8/21/2019 Cryptography1 Intro PA5
1/50
Advanced Cryptography
Master Module MK 105
Prof. Dr.-Ing. Ulrich Jetzek
University of Applied Sciences Kiel
Institute for Communications Technology and Microelectronics
8/21/2019 Cryptography1 Intro PA5
2/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 2 Rev. PA2Unit1: introduction
Overview
1. Introduction to Cryptography and Data Security2. Stream Ciphers
3. Data Encryption Standard (DES) and Alternatives
4. Advanced Encryption Standard (AES)5. (More About Block Ciphers)
6. Introduction to Public Key Cryptography
7. The RSA Cryptosystem8. Public-Key Cryptosystems based on the Discrete
Logarithm Problem
9. Elliptic Curve Cryptography10. Digital Signatures
11. Hash Functions
8/21/2019 Cryptography1 Intro PA5
3/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 3 Rev. PA2Unit1: introduction
Examination
Format: Written Examination Duration: 90 Minutes
Permitted Material:
Lecture Notes (Slides) All handwritten lecture notes
Exercises, including handwritten notes/solutions
Pocket calculator
Cryptool script
Not permitted Material:
Books
Laptops or other electronic equipment (exception: pocketcalculator)
8/21/2019 Cryptography1 Intro PA5
4/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 4 Rev. PA2Unit1: introduction
Project work
Plan is: Not yet defined
Ideas are:
Programming of Cyclic Redundancy Check for 16- or 32-bitCRC
Programming of Exensions Field calculations for some givenExtension Fields (e.g. GF(28))
Mandatory (project would count for a specific percentage of yourgrade (e.g. 10% oder 20%) OR
Optional project would only provide some bonus points to yourexam (e.g. 5 or 10% of bonus points).
8/21/2019 Cryptography1 Intro PA5
5/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 5 Rev. PA2Unit1: introduction
Overview: 1. Introduction to Cryptography
References and useful material1. Overview of Cryptology
1. Information exchange today
2. Requirements on information exchange
2. Symmetric cryptography1. Basics
2. Substitution ciphers
3. Cryptanalysis1. General thoughts on breaking cryptosystems2. How many bits are enough?
4. Modular Arithmetic and more historical cicphers
1. Modular arithmetic2. Integer Rings
3. Shift Cipher (or Caesar Cipher)
4. Affine Cipher
8/21/2019 Cryptography1 Intro PA5
6/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 6 Rev. PA2Unit1: introduction
Overview: 1. Introduction to Cryptography
References and useful material1. Overview of Cryptology
1. Information exchange today
2. Requirements on information exchange
2. Symmetric cryptography1. Basics
2. Substitution ciphers
3. Cryptanalysis1. General thoughts on breaking cryptosystems2. How many bits are enough?
4. Modular Arithmetic and more historical cicphers
1. Modular arithmetic2. Integer Rings
3. Shift Cipher (or Caesar Cipher)
4. Affine Cipher
8/21/2019 Cryptography1 Intro PA5
7/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 7 Rev. PA2Unit1: introduction
References
Excellent textbook oncryptography
Published 2010
Well-structured
Clear
Mathematically precise
Explains very well WHYdesigns, algorithms are made
the way they are.
Internet-site:
http://www.crypto-textbook.com/
8/21/2019 Cryptography1 Intro PA5
8/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 10 Rev. PA2Unit1: introduction
Material
Cryptool http://www.cryptool.de/ CrypTool - program to learn/try out cryptography and
cryptanalysis
Free ware program to learn and try out cryptographical algorithmsand methods.
