Documente Academic
Documente Profesional
Documente Cultură
Key KA Key KB
Cryptography (2)
• Cryptography throughout history:
• Julius Caesar cipher: replaced each character by a
character cyclically shifted to the left.
Weakness?
• Easy to attack by looking at frequency of characters
Key KA Key KB
• Terms courtesy of Claude Shannon, father of
Information Theory
• “Confusion” = Substitution
• a -> b
• Caesar cipher
• “Diffusion” = Transposition or Permutation
• abcd -> dacb
• DES
Principles of Confusion and
Diffusion (2)
• “Confusion” : a classical Substitution Cipher
Courtesy:
Andreas
Steffen
Courtesy:
Andreas
Steffen
Courtesy:
Andreas
Steffen
• Key distribution
• Public key via trusted Certificate
Authorities
• Symmetric key?
• Diffie-Helman Key Exchange
• Public key, then secret key (e.g. SSL)
• Symmetric Key distribution via a KDC (Key
Distribution Center)
Symmetric Key Distribution (2)
• Symmetric Key distribution via a KDC (Key
Distribution Center)
• KDC is a server (trusted 3rd party) sharing a
different symmetric key with each registered user
• Alice wants to talk with Bob, and sends encrypted
request to KDC, KA-KDC(Alice,Bob)
• KDC generates a one-time shared secret key R1
• KDC encrypts Alice’s identity and R1 with Bob’s secret key,
let m= KB-KDC(Alice,R1)
• KDC sends to Alice both R1 and m, encrypted with Alice’s
key: i.e. KA-KDC(R1, KB-KDC(Alice,R1))
• Alice decrypts message, extracting R1 and m. Alice
sends m to Bob.
• Bob decrypts m and now has the session key R1
Symmetric Key Distribution (3)
m=
letter m me c = me mod n
encrypt:
“L” 12 1524832 17
d
decrypt:
c c m = cd mod n letter
17 481968572106750915091411825223072000 12 “L”
Public-Key Cryptography (4)
• Provides security because:
• There are no known algorithms for quickly
factoring n=p*q, the product of two large prime
#’s
• If we could factor n into p and q, then it would be
easy to break the algorithm: have n, p, q, e, then
just iterate to find decryption key d.
• Public-key cryptography is slow because of the
exponentiation:
• m = cd mod n = (me)d mod n = (md)e mod n
• 1024-bit value for n
• So, don’t use it for time-sensitive applications
and/or use only for small amounts of data – we’ll
see how SSL makes use of this
Public-Key Cryptography (5)
• A 512 bit number (155 decimals) was factored into
two primes in 1999 using one Cray and 300
workstations
• 1024 bit keys still safe
• Incredibly useful property of public-key
cryptography:
• m = cd mod n = (me)d mod n = (md)e mod n
• Thus, can swap the order in which the keys are
used.
• Example: can use private key for encryption and a
public key for decryption – will see how it is useful
in authentication!