Ch4_Part2_Cryptography.pdf

Full Transcript

Ch4-Part 2: Cryptography

Block Ciphers

2023

Cryptography Cryptography 2023 1
 Stream Ciphers vs Block Ciphers

Stream Ciphers:

For stream encryption each byte of the data
For stream encryption spahrep ro ,tib hcae hcihw ni ,
stream is encrypted separately..yletarapes detpyrcne si maerts atad eht fo ,etyb hcae
The input symbols are transformed one at atime.
The advantage of a stream cipher is that it
can be applied immediately to whatever data
items are ready to transmit.

Cryptography Cryptography 2023 2
Block Ciphers :

A block cipher encrypts a group of plaintext symbols as a
singleblock.
A block cipher algorithm performs its work on a quantity
of plaintext data all at once.
Blocks for such algorithms are typically 64, 128, 256 bits
or more.
All blocks have to have the same size of bits, otherwise
Padding is used.

Cryptography 2023 3
Categories of cryptography

Cryptography Cryptography 2023 4
 Symmetric Encryption Algorithms
(Private Key Cryptography)

DES: The Data Encryption Standard
DES uses only standard arithmetic and logical
operations on a block of data up to 64 bits long
and a private key 56 bits long.
Encrypting with DES involves 16 cycles (rounds) ,
each employing replacing blocks of bits (called a
substitution step), shuffling the bits (called a
permutation step), and mingling in bits from the key
(called a key transformation).

Cryptography 2023 5
Cryptography 2023 6
Security of DES

In 1997, researchers using a network of over
3,500 machines in parallel were able to infer a
DES key in four months’ work.

And in 1998 for approximately $200,000 U.S.
researchers built a special DES cracker machine
that could find a DES key in approximately four
days.

Cryptography 2023 7
AES: Advanced Encryption Standard

Like DES, AES usesrepeat cycles.
There are 10, 12, or 14 cycles (rounds) for private keys of 128, 192,
and 256 bits, respectively.
Each round consists of four steps:
Byte substitution. This step uses a substitution substituting each
byte of a 128- bit block according to a substitution table. This is a
straight diffusion operation.
Shift row. Certain bits are shifted to other positions. This is a straight
confusion operation.
Mix column. This step involves shifting left and XORing bits with
themselves.
Add subkey. Here, a portion of the key unique to this cycle is XORed
with the cycle result. This operation delivers confusion and
incorporates the key.

Cryptography 2023 8
Cryptography 2023 9
Cryptography Cryptography 2023 10
 Asymmetric Encryption Algorithms
(Public Key Cryptography)

RSA Algorithm: The Rivest-Shamir-Adelman
RSA uses two keys (public and private, 256 bits as
minimum usable length).
Encryption in RSA is done by exponentiation, raising
each plaintext block to a power; that power is the keye.
Thus, RSA is markedly slower than DES and AES, but
stronger in security.
C= E(kPUB,P) >>> P = D(kPRIV, C)

Or C = E(kPRIV,P) >>> P = D(kPUB, C)

Cryptography Cryptography 2023 11
General

Alice’s setup:
Chooses two prime numbers p and q.
Calculates the product n = pq.
Calculates m = (p − 1)(q − 1).
Chooses numbers e and d so that ed has a
remainder of 1 when divided by m (ed % m =
1).
Publishes her public key (n, e).
General

Bob encrypts a message M for Alice:
Finds Alice’s public key (n, e).
Finds the remainder C when Me is divided
by n (C = Me % n).
Sends ciphertext C to Alice.
General

Alice receives and decrypts ciphertext C:
Uses her private key (n, d).
Finds remainder R when Cd is divided by n
(R = Cd % n).
R matches the message M that Bob wanted
to send to Alice!
Working example

Alice’s setup:
p=11 and q=3.
n=pq=11×3=33.
m=(p−1)(q−1)=10×2=20.
If e=3 and d=7, then ed=21 has a
remainder of 1 when divided by m = 20.
Publish (n, e) = (33, 3).
Working example

Bob encrypts message M = 14:
(n, e) = (33, 3).
When 143 = 2744 is divided by 33, the
remainder is C = 5.
Sends ciphertext C = 5 to Alice.
Working example

