Slides from the presentation "Modern Cryptography" delivered at Deovxx UK 2013. See Parleys.com for the full video https://www.parleys.com/speaker/5148920c0364bc17fc5697a5
2. About This Talk
• Not a treaty in mathematical theory
• Rapid fire - please save questions until the
end
• Looking under the hood
• Look at two popular algorithms
• Hot cryptographic research
4. “Secure Hashes”
• A hash function takes an arbitrary length input and
returns a fixed sized bit string
• Cryptographic hash function obey 3 properties:
• Given a hash h it should be hard to find a message m
s.t. h = hash(m)
• Given an input m1 it should be hard to find an m2 s.t.
m1 != m2 and hash(m1) = hash(m2)
• Should be hash collision resistant
• MD5, SHA-1, SHA-3, RIPEMD-xxx
12. Background
• The only kind of encryption until 1973
• The same cryptographic key for both
encryption of plaintext and decryption of
ciphertext
• This is a “shared secret”
18. All Hail Claude Shannon
• Godfather of:
• Information Theory
• Digital Computing & Digital Circuit
Design
• Cryptographic Confusion
• Cryptographic Diffusion
• "the enemy knows the system"
19. S-Boxes
• A function which maps an m bit input to an
n bit output
• Fixed lookup table vs dynamic based on key
• Example: 6x4 S-Box:
20. AES
• Based on the Rijndael cypher
• Block size: 128 bits
• Key size:
• 128 bit - 10 rounds
• 192 bit - 12 rounds
• 256 bit - 14 rounds
• Block represented as a 4×4 column-major
order matrix of bytes called the state
22. Key Expansion
• Each round of processing uses a round key
• Round keys are derived from the primary
key
• AES uses the Rijndael Key Schedule
• Round Keys are the same size as the state
23. Key XOR
• Bit-wise XOR the round key with the state
24. Substitute
• Replace each byte in the state using an S-box
• This process is reversible but non-linear
• The S-box is a derangement
26. Mix
• Apply an invertible linear transform to each
cell (4 bytes)
• This does not change the cell size
• Together with Transpose provides
cryptographic diffusion
28. Weaknesses
• Direct Attacks
• “Biclique Cryptanalysis of the Full AES”
Cracks AES-128 with computational complexity 2126.1
• Side channel attacks
• 2005 cache-timing attack (requires root access)
• 2009 some hardware implementations found to be
susceptible to differential fault analysis allowing key
recovery with complexity 232
• 2010 access-driven cache attack, “near realtime” key
recovery (requires root access)
30. Background
• 1973 - James H. Ellis, Clifford Cocks, and
Malcolm Williamson @GCHQ
• 1974/78 - Merkle’s Puzzles
• 1976 - Whitfield Diffie and Martin Hellman
• 1977/78 - Ron Rivest, Adi Shamir and
Leonard Adleman @MIT
31. RSA
• Based on the Integer Factorisation Problem
• Believed to be in NP and co-NP
• => not NP-complete
• Is a fundamental part of HTTPS/SSL
32. Key generation
• Choose two prime number p and q
• Compute n = pq
• Compute F(n) = F(p)F(q) = (p - 1)/(q - 1)
• Chose an integer e s.t.
• 1 < e < F(n)
• gcd(e, F(n)) = 1
• Compute d = 1 / e(mod F(n))
• Public Key = (e, n)
• Private Key = (e, d)
33. Encryption
• Given a message M
• Convert M to an integer m s.t. 0 < m < 1
• If necessary use a padding scheme
• Computer the cypher text c:
c = me (mod n)
34. Decryption
• Given a cyphertext c
• Compute m = cd (mod n)
• Remove padding if present
• Convert m in to M
35. Issues
• Picking the numbers is hard
• If p or q are too small or too close to each
other it greatly decreases the security
• If p-1 or q-1 only has small prime factors n
can be factored in polynomial time
• Side-channel attacks
• Timing
• Differential fault analysis (power)
39. Practical Tips
• KISS
• Choose the appropriate algorithm for the
situation
• Cost / benefit analysis
• Key size
• Hybrid encryption systems
• Good quality RNG seeds
43. Quantum Operations
• An operation on n qubits can be
represented by an nxn matrix
• Also represented by quantum circuits
• Always Reversible...
44. Measuring
• Given |q> = -0.2|0> + 0.8|1>
• Then the result of measuring q is:
• 0 with probability 0.2
• 1 with probability 0.8
|q> = -0.1|00> + 0.4|01> + 0.4|11> + 0.1|10>
|q> = -0.2|0> + 0.8|1>
• Irreversible
45. Entanglement
• Only a quantum effect
• An entangled quantum system allows a higher
correlation of states than classically possible
• Given a qubit system in equal superposition
Measuring the first qubit allows us to determine
the state of the second without measuring
46. Grover’s Algorithm
• Lov Grover 1996
• Given some function f and an value y find x
such that f(x) = y
• O(N1/2) time complexity
• O(log N) space complexity
52. Lattice-Based Cryptography
• A lattice L in Rn is a discrete subgroup of
Rn which spans the real vector space Rn
• Each lattice has a set of bases
• A basis is a set of vectors such that any
vector is the lattice is a linear combination
of the basis vectors
• Can be viewed as a regular tiling of a space
by a primitive cell
55. Closest Vector Problem
Given a lattice L in Rn and a vector v not in
L, find the closest vector in L to v
56. NP-Hard
• Non-deterministic polynomial time hard
• For all problems in NP, any NP-hard
problem is at least as hard as the hardest
problem in NP
• SVP & CVP are thought to be NP-hard
• If we find a polynomial time algorithm for
any NP-hard problem then P = NP!
57. Other Approaches
• Multivariate Cryptography
• Secure Hash Signatures
• Lamport signatures
• Merkle scheme
• McEliece and Niedenrreiter Algorithms
based on EEC
58. Summary
• Modern cryptography really started ~1937
• Symmetric cyhpers
• Asymmetric cyphers
• Non-classical cryptography
• Post-quantum cryptography