360 -

Cryptography

360


A.
A.1
A.2

B. /
C.
C.1
C.2
C.3
C.4
C.5
C.6

D.
D.1
D.2
D.3
D.4

/
/

E.
F.


G.
G.1
G.2
G.3
G.4
G.5
G.6
G.7
G.8

H.
I.
J. PKI)
K.
L. )

PKI


19
classical cryptography)
20 1949
C.E.Shannon 1949
The Communication Theory of Secr
et Systems
1976 W. Diffie M. Hellman
New Directions in Cryptography

plaintext intelligible

ciphertext

cipher substitution /
disposition
key

encrypt encipher
encode
decrypt decipher
decode

Key Clustering

cryptography
authentication

cryptanalysis

cryptology



confidentiality

integrity

/ authentication

non-repudiation

classical cyptography
substitution
cihpers transposition ciphers
skytale
frequency analysis

rotor machines
Enigma Purple

HASH
DES IDEA AES RSA ECC

1.

2.
Substitution Cipher
Transposition Cipher

12

Transposition Cipher

Substitution cipher

Stream cipher

Block cipher
Polygram Substitution cipher

Monoalphabetic Substitution cipher

Ployalphabetic Substitution cipher

13

20 1949
/

Rotor Machine

14

Shannon

1949 1975
1949 Shannon The Communication Theory
of Secret Systems
1967 David Kahn The Code breakers
1971 1973 IBM Watson Horst Feistel

1974 IBM LUCIFER DE

S

15

 frequency analysis

simple
substitution ciphers

E X ST NG TH
XT QJ NZ

Germany: Enigma
UK: TYPEX
US: Converter M-209

17

 rotor machines

1930 1950
Enigma

26

26^3 17576

 substitution

symbol
codebook
monoalphabetic

shift alphabet

reversed alphabet ATBASH

scramble alphabet
mixed deranged

multialphabetic

Trithemius
Tabula recta

 (transposition)

Permutaion

Columnar transposition

Double transposition

interrupted transposition

Skytale

rail fence

route

anagramming

Whitfield_Diffie

Martin-Hellman

1976
1976 Diffie & Hellman New Directions i
n Cryptography
1977 Rivest,Shamir & Adleman RS
A
90

21

 Vs.

Cryptography

Cryptanalysis

22

23

code breaking
24

Auguste Kerckhoff 1883

DES RSA

25

 vs.

(Plaintext)
(Ciphertext) (Cryptogram)

(Cryptographer)

26

 vs.
Encryption

Decryption

, (Encryption Key)
(Decryption Key)
27

Cryptography Algorithm

Encryption Algorithm

Decryption Algorithm

28

 vs.

Diffusion

Confusion

Shannon

29

1 vs.
2 vs.
3 vs.
4 vs.

30

 vs.

restricted

key-based

31

 Vs.

Substitution Cipher

Permutation Cipher
(Transposition Cipher)

32

23 7

7 23 7 187 1
1 23 88

33

Symmetric Key Cryptography

Secret Key Cryptography

stream cipher
block cipher

out-of-band

N(N-1)/2

 vs.

Symmetric cipher

Conventional cipher)

DES 3DES IDEA AES

Asymmetric cipher

Public-key cipher)
public key)
private key)
RSA ECC ElGamal
35

 (stream ciphers)

pseudorandom number
generator PRNG XOR

keystream / /

RC4

RC4

RC4 RSA Ron Rivest

1987 RC4
ARCFOUR
RC4 256
PRNG

RC4 2001
RC4 PRGA
RC4 WEP
802.11

IV
HASH IV

 (block ciphers)

block

64 128

Electronic Codebook ECB

Cipher-Block Chaining CBC

Cipher Feedback CFB

Output Feedback OFB

IBM Horst Feistel 1970

Lucifer

 (DES)

IBM Lucifer
64 56

32
16

Sboxes P-boxes
1976

1998 DES 56 1999

23 3DES
DES

 (ECB)

 (CBC)

initialization vector IV

 (CFB)

IV

 (OFB)

IV

 DES(TripleDES)

DES-EDE2 DES-EDE3 3DES

DES

DES-EDE2 112
56

DES-EDE3 168
56
DES
meet-in-the-middle DES
DES 2 2^56
3DES
168 112

 (IDEA)

1991 Xuejia Lai

James Massey PES proposed
encryption standard 64
128

PGP pretty good privacy

IDEA 64 4 16
52 16 8

IDEA

AES

 (AES)

