Cryptography
Peter Keevash
School of Mathematical Sciences, Queen Mary, University of London.
Peter Keevash (QMUL) Cryptography
Introduction
Secure CommunicationHow can one send a secret message?
Steganography (hiding the message)
Modern methodsInvisible ink, hidden words, microdots, DNA, watermarks...
Peter Keevash (QMUL) Cryptography
Introduction
Secure CommunicationHow can one send a secret message?
Steganography (hiding the message)
Modern methodsInvisible ink, hidden words, microdots, DNA, watermarks...
Peter Keevash (QMUL) Cryptography
Introduction
Secure CommunicationHow can one send a secret message?
Steganography (hiding the message)
Modern methodsInvisible ink, hidden words, microdots, DNA, watermarks...
Peter Keevash (QMUL) Cryptography
Cryptography
The model
Alice and Bob share a secret key, unknown to Eve "Eavesdropper"
Alice encrypts theplaintext messagewith the key, forminga ciphertext.
Bob decrypts the ciphertext with thekey, obtaining the original plaintext.
Eve also receives the ciphertext, but cannot understand it .
Peter Keevash (QMUL) Cryptography
Ciphers
Encryption/decryption methodsSubstitutions, codebooks, permutations, pseudorandom generators...
Kerckhoffs’ PrincipleEve knows the system. Only the key is secret.
Efficiency goalKnowing the key makes it easy to communicate.Not knowing the key makes it hard to eavesdrop.
Peter Keevash (QMUL) Cryptography
Ciphers
Encryption/decryption methodsSubstitutions, codebooks, permutations, pseudorandom generators...
Kerckhoffs’ PrincipleEve knows the system. Only the key is secret.
Efficiency goalKnowing the key makes it easy to communicate.Not knowing the key makes it hard to eavesdrop.
Peter Keevash (QMUL) Cryptography
Ciphers
Encryption/decryption methodsSubstitutions, codebooks, permutations, pseudorandom generators...
Kerckhoffs’ PrincipleEve knows the system. Only the key is secret.
Efficiency goalKnowing the key makes it easy to communicate.Not knowing the key makes it hard to eavesdrop.
Peter Keevash (QMUL) Cryptography
Substitution ciphers
Monoalphabetic substitutionEach letter is consistently replaced by another.
ExampleReversed alphabet: A→ Z, B→ Y, C→ X, . . . HELLO→ SVOOL.
PermutationsThe key is a permutation of the alphabet: a bijective map
σ : {A, . . . ,Z} → {A, . . . ,Z}.
Encryption: apply σ to each letter. Decryption: apply the inversepermutation σ−1 to each letter (σ(x) = y ↔ σ−1(y) = x).
Peter Keevash (QMUL) Cryptography
Substitution ciphers
Monoalphabetic substitutionEach letter is consistently replaced by another.
ExampleReversed alphabet: A→ Z, B→ Y, C→ X, . . . HELLO→ SVOOL.
PermutationsThe key is a permutation of the alphabet: a bijective map
σ : {A, . . . ,Z} → {A, . . . ,Z}.
Encryption: apply σ to each letter. Decryption: apply the inversepermutation σ−1 to each letter (σ(x) = y ↔ σ−1(y) = x).
Peter Keevash (QMUL) Cryptography
Substitution ciphers
Monoalphabetic substitutionEach letter is consistently replaced by another.
ExampleReversed alphabet: A→ Z, B→ Y, C→ X, . . . HELLO→ SVOOL.
PermutationsThe key is a permutation of the alphabet: a bijective map
σ : {A, . . . ,Z} → {A, . . . ,Z}.
Encryption: apply σ to each letter. Decryption: apply the inversepermutation σ−1 to each letter (σ(x) = y ↔ σ−1(y) = x).
Peter Keevash (QMUL) Cryptography
Cryptanalysis
The security of a cipherHow easy/hard is it to break? (Understand message / obtain key).
Brute forceAny cipher can be broken by trying all possible keys.
How long will it take?Number of substitution cipher keys 26! = 26× 25× · · · × 1= 403291461126605635584000000 = age of universe innanoseconds!
Computational feasibilitySecurity is relative to our powers of computation.
