Cryptography: 500 BC to Quantum Computing

Transcript

1. Cryptography:
   500 BC - Quantum Computing
   

   View Slide

2. View Slide

3. About me
   I’m not a crypto engineer
   I’m a web developer

   who got into

   Security Engineering
   I’ve always been scared

   and fascinated by crypto
   

   View Slide

4. About this talk
   2700 years in 40 minutes
   Don’t take notes
   Slides are already up at:

   speakerdeck.com/groovecoder
   

   View Slide

5. 2 “stories” of
   cryptography
   

   View Slide

6. technology
   

   View Slide

7. code-makers 

   vs.

   code-breakers
   

   View Slide

8. Thru-out this talk, I’m going
   to track this with a timeline …
   

   View Slide

9. “Ages”
   “Code-making”
   “Code-breaking”
   

   View Slide

10. “Ages” of technology
    Ancient: 7m
    Renaissance: 5m
    Industrial: 7m
    Computing: 12m
    Quantum: 5m
    

    View Slide

11. Ancient Code-making
    

    View Slide

12. T
    ranspositional/Permutation

    Ciphers
    Anagrams: move letters around
    

    View Slide

13. Permutation Cipher
    For example, consider this short sentence
    35 letters
    50,000,000,000,000,000,000,000,000,000,000

    (50 trillion trillion) permutations
    

    View Slide

14. “Strength” of encryption systems:
    How “easy” or “hard” are they?
    

    View Slide

15. Time Complexity
    

    View Slide

16. Permutation Cipher
    EXPERIMENTATIONS FRESH CHORD LOSS
    50,000,000,000,000,000,000,000,000,000,000

    (50 trillion trillion) permutations
    1 check/second =

    1,500,000,000,000,000,000,000,000 years

    (1 trillion billion years)
    

    View Slide

17. Drawbacks of
    random permutation cipher
    Impossible for intended recipient too
    False positives: which anagram is right?
    Do Not Attack at Midnight
    Attack at Mind: do T
    onight
    

    View Slide

18. We need a

    deterministic
    way to encrypt & decrypt
    

    View Slide

19. Algorithms & Keys
    

    View Slide

20. Rail fence cipher
    http://crypto.interactive-maths.com/rail-fence-cipher.html
    

    View Slide

21. Rail fence cipher
    key = 4
    http://crypto.interactive-maths.com/rail-fence-cipher.html
    they are attacking from the north
    

    View Slide

22. Rail fence cipher; k=4
    http://crypto.interactive-maths.com/rail-fence-cipher.html
    they are attacking from the north
    

    View Slide

23. Rail fence cipher; k=4
    http://crypto.interactive-maths.com/rail-fence-cipher.html
    they are attacking from the north
    TEKOOHRACIRMNREATANFTETYTGHH
    

    View Slide

24. Rail fence cipher; k=4
    http://crypto.interactive-maths.com/rail-fence-cipher.html
    they are attacking from the north
    TEKOOHRACIRMNREATANFTETYTGHH
    they are attacking from the north
    

    View Slide

25. Machines for
    cryptography
    

    View Slide

26. Scytale, ~700 BCE - 120 AD
    Algorithm
    Wrap message around a
    cylinder
    Key
    Diameter of cylinder
    

    View Slide

27. Ancient
    Scytale
    ~700 BC
    

    View Slide

28. Cryptanalysis
    Breaking encrypted messages
    

    View Slide

29. Breaking rail fence cipher
    http://crypto.interactive-maths.com/rail-fence-cipher.html
    “Naive Brute Force” 

    key search:

    T
    ry a bunch of numbers of
    rows by hand
    

    View Slide

30. Breaking rail fence cipher
    DELEHELFTAAEDSWNT
    2 rows: daealeedhsewlnftt
    3 rows: deslefwtlanaeetdh
    4 rows: detwaheeanellfdts
    5 rows: defend the east wall
    

    View Slide

31. So, the first cryptanalysis is
    simply “naive brute force” 

    key searching
    

    View Slide

32. “Key space”
    How many possible keys are there?
    

    View Slide

33. Breaking a Scytale
    “Naive Brute Force”

    key search:

    T
    ry a bunch of cylinders
    

    View Slide

34. Ancient
    Scytale
    ~700 BC
    Brute Force
    Key Search
    

    View Slide

35. Substitutional Cipher
    Change letters into other letters
    

    View Slide

36. Caesar Cipher, 49 - 44 BC
    Algorithm
    Replace each letter with
    another letter
    Key
    K positions down the
    alphabet
    

    View Slide

37. Caesar (Shift) Cipher
    Plain alphabet: abcdefghijklmnopqrstuvwxyz
    Cipher alphabet: DEFGHIJKLMNOPQRSTUVWXZYABC
    

    View Slide

38. Ancient
    Steganography,

    Scytale
    ~700 BC
    Brute Force
    Key Search
    Caesar Cipher
    ~50 BC
    

    View Slide

39. Breaking a Caesar Cipher
    “Naive Brute Force” 

    key search:

    26 possible shifts
    

    View Slide

40. Can we give ourselves a really
    large key space?

    

    So it would take an attacker a
    long time to search them all?
    

    View Slide

41. Non-shifted Random
    Substitution
    Algorithm
    Replace each letter with another letter
    Key
    Any Cipher Alphabet
    (An anagram of the alphabet! such meta!)
    

    View Slide

42. Non-shifted Substitutional Cipher
    26 letters to re-arrange
    Key space: 403,291,461,000,000,000,000,000,000

    (403 trillion trillion or ~288)

    possible re-arrangements (English)
    120,000,000,000,000,000,000

    (120 billion billion)

    years at 1 check/s
    

    View Slide

43. Most crypto-systems
    don’t try to offer
    “perfect” encryption …
    

    View Slide

44. … most crypto systems try to
    force attackers into 

    key searches that take too
    long to complete
    

    View Slide

45. Non-shifted Substitutional Cipher
    26 letters to re-arrange
    Key space: 403,291,461,000,000,000,000,000,000

    (403 trillion trillion or ~288)

    possible re-arrangements (English)
    120,000,000,000,000,000,000

    (120 billion billion)

    years at 1 check/s
    

    View Slide

46. Key:
    XZAVOIDBYGERSPCFHJKLMNQTUW
    

    View Slide

47. Can we create a

    “pseudo-random”
    key that is easy to memorize?
    