Rijndael Joan Daemen

Vincent Rijmen square 128
128 192 256 2001
NIST DES

substitutionpermutation network SPN

AES 10 128
12 192 14 256 SPN
byte sub shift
row mix column add
round key

Asymmetric Key Cryptography

Public Key Cryptography

private key
PKI public
key

hybrid cryptosystems

Diffie-Hellman

Whitfield Diffie Martin Hellman 1976

discrete logarithms
Exponential Key Agreement
p g p g p
a g^a Mod p
b g^b Mod p
g^b Mod p g^ab g^a Mod p
g^ba g^ab=g^ba

Man-In-The-Middle

RSA

RSA

RSA

p q N = p q

( p 1 ) ( q 1 ) e 1<e<N

d = e^ - 1 { mod ( p 1 ) ( q 1 ) }

p q N e N d

m N n c = n ^e ( mod N )
n = c ^d ( mod N )
RSA 2048

 (ECC)

elliptic curve cryptography

finite field
1985
ECDLP
DLP
ECC

160 ECC 1024 RSA 80

ECC
RSA
ECC

EI Gamal

Taher Elgamal discrete

logarithm problem Diffie-Hellman

p p x g
y g^x mod p y g p x
p m p
1 k c1 g^k mod p c2 my^k mod
p c1,c2 k
c2/c1^x mod p m

digital signature
algorithm DSA

RSA

ECC

Diffe-Hellman
El Gamal

DSS

LUC

DES

3DES

Blowfish

IDEA

RC4

SAFER

1
2
3
4

54

55

1
.
2
/
.
56

57

58


(1) A B
N1
(2) B A
A B
B f(N1) N2
(3) A f(N2) B

59

(1) A KDC A
B N1
(2) KDC A
Ks A B KDC
Ks A
A KDC

60

 ( )

(3) A B B KDC
Ks A

(4) B Ks
N2 A
(5) B Ks f(N2)
B

61

A B A
N1 B
B N1 A N1
N2 A
A B N2 B
B Ks B
A B
A A B Ks
62

USB Key

Usb Key

( )

63

DES
IDEA
AES

64


Oscar

Alice

Bob

Alice Bob
Oscar
65

 DES

DES 56bits

64bits
64 bits

Confusion
Diffusion

66

DES
1973 5 15 NBS
:
(1)
(2)
(3)
(4)
(5)
(6)
(7)
(8)
67

DES

1974 8 27 NBS IBM

LUCIFER
1975 3 17 NBS
1976 NBS
1976 11 23

1977 1 15 FIPS PUB 46

IBM W. Tuchman C. Meyer

1971-1972
1967 Horst Feistel
68

DES

1979 DES
1980 ANSI D
ES DEA AN
SI X.392
1983 ISO D
ES DEA-1
1998 12 DES

69

DES

64 bit m
m,
DES(m)=IP-1 T16 T15 ..... T2 T1 IP(m)
IP IP-1
16

70

DES

IP

Initial Permutation

L0
f

64
IP

R0
K1

L1 R0

R1 L0

16

K2

L2 R1

R2 L1 f

32
R15

L15
IP-1

K16

64
L16 R15

R16 L15 f
IP 1

71

DES

DES
16
m = DES-1(c) = IP-1 T1T2.....T15 T16 IP
(c)

DES-1 (DES (m) )=m

72

DES
= 56
=

1976

2000

1993 100 3.5

1998 EFF DES

25 DES
73

 DES 3DES
DES 168 , k=k1k2k3
m

DES

k1

DES

-1

k2

DES

k3

DES

-1

k3

DES

DES

-1

k2

k1

DES 112 , k=k1k2

m

DES

k1

DES-1

k2

DES

k1

DES-1

DES

k1

k2

DES-1

k1
74

 IDEA

IDEA International Encryption Alogorithm)

Xuejia Lai James Massey IDEA

1992


p226
PG
P
75

IDEA

IDEA

216
216 X+Y=Z mod(216)
216+1 X*Y=Z mod(216 1)

IDEA 64 4 16
X1 X2 X3 X4
128

IDEA DES

76

 AES
1997 4 15
NIST Advanced Encry
ption Standard AES

AES
DES DES
128 128/192/25
6
1997 9 12
AES AES

77

AES
1998 8 12 AES 15

1999 3 22 AES
5 5 RC6 Rijndael SERPENT Twofi
sh MARS
2000 4 13 AES 5

2000 10 2 NIST Rijndael

2001 11 NIST AES FIPS
PUB197 sensit
ive but not classified
2002 5
78

NIST AES

79

AES

3 /
80

AES
128bit
128 bits, 19
2 bits, 256 bits
128-bit key => 10
192-bit key => 12
256-bit key => 14

