Transcript Cryptography Alice and Bob Plaintext Cyphertext Plaintext Caesar Cipher Substitution Cipher http://25yearsofprogramming.com/fun/ciphers.htm The U.S. government is still struggling with key cybersecurity issues more than a.

Cryptography
Alice and Bob
Plaintext
Cyphertext
Plaintext
Caesar Cipher
Substitution Cipher
http://25yearsofprogramming.com/fun/ciphers.htm
The U.S. government is still struggling with key cybersecurity issues more than a year after President
Obama deemed the protection of computer systems a national priority. In 2009 the administration
revealed a cyberspace policy review, while the president appointed White House cybercoordinator
Howard Schmidt to bring the government's initiatives into sync--but the administration is still debating
whether it requires new legal authorities or whether such actions are permitted by existing statutes.
Critics also charge that officials have failed to allay privacy fears or determine the extent to which the
government should regulate or cooperate with the private sector to ensure that critical industries are
shielded against hackers. Meanwhile, Congress has drafted numerous cybersecurity bills, but the White
House has yet to assume a stance on any of them. "You've got a lot of agreement on what the problem is
but very little agreement on the solution, both within the government and outside," notes James A. Lewis
with the Center for Strategic and International Studies. Deputy Defense secretary William J. Lynn III
recently said that the threat to the intellectual property of the government, universities, and businesses
may represent "the most significant cyberthreat" facing the United States. Schmidt stresses the
importance of private-public collaboration to secure the U.S.'s computer networks, and says that
progress has been made.
Substitution Cipher
http://www.cryptograms.org/letter-frequencies.php
Too Easy to Crack
http://www.simonsingh.net/The_Black_Chamber/maryqueenofscots.html
Vigenère Cipher
Plaintext: ATTACKATDAWN
Key: LEMONLEMONLE
Ciphertext: LXFOPVEFRNHR
Vigenère Cipher
http://sharkysoft.com/misc/vigenere/
Four score and seven years ago our fathers brought forth on this continent, a new nation, conceived in
Liberty, and dedicated to the proposition that all men are created equal.
Now we are engaged in a great civil war, testing whether that nation, or any nation so conceived and so
dedicated, can long endure. We are met on a great battle-field of that war. We have come to dedicate a portion
of that field, as a final resting place for those who here gave their lives that that nation might live. It is
altogether fitting and proper that we should do this.
But, in a larger sense, we can not dedicate -- we can not consecrate -- we can not hallow -- this ground. The
brave men, living and dead, who struggled here, have consecrated it, far above our poor power to add or
detract. The world will little note, nor long remember what we say here, but it can never forget what they did
here. It is for us the living, rather, to be dedicated here to the unfinished work which they who fought here
have thus far so nobly advanced. It is rather for us to be here dedicated to the great task remaining before us
-- that from these honored dead we take increased devotion to that cause for which they gave the last full
measure of devotion -- that we here highly resolve that these dead shall not have died in vain -- that this
nation, under God, shall have a new birth of freedom -- and that government of the people, by the people, for
the people, shall not perish from the earth.
Vigenère Cipher
A reproduction of the U.S. Confederacy’s cipher disk.
Vigenère Cipher
Letter frequencies are less obvious, but there is still
information because a single key repeats.
Enigma
Early 1920’s – post WWII
Try it: http://russells.freeshell.org/enigma/
Cracking the Enigma
• An Enigma machine captured by the Poles in 1928.
• Poles and British built “Bombes”, analog computers that
searched for the right combinations.
• Cat and mouse game and Germans upgraded machines
and Allies broke new codes.
• Exact role disputed, but some estimate that breaking the
Enigma code shortened the war in Europe by two years.
Alan Turing
• (1912 – 1954) British mathematician
• (1937) Defined a simple formal model
of computing and showed that there
are uncomputable functions
• (WW II) Worked on the breaking the
Enigma code
• (1950) Described a test for
intelligence
• (1948 -1952) Described a chessplaying algorithm
• (1954) Committed suicide
• (2009) British government apologizes
One-Time Pads
How Hard is Brute Force?
1
2
23
8388608
2
4
24
16777216
3
8
25
33554432
4
16
26
67108864
5
32
27
134217728
6
64
28
268435456
7
128
29
536870912
8
256
30
1073741824
9
512
31
2147483648
10
1024
32
4294967296
11
2048
33
8589934592
12
4096
34
17179869184
13
8192
35
34359738368
14
16384
36
68719476736
15
32768
37
137438953472
16
65536
38
274877906944.00
17
131072
39
549755813888.00
18
262144
40
1099511627776.00
19
524288
41
2199023255552.00
20
1048576
42
4398046511104.00
21
2097152
43
8796093022208.00
22
4194304
44
17592186044416.00
Moore’s Law
http://www.intel.com/technology/mooreslaw/
How It Has Happened
Public Key Encryption
Public key
Encrypt(Plaintext, Public key)
Cyphertext
Decrypt(Cyphertext, Private key)
Public Key Encryption
Is different because:
• Different keys used for encryption and decryption
• No need for secrecy in transmitting keys:
• The encryption key is public.
