 1010100 1011111C
R Y
P T
O
100001110100101011001 101000010101001011111
101000010101001011111 100001110100101011001
● Substitution (S
wap 0s and 1s)
010111101010110100000 011110001011010100110
0101111 0101011 0100000 0111100 0101101 0100110
/ + S
P <
- &
XO
R: S
ubstitution with a K
ey
Plain M
essage
1000011 1010010 1011001 1010000 1010100 1011111
C R
Y P T
O
A
SCII
K
EY
= A
BC
DE
F 1000001 1000010 1000011 1000100 1000101 1000110
0000010 0010000 0011010 0010100 0010001 0011001
msg X
OR
key
0000010 0010000 0011010 0010100 0010001 0011001
1000001 1000010 1000011 1000100 1000101 1000110
Crypto M
essage
KE
Y=
AB
CD
EF
Plain M
essage1000011 1010010 1011001 1010000 1010100 1011111
C R
Y P T
O
AB
A ⊕ B
00
0
01
1
10
1
11
0
Data E
ncryption Standard (D
ES
)
E
arly 1970s: IBM
and NS
A C
ollaboration.
1976: Adopted as the federal IP
standard.
Controversial am
ong cryptographers.
Key too short.
C
lassified elements in the algorithm
.
NS
A backdoor?
1999: E
FF
broke it in 23 hours (brute force).
2002: Replaced after public com
petition by A
dvanced Encryption S
tandard (AE
S)
64-bit block cipher
56-bit key (+
8 bits parity)
F
eistel mixing: 16 cycles of
transposing and XO
Ring w
ith 48-bit subkeys (K
1 ...K16 )
DE
S A
lgorithm(T
rasposition & S
ubstitution)
Source: FIPS PUB
46-2http://w
ww
.itl.nist.gov/fipspubs/fip46-2.htm
EF
F's D
ES
Deep C
rack
S
pecialized chips
$250,000
1998 – 56 hours.
1999 – 22.25 hrs. with
distributed.net.
1999: DE
S reaffirm
ed as the standard w
ith T
riple-DE
S recom
mended.
Sym
metric vs. A
symm
etric Keys
S
ymm
etric Key
S
ame key used for encryption and decryption.
M
ust be shared by Alice and B
ob.
Key exchange problem
.
Asym
metric K
ey –
Different keys used for encryption and decryption.
N
o key exchange problem.
The K
ey Exchange P
roblem
Alice
Bob
Eve
Asym
metric K
eys
Alice
Bob
Eve
PrivatePrivate
Shared
Shared
Shared
? ?
Diffie-H
ellman K
ey Exchange
Invented in 1976
M
odular arithmetic: (8 +
7) mod 12 =
3–
8 AM
+ 7 hours =
3 PM
–8 +
7 = 15 mod
12 = 1 R
mdr =
3
–(8 * 7) m
od 12 = 56 mod
12 = 4 R
mdr =
8
O
ne-way function
3
x = 1 (m
od 4) What is x? {2, 4, 6, …
}
Diffie-H
ellman K
ey Exchange
A
lice's secret number is a and B
ob's secret number is b.
T
hey agree on the base g and prime num
ber p and the function g
x (mod p).
T
hey exchange A =
ga (m
od p) and B =
gb (m
od p).
They derive the sam
e key K because g
ab(mod p) =
gba(m
od p).
Eve can't easily derive K
without know
ing a and b.
Public K
ey Cryptography
1984 R
ivest-Sham
ir-Adelm
an Algorithm
(RS
A)
B
ased on the difficulty of computing prim
e factors.
A
symm
etric key (public/private part) vs. sym
metric key (shared by A
lice and Bob)
101001010010010101101001010101001010010100101001010100
Key
Generator
Large random
number
Private K
ey
Public K
ey
Public K
ey Encryption/D
ecryption
101001010010010101101010101001010100
Bob's P
rivate K
ey
Alice
“Hi B
ob”
Bob's P
ublic K
ey
RSA
Encrypt
RSA
Decrypt
Bob
“Hi B
ob”
Public K
ey Signature101001010010010101
101010101001010100
Alice's P
ublic K
ey
Alice
“I am A
lice”
Alice's P
rivate K
ey
RSA
Sign(E
ncrypt)
RSA
Verify
(Decrypt)
Bob
“I am A
lice”
RS
A D
etails
A
lice picks two huge prim
e numbers, p and q.
A
lice computes N
= p x q.
A
lice picks another number e relatively prim
e to (p-1) x (q-1).
A
lice calculates her private key d as:
d x e =
1 (mod (p-1) * (q-1))
A
lice publishes (N, e) as her public key.
E
ncrypt message to A
lice, M: C
= M
e(mod N
)
Alice decrypts m
essage, C: M
= C
d(mod N
)
RS
A S
ecurity
G
iven N =
p x q, w
hy can't we just figure out the
primes p and q?
F
actorization of N: F
or each prime num
ber, ni
check if it divides N.
H
ow big is N
? ~ 10
308 for bank transactions.
Best estim
ate: 100 million com
puters working
together would take m
ore than 1000 years (S
imson G
arfinkel, as reported in Singh).
Internet Security
T
ransport Layer Security (S
ecure Sockey Layer)
C
lient (user's browser) and server (e.g., user's bank)
comm
unication protocol.
Phase 1: C
lient and server negotiate which algorithm
s w
ill be used for key exchange and authentication (typically public key algorithm
s).
Phase 2: A
symm
etric key is exchanged and authenticated.
P
hase 3: Encrypted, efficient com
munication using the
symm
etric key.
Transport Layer S
ecurity
Quantum
computation: A
quantum com
puter could easily break a factorization problem
.
Quantum
Cryptography
B
B84 P
rotocol: Charles H
. Bennet and G
illes Brassard, 1984.
(IBM
, University of M
ontreal)
E
xchange random bit stream
for use in one-time pad.
P
ossible to detect an eavesdropper.
Im
plementations: E
xchange secure keys over optical fiber at 1 M
bit/s (10 km) and 10 kbits/s 100 km
.
M
uch research (IBM
, NE
C, H
P, Toshiba, Mitsubishi)
F
our comm
ercial companies
Perfect S
ecrecy!?
Source: http://xkcd.com
/