Cryptography: Principles and Methods

1
The art of secret writing

A.A. 2009/2010 1
Cryptography Part I
Principles and Methods
michele elia
Politecnico di Torino
A.A. 2009/2010 2
Introduction
A complex telecommunications system connects
any place, at any time, in any condition.
Tele- or e- are roots for so many activities that
were unthinkable few years ago:
- Tele-working e-work
- Tele-teaching e-teaching
e-learning
- Tele-economy e-commerce
In the lovely old Global village of Marshall Mcluhan, the print revolution has
been surpassed and squeezed out by the e-revolution.
2
A.A. 2009/2010 3
Two remarks
The expansion of telecommunications
systems has been accelerated by the
introduction of the digital, and the
conversion to full digital is almost
complete.
An historical mark year will be 2012
A.A. 2009/2010 4
Two remarks
Electric signals are ubiquitous in the world, they
travel unprotected though conveying vital
information for
the army,
trading,
the economy,
the social life (bureaucracy, health system) and
production systems.
3
A.A. 2009/2010 5
It is a trivial observation to say that in this digital world security is
a fundamental issue.
Transmission of Information
Transformation of Information
Use of Information
NEED SECURITY.
A.A. 2009/2010 6
A list of applications includes:
Telephone: the oldest e-communication system
(together with the telegraph) requires
confidentiality
e-mail: the e-communications counterpart of
the traditional paper mail requires
confidentiality and signature
Commerce on-line: a form of selling developed
with the Internet, needs
confidentiality, authentication and signature
4
A.A. 2009/2010 7
Continuation: list of applications
Tele-working: the new economy tends to move
the work instead of the workers, and needs
confidentiality and authentication
Access control: distributed access to data base
and computing resources need
E-books and E-libraries, a today reality, need
Medical records: patient status, medical data and
therapy information need
confidentiality and authentication
A.A. 2009/2010 8
list of applications, continued
Public and private data bases with peoples personal
and biographical data, and other sensitive data, need
confidentiality
Wireless systems: cell phones, burglar alarms, car
locks need
authentication and/or confidentiality and signature
Teaching: use of Internet and its facilities is changing
the traditional teaching paradigm.
E-teaching and E-learning will be the usual way to
distribute knowledge, and need
authentication and signature
5
A.A. 2009/2010 9
Information protection
What to protect: Existence of message
Content of message
Message
Why to protect: Confidentiality
Authenticity
Integrity - Availability
Tracking
How to protect: CRYPTOGRAPHY
STEGANOGRAPHY
A.A. 2009/2010 10
Information security is achieved through:
Principles - Objectives, Axioms
Methods - Mathematical tools, Algorithms
Instruments - Protocols
Applications - Technology
Deployments
6
A.A. 2009/2010 11
The transformation principle typical of any enciphering
scheme was known to Julius Caesar 2000 years ago
The Caesar cipher consisted in
a shift of three positions so that
plaintext A
was encrypted as
ciphertext D
A.A. 2009/2010 12
The transformation principle typical of any enciphering
scheme was known to Julius Caesar 2000 years ago
Encryption is described in mathematical terms:
letters are encoded using numbers
A --> 0 , B --> 1 Z --> 26
shift is the secret KEY 3
encryption is the addition operation
A--> 0+3=3 --> D
7
A.A. 2009/2010 13
In this method, using modern mathematical notations,
three fundamental operations are evident
Encoding: each letter is converted into a number
of Z
26,
the set of remainders modulo 26
Transformation: the number 3, the secret key,
is added modulo 26 to change each code
plain number into a cipher number
Decoding: each cipher number is transformed back
to a code number by subtracting 3, then
this number is converted back a letter
A.A. 2009/2010 14
the Caesar cipher
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
A B C D E F G H I J K L M N O P Q R S T U V X Y W Z
D E F G H I J K L M N O P Q R S T U V X Y W Z A B C
A SHIFT of t positions of a letter is equivalent to the operation
of summing t modulo 26 to the letter code number
8
A.A. 2009/2010 15
Example
text B R I X E N
1 17 8 23 4 13
encryption +
key 3 3 3 3 3 3
=
4 20 11 0 7 16
cipher E U L A H Q
A.A. 2009/2010 16
The example shows a technique known as a simple substitution cipher,
although the mathematical description contains all the ingredients for
perfect enciphering as defined by Shannon
m
1
m
2
m
3
m
4
m
i
e = m + k mod N
m = e - k mod N
+
k
m e
9
A.A. 2009/2010 17
