Chapter 1 - Introduction to Cryptography

Basics
Cryptography - the science of secret writing (hiding the meaning of a message)
Cryptanalysis - the science of breaking cryptosystems
Symmetric ciphers - encryption & decryption methods with the same key
Asymmetric ciphers - encryption & decryption methods with different keys
Cryptographic protocols - applications of ciphers (TLS)
Cryptography is usually associated with modern electronic communication:
 Email encryption (SSL/TLS)
 Secure website access (RSA, SHA256)
 Bank cards, IDs, passports, …
Symmetric Cipher
Encryption algorithm/function: 𝑦 = 𝑒𝑘 (𝑥)
Decryption algorithm/function: 𝑥 = 𝑑𝑘 (𝑦)
Encryption and decryption are inverse operations if the same key k is used on both sides:
𝑑𝑘 (𝑦) = 𝑑𝑘 (𝑒𝑘 (𝑥)) = 𝑥
The problem of secure communication is reduced to secure transmission and storage of the key k
Cryptanalysis
There is no mathematical proof of security for any practical cipher
The only way to have assurance that a cipher is secure is to try to break it (and fail)!
Kerckhoff‘s Principle: Cryptosystem should be secure even if the attacker knows all details about the
system, with the exception of the secret key.
Classical attack:
 Mathematical analysis (exploit the internal structure of a cipher)
 Brute-force attack (exhaustive key search)
Implementation attack: reverse engineering, power measurement
Social engineering: trick a user into giving up his password
Brute-Force Attack
Treats the cipher as a black-box.
Requires (at least) one plaintext-ciphertext pair (𝒙𝑶 , 𝒚𝟎 )
Checks all possible keys until
𝑑𝑘 (𝑦0 ) = 𝑥0
Key length (bit) - Key space - Security life time
64 - 264 - Short term (few days or less)
128 - 2128 - Long-term (several decades in the absence of quantum computers)
256 - 2256 - Long-term (also resistant against quantum computers)
Substitution Cipher
Substitution Cipher - substitute each letter with another one randomly.
Key: a substitution table
Attack 1: Brute-Force Attack
Try every possible substitution table until the plaintext is recovered.
26! ≈ 288
88
Search through 2 keys is completely infeasible
Substitution cipher isn’t secure.
Attack 2: Letter Frequency Analysis
Letters have different frequencies
Modular Arithmetic (notebook and slide)
Integer Ring (notebook and slide)
Shift(Caesar) Cipher
Plaintext letter is shifted by a fixed number of positions in the alphabet
For 𝑥, 𝑦, 𝑘 ∈ 𝑍26 :
 Encryption: 𝑦 = 𝑒𝑘 (𝑥) = 𝑥 + 𝑘 𝑚𝑜𝑑 26
 Decryption: 𝑥 = 𝑑𝑘 (𝑦) = 𝑦 − 𝑘 𝑚𝑜𝑑 26
Affine Cipher
Generalization of shift cipher
p/t is encrypted by multiplying the p/t by one key followed by adding another key.
Key is a pair 𝑘 = (𝑎, 𝑏)
For 𝑥, 𝑦, 𝑘 ∈ 𝑍26 :
 Encryption: 𝑦 = 𝑒𝑘 (𝑥) = 𝑎 ∗ 𝑥 + 𝑏 𝑚𝑜𝑑 26
 Decryption: 𝑥 = 𝑑𝑘 (𝑦) = 𝑎−1 (𝑦 − 𝑏) 𝑚𝑜𝑑 26

Chapter 2 - Stream Ciphers

Stream Ciphers vs Block Ciphers
Stream cipher - encrypts bits individually (bit-by-bit)
Block cipher - encrypts an entire block of bits at a time
 Encryption: 𝑦𝑖 = 𝑒(𝑥𝑖, 𝑠𝑖 ) = 𝑥𝑖 + 𝑠𝑖 𝑚𝑜𝑑 2
 Decryption: 𝑥𝑖 = 𝑑(𝑦𝑖, 𝑠𝑖 ) = 𝑦𝑖 + 𝑠𝑖 𝑚𝑜𝑑 2
Key stream should be random
𝑃(𝑠𝑖 = 0) = 𝑃(𝑠𝑖 = 1) = 0.5
Synchronous & Asynchronous
Synchronous stream cipher: the key stream depends only on the key
Asynchronous stream cipher: the key stream also depends on the ciphertext
What Is the Nature of Key Stream?
The generation of values 𝑠𝑖 is called the key stream
The security of a stream cipher is completely depending on the key stream
Stream ciphers are about key stream generations
Thus, key stream bits should appear a random sequence
Random Numbers
True Random Number Generators (TRNGs) are characterized by that their outputs cannot be
reproduced.
TRNGs are based on physical processes:
 coin flipping, dice rolling
 mouse movement
 semiconductor noise
 radioactive decay, clock jitter of digital circuits
TRNGs are used for generation of nonce (number used only once).
Pseudorandom Number Generators
PRNGs are computed recursively:
𝑠𝑜 = 𝑠𝑒𝑒𝑑
𝑠𝑖+1 = 𝑓(𝑠𝑖 ), 𝑖 = 0,1,2 …
Example: linear congruential generator, for 𝑎, 𝑏 ∈ 𝑍𝑚
𝑠𝑜 = 𝑠𝑒𝑒𝑑
𝑠𝑖+1 = 𝑎 ∗ 𝑠𝑖 + 𝑏 𝑚𝑜𝑑 𝑚, 𝑖 = 0,1,2 …
PRNGs are NOT random
Requirements for PRNGs: they must possess good statistical properties
The outputs of PRNGs approximates a sequence of true random numbers
Cryptographically Secure PRNGs
The output of CSPRNG must be unpredictable: given n output bits of key stream bits:
𝑠𝑖 , 𝑠𝑖+1 , … , 𝑠𝑖+𝑛−1
it is computationally infeasible to compute any subsequent bits:
𝑠𝑖+𝑛 , 𝑠𝑖+𝑛+1 , …
and any preceding bits:
𝑠𝑖−1 , 𝑠𝑖−2 , …
There is no polynomial time algorithm that can predict the next bit or the previous bit with better than
50% chance of success.
Unconditionally Secure Cryptosystem
Cryptosystem is unconditionally secure or information-theoretically secure if it cannot be broken even
with infinite computational resources.
One-Time Pad
For almost all applications, the OTP is impractical since
 the key must be at least as long as the plaintext
 the key space size must be at least as large as the plaintext space size
Practical Stream Ciphers
Are constructed by replacing TRNGs with (CS)PRNGs where a true random key k is used as a seed.
Cryptosystem is computationally secure if the best known algorithm for breaking it requires at least “t”
operations.
Design cryptosystems for which it is assumed that they are computationally secure!