Скачать презентацию Cryptography A Perspective Ursinus College September 25 2008 Скачать презентацию Cryptography A Perspective Ursinus College September 25 2008

51b26803547439dfd9bf9d32cdcf64cc.ppt

  • Количество слайдов: 118

Cryptography A Perspective Ursinus College September 25, 2008 Oskars J. Rieksts Computer Science Department Cryptography A Perspective Ursinus College September 25, 2008 Oskars J. Rieksts Computer Science Department Kutztown University 2008 Kutztown University

Overview Cryptography in history n Basic terms & concepts n Early/Simple examples n Current Overview Cryptography in history n Basic terms & concepts n Early/Simple examples n Current cryptosystems n Factoradic encryption n 2008 Kutztown University 2

Cryptography in History Mary, Queen of Scots n World War II n Ø Enigma Cryptography in History Mary, Queen of Scots n World War II n Ø Enigma machine Ø Japanese JN-25 code 2008 Kutztown University 3

Mary, Queen of Scots n In prison in London Ø Imprisoned by cousin Queen Mary, Queen of Scots n In prison in London Ø Imprisoned by cousin Queen Elizabeth Ø 1586 n Supporters plotted to free her Ø Depose Elizabeth ØPlace her on throne n Needed her imprimatur Ø Smuggled encrypted messages in barrel 2008 Kutztown University 4

Mary, Queen of Scots n Messages discovered Ø Decoded by frequency analysis Ø Altered Mary, Queen of Scots n Messages discovered Ø Decoded by frequency analysis Ø Altered n Plot broken up Ø Plotters executed Ø Mary herself also executed 2008 Kutztown University 5

Enigma Machine n Coding machine Ø Invented by Albert Scherbius Ø 1918 n n Enigma Machine n Coding machine Ø Invented by Albert Scherbius Ø 1918 n n Sold to Wehrmacht Meanwhile Ø Polish cryptographers stymied Ø 3 Poznan University math grad students » Marian Rejewski » Henryk Zygalski » Jerzy Rozycki n n Uncovered algebraic basis to cipher text Developed techniques for decryption 2008 Kutztown University 6

Enigma Machine n Conference of cryptographers Ø Summer of 1939 Ø Polish, French & Enigma Machine n Conference of cryptographers Ø Summer of 1939 Ø Polish, French & British cryptographers Enigma info passed to French & British n Bletchley Park n Ø Code breaking activity Ø The Bombe Ø Alan Turing Ø Traffic analysis to predict some text 2008 Kutztown University 7

Japanese JN-25 Code n Japanese naval code Ø Broken by group led by Joseph Japanese JN-25 Code n Japanese naval code Ø Broken by group led by Joseph Rochefort Ø Analysis of patterns n News of impending attack on. . Ø Aleutian Islands, or Ø Midway Location encoded as “AF” n Dilemma – where to commit resources? n 2008 Kutztown University 8

Japanese JN-25 Code n The Plan Ø Send transmission from Midway Ø Water distillation Japanese JN-25 Code n The Plan Ø Send transmission from Midway Ø Water distillation plant severely damaged Ø Listen n Japanese transmission Ø AF is short of water Ø Therefore AF = Midway n Commit aircraft carrier fleet to intercept attack 2008 Kutztown University 9

Basic Terms & Concepts n Cryptology Ø Cryptography Ø Cryptanalysis n Basic components of Basic Terms & Concepts n Cryptology Ø Cryptography Ø Cryptanalysis n Basic components of cryptosystem Ø Plain text Ø Cipher text Ø Key(s) n Basic types of cryptosystems Ø Symmetric/asymmetric key Ø Public/private key 2008 Kutztown University 10

Basic Terms & Concepts (cont. ) n Measures n Ø Keyspace Ø Cryptographic strength Basic Terms & Concepts (cont. ) n Measures n Ø Keyspace Ø Cryptographic strength Key principles Ø Confusion Ø Diffusion 2008 Kutztown University 11

 Early/Simple Examples Steganography n Caesar cipher n Substitution cipher n Transposition cipher n Early/Simple Examples Steganography n Caesar cipher n Substitution cipher n Transposition cipher n Vigenere cipher n Vernam cipher n 2008 Kutztown University 12

Steganography n Merriam-Webster: The art or practice of concealing a message, image, or file Steganography n Merriam-Webster: The art or practice of concealing a message, image, or file within another message, image, or file Ø from Greek » steganos = covered » grafo = write n Histiaeus – tyrant of Miletus Ø shaved head of most trusted slave Ø tattooed a message Ø hair grew back covering message n Advantage – does not draw attention to Ø itself Ø messenger Ø recipient n Often combined with cryptography 2008 Kutztown University 13

Steganography Example You may have seen the TV show – In Plain Sight –which Steganography Example You may have seen the TV show – In Plain Sight –which is based entirely on the federal witness protection program. The show is about people who have testified or will be testifying soon as witnesses in criminal cases but whose lives are in danger as a result. For their protection they are given new identities and are moved to a new community. Ergo they are all hidden “in plain sight”. And if you think this would not work, according to the U. S. Marshalls extant website, no program participant who follows security guidelines has ever been harmed while under the active protection of the Marshals Service. 2008 Kutztown University 14

Caesar Cipher n Example of a shift cipher Ø Encryption – forward shift by Caesar Cipher n Example of a shift cipher Ø Encryption – forward shift by 3 Ø Decryption – backward shift by 3 n Shift ciphers Ø Private key Ø Symmetric key Ø Key = shift amount Ø Keyspace = 25 n n Plain text – IHAVEASECRET Cipher text – LKDYHDVHFUHW 2008 Kutztown University 15

Caesar Cipher – Analysis Cryptographic strength weak n Numerous clues n Ø Letter frequency Caesar Cipher – Analysis Cryptographic strength weak n Numerous clues n Ø Letter frequency Ø Small keyspace Ø N-grams (e. g. double letters) Ø Strong elimination coefficient (“qm” rarely occurs) Ø Easily decoded by hand 2008 Kutztown University 16

Caesar Cipher – Example L KDYH D GUHDP WKDW RQH GDB WKLV QDWLRQ ZLOO Caesar Cipher – Example L KDYH D GUHDP WKDW RQH GDB WKLV QDWLRQ ZLOO ULVH XS DQG OLYH RXW WKH WUXH PHDQLQJ RI LWV FUHHG: "ZH KROG WKHVH WUXWKV WR EH VHOI-HYLGHQW: WKDW DOO PHQ DUH FUHDWHG HTXDO. " L KDYH D GUHDP WKDW RQH GDB RQ WKH UHG KLOOV RI JHRUJLD WKH VRQV RI IRUPHU VODYHV DQG WKH VRQV RI IRUPHU VODYH RZQHUV ZLOO EH DEOH WR VLW GRZQ WRJHWKHU DW WKH WDEOH RI EURWKHUKRRG. L KDYH D GUHDP WKDW RQH GDB HYHQ WKH VWDWH RI PLVVLVVLSSL, D VWDWH VZHOWHULQJ ZLWK WKH KHDW RI LQMXVWLFH, VZHOWHULQJ ZLWK WKH KHDW RI RSSUHVVLRQ, ZLOO EH WUDQVIRUPHG LQWR DQ RDVLV RI IUHHGRP DQG MXVWLFH. L KDYH D GUHDP WKDW PB IRXU OLWWOH FKLOGUHQ ZLOO RQH GDB OLYH LQ D QDWLRQ ZKHUH WKHB ZLOO QRW EH MXGJHG EB WKH FRORU RI WKHLU VNLQ EXW EB WKH FRQWHQW RI WKHLU FKDUDFWHU. L KDYH D GUHDP WRGDB. 2008 Kutztown University 17

