Excursus 01

The art of secret writing
A.A. 2010/2011 1
Cryptography Part I
Principles and Methods
michele elia
Politecnico di Torino
A.A. 2010/2011 2
Introduction
A complex telecommunications system connects
any place, at any time, in any condition.
Tele- or e- are roots for so many activities that
were unthinkable few years ago:
- Tele-working e-work
- Tele-teaching e-teaching
e-learning
- Tele-economy e-commerce
In the lovely Global village of Marshall Mcluhan, the print revolution has been
surpassed and squeezed out by the e-revolution.
A.A. 2010/2011 3
Two remarks
1) The expansion of telecommunication
systems has been accelerated and
dominated by the advent of the digital, and
the conversion to full digital is practically
complete.
An historical mark year will be 2012 when
analog TV will dismissed in EU.
Two remarks
2) Electric signals are ubiquitous in the
world, they travel unprotected though
conveying vital information for
the army,
the trading,
the economy,
the social life (bureaucracy, health
system)
the production systems.
A.A. 2010/2011 4
A.A. 2010/2011 5
In this digital world security is of fundamental importance dealing
with information, specifically for:
- Transmission of Information
- Transformation of Information
- Use of Information
in each case SECURITY is
UNAVOIDABLE.
A.A. 2010/2011 6
A list of applications includes:
Telephone: the oldest e-communication system
(together with the telegraph) requires
confidentiality
e-mail: the e-communication counterpart of
the traditional paper mail requires
confidentiality and signature
Commerce on-line: a form of selling developed
with the Internet, needs
confidentiality, authentication and signature
A.A. 2010/2011 7
A list of applications (Continuation)
Tele-working: the new economy tends to move
the work instead of the workers, and needs
confidentiality and authentication
Access control: distributed access to data base
and computing resources need
E-books and E-libraries, a today reality, need
Medical records: patient status, medical data and
therapy information need
confidentiality and authentication
A.A. 2010/2011 8
A list of applications (Continuation)
Public and private data bases with peoples personal
and biographical data, and other sensitive data, need
confidentiality
Wireless systems: cell phones, burglar alarms, car
locks need
authentication and/or confidentiality and signature
Teaching: use of Internet and its facilities is changing
the traditional teaching paradigm.
E-teaching and E-learning will be the usual way to
distribute knowledge, and may need
authentication and signature
A.A. 2010/2011 9
Information protection
What to protect: Existence of message
Content of message
Message
Why to protect: Confidentiality
Authenticity
Integrity - Availability
Tracking
How to protect: CRYPTOGRAPHY
STEGANOGRAPHY
A.A. 2010/2011 10
Information security is achieved through:
Principles: Objectives, Axioms
Methods: Algorithms, Mathematical tools
Means: Protocols, Technology
A.A. 2010/2011 11
The transformation principle typical of any enciphering
scheme was known to Julius Caesar 2000 years ago
The Caesar cipher consisted in
a shift of three positions so that
plaintext A
was encrypted as
ciphertext D
A.A. 2010/2011 12
The transformation principle typical of any enciphering
scheme was known to Julius Caesar 2000 years ago
Encryption is described in mathematical terms:
letters are encoded using numbers
A --> 0 , B --> 1 Z --> 26
shift is the secret KEY 3
encryption is the addition operation modulo 26
A--> 0+3=3 --> D
A.A. 2010/2011 13
In this method, using modern mathematical notations,
two fundamental operations are evident: encoding and transformations
Encoding: each letter is converted into a number of Z
26,
the set of remainders modulo 26
Transformation: the number 3, the secret key, is added
modulo 26 to change each code plain number into a cipher number
Inverse transformation: the number 3 is subtracted
modulo 26 to change each cipher number into a code
plain number
Decoding: each plain number is converted back a letter
A.A. 2010/2011 14
the Caesar cipher
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
A B C D E F G H I J K L M N O P Q R S T U V X Y W Z
D E F G H I J K L M N O P Q R S T U V X Y W Z A B C
A SHIFT of t positions of a letter is equivalent to the operation
of summing t modulo 26 to the letter code number
A.A. 2010/2011 15
Example
text B R I X E N
1 17 8 23 4 13
encryption +
key 3 3 3 3 3 3
=
4 20 11 0 7 16
cipher E U L A H Q
A.A. 2010/2011 16
The example shows a technique known as a simple substitution cipher,
although the mathematical description contains all the ingredients for
perfect enciphering as defined by Shannon
m
1
m
2
m
3
m
4
m
i
e = m + k mod N
m = e - k mod N
+
k
m e
A.A. 2010/2011 17
The theoretical paradigm was provided by Claude Elwood Shannon in
his paper
Communication Theory and Secrecy Systems,
BSTJ, vol. 28, 1949, p.656-715,
where enciphering is viewed as a noisy transmission process
Mutual information is used to define perfect encryption
S
Text
channel
U
Cipher
Noise
KEY
A.A. 2010/2011 18
S: source alphabet
U: cipher alphabet
K: key alphabet
Joint probability distribution:
K k U u S s k u s p e e e , , } , , {
} | { } | {
} | , {
ln } , , { ) | , (
, , k u p k s p
k u s p
k u s p K U S I
K k S s U u