    View Slide

48. Easy to memorize key
    JULIUS CAESAR

    JULISCAER
    

    View Slide

49. Easy to memorize key
    Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ
    JULIUS CAESAR

    JULISCAER
    

    View Slide

50. Easy to memorize key
    Plain alphabet: abcdefghijklmnopqrstuvwxyz
    Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ
    JULIUS CAESAR

    JULISCAER
    Note: smaller key space
    

    View Slide

51. “key derivation function”
    Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ
    JULIUS CAESAR
    

    View Slide

52. Plain alphabet: abcdefghijklmnopqrstuvwxyz
    Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ
    Defend the East wall
    ISCSYI HES SJGH NJWW
    

    View Slide

53. Ancient
    Steganography,

    Scytale
    ~700 BC
    Brute Force
    Key Search
    Caesar Cipher
    ~50 BC
    Non-shifted

    Substitution

    Cipher
    

    View Slide

54. So, we’ve got a simple crypto-
    system that would take decades
    for hundreds of thousands of
    computers to break!
    

    View Slide

55. npm install
    keyed-substitution-cipher
    git commit -m

    “lulz crypto”
    

    View Slide

56. Non-shifted Substitution Cipher
    considered un-breakable
    for ~800 years, until …
    

    View Slide

57. ةامعملا بتكلا جارختسا يف ةلاسر
    (On Decrypting Encrypted Correspondence)
    يدنكلا حاّبصلا قاحسإ نب بوقعي فسوي وبأ

    (Abu Yūsuf Yaʻqūb ibn ʼIsḥāq aṣ-Ṣabbāḥ al-Kindī)

    Al-Kindi
    801-873 AD
    

    View Slide

58. Frequency Analysis
    Attack
    

    View Slide

59. View Slide

60. “PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV
    ZCJPO EYPD KBXBJYUXJ LBJOO KCPK. CP LBO
    LBCMKXPV XPV IYJKL PYDBL, QBOP KBO BXV
    OPVOV LBO LXRO CI SX’XJMI, KBO JCKO XPV
    EYKKOV LBO DJCMPV ZOICJO BYS, KXUYPD:
    “DJOXL EYPD, ICJ X LBCMKXPV XPV CPO
    PYDBLK Y BXNO ZOOP JOACMPLYPD LC UCM
    LBO IXZROK CI FXKL XDOK XPV LBO RODOPVK
    CI XPAYOPL EYPDK. SXU Y SXEO KC ZCRV XK LC
    AJXNO X IXNCMJ CI UCMJ SXGOKLU?”
    –OFYRCDMO, LXROK IJCS LBO LBCMKXPV XPV CPO PYDBLK
    

    View Slide

61. Plain alphabet: abcdefghijklmnopqrstuvwxyz
    Cipher alphabet: ??????????????????????????
    

    View Slide

62. Likeliest plaintext letters
    O = e
    X = t
    P = a
    

    View Slide

63. English frequency rules
    Vowels appear before and after most other letters
    Consonants avoid many letters
    E.g., ‘e’ appears before/after virtually every other letter; while ’t’
    is rarely seen before or after ‘b’, ‘d’, ‘g’, ‘j’, ‘k’, ‘m’, ‘q’, ‘v’
    “ee” occurs more than “oo” occurs more than other double-vowels
    “a” occurs on its own often - more than “I” on its own
    ‘h’ frequently goes before ‘e’
    but rarely after ‘e’
    

    View Slide

64. Cipher
    O = e
    X = a
    Y = i
    B = h
    P = t ?
    

    View Slide

65. “PCQ VMJiPD LhiK LiSe KhahJaWaV haV ZCJPe
    EiPD KhahJiUaJ LhJee KCPK. CP Lhe LhCMKaPV
    aPV IiJKL PiDhL, QheP Khe haV ePVeV Lhe LaRe CI
    Sa’aJMI, Khe JCKe aPV EiKKeV Lhe DJCMPV
    ZeICJe hiS, KaUiPD: “DJeaL EiPD, ICJ a LhCMKaPV
    aPV CPe PiDhLK i haNe ZeeP JeACMPLiPD LC UCM
    Lhe IaZReK CI FaKL aDeK aPV Lhe ReDePVK CI
    aPAiePL EiPDK. SaU i SaEe KC ZCRV aK LC AJaNe
    a IaNCMJ CI UCMJ SaGeKLU?”
    –eFiRCDMe, LaReK IJCS Lhe LhCMKaPV aPV CPe PiDhLK
    

    View Slide

66. “PCQ VMJiPD LhiK LiSe KhahJaWaV haV ZCJPe
    EiPD KhahJiUaJ LhJee KCPK. CP Lhe LhCMKaPV
    aPV IiJKL PiDhL, QheP Khe haV ePVeV Lhe LaRe CI
    Sa’aJMI, Khe JCKe aPV EiKKeV Lhe DJCMPV
    ZeICJe hiS, KaUiPD: “DJeaL EiPD, ICJ a LhCMKaPV
    aPV CPe PiDhLK i haNe ZeeP JeACMPLiPD LC UCM
    Lhe IaZReK CI FaKL aDeK aPV Lhe ReDePVK CI
    aPAiePL EiPDK. SaU i SaEe KC ZCRV aK LC AJaNe
    a IaNCMJ CI UCMJ SaGeKLU?”
    –eFiRCDMe, LaReK IJCS Lhe LhCMKaPV aPV CPe PiDhLK
    “Lhe” 6 times
    

    View Slide

67. “Lhe”
    Plain alphabet: abcdefghijklmnopqrstuvwxyz
    Cipher alphabet: X???O??BY??????????L??????
    “the”
    

