Modern Cryptography

Modern Cryptography for Java Developers James McGivern

About This Talk • Not a treaty in mathematical theory
• Rapid ﬁre - please save questions until the end • Looking under the hood • Look at two popular algorithms • Hot cryptographic research

Deﬁnitions • Cryptography • Plaintext • Cyphertext • Code •
Cypher vs Cipher • Encryption / Decryption • Key

“Secure Hashes” • A hash function takes an arbitrary length
input and returns a fixed sized bit string • Cryptographic hash function obey 3 properties: • Given a hash h it should be hard to find a message m s.t. h = hash(m) • Given an input m1 it should be hard to find an m2 s.t. m1 != m2 and hash(m1 ) = hash(m2 ) • Should be hash collision resistant • MD5, SHA-1, SHA-3, RIPEMD-xxx

1,000,000 BC ~WWII

A Challenge Gur Nafjre gb Yvsr, Gur Havirefr, naq Rirelguvat
vf sbegl 42.

A Challenge The Answer to Life, The Universe, and Everything
is 42.

The Enigma Machine Simon Singh

All Hail Turing and the others at Bletchley Park ©National
Portrait Gallery

Kerckhoff’s Principle “A cryptosystem should be secure even if everything
about the system, except the key, is public knowledge”

Symmetric Encryption

Background • The only kind of encryption until 1973 •
The same cryptographic key for both encryption of plaintext and decryption of ciphertext • This is a “shared secret”

Cyphers

Cyphers 3-Way Anubis CIPHERUNICORN-A Cobra COCONUT98 Crab Cryptomeria CRYPTON DFC
FEAL FROG ICE M6 MARS Mercy MESH Nimbus Threeﬁsh Treyfer UES Xenon Zodiac

FEAL FROG ICE M6 MARS Mercy MESH Nimbus Threeﬁsh Treyfer UES Xenon Zodiac Camellia CAST-128 IDEA RC2 RC5 SEED Skipjack TEA XTEA

FEAL FROG ICE M6 MARS Mercy MESH Nimbus Threefish Treyfer UES Xenon Zodiac Camellia CAST-128 IDEA RC2 RC5 SEED Skipjack TEA XTEA Serpent AES Blowfish DES 3DES Twofish

Cypher Types • Block Cyphers • Stream Cyphers

All Hail Claude Shannon • Godfather of: • Information Theory
• Digital Computing & Digital Circuit Design • Cryptographic Confusion • Cryptographic Diffusion • "the enemy knows the system"

S-Boxes • A function which maps an m bit input
to an n bit output • Fixed lookup table vs dynamic based on key • Example: 6x4 S-Box:

AES • Based on the Rijndael cypher • Block size:
128 bits • Key size: • 128 bit - 10 rounds • 192 bit - 12 rounds • 256 bit - 14 rounds • Block represented as a 4×4 column-major order matrix of bytes called the state

AES Recipe • BEGIN • Key Expansion • LOOP (round)
• Key XOR • Substitute • Transpose • Mix • END • Key XOR • Substitute • Transpose • Key XOR

Key Expansion • Each round of processing uses a round
key • Round keys are derived from the primary key • AES uses the Rijndael Key Schedule • Round Keys are the same size as the state

Key XOR • Bit-wise XOR the round key with the
state

Substitute • Replace each byte in the state using an
S- box • This process is reversible but non-linear • The S-box is a derangement

Transpose

Mix • Apply an invertible linear transform to each cell
(4 bytes) • This does not change the cell size • Together with Transpose provides cryptographic diffusion

AES Recipe • BEGIN • Key Expansion • LOOP (round)
• Key XOR • Substitute • Transpose • Mix • END • Key XOR • Substitute • Transpose • Key XOR

Weaknesses • Direct Attacks • “Biclique Cryptanalysis of the Full
AES” Cracks AES-128 with computational complexity 2126.1 • Side channel attacks • 2005 cache-timing attack (requires root access) • 2009 some hardware implementations found to be susceptible to differential fault analysis allowing key recovery with complexity 232 • 2010 access-driven cache attack, “near realtime” key recovery (requires root access)

Asymmetric Encryption

Background • 1973 - James H. Ellis, Clifford Cocks, and
Malcolm Williamson @GCHQ • 1974/78 - Merkle’s Puzzles • 1976 - Whitﬁeld Difﬁe and Martin Hellman • 1977/78 - Ron Rivest, Adi Shamir and Leonard Adleman @MIT

