Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cryptography: 500 BC to Quantum Computing

luke crouch
October 22, 2019

Cryptography: 500 BC to Quantum Computing

Have you always wanted to learn more about cryptography? This high-level survey of crypto takes the audience all the way from Scytales and Caesar ciphers in ancient Greece, to Vigenere Square, to Enigma in World War II, to TLS, and even Post-Quantum Cryptography!

luke crouch

October 22, 2019
Tweet

More Decks by luke crouch

Other Decks in Technology

Transcript

  1. Cryptography:
    500 BC - Quantum Computing

    View Slide

  2. View Slide

  3. About me
    I’m not a crypto engineer
    I’m a web developer

    who got into

    Security Engineering
    I’ve always been scared

    and fascinated by crypto

    View Slide

  4. About this talk
    2700 years in 40 minutes
    Don’t take notes
    Slides are already up at:

    speakerdeck.com/groovecoder

    View Slide

  5. 2 “stories” of
    cryptography

    View Slide

  6. technology

    View Slide

  7. code-makers 

    vs.

    code-breakers

    View Slide

  8. Thru-out this talk, I’m going
    to track this with a timeline …

    View Slide

  9. “Ages”
    “Code-making”
    “Code-breaking”

    View Slide

  10. “Ages” of technology
    Ancient: 7m
    Renaissance: 5m
    Industrial: 7m
    Computing: 12m
    Quantum: 5m

    View Slide

  11. Ancient Code-making

    View Slide

  12. T
    ranspositional/Permutation

    Ciphers
    Anagrams: move letters around

    View Slide

  13. Permutation Cipher
    For example, consider this short sentence
    35 letters
    50,000,000,000,000,000,000,000,000,000,000

    (50 trillion trillion) permutations

    View Slide

  14. “Strength” of encryption systems:
    How “easy” or “hard” are they?

    View Slide

  15. Time Complexity

    View Slide

  16. Permutation Cipher
    EXPERIMENTATIONS FRESH CHORD LOSS
    50,000,000,000,000,000,000,000,000,000,000

    (50 trillion trillion) permutations
    1 check/second =

    1,500,000,000,000,000,000,000,000 years

    (1 trillion billion years)

    View Slide

  17. Drawbacks of
    random permutation cipher
    Impossible for intended recipient too
    False positives: which anagram is right?
    Do Not Attack at Midnight
    Attack at Mind: do T
    onight

    View Slide

  18. We need a

    deterministic
    way to encrypt & decrypt

    View Slide

  19. Algorithms & Keys

    View Slide

  20. Rail fence cipher
    http://crypto.interactive-maths.com/rail-fence-cipher.html

    View Slide

  21. Rail fence cipher
    key = 4
    http://crypto.interactive-maths.com/rail-fence-cipher.html
    they are attacking from the north

    View Slide

  22. Rail fence cipher; k=4
    http://crypto.interactive-maths.com/rail-fence-cipher.html
    they are attacking from the north

    View Slide

  23. Rail fence cipher; k=4
    http://crypto.interactive-maths.com/rail-fence-cipher.html
    they are attacking from the north
    TEKOOHRACIRMNREATANFTETYTGHH

    View Slide

  24. Rail fence cipher; k=4
    http://crypto.interactive-maths.com/rail-fence-cipher.html
    they are attacking from the north
    TEKOOHRACIRMNREATANFTETYTGHH
    they are attacking from the north

    View Slide

  25. Machines for
    cryptography

    View Slide

  26. Scytale, ~700 BCE - 120 AD
    Algorithm
    Wrap message around a
    cylinder
    Key
    Diameter of cylinder

    View Slide

  27. Ancient
    Scytale
    ~700 BC

    View Slide

  28. Cryptanalysis
    Breaking encrypted messages

    View Slide

  29. Breaking rail fence cipher
    http://crypto.interactive-maths.com/rail-fence-cipher.html
    “Naive Brute Force” 

    key search:

    T
    ry a bunch of numbers of
    rows by hand

    View Slide

  30. Breaking rail fence cipher
    DELEHELFTAAEDSWNT
    2 rows: daealeedhsewlnftt
    3 rows: deslefwtlanaeetdh
    4 rows: detwaheeanellfdts
    5 rows: defend the east wall

    View Slide

  31. So, the first cryptanalysis is
    simply “naive brute force” 

    key searching

    View Slide

  32. “Key space”
    How many possible keys are there?

    View Slide

  33. Breaking a Scytale
    “Naive Brute Force”

    key search:

    T
    ry a bunch of cylinders

    View Slide

  34. Ancient
    Scytale
    ~700 BC
    Brute Force
    Key Search

    View Slide

  35. Substitutional Cipher
    Change letters into other letters

    View Slide

  36. Caesar Cipher, 49 - 44 BC
    Algorithm
    Replace each letter with
    another letter
    Key
    K positions down the
    alphabet

    View Slide

  37. Caesar (Shift) Cipher
    Plain alphabet: abcdefghijklmnopqrstuvwxyz
    Cipher alphabet: DEFGHIJKLMNOPQRSTUVWXZYABC

    View Slide

  38. Ancient
    Steganography,

    Scytale
    ~700 BC
    Brute Force
    Key Search
    Caesar Cipher
    ~50 BC

    View Slide

  39. Breaking a Caesar Cipher
    “Naive Brute Force” 

    key search:

    26 possible shifts

    View Slide

  40. Can we give ourselves a really
    large key space?


    So it would take an attacker a
    long time to search them all?

    View Slide

  41. Non-shifted Random
    Substitution
    Algorithm
    Replace each letter with another letter
    Key
    Any Cipher Alphabet
    (An anagram of the alphabet! such meta!)