    View Slide

68. “PCQ VMJiPD thiK tiSe KhahJaWaV haV ZCJPe EiPD
    KhahJiUaJ thJee KCPK. CP the thCMKaPV aPV IiJKt
    PiDht, QheP Khe haV ePVeV the taRe CI Sa’aJMI,
    Khe JCKe aPV EiKKeV the DJCMPV ZeICJe hiS,
    KaUiPD: “DJeat EiPD, ICJ a thCMKaPV aPV CPe
    PiDhtK i haNe ZeeP JeACMPtiPD tC UCM the
    IaZReK CI FaKt aDeK aPV the ReDePVK CI aPAiePt
    EiPDK. SaU i SaEe KC ZCRV aK tC AJaNe a IaNCMJ
    CI UCMJ SaGeKtU?”
    –eFiRCDMe, taReK IJCS the thCMKaPV aPV CPe PiDhtK
    “aPV” 5 times
    

    View Slide

69. “aPV”
    Plain alphabet: abcdefghijklmnopqrstuvwxyz
    Cipher alphabet: X??VO??BY????P?????L??????
    “and”
    

    View Slide

70. View Slide

71. “now during this time shahra[qxzj]ad had borne king
    shahriyar three sons. on the thousand and first night,
    when she had ended the tale of ma’aruf, she rose and
    kissed the ground before him, saying: “great king, for
    a thousand and one nights i have been recounting to
    you the fables of past ages and the legends of
    ancient kings. may i make so bold as to crave a favour
    of your ma[qxzj]esty?”
    –epilogue, tales from the thousand and one nights
    Plain alphabet: abcdefghijklmnopqrstuvwxyz
    Cipher alphabet: XZAVOIDBY?ERSPCF?JKLMNQ?U?
    

    View Slide

72. Frequency Analysis:
    An analytical attack faster
    than naive brute force
    key search
    

    View Slide

73. Ancient
    Steganography,

    Scytale
    ~700 BC
    Brute Force
    Key Search
    Caesar Cipher
    ~50 BC
    Non-shifted

    Substitution

    Cipher
    Frequency

    Analysis

    ~800 AD
    

    View Slide

74. Frequency Analysis
    considered indefensible
    for ~800 years
    

    View Slide

75. Code-makers needed a

    crypto-system that wasn’t
    vulnerable to

    Frequency Analysis
    

    View Slide

76. Leon Battista Alberti
    1404-1472
    “poly-alphabetic”
    cipher
    

    View Slide

77. D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
    a b c d e f g h i j k l m n o p q r s t u v w x y z
    Poly-alphabetic
    Substitution Cipher
    

    View Slide

78. D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
    a b c d e f g h i j k l m n o p q r s t u v w x y z
    “secret”
    “R?????”
    Poly-alphabetic
    Substitution Cipher
    

    View Slide

79. D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
    a b c d e f g h i j k l m n o p q r s t u v w x y z
    “secret”
    “RA????”
    Poly-alphabetic
    Substitution Cipher
    

    View Slide

80. D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
    a b c d e f g h i j k l m n o p q r s t u v w x y z
    “secret”
    “RAB???”
    Poly-alphabetic
    Substitution Cipher
    

    View Slide

81. D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
    “RABH??”
    a b c d e f g h i j k l m n o p q r s t u v w x y z
    “secret”
    Poly-alphabetic
    Substitution Cipher
    

    View Slide

82. D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
    “RABHK?”
    a b c d e f g h i j k l m n o p q r s t u v w x y z
    “secret”
    Poly-alphabetic
    Substitution Cipher
    

    View Slide

83. D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
    a b c d e f g h i j k l m n o p q r s t u v w x y z
    “secret”
    “RABHKK”
    Poly-alphabetic
    Substitution Cipher
    

    View Slide

84. False frequencies
    ‘e’ is enciphered as both ‘A’ and ‘K’
    ‘K’ is deciphered as both ‘e’ and ‘t’
    “secret”
    “RABHKK”
    

    View Slide

85. Ancient
    Steganography,

    Scytale
    Brute Force
    Key Search
    Caesar Shift
    Non-shifted

    Substitution
    Frequency

    Analysis

    ~800 AD
    Homophonic
    Substitution
    Renaissance
    Poly-alphabetic
    Substitution
    ~1450 AD
    

    View Slide

86. Poly-alphabetic beats
    frequency analysis, but …
    

    View Slide

87. Poly-alphabetic ciphers
    are complex
    D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
    a b c d e f g h i j k l m n o p q r s t u v w x y z
    D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
    D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
    

    View Slide

88. Keyword

    SECRET
    D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
    Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
    a b c d e f g h i j k l m n o p q r s t u v w x y z
    

    View Slide

89. Le Chiffre Indéchiffrable
    created by Blaise de Vigenère
    1523 - 1596
    Created new

    poly-alphabetic cipher
    

    View Slide

90. Vigenère Square
    

    View Slide

91. a b c d e f g h i j k l m n o p q r s t u v w x y z
    B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
    C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
    D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
    E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
    F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
    G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
    H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
    I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
    J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
    K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
    L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
    M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
    N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
    O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
    P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
    Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
    R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
    S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
    T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
    U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
    V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
    W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
    X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
    Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
    Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
    A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
    

    View Slide

92. Repeat keyword for all of text
    Plaintext: AttackFromTheSouthAtDawn
    Ciphertext: ????????????????????????
    Keyword: SECRETSECRETSECRETSECRET
    

    View Slide

93. a b c d e f g h i j k l m n o p q r s t u v w x y z
    B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
    C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
    D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
    E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
    F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
    G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
    H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
    I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
    J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
    K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
    L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
    M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
    N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
    O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
    P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
    Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
    R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
    S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
    T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
    U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
    V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
    W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
    X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
    Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
    Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
    A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
    Ciphertext: S???????????????????????
    Plaintext: AttackFromTheSouthAtDawn
    Keyword: SECRETSECRETSECRETSECRET
    S
    

