Lecture 12: Cryptography

Discuss how messages sent over a network can be read by any site between source and destination.

To ensure the privacy of transmitted messages, the data can be encrypted.

Cryptography:

The study of methods to encrypt data.

Cryptanalysis:

The study of methods to decode encrypted data.

Conventional (or Single Key) Encryption:

A simple algorithm is used to transform the data.

Substitution Cipher:

Each data element is substituted with a different data element (or symbol). (each letter of the alphabet is substituted with a different letter or symbol.)

Example: Ceasar's method:

replace every letter in the alphabet with the letter 3 away

A - > D

B - > E

C - > F

. . .

X - > A

Y - > B

Z - > C

Other substitution ciphers assign random substitutions, so they are a bit harder to crack.

  1. So, the sender uses the encryption to encrypt the message
  2. the sender transmits the message to the receiver
  3. the receiver decodes the message

How does the receiver decode the message?

Answer: The sender needs to send the key to the receiver.

Discuss difficulty in sending the key.
Give other examples.

Example:

IUUJ IU JNIN66N/ KJ C2I ?95U6 JAU IK23U J6UUL

A substitution code key (pg 612):

A->H / F->7 / K->A / P->5 / U->E / Z->? / 5->D / / ->W
B->C / G->0 / L->. / Q->F / V->S / 1->X / 6->R / .->Q
C->4 / H->B / M->V / 4->1 / W->Z / 2->P / 7->K / !->G
D->I / I->M / N->0 / S->! / X->J / 3->L / 8->Y / ?->U
E->6 / J->T / 0->3 / T->9 / Y->24 / 4->8 / 9->N

MEET ME T0MORROW AT 4PM UNDER THE MAPLE TREE.

Creating a coded message – encoding (or encrypting), unscrambling a coded message using a key – decoding (or decrypting).

To encode you could have the same key you use for decoding, but you have to reverse the key (arrows in figure above in opposite direction). When the same key is used for both encoding and decoding, the code is called private-key encryption (or single key encryption or symmetric encryption).

Private-key (Single-key) Encryption:

Encoding:

JUNE 1993 + KEY -> TE06 XNNL

Decoding:

TE06 XNNL + KEY -> JUNE 1993

Problem of ensuring key security. If a code breaker can somehow steal the key for a code, the code is broken. (Example: diary – may have lock, but if someone steals the key…)

Private key faster (1,000 times), but if really need security – like credit card information, etc…Solution – public key encryption (double key encryption).

Public-key encryption:

2 keys instead of one – for encoding and decoding, if one is lost the other won’t work by itself. Public key can be distributed to anyone, the other key is the private key, held only by the owner of the key pair. Having the public key doesn’t make it possible to deduce the private key.

  • Uses two keys: a public key and a private key.
  • The receiver publishes itspublic key which is used by the sender to encrypt the message.
  • The receiver uses the second (and different)private key (known only to the receiver) which is used to decrypt the message.

What is the relationship between the two keys?

It should be computationally infeasible to obtain the private key from the public key. Refer back to earlier lecture about computationally infeasible functions.

These methods hinge on the fact that it is relatively easy (computationally) to multiply two large numbers, but it is quite difficult to factor a large number if it has very few factors. (Obviously, it is easy to factor an even number, because one can see immediately that 2 is a factor. However, if the only factors are large prime numbers, then it will take a while to find those factors.) Example: Try to factor 3233. See how long it takes to find the prime factors, 53 and 61.

Advantage of public-key cryptography:

Only the public key is distributed.

Well-known public-key systems:

  • Elgamal - invented by Taher Elgamal
  • RSA - invented by Ron Rivest, Adi Shamir and Leonard Adleman
  • DSA - Digital Signature Algorithm by David Kravitz
  • Pretty Good Privacy - PGP - uses both conventional and public-key cryptography

PGP

At the sending end:

Encoding Method:

  1. First, PGP compresses the message - saves transmission time and increases security
    We previously discussed compression when we covered music and video files. Discuss simple compression - replace multiple copies of a character with a single character and the number of repeats. How would compression increase security?
  2. PGP creates a session key that is used only once during this session. Created from randomly selected mouse movements and keystrokes. (not a fixed key – a new one is generated for each secure communication.
  3. Session key is used to conventionally encrypt the message.
  4. The receiver's public key is used to encrypt the session key.
  5. The encrypted message and encrypted session key are sent to the receiver.

At the receiving end:

Decoding Method:

  1. The receiver uses its private key to decrypt session key
  2. The session key is used to decrypt the message.
  3. The data is decompressed.
  4. The session key is discarded.

Advantages:

  • Only a very small content (the session key) is publicly encrypted
  • The session key is used just once (- hard to decode by repeated attacks)
  • Conventional encryption/single-key is ~1,000 times faster than public-key encryption. So we’re using public-key encryption for just the session key, as said before.

PGP uses the RSA public-key encryption scheme:

PGP Method: (RSA)

M = the message

C - the encrypted message

e = the public exponent (public key)

d = the private exponent (private key)

n = a very large integer

The message is encrypted:

Encryption Method:

C = Me mod n (mod means divide Me by n and keep the remainder)

The message is decrypted by:

Decryption Method:

M = Cd mod n
where

n = p * q

p and q are prime numbers
d = e-1 mod((p-1)*(q-1))

If n is a large number (128 bits or 256 bits), it is computationally infeasible to find p and q. Why?

must find all factors of n
determine which are prime
must try all pairs of primes to find p and q

An Example of the RSA Algorithm

P = 61 <- first prime number (destroy this after computing E and D)

Q = 53 <- second prime number (destroy this after computing E and D)

PQ = 3233 <- modulus (give this to others)

E = 17 <- public exponent (give this to others)

D = 2753 <- private exponent (keep this secret!)

Your public key is (E,PQ).

Your private key is D.

The encryption function is:

encrypt(T) = (T^E) mod PQ

= (T^17) mod 3233

The decryption function is:

decrypt(C) = (C^D) mod PQ

= (C^2753) mod 3233

To encrypt the plaintext value 123, do this:

encrypt(123) = (123^17) mod 3233

= 337587917446653715596592958817679803 mod 3233

= 855

To decrypt the ciphertext value 855, do this:

decrypt(855) = (855^2753) mod 3233

= 123

1

Core51_12