SlideShare une entreprise Scribd logo
1  sur  35
Télécharger pour lire hors ligne
Presentation is based on the book
„Understanding Cryptography – A Textbook for
Students and Practitioners“
by Christof Paar and Jan Pelzl
www.crypto-textbook.com
Part I – Introduction to Cryptography
These slides were prepared by Christof Paar, Jan Pelzl and Maksim Djackov
2/36 Understanding Cryptography by Christof Paar and Jan Pelzl
Some legal stuff: Terms of Use
• The slides can used free of charge. All copyrights for the slides remain with
Christof Paar and Jan Pelzl.
• The title of the accompanying book “Understanding Cryptography” by
Springer and the author’s names must remain on each slide.
• If the slides are modified, appropriate credits to the book authors and the
book title must remain within the slides.
• It is not permitted to reproduce parts or all of the slides in printed form
whatsoever without written consent by the authors.
3/36 Understanding Cryptography by Christof Paar and Jan Pelzl
Part I
4/36 Understanding Cryptography by Christof Paar and Jan Pelzl
Content of this Chapter
• Overview on the field of cryptology
• Basics of symmetric cryptography
• One-Time Pad (OTP)
• Substitution Cipher
• Shift (or Caesar) Cipher and Affine Cipher
• Enigma Machine
• DES Block Cipher
• AES Block Cipher
5/36 Understanding Cryptography by Christof Paar and Jan Pelzl
 Further Reading and Information
Addition to Understanding Cryptography .
• A.Menezes, P. van Oorschot, S. Vanstone, Handbook of Applied Cryptography.
CRC Press, October 1996.
• H.v.Tilborg (ed.), Encyclopedia of Cryptography and Security, Springer, 2005
History of Cryptography (great bedtime reading)
• S. Singh, The Code Book: The Science of Secrecy from Ancient Egypt to
Quantum Cryptography, Anchor, 2000.
• D. Kahn, The Codebreakers: The Comprehensive History of Secret
Communication from Ancient Times to the Internet. 2nd edition, Scribner, 1996.
Software (excellent demonstration of many ancient and modern ciphers)
• Cryptool, http://www.cryptool.de
6/36 Understanding Cryptography by Christof Paar and Jan Pelzl
 Classification of the Field of Cryptology
Cryptology
Cryptography Cryptanalysis
Symmetric Ciphers Asymmetric Ciphers Protocols
Block Ciphers Stream Ciphers
7/36 Understanding Cryptography by Christof Paar and Jan Pelzl
 Some Basic Facts
• Ancient Crypto: Early signs of encryption in Eqypt in ca. 2000 B.C.
Letter-based encryption schemes (e.g., Caesar cipher) popular ever since.
• Symmetric ciphers: All encryption schemes from ancient times until 1976 were
symmetric ones.
• Asymmetric ciphers: In 1976 public-key (or asymmetric) cryptography was openly
proposed by Diffie, Hellman and Merkle.
• Hybrid Schemes: The majority of today‘s protocols are hybrid schemes, i.e., the
use both
• symmteric ciphers (e.g., for encryption and message authentication) and
• asymmetric ciphers (e.g., for key exchange and digital signature).
8/36 Understanding Cryptography by Christof Paar and Jan Pelzl
Content of this Chapter
• Overview on the field of cryptology
• Basics of symmetric cryptography
• One-Time Pad (OTP)
• Substitution Cipher
• Shift (or Caesar) Cipher and Affine Cipher
• Enigma Machine
• DES Block Cipher
• AES Block Cipher
9/36 Understanding Cryptography by Christof Paar and Jan Pelzl
 Symmetric Cryptography
• Alternative names: private-key, single-key or secret-key cryptography.
Alice
(good)
Bob
(good)
Oscar
(bad guy)
x x
Unsecure
channel
(e.g. Internet)
• Problem Statement:
1) Alice and Bob would like to communicate via an unsecure channel (e.g.,
WLAN or Internet).
2) A malicious third party Oscar (the bad guy) has channel access but should
not be able to understand the communication.
10/36 Understanding Cryptography by Christof Paar and Jan Pelzl
 Symmetric Cryptography
Alice
(good)
Bob
(good)
Oscar
(bad guy)
Encryption
e( )
Key Generator
Decryption
d( )
Secure Channel
K
x y
K
x
Unsecure
channel
(e.g. Internet)
• x is the. plaintext
• y is the ciphertext
• K is the key
• Set of all keys {K1, K2, ...,Kn} is the key space
Solution: Encryption with symmetric cipher.
 Oscar obtains only ciphertext y, that looks
like random bits
y
11/36 Understanding Cryptography by Christof Paar and Jan Pelzl
 Symmetric Cryptography
• Encryption equation y = eK(x)
• Decryption equation x = dK(y)
• Important: The key must be transmitted via a secure channel between Alice and Bob.
• The secure channel can be realized, e.g., by manually installing the key for the Wi-Fi
Protected Access (WPA) protocol or a human courier.
• However, the system is only secure if an attacker does not learn the key K!
 The problem of secure communication is reduced to secure transmission and
storage of the key K.
• Encryption and decryption are inverse operations if the same key K is used on both
sides:
dK(y) = dK(eK(x)) = x
12/36 Understanding Cryptography by Christof Paar and Jan Pelzl
• Treats the cipher as a black box
• Requires (at least) 1 plaintext-ciphertext pair (x0, y0)
• Check all possible keys until condition is fulfilled:
dK(y0) = x0
• How many keys to we need ?
 Brute-Force Attack (or Exhaustive Key Search) against Symmetric Ciphers
Key length
in bit
Key space Security life time
(assuming brute-force as best possible attack)
64 264 Short term (few days or less)
128 2128 Long-term (several decades in the absence of
quantum computers)
256 2256 Long-term (also resistant against quantum
computers – note that QC do not exist at the
moment and might never exist)
?
Important: An adversary only needs to succeed with one attack. Thus, a long key space
does not help if other attacks (e.g., social engineering) are possible..
13/36 Understanding Cryptography by Christof Paar and Jan Pelzl
Content of this Chapter
• Overview on the field of cryptology
• Basics of symmetric cryptography
