AN INTRODUCTION TO CRYPTOGRAPHY Name: Akshay Ahooja Date: June 11, 2004 To: Mr. Mercurio Course: ICE4M1 INTRODUCTION As technology advances, society finds new and improved ways to communicate with others regardless of the distance that separates them. To be able to talk to someone that lives 2000km away through your computer is quite fascinating, but the question that arises is, how private are these conversations? In the army and in corporate business, being able to communicate in privacy is as important as being able to communicate at all. The basic question for cryptography lies when two people, Person A and Person B, want to talk in private while Person C wants to hear the conversation. How can Person A talk to Person B over the internet, without letting Person C listen in? In this case, Person A and B could be two private jets in the army, or executive members in a corporate office, while Person C could be a spy or a hacker. The best way to transfer this message is to use encryption, which is a secret code between two people. But in this case, you can converse in regular language while an encrypting software will encrypt (code) and decrypt (decode), the message for you. Cryptography is a system for encrypting and decrypting data using different algorithms. There are two basic types of encryptions; Symmetric Key Encryption and Public Key Encryption. <http://pajhome.org.uk/crypt/rsa/intro.html> PERSON B PERSON A PERSON C 2 Symmetric Key Encryption: This is the basic form of cryptography. In this situation Person A will have encrypting software that uses a certain algorithm to encrypt the message. Then at the other end, Person B will have the reverse decrypting software to decode and read the message. Since Person C does not have this software, they will not be able to read the message. Even though this works well most times, the only secure way to give the decrypting software to Person B is by physically handing it to them. This, in most cases, is very impractical, so a different system must be used. <http://pajhome.org.uk/crypt/rsa/intro.html> PERSON B PERSON A PERSON C Public Key Encryption: Using reverse thinking, there is a way that two people can communicate in a private conversation without really having to physically meet and exchange algorithms. They way to do this is by splitting up the software into two sections, a public key for encryption and a private key for decryption. So Person B will have a private key to decrypt that only Person B possesses. It will also send out a public key to Person A for encrypting. If Person C somehow gets this software, they cannot do anything but encrypt messages. This way person A can use the public key to encrypt the message and send it to Person 3 B, who uses the private key to decrypt it. Even if Person C gets a hold of this message, they do not, and cannot have the key to decrypt it. There are many cryptography software’s that use different algorithms. Three of these are RSA, AES and SHA-1. <http://pajhome.org.uk/crypt/rsa/intro.html> PERSON B PERSON B’s Public Key PERSON A PERSON C RSA RSA is a type of Public Key Encryption and is used for most part in electronic commerce. RSA are the initials for the three gentlemen who created the asymmetric algorithm; Ron Rivest, Adi Shamir and Len Adleman. This algorithm was created in 1977, but was not patented till 1983 in MIT. The algorithm for this encrypting software is based on mathematical factoring of large numbers. Algorithm: (http://pajhome.org.uk/crypt/rsa/rsa.html) 1. Generate two large prime numbers, p and q 2. Let n = pq 3. Let m = (p-1)(q-1) 4 4. Choose a small number e, co-prime to m 5. Find d, such that de % m = 1 Publish e and n as the public key. Keep d and n as the private key. Note: x % y means the remainder of x divided by y (mod) In general, the encryption formula for any one digit number is C = Pe % n. This is the message that is sent from person A to Person B. Now, Person B can use their private key ‘d’ and ‘n’ to decode the message by using the general formula P = Cd % n. RSA uses only numerical values, and all alpha values are changed to numerical ASCII values before encryption. Since this entire system stands on the basis of random number generation, it should be very clear the prime numbers (‘p’ and ‘q’) that are chosen are truly random. If the key generator can be predictable in any way, then the code has a chance of being cracked. This is why, in order to increase security, the numbers randomly chosen are very large, and so the predictability factor is reduced. Also, it is made sure that prime numbers ‘p’ and ‘q’ are not close together. RSA is not as fast as some other symmetric cryptosystems, but is efficient in its work. ADVANCED ENCRYPTION STANDARD (AES): AES is the standard encryption cryptographer for the US government since 2001. It was created by two Belgium cryptographers named Joan Daemen and Vincent Rijmen. The original name for AES was Rijndael, pronounced ‘Rhine-dahl’. AES is a block cipher style of encrypted. This basically means that the message is encrypted and decrypted in blocks, and then put together. It chooses a fixed block size of 128 bits and encrypts them first, before encrypting the next 128 bits. The same cycle is used for decryption. 