# Overview of Cryptography and Its Applications INCS741: Cryptography Dr. Monther Aldwairi

```INCS741: Cryptography
Overview of Cryptography and
Its Applications
Dr. Monther Aldwairi
New York Institute of TechnologyAmman Campus
Motivation
• Historically Kings communicated with their
generals using cryptographic methods.
– Julius Caesar used a cipher named after him.
• Today with the advent of the Internet
electronic services are integral part of our
daily life
– Exchanging payment in formation is vital for
internet economy
• It’s empirical to protect electronic information
Terminology
• Cryptology is the all-inclusive term used for the
study of secure communication over non-secure
channels and related problems.
• Cryptography is the process of designing systems
to realize secure communications over nonsecure channels.
• Cryptanalysis deals with breaking cryptosystems.
• Coding Theory deals with symbolic
representation of input information using
symbols, often called codes such as
– Compression, secrecy and error-correction.
Code Vs Cipher
• Code is replacing message words by
codewords or symbols
– Unanticipated words cannot be used
• Cipher is Encrypting the message using some
algorithm
– Stream Ciphers. Data fed to the algorithm in small
chunks (bits, chars)
– Block Ciphers. Data fed to the algorithm in blocks
Secure Communications Scenario
Plain text
Security Issues
2. Find the key and read all the encrypted messages
3. Integrity: Corrupt or modify the content of the
message in such a way that Bob will think Alice sent
the altered message.
4. Authentication: Impersonate Alice and communicate
with Bob
• Oscar is a passive observer who is trying to perform (1)
and (2).
• Mallory is more active and malicious who is trying to
perform (3) And (4).
Possible Attacks
1. Ciphertext only: Eve has only a copy of ciphertext
2. Known Plaintext: Eve has a copy of ciphertext and the
corresponding plaintext and tries the deduce the key.
encryption machine/algorithms.
–
She can encrypt large number of plaintexts and use them
to deduce the key.
decryption machine.
–
She can decrypt large number of ciphertexts and symbols
and use them to deduce the key.
Kerckhoff’s and Shannon Principles
• A cryptosystem should be secure even if
everything about the system, except the key, is
public knowledge.
• The enemy knows the system edge.
• The security of the system, therefore, should
be based
1. key length
2. The quality of the algorithm.
Symmetric Key Cryptography
• Encryption and decryption keys are known to
both communicating parties (Alice and Bob).
– A Secret key should be shared (or agreed) b/w the
communicating parties.
• They are usually related and it is easy to derive
the decryption key once one knows the
encryption key.
– In most cases, they are identical.
• All of the classical (pre-1970) cryptosystems are
symmetric
– Such as DES and AES (Rijndael)
Public Key Cryptography
• Encryption Key is made public! Public Key.
• Decryption Key is kept private. Private Key
– Sender encrypts the message by the Public Key of the
– Only the receiver can decrypt the message by her/his
Private Key
• Computationally expensive to find the Decryption
Key from the Encryption Key
– Such as RSA, Discrete Logarithm and Elliptic Curve
• Used to encrypt small amounts of data (key
exchange or signatures)
Key Length
• The security of cryptographic algorithms is hard
to measure.
– How difficult is it for an adversary to find the key
– The key should be large enough to prevent brute force
or exhaustive search attack.
– The adversary to determine the key simply by trying
all possible keys in the key space.
• For example, DES utilizes 56-bit key, therefore
there are 256 (or approx 7.2 x 1016) possible keys
in the key space.
Key Length
• For a cryptanalyst, brute force should be the
last choice.
– He needs to take advantage of the weakness in
the algorithm or in it’s implementation, in order to
reduce the possible keys to try out.
• Longer keys do not necessarily improve the
security
• Once secure is not always secure
Unbreakable Cryptosystems
• Almost all of the practical cryptosystems are
theoretically breakable given the time and
computational resources
• However, there is one system which is even
– One-time pad requires exchanging key that is as long as
the plaintext.
– However impractical, it is still being used in certain
applications which necessitate very high-level security.
• Security of one-time pad systems relies on the
condition that keys are generated using truly random
sources.
Cryptographic Objectives
• Confidentiality
– Hiding the contents of the messages exchanged.
• Integrity
– Bob wants to make sure that Alice’s massage hasn’t
been altered
• Authentication
– Bob wants to make sure that Alice could have sent the