• One-Time Pad (OTP)
• Substitution Cipher
• Shift (or Caesar) Cipher and Affine Cipher
• Enigma Machine
• DES Block Cipher
• AES Block Cipher
 One-Time Pad (OTP)
Unconditionally secure cryptosystem:
• A cryptosystem is unconditionally secure if it cannot be broken even with
infinite computational resources
One-Time Pad
• A cryptosystem developed by Mauborgne that is based on Vernam’s stream
cipher:
• Properties:
Let the plaintext, ciphertext and key consist of individual bits
xi, yi, ki  {0,1}.
Encryption: eki
(xi) = xi  ki.
Decryption: dki
(yi) = yi  ki
OTP is unconditionally secure if and only if the key ki. is used once!
14/27 Understanding Cryptography by Christof Paar and Jan Pelzl
 One-Time Pad (OTP)
Unconditionally secure cryptosystem:
y0 = x0  k0
y1 = x1  k1
:
Every equation is a linear equation with two unknowns
 for every yi are xi = 0 and xi = 1 equiprobable!
This is true iff k0, k1, ... are independent, i.e., all ki have to be
generated truly random
 It can be shown that this systems can provably not be solved.
Disadvantage: For almost all applications the OTP is impractical
since the key must be as long as the message! (Imagine you
have to encrypt a 1GByte email attachment.)
15/27 Understanding Cryptography by Christof Paar and Jan Pelzl
16/36 Understanding Cryptography by Christof Paar and Jan Pelzl
Content of this Chapter
• Overview on the field of cryptology
• Basics of symmetric cryptography
• One-Time Pad (OTP)
• Substitution Cipher
• Shift (or Caesar) Cipher and Affine Cipher
• Enigma Machine
• DES Block Cipher
• AES Block Cipher
17/36 Understanding Cryptography by Christof Paar and Jan Pelzl
 Substitution Cipher
• Historical cipher
• Great tool for understanding brute-force vs. analytical attacks
• Encrypts letters rather than bits (like all ciphers until after WW II)
Idea: replace each plaintext letter by a fixed other letter.
Plaintext Ciphertext
A  k
B  d
C  w
....
for instance, ABBA would be encrypted as kddk
• Example (ciphertext):
iq ifcc vqqr fb rdq vfllcq na rdq cfjwhwz hr bnnb hcc
hwwhbsqvqbre hwq vhlq
• How secure is the Substitution Cipher? Let‘s look at the attacks…
18/36 Understanding Cryptography by Christof Paar and Jan Pelzl
 Attacks against the Substitution Cipher
1. Attack: Exhaustive Key Search (Brute-Force Attack)
• Simply try every possible subsititution table until an intelligent plaintext appears
(note that each substitution table is a key)..
• How many substitution tables (= keys) are there?
26 x 25 x … x 3 x 2 x 1 = 26!  288
Search through 288 keys is completely infeasible with today‘s computers!
(cf. earlier table on key lengths)
• Q: Can we now conclude that the substitution cipher is secure since a brute-
forece attack is not feasible?
• A: No! We have to protect against all possible attacks…
19/36 Understanding Cryptography by Christof Paar and Jan Pelzl
 2. Attack: Letter Frequency Analysis (Brute-Force Attack)
• Letters have very different frequencies in the English language
• Moreover: the frequency of plaintext letters is preserved in the ciphertext.
• For instanc, „e“ is the most common letter in English; almost 13% of all letters in a
typical English text are „e“.
• The next most common one is „t“ with about 9%.
E T A O I N S H R D L C U M W F G Y P B V K J X Q Z
0.0000
2.0000
4.0000
6.0000
8.0000
10.0000
12.0000
14.0000
Letter frequencies in English
Letters
Frequencyin%
20/36 Understanding Cryptography by Christof Paar and Jan Pelzl
 Breaking the Substitution Cipher with Letter Frequency Attack
• Let‘s retun to our example and identify the most frequent letter:
iq ifcc vqqr fb rdq vfllcq na rdq cfjwhwz hr bnnb hcc
hwwhbsqvqbre hwq vhlq
• We replace the ciphertext letter q by E and obtain:
iE ifcc vEEr fb rdE vfllcE na rdE cfjwhwz hr bnnb hcc
hwwhbsEvEbre hwE vhlE
• By further guessing based on the frequency of the remaining letters we obtain the
plaintext:
WE WILL MEET IN THE MIDDLE OF THE LIBRARY AT NOON ALL
ARRANGEMENTS ARE MADE
21/36 Understanding Cryptography by Christof Paar and Jan Pelzl
 Breaking the Substitution Cipher with Letter Frequency Attack
• In practice, not only frequencies of individual letters can be used for an attack,
but also the frequency of letter pairs (i.e., „th“ is very common in English), letter
triples, etc.
• cf. Problem 1.1 in Understanding Cryptography for a longer ciphertext you can
try to break!
Important lesson: Even though the substitution cipher has a sufficiently large key
space of appr. 288, it can easily be defeated with analytical methods. This is an
excellent example that an encryption scheme must withstand all types of
attacks.
22/36 Understanding Cryptography by Christof Paar and Jan Pelzl
Content of this Chapter
• Overview on the field of cryptology
• Basics of symmetric cryptography
• One-Time Pad (OTP)
• Substitution Cipher
• Shift (or Caesar) Cipher and Affine Cipher
• Enigma Machine
• DES Block Cipher
• AES Block Cipher
23/36 Understanding Cryptography by Christof Paar and Jan Pelzl
 Shift (or Caesar) Cipher (1)
• Ancient cipher, allegedly used by Julius Caesar
• Replaces each plaintext letter by another one.
• Replacement rule is very simple: Take letter that follows after k positions in the alphabet
Needs mapping from letters → numbers:
A B C D E F G H I J K L M
0 1 2 3 4 5 6 7 8 9 10 11 12
N O P Q R S T U V W X Y Z
13 14 15 16 17 18 19 20 21 22 23 24 25
• Example for k = 7
Plaintext = ATTACK = 0, 19, 19, 0, 2, 10
Ciphertext = haahr = 7, 0, 0, 7, 17
Note that the letters ”wrap around” at the end of the alphabet, which can be
mathematically be expressed as reduction modulo 26, e.g., 19 + 7 = 26 ≡ 0 mod 26
24/36 Understanding Cryptography by Christof Paar and Jan Pelzl
 Shift (or Caesar) Cipher (2)
• Elegant mathematical description of the cipher.
• Q; Is the shift cipher secure?