    View Slide

94. a b c d e f g h i j k l m n o p q r s t u v w x y z
    B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
    C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
    D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
    E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
    F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
    G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
    H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
    I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
    J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
    K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
    L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
    M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
    N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
    O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
    P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
    Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
    R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
    S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
    T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
    U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
    V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
    W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
    X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
    Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
    Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
    A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
    Ciphertext: SX??????????????????????
    Plaintext: AttackFromTheSouthAtDawn
    Keyword: SECRETSECRETSECRETSECRET
    X
    

    View Slide

95. a b c d e f g h i j k l m n o p q r s t u v w x y z
    B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
    C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
    D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
    E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
    F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
    G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
    H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
    I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
    J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
    K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
    L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
    M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
    N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
    O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
    P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
    Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
    R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
    S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
    T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
    U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
    V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
    W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
    X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
    Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
    Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
    A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
    Ciphertext: SXV?????????????????????
    Plaintext: AttackFromTheSouthAtDawn
    Keyword: SECRETSECRETSECRETSECRET
    V
    

    View Slide

96. Plaintext: AttackFromTheSouthAtDawn
    Ciphertext: SXVRGDXVQDXAWWQLXASXFRAG
    Keyword: SECRETSECRETSECRETSECRET
    

    View Slide

97. Ancient
    Steganography,

    Scytale
    Brute Force
    Key Search
    Caesar Shift
    Non-shifted

    Substitution
    Frequency

    Analysis

    ~800 AD
    Homophonic
    Substitution
    Renaissance
    Poly-alphabetic
    Substitution
    Le Chiffre
    Indéchiffrable
    ~1550 AD
    

    View Slide

98. Industrial
    Revolution
    ~1760 - 1840
    

    View Slide

99. “Black Chambers”
    • 1700s
    • “Assembly-line” Cryptanalysis
    • Each European power had one
    • Breaking all mono-alphabetic
    ciphers
    • Encouraged adoption of
    Vigenère Square for

    poly-alphabetic ciphers
    

    View Slide

100. Ancient
     Steganography,

     Scytale
     Brute Force
     Key Search
     Caesar Shift
     Non-shifted

     Substitution
     Frequency

     Analysis
     Homophonic
     Substitution
     Renaissance
     Poly-alphabetic
     Substitution
     Le Chiffre
     Indéchiffrable
     ~1550 AD
     Assembly-line
     Frequency Analysis
     ~1700’s
     Industrial
     

     View Slide

101. Charles Babbage
     • 1791 - 1871
     • 1854: Broke Vigenère
     Cipher
     • Without machinery
     

     View Slide

102. REPEATING KEYWORD
     Plaintext: AttackFromTheSouthAtDawn
     Ciphertext: SXVRGDXVQDXAWWQLXASXFRAG
     Keyword: SECRETSECRETSECRETSECRET
     

     View Slide

103. False SYMBOL
     frequencies
     • ‘e’ is enciphered as both ‘A’ and ‘K’
     • ‘K’ is deciphered as both ‘e’ and ‘t’
     “secret”
     “RABHKK”
     

     View Slide

104. Word frequencies
     

     View Slide

105. Plaintext: thesunandthemaninthemoon
     Ciphertext: DPRYEVNTNBUKWIAOXBUKWWBT
     Keyword: KINGKINGKINGKINGKINGKING
     

     View Slide

106. Plaintext: thesunandthemaninthemoon
     Ciphertext: DPRYEVNTNBUKWIAOXBUKWWBT
     Keyword: KINGKINGKINGKINGKINGKING
     

     View Slide

107. Breaking Vigenère
     • Look for repeated sequences
     of letters
     • Measure spacing between
     repetitions
     • Identify most likely length
     of key: L
     

     View Slide

108. Cipher text
     WUBEFIQLZURMVOFEHMYMWTIXCQTMPIFKRZUPMVOIRQMM
     WOZMPULMBNYVQQQMVMVJLEYMHFEFNZPSDLPPSDLPEVQM
     WCXYMDAVQEEFIQCAYTQOWCXYMWMSEMEFCFWYEYQETRLI
     QYCGMTWCWFBSMYFPLRXTQYEEXMRULUKSGWFPTLRQAERL
     UVPMVYQYCXTWFQLMTELSFJPQEHMOZCIWCIWFPZSLMAEZ
     IQVLQMZVPPXAWCSMZMORVGVVQSZETRLQZPBJAZVQIYXE
     WWOICCGDWHQMMVOWSGNTJPFPPAYBIYBJUTWRLQKLLLMD
     PYVACDCFQNZPIFPPKSDVPTIDGXMQQVEBMQALKEZMGCVK
     UZKIZBZLIUAMMVZ
     

     View Slide

109. REPETITIONS
     EFIQ, PSDLP, WCXYM, ETRL
     WUBEFIQLZURMVOFEHMYMWTIXCQTMPIFKRZUPMVOIRQMM
     WOZMPULMBNYVQQQMVMVJLEYMHFEFNZPSDLPPSDLPEVQM
     WCXYMDAVQEEFIQCAYTQOWCXYMWMSEMEFCFWYEYQETRLI
     QYCGMTWCWFBSMYFPLRXTQYEEXMRULUKSGWFPTLRQAERL
     UVPMVYQYCXTWFQLMTELSFJPQEHMOZCIWCIWFPZSLMAEZ
     IQVLQMZVPPXAWCSMZMORVGVVQSZETRLQZPBJAZVQIYXE
     WWOICCGDWHQMMVOWSGNTJPFPPAYBIYBJUTWRLQKLLLMD
     PYVACDCFQNZPIFPPKSDVPTIDGXMQQVEBMQALKEZMGCVK
     UZKIZBZLIUAMMVZ
     

     View Slide

110. spacing between repetitions
     Repetition Spacing
     Possible Length of Key
     2 3 4 5 6 7 8 9 10 11 121314 15 1617181920
     EFIQ 95 ✓ ✓
     PSDLP 5 ✓
     WCXYM 20 ✓ ✓ ✓ ✓ ✓
     ETRL 120 ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓
     