Initiator and father of this program: Prof. Dr. Bernhard Esslinger(Universitt Siegen, Germany)
8/21/2019 Cryptography1 Intro PA5
9/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 11 Rev. PA2Unit1: introduction
Overview: 1. Introduction to Cryptography
References and useful material1. Overview of Cryptology
1. Information exchange today
2. Requirements on information exchange
2. Symmetric cryptography1. Basics
2. Substitution ciphers
3. Cryptanalysis1. General thoughts on breaking cryptosystems2. How many bits are enough?
4. Modular Arithmetic and more historical cicphers
1. Modular arithmetic2. Integer Rings
3. Shift Cipher (or Caesar Cipher)
4. Affine Cipher
8/21/2019 Cryptography1 Intro PA5
10/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 12 Rev. PA2Unit1: introduction
Goals of this lecture
Within this lecture you shall learn:1. General rules of cryptography
2. Key lengths for short-, medium- and long term security
3. Difference between different types of attacks against ciphers
4. Some historical ciphers (e.g. Caesar cipher)
5. The basics about modular arithmetic an important field formodern cryptography
6.
Why you should ONLY use well-established encryptionalgorithms
8/21/2019 Cryptography1 Intro PA5
11/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 13 Rev. PA2Unit1: introduction
1.1 Overview of Cryptology
Source: Paar, Pelzl: Understanding cryptography, chapter 1
8/21/2019 Cryptography1 Intro PA5
12/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 14 Rev. PA2Unit1: introduction
Historical background
In EARLIER days: Lowinformation flow and exchange.
Specific information had to be transmitted from A to B AND had tobe kept secret e.g. in case of wars
even in ancient times people developed methods to encrypt /decrypt information.
However information only existedin
Written form
was mainly transmitted by hand, resp. a messenger
THESE days are the age of
Information technology
Computer networks (LANs, WLANs, WANs, Internet, ) Mobile communication systems
Huge amount of information exchanged every secondworldwide.
8/21/2019 Cryptography1 Intro PA5
13/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 15 Rev. PA2Unit1: introduction
Information Exchange today
Business information R&D information (patents, software design, hardware design, )
being exchanged
Within a development site (intra-site exchange)
Between development sites national/international Banking information
Banking transactions
Trading information (stock exchange)
Travel information Education and research information
Within and between universities
Voice communication fixed line cordless phones
mobile communication systems
8/21/2019 Cryptography1 Intro PA5
14/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 16 Rev. PA2Unit1: introduction
Information Exchange today
Message services SMS
MMS,
Email-exchange Private, Business, Commercial
Online Services Internet shopping
Online banking, etc.
Video services
Video on demand (IP TV)
Internet video platforms (e.g. YOU TUBE)
Video telephony (skype)
Every day applications
Gaming and fun
There is an app for almost everything (iphone)
8/21/2019 Cryptography1 Intro PA5
15/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 17 Rev. PA2Unit1: introduction
Information Exchange model
Channel media are: Twisted pair cable
Coaxial cable
Optical fibre
Radio communication
DECT WLAN
GSM, UMTS, LTE
Satellite communication
Various methods exist to monitordata while being transmitted overmedia.
Third party monitoring of data overmedia can neverbe avoided
Informationsource
Informationreceiver
Channel
8/21/2019 Cryptography1 Intro PA5
16/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 18 Rev. PA2Unit1: introduction
Consequences due to information exchange
Question: Which requirements exist when information isbeing exchanged?
Business information:
Information must be secured against third party attacks to avoid Industrial espionage and
economic damage
Hint: recent estimates (2010) quote that industrial espionage only inGermany causes economic damage in the order of billions of Europer year (3 50 billion Euro).
http://www.news.de/wirtschaft/855073466/abgehoert-und-ausgespaeht/1/
8/21/2019 Cryptography1 Intro PA5
17/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 19 Rev. PA2Unit1: introduction
Consequences due to information exchange
Commercial security: Banking, trading and online shopping transactions need to be
secured against
Manipulation of sender, receiver, account numbers, money
amounts, etc.
Monitoring of data
Privacy:
Voice communication, Emails and other information need to besecured for
Privacy reasons
Cost control
Authentication (to make sure that no bad guy prevents to besomeone else, e.g. your good friend, whom you always trust.)
8/21/2019 Cryptography1 Intro PA5
18/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 22 Rev. PA2Unit1: introduction
Do other security needs (security services) exist, whichneed to be fulfilled by corresponding crypto-systems?
