Tweet
Tweet

Slide 1

Slide 1 text

Cryptography: 500 BC - https

Slide 2

Slide 2 text

Plugs

Slide 3

Slide 3 text

2nd & 4th T uesdays: OWASP T ulsa at 36°N

Slide 4

Slide 4 text

May 20: 200ok.us @ T ulsa Library (code: “BSIDES”)

Slide 5

Slide 5 text

October 28: Thunderplains in OKC (code: “BSIDES”)

Slide 6

Slide 6 text

About me I’m not a crypto engineer I’m a web developer who got into Security Engineering I’ve always been scared and fascinated by crypto

Slide 7

Slide 7 text

About this talk 2700 years in 40 minutes Don’t take notes Slides are already up at: speakerdeck.com/groovecoder

Slide 8

Slide 8 text

The Code Book Simon Singh

Slide 9

Slide 9 text

Journey into Cryptography Khan Academy

Slide 10

Slide 10 text

Bulletproof TLS and PKI Ivan Ristić

Slide 11

Slide 11 text

Steganography Hiding messages

Slide 12

Slide 12 text

499 BCE Histiaeus of Miletus shaves head of a slave to write to Aristagoras to revolt against Persians

Slide 13

Slide 13 text

480 BCE Demaratus writes into wood covered with wax re: Xerxes’ pending attack

Slide 14

Slide 14 text

??? Chinese writings on silk in balls of wax ingested by couriers

Slide 15

Slide 15 text

First “Invisible Ink”, 1st c. AD Pliny the Elder Milk of tithymalus plant Heat-activated

Slide 16

Slide 16 text

Scytale, ~700 BCE - 120 AD Cylinder with parchment wound around it Permutation cipher or Partial/Hidden writing

Slide 17

Slide 17 text

Cryptography Encrypting messages

Slide 18

Slide 18 text

T ranspositional Permutation Ciphers Anagrams: move letters around

Slide 19

Slide 19 text

Permutation Cipher For example, consider this short sentence 35 letters 50,000,000,000,000,000,000,000,000,000,000 (50 trillion trillion) permutations

Slide 20

Slide 20 text

When we measure how “strong” an encryption system is, we measure it by its …

Slide 21

Slide 21 text

Time Complexity

Slide 22

Slide 22 text

Permutation Cipher EXPERIMENTATIONS FRESH CHORD LOSS 50,000,000,000,000,000,000,000,000,000,000 (50 trillion trillion) permutations 1 check/second = 1,500,000,000,000,000,000,000,000 years (1 trillion billion years)

Slide 23

Slide 23 text

Drawbacks of random permutation cipher Impossible for intended recipient too False positives: which anagram is right? Do Not Attack at Midnight Attack at Mind: do T onight

Slide 24

Slide 24 text

We need a deterministic way to encrypt & decrypt

Slide 25

Slide 25 text

Algorithms & Keys

Slide 26

Slide 26 text

“a cryptosystem should be secure, even if everything about the system, except the key, is public knowledge” –Kerchkoff’s Principle (19th century AD)

Slide 27

Slide 27 text

Scytale, ~700 BCE - 120 AD Algorithm Wrap message around a cylinder Key Diameter of cylinder

Slide 28

Slide 28 text

Rail fence cipher http://crypto.interactive-maths.com/rail-fence-cipher.html

Slide 29

Slide 29 text

Rail fence cipher key = 4 http://crypto.interactive-maths.com/rail-fence-cipher.html they are attacking from the north

Slide 30

Slide 30 text

Rail fence cipher; k=4 http://crypto.interactive-maths.com/rail-fence-cipher.html they are attacking from the north

Slide 31

Slide 31 text

Rail fence cipher; k=4 http://crypto.interactive-maths.com/rail-fence-cipher.html they are attacking from the north TEKOOHRACIRMNREATANFTETYTGHH

Slide 32

Slide 32 text

Rail fence cipher; k=4 http://crypto.interactive-maths.com/rail-fence-cipher.html they are attacking from the north TEKOOHRACIRMNREATANFTETYTGHH they are attacking from the north

Slide 33

Slide 33 text

Ancient Scytale ~700 BC

Slide 34

Slide 34 text

Cryptanalysis Breaking encrypted messages

Slide 35

Slide 35 text

Breaking rail fence cipher http://crypto.interactive-maths.com/rail-fence-cipher.html “Naive Brute Force” key search: T ry a bunch of numbers of rows by hand

Slide 36

Slide 36 text

Breaking rail fence cipher DELEHELFTAAEDSWNT 2 rows: daealeedhsewlnftt 3 rows: deslefwtlanaeetdh 4 rows: detwaheeanellfdts 5 rows: defend the east wall

Slide 37

Slide 37 text

So, the first cryptanalysis is simply “naive brute force” key searching

Slide 38

Slide 38 text

“Key space” How many possible keys are there?

Slide 39

Slide 39 text

Breaking a Scytale “Naive Brute Force” key search: T ry a bunch of cylinders

Slide 40

Slide 40 text

Ancient Scytale ~700 BC Brute Force Key Search

Slide 41

Slide 41 text

Substitutional Cipher Change letters into other letters

Slide 42

Slide 42 text

Caesar Cipher, 49 - 44 BC Algorithm Replace each letter with another letter Key K positions down the alphabet

Slide 43

Slide 43 text

Caesar (Shift) Cipher Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: DEFGHIJKLMNOPQRSTUVWXZYABC

Slide 44

Slide 44 text

Ancient Steganography, Scytale ~700 BC Brute Force Key Search Caesar Cipher ~50 BC

Slide 45

Slide 45 text

Breaking a Caesar Cipher “Naive Brute Force” key search: 26 possible shifts

Slide 46

Slide 46 text

Aside: simple can still be useful

Slide 47

Slide 47 text

Can we give ourselves a really large key space? So it would take an attacker a long time to search them all?

Slide 48

Slide 48 text

Non-shifted Random Substitution Algorithm Replace each letter with another letter Key Any Cipher Alphabet (An anagram of the alphabet! such meta!)