Caesar Cipher – Example LKDYHDGUHDPWKDWRQHGDBWKLVQDWLRQZLOOULVHXSDQGOLYHRXWWKH WUXHPHDQLQJRILWVFUHHGZHKROGWKHVHWUXWKVWREHVHOIHYLGHQ WWKDWDOOPHQDUHFUHDWHGHTXDOLKDYHDGUHDPWKDWRQHGDBRQW KHUHGKLOOVRIJHRUJLDWKHVRQVRIIRUPHUVODYHVDQGWKHVRQVRIIRUP HUVODYHRZQHUVZLOOEHDEOHWRVLWGRZQWRJHWKHUDWWKHWDEOHRI EURWKHUKRRGLKDYHDGUHDPWKDWRQHGDBHYHQWKHVWDWHRIPLVVLV VLSSLDVWDWHVZHOWHULQJZLWKWKHKHDWRILQMXVWLFHVZHOWHULQ JZLWKWKHKHDWRIRSSUHVVLRQZLOOEHWUDQVIRUPHGLQWRDQRDVLVRII UHHGRPDQGMXVWLFHLKDYHDGUHDPWKDWPBIRXUOLWWOHFKLOGUHQZ LOORQHGDBOLYHLQDQDWLRQZKHUHWKHBZLOOQRWEHMXGJHGEBWKHFR Caesar Cipher – Example LKDYHDGUHDPWKDWRQHGDBWKLVQDWLRQZLOOULVHXSDQGOLYHRXWWKH WUXHPHDQLQJRILWVFUHHGZHKROGWKHVHWUXWKVWREHVHOIHYLGHQ WWKDWDOOPHQDUHFUHDWHGHTXDOLKDYHDGUHDPWKDWRQHGDBRQW KHUHGKLOOVRIJHRUJLDWKHVRQVRIIRUPHUVODYHVDQGWKHVRQVRIIRUP HUVODYHRZQHUVZLOOEHDEOHWRVLWGRZQWRJHWKHUDWWKHWDEOHRI EURWKHUKRRGLKDYHDGUHDPWKDWRQHGDBHYHQWKHVWDWHRIPLVVLV VLSSLDVWDWHVZHOWHULQJZLWKWKHKHDWRILQMXVWLFHVZHOWHULQ JZLWKWKHKHDWRIRSSUHVVLRQZLOOEHWUDQVIRUPHGLQWRDQRDVLVRII UHHGRPDQGMXVWLFHLKDYHDGUHDPWKDWPBIRXUOLWWOHFKLOGUHQZ LOORQHGDBOLYHLQDQDWLRQZKHUHWKHBZLOOQRWEHMXGJHGEBWKHFR ORURIWKHLUVNLQEXWEBWKHFRQWHQWRIWKHLUFKDUDFWHULKDYHDG UHDPWRGDBLKDYHDGUHDPWKDWRQHGDBGRZQLQDODEDPDZLWKLWVYL FLRXVUDFLVWVZLWKLWVJRYHUQRUKDYLQJKLVOLSVGULSSLQJZLWKWK HZRUGVRILQWHUSRVLWLRQDQGQXOOLILFDWLRQRQHGDBULJKWWKHUHL QDODEDPDOLWWOHEODFNERBVDQGEODFNJLUOVZLOOEHDEOHWRMRLQK DQGVZLWKOLWWOHZKLWHERBVDQGZKLWHJLUOVDVVLVWHUVDQGEURW KHUVLKDYHDGUHDPWRGDB 2008 Kutztown University 18

Substitution Cipher n Randomly generated substitution n Example Ø A F Ø B K Substitution Cipher n Randomly generated substitution n Example Ø A F Ø B K Ø C D Ø D J Ø etc. n Characteristics Ø Private & symmetric key Ø Monoalphabetic Ø Key = alphabet of substitutions Ø Keyspace = 26! 2008 Kutztown University 19

Substitution Cipher – Analysis Keyspace = 26! = 403291461126605635584000000 = 4. 03 x 1026 Substitution Cipher – Analysis Keyspace = 26! = 403291461126605635584000000 = 4. 03 x 1026 n But other factors make it insecure n Ø Letter frequency ØN-grams Ø Strong elimination coefficient Ø With patience, can be decoded by hand Plain text – BOOKKEEPINGROCKS n Cipher text – JXXTTZZDOYBEXATU n 2008 Kutztown University 20

Substitution Cipher – Example n n n n H PFAI F JZIFY TPFT UVI Substitution Cipher – Example n n n n H PFAI F JZIFY TPFT UVI JFB TPHW VFTHUV GHXX ZHWI EM FVJ XHAI UET TPI TZEI YIFVHVN UC HTW DZIIJ: "GI PUXJ TPIWI TZETPW TU KI WIXC-IAHJIVT: TPFT FXX YIV FZI DZIFTIJ IOEFX. " H PFAI F JZIFY TPFT UVI JFB UV TPI ZIJ PHXXW UC NIUZNHF TPI WUVW UC CUZYIZ WXFAIW FVJ TPI WUVW UC CUZYIZ WXFAI UGVIZW GHXX KI FKXI TU WHT JUGV TUNITPIZ FT TPI TFKXI UC KZUTPIZPUUJ. H PFAI F JZIFY TPFT UVI JFB IAIV TPI WTFTI UC YHWWHWWHMMH, F WTFTI WGIXTIZHVN GHTP TPI PIFT UC HVREWTHDI, WGIXTIZHVN GHTP TPI PIFT UC UMMZIWWHUV, GHXX KI TZFVWCUZYIJ HVTU FV UFWHW UC CZIIJUY FVJ REWTHDI. H PFAI F JZIFY TPFT YB CUEZ XHTTXI DPHXJZIV GHXX UVI JFB XHAI HV F VFTHUV GPIZI TPIB GHXX VUT KI REJNIJ KB TPI DUXUZ UC TPIHZ WSHV KET KB TPI DUVTIVT UC TPIHZ DPFZFDTIZ. H PFAI F JZIFY TUJFB. H PFAI F JZIFY TPFT UVI JFB, JUGV HV FXFKFYF, GHTP HTW AHDHUEW ZFDHWTW, GHTP HTW NUAIZVUZ PFAHVN PHW XHMW JZHMMHVN GHTP TPI GUZJW UC HVTIZMUWHTHUV FVJ VEXXHCHDFTHUV; UVI JFB ZHNPT TPIZI HV FXFKFYF, XHTTXI KXFDS KUBW FVJ KXFDS NHZXW GHXX KI FKXI TU RUHV PFVJW GHTP XHTTXI GPHTI KUBW FVJ GPHTI NHZXW FW WHWTIZW FVJ KZUTPIZW. H PFAI F JZIFY TUJFB. H PFAI F JZIFY TPFT UVI JFB IAIZB AFXXIB WPFXX KI ILFXTIJ, IAIZB PHXX FVJ YUEVTFHV WPFXX KI YFJI XUG, TPI ZUENP MXFDIW GHXX KI YFJI MXFHV, FVJ TPI DZUUSIJ MXFDIW GHXX KI YFJI WTZFHNPT, FVJ TPI NXUZB UC TPI XUZJ WPFXX KI ZIAIFXIJ, FVJ FXX CXIWP WPFXX WII HT TUNITPIZ. 2008 Kutztown University 21

Substitution Cipher – Example HPFAIFJZIFYTPFTUVIJFBTPHWVFTHUVGHXXZHWIEMFVJXHAIUETTPITZ EIYIFVHVNUCHTWDZIIJGIPUXJTPIWITZETPWTUKIWIXCIAHJIVTTPFT FXXYIVFZIDZIFTIJIOEFXHPFAIFJZIFYTPFTUVIJFBUVTPIZIJPHXXWUC NIUZNHFTPIWUVWUCCUZYIZWXFAIWFVJTPIWUVWUCCUZYIZWXFA IUGVIZWGHXXKIFKXITUWHTJUGVTUNITPIZFTTPITFKXIUCKZUTPIZP UUJHPFAIFJZIFYTPFTUVIJFBIAIVTPIWTFTIUCYHWWHWWHMMHFWT FTIWGIXTIZHVNGHTPTPIPIFTUCHVREWTHDIWGIXTIZHVNGHTPTPIPI FTUCUMMZIWWHUVGHXXKITZFVWCUZYIJHVTUFVUFWHWUCCZIIJU YFVJREWTHDIHPFAIFJZIFYTPFTYBCUEZXHTTXIDPHXJZIVGHXXUVIJ FBXHAIHVFVFTHUVGPIZITPIBGHXXVUTKIREJNIJKBTPIDUXUZUCTPI Substitution Cipher – Example HPFAIFJZIFYTPFTUVIJFBTPHWVFTHUVGHXXZHWIEMFVJXHAIUETTPITZ EIYIFVHVNUCHTWDZIIJGIPUXJTPIWITZETPWTUKIWIXCIAHJIVTTPFT FXXYIVFZIDZIFTIJIOEFXHPFAIFJZIFYTPFTUVIJFBUVTPIZIJPHXXWUC NIUZNHFTPIWUVWUCCUZYIZWXFAIWFVJTPIWUVWUCCUZYIZWXFA IUGVIZWGHXXKIFKXITUWHTJUGVTUNITPIZFTTPITFKXIUCKZUTPIZP UUJHPFAIFJZIFYTPFTUVIJFBIAIVTPIWTFTIUCYHWWHWWHMMHFWT FTIWGIXTIZHVNGHTPTPIPIFTUCHVREWTHDIWGIXTIZHVNGHTPTPIPI FTUCUMMZIWWHUVGHXXKITZFVWCUZYIJHVTUFVUFWHWUCCZIIJU YFVJREWTHDIHPFAIFJZIFYTPFTYBCUEZXHTTXIDPHXJZIVGHXXUVIJ FBXHAIHVFVFTHUVGPIZITPIBGHXXVUTKIREJNIJKBTPIDUXUZUCTPI HZWSHVKETKBTPIDUVTIVTUCTPIHZDPFZFDTIZHPFAIFJZIFYTUJFBH PFAIFJZIFYTPFTUVIJFBJUGVHVFXFKFYFGHTPHTWAHDHUEWZFDHW TWGHTPHTWNUAIZVUZPFAHVNPHWXHMWJZHMMHVNGHTPTPIGUZ JWUCHVTIZMUWHTHUVFVJVEXXHCHDFTHUVUVIJFBZHNPTTPIZIHV FXFKFYFXHTTXIKXFDSKUBWFVJKXFDSNHZXWGHXXKIFKXITURUH VPFVJWGHTPXHTTXIGPHTIKUBWFVJGPHTINHZXWFWWHWTIZWFVJ KZUTPIZWHPFAIFJZIFYTUJFBHPFAIFJZIFYTPFTU 2008 Kutztown University 22