Confidentiality (provided by symmetric cryptosystems)
information kept secret from all but authorized parties.
Data Integrity
message has not been modified in transit.
Authentication
The sender of a message is authentic.
Alternative term is data origin authentication.
Non-repudiation
The sender of a message can not deny the creation of the
message.
Motivation for Digital Signatures
Source: Paar, Pelzl: Understanding Cryptography, chapter 10
8/21/2019 Cryptography1 Intro PA5
19/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 23 Rev. PA2Unit1: introduction
Overview: 1. Introduction to Cryptography
References and useful material1. Overview of Cryptology
1. Information exchange today
2. Requirements on information exchange
2. Symmetric cryptography1. Basics
2. Substitution ciphers
3. Cryptanalysis1. General thoughts on breaking cryptosystems
2. How many bits are enough?
4. Modular Arithmetic and more historical cicphers
1. Modular arithmetic2. Integer Rings
3. Shift Cipher (or Caesar Cipher)
4. Affine Cipher
8/21/2019 Cryptography1 Intro PA5
20/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 24 Rev. PA2Unit1: introduction
1.2.1 Symmetric Cryptography - Basics
Alternative names: private-key, single-key or secret-keycryptography.
Problem Statement:
1. Alice and Bob would like to communicate via an
unsecure channel (e.g. WLAN or Internet).2. A malicious third party Oscar (the bad guy) has channel
access but should not be able to understand thecommunication.
Source: Paar, Pelzl: Understanding cryptography, chapter 1
message x message x
8/21/2019 Cryptography1 Intro PA5
21/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 25 Rev. PA2Unit1: introduction
1.2.1 Symmetric cryptography Basics
x: plaintext
y: ciphertext
K: key
Set of all keys {K1, K2, ...,Kn}: key space
Source: Paar, Pelzl: Understanding cryptography, chapter 1
Solution:Encryption with symmetric cipher.
Oscar obtains only ciphertext y, thatlooks like random bits
8/21/2019 Cryptography1 Intro PA5
22/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 26 Rev. PA2Unit1: introduction
What can cryptography NOT do ?
Avoid that Oscar may manipulate data (he just cannot do itunnoticed).
Avoid that Oscar might monitor and store data however,he can not use the data if he cannot decrypt them
Avoid that sabotage is being done to data lines and
infrastructure. However, this does not help Oscar toaccess the information (plain text!) itself.
8/21/2019 Cryptography1 Intro PA5
23/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 27 Rev. PA2Unit1: introduction
1.2.1 Symmetric cryptography Basics
Advantages: High encryption and decryption speed due to rather simple base
operations
Disadvantages:
Key management key must be exchanged over a SECUREchannel before communication starts.
Within data networks: many different keys are needed. For n participants: n * (n-1)/2 keys are needed.
N Key space N Key space
2 1 100 4.950
3 3 1000 499.500
4 6 10000 49.995.000
5 10 100000 4.999.950.000
?
8/21/2019 Cryptography1 Intro PA5
24/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 28 Rev. PA2Unit1: introduction
1.2.1 Symmetric cryptography Basics
Encryption equation y = eK(x)Decryption equation x = dK(y)
Encryption and decryption are inverse operationsif the same key
K is used on both sides.
Source: Paar, Pelzl: Understanding cryptography, chapter 1
xxedyd KKK == ))(()(
Important: key must be transmitted via secure channel between
Alice and Bob. secure channel can be realized, e.g., by
manually installing the key for the Wi-Fi Protected Access (WPA)protocol or
a human courier.
However, system is only secure if an attacker does not get toknow the key K!
The problem of secure communication is reduced to securetransmission and storage of the key K.
8/21/2019 Cryptography1 Intro PA5
25/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 29 Rev. PA2Unit1: introduction
1.2.2 Substitution ciphers
Historical cipher Great tool for understanding brute-force vs. analytical attacks
Encrypts letters rather than bits (like all ciphers until after WW II)
Idea: replace each plaintext letter by a fixed other letter.
