CPE204 Discrete Mathematics
Week 10&11: Cryptology
Course teacher: Dr. Nehad Ramaha, Computer Engineering Department, Karabük Universities
Based on Lecture note prepared by Ozacar Kasim, PhD | Assist. Prof. | Computer Engineering Department
1
The class notes are a compilation and edition from many sources. The instructor does not claim intellectual property or ownership of the lecture notes.
In World War II, the Nazi military employed an encryption scheme that addressed
the weakness of substitution ciphers.
The scheme, implemented by typewriter sized devices, Enigma machines, gave
the Nazis a tactical advantage that greatly contributed to their early success in the
war.
Cryptology
• Cryptography
• Science of creating codes or ciphers
• Cryptanalysis
• Science of breaking codes and ciphers
3
Codes vs. Ciphers
• Code
• Substitution of words or phrases by others
• Example: Navajo “code talkers” of WW II:
• turtle means tank
• sea turtle means landing craft
• Cipher
• Algorithmic scrambling/unscrambling
• Example: Caesar cipher
• Replace each letter with the letter 3 positions after it in the alphabet (a  d, b  e, etc.)
4
Terminology
• Plaintext
• The unencrypted (readable) message
• Ciphertext
• The encrypted version of the message
• Secure channel
• A communications path safe from eavesdropping
• Insecure channel
• A communications path that may be tapped
5
Stream & Block Ciphers
• Stream cipher acts on one character at a time
• Replaces each character with a different symbol
• Fixed: Each plaintext ‘a’ is always replace by the same ciphertext
symbol
• Example: Caesar cipher (‘a’ always replaced by ‘d’)
• Variable: Different occurrences of ‘a’ in the plaintext are replaced
with different symbols in the ciphertext
• Example: German Enigma cipher machine of WWII
6
Simple Ciphers
• Message reversal
• Geometric patterns
• Route
• Columnar transposition
• Polyalphabetic transposition
• Code Word(Keyword) Transposition
7
Route Cipher
As an example, lets encrypt the plaintext "abort the mission, you have been
spotted". First we need to decide on the number of columns we are going to use,
lets say 5.
We then choose which route we want to use to encrypt the message.
The plaintext written in a grid with 5 columns.
•With a route of reading down the columns we get the ciphertext: "ATSYV NTBHS
OESEO EIUBP DRMOH EOXTI NAETX".
•With a route of spiralling inwards counter-clockwise from the bottom right we get:
"XTEAN ITROB ATSYV NTEDX OEHOM EHSOE SPBUI".
8
Caesar Shift Cipher
This particular cipher is not very difficult to decipher and hence secret
messages do not remain secret for long.
9
Book Cipher
• Locations in the book are used to replace the plain text of the message
10
Transposition Cipher
11
Example from previous exam:
In the following encryption process, Turkish alphabet was used.
ABCÇDEFGĞHIİJKLMNO ÖPRSŞTUÜVYZ
plaintext
ciphertext
TÜRKİYE
UYTONDJ
???
CCBUEP
Find the plain text corresponding to the CCBUEP encrypted text.
Answer.
12
Jefferson’s Cipher Machine
• A stack of code wheels threaded on a central axis
• Could be any length, but typically ~30
• Each had all letters of the alphabet, but no two were
identical
• To encrypt a message
•
•
•
•
Divide message into blocks = stack size
Turn wheels so plaintext shows on one row
Lock the wheels
Transmit any other row
13
Jefferson’s Cipher Machine
• To decrypt a message
• Set wheels to match the ciphertext for each block
• Lock the wheels
• Look for the one row that contains readable plaintext
• Jefferson’s machine was used, successfully, for almost a century
14
Enigma & Ultra
• Used by Germany during WW II
• Considered it “unbreakable”
• Broken in 1940 by Britain
(“Ultra”)
• Team at Bletchley Park, headed
by Alan M. Turing
15
How Enigma Worked
• Operator typed plaintext
message
• 3 rotors scrambled each letter
• Ciphertext character lit up on
upper panel
• Rotors turned after every letter
16
How Enigma Worked
1. Notched ring, used to "carry" the rotation of one rotor to another
via a ratchet mechanism
2. Dot marking the position of the "A" contact, for use by the
operator in assembling the rotor
3. Alphabet "tyre" or ring; some rings had a sequence of numerals
instead of letters
4. Electrical plate contacts
5. Wire connections joining the plate contacts to the pin contacts
6. Spring-loaded pin contacts
7. Spring-loaded ring adjusting lever, used to alter the position of the
alphabet ring; a pin on the lever fits into holes in the side of the
alphabet ring
8. Hub, through which fits the central axle
9. Finger wheel, used to manually set the orientation of the rotor
10. Ratchet mechanism
AJ 115
17
How Enigma Worked
The scrambling action of Enigma's rotors is
shown for two consecutive letters with the
right-hand rotor moving one position between
them.