Peter Keevash (QMUL) Cryptography
Cryptanalysis
The security of a cipherHow easy/hard is it to break? (Understand message / obtain key).
Brute forceAny cipher can be broken by trying all possible keys.
How long will it take?Number of substitution cipher keys 26! = 26× 25× · · · × 1= 403291461126605635584000000 = age of universe innanoseconds!
Computational feasibilitySecurity is relative to our powers of computation.
Peter Keevash (QMUL) Cryptography
Cryptanalysis
The security of a cipherHow easy/hard is it to break? (Understand message / obtain key).
Brute forceAny cipher can be broken by trying all possible keys.
How long will it take?Number of substitution cipher keys 26! = 26× 25× · · · × 1= 403291461126605635584000000 = age of universe innanoseconds!
Computational feasibilitySecurity is relative to our powers of computation.
Peter Keevash (QMUL) Cryptography
Cryptanalysis
The security of a cipherHow easy/hard is it to break? (Understand message / obtain key).
Brute forceAny cipher can be broken by trying all possible keys.
How long will it take?Number of substitution cipher keys 26! = 26× 25× · · · × 1= 403291461126605635584000000 = age of universe innanoseconds!
Computational feasibilitySecurity is relative to our powers of computation.
Peter Keevash (QMUL) Cryptography
Statistical analysis
Letter frequenciesSome letters are more common than others. The most common lettersin English writing are E, T, A, O, I/N, H/S/R, . . .
Frequency analysisCount letter frequencies in the ciphertext; replace the most commonones by E, T, A, etc.; try to guess the others.
zh grqw jhw shdu wduwv iurp shdfk wuhhvzE grqT jET sEAu TAuTv iurp sEAfk TuEEvzE grqT jET sEAR TARTS iRrp sEAfk TREESzE gOqT jET sEAR TARTS iROp sEAfk TREESWE DONT GET PEAR TARTS FROM PEACH TREES
Peter Keevash (QMUL) Cryptography
Statistical analysis
Letter frequenciesSome letters are more common than others. The most common lettersin English writing are E, T, A, O, I/N, H/S/R, . . .
Frequency analysisCount letter frequencies in the ciphertext; replace the most commonones by E, T, A, etc.; try to guess the others.
zh grqw jhw shdu wduwv iurp shdfk wuhhvzE grqT jET sEAu TAuTv iurp sEAfk TuEEvzE grqT jET sEAR TARTS iRrp sEAfk TREESzE gOqT jET sEAR TARTS iROp sEAfk TREESWE DONT GET PEAR TARTS FROM PEACH TREES
Peter Keevash (QMUL) Cryptography
Statistical analysis
Letter frequenciesSome letters are more common than others. The most common lettersin English writing are E, T, A, O, I/N, H/S/R, . . .
Frequency analysisCount letter frequencies in the ciphertext; replace the most commonones by E, T, A, etc.; try to guess the others.
zh grqw jhw shdu wduwv iurp shdfk wuhhv
zE grqT jET sEAu TAuTv iurp sEAfk TuEEvzE grqT jET sEAR TARTS iRrp sEAfk TREESzE gOqT jET sEAR TARTS iROp sEAfk TREESWE DONT GET PEAR TARTS FROM PEACH TREES
Peter Keevash (QMUL) Cryptography
Statistical analysis
Letter frequenciesSome letters are more common than others. The most common lettersin English writing are E, T, A, O, I/N, H/S/R, . . .
Frequency analysisCount letter frequencies in the ciphertext; replace the most commonones by E, T, A, etc.; try to guess the others.
zh grqw jhw shdu wduwv iurp shdfk wuhhvzE grqT jET sEAu TAuTv iurp sEAfk TuEEv
zE grqT jET sEAR TARTS iRrp sEAfk TREESzE gOqT jET sEAR TARTS iROp sEAfk TREESWE DONT GET PEAR TARTS FROM PEACH TREES
Peter Keevash (QMUL) Cryptography
Statistical analysis
Letter frequenciesSome letters are more common than others. The most common lettersin English writing are E, T, A, O, I/N, H/S/R, . . .
