Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski [email protected]...

127
Page 1 Page 1 Introduction to Cryptography Paul Krzyzanowski [email protected] Distributed Systems Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License.

Transcript of Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski [email protected]...

Page 1: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 1Page 1

Introduction to Cryptography

Paul Krzyzanowski

[email protected]

Distributed Systems

Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License.

Page 2: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 2Page 2

Ngywioggazhon PystempAuesfnsicutiwf & Moiiunocaiwn

Piqtoaoyp

Page 3: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 3Page 3

Cryptographic SystemsAuthentication & Communication

Protocols

Page 4: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 4

cryptography

κρυπός

hidden

γραφία

writing

A secret manner of writing, … Generally, the art of writing or solving ciphers.

— Oxford English Dictionary

Page 5: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 5

cryptology

κρυπός

hidden

λογια

speaking

1967 D. Kahn, Codebreakers p. xvi, Cryptology is the science that embraces cryptography and cryptanalysis, but the term ‘cryptology’ sometimes loosely designates the entire dual field of both rendering signals secure and extracting information from them.

— Oxford English Dictionary

Page 6: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 6

Cryptography Security

Cryptography may be a component of a secure system

Adding cryptography may not make a system secure

Page 7: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 7

Terms

Plaintext (cleartext), message M

encryption, E(M)

produces ciphertext, C=E(M)

decryption: M=D(C)

Cryptographic algorithm, cipher

Page 8: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 8

Terms: types of ciphers

• restricted cipher

• symmetric algorithm

• public key algorithm

Page 9: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 9

Restricted cipher

Secret algorithm

• Leaking

• Reverse engineering– HD DVD (Dec 2006) and Blu-Ray (Jan 2007)

– RC4

– All digital cellular encryption algorithms

– DVD and DIVX video compression

– Firewire

– Enigma cipher machine

– Every NATO and Warsaw Pact algorithm during Cold War

Page 10: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 10

The key

BTW, the above is a bump key. See http://en.wikipedia.org/wiki/Lock_bumping.

Page 11: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 11

The key

Source: en.wikipedia.org/wiki/Pin_tumbler_lock

Page 12: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 12

The key

Source: en.wikipedia.org/wiki/Pin_tumbler_lock

Page 13: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 13

The key

• We understand how it works:– Strengths

– Weaknesses

• Based on this understanding, we can assess how much to trust the key & lock.

Source: en.wikipedia.org/wiki/Pin_tumbler_lock

Page 14: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 14

Symmetric algorithm

Secret key

C = EK(M )

M = DK(C )

Page 15: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 15

Public key algorithm

Public and private keys

C1 = Epublic(M )

M = Dprivate(C1 )

also:

C2 = Eprivate(M )

M = Dpublic(C2 )

Page 16: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 16

McCarthy’s puzzle (1958)

The setting:

• Two countries are at war

• One country sends spies to the other country

• To return safely, spies must give the border guards a password

• Spies can be trusted

• Guards chat – information given to them may leak

Page 17: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 17

McCarthy’s puzzle

Challenge

How can a guard authenticate a person without knowing the password?

Enemies cannot use the guard’s knowledge to introduce their own spies

Page 18: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 18

Solution to McCarthy’s puzzle

Michael Rabin, 1958

Use one-way function, B = f (A)

– Guards get B …• Enemy cannot compute A

– Spies give A, guards compute f(A)• If the result is B, the password is correct.

Example function:

Middle squares• Take a 100-digit number (A), and square it

• Let B = middle 100 digits of 200-digit result

Page 19: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 19

One-way functions

• Easy to compute in one direction• Difficult to compute in the other

Examples:Factoring:

pq = N EASYfind p,q given N DIFFICULT

Discrete Log:ab mod c = N EASYfind b given a, c, N DIFFICULT

Page 20: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 20

McCarthy’s puzzle example

Example with an 18 digit number

A = 289407349786637777

A2 = 83756614110525308948445338203501729

Middle square, B = 110525308948445338

Given A, it is easy to compute B

Given B, it is extremely hard to compute A

110525308948445338

Page 21: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 21

More terms

• one-way function– Rabin, 1958: McCarthy’s problem

– middle squares, exponentiation, …

• [one-way] hash function– message digest, fingerprint, cryptographic

checksum, integrity check

• encrypted hash– message authentication code

– only possessor of key can validate message

Page 22: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 22

More terms

• Stream cipher– Encrypt a message a character at a time

• Block cipher– Encrypt a message a chunk at a time

Page 23: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 23

Yet another term

• Digital Signature– Authenticate, not encrypt message

– Use pair of keys (private, public)

– Owner encrypts message with private key

– Sender validates by decrypting with public key

– Generally use hash(message).

