Data Security and Cryptology, VI

Basics of Contemporary Cryptography

Data Security and Cryptology, VI

Basics of Contemporary Cryptography

October 8th, 2014

Valdo Praust 

mois@mois.ee

Lecture Course in Estonian IT CollegeAutumn 2014 

  

October 8th, 2014

Valdo Praust 

mois@mois.ee

Lecture Course in Estonian IT CollegeAutumn 2014 

  

Two Stages of Cryptography• Pre-computer cryptography or traditional

cryptography (arvutieelne ehk traditsiooniline krüptograafia). Uses paper-pencil or some simple mechanical devices (until 1940s). Was a tool only for military, diplomacy and intelligence areas (until 1970-80s). Uses empirical tehcniques (until 1949)

• Contemporary cryptology or computer-age cryptography, usually called only cryptography ((kaasaja) krüptograafia). Uses computers as encrypting/breaking tools (since 1940s). Is an essential tool for each e-systems (since 1970-80s). Uses scientific-based algoritms(since 1949)

Essence of Traditional Cryptography

Traditional or pre-computer cryptography (traditsiooniline ehk arvutieelne krüptograafia) was a discipline which aim was a hiding of information (hiding meaning of data) for foreign or alien people by the way of ”strange writing”

Traditional or pre-computer cryptography (traditsiooniline ehk arvutieelne krüptograafia) was a discipline which aim was a hiding of information (hiding meaning of data) for foreign or alien people by the way of ”strange writing”

The name of the discipline comes from the Greek name (like most of other classic disciplines):• κρνπτος (kryptos) – hidden• γραπηο (graphō) – I write

Cryptography means “hidden word” in Greek

Sources of Cryptography

Cryptography derives probably from ancient times, when the writing was invented and there also arised a necessity to write down the information in a way that is understandable only by own people but and non- understandable for others (aliens)

Cryptography derives probably from ancient times, when the writing was invented and there also arised a necessity to write down the information in a way that is understandable only by own people but and non- understandable for others (aliens)

How old it actually is?• An alphabet is some thousand years old

(first used by Phoenicians), hieroglyphs are much older (at least 5000 years)

• Cryptography is probably also about 3000-5000 years old

The Oldest Known Utilization Fact

Hieroglyphs on cliff-tomb of Egyptian Pharaoh Khnumhotep, which are completly different from other knows hieroglyphs from these times

About 4000 years old (1900 BC)

Main Methods of Pre-Computer Cryptography, I

• substitution (substitutsioon) – replacing of original characters (letters) by another characters (letters)

• transposition or permutation (transpositsioon, permutatsioon) – changing the order of characters (letters)

Main Methods of Pre-Computer Cryptography, II

The simplest pre-computer (ancient) ciphers were different variants of substitution or transposition ciphers. More complex ancient ciphers were certain combinations of substitution and transposition

The simplest pre-computer (ancient) ciphers were different variants of substitution or transposition ciphers. More complex ancient ciphers were certain combinations of substitution and transposition

By the way, even a lot of modern (computer-age) cryptoalgorithms are still a complex combinations of substitution and transposition

An ENIGMA Cipher Machine

ENIGMA was constructed by Germans during 1930s. ENIGMA ciphers was considered unbreakable in these times

ENIGMA was constructed by Germans during 1930s. ENIGMA ciphers was considered unbreakable in these times

• ENIGMA was a complex substitution-permutation cipher, where the key was an initial position of permutative rotors (usually there was 3 rotors)

• Rotor was disk with 26 electrical contacts on both side and realises a permutation of 26-letter alphabet

ENIGMA - A Breaking Story• ENIGMA cipher was theoretically broken

by a Polish cryptographer Rejewski in 1930s but it needed large amount of calculations (a lot of time and/or machine work)

• In 1943, a British matematician Alan Turing constructed a special electronic computer (first in world!) named COLOSSUS, which only aim was the breaking of ENIGMA ciphers