AES

81

AES

82

83

DES
DES

IDEA
AES

84

DES

56

16

XOR, S-Box

Kerberos,SET

3DES

112 or 168

48

XOR,S-Box

PGP,S/MIME

IDEA

128

XOR, ,

PGP

BlowFish

448

16

XOR, S-Box,

RC5

2048

<255

+, XOR

CAST-128

40 128

16

+, S-Box

PGP

85

86

87


1.

: XY: Y = EKU(X)
: YX: X = DKR(Y) = DKR(EKU(X))
2.

3.

X = DKR(EKU(X)) = EKU(DKR(X))
88

(1) x y=f(x)
(2) y, x y=f(x)
(3) y
x x y=f(x)
1*. (1) (2) (3)

2*. f f
Pk f
Sk f x y
=f(x) Sk x=f-1(y)
3*. (2) y=f(x) x
89

RSA (Rivest - Shamir Adleman 1977

=
=
2000 9

ECC Elliptic Cure Crytosystem 1985

RSA

90

RSA

1977 Ron Rivest Adi Shamir Len A

dleman 1978
RSA 0
~n-1 n
Euler
)

2000 9

91

RSA

p, q , ;
n=pq n;
(n) =(p-1)(q-1)
(n) e
gcd (e,(n) )=1; 1<e<(n) e

5. d de 1 mod (n) ,
de =k(n) +1
1.
2.
3.
4.

92

RSA

(n)

DES 100
DES 1000
93

Q P
mP=P+P++P=Q m P Q
Q P m

Neal Koblitz
Victor Miller 1985

94

ElGamal
DSA ECDSA

ECC Diffie-H
ellman

t,n
95

ECC vs. RSA

MIPS 100

96

ECC vs. RSA

97

ECC vs. RSA

98

ECC

Modem
Deffie-Hell
man

Web

ECC
RSA

99

ECC

160 RSA 1024

100

Diffie-Hellman

1.
2.
3.
4.
5.

1976

a p mod n

101

Diffie-Hellman

Alice

q
a < q , a q

x A
x A q

y A
y A a x A (mod q)

yA
yB

Bob

xB ,
xB q
y B
y B a xB (mod q)

k ( y B ) x A (mod q)

k ( y A ) xB (mod q)

EK(m)

102

ElGamal

Discrete Logarithm Problem, DLP

p Zp* g
a b=ga mod p

1<=m<=p-1 k
(c1, c2) c1=gk mod p, c2=mbk mod p

m c2 (c1a)-1 mbk ((gk)a)-1

m(ga)k (g-ka)
m mod p
103

 DSA
1991 , NIST DSA ,
DSS
DSA
DSA NSA
DSA
DSA RSA 10 40
512
DSA
RSA

104


1 . /
2 . ( )
3 .

RSA
Dieffie-Hellman
DSS

105

Alice

Bob
106

Alice

Bob
107


User B

User A

Xa < p

Ya=aXa mod p

K=(Yb)Xa mod p

Ya
Yb

Xb < p

Yb=aXb mod p

K=(Ya)Xb mod p

Diffie-Hellman
108

109

110

RSA

: IFP(Integer Factorization Problem)

/

ECC
ElGamal

: DLP(Discrete Logarithm Problem)

/

DSA

Diffie-Hellman

111

MD5
SHA-1

112

Hash
Hash
, :
h = H(M), M ,h .

x, H(x) (
)
: h, x H(x)=h
;
: x, x y,
H(y)= H(x) ;
: (x, y) ,
H(x)=H(y) .

113

113

Hash

H
H
x H x
h H x h
x
x y
H y H x
MD5 128 SHA 1
60

114

MD5
MD5 (RFC 1321) developed by Ron Rivest
(R of the RSA )at MIT in 90s.