• A: No! several attacks are possible, including:
• Exhaustive key search (key space is only 26!)
• Letter frequency analysis, similar to attack against substitution cipher
Let k, x, y ε {0,1, …, 25}
• Encryption: y = ek(x) ≡ x + k mod 26
• Decryption: x = dk(x) ≡ y - k mod 26
25/36 Understanding Cryptography by Christof Paar and Jan Pelzl
 Affine Cipher (1)
• Extension of the shift cipher: rather than just adding the key to the plaintext, we also
multiply by the key
• We use for this a key consisting of two parts: k = (a, b)
• Since the inverse of a is needed for inversion, we can only use values for a for which:
gcd(a, 26) = 1
There are 12 values for a that fulfill this condition.
• From this follows that the key space is only 12 x 26 = 312 (cf. Sec 1.4 in Understanding
Cryptography)
• Again, several attacks are possible, including:
• Exhaustive key search and letter frequency analysis, similar to the attack against
the substitution cipher
Let k, x, y ε {0,1, …, 25}
• Encryption: y = ek(x) ≡ a x + b mod 26
• Decryption: x = dk(x) ≡ a-1( y – b) mod 26
26/36 Understanding Cryptography by Christof Paar and Jan Pelzl
Content of this Chapter
• Overview on the field of cryptology
• Basics of symmetric cryptography
• One-Time Pad (OTP)
• Substitution Cipher
• Shift (or Caesar) Cipher and Affine Cipher
• Enigma Machine
• DES Block Cipher
• AES Block Cipher
 Enigma Machine (Image Source: wikipedia.com)
27/34 Understanding Cryptography by Christof Paar and Jan Pelzl
28/36 Understanding Cryptography by Christof Paar and Jan Pelzl
Content of this Chapter
• Overview on the field of cryptology
• Basics of symmetric cryptography
• One-Time Pad (OTP)
• Substitution Cipher
• Shift (or Caesar) Cipher and Affine Cipher
• Enigma Machine
• DES Block Cipher
• AES Block Cipher
29/36 Understanding Cryptography by Christof Paar and Jan Pelzl
 DES Block Cipher
• Data Encryption Standard (DES) encrypts blocks of size 64 bit
• Developed by IBM based on the cipher Lucifer under influence of the National
Security Agency (NSA), the design criteria for DES have not been published
• Most popular block cipher for most of the last 30 years
• Nowadays considered insecure due to the small key length of 56 bit
• But: 3DES yields very secure cipher, still widely used today
• Replaced by the Advanced Encryption Standard (AES) in 2000
30/36 Understanding Cryptography by Christof Paar and Jan Pelzl
 Block Cipher Primitives: Confusion and Diffusion
• Claude Shannon: There are two primitive operations with which strong encryption
algorithms can be built:
1. Confusion: An encryption operation where the relationship between key and cipher
text is obscured
Today, a common element for achieving confusion is substitution, which is found
in both AES and DES.
2. Diffusion: An encryption operation where the influence of one plaintext symbol is
spread over many cipher text symbols with the goal of hiding statistical properties of
the plaintext
A simple diffusion element is the bit permutation, which is frequently used within
DES
• Both operations by themselves cannot provide security. The idea is to
concatenate confusion and diffusion elements to build so called product ciphers.
31/36 Understanding Cryptography by Christof Paar and Jan Pelzl
 Product Ciphers
• Most of today‘s block ciphers are product ciphers as they consist
of rounds which are applied repeatedly to the data
• Can reach excellent diffusion: changing of one bit of plaintext
results on average in the change of half the output bits
• Example:
32/36 Understanding Cryptography by Christof Paar and Jan Pelzl
Content of this Chapter
• Overview on the field of cryptology
• Basics of symmetric cryptography
• One-Time Pad (OTP)
• Substitution Cipher
• Shift (or Caesar) Cipher and Affine Cipher
• Enigma Machine
• DES Block Cipher
• AES Block Cipher
33/36 Understanding Cryptography by Christof Paar and Jan Pelzl
 AES (Advanced Encryption Standard)
• AES is the most widely used symmetric cipher today
• The algorithm for AES was chosen by the US National Institute of Standards and
Technology (NIST) in a multi-year selection process
• The requirements for all AES candidate submissions were:
• Block cipher with 128-bit block size
• Three supported key lengths: 128, 192 and 256 bit
• Security relative to other submitted algorithms
• Efficiency in software and hardware
• 5 finalists announced in August, 1999:
• Mars – IBM Corporation
• RC6 – RSA Laboratories
• Rijndael – J. Daemen & V. Rijmen
• Serpent – Eli Biham et al.
• Twofish – B. Schneier et al.
• In October 2000, Rijndael was chosen as the AES
34/36 Understanding Cryptography by Christof Paar and Jan Pelzl
 AES (Advanced Encryption Standard)
There were found NO analytical attacks on
AES that reduce its key space effectively (at
the time of this writing)
35/36 Understanding Cryptography by Christof Paar and Jan Pelzl
 Lessons Learned
• Never ever develop your own crypto algorithm unless you have a team of experienced
cryptanalysts checking your design.
• Do not use unproven crypto algorithms or unproven protocols.
• Attackers always look for the weakest point of a cryptosystem. For instance, a large key
space by itself is no guarantee for a cipher being secure; the cipher might still be vulnerable
against analytical attacks.
• Key lengths for symmetric algorithms in order to thwart exhaustive key-search attacks:
• 64 bit: insecure except for data with extremely short-term value
• 128 bit: long-term security of several decades, unless quantum computers become
available (quantum computers do not exist and perhaps never will)
• 256 bit: as above, but probably secure against attacks by quantum computers.
• Modular arithmetic is a tool for expressing historical encryption schemes, such as the affine
cipher, in a mathematically elegant way.