Page 24: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 24

Cryptography: what is it good for?

• Authentication– determine origin of message

• Integrity– verify that message has not been modified

• Nonrepudiation– sender should not be able to falsely deny that a

message was sent

• Confidentiality– others cannot read contents of the message

Page 25: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 25

Cryptographic toolbox

• Symmetric encryption

• Public key encryption

• One-way hash functions

• Random number generators

Page 26: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 26Page 26

Classic Cryptosystems

Page 27: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 27Page 27

Substitution Ciphers

Page 28: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 28

Cæsar cipher

Earliest documented military use of cryptography– Julius Caesar c. 60 BC

– shift cipher: simple variant of a substitution cipher

– each letter replaced by one n positions awaymodulo alphabet size

n = shift value = key

Similar scheme used in India– early Indians also used substitutions based on phonetics

similar to pig latin

Last seen as ROT13 on Usenet to keep the reader from seeing offensive messages unwillingly

Page 29: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 29

Cæsar cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y Z

A B C D E F G H I J K L MNO P Q R S T U VWX Y Z

Page 30: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 30

Cæsar cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y Z

U VWX Y Z A B C D E F G H I J K L MNO P Q R S T

shift alphabet by n (6)

Page 31: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 31

Cæsar cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y Z

A B C D E F G H I J K L MNO P Q R S TU VWX Y Z

MY CAT HAS FLEAS

Page 32: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 32

Cæsar cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y Z

A B C D E F G H I J K L MNO P Q R S TU VWX Y Z

MY CAT HAS FLEAS

G

Page 33: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 33

Cæsar cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y Z

A B C D E F G H I J K L MNO P Q R S TU VWX Y Z

MY CAT HAS FLEAS

GS

Page 34: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 34

Cæsar cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y Z

A B C D E F G H I J K L MNO P Q R S TU VWX Y Z

MY CAT HAS FLEAS

GSW

Page 35: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 35

Cæsar cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y Z

A B C D E F G H I J K L MNO P Q R S TU VWX Y Z

MY CAT HAS FLEAS

GSWU

Page 36: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 36

Cæsar cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y Z

A B C D E F G H I J K L MNO P Q R S TU VWX Y Z

MY CAT HAS FLEAS

GSWUN

Page 37: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 37

Cæsar cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y Z

A B C D E F G H I J K L MNO P Q R S TU VWX Y Z

MY CAT HAS FLEAS

GSWUNB

Page 38: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 38

Cæsar cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y Z

A B C D E F G H I J K L MNO P Q R S TU VWX Y Z

MY CAT HAS FLEAS

GSWUNBU

Page 39: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 39

Cæsar cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y Z

A B C D E F G H I J K L MNO P Q R S TU VWX Y Z

MY CAT HAS FLEAS

GSWUNBUM

Page 40: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 40

Cæsar cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y Z

A B C D E F G H I J K L MNO P Q R S TU VWX Y Z

MY CAT HAS FLEAS

GSWUNBUMZ

Page 41: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 41

Cæsar cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y Z

A B C D E F G H I J K L MNO P Q R S TU VWX Y Z

MY CAT HAS FLEAS

GSWUNBUMZF

Page 42: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 42

Cæsar cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y Z

A B C D E F G H I J K L MNO P Q R S TU VWX Y Z

MY CAT HAS FLEAS

GSWUNBUMZFY

Page 43: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 43

Cæsar cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y Z

A B C D E F G H I J K L MNO P Q R S TU VWX Y Z

MY CAT HAS FLEAS

GSWUNBUMZFYU

Page 44: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 44

Cæsar cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y Z

A B C D E F G H I J K L MNO P Q R S TU VWX Y Z

MY CAT HAS FLEAS

GSWUNBMUFZYUM

Page 45: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 45

Cæsar cipher

• Convey one piece of information for decryption: shift value

• trivially easy to crack (26 possibilities for a 26 character alphabet)

A B C D E F G H I J K L MNO P Q R S T U VWX Y Z

A B C D E F G H I J K L MNO P Q R S TU VWX Y Z

MY CAT HAS FLEAS

GSWUNBMUFZYUM

Page 46: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 46

Ancient Hebrew variant (ATBASH)

• c. 600 BC

• No information (key) needs to be conveyed!