Slide 49

Slide 49 text

Non-shifted Substitutional Cipher 26 letters to re-arrange Key space: 403,291,461,000,000,000,000,000,000 (403 trillion trillion or ~288) possible re-arrangements (English) 120,000,000,000,000,000,000 (120 billion billion) years at 1 check/s

Slide 50

Slide 50 text

Most crypto-systems don’t try to offer “perfect” encryption …

Slide 51

Slide 51 text

… most crypto systems try to force attackers into key searches that take too long to complete

Slide 52

Slide 52 text

Non-shifted Substitutional Cipher 26 letters to re-arrange Key space: 403,291,461,000,000,000,000,000,000 (403 trillion trillion or ~288) possible re-arrangements (English) 120,000,000,000,000,000,000 (120 billion billion) years at 1 check/s

Slide 53

Slide 53 text

Key: XZAVOIDBYGERSPCFHJKLMNQTUW

Slide 54

Slide 54 text

Can we create a “pseudo-random” key that is easy to memorize?

Slide 55

Slide 55 text

Easy to memorize key JULIUS CAESAR
 JULISCAER

Slide 56

Slide 56 text

Easy to memorize key Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ JULIUS CAESAR
 JULISCAER

Slide 57

Slide 57 text

Easy to memorize key Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ JULIUS CAESAR
 JULISCAER Note: smaller key space

Slide 58

Slide 58 text

“key derivation function” Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ JULIUS CAESAR

Slide 59

Slide 59 text

Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ Defend the East wall ISCSYI HES SJGH NJWW

Slide 60

Slide 60 text

Ancient Steganography, Scytale ~700 BC Brute Force Key Search Caesar Cipher ~50 BC Non-shifted Substitution Cipher

Slide 61

Slide 61 text

So, we’ve got a simple crypto- system that would take decades for hundreds of thousands of computers to break!

Slide 62

Slide 62 text

Non-shifted Substitution Cipher considered un-breakable for ~800 years, until …

Slide 63

Slide 63 text

ةامعملا بتكلا جارختسا يف ةلاسر (On Decrypting Encrypted Correspondence) يدنكلا حاّبصلا قاحسإ نب بوقعي فسوي وبأ (Abu Yūsuf Yaʻqūb ibn ʼIsḥāq aṣ-Ṣabbāḥ al-Kindī) Al-Kindi 801-873 AD

Slide 64

Slide 64 text

Frequency Analysis Attack

Slide 65

Slide 65 text

No content

Slide 66

Slide 66 text

“PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV ZCJPO EYPD KBXBJYUXJ LBJOO KCPK. CP LBO LBCMKXPV XPV IYJKL PYDBL, QBOP KBO BXV OPVOV LBO LXRO CI SX’XJMI, KBO JCKO XPV EYKKOV LBO DJCMPV ZOICJO BYS, KXUYPD: “DJOXL EYPD, ICJ X LBCMKXPV XPV CPO PYDBLK Y BXNO ZOOP JOACMPLYPD LC UCM LBO IXZROK CI FXKL XDOK XPV LBO RODOPVK CI XPAYOPL EYPDK. SXU Y SXEO KC ZCRV XK LC AJXNO X IXNCMJ CI UCMJ SXGOKLU?” –OFYRCDMO, LXROK IJCS LBO LBCMKXPV XPV CPO PYDBLK

Slide 67

Slide 67 text

Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: ??????????????????????????

Slide 68

Slide 68 text

Likeliest plaintext letters O = e X = t P = a

Slide 69

Slide 69 text

English frequency rules Vowels appear before and after most other letters Consonants avoid many letters E.g., ‘e’ appears before/after virtually every other letter; while ’t’ is rarely seen before or after ‘b’, ‘d’, ‘g’, ‘j’, ‘k’, ‘m’, ‘q’, ‘v’ “ee” occurs more than “oo” occurs more than other double-vowels “a” occurs on its own often - more than “I” on its own ‘h’ frequently goes before ‘e’ but rarely after ‘e’

Slide 70

Slide 70 text

Cipher O = e X = a Y = i B = h P = t ?

Slide 71

Slide 71 text

“PCQ VMJiPD LhiK LiSe KhahJaWaV haV ZCJPe EiPD KhahJiUaJ LhJee KCPK. CP Lhe LhCMKaPV aPV IiJKL PiDhL, QheP Khe haV ePVeV Lhe LaRe CI Sa’aJMI, Khe JCKe aPV EiKKeV Lhe DJCMPV ZeICJe hiS, KaUiPD: “DJeaL EiPD, ICJ a LhCMKaPV aPV CPe PiDhLK i haNe ZeeP JeACMPLiPD LC UCM Lhe IaZReK CI FaKL aDeK aPV Lhe ReDePVK CI aPAiePL EiPDK. SaU i SaEe KC ZCRV aK LC AJaNe a IaNCMJ CI UCMJ SaGeKLU?” –eFiRCDMe, LaReK IJCS Lhe LhCMKaPV aPV CPe PiDhLK

Slide 72

Slide 72 text

“PCQ VMJiPD LhiK LiSe KhahJaWaV haV ZCJPe EiPD KhahJiUaJ LhJee KCPK. CP Lhe LhCMKaPV aPV IiJKL PiDhL, QheP Khe haV ePVeV Lhe LaRe CI Sa’aJMI, Khe JCKe aPV EiKKeV Lhe DJCMPV ZeICJe hiS, KaUiPD: “DJeaL EiPD, ICJ a LhCMKaPV aPV CPe PiDhLK i haNe ZeeP JeACMPLiPD LC UCM Lhe IaZReK CI FaKL aDeK aPV Lhe ReDePVK CI aPAiePL EiPDK. SaU i SaEe KC ZCRV aK LC AJaNe a IaNCMJ CI UCMJ SaGeKLU?” –eFiRCDMe, LaReK IJCS Lhe LhCMKaPV aPV CPe PiDhLK “Lhe” 6 times

