cryptography
advertisement
Lecture 1 INTRODUCTION TO CRYPTOGRAPHY Classic Definition of Cryptography Cryptography , or the art of "hidden writing", classically meant hiding the contents or existence of messages from an adversary. Steganography, or "covered writing", is concerned with hiding the existence of a message -- often in plain sight. CRYPTOGRAPHY - science of information security - science of communicating and computing in the presence of an adversary - derived from the Greek kryptos, meaning hidden - before, it includes techniques such as microdots, merging words with images - now, it is most often associated with scrambling plaintext (ordinary text) into ciphertext (known as encryption) then back again (known as decryption) to plaintext - individuals who practice this field are known as cryptographers CRYPTANALYSIS - refers to the study of ciphers, ciphertext, or cryptosystems with a view to finding weaknesses in them that will permit retrieval of the plaintext from the ciphertext, without necessarily knowing the key or the 1 algorithm. This is known as breaking the cipher, ciphertext, or cryptosystem - relies on a knowledge of the encryption algorithm (that for civilian applications should be in the public domain) and some knowledge of the possible structure of the plaintext (such as the structure of a typical interbank financial transaction) for a partial or full reconstruction of the plaintext from ciphertext - additionally, the goal is to also infer the key for decryption of future messages. The precise methods used for cryptanalysis depend on whether the “attacker” has just a piece of ciphertext, or pairs of plaintext and ciphertext, how much structure is possessed by the plaintext, and how much of that structure is known to the attacker. All forms of cryptanalysis for classical encryption exploit the fact that some aspect of the structure of plaintext may survive in the ciphertext. CRYPTOLOGY is a science which incorporates both cryptography and cryptanalysis. CRYPTOLOGY is the mathematics, such as number theory, and the application of formulas and algorithms, that add force to cryptography and cryptanalysis. Brute force attack - when encryption and decryption algorithms are publicly available, as they generally are, a brute-force attack means trying every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained - when the adversary tests all possible keys and checks which key decrypts the message, this assumes we can identify the correct plaintext among all plaintexts generated by the attack Example: 2 Caesar cipher |key space| = 26 The adversary tests these 26 keys and 1 of these keys will give the correct plaintext Key space - the total number of all possible keys that can be used in a cryptographic system - for example, DES uses a 56-bit key. So, the key space is of size 256, which is approximately the same as 7.2 × 1016 STEGANOGRAPHY Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. CODES Codes replace a specific piece of plaintext with a predefined code word. Codes are essentially a substitution cipher, but can replace strings of symbols rather than just individual symbols. Examples: "One if by land, two if by sea." Kerckhoffs' Principle A cryptosystem should be secure even if everything about it is public knowledge except the secret key. “Do not rely on "security through obscurity". 3 CRYPTOGRAPHY: ENCRYPTION & DECRYPTION Encryption algorithm: The sequence of data processing steps that transform plaintext into ciphertext. In cryptography for commercial and other civilian applications, the encryption and decryption algorithms are made public. Secret key: A secret key is used to set some or all of the various parameters used by the encryption algorithm. The important thing to note is that, in classical cryptography, the same secret key is used for encryption and decryption. It is for this reason that classical cryptography is also referred to as symmetric key cryptography. On the other hand, in the more modern cryptographic algorithms, the encryption and decryption keys are not only different, but also one of them is placed in the public domain. Such algorithms are commonly referred to as asymmetric key cryptography. Decryption algorithm: The sequence of data processing steps that transform ciphertext back into plaintext. Encryption - the process of transforming plaintext using an algorithm (called cipher) to make it unreadable to anyone except those who has the key to decrypt it. - the process by which plaintext is converted into ciphertext c = ek (m) where, m is the plaintext e is the cipher function (encryption algorithm) k is the secret key 4 c is the ciphertext Informally, encryption makes the contents of a message unintelligible to anyone not possessing some secret information. Decryption - the process to make the encrypted information readable again - recovering plaintext from ciphertext m = dk (c) where, d is the decipher function (decryption algorithm) Note that e is public, the secrecy of m given c depends totally on the secrecy of k. NOTE: Usually in cryptography the parties are denoted by: Alice & Bob Someone listening is denoted by: Eve (Eavesdropper) Cryptographic system - any single scheme for encryption Cipher - a cipher means the same thing as a “cryptographic system” Block cipher - a block cipher processes a block of input data at a time and produces a ciphertext block of the same size Stream cipher - a stream cipher encrypts data on the fly, usually one byte at a time. 5 Secret Key Cryptography or Symmetric Cryptography - Each communicating party needs access to the secret key - This needs to be known to both sides, but needs to be kept secret - This secret key is used for encryption and decryption Public Key or Asymmetric Cryptography - The sender encrypts the plaintext using a public key - The receiver decrypts the ciphertext using a private key - The private key must be kept secret, while the public key can be distributed - It can be used for digital signatures - Examples of public key cryptography: o RSA, El Gamal, DSA, various algorithms based on elliptic curves 6
