1. 2. 3. 4. 5. 6. Classical encryption techniques Block ciphers and the data encryption standard Basic concepts in number theory and finite fields Advanced encryption standard Block cipher operation Pseudorandom number generation and stream ciphers 2 Symmetric Cipher Model Substitution Techniques Transposition Techniques Rotor Machines Steganography 3 Symmetric encryption is a form of cryptosystem in which encryption and decryption are performed using the same key. It is also known as conventional encryption. Symmetric encryption transforms plaintext into ciphertext using a secret key and an encryption algorithm. Using the same key and a decryption algorithm, the plaintext is recovered from the ciphertext. The two types of attack on an encryption algorithm are cryptanalysis, based on properties of the encryption algorithm, and brute-force, which involves trying all possible keys. 4 Traditional (precomputer) symmetric ciphers use substitution and/or transposition techniques. Substitution techniques map plaintext elements (characters, bits) into ciphertext elements. Transposition techniques systematically transpose the positions of plaintext elements. Rotor machines are sophisticated precomputer hardware devices that use substitution techniques. Steganography is a technique for hiding a secret message within a larger one in such a way that others cannot discern the presence or contents of the hidden message. 5 6 Plaintext: This is the original intelligible message or data that is fed into the algorithm as input Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext. Secret key: The secret key is also input to the encryption algorithm. The key is a value independent of the plaintext and of the algorithm Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the secret key. Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the ciphertext and the secret key and produces the original plaintext. 7 8 1. 2. 3. Cryptographic systems are characterized along three independent dimensions: The type of operations used for transforming plaintext to ciphertext. (substitution, transposition). The number of keys used (symmetric, public-key encryption) The way in which the plaintext is processed (block cipher, stream cipher) 9 Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some knowledge of the general characteristics of the plaintext or even some sample plaintext–ciphertext pairs. This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used. Brute-force attack: The attacker tries every possible key on a piece of cipher-text until an intelligible translation into plaintext is obtained. On average, half of all possible keys must be tried to achieve success. 10 11 A brute-force attack involves trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained. On average, half of all possible keys must be tried to achieve success. 12 A substitution technique is one in which the letters of plaintext are replaced by other letters or by numbers or symbols.1 If the plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns. Caesar Cipher For example, plain: meet me after the toga party cipher: PHHW PH DIWHU WKH WRJD SDUWB 13 14 Monoalphabetic Ciphers Playfair Cipher Hill Cipher Polyalphabetic Ciphers 15 16 An Army Signal Corp officer, Joseph Mauborgne, proposed an improvement to the Vernam cipher that yields the ultimate in security. Mauborgne suggested using a random key that is as long as the message, so that the key need not be repeated. In addition, the key is to be used to encrypt and decrypt a single message, and then is discarded. Each new message requires a new key of the same length as the new message. Such a scheme, known as a one-time pad, is unbreakable. It produces random output that bears no statistical relationship to the plaintext. Because the ciphertext contains no information whatsoever about the plaintext, there is simply no way to break the code. 17 The simplest such cipher is the rail fence technique, in which the plaintext is written down as a sequence of diagonals and then read off as a sequence of rows. For example, to encipher the message “meet me after the toga party” with a rail fence of depth 2, we write the following: m e m a t r h t g p r y e t e f e t e o a a t The encrypted message is MEMATRHTGPRYETEFETEOAAT 18 19 A plaintext message may be hidden in one of two ways. The methods of steganography conceal the existence of the message, whereas the methods of cryptography render the message unintelligible to outsiders by various transformations of the text. Character marking: Selected letters of printed or typewritten text are over-written in pencil. The marks are ordinarily not visible unless the paper is held at an angle to bright light. Invisible ink: A number of substances can be used for writing but leave no visible trace until heat or some chemical is applied to the paper. 20 Pin punctures: Small pin punctures on selected letters are ordinarily not visible unless the paper is held up in front of a light. Typewriter correction ribbon: Used between lines typed with a black ribbon, the results of typing with the correction tape are visible only under a strong light. The advantage of steganography is that it can be employed by parties who have something to lose should the fact of their secret communication (not necessarily the content) be discovered. Encryption flags traffic as important or secret or may identify the sender or receiver as someone with something to hide. 21 Block Cipher Principles The Data Encryption Standard 22 A block cipher is an encryption/decryption scheme in which a block of plaintext is treated as a whole and used to produce a ciphertext block of equal length. Many block ciphers have a Feistel structure. Such a structure consists of a number of identical rounds of processing. In each round, a substitution is performed on one half of the data being processed, followed by a permutation that interchanges the two halves. The original key is expanded so that a different key is used for each round. 23 The Data Encryption Standard (DES) has been the most widely used encryption algorithm until recently. It exhibits the classic Feistel structure. DES uses a 64-bit block and a 56-bit key. Two important methods of cryptanalysis are differential cryptanalysis and linear cryptanalysis. DES has been shown to be highly resistant to these two types of attack. 