    View Slide

  42. Non-shifted Substitutional Cipher
    26 letters to re-arrange
    Key space: 403,291,461,000,000,000,000,000,000

    (403 trillion trillion or ~288)

    possible re-arrangements (English)
    120,000,000,000,000,000,000

    (120 billion billion)

    years at 1 check/s

    View Slide

  43. Most crypto-systems
    don’t try to offer
    “perfect” encryption …

    View Slide

  44. … most crypto systems try to
    force attackers into 

    key searches that take too
    long to complete

    View Slide

  45. Non-shifted Substitutional Cipher
    26 letters to re-arrange
    Key space: 403,291,461,000,000,000,000,000,000

    (403 trillion trillion or ~288)

    possible re-arrangements (English)
    120,000,000,000,000,000,000

    (120 billion billion)

    years at 1 check/s

    View Slide

  46. Key:
    XZAVOIDBYGERSPCFHJKLMNQTUW

    View Slide

  47. Can we create a

    “pseudo-random”
    key that is easy to memorize?

    View Slide

  48. Easy to memorize key
    JULIUS CAESAR

    JULISCAER

    View Slide

  49. Easy to memorize key
    Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ
    JULIUS CAESAR

    JULISCAER

    View Slide

  50. Easy to memorize key
    Plain alphabet: abcdefghijklmnopqrstuvwxyz
    Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ
    JULIUS CAESAR

    JULISCAER
    Note: smaller key space

    View Slide

  51. “key derivation function”
    Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ
    JULIUS CAESAR

    View Slide

  52. Plain alphabet: abcdefghijklmnopqrstuvwxyz
    Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ
    Defend the East wall
    ISCSYI HES SJGH NJWW

    View Slide

  53. Ancient
    Steganography,

    Scytale
    ~700 BC
    Brute Force
    Key Search
    Caesar Cipher
    ~50 BC
    Non-shifted

    Substitution

    Cipher

    View Slide

  54. So, we’ve got a simple crypto-
    system that would take decades
    for hundreds of thousands of
    computers to break!

    View Slide

  55. npm install
    keyed-substitution-cipher
    git commit -m

    “lulz crypto”

    View Slide

  56. Non-shifted Substitution Cipher
    considered un-breakable
    for ~800 years, until …

    View Slide

  57. ةامعملا بتكلا جارختسا يف ةلاسر
    (On Decrypting Encrypted Correspondence)
    يدنكلا حاّبصلا قاحسإ نب بوقعي فسوي وبأ

    (Abu Yūsuf Yaʻqūb ibn ʼIsḥāq aṣ-Ṣabbāḥ al-Kindī)

    Al-Kindi
    801-873 AD

    View Slide

  58. Frequency Analysis
    Attack

    View Slide

  59. View Slide

  60. “PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV
    ZCJPO EYPD KBXBJYUXJ LBJOO KCPK. CP LBO
    LBCMKXPV XPV IYJKL PYDBL, QBOP KBO BXV
    OPVOV LBO LXRO CI SX’XJMI, KBO JCKO XPV
    EYKKOV LBO DJCMPV ZOICJO BYS, KXUYPD:
    “DJOXL EYPD, ICJ X LBCMKXPV XPV CPO
    PYDBLK Y BXNO ZOOP JOACMPLYPD LC UCM
    LBO IXZROK CI FXKL XDOK XPV LBO RODOPVK
    CI XPAYOPL EYPDK. SXU Y SXEO KC ZCRV XK LC
    AJXNO X IXNCMJ CI UCMJ SXGOKLU?”
    –OFYRCDMO, LXROK IJCS LBO LBCMKXPV XPV CPO PYDBLK

    View Slide

  61. Plain alphabet: abcdefghijklmnopqrstuvwxyz
    Cipher alphabet: ??????????????????????????

    View Slide

  62. Likeliest plaintext letters
    O = e
    X = t
    P = a

    View Slide

  63. English frequency rules
    Vowels appear before and after most other letters
    Consonants avoid many letters
    E.g., ‘e’ appears before/after virtually every other letter; while ’t’
    is rarely seen before or after ‘b’, ‘d’, ‘g’, ‘j’, ‘k’, ‘m’, ‘q’, ‘v’
    “ee” occurs more than “oo” occurs more than other double-vowels
    “a” occurs on its own often - more than “I” on its own
    ‘h’ frequently goes before ‘e’
    but rarely after ‘e’

    View Slide

  64. Cipher
    O = e
    X = a
    Y = i
    B = h
    P = t ?

    View Slide

  65. “PCQ VMJiPD LhiK LiSe KhahJaWaV haV ZCJPe
    EiPD KhahJiUaJ LhJee KCPK. CP Lhe LhCMKaPV
    aPV IiJKL PiDhL, QheP Khe haV ePVeV Lhe LaRe CI
    Sa’aJMI, Khe JCKe aPV EiKKeV Lhe DJCMPV
    ZeICJe hiS, KaUiPD: “DJeaL EiPD, ICJ a LhCMKaPV
    aPV CPe PiDhLK i haNe ZeeP JeACMPLiPD LC UCM
    Lhe IaZReK CI FaKL aDeK aPV Lhe ReDePVK CI
    aPAiePL EiPDK. SaU i SaEe KC ZCRV aK LC AJaNe
    a IaNCMJ CI UCMJ SaGeKLU?”
    –eFiRCDMe, LaReK IJCS Lhe LhCMKaPV aPV CPe PiDhLK

    View Slide

  66. “PCQ VMJiPD LhiK LiSe KhahJaWaV haV ZCJPe
    EiPD KhahJiUaJ LhJee KCPK. CP Lhe LhCMKaPV
    aPV IiJKL PiDhL, QheP Khe haV ePVeV Lhe LaRe CI
    Sa’aJMI, Khe JCKe aPV EiKKeV Lhe DJCMPV
    ZeICJe hiS, KaUiPD: “DJeaL EiPD, ICJ a LhCMKaPV
    aPV CPe PiDhLK i haNe ZeeP JeACMPLiPD LC UCM
    Lhe IaZReK CI FaKL aDeK aPV Lhe ReDePVK CI
    aPAiePL EiPDK. SaU i SaEe KC ZCRV aK LC AJaNe
    a IaNCMJ CI UCMJ SaGeKLU?”
    –eFiRCDMe, LaReK IJCS Lhe LhCMKaPV aPV CPe PiDhLK
    “Lhe” 6 times