Alice decrypts ciphertext C = 5:
(n, d) = (33, 7).
When 57 = 78125 is divided by 33, the
remainder is R = 14.
R = 14 = M, the original message from Bob!
Working Example:
1. Select primes p=11, q=3.
2. n = pq = 11*3 = 33
3. φ(n) = (p-1)(q-1)= 1 0 *2 = 20
4. Choose e=3 such that gcd(e, p-1) = gcd(3, 10) = 1 (i.e. 3 and 10 have no
common factors except 1), and gcd(e, q-1) = gcd(3, 2) = 1
5. Compute d such that ed mod φ = 1 i.e. compute d = 1 e−1 mod φ = 3−1 mod20
Check: ed % φ =1 where d< φ , 3*d % 20 =1
We can use 3*7 % 20 =1 , S o d = 7.
Hence, Public key = (n, e) = (33, 3) and Private key = (n, d) = (33, 7).
Now we want to encrypt the message m = 7,then:
C= me mod n = 73 mod 33 = 343 mod 33 = 13.
Hence the ciphertext c = 13.
To check decryption we compute, P= C d mod n = 137 mod 33 = 7.

Cryptography Cryptography 2023 12
 Example

Bob chooses 7 and 11 as p and q and calculates n = 7 * 11 = 77.
The value of  = (7 − 1)*(11 − 1) or 60.
Now he chooses two keys, e and d. If he chooses e to be 13, then
d is 37.
(Compute d such that ed mod φ = 1) ed = (? * φ ) +1
Now imagine Alice sends the plaintext 5 to Bob. She uses the
public key 13 to encrypt 5.

Cryptography 13
Cryptography Cryptography 2023 14
 Key Exchange Protocols

Suppose you need to send a protected message to someone you
do not know and who does not know you. For instance, you
may want to send your income tax return to the government.
You want the information to be protected, but you do not
necessarily know the person who is receiving the information.

Public key cryptography can help.

Public Key Cryptography can be used to exchange Secret
Keys.

Cryptography Cryptography 2023 15
- Simple Key Exchange Protocol

- Bus what is the problem with this protocol?

Cryptography Cryptography 2023 16
A Man in the Middle

Cryptography Cryptography 2023 17
Key Exchange solution (1)

Amy should send to Bill
E(kPUB−B , E(kPRIV −A , K))

This confirms confidentiality and authenticity.
Thus, as we have seen, asymmetric cryptographic functions are
a powerful means for exchanging cryptographic keys between
people who have no prior relationship.

Cryptography Cryptography 2023 18
Diffie-Hellman Key Exchange (Solution 2)

Cryptography Cryptography 2023 19
Diffie-Hellman Key Exchange (Solution 2)I

Alice and Bob agree, publicly, on a prime number P, and a base
number N. Eve will know these two numbers, and it won’t matter!
Alice chooses a number A, which we’ll call her ”secret exponent.”
She keeps A secret from everyone, including Bob. Bob, likewise,
chooses his ”secret exponent” B, which he keeps secret from
everyone, including Alice.
Then, Alice computes the number J = N A (mod P)
and sends J to Bob. Similarly, Bob computes the
number K = N B (mod P) and sends K to Alice. Note
that Eve now has both J and K in her possession.

Cryptography Cryptography 2023 20
Diffie-Hellman Key Exchange (Solution 2)II

The final mathematical trick is that Alice now takes K, the number
she got from Bob, and computes K A(mod P). Bob does the same
step in his own way, computing J B (mod P).
The number they get is the same! Why is this so?
Since K = N B (modP)
Alice Computes K A (mod P) = (N B ) A (mod P) = NBA (mod P)
Bob used J = NA (mod P)
Bob computes JB (mod P) = (N A ) B (mod P) = NAB (mod P).