Slide 73

Slide 73 text

“Lhe” Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: X???O??BY??????????L?????? “the”

Slide 74

Slide 74 text

“PCQ VMJiPD thiK tiSe KhahJaWaV haV ZCJPe EiPD KhahJiUaJ thJee KCPK. CP the thCMKaPV aPV IiJKt PiDht, QheP Khe haV ePVeV the taRe CI Sa’aJMI, Khe JCKe aPV EiKKeV the DJCMPV ZeICJe hiS, KaUiPD: “DJeat EiPD, ICJ a thCMKaPV aPV CPe PiDhtK i haNe ZeeP JeACMPtiPD tC UCM the IaZReK CI FaKt aDeK aPV the ReDePVK CI aPAiePt EiPDK. SaU i SaEe KC ZCRV aK tC AJaNe a IaNCMJ CI UCMJ SaGeKtU?” –eFiRCDMe, taReK IJCS the thCMKaPV aPV CPe PiDhtK “aPV” 5 times

Slide 75

Slide 75 text

“aPV” Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: X??VO??BY????P?????L?????? “and”

Slide 76

Slide 76 text

No content

Slide 77

Slide 77 text

“now during this time shahra[qxzj]ad had borne king shahriyar three sons. on the thousand and first night, when she had ended the tale of ma’aruf, she rose and kissed the ground before him, saying: “great king, for a thousand and one nights i have been recounting to you the fables of past ages and the legends of ancient kings. may i make so bold as to crave a favour of your ma[qxzj]esty?” –epilogue, tales from the thousand and one nights Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: XZAVOIDBY?ERSPCF?JKLMNQ?U?

Slide 78

Slide 78 text

Frequency Analysis: An analytical attack faster than naive brute force key search

Slide 79

Slide 79 text

Ancient Steganography, Scytale ~700 BC Brute Force Key Search Caesar Cipher ~50 BC Non-shifted Substitution Cipher Frequency Analysis ~800 AD

Slide 80

Slide 80 text

Frequency Analysis considered indefensible for ~800 years

Slide 81

Slide 81 text

Code-makers needed a crypto-system that wasn’t vulnerable to Frequency Analysis

Slide 82

Slide 82 text

Leon Battista Alberti 1404-1472 “poly-alphabetic” cipher

Slide 83

Slide 83 text

D M B X K I V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z Poly-alphabetic Substitution Cipher

Slide 84

Slide 84 text

D M B X K I V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z “secret” “R?????” Poly-alphabetic Substitution Cipher

Slide 85

Slide 85 text

D M B X K I V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z “secret” “RA????” Poly-alphabetic Substitution Cipher

Slide 86

Slide 86 text

D M B X K I V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z “secret” “RAB???” Poly-alphabetic Substitution Cipher

Slide 87

Slide 87 text

D M B X K I V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E “RABH??” a b c d e f g h i j k l m n o p q r s t u v w x y z “secret” Poly-alphabetic Substitution Cipher

Slide 88

Slide 88 text

D M B X K I V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E “RABHK?” a b c d e f g h i j k l m n o p q r s t u v w x y z “secret” Poly-alphabetic Substitution Cipher

Slide 89

Slide 89 text

D M B X K I V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z “secret” “RABHKK” Poly-alphabetic Substitution Cipher

Slide 90

Slide 90 text

False frequencies ‘e’ is enciphered as both ‘A’ and ‘K’ ‘K’ is deciphered as both ‘e’ and ‘t’ “secret” “RABHKK”

Slide 91

Slide 91 text

Ancient Steganography, Scytale Brute Force Key Search Caesar Shift Non-shifted Substitution Frequency Analysis ~800 AD Homophonic Substitution Renaissance Poly-alphabetic Substitution ~1450 AD

Slide 92

Slide 92 text

Poly-alphabetic beats frequency analysis, but …

Slide 93

Slide 93 text

Poly-alphabetic ciphers are complex D M B X K I V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z D M B X K I V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E D M B X K I V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E

Slide 94

Slide 94 text

Keyword SECRET D M B X K I V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z

Slide 95

Slide 95 text

Le Chiffre Indéchiffrable created by Blaise de Vigenère 1523 - 1596 Created new poly-alphabetic cipher

Slide 96

Slide 96 text

Vigenère Square

Slide 97

Slide 97 text

a b c d e f g h i j k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Slide 98

Slide 98 text

Repeat keyword for all of text Plaintext: AttackFromTheSouthAtDawn Ciphertext: ???????????????????????? Keyword: SECRETSECRETSECRETSECRET

Slide 99

Slide 99 text

a b c d e f g h i j k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Ciphertext: S??????????????????????? Plaintext: AttackFromTheSouthAtDawn S Keyword: SECRETSECRETSECRETSECRET

Slide 100

Slide 100 text

a b c d e f g h i j k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Ciphertext: SX?????????????????????? Plaintext: AttackFromTheSouthAtDawn Keyword: SECRETSECRETSECRETSECRET X

Slide 101

Slide 101 text

a b c d e f g h i j k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Ciphertext: SXV????????????????????? Plaintext: AttackFromTheSouthAtDawn Keyword: SECRETSECRETSECRETSECRET V

Slide 102

Slide 102 text

Plaintext: AttackFromTheSouthAtDawn Ciphertext: SXVRGDXVQDXAWWQLXASXFRAG Keyword: SECRETSECRETSECRETSECRET

Slide 103

Slide 103 text

Ancient Steganography, Scytale Brute Force Key Search Caesar Shift Non-shifted Substitution Frequency Analysis ~800 AD Homophonic Substitution Renaissance Poly-alphabetic Substitution Le Chiffre Indéchiffrable ~1550 AD

Slide 104

Slide 104 text

Industrial Revolution ~1760 - 1840

Slide 105

Slide 105 text

“Black Chambers” • 1700s • “Assembly-line” Cryptanalysis • Each European power had one • Breaking all mono-alphabetic ciphers • Encouraged adoption of Vigenère Square for poly-alphabetic ciphers