     View Slide

111. 5 separate cipher texts
     WIREWQFPROLVVEESSV
     XVITXSCYLGWYXELWRL
     VXLSECWLQPSRQRBQCH
     OTPYWLCNPVGVAMZUZ
     WIREWQFPROLVVEESSV
     XVITXSCYLGWYXELWRL
     VXLSECWLQPSRQRBQCH
     OTPYWLCNPVGVAMZUZ
     WIREWQFPROLVVEESSV
     XVITXSCYLGWYXELWRL
     VXLSECWLQPSRQRBQCH
     OTPYWLCNPVGVAMZUZ
     WIREWQFPROLVVEESSV
     XVITXSCYLGWYXELWRL
     VXLSECWLQPSRQRBQCH
     OTPYWLCNPVGVAMZUZ
     WIREWQFPROLVVEESSV
     XVITXSCYLGWYXELWRL
     VXLSECWLQPSRQRBQCH
     OTPYWLCNPVGVAMZUZ
     Break each with frequency analysis
     

     View Slide

112. Ancient
     Steganography,

     Scytale
     Brute Force
     Key Search
     Caesar Shift
     Non-shifted

     Substitution
     Frequency

     Analysis

     ~800 AD
     Homophonic
     Substitution
     Renaissance
     Poly-alphabetic
     Substitution
     Le Chiffre
     Indéchiffrable
     ~1550 AD
     Assembly-line
     Frequency Analysis
     ~1700’s
     Industrial
     Babbage
     Frequency
     Analysis
     ~1800’s
     

     View Slide

113. Electric Telegraphs
     • Buried underground or
     suspended overhead
     • 1844

     60km wire between
     Baltimore & Washington
     DC
     

     View Slide

114. How can you
     represent letters
     and words as
     electrical signals?
     

     View Slide

115. Morse Code:
     “Encoding” not “Encryption”
     

     View Slide

116. I.e., this is still
     “plaintext”
     

     View Slide

117. Radio, 1899-1901
     • 3,000 km from Cornwall to
     to Newfoundland
     • Transatlantic
     communication
     • Instant military commands
     • All messages reach enemy too
     • Increases need for
     encryption
     

     View Slide

118. Enigma: Electrical Encryption
     • Arthur Scherbius, 1918
     • Mass Production in 1925
     CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=497329
     

     View Slide

119. Input
     Keyboard
     Rotors
     Output
     Lampboard
     

     View Slide

120. By User:RadioFan, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=30719651
     

     View Slide

121. By MesserWoland - Own work based on Image:Enigma-action.pnj by Jeanot; original diagram by Matt Crypto, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=1794494
     

     View Slide

122. 3 rotors of 26 wirings
     26 x 26 x 26
     =
     17,576 Cipher Alphabets
     

     View Slide

123. 17,576 orientations
     x
     6 arrangements
     =
     105,456 Cipher Alphabets
     

     View Slide

124. 105,456 possible keys
     • A new key was used every day
     • Assume 1 orientation check per minute
     • (Just type ciphertext and look at plaintext)
     • 96 enigma machines = .75 days to crack
     

     View Slide

125. Plugboard
     By Bob Lord - German Enigma Machine, uploaded in english wikipedia on 16. Feb. 2005 by en:User:Matt Crypto, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=258976
     Swap up to 6 of 26 letters
     

     View Slide

126. 100,391,791,500
     Plugboard Settings
     

     View Slide

127. 10,586,916,711,696
     (10 trillion)
     Total Possible Keys
     

     View Slide

128. 10,586,916,711,696
     possible keys
     • At 1 check per minute:
     • 38,291,799 enigma machines = 1 day to crack
     

     View Slide

129. Message Keys
     • Using day key, send a message rotor orientation first. 

     E.g., A, S, D
     • Send it at the beginning, twice for integrity. 

     E.g., ‘asdasd’ = QWERTY
     • Receiver types QWERTY, sees ‘asdasd’
     • Re-orients their rotors to A, S, D for the rest of the
     message
     • Minimizes amount of ciphertext created by day key
     

     View Slide

130. Is cracking Enigma
     possible?
     • At 1 check per minute:
     • 38,291,799 enigma machines = 1 day to crack 

     

     A SINGLE MESSAGE!
     

     View Slide

131. Ancient
     Steganography,

     Scytale
     Brute Force
     Key Search
     Caesar Shift
     Non-shifted

     Substitution
     Frequency

     Analysis

     ~800 AD
     Homophonic
     Substitution
     Renaissance
     Poly-alphabetic
     Substitution
     Le Chiffre
     Indéchiffrable
     Assembly-line
     Frequency Analysis
     Industrial
     Babbage
     Frequency
     Analysis
     One-Time
     Pad
     Enigma
     ~1925
     

     View Slide

132. Cracking Enigma
     

     View Slide

133. Polish Biuro Szyfrów
     • Established after WWI to
     protect Poland from Russian
     & Germany
     • Received photographs of
     Enigma instruction manual
     from French espionage
     • Deduced rotor wirings
     • Usage of codebook
     A. Jankowski "Warszawa" Publisher:Wydawnictwo Polskie, Poznań, 

     Public Domain, https://commons.wikimedia.org/w/index.php?curid=1514113
     

     View Slide

134. Marian
     Rejewski
     By Unknown - Rejewski's daughter's private archive,
     CC BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=216461
     

     View Slide

135. Found “chain” cycles

     in the first 6 letters
     4th Letter: FQHPLWOGBMVRXUYCZITNJEASDK
     1st Letter: ABCDEFGHIJKLMNOPQRSTUVWXYZ
     3 links: A-F-W-A
     

     View Slide

136. Found “chain” loops

     in the first 6 letters
     4th Letter: FQHPLWOGBMVRXUYCZITNJEASDK
     1st Letter: ABCDEFGHIJKLMNOPQRSTUVWXYZ
     7 links: C-H-G-O-Y-D-P-C
     

     View Slide

137. Marian Rejewski
     • Realized the # links in the
     chain were only caused by
     the rotors
     • Could try to break the
     105,456 possible rotor
     settings, not all
     10,000,000,000,000,000
     possible day keys
     • 100,000,000,000 times easier
     By Unknown - Rejewski's daughter's private archive,
     CC BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=216461
     

