Cryptography PDF

Introduction to Cryptography and Cryptanalysis Cryptography What Is Cryptography? Securing Communications Cryptology is the science of making and breaking secret codes. Cryptography is a way to store and transmit data so only the intended recipient can read or process it. Cryptology is the science of making and breaking secret codes or Cryptography is the science of secret, or hidden writing Cryptography helps realize the four objectives of information security: Data Confidentiality - only authorized users can read the data. Data Integrity - the data has not been altered by unauthorized parties. Origin authentication - the data has actually originated at the expected source. Non-repudiation – the integrity of the message is irrefutable by the sender. What Is Cryptography? There are two disciplines: Cryptography – The art and science of creating codes to secure private communication. – It focuses on developing and using techniques to protect information from unauthorized access. Cryptanalysis – The practice of breaking codes and uncovering weaknesses in cryptographic techniques. – It involves analyzing and exploiting vulnerabilities to decrypt or compromise secure communications. What is Cryptography? Cryptography – Ciphers A cipher is an algorithm or method used to transform plaintext (readable information) into ciphertext (unreadable, encrypted information) and vice versa. The following are types of ciphers that have been used over the years: Substitution cipher – Substitution ciphers retain the letter frequency of the original message. Transposition cipher - In transposition ciphers, no letters are replaced; they are simply rearranged. Polyalphabetic ciphers - Polyalphabetic ciphers are based on substitution, using multiple substitution alphabets. Levels of security 1. Unconditionally Secure An algorithm is said to be unconditionally secure if it remains secure no matter how much computational power an adversary possesses or how much time they have to attack the system. This means that even if an attacker had unlimited resources and time, they would still not be able to break the cryptographic scheme. Example: The one-time pad encryption scheme is an example of unconditional security. If the key is truly random, at least as long as the message, and used only once, then it is mathematically impossible for an attacker to decipher the message without knowing the key. 2. Computationally Secure An algorithm is said to be computationally secure if it is secure against all known attacks given the computational resources available to the attacker, but this security relies on the assumption that the attacker does not have unlimited computational power or an infinite amount of time. Example: Modern cryptographic algorithms, such as RSA, AES, and ECC (Elliptic Curve Cryptography), are computationally secure. Cryptanalysis – Code Breaking A number of code breaking (cryptanalysis) methods exist, such as brute-force, ciphertext, and known-plaintext, among others. Several methods are used in cryptanalysis: Brute-force - The cryptanalyst tries every possible key knowing that eventually one of them will work. Ciphertext - The cryptanalyst has the ciphertext of several encrypted messages but no knowledge of the underlying plaintext. Known-Plaintext - The cryptanalyst has access to the ciphertext of several messages and knows something about the plaintext underlying that ciphertext. Chosen-Plaintext - The cryptanalyst chooses which data the encryption device encrypts and observes the ciphertext output. Chosen-Ciphertext - The cryptanalyst can choose different ciphertext to be decrypted and has access to the decrypted plaintext. Meet-in-the-Middle - The cryptanalyst knows a portion of the plaintext and the corresponding ciphertext. Keys With modern technology, security of encryption lies in the secrecy of the keys, not the algorithm. Two terms that are used to describe keys are: Key length - Also called the key size, this is measured in bits. In this course, we will use the term key length. Keyspace - This is the number of possibilities that can be generated by a specific key length. For example, a key length of nnn bits results in 2n2^n2n possible keys. As key length increases, the keyspace increases exponentially. Cryptography Overview Cipher is a method for encrypting messages Plain Text Encryption Cipher Text Decryption Plain Text Algorithm Algorithm Key A Key B Encryption algorithms are standardized & published The key which is an input to the algorithm is secret Key is a string of numbers or characters Cryptanalysis Cryptanalysis is the process of breaking an encryption code Several techniques can be used to deduce the algorithm o Attempt to recognize patterns in encrypted messages, to be able to break subsequent ones by applying a straightforward decryption algorithm o Attempt to infer some meaning without even breaking the encryption, such as noticing an unusual frequency of communication or determining something by whether the communication was short or long o Attempt to deduce the key, in order to break subsequent messages easily o Attempt to find weaknesses in the implementation or environment of use of encryption o Attempt to find general weaknesses in an encryption algorithm, without necessarily having intercepted any messages Substitution Ciphers Caesar Cipher Caesar Cipher is a method in which each letter in the alphabet is rotated by three letters as shown ABCDEFGHIJKLMNOPQRSTUVWXYZ DEFGHIJKLMNOPQRSTUVWXYZABC Let us try to encrypt the message – Attack at Dawn Substitution