Frequency analysisCount letter frequencies in the ciphertext; replace the most commonones by E, T, A, etc.; try to guess the others.
zh grqw jhw shdu wduwv iurp shdfk wuhhvzE grqT jET sEAu TAuTv iurp sEAfk TuEEvzE grqT jET sEAR TARTS iRrp sEAfk TREES
zE gOqT jET sEAR TARTS iROp sEAfk TREESWE DONT GET PEAR TARTS FROM PEACH TREES
Peter Keevash (QMUL) Cryptography
Statistical analysis
Letter frequenciesSome letters are more common than others. The most common lettersin English writing are E, T, A, O, I/N, H/S/R, . . .
Frequency analysisCount letter frequencies in the ciphertext; replace the most commonones by E, T, A, etc.; try to guess the others.
zh grqw jhw shdu wduwv iurp shdfk wuhhvzE grqT jET sEAu TAuTv iurp sEAfk TuEEvzE grqT jET sEAR TARTS iRrp sEAfk TREESzE gOqT jET sEAR TARTS iROp sEAfk TREES
WE DONT GET PEAR TARTS FROM PEACH TREES
Peter Keevash (QMUL) Cryptography
Statistical analysis
Letter frequenciesSome letters are more common than others. The most common lettersin English writing are E, T, A, O, I/N, H/S/R, . . .
Frequency analysisCount letter frequencies in the ciphertext; replace the most commonones by E, T, A, etc.; try to guess the others.
zh grqw jhw shdu wduwv iurp shdfk wuhhvzE grqT jET sEAu TAuTv iurp sEAfk TuEEvzE grqT jET sEAR TARTS iRrp sEAfk TREESzE gOqT jET sEAR TARTS iROp sEAfk TREESWE DONT GET PEAR TARTS FROM PEACH TREES
Peter Keevash (QMUL) Cryptography
Modular arithmetic
Caesar cipherPrevious example used shift by 3: A→ D, B→ E, C→ F, . . . , Z→ C.
A numerical interpretationIdentify A, . . . ,Z with 0, . . . ,25. Encode e(x) = x + 3 mod 26.Decode d(x) = x − 3 mod 26.
General shiftsSuppose we use an m-letter alphabet, identified with 0, . . . ,m − 1.Encode en(x) = x + n mod m. Decode dn(x) = x − n mod m.
Peter Keevash (QMUL) Cryptography
Modular arithmetic
Caesar cipherPrevious example used shift by 3: A→ D, B→ E, C→ F, . . . , Z→ C.
A numerical interpretationIdentify A, . . . ,Z with 0, . . . ,25. Encode e(x) = x + 3 mod 26.Decode d(x) = x − 3 mod 26.
General shiftsSuppose we use an m-letter alphabet, identified with 0, . . . ,m − 1.Encode en(x) = x + n mod m. Decode dn(x) = x − n mod m.
Peter Keevash (QMUL) Cryptography
Modular arithmetic
Caesar cipherPrevious example used shift by 3: A→ D, B→ E, C→ F, . . . , Z→ C.
A numerical interpretationIdentify A, . . . ,Z with 0, . . . ,25. Encode e(x) = x + 3 mod 26.Decode d(x) = x − 3 mod 26.
General shiftsSuppose we use an m-letter alphabet, identified with 0, . . . ,m − 1.Encode en(x) = x + n mod m. Decode dn(x) = x − n mod m.
Peter Keevash (QMUL) Cryptography
Caesar’s revenge
The one-time padKeep changing amount we shift by! Let’s use binary alphabet {0,1}.
The secret key is a random binary string, say k = 01100110.
Encryption, decryption both m 7→ m + k (bitwise addition mod 2): e.g.e(10101010) = 10101010 + 01100110 = 11001100,d(11001100) = 11001100 + 01100110 = 10101010.
Pro: Unbreakable! If k is random then so is m + k : it contains noinformation about m.Con: Inefficient! k is as long as m: it begs the question of howAlice and Bob managed to agree on k .More efficient: short k and long m, break m into blocks b1,b2, · · · ,encode as b1 + k ,b2 + k , . . . . (But this is breakable.)
Peter Keevash (QMUL) Cryptography
Caesar’s revenge
The one-time padKeep changing amount we shift by! Let’s use binary alphabet {0,1}.
The secret key is a random binary string, say k = 01100110.
Encryption, decryption both m 7→ m + k (bitwise addition mod 2): e.g.e(10101010) = 10101010 + 01100110 = 11001100,d(11001100) = 11001100 + 01100110 = 10101010.