Source: Paar, Pelzl: Understanding cryptography, chapter 1
Example: ABBA kddk
Example (ciphertext):iq ifcc vqqr fb rdq vfllcq na rdq cfjwhwz hr bnnb hcc hwwhbsqvqbre hwq vhlq
How secure is the Substitution Cipher? Lets look at attacks
Plaintext ciphertext
A K
B D
C W
8/21/2019 Cryptography1 Intro PA5
26/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 30 Rev. PA2Unit1: introduction
1.2.2 Attacks against substitution ciphers
1. Attack: Exhaustive Key Search (Brute-Force Attack) Simply try every possible subsititution table until an intelligent
plaintext appears
NOTE: each substitution table is a key!
How many substitution tables (= keys) do exist?26 x 25 x x 3 x 2 x 1 = 26! 288 41026
Search through 288 keys is completely infeasible with todayscomputers!
Q: Can we now conclude that the substitution cipher is secure since abruteforce attack is not feasible?
A: No! We have to protect against all possible attacks
Source: Paar, Pelzl: Understanding cryptography, chapter 1
8/21/2019 Cryptography1 Intro PA5
27/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 31 Rev. PA2Unit1: introduction
1.2.2 Attacks against substitution ciphers
2. Attack: Letter Frequency Analysis Letters have very different frequencies in the English language
Moreover: the frequency of plaintext letters is preserved in theciphertext.
For instance, e is the most common letter in English; almost 13% ofall letters in a typical English text are e.
The next most common one is t with about 9%.
Source: Paar, Pelzl: Understanding cryptography, chapter 1
8/21/2019 Cryptography1 Intro PA5
28/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 32 Rev. PA2Unit1: introduction
1.2.2 Attacks against substitution ciphers
2. Attack (contd): Letter Frequency Analysis Lets return to our example and identify the most frequent letter:
iq ifcc vqqr fb rdq vfllcq na rdq cfjwhwz hr bnnb hcc
hwwhbsqvqbre hwq vhlq
We replace the ciphertext letter q by E and obtain:
iE ifcc vEEr fb rdE vfllcE na rdE cfjwhwz hr bnnb hcc
hwwhbsEvEbre hwE vhlE
By further guessing based on the frequency of the remaining letterswe obtain the plaintext:
WE WILL MEET IN THE MIDDLE OF THE LIBRARY AT NOON ALL
ARRANGEMENTS ARE MADE
Source: Paar, Pelzl: Understanding cryptography, chapter 1
8/21/2019 Cryptography1 Intro PA5
29/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 33 Rev. PA2Unit1: introduction
1.2.2 Letter Frequency Attack
In practice, not only frequencies of individual letters can beused for an attack, but also the frequency of
letter pairs (i.e., th is very common in English),
letter triples
Common letter groups / words
Important lesson: Although the substitution cipher has asufficiently large key space of appr. 288, it can easily bedefeated with analytical methods. This is an excellent
example that an encryption scheme must withstand all
types of attacks.
Source: Paar, Pelzl: Understanding cryptography, chapter 1
8/21/2019 Cryptography1 Intro PA5
30/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 34 Rev. PA2Unit1: introduction
Overview: 1. Introduction to Cryptography
References and useful material
1. Overview of Cryptology1. Information exchange today
2. Requirements on information exchange
2. Symmetric cryptography1. Basics
2. Substitution ciphers
3. Cryptanalysis1. General thoughts on breaking cryptosystems
2. How many bits are enough?
4. Modular Arithmetic and more historical cicphers
1. Modular arithmetic2. Integer Rings
3. Shift Cipher (or Caesar Cipher)
4. Affine Cipher
8/21/2019 Cryptography1 Intro PA5
31/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 35 Rev. PA2Unit1: introduction
1.3 Cryptanalysis
ClassicalCryptanalysis
ImplementationAttacks
SocialEngineering
Cryptanalysis
MathematicalAnalysis
Brute-ForceAnalysis
Source: Paar, Pelzl: Understanding cryptography, chapter 1
8/21/2019 Cryptography1 Intro PA5
32/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 36 Rev. PA2Unit1: introduction
1.3.1 General thoughts on breaking cryptosystems.
Kerkhoffs Principle:A cryptosystem should be secure even if the attacker(Oscar) knows all details about the system, with theexception of the secret key. In particular, the system
should be secure when the attacker knows the encryptionand decryption algorithms.