Slide 106

Slide 106 text

Ancient Steganography, Scytale Brute Force Key Search Caesar Shift Non-shifted Substitution Frequency Analysis Homophonic Substitution Renaissance Poly-alphabetic Substitution Le Chiffre Indéchiffrable ~1550 AD Assembly-line Frequency Analysis ~1700’s Industrial

Slide 107

Slide 107 text

Charles Babbage • 1791 - 1871 • 1854: Broke Vigenère Cipher • Without machinery

Slide 108

Slide 108 text

REPEATING KEYWORD Plaintext: AttackFromTheSouthAtDawn Ciphertext: SXVRGDXVQDXAWWQLXASXFRAG Keyword: SECRETSECRETSECRETSECRET

Slide 109

Slide 109 text

False SYMBOL frequencies • ‘e’ is enciphered as both ‘A’ and ‘K’ • ‘K’ is deciphered as both ‘e’ and ‘t’ “secret” “RABHKK”

Slide 110

Slide 110 text

Word frequencies

Slide 111

Slide 111 text

Plaintext: thesunandthemaninthemoon Ciphertext: DPRYEVNTNBUKWIAOXBUKWWBT Keyword: KINGKINGKINGKINGKINGKING

Slide 112

Slide 112 text

Plaintext: thesunandthemaninthemoon Ciphertext: DPRYEVNTNBUKWIAOXBUKWWBT Keyword: KINGKINGKINGKINGKINGKING

Slide 113

Slide 113 text

Breaking Vigenère • Look for repeated sequences of letters • Measure spacing between repetitions • Identify most likely length of key: L

Slide 114

Slide 114 text

Cipher text WUBEFIQLZURMVOFEHMYMWTIXCQTMPIFKRZUPMVOIRQMM WOZMPULMBNYVQQQMVMVJLEYMHFEFNZPSDLPPSDLPEVQM WCXYMDAVQEEFIQCAYTQOWCXYMWMSEMEFCFWYEYQETRLI QYCGMTWCWFBSMYFPLRXTQYEEXMRULUKSGWFPTLRQAERL UVPMVYQYCXTWFQLMTELSFJPQEHMOZCIWCIWFPZSLMAEZ IQVLQMZVPPXAWCSMZMORVGVVQSZETRLQZPBJAZVQIYXE WWOICCGDWHQMMVOWSGNTJPFPPAYBIYBJUTWRLQKLLLMD PYVACDCFQNZPIFPPKSDVPTIDGXMQQVEBMQALKEZMGCVK UZKIZBZLIUAMMVZ

Slide 115

Slide 115 text

REPETITIONS EFIQ, PSDLP, WCXYM, ETRL WUBEFIQLZURMVOFEHMYMWTIXCQTMPIFKRZUPMVOIRQMM WOZMPULMBNYVQQQMVMVJLEYMHFEFNZPSDLPPSDLPEVQM WCXYMDAVQEEFIQCAYTQOWCXYMWMSEMEFCFWYEYQETRLI QYCGMTWCWFBSMYFPLRXTQYEEXMRULUKSGWFPTLRQAERL UVPMVYQYCXTWFQLMTELSFJPQEHMOZCIWCIWFPZSLMAEZ IQVLQMZVPPXAWCSMZMORVGVVQSZETRLQZPBJAZVQIYXE WWOICCGDWHQMMVOWSGNTJPFPPAYBIYBJUTWRLQKLLLMD PYVACDCFQNZPIFPPKSDVPTIDGXMQQVEBMQALKEZMGCVK UZKIZBZLIUAMMVZ

Slide 116

Slide 116 text

spacing between repetitions Repetition Spacing Possible Length of Key 2 3 4 5 6 7 8 9 10 11121314 15 1617181920 EFIQ 95 ✓ ✓ PSDLP 5 ✓ WCXYM 20 ✓ ✓ ✓ ✓ ✓ ETRL 120 ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓

Slide 117

Slide 117 text

5 separate cipher texts WIREWQFPROLVVEESSV XVITXSCYLGWYXELWRL VXLSECWLQPSRQRBQCH OTPYWLCNPVGVAMZUZ WIREWQFPROLVVEESSV XVITXSCYLGWYXELWRL VXLSECWLQPSRQRBQCH OTPYWLCNPVGVAMZUZ WIREWQFPROLVVEESSV XVITXSCYLGWYXELWRL VXLSECWLQPSRQRBQCH OTPYWLCNPVGVAMZUZ WIREWQFPROLVVEESSV XVITXSCYLGWYXELWRL VXLSECWLQPSRQRBQCH OTPYWLCNPVGVAMZUZ WIREWQFPROLVVEESSV XVITXSCYLGWYXELWRL VXLSECWLQPSRQRBQCH OTPYWLCNPVGVAMZUZ Break each with frequency analysis

Slide 118

Slide 118 text

Plaintext: AttackFromTheSouthAtDawn Ciphertext: SXVRGDXVQDXAWWQLXASXFRAG Keyword: SECRETSECRETSECRETSECRET

Slide 119

Slide 119 text

Plaintext: AttackFromTheSouthAtDawn Ciphertext: SXVRGDXVQDXAWWQLXASXFRAG Keyword: SECRETSECRETSECRETSECRET Keyword Length: 5 Keyword Letters: RS???

Slide 120

Slide 120 text

Ancient Steganography, Scytale Brute Force Key Search Caesar Shift Non-shifted Substitution Frequency Analysis ~800 AD Homophonic Substitution Renaissance Poly-alphabetic Substitution Le Chiffre Indéchiffrable ~1550 AD Assembly-line Frequency Analysis ~1700’s Industrial Babbage Frequency Analysis ~1800’s

Slide 121

Slide 121 text

Electric Telegraphs • Buried underground or suspended overhead • 1844 60km wire between Baltimore & Washington DC

Slide 122

Slide 122 text

How can you represent letters and words as electrical signals?