    View Slide

  67. “Lhe”
    Plain alphabet: abcdefghijklmnopqrstuvwxyz
    Cipher alphabet: X???O??BY??????????L??????
    “the”

    View Slide

  68. “PCQ VMJiPD thiK tiSe KhahJaWaV haV ZCJPe EiPD
    KhahJiUaJ thJee KCPK. CP the thCMKaPV aPV IiJKt
    PiDht, QheP Khe haV ePVeV the taRe CI Sa’aJMI,
    Khe JCKe aPV EiKKeV the DJCMPV ZeICJe hiS,
    KaUiPD: “DJeat EiPD, ICJ a thCMKaPV aPV CPe
    PiDhtK i haNe ZeeP JeACMPtiPD tC UCM the
    IaZReK CI FaKt aDeK aPV the ReDePVK CI aPAiePt
    EiPDK. SaU i SaEe KC ZCRV aK tC AJaNe a IaNCMJ
    CI UCMJ SaGeKtU?”
    –eFiRCDMe, taReK IJCS the thCMKaPV aPV CPe PiDhtK
    “aPV” 5 times

    View Slide

  69. “aPV”
    Plain alphabet: abcdefghijklmnopqrstuvwxyz
    Cipher alphabet: X??VO??BY????P?????L??????
    “and”

    View Slide

  70. View Slide

  71. “now during this time shahra[qxzj]ad had borne king
    shahriyar three sons. on the thousand and first night,
    when she had ended the tale of ma’aruf, she rose and
    kissed the ground before him, saying: “great king, for
    a thousand and one nights i have been recounting to
    you the fables of past ages and the legends of
    ancient kings. may i make so bold as to crave a favour
    of your ma[qxzj]esty?”
    –epilogue, tales from the thousand and one nights
    Plain alphabet: abcdefghijklmnopqrstuvwxyz
    Cipher alphabet: XZAVOIDBY?ERSPCF?JKLMNQ?U?

    View Slide

  72. Frequency Analysis:
    An analytical attack faster
    than naive brute force
    key search

    View Slide

  73. Ancient
    Steganography,

    Scytale
    ~700 BC
    Brute Force
    Key Search
    Caesar Cipher
    ~50 BC
    Non-shifted

    Substitution

    Cipher
    Frequency

    Analysis

    ~800 AD

    View Slide

  74. Frequency Analysis
    considered indefensible
    for ~800 years

    View Slide

  75. Code-makers needed a

    crypto-system that wasn’t
    vulnerable to

    Frequency Analysis

    View Slide

  76. Leon Battista Alberti
    1404-1472
    “poly-alphabetic”
    cipher

    View Slide

  77. D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
    a b c d e f g h i j k l m n o p q r s t u v w x y z
    Poly-alphabetic
    Substitution Cipher

    View Slide

  78. D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
    a b c d e f g h i j k l m n o p q r s t u v w x y z
    “secret”
    “R?????”
    Poly-alphabetic
    Substitution Cipher

    View Slide

  79. D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
    a b c d e f g h i j k l m n o p q r s t u v w x y z
    “secret”
    “RA????”
    Poly-alphabetic
    Substitution Cipher

    View Slide

  80. D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
    a b c d e f g h i j k l m n o p q r s t u v w x y z
    “secret”
    “RAB???”
    Poly-alphabetic
    Substitution Cipher

    View Slide

  81. D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
    “RABH??”
    a b c d e f g h i j k l m n o p q r s t u v w x y z
    “secret”
    Poly-alphabetic
    Substitution Cipher

    View Slide

  82. D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
    “RABHK?”
    a b c d e f g h i j k l m n o p q r s t u v w x y z
    “secret”
    Poly-alphabetic
    Substitution Cipher

    View Slide

  83. D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
    a b c d e f g h i j k l m n o p q r s t u v w x y z
    “secret”
    “RABHKK”
    Poly-alphabetic
    Substitution Cipher

    View Slide

  84. False frequencies
    ‘e’ is enciphered as both ‘A’ and ‘K’
    ‘K’ is deciphered as both ‘e’ and ‘t’
    “secret”
    “RABHKK”

    View Slide

  85. Ancient
    Steganography,

    Scytale
    Brute Force
    Key Search
    Caesar Shift
    Non-shifted

    Substitution
    Frequency

    Analysis

    ~800 AD
    Homophonic
    Substitution
    Renaissance
    Poly-alphabetic
    Substitution
    ~1450 AD

    View Slide

  86. Poly-alphabetic beats
    frequency analysis, but …

    View Slide

  87. Poly-alphabetic ciphers
    are complex
    D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
    a b c d e f g h i j k l m n o p q r s t u v w x y z
    D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
    D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E

    View Slide

  88. Keyword

    SECRET
    D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
    a b c d e f g h i j k l m n o p q r s t u v w x y z

    View Slide

  89. Le Chiffre Indéchiffrable
    created by Blaise de Vigenère
    1523 - 1596
    Created new

    poly-alphabetic cipher

    View Slide

  90. Vigenère Square

    View Slide

  91. a b c d e f g h i j k l m n o p q r s t u v w x y z
    B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
    C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
    D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
    E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
    F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
    G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
    H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
    I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
    J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
    K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
    L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
    M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
    N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
    O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
    P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
    Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
    R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
    S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
    T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
    U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
    V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
    W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
    X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
    Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
    Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
    A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

    View Slide

  92. Repeat keyword for all of text
    Plaintext: AttackFromTheSouthAtDawn
    Ciphertext: ????????????????????????
    Keyword: SECRETSECRETSECRETSECRET

    View Slide

  93. a b c d e f g h i j k l m n o p q r s t u v w x y z
    B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
    C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
    D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
    E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
    F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
    G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
    H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
    I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
    J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
    K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
    L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
    M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
    N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
    O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
    P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
    Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
    R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
    S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
    T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
    U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
    V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
    W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
    X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
    Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
    Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
    A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
    Ciphertext: S???????????????????????
    Plaintext: AttackFromTheSouthAtDawn
    Keyword: SECRETSECRETSECRETSECRET
    S