A B C D E F G H I J K L MNO P Q R S T U VWX Y Z

T S R Q P ONM L K J I H G F E D C B AZ Y XWV U

MY CAT HAS FLEAS

NBXZGSZHUOVZH

Page 47: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 47

Substitution cipher

• General case: arbitrary mapping

• both sides must have substitution alphabet

A B C D E F G H I J K L MNO P Q R S T U VWX Y Z

E A J T N C I F ZWO Y B X G K U D V HM P S R L Q

MY CAT HAS FLEAS

IVSMXAMBQCLMB

Page 48: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 48

Substitution cipher

Easy to decode:– vulnerable to frequency analysis

Moby Dick Shakespeare(1.2M chars) (55.8M chars)

e 12.300% e 11.797%

o 7.282% o 8.299%

d 4.015% d 3.943%

b 1.773% b 1.634%

x 0.108% x 0.140%

Page 49: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 49

Statistical Analysis

Letter frequenciesE: 12%

A, H, I, N, O, R, S, T: 6 – 9%

D, L: 4%

B, C, F, G, M, P, U, W, Y: 1.5 – 2.8%

J, K, Q, V, X, Z: < 1%

Common digrams:TH, HE, IN, ER, AN, RE, …

Common trigramsTHE, ING, AND, HER, ERE, …

Page 50: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 50

Polyalphabetic ciphers

Designed to thwart frequency analysis techniques

– different ciphertext symbols can represent the same plaintext symbol• 1 many relationship between

letter and substitute

Leon Battista Alberti: 1466: invented key

– two disks

– line up predetermined letter oninner disk with outer disk

– plaintext on inner ciphertext onouter

– after n symbols, the disk is rotated toa new alignment

A

J

encrypt: AJdecrypt: J A

Page 51: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 51

Page 52: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 52

Vigenère polyalphabetic cipher

• Blaise de Vigenère, court of Henry III of France, 1518

• Use table and key word to encipher a message

• repeat keyword over text: (e.g. key=FACE)FA CEF ACE FACEF ....

MY CAT HAS FLEAS

• encrypt: find intersection:row = keyword lettercolumn = plaintext letter

• decrypt: column = keyword letter, search for intersection = ciphertext letter

• message is encrypted with as many substitution ciphers as there are letters in the keyword

Page 53: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 53

Vigenère polyalphabetic cipher

A B C D E F G H I J K L MNO P Q R S TA B C D E F G H I J K L MNO P Q R S TB C D E F G H I J K L MNO P Q R S T UC D E F G H I J K L MNO P Q R S T U VD E F G H I J K L MNO P Q R S T U VWE F G H I J K L MNO P Q R S T U VWXF G H I J K L MNO P Q R S T U VWX Y

plaintext letter

keytextletter

ciphertext letter

Page 54: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 54

Vigenère polyalphabetic cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y ZAB C D E F G H I J K L MNO P Q R S T U VWX Y Z

A BC D E F G H I J K L MNO P Q R S T U VWX Y ZA B CD E F G H I J K L MNO P Q R S T U VWX Y Z

A B C DE F G H I J K L MNO P Q R S T U VWX Y ZA B C D EF G H I J K L MNO P Q R S T U VWX Y Z

A B C D E FG H I J K L MNO P Q R S T U VWX Y ZA B C D E F GH I J K L MNO P Q R S T U VWX Y Z

FA CEF ACE FACEF

MY CAT HAS FLEASR

Page 55: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 55

Vigenère polyalphabetic cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y ZAB C D E F G H I J K L MNO P Q R S T U VWX Y Z

A BC D E F G H I J K L MNO P Q R S T U VWX Y ZA B CD E F G H I J K L MNO P Q R S T U VWX Y Z

A B C DE F G H I J K L MNO P Q R S T U VWX Y ZA B C D EF G H I J K L MNO P Q R S T U VWX Y Z

A B C D E FG H I J K L MNO P Q R S T U VWX Y ZA B C D E F GH I J K L MNO P Q R S T U VWX Y Z

FA CEF ACE FACEF

MY CAT HAS FLEASRY

Page 56: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 56

Vigenère polyalphabetic cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y ZAB C D E F G H I J K L MNO P Q R S T U VWX Y Z

A BC D E F G H I J K L MNO P Q R S T U VWX Y ZA B CD E F G H I J K L MNO P Q R S T U VWX Y Z

A B C DE F G H I J K L MNO P Q R S T U VWX Y ZA B C D EF G H I J K L MNO P Q R S T U VWX Y Z

A B C D E FG H I J K L MNO P Q R S T U VWX Y ZA B C D E F GH I J K L MNO P Q R S T U VWX Y Z

FA CEF ACE FACEF

MY CAT HAS FLEASRY E

Page 57: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 57

Vigenère polyalphabetic cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y ZAB C D E F G H I J K L MNO P Q R S T U VWX Y Z

A BC D E F G H I J K L MNO P Q R S T U VWX Y ZA B CD E F G H I J K L MNO P Q R S T U VWX Y Z

A B C DE F G H I J K L MNO P Q R S T U VWX Y ZA B C D EF G H I J K L MNO P Q R S T U VWX Y Z

A B C D E FG H I J K L MNO P Q R S T U VWX Y ZA B C D E F GH I J K L MNO P Q R S T U VWX Y Z

FA CEF ACE FACEF

MY CAT HAS FLEASRY EE

Page 58: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 58

Vigenère polyalphabetic cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y ZAB C D E F G H I J K L MNO P Q R S T U VWX Y Z

A BC D E F G H I J K L MNO P Q R S T U VWX Y ZA B CD E F G H I J K L MNO P Q R S T U VWX Y Z

A B C DE F G H I J K L MNO P Q R S T U VWX Y ZA B C D EF G H I J K L MNO P Q R S T U VWX Y Z

A B C D E FG H I J K L MNO P Q R S T U VWX Y ZA B C D E F GH I J K L MNO P Q R S T U VWX Y Z

FA CEF ACE FACEF

MY CAT HAS FLEASRY EEY

Page 59: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 59

A B C D E F G H

Vigenère polyalphabetic cipher

I J K L MNO P Q R S T U VWX Y ZAB C D E F G H I J K L MNO P Q R S T U VWX Y Z

A BC D E F G H I J K L MNO P Q R S T U VWX Y ZA B CD E F G H I J K L MNO P Q R S T U VWX Y Z

A B C DE F G H I J K L MNO P Q R S T U VWX Y ZA B C D EF G H I J K L MNO P Q R S T U VWX Y Z

A B C D E FG H I J K L MNO P Q R S T U VWX Y ZA B C D E F GH I J K L MNO P Q R S T U VWX Y Z

FA CEF ACE FACEF

MY CAT HAS FLEASRY EEY H

Page 60: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 60

Vigenère polyalphabetic cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y ZAB C D E F G H I J K L MNO P Q R S T U VWX Y Z

A BC D E F G H I J K L MNO P Q R S T U VWX Y ZA B CD E F G H I J K L MNO P Q R S T U VWX Y Z

A B C DE F G H I J K L MNO P Q R S T U VWX Y ZA B C D EF G H I J K L MNO P Q R S T U VWX Y Z

A B C D E FG H I J K L MNO P Q R S T U VWX Y ZA B C D E F GH I J K L MNO P Q R S T U VWX Y Z

FA CEF ACE FACEF

MY CAT HAS FLEASRY EEY HC

Page 61: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 61

Vigenère polyalphabetic cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y ZAB C D E F G H I J K L MNO P Q R S T U VWX Y Z

A BC D E F G H I J K L MNO P Q R S T U VWX Y ZA B CD E F G H I J K L MNO P Q R S T U VWX Y Z

A B C DE F G H I J K L MNO P Q R S T U VWX Y ZA B C D EF G H I J K L MNO P Q R S T U VWX Y Z

A B C D E FG H I J K L MNO P Q R S T U VWX Y ZA B C D E F GH I J K L MNO P Q R S T U VWX Y Z

FA CEF ACE FACEF

MY CAT HAS FLEASRY EEY HCW

Page 62: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 62

Vigenère polyalphabetic cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y ZAB C D E F G H I J K L MNO P Q R S T U VWX Y Z

A BC D E F G H I J K L MNO P Q R S T U VWX Y ZA B CD E F G H I J K L MNO P Q R S T U VWX Y Z

A B C DE F G H I J K L MNO P Q R S T U VWX Y ZA B C D EF G H I J K L MNO P Q R S T U VWX Y Z

A B C D E FG H I J K L MNO P Q R S T U VWX Y ZA B C D E F GH I J K L MNO P Q R S T U VWX Y Z

FA CEF ACE FACEF

MY CAT HAS FLEASRY EEY HCW K

Page 63: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 63

Vigenère polyalphabetic cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y ZAB C D E F G H I J K L MNO P Q R S T U VWX Y Z

A BC D E F G H I J K L MNO P Q R S T U VWX Y ZA B CD E F G H I J K L MNO P Q R S T U VWX Y Z

A B C DE F G H I J K L MNO P Q R S T U VWX Y ZA B C D EF G H I J K L MNO P Q R S T U VWX Y Z

A B C D E FG H I J K L MNO P Q R S T U VWX Y ZA B C D E F GH I J K L MNO P Q R S T U VWX Y Z

FA CEF ACE FACEF

MY CAT HAS FLEASRY EEY HCW KL

Page 64: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 64

Vigenère polyalphabetic cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y ZAB C D E F G H I J K L MNO P Q R S T U VWX Y Z

A BC D E F G H I J K L MNO P Q R S T U VWX Y ZA B CD E F G H I J K L MNO P Q R S T U VWX Y Z

A B C DE F G H I J K L MNO P Q R S T U VWX Y ZA B C D EF G H I J K L MNO P Q R S T U VWX Y Z

A B C D E FG H I J K L MNO P Q R S T U VWX Y ZA B C D E F GH I J K L MNO P Q R S T U VWX Y Z

FA CEF ACE FACEF

MY CAT HAS FLEASRY EEY HCW KLG

Page 65: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 65

Vigenère polyalphabetic cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y ZAB C D E F G H I J K L MNO P Q R S T U VWX Y Z

A BC D E F G H I J K L MNO P Q R S T U VWX Y ZA B CD E F G H I J K L MNO P Q R S T U VWX Y Z

A B C DE F G H I J K L MNO P Q R S T U VWX Y ZA B C D EF G H I J K L MNO P Q R S T U VWX Y Z

A B C D E FG H I J K L MNO P Q R S T U VWX Y ZA B C D E F GH I J K L MNO P Q R S T U VWX Y Z

FA CEF ACE FACEF

MY CAT HAS FLEASRY EEY HCW KLGE

Page 66: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 66

Vigenère polyalphabetic cipher

A B C D E F G H I J K L MNO P Q R S T U VWX Y ZAB C D E F G H I J K L MNO P Q R S T U VWX Y Z

A BC D E F G H I J K L MNO P Q R S T U VWX Y ZA B CD E F G H I J K L MNO P Q R S T U VWX Y Z

A B C DE F G H I J K L MNO P Q R S T U VWX Y ZA B C D EF G H I J K L MNO P Q R S T U VWX Y Z

A B C D E FG H I J K L MNO P Q R S T U VWX Y ZA B C D E F GH I J K L MNO P Q R S T U VWX Y Z

FA CEF ACE FACEF

MY CAT HAS FLEASRY EEY HCW KLGEX

Page 67: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 67

Vigenère polyalphabetic cipher

"The rebels reposed their major trust, however, in the

Vigenere, sometimes using it in the form of a brass cipher

disc. In theory, it was an excellent choice, for so far as the

South knew the cipher was unbreakable. In practice, it

proved a dismal failure. For one thing, transmission errors

that added or subtracted a letter ... unmeshed the key from

the cipher and caused no end of difficulty. Once Major

Cunningham of General Kirby-Smith's staff tried for twelve

hours to decipher a garbled message; he finally gave up in

disgust and galloped around the Union flank to the sender

to find out what it said."