Important Lesson:
An attacker always looks for the weakestlink in your
cryptosystem. That means we have to choose strongalgorithms andwe have to make sure that socialengineering and implementation attacks are not practical.
Source: Paar, Pelzl: Understanding cryptography, chapter 1
8/21/2019 Cryptography1 Intro PA5
33/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 37 Rev. PA2Unit1: introduction
1.3.2 How many bits are enough?
Discussion on key length ONLY relevant, if brute-force attack is the best known attack.
Compare security analysis of substitution ciphers!
Key lengths of symmetric and asymmetric algorithms are
much different: Example: 80-bit symmetric key provides roughly same security as
1024-bit RSA key (asymmetric cryptosystem).
What keys lengths are being used in symmetriccryptosystems?
Key length Security estimation
56-64 bits Short term: a few hours or days
112-128 bits Long term: several decades in the absence of quantumcomputers
256 bits Long term: several decades even with quantum
computers
O i 1 I d i C h
8/21/2019 Cryptography1 Intro PA5
34/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 38 Rev. PA2Unit1: introduction
Overview: 1. Introduction to Cryptography
References and useful material
1. Overview of Cryptology1. Information exchange today
2. Requirements on information exchange
2. Symmetric cryptography1. Basics
2. Substitution ciphers
3. Cryptanalysis1. General thoughts on breaking cryptosystems
2. How many bits are enough?
4. Modular Arithmetic and more historical cicphers
1. Modular arithmetic2. Integer Rings
3. Shift Cipher (or Caesar Cipher)
4. Affine Cipher
1 4 1 M d l ith ti
8/21/2019 Cryptography1 Intro PA5
35/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 40 Rev. PA2Unit1: introduction
1.4.1 Modular arithmetic
Remainder is NOT unique For any given number a and module, there exists an infinite
number of equivalent numbers modulo m !
Example: Look at: 12 : 9 = 1, Remainder 3
21 : 9 = 2, Remainder 3
30 : 9 = 3, Remainder 3
39 : 9 = 4, Remainder 3 48 : 9 = 5, Remainder 3
OR:
3 mod 9
12 mod 9
21 mod 9
30 mod 9
39 mod 9
The set of numbers: {, -15, -6, 3, 12, 21, 30, 39, 48, } is
called an equivalence class modulo 9
1 4 1 M d l ith ti
8/21/2019 Cryptography1 Intro PA5
36/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 41 Rev. PA2Unit1: introduction
1.4.1 Modular arithmetic
Remainder is NOT unique The following sets are all 9 equivalence classes modulo 9:
....}26,35,17,,81,-10,-19,-.,{
....}30,21,12,,36,-15,-24,-{....,
.}28,19,10,,18,-17,-26,-.,{
}.27,18,9,,09,-18,-27,-.,{
M
M
ALL members of a single equivalence class modulo mbehave equivalently in the sense, that any of them yields
the SAME remainder if divided by m.
1 4 1 Mod lar arithmetic
8/21/2019 Cryptography1 Intro PA5
37/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 42 Rev. PA2Unit1: introduction
1.4.1 Modular arithmetic
Computation of the remainder
Any integer a can be written as:
a = q m + r for 0 r < m
where
a : m = q with remainder r
is an integer operation.AND
r {0, 1, 2, 3, , m-1}
Example:42 : 9 = 4, remainder 6 OR
42 6 mod 9
1 4 1 Modular arithmetic
8/21/2019 Cryptography1 Intro PA5
38/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 43 Rev. PA2Unit1: introduction
1.4.1 Modular arithmetic
Definition 1.4.1: Modulo Operation:
remaindercalledisandmoduluscallediswhere
dividesif
mod
:defineWe0.mandmr,a,Let
rm
a-rm
mra
>
1 4 1 Modular arithmetic
8/21/2019 Cryptography1 Intro PA5
39/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 44 Rev. PA2Unit1: introduction
1.4.1 Modular arithmetic
Common problem in public key cryptosystems:xe mod m = ?
for large integers (e.g. 2048 bits each)
Using the property of an equivalence class, this problemcan be split up by so called Modular reduction.