=
e e e
} | {
1
ln } , { ) | (
, k s p
k s p K U H
K k S s

=
e e
A.A. 2010/2011 19
Mutual Information Properties
I(S,U|K) = H(S|K)-H(S|U,K) = I(U,S|K)
I(U,S|K) = H(U|K)-H(U|S,K)
I(S,U|K) = H(S|K)+H(U|K) - H(SU|K)
A.A. 2010/2011 20
Encryption and Mutual Information
Encryption transformation
u=s+k=f(s,k)
I(S,U) = H(U) - H(U|S) = H(U)-H(K)
I(S,U|K) = H(U|K) - H(U|S,K) = H(U|K)
Since u=f(s,k) implies
H(U|S) = H(K)
H(U|S,K) = 0
A.A. 2010/2011 21
Shannons Conditions for Perfect Encryption:
I(S,U) = 0
I(S,U|K) = H(S)
I(S,U) = H(U)-H(K) --> H(U) = H(K)
I(S,U|K) = H(U|K) --> H(U|K) = H(S)
H(K) = H(U) and H(U|K) = H(S)
A.A. 2010/2011 22
H(K) = H(U)
The key length must be equal to message length
- This condition is satisfied by the Caesar cipher
if message length is one symbol.
- Looking at the whole transmission balance,
perfect encryption is achieved only with
net transmission rate equal to .
- Practical limits impose a short key length.
Shannon perfect encryption is impossible
in real life.
A.A. 2010/2011 23
H(K) = H(U)
The key used to encrypt is the same used to
decrypt. This paradigm is usually called
Symmetric cryptographic scheme
(Symmetric cryptography)
The same name denotes the practical schemes
based on mechanisms that generate
long keys from short keys
that is, mechanisms that generate streams
of the same length of the message.
A.A. 2010/2011 24
Shannon Communication Channel with private key
Perfect Secrecy: Net transmission rate 1/2
U
cipher
Public channel
U
cipher
Secret channel
S
text
K
key
K
key
R
text
A.A. 2010/2011 25
Binary alphabets
If entropy is measured in bits and binary symbols are
equally probable, then entropy is numerically the length
of a binary string
Key length L
k
is of finite size
Message length L
M
increases with time.
The difference
D=H(U)-H(K)=L
M
-L
k
grows unbounded as L
M
increases.
A.A. 2010/2011 26
Confidentiality achieved with secret keys enciphering
guarantees message authenticity
In summary, symmetric cryptographic schemes achieve
a) confidentiality: the content of a
message is disclosed only to the
intended recipient
b) authenticity: the message has been
originated only by the intended sender
A.A. 2010/2011 27
The first modern book on cryptography was a Manuale published in 1378
by Gabriele de Lavinde da Parma working for the anti-pope Clement VII.
In 1466, Leon Battista Alberti published
De Componendis Cyfris, in which he
described the first cipher disk and
conceived the notion of polyalphabeticity.
A.A. 2010/2011 28
Message
If a number adivides the difference
of the numbers band c, band c
are said to be congruent relative to a
Encrypted Message
F3BISADTLGP3PGTGAOVQ
ZZZAGAE4I3CRBIOCGOR1
DOZBVIXZBADCNEVBQIXC
LOPM3ZAGX3LIBE4L1LS4
G
Leon Battista Alberti formula (encrypting machine)
A.D. 1466
A.A. 2010/2011 29
Polyalphabetic ciphers, better known as Vigener ciphers, were described in
Trait des Chiffres (1586) by Blaise de Vigener.
In 1863, the cryptanalysis of Vigener ciphers
appeared in
Die Geheimschriffen und die Dechiffris kunst
by Friedrich W. Kasiski.
In 1930
Manuale di Crittografia
was published by General Luigi Sacco
A.A. 2010/2011 30
Vigener TABLE
ABCDEFGHIJKLMNOPQRSTUVXYWZ
LMNOPQRSTUVXYWZABCDEFGHIJK