Transposition Cipher Generate permutation of n objects n Transpose letters n n Permutation of Transposition Cipher Generate permutation of n objects n Transpose letters n n Permutation of 0 through 7 Ø 6 – 3 – 7 – 1 – 4 – 8 – 5 – 2 n Yields value transposition 1 6 2 3 3 7 4 1 5 4 6 8 7 5 8 2 2008 Kutztown University 23

Transposition Cipher – Example n Plain text Say not the Struggle Naught Availeth by Transposition Cipher – Example n Plain text Say not the Struggle Naught Availeth by Arthur Hugh Clough (1819 – 1861) Say not the struggle naught availeth, The labour and the wounds are vain, The enemy faints not, nor faileth, And as things have been they remain. If hopes were dupes, fears may be liars; It may be, in yon smoke conceal'd, Your comrades chase e'en now the fliers, And, but for you, possess the field. For while the tired waves, vainly breaking, Seem here no painful inch to gain, Far back, through creeks and inlets making, Comes silent, flooding in, the main. And not by eastern windows only, When daylight comes, comes in the light; In front the sun climbs slow, how slowly! But westward, look, the land is bright! [I remember sitting at home in Reading as a boy of 9 listening to the radio. It was 1941, a very bad time for England in the Second World War. Winston Churchill was reading a poem, Say Not the Struggle Naught Availeth by Arthur Clough. - Cardinal Cormac Murphy-O’Connor] 2008 Kutztown University 24

Transposition Cipher – Example Say not the Struggle Naught Availeth by Arthur Hugh Clough Transposition Cipher – Example Say not the Struggle Naught Availeth by Arthur Hugh Clough (1819 – 1861) Say not the struggle naught availeth, The labour and the wounds are vain, The enemy faints not, nor faileth, And as things have been they remain. If hopes were dupes, fears may be liars; It may be, in yon smoke conceal'd, Your comrades chase e'en now the fliers, And, but for you, possess the field. 2008 Kutztown University 25

Transposition Cipher – Example n Cipher text TYTSNHOAGTGERLUSHATEUAGNTIHVLBEAURRYTHHAOHU UCGLGOATHYTNSUSGHTGREGNHLATUEEATAIHLVBEOTL UAHHNERDWTAANRODESUHIEVNETAAMINYNFENNOTORT STIHFLAEAHAINSNTDEHBGAEVSYTREHEENFIHMNOIARSE PWDEEEEAUSRFPEALSYIBMMSAAIYTROINBNSYEOKNMEC COOLUEDRYADMECRSAOEAECSNEHEWFNTLHONRDISBAE YFOUOURTSSSPSTEOLFDHIFEELWEOHTIRETDHIWREAEIAS Transposition Cipher – Example n Cipher text TYTSNHOAGTGERLUSHATEUAGNTIHVLBEAURRYTHHAOHU UCGLGOATHYTNSUSGHTGREGNHLATUEEATAIHLVBEOTL UAHHNERDWTAANRODESUHIEVNETAAMINYNFENNOTORT STIHFLAEAHAINSNTDEHBGAEVSYTREHEENFIHMNOIARSE PWDEEEEAUSRFPEALSYIBMMSAAIYTROINBNSYEOKNMEC COOLUEDRYADMECRSAOEAECSNEHEWFNTLHONRDISBAE YFOUOURTSSSPSTEOLFDHIFEELWEOHTIRETDHIWREAEIAS NVVABKLRIEYMSHNEEEGANIRONPECLHFITNUFAAOIRNG HCRBKOTAEHEUCKRGNNLSDEIAIMNTAGKSSMICELSOOTO EFDLNTGHIIENNNIDMNNAAABSOYTETNNDEWOIRYOWWN HLSLDIEAGYNECSHOCMTNETOSHIMTIIEGNHLTOHFNETRI NMSCBLUHLOSOWWSYOBSWULLWEATSRTWTOHDOEKLS NBLDRIARHEITMIGSBIEETRMTNHTGOAIEIAMNDREAGBIA OSNSFTYLEIOONTNGHTIOAIEDTIRESRWAYVAMDEBTFIAL EAONNGRENSDTEHIONRCDLWOIANDRSWWUNRTCCHOAL SHLRWIGDAEIPNAYMNOSOAETHRTEUSTALUGEGNGIALHV EATRBTTYHAHUCGULHORNRACDLIACRMCMUAOCHORYN OPCRONYNOO 2008 Kutztown University 26

Vigenere Cipher n Polyalphabetic substitution n Use n randomly generated substitutions Ø 1 st Vigenere Cipher n Polyalphabetic substitution n Use n randomly generated substitutions Ø 1 st letter is encoded by 1 st substitution alphabet Ø 2 nd letter is encoded by 2 nd substitution alphabet Ø . . . Ø nth letter is encoded by nth substitution alphabet Ø n+1 st letter is encoded by 1 st substitution alphabet Ø etc. 2008 Kutztown University 27

Vigenere – Simple Example Key = 3752 n Successive letters are shifted by 3, Vigenere – Simple Example Key = 3752 n Successive letters are shifted by 3, 7, 5, 2 n Plain text – BOOKKEEPINGROCKS n Cipher text – EVTMNLJRLULTRJPU n Eliminates double letters n Scatters N-grams n 2008 Kutztown University 28

Vigenere Cipher n Advantages Ø Creates confusion Ø Same letter can be encoded n Vigenere Cipher n Advantages Ø Creates confusion Ø Same letter can be encoded n different ways Ø Pretty much eliminates n-grams Ø Keyspace > 26! 2008 Kutztown University 29

Vigenere Cipher n le chiffre indéchiffrable n Named for Blaise de Vigenère n Invented Vigenere Cipher n le chiffre indéchiffrable n Named for Blaise de Vigenère n Invented by Giovan Battista Bellaso ca. 1550 n Broken by Ø Charles Babbage in 1854 (unpublished) Ø Major Friedrich Kasiski in 1863 » Prussian infantry office 2008 Kutztown University 30

