Professional Documents
Culture Documents
ch30 Cryptography 2
ch30 Cryptography 2
Cryptography
30.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
30-1
INTRODUCTION
Let us introduce the issues involved in cryptography.
First, we need to define some terms; then we give some
taxonomies.
30.2
Need for Security
Sender
Receiver
Plaintext
Cipher text
Encryption
Decryption
30.6
Figure 30.2 Categories of
cryptography
30.7
Figure 30.3 Symmetric-key
cryptography
30.8
Note
30.9
Figure 30.4 Asymmetric-key
cryptography
30.10
Figure 30.5 Keys used in
cryptography
30.11
Figure 30.6 Comparison between two categories of
cryptography
30.12
30-2 SYMMETRIC-KEY CRYPTOGRAPHY
30.13
Figure 30.7 Traditional ciphers
30.14
Encryption Model
30.17
Example
30.1
The following shows a plaintext and its corresponding
ciphertext. Is the cipher monoalphabetic? Key = +3
Solution
The cipher is probably monoalphabetic because both
occurrences of L’s are encrypted as O’s.
30.18
■ Mono-alphabetic substitution:
■ The next improvement is to have each of the symbols in the plaintext, say,
the 26 letters for simplicity, map onto some other letter.
■ For example,
■ plaintext:
abcdefghijklmnopqrstuvwxyz
■ ciphertext:
QWERTYUIOPASDFGHJKLZXCVBNM
■ The general system of symbol-for-symbol substitution is called a
monoalphabetic substitution
■ key being the 26-letter string corresponding to the full alphabet.
■ ‘attack’ would be transformed into the ciphertext ‘QZZQEA’.
■ 26! = 4 x 1026 possible keys can be used.
■ Even at 1 nsec per solution, a computer would take 1010 years to try all the
keys.
■ Disadvantage:
■ How to carry 26 lettered key? CD? Written? How? Risky.
■ Predicting is possible.
■ e is the most common letter, followed by t, o, a, n, i, etc.
■ The most common two-letter combinations, or digrams, are th, in, er, re, and an.
■ The most common three-letter combinations, or trigrams, are the, ing, and, and Ion.
■ Conclusion? If ‘thYt’ stands for that, means ‘a’ has code ‘Y’. substitution of
‘Y’ to ‘a’ would predict many digraphs and trigraphs such as ‘aWZ’ stands for
‘and’. Cryptanalyst would try hard, he can predict the key.
Example
30.2
The following shows a plaintext and its corresponding
ciphertext. Is the cipher monoalphabetic?
Solution
The cipher is not monoalphabetic because each
occurrence of L is encrypted by a different character.
The first L is encrypted as N; the second as Z.
30.20
Note
30.21
Example
30.3
Use the shift cipher with key = 15 to encrypt the message
“HELLO.”
Solution
We encrypt one character at a time. Each character is
shifted 15 characters down. Letter H is encrypted to W.
Letter E is encrypted to T. The first L is encrypted to A.
The second L is also encrypted to A. And O is encrypted to
D. The cipher text is WTAAD.
30.22
Example
30.4
Use the shift cipher with key = 15 to decrypt the message
“WTAAD.”
Solution
We decrypt one character at a time. Each character is
shifted 15 characters up. Letter W is decrypted to H.
Letter T is decrypted to E. The first A is decrypted to L.
The second A is decrypted to L. And, finally, D is
decrypted to O. The plaintext is HELLO.
30.23
Note
30.24
Transposition Ciphers
■ A transposition cipher.
■ Transposition cipher reorder the letters but do not
disguise them.
■ The cipher is keyed by a word or phrase not containing
any repeated letters.
■ In this example, MEGABUCK is the key.
■ The purpose of the key is to number the columns.
■ Plaintext is written horizontally, in rows, padded to fill the
matrix if need be.
■ The ciphertext is read out by columns, starting with the
column whose key letter is the lowest.
■ Every letter represents itself, keeping the frequency
distribution intact.
■ How to break the cipher as cryptanalyst?
■ Suppose ‘million dollars’ occurs somewhere in message.
■ Observes digrams MO, IL, LL, LA, IR by wrapping around.
■ For k columns, k(k-1) columns can be examined.
■ Advantage: tough to determine the column sequence.
Figure 30.8 Transposition cipher
30.27
Example
30.5
Encrypt the message “HELLO MY DEAR,” using the key
shown in Figure 30.8.
Solution
We first remove the spaces in the message. We then divide
the text into blocks of four characters. We add a bogus
character Z at the end of the third block. The result is
HELL OMYD EARZ. We create a three-block ciphertext
ELHLMDOYAZER.
30.28
Example
30.6
Using Example 30.5, decrypt the message
“ELHLMDOYAZER”.
Solution
The result is HELL OMYD EARZ. After removing the
bogus character and combining the characters, we get the
original message “HELLO MY DEAR.”
30.29
Figure 30.9 XOR cipher
30.30
Figure 30.10 Rotation
cipher
30.31
Figure 30.11 S-box
30.32
Figure 30.12 P-boxes: straight, expansion, and
compression
30.33
Product Ciphers
30.40
Figure 30.14 One round in DES
ciphers
30.41
■ DES (Data Encryption Standard), was widely adopted by the industry for use in security products.
■ DES procedure:
■ Enciphering a 64-bit data block and a
■ 56-bit key
■ Step 1: Stage 1: An initial transposition (permutation)
■ Step 2: Iteration 1 to 16: rounds of a complex key dependent calculation.
■ Step 3: Stage ‘second last’: 32 bit exchange of leftmost 32 bits with rightmost 32 bits.