AJ 115
18
How Enigma was Solved
• Lots of similar messages
• Germans sent weather information to U-boats every day, all in same format
• Human error
• Lazy or tired operators re-used rotor settings instead of changing them
• Repeated first 3 characters of message
• “Guten morgen”, “Hi Hitler!”
• Weakness of algorithm
• Would never translate a letter to itself
19
How Enigma was Solved
• The “Bombe”
• Computer at Bletchley Park
• Searched thousands of possible Enigma settings, looking for one that yielded
plaintext
• Captured code booksreadable
• Naval vessels carried books of Enigma settings
• British captured U-559 in Sept. 1942
• By 1943, Britain could read intercepted Enigma messages before the
Germans could!
20
Cryptographic Algorithms
• Often grouped into two broad categories, symmetric and
asymmetric; today’s popular cryptosystems use hybrid
combination of symmetric and asymmetric algorithms
• Symmetric and asymmetric algorithms distinguished by types of
keys used for encryption and decryption operations
Exchanging Keys
• Prior to 1976, all ciphers were “symmetric”
• Used the same key to encrypt and decrypt
• Encryption methods can be extremely efficient, requiring minimal processing
• Problem with all old encryption schemes is the key exchange
• Both sender and receiver must possess encryption key
• How do you transmit a secret key over an insecure channel?
22
Public-Key Cryptography
• New Directions in Cryptography
• Whitfield Diffie & Martin Hellman, 1976
• Proposed using two keys
• One to encrypt messages (the public key)
• A different key to decrypt (the private key)
• Also known as asymmetric cryptography
• Two keys are related, but one cannot be
derived from the other
• Public key can be published
23
Public Key Crypto…
• The Public and Private key pair comprise of two uniquely related cryptographic
keys (basically long random numbers). Below is an example of a Public Key:
• 3048 0241 00C9 18FA CF8D EB2D EFD5 FD37 89B9 E069 EA97 FC20 5E35 F577
EE31 C4FB C6E4 4811 7D86 BC8F BAFA 362F 922B F01B 2F40
• The Public Key is Public. It is made available to everyone via a publicly accessible
repository or directory. Private Key is confidential to its respective owner.
24
Public Key Crypto…
• For example, if Bob wants to send sensitive data to Alice, and wants to be sure
that only Alice may be able to read it, he will encrypt the data with Alice's Public
Key.
• Only Alice has access to her corresponding Private Key and as a result is the only
person with the capability of decrypting the encrypted data back into its original
form.
25
Cryptographic Algorithms
• Data Encryption Standard (DES): one of most popular
symmetric encryption cryptosystems
• 64-bit block size; 56-bit key
• Adopted by NIST in 1976 as federal standard for encrypting
non-classified information
• Triple DES (3DES): created to provide security far
beyond DES
• Advanced Encryption Standard (AES): developed to
replace both DES and 3DES
Encryption Key Size
• When using ciphers, size of cryptovariable or key very important
• Strength of many encryption applications and cryptosystems measured
by key size
• For cryptosystems, security of encrypted data is not dependent on
keeping encrypting algorithm secret
• Cryptosystem security depends on keeping some or all of elements of
cryptovariable(s) or key(s) secret
Encryption Key Power
Cryptography Tools
• Public Key Infrastructure (PKI): integrated system of
software, encryption methodologies, protocols, legal
agreements, and third-party services enabling users
to communicate securely
• PKI systems based on public key cryptosystems;
include digital certificates and certificate authorities
(CAs)
Cryptography Tools (continued)
• PKI protects information assets in several ways:
• Authentication
• Integrity
• Privacy
• Authorization
• Nonrepudiation
The RSA System
(public-key cryptosystem)
• Select two prime numbers, p and q
• Ex: choose p = 11, q = 3
• Compute n = p*q, f = (p-1)*(q-1)
• Ex: n = 11  3 = 33, f = 10  2 = 20
• Choose e, the encryption key, less
than n, so that e and f have no
common factors
• Find d (the decryption key)
Need ( e  d / f ) to leave a remainder
of 1
• Ex: 3  d / 20 leaves remainder 1
if d = 7
• Key pair is (n,e) and (n,d)
Encryption (public) key is (33, 3)
Decryption (private) key is (33, 7)
• Ex: choose e = 3
31
The RSA System (Encrypting/ Decrypting messages)
• Encrypting a message
• ciphertext = (plaintext)e mod n
• Ex: plaintext = 13
• ciphertext = 133 mod 33 = 2197 mod 33 = 19
• Decrypting the message
• plaintext = (ciphertext)d mod n
• plaintext = 197 mod 33 = 893871739 mod 33 = 13
32
Why is RSA Secure?
