Modern Cryptography

Modern Cryptography
for Java Developers
James McGivern

About This Talk
• Not a treaty in mathematical theory
• Rapid fire - please save questions until the
end
• Looking under the hood
• Look at two popular algorithms
• Hot cryptographic research

Definitions
• Cryptography
• Plaintext
• Cyphertext
• Code
• Cypher vs Cipher
• Encryption / Decryption
• Key

“Secure Hashes”
• A hash function takes an arbitrary length input and
returns a fixed sized bit string
• Cryptographic hash function obey 3 properties:
• Given a hash h it should be hard to find a message m
s.t. h = hash(m)
• Given an input m1 it should be hard to find an m2 s.t.
m1 != m2 and hash(m1) = hash(m2)
• Should be hash collision resistant
• MD5, SHA-1, SHA-3, RIPEMD-xxx

A Challenge
Gur Nafjre gb Yvsr, Gur Havirefr, naq
Rirelguvat vf sbegl 42.

A Challenge
The Answer to Life, The Universe, and
Everything is 42.

The Enigma Machine
Simon Singh

All Hail Turing
©National Portrait Gallery
and the others at Bletchley Park

Kerckhoff’s Principle
“A cryptosystem should be secure even if
everything about the system, except the key,
is public knowledge”

Background
• The only kind of encryption until 1973
• The same cryptographic key for both
encryption of plaintext and decryption of
ciphertext
• This is a “shared secret”

Cyphers
3-Way Anubis CIPHERUNICORN-A
Cobra COCONUT98 Crab
Cryptomeria CRYPTON DFC
FEAL FROG ICE M6 MARS
Mercy MESH Nimbus Threefish
Treyfer UES Xenon Zodiac

Cyphers
Camellia Cobra CAST-COCONUT98 128 IDEA
Crab
RC2 RC5 SEED
Skipjack TEA XTEA

Cyphers
Serpent AES
Cobra COCONUT98 Crab
Blowfish
DES 3DES
Camellia CAST-128 IDEA
RC2 RC5 SEED
Skipjack TEA XTEA
Twofish

Cypher Types
• Block Cyphers
• Stream Cyphers

All Hail Claude Shannon
• Godfather of:
• Information Theory
• Digital Computing & Digital Circuit
Design
• Cryptographic Confusion
• Cryptographic Diffusion
• "the enemy knows the system"

S-Boxes
• A function which maps an m bit input to an
n bit output
• Fixed lookup table vs dynamic based on key
• Example: 6x4 S-Box:

AES
• Based on the Rijndael cypher
• Block size: 128 bits
• Key size:
• 128 bit - 10 rounds
• Block represented as a 4×4 column-major
order matrix of bytes called the state

AES Recipe
• BEGIN
• Key Expansion
• LOOP (round)
• Key XOR
• Substitute
• Transpose
• Mix
• END
• Key XOR
• Substitute
• Transpose
• Key XOR

Key Expansion
• Each round of processing uses a round key
• Round keys are derived from the primary
key
• AES uses the Rijndael Key Schedule
• Round Keys are the same size as the state

Key XOR
• Bit-wise XOR the round key with the state

Substitute
• Replace each byte in the state using an S-box
• This process is reversible but non-linear
• The S-box is a derangement

Mix
• Apply an invertible linear transform to each
cell (4 bytes)
• This does not change the cell size
• Together with Transpose provides
cryptographic diffusion

Weaknesses
• Direct Attacks
• “Biclique Cryptanalysis of the Full AES”
Cracks AES-128 with computational complexity 2126.1
• Side channel attacks
• 2005 cache-timing attack (requires root access)
• 2009 some hardware implementations found to be
susceptible to differential fault analysis allowing key
recovery with complexity 232
• 2010 access-driven cache attack, “near realtime” key
recovery (requires root access)

Background
• 1973 - James H. Ellis, Clifford Cocks, and
Malcolm Williamson @GCHQ
• 1974/78 - Merkle’s Puzzles
• 1976 - Whitfield Diffie and Martin Hellman
• 1977/78 - Ron Rivest, Adi Shamir and
Leonard Adleman @MIT