Slide 123

Slide 123 text

Morse Code: “Encoding” not “Encryption”

Slide 124

Slide 124 text

I.e., this is still “plaintext”

Slide 125

Slide 125 text

Radio, 1899-1901 • 3,000 km from Cornwall to to Newfoundland • Transatlantic communication • Instant military commands • All messages reach enemy too • Increases need for encryption

Slide 126

Slide 126 text

Enigma: Electrical Encryption • Arthur Scherbius, 1918 • Mass Production in 1925 CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=497329

Slide 127

Slide 127 text

Input Keyboard Rotors Output Lampboard

Slide 128

Slide 128 text

By User:RadioFan, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=30719651

Slide 129

Slide 129 text

By MesserWoland - Own work based on Image:Enigma-action.pnj by Jeanot; original diagram by Matt Crypto, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=1794494

Slide 130

Slide 130 text

3 rotors of 26 wirings 26 x 26 x 26 = 17,576 Cipher Alphabets

Slide 131

Slide 131 text

17,576 orientations x 6 arrangements = 105,456 Cipher Alphabets

Slide 132

Slide 132 text

105,456 possible keys • A new key was used every day • Assume 1 orientation check per minute • (Just type ciphertext and look at plaintext) • 96 enigma machines = .75 days to crack

Slide 133

Slide 133 text

Plugboard By Bob Lord - German Enigma Machine, uploaded in english wikipedia on 16. Feb. 2005 by en:User:Matt Crypto, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=258976 Swap up to 6 of 26 letters

Slide 134

Slide 134 text

100,391,791,500 Plugboard Settings

Slide 135

Slide 135 text

10,586,916,711,696 (10 trillion) Total Possible Keys

Slide 136

Slide 136 text

10,586,916,711,696 possible keys • At 1 check per minute: • 38,291,799 enigma machines = 1 day to crack

Slide 137

Slide 137 text

Message Keys • Using day key, send a message rotor orientation first. E.g., A, S, D • Send it at the beginning, twice for integrity. E.g., ‘asdasd’ = QWERTY • Receiver types QWERTY, sees ‘asdasd’ • Re-orients their rotors to A, S, D for the rest of the message • Minimizes amount of ciphertext created by day key

Slide 138

Slide 138 text

Note • Remember this concept of “message keys” … we’ll see it again when we get to “session keys” in HTTPS

Slide 139

Slide 139 text

Is cracking Enigma possible? • At 1 check per minute: • 38,291,799 enigma machines = 1 day to crack A SINGLE MESSAGE!

Slide 140

Slide 140 text

Ancient Steganography, Scytale Brute Force Key Search Caesar Shift Non-shifted Substitution Frequency Analysis ~800 AD Homophonic Substitution Renaissance Poly-alphabetic Substitution Le Chiffre Indéchiffrable Assembly-line Frequency Analysis Industrial Babbage Frequency Analysis One-Time Pad Enigma ~1925

Slide 141

Slide 141 text

Cracking Enigma

Slide 142

Slide 142 text

Polish Biuro Szyfrów • Established after WWI to protect Poland from Russian & Germany • Received photographs of Enigma instruction manual from French espionage • Deduced rotor wirings • Usage of codebook A. Jankowski "Warszawa" Publisher:Wydawnictwo Polskie, Poznań, Public Domain, https://commons.wikimedia.org/w/index.php?curid=1514113

Slide 143

Slide 143 text

Marian Rejewski By Unknown - Rejewski's daughter's private archive, CC BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=216461

Slide 144

Slide 144 text

Found “chain” cycles in the first 6 letters 4th Letter: FQHPLWOGBMVRXUYCZITNJEASDK 1st Letter: ABCDEFGHIJKLMNOPQRSTUVWXYZ 3 links: A-F-W-A

Slide 145

Slide 145 text

Found “chain” loops in the first 6 letters 4th Letter: FQHPLWOGBMVRXUYCZITNJEASDK 1st Letter: ABCDEFGHIJKLMNOPQRSTUVWXYZ 7 links: C-H-G-O-Y-D-P-C

Slide 146

Slide 146 text

Marian Rejewski • Realized the # links in the chain were only caused by the rotors • Could try to break the 105,456 possible rotor settings, not all 10,000,000,000,000,000 possible day keys • 100,000,000,000 times easier By Unknown - Rejewski's daughter's private archive, CC BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=216461

Slide 147

Slide 147 text

Cyclometer • Team checked each of 105,456 possible settings on replica Enigma machines and recorded which chains were generated by each rotor setting • Took 1 year to complete • Could look up rotor settings by chains found in first 6 letters of ciphertext http://www.cryptomuseum.com/crypto/cyclometer/index.htm

Slide 148

Slide 148 text

Cyclometer created the first “Rainbow Table” for looking up cryptographic keys

Slide 149

Slide 149 text

How to find the plugboard settings out of 100,391,791,500? • Plugboard: Un-plug all • Rotor Arrangement: III, I, II • Initial Rotor Orientations: Q, C, W • Type in ciphertext, see: • “rettew” • Swap R/W = Wetter (weather)

Slide 150

Slide 150 text

Polish Cryptographic Bombs • 6 machines for the 6 possible rotor arrangements • Each with 6 full Enigma rotor sets at top for the 6 characters of the repeated message key • Given a number of “females” to find, Bomba could recover settings in less than 2 hours

Slide 151

Slide 151 text

British Bombes • 36 rotors arrange in 3 banks of 12 • 210 bombes by the end of the war • Operated by 2,000 members of Women’s Royal Navy Service

Slide 152

Slide 152 text

Alan Turing • Enigma operators were supposed to use separate message keys • Many were lazy, and the same operator used the same message key every time • Re-using keys created more cipher text with the same key • Messages like the daily weather report always had the same plain text letters in the same positions

Slide 153

Slide 153 text

Colossus • Inspired by Turings ideas and his bombe • 1,500 electronic valves - faster than electromechanical relay switches • Programmable - first computers?

