Lecture 5

Encryption

Agenda
n
n
n

Overview of encryption
How public-key encryption works
How to use it for security on the web
(next lecture)

Encryption as Function
n
n
n

Plaintext string s
Encryption key Kenc
Decryption key Kdec
Encrypt s with Kenc to obtain ciphertext
Kenc(s)
Decrypt Kenc(s) with decryption key Kdec
to reobtain s
Kdec(Kenc(s)) = s

Encryption in Words
n

Encryption applies a reversible fn to

some piece of data, yielding something
unreadable
Decryption recovers the original data
from the unreadable encryption-output
The encryption/decryption algorithm
assumed known; the key is secret

A Brief History
n

Caesar cipher rotates alphabet by 3

A Brief History

Substitution Ciphers
n

No need to shift 3 chars

n

You also dont have to shift the

alphabet at all. Just arbitrary 1:1
mapping of alphabet chars, using a
substitution table
All of these are vulnerable to frequency
analysis
n
n

You could do 2! Or even 4!

Letter
Word
Common phrases

Polygram Cipher
n

Translate n-grams, not chars

plaintext

ciphertext

AAA

QWE

AAB

RTY

AAC

ASD

How big is substitution table?

n
n
n

n
8

An entries, where A is size of alphabet

A=26,n=3; 17576 entries
A=100,n=6; 1T entries

Still vulnerable, but requires more text

Substitution Rules
n

Dont store table explicitly; derive table

rows using substitution rule
E.g., s XOR k, where k is key
n Remember: security level depends on size
of key
b
n Key of len b => 2 possible keys
n

Substitution Rules
n

XOR flips a bit for input bits that

correspond to keys 1
n

10

Correspond to a 0? No change

Encrypted string should ideally show no

pattern for frequency analysis attack
Use key long enough to make
ciphertext appear random

Substitution Rules (2)

n

Whats the right size key?

n
n
n
n
n

n
n

11

Who is trying to break the scheme?

3GHz CPU => 300 inst for possible key test
1 sec, 10M keys
1 day, 1T keys
60-bit key takes 100 CPUs 3 years

Is that good enough?

Also, use statistical techniques to
determine ideal key length

Data Encryption Standard

n

DES is a block cipher with 56-bit key

64-bits at a time
n Perform 16 rounds of encryption, w/std.
permutations of keys and data
n DES is not secure
n

12

Data xmitted in 64-bit blocks, each may

be coded independently

13

DES in 64-bit blocks

14

Triple DES
n

Triple-DES is 168 bits

Break the key into 3 parts

DES bit-logic techniques make it fast

15

Review of Crypto
n

The key in traditional crypto is used to

encode the substitution rule
n
n

Needed to encrypt and decrypt

DES and Triple-DES use this technique

Key distribution is the weak link

Hard to revoke
n Disastrous if codebook is compromised
n Hard to distribute (requires initial out-ofband secure exchange)
n Impossible for the Web
n

16

All of this changed in the 1970s

Public-Key Cryptography
n
n

Secure comm without key exchange

Each party has a pair of related keys:
public and private
n
n

A message encrypted with one can be

decrypted with the other
You cant derive one from the other
n

n
17

A public key is published freely

A private key is shared with no one

This is critical!

Original idea due to Diffie, Hellman, but

RSA (Rivest, Shamir, Adelman) popular

Two Modes
n

n
18

Public-key cryptography

Anyone can encrypt; only S can decrypt

Used for data confidentiality

Two Modes
n

n
19

Digital Signatures

Only S can encrypt; anyone decrypts

Used for authenticity

How Does it Work?

n

Public key cryptography relies on socalled trapdoor functions

A fn that is easy to compute, but hard to
invert without special info
n Easy and hard meant computationally
n

Some poor choices for trapdoor fns:

n

n
20

Add 2; Multiply by 3

In practice quite difficult to find good

trapdoor functions
Most popular one is related to prime
factorization; others possible

Prime Factorization
n

n = p*q, where p and q are primes

n
n

21

Given p and q, easy to compute n

Given n, very hard to find p and q

How can we turn this into a crypto

system?
We need two theorems. First

INTERMISSION
Modular arithmetic
notation!!

3 = 8 (mod 5)
22

Fermats Little Theorem

n

23

For any prime p, and any integer a:

ap = a (mod p)

Ap

Ap mod p

A mod p

64

Fermats Little Theorem

n

24

For any prime p, and any integer a:

ap = a (mod p)

Ap

Ap mod p

A mod p

64

1024

Fermats Little Theorem

n

25

For any prime p, and any integer a:

ap = a (mod p)

Ap

Ap mod p

A mod p

64

1024

11

1977326743

Fermats Little Theorem

n

26

For any prime p, and any integer a:

ap = a (mod p)

Ap

Ap mod p

A mod p

64

1024

11

1977326743

12

13841287201

Fermats Little Theorem

n

27

Put another way, if p is prime and a is

not a multiple of p, then
ap-1 = 1 (mod p)

Ap-1

Ap-1 mod p

16

256

11

282475249

12

1977326743

Chinese Remainder Theorem

n

Consider x = ai (mod pi) for i=1,k

X = 3 mod 5
X = 6 mod 7
X = 2 mod 11
X = 7 mod 3

CRT: theres a solution for x if pi are

pairwise relatively prime (i.e. have no
common factors greater than 1).
n

28

E.g. 14 and 15 are relatively prime

If all ai are 1, then x = 1 (mod pi)

OK, back to crypto

n
n
n

We choose two large primes, p, q

n = pq
Next:
n
n
n

n and e serve as public key

n

n is product of primes p, q

n and d serve as private key

n

29

Set = (p-1)(q-1)
Choose e randomly, s.t. e <
Choose d, s.t. de = 1 (mod )

Choosing d requires e and

OK, back to crypto

n
n
n

encryptn,e(m) = me (mod n) = c
decryptn,d(c) = cd (mod n) = m
Will decryption always work?
n
n
n

Recall that de = 1 (mod )

cd=mde=mk+1
mk+1=m * (m(p-1)(q-1))k
= (p-1)(q-1)
Recall from Fermat that
n
n

Which implies:
n
n

30

mp-1 = 1 (mod p)
mq-1 = 1 (mod q)
m(p-1)(q-1) = 1 (mod p)
m(p-1)(q-1) = 1 (mod q)

OK, back to crypto

n
n

cd = m * (m(p-1)(q-1))k
Recall from Fermat that
n
n

Use the CRT to combine above 2 eqns

n

n
n
n

31

m(p-1)(q-1) = 1 (mod p)
m(p-1)(q-1) = 1 (mod q)
m(p-1)(q-1) = 1 (mod n), where n = pq

cd = m * (1)k (mod n)
cd = m (mod n)
Thus, decrypted ciphertext c = msg m

Review
n

Encrypting and decrypting involve large

exponentiation; not cheap, but doable
n
n

encryptn,e(m) = me (mod n) = c
decryptn,d(c) = cd (mod n) = m

Public, private keys require original

primes to compute
Only product of primes is ever exposed
n Computationally extremely challenging to
recover original primes
n

32

Uses
1.

2.

33

Securing message against

eavesdropping: encrypt m using
recipients public key, then send
Sending authenticatable message:
encrypt m using senders private key,
then send