Modern Cryptography - Mount Allison University
Download
Report
Transcript Modern Cryptography - Mount Allison University
Modern
Cryptography
The Enigma Machine
German
encryption and
decryption
machine used in
WWII
Essentially a
complex,
automated
substitution cipher
How did Enigma work?
Rotors have different
wiring connecting input
to output
Rotors move after each
keypress
The key is the initial
position of the three
rotors
Simplified Enigma
A c
A b
A a
B b
=
C c
D d
B a
C c C c C c
D d D d D d
B b
B a
=
A a
B b
B c
=
Cc
C c
Cd
C c
Ca
Dd
D d
Dc
D d
Db
A b
A a A a A a
B b B b B b
A a
A d
=
B c
Cd
Da
Every time a key is pressed the
rotors spin, so the overall
substitution table changes
Breaking the Enigma
Britain set up its cryptanalysis team in
Bletchley Park
They consistently broke German codes
throughout the war
Provided the intelligence codenamed ULTRA
Important location in the history of computing
Alan Turing
COLOSSUS
Cryptography in the Computer Age
Working with binary instead of letters
We can do things many, many times
of an Enigma machine that has 2128 pairs of
symbols on each rotor, and 20 rotors
Think
Other than that, the basic principles are the
same as classical cryptography
The XOR Operation
a
b
0
0
1
1
0
1
0
1
a
b
0
1
1
0
eXclusive OR
“should we go left or
right?”
Can do one or the other, but
not both
Useful in cryptography for
mixing two binary strings
together
Modern Ciphers
We design one relatively simple scrambling method
(called a round) and repeat it many times
Think of each round as a rotor on the Enigma
One round may be easy to break, but when you put them all
together it becomes very hard
Almost all ciphers follow one of two structures
SPN (Substitution Permutation Network)
Feistel Network
These describe the basic structure of a round
One SPN Round
Input to the round
First, the input is XORed with
the round subkey
Second, the input is split into
pieces (usually of one byte)
and put through a
substitution
Finally, the pieces are
swapped around
Output from the round
And the output from this
round becomes the input to
the next round
A Simple
SPN
Cipher
Plaintext Block
The overall plaintext is broken
into blocks and each block is
encrypted with the cipher
Roundkey 1
Round 1
Typical SPN ciphers will have 1014 rounds
Roundkey 2
Round 2
Alice and Bob only need one key,
and the cipher will transform that
key into subkeys for each round
Roundkey 3
Round 3
Ciphertext Block
To decrypt, Alice just does
everything in the reverse order
One Feistel Round
The input to the round is
divided in half
Input Left Half
Input Right Half
Roundkey
The right half is put into a
round function with the
roundkey
The output of the round
function is XORed with the
left half
Round
Function
The two halves switch
sides to become the input
to the next round
Only the left half of the
input has been modified
Output Left Half
Output Right Half
A Simple Feistel Cipher
Plaintext Block
Roundkey 1
Round 1
Roundkey 2
Round 2
Roundkey 3
Round 3
Ciphertext Block
Feistel ciphers need twice as many
rounds as SPN ciphers because only
half of the input is being encrypted
each round
Works the same as SPN ciphers in
terms of transforming one key into
subkeys and splitting the plaintext
into blocks
To decrypt, the ciphertext is sent
through the same cipher and the
roundkeys are used in reverse order
Modern Ciphers in Practice
Follow SPN/Feistel structure in general,
but with added twists for security
There are two important ciphers in the
history of modern cryptography
DES
(Data Encryption Standard)
AES (Advanced Encryption Standard)
DES
U.S. Government recognized the need to have a
standardized cipher for secret documents
DES was developed by IBM in 1976
Feistel structure
Key length of 56 bits, block size of 64 bits
16 rounds
Analysis of DES was the beginning of modern
cryptographic research
Controversy Surrounding DES
Development process was hidden from
public
Suspicions
that the government had put in a
“backdoor”
Government attempted to shut down
research in cryptography
Breaking DES
The key length of DES was too short
a key is 56 bits long, that means there are 256
possible keys
“DES Cracker” machines were designed to simply
brute force all possible keys
If
People began encrypting the plaintext multiple
times with different keys in order to increase the
number of keys that need to be checked
Breaking DES cont.
DES was further weakened by the discovery of differential
cryptanalysis
Ideally a ciphertext should be completely random, there should be
no connection to its matching plaintext
Biham and Shamir in 1990
The most significant advance in cryptanalysis since frequency analysis
Differential analysis exploits the fact that this is never actually the case
Uses patterns between plaintext and ciphertext to discover the key
There is evidence that IBM knew about differential cryptanalysis
back when they were designing DES in 1976
Developing the AES
With DES effectively broken, a new standard
was needed
U.S. Government made it an open
application/review process this time, and
received many submissions
In 2001, after five years, the Rijndael cipher was
selected to become the Advanced Encryption
Standard
AES (Rijndael)
Developed by Vincent Rijmen and Joan
Daemen
SPN structure
Block size of 128 bits
Key size of 128, 192, or 256 bits
10, 12, or 14 rounds depending on the key
size
Current attacks against AES
On AES with 128-bit keys, a brute force attack
would require 2128 work
Any
technique that can decrypt a ciphertext with less
than 2128 work is considered an attack
Currently the best attacks on AES use variations
of differential cryptanalysis
None
of them could actually be completed before the
sun burns out
None of them work on the full number of rounds
The Problem of Symmetric Key
Cryptography
Up until now we’ve been talking about symmetric
key cryptography
Alice
and Bob are using the same key to
encrypt/decrypt
Problem: How does Bob get the key to Alice
when Eve is eavesdropping?
Up until 1976 the only solution was to physically
give Alice the key in a secure environment
Public Key Cryptography
Diffie and Hellman published a paper in 1976
providing a solution
We use one key for encryption (the public key),
and a different key for decryption (the private
key)
Everyone knows Alice’s public key, so they can
encrypt messages and send them to her
But
only Alice has the key to decrypt those messages
No one can figure out Alice’s private key even if
they know her public key
Using Public Keys
Nonsense
Encryption
Plaintext
Ciphertext
Decryption
Plaintext
Public Key Cryptography in
Practice
The problem is that public key algorithms are too
slow to encrypt large messages
Instead
Bob uses public key algorithms to send Alice
the symmetric key, and then uses symmetric key
algorithms to send the message
Bob and Alice have to be careful when sending
these communications back and forth that Eve
can’t overhear anything that would allow her to
decrypt the message
Sending a Message
What’s your public key?
Bob picks a
symmetric key and
encrypts it using
Alice’s public key
Alice decrypts the
symmetric key using her
private key
Then sends the
key to Alice
Bob encrypts his
message using
the symmetric
key
Then sends the
message to
Alice
hi
Alice decrypts the
message using the
symmetric key
The RSA Public Key Cipher
The most popular algorithm is RSA, developed in 1977
Named after its creators: Rivest, Shamir, and Adleman
Alice picks two large primes and finds their product
She then uses this product to create the public and private keys
She sends the product and the public key to Bob, who can use them
to encrypt messages
Even if Eve knows the product and the public key, she can’t figure
out the private key unless she can factor the product
There is no known way to do this efficiently
Are we all secure now?
Unfortunately not, there are still many problems
that need to be dealt with
How
does Bob know that he’s really talking to Alice?
How does Alice know that the message she receives
hasn’t been tampered with?
How does Alice know the message was sent by Bob?
These are questions addressed by other areas
of cryptography
The End