MD Message Digest

128
512
115

SHA-1

SHA Secure Hash Algorithm

NIST
1993
FIPS PUB 180 1995
SHA-1(FIPS PUB 180-1) SHA-1
MD4
264
160
512 .
116

 SHA1/ MD5

MD5 128bits

SHA1 160bits

SHA1 SHA1

SHA1 openssl speed md5/sha1:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md5 5425.31k 19457.48k 55891.45k 104857.60k 143211.4
0k
sha1 5104.58k 16008.41k 37925.33k 57421.81k 68241.68
k
117

118

Message encryption

MAC

Hash function

119

MAC: Message Authentication Code

MAC
(cryptographic checksum)
A B K M
MAC=CK(M)
MAC MAC
M

MAC

120

MAC

MAC
Key

P || MAC(P, K)
MAC

MAC
MAC
MAC

* MAC
121

MAC

( )

/

122

MAC
MAC
MAC
MAC

Key

HASH

MAC

MAC = C(Hash(Message), Key)

123

A
B
124

HMAC

HASH Key

RFC 2104
HMAC Keyed-Hashing for Message Authentication
FIPS 198
The Keyed-Hash Message Authentication Code(HMAC)

HASH
HASH

125

, :




126

127


M H(M)
H(M)
EKRa(H(M))
M
B
B A H
B H(M)
H=H(M) A



128

129

( )

( )

(
)
.
130

131


M H(M)
H(M)
EKRa(H(M))
M
B
B A H
B H(M)
H=H(M) A



132

RSA

m
d (e,n)

m H(m).
s=(H(m )d mod n

H1=se mod n
H1=H(m)
133

134

X.509

X.509 ITU-T
X.500
X.509 X.500 distinguished
name DN alternative name
X.509

X.509
.CER DER
.DER DER
.PEM Base-64
.P7B .P7C PKCS#7
.PFX .P12 PKCS#12

 ( )
Key Storage

Self-Destruct

Key Change

Key Control

Key Disposal

Link Enryption

End-to-End Encryption

Node 2

Node 1

Ek

Link1

Node 3
Link2

Node 4
Link3

Dk

Simple Mail Transfer Protocol (SMTP)

Post Office Protocol (POP)
Internet Message Access Protocol (IMAP)
Email relaying

Pretty Good Privacy (PGP)

Secure/Multipurpose Internet Mail Extensions
S/MIME

Pretty Good Privacy(PGP)

RSA

IDEA
MD5

VPN

Virtual Private Network VPN

IPSec

IPSEC Internet Engineering

Task Force IETF IP
VPN
IPSEC

Authentication Header AH
Authenticity

Encapsulating Security Payload ESP

Internet Key Exchange

 (SA)
Security Association SA IPsec

AH ESP Identifier
Simplex Connection IP

Security Parameter Index S

PI 32
Internet Securit
y Association Key Management Protocol ISKM
P

 (AH)

TCP UDP ICMP

SPI 32

Sequence Number 32

Keyed-Hashing for Message

Authentication

 (ESP)

DES DES-CBC

SSL/TLS

Secure Sockets Layer SSL Netscape

1994 TCP/IP Web

1995 SSL 3.0 1999 IETF

Transport Layer Security TLS RFC2246
TLS SSL

SSL SSL
MAC

SSL

SSL

SSL SSL Handshake

SSL

CA

SSL ( )

Premaster
Secret

Master Secret

Session
Key

1996 Wassenaar
Agreement

4
cybertext only attack

known plaintext attack

150

chosen plaintext attack

chosen ciphertext attack

151


side channel

replay attack

152

DES RSA


Which of the following best d
escribes a digital signature?
A method of transferring a han
dwritten signature to an electr
onic document
A method to encrypt confidenti
al information
A method to provide an electr
onic signature and encryption
A method to let the receiver of
the message prove the source
and integrity of a message


If a cryptosystem is u
sing a key size of 8, w
hat is the keyspace si
ze?

64
32
256
16

64
32
256
16


Which of the following is a true
difference between an asymm
etric and symmetric algorithm?
Symmetric algorithms are faster
because they use substitution an
d transposition
Asymmetric algorithms are slowe
r because they use substitution a
nd transposition
Asymmetric algorithms are best i
mplemented in hardware and sy
mmetric in software
Asymmetric algorithms are more
vulnerable to frequency analysis
attacks


Which of the following is a
true statement about the C
aesar algorithm?
The algorithm is an alphabe
t and the key is the number
of shifts
The algorithm is the number
of shifts in an algorithm and
the key is the algorithm
It uses a secret word for pol
yalphabetic encryption
It is another name for the sc
ytale method

scyt
ale


Digital signatures, sec
ret key distribution, a
nd encryption are all
carried out by which
of the following algori
thms?

ECC
Diffie-Hellman
Blowfish
RC4

ECC
Diffie-Hellman
Blowfish
RC4