• The decryption key is private and doesn’t need to be
transmitted at all.
How RSA Works
Assume that Alice wants to send a message to Bob:
•
Bob chooses a private key.
•
Bob computes and publishes his public key:
public = f(private)
•
Alice exploits Bob’s public key to compute:
ciphertext = encrypt(plaintext, public)
•
Bob exploits his private key to compute:
plaintext = decrypt(ciphtertext, private).
In order for this last step to work, encrypt and decrypt
must be designed so that one is the inverse of the other.
What About Eve?
Encrypt(plaintext,public)
Alice
public
Decrypt(ciphertext,private)
ciphertext
Bob
Eve
• Eve knows the algorithms encrypt and decrypt.
• She could eavesdrop if she could:
– infer Bob’s private key from his public one, or
– compute decrypt without knowing Bob’s private key.
• RSA guarantees that Bob and Alice can perform their
tasks efficiently but Eve cannot, because of:
– the mathematical properties of modular arithmetic, and
– the computational properties of prime numbers.
Modular Arithmetic
Define (for integer p and positive integer n):
p (mod n) = remainder when dividing p by n
Modular Arithmetic
Define (for integer p and positive integer n):
p (mod n) = remainder when dividing p by n
Examples:
9 mod 7 =
52 mod 7 =
52 mod 5 =
Using RSA – Before the Message is Sent
•
Bob constructs his public and private keys:
•
Bob chooses two large prime numbers p and q.
He computes n = p  q.
•
Bob finds a value e :
•
Bob publishes (n, e) as his public key.
•
Bob computes his private key, a value d such that:
1 < e < p  q and
gcd(e, (p - 1)(q - 1)) = 1
d  e (mod (p – 1)  (q - 1)) = 1.
Using RSA – Sending and Receiving
•
Alice breaks plaintext into segments such that no
segment corresponds to a binary number that is larger
than n. Then, for each plaintext segment, Alice
computes:
ciphertext = plaintexte (mod n).
Then she send ciphertext to Bob.
•
Bob recreates Alice’s original message by computing:
plaintext = ciphertextd (mod n).
Why RSA Works
Recall:
e and (p - 1)(q -1) are relatively prime.
d  e (mod (p – 1)  (q - 1)) = 1.
encrypt(plaintext) = plaintexte (mod n).
decrypt(cyphertext) = ciphertextd (mod n).
• The functions encrypt and decrypt are inverses of
each other. The proof follows from Euler’s
generalization of Fermat’s Little Theorem.
Why RSA Works
• Bob can choose primes efficiently using the following
algorithm:
1. Randomly choose two large numbers as
candidates.
2. Check the candidates to see if they are prime.
There exist efficient algorithms to test
whether a number p is prime.
But these algorithms just say “prime”
or “not prime”. They do not report
factors of non-primes.
Why RSA Works
• Bob can choose primes efficiently using the following
algorithm:
1. Randomly choose two large numbers as
candidates.
2. Check the candidates to see if they are prime.
3. Repeat steps 1 and 2 until two primes have been
chosen. By the Prime Number Theorem, the
probability of a number near x being prime is about
1/ln x. So, for example, suppose Bob wants to
choose a 1000 bit number. The probability of a
randomly chosen number near 21000 being prime is
about 1/693. So he may have to try 1000 or so
times for each of the two numbers that he needs.
Why RSA Works
• Bob can check gcd efficiently, so he can compute e.
GCD
gcd-obvious(n, m: integers) =
1. Compute the prime factors of both n and m.
2. Let k be the product of all factors common to n and m
(including duplicates).
3. Return k.
Example:
The prime factors of 40 are {2, 2, 2, 5}.
The prime factors of 60 are {2, 2, 3, 5}.
So gcd(40, 60) = 225 = 20.
But no efficient algorithm for prime factorization is known.
Euclid’s Algorithm
gcd-Euclid(n, m: integers) =
If m = 0 return n.
Else return gcd-Euclid(m, n (mod m)).
Example:
gcd-Euclid(40, 60) =
gcd-Euclid(60, 40) =
gcd-Euclid(40, 20) =
gcd-Euclid(20, 0) =
20
Euclid’s Algorithm
gcd-Euclid(n, m: integers) =
If m = 0 return n.
Else return gcd-Euclid(m, n (mod m)).
Example:
gcd-Euclid(2546, 1542) =
gcd-Euclid(1542, 984) =
gcd-Euclid(984, 558) =
gcd-Euclid(558, 426) =
gcd-Euclid(426, 132) =
gcd-Euclid(132, 30) =
gcd-Euclid(30, 12) =
gcd-Euclid(12, 6) =
gcd-Euclid(6, 0) =
6
Try it yourself.
Why RSA Works
• Bob can check gcd efficiently (using Euclid’s
algorithm), so he can compute e.