The theoretical paradigm was provided by Claude Elwood Shannon in
his paper
Communication Theory and Secrecy Systems,
BSTJ, vol. 28, 1949, p.656-715,
where enciphering is viewed as a noisy transmission process
Mutual information is used to define perfect encryption
S
Text
channel
U
Cipher
Noise
KEY
A.A. 2009/2010 18
S: source alphabet
U: cipher alphabet
K: key alphabet
Joint probability distribution:
10
A.A. 2009/2010 19
Mutual Information Properties
I(S,U|K) = H(S|K)-H(S|U,K) = I(U,S|K)
I(U,S|K) = H(U|K)-H(U|S,K)
I(S,U|K) = H(S|K)+H(U|K) - H(SU|K)
A.A. 2009/2010 20
Encryption and Mutual Information
Encryption transformation
u=s+k=f(s,k)
I(S,U) = H(U) - H(U|S) = H(U)-H(K)
I(S,U|K) = H(U|K) - H(U|S,K) = H(U|K)
Since u=f(s,k) implies
H(U|S) = H(K)
H(U|S,K) = 0
11
A.A. 2009/2010 21
Shannons Conditions for Perfect Encryption:
I(S,U) = 0
I(S,U|K) = H(S)
I(S,U) = H(U)-H(K) --> H(U) = H(K)
I(S,U|K) = H(U|K) --> H(U|K) = H(S)
H(K) = H(U) and H(U|K) = H(S)
A.A. 2009/2010 22
H(K) = H(U)
The key length must be equal to message length
This condition is satisfied by the Caesar cipher
if message length is one symbol.
Looking at the whole transmission balance,
perfect encryption is achieved only with
net transmission rate equal to .
Practical limits impose a short key length.
Shannon perfect encryption is impossible
in real life.
12
A.A. 2009/2010 23
H(K) = H(U)
The key used to encrypt is the same used to
decrypt. This paradigm is usually called
Symmetric cryptographic scheme
(Symmetric cryptography)
The same name denotes the practical schemes
based on mechanisms that generate
long keys from short keys
that is, mechanisms that generate streams
of the same length of the message.
A.A. 2009/2010 24
Shannon Communication Channel with private key
Perfect Secrecy: Net transmission rate 1/2
U
cipher
Public channel
U
cipher
Secret channel
S
text
K
key
K
key
R
text
13
A.A. 2009/2010 25
Binary alphabets
If entropy is measured in bits and binary symbols are
equally probable, then entropy is numerically the length
of a binary string
Keylength L
k
is of finite size
Message length L
M
increases with time.
The difference
D=H(U)-H(K)=L
M
-L
k
grows unbounded as L
M
increases.
A.A. 2009/2010 26
Confidentiality achieved with secret keys enciphering
guarantees message authenticity
In summary, symmetric cryptographic schemes achieve
a) confidentiality: the content of a
message is disclosed only to the
intended recipient
b) authenticity: the message has been
originated only by the intended sender
14
A.A. 2009/2010 27
The first modern book on cryptography was a Manuale published in 1378
by Gabriele de Lavinde da Parma working for the anti-pope Clement VII.
In 1466, Leon Battista Alberti published
De Componendis Cyfris, in which he
described the first cipher disk and
conceived the notion of polyalphabeticity.
A.A. 2009/2010 28
Message
If a number adivides the difference
of the numbers band c, band c
are said to be congruent relative to a
Encrypted Message
F3BISADTLGP3PGTGAOVQ
ZZZAGAE4I3CRBIOCGOR1
DOZBVIXZBADCNEVBQIXC
LOPM3ZAGX3LIBE4L1LS4
G
Leon Battista Alberti formula (encrypting machine)
A.D. 1466
15
A.A. 2009/2010 29
Polyalphabetic ciphers, better known as Vigener ciphers, were described in
Trait des Chiffres (1586) by Blaise de Vigener.
In 1863, the cryptanalysis of Vigener ciphers
appeared in
Die Geheimschriffen und die Dechiffris kunst
by Friedrich W. Kasiski.
In 1930
Manuale di Crittografia
was published by General Luigi Sacco
A.A. 2009/2010 30
Vigener TABLE
ABCDEFGHIJKLMNOPQRSTUVXYWZ
LMNOPQRSTUVXYWZABCDEFGHIJK
IJKLMNOPQRSTUVXYWZABCDEFGH
DEFGHIJKLMNOPQRSTUVXYWZABC
IJKLMNOPQRSTUVXYWZABCDEFGH
ABCDEFGHIJKLMNOPQRSTUVXYWZ
Secret key: LIDIA = 11 8 3 8 0
16
A.A. 2009/2010 31
Leon Battista Alberti with his cipher disk conceived the idea of an
encrypting machine whose modern electrical prototypes appeared in
1891 Etienne Bazeries: adopted by the
French army
1917 Gilbert Vernan: first binary encrypting
machine realizing perfect enciphering
1918 Arthur Scherbius: ENIGMA
adopted by the German army
1920 Boris Hagelin: Crypto-Hagelin
adopted by the US army
A.A. 2009/2010 32
Arthur Scherbius ENIGMA - 1918
17
A.A. 2009/2010 33
To provide mechanisms (stream ciphers) that produce
enciphering sequences
k(1), k(2), , k(n) ...
starting from a short sequence K
0
called the secret key.
Typical enciphering rule, referred to as Caesar enciphering,
is simple
e(n) = m(n) + k(n)
Symbols are taken from a finite domain where a binary
composition rule + is defined.
The design target of encrypting machines is
A.A. 2009/2010 34
The mathematics behind these systems includes modular
arithmetic (ring), finite fields, and groups.