     View Slide

138. Cyclometer
     • Team checked each of
     105,456 possible settings
     on replica Enigma machines
     and recorded which chains
     were generated by each
     rotor setting
     • Took 1 year to complete
     • Could look up rotor settings by
     chains found in first 6
     letters of ciphertext
     http://www.cryptomuseum.com/crypto/cyclometer/index.htm
     

     View Slide

139. Cyclometer created
     the first
     “Rainbow Table”
     for looking up
     cryptographic keys
     

     View Slide

140. How to find the plugboard
     settings out of 100,391,791,500?
     • Plugboard: Un-plug all
     • Rotor Arrangement: III, I, II
     • Initial Rotor Orientations: Q, C, W
     • Type in ciphertext, see:
     • “rettew”
     • Swap R/W = Wetter (weather)
     

     View Slide

141. Polish
     Cryptographic Bombs
     • 6 machines for the 6 possible
     rotor arrangements
     • Each with 6 full Enigma rotor
     sets at top for the 6 characters
     of the repeated message key
     • Given a number of “females”
     to find, Bomba could recover
     settings in less than 2 hours
     

     View Slide

142. British Bombes
     • 36 rotors arrange in 3 banks
     of 12
     • 210 bombes by the end of
     the war
     • Operated by 2,000
     members of Women’s
     Royal Navy Service
     

     View Slide

143. Colossus
     • Inspired by Turings ideas
     and his bombe
     • 1,500 electronic valves -
     faster than
     electromechanical relay
     switches
     • Programmable - first
     computers?
     

     View Slide

144. Ancient
     Steganography,

     Scytale
     Brute Force
     Key Search
     Caesar Shift
     Non-shifted

     Substitution
     Frequency

     Analysis

     ~800 AD
     Homophonic
     Substitution
     Renaissance
     Poly-alphabetic
     Substitution
     Le Chiffre
     Indéchiffrable
     Assembly-line
     Frequency Analysis
     Industrial
     Babbage
     Frequency
     Analysis
     Enigma
     ~1925
     Colossus
     Mark 1
     1943
     Computer
     

     View Slide

145. Computer Cryptography
     

     View Slide

146. In the early days of
     computing, electrical
     signals were much
     harder to measure
     and control precisely
     It made more sense
     to only distinguish
     between an “on” state
     and an “off” state
     

     View Slide

147. Like the telegraph required
     morse to encode messages into
     electrical signals …
     In computers, we need a way to
     encode messages in 1’ and 0’s
     

     View Slide

148. View Slide

149. ASCII
     1963
     Encoding,

     not encryption

     (like Morse code)
     E.g.,
     A: 1000001
     B: 1000010
     

     View Slide

150. In Binary, we encrypt at the
     level of 1’s and 0’s
     

     View Slide

151. This is called “bitwise”
     

     View Slide

152. Bitwise anagram
     For example, consider this short sentence.
     01000110011011110111001000100000011001010111100001100001011011010111000001101100011001010010110000100000011000110
     11011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001101
     101000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101
     “Bitwise” rail fence cipher with 2 rails
     00010111010101000100011001000110010001100100011001000101011101110101011001000100010101000100011001100101010001010
     11001110101010001000101010001110100010001110101010010101011110000001011110010011011110010101011001000001001101110
     101101100110101011110000001110100010011101000011011000101111001110000011011011101011101011101010011011
     

     View Slide

153. Bitwise substitution: XOR
     The XOR operator outputs a 1
     whenever the inputs do not
     match, which occurs when
     one of the two inputs is
     exclusively true
     0 XOR 0 = 0
     0 XOR 1 = 1
     1 XOR 0 = 1
     1 XOR 1 = 0
     

     View Slide

154. Bitwise substitution: XOR
     For example, consider this short sentence.
     01000110011011110111001000100000011001010111100001100001011011010111000001101100011001010010110000100000011000110
     11011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001101
     101000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101
     Key: “Julius Caesar”
     01001010011101010110110001101001011101010111001100100000010000110110000101100101011100110110000101110010
     Output
     10001100110111101110010001000000110010101111000011000010110110101110000011011000110010100101100001000000110001101
     10111101101110011100110110100101100100011001010111001000100000011101000110100001101001011100110010000001110011001
     00010000110100001111000011101010101010000000001000101001011010001010100000000000111010000001000010111
     

     View Slide

155. Bitwise substitution: XOR
     For example, consider this short sentence.
     010001100110111101110010001000000110010101111000011000010110110101110000011011000110010100101100001000000110001101
     101111011011100111001101101001011001000110010101110010001000000111010001101000011010010111001100100000011100110110
     1000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101
     Key: “random” 1|0’s length of plaintext
     000000111010001101000011010010111001100100000011100110110100001101111011100100111010000100000011100110110010101101
     110011101000110010101101110011000110110010101000110011011110111001000100000011001010111100001100001011011010111000
     0011011000110010100101100001000000110001101101111011011100111001101101001011001000110010101110010001
     Output
     100011001101111011100100010000001100101011110000110000101101101011100000110110001100101001011000010000001100011011
     011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001100100
     010000110100001111000011101010101010000000001000101001011010001010100000000000111010000001000010111
     

     View Slide

156. View Slide

157. View Slide

158. Bitwise substitution: XOR
     For example, consider this short sentence.
     010001100110111101110010001000000110010101111000011000010110110101110000011011000110010100101100001000000110001101
     101111011011100111001101101001011001000110010101110010001000000111010001101000011010010111001100100000011100110110
     1000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101
     Key: “random” 1|0’s length of plaintext
     000000111010001101000011010010111001100100000011100110110100001101111011100100111010000100000011100110110010101101
     110011101000110010101101110011000110110010101000110011011110111001000100000011001010111100001100001011011010111000
     0011011000110010100101100001000000110001101101111011011100111001101101001011001000110010101110010001
     Output
     100011001101111011100100010000001100101011110000110000101101101011100000110110001100101001011000010000001100011011
     011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001100100
     010000110100001111000011101010101010000000001000101001011010001010100000000000111010000001000010111
     

     View Slide

159. Horst Feistel
     1971: Published
     “Lucifer” cipher for
     computer encryption
     First(?) Block Cipher
     

     View Slide

160. View Slide

161. XOR
     S-box
     Permutation
     

     View Slide

162. SP Network
     

     View Slide

163. Lucifer Cipher: “block” cipher
     Break message into 128-bit blocks
     128-bit key
     16 rounds:
     Break block in half
     the f-function is calculated using
     that round's subkey and the left half
     of the block.
     The result is then XORed to the
     right half of the block, which is the
     only part of the block altered for that
     round.
     After every round except the last
     one, the right and left halves of the
     block are swapped.
     