• Bob can compute d efficiently, using an extension of
Euclid’s algorithm that exploits the quotients that it
produces at each step.
Why RSA Works
• Alice can implement encrypt efficiently. It is not
necessary to compute plaintexte and then take its
remainder mod n. Modular exponentiation can be
done directly by successive squaring.
• Similarly, Bob can implement decrypt efficiently.
Why RSA Works
Recall:
n = p  q.
d  e (mod (p – 1)  (q - 1)) = 1.
encrypt(plaintext) = plaintexte (mod n).
decrypt(cyphertext) = ciphertextd (mod n).
• Eve can’t recreate plaintext because:
• She can’t simply invert encrypt because modular
exponentiation isn’t invertible. She could try
every candidate plaintext and see if she gets
one that produces ciphertext, but there are too
many of them for this to be feasible.
• She can’t compute d from n and e. If she could
factor n into p and q, she could. But no efficient
factoring algorithm is known.
The Prime Factorization Problem
Let’s factor 636:
The Prime Factorization Problem
So the number of candidates grows as
n.
But now consider just binary numbers.
Suppose we add a bit:
10101
101011
Now what’s the largest number we can represent?
Largest Number That Uses n Bits
1
2
23
8388608
2
4
24
16777216
3
8
25
33554432
4
16
26
67108864
5
32
27
134217728
6
64
28
268435456
7
128
29
536870912
8
256
30
1073741824
9
512
31
2147483648
10
1024
32
4294967296
11
2048
33
8589934592
12
4096
34
17179869184
13
8192
35
34359738368
14
16384
36
68719476736
15
32768
37
137438953472
16
65536
38
274877906944.00
17
131072
39
549755813888.00
18
262144
40
1099511627776.00
19
524288
41
2199023255552.00
20
1048576
42
4398046511104.00
21
2097152
43
8796093022208.00
22
4194304
44
17592186044416.00
An Example
1.
Bob is expecting to receive messages. So he
constructs his keys as follows:
1. He chooses two prime numbers, p = 19 and q = 31.
He computes n = pq = 589.
2. He finds an e that has no common divisors with
1830 = 540. The e he selects is 49.
3. He finds a value d = 1069. Notice that 106949 =
52,381. Bob needs to assure that the remainder,
when 52,381 is divided by 540, is 1. And it is:
52,381 = 54097 +1. Bob’s private key is now 1069.
2. Bob publishes (589, 49) as his public key.
An Example, Continued
3.
Alice wishes to send the simple message “A”. The
ASCII code for A is 65. So Alice computes:
6549 (mod 589).
She does this without actually computing 6549.
Instead, she exploits two facts about modular
exponentiation:
Modular Exponentiation
Two important facts:
ni+j = ninj.
(nm) (mod k) = (n (mod k)m (mod k)) (mod k).
Combining these, we have:
ni+j (mod k) = (ni(mod k)nj(mod k)) (mod k).
Modular Exponentiation
Suppose that we want to compute 6549(mod 589). 49 can be expressed in
binary as 110001. So 49 = 1 + 16 + 32. Thus 6549 = 651+16+32.
651 (mod 589) = 65.
652 (mod 589) = 4225 (mod 589) = 102.
654 (mod 589) = 1022 (mod 589) = 10404 (mod 589) = 391.
658 (mod 589) = 3912 (mod 589) = 152881 (mod 589) = 330.
6516 (mod 589) = 3302 (mod 589) = 108900 (mod 589) = 524.
6532 (mod 589) = 5242 (mod 589) = 274576 (mod 589) = 102.
6549 (mod 589)
= 65(1+16+32) (mod 589).
= (65165166532) (mod 589).
= ((651 (mod 589))(6516 (mod 589))(6532 (mod 589)))
(mod 589).
= (65524102) (mod 589).
= ((34060 (mod 589))102) (mod 589).
= (487102) (mod 589).
= 49674 (mod 589).
= 198.
An Example, Continued
Alice sends Bob the message 198.
4.
Bob uses his private key (1069) to recreate Alice’s
message by computing 1981069 (mod 589). Using the
same process Alice used, he does this efficiently and
retrieves the message 65.
What Would Kill RSA?
Public Key Cryptography
Another Example of the Security vs
Commercial Application Tradeoff
Another Example of the Security vs
Commercial Application Tradeoff
GPS
• GPS includes a Selective Availability (SA) featuare that
adds intentional, time varying errors of up to 100 meters
(328 ft) to the publicly available navigation signals.
GPS
• GPS includes a Selective Availability (SA) featuare that
adds intentional, time varying errors of up to 100 meters
(328 ft) to the publicly available navigation signals.
• In 1996, President Clinton signed an executive order
declaring GPS to be a “dual use” technology. It required
that SA be set to 0 by 2006.
• It was set to 0 in 2000.
But We Keep Going Back and Forth
http://www.nytimes.com/2010/09/27/us/27wiretap.html?_r=1