IJKLMNOPQRSTUVXYWZABCDEFGH
DEFGHIJKLMNOPQRSTUVXYWZABC
IJKLMNOPQRSTUVXYWZABCDEFGH
ABCDEFGHIJKLMNOPQRSTUVXYWZ
Secret key: LIDIA = 11 8 3 8 0
A.A. 2010/2011 31
Leon Battista Alberti with his cipher disk conceived the idea of an
encrypting machine whose modern electrical prototypes appeared in
1891 Etienne Bazeries: adopted by the
French army
1917 Gilbert Vernan: first binary encrypting
machine realizing perfect enciphering
1918 Arthur Scherbius: ENIGMA
adopted by the German army (in 1926)
1920 Boris Hagelin: Crypto-Hagelin
adopted by the US army
A.A. 2010/2011 32
Arthur Scherbius ENIGMA - 1918
A.A. 2010/2011 33
To provide mechanisms (stream ciphers) that produce
enciphering sequences
k(1), k(2), , k(n) ...
starting from a short sequence K
0
called the secret key.
Typical enciphering rule, referred to as Caesar enciphering,
is simple
e(n) = m(n) + k(n)
Symbols are taken from a finite domain where a binary
composition rule + is defined.
The design target of encrypting machines is
A.A. 2010/2011 34
The mathematics behind these systems includes modular
arithmetic (ring), finite fields, and groups.
Stream generators are described using
the notion of
FINITE STATE MACHINE
A.A. 2010/2011 35
Finite State Machine
A Finite state machine is a mathematical object
described by a 6-tuple { S, I O, f, g, s
0
} where
- S is finite set of states, possibly represented
by binary vectors (0,1,0, 0 0)
- I is a finite input alphabet, possibly binary
- O is an output alphabet, possibly binary
- f is a mapping from S I into S
- g is a mapping from S I into O
- s
0
the initial state is an element of S
A.A. 2010/2011 36
Given an input sequence
I(1), I(2), I(n)
Machine evolution is a sequence of states
s(1), s(2), s(n)
with s(1) = s
0
, and
s(n+1) = f(s(n), I(n) )
The generated stream is a sequence
k(1), k(2), , k(n),
where
k(n) = f(s(n), I(n) )
The machine evolution is said to be autonomous
if the input sequence is missing.
A.A. 2010/2011 37
Stream Ciphers are Finite State Machines
Properties of generated streams for Caesar-like enciphering
Avoid store and replay attack
Avoid error propagation
Hard to cryptanalyze
Good mask properties
A.A. 2010/2011 38
Cryptographic properties of a stream cipher
Period of generated sequence:
should be long and computable to avoid store
and replay attack
Entropy of generated sequence:
should be maximum, it must appear a truly
random sequence (fair coin tossing sequence)
Cryptanalysis:
a plain text attack should be hard, that is the
initial state s
0
must be difficult to compute
knowing any piece of generated sequence
A.A. 2010/2011 39
Stream ciphers
Periodic generators:
a classic solution consists of Linear Feedback
Shift Registers and their non-linear variants
Outputs function:
is a non-linear logic functions
Encryption:
commonly is a sum of bits (the logical XOR
operation)
A.A. 2010/2011 40
LFSR
A LFSR is characterized by a generator
polynomial g(x) which defines the positions
of the feedback taps
The degree of g(x) is the LFSR length
The state is the content of the register
A.A. 2010/2011 41
Irreducible polynomials are factors of
where the smallest m is a divisor of
Primitive polynomials have
n 1 n
1 n
2
2 1
x x g x g x g 1 g(x) + + + + + =