Example: 38mod 7=? 1. Approach: straightforward
38= 6561 2 mod 7
LARGE intermediate result 6561 even though we knowthat the final result cant be larger than 6.
1 4 1 Modular arithmetic
8/21/2019 Cryptography1 Intro PA5
40/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 45 Rev. PA2Unit1: introduction
1.4.1 Modular arithmetic
2. Approach: Exponentiation with intermediate modular reduction38= 3232 32 32= 9 9 9 9
Problem is reduced to:
38mod 7 = (9 9 9 9) mod 7 ((9 mod 7)4) mod 7
(2 2 2 2) mod 7 16 mod 7 2 mod 7
Note that we can perform all these multiplications without
pocket calculator, whereas mentally computing 38 = 6561is a bit challenging for most of us.
General rule: Reduce intermediate resultsas soon as possible.
1 4 1 Modular arithmetic
8/21/2019 Cryptography1 Intro PA5
41/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 46 Rev. PA2Unit1: introduction
1.4.1 Modular arithmetic
Which element of an equivalence class do we choose?
Agreement: we use the (smallest positive) integer r suchthat
0 r
8/21/2019 Cryptography1 Intro PA5
42/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 47 Rev. PA2Unit1: introduction
1.4.2 Integer Rings
=
=+
+
=
m, dda x b
m, ccba
xm
mod2.
mod1.
such thatba,allfor""and""operationstwo.2}1,...,2,1,0{setthe1.
:ofconsistsRingintegerAn
RingInteger:Definition
m
1 4 2 Properties of Integer Rings
8/21/2019 Cryptography1 Intro PA5
43/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 48 Rev. PA2Unit1: introduction
1.4.2 Properties of Integer Rings
1. Ring is closed: The result of anyaddition or multiplication alwaysisan element of the ring.
2. Associativity:
(a + b) + c = a + (b + c)
(a x b) x c = a x (b x c)
3. Neutral Element of addition:
a + 0 a mod m, a m4. Neutral element of multiplication:
a x 1
a mod m,
a
m
5. Inverse element w.r.t. addition:
a + (-a) 0 mod m, a m6. Inverse element w.r.t. multiplication:
a x a-1 1 mod m, an inverse element exists for someelements aNOTE: up to here: no restriction on the choice of m has been made..
7. Distributivity:
a x (b + c) = (a x b) + (a x c) a,b,c m
1 4 3 Shift (or Caesar) cipher
8/21/2019 Cryptography1 Intro PA5
44/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 49 Rev. PA2Unit1: introduction
1.4.3 Shift (or Caesar) cipher
Ancient cipher, supposed to be used by Julius Caesar
Replaces each plaintext letter by another one.
Replacement rule is very simple: Take letter that follows after kpositions in the alphabet (cyclic shift)
Needs mapping from letters
numbers:
Example: key K=7: y = x + 7 mod 26
Plaintext = A T T A C K = 0, 19, 19, 0, 2, 10
Ciphertext = H A A H J R = 7, 0, 0, 7, 9, 17
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Source: Paar, Pelzl: Understanding cryptography, chapter 1
H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 0 1 2 3 4 5 6
1.4.3 Shift (or Caesar) cipher
8/21/2019 Cryptography1 Intro PA5
45/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 50 Rev. PA2Unit1: introduction
1.4.3 Shift (or Caesar) cipher
Substitution is done by a cyclic shift, whichmathematically corresponds to a modulo operation:
e.g., (20 + 7)mod 26 = 27 mod 26 1
Source: Paar, Pelzl: Understanding cryptography, chapter 1
Disadvantage:
extremely small key space of size 26 only
Brute-force-attack easily possible
Letter-analysis-attack easily possible.
