Download encryption

Encryption and Decryption
Speaker:Tsung Ray Wang
Advisor:Prof.Li-Chun Wang
Contents





MODELS,GOALS,AND EARLY
CIPHER SYSTEMS
THE SECRECY OF A CIPHER
SYSTEM
PRACTICAL SECURITY
STREAM ENCRYPTION
PUBLIC KEY CRYPTOSYSTEMS
Model of a cryptographic channel
Cryptanalyst
Plaintext
Encipher
C  E k (M )
M
K
Plaintext
Public Decipher
channel
M  Dk (C )
Ciphertext
K
Key
Secure channel
The two primary reasons for using
cryptosystems in communications


(1)privacy,to prevent unauthorized
persons from exacting information
from the channel
(2)authentication,to prevent
unauthorized persons from
injecting information into the
channel
System Goals
The major requirements for a cryptosystem
1.To provide an easy and inexpensive means of
encryption and decryption to authorized users in
possession of the appropriate key
2.To ensure that the cryptanalyst’s task of producing an
estimate of the plaintext without benefit of the key is
made difficult and expensive
Classic Threats



Ciphertext-Only Attack
Known-Plaintext Attack
Chosen-Text Attack
Classic Ciphers



Caesar Cipher
ex. Plaintext :
NOWI S TH ETIME
Ciphertext : Q R Z L V W K H W L P H
Polybius square
Plaintext :
NOWI S T H E T I M E
Ciphertext: 33 43 25 42 34 44 32 51 44 42 23 51
Polyalphabetic cipher
Plaintext:
NOWI S T H E T I M E
Ciphertext: OQZMXZ O M CS X Q
:
.
.
Caesar’s alphabet with a shift of 3
Plaintext:
ABCDEFGHIJKLMNOPQRSTUVWXYZ
CHIPHERTEXT:
DEFGHIJKLMNOPQRSTUVWXYZABC
Polybius square
1 2 3 4 5
5 1
2
3
4
ABCDE
F G H IJ K
LMNOP
QR S TU
VWXYZ
Trithemius progressive key
THE SECRECY OF A CIPHER SYSTEM
•What is Perfect Secrecy??
• Entropy and Equivocation
• Rate of a language and Redunancy
• Unicity Distance and Ideal Secrecy
Example of perfect secrecy
P(Mo)=1/4 M0
0
1
P(M1)=1/4 M
1
P(M2)=1/4
Key
M2
C0
2
C1
3
P(M3)=1/4 M
3
C2
C3
Plaintext
Ciphertext
Cs=Tkj(Mi)
S=( i  j ) modulo-N
PRACTICAL SECURITY




Substitution
Permutation
Product Cipher System
The Data Encryption Standard
Substitution box
n=3
0
3
4
5
6
1
1
7
input
0
1
2
3
4
5
6
7
1
output
input
0
1
2
2n=8
2n=8
1
0
000
001
010
011
100
101
110
111
output 011
111
000
110
010
100
101
001
Permutation box
1
0
0
1
output
input
0
0
1
0
0
1
Individual keying capability
Example of binary key
1010001011111011010111010
Initial Permutation (IP)
58 50 42 34 26 18 10 2
60 52 44 36
62 54
64 56
57 49
59 51
61 55
63 55
28
46
48
41
43
45
47
20
38
40
33
35
37
39
12
30
32
25
27
29
31
4
22
24
17
19
21
23
14
16
9
11
13
15
6
8
1
3
5
7
E-Table Bit Selection
32 1
4 5
2 3 4 5
6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1
P-Table Permutation
16 7
20
21
29 12 28
17
1
15 23
26
5
18 31
10
2
8
14
24
32 27 3
9
19
13
30
6
22
11
4
25
Final Permutation (IP-1)
40
8
39
38
37
36
35
34
33
48
7
6
5
4
3
2
1
16 56 24 64 32
47
15 55 23 63
46
14 54 22 62
45
13 53 21 61
44
12 52 20 60
43
11 51 19 59
42
10 50 18 58
41
9 49 17 57
31
30
29
28
27
26
25
Key Permutation PC-1
57 49 41 33 25 17 9
1 58
10 2
50
59
42 34
51 43
19 11
3
60
52 44 36
63 55 47
39
31 23 15
7
46
38 30
62 54
26 18
35 27
22
14 6
61 53 45 37 29
21 13
5
28
20 12
4
Key Schedule of Left Shifts
Iteration
Number of left shifts
i
1
1
2
1
3
2
4
2
5
2
6
2
7
2
8
2
1
9
10
2
11
2
12
2
13
2
2
14
2
15
16
1
Key Permutation PC-2
14 17
11 24
1
5
3
28
15
6
21 10
23
19
12
4
26 8
16
7
27 20 13 2
41
52
31
45 33 48
30
40
51
45 33 48
44
49
39
56 34 53
46 42
50
36 29 32
STREAM ENCRYPTION


Key Generation Using a Linear
Feedback Shift Register
Vulnerabilities of Linear Feedback Shift
Registers
Linear feedback shift register example
output
x4
feedback
x3
x2
x1