Vigenere Cipher – Example T KRCS L GILOX WYHH ZQV KOJ WYPG YDKPCY ZZSZ Vigenere Cipher – Example T KRCS L GILOX WYHH ZQV KOJ WYPG YDKPCY ZZSZ CLJL IA DEK ZTYV VIE WYL HCXV TSLQZUU ZI ZAG NUVLR: "HH YVZO WYLGP WIBHSV KV PP VVST-PYZKSYW: KOOE DCS APQ RYS NUVHHPG VXILO. " Z OOGH R KFPDD AVLW FUS ODP VB EKV YSO KZSZD RW NSZUXPO EKV ZCYV FM TZUDLF DORCSD DEK HSH JVBD RW MCCPVY GWDML CHQVYG HLCS PP DSSS ER JPH ORNU HZJVAVPU RA HSH KHPWH FM PCRKOSCKFVR. T KRCS L GILOX WYHH ZQV KOJ HMLB EKV ZHLWV VT XLJZWDVZWDT, D JAOEH JDSWWVYWYJ NPHS WYL VPDK VT TQABGELTL, GHHCASCLEN KTWY AVP KVHH ZI FWDCHJZWZQ, NPZW EV AFLQJMCCPVK WYWF HB ZDJPG ZI WYSPGFT OYG ABGELTL. W SDML O OUVHA EKRA AJ IFBF WLKAZP FYPZOUVU KTOC VBP GRF ZTYV PB L QRAWZQ NOSCH KOSJ ZZSZ YRK IS UXUNSO EP AVP FFSCC RW AVPLI ZYTQ SBH MB KOS NREASYW FM HSHZY QSDIHQEHI. P VLYV H RCHRT HZGRF. W SDML O OUVHA EKRA CYH UHM, ORNU WY DCHPLPR, DWEK ZAG GLTPCFV IHQTVKZ, KTWY PHD JFCSCQFY VLYZUU SLJ SWAV UYWASZUU HLKO HSH NVFOV FM WYWVYDZVZAWZQ RUR YXCSWQLTHHTRE; VBP GRF FTJYA HSHIL WY DCHPLPR, SWEWCL PWDTR PZBJ HBO ECHQV JZYZD ZZSZ MH RIZP WF QCTQ YHBOV NPHS OZAHWH NOWEH SVMD DEK KSLKL UTUCZ OD VZZHPUJ HBO EIVHSHIZ. W SDML O OUVHA ERUHM. T KRCS L GILOX WYHH ZQV KOJ HMLFJ YRSZPB JOOWO SL SIDCASO, HMLFJ KZSZ LQU TCFQKHWY VYHZW EV TOOH 2008 Kutztown University 31

Vigenere Cipher – Example Analysis TKRCSLGILOXWYHHZQVKOJWYPGYDKPCYZZSZCLJLIADEKZTYVVI EWYLHCXVTSLQZUUZIZAGNUVLRHHYVZOWYLGPWIBHSVKVPPVVST PYZKSYWKOOEDCSAPQRYSNUVHHPGVXILOZOOGHRKFPDDAVLWFUS ODPVBEKVYSOKZSZDRWNSZUXPOEKVZCYVFMTZUDLFDORCSDDEKH SHJVBDRWMCCPVYGWDMLCHQVYGHLCSPPDSSSERJPHORNUHZJVAV PURAHSHKHPWHFMPCRKOSCKFVRTKRCSLGILOXWYHHZQVKOJHMLB EKVZHLWVVTXLJZWDVZWDTDJAOEHJDSWWVYWYJNPHSWYLVPDKVT TQABGELTLGHHCASCLENKTWYAVPKVHHZIFWDCHJZWZQNPZWEVAF LQJMCCPVKWYWFHBZDJPGZIWYSPGFTOYGABGELTLWSDMLOOUVHA Vigenere Cipher – Example Analysis TKRCSLGILOXWYHHZQVKOJWYPGYDKPCYZZSZCLJLIADEKZTYVVI EWYLHCXVTSLQZUUZIZAGNUVLRHHYVZOWYLGPWIBHSVKVPPVVST PYZKSYWKOOEDCSAPQRYSNUVHHPGVXILOZOOGHRKFPDDAVLWFUS ODPVBEKVYSOKZSZDRWNSZUXPOEKVZCYVFMTZUDLFDORCSDDEKH SHJVBDRWMCCPVYGWDMLCHQVYGHLCSPPDSSSERJPHORNUHZJVAV PURAHSHKHPWHFMPCRKOSCKFVRTKRCSLGILOXWYHHZQVKOJHMLB EKVZHLWVVTXLJZWDVZWDTDJAOEHJDSWWVYWYJNPHSWYLVPDKVT TQABGELTLGHHCASCLENKTWYAVPKVHHZIFWDCHJZWZQNPZWEVAF LQJMCCPVKWYWFHBZDJPGZIWYSPGFTOYGABGELTLWSDMLOOUVHA EKRAAJIFBFWLKAZPFYPZOUVUKTOCVBPGRFZTYVPBLQRAWZQNOS CHKOSJZZSZYRKISUXUNSOEPAVPFFSCCRWAVPLIZYTQSBHMBKOS NREASYWFMHSHZYQSDIHQEHIPVLYVHRCHRTHZGRFWSDMLOOUVHA EKRACYHUHMORNUWYDCHPLPRDWEKZAGGLTPCFVIHQTVKZKTWYPH DJFCSCQFYVLYZUUSLJSWAVUYWASZUUHLKOHSHNVFOVFMWYWVYD ZVZAWZQRURYXCSWQLTHHTREVBPGRFFTJYAHSHILWYDCHPLPRSW EWCLPWDTRPZBJHBOECHQVJZYZDZZSZMHRIZPWFQCTQYHBOVNPH SOZAHWHNOWEHSVMDDEKKSLKLUTUCZODVZZHPUJHBOEIVHSHIZW SDMLOOUVHAERUHMTKRCSLGILOXWYHHZQVKOJHMLFJYRSZPBJOO WOSLSIDCASOHMLFJKZSZLQUTCFQKHWYVYHZWEVTOOHCVKEKVYC FJYWZLFVZKTOCISXDULDWDZUOYGKOSNUFVYPGGSONHJDWWOSLA LGVZHCDZNVEDEKHSHXSCCBFMHSHCVFOVYHZWEVYSGHRSSODEKO 2008 Kutztown University 32

Vigenere Cipher – Example Analysis TKRCSLGILO XWYHHZQVKO JWYPGYDKPC YZZSZCLJLI ADEKZTYVVI EWYLHCXVTS LQZUUZIZAG NUVLRHHYVZ OWYLGPWIBH Vigenere Cipher – Example Analysis TKRCSLGILO XWYHHZQVKO JWYPGYDKPC YZZSZCLJLI ADEKZTYVVI EWYLHCXVTS LQZUUZIZAG NUVLRHHYVZ OWYLGPWIBH SVKVPPVVST PYZKSYWKOO EDCSAPQRYS NUVHHPGVXI LOZOOGHRKF PDDAVLWFUS ODPVBEKVYS OKZSZDRWNS ZUXPOEKVZC YVFMTZUDLF DORCSDDEKH SHJVBDRWMC CPVYGWDMLC HQVYGHLCSP PDSSSERJPH ORNUHZJVAV PURAHSHKHP WHFMPCRKOS CKFVRTKRCS LGILOXWYHH ZQVKOJHMLB EKVZHLWVVT XLJZWDVZWD TDJAOEHJDS WWVYWYJNPH SWYLVPDKVT TQABGELTLG 2008 Kutztown University 33

Vigenere Cipher – Example Analysis HHCASCLENK TWYAVPKVHH ZIFWDCHJZW ZQNPZWEVAF LQJMCCPVKW YWFHBZDJPG ZIWYSPGFTO YGABGELTLW SDMLOOUVHA Vigenere Cipher – Example Analysis HHCASCLENK TWYAVPKVHH ZIFWDCHJZW ZQNPZWEVAF LQJMCCPVKW YWFHBZDJPG ZIWYSPGFTO YGABGELTLW SDMLOOUVHA EKRAAJIFBF WLKAZPFYPZ OUVUKTOCVB PGRFZTYVPB LQRAWZQNOS CHKOSJZZSZ YRKISUXUNS OEPAVPFFSC CRWAVPLIZY TQSBHMBKOS NREASYWFMH SHZYQSDIHQ EHIPVLYVHR CHRTHZGRFW SDMLOOUVHA 2008 Kutztown University 34

Compare to Substitution HPFAIFJZIF YTPFTUVIJF BTPHWVFTHU VGHXXZHWIE MFVJXHAIUE TTPITZEIYI FVHVNUCHTW DZIIJGIPUX JTPIWITZET PWTUKIWIXC IAHJIVTTPF Compare to Substitution HPFAIFJZIF YTPFTUVIJF BTPHWVFTHU VGHXXZHWIE MFVJXHAIUE TTPITZEIYI FVHVNUCHTW DZIIJGIPUX JTPIWITZET PWTUKIWIXC IAHJIVTTPF TFXXYIVFZI DZIFTIJIOE FXHPFAIFJZ 2008 Kutztown University 35

Compare to Substitution IFYTPFTUVI JFBUVTPIZI JPHXXWUCNI UZNHFTPIWU VWUCCUZYIZ WXFAIWFVJT PIWUVWUCCU ZYIZWXFAIU GVIZWGHXXK IFKXITUWHT JUGVTUNITP Compare to Substitution IFYTPFTUVI JFBUVTPIZI JPHXXWUCNI UZNHFTPIWU VWUCCUZYIZ WXFAIWFVJT PIWUVWUCCU ZYIZWXFAIU GVIZWGHXXK IFKXITUWHT JUGVTUNITP IZFTTPITFK XIUCKZUTPI ZPUUJHPFAI FJZIFYTPFT UVIJFBIAIV 2008 Kutztown University 36