Ciphers Caesar Cipher Encryption Plain Text Cipher Text Cipher: Message: Caesar Cipher Message: Attack at Dawn Algorithm Dwwdfn Dw Gdyq Key (3) Decryption Cipher Text Plain Text Cipher: Message: Caesar Cipher Message: Dwwdfn Dw Gdyq Algorithm Attack at Dawn Key (3) How many different keys are possible? Substitution Cipher Monoalphabetic Cipher Any letter can be substituted for any other letter Each letter has to have a unique substitute ABCDEFGH I JKLMNOPQRSTUVWXYZ MNBVCXZASDFGHJ KLPO IUYTREWQ Brute Force approach would be too time consuming Statistical Analysis would make it feasible to crack the key call Message: Encrypted Cipher: Message: Bob, I call you. Monoalphabetic Nkn, s bmgg wky. Alice Cipher mgsbc Key Substitution Cipher Polyalphabetic Caesar Cipher Developed by Blaise de Vigenere Also called Vigenere cipher It consists of the 26 ceasar ciphers with shifts 0f 0 through 25 e.g. C1, C2, Encription e.g. Ci = (Pi + Ki) mod 26 Decription e.g. Pi = (Ci - Ki) mod 26 Substitution Cipher Polyalphabetic Caesar Cipher Developed by Blaise de Vigenere Also called Vigenere cipher Uses a sequence of monoalpabetic ciphers in tandem e.g. C1C2, C1(k=6) and C2(k=20) or fu Key 6 20 6 20 6 20 6 20 Plaintext 1 14 1 8 2 0 11 11 Ciphertext 7 8 7 2 8 20 17 5 Example Message: Encrypted Cipher: Message: Bob, I call you. Monoalphabetic Hih, c iurf Alice Cipher Key Transposition Cipher Columnar Transposition This involves rearrangement of characters on the plain text into columns The following example shows how letters are transformed If the letters are not exact multiples of the transposition size there may be a few short letters in the last column which can be padded with an infrequent letter such as x or z Plain Text Cipher Text T H I S I T S S O H S A M E S O A N I W S A G E T H A A S O O S H O W L R S T O H O W A C I M G H W O L U M N U T P I R A R T R A S E E O A N S P O S M R O O K I T I O N I S T W C W O R K S N A S N S Reading assignment Transposition Cipher Reading assignment Row Transposition Rail Fence Cipher Rail Fence Cipher - Transposition Cipher A transposition cipher that rearranges characters. Characters are rearranged in a zigzag pattern across multiple rails (rows). The text is read row by row to create the ciphertext. Let's assume rails fence depth of 2. Message “Bob I will call”, the cipher text will be” Bbwloiil B b w l o i i l Hill Cipher The Hill Cipher is a polygraphic substitution cipher based on linear algebra. Steps in Hill Cipher: Choose a Key Matrix: Select a square matrix of size n×nn \times nn×n as the key. The determinant of the matrix (mod 26) must be non-zero and relatively prime to 26 Prepare the Plaintext: Break the plaintext into blocks of size nnn. If the length of the plaintext is not a multiple of nnn, pad it with filler characters (e.g., 'X'). Encryption: Represent each letter as a number (A=0, B=1,..., Z=25). Convert the plaintext block into a column vector. Plaintext: "Bob I will call" Remove spaces and punctuation: The plaintext becomes: "BOBIWILLCALL" Convert letters to numbers using A=0,B=1,C=2,…,Z=25A = 0, B = 1, C = 2, \dots, Z = 25A=0,B=1,C=2,…,Z=25: Hill Cipher Hill Cipher Encryption Process 1. Key Matrix Choose a 2×2 key matrix: K=[3 3] [2 5] Plaintext in numbers: [1,14,1,8,22,8,11,11,2,0,11,11] [3 3] = , C= [2 5] Ciphertext block: "TU“ The encrypted text for "Bob I will call" using the Hill Cipher is: "TUBXSWQJGEQJ” Two Types of Encryption There are two classes of encryption algorithms: Symmetric algorithms - These algorithms use the same pre-shared key, sometimes called a secret key pair, to encrypt and decrypt data. Both the sender and receiver know the pre-shared key before any encrypted communication begins. Asymmetric algorithms - Asymmetrical encryption algorithms use one key to encrypt data and a different key to decrypt data. One key is public and the other is private. In a public-key encryption system, any person can encrypt a message using the public key of the receiver, and the receiver is the only one that can decrypt it using his private key. How many number of keys in symmetric key: n(n-1)/2, if group size is 10.then 45 Private-Key Encryption Symmetrical Encryption Process - Symmetric algorithms use pre-shared key to encrypt and decrypt data, a method also known as private-key encryption. Numerous encryption systems use symmetric encryption. Some of the common encryption standards that use symmetric encryption include the following: 3DES (Triple DES): Digital Encryption Standard (DES) is a symmetric block cipher with 56-bit effective length of a secret key. 16 rounds of encryption. With 64 bits of plaintext. Triple DES: apply DES algorithm 3 times. IDEA: The International Data Encryption Algorithm (IDEA) uses 64-bit blocks and 128- bit keys. IDEA performs eight rounds of transformations on each of the 16 blocks that results from dividing each 64-bit block. IDEA was the replacement for DES, and now PGP (Pretty Good Privacy) uses it. AES: The Advanced Encryption Standard (AES) has a fixed block size of 128-bits with a key size of 128, 192, or 256 bits. The National Institute of Standards and Technology (NIST) approved the AES algorithm in December 2001. The U.S. government uses AES to protect classified information. Encryption Algorithm Summary Algorithm Type Key Size Features DES Block Cipher 64 bit chunks Most Common, Not strong 56 bits enough effective TripleDES Block Cipher 168 bits Modification of DES, (112 effective) Adequate Security Blowfish Block Cipher Variable Excellent Security (Up to 448 bits) AES Block Cipher Variable