RSA • Based on the Integer Factorisation Problem • Believed
to be in NP and co-NP • => not NP-complete • Is a fundamental part of HTTPS/SSL

Key generation • Choose two prime number p and q
• Compute n = pq • Compute F(n) = F(p)F(q) = (p - 1)/(q - 1) • Chose an integer e s.t. • 1 < e < F(n) • gcd(e, F(n)) = 1 • Compute d = 1 / e(mod F(n)) • Public Key = (e, n) • Private Key = (e, d)

Encryption • Given a message M • Convert M to
an integer m s.t. 0 < m < 1 • If necessary use a padding scheme • Computer the cypher text c: c = me (mod n)

Decryption • Given a cyphertext c • Compute m =
cd (mod n) • Remove padding if present • Convert m in to M

Issues • Picking the numbers is hard • If p
or q are too small or too close to each other it greatly decreases the security • If p-1 or q-1 only has small prime factors n can be factored in polynomial time • Side-channel attacks • Timing • Differential fault analysis (power)

Java Cryptography

Cryptographic Libraries • JCA • java.security • javax.security deprcated •
JCE Providers • Oracle JCE + policies • The Legion of the Bouncy Castle

Useful Utils • Jasypt • Keytool IUI • Spring Crypto
Utils • JCE taglib

Practical Tips • KISS • Choose the appropriate algorithm for
the situation • Cost / beneﬁt analysis • Key size • Hybrid encryption systems • Good quality RNG seeds

<Future> Cryptography

Quantum Computers @The Pub Explanation

The Basics • Binary vectors |0> and |1> • Qubit
|q> = x|0> + y|1> where x2 + y2 = 1 • Qubits |q> = a|00> + b|01> + c|11> + d|10>

Quantum Operations • An operation on n qubits can be
represented by an nxn matrix • Also represented by quantum circuits • Always Reversible...

Measuring • Given |q> = -0.2|0> + 0.8|1> • Then
the result of measuring q is: • 0 with probability 0.2 • 1 with probability 0.8 |q> = -0.1|00> + 0.4|01> + 0.4|11> + 0.1|10> |q> = -0.2|0> + 0.8|1> • Irreversible

Entanglement • Only a quantum effect • An entangled quantum
system allows a higher correlation of states than classically possible • Given a qubit system in equal superposition Measuring the ﬁrst qubit allows us to determine the state of the second without measuring

Grover’s Algorithm • Lov Grover 1996 • Given some function
f and an value y ﬁnd x such that f(x) = y • O(N1/2) time complexity • O(log N) space complexity

Shor’s Algorithm Don’t leave this blank!

Shor’s Algorithm • Peter Shor 1994 • Calculates the factors
of a given integer • O((log N)3) • Belongs to BQP

Good News • The largest integer factored: 143 • Largest
quantum computer: 84 qubits

Quantum Cryptography

Post-Quantum Cryptography

Lattice-Based Cryptography • A lattice L in Rn is a
discrete subgroup of Rn which spans the real vector space Rn • Each lattice has a set of bases • A basis is a set of vectors such that any vector is the lattice is a linear combination of the basis vectors • Can be viewed as a regular tiling of a space by a primitive cell

Graphical Representation Basis = { [0.5, 0], [0, 1] }

Shortest Vector Problem Given a lattice L in Rn ﬁnd
the shortest non- zero vector in L

Closest Vector Problem Given a lattice L in Rn and
a vector v not in L, ﬁnd the closest vector in L to v

NP-Hard • Non-deterministic polynomial time hard • For all problems
in NP, any NP-hard problem is at least as hard as the hardest problem in NP • SVP & CVP are thought to be NP-hard • If we ﬁnd a polynomial time algorithm for any NP-hard problem then P = NP!

Other Approaches • Multivariate Cryptography • Secure Hash Signatures •
Lamport signatures • Merkle scheme • McEliece and Niedenrreiter Algorithms based on EEC

Summary • Modern cryptography really started ~1937 • Symmetric cyhpers
• Asymmetric cyphers • Non-classical cryptography • Post-quantum cryptography

Thank You

Modern Cryptography

Modern Cryptography

Other Decks in Technology

Featured

Transcript