Compare to Substitution TPIWTFTIUC YHWWHWWHMM HFWTFTIWGI XTIZHVNGHT PTPIPIFTUC HVREWTHDIW GIXTIZHVNG HTPTPIPIFT UCUMMZIWWH UVGHXXKITZ FVWCUZYIJH Compare to Substitution TPIWTFTIUC YHWWHWWHMM HFWTFTIWGI XTIZHVNGHT PTPIPIFTUC HVREWTHDIW GIXTIZHVNG HTPTPIPIFT UCUMMZIWWH UVGHXXKITZ FVWCUZYIJH VTUFVUFWHW UCCZIIJUYF VJREWTHDIH PFAIFJZIFY TPFTYBCUEZ 2008 Kutztown University 37

Compare to Substitution XHTTXIDPHX JZIVGHXXUV IJFBXHAIHV FVFTHUVGPI ZITPIBGHXX VUTKIREJNI JKBTPIDUXU ZUCTPIHZWS HVKETKBTPI DUVTIVTUCT PIHZDPFZFD Compare to Substitution XHTTXIDPHX JZIVGHXXUV IJFBXHAIHV FVFTHUVGPI ZITPIBGHXX VUTKIREJNI JKBTPIDUXU ZUCTPIHZWS HVKETKBTPI DUVTIVTUCT PIHZDPFZFD TIZHPFAIFJ ZIFYTUJFBH PFAIFJZIFY TPFTUVIJFB JUGVHVFXFK FYFGHTPHTW 2008 Kutztown University 38

Compare to Substitution AHDHUEWZFD HWTWGHTPHT WNUAIZVUZP FAHVNPHWXH MWJZHMMHVN GHTPTPIGUZ JWUCHVTIZM UWHTHUVFVJ VEXXHCHDFT HUVUVIJFBZ HNPTTPIZIH Compare to Substitution AHDHUEWZFD HWTWGHTPHT WNUAIZVUZP FAHVNPHWXH MWJZHMMHVN GHTPTPIGUZ JWUCHVTIZM UWHTHUVFVJ VEXXHCHDFT HUVUVIJFBZ HNPTTPIZIH VFXFKFYFXH TTXIKXFDSK UBWFVJKXFD SNHZXWGHXX KIFKXITURU HVPFVJWGHT PXHTTXIGPH TIKUBWFVJG PHTINHZXWF WWHWTIZWFV JKZUTPIZWH PFAIFJZIFY TUJFBHPFAI FJZIFYTPFTU 2008 Kutztown University 39

Deciphering Vigenere n Determine the number of alphabets Ø Compute distances between matching sequences Deciphering Vigenere n Determine the number of alphabets Ø Compute distances between matching sequences Ø Compute GCD of distances n n Treat cipher text as n separate texts For each separate text & each of 25 possible shifts Ø Compute Index of Coincidence Ø based on frequencies found in cipher text Ø using table of frequencies of letters in English n Index of Coincidence formula Ø fee = S {rel. Freq. Tab(k, ciph. Let) * char. Freq(ciph. Let)} 2008 Kutztown University 40

Frequency Table – English A 0. 08; B 0. 015; C 0. 03; D Frequency Table – English A 0. 08; B 0. 015; C 0. 03; D 0. 04; E 0. 13; F 0. 02; G 0. 015; H 0. 06; I 0. 065; J 0. 005 K 0. 005; L 0. 035; M 0. 03; N 0. 07; O 0. 08 P 0. 02; Q 0. 002; R 0. 065; S 0. 06; T 0. 09 U 0. 03; V 0. 01; W 0. 015; X 0. 005; Y 0. 02 Z 0. 002 2008 Kutztown University 41

Deciphering Algorithm Using the key length and the file char. Freq. Eng. txt n Deciphering Algorithm Using the key length and the file char. Freq. Eng. txt n Generate tables of letter frequency and relative frequency (within the text) n Generate the Fee Table n Sort the Fee Table to produce a ranked order n 2008 Kutztown University 42

Code to Produce Fee Table Public Sub gen. Fee. Table(By. Val key. Len As Code to Produce Fee Table Public Sub gen. Fee. Table(By. Val key. Len As Integer) Dim k, shift, ciph. Let As Integer Dim fee As Double For k = 1 To key. Len For shift = 0 To 25 fee = 0 For ciph. Let = 0 To 25 fee = fee + rel. Freq. Tab(k, ciph. Let) * char. Freq((ciph. Let + 26 - shift)Mod 26) Next ciph. Let fee. Tab(k, shift) = fee Next shift Next k End Sub 2008 Kutztown University 43

Vigenere – Final Step n Produce possible plain texts Ø using combination of Ø Vigenere – Final Step n Produce possible plain texts Ø using combination of Ø highest ranking fee table values n n Choose best plain text This step can be automated Ø Rate each possible plain text Ø using n-gram information Ø or list of 5 letter words in English 2008 Kutztown University 44

Vernam Cipher n Gilbert Sandford Vernam – inventor Ø Also known as one-time pad Vernam Cipher n Gilbert Sandford Vernam – inventor Ø Also known as one-time pad Ø Invented ca. 1919 n Proven unbreakable by Claude Shannon Ø Communication Theory of Secrecy Systems Ø 1949 n Unbreakable if and only if Ø Key is same length as plain text Ø Key is never re-used 2008 Kutztown University 45

Vernam Cipher Basic operation – bitwise XOR n XOR table n Ø 0 xor Vernam Cipher Basic operation – bitwise XOR n XOR table n Ø 0 xor 0 = 0 Ø 0 xor 1 = 1 Ø 1 xor 0 = 1 Ø 1 xor 1 = 0 Plain text is represented as bit stream n Key is random bit stream of same length n Cipher text is produced via bitwise XOR of plain bit stream and key bit stream. n 2008 Kutztown University 46

Vernam Cipher – Example Plain text : : Grade = A – Great! n Vernam Cipher – Example Plain text : : Grade = A – Great! n Plain text in ASCII n Ø 71 114 97 100 101 32 65 32 45 32 71 114 101 97 116 33 n Plain text as bit stream 010001110010 01100001 01100100 01100101 00100000 00111101 00100000 01000110 00100000 10010110 00100000 01010011 01101111 01110010 01111001 00100001 2008 Kutztown University 47

Vernam Cipher – Example n Key as bit stream 11000001 01110000 11011110 10111001 01100001 Vernam Cipher – Example n Key as bit stream 11000001 01110000 11011110 10111001 01100001 1000 01101100 11111010 0011 01001110 01111001 00011110 00001000 10010001 101001000000 10000000 01000010 n Cipher text as bit stream 10000110 00000010 10111111 1101 00000100 101010001 11011010 01110010 01101110 01010100 00111110 01001111 11100011 11000001 00100001 11110100 01100011 2008 Kutztown University 48

Vernam Cipher – Why Unbreakable Try attack by exhaustive search n Among possible keys Vernam Cipher – Why Unbreakable Try attack by exhaustive search n Among possible keys n 11000001 01110000 11011110 10111001 01100001 1000 01101100 11111010 001101001110 01111001 00011110 00011100 10001100 10110011 01010011 10001101 01000010 Produces this recovered plain text: n Grade = F – Sorry! n 2008 Kutztown University 49

Vernam Cipher – Why Unbreakable Exhaustive search will produce every possible combination of 18 Vernam Cipher – Why Unbreakable Exhaustive search will produce every possible combination of 18 characters. n And there is no way to distinguish between them n Among the possible recovered texts: n Ø Tickle me Elmo now Ø Jabberwocky Rocks! Ø Attack tomorrow am Ø Attack tomorrow pm Ø Grade = C++ & Java 2008 Kutztown University 50

Vernam Cipher – Why Look Elsewhere? n Key distribution problem Ø Every sender/recipient must Vernam Cipher – Why Look Elsewhere? n Key distribution problem Ø Every sender/recipient must have same pad Ø N sender recipient pairs require O(N 2) pads Ø Pad distribution is security risk n Key coordination problem Ø Sheets on pad must match exactly Ø Messages must arrive in order sent n Key generation problem Ø High quality random numbers hard to generate n Bottom line – has some limited use 2008 Kutztown University 51

Current Cryptosystems RSA Cryptosystem n Advanced Encryption Standard n Ø AES Ø Rijndael 2008 Current Cryptosystems RSA Cryptosystem n Advanced Encryption Standard n Ø AES Ø Rijndael 2008 Kutztown University 52