• Real versions use very large numbers
• Modulus, n, is at least 1024 bits long
• About 309 decimal digits (Log(2^1024))
• So p and q are each about 200 digits long
• Numbers are easy to multiply, but hard to factor
• It’s easy to compute n if you know both p and q
• It’s almost impossible to factor n into p & q
33
Just How Secure Is It?
• No cipher is 100% unbreakable
• Except “one-time pads,” but they have other problems
• By making the modulus larger, RSA can be made arbitrarily hard to
break
• With a 2048-bit modulus, all the computing power in the world would take
over 70 years to break one cipher
34
• Whatsapp uses RSA, and private key was only stored on your
device.
• “WhatsApp servers do not have access to the private keys of
WhatsApp users, and WhatsApp users have the option to
verify keys to ensure the integrity of their communication”
35
What are the Problems?
• Asymmetric encryption is S-L-O-W
• Can take even powerful computers 1-2 seconds to encrypt or decrypt a
message
• Can be fooled by someone posing as someone else
• If Eve claims to be Bob and publishes “Bob’s” public key, any messages
encrypted with it will be readable by Eve, not Bob
36
Speeding Things Up
• DES (Data Encryption Standard)
• Proposed in 1974 by NSA, IBM
• Symmetric cipher
• Algorithm can be implemented in hardware
• Key very short
• 56 bits long (40-bit key and 16-bit header)
• Could be broken “by force” with enough computing power (which NSA has)
37
DES and 3DES
• Shortness of key used by DES considered a weakness
• Newer version is “triple-DES” or 3DES
• 136 bits long (120-bit key + 16-bit header)
• AES (Advanced Encryption Standard)
• Uses 128-bit key
• DES, 3DES, and AES are all symmetric
38
SSL
• Secure Sockets Layer (SSL)
• Invented by Netscape in 1995
• Uses RSA to exchange a “session key”
• DES, 3DES, or AES key used for that browser session only
• Gets both speed and security
• RSA only used to exchange session key
• Session key expires when user logs out
39
Digital Certificates
• Overcome “spoofing” attack
• Perform same function as notary public
• Purchase from Certificate Authorities (CAs)
• VeriSign, Thawte, Comodo, GeoTrust, …
• Contain my public key
• “Signed” by the root certificate
• Located in your browser
40
Digital Signatures
• Asymmetric cryptography can be used to digitally “sign”
documents
• Achieves all purposes of conventional signature (but better):
• Cannot be forged
• Cannot be stolen and re-used
• Cannot be repudiated
• Assume Alice wants to sign a document and send it to Bob.
Here goes …
41
Digital Signatures
1.
2.
3.
Assuming Alice wants to send a message to Bob, she can
use her private key to create a digital signature based on
the message(using message-digest algorithm like MD5),
and send both the message and the signature to Bob.
Anyone with Alice's public key can prove that Alice sent
that message (only the corresponding private key could
have generated a valid signature for that message).
The message cannot be tampered with without
detection, as the digital signature will no longer be valid
(since it based on both the private key and the message).
42
Digital Signatures
• Can Alice later repudiate her signature?
• No, because only she has her private key
• Can Bob or Eve forge Alice’s signature?
• No, for the same reason
• Can Eve steal Alice’s signature and use it to “sign” a different
document?
• No, because then the digest values wouldn’t match
43
State of the Art
• Public-key cryptography allows people to communicate securely even
if they have never met
• Necessary for electronic commerce
• Ciphers cannot be made 100% secure, but they can be made
arbitrarily secure
• Use longer keys
• Both good guys and bad guys can use this technology
• Cryptanalysis is essentially obsolete
44
Summary
• Cryptography and encryption provide sophisticated approach to security
• Many security-related tools use embedded encryption technologies
• Encryption converts a message into a form that is unreadable by the
unauthorized
• Many tools are available and can be classified as symmetric or asymmetric, each
having advantages and special capabilities
• Strength of encryption tool dependent on key size but even more dependent on
following good management practices
• Cryptography is used to secure most aspects of Internet and Web uses that
require it, drawing on extensive set of protocols and tools designed for that
purpose
• Cryptosystems are subject to attack in many ways
46