1 2 =
n
m
1
m
x
1 2
n
Generator polynomials of degree n
A.A. 2010/2011 42
LFSR: Linear feedback shift register
Fibonacci
Galois
...
...
+ + + +
X
0
X
1
X
2
X
n-1
..
+
X
1
X
0 X
2
X
n-1
A.A. 2010/2011 43
LFSR: Linear feedback shift register
Tridiagonal
X
1
X
2
X
4
+
X
0
X
0
X
3 + + + +
LSFR of length 5.
|
|
|
|
|
|
.
|
\
|
0 1 0 0 0
1 1 1 0 0
0 1 1 1 0
0 0 1 1 1
0 0 0 1 1
Transition matrix:
A.A. 2010/2011 44
Properties of
the set C of primitive LFSR sequences
C is a group of order
C is the dual code of a Hamming
code
Every sequence has the same number of 1s
Cyclic autocorrelation function () of every
sequence is a two-value function, that is
and () = -1 for every = 0.
Runs of 0s and 1s are given in the following Table
n
2
) 3 , 1 2 , 1 2 ( n
n n

) 2 , , 1 2 (
n n
n
1
2
n
1 2 ) 0 ( =
n

A.A. 2010/2011 45
2
m-j-2
runs of length j of either 1s or
0s, for 0 < j < m-1
1 run of length m of 1s
0 runs of length m-1 of 1s
1 run of length m-1 of 0s
0 runs of length m of 0s
Properties of
a primitive LFSR sequence
A.A. 2010/2011 46
Computational complexity
The aim of computational complexity is to
give a measure of the difficulty of solving
a problem.
An axiomatic theory yielding a measure of
complexity comparable to the measure of
information, unfortunately, is still missing.
In cryptography, practical measures of
complexity have been developed and are
used in place of theoretical definitions.
A.A. 2010/2011 47
Practical measures of complexity:
- Number of binary operations of algebraic
nature (Es. product of two numbers)
- Number of comparisons in searching an
object among a set of objects (Es. searching
a name in a directory)
- Size of a memory for storing data (Es.
number of bytes required to store the personal
data in the registry of a town)
A.A. 2010/2011 48
Let X and Y be two finite sets.
Let f be a mapping from X into Y.
Let x and y be two variables taking their
values in X and Y, respectively
Definition.
A size of a variable z, taking its values in a
set Z, is the minimum number of bits
necessary to represent any value in Z.
A.A. 2010/2011 49
The size of every x in X is n=log
2
(| X |)
n is the number of bits necessary to represent
the value of any element in X.
The complexity cx(f ) of a function f is
expressed in terms of n.
If cx(f ) is exactly computable, then it is written
as a function g(n) of n.
If only the order of magnitude of cx(f ) can be
computed, then it is written as O(g(n)).
A.A. 2010/2011 50
One-way functions
Definition
An invertible mapping f from a finite set X into a
finite set Y is said to be one-way if
i) the value y=f(x) is easy to compute
for every x in X
ii) the inverse value x=f
-1
(y) is difficult
to compute for almost every y in Y
A.A. 2010/2011 51
One-way functions - complexity
Many one-way functions are realized as
homomorphisms between groups.
If f is an homomorphism between
a group X and
the additive group of remainders modulo M,
the complexity of f , in general, is upper
bounded by O(|X |
1/2
)
which is known as Shanks bound

Excursus 01

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Excursus 01

Încărcat de

Drepturi de autor:

Formate disponibile

The art of secret writing

The art of secret writing

S-ar putea să vă placă și