RSA Cryptosystem n Theory of asymmetric key Ø Whitfield Diffie Ø Martin Hellman n RSA Cryptosystem n Theory of asymmetric key Ø Whitfield Diffie Ø Martin Hellman n RSA algorithm – a 1 -way function Ø Ronald Rivest Ø Adi Shamir Ø Leonard Adleman Ø 1977 n British secret service Ø James Ellis Ø Clifford Cocks Ø 1973 2008 Kutztown University 53

RSA Cryptosystem n “One way function” based on. . Ø difficulty of factoring large RSA Cryptosystem n “One way function” based on. . Ø difficulty of factoring large integers Ø theorem of number theory Asymmetric n Public key system n Ø Public key to encode Ø Private key to decode 2008 Kutztown University 54

Public Key Cryptography n Alice wishes to send Bob a private message Ø Bob Public Key Cryptography n Alice wishes to send Bob a private message Ø Bob gives Alice his public key, EB Ø Alice encodes message, M Ø EB (M) = C, cipher text Ø Bob receives, then decodes C with private key, DB Ø DB (C) = M n If Bob wishes to send Alice a message Ø He uses Alice’s public key, EA Ø She decodes the message with her private key, DA n If Alice and Bob publish their public keys then anyone can communicate with them privately. 2008 Kutztown University 55

Mathematical Basis n Modulo arithmetic Ø Remainder upon division Ø 17/5 = 3 with Mathematical Basis n Modulo arithmetic Ø Remainder upon division Ø 17/5 = 3 with remainder 2 Ø 17 mod 5 = 2 Ø 18 mod 5 = 3 Ø 9*2 mod 5 = 3 n Thus, we can construct a modulo arithmetic multiplication table 2008 Kutztown University 56

Mathematical Basis Multiplicaton table modulo 8 mod 8 1 2 3 4 5 6 Mathematical Basis Multiplicaton table modulo 8 mod 8 1 2 3 4 5 6 7 1 | 1 2 3 4 5 6 7 2 | 2 4 6 0 2 4 6 3 | 3 6 1 4 7 2 5 4 | 4 0 4 0 4 5 | 5 2 7 4 1 6 3 6 | 6 4 2 0 6 4 2 7 | 7 6 5 4 3 2 1 n 2008 Kutztown University 57

Multiplicative Inverse 13*37 mod 60 = 1 n So we say 13 is the Multiplicative Inverse 13*37 mod 60 = 1 n So we say 13 is the multiplicative inverse of 37 modulo 60 n 2008 Kutztown University 58

Euler’s F Function If p and q are two prime numbers then f(p*q) = Euler’s F Function If p and q are two prime numbers then f(p*q) = (p-1)*(q-1) n For example n Ø Let n = 7*11 Ø Then f(n) = 6*10 = 60 n This leads to theorem that is used to construct both the public and private keys of the RSA. 2008 Kutztown University 59

The Basic Theorem Let n = p*q, p & q both prime n Let The Basic Theorem Let n = p*q, p & q both prime n Let e and d be relatively prime mod f(n) n I. e. , e*d mod f(n) = 1 n The theorem: n Ø If me mod n = c Ø Then cd mod n = m 2008 Kutztown University 60

Example Let n = 7*11 = 77 n Then f(n) = 60 n Recall Example Let n = 7*11 = 77 n Then f(n) = 60 n Recall – 13*37 mod 60 = 1 n Let n Ø e = 13 Ø d = 37 n Example: Ø 3513 mod 77 = 63 Ø And 6337 mod 77 = 35 2008 Kutztown University 61

RSA Cryptosystem n To encode one needs e & n Ø So public key RSA Cryptosystem n To encode one needs e & n Ø So public key = [e, n] Ø In our example = [13, 77] n To decode one needs d & n Ø So private key = [d, n] Ø In our example = [37, 77] n Point of attack Ø Recall – n = p*q Ø If one could factor n into p & q Ø Then they can calculate d, the private key 2008 Kutztown University 62

RSA Cryptosystem n n The strength of RSA lies in the difficulty of factoring RSA Cryptosystem n n The strength of RSA lies in the difficulty of factoring large integers Example: Ø Let p = 24423 – 1 Ø Let q = 29689 – 1 Ø Then n = 214112 – 24423 – 29689 + 1 Ø Let e = 29941 – 1 n Note that Ø n is a 4248 digit number Ø and without further knowledge is difficult to factor into p & q 2008 Kutztown University 63

RSA Cryptosystem n Before encoding Ø Convert plain text into series of integers Ø RSA Cryptosystem n Before encoding Ø Convert plain text into series of integers Ø Can use underlying bit string n If n is 4248 digit number Ø Can encode 1764 character block Ø Eliminates repetition clues n Any bit-based file can be encoded Ø Pictures Ø Audio Ø Video 2008 Kutztown University 64

RSA Cryptosystem n Drawback Ø Computationally intensive Ø Relatively slow n Often used for RSA Cryptosystem n Drawback Ø Computationally intensive Ø Relatively slow n Often used for session key exchange 2008 Kutztown University 65

RSA Cryptosystem n Can also be used for Ø Digital signature Ø Authentication Ø RSA Cryptosystem n Can also be used for Ø Digital signature Ø Authentication Ø Non-repudiation n . . but other algorithms may be preferred 2008 Kutztown University 66

Personal Note n n n Already know n = p*q Do not need to Personal Note n n n Already know n = p*q Do not need to factor every composite All primes (except 2 & 3) are Ø 6 a + 1 Ø 6 b – 1 Ø 73 = 6*12 + 1 Ø 41 = 6*7 – 1 n Therefore n is one of: Ø 36 ab + 6(a+b) + 1 Ø 36 ab + 6(a – b) – 1 Ø 36 ab + 6(b – a) – 1 Ø 36 ab – 6(a+b) + 1 n Can be used to factor n, though slow for large n 2008 Kutztown University 67

AES Cryptosystem Advanced Encryption Standard n Developers – Belgian cryptographers n Ø Joan Daemen AES Cryptosystem Advanced Encryption Standard n Developers – Belgian cryptographers n Ø Joan Daemen Ø Vincent Rijmen n NIST Ø National Institute of Standards and Technology Ø formerly National Bureau of Standards Ø Adopted as standard on May 26, 2002 2008 Kutztown University 68

AES Selection Process n NIST announced Ø January 2, 1997 Ø Seeking successor to AES Selection Process n NIST announced Ø January 2, 1997 Ø Seeking successor to DES n Sought algorithm Ø Unclassified Ø Publicly disclosed Ø Able to protect sensitive government info Ø Well into next century n Call for new algorithms Ø September 12, 1997 Ø 128 bit blocks Ø 128, 192 or 256 bit keys 2008 Kutztown University 69

AES Selection Process n 15 designs submitted Ø Intense scrutiny, debate Ø Two international AES Selection Process n 15 designs submitted Ø Intense scrutiny, debate Ø Two international conference Ø Criteria » » » n Security Perform in various settings Work in limited environments Five finalists – August 1999 Ø MARS Ø RC 6 Ø Rijndael Ø Serpent Ø Twofish n n 3 rd AES conference – April 2000 Rijndael selected – October 2, 2000 2008 Kutztown University 70

AES Encryption n Generate 128 bit key Either hard code or generate S-Box Create AES Encryption n Generate 128 bit key Either hard code or generate S-Box Create key schedule from 128 bit key Ø Arrange key into 4 x 4 matrix of bytes Ø Generate 44 -column key schedule from » » » n n n Key S-Box Round constants Convert plain text to bit stream Arrange every 128 bits into 4 x 4 matrix of bytes Perform encryption 2008 Kutztown University 71

AES Encryption Components n BS – Byte. Sub Transformation Ø Non-linear layer Ø Resist AES Encryption Components n BS – Byte. Sub Transformation Ø Non-linear layer Ø Resist differential & linear attacks n SR – Shift Row Transformation Ø Linear mixing step Ø Diffusion of bits over multiple rounds n MC – Mix. Column Transformation Ø Similar in purpose to SR n ARK - Add. Round. Key Ø Round key XORed with result of above layer 2008 Kutztown University 72

AES Encryption Steps 1 – ARK using 0 th round key 2 – Nine AES Encryption Steps 1 – ARK using 0 th round key 2 – Nine rounds of Ø BS, SR, MC, ARK Ø Using round keys 1 to 9 3 – A final round Ø BS, SR, ARK Ø Using 10 th round key 2008 Kutztown University 73

AES Decryption Steps 1 – ARK using 10 th round key 2 – Nine AES Decryption Steps 1 – ARK using 10 th round key 2 – Nine rounds of Ø IBS, ISR, IMC, IARK Ø Using round keys 9 to 1 3 – A final round Ø IBS, ISR, ARK Ø Using 0 th round key Note: “I” denotes an inverse operation 2008 Kutztown University 74