Pro: Unbreakable! If k is random then so is m + k : it contains noinformation about m.
Con: Inefficient! k is as long as m: it begs the question of howAlice and Bob managed to agree on k .More efficient: short k and long m, break m into blocks b1,b2, · · · ,encode as b1 + k ,b2 + k , . . . . (But this is breakable.)
Peter Keevash (QMUL) Cryptography
Caesar’s revenge
The one-time padKeep changing amount we shift by! Let’s use binary alphabet {0,1}.
The secret key is a random binary string, say k = 01100110.
Encryption, decryption both m 7→ m + k (bitwise addition mod 2): e.g.e(10101010) = 10101010 + 01100110 = 11001100,d(11001100) = 11001100 + 01100110 = 10101010.
Pro: Unbreakable! If k is random then so is m + k : it contains noinformation about m.Con: Inefficient! k is as long as m: it begs the question of howAlice and Bob managed to agree on k .
More efficient: short k and long m, break m into blocks b1,b2, · · · ,encode as b1 + k ,b2 + k , . . . . (But this is breakable.)
Peter Keevash (QMUL) Cryptography
Caesar’s revenge
The one-time padKeep changing amount we shift by! Let’s use binary alphabet {0,1}.
The secret key is a random binary string, say k = 01100110.
Encryption, decryption both m 7→ m + k (bitwise addition mod 2): e.g.e(10101010) = 10101010 + 01100110 = 11001100,d(11001100) = 11001100 + 01100110 = 10101010.
Pro: Unbreakable! If k is random then so is m + k : it contains noinformation about m.Con: Inefficient! k is as long as m: it begs the question of howAlice and Bob managed to agree on k .More efficient: short k and long m, break m into blocks b1,b2, · · · ,encode as b1 + k ,b2 + k , . . . . (But this is breakable.)
Peter Keevash (QMUL) Cryptography
The Vigenere cipher
We don’t communicate in binary! Cipher easier to remember if weuse A..Z.
The secret key is a word; each letter represents the shift from A tothat letter; e.g. CAESAR↔ +2,+0,+4,+18,+0,+17.Example: ‘The rain in Spain falls mainly on the plain.’
Confusion is created since at different times (i) the same lettermay be encoded differently, and (ii) different letters may beencoded identically!
Peter Keevash (QMUL) Cryptography
The Vigenere cipher
We don’t communicate in binary! Cipher easier to remember if weuse A..Z.The secret key is a word; each letter represents the shift from A tothat letter; e.g. CAESAR↔ +2,+0,+4,+18,+0,+17.
Example: ‘The rain in Spain falls mainly on the plain.’
Confusion is created since at different times (i) the same lettermay be encoded differently, and (ii) different letters may beencoded identically!
Peter Keevash (QMUL) Cryptography
The Vigenere cipher
We don’t communicate in binary! Cipher easier to remember if weuse A..Z.The secret key is a word; each letter represents the shift from A tothat letter; e.g. CAESAR↔ +2,+0,+4,+18,+0,+17.Example: ‘The rain in Spain falls mainly on the plain.’
Confusion is created since at different times (i) the same lettermay be encoded differently, and (ii) different letters may beencoded identically!
Peter Keevash (QMUL) Cryptography
The Vigenere cipher
We don’t communicate in binary! Cipher easier to remember if weuse A..Z.The secret key is a word; each letter represents the shift from A tothat letter; e.g. CAESAR↔ +2,+0,+4,+18,+0,+17.Example: ‘The rain in Spain falls mainly on the plain.’
Confusion is created since at different times (i) the same lettermay be encoded differently, and (ii) different letters may beencoded identically!
Peter Keevash (QMUL) Cryptography
Breaking the Vigenere cipher
Much harder than a substitution, but it has weaknesses...
Suppose we know the key length, say it is 5. Just look at theletters in positions 5,10,15,... they are encoded by the same shift:can use frequency analysis! Repeat for other remainders mod 5.
How to get the key length? Could guess. Or use moresophisticated statistics...
Kasiski method: Look for repeated consecutive pairs (digrams) ortriples (trigrams). The key length probably divides the distancebetween them.