Contenu connexe

Tendances

Cryptography
CryptographyCryptography
CryptographyEmaSushan
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherNiloy Biswas
 
Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)Anas Rock
 
Secret key cryptography
Secret key cryptographySecret key cryptography
Secret key cryptographyPrabhat Goel
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 
Cryptography Fundamentals
Cryptography FundamentalsCryptography Fundamentals
Cryptography FundamentalsDuy Do Phan
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographySeema Goel
 
3. The Data Encryption Standard (DES) and Alternatives
3. The Data Encryption Standard (DES) and Alternatives3. The Data Encryption Standard (DES) and Alternatives
3. The Data Encryption Standard (DES) and AlternativesSam Bowne
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniquesMohd Arif
 

Tendances (20)

Cryptography
CryptographyCryptography
Cryptography
 
6. cryptography
6. cryptography6. cryptography
6. cryptography
 
Hash function
Hash function Hash function
Hash function
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
 
Cryptography
CryptographyCryptography
Cryptography
 
Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)
 
Encryption algorithms
Encryption algorithmsEncryption algorithms
Encryption algorithms
 
Secret key cryptography
Secret key cryptographySecret key cryptography
Secret key cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Aes
AesAes
Aes
 
Classical Encryption Techniques
Classical Encryption TechniquesClassical Encryption Techniques
Classical Encryption Techniques
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography Fundamentals
Cryptography FundamentalsCryptography Fundamentals
Cryptography Fundamentals
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
3. The Data Encryption Standard (DES) and Alternatives
3. The Data Encryption Standard (DES) and Alternatives3. The Data Encryption Standard (DES) and Alternatives
3. The Data Encryption Standard (DES) and Alternatives
 
Cryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownCryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie Brown
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniques
 

Similaire à Introduction to Cryptography Part I

Introduction to Cryptography Parts II and III
Introduction to Cryptography Parts II and IIIIntroduction to Cryptography Parts II and III
Introduction to Cryptography Parts II and IIIMaksim Djackov
 
Cns 13f-lec03- Classical Encryption Techniques
Cns 13f-lec03- Classical Encryption TechniquesCns 13f-lec03- Classical Encryption Techniques
Cns 13f-lec03- Classical Encryption Techniquesbabak danyal
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Securitybabak danyal
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & SteganographyAnimesh Shaw
 
Symmetric Encryption Techniques
Symmetric Encryption Techniques Symmetric Encryption Techniques
Symmetric Encryption Techniques Dr. Kapil Gupta
 
Ch08-CryptoConcepts.ppt
Ch08-CryptoConcepts.pptCh08-CryptoConcepts.ppt
Ch08-CryptoConcepts.pptShounakDas16
 
What is Cryptography?
What is Cryptography?What is Cryptography?
What is Cryptography?Pratik Poddar
 
02 Information System Security
02  Information System Security02  Information System Security
02 Information System SecurityShu Shin
 
Cryptography & network security
Cryptography & network securityCryptography & network security
Cryptography & network securitysathu30
 
Cryptography - A Brief History
Cryptography - A Brief HistoryCryptography - A Brief History
Cryptography - A Brief Historyprasenjeetd
 
Tales From the Crypt(ography)
Tales From the Crypt(ography)Tales From the Crypt(ography)
Tales From the Crypt(ography)Jeremiah Jackson
 
Introductory Lecture on Cryptography and Information Security
Introductory Lecture on Cryptography and Information SecurityIntroductory Lecture on Cryptography and Information Security
Introductory Lecture on Cryptography and Information SecurityBikramjit Sarkar, Ph.D.
 
overview of cryptographic techniques
overview of cryptographic techniquesoverview of cryptographic techniques
overview of cryptographic techniquesShubham Jain
 
SymmetricCryptography-Part3 - Tagged.pdf
SymmetricCryptography-Part3 - Tagged.pdfSymmetricCryptography-Part3 - Tagged.pdf
SymmetricCryptography-Part3 - Tagged.pdfMohammedMorhafJaely
 

Similaire à Introduction to Cryptography Part I (20)

Introduction to Cryptography Parts II and III
Introduction to Cryptography Parts II and IIIIntroduction to Cryptography Parts II and III
Introduction to Cryptography Parts II and III
 
Cns 13f-lec03- Classical Encryption Techniques
Cns 13f-lec03- Classical Encryption TechniquesCns 13f-lec03- Classical Encryption Techniques
Cns 13f-lec03- Classical Encryption Techniques
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Security
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & Steganography
 
Symmetric Encryption Techniques
Symmetric Encryption Techniques Symmetric Encryption Techniques
Symmetric Encryption Techniques
 
Ch08-CryptoConcepts.ppt
Ch08-CryptoConcepts.pptCh08-CryptoConcepts.ppt
Ch08-CryptoConcepts.ppt
 
What is Cryptography?
What is Cryptography?What is Cryptography?
What is Cryptography?
 
02 Information System Security
02  Information System Security02  Information System Security
02 Information System Security
 
Spring12_topic01.ppt
Spring12_topic01.pptSpring12_topic01.ppt
Spring12_topic01.ppt
 
Cryptography & network security
Cryptography & network securityCryptography & network security
Cryptography & network security
 
Cryptography - A Brief History
Cryptography - A Brief HistoryCryptography - A Brief History
Cryptography - A Brief History
 
Tales From the Crypt(ography)
Tales From the Crypt(ography)Tales From the Crypt(ography)
Tales From the Crypt(ography)
 
Edward Schaefer
Edward SchaeferEdward Schaefer
Edward Schaefer
 
Introductory Lecture on Cryptography and Information Security
Introductory Lecture on Cryptography and Information SecurityIntroductory Lecture on Cryptography and Information Security
Introductory Lecture on Cryptography and Information Security
 
overview of cryptographic techniques
overview of cryptographic techniquesoverview of cryptographic techniques
overview of cryptographic techniques
 
Cryptography
CryptographyCryptography
Cryptography
 
Unit – III.pptx
Unit – III.pptxUnit – III.pptx
Unit – III.pptx
 
SymmetricCryptography-Part3 - Tagged.pdf
SymmetricCryptography-Part3 - Tagged.pdfSymmetricCryptography-Part3 - Tagged.pdf
SymmetricCryptography-Part3 - Tagged.pdf
 
Cryptography-101
Cryptography-101Cryptography-101
Cryptography-101
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101
 

Dernier

Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...
Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...
Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...Sean Meyn
 
GENERAL CONDITIONS FOR CONTRACTS OF CIVIL ENGINEERING WORKS
GENERAL CONDITIONS  FOR  CONTRACTS OF CIVIL ENGINEERING WORKS GENERAL CONDITIONS  FOR  CONTRACTS OF CIVIL ENGINEERING WORKS
GENERAL CONDITIONS FOR CONTRACTS OF CIVIL ENGINEERING WORKS Bahzad5
 
Power System electrical and electronics .pptx
Power System electrical and electronics .pptxPower System electrical and electronics .pptx
Power System electrical and electronics .pptxMUKULKUMAR210
 