AES Operations n Bit level operations Ø Addition Ø Matrix multiplication n Carried out AES Operations n Bit level operations Ø Addition Ø Matrix multiplication n Carried out Ø in finite field GF(28) Ø Using irreducible polynomial Ø X 8 + X 4 + X 3 + X + 1 n Easy, quick in hardware Ø XORs Ø Shifts 2008 Kutztown University 75

AES – Program Development Steps Convert plaintext to 8 -bit plain bits & test AES – Program Development Steps Convert plaintext to 8 -bit plain bits & test Successively store 8 -bit units in 4 x 4 array & test Create S-Box array & test its contents Generate or hard-code round constants & test its contents Prepare MC-matrix & test its contents Create 128 -bit key and generate 10 -round key schedule Write & test addition-in-GF(28) routine Write & test multiplication-in-GF(28) routine Write & test matrix-multiplication-in-GF(28) routine Write & test matrix xor routine 2008 Kutztown University 76

AES – Program Development Steps Write & test code for Byte. Sub Transformation Write AES – Program Development Steps Write & test code for Byte. Sub Transformation Write & test code for Shift. Row Transformation Write & test code for Mix. Column Transformation Write & test code for Round. Key Addition Transformation Write main routine to execute AES Algorithm Test program on one 16 character (128 -bit) plaintext Write & test code for Inv. Byte. Sub Transformation Write & test code for Inv. Shift. Row Transformation Write main routine to execute AES Decryption Algorithm Test decryption on one 128 -bit ciphertext Test program by encrypting & decrypting specified plaintext 2008 Kutztown University 77

AES Encryption : S-Box 99 124 119 123 242 107 111 197 48 1 AES Encryption : S-Box 99 124 119 123 242 107 111 197 48 1 103 43 254 215 171 118 202 130 201 125 250 89 71 240 173 212 162 175 156 164 114 192 183 253 147 38 54 63 247 204 52 165 229 241 113 216 49 21 4 199 35 195 24 150 5 154 7 18 128 226 235 39 178 117 9 131 44 26 27 110 90 160 82 59 214 179 41 227 47 132 83 209 0 237 32 252 177 91 106 203 190 57 74 76 88 207 208 239 170 251 67 77 51 133 69 249 2 127 80 60 159 168 81 163 64 143 146 157 56 245 188 182 218 33 16 255 243 210 205 12 19 236 95 151 68 23 196 167 126 61 100 93 25 115 96 129 79 220 34 42 144 136 70 238 184 20 222 94 11 219 224 50 58 10 73 6 36 92 194 211 172 98 145 149 228 121 231 200 55 109 141 213 78 169 108 86 244 234 101 122 174 8 186 120 37 46 28 166 180 198 232 221 116 31 75 189 138 112 62 181 102 72 3 246 14 97 53 87 185 134 193 29 158 225 248 152 17 105 217 142 148 155 30 135 233 206 85 40 223 140 161 137 13 191 230 66 104 2008 65 153 45 15 176 84 187 22 Kutztown University 78

Security of AES Concerns due to clean algebraic structure n Murphy and Robshaw n Security of AES Concerns due to clean algebraic structure n Murphy and Robshaw n Ø Developed BES Ø Showed AES as special case of BES Ø Outlined theoretical line of attack n Their research Ø Essential Algebraic Structure Within the AES ØComputational and Algebraic Aspects of the Advanced Encryption Standard 2008 Kutztown University 79

Security – Pro & Con Murphy & Robshaw: n “We now demonstrate that recovering Security – Pro & Con Murphy & Robshaw: n “We now demonstrate that recovering an AES key is equivalent to solving particular systems of extremely sparse multivariate quadratic equations by expressing a BES (and hence an AES) encryption as such a system. ” n On the other hand. . n 2008 Kutztown University 80

On the Other Hand No attack yet successful n Order of magnitude n Ø On the Other Hand No attack yet successful n Order of magnitude n Ø 5248 equations, 3840 quadratic Ø 7808 terms Ø 2560 state variables n Other considerations Ø Accuracy of XSL* estimates questionable Ø Based on heuristic arguments * XSL = extended sparse linearization 2008 Kutztown University 81

Active Area of Research n Murphy & Robshaw: Ø “One promising approach is to Active Area of Research n Murphy & Robshaw: Ø “One promising approach is to exploit the large, though surprisingly simple, system of multivariate quadratic equations over the finite field F 2^8 derived from the BES cipher. . . Ø “While the problem of solving such systems is known to be hard, it is not entirely unlikely that a technique can be developed which exploits the particular algebraic structure of the AES and BES systems. ” n No attack yet successful 2008 Kutztown University 82

Factoradic Encryption What is a factoradic? n How can it be used in encryption? Factoradic Encryption What is a factoradic? n How can it be used in encryption? n Semi-dynamic keys n 2008 Kutztown University 83

What Is a Factoradic? n A number system with a factorial base Ø Positional What Is a Factoradic? n A number system with a factorial base Ø Positional Ø Values of positions Ø multiplied by factorial Ø vary in range 2008 Kutztown University 84

Details n Mixed radix n Number Base = factorial n N digits, where N Details n Mixed radix n Number Base = factorial n N digits, where N is its order n Max digit value is p – where p is its position n Value: digit * p! 2008 Kutztown University 85

Example n [3 1 1 0] n = 3*3! + 1*2! + 1 *1! Example n [3 1 1 0] n = 3*3! + 1*2! + 1 *1! + 0*0! n = 18+2+1+0 = 21 2008 Kutztown University 86

Another Example n [3 2 1 0] is max fadic of order 4 n Another Example n [3 2 1 0] is max fadic of order 4 n [3 2 1 0] = 23 = 4! - 1 2008 Kutztown University 87

Addition n Proceeds mod p+1 n Resulting in sum mod n! – where n Addition n Proceeds mod p+1 n Resulting in sum mod n! – where n is maxorder(f 1, f 2) 5 4 3 2 1 n [2 3 1 1 0] = 69 n + [3 1 2 0 0] = 82 n = [ ? ? 0 ] 2008 Kutztown University 88

Addition n Proceeds mod p+1 n Resulting in sum mod n! – where n Addition n Proceeds mod p+1 n Resulting in sum mod n! – where n is maxorder(f 1, f 2) n [2 3 1 1 0] = 69 n + [3 1 2 0 0] = 82 n = [1 1 0] = 31 = (69+82) mod 120 2008 Kutztown University 89

Completeness n 1 -1 correspondence with integers n Every fadic ® unique integer – Completeness n 1 -1 correspondence with integers n Every fadic ® unique integer – Saw: : fadic ® integer conversion n Every integer ® unique fadic – $ integer ® fadic conversion 2008 Kutztown University 90

Integer ® Factoradic n 400 ® [ ? ? . . ? ] n Integer ® Factoradic n 400 ® [ ? ? . . ? ] n 1 st n such that n! > 400 a order = 6 n 400 div 5! = 3 n 40 div 4! = 1 n 16 div 3! = 2 n 4 div 2! = 2 400 -360 = 40 40 -24 = 16 16 -12 = 4 4 -4=0 n[3 1 2 2 0 0] = 400 2008 Kutztown University 91

Factoradics and Permutations n 1 -1 correspondence – fadic order k permutation of k Factoradics and Permutations n 1 -1 correspondence – fadic order k permutation of k objects n Lexicographic order of perms 012 021 102 120 201 210 n nth factoradic nth permutation 2008 Kutztown University 92

Fadic-Perm Example nx 0 1 2 3 4 5 2008 fadic(x) perm(x) [0 0 Fadic-Perm Example nx 0 1 2 3 4 5 2008 fadic(x) perm(x) [0 0 0] [0 1 0] [1 0 0] [1 1 0] [2 0 0] [2 1 0] {0 1 2} {0 2 1} {1 0 2} {1 2 0} {2 0 1} {2 1 0} Kutztown University 93

Fadic ® Permutation n Sample Code: For i = 0 To n – 1 Fadic ® Permutation n Sample Code: For i = 0 To n – 1 : : fadic_plus(i) = fadic(i) + 1 perm(n - 1) = 1 For j = n - 2 To 0 Step -1 next. Entry = fadic_plus(j) perm(j) = next. Entry For i = j + 1 To n – 1 If perm(i) >= next. Entry Then perm(i) = perm(i) + 1 For i = 0 To n - 1 perm(i) = perm(i) - 1 Next i 94