    View Slide

  94. a b c d e f g h i j k l m n o p q r s t u v w x y z
    B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
    C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
    D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
    E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
    F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
    G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
    H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
    I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
    J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
    K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
    L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
    M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
    N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
    O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
    P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
    Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
    R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
    S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
    T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
    U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
    V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
    W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
    X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
    Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
    Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
    A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
    Ciphertext: SX??????????????????????
    Plaintext: AttackFromTheSouthAtDawn
    Keyword: SECRETSECRETSECRETSECRET
    X

    View Slide

  95. a b c d e f g h i j k l m n o p q r s t u v w x y z
    B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
    C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
    D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
    E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
    F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
    G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
    H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
    I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
    J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
    K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
    L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
    M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
    N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
    O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
    P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
    Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
    R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
    S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
    T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
    U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
    V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
    W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
    X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
    Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
    Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
    A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
    Ciphertext: SXV?????????????????????
    Plaintext: AttackFromTheSouthAtDawn
    Keyword: SECRETSECRETSECRETSECRET
    V

    View Slide

  96. Plaintext: AttackFromTheSouthAtDawn
    Ciphertext: SXVRGDXVQDXAWWQLXASXFRAG
    Keyword: SECRETSECRETSECRETSECRET

    View Slide

  97. Ancient
    Steganography,

    Scytale
    Brute Force
    Key Search
    Caesar Shift
    Non-shifted

    Substitution
    Frequency

    Analysis

    ~800 AD
    Homophonic
    Substitution
    Renaissance
    Poly-alphabetic
    Substitution
    Le Chiffre
    Indéchiffrable
    ~1550 AD

    View Slide

  98. Industrial
    Revolution
    ~1760 - 1840

    View Slide

  99. “Black Chambers”
    • 1700s
    • “Assembly-line” Cryptanalysis
    • Each European power had one
    • Breaking all mono-alphabetic
    ciphers
    • Encouraged adoption of
    Vigenère Square for

    poly-alphabetic ciphers

    View Slide

  100. Ancient
    Steganography,

    Scytale
    Brute Force
    Key Search
    Caesar Shift
    Non-shifted

    Substitution
    Frequency

    Analysis
    Homophonic
    Substitution
    Renaissance
    Poly-alphabetic
    Substitution
    Le Chiffre
    Indéchiffrable
    ~1550 AD
    Assembly-line
    Frequency Analysis
    ~1700’s
    Industrial

    View Slide

  101. Charles Babbage
    • 1791 - 1871
    • 1854: Broke Vigenère
    Cipher
    • Without machinery

    View Slide

  102. REPEATING KEYWORD
    Plaintext: AttackFromTheSouthAtDawn
    Ciphertext: SXVRGDXVQDXAWWQLXASXFRAG
    Keyword: SECRETSECRETSECRETSECRET

    View Slide

  103. False SYMBOL
    frequencies
    • ‘e’ is enciphered as both ‘A’ and ‘K’
    • ‘K’ is deciphered as both ‘e’ and ‘t’
    “secret”
    “RABHKK”

    View Slide

  104. Word frequencies

    View Slide

  105. Plaintext: thesunandthemaninthemoon
    Ciphertext: DPRYEVNTNBUKWIAOXBUKWWBT
    Keyword: KINGKINGKINGKINGKINGKING

    View Slide

  106. Plaintext: thesunandthemaninthemoon
    Ciphertext: DPRYEVNTNBUKWIAOXBUKWWBT
    Keyword: KINGKINGKINGKINGKINGKING

    View Slide

  107. Breaking Vigenère
    • Look for repeated sequences
    of letters
    • Measure spacing between
    repetitions
    • Identify most likely length
    of key: L

    View Slide

  108. Cipher text
    WUBEFIQLZURMVOFEHMYMWTIXCQTMPIFKRZUPMVOIRQMM
    WOZMPULMBNYVQQQMVMVJLEYMHFEFNZPSDLPPSDLPEVQM
    WCXYMDAVQEEFIQCAYTQOWCXYMWMSEMEFCFWYEYQETRLI
    QYCGMTWCWFBSMYFPLRXTQYEEXMRULUKSGWFPTLRQAERL
    UVPMVYQYCXTWFQLMTELSFJPQEHMOZCIWCIWFPZSLMAEZ
    IQVLQMZVPPXAWCSMZMORVGVVQSZETRLQZPBJAZVQIYXE
    WWOICCGDWHQMMVOWSGNTJPFPPAYBIYBJUTWRLQKLLLMD
    PYVACDCFQNZPIFPPKSDVPTIDGXMQQVEBMQALKEZMGCVK
    UZKIZBZLIUAMMVZ

    View Slide

  109. REPETITIONS
    EFIQ, PSDLP, WCXYM, ETRL
    WUBEFIQLZURMVOFEHMYMWTIXCQTMPIFKRZUPMVOIRQMM
    WOZMPULMBNYVQQQMVMVJLEYMHFEFNZPSDLPPSDLPEVQM
    WCXYMDAVQEEFIQCAYTQOWCXYMWMSEMEFCFWYEYQETRLI
    QYCGMTWCWFBSMYFPLRXTQYEEXMRULUKSGWFPTLRQAERL
    UVPMVYQYCXTWFQLMTELSFJPQEHMOZCIWCIWFPZSLMAEZ
    IQVLQMZVPPXAWCSMZMORVGVVQSZETRLQZPBJAZVQIYXE
    WWOICCGDWHQMMVOWSGNTJPFPPAYBIYBJUTWRLQKLLLMD
    PYVACDCFQNZPIFPPKSDVPTIDGXMQQVEBMQALKEZMGCVK
    UZKIZBZLIUAMMVZ

    View Slide

  110. spacing between repetitions
    Repetition Spacing
    Possible Length of Key
    2 3 4 5 6 7 8 9 10 11 121314 15 1617181920
    EFIQ 95 ✓ ✓
    PSDLP 5 ✓
    WCXYM 20 ✓ ✓ ✓ ✓ ✓
    ETRL 120 ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓

    View Slide

  111. 5 separate cipher texts
    WIREWQFPROLVVEESSV
    XVITXSCYLGWYXELWRL
    VXLSECWLQPSRQRBQCH
    OTPYWLCNPVGVAMZUZ
    WIREWQFPROLVVEESSV
    XVITXSCYLGWYXELWRL
    VXLSECWLQPSRQRBQCH
    OTPYWLCNPVGVAMZUZ
    WIREWQFPROLVVEESSV
    XVITXSCYLGWYXELWRL
    VXLSECWLQPSRQRBQCH
    OTPYWLCNPVGVAMZUZ
    WIREWQFPROLVVEESSV
    XVITXSCYLGWYXELWRL
    VXLSECWLQPSRQRBQCH
    OTPYWLCNPVGVAMZUZ
    WIREWQFPROLVVEESSV
    XVITXSCYLGWYXELWRL
    VXLSECWLQPSRQRBQCH
    OTPYWLCNPVGVAMZUZ
    Break each with frequency analysis

    View Slide

  112. Ancient
    Steganography,

    Scytale
    Brute Force
    Key Search
    Caesar Shift
    Non-shifted

    Substitution
    Frequency

    Analysis

    ~800 AD
    Homophonic
    Substitution
    Renaissance
    Poly-alphabetic
    Substitution
    Le Chiffre
    Indéchiffrable
    ~1550 AD
    Assembly-line
    Frequency Analysis
    ~1700’s
    Industrial
    Babbage
    Frequency
    Analysis
    ~1800’s

    View Slide

  113. Electric Telegraphs
    • Buried underground or
    suspended overhead
    • 1844

    60km wire between
    Baltimore & Washington
    DC

    View Slide

  114. How can you
    represent letters
    and words as
    electrical signals?

    View Slide

  115. Morse Code:
    “Encoding” not “Encryption”

    View Slide

  116. I.e., this is still
    “plaintext”

    View Slide

  117. Radio, 1899-1901
    • 3,000 km from Cornwall to
    to Newfoundland
    • Transatlantic
    communication
    • Instant military commands
    • All messages reach enemy too
    • Increases need for
    encryption

    View Slide

  118. Enigma: Electrical Encryption
    • Arthur Scherbius, 1918
    • Mass Production in 1925
    CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=497329

    View Slide

  119. Input
    Keyboard
    Rotors
    Output
    Lampboard

    View Slide

  120. By User:RadioFan, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=30719651

    View Slide

  121. By MesserWoland - Own work based on Image:Enigma-action.pnj by Jeanot; original diagram by Matt Crypto, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=1794494

    View Slide

  122. 3 rotors of 26 wirings
    26 x 26 x 26
    =
    17,576 Cipher Alphabets

    View Slide

  123. 17,576 orientations
    x
    6 arrangements
    =
    105,456 Cipher Alphabets

    View Slide

  124. 105,456 possible keys
    • A new key was used every day
    • Assume 1 orientation check per minute
    • (Just type ciphertext and look at plaintext)
    • 96 enigma machines = .75 days to crack

    View Slide

  125. Plugboard
    By Bob Lord - German Enigma Machine, uploaded in english wikipedia on 16. Feb. 2005 by en:User:Matt Crypto, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=258976
    Swap up to 6 of 26 letters

    View Slide

  126. 100,391,791,500
    Plugboard Settings

    View Slide

  127. 10,586,916,711,696
    (10 trillion)
    Total Possible Keys

    View Slide

  128. 10,586,916,711,696
    possible keys
    • At 1 check per minute:
    • 38,291,799 enigma machines = 1 day to crack

    View Slide

  129. Message Keys
    • Using day key, send a message rotor orientation first. 

    E.g., A, S, D
    • Send it at the beginning, twice for integrity. 

    E.g., ‘asdasd’ = QWERTY
    • Receiver types QWERTY, sees ‘asdasd’
    • Re-orients their rotors to A, S, D for the rest of the
    message
    • Minimizes amount of ciphertext created by day key

    View Slide

  130. Is cracking Enigma
    possible?
    • At 1 check per minute:
    • 38,291,799 enigma machines = 1 day to crack 


    A SINGLE MESSAGE!

    View Slide

  131. Ancient
    Steganography,

    Scytale
    Brute Force
    Key Search
    Caesar Shift
    Non-shifted

    Substitution
    Frequency

    Analysis

    ~800 AD
    Homophonic
    Substitution
    Renaissance
    Poly-alphabetic
    Substitution
    Le Chiffre
    Indéchiffrable
    Assembly-line
    Frequency Analysis
    Industrial
    Babbage
    Frequency
    Analysis
    One-Time
    Pad
    Enigma
    ~1925

    View Slide

  132. Cracking Enigma

    View Slide

  133. Polish Biuro Szyfrów
    • Established after WWI to
    protect Poland from Russian
    & Germany
    • Received photographs of
    Enigma instruction manual
    from French espionage
    • Deduced rotor wirings
    • Usage of codebook
    A. Jankowski "Warszawa" Publisher:Wydawnictwo Polskie, Poznań, 

    Public Domain, https://commons.wikimedia.org/w/index.php?curid=1514113

    View Slide

  134. Marian
    Rejewski
    By Unknown - Rejewski's daughter's private archive,
    CC BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=216461

    View Slide

  135. Found “chain” cycles

    in the first 6 letters
    4th Letter: FQHPLWOGBMVRXUYCZITNJEASDK
    1st Letter: ABCDEFGHIJKLMNOPQRSTUVWXYZ
    3 links: A-F-W-A

    View Slide

  136. Found “chain” loops

    in the first 6 letters
    4th Letter: FQHPLWOGBMVRXUYCZITNJEASDK
    1st Letter: ABCDEFGHIJKLMNOPQRSTUVWXYZ
    7 links: C-H-G-O-Y-D-P-C

