Processing math: 100%
+ - 0:00:00
Notes for current slide
Notes for next slide

ECE 7420 / ENGI 9823: Security

Lecture 10: Cryptography

1 / 13

Today

Intro to cryptography

Classical cryptography

2 / 13

Κρυπτογραφία

3 / 13

Κρυπτογραφία (cryptography)

3 / 13

Κρυπτογραφία (cryptography)

κρυπτός

3 / 13

Κρυπτογραφία (cryptography)

κρυπτός: hidden, secret

3 / 13

Κρυπτογραφία (cryptography)

κρυπτός: hidden, secret

γράφειν

3 / 13

Κρυπτογραφία (cryptography)

κρυπτός: hidden, secret

γράφειν: writing

3 / 13

Κρυπτογραφία (cryptography)

κρυπτός: hidden, secret

γράφειν: writing

  • in general: transforming a message using secret knowledge
3 / 13

This famous photograph of US POWs in North Korea is an example of something that bears a hidden meaning to those with secret (or at least not-ubiquitous) knowledge. This photo was staged to show how happy captured US sailors were supposed to be in their new homes, but there is a hidden digital message...

Κρυπτογραφία (cryptography)

κρυπτός: hidden, secret

γράφειν: writing

  • in general: transforming a message using secret knowledge
  • in more technical terms:
    plaintextciphertext using a key*

    * Not all cryptograhic operations require a key, but we'll start with those that do.

3 / 13

This famous photograph of US POWs in North Korea is an example of something that bears a hidden meaning to those with secret (or at least not-ubiquitous) knowledge. This photo was staged to show how happy captured US sailors were supposed to be in their new homes, but there is a hidden digital message...

Security goals

Confidentiality
Integrity
Availability
Authentication
Authorization
Accountability
4 / 13

Security goals

Confidentiality Encryption
Integrity MACs, signatures
Availability
Authentication Password hashing
Authorization
Accountability
5 / 13

Cryptography is a useful mechanism that can be part of a solution that achieves security goals.

Security goals

Confidentiality Encryption
Integrity MACs, signatures
Availability
Authentication Password hashing
Authorization
Accountability

Cryptography is a useful tool...

5 / 13

Cryptography is a useful mechanism that can be part of a solution that achieves security goals.

Security goals

Confidentiality Encryption
Integrity MACs, signatures
Availability
Authentication Password hashing
Authorization
Accountability

Cryptography is a useful tool... but it's just a tool

5 / 13

Cryptography is a useful mechanism that can be part of a solution that achieves security goals.

As Peter Neumann said:

If you think cryptography is the answer to your problem, then you don't know what your problem is.

Cryptography doesn't solve problems by itself. Encrypting a network packet doesn't secure the hosts doing the communication. Putting a contract on a blockchain won't stop people from breaking their word. A secure system is much more than just cryptography. However, cryptography is an important part of most secure systems.

Classical Cryptography

6 / 13

Classical cryptography refers to everything from the classical era (hence the Greek name!) up to the 20th Century. Modern cryptography is based on mathematical problems like the discrete logarithm problem — we'll talk about such things we get to public-key cryptography. In between, there's some awkwardness where different experts may disagree on definitions. Modern block ciphers aren't modern enough for some people, but they're definititely not classical either.

I would suggest that you think of classical cryptography as cryptography before computers (very broadly defined) and modern cryptography as cryptography based on math problems and applied computer science. However, don't be surprised if you encounter someone who doesn't think that definition is "pure" enough. 😉

Classical Cryptography

Substitution Cipher

  • replace each symbol in the plaintext with a corresponding ciphertext symbol
6 / 13

Classical cryptography refers to everything from the classical era (hence the Greek name!) up to the 20th Century. Modern cryptography is based on mathematical problems like the discrete logarithm problem — we'll talk about such things we get to public-key cryptography. In between, there's some awkwardness where different experts may disagree on definitions. Modern block ciphers aren't modern enough for some people, but they're definititely not classical either.