5 Key Size and Safety: (http://www.di-mgt.com.au/cryptokeys.html): The key size for AES can be from one of the following; 128, 192 or 256 bits. A key is a string of bits that are used to encrypt and decrypt data. It is the ‘key’ between plain text and cipher text. The longer the key, the harder it is to crack the code, but it is also takes longer to carry out the encryption, so proper equipment is needed. If a hacker was trying to crack one of the cryptographic codes, with a 64 bit key length (half of regular AES), it could take roughly 264 possible combinations to crack the code. To roughly estimate, it can be guessed that the code can be cracked in roughly half the amount of combinations. So if the computer was to carry out one encryption operation every one millisecond, it would take about 292 million years to find the correct value! A 128-bit encryption literally means a 128 bit code, or a string corresponding to 16 bytes. An example of this can be (“FEDCBA98765432100123456789ABCDEF”). Most, who try to crack these codes, do not do it by trying every single combination, because it is obviously not useful. The only way to break into the code is to have some sort of familiarity with the actual individual who derived the key, or find a loop in the original algorithm. Some of these ways could be listening into their typing keystrokes using a keystroke logger or perhaps finding something in the memory of the computer. Algorithm: The actual formula for encrypting with AES is quite confusing, and requires a great deal of knowledge in mathematics. It is very efficient in its 128 bit encryption, and uses several methods for complete unpredictability. The general formula for one round of encrypting is as follows: With multiple rounds of encryption, substitution of the same formulae is required to derive a new formula. As an example, the third round of encryption in AES, goes through the following formula: 6 SECURE HASH ALGORITHM (SHA-1): SHA-1 is a cryptographic hash algorithm first published in 1993 by the National Security Agency. It produces a constant 160-bit encrypted code for any message up to 264 bits. The algorithm is confusing, but the basic concept works by breaking up the input into blocks. Each of those blocks, are then broken up into even smaller blocks. This happens 4 times. Then all these blocks are hashed into the encrypted code. Hash cryptography works a little differently then the other algorithms explained above. Hash Cryptography: In Hash cryptography, the encrypted output that is received is always of the same length. Any number of bits can be entered in as the original message, but the encrypted one will always be a certain specified length. If you were to take a hash function as a function H, then any H(m) must equal to a certain constant h. Also, you must be able to find an H(x) = h, to be able to decrypt the message. In order for this to occur, H(x) must be unique, and no collisions should occur. If H(x) were to equal some H(y), then finding H(x) is computationally infeasible, and the message cannot be decrypted. Example: (http://pajhome.org.uk/crypt/md5/) This is what you would see if you intercepted a message saying “Grade 12 Computer Engineering”, encrypted by SHA-1: ff1a961b56ab35cad80991913e9dbe984de956ec (40 characters) Since this is hash cryptography, if “Grade 12 University/College Computer Engineering”, was encrypted by SHA-1, you would see: 6adcff8341ad7d8dbda9a7f02af177d64d65bce9 (40 characters) It can be seen that regardless of the size of the input, the output stays at a constant string length of 160 bits. This is very useful, because due to the constant output size, it 7 is even more difficult for someone to get the slightest idea about the initial message. This way, no patterns can be found about the length of the original message. CONCLUSION These are just few of the many algorithms that are being used today to defend privacy in the widely connected computer world. This practice requires a great deal of knowledge not only in computer science but also in mathematics. Being able to scramble numbers into a logical yet unpredictable format is a very difficult task. On top of that, the mess that is created by encrypting also needs to be cleaned up by decrypting. It is certainly a tough practice, and cryptographers are continuing to find new and improved ways to encrypt data. Hash technology is the modern style of cryptography, and is also very proficient. With hackers gaining more and more knowledge about computer science, it becomes very difficult to make any message 100% private for ever; but for a various periods of time, algorithms are created to generate an unbreakable barrier between Person A/B and Person C. Total words: 1796 8 BIBLIOGRAPHY 1. http://www.di-mgt.com.au/cryptokeys.html 2. http://www.garykessler.net/library/crypto.html\ 3. http://en.wikipedia.org/wiki/AES 4. http://en.wikipedia.org/wiki/RSA 5. http://en.wikipedia.org/wiki/SHA-1 6. http://pajhome.org.uk/crypt/index.html 7. http://pajhome.org.uk/crypt/md5/ 8. http://www.x5.net/faqs/crypto/q94.html 9