Cryptographic basics

advertisement
Cryptographic basics
• Cryptology is divided into cryptography and
steganography.
• Cryptography means ciphering and deciphering text. The
goal is not to hide that test is encrypted. It is only difficult
to decrypt it.
• Steganography is a collection of techniques, which hide
the text that should be kept secret (like hiding microfilms
to a pin point, hiding text into images and so on).
Steganography is not necessarily difficult to break, once
you know where is the hidden text.
• It is possible to combine the two techniques and e.g. hide
encrypted text into images using steganography.
• Cryptoanalysis is the art of decrypting cipher text without
a key.
Cryptographic basics
• Encryption is made with an encryption algorithm, usually a
hardware or software piece is executing the algorithm.
encryption key
clear text
encryption
decryption key
cipher
text
decryption
clear text
• Keyless algorithms where the algorithm is secret are no longer
used. One historical keyless algorithm is Caesar’s cipher.
Cryptography basics
• Symmetric and asymmetric cryptoalgorithms
• a symmetric cryptoalgorithm uses the same key in both sending
and receiving side, asymmetric cryptoalgorithms, introduced by
Diffie and Hellman 1976, use different keys to encrypt and to
decrypt.
• Stream and block ciphers
• A stream cipher encrypts data working on each bit or byte
separately, a block cipher encrypts a block (like 64 bits, 128 bits
etc.) of data in one time.
• A stream cipher is fast but block ciphers are considered more
secure.
• Modern data communication protocols, like IPsec, use only block
ciphers. GSM A5/1 is an example of a stream cipher.
Cryptography basics
• Symmetric cryptoalgorithms are developed following
Shannon’s two principles: confusion and diffusion.
• Confusion = mix up the clear text so that it is difficult to
decipher.
• Diffusion = every change in clear text should cause many
changes in cipher text.
• Confusion is often made by substitution: a letter or a bit
sequences is replaced by another.
• Diffusion is often made by transposition: change the order
of letters or bit sequences in the text.
• Clearly, with substitution and transposition there are very
many alternatives, with 26 letters and text of N letters, the
N
(
26
)!
number of possible ciphertexts is
• Example, N=256, then (26 N )!  2.07 10365
Cryptography basics
• Such a number of combinations can never be tried.
Unfortunately real cyptoalgorithms are not completely
random and they give much fever alternatives.
• The problem with letter based cryptoalgorithms is that it is
difficult to remove patterns from data. Natural language
has very many patterns, like common endings and more
popular letters and so on.
• A cyptoanalysist can try to guess what could be some
words in the cipher text and if he guesses some letters, the
rest will be easier to guess.
• Today symmetric algorithms are bit-based and mix up the
text so much that ciphertext is statistically as random as
possible.
• Let us look at DES, it makes confusion with substitution
boxes and diffusion with transposition boxes and several
rounds.
Cryptography basics
• DES Data Encryptation Standard
• DES has 56 bit keys (expressed as 64 bit strings because of
redundancy)
• DES is not any more safe, it was broken 1998 in 20 hours
with a special Deep Crack DES cracker. First time DES was
broken 1997 with 14000 PCs in four months.
47
• DES can be broken with linear cryptoanalysis in about 2
56
• steps, but Deep Crack cracks by brute force trying 2 keys.
• DES is a Feistel network, meaning a special structure
splitting a block (64 bits in DES) to two halves and mixing
them so, that individual operations can lose information but
the whole structure is bijective, so that you can crypt data and
use the same Feistel network to decrypt it.
• IPsec has a mandatory support for DES.
Cryptography basics
cleartext block 64 bits
bittiä
• DES
L0, 32
bittiä
R0, 32 bits
f
K1
XOR
L1
R1
14 rounds the same way
L15
R15
f
XOR
L16
1
R16
cryptotext block 64 bits
bittiä
K16
Cryptography basics
• In DES the plaintext block is divided into left and right
blocks (L0, R0). The algorithms has 16 rounds and on each
round the left and right blocks are swapped in the
following way:
Li = R(i-1)
Ri = L(i-1) XOR f(R(i-1), Ki)
• So new left block is the previous right block and the new
right block is obtained by XORing the previous left block
with the previous right block encrypted with some function
f using a key Ki.
• An encryptation algorithm satisfying this formula is a
Feistel network. It means that f need not be a bijection for
this encryptation to work. On each round f is a different
function made with permutations and substitutions.
• The triple DES (3DES) has effective key length at least
twice that of DES and is considered strong.
Cryptography basics
• Other good symmetric block ciphers are IDEA, CAST and
Blowfish. IPsec implementations have optional support for these
algorithms. A main motivation for creation of a new standard is
the ability to use longer block lengths than in DES.
• The new Advanced Encryptation Standard (AES) is recently
elected. It is Rijndael.
• Rijndael has a flexible key size and flexible block length. 10
rounds on each round the cryptation function is a a simple
combination of substitution and permutation.
• Rijndael is not a Feistel network, therefore on each round the
encryptation function is bijective.
• It is possible to create strong cryptoalgorithms which are
impossible to break, unless
• parallel computing methods like quantum computers are
developed, (quite possible) or
• P=NP will be proved (unlikely, but possible)
• Asymmetric cryptoalgorithms
• RSA (Rivest-Shamir-Adleman)
find two large primes p, q and calculate n=pq
Find a number e such that e and Carmichaelin funktio
 ( pq ) =GCD(p-1)(q-1)
are relatively prime (i.e., they have no common divisors).