     View Slide

164. 256 bit message (in ASCII)
     01010100011010000110010100100000010101010101001101000001001000000100111001010011
     01000001001000000111001101110100011011110111001001100101011100110010000001111001
     01101111011101010111001000100000011101000111011101100101011001010111010001110011
     0010000100100001
     

     View Slide

165. Break into 128-bit blocks
     01010100011010000110010100100000010101010101001101000001001000000100111001010011010000010010000001110011011101000110111101110010
     01100101011100110010000001111001011011110111010101110010001000000111010001110111011001010110010101110100011100110010000100100001
     The USA NSA stor
     es your tweets!!
     

     View Slide

166. Generate 128-bit key
     awesomepassword!
     01100001011101110110010101110011011011110110110101100101011100000110000101110011011100110111011101101111011100100110010000100001
     

     View Slide

167. Break block in half
     01010100011010000110010100100000010101010101001101000001
     The USA NSA stor
     0100111001010011010000010010000001110011011101000110111101110010
     

     View Slide

168. Generate 72-bit sub-key
     awesomepassword!
     01100001011101110110010101110011011011110110110101100101011100000110000101110011011100110111011101101111011100100110010000100001
     a a
     01100001 01100001
     wesomep
     01110111011001010111001101101111011011010110010101110000
     

     View Slide

169. Rotate key left 7 bytes
     password!awesome
     01110000011000010111001101110011011101110110111101110010011001000010000101100001011101110110010101110011011011110110110101100101
     7 bytes
     

     View Slide

170. …
     

     View Slide

171. View Slide

172. Data Encryption Standard
     (DES)
     1977
     Lucifer with 56-bit keys
     So the NSA could
     brute force keys if
     they “needed” to
     

     View Slide

173. Ancient
     Steganography,

     Scytale
     Brute Force
     Key Search
     Caesar Shift
     Non-shifted

     Substitution
     Frequency

     Analysis
     Homophonic
     Substitution
     Renaissance
     Poly-alphabetic
     Substitution
     Le Chiffre
     Indéchiffrable
     Assembly-line
     Frequency Analysis
     Industrial
     Babbage
     Frequency
     Analysis
     One-Time
     Pad
     Enigma
     Cryptanalytic “Bombs”:
     Polish,
     British,
     US
     Lucifer,
     DES
     1971-1977
     Computer
     

     View Slide

174. How hard is it to find a

     binary 56-bit key?
     

     View Slide

175. 1001101010011010100110101001
     1010100110101001101010011010
     Unique Possible Permutations
     256
     72,057,594,037,927,936
     72 quadrillion (million billion)
     In 1976, estimated to cost $20M to build a computer to crack
     such a key
     Affordable to the NSA
     

     View Slide

176. DES
     1971-1977
     Computer-
     powered
     Brute Force
     Key Search
     

     View Slide

177. By Max Roser - https://ourworldindata.org/uploads/2019/05/Transistor-Count-over-time-to-2018.png, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=79751151
     

     View Slide

178. 1100110101001101010011010100
     1101010011010100110101001101
     0
     Unique Possible Permutations
     256
     72,057,594,037,927,936
     72 quadrillion (million billion)
     257
     144,115,188,075,855,870
     144 quadrillion (million billion)
     

     View Slide

179. DES
     1971-1977
     Computer-powered
     Brute Force Key Search
     Moore’s Law
     

     View Slide

180. 3DES EDE:

     DES: Encrypt, Decrypt, Encrypt
     https://www.researchgate.net/figure/Flowchart-of-3DES-encryption-and-decryption-algorithm-40_fig4_322277374
     

     View Slide

181. What about messages that
     are longer than the key?
     

     View Slide

182. Block cipher

     mode of operation
     

     View Slide

183. Electronic Codebook (ECB)
     https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
     

     View Slide

184. https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
     

     View Slide

185. Attribution, https://commons.wikimedia.org/w/index.php?curid=828161
     

     View Slide

186. Cipher Block Chaining (CBC)
     https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
     

     View Slide

187. Attribution, https://commons.wikimedia.org/w/index.php?curid=828161
     

     View Slide

188. DES
     Computer-powered
     Brute Force Key Search
     Moore’s Law
     3DES + CBC
     

     View Slide

189. The forever problem of cryptography:
     Key distribution
     

     View Slide

190. Banks literally flew people
     around with code-books of keys
     

     View Slide

191. We need a way to
     communicate secret keys
     over non-secret channels.
     

     View Slide

192. Whitfield Diffie
     Stanford AI Lab
     1974
     

     View Slide

193. Martin
     Hellman
     IBM Watson Research
     Center 1968-1969
     

     View Slide

194. New Directions in Cryptography
     Published 1976
     

     View Slide

195. Alice, Bob, and Eve
     Alice and Bob need to communicate securely
     They need to share a secret
     They only have public channels between them
     “Eve is always eavesdropping”
     How can they share a secret without sharing it with
     Eve?
     