■ Step 4: Stage ‘last’: A final transposition, obtained by just reversing the obtained transposition.
■ Output: 64 bit ciphertext.
■ Iteration 1 to 16 procedure:
■ Each stage takes two 32-bit inputs and produces two 32-bit outputs.
■ Each of 16 iterations uses different key.
■ The left output is simply a copy of the right input.
■ The right output is the bitwise XOR of the left input and a function of the right input and the key
for this stage, Ki.
■ All the complexity lies in this function.
■ Whitening:
■ Technique used to make DES sronger.
■ XORing random 64bit key with each plaintext block before feeding it into DES.
■ And then again XORing a second 64 bit key with resulting ciphertext before transmitting it.
■ It can be removed easily by running reverse operation.
■ It adds more bits to the key length.
■ Time consuming.
■ In 1977, standford cryptography researchers Diffie and Hellman designed a machine that breaks DES
within 1 day.
■ With key length of 56bits, there are 256 = 7.2 x 1016 possible
keys.
■ Here, brute-force attack appears impractical. How?
■ Trying each key per microsecond would take more than 10
thousand years to break cipher.
■ So? DES is secure?
■ Yes or No?
■ DES finally and definitively proved insecure in July 1998, when
the Electronic Frontier Foundation (EFF98) announced that it had
broken a DES encryption using a special-purpose “DES Cracker”
machine that was built for less than $250,000.
■ The attack took less than 3 days to break cipher.
■ Problem?
■ Solution?
■ So a 128-bit key is guaranteed to result in an algorithm that is
unbreakable by brute force or EFF98.
■ 128-bit key would take over 1018years to break the code using
the EFF cracker.
Figure 30.16 Triple DES
30.45
Triple DES
30.49
Note
30.50
Figure 30.17 AES
30.51
Figure 30.18 Structure of each
round
30.52
■ Step 1: does a byte-for-byte substitution on state. Each byte in turn is
used as an index into an S-box to replace its value by the contents of
that S-box entry. This step is a straight mono-alphabetic substitution
cipher. Unlike DES, which has multiple S-boxes, Rijndael has only one
S-box.
■ Step 2: rotates each of the four rows to the left. Row 0 is rotated 0
bytes (i.e., not changed), row 1 is rotated 1 byte, row 2 is rotated 2
bytes, and row 3 is rotated 3 bytes. This step diffuses the contents of
the current data around the block, analogous to the permutations.
■ Step 3: mixes up each column independently of the other ones. The
mixing is done using matrix multiplication in which the new column is
the product of the old column and a constant matrix, with the
multiplication done using the finite Galois field, GF(28).
■ Step 4: XORs the key for this round into the state array.
■ Decryption?
■ Decryption can be done just by running the algorithm backward.
■ However, there is also a trick available in which decryption can be done by
running the encryption algorithm, using different tables.
■ Advantages:
■ Great speed
■ Great security
■ Good software implementation on 2GHz machine, achieve 700Mbps
encryption rate and encrypt over 100 MPEG-2 videos in real time.
■ Hardware implementation is also faster.
Figure 30.19 Modes of operation for block
ciphers
30.56
Figure 30.20 ECB mode
30.57
Electronic Code Book Mode
30.60
Cipher Feedback Mode
30.62
Stream Cipher Mode / OFB
30.64
30-3 ASYMMETRIC-KEY CRYPTOGRAPHY
30.65
PUBLIC KEY ALGORITHM: RSA
● RSA –Rivest–Shamir –Adelman
● Used for all, Encryption, Authentication and Digital Signing.
● Has long keys. i.e1024 bits which makes is secure.
● Key advantage: difficulty of factoring large integers.
● General Algorithm:
1. Generate two large random prime numbers, pand q, equal in size
such that n=pq and φ= (p-1)(q-1).
2. Compute n= pq and φ= (p-1)(q-1)
3. Choose an integer ‘e’ such that 1 < e <φ gcd(e,φ) = 1.
4. Compute secret exponent d, 1 < d < φsuch that ed=1(mod φ).
5. The public key is (n,e) and private key (n,d). Keep secret p, q, φ.
● Note:
● ‘n’ is modulus
● ‘e’ and ‘d’ is private key for encryption and decryption
respectively.
● ‘p’, ‘q’ and ‘φ’ is secret key.
RSA
30.69
Key Generation Steps:
■ 1. Select two prime numbers, p = 17 and q=11.
■ 2. Calculate n = pq = 17 × 11 = 187.
■ 3. Calculate f(n) = (p-1)(q-1) =16 × 10 =160.
■ 4. Select e such that e is relatively prime to f(n)
=160 and less than f(n); we choose e=7.
■ 5. Determine d such that de mod 160 =1 and d
< 160.The correct value is d = 23, because 23 ×
7= 161.
30.83
Example
30.10
Let us give a trivial example to make the procedure clear.
Our example uses small numbers, but note that in a real
situation, the numbers are very large. Assume g = 7 and
p = 23. The steps are as follows:
1. Alice chooses x = 3 and calculates R1 = 73 mod 23 = 21.
2. Bob chooses y = 6 and calculates R2 = 76 mod 23 = 4.
3. Alice sends the number 21 to Bob.
4. Bob sends the number 4 to Alice.
5. Alice calculates the symmetric key K = 43 mod 23 = 18.
6. Bob calculates the symmetric key K = 216 mod 23 = 18.
The value of K is the same for both Alice and Bob;
gxy mod p = 718 mod 23 = 18.
30.84
Figure 30.27 Diffie-Hellman
idea
30.85
Figure 30.28 Man-in-the-middle
attack
30.86