Trust

● The “fabric” of life!

● Holds civilizations together
● Develops by a natural process
● Advancement of technology results in faster
evolution of societies
– Weakening the natural bonds of trust
– From time to time artificial mechanisms need to be
introduced – eg – photo ids
● Cryptography is a “trust building mechanism”
● We are at a point (or about to arrive at a point)
where cryptography needs to be part of our day-to-
day lives
 Shared Secret = Trust
● At the crux of cryptography is the assumption that
TRUST = SHARED SECRET
● How do we leverage shared secret to build trust?
● Components of Trust
– Secrecy, Authentication, Non-repudiation, Integrity,
Identity
● Cryptographic Primitives
– Encryption/Decryption, Digital Signatures, Hash (one-
way) functions, random sequence generators
 Cryptography
● Encryption and Decryption
Encryption
Plain Text Cipher Text

Decryption
Cipher Text Plain Text

● Two ways
– Symmetric Cryptography (shared key)
– Asymmetric Cryptography (two-key / public-key)
An Analogy - Shared Secret as a
Key
● Alice and Bob share a key to a lock
● Handling messages
– Put them in a box
– Secure the box with the lock
● Alice knows only Bob has a key (and vice-
versa)
● Shared key enables trust
● Modern cryptography uses bits and
computer programs (algorithms)
Paper and Pencil Cryptography
● Read Sections 2.1 through 2.3 of text
● Evolution of Cryptography
● First documented use by Julius Caesar
● Caesar Cipher (Enciphering and Deciphering)
– MEET YOU TOMORROW (Plain Text)
– RJJY DTZ YTRTWWTB (Cipher Text)
● 26 possible keys – (0-25, key 5 used in example
above)
● Vignere Cipher (26 x m keys)
– MEET Y OUTOMORROW
– DOGD OGDOGDOGDOG (4,15,7), m=3
– PS KWMUXHU PCX UCC
 More P&P Ciphers
● Auto-key Vignere Cipher
– MEET YOU TOMORROW (Plain Text)
– HIYA (key)
● Extended key
– HIYAMEETYOUTOMO
● Cipher
– MEETYOUT OMORROW
– H I YAMEET YOU TOMO
– TMCT KSYMMA I KFA K
 Even More Ciphers!
● A more complex substitution Cipher
– Each letter substituted by an arbitrary letter
– Full Vignere.
● Key generation
– NETWORKSECURI TY ANDCRYPTOGRAPHYBIZ
– NETWORKSCU IYA DPGHBZFJ LMQVX
– ABCD EFGHI J KLMNOPQRSTUVWXYZ
– 26! (403291461126605635584000000) keys
● Permutation Ciphers
– Text length M AND -> (2,3,1) -> NDA
– M! possible permutations
● Modern Ciphers
– Combination of substitution and permutation
– Repeated application – many rounds
Brute-force Attacks on Ciphers
● A good cipher is only susceptible to brute-force attacks
● C = E(P,K). How do we get P from C?
– Without the knowledge of K
● Try every possible key K
● Pi = D(C,Ki)
● How do we know when to stop? Under any key
there will be a corresponding Pi
– How do we know that a particular Pi is the
correct plaintext?
– Does this mean brute force attacks are not
possible?
 Entropy of Plain Text
● Think of all possible 100 character strings that
“make sense”
● For example, say a billion books, each with 1 billion
“strings that make sense” - still makes it only 1018
possible phrases!
● How many total strings of length 100?
– 26100. That is more than 3 x 10141 !
● Say we encrypt a meaningful string with a 64 bit
key,
– the ciphertext is decrypted with another key
– What is the probability that the wrong key results in a
string that makes sense?
– 264 * 1018/(3*10141) < 6 * 10-105
– Which is good news for the attacker...
 Vernam Cipher
The Ultimate Cipher?
● What if we make the number of possible
keys the same as the number of possible
plain text messages?
● One-time pad – Vernam Cipher
● Cannot try out keys any more! There is
always a key which maps cipher text to
every possible plain text
● No way an attacker can eliminate any
message – all messages are equally likely
– The attacker learns NOTHING!
– Perfect Secrecy
 Establishing shared secrets
● Alice and Bob
– Have no a priori common secrets
– Can they establish a secret over an open
channel?
– Oscar can listen to all exchanges between Alice
and Bob
– Can Alice and Bob establish a secret not privy to
Oscar?
 Asymmetric Key Cryptography
● Encrypt with public key
● Decrypt with private key
● Private key is secret, public key is not (could be entered
in some on-line public directory)
● Used for
– Secrecy and Digital Signatures

Encryption Encryption
Plain Text Cipher Text Plain Text Signed Text

Decryption Decryption
Cipher Text Plain Text Signed Text Plain Text
Asymmetric Key Cryptography
● Alice, Bob and Oscar - have never met before – no
shared secret
● Alice announces her public key to Bob (Oscar also listens)
● Bob chooses a secret randomly and encrypts it with Alice's
public key
● Alice can decrypt Bob's message and determine Bob's
chosen secret – Oscar cannot (he does not have access to
Alice's Private key)
● Now Alice and Bob have a shared secret!
● Notion of Public key cryptography is definitely not intuitive!
Illustration of Asymmetric Key
Cryptography
● Simple box with a lock won't work -
need a more sophisticated
contraption!
● Message box (locker) with trapdoors
● Encryption and Digital Signatures
● “Front door” opened with public key
to drop messages for Alice and
collect documents signed by Alice
● “Back door” can be opened only by
Alice with her private key.
● Only an analogy.
● Need “trapdoor one-way” functions to
realize asymmetric cryptography.