Modulo-2
adder
PUBLIC KEY CRYPTOSYSTEMS





Signature Authentication Using a Public Key
Cryptosystem
A Trapdoor One-Way Function
The Rivest-Shamir-Adelman Scheme
The Knapsack Problem
A Public Key Cryptosystem Based on a Trapdoor
Knapsack
The important features of a public key
cryptosystem

The encryption algorithm, E k ,and the
decryption algorithm,
,are invertible
k
transformations on the plaintext ,M,or the
ciphertext ,C,defined by the key K. That is,for
each K and M, C  E k ( M ), M  Dk (C )  Dk E k ( M )
D


D
For each K, k and E k are easy to compute.
For each K,the computation of
from E k is
k
computa-tionally intractable.
D
Public Key cryptosystem
Subscriber A
M
Crypto
machine
E
B
C
E
B
(M )
Directory
A- E A
B- E B
C- E C
. .
. .
Subscriber B
Crypto
machine
D
B
M
Signature authenticaton using a public key cryptosystem
1
A
A
C  E B ( E A ( M ))
1
Crypto S  E A ( M ) Crypto
Public channel
M
machine
machine
Date
EB
DA
Directory
C
1
E B ( E A (M ))
B
Crypto
machine
S
E
1
A
(M )
B
Crypto
machine
M
Signature
storage
DB
E
Directory
A
The Rivest-Shamir-Adelman Scheme
RSA
1.Each user chooses his own value of n and another pair of positive
integers (e,d) ,and n=pq, (n) =(p-1)(q-1),gcd[ (n),d]=1,
ed modulo- (n) =1,and p,q are prime numbers.
2..The user places his encryption key the number pair (n,e),in the
public directory.
3. The decryption key consists of the number pair (n,d),of which d is
kept secret.
4.messages are first represented as integers in the range (0,n-1)
5.Encryption: M  D(C )  (C ) d modulo-n
Decryption: C  E (M )  (M ) e modulo-n
How to Compute e
A variation of Euclid’s algorithm for computing the gcd
and
(n) d is to compute e
of
1.First,compute a series x0 , x1 , x2 ,.....,…...
where x 0 = (n)
, x1 =d ,and xi 1 = xi 1 modulo- xi ,until an x k =0 is found.
than the gcd ((n) , d )= x k 1
2.For each x i compute numbers
xi =
ai x
ai
and
bi
such that
bi x1
3.If x k 1 =1,then bk 1 is the multiplicative inverse of
modulo-x .If bk 1 is a negative number, the solution is
bk 1 + (n)
0
0
+
The Knapsack problem
1.Let us express the knapsack problem in terms of a knapsack
vector ‘a’ and a data vector ’ x’.
a  a1 , a 2 ,........, a n
x  x1 , x 2 ,........., x n
2.The knapsack,S,is the sum of a subset of the components of the
knapsack vector S 
n
a x
i 1
= ax
i
i
where
xi  0,1
Super-increasing and how to slove “x”
1.super-increasing is
ai   j 1 a j
i 1
i  2,3,......, n
2.When a is super-incresing,the solution of x is found by starting
with x n  1 if S  a n (otherwise xn  0 ) ,and continuing
as follows:
xi
where
=

n
x j a j  ai
1 if S  j
i 1
0 otherwise
i  n  1, n  2,...........,1
A Public key Cryptosystem Based on a Trapdoor Knapsack
-this scheme,also known as the Merkle-Hellman scheme
method:
1.we form a super-increasing
n-tuple a’,and select a prime number
n

M

a
 i ,also select a random number,W, where
M such that
i 1
1<W<M,and we form W 1 to satisfy the following relationship:
WW
1
modulo -M
=1,note:the vector a’ and the number M,W, W
are all kept hidden.
2.we form a with the elements from a’ as:

ai  Wa i modulo-M
1
3.When a data vector x is to be transmitted ,we multiply x by a,
yielding the number S,which is sent on the public channel.
n
n

S  ax   ai xi   (Wa i mod ulo  M ) xi
i 1
i 1
4.The authorized user receives S and converts it to S’ :
S   W S mod ulo  M  W
1
n
=
 (W
i 1
1

1

(
Wa
 i mod ulo  M ) xi mod ulo  M
n
i 1
Wa i mod ulo  M ) xi mod ulo  M =

a
 i xi mod ulo  M
n
i 1

  ai xi
n
i 1
5.Since the authorized user knowns the secretly held super-increasing
vector a’ ,he can use S’ to find x.
CONCLUSION
1.We have presented the basic models and goals of the cryptographic
process,and looked at some early cipher systems.
2.We defined a system that can exhibit perfect secrecy .
3.We outlined the DES algorithm in detail,and we also considered
the use of linear feedback shift registers(LFSR) for stream
encryption systems.
4.RSA scheme ,based on the product of two large prime numbers,
and the Merkle-Hellman scheme,based on the classical knapsack
problem.