Cryptography Cryptography 2023 21
 Example

Let us give a trivial example to make the procedure clear. Our
example uses small numbers, but note that in a real situation,
the numbers are very large. Assume N = 7 and p = 23. The steps
are as follows:
1. Alice chooses A = 3 private key and calculate K = 73 mod 23 =21.
2. Bob chooses B = 6 private key and calculates J = 76 mod 23 = 4.
3. Alice sends the number 21 to Bob.
4. Bob sends the number 4 to Alice.
5. Alice calculates the symmetric key 43 mod 23 = 18.
6.Bob calculates the symmetric key 216 mod 23 = 18.
7.The value of the Key is the same for both Alice and Bob;
NAB mod p = 718 mod 23 =18.

Cryptography 22
 Error Detecting Codes

The basic purpose of Error Detecting Codes is to
demonstrate that a block of data has been modified.
Error detecting codes come under many names,
such as Parity, hash codes, message digests,
checksums, integrity checks, error detection and
correction codes, and redundancy tests.
Detection and correction codes are procedures or
functions applied to a block ofdata.

Cryptography 2023 23
Cryptography 2023 24
 Hash Codes I

Cryptography can be used to seal a file.

One technique for providing the seal is to compute a
function, sometimes called a hash or checksum or
message digest of the file.

Hashing is the process of transforming any given data
into a value using a hashing function.

Cryptography 2023 25
 Hash Codes II

A cryptographic checksum is a cryptographic
function that uses a cryptographic key that is
presumably known only to the originator and the proper
recipient of the data.

Cryptography 2023 26
Cryptography 2023 27
 Hash Codes III

 Secure Hash Standard or Algorithm (SHS or
SHA), actually a collection of algorithms, for
computing checksums.

 The most widely used cryptographic hash functions
are MD4, MD5 (MD stands for Message Digest), and
SHA or SHS (Secure Hash Algorithm or Standard).

Cryptography 2023 28
 Message Digest

Examples
Hash functions provide protection to password
storage.
Instead of storing password ) P) in clear, mostly all logon
processes store the hash values of passwords in the file.
The Password file consists of a table of pairs which are in
the form (user id, h(P)).

Cryptography 2023 29
Cryptography 2023 30
 Digital Signatures- All the Pieces

In the physical world, it is common to use
handwritten signatures on handwritten or typed
messages to bind signatory to the message.

Similarly, a digital signature is a technique that
binds a person/entity to thedigital data.

It meets non-repudiation feature.

Cryptography 2023 31
 Digital Signatures- All the Pieces I
Each person adopting this scheme has a
public-private keypair.
Signer feeds data to the hash function and
generates hash of data.
Hash value and signature key (sender private-key) are
then fed to the signature algorithm which produces the
digital signature on given hash.
Signature is appended to the data and then both are sent
to theverifier.

Cryptography 2023 32
Digital Signatures- All the Pieces II

Verifier also runs same hash function on received
data to generate hash value. the hash value is
compared to with original data. Based on the
comparison result, verifier decides whether the digital
signature is valid.
Since digital signature is created by private key of
signer and no one else can have this key; the signer
cannot repudiate signing the data in future.
Let us assume RSA is used as the signing
algorithm.

Cryptography 2023 33
The receiver after receiving the encrypted data and signature on
it, first verifies the signature using senders public key. After
ensuring the validity of the signature, he then retrieves the data
through decryption using his private key.

Cryptography 2023 34
 Certificates I
Digital certificates, similar to identification cards, are unique
for each person, and used to certify the online identities of
individuals, organizations, and computers.

A certificate is a trustable Identities and Public Keys signed
by a certificate authority (CA).

Certificates are issued and certified by certificate
authorities (CAs( that supports industry standard
X.509.

Cryptography 2023 35
 Certificates II
 A certificate contains information such as:
The certificate’s owner (called the subject) as an entity
on the network.
The owner’s public key.
ACertificateAuthority digital signature.
 A certificate Authority (CA) uses its private key to
digitally sign each certificate it issues.
 To create the digital signature, the CA generates a message
digest from the certificate, signs the digest with its private key,
and includes the digital signature as part of the certificate.
Anyone can use the message digest function and the CA’s
public key to verify the certificate’sintegrity.

Cryptography 2023 36
Cryptography 2023 37
Cryptography 2023 38
Cryptography 2023 39