Peter Keevash (QMUL) Cryptography
Breaking the Vigenere cipher
Much harder than a substitution, but it has weaknesses...
Suppose we know the key length, say it is 5. Just look at theletters in positions 5,10,15,... they are encoded by the same shift:can use frequency analysis! Repeat for other remainders mod 5.
How to get the key length? Could guess. Or use moresophisticated statistics...
Kasiski method: Look for repeated consecutive pairs (digrams) ortriples (trigrams). The key length probably divides the distancebetween them.
Peter Keevash (QMUL) Cryptography
Breaking the Vigenere cipher
Much harder than a substitution, but it has weaknesses...
Suppose we know the key length, say it is 5. Just look at theletters in positions 5,10,15,... they are encoded by the same shift:can use frequency analysis! Repeat for other remainders mod 5.
How to get the key length? Could guess. Or use moresophisticated statistics...
Kasiski method: Look for repeated consecutive pairs (digrams) ortriples (trigrams). The key length probably divides the distancebetween them.
Peter Keevash (QMUL) Cryptography
Breaking the Vigenere cipher
Much harder than a substitution, but it has weaknesses...
Suppose we know the key length, say it is 5. Just look at theletters in positions 5,10,15,... they are encoded by the same shift:can use frequency analysis! Repeat for other remainders mod 5.
How to get the key length? Could guess. Or use moresophisticated statistics...
Kasiski method: Look for repeated consecutive pairs (digrams) ortriples (trigrams). The key length probably divides the distancebetween them.
Peter Keevash (QMUL) Cryptography
Key exchange
A one-time pad attempt:p m k
m m
=
+
1
1
p +
2 = km1
m m += k3 2m2
m3 m m += k34
A
B
A
B
Alice
Eve
Bob = p
Problem! m1 + m2 + m3 = p.
Peter Keevash (QMUL) Cryptography
Public key cryptography
Diffie-Hellman idea: method where key is public knowledge?! Howcould this possibly work?
One-way function e: computing e(x) easy; computingd(y) = e−1(y) hard.
RSA cryptosystem: power map e(x) = x` mod n; `,n public.
Inverse problem ‘given y , find x with x` = y mod n’ believed hard.
Trapdoor function: n = pq with p,q large primes, secret key k withk` = 1 mod (p − 1)(q − 1), d(y) = yk mod n.
Peter Keevash (QMUL) Cryptography
Public key cryptography
Diffie-Hellman idea: method where key is public knowledge?! Howcould this possibly work?
One-way function e: computing e(x) easy; computingd(y) = e−1(y) hard.
RSA cryptosystem: power map e(x) = x` mod n; `,n public.
Inverse problem ‘given y , find x with x` = y mod n’ believed hard.
Trapdoor function: n = pq with p,q large primes, secret key k withk` = 1 mod (p − 1)(q − 1), d(y) = yk mod n.
Peter Keevash (QMUL) Cryptography
Public key cryptography
Diffie-Hellman idea: method where key is public knowledge?! Howcould this possibly work?
One-way function e: computing e(x) easy; computingd(y) = e−1(y) hard.
RSA cryptosystem: power map e(x) = x` mod n; `,n public.
Inverse problem ‘given y , find x with x` = y mod n’ believed hard.
Trapdoor function: n = pq with p,q large primes, secret key k withk` = 1 mod (p − 1)(q − 1), d(y) = yk mod n.
Peter Keevash (QMUL) Cryptography
Public key cryptography
Diffie-Hellman idea: method where key is public knowledge?! Howcould this possibly work?
One-way function e: computing e(x) easy; computingd(y) = e−1(y) hard.
RSA cryptosystem: power map e(x) = x` mod n; `,n public.
Inverse problem ‘given y , find x with x` = y mod n’ believed hard.
Trapdoor function: n = pq with p,q large primes, secret key k withk` = 1 mod (p − 1)(q − 1), d(y) = yk mod n.
Peter Keevash (QMUL) Cryptography
Public key cryptography
Diffie-Hellman idea: method where key is public knowledge?! Howcould this possibly work?
One-way function e: computing e(x) easy; computingd(y) = e−1(y) hard.
RSA cryptosystem: power map e(x) = x` mod n; `,n public.
Inverse problem ‘given y , find x with x` = y mod n’ believed hard.