• This fact was kept secret for a long time (until the end of cold war in late 1980s) because COLOSSUS was made by British intelligence MI5

COLOSSUS • Was built in 1943 in UK (MI5) especially

for breaking ENIGMA ciphers• Was a top secret device until 1980s• Was the first electronic computer in

world• The exact functional copy of original

COLOSSUS was built in UK in 1990s

End of Traditional Cryptography, I

End of traditional cryptography was mainly caused by an appearing of electronic computer in 1940s (COLOSSUS, ENIAC), which has made a computational work thousands times faster than before

End of traditional cryptography was mainly caused by an appearing of electronic computer in 1940s (COLOSSUS, ENIAC), which has made a computational work thousands times faster than before

It ended the era of pre-computer ciphers (crypotoalgorithms) and a traditional (pre-computer) cryptography

Since 1940s for both during encryption and cipher breaking processe there was used (electronical) computers

Since 1949 we can speak about contemporary (modern, scientifical) cryptography. It is a branch of applied mathematics. It is used as an useful tool for data security (both confidentiality and integrity)

Since 1949 we can speak about contemporary (modern, scientifical) cryptography. It is a branch of applied mathematics. It is used as an useful tool for data security (both confidentiality and integrity)

End of Traditional Cryptography, II

Around the same time with the appearance of electronic computers, Shannon published his information theory (1949). It led cryptology from previous empirical basis to scientific basis

The transition from paper-based into computer-based encrypting during 1940-50s did not change these traditional usage fields

The transition from paper-based into computer-based encrypting during 1940-50s did not change these traditional usage fields

A Tool for Diplomats and Warriors

Traditional or pre-computer cryptography was used for a narrow purposes - for diplomacy, intelligence and military purposes

In many countries until 1970-80s the encryption equipment/devices was considered to be handled as weapons

Mass-use of cryptographic means in commerce began together with the spread on wide-area computer networks (Internet) during 1970-80s where the transferred information confidentialy often needed a protection

Mass-use of cryptographic means in commerce began together with the spread on wide-area computer networks (Internet) during 1970-80s where the transferred information confidentialy often needed a protection

1970-80s – From Military to Commerce Use

Additionally this process was heavily led by the invention of new types of cryptoalgorithms which aim is to protect integrity, not the (traditional) confidentiality

The Essence and Role of Contemporary Cryptology

The aim of contemporary cryptology is not only confidentiality. The additional aim – the avoiding of unauthorized changes (integrity) was added. Ensuring of integrity should be considered the main function of contemporary cryptology (ca 85% of its total usage)

The aim of contemporary cryptology is not only confidentiality. The additional aim – the avoiding of unauthorized changes (integrity) was added. Ensuring of integrity should be considered the main function of contemporary cryptology (ca 85% of its total usage)

But the classical (Greek) name cryptography (a hidden word) has stille remained as a relict (even in these cases when the aim is not confidentiality)

The mass-usage of Internet (the early and mid 1990s) caused the final liberalizing of cryptographical means/devices use

The mass-usage of Internet (the early and mid 1990s) caused the final liberalizing of cryptographical means/devices use

1990s: Liberalizing of Cryptology

Last essential “old relicts” were:

• France - until the mid-1990s the cryptographivc devices’ usage were considered as weapons

• U.S.- until 1999 there was an export ban of unbreakable algorithms (algorithms with tke keylenght more than 40 bits)

Contemporary Cryptology as a Typical Tool of IT and Data Security

Without the using of cryptographical tools as an essentials tools for protecting digital data, there’s usually impossible to realize any information system. The observation of crypto-tools as weapons are lost forever already for long years

Contemporary cryptology is a basic mean to protecting both the integrity and confidentiality of any digital data. For protecting the availabilty the cryptology has an auxiliary role

Contemporary cryptology is a basic mean to protecting both the integrity and confidentiality of any digital data. For protecting the availabilty the cryptology has an auxiliary role