26mod)(:Decryption
26mod)(:Encryption
LetcipherCaesar)(orShift:Definition
kyyd
kxxe
x,y,k
k
k
=
+=
1.4.3 Shift Cipher: Quiz
8/21/2019 Cryptography1 Intro PA5
46/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 51 Rev. PA2Unit1: introduction
1.4.3 Shift Cipher: Quiz
Following cipher text is Caesar encrypted: Try to decrypt it.
Plain text
Sahykiabwjo kb
ynulpkcnwldu
Ciphertext Plain text
key key
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
1.4.4 Affine Cipher
8/21/2019 Cryptography1 Intro PA5
47/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 53 Rev. PA2Unit1: introduction
e C p e
Due to the restriction gcd(a,26)=1:
a {1,3,5,7,9,11,15,17,19,21,23,25}
NOTE: even numbers and 13 not contained, since 26 = 2 * 13
Why is the restriction gcd(a,26)=1 needed?
Since a multiplicative inverse of a, namely a-1, exists if and only ifgcd (a,26)=1
y]andxofdivisorcommongreatest:y)[gcd(x,
126gcd:nrestrictiotheandkeywith
26mod))(()(:Decryption
26mod)()(:Encryption
LetCipherAffine:Definition
1
==
=
+=
)(a,(a,b)k
byaxyd
bxayxe
x,y,a,b
k
k
1.4.4 Affine Cipher - Quiz
8/21/2019 Cryptography1 Intro PA5
48/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 54 Rev. PA2Unit1: introduction
p
1. Given is the key k=(a,b)=(9,13) and thePlaintext: x = ATTACK = 0,19,19,0,2,10
Calculate the cipher text y = a x +b mod 26
Solution:X1=0: y1 = (9 0 +13) mod 26 = 13 y1 = n
X2=19: y2 = (9 19+13) mod 26 = 184 mod 26 = 2 y2 = c
X5=2: y5 = (9 2 +13) mod 26 = 31 mod 26 = 5 y5 = f
X6=10: y6 = (9 10+13) mod 26 = 103 mod 26 = 25 y6 = z
Y = nccnfz
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
1.4.4 Affine Cipher - Quiz
8/21/2019 Cryptography1 Intro PA5
49/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 56 Rev. PA2Unit1: introduction
p
2. How large is the key space of an affine cipher ?Solution:
3122612
b)ofvaluesofnumber(#a)ofvalues(#spacekey
==
=
3. Is the affine cipher secure?
Solution:
No, for 2 reasons:
1. Key space of 312 can be broken in a fraction of a second with
todays PCs.2. Mapping of plaintext and ciphertext letters is fixed Letter
frequency analysis also possible.
Lessons learned
8/21/2019 Cryptography1 Intro PA5
50/50
Prof. Dr:-Ing. Ulrich Jetzek MK105 Advanced cryptorgraphyUniversity of Applied Sciences Kiel 57 Rev. PA2Unit1: introduction
Never ever develop your own crypto algorithm unless you have ateam of experienced cryptanalysts checking your design.
Do not use unproven crypto algorithms or unproven protocols.
Attackers always look for the weakest point of a cryptosystem. Forinstance, a large key space by itself is no guarantee for a cipher beingsecure; the cipher might still be vulnerable against analytical attacks.
Key lengths for symmetric algorithms in order to thwart exhaustivekey-search attacks:
64 bit: insecure except for data with extremely short-term value
128 bit: long-term security of several decades, unless quantum computersbecome available (quantum computers do not exist and perhaps neverwill)
256 bit: as above, but probably secure against attacks by quantum
computers. Modular arithmetic is a tool for expressing historical encryption
schemes, such as the affine cipher, in a mathematically elegant way.
Source: Paar, Pelzl: Understanding cryptography, chapter 1