I would suggest that you think of classical cryptography as cryptography before computers (very broadly defined) and modern cryptography as cryptography based on math problems and applied computer science. However, don't be surprised if you encounter someone who doesn't think that definition is "pure" enough. 😉

Classical Cryptography

Substitution Cipher

  • replace each symbol in the plaintext with a corresponding ciphertext symbol

Example: Caesar cipher

  • "shift" each letter by three (the key)
  • vini vidi viciylql ylgl ylfl
6 / 13

Classical cryptography refers to everything from the classical era (hence the Greek name!) up to the 20th Century. Modern cryptography is based on mathematical problems like the discrete logarithm problem — we'll talk about such things we get to public-key cryptography. In between, there's some awkwardness where different experts may disagree on definitions. Modern block ciphers aren't modern enough for some people, but they're definititely not classical either.

I would suggest that you think of classical cryptography as cryptography before computers (very broadly defined) and modern cryptography as cryptography based on math problems and applied computer science. However, don't be surprised if you encounter someone who doesn't think that definition is "pure" enough. 😉

More classical cryptography

Transposition Cipher

  • divide messages into blocks
  • transpose characters within blocks
  • newfoundlandnewf ound landwnfe nodu nlda
    with key 2413 (1 → 2, 2 → 4, 3 → 1, 4 → 3)
7 / 13

More classical cryptography

Transposition Cipher

  • divide messages into blocks
  • transpose characters within blocks
  • newfoundlandnewf ound landwnfe nodu nlda
    with key 2413 (1 → 2, 2 → 4, 3 → 1, 4 → 3)

Clearly not great... but why not?

7 / 13

If you don't know the key to such a transposition cipher, what might you try in order to find it?

Cryptanalysis

8 / 13

Cryptanalysis

  • given some plaintext and/or ciphertext, find the key
8 / 13

Cryptanalysis

  • given some plaintext and/or ciphertext, find the key
  • find a fatal flaw ("break") that subverts a cryptosystem
8 / 13

Cryptanalysis

  • given some plaintext and/or ciphertext, find the key
  • find a fatal flaw ("break") that subverts a cryptosystem
  • given some ciphertext (ylql ylgl ylfl), try all possible key values
8 / 13

Cryptanalysis

  • given some plaintext and/or ciphertext, find the key
  • find a fatal flaw ("break") that subverts a cryptosystem
  • given some ciphertext (ylql ylgl ylfl), try all possible key values
  • 1 → xkpk xkek xkek
8 / 13

Cryptanalysis

  • given some plaintext and/or ciphertext, find the key
  • find a fatal flaw ("break") that subverts a cryptosystem
  • given some ciphertext (ylql ylgl ylfl), try all possible key values
  • 1 → xkpk xkek xkek, 2 → wjoj wjej wjdj
8 / 13

Cryptanalysis

  • given some plaintext and/or ciphertext, find the key
  • find a fatal flaw ("break") that subverts a cryptosystem
  • given some ciphertext (ylql ylgl ylfl), try all possible key values
  • 1 → xkpk xkek xkek, 2 → wjoj wjej wjdj, 3 → vini vidi vici
8 / 13

Cryptanalysis

  • given some plaintext and/or ciphertext, find the key
  • find a fatal flaw ("break") that subverts a cryptosystem
  • given some ciphertext (ylql ylgl ylfl), try all possible key values
  • 1 → xkpk xkek xkek, 2 → wjoj wjej wjdj, 3 → vini vidi vici
  • possible if correct plaintext is distinguishable
8 / 13

Cryptanalysis

  • given some plaintext and/or ciphertext, find the key
  • find a fatal flaw ("break") that subverts a cryptosystem
  • given some ciphertext (ylql ylgl ylfl), try all possible key values
  • 1 → xkpk xkek xkek, 2 → wjoj wjej wjdj, 3 → vini vidi vici
  • possible if correct plaintext is distinguishable, easy if some P/C pairs are known
8 / 13

Cryptanalysis

  • given some plaintext and/or ciphertext, find the key
  • find a fatal flaw ("break") that subverts a cryptosystem
  • given some ciphertext (ylql ylgl ylfl), try all possible key values
  • 1 → xkpk xkek xkek, 2 → wjoj wjej wjdj, 3 → vini vidi vici
  • possible if correct plaintext is distinguishable, easy if some P/C pairs are known (yes, this is actually possible!)
8 / 13

It might seem unlikely that an attacker would have access to all details of the system, plus plaintext and ciphertext pairs, but it's actually not. In WWII, British codebreaking was sometimes aided by feeding specific plaintexts to the German enemy via a process called "gardening") (laying sea mines in specific locations to create minesweeping messages).