Contemporary Cryptography — an Official Definition

Contemporary Cryptography — an Official Definition

(Contemporary) cryptology ((kaasaja) krüptograafia) is a discipline that embodies the principles, means, and methods for the transformation of data in order to hide their semantic content, prevent their unauthorized use, or prevent their undetected modification (Source: ISO 7498-2)

(Contemporary) cryptology ((kaasaja) krüptograafia) is a discipline that embodies the principles, means, and methods for the transformation of data in order to hide their semantic content, prevent their unauthorized use, or prevent their undetected modification (Source: ISO 7498-2)

Basic Concepts of (Contemporary) Cryptology

• Encryptable (convertable from readable to unreadable form) text is called plaintext (avatekst)

• Encrypted text (the text which is already converted to unreadable form) is called ciphertext (krüptogramm)

• The converting process from plaintext to ciphertext (from readable to unreadable form) is called encryption or encipherment (krüpteerimine, šifreerimine)

• The converting process from ciphertext back to plaintext (beck to readable form) under normal circumstances is called decryption or deciphering (dešifreerimine)

Basic Concepts of (Contemporary) Cryptology

• Usually both the enciphering and deciphering processes are performed by using a key or secret key (võti, salajane võti)

• Deciphering is a transforming of ciphertext into a plaintext using an appropriate key

• Successful transforming of ciphertext into a plaintext without a key is called breaking a cryptoalgorithm (krüptoalgoritmi murdmine)

In pre-computer (traditional) cryptoalgoritms the key was often undistinguishable from an algoritm itself

In pre-computer (traditional) cryptoalgoritms the key was often undistinguishable from an algoritm itself

Format of Digital DataFormat of Digital Data

Pre-agreed format gives meaning to data (in other words: associates data with the bearanle information)

Conclusion: if we have data but we don’t have information about the data format then we often don’t have the (correct) information beared by data

This fact serves as a base of cryptology (as a tool for confidentiality) when we create such a situation

Format of (digital) data ((digi)andmete vorming) is the way, how different types of information are encoded using the actual bits (0’s and 1’s)

Format of (digital) data ((digi)andmete vorming) is the way, how different types of information are encoded using the actual bits (0’s and 1’s)

Cryptography and Cryptalaysis• Cryptography (krüptograafia) is a set of

data conversion methods (algorithms) which can protect confidentiality or integrity

• Cryptanalysis (krüptoanalüüs) is a set of opposite tasks – tasks for breaking these cryptosystems or -algorithms

• Cryptography and cryptalaysis together form (or can be called) as a cryptology (krüptoloogia) which is usually considered as an unified discipline

Main Properties of Contemporary Cryptology, I

This allows to evaluate the algorthm’s security for a wide range of independent experts (without having access to real confidential data which needs a key)

In practice the security was usually evaluated by the cryptologists (krüptoloogid) who are usually deep matematicians by the education and specialization

Technical descriptions of all wide-spread cryptoalgoritms are usually public. All security usually bases on a secure key which is used in actual (practical) cases

Technical descriptions of all wide-spread cryptoalgoritms are usually public. All security usually bases on a secure key which is used in actual (practical) cases

Main Properties of Contemporary Cryptology, II

Composing a secure (practically unbreakable) cryptoalgorithms needs a deep knowledge of cryptology and mathematics

As longer the cryptoalgorithm has been in public use (has been available for testing by several experts/cryptologists), it’s less probable, that there are some effective breaking (cryptoanalytic) methods

Contemporary cryptology uses always standardized algorithms which are worked out by cryptologists (matematicians). Composing of “own” algorithms by itself has been already history for a long times (and remains forever)

Contemporary cryptology uses always standardized algorithms which are worked out by cryptologists (matematicians). Composing of “own” algorithms by itself has been already history for a long times (and remains forever)

Main Properties of Contemporary Cryptology, III

The speed of calculations is very important for both encrypting and cryptanalysis. Computers’ working performance is some millions times faster as human’s performace using paper-pencil (GHz’s versus 10 Hz)

Cryptography (actually the whole cryptology) is one of the many applications of informatics 