Slide 154

Slide 154 text

Ancient Steganography, Scytale Brute Force Key Search Caesar Shift Non-shifted Substitution Frequency Analysis ~800 AD Homophonic Substitution Renaissance Poly-alphabetic Substitution Le Chiffre Indéchiffrable Assembly-line Frequency Analysis Industrial Babbage Frequency Analysis Enigma ~1925 Colossus Mark 1 1943 Computer

Slide 155

Slide 155 text

Computer Cryptography

Slide 156

Slide 156 text

In the early days of computing, electrical signals were much harder to measure and control precisely It made more sense to only distinguish between an “on” state and an “off” state

Slide 157

Slide 157 text

SOS

Slide 158

Slide 158 text

SOS 83 79 83

Slide 159

Slide 159 text

83 79 83 1010011 1001111 1010011 1 1 1 1 1 1 1 1 1 64 + 16 + 2 + 1 = 83 1 1 1 1 64 + 16 + 2 + 1 = 83 64 + 8 + 4 + 2 + 1 = 79

Slide 160

Slide 160 text

SOS 83 79 83 1010011 1001111 1010011

Slide 161

Slide 161 text

In Binary, we encrypt at the level of 1’s and 0’s

Slide 162

Slide 162 text

Bitwise anagram For example, consider this short sentence. 01000110011011110111001000100000011001010111100001100001011011010111000001101100011001010010110000100000011000110 11011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001101 101000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101 “Bitwise” rail fence cipher with 2 rails 00010111010101000100011001000110010001100100011001000101011101110101011001000100010101000100011001100101010001010 11001110101010001000101010001110100010001110101010010101011110000001011110010011011110010101011001000001001101110 101101100110101011110000001110100010011101000011011000101111001110000011011011101011101011101010011011

Slide 163

Slide 163 text

Bitwise substitution: XOR The XOR operator outputs a 1 whenever the inputs do not match, which occurs when one of the two inputs is exclusively true 0 XOR 0 = 0 0 XOR 1 = 1 1 XOR 0 = 1 1 XOR 1 = 0

Slide 164

Slide 164 text

Bitwise substitution: XOR For example, consider this short sentence. 01000110011011110111001000100000011001010111100001100001011011010111000001101100011001010010110000100000011000110 11011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001101 101000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101 Key: “Julius Caesar” 01001010011101010110110001101001011101010111001100100000010000110110000101100101011100110110000101110010 Output 10001100110111101110010001000000110010101111000011000010110110101110000011011000110010100101100001000000110001101 10111101101110011100110110100101100100011001010111001000100000011101000110100001101001011100110010000001110011001 00010000110100001111000011101010101010000000001000101001011010001010100000000000111010000001000010111

Slide 165

Slide 165 text

Bitwise substitution: XOR For example, consider this short sentence. 010001100110111101110010001000000110010101111000011000010110110101110000011011000110010100101100001000000110001101 101111011011100111001101101001011001000110010101110010001000000111010001101000011010010111001100100000011100110110 1000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101 Key: “random” 1|0’s length of plaintext 000000111010001101000011010010111001100100000011100110110100001101111011100100111010000100000011100110110010101101 110011101000110010101101110011000110110010101000110011011110111001000100000011001010111100001100001011011010111000 0011011000110010100101100001000000110001101101111011011100111001101101001011001000110010101110010001 Output 100011001101111011100100010000001100101011110000110000101101101011100000110110001100101001011000010000001100011011 011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001100100 010000110100001111000011101010101010000000001000101001011010001010100000000000111010000001000010111

Slide 166

Slide 166 text

No content

Slide 167

Slide 167 text

No content

Slide 168

Slide 168 text

Bitwise substitution: XOR For example, consider this short sentence. 010001100110111101110010001000000110010101111000011000010110110101110000011011000110010100101100001000000110001101 101111011011100111001101101001011001000110010101110010001000000111010001101000011010010111001100100000011100110110 1000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101 Key: “random” 1|0’s length of plaintext 000000111010001101000011010010111001100100000011100110110100001101111011100100111010000100000011100110110010101101 110011101000110010101101110011000110110010101000110011011110111001000100000011001010111100001100001011011010111000 0011011000110010100101100001000000110001101101111011011100111001101101001011001000110010101110010001 Output 100011001101111011100100010000001100101011110000110000101101101011100000110110001100101001011000010000001100011011 011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001100100 010000110100001111000011101010101010000000001000101001011010001010100000000000111010000001000010111

Slide 169

Slide 169 text

https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

Slide 170

Slide 170 text

Attribution, https://commons.wikimedia.org/w/index.php?curid=828161

Slide 171

Slide 171 text

Horst Feistel 1971: Published “Lucifer” cipher for computer encryption First(?) Block Cipher

Slide 172

Slide 172 text

No content

Slide 173

Slide 173 text

XOR S-box Permutation

Slide 174

Slide 174 text

SP Network

Slide 175

Slide 175 text

Lucifer Cipher: “block” cipher Break message into 128-bit blocks 128-bit key 16 rounds: Break block in half the f-function is calculated using that round's subkey and the left half of the block. The result is then XORed to the right half of the block, which is the only part of the block altered for that round. After every round except the last one, the right and left halves of the block are swapped.

Slide 176

Slide 176 text

256 bit message (in ASCII) 01010100011010000110010100100000010101010101001101000001001000000100111001010011 01000001001000000111001101110100011011110111001001100101011100110010000001111001 01101111011101010111001000100000011101000111011101100101011001010111010001110011 0010000100100001

Slide 177

Slide 177 text

Break into 128-bit blocks 01010100011010000110010100100000010101010101001101000001001000000100111001010011010000010010000001110011011101000110111101110010 01100101011100110010000001111001011011110111010101110010001000000111010001110111011001010110010101110100011100110010000100100001 The USA NSA stor es your tweets!!