    View Slide

  137. Marian Rejewski
    • Realized the # links in the
    chain were only caused by
    the rotors
    • Could try to break the
    105,456 possible rotor
    settings, not all
    10,000,000,000,000,000
    possible day keys
    • 100,000,000,000 times easier
    By Unknown - Rejewski's daughter's private archive,
    CC BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=216461

    View Slide

  138. Cyclometer
    • Team checked each of
    105,456 possible settings
    on replica Enigma machines
    and recorded which chains
    were generated by each
    rotor setting
    • Took 1 year to complete
    • Could look up rotor settings by
    chains found in first 6
    letters of ciphertext
    http://www.cryptomuseum.com/crypto/cyclometer/index.htm

    View Slide

  139. Cyclometer created
    the first
    “Rainbow Table”
    for looking up
    cryptographic keys

    View Slide

  140. How to find the plugboard
    settings out of 100,391,791,500?
    • Plugboard: Un-plug all
    • Rotor Arrangement: III, I, II
    • Initial Rotor Orientations: Q, C, W
    • Type in ciphertext, see:
    • “rettew”
    • Swap R/W = Wetter (weather)

    View Slide

  141. Polish
    Cryptographic Bombs
    • 6 machines for the 6 possible
    rotor arrangements
    • Each with 6 full Enigma rotor
    sets at top for the 6 characters
    of the repeated message key
    • Given a number of “females”
    to find, Bomba could recover
    settings in less than 2 hours

    View Slide

  142. British Bombes
    • 36 rotors arrange in 3 banks
    of 12
    • 210 bombes by the end of
    the war
    • Operated by 2,000
    members of Women’s
    Royal Navy Service

    View Slide

  143. Colossus
    • Inspired by Turings ideas
    and his bombe
    • 1,500 electronic valves -
    faster than
    electromechanical relay
    switches
    • Programmable - first
    computers?

    View Slide

  144. Ancient
    Steganography,

    Scytale
    Brute Force
    Key Search
    Caesar Shift
    Non-shifted

    Substitution
    Frequency

    Analysis

    ~800 AD
    Homophonic
    Substitution
    Renaissance
    Poly-alphabetic
    Substitution
    Le Chiffre
    Indéchiffrable
    Assembly-line
    Frequency Analysis
    Industrial
    Babbage
    Frequency
    Analysis
    Enigma
    ~1925
    Colossus
    Mark 1
    1943
    Computer

    View Slide

  145. Computer Cryptography

    View Slide

  146. In the early days of
    computing, electrical
    signals were much
    harder to measure
    and control precisely
    It made more sense
    to only distinguish
    between an “on” state
    and an “off” state

    View Slide

  147. Like the telegraph required
    morse to encode messages into
    electrical signals …
    In computers, we need a way to
    encode messages in 1’ and 0’s

    View Slide

  148. View Slide

  149. ASCII
    1963
    Encoding,

    not encryption

    (like Morse code)
    E.g.,
    A: 1000001
    B: 1000010

    View Slide

  150. In Binary, we encrypt at the
    level of 1’s and 0’s

    View Slide

  151. This is called “bitwise”

    View Slide

  152. Bitwise anagram
    For example, consider this short sentence.
    01000110011011110111001000100000011001010111100001100001011011010111000001101100011001010010110000100000011000110
    11011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001101
    101000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101
    “Bitwise” rail fence cipher with 2 rails
    00010111010101000100011001000110010001100100011001000101011101110101011001000100010101000100011001100101010001010
    11001110101010001000101010001110100010001110101010010101011110000001011110010011011110010101011001000001001101110
    101101100110101011110000001110100010011101000011011000101111001110000011011011101011101011101010011011

    View Slide

  153. Bitwise substitution: XOR
    The XOR operator outputs a 1
    whenever the inputs do not
    match, which occurs when
    one of the two inputs is
    exclusively true
    0 XOR 0 = 0
    0 XOR 1 = 1
    1 XOR 0 = 1
    1 XOR 1 = 0

    View Slide

  154. Bitwise substitution: XOR
    For example, consider this short sentence.
    01000110011011110111001000100000011001010111100001100001011011010111000001101100011001010010110000100000011000110
    11011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001101
    101000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101
    Key: “Julius Caesar”
    01001010011101010110110001101001011101010111001100100000010000110110000101100101011100110110000101110010
    Output
    10001100110111101110010001000000110010101111000011000010110110101110000011011000110010100101100001000000110001101
    10111101101110011100110110100101100100011001010111001000100000011101000110100001101001011100110010000001110011001
    00010000110100001111000011101010101010000000001000101001011010001010100000000000111010000001000010111

    View Slide

  155. Bitwise substitution: XOR
    For example, consider this short sentence.
    010001100110111101110010001000000110010101111000011000010110110101110000011011000110010100101100001000000110001101
    101111011011100111001101101001011001000110010101110010001000000111010001101000011010010111001100100000011100110110
    1000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101
    Key: “random” 1|0’s length of plaintext
    000000111010001101000011010010111001100100000011100110110100001101111011100100111010000100000011100110110010101101
    110011101000110010101101110011000110110010101000110011011110111001000100000011001010111100001100001011011010111000
    0011011000110010100101100001000000110001101101111011011100111001101101001011001000110010101110010001
    Output
    100011001101111011100100010000001100101011110000110000101101101011100000110110001100101001011000010000001100011011
    011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001100100
    010000110100001111000011101010101010000000001000101001011010001010100000000000111010000001000010111

    View Slide

  156. View Slide

  157. View Slide

  158. Bitwise substitution: XOR
    For example, consider this short sentence.
    010001100110111101110010001000000110010101111000011000010110110101110000011011000110010100101100001000000110001101
    101111011011100111001101101001011001000110010101110010001000000111010001101000011010010111001100100000011100110110
    1000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101
    Key: “random” 1|0’s length of plaintext
    000000111010001101000011010010111001100100000011100110110100001101111011100100111010000100000011100110110010101101
    110011101000110010101101110011000110110010101000110011011110111001000100000011001010111100001100001011011010111000
    0011011000110010100101100001000000110001101101111011011100111001101101001011001000110010101110010001
    Output
    100011001101111011100100010000001100101011110000110000101101101011100000110110001100101001011000010000001100011011
    011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001100100
    010000110100001111000011101010101010000000001000101001011010001010100000000000111010000001000010111

    View Slide

  159. Horst Feistel
    1971: Published
    “Lucifer” cipher for
    computer encryption
    First(?) Block Cipher

    View Slide

  160. View Slide

  161. XOR
    S-box
    Permutation

    View Slide

  162. SP Network

    View Slide

  163. Lucifer Cipher: “block” cipher
    Break message into 128-bit blocks
    128-bit key
    16 rounds:
    Break block in half
    the f-function is calculated using
    that round's subkey and the left half
    of the block.
    The result is then XORed to the
    right half of the block, which is the
    only part of the block altered for that
    round.
    After every round except the last
    one, the right and left halves of the
    block are swapped.