Replacement for DES, (128, 192, or 256 Excellent Security bits) RC4 Stream Cipher Variable Fast Stream Cipher, Used (40 or 128 bits) in most SSL implementations Public-Key Encryption Asymmetrical Encryption Process - Asymmetric encryption, also called public-key encryption, uses one key for encryption that is different from the key used for decryption. A criminal cannot calculate the decryption key based on knowledge of the encryption key, and vice versa, in any reasonable amount of time. The asymmetric algorithms include: RSA (Rivest_Shamir-Adleman) - uses the product of two very large prime numbers with an equal length of between 100 and 200 digits. Browsers use RSA to establish a secure connection. Diffie-Hellman - provides an electronic exchange method to share the secret key. Secure protocols, such as Secure Sockets Layer (SSL), Transport Layer Security (TLS), Secure Shell (SSH), and Internet Protocol Security (IPsec), use Diffie-Hellman. ElGamal - uses the U.S. government standard for digital signatures. This algorithm is free to use because no one holds the patent. Elliptic Curve Cryptography (ECC) - uses elliptic curves as part of the algorithm. In the U.S., the National Security Agency uses ECC for digital signature generation and key exchange. Key Characteristics of DES Symmetric-Key Cipher: DES uses the same key for encryption and decryption. Both sender and receiver must securely share and maintain this key. Block Cipher: DES processes plaintext in fixed-size blocks of 64 bits. Each block is encrypted independently. Key Length: DES uses a 64-bit key, but 8 bits are used for parity checks, leaving an effective key length of 56 bits. Encryption Rounds: DES applies a series of 16 rounds of encryption, each consisting of permutations, substitutions, and bitwise operations. Feistel Structure: DES uses a Feistel Network to encrypt data, splitting the plaintext block into two halves and processing them alternately with round functions. Encryption Process of DES Initial Permutation (IP): The 64-bit plaintext block undergoes a fixed permutation that rearranges the bits in a specific order. Feistel Network (16 Rounds): Split: The permuted block is divided into two halves (L0 and R0). Round Function: In each round, the right half (Rn) is expanded to 48 bits using an Expansion Permutation (E). This expanded block is XORed with a 48-bit round key derived from the main key. The result undergoes substitution using S-boxes (Substitution Boxes) and another permutation (P). The output is XORed with the left half (Ln) to generate the new right half (Rn+1). Swap: After each round, the left and right halves are swapped. Final Permutation (FP): After the 16 rounds, the two halves are combined and passed through the Final Permutation (FP), which is the inverse of the Initial Permutation. Decryption Process of DES The same steps are applied in reverse order, with the round keys used in the reverse sequence Key Schedule: DES derives 16 round keys (48 bits each) from the original 56-bit key. The key schedule involves: Initial permutation of the key bits. Splitting the key into two halves. Applying rotations and compression permutations to generate keys for each round. DES Encryption Overview Encrypting Long Messages Encrypting long messages securely involves handling data that exceeds the block size of symmetric encryption algorithms, such as DES and AES. This process requires dividing the message into smaller blocks and applying specific encryption strategies to ensure confidentiality and integrity across the entire message. Decryption Process of DES 1. Block Cipher Modes of Operation Block ciphers encrypt fixed-sized blocks of data (e.g., 64-bit for DES or 128-bit for AES). To process long messages, modes of operation are used: Electronic Codebook (ECB): Encrypts each block independently. While simple, it is vulnerable to patterns in repeated plaintext blocks. Cipher Block Chaining (CBC): Links blocks by XORing each plaintext block with the previous ciphertext block before encryption, enhancing security by adding interdependency. Counter (CTR) Mode: Encrypts a counter value for each block and XORs it with the plaintext, effectively turning a block cipher into a stream cipher. Decryption Process of DES 2. Handling Block Size Mismatch When the plaintext length is not a multiple of the block size, padding schemes fill the remaining space: PKCS#7 Padding: Adds bytes indicating the number of padding bytes. Zero Padding: Adds zeros to complete the block. Padding ensures the encryption process handles all data consistently. 3. Stream Ciphers Stream ciphers encrypt data bit by bit or byte by byte, making them suitable for continuous data streams or arbitrarily sized data without requiring padding. Generate the Keys required for the first three rounds to apply Data Encryption Standard for the data given below. Plain-text : Software Engineering Key: A1E2F3F4E5B6A7D8 Use the rules below to create Left cycle Iteration protocol R1 > For single digit event iteration number shift single bit R2 > For Single digit Odd iteration number add one more bit on the R1 R3 > For double digit event iteration number add one more bit on R2 R4 > For double digit odd iteration number shift a bit same as R1 N.B: your Final Keys of each round should be written in the way the original key is written Thank You RSA Public Key Crypto System Key generation: 1. Select 2 large prime numbers of about the same size, p and q 2. Compute n = pq, and (n) = (q-1)(p-1) 3. Select e, 1

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue