Cryptography

Dave Feinberg

Email Suppose I send an email from fberg@cs.cmu.edu to tomcortina@gmail.com

Who has access to that email?

What if I want the message to be private?

Encryption

Should it be legal to send encrypted messages?

Is there anyone that should NOT be allowed to send encrypted messages?

sketchystore.com

Suppose I'm making a purchase. I click on a link, and it takes me to

http://www.sketchystore.com/checkout.jsp

What I send

GET /checkout.jsp HTTP/1.1Host: www.sketchystore.com

What comes back<form action="purchase.jsp" method="post"><input type="hidden" name="userid" value="dave">

Enter your credit card number:<input type="text" name="creditcard"><br>Enter your expiration date:<input type="text" name="exp"><br><input type="submit" value="Submit"></form>

How it looks in my browser

When I press "submit"

POST /purchase.jsp HTTP/1.1Host: www.sketchystore.comUser-Agent: Mozilla/4.0Content-Length: 48Content-Type: application/x-www-form-urlencoded

userid=dave&creditcard=2837283726495601&exp=0109

Privacy If this information is sent unencrypted, who has access to my credit card number?

Other people who can connect to my wireless ethernet?

Other people physically connected to my wired ethernet?

Privacy

When I send a letter through the mail, it passes through the hands of many mail carriers. What keeps them from reading my mail?

What if I send a postcard?

Internet Packets = Postcards Internet data is sent in packets (small chunks bits that include the receiver's address, sender's address, and the content of that packet.)

Packets are passed from router to router.

All those routers have access to my data.

Encryption Scheme #1 Shift every letter forward by 1

A → B, B → C, ..., Z → A

MESSAGE →

NFTTBHF

Can you decrypt TFDSFU?

Encryption Scheme #2 Caesar Cipher. Shift forward n letters.

For example, shift forward 3 letters:A → D, B → E, ..., Z → C

We're encrypting using a key of 3.

MESSAGE →PHVVDJH

Caesar Ciphers: Now You Try

Small wheel: plain text (decrypted)Big wheel: cipher text (encrypted)

Turn until ∆ points to key number. For each letter in message:

To encrypt: Translate from small to big.

To decrypt: Translate from big to small.

Caesar Cipher

• How can we decode this:

DEEDUSEKBTFEIIYRBOTUSETUJXYI

DecipheringDEEDUSEKBTFEIIYRBOTUSETUJXYIEFFEVTFLCUGFJJZSCPUVTFUVKYZJFGGFWUGMDVHGKKATDQVWUGVWLZAKGHHGXVHNEWIHLLBUERWXVHWXMABLHIIHYWIOFXJIMMCVFSXYWIXYNBCMIJJIZXJPGYKJNNDWGTYZXJYZOCDNJKKJAYKQHZLKOOEXHUZAYKZAPDEOKLLKBZLRIAMLPPFYIVABZLABQEFPLMMLCAMSJBNMQQGZJWBCAMBCRFGQMNNMDBNTKCONRRHAKXCDBNCDSGHRNOONECOULDPOSSIBLYDECODETHISOPPOFDPVMEQPTTJCMZEFDPEFUIJTPQQPGEQWNFRQUUKDNAFGEQFGVJKU

QRRQHFRXOGSRVVLEOBGHFRGHWKLVRSSRIGSYPHTSWWMFPCHIGSHIXLMWSTTSJHTZQIUTXXNGQDIJHTIJYMNXTUUTKIUARJVUYYOHREJKIUJKZNOYUVVULJVBSKWVZZPISFKLJVKLAOPZVWWVMKWCTLXWAAQJTGLMKWLMBPQAWXXWNLXDUMYXBBRKUHMNLXMNCQRBXYYXOMYEVNZYCCSLVINOMYNODRSCYZZYPNZFWOAZDDTMWJOPNZOPESTDZAAZQOAGXPBAEEUNXKPQOAPQFTUEABBARPBHYQCBFFVOYLQRPBQRGUVFBCCBSQCIZRDCGGWPZMRSQCRSHVWGCDDCTRDJASEDHHXQANSTRDSTIWXH

How long would it take a computer to try all 25 shifts?

Encryption Scheme #3

Shift different amount for each letter.

Vigenère cipher Pick a secret key: TEACH Write Key: TEACHTEACHTE Message: ATTACKATDAWN Encrypted: TXTCJDETFHPR

Vigenère Cipher: Now You Try

Small wheel: plain text (decrypted)Big wheel: cipher text (encrypted)

Repeatedly write key word above message.

For each letter in message: Turn until ∆ points to key letter. To encrypt: Translate from small to big.To decrypt: Translate from big to small.

Vigenère Cipher

If you don't know the key, how could you decrypt the message?

What makes a good key?

Does anyone see a weakness in this plan? What's the solution?

To Summarize

The keyis

QZXJW

IERUHKDJKEHCIUE

Exchanging the Key

IERUHKDJKEHCIUE

QZXJWQZXJW

Exchanging the Key

IERUHKDJKEHCIUE

QZXJW QZXJW

Why is this a problem?

Book: "Blown to Bits"

"Secure communication was practical only for people who could arrange to meet beforehand, or who had access to a prior method of secure communication (such as military couriers) for carrying the key between them. If Internet communications had to proceed on this assumption, electronic commerce never could have gotten off the ground."

The Problem Tom and I need to agree on a key without meeting.

Therefore, the key must be sent at some point.

Therefore, someone might discover the key.

Is there a way I can still use that key to send a message securely?

Yes!

Locks123

Let'steachstuff.

What if someone steals the lock? What if someone steals the locked briefcase?

Locks How does Tom send messages to me?

I know the combination to one set of locks, which can be used to send messages that only I can read.

You know the combination to another set of locks, which can be used to send messages that only you can read.

Locks

This works because

Locks are easy to open, if you know the combination.

Locks are hard to open, if you don't know the combination.

Locks

How do you open a lock, if you don't know the combination?

If there are 3 digits, how many combinations do we need to try? (worst case)

Locks Suppose someone can crack my 3-digit combo lock in 15 minutes, by trying every combination. Do I give up on combo locks?

I use more digits! How long to crack a 6-digit lock at this rate?

6 digits: 15,000 minutes = 10 days How long to crack a 12-digit lock at this rate?

12-digits: 30,000 years

Locks

Can we make this "lock" idea work over the Internet?

Yes! It's called Public Key Encryption.

RSA Encryption How can you tell if the data you submit will be encrypted using RSA?

The URL at the top of the browser will begin with "https://"

Public Key Encryption Whenever you see HTTPS, you are using Public Key Encryption.

The information you send using HTTPS is more secure than any encrypted military order sent during World War I, World War II, The Korean War, or The Vietnam War.

Public Key Encryption

The public key encryption algorithm is called RSA.

How does RSA work?

Representing Messages

First, we must be able to represent any message as a single number.

For example:

A T T A C K A T D A W N

012020010311012004012314

RSA Tom has a public key and a secret key.

His public key is (3, 33) His secret key is (7, 33)

(Usually these are really huge numbers with many hundreds of digits!)

RSA(7, 33)

(3, 33)

31

msg is 44 3 mod 33= 31

31 7 mod 33= 4

(Assume I can convert any message into a big number, and any big number back into a message.)

RSA

Public Key: (e, n) Secret Key: (d, n)

Encrypt M : M e mod n → C

Decrypt C : C d mod n → M

RSA Public Key: (e, n) Secret Key: (d, n)

Everyone knows (e, n). Only Tom knows d.

The Big Question: If I know e and n, can I figure out what d is?

To answer that, I need to understand where e, n, and d came from ...

First, some number theory ...

2p - 1 mod pp 2p - 1 mod p3 14 05 16 27 18 09 410 211 1...

2p - 1 mod p = 1 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 101 103 107 109 113 127 131 137 139 149 151 157 163 167 173 179 181 191 193 197 199 211 223 227 229 233 239 241 251 257 263 269 271 277 281 283 293 307 311 313 317 331 337 341 347 349 353 359 367 373 379 383 389 397 401 409 419 421 431 433 439 443 449 457 461 463 467 479 487 491 499

What's the pattern? Every prime number greater than 2 ... What's a prime number?

2p - 1 mod p = 1 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 101 103 107 109 113 127 131 137 139 149 151 157 163 167 173 179 181 191 193 197 199 211 223 227 229 233 239 241 251 257 263 269 271 277 281 283 293 307 311 313 317 331 337 341 347 349 353 359 367 373 379 383 389 397 401 409 419 421 431 433 439 443 449 457 461 463 467 479 487 491 499 ...

Every prime number greater than 2 ... How could you prove this? How could you disprove this?

2p - 1 mod p = 1 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 101 103 107 109 113 127 131 137 139 149 151 157 163 167 173 179 181 191 193 197 199 211 223 227 229 233 239 241 251 257 263 269 271 277 281 283 293 307 311 313 317 331 337 341 347 349 353 359 367 373 379 383 389 397 401 409 419 421 431 433 439 443 449 457 461 463 467 479 487 491 499

What if I told you that: 11 × 31 = 341 Every prime number greater than 2, and also the number 341 ...

... and also some higher non-primes.

2p - 1 mod p = 1 I call this the "probably prime" test.

There is an even better test (the Fermat test), where you try 2p - 1, 3p - 1, etc.

Numbers that fool this test are called Carmichael numbers.

a p - 1 mod p = 1

"In testing primality of very large numbers chosen at random, the chance of stumbling upon a value that fools the Fermat test is less than the chance that cosmic radiation will cause the computer to make an error in carrying out a 'correct' algorithm. Considering an algorithm to be inadequate for the first reason but not for the second illustrates the difference between mathematics and engineering." --SICP

RSA: Choosing the Keys p and q are big random primes.

n = p × q φ = (p - 1)(q - 1)

e is small and relatively prime to φ

d, such that:ed mod φ = 1

p = 3, q = 11

n = 3 × 11 = 33φ = 2 × 10 = 20e = 3

3d mod 20 = 1d = 7

RSA: Choosing the Keys

Usually the primes are huge numbers--hundreds of digits long.

The Big Question Public Key: (e, n) Secret Key: (d, n)

Everyone knows (e, n). Only Tom knows d.

The Big Question: If I know e and n, can I figure out what d is?

Cracking RSA

I can determine d from e and n.

Factor n into p and q.

Encryption and Factoring

instead of a lock.

123

are the combination.

Public Key Encryption uses a big number

48985997

The factors of that big number

6997 x 7001

Cracking RSA I can determine d from e and n.

Factor n into p and q. φ = (p - 1)(q - 1) ed = 1 (mod φ)

(This is the only way we know to crack RSA.)

Should we give up on RSA?

Cracking RSA

How do you factor n ?

Try dividing n by 2, 3, 4, ...

(There are better factoring algorithms, but they're not significantly faster than this.)

Cracking RSA Suppose someone can factor my 5-digit number in 1 millisecond, by dividing by every number less than n. Do I give up on RSA?

I use more digits! At this rate, to factor a 10-digit numberwould take 2 minutes.

At this rate, to factor a 15-digit numberwould take 4 months.

At this rate, to factor a 20-digit numberwould take 30,000 years.

At this rate, to factor a 25-digit numberwould take 3 billion years.

We're safe with RSA!

Unless ...

What if there's something that can factor a number into its prime factors, that's much faster than a computer?

What could be faster than a computer?

Quantum Computers

Shor's Algorithm (1994) lets us factor numbers very quickly on a quantum computer.

If only we had a quantum computer to run it on ...

Quantum Computers Can be used to break RSA encryption very quickly.

We're safe for now, because these are very hard to build.

(We do not believe that many other intractable problems could be solved quickly by a quantum computer.)

Key Points Ecommerce depends on public key encryption.

Public key encryption is hard to crack because factoring is intractable.

Quantum computers would change that.