Contemporary cryptology uses computers. Encrypting with a paper and pencil has remained history already for a decades

Contemporary cryptology uses computers. Encrypting with a paper and pencil has remained history already for a decades

Main Properties of Contemporary Cryptology, IV

Cryptography is a tool for securing of information systems, but IT tools (software and hardware) are same in all around the world

An IT tool with a good (secure), but uncommon cryptoalgorithm is usually uncompatible with other IT infrastructure components (internet etc)

Contemporary cryptology uses a lot of pre-agreed standards, which are same in all around the world

Contemporary cryptology uses a lot of pre-agreed standards, which are same in all around the world

Main Types of Cryptoalgorithms

Main Types of Cryptoalgorithms

1. Symmetric cryptoalgorithms or secret-key crypotoalgorithms are traditional (historical) cryptoalgorithms

2. Asymmetric cryptoalgorithms or public-key crypotoalgorithms are widely spread within last 25-30 years

3. Cryptographic message digests and similar constructions

4. Special-purpose algorithms for proofing, authentication etc

Secret-Key Cryptoalgorithm

Some famous examples: • AES (128-, 192- or 256-bit key) • IDEA (128-bit key) • Skipjack (80-bit key) • (DES (56-bit key)) ?

Secret-key cryptoalgorithm (salajase võtmega krüptoalgoritm) or symmetric cryptoalgorithm (sümmeetriline krüptoalgorithm) is such a cryptoalgorithm where the same secret key is used both for enciphering and deciphering purposes

Secret-key cryptoalgorithm (salajase võtmega krüptoalgoritm) or symmetric cryptoalgorithm (sümmeetriline krüptoalgorithm) is such a cryptoalgorithm where the same secret key is used both for enciphering and deciphering purposes

Encrypting or encipherment (krüpteerimine, šifreerimine) needs the using of certain key as a pre-defined queue of bits

Opposite process is a decrypting or deciphering (dešifreerimine), which needs a same key in order to restore the initial data (plaintext) from the encrypted text (ciphertext)

Without the knowing of a key it’s impossible to perform these processes

Without the knowing of a key it’s impossible to perform these processes

Role of Key in Enciphering and Deciphering Process

Role of Key in Enciphering and Deciphering Process

Secret-Key Cryptoalgorithm

Secret-Key Cryptoalgorithm – Possibility to Break

Secret-key cryptoalgorithm is considered to be practically secure if the keylength is at least 80 bits (for enhanced security cases 128 bits)

Secret-key cryptoalgorithm is considered to be practically secure if the keylength is at least 80 bits (for enhanced security cases 128 bits)

DES is already considered insecure because its keylenght is only 56 bits (until 2005 it was allowed to use DES in triple mode as 3DES)

Additionally to sufficient keylenght it is necessary that no effective cryptoanalytic attacks exist

Secret-Key Cryptoalgorithm: Fields of Use

• transmitting of confidential information using some (interceptable) networks

• secure storing of confidential information (with an appropriate key management system)

• secure erasing of confidential data

Secret-Key Cryptoalgorithm: Arised Problem

Problem: if we use encryption as a tool for confidential information communication we must be able to deliver securely the used secret key

Problem: if we use encryption as a tool for confidential information communication we must be able to deliver securely the used secret key

Therefore we need a secure (non-interceptable) channel to deliver the secret key. We can’t use a secret-key encryption for this purpose

Using a courier service may be insecure. Delivering the key by the traveling is both very time- and money consumable

Public-Key CryptoalgorithmPublic-Key Cryptoalgorithm

 

These keys are mathematically related to each other but there’s impossible in practice to found from one key another

 

Public-key cryptoalgorithm (avaliku võtmega krüptoalgoritm) or asymmetric cryptoalgorithm (asümmeetriline krüptoalgoritm) uses two keys – if we encrypt using one key, we can decrypt it by another key

Public-key cryptoalgorithm (avaliku võtmega krüptoalgoritm) or asymmetric cryptoalgorithm (asümmeetriline krüptoalgoritm) uses two keys – if we encrypt using one key, we can decrypt it by another key