Kerckhoffs's principle(s)

9 / 13

Kerckhoffs's principle(s)

  1. The system must be practically, if not mathematically, indecipherable;
  2. It should not require secrecy, and it should not be a problem if it falls into enemy hands;
  3. It must be possible to communicate and remember the key without using written notes, and correspondents must be able to change or modify it at will; [...]

Translation from the French from Wikipedia

9 / 13

Kerchoffs had six principles, including that "it must be applicable to telegraph communications", but we're less interested in those. One key principle that we are still interested in is the second one: the security of a system should not depend on the adversary being ignorant of its details. This is commonly mis-stated as, "the design should be public", but that's not quite what Kerchoffs said. Rather, the principle is that your security shouldn't depend on the design being secret.

Exhaustive key search

10 / 13

Exhaustive key search

  • Caesar-style shift cipher: 26 possible keys (well, really 25)
10 / 13

Exhaustive key search

  • Caesar-style shift cipher: 26 possible keys (well, really 25)
  • Modern AES-128 cipher: 2^{128} keys
10 / 13

Exhaustive key search

  • Caesar-style shift cipher: 26 possible keys (well, really 25)
  • Modern AES-128 cipher: 2^{128} keys — could take awhile!
10 / 13

Exhaustive key search

  • Caesar-style shift cipher: 26 possible keys (well, really 25)
  • Modern AES-128 cipher: 2^{128} keys — could take awhile!
    • 10,000 CPUs checking one key / ns
10 / 13

Exhaustive key search

  • Caesar-style shift cipher: 26 possible keys (well, really 25)
  • Modern AES-128 cipher: 2^{128} keys — could take awhile!
    • 10,000 CPUs checking one key / ns
    • 10^4 \textrm{CPU} \times 10^9 \frac{\textrm{key}}{\textrm{CPU} \cdot s} \times 10^{4.9} \frac{s}{d} = 10^{17.9} \frac{\textrm{key}}{d} = 2^{59.5} \frac{\textrm{key}}{d}
10 / 13

Exhaustive key search

  • Caesar-style shift cipher: 26 possible keys (well, really 25)
  • Modern AES-128 cipher: 2^{128} keys — could take awhile!
    • 10,000 CPUs checking one key / ns
    • 10^4 \textrm{CPU} \times 10^9 \frac{\textrm{key}}{\textrm{CPU} \cdot s} \times 10^{4.9} \frac{s}{d} = 10^{17.9} \frac{\textrm{key}}{d} = 2^{59.5} \frac{\textrm{key}}{d}
    • need 2^{67.5} days
10 / 13

Exhaustive key search

  • Caesar-style shift cipher: 26 possible keys (well, really 25)
  • Modern AES-128 cipher: 2^{128} keys — could take awhile!
    • 10,000 CPUs checking one key / ns
    • 10^4 \textrm{CPU} \times 10^9 \frac{\textrm{key}}{\textrm{CPU} \cdot s} \times 10^{4.9} \frac{s}{d} = 10^{17.9} \frac{\textrm{key}}{d} = 2^{59.5} \frac{\textrm{key}}{d}
    • need 2^{67.5} days, i.e., 209 Edays
10 / 13

Exhaustive key search

  • Caesar-style shift cipher: 26 possible keys (well, really 25)
  • Modern AES-128 cipher: 2^{128} keys — could take awhile!
    • 10,000 CPUs checking one key / ns
    • 10^4 \textrm{CPU} \times 10^9 \frac{\textrm{key}}{\textrm{CPU} \cdot s} \times 10^{4.9} \frac{s}{d} = 10^{17.9} \frac{\textrm{key}}{d} = 2^{59.5} \frac{\textrm{key}}{d}
    • need 2^{67.5} days, i.e., 209 Edays / 572 Pyears
10 / 13

Exhaustive key search

  • Caesar-style shift cipher: 26 possible keys (well, really 25)
  • Modern AES-128 cipher: 2^{128} keys — could take awhile!
    • 10,000 CPUs checking one key / ns
    • 10^4 \textrm{CPU} \times 10^9 \frac{\textrm{key}}{\textrm{CPU} \cdot s} \times 10^{4.9} \frac{s}{d} = 10^{17.9} \frac{\textrm{key}}{d} = 2^{59.5} \frac{\textrm{key}}{d}
    • need 2^{67.5} days, i.e., 209 Edays / 572 Pyears / 63.5 Msols
10 / 13