Transforming Process Safety Management: Challenges, Benefits, and Transition ...
Transforming Process Safety Management: Challenges, Benefits, and Transition ...Transforming Process Safety Management: Challenges, Benefits, and Transition ...
Transforming Process Safety Management: Challenges, Benefits, and Transition ...soginsider
 
UNIT4_ESD_wfffffggggggggggggith_ARM.pptx
UNIT4_ESD_wfffffggggggggggggith_ARM.pptxUNIT4_ESD_wfffffggggggggggggith_ARM.pptx
UNIT4_ESD_wfffffggggggggggggith_ARM.pptxrealme6igamerr
 
Graphics Primitives and CG Display Devices
Graphics Primitives and CG Display DevicesGraphics Primitives and CG Display Devices
Graphics Primitives and CG Display DevicesDIPIKA83
 
Test of Significance of Large Samples for Mean = µ.pptx
Test of Significance of Large Samples for Mean = µ.pptxTest of Significance of Large Samples for Mean = µ.pptx
Test of Significance of Large Samples for Mean = µ.pptxHome
 
Vertical- Machining - Center - VMC -LMW-Machine-Tool-Division.pptx
Vertical- Machining - Center - VMC -LMW-Machine-Tool-Division.pptxVertical- Machining - Center - VMC -LMW-Machine-Tool-Division.pptx
Vertical- Machining - Center - VMC -LMW-Machine-Tool-Division.pptxLMW Machine Tool Division
 
Best-NO1 Best Rohani Amil In Lahore Kala Ilam In Lahore Kala Jadu Amil In Lah...
Best-NO1 Best Rohani Amil In Lahore Kala Ilam In Lahore Kala Jadu Amil In Lah...Best-NO1 Best Rohani Amil In Lahore Kala Ilam In Lahore Kala Jadu Amil In Lah...
Best-NO1 Best Rohani Amil In Lahore Kala Ilam In Lahore Kala Jadu Amil In Lah...Amil baba
 
Basic Principle of Electrochemical Sensor
Basic Principle of  Electrochemical SensorBasic Principle of  Electrochemical Sensor
Basic Principle of Electrochemical SensorTanvir Moin
 
sdfsadopkjpiosufoiasdoifjasldkjfl a asldkjflaskdjflkjsdsdf
sdfsadopkjpiosufoiasdoifjasldkjfl a asldkjflaskdjflkjsdsdfsdfsadopkjpiosufoiasdoifjasldkjfl a asldkjflaskdjflkjsdsdf
sdfsadopkjpiosufoiasdoifjasldkjfl a asldkjflaskdjflkjsdsdfJulia Kaye
 
The relationship between iot and communication technology
The relationship between iot and communication technologyThe relationship between iot and communication technology
The relationship between iot and communication technologyabdulkadirmukarram03
 
ASME BPVC 2023 Section I para leer y entender
ASME BPVC 2023 Section I para leer y entenderASME BPVC 2023 Section I para leer y entender
ASME BPVC 2023 Section I para leer y entenderjuancarlos286641
 
Phase noise transfer functions.pptx
Phase noise transfer      functions.pptxPhase noise transfer      functions.pptx
Phase noise transfer functions.pptxSaiGouthamSunkara
 
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....santhyamuthu1
 
solar wireless electric vechicle charging system
solar wireless electric vechicle charging systemsolar wireless electric vechicle charging system
solar wireless electric vechicle charging systemgokuldongala
 

Dernier (20)

Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...
Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...
Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...
 
Lecture 4 .pdf
Lecture 4                              .pdfLecture 4                              .pdf
Lecture 4 .pdf
 
GENERAL CONDITIONS FOR CONTRACTS OF CIVIL ENGINEERING WORKS
GENERAL CONDITIONS  FOR  CONTRACTS OF CIVIL ENGINEERING WORKS GENERAL CONDITIONS  FOR  CONTRACTS OF CIVIL ENGINEERING WORKS
GENERAL CONDITIONS FOR CONTRACTS OF CIVIL ENGINEERING WORKS
 
Power System electrical and electronics .pptx
Power System electrical and electronics .pptxPower System electrical and electronics .pptx
Power System electrical and electronics .pptx
 
Transforming Process Safety Management: Challenges, Benefits, and Transition ...
Transforming Process Safety Management: Challenges, Benefits, and Transition ...Transforming Process Safety Management: Challenges, Benefits, and Transition ...
Transforming Process Safety Management: Challenges, Benefits, and Transition ...
 
UNIT4_ESD_wfffffggggggggggggith_ARM.pptx
UNIT4_ESD_wfffffggggggggggggith_ARM.pptxUNIT4_ESD_wfffffggggggggggggith_ARM.pptx
UNIT4_ESD_wfffffggggggggggggith_ARM.pptx
 
Lecture 2 .pptx
Lecture 2                            .pptxLecture 2                            .pptx
Lecture 2 .pptx
 
Graphics Primitives and CG Display Devices
Graphics Primitives and CG Display DevicesGraphics Primitives and CG Display Devices
Graphics Primitives and CG Display Devices
 
Test of Significance of Large Samples for Mean = µ.pptx
Test of Significance of Large Samples for Mean = µ.pptxTest of Significance of Large Samples for Mean = µ.pptx
Test of Significance of Large Samples for Mean = µ.pptx
 
Vertical- Machining - Center - VMC -LMW-Machine-Tool-Division.pptx
Vertical- Machining - Center - VMC -LMW-Machine-Tool-Division.pptxVertical- Machining - Center - VMC -LMW-Machine-Tool-Division.pptx
Vertical- Machining - Center - VMC -LMW-Machine-Tool-Division.pptx
 
Best-NO1 Best Rohani Amil In Lahore Kala Ilam In Lahore Kala Jadu Amil In Lah...
Best-NO1 Best Rohani Amil In Lahore Kala Ilam In Lahore Kala Jadu Amil In Lah...Best-NO1 Best Rohani Amil In Lahore Kala Ilam In Lahore Kala Jadu Amil In Lah...
Best-NO1 Best Rohani Amil In Lahore Kala Ilam In Lahore Kala Jadu Amil In Lah...
 