RSA
• Based on the Integer Factorisation Problem
• Believed to be in NP and co-NP
• => not NP-complete
• Is a fundamental part of HTTPS/SSL

Key generation
• Choose two prime number p and q
• Compute n = pq
• Compute F(n) = F(p)F(q) = (p - 1)/(q - 1)
• Chose an integer e s.t.
• 1 < e < F(n)
• gcd(e, F(n)) = 1
• Compute d = 1 / e(mod F(n))
• Public Key = (e, n)
• Private Key = (e, d)

Encryption
• Given a message M
• Convert M to an integer m s.t. 0 < m < 1
• If necessary use a padding scheme
• Computer the cypher text c:
c = me (mod n)

Decryption
• Given a cyphertext c
• Compute m = cd (mod n)
• Remove padding if present
• Convert m in to M

Issues
• Picking the numbers is hard
• If p or q are too small or too close to each
other it greatly decreases the security
• If p-1 or q-1 only has small prime factors n
can be factored in polynomial time
• Side-channel attacks
• Timing
• Differential fault analysis (power)

Cryptographic Libraries
• JCA
• java.security
• javax.security deprcated
• JCE Providers
• Oracle JCE + policies
• The Legion of the Bouncy Castle

Useful Utils
• Jasypt
• Keytool IUI
• Spring Crypto Utils
• JCE taglib

Practical Tips
• KISS
• Choose the appropriate algorithm for the
situation
• Cost / benefit analysis
• Key size
• Hybrid encryption systems
• Good quality RNG seeds

Quantum Computers
@The Pub Explanation

The Basics
• Binary vectors |0> and |1>
• Qubit |q> = x|0> + y|1>
where x2 + y2 = 1
• Qubits
|q> = a|00> + b|01> + c|11> + d|10>

Quantum Operations
• An operation on n qubits can be
represented by an nxn matrix
• Also represented by quantum circuits
• Always Reversible...

Measuring
• Given |q> = -0.2|0> + 0.8|1>
• Then the result of measuring q is:
• 0 with probability 0.2
• 1 with probability 0.8
|q> = -0.1|00> + 0.4|01> + 0.4|11> + 0.1|10>
|q> = -0.2|0> + 0.8|1>
• Irreversible

Entanglement
• Only a quantum effect
• An entangled quantum system allows a higher
correlation of states than classically possible
• Given a qubit system in equal superposition
Measuring the first qubit allows us to determine
the state of the second without measuring

Grover’s Algorithm
• Lov Grover 1996
• Given some function f and an value y find x
such that f(x) = y
• O(N1/2) time complexity
• O(log N) space complexity

Shor’s Algorithm
Don’t leave this blank!

Shor’s Algorithm
• Peter Shor 1994
• Calculates the factors of a given integer
• O((log N)3)
• Belongs to BQP

Good News
• The largest integer factored: 143
• Largest quantum computer: 84 qubits

Lattice-Based Cryptography
• A lattice L in Rn is a discrete subgroup of
Rn which spans the real vector space Rn
• Each lattice has a set of bases
• A basis is a set of vectors such that any
vector is the lattice is a linear combination
of the basis vectors
• Can be viewed as a regular tiling of a space
by a primitive cell

Graphical Representation
Basis = {
[0.5, 0],
[0, 1]
}

Shortest Vector Problem
Given a lattice L in Rn find the shortest non-zero
vector in L

Closest Vector Problem
Given a lattice L in Rn and a vector v not in
L, find the closest vector in L to v

NP-Hard
• Non-deterministic polynomial time hard
• For all problems in NP, any NP-hard
problem is at least as hard as the hardest
problem in NP
• SVP & CVP are thought to be NP-hard
• If we find a polynomial time algorithm for
any NP-hard problem then P = NP!

Other Approaches
• Multivariate Cryptography
• Secure Hash Signatures
• Lamport signatures
• Merkle scheme
• McEliece and Niedenrreiter Algorithms
based on EEC

Summary
• Modern cryptography really started ~1937
• Symmetric cyhpers
• Asymmetric cyphers
• Non-classical cryptography
• Post-quantum cryptography

Modern Cryptography

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (20)

Similaire à Modern Cryptography

Similaire à Modern Cryptography (20)

Dernier

Dernier (20)

Modern Cryptography