Making and B

reaking Ciphers

Ralph M

orelli

Trinity C

ollege, Hartford

(ralph.morelli@

trincoll.edu)

Sm

ithsonian InstituteO

ctober 31, 2009

This presentation w

as created using Open O

ffice 3.0, free and open source softw

are. http://w

ww

.openoffice.org/

© 2009 R

alph Morelli

You are free to reuse and rem

ix this presentation under a creative comm

ons license provided you give credit to the author. http://creativecom

mons.org/licenses/by/3.0/us/

Part III: Com

puterized Cryptology

Outline

V

ernam C

ipher – perfect secrecy

Com

puterization: From L

etters to Bits

D

ES

T

he Key E

xchange Problem

Public Key C

ryptography

Quantum

Cryptography

Perfect Secrecy

Vernam

Cipher

G

ilbert S. V

ernam, A

T&

T, 1919

Morse code – 5 pulses per character.

A

= (m

ark mark space space space)

V

ernam's: A

dd a key tape to the m

essage:

C DPlaintext

Key

Ciphertext

mark

mark

space

mark

spacem

ark

spacem

arkm

ark

spacespace

space

R

eversible, one-step encryption and decryption using a key loop tape.

Flaw

: repeating key is polyalphabetic.

One T

ime P

ad

Generalization of V

ernam: m

ake the key as long as the m

essage.

P

rovably perfect secrecy (Claude S

hannon, 1942):

Secret key.

O

f truly random characters.

A

s long as the message.

U

sed only once and then discarded.

E

xample:

10

1 0

0 1

1 0

Key

Plain

Cip

her

XO

R O

peratio

n

Plaintext: 01101 10101 01111 10110 10101

Key: 01010 10100 11101 01011 10110

Ciphertext: 00111 00001 10010 11101 00011

Key: 01010 10100 11101 01011 10110

Plaintext: 01101 10101 01111 10110 10101

Encrypt

Decrypt

Theoretical P

rinciples

C

laude Shannon, 1949, “C

omm

unication T

heory of Secrecy S

ystems,” B

ell Labs.

Perfect secrecy property.

C

onfusion – maxim

um com

plexity between the

key and ciphertext.

Diffusion – plaintext uniform

ities (statistics) are dissipated in the ciphertext.

A

cipher system should be secure even if its

algorithm is know

n (Kerchoff's principle).

AS

CII C

ode

D

eveloped from telegraph codes.

1963 S

tandard

1966 chart

A=

100 0001

B=

100 0010

C=

100 0011

1000011 1010010 1011001 1010000 1010100 1011111

C R

Y P

T O

Transposition and S

ubstitution

T

ransposition

1000011 1010010 1011001 1010000 1010100 1011111C

R Y

P T

O

100001110100101011001 101000010101001011111

101000010101001011111 100001110100101011001

● Substitution (S

wap 0s and 1s)

010111101010110100000 011110001011010100110

0101111 0101011 0100000 0111100 0101101 0100110

/ + S

P <

- &

XO

R: S

ubstitution with a K

ey

Plain M

essage

1000011 1010010 1011001 1010000 1010100 1011111

C R

Y P T

O

A

SCII

K

EY

= A

BC

DE

F 1000001 1000010 1000011 1000100 1000101 1000110

0000010 0010000 0011010 0010100 0010001 0011001

msg X

OR

key

0000010 0010000 0011010 0010100 0010001 0011001

1000001 1000010 1000011 1000100 1000101 1000110

Crypto M

essage

KE

Y=

AB

CD

EF

Plain M

essage1000011 1010010 1011001 1010000 1010100 1011111

C R

Y P T

O

AB

A ⊕ B

00

0

01

1

10

1

11

0

Data E

ncryption Standard (D

ES

)

E

arly 1970s: IBM

and NS

A C

ollaboration.

1976: Adopted as the federal IP

standard.

Controversial am

ong cryptographers.

Key too short.

C

lassified elements in the algorithm

.

NS

A backdoor?

1999: E

FF

broke it in 23 hours (brute force).

2002: Replaced after public com

petition by A

dvanced Encryption S

tandard (AE

S)

64-bit block cipher

56-bit key (+

8 bits parity)

F

eistel mixing: 16 cycles of

transposing and XO

Ring w

ith 48-bit subkeys (K

1 ...K16 )

DE

S A

lgorithm(T

rasposition & S

ubstitution)

Source: FIPS PUB

46-2http://w

ww

.itl.nist.gov/fipspubs/fip46-2.htm

EF

F's D

ES

Deep C

rack

S

pecialized chips

$250,000

1998 – 56 hours.