Stream generators are described using
the notion of
FINITE STATE MACHINE
18
A.A. 2009/2010 35
Finite State Machine
A Finite state machine is a mathematical object
described by a 6-tuple { S, I O, f, g, s
0
} where
S is finite set of states, possibly represented
by binary vectors (0,1,0, 0 0)
I is a finite input alphabet, possibly binary
O is an output alphabet, possibly binary
f is a mapping from S I into S
g is a mapping from S I into O
s
0
the initial state is an element of S
A.A. 2009/2010 36
Given an input sequence
I(1), I(2), I(n)
Machine evolution is a sequence of states
s(1), s(2), s(n)
with s(1) = s
0
, and
s(n+1) = f(s(n), I(n) )
The generated stream is a sequence
k(1), k(2), , k(n),
where
k(n) = f(s(n), I(n) )
The machine evolution is said to be autonomous
if the input sequence is missing.
19
A.A. 2009/2010 37
Stream Ciphers are Finite State Machines
Properties of generated streams for Caesar-like enciphering
Avoid store and replay attack
Avoid error propagation
Hard to cryptanalyze
Good mask properties
A.A. 2009/2010 38
Cryptographic properties of a stream cipher
Period of generated sequence:
should be long and computable to avoid store
and replay attack
Entropy of generated sequence:
should be maximum, it must appear a truly
random sequence (fair coin tossing sequence)
Cryptanalysis:
a plain text attack should be hard, that is the
initial state s
0
must be difficult to compute
knowing any piece of generated sequence
20
A.A. 2009/2010 39
LFSR: Linear feedback shift register
Fibonacci
Galois
...
...
+ + + +
X
0
X
1
X
2
X
n-1
..
+
X
1
X
0 X
2
X
n-1
A.A. 2009/2010 40
LFSR: Linear feedback shift register
Tridiagonal
X
1
X
2
X
4
+
X
0
X
0
X
3 + + + +
LSFR of length 5.
Transition matrix:
21
A.A. 2009/2010 41
Irreducible polynomials are factors of
where the smallest m is a divisor of
Primitive polynomials have
Generator polynomials of degree n
A.A. 2009/2010 42
Properties of
the set C of primitive LFSR sequences
C is a group of order
C is the dual code of a Hamming
code
Every sequence has the same number of 1s
Cyclic autocorrelation function () of every
sequence is a two-value function, that is
and () = -1 for every 0.
Runs of 0s and 1s are given in the following Table
22
A.A. 2009/2010 43
2
m-j-2
runs of length j of either 1s or
0s, for 0 < j < m-1
1 run of length m of 1s
0 runs of length m-1 of 1s
1 run of length m-1 of 0s
0 runs of length m of 0s
Properties of
a primitive LFSR sequence
A.A. 2009/2010 44
Computational complexity
The aim of computational complexity is to
give a measure of the difficulty of solving
a problem.
An axiomatic theory yielding a measure of
complexity comparable to the measure of
information, unfortunately, is still missing.
In cryptography, practical measures of
complexity have been developed and are
used in place of theoretical definitions.
23
A.A. 2009/2010 45
Practical measures of complexity:
- Number of binary operations of algebraic
nature (Es. product of to numbers)
- Number of comparisons in searching an
object among a set of objects (Es. searching
a name in a directory)
- Size of a memory for storing data (Es.
number of bytes required to store the personal
data in the registry of a town)
A.A. 2009/2010 46
Let X and Y be two finite sets.
Let f be a mapping from X into Y.
Let x and y be two variables taking their
values in X and Y, respectively
Definition.
A size of a variable z, taking its values in a
set Z, is the minimum number of bits
necessary to represent any value in Z.
24
A.A. 2009/2010 47
The size of every x in X is n=log
2
(| X |)
n is the number of bits necessary to represent
the value of any element in X.
The complexity cx(f ) of a function f is
expressed in terms of n.
If cx(f ) is exactly computable, then it is written
as a function g(n) of n.
If only the order of magnitude of cx(f ) can be
computed, then it is written as O(g(n)).
A.A. 2009/2010 48
One-way functions
Definition
An invertible mapping f from a finite set X into a
finite set Y is said to be one-way if
i) the value y=f(x) is easy to compute
for every x in X
ii) the inverse value x=f
-1
(y) is difficult
to compute for almost every y in Y
25
A.A. 2009/2010 49
One-way functions - complexity
Many one-way functions are realized as
homomorphisms between semi-groups.
If f is an homomorphism between
a semi-group X and
the additive group of remainders modulo M,
the complexity of f , in general, is upper
bounded by O(|X |
1/2
)
which is known as Shanks bound

Cryptography: Principles and Methods

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cryptography: Principles and Methods

Uploaded by

Copyright:

Available Formats

1

The art of secret writing

You might also like