Cryptography

Cryptography
Terminology
 Cryptography - Study of methods of encoding text for purposes of privacy
 Encryption - the process of encoding text
 Decryption - the process of decoding text
 Plaintext/cleartext unencoded text
o Information before encryption or after decryption
 Cipher – a code
 Ciphertext coded text
o Information that has been encrypted
Cleartext
Sender
Encryption

Ciphertext
Decryption
Cryptosystem – a system that employs encryption and decryption
Cleartext
Conventional / Symmetric Key / Single Key Encryption
 Simple algorithm is used to encrypt / decrypt (transform) the text
 Same key is used in encryption and decryption
 Secret is primarily in the key
An Example - Substitution cipher
 Symmetric Key System
 Simple algorithm is used to encrypt / decrypt (transform) the text
o Each letter is replaced with a different letter or symbol
 Caesar’s method
o Replace every letter with letter 3 away in alphabet
A -&gt; D
B -&gt; E
C -&gt; F
…
W -&gt; Z
X -&gt; A
Y -&gt; B
Z -&gt; C
Back to Symmetric Key / Single Key Encryption
 Both parties need same key
 How to send securely key to receiver
o Separate messenger
o Key book
Public Key / Asymmetric Key Cryptosystems
 Two keys are used- public and private
 Distribute public key; keep private key…private (duh!)
A Bit on How This Could Work





What two numbers when multiplied produce 143?
 Such numbers are called factors
Now multiply 13 and 23
Which process took longer? Why?
Similar to a one-way screw
http://myword.info/images/ow_drive_1b.gif
http://www.phxiron.com/images/Products/One%20Way%20Lag%20Screw.jpg
o Can drive it in, but difficult to remove it
Also, a trap-door
o Again, easy to go in, but difficult to come out

Idea is to have a function that is easy to calculate in one direction, but not the other
o Encryption uses the easy function
 Involves using the public key
o Decryption requires the hard function
 unless you have the private key

How to use it
o Freely distribute public key
 Put it on Web page, for example
o Someone sending message encrypts with public key
 Standard programs (see below) that accepts public key and message and perform
the encryption
o Receiver uses private key to decrypt message
Digital Signatures



Public key systems also allow you to digitally sign your messages
The message is signed with your private key
 You end up with a new message consisting of the original message and what appears
to be an encoded version
To verify that the message is authentic, the receiver supplies your public key
 The public key is applied to the signed message and checks that the original message
and the encoded match
 Any changes to the original message will cause a mismatch during the verification
process
http://en.wikipedia.org/wiki/File:Digital_Signature_diagram.svg
Digital Certificates
 Solves the problem of public key authenticity
 Public key is verified by a well-known entity that verifies the authenticity of the key
http://www.youdzone.com/signature.html
Well-known Public Key Systems
 RSA - invented by Ron Rivest, Adi Shamir and Leonard Adleman
 DSA - Digital Signature Algorithm by David Kravitz
 Pretty Good Privacy - PGP - uses both conventional and public-key cryptography
The RSA Public Key System
 RSA - invented by Ron Rivest, Adi Shamir and Leonard Adleman
 Some symbols
o
o
o
o
o

M – message (cleartext)
C – ciphertext
e – public exponent (power)
d – private exponent
n - very large (128 bits) number – product of two primes
Then:
o The message is encrypted by …

o
… and decrypted by


C=Me %n
M=Cd %n
 where n = p * q , p and q are prime numbers
 Where d = e -1 mod ((p-1)*(q-1))
Notice that to decrypt you need to know d
o d can be obtained from e, which is public. However
o the calculation is infeasible
 must find all factors of n
 determine which are prime
 must try all pairs of primes to find p and q
PGP
 Pretty Good Privacy

Sending message
o PGP compresses message
 Increases security and reduces transmission time
o PGP creates session key to be used only once. Randomly created (uses keystrokes and
randomly selected mouse movements)
o Session key is used to conventionally (symmetric key) encrypt message
o Receiver’s public key is used to encrypt session key
o Encrypted message and encrypted session key are sent to receiver

Receiving message
o Private key is used to decrypt session key
o Session key is used to decrypt message
o Message is decompressed