24 Stream Ciphers and Block Ciphers A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. A block cipher is one in which a block of plaintext is treated as a whole and used to produce a ciphertext block of equal length. Typically, a block size of 64 or 128 bits is used. 25 26 In the late 1960s, IBM set up a research project in computer cryptography led by Horst Feistel. The project concluded in 1971 with the development of an algorithm with the designation LUCIFER [FEIS73], which was sold to Lloyd’s of London for use in a cash-dispensing system, also developed by IBM. In 1973, the National Bureau of Standards (NBS) issued a request for proposals for a national cipher standard. IBM submitted the results of its Tuchman–Meyer project. This was by far the best algorithm proposed and was adopted in 1977 as the Data Encryption Standard. 27 As with any encryption scheme, there are two inputs to the encryption function: the plaintext to be encrypted and the key. In this case, the plaintext must be 64 bits in length and the key is 56 bits in length (Actually, the function expects a 64-bit key as input. However, only 56 of these bits are ever used; the other 8 bits can be used as parity bits or simply set arbitrarily). 28 29 30 31 Divisibility and The Division Algorithm The Euclidean Algorithm Modular Arithmetic Groups, Rings, and Fields Finite Fields of the Form GF(p) Polynomial Arithmetic Finite Fields of the Form GF(2^n) 32 Modular arithmetic is a kind of integer arithmetic that reduces all numbers to one of a fixed set [0,...,n-1] for some number n. Any integer outside this range is reduced to one in this range by taking the remainder after division by n. The greatest common divisor of two integers is the largest positive integer that exactly divides both integers. A field is a set of elements on which two arithmetic operations (addition and multiplication) have been defined and which has the properties of ordinary arithmetic, such as closure, associativity, commutativity, distributivity, and having both additive and multiplicative inverses. 33 Finite fields are important in several areas of cryptography. A finite field is simply a field with a finite number of elements. It can be shown that the order of a finite field (number of elements in the field) must be a power of a prime p^n, where n is a positive integer. Finite fields of order p can be defined using arithmetic mod p. Finite fields of order p^n, for n>1, can be defined using arithmetic over polynomials. 34 35 36 Definition: Two integers are relatively primeif their only common positive integer factor is 1. Finding the Greatest Common Divisor 37 Properties of Congruences 38 39 40 41 42 43 44 45 46 47 48 Finite Field Arithmetic AES Structure AES Transformation Functions AES Key Expansion An AES Example AES Implementation 49 AES is a block cipher intended to replace DES for commercial applica-tions. It uses a 128-bit block size and a key size of 128, 192, or 256 bits. AES does not use a Feistel structure. Instead, each full round consists of four separate functions: byte substitution, permutation, arithmetic opera-tions over a finite field, and XOR with a key. 50 51 52 Multiple Encryption and Triple DES Electronic Code Book Cipher Block Chaining Mode Cipher Feedback Mode Output Feedback Mode Counter Mode XTS-AES Mode for Block-Oriented Storage Devices 53 Multiple encryption is a technique in which an encryption algorithm is used multiple times. In the first instance, plaintext is converted to ciphertext using the encryption algorithm. This ciphertext is then used as input and the algorithm is applied again. This process may be repeated through any number of stages. Triple DES makes use of three stages of the DES algorithm, using a total of two or three distinct keys. A mode of operation is a technique for enhancing the effect of a crypto-graphic algorithm or adapting the algorithm for an application, such as applying a block cipher to a sequence of data blocks or a data stream. 54 Five modes of operation have been standardized by NIST for use with symmetric block ciphers such as DES and AES: electronic codebook mode, cipher block chaining mode, cipher feedback mode, output feed-back mode, and counter mode. Another important mode, XTS-AES, has been standardized by the IEEE Security in Storage Working Group (P1619). The standard describes a method of encryption for data stored in sector-based devices where the threat model includes possible access to stored data by the adversary. 55 56 Triple DES with Two Keys Triple DES with Three Keys: A number of Internet-based applications have adopted threekey 3DES, including PGP and S/MIME 57 58 59 60 61 62 63 64 65 66 67 Principles of Pseudorandom Number Generation Pseudorandom Number Generators Pseudorandom Number Generation Using a Block Cipher Stream Ciphers RC4 True Random Number Generators 68 A capability with application to a number of cryptographic functions is random or pseudorandom number generation. The principle requirement for this capability is that the generated number stream be unpredictable. A stream cipher is a symmetric encryption algorithm in which ciphertext output is produced bit-by-bit or byte-bybyte from a stream of plaintext input. The most widely used such cipher is RC4. 69 Traditionally, the concern in the generation of a sequence of allegedly random numbers has been that the sequence of numbers be random in some well-defined statistical sense. The following two criteria are used to validate that a sequence of numbers is random: Uniform distribution:The distribution of bits in the sequence should be uniform; that is, the frequency of occurrence of ones and zeros should be approximately equal. Independence:No one subsequence in the sequence can be inferred from the others. 70 71 72 RC4 is used in the Secure Sockets Layer/Transport Layer Security (SSL/TLS) standards that have been defined for communication between Web browsers and servers. It is also used in the Wired Equivalent Privacy (WEP) protocol and the newer WiFi Protected Access (WPA) protocol that are part of the IEEE 802.11 wireless LAN standard. RC4 was kept as a trade secret by RSA Security. 73