Basic Principle of Electrochemical Sensor
Basic Principle of  Electrochemical SensorBasic Principle of  Electrochemical Sensor
Basic Principle of Electrochemical Sensor
 
計劃趕得上變化
計劃趕得上變化計劃趕得上變化
計劃趕得上變化
 
sdfsadopkjpiosufoiasdoifjasldkjfl a asldkjflaskdjflkjsdsdf
sdfsadopkjpiosufoiasdoifjasldkjfl a asldkjflaskdjflkjsdsdfsdfsadopkjpiosufoiasdoifjasldkjfl a asldkjflaskdjflkjsdsdf
sdfsadopkjpiosufoiasdoifjasldkjfl a asldkjflaskdjflkjsdsdf
 
The relationship between iot and communication technology
The relationship between iot and communication technologyThe relationship between iot and communication technology
The relationship between iot and communication technology
 
ASME BPVC 2023 Section I para leer y entender
ASME BPVC 2023 Section I para leer y entenderASME BPVC 2023 Section I para leer y entender
ASME BPVC 2023 Section I para leer y entender
 
Phase noise transfer functions.pptx
Phase noise transfer      functions.pptxPhase noise transfer      functions.pptx
Phase noise transfer functions.pptx
 
Présentation IIRB 2024 Marine Cordonnier.pdf
Présentation IIRB 2024 Marine Cordonnier.pdfPrésentation IIRB 2024 Marine Cordonnier.pdf
Présentation IIRB 2024 Marine Cordonnier.pdf
 
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....
 
solar wireless electric vechicle charging system
solar wireless electric vechicle charging systemsolar wireless electric vechicle charging system
solar wireless electric vechicle charging system
 