Slide 178

Slide 178 text

Generate 128-bit key awesomepassword! 01100001011101110110010101110011011011110110110101100101011100000110000101110011011100110111011101101111011100100110010000100001

Slide 179

Slide 179 text

Break block in half 01010100011010000110010100100000010101010101001101000001 The USA NSA stor 0100111001010011010000010010000001110011011101000110111101110010

Slide 180

Slide 180 text

Generate 72-bit sub-key awesomepassword! 01100001011101110110010101110011011011110110110101100101011100000110000101110011011100110111011101101111011100100110010000100001 a a 01100001 01100001 wesomep 01110111011001010111001101101111011011010110010101110000

Slide 181

Slide 181 text

Rotate key left 7 bytes password!awesome 01110000011000010111001101110011011101110110111101110010011001000010000101100001011101110110010101110011011011110110110101100101 7 bytes

Slide 182

Slide 182 text

…

Slide 183

Slide 183 text

No content

Slide 184

Slide 184 text

No content

Slide 185

Slide 185 text

youtube.com/user/Computerphile

Slide 186

Slide 186 text

Data Encryption Standard (DES) 1977 Lucifer with 56-bit keys So the NSA could brute force keys if they “needed” to

Slide 187

Slide 187 text

Ancient Steganography, Scytale Brute Force Key Search Caesar Shift Non-shifted Substitution Frequency Analysis Homophonic Substitution Renaissance Poly-alphabetic Substitution Le Chiffre Indéchiffrable Assembly-line Frequency Analysis Industrial Babbage Frequency Analysis One-Time Pad Enigma Cryptanalytic “Bombs”: Polish, British, US Lucifer, DES 1971-1977 Computer

Slide 188

Slide 188 text

How hard is it to find a binary 56-bit key?

Slide 189

Slide 189 text

1001101010011010100110101001 1010100110101001101010011010 Unique Possible Permutations 256 72,057,594,037,927,936 72 quadrillion (million billion) In 1976, estimated to cost $20M to build a computer to crack such a key Affordable to the NSA

Slide 190

Slide 190 text

DES 1971-1977 Computer- powered Brute Force Key Search

Slide 191

Slide 191 text

By Max Roser - https://ourworldindata.org/uploads/2019/05/Transistor-Count-over-time-to-2018.png, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=79751151

Slide 192

Slide 192 text

1100110101001101010011010100 1101010011010100110101001101 0 Unique Possible Permutations 256 72,057,594,037,927,936 72 quadrillion (million billion) 257 144,115,188,075,855,870 144 quadrillion (million billion)

Slide 193

Slide 193 text

DES 1971-1977 Computer-powered Brute Force Key Search Moore’s Law

Slide 194

Slide 194 text

3DES EDE: DES: Encrypt, Decrypt, Encrypt https://www.researchgate.net/figure/Flowchart-of-3DES-encryption-and-decryption-algorithm-40_fig4_322277374

Slide 195

Slide 195 text

TLS Cipher Suites in Windows 11 https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-11

Slide 196

Slide 196 text

3DES EDE: DES: Encrypt, Decrypt, Encrypt https://www.researchgate.net/figure/Flowchart-of-3DES-encryption-and-decryption-algorithm-40_fig4_322277374

Slide 197

Slide 197 text

What about messages that are longer than the key?

Slide 198

Slide 198 text

Block cipher mode of operation

Slide 199

Slide 199 text

Electronic Codebook (ECB) https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

Slide 200

Slide 200 text

Cipher Block Chaining (CBC) https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

Slide 201

Slide 201 text

Attribution, https://commons.wikimedia.org/w/index.php?curid=828161

Slide 202

Slide 202 text

DES Computer-powered Brute Force Key Search Moore’s Law 3DES + CBC

Slide 203

Slide 203 text

The forever problem of cryptography: Key distribution

Slide 204

Slide 204 text

Banks literally flew people around with code-books of keys

Slide 205

Slide 205 text

We need a way to communicate secret keys over non-secret channels.

Slide 206

Slide 206 text

Whitfield Diffie Stanford AI Lab 1974

Slide 207

Slide 207 text

Martin Hellman IBM Watson Research Center 1968-1969

Slide 208

Slide 208 text

New Directions in Cryptography Published 1976

Slide 209

Slide 209 text

Alice, Bob, and Eve Alice and Bob need to communicate securely They need to share a secret They only have public channels between them “Eve is always eavesdropping” How can they share a secret without sharing it with Eve?

Slide 210

Slide 210 text

Diffie-Hellman Key Establishment

Slide 211

Slide 211 text

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-1

Slide 212

Slide 212 text

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-1

Slide 213

Slide 213 text

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-1

Slide 214

Slide 214 text

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-1 + ____ ____ +

Slide 215

Slide 215 text

The key can be anything that can encode to 1’s and 0’s So, anything … like a number.

Slide 216

Slide 216 text

Diffie-Hellman Algorithms Modular arithmetic Elliptic Curves Supersingular Isogeny (Quantum-resistant)

Slide 217

Slide 217 text

Public Key Cryptography!

Slide 218

Slide 218 text

Diffie-Hellman Key Establishment 3DES +

Slide 219

Slide 219 text

No content

Slide 220

Slide 220 text

DES Computer-powered Brute Force Key Search Moore’s Law 1970+ 3DES + CBC DH + 3DES + CBC 1976

Slide 221

Slide 221 text

No content

Slide 222

Slide 222 text

No content

Slide 223

Slide 223 text

Use Diffie-Hellman Exchange to make a key … … for Triple-DES … … with Cipher Block Chaining mode. … Encrypt-Decrypt-Encrypt …

Slide 224

Slide 224 text

What’s RSA?