(Here GCD=greatest common divisor)
Find some d such that ed=1 mod  ( pq )
(this is easy)
Then if X is a plaintext block, we get the ciphertext block Y
•
Y  X e mod n
and
X  Y d mod n
• El-Gamal
• Uses the discrete logarithm problem, quite similar to DiffieHellman key exchange algorithm. Encrypted block
2*plaintext block in length. It is used in DSA (Digital
Signature Algorithm)
Asymmetric cryptoalgorithms
• RSA is based on the difficulty of factoring a modulus of a large
number n.
• In order to be too difficult for modern computers, n must be of the
order of 21024 or more.
• Elliptic curve digital signature algorithm (ECDSA) gives the
same strength with much shorter keys. (But the method is only
suitable for digital signatures, not for encryptation).
• RSA modulus
1024 2048 4096
• ECDSA field size 160
211 296
• Elliptic curves are sets of points (x,y) satisfying
y  x  ax  b
2
3
• This looks like a simple third order polynomial, the trick is that
the coefficients a and b are not compex numbers or reals, but they
are in a finite field. The solving any problems gets very hard.
Cryptography basics
• Diffie-Hellman key exchange
• IPsec Internet Key Exchange (IKE) uses Diffie-Hellman.
• Alice and Bob want to create a symmetric key for
communication. So, they want to create a common secret
which only they share. Let the generator number g and
some prime number p be known to all (not secret).
• Alice picks up a number a and Bob picks up a number b.
• Then they calculate numbers A and B as
A  g a mod p
B  g b mod p
• Alice sends to Bob the number A and Bob send to Alice
number B. These numbers do not need to be kept secret.
• Alice and Bob can both count a shared secret S as
S  Ab mod p  B a mod p  g ab mod p
Cryptography basics
• As asymmetric cryptoalgorithms are slow, usually one can only
encrypt small data units with them.
• A common usage is digital signature: a hash value is produced
by some one-way function which compresses the data. Then
the hash value is crypted with a secret key.
• A one-way function is a function which is easy to calculate but
difficult to invert, so it is easy to count the hash but difficult to
find data which hashes to a given hash value.
• IPsec uses some well-known hash functions: MD5 and SHA.
• MD5 (Message Digest number 5) has some problems, one has
demonstrated that it is possible to find two data values hashing
to the same hash value.
• IPsec uses a strengthened version of the hash values: HMACMD5 does not have the problem.
Cryptographic basics, digital signatures
• Let us look at an early example of a digital signature
identifying Nero.
• Apocalypse gives 666 as the name of the beast.
• Caesar Nero is written in Hebrew as
• Nun Vau Resh Nun Resh Samex Koph
• 50 6 200 50
200 60
100
• the sum is 666. We know this is the likely explanation
because some Creek versions of Apocalypse give the
number as 616 and a similar calculation in Creek gives
616.
• Unfortunately the signature is not unique to Nero, many
people have found other explanations, the Pope being one
of the most popular choices for the beast (for crackpots).
Cryptographic basics, digital signatures
• In order to make a unique digital signature, you need a oneway hash collision-free function and public key
cryptoalgorithm.
• One-way function is a function, which is fast to calculate
but the inverse is very slow to calculate. For instance,
f ( x)  x mod m
n
• A hash function is a function which maps a long number
into a short number. Naturally, many long numbers map to
the same short number. A hash function is called collisionfree if it is hard to find any long number which maps to a
short number obtained by using the hash function.
• Now you take the message you want to sign, put it through a
one-way collision free hash function and it produces a short
number. This number you encrypt with your private key.
• It is the digital signature.
Cryptographic basics, digital signatures
• You send both the message and the digital signature.
• Anybody can check the digital signature by counting the
hash value (the short number) from the message since the
used one-way collision-free hash function is known to all.
• Then he can also decrypt the digital signature you gave
with your known public key.
• It must be the same number what the hash produced.
• Typically, electronic signature is in a data structure
indicating the hash algorithm, public key algorithm and
known parameters for these algorithms.
Cryptography basics
•
•
•
•
Example:
Digital signature algorithms used in IPsec:
RSA, suits well to digital signatures
DSA (Digital Signature Algorithm), a similar algorithms to
El-Gamal, uses SHA (Secure Hash Algorithm) for hashing.
• Algorithms for message integrity in IPsec:
• Digital signatures can be used to proof that the message has
not changes. There are symmetric and asymmetric
algorithms for this.
• MAC (Message Authentication Code) is a family of
symmetric message integrity check algorithms. IPsec uses
one special MAC: HMAC.
• It can be used with different hash functions, so there are
HMAC-SHA and HMAC-MD5.
Cryptography basics
• Modes of symmetric cryptoalgorithms
• Block ciphers can be used in several modes.
• Electronic Code Book (ECB), Cipher Block Chaining
(CBC), Output Feedback (OFB), Counter mode, ...
• In ECB blocks are crypted individually, not suitable for
communication, but good for storing data as then data can
be decrypted without decrypting all previous blocks.
• In other modes previous plaintext or ciphertext blocks are
used to encypt the next block.
• The feedback modes (CBC, OFB, Counter) differ mostly
in error propagation. For links with high error ratio OFB or
Counter mode are better than CBC.
• IPsec uses all block ciphers in the CBC-mode.
Cryptography basics
• Cipher Block Chaining Mode (CBC)
plaintext
IV
ciphertext
+
+
+
E
E
E
IV
D
D
D
+
+
+
ciphertext
IV = Initialization vector
E = Encryption component
D = Decryption component
plaintext
Download