Introduction to Cryptography Part I

  • 1. Presentation is based on the book „Understanding Cryptography – A Textbook for Students and Practitioners“ by Christof Paar and Jan Pelzl www.crypto-textbook.com Part I – Introduction to Cryptography These slides were prepared by Christof Paar, Jan Pelzl and Maksim Djackov
  • 2. 2/36 Understanding Cryptography by Christof Paar and Jan Pelzl Some legal stuff: Terms of Use • The slides can used free of charge. All copyrights for the slides remain with Christof Paar and Jan Pelzl. • The title of the accompanying book “Understanding Cryptography” by Springer and the author’s names must remain on each slide. • If the slides are modified, appropriate credits to the book authors and the book title must remain within the slides. • It is not permitted to reproduce parts or all of the slides in printed form whatsoever without written consent by the authors.
  • 3. 3/36 Understanding Cryptography by Christof Paar and Jan Pelzl Part I
  • 4. 4/36 Understanding Cryptography by Christof Paar and Jan Pelzl Content of this Chapter • Overview on the field of cryptology • Basics of symmetric cryptography • One-Time Pad (OTP) • Substitution Cipher • Shift (or Caesar) Cipher and Affine Cipher • Enigma Machine • DES Block Cipher • AES Block Cipher
  • 5. 5/36 Understanding Cryptography by Christof Paar and Jan Pelzl  Further Reading and Information Addition to Understanding Cryptography . • A.Menezes, P. van Oorschot, S. Vanstone, Handbook of Applied Cryptography. CRC Press, October 1996. • H.v.Tilborg (ed.), Encyclopedia of Cryptography and Security, Springer, 2005 History of Cryptography (great bedtime reading) • S. Singh, The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography, Anchor, 2000. • D. Kahn, The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet. 2nd edition, Scribner, 1996. Software (excellent demonstration of many ancient and modern ciphers) • Cryptool, http://www.cryptool.de
  • 6. 6/36 Understanding Cryptography by Christof Paar and Jan Pelzl  Classification of the Field of Cryptology Cryptology Cryptography Cryptanalysis Symmetric Ciphers Asymmetric Ciphers Protocols Block Ciphers Stream Ciphers
  • 7. 7/36 Understanding Cryptography by Christof Paar and Jan Pelzl  Some Basic Facts • Ancient Crypto: Early signs of encryption in Eqypt in ca. 2000 B.C. Letter-based encryption schemes (e.g., Caesar cipher) popular ever since. • Symmetric ciphers: All encryption schemes from ancient times until 1976 were symmetric ones. • Asymmetric ciphers: In 1976 public-key (or asymmetric) cryptography was openly proposed by Diffie, Hellman and Merkle. • Hybrid Schemes: The majority of today‘s protocols are hybrid schemes, i.e., the use both • symmteric ciphers (e.g., for encryption and message authentication) and • asymmetric ciphers (e.g., for key exchange and digital signature).
  • 8. 8/36 Understanding Cryptography by Christof Paar and Jan Pelzl Content of this Chapter • Overview on the field of cryptology • Basics of symmetric cryptography • One-Time Pad (OTP) • Substitution Cipher • Shift (or Caesar) Cipher and Affine Cipher • Enigma Machine • DES Block Cipher • AES Block Cipher
  • 9. 9/36 Understanding Cryptography by Christof Paar and Jan Pelzl  Symmetric Cryptography • Alternative names: private-key, single-key or secret-key cryptography. Alice (good) Bob (good) Oscar (bad guy) x x Unsecure channel (e.g. Internet) • Problem Statement: 1) Alice and Bob would like to communicate via an unsecure channel (e.g., WLAN or Internet). 2) A malicious third party Oscar (the bad guy) has channel access but should not be able to understand the communication.
  • 10. 10/36 Understanding Cryptography by Christof Paar and Jan Pelzl  Symmetric Cryptography Alice (good) Bob (good) Oscar (bad guy) Encryption e( ) Key Generator Decryption d( ) Secure Channel K x y K x Unsecure channel (e.g. Internet) • x is the. plaintext • y is the ciphertext • K is the key • Set of all keys {K1, K2, ...,Kn} is the key space Solution: Encryption with symmetric cipher.  Oscar obtains only ciphertext y, that looks like random bits y
  • 11. 11/36 Understanding Cryptography by Christof Paar and Jan Pelzl  Symmetric Cryptography • Encryption equation y = eK(x) • Decryption equation x = dK(y) • Important: The key must be transmitted via a secure channel between Alice and Bob. • The secure channel can be realized, e.g., by manually installing the key for the Wi-Fi Protected Access (WPA) protocol or a human courier. • However, the system is only secure if an attacker does not learn the key K!  The problem of secure communication is reduced to secure transmission and storage of the key K. • Encryption and decryption are inverse operations if the same key K is used on both sides: dK(y) = dK(eK(x)) = x
  • 12. 12/36 Understanding Cryptography by Christof Paar and Jan Pelzl • Treats the cipher as a black box • Requires (at least) 1 plaintext-ciphertext pair (x0, y0) • Check all possible keys until condition is fulfilled: dK(y0) = x0 • How many keys to we need ?  Brute-Force Attack (or Exhaustive Key Search) against Symmetric Ciphers Key length in bit Key space Security life time (assuming brute-force as best possible attack) 64 264 Short term (few days or less) 128 2128 Long-term (several decades in the absence of quantum computers) 256 2256 Long-term (also resistant against quantum computers – note that QC do not exist at the moment and might never exist) ? Important: An adversary only needs to succeed with one attack. Thus, a long key space does not help if other attacks (e.g., social engineering) are possible..
  • 13. 13/36 Understanding Cryptography by Christof Paar and Jan Pelzl Content of this Chapter • Overview on the field of cryptology • Basics of symmetric cryptography • One-Time Pad (OTP) • Substitution Cipher • Shift (or Caesar) Cipher and Affine Cipher • Enigma Machine • DES Block Cipher • AES Block Cipher
  • 14.  One-Time Pad (OTP) Unconditionally secure cryptosystem: • A cryptosystem is unconditionally secure if it cannot be broken even with infinite computational resources One-Time Pad • A cryptosystem developed by Mauborgne that is based on Vernam’s stream cipher: • Properties: Let the plaintext, ciphertext and key consist of individual bits xi, yi, ki  {0,1}. Encryption: eki (xi) = xi  ki. Decryption: dki (yi) = yi  ki OTP is unconditionally secure if and only if the key ki. is used once! 14/27 Understanding Cryptography by Christof Paar and Jan Pelzl
  • 15.  One-Time Pad (OTP) Unconditionally secure cryptosystem: y0 = x0  k0 y1 = x1  k1 : Every equation is a linear equation with two unknowns  for every yi are xi = 0 and xi = 1 equiprobable! This is true iff k0, k1, ... are independent, i.e., all ki have to be generated truly random  It can be shown that this systems can provably not be solved. Disadvantage: For almost all applications the OTP is impractical since the key must be as long as the message! (Imagine you have to encrypt a 1GByte email attachment.) 15/27 Understanding Cryptography by Christof Paar and Jan Pelzl
  • 16. 16/36 Understanding Cryptography by Christof Paar and Jan Pelzl Content of this Chapter • Overview on the field of cryptology • Basics of symmetric cryptography • One-Time Pad (OTP) • Substitution Cipher • Shift (or Caesar) Cipher and Affine Cipher • Enigma Machine • DES Block Cipher • AES Block Cipher
  • 17. 17/36 Understanding Cryptography by Christof Paar and Jan Pelzl  Substitution Cipher • Historical cipher • Great tool for understanding brute-force vs. analytical attacks • Encrypts letters rather than bits (like all ciphers until after WW II) Idea: replace each plaintext letter by a fixed other letter. Plaintext Ciphertext A  k B  d C  w .... for instance, ABBA would be encrypted as kddk • Example (ciphertext): iq ifcc vqqr fb rdq vfllcq na rdq cfjwhwz hr bnnb hcc hwwhbsqvqbre hwq vhlq • How secure is the Substitution Cipher? Let‘s look at the attacks…
  • 18. 18/36 Understanding Cryptography by Christof Paar and Jan Pelzl  Attacks against the Substitution Cipher 1. Attack: Exhaustive Key Search (Brute-Force Attack) • Simply try every possible subsititution table until an intelligent plaintext appears (note that each substitution table is a key).. • How many substitution tables (= keys) are there? 26 x 25 x … x 3 x 2 x 1 = 26!  288 Search through 288 keys is completely infeasible with today‘s computers! (cf. earlier table on key lengths) • Q: Can we now conclude that the substitution cipher is secure since a brute- forece attack is not feasible? • A: No! We have to protect against all possible attacks…