Slide 225

Slide 225 text

Diffie-Hellman makes a new key between every 2 people! https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption

Slide 226

Slide 226 text

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption

Slide 227

Slide 227 text

Clifford Cox 1971 Trap Door One-way Function By Royal Society uploader - Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=43268163

Slide 228

Slide 228 text

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption

Slide 229

Slide 229 text

The “e” means encrypt! “d” is for decrypt! https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption

Slide 230

Slide 230 text

Ron Rivest, Adi Shamir, Leonard Adelman

Slide 231

Slide 231 text

RSA signature

Slide 232

Slide 232 text

DES Computer-powered Brute Force Key Search Moore’s Law 1970+ 3DES + CBC DH/RSA + 3DES + CBC 1976-1981

Slide 233

Slide 233 text

Public Key Certificates https://www.youtube.com/watch?v=704dudhA7UI Alice's Alice's Alice's

Slide 234

Slide 234 text

DES Computer-powered Brute Force Key Search Moore’s Law 1970-Present 3DES + CBC DH/RSA 3DES CBC Certificate Authorities 1995-Present

Slide 235

Slide 235 text

No content

Slide 236

Slide 236 text

Look! The public exponent and modulus!

Slide 237

Slide 237 text

Another RSA public exponent and modulus

Slide 238

Slide 238 text

No content

Slide 239

Slide 239 text

No content

Slide 240

Slide 240 text

DES Computer-powered Brute Force Key Search Moore’s Law 3DES + CBC DH/RSA + 3DES + CBC Code-breaking: PKI, implementation, protocol attacks 1995 - Present Code-making: PKI (Certificate Authorities), AES, Elliptic Curves 1995-Present

Slide 241

Slide 241 text

Don’t invent your own crypto: use mature and popular libraries

Slide 242

Slide 242 text

Mind your keys

Slide 243

Slide 243 text

No content

Slide 244

Slide 244 text

No content

Slide 245

Slide 245 text

Questions? Scytale Caesar Cipher Unshifted cipher Frequency Analysis Poly-alphabetic cipher Vigenere Square Enigma Lucifer/DES Modes of Encryption Diffie-Hellman (Math?) RSA (Math?) Quantum speakerdeck.com/groovecoder

Slide 246

Slide 246 text

No content

Slide 247

Slide 247 text

No content

Slide 248

Slide 248 text

No content

Slide 249

Slide 249 text

No content

Slide 250

Slide 250 text

No content

Slide 251

Slide 251 text

No content

Slide 252

Slide 252 text

DES Computer-powered Brute Force Key Search Moore’s Law 1970-Present 3DES + CBC DH/RSA 3DES CBC Certificate Authorities 1995-Present

Slide 253

Slide 253 text

No content

Slide 254

Slide 254 text

No content

Slide 255

Slide 255 text

255

Slide 256

Slide 256 text

No content

Slide 257

Slide 257 text

No content

Slide 258

Slide 258 text

No content

Slide 259

Slide 259 text

No content

Slide 260

Slide 260 text

No content

Slide 261

Slide 261 text

No content

Slide 262

Slide 262 text

No content

Slide 263

Slide 263 text

No content

Slide 264

Slide 264 text

And in MATH! , we have some 1-way functions!

Slide 265

Slide 265 text

Modular Arithmetic aka “Clock” arithmetic https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/discrete-logarithm-problem

Slide 266

Slide 266 text

To find 46 mod 12 … https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/discrete-logarithm-problem

Slide 267

Slide 267 text

Wrap a cord 46 “hours” long around a 12-hour clock … … and it ends on 10

Slide 268

Slide 268 text

Easy to perform … 46 mod 12 is “congruent” to 10 generator Modulus

Slide 269

Slide 269 text

? mod 12 ≡ 10 … hard to reverse

Slide 270

Slide 270 text

? mod 12 ≡ 10 22 mod 12 ≡ 10 34 mod 12 ≡ 10 46 mod 12 ≡ 10 58 mod 12 ≡ 10 70 mod 12 ≡ 10 .. mod 12 ≡ 10 … impossible to reverse!

Slide 271

Slide 271 text

… impossible for recipient too!

Slide 272

Slide 272 text

Alice picks an exponent https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2 Prime Modulus “n” generator “g”

Slide 273

Slide 273 text

Alice keeps her exponent secret https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2 Prime Modulus “n” generator “g”

Slide 274

Slide 274 text

“Discrete Logarithm” problem https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2

Slide 275

Slide 275 text

“Discrete Logarithm” problem Have to resort to “brute force” guessing the exponent

Slide 276

Slide 276 text

For small numbers, it’s easy, but not for a large prime modulus. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2

Slide 277

Slide 277 text

How can we turn that single exponent secret into 2 secrets?

Slide 278

Slide 278 text

“Commutative” Arithmetic: Order of operands doesn’t matter 3 + 5 5 + 3 = = 8 3 * 5 = = 15 5 * 3

Slide 279

Slide 279 text

“Commutative” Arithmetic: Order of operands doesn’t matter 323 332 = = 729 3 + 5 5 + 3 = = 8 3 * 5 = = 15 5 * 3

Slide 280

Slide 280 text

Alice and Bob publicly agree on a generator and prime modulus https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2

Slide 281

Slide 281 text

Alice picks a private number, and sends the result to Bob https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2

Slide 282

Slide 282 text

Bob picks a private number, and sends the result to Alice https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2

Slide 283

Slide 283 text

Now the cool part … https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-2

Slide 284

Slide 284 text

Alice raises Bob’s result to her private exponent and gets 10

Slide 285

Slide 285 text

Bob raises Alice’s mixture to his private exponent and also gets 10!

Slide 286

Slide 286 text

Because their results were calculated from the shared public generator and prime modulus

Slide 287

Slide 287 text

So, they did the same calculation with exponents in different order, which doesn’t affect the result

Slide 288

Slide 288 text

No content

Slide 289

Slide 289 text

No content

Slide 290

Slide 290 text

No content

Slide 291

Slide 291 text

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption

Slide 292

Slide 292 text

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption

Slide 293

Slide 293 text

No content

Slide 294

Slide 294 text

No content

Slide 295

Slide 295 text

No content

Slide 296

Slide 296 text

No content

Slide 297

Slide 297 text

No content

Slide 298

Slide 298 text

No content

Slide 299

Slide 299 text

Bob's number

Slide 300

Slide 300 text

No content

Slide 301

Slide 301 text

No content