Dynamic Key Generation n Fadic ® Perm ® Key n Fadic + Fadic ® Dynamic Key Generation n Fadic ® Perm ® Key n Fadic + Fadic ® Fadic mod n! n Use base fadic to generate fadic n Use new fadic to generate key n Repeat 2008 Kutztown University 95

DKG Example n n n n Base = [ 2 2 1 0 ] DKG Example n n n n Base = [ 2 2 1 0 ] [ 0 0 ] + [ 2 2 1 0 ] = [ 2 2 1 0 ] ® {2 3 1 0} [ 2 2 1 0 ] + [ 2 2 1 0 ] = [ 1 2 0 0 ] ® {1 3 0 2} [ 1 2 0 0 ] + [ 2 2 1 0 ] = [ 0 1 1 0 ] ® {0 2 3 1} [ 0 1 1 0 ] + [ 2 2 1 0 ] = [ 3 1 0 0 ] ® {3 1 0 2} [ 3 1 0 0 ] + [ 2 2 1 0 ] = [ 2 0 1 0 ] ® {2 0 3 1} [ 2 0 1 0 ] + [ 2 2 1 0 ] = [ 1 0 0 0 ] ® {1 0 2 3} [ 1 0 0 0 ] + [ 2 2 1 0 ] = [ 3 2 1 0 ] ® {3 2 1 0} 2008 Kutztown University 96

Encryption Summary • Factoradics provide a way of generating permutations Generate Factoradic 2008 Obtain Encryption Summary • Factoradics provide a way of generating permutations Generate Factoradic 2008 Obtain permutation from factoradic Kutztown University Use permutation to rearrange bits 97

Use Permutation to swap bits Obtained Permutation: 3 1 0 2 Original Binary Data: Use Permutation to swap bits Obtained Permutation: 3 1 0 2 Original Binary Data: 1 0 Encrypted Bit Array Data: 0 2008 1 2 Kutztown University 3 98

Use Permutation to swap bits Obtained Permutation: 3 1 0 2 Original Binary Data: Use Permutation to swap bits Obtained Permutation: 3 1 0 2 Original Binary Data: 1 0 Encrypted Bit Array Data: 1 0 2008 1 2 Kutztown University 3 99

Use Permutation to swap bits Obtained Permutation: 3 1 0 2 Original Binary Data: Use Permutation to swap bits Obtained Permutation: 3 1 0 2 Original Binary Data: 1 0 Encrypted Bit Array Data: 0 0 2008 1 1 2 Kutztown University 3 100

Use Permutation to swap bits Obtained Permutation: 3 1 0 2 Original Binary Data: Use Permutation to swap bits Obtained Permutation: 3 1 0 2 Original Binary Data: 1 0 Encrypted Bit Array Data: 1 0 2008 0 1 1 2 Kutztown University 3 101

Use Permutation to swap bits Obtained Permutation: 3 1 0 2 Original Binary Data: Use Permutation to swap bits Obtained Permutation: 3 1 0 2 Original Binary Data: 1 0 Encrypted Bit Array Data: 1 0 2008 0 1 2 3 Kutztown University 102

Transposition of Values n n Consider 3 bits of plain text Generate a permutation Transposition of Values n n Consider 3 bits of plain text Generate a permutation of 0 through 7 Ø 5 – 2 – 6 – 0 – 3 – 7 – 4 – 1 n Yields value transposition 0 5 1 2 2 6 3 0 4 3 5 7 6 4 7 1 2008 Kutztown University 103

Bit Level Transposition Applying transformation at bit level. . n Yields bit level transposition Bit Level Transposition Applying transformation at bit level. . n Yields bit level transposition n 000 101 010 110 011 000 100 011 101 110 100 111 001 2008 Kutztown University 104

Iterative Transposition Iteration through transposition n Causes scattering of uniform plain text n Plain Iterative Transposition Iteration through transposition n Causes scattering of uniform plain text n Plain text 000 000 n Becomes 101 010 110 000 011 100 001 n 2008 Kutztown University 105

Basic Algorithm st round of encryption n 1 n Intermediate bit shuffling n 2 Basic Algorithm st round of encryption n 1 n Intermediate bit shuffling n 2 nd round of encryption 2008 Kutztown University 106

st Encryption Round 1 n Primary key n Iteration count key n Primary jump st Encryption Round 1 n Primary key n Iteration count key n Primary jump key n IC shuffle key n PJ shuffle key 2008 Kutztown University 107

st Encryption Round 1 n Primary key – encodes 8 bits of plaintext n st Encryption Round 1 n Primary key – encodes 8 bits of plaintext n Iteration count key – how long a primary key used n Primary jump key – computes fadic/primary key 2008 Kutztown University 108

st Encryption Round 1 n IC shuffle key – computes next iteration count key st Encryption Round 1 n IC shuffle key – computes next iteration count key n PJ shuffle key – computes next primary jump key 2008 Kutztown University 109

Intermediate Shuffling n Transposition key – transposes m bits of cipher text from 1 Intermediate Shuffling n Transposition key – transposes m bits of cipher text from 1 st round n Transposition jump key – computes next transposition key n TJ shuffle key – computes next transposition jump key 2008 Kutztown University 110

nd Encryption Round 2 n Re-encrypts intermediate bits n Same algorithm as 1 st nd Encryption Round 2 n Re-encrypts intermediate bits n Same algorithm as 1 st round n Has own set of keys 2008 Kutztown University 111

Preliminary Results st Test – highly repetitious plain n 1 text n 65, 536 Preliminary Results st Test – highly repetitious plain n 1 text n 65, 536 bits – all zeros n Look for recurrence of bit patterns 2008 Kutztown University 112

Preliminary Results 65 K bits Occurrences of arbitrary bit sequences n 12 -bit sequences: Preliminary Results 65 K bits Occurrences of arbitrary bit sequences n 12 -bit sequences: 15 -18 times n 14 -bit sequences: 5 -7 times n 16 -bit sequences: 1 -3 times n 18 - & 20 -bit sequences: 1 time 2008 Kutztown University 113

Distance Test n Probability of distances between occurrences of bit strings n Example: 3 Distance Test n Probability of distances between occurrences of bit strings n Example: 3 -bit sequences n n n P(b 1 b 2 b 3) = 1/8 =. 125 P(b 1 b 2 b 3 b 1 x 2 x 3 b 1 b 2 b 3) = 7/8 * 1/8 =. 10935 P(b 1 b 2 b 3 b 1[x 1 x 2 x 3]nb 1 b 2 b 3) = (7/8)n * 1/8 2008 Kutztown University 114

Distance Test Results: 134 M* bits Occurrences of 111 1 699049 . 1249618 . Distance Test Results: 134 M* bits Occurrences of 111 1 699049 . 1249618 . 125 2 612243 . 1094444 . 109375 3 536716 . 0959432 . 0957031 4 468716 . 0837875 . 0837402 5 409291 . 0731647 . 0732727 6 357330 . 0638762 . 0641136 7 313349 . 0560142 . 0560994 8 274349 . 0490426 . 049087 9 240059 . 0429129 . 0429511 10 210642 . 0376543 . 0375822 11 183825 . 0328605 . 0328844 12 161219 . 0288195 . 0287739 13 141077 . 0252189 . 0251772 14 123695 . 0221117 . 02203 15 107988 . 0193039 . 0192763 16 94514 . 0168953 . 0168667 17 82668 . 0147777 . 0147584 18 72374 . 0129376 . 0129136 19 63362 . 0113266 . 0112994 20 55279 . 0098817 . 009887 *134, 217, 728 = 227 115

Distance Test Results: 134 M* bits Occurrences of 111 1 699049 . 1249618 . Distance Test Results: 134 M* bits Occurrences of 111 1 699049 . 1249618 . 125 2 612243 . 1094444 . 109375 3 536716 . 0959432 . 0957031 4 468716 . 0837875 . 0837402 5 409291 . 0731647 . 0732727 *134, 217, 728 = 227 116

Occurrence Test Results: 134 M bits Number of occurrences: 000 is 5591658 001 is Occurrence Test Results: 134 M bits Number of occurrences: 000 is 5591658 001 is 5590568 010 is 5592818 011 is 5592478 100 is 5589295 101 is 5592467 110 is 5595849 111 is 5594101 117

Epilogue n n Information security crisis Undecidability results Ø No program can recognize all Epilogue n n Information security crisis Undecidability results Ø No program can recognize all malware n Multi key security Ø Lock with N keys Ø Keys given to N persons Ø All must be present to open lock n Hardware/user participation Ø Critical/noncritical separated by hardware Ø Operations in critical area require direct user participation 2008 Kutztown University 118