Exhaustive key search

  • Caesar-style shift cipher: 26 possible keys (well, really 25)
  • Modern AES-128 cipher: 2^{128} keys — could take awhile!
    • 10,000 CPUs checking one key / ns
    • 10^4 \textrm{CPU} \times 10^9 \frac{\textrm{key}}{\textrm{CPU} \cdot s} \times 10^{4.9} \frac{s}{d} = 10^{17.9} \frac{\textrm{key}}{d} = 2^{59.5} \frac{\textrm{key}}{d}
    • need 2^{67.5} days, i.e., 209 Edays / 572 Pyears / 63.5 Msols
  • Lesson: make the search space large!
10 / 13

Cryptanalysis assumptions

Various attack models:

11 / 13

Cryptanalysis assumptions

Various attack models:

  • ciphertext-only (COA)
11 / 13

In a ciphertext-only attack, the adversary can break your cryptosystem using nothing but ciphertext. This is the strongest form of attack, so to say that a cryptosystem can withstand it don't impress me much.

Cryptanalysis assumptions

Various attack models:

  • ciphertext-only (COA)
  • known-plaintext (KPA)
11 / 13

In a ciphertext-only attack, the adversary can break your cryptosystem using nothing but ciphertext. This is the strongest form of attack, so to say that a cryptosystem can withstand it don't impress me much.

In a known-plaintext attack, the adversary is assumed to have access to plaintext/ciphertext pairs.

Cryptanalysis assumptions

Various attack models:

  • ciphertext-only (COA)
  • known-plaintext (KPA)
  • chosen-plaintext (CPA, CPA2)
11 / 13

In a ciphertext-only attack, the adversary can break your cryptosystem using nothing but ciphertext. This is the strongest form of attack, so to say that a cryptosystem can withstand it don't impress me much.

In a known-plaintext attack, the adversary is assumed to have access to plaintext/ciphertext pairs.

In a chosen-plaintext attack, the adversary is assumed to be able to make you encrypt plaintexts of their choosing (like "gardening" in WWII, but much more direct / less costly).

Cryptanalysis assumptions

Various attack models:

  • ciphertext-only (COA)
  • known-plaintext (KPA)
  • chosen-plaintext (CPA, CPA2)
  • chosen-ciphertext (CCA, CCA2)
11 / 13

In a ciphertext-only attack, the adversary can break your cryptosystem using nothing but ciphertext. This is the strongest form of attack, so to say that a cryptosystem can withstand it don't impress me much.

In a known-plaintext attack, the adversary is assumed to have access to plaintext/ciphertext pairs.

In a chosen-plaintext attack, the adversary is assumed to be able to make you encrypt plaintexts of their choosing (like "gardening" in WWII, but much more direct / less costly).

Finally, in a chosen-ciphertext attack, the adversary is assumed to be able to make you decrypt ciphertexts they give you.

Frequency analysis

12 / 13

Frequency analysis

Example of a ciphertext-only attack

12 / 13

Frequency analysis

Example of a ciphertext-only attack

  • don't know the plaintext
12 / 13

Frequency analysis

Example of a ciphertext-only attack

  • don't know the plaintext
  • know something about the plaintext
12 / 13

Frequency analysis

Example of a ciphertext-only attack

  • don't know the plaintext
  • know something about the plaintext: symbol frequencies
12 / 13

Frequency analysis

Example of a ciphertext-only attack

  • don't know the plaintext
  • know something about the plaintext: symbol frequencies
  • English: 12% e, 9% t, etc., common groupings: the, an, qu...
12 / 13

Frequency analysis

Example of a ciphertext-only attack

  • don't know the plaintext
  • know something about the plaintext: symbol frequencies
  • English: 12% e, 9% t, etc., common groupings: the, an, qu...

Exercise: decode shift-enciphered ciphertext via frequency analysis

hijstcih hdbtixbth tcrdst pcs strdst bthhpvth

12 / 13

The End.

13 / 13

Today

Intro to cryptography

Classical cryptography

2 / 13
Paused

Help

Keyboard shortcuts

, , Pg Up, k Go to previous slide
, , Pg Dn, Space, j Go to next slide
Home Go to first slide
End Go to last slide
Number + Return Go to specific slide
b / m / f Toggle blackout / mirrored / fullscreen mode
c Clone slideshow
p Toggle presenter mode
t Restart the presentation timer
?, h Toggle this help
Esc Back to slideshow