  • 19. 19/36 Understanding Cryptography by Christof Paar and Jan Pelzl  2. Attack: Letter Frequency Analysis (Brute-Force Attack) • Letters have very different frequencies in the English language • Moreover: the frequency of plaintext letters is preserved in the ciphertext. • For instanc, „e“ is the most common letter in English; almost 13% of all letters in a typical English text are „e“. • The next most common one is „t“ with about 9%. E T A O I N S H R D L C U M W F G Y P B V K J X Q Z 0.0000 2.0000 4.0000 6.0000 8.0000 10.0000 12.0000 14.0000 Letter frequencies in English Letters Frequencyin%
  • 20. 20/36 Understanding Cryptography by Christof Paar and Jan Pelzl  Breaking the Substitution Cipher with Letter Frequency Attack • Let‘s retun to our example and identify the most frequent letter: iq ifcc vqqr fb rdq vfllcq na rdq cfjwhwz hr bnnb hcc hwwhbsqvqbre hwq vhlq • We replace the ciphertext letter q by E and obtain: iE ifcc vEEr fb rdE vfllcE na rdE cfjwhwz hr bnnb hcc hwwhbsEvEbre hwE vhlE • By further guessing based on the frequency of the remaining letters we obtain the plaintext: WE WILL MEET IN THE MIDDLE OF THE LIBRARY AT NOON ALL ARRANGEMENTS ARE MADE
  • 21. 21/36 Understanding Cryptography by Christof Paar and Jan Pelzl  Breaking the Substitution Cipher with Letter Frequency Attack • In practice, not only frequencies of individual letters can be used for an attack, but also the frequency of letter pairs (i.e., „th“ is very common in English), letter triples, etc. • cf. Problem 1.1 in Understanding Cryptography for a longer ciphertext you can try to break! Important lesson: Even though the substitution cipher has a sufficiently large key space of appr. 288, it can easily be defeated with analytical methods. This is an excellent example that an encryption scheme must withstand all types of attacks.
  • 22. 22/36 Understanding Cryptography by Christof Paar and Jan Pelzl Content of this Chapter • Overview on the field of cryptology • Basics of symmetric cryptography • One-Time Pad (OTP) • Substitution Cipher • Shift (or Caesar) Cipher and Affine Cipher • Enigma Machine • DES Block Cipher • AES Block Cipher
  • 23. 23/36 Understanding Cryptography by Christof Paar and Jan Pelzl  Shift (or Caesar) Cipher (1) • Ancient cipher, allegedly used by Julius Caesar • Replaces each plaintext letter by another one. • Replacement rule is very simple: Take letter that follows after k positions in the alphabet Needs mapping from letters → numbers: A B C D E F G H I J K L M 0 1 2 3 4 5 6 7 8 9 10 11 12 N O P Q R S T U V W X Y Z 13 14 15 16 17 18 19 20 21 22 23 24 25 • Example for k = 7 Plaintext = ATTACK = 0, 19, 19, 0, 2, 10 Ciphertext = haahr = 7, 0, 0, 7, 17 Note that the letters ”wrap around” at the end of the alphabet, which can be mathematically be expressed as reduction modulo 26, e.g., 19 + 7 = 26 ≡ 0 mod 26
  • 24. 24/36 Understanding Cryptography by Christof Paar and Jan Pelzl  Shift (or Caesar) Cipher (2) • Elegant mathematical description of the cipher. • Q; Is the shift cipher secure? • A: No! several attacks are possible, including: • Exhaustive key search (key space is only 26!) • Letter frequency analysis, similar to attack against substitution cipher Let k, x, y ε {0,1, …, 25} • Encryption: y = ek(x) ≡ x + k mod 26 • Decryption: x = dk(x) ≡ y - k mod 26
  • 25. 25/36 Understanding Cryptography by Christof Paar and Jan Pelzl  Affine Cipher (1) • Extension of the shift cipher: rather than just adding the key to the plaintext, we also multiply by the key • We use for this a key consisting of two parts: k = (a, b) • Since the inverse of a is needed for inversion, we can only use values for a for which: gcd(a, 26) = 1 There are 12 values for a that fulfill this condition. • From this follows that the key space is only 12 x 26 = 312 (cf. Sec 1.4 in Understanding Cryptography) • Again, several attacks are possible, including: • Exhaustive key search and letter frequency analysis, similar to the attack against the substitution cipher Let k, x, y ε {0,1, …, 25} • Encryption: y = ek(x) ≡ a x + b mod 26 • Decryption: x = dk(x) ≡ a-1( y – b) mod 26
  • 26. 26/36 Understanding Cryptography by Christof Paar and Jan Pelzl Content of this Chapter • Overview on the field of cryptology • Basics of symmetric cryptography • One-Time Pad (OTP) • Substitution Cipher • Shift (or Caesar) Cipher and Affine Cipher • Enigma Machine • DES Block Cipher • AES Block Cipher
  • 27.  Enigma Machine (Image Source: wikipedia.com) 27/34 Understanding Cryptography by Christof Paar and Jan Pelzl
  • 28. 28/36 Understanding Cryptography by Christof Paar and Jan Pelzl Content of this Chapter • Overview on the field of cryptology • Basics of symmetric cryptography • One-Time Pad (OTP) • Substitution Cipher • Shift (or Caesar) Cipher and Affine Cipher • Enigma Machine • DES Block Cipher • AES Block Cipher
  • 29. 29/36 Understanding Cryptography by Christof Paar and Jan Pelzl  DES Block Cipher • Data Encryption Standard (DES) encrypts blocks of size 64 bit • Developed by IBM based on the cipher Lucifer under influence of the National Security Agency (NSA), the design criteria for DES have not been published • Most popular block cipher for most of the last 30 years • Nowadays considered insecure due to the small key length of 56 bit • But: 3DES yields very secure cipher, still widely used today • Replaced by the Advanced Encryption Standard (AES) in 2000
  • 30. 30/36 Understanding Cryptography by Christof Paar and Jan Pelzl  Block Cipher Primitives: Confusion and Diffusion • Claude Shannon: There are two primitive operations with which strong encryption algorithms can be built: 1. Confusion: An encryption operation where the relationship between key and cipher text is obscured Today, a common element for achieving confusion is substitution, which is found in both AES and DES. 2. Diffusion: An encryption operation where the influence of one plaintext symbol is spread over many cipher text symbols with the goal of hiding statistical properties of the plaintext A simple diffusion element is the bit permutation, which is frequently used within DES • Both operations by themselves cannot provide security. The idea is to concatenate confusion and diffusion elements to build so called product ciphers.
  • 31. 31/36 Understanding Cryptography by Christof Paar and Jan Pelzl  Product Ciphers • Most of today‘s block ciphers are product ciphers as they consist of rounds which are applied repeatedly to the data • Can reach excellent diffusion: changing of one bit of plaintext results on average in the change of half the output bits • Example:
  • 32. 32/36 Understanding Cryptography by Christof Paar and Jan Pelzl Content of this Chapter • Overview on the field of cryptology • Basics of symmetric cryptography • One-Time Pad (OTP) • Substitution Cipher • Shift (or Caesar) Cipher and Affine Cipher • Enigma Machine • DES Block Cipher • AES Block Cipher
  • 33. 33/36 Understanding Cryptography by Christof Paar and Jan Pelzl  AES (Advanced Encryption Standard) • AES is the most widely used symmetric cipher today • The algorithm for AES was chosen by the US National Institute of Standards and Technology (NIST) in a multi-year selection process • The requirements for all AES candidate submissions were: • Block cipher with 128-bit block size • Three supported key lengths: 128, 192 and 256 bit • Security relative to other submitted algorithms • Efficiency in software and hardware • 5 finalists announced in August, 1999: • Mars – IBM Corporation • RC6 – RSA Laboratories • Rijndael – J. Daemen & V. Rijmen • Serpent – Eli Biham et al. • Twofish – B. Schneier et al. • In October 2000, Rijndael was chosen as the AES
  • 34. 34/36 Understanding Cryptography by Christof Paar and Jan Pelzl  AES (Advanced Encryption Standard) There were found NO analytical attacks on AES that reduce its key space effectively (at the time of this writing)
  • 35. 35/36 Understanding Cryptography by Christof Paar and Jan Pelzl  Lessons Learned • Never ever develop your own crypto algorithm unless you have a team of experienced cryptanalysts checking your design. • Do not use unproven crypto algorithms or unproven protocols. • Attackers always look for the weakest point of a cryptosystem. For instance, a large key space by itself is no guarantee for a cipher being secure; the cipher might still be vulnerable against analytical attacks. • Key lengths for symmetric algorithms in order to thwart exhaustive key-search attacks: • 64 bit: insecure except for data with extremely short-term value • 128 bit: long-term security of several decades, unless quantum computers become available (quantum computers do not exist and perhaps never will) • 256 bit: as above, but probably secure against attacks by quantum computers. • Modular arithmetic is a tool for expressing historical encryption schemes, such as the affine cipher, in a mathematically elegant way.