Public-Key Cryptoalgorithm: Keys

Public-Key Cryptoalgorithm: Keys

 

 

Keys of public-key cryptoalgorithm are called usually public key and private key (avalik võti ja privaatvõti)

Keys of public-key cryptoalgorithm are called usually public key and private key (avalik võti ja privaatvõti)

• Public key is usually known for all parties (is public)

• Private key is usually known only by a subject or a keypair owner (people, software, server, company, chipcard etc)

Most-of-Spread Public-Key Cryptoalgorithm: RSA

Most-of-Spread Public-Key Cryptoalgorithm: RSA

 

For RSA it is easy to calculate the public key from a private key, but it’s practically infeasible to calculate the private from a public key

Public and private key are mathematically related with each other, but the finding of private key using a public key needs for a typical computer million years or more

The most-of-spread public-key cryptoalgorithm is RSA. RSA is considered to be practically secure with no less than 1024-bit keylenght ( in enhanced security cases no less that 2048-bit keylength)

The most-of-spread public-key cryptoalgorithm is RSA. RSA is considered to be practically secure with no less than 1024-bit keylenght ( in enhanced security cases no less that 2048-bit keylength)

Public-Key Cryptoalgorithm: Usage

 

• For a key exchanging purposes. We can transmit a symmetric cryptoalgorithm’s key in an encrypted manner without any tamper-proof channel. We only need that a public key must be really public

• For ensuring the integrity. This is the main usage of public-key cryptoalgorithm (and even the main field of contemporary cryptography)

• Public-key cryptoalgorithm gives a basic idea of a digital signature (digisignatuur, digiallkiri)

Public-Key Cryptoalgorithm: Key Exchange

Public-Key Cryptoalgorithm: an Idea of Digital Signing

Cryptographic Message DigestCryptographic Message DigestCryptographic message digest (krüptograafiline sõnumilühend) or cryptographic hash (krüptoräsi) is a digest with a fixed small lenght which is calculated from a message by some deterministic mathematical one-way function

Cryptographic message digest (krüptograafiline sõnumilühend) or cryptographic hash (krüptoräsi) is a digest with a fixed small lenght which is calculated from a message by some deterministic mathematical one-way function

One-way function (ühesuunaline funktsioon): is a function which is easily computable but the inverse function (pöördfunktsioon) is infeasible (impossible to compute in practice)

For a given cryptographic hash value it’s always impossible to find a corresponding message

For a given message-hash pair it’s impossible to modify a message in a way which remains the hash intact

Cryptographic Message Digest: Usage

Cryptographic Message Digest: Usage

If we have a given message-hash pair and the hash corresponds to the message then we can always sure that the actual hash has been certainly calculated from the actual message

If we have a given message-hash pair and the hash corresponds to the message then we can always sure that the actual hash has been certainly calculated from the actual message

Main usage of hashes are just ensuring the integrity (it usually helps the public-key algorithm to protect integrity)

Practically secure hash functions find a hash which lenght is at least 160 bit (in enhanced security cases 256 bits)

Cryptographic Message Digest: Principle

Cryptographic Message Digest: Principle

Theoretical and Practical Security

Theoretical and Practical Security

Theoretical security (teoreetiline turvalisus) is a situation where it’s impossible to break the cryptoalgorithm even with the help of huge amount computational resources (time, processors etc)

Practical security (praktiline turvalisus) is a situation where it’s impossible to break crytpoalgorithm with a reasonable amount of resources (usually by mainframe hosts less than some years)

Conclusion from Shannon’s information theory (1949): for thetheoretical security it’s necessary that the keylenght is no less than the length of plaintext. This aim is achievable only for a symmetric cryptoalgorithms.