http://rz1.razorpoint.com/index.html

Page 68: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 68Page 68

Transposition Ciphers

Page 69: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 69

Transposition ciphers

• Permute letters in plaintext according to rules

• Knowledge of rules will allow message to be decrypted

• Earliest version used by the Spartans in the 5th century BC – staff cipher

Page 70: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 70

Transposition ciphers: staff cipher

MYCATHASFLEAS

MHE

M

H

E

Page 71: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 71

Transposition ciphers: staff cipher

MYCATHASFLEAS

MHE YAA

Y

A

A

Page 72: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 72

Transposition ciphers: staff cipher

MYCATHASFLEAS

MHE YAA CSS

C

S

S

Page 73: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 73

Transposition ciphers: staff cipher

MYCATHASFLEAS

MHE YAA CSS AFx

A

F

xPad out the text. This is a block cipher versus a stream cipher

Page 74: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 74

Transposition ciphers: staff cipher

MYCATHASFLEAS

MHE YAA CSS Afx TLy

T

L

y

Page 75: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 75

Transposition cipher

Table version of staff cipher– enter data horizontally, read it vertically

– secrecy is the width of the table

M Y C A

T H A S

F L E A

S x y z

MYCATHASFLEAS

Page 76: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 76

Transposition cipher

Table version of staff cipher– enter data horizontally, read it vertically

– secrecy is the width of the table

M Y C A

T H A S

F L E A

S x y z

MYCATHASFLEAS MTFS

Page 77: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 77

Transposition cipher

Table version of staff cipher– enter data horizontally, read it vertically

– secrecy is the width of the table

M Y C A

T H A S

F L E A

S x y z

MYCATHASFLEAS MTFSYHLx

Page 78: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 78

Transposition cipher

Table version of staff cipher– enter data horizontally, read it vertically

– secrecy is the width of the table

M Y C A

T H A S

F L E A

S x y z

MYCATHASFLEAS MTFSYHLxCAEy

Page 79: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 79

Transposition cipher

Table version of staff cipher– enter data horizontally, read it vertically

– secrecy is the width of the table

M Y C A

T H A S

F L E A

S x y z

MYCATHASFLEAS MTFSYHLxCAEyASAz

Page 80: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 80

Transposition cipher with key

– permute letters in plaintext according to key

– read down columns, sorting by key

Key: 3 1 4 2M Y C A

T H A S

F L E A

S x y z

MYCATHASFLEAS

Page 81: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 81

Transposition cipher with key

– permute letters in plaintext according to key

– read down columns, sorting by key

Key: 3 1 4 2M Y C A

T H A S

F L E A

S x y z

YHLx

YHLxMYCATHASFLEAS

Page 82: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 82

Transposition cipher with key

– permute letters in plaintext according to key

– read down columns, sorting by key

Key: 3 1 4 2M Y C A

T H A S

F L E A

S x y z

ASAz

YHLxASAzMYCATHASFLEAS

Page 83: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 83

Transposition cipher with key

– permute letters in plaintext according to key

– read down columns, sorting by key

Key: 3 1 4 2M Y C A

T H A S

F L E A

S x y z

MTFS

YHLxASAzMTFSMYCATHASFLEAS

Page 84: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 84

Transposition cipher with key

– permute letters in plaintext according to key

– read down columns, sorting by key

Key: 3 1 4 2M Y C A

T H A S

F L E A

S x y z

CAEy

YHLxASAzMTFSCAEyMYCATHASFLEAS

Page 85: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 85

Transposition cipher with key

– permute letters in plaintext according to key

– read down columns, sorting by key

Key: 3 1 4 2M Y C A

T H A S

F L E A

S x y z

YHLxASAzMTFSCAEYMYCATHASFLEAS

Page 86: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 86

Combined ciphers

• Combine transposition with substitution ciphers– German ADFGVX cipher (WWI)

• can be troublesome to implement– may require a lot of memory

– may require that messages be certain lengths

• Difficult with manual cryptography

Page 87: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 87Page 87

Electro-mechanicalcryptographic engines

Page 88: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 88

Rotor machines

1920s: mechanical devices used for automating encryption

Rotor machine:

– set of independently rotating cylinders through which electrical pulses flow

– each cylinder has input & output pin for each letter of the alphabet

– implements a version of the Vigenère cipher

– each rotor implements a substitution cipher

– output of each rotor is fed into the next rotor

Page 89: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 89

Rotor machines

• Simplest rotor machine: single cylinder

• after a character is entered, the cylinder rotates one position– internal combinations shifted by one

– polyalphabetic substitution cipher with a period of 26

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Page 90: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 90