     View Slide

196. Diffie-Hellman
     Key Establishment
     

     View Slide

197. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-1
     

     View Slide

198. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-1
     

     View Slide

199. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-1
     

     View Slide

200. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-1
     +
     ____ ____
     +
     

     View Slide

201. The key can be anything that
     can encode to 1’s and 0’s
     So, anything … like a number.
     

     View Slide

202. View Slide

203. And in MATH! , we have
     some 1-way functions!
     

     View Slide

204. Modular Arithmetic
     aka “Clock” arithmetic
     https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/discrete-logarithm-problem
     

     View Slide

205. To find 46 mod 12 …
     https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/discrete-logarithm-problem
     

     View Slide

206. Wrap a cord 46 “hours” long
     around a 12-hour clock …
     … and it ends on 10
     

     View Slide

207. Easy to perform …
     46 mod 12 is “congruent” to 10
     generator Modulus
     

     View Slide

208. ? mod 12 ≡ 10
     … hard to reverse
     

     View Slide

209. ? mod 12 ≡ 10
     22 mod 12 ≡ 10
     34 mod 12 ≡ 10
     46 mod 12 ≡ 10
     58 mod 12 ≡ 10
     70 mod 12 ≡ 10
     .. mod 12 ≡ 10
     … impossible to reverse!
     

     View Slide

210. … impossible for recipient too!
     

     View Slide

211. Alice picks an exponent
     https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2
     Prime Modulus
     
     “n”
     generator
     
     “g”
     

     View Slide

212. Alice keeps her exponent secret
     https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2
     Prime Modulus
     
     “n”
     generator
     
     “g”
     

     View Slide

213. “Discrete Logarithm” problem
     https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2
     

     View Slide

214. “Discrete Logarithm” problem
     Have to resort to “brute force”
     guessing the exponent
     

     View Slide

215. For small numbers, it’s easy, but
     not for a large prime modulus.
     https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2
     

     View Slide

216. How can we turn that single
     exponent secret into 2 secrets?
     

     View Slide

217. “Commutative” Arithmetic:

     Order of operands doesn’t matter
     3 + 5 5 + 3
     =
     = 8
     3 * 5 =
     = 15 5 * 3
     

     View Slide

218. “Commutative” Arithmetic:

     Order of operands doesn’t matter
     323 332
     =
     = 729
     3 + 5 5 + 3
     =
     = 8
     3 * 5 =
     = 15 5 * 3
     

     View Slide

219. Alice and Bob publicly agree on
     a generator and prime modulus
     https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2
     

     View Slide

220. Alice picks a private number,
     and sends the result to Bob
     https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2
     

     View Slide

221. Bob picks a private number,
     and sends the result to Alice
     https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2
     

     View Slide

222. Now the cool part …
     https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2
     

     View Slide

223. Alice raises Bob’s result to
     her private exponent
     and gets 10
     

     View Slide

224. Bob raises Alice’s mixture to
     his private exponent
     and also gets 10!
     

     View Slide

225. Because their results were calculated
     from the shared public generator and
     prime modulus
     

     View Slide

226. So, they did the same calculation
     with exponents in different order,
     which doesn’t affect the result
     

     View Slide

227. Public Key Cryptography!
     

     View Slide

228. Diffie-Hellman

     Key Establishment
     3DES
     +
     

     View Slide

229. DES
     Computer-powered
     Brute Force Key Search
     Moore’s Law
     1970+
     3DES + CBC
     DH + 3DES + CBC
     1976
     

     View Slide

230. View Slide

231. View Slide

232. Use Diffie-Hellman Exchange to make a key …
     … for Triple-DES …
     … with Cipher Block Chaining mode.
     … Encrypt-Decrypt-Encrypt …
     

     View Slide

233. What’s RSA?
     

     View Slide

234. Diffie-Hellman makes a new
     key between every 2 people!
     https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption
     

     View Slide

235. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption
     

     View Slide

236. Clifford Cox
     1971
     Trap Door

     One-way Function
     By Royal Society uploader - Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=43268163
     

     View Slide

237. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption
     

     View Slide

238. The “e” means
     encrypt!
     “d” is for decrypt!
     https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption
     

     View Slide

239. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption
     

     View Slide

240. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption
     

     View Slide

241. View Slide

242. View Slide

243. View Slide

244. View Slide

245. View Slide

246. View Slide

247. Bob's number
     

     View Slide

248. View Slide

249. View Slide

250. Ron Rivest, Adi Shamir,
     Leonard Adelman
     

     View Slide

251. DES
     Computer-powered
     Brute Force Key Search
     Moore’s Law
     1970+
     3DES + CBC
     DH/RSA + 3DES + CBC
     1976
     

     View Slide

252. Public Key Certificates
     https://www.youtube.com/watch?v=704dudhA7UI
     Alice's
     Alice's
     Alice's
     

     View Slide

253. Look!
     The public exponent and modulus!
     

     View Slide

254. Another RSA public exponent and
     modulus
     

     View Slide

255. View Slide

256. Quantum
     Computing
     For fun, profit, and
     breaking the whole
     world
     

     View Slide

257. View Slide

258. View Slide

259. Public Key Certificates
     https://www.youtube.com/watch?v=704dudhA7UI
     Alice's
     Alice's
     Alice's
     Quantum-
     cracked
     

     View Slide

260. View Slide

261. DES
     Computer-powered
     Brute Force Key Search
     Moore’s Law
     3DES + CBC
     DH/RSA + 3DES + CBC
     Quantum
     Computing
     

     View Slide

262. 2048-bit RSA key needs

     4096-qubit computer to crack
     

     View Slide

263. View Slide

264. DES
     Computer-powered
     Brute Force Key Search
     Moore’s Law
     3DES + CBC
     DH/RSA + 3DES + CBC
     Quantum
     Computing
     Post-Quantum
     Cryptography
     

     View Slide

265. View Slide

266. View Slide

267. View Slide

268. View Slide

269. Don’t invent your own crypto
     

     View Slide

270. Mind your keys
     

     View Slide

271. https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/
     

     View Slide

272. Questions?
     Scytale
     Caesar Cipher
     Unshifted cipher
     Frequency Analysis
     Poly-alphabetic cipher
     Vigenere Square
     Enigma
     Lucifer/DES
     Modes of Encryption
     Diffie-Hellman
     RSA
     Quantum
     speakerdeck.com/groovecoder
     

     View Slide