1999 – 22.25 hrs. with

distributed.net.

1999: DE

S reaffirm

ed as the standard w

ith T

riple-DE

S recom

mended.

Sym

metric vs. A

symm

etric Keys

S

ymm

etric Key

S

ame key used for encryption and decryption.

M

ust be shared by Alice and B

ob.

Key exchange problem

.

Asym

metric K

ey –

Different keys used for encryption and decryption.

N

o key exchange problem.

The K

ey Exchange P

roblem

Alice

Bob

Eve

Asym

metric K

eys

Alice

Bob

Eve

PrivatePrivate

Shared

Shared

Shared

? ?

Diffie-H

ellman K

ey Exchange

Invented in 1976

M

odular arithmetic: (8 +

7) mod 12 =

3–

8 AM

+ 7 hours =

3 PM

–8 +

7 = 15 mod

12 = 1 R

mdr =

3

–(8 * 7) m

od 12 = 56 mod

12 = 4 R

mdr =

8

O

ne-way function

3

x = 1 (m

od 4) What is x? {2, 4, 6, …

}

Diffie-H

ellman K

ey Exchange

A

lice's secret number is a and B

ob's secret number is b.

T

hey agree on the base g and prime num

ber p and the function g

x (mod p).

T

hey exchange A =

ga (m

od p) and B =

gb (m

od p).

They derive the sam

e key K because g

ab(mod p) =

gba(m

od p).

Eve can't easily derive K

without know

ing a and b.

Public K

ey Cryptography

1984 R

ivest-Sham

ir-Adelm

an Algorithm

(RS

A)

B

ased on the difficulty of computing prim

e factors.

A

symm

etric key (public/private part) vs. sym

metric key (shared by A

lice and Bob)

101001010010010101101001010101001010010100101001010100

Key

Generator

Large random

number

Private K

ey

Public K

ey

Public K

ey Encryption/D

ecryption

101001010010010101101010101001010100

Bob's P

rivate K

ey

Alice

“Hi B

ob”

Bob's P

ublic K

ey

RSA

Encrypt

RSA

Decrypt

Bob

“Hi B

ob”

Public K

ey Signature101001010010010101

101010101001010100

Alice's P

ublic K

ey

Alice

“I am A

lice”

Alice's P

rivate K

ey

RSA

Sign(E

ncrypt)

RSA

Verify

(Decrypt)

Bob

“I am A

lice”

RS

A D

etails

A

lice picks two huge prim

e numbers, p and q.

A

lice computes N

= p x q.

A

lice picks another number e relatively prim

e to (p-1) x (q-1).

A

lice calculates her private key d as:

d x e =

1 (mod (p-1) * (q-1))

A

lice publishes (N, e) as her public key.

E

ncrypt message to A

lice, M: C

= M

e(mod N

)

Alice decrypts m

essage, C: M

= C

d(mod N

)

RS

A S

ecurity

G

iven N =

p x q, w

hy can't we just figure out the

primes p and q?

F

actorization of N: F

or each prime num

ber, ni

check if it divides N.

H

ow big is N

? ~ 10

308 for bank transactions.

Best estim

ate: 100 million com

puters working

together would take m

ore than 1000 years (S

imson G

arfinkel, as reported in Singh).

Internet Security

T

ransport Layer Security (S

ecure Sockey Layer)

C

lient (user's browser) and server (e.g., user's bank)

comm

unication protocol.

Phase 1: C

lient and server negotiate which algorithm

s w

ill be used for key exchange and authentication (typically public key algorithm

s).

Phase 2: A

symm

etric key is exchanged and authenticated.

P

hase 3: Encrypted, efficient com

munication using the

symm

etric key.

Transport Layer S

ecurity

Quantum

computation: A

quantum com

puter could easily break a factorization problem

.

Quantum

Cryptography

B

B84 P

rotocol: Charles H

. Bennet and G

illes Brassard, 1984.

(IBM

, University of M

ontreal)

E

xchange random bit stream

for use in one-time pad.

P

ossible to detect an eavesdropper.

Im

plementations: E

xchange secure keys over optical fiber at 1 M

bit/s (10 km) and 10 kbits/s 100 km

.

M

uch research (IBM

, NE

C, H

P, Toshiba, Mitsubishi)

F

our comm

ercial companies

Perfect S

ecrecy!?

Source: http://xkcd.com

/