    View Slide

  164. 256 bit message (in ASCII)
    01010100011010000110010100100000010101010101001101000001001000000100111001010011
    01000001001000000111001101110100011011110111001001100101011100110010000001111001
    01101111011101010111001000100000011101000111011101100101011001010111010001110011
    0010000100100001

    View Slide

  165. Break into 128-bit blocks
    01010100011010000110010100100000010101010101001101000001001000000100111001010011010000010010000001110011011101000110111101110010
    01100101011100110010000001111001011011110111010101110010001000000111010001110111011001010110010101110100011100110010000100100001
    The USA NSA stor
    es your tweets!!

    View Slide

  166. Generate 128-bit key
    awesomepassword!
    01100001011101110110010101110011011011110110110101100101011100000110000101110011011100110111011101101111011100100110010000100001

    View Slide

  167. Break block in half
    01010100011010000110010100100000010101010101001101000001
    The USA NSA stor
    0100111001010011010000010010000001110011011101000110111101110010

    View Slide

  168. Generate 72-bit sub-key
    awesomepassword!
    01100001011101110110010101110011011011110110110101100101011100000110000101110011011100110111011101101111011100100110010000100001
    a a
    01100001 01100001
    wesomep
    01110111011001010111001101101111011011010110010101110000

    View Slide

  169. Rotate key left 7 bytes
    password!awesome
    01110000011000010111001101110011011101110110111101110010011001000010000101100001011101110110010101110011011011110110110101100101
    7 bytes

    View Slide


  170. View Slide

  171. View Slide

  172. Data Encryption Standard
    (DES)
    1977
    Lucifer with 56-bit keys
    So the NSA could
    brute force keys if
    they “needed” to

    View Slide

  173. Ancient
    Steganography,

    Scytale
    Brute Force
    Key Search
    Caesar Shift
    Non-shifted

    Substitution
    Frequency

    Analysis
    Homophonic
    Substitution
    Renaissance
    Poly-alphabetic
    Substitution
    Le Chiffre
    Indéchiffrable
    Assembly-line
    Frequency Analysis
    Industrial
    Babbage
    Frequency
    Analysis
    One-Time
    Pad
    Enigma
    Cryptanalytic “Bombs”:
    Polish,
    British,
    US
    Lucifer,
    DES
    1971-1977
    Computer

    View Slide

  174. How hard is it to find a

    binary 56-bit key?

    View Slide

  175. 1001101010011010100110101001
    1010100110101001101010011010
    Unique Possible Permutations
    256
    72,057,594,037,927,936
    72 quadrillion (million billion)
    In 1976, estimated to cost $20M to build a computer to crack
    such a key
    Affordable to the NSA

    View Slide

  176. DES
    1971-1977
    Computer-
    powered
    Brute Force
    Key Search

    View Slide

  177. By Max Roser - https://ourworldindata.org/uploads/2019/05/Transistor-Count-over-time-to-2018.png, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=79751151

    View Slide

  178. 1100110101001101010011010100
    1101010011010100110101001101
    0
    Unique Possible Permutations
    256
    72,057,594,037,927,936
    72 quadrillion (million billion)
    257
    144,115,188,075,855,870
    144 quadrillion (million billion)

    View Slide

  179. DES
    1971-1977
    Computer-powered
    Brute Force Key Search
    Moore’s Law

    View Slide

  180. 3DES EDE:

    DES: Encrypt, Decrypt, Encrypt
    https://www.researchgate.net/figure/Flowchart-of-3DES-encryption-and-decryption-algorithm-40_fig4_322277374

    View Slide

  181. What about messages that
    are longer than the key?

    View Slide

  182. Block cipher

    mode of operation

    View Slide

  183. Electronic Codebook (ECB)
    https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

    View Slide

  184. https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

    View Slide

  185. Attribution, https://commons.wikimedia.org/w/index.php?curid=828161

    View Slide

  186. Cipher Block Chaining (CBC)
    https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

    View Slide

  187. Attribution, https://commons.wikimedia.org/w/index.php?curid=828161

    View Slide

  188. DES
    Computer-powered
    Brute Force Key Search
    Moore’s Law
    3DES + CBC

    View Slide

  189. The forever problem of cryptography:
    Key distribution

    View Slide

  190. Banks literally flew people
    around with code-books of keys

    View Slide

  191. We need a way to
    communicate secret keys
    over non-secret channels.

    View Slide

  192. Whitfield Diffie
    Stanford AI Lab
    1974

    View Slide

  193. Martin
    Hellman
    IBM Watson Research
    Center 1968-1969

    View Slide

  194. New Directions in Cryptography
    Published 1976

    View Slide

  195. Alice, Bob, and Eve
    Alice and Bob need to communicate securely
    They need to share a secret
    They only have public channels between them
    “Eve is always eavesdropping”
    How can they share a secret without sharing it with
    Eve?