Single cylinder rotor machine

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

G V I L C M B Q F K D O S P Z H R E U Z N X A T W J

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

K H W J M D N C R G L E P T Q Z I S F V A O Y B U X

rotate

Page 91: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 91

Single cylinder rotor machine

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

MY CAT HAS FLEAS

S

Page 92: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 92

Single cylinder rotor machine

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

MY CAT HAS FLEAS

SU

Page 93: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 93

Single cylinder rotor machine

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

MY CAT HAS FLEAS

SUI

Page 94: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 94

Single cylinder rotor machine

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

MY CAT HAS FLEAS

SUIU

Page 95: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 95

Single cylinder rotor machine

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

MY CAT HAS FLEAS

SUIUV

Page 96: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 96

Single cylinder rotor machine

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

MY CAT HAS FLEAS

SUIUVA

Page 97: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 97

Single cylinder rotor machine

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

MY CAT HAS FLEAS

SUIUVAY

Page 98: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 98

Single cylinder rotor machine

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

MY CAT HAS FLEAS

SUIUVAYO

Page 99: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 99

Single cylinder rotor machine

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

MY CAT HAS FLEAS

SUIUVAYOI

Page 100: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 100

Single cylinder rotor machine

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

MY CAT HAS FLEAS

SUIUVAYOIN

Page 101: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 101

Single cylinder rotor machine

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

MY CAT HAS FLEAS

SUIUVAYOINK

Page 102: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 102

Single cylinder rotor machine

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

MY CAT HAS FLEAS

SUIUVAYOINKB

Page 103: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 103

Single cylinder rotor machine

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

MY CAT HAS FLEAS

SUIUVAYOINKBY

Page 104: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 104

Multi-cylinder rotor machines

Single cylinder rotor machine– substitution cipher with a period = length of alphabet (e.g., 26)

Multi-cylinder rotor machine

– feed output of one cylinder as input to the next one

– first rotor advances after character is entered

– second rotor advances after a full period of the first

– polyalphabetic substitution cipher

• period = (length of alphabet)number of rotors

• 3 26-char cylinders 263 = 17,576 substitution alphabets

• 5 26-char cylinders 265 = 11,881,367 substitution alphabets

Page 105: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 105

Enigma

• Enigma machine used inGermany during WWII

• Three rotor system

– 263 = 17,576 possible rotor positions

• Input data permuted viapatch panel before sending to rotor engine

• Data from last rotor reflected back through rotors makes encryption symmetric

• Need to know initial settings of rotor

– setting was f(date)

– find in book of codes

• broken by group at Bletchley Park (Alan Turing)

Page 106: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 106

Enigma

Keyboard(input)

Glowlamps(results)

Plugboard

RotorsReflector

Page 107: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 107

One-time pads

Only provably secure encryption scheme

• invented in 1917

• large non-repeating set of random key letters written on a pad

• each key letter on the pad encrypts exactly one plaintext character– encryption is addition of characters modulo 26

• sender destroys pages that have been used

• receiver maintains identical pad

Page 108: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 108

One-time pads

If pad containsKWXOPWMAELGHW…

and we want to encryptMY CAT HAS FLEAS

Ciphertext:

WUZOIDMSJWKHO

M + K mod 26 = W

Y + W mod 26 = U

C + X mod 26 = Z

A + O mod 26 = O

T + P mod 26 = I

H + W mod 26 = D

A + M mod 26 = M

S + A mod 26 = S

F + E mod 26 = J

L + L mod 26 = W

E + G mod 26 = K

A + H mod 26 = H

S + W mod 26 = O

Page 109: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 109

One-time pads

The same ciphertext can decrypt to anythingdepending on the key!

Same ciphertext:

WUZOIDMSJWKHO

With a pad of:KWXOPWMAELGHW…

Produces:

THE DOG IS HAPPY

W - D mod 26 = W

U - N mod 26 = U

Z - V mod 26 = Z

O - L mod 26 = O

I - U mod 26 = I

D - X mod 26 = D

M - E mod 26 = M

S - A mod 26 = S

J - C mod 26 = J

W - W mod 26 = W

K - V mod 26 = K

H - S mod 26 = H

O - Q mod 26 = O

Page 110: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 110

One-time pads

Can be extended to binary data– random key sequence as long as the message

– exclusive-or key sequence with message

– receiver has the same key sequence

Page 111: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 111

One-Time Pad

void onetimepad(void)

{

FILE *if = fopen(“intext”, “r”);

FILE *kf = fopen(“keytext”, “r”);

FILE *of = fopen(“outtext”, “w”);

int c, k;

while ((c = getc(if)) != EOF) {

k = getc(kf);

putc((c^k), of);

}

fclose(if); fclose(kf); fclose(of);

}

Page 112: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 112

One-time pads

Problems with one-time pads:

– key needs to be as long as the message!