Example: one-time-pad or Vernam’s Cipher

As a rule, almost all practical crypto-algorithms have only practical security

Teoretically all of them are breakable within millions or billions of years

As a rule, almost all practical crypto-algorithms have only practical security

Teoretically all of them are breakable within millions or billions of years

Theoretical versus Practical Security

Theoretical versus Practical Security

1. All security must be based on secret key, algorithm is usually publicly available (traditional Kerckhoff’s assumption from 19th century)

2. Resistatnce to a known ciphertext attack (teadaoleva krüptogrammi rünne). If we have only ciphertext we can’t find neither plantext nor key

Typical Demands to Contemporary Cryptoalgorithms (by Ascending

Strength), I

Typical Demands to Contemporary Cryptoalgorithms (by Ascending

Strength), I

3. Resistatnce to a known plaintext attack (teadaoleva avateksti rünne). If we have a plaintext-ciphertext pair (some pairs), we can’t find a used key

4. Resistatnce to a chosen plaintext attack (valitud avateksti rünne). If we can choose a plaintext and can receive get a corresponding ciphertext, we can’t find a used key

Typical Demands to Contemporary Cryptoalgorithms (by Ascending

Strength), II

Typical Demands to Contemporary Cryptoalgorithms (by Ascending

Strength), II

5. Resistance to a adaptive chosen plaintext attack (adaptiivselt valitud avateksti rünne). If we can many times (adaptively) choose the plaintext and receive corresponding ciphertexts (all done with the same key), we can’t find a used key.

Contemporary cryptoalgorithms usually satisfy all these five classical demands

Contemporary cryptoalgorithms usually satisfy all these five classical demands

Typical Demands to Contemporary Cryptoalgorithms (by Ascending

Strength), III

Typical Demands to Contemporary Cryptoalgorithms (by Ascending

Strength), III

Basics of CryptanalysisCryptanalysis (krüptoanalüüs) is a breaking of some mentioned five properties (demands) of an algorithm

Cryptanalysis (krüptoanalüüs) is a breaking of some mentioned five properties (demands) of an algorithm

A more trivial way for a cryptanalysis is a testing of all key combinations. This technique is called an exhaustive search (ammendav otsing)

For a N-bit key we have 2N different key variants. For a big N it is a very huge number. Therefore, an exhaustive search is infeasible to perform since a certain value of N. The typical (lower) limit is 80 – it’s infeasible to perform 280 or more operations in practice

Basics of Cryptanalysis

All these methods which permit to break a N-bit cryptalgorithm less than during 2N operations are called cryptoanalytic techniques

All these methods which permit to break a N-bit cryptalgorithm less than during 2N operations are called cryptoanalytic techniques

A simplest way – an exhaustive search – is usually not considered to be a cryptoanalytic technique

Usually the actual crypotoanalytic techniques are allowed in practice when they reduce the cryptoanalytic work only for 2, 4 or 8 times (needs consequently to consider 2N -1 , 2N-2 or 2N-3 key variants). These are not considered as an effective cryptoanalytic means.

A cryptoalgorithm is considered to be practically secure if we cannot perform an exhaustive search and there are no effective cryptoanalytic techniques available for all above-mentioned five types of attacks

A cryptoalgorithm is considered to be practically secure if we cannot perform an exhaustive search and there are no effective cryptoanalytic techniques available for all above-mentioned five types of attacks

Practical Security of Algorithms

As longer the cryptoalgorithm is used in practice, the probability that these exists some effective cryptoanalytic (breaking) technique will became smaller. All cryptologists try always to found them

But there increases a probability to break them by an exhaustive search (according to the Moore’s rule)

Practical Security Achieving Ways

A basic rule: if we increase keylenght by one bit, the security of algorithm (the amount of necessary comuptational resourses for breaking it) increases two times

A basic rule: if we increase keylenght by one bit, the security of algorithm (the amount of necessary comuptational resourses for breaking it) increases two times

This allows us by the linear growth of expenses to a cryptoalgorithm (computing time, CPU cost etc) to achieve the exponential increase in security (the exponential growth of resources necessary to break the actual algorithm)

Therefore, we can find (estimate) the right (reasonable) threshold and can use it in practice