    View Slide

  196. Diffie-Hellman
    Key Establishment

    View Slide

  197. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-1

    View Slide

  198. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-1

    View Slide

  199. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-1

    View Slide

  200. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-1
    +
    ____ ____
    +

    View Slide

  201. The key can be anything that
    can encode to 1’s and 0’s
    So, anything … like a number.

    View Slide

  202. View Slide

  203. And in MATH! , we have
    some 1-way functions!

    View Slide

  204. Modular Arithmetic
    aka “Clock” arithmetic
    https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/discrete-logarithm-problem

    View Slide

  205. To find 46 mod 12 …
    https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/discrete-logarithm-problem

    View Slide

  206. Wrap a cord 46 “hours” long
    around a 12-hour clock …
    … and it ends on 10

    View Slide

  207. Easy to perform …
    46 mod 12 is “congruent” to 10
    generator Modulus

    View Slide

  208. ? mod 12 ≡ 10
    … hard to reverse

    View Slide

  209. ? mod 12 ≡ 10
    22 mod 12 ≡ 10
    34 mod 12 ≡ 10
    46 mod 12 ≡ 10
    58 mod 12 ≡ 10
    70 mod 12 ≡ 10
    .. mod 12 ≡ 10
    … impossible to reverse!

    View Slide

  210. … impossible for recipient too!

    View Slide

  211. Alice picks an exponent
    https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2
    Prime Modulus

    “n”
    generator

    “g”

    View Slide

  212. Alice keeps her exponent secret
    https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2
    Prime Modulus

    “n”
    generator

    “g”

    View Slide

  213. “Discrete Logarithm” problem
    https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2

    View Slide

  214. “Discrete Logarithm” problem
    Have to resort to “brute force”
    guessing the exponent

    View Slide

  215. For small numbers, it’s easy, but
    not for a large prime modulus.
    https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2

    View Slide

  216. How can we turn that single
    exponent secret into 2 secrets?

    View Slide

  217. “Commutative” Arithmetic:

    Order of operands doesn’t matter
    3 + 5 5 + 3
    =
    = 8
    3 * 5 =
    = 15 5 * 3

    View Slide

  218. “Commutative” Arithmetic:

    Order of operands doesn’t matter
    323 332
    =
    = 729
    3 + 5 5 + 3
    =
    = 8
    3 * 5 =
    = 15 5 * 3

    View Slide

  219. Alice and Bob publicly agree on
    a generator and prime modulus
    https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2

    View Slide

  220. Alice picks a private number,
    and sends the result to Bob
    https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2

    View Slide

  221. Bob picks a private number,
    and sends the result to Alice
    https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2

    View Slide

  222. Now the cool part …
    https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2

    View Slide

  223. Alice raises Bob’s result to
    her private exponent
    and gets 10

    View Slide

  224. Bob raises Alice’s mixture to
    his private exponent
    and also gets 10!

    View Slide

  225. Because their results were calculated
    from the shared public generator and
    prime modulus

    View Slide

  226. So, they did the same calculation
    with exponents in different order,
    which doesn’t affect the result

    View Slide

  227. Public Key Cryptography!

    View Slide

  228. Diffie-Hellman

    Key Establishment
    3DES
    +

    View Slide

  229. DES
    Computer-powered
    Brute Force Key Search
    Moore’s Law
    1970+
    3DES + CBC
    DH + 3DES + CBC
    1976

    View Slide

  230. View Slide

  231. View Slide

  232. Use Diffie-Hellman Exchange to make a key …
    … for Triple-DES …
    … with Cipher Block Chaining mode.
    … Encrypt-Decrypt-Encrypt …

    View Slide

  233. What’s RSA?

    View Slide

  234. Diffie-Hellman makes a new
    key between every 2 people!
    https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption

    View Slide

  235. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption

    View Slide

  236. Clifford Cox
    1971
    Trap Door

    One-way Function
    By Royal Society uploader - Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=43268163

    View Slide

  237. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption

    View Slide

  238. The “e” means
    encrypt!
    “d” is for decrypt!
    https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption

    View Slide

  239. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption

    View Slide

  240. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption

    View Slide

  241. View Slide

  242. View Slide

  243. View Slide

  244. View Slide

  245. View Slide

  246. View Slide

  247. Bob's number

    View Slide

  248. View Slide

  249. View Slide

  250. Ron Rivest, Adi Shamir,
    Leonard Adelman

    View Slide

  251. DES
    Computer-powered
    Brute Force Key Search
    Moore’s Law
    1970+
    3DES + CBC
    DH/RSA + 3DES + CBC
    1976

    View Slide

  252. Public Key Certificates
    https://www.youtube.com/watch?v=704dudhA7UI
    Alice's
    Alice's
    Alice's

    View Slide

  253. Look!
    The public exponent and modulus!

    View Slide

  254. Another RSA public exponent and
    modulus

    View Slide

  255. View Slide

  256. Quantum
    Computing
    For fun, profit, and
    breaking the whole
    world

    View Slide

  257. View Slide

  258. View Slide

  259. Public Key Certificates
    https://www.youtube.com/watch?v=704dudhA7UI
    Alice's
    Alice's
    Alice's
    Quantum-
    cracked

    View Slide

  260. View Slide

  261. DES
    Computer-powered
    Brute Force Key Search
    Moore’s Law
    3DES + CBC
    DH/RSA + 3DES + CBC
    Quantum
    Computing

    View Slide

  262. 2048-bit RSA key needs

    4096-qubit computer to crack

    View Slide

  263. View Slide

  264. DES
    Computer-powered
    Brute Force Key Search
    Moore’s Law
    3DES + CBC
    DH/RSA + 3DES + CBC
    Quantum
    Computing
    Post-Quantum
    Cryptography

    View Slide

  265. View Slide

  266. View Slide

  267. View Slide

  268. View Slide

  269. Don’t invent your own crypto

    View Slide

  270. Mind your keys

    View Slide

  271. https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/

    View Slide

  272. Questions?
    Scytale
    Caesar Cipher
    Unshifted cipher
    Frequency Analysis
    Poly-alphabetic cipher
    Vigenere Square
    Enigma
    Lucifer/DES
    Modes of Encryption
    Diffie-Hellman
    RSA
    Quantum
    speakerdeck.com/groovecoder

    View Slide