– key storage can be problematic • may need to store a lot of data

– keys have to be generated randomly • cannot use pseudo-random number generator

– cannot reuse key sequence

– sender and receiver must remain synchronized (e.g. cannot lose a message)

Page 113: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 113

Digression: random numbers

• “anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin”– John vonNeumann

• Pseudo-random generators– Linear feedback shift registers– Multiplicative lagged Fibonacci generators– Linear congruential generator

• Obtain randomness from:– Time between keystrokes– Various network/kernel events– Cosmic rays– Electrical noise– Other encrypted messages

Page 114: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 114Page 114

Computer Cryptography

Page 115: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 115

DES

• Data Encryption Standard– adopted as a federal standard in 1976

• block cipher, 64 bit blocks

• 56 bit key– all security rests with the key

• substitution followed by a permutation (transposition)– same combination of techniques is applied on the

plaintext block 16 times

Page 116: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 116

DES

64 bit plaintext block

initial permutation, IP

left half, L1 right half, R0

f

R1 = L0 f(R0, K1)L1= R0

K116 rounds

L15= R14 R15 = L14 f(R14, K15)

48-bit subkeypermuted from key

f

L16 = R15R16 = L15 f(R15, K16)

K16

final permutation, IP-1

64 bit ciphertext block

Page 117: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 117

DES: f

DATA: right 32 bits KEY: 56 bits

DATA: left 32 bitsNew DATA:

right 32 bits

48 bits48 bits

S S S S S S S S

Page 118: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 118

DES: S-boxes

• After compressed key is XORed with expanded block– 48-bit result moves to substitution operation via

eight substitution boxes (s-boxes)

• Each S-box has– 6-bit input

– 4-bit output

• 48 bits divided into eight 6-bit sub-blocks

• Each block is operated by a separate S-box

• key components of DES’s security

• net result: 48 bit input generates 32 bit output

Page 119: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 119

Is DES secure?

56-bit key makes DES relatively weak– 7.2×1016 keys

– Brute-force attack

Late 1990’s:– DES cracker machines built to crack DES keys in a few hours

– DES Deep Crack: 90 billion keys/second

– Distributed.net: test 250 billion keys/second

Page 120: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 120

The power of 2

Adding an extra bit to a key doubles the search space.

Suppose it takes 1 second to attack a 20-bit key:

•21-bit key: 2 seconds

•32-bit key: 1 hour

•40-bit key: 12 days

•56-bit key: 2,178 years

•64-bit key: >557,000 years!

Page 121: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 121

Increasing The Key

Can double encryption work for DES?

– Useless if we could find a key K such that:

EK(P) = EK2(EK1(P))

– This does not hold for DES

Page 122: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 122

Double DES

Vulnerable to meet-in-the-middle attack

If we know some pair (P, C), then:[1] Encrypt P for all 256 values of K1

[2] Decrypt C for all 256 values of K2

For each match where [1] = [2]– test the two keys against another P, C pair

– if match, you are assured that you have the key

Page 123: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 123

Triple DES

Triple DES with two 56-bit keys:

C = EK1(DK2(EK1(P)))

Triple DES with three 56-bit keys:

C = EK3(DK2(EK1(P)))

Decryption used in middle step for compatibility with DES (K1=K2=K3)

C = EK(DK(EK(P))) C = EK1(P)

Page 124: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 124

Triple DES

Prevent meet-in-the-middle attack with– three stages

– and two keys

Triple DES:C = EK1(DK2(EK1(P)))

Decryption used in middle step for compatibility with DES

C = EK(DK(EK(P))) C = EK1(P)

Page 125: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 125

Popular symmetric algorithms

IDEA - International Data Encryption Algorithm

– 1992

– 128-bit keys, operates on 8-byte blocks (like DES)

– algorithm is more secure than DES

RC4, by Ron Rivest– 1995

– key size up to 2048 bits

– not secure against multiple messages encrypted with the same key

AES - Advanced Encryption Standard– NIST proposed successor to DES, chosen in October 2000

– based on Rigndael cipher

– 128, 192, and 256 bit keys

Page 126: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 126

AES

From NIST:

Assuming that one could build a machine that could recover a DES key in a second (i.e., try 256 keys per second), then it would take that machine approximately 149 trillion years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.

http://csrc.nist.gov/encryption/aes/

Page 127: Distributed Systems...Page 1 Introduction to Cryptography Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Except as otherwise noted, the content of this presentation is …

Page 127Page 127

The end.