Trapdoor function: n = pq with p,q large primes, secret key k withk` = 1 mod (p − 1)(q − 1), d(y) = yk mod n.
Peter Keevash (QMUL) Cryptography
Issues in modern cryptography
Message Integrity: Can Eve crucially change the meaning of amessage she cannot entirely read (e.g. the amount in a banktransaction)?
Digital Signatures: Eve sees some signed messages, can sheforge a signature?
Communication protocols: Zero-knowledge proof, Multipartysecrets, Elections, Digital cash...
Peter Keevash (QMUL) Cryptography
Issues in modern cryptography
Message Integrity: Can Eve crucially change the meaning of amessage she cannot entirely read (e.g. the amount in a banktransaction)?
Digital Signatures: Eve sees some signed messages, can sheforge a signature?
Communication protocols: Zero-knowledge proof, Multipartysecrets, Elections, Digital cash...
Peter Keevash (QMUL) Cryptography
Issues in modern cryptography
Message Integrity: Can Eve crucially change the meaning of amessage she cannot entirely read (e.g. the amount in a banktransaction)?
Digital Signatures: Eve sees some signed messages, can sheforge a signature?
Communication protocols: Zero-knowledge proof, Multipartysecrets, Elections, Digital cash...
Peter Keevash (QMUL) Cryptography
Conclusion
Cryptography concerns secure communication. Unlikesteganography (making the message obscure), the assumption(Kerckhoffs’ Principle) is ‘Eve knows the system; only the key issecret’.
Ciphers are various methods of using the secret key toencrypt/decrypt a message, e.g. Substitution, Vigenere,Permutation, . . .
Security is always relative to computational power, and in fear ofan ingenious unforseen attack.
Public Key Cryptography provides great flexibility, but its securityis only empirical.
Modern cryptography has evolved into a diverse field of theoreticaland practical research.
Peter Keevash (QMUL) Cryptography
Conclusion
Cryptography concerns secure communication. Unlikesteganography (making the message obscure), the assumption(Kerckhoffs’ Principle) is ‘Eve knows the system; only the key issecret’.
Ciphers are various methods of using the secret key toencrypt/decrypt a message, e.g. Substitution, Vigenere,Permutation, . . .
Security is always relative to computational power, and in fear ofan ingenious unforseen attack.
Public Key Cryptography provides great flexibility, but its securityis only empirical.
Modern cryptography has evolved into a diverse field of theoreticaland practical research.
Peter Keevash (QMUL) Cryptography
Conclusion
Cryptography concerns secure communication. Unlikesteganography (making the message obscure), the assumption(Kerckhoffs’ Principle) is ‘Eve knows the system; only the key issecret’.
Ciphers are various methods of using the secret key toencrypt/decrypt a message, e.g. Substitution, Vigenere,Permutation, . . .
Security is always relative to computational power, and in fear ofan ingenious unforseen attack.
Public Key Cryptography provides great flexibility, but its securityis only empirical.
Modern cryptography has evolved into a diverse field of theoreticaland practical research.
Peter Keevash (QMUL) Cryptography
Conclusion
Cryptography concerns secure communication. Unlikesteganography (making the message obscure), the assumption(Kerckhoffs’ Principle) is ‘Eve knows the system; only the key issecret’.
Ciphers are various methods of using the secret key toencrypt/decrypt a message, e.g. Substitution, Vigenere,Permutation, . . .
Security is always relative to computational power, and in fear ofan ingenious unforseen attack.
Public Key Cryptography provides great flexibility, but its securityis only empirical.
Modern cryptography has evolved into a diverse field of theoreticaland practical research.
Peter Keevash (QMUL) Cryptography
Conclusion
Cryptography concerns secure communication. Unlikesteganography (making the message obscure), the assumption(Kerckhoffs’ Principle) is ‘Eve knows the system; only the key issecret’.
Ciphers are various methods of using the secret key toencrypt/decrypt a message, e.g. Substitution, Vigenere,Permutation, . . .
Security is always relative to computational power, and in fear ofan ingenious unforseen attack.
Public Key Cryptography provides great flexibility, but its securityis only empirical.
Modern cryptography has evolved into a diverse field of theoreticaland practical research.
Peter Keevash (QMUL) Cryptography