Chapter 5

Chapter 5: Cryptography

Cryptology is the art and science of making and breaking "secret codes".
Cryptography is the art and science of making "secret codes".
Cryptanalysis is the art and science of breaking "secret codes".
Crypto is an abbreviation for any or all of the above, and then some.
Example 1: Simple substitution
Example 2: Double transposition
Example 3: One-time pad
A cryptosystem can be used to encrypt "plain" information, or plaintext. The result of encryption is ciphertext. A cryptosystem must be invertible so that we can decrypt the ciphertext to recover the plaintext. Keys are used to configure a cryptosystem for encryption and decryption. In a symmetric key cryptosystem, the same key is used to encrypt and decrypt. In a public key cryptosystem, one key (a public key) is used to encrypt and a different key (a private key) is used to decrypt. Alternatively, a private key can be used to encrypt, thus creating a digital signature.
The security of a cryptosystem is the amount of work required to break the system using the best available attack. If any short-cut attack is known (whether practical or not), a cryptosystem is usually considered insecure.
Types of cryptanalytic attacks:
- Ciphertext only
- Known plaintext
- Chosen plaintext
Fundamental tenet of cryptography: If lots of people have failed to solve a problem, then it probably won't be solved (soon).
Kerckhoff's Principle (or Shannon's Maxim) states that the security of a system should not depend on a "secret" design.
History
- Cryptography a "black art" until recently
  1. Crypto timeline
  2. Spartans --- first known military use
  3. Caesar's cipher
  4. The Gold Bug
  5. Election of 1876
- Early 20th century --- Increased need for crypto
  1. Zimmermann telegram (or here). Part of the German codebook can be found here
  2. Vernam Cipher (one-time pad)
- Between the wars
  1. Stimson, Secretary of State, 1929,
    "Gentlemen do not read other gentlemen's mail"
- Government monopoly --- WWII to 1970's
  1. Midway/Coral Sea
  2. Purple (MAGIC)
  3. Enigma (ULTRA)
  4. NSA codebreakers
  5. Claude Shannon (confusion and diffusion)
  6. Cold War
  7. The Codebreakers, by D. Kahn
- 1970's to present --- Academic/Industrial competence
  1. Computer revolution
  2. DES (and the NSA controversy)
  3. Public Key (and NSA)
  4. Clipper chip and key escrow (NSA again)
  5. CRYPTO Conferences
  6. AES (or see NIST's AES page)
Taxonomy of cryptosystems
- Manual cryptosystems
  - One-time pad (VENONA)
  - Double transposition, etc.
- Machine cryptosystems
  - Symmetric Key (or Secret Key) cryptography
    - Stream ciphers --- often based on shift registers
      1. A5
      2. RC4
      3. PKZIP
      4. Military systems
      5. Hardware-based
    - Block ciphers (Codebook algorithms) --- many modern block ciphers use the method of Feistel
      1. DES and triple DES
      2. AES (or Rijndael)
      3. IDEA
      4. Blowfish
      5. RC5 and RC6
      6. TEA
      7. Modes of operation
  - Uses for symmetric key cryptography
    - Secrecy/Confidentiality
      1. Transmitting data over an insecure channel
      2. Secure storage on insecure media
    - Authentication
    - Data integrity --- Message Authentication Code or MAC
    - Anything you can do with a hash function
  - Public Key (or 2-key) cryptography --- "trapdoor one-way function", can be used to encrypt/decrypt and for digital signatures
    1. Modular arithemetic
    2. Knapsack
    3. RSA
    4. Diffie-Hellman
    5. El Gamal
    6. Elliptic curves --- to speed up private key operations
  - Uses for public key cryptography
    - Secrecy/Confidentiality
      1. Transmitting data over an insecure channel
      2. Secure storage on insecure media
    - Authentication
    - Digital signature --- integrity and non-repudiation
  - Hash functions --- message digest or "one-way function"
    1. Necessary hash function properties
    2. Collisions and the birthday problem
    3. SHA-1
    4. MD5
    5. HMAC --- MAC or keyed hash
  - Uses for hash functions
    - Authentication (HMAC)
    - Message integrity (HMAC)
    - Message fingerprinting (hashes condense data)
    - Data corruption detection (e.g., downloading a file)
    - Digital signature efficiency
    - Anything you can do with a symmetric key cryptosystem
Other crypto topics
- Differential and linear cryptanalysis
- Message confidentiality and integrity in one pass?
- In some protocols, it is necessary to both encrypt and sign a message. Is it better to sign then encrypt or to encrypt then sign?
- Message integrity --- stream ciphers vs block ciphers?
- Security by obscurity is a derogatory expression for systems that violate Kerckhoff's Principle.
- Block cipher modes of operation (ECB, CBC, etc.)
- Shamir's secret sharing schemes
- Coding theory vs cryptography (encoding vs encrypting)
- Long-term key and session key
- Perfect forward secrecy
- If you "sign" something that was encrypted with your public key, the result is plaintext
  - Be careful what you sign
  - Have different key pairs for encryption and signing
- Chosen plaintext is easy to come by in public key cryptosystems
- Forward Search is possible with public key cryptosystem
  1. Suppose Bob's likely reply to Alice is "yes" or "no"
  2. Encrypt "yes" with Alice's public key and encrypt "no" with Alice's public key
  3. Compare Bob's actual response to the results in 2
- Public key certificate (or digital certificate)
- Certificate authority (CA), such as VeriSign; see also Verisign's digital ID page
- Public key infrastructure (PKI)
- SSL (simplified description or slightly less simplified version or complete SSL 3.0 specification)
Quotes
- On crypto in the real world: "Crypto is usually only part of a very much larger system. It gets a lot of attention because it is mathematically interesting; but as correspondingly little attention is paid to the "boring" bits such as training, usability, standards, and audit, it's rare that the bad guys have to break the crypto to compromise a system." --- Ross Anderson (in reference to ATM's)
- Of course, Schneier has an opinion: Goto here
- On crypto in software: "I don't know how to to be confident even of a digital signature I make on my own PC, and I've worked in security for over fifteen years. Checking all of the software in the critical path between the display and the signature software is way beyond my patience." --- Ross Anderson
- On cryptanalysis: "Crypto experts won't trust a cryptosystem until they have attacked it... But their attacks generally don't go any further than demonstrating a system's vulnerabilities in the abstract. All they want to be able to say [is that] in theory this system could be attacked in the following way because from a formal number-theory standpoint it belongs to such-and-such class of problems, and those problems as a group take about so many processor cycles to attack... But the gap between demonstrating the vulnerability of a cryptosystem in the abstract and actually breaking a bunch of messages written in that cryptosystem, is as wide, and as profound, as the gap between being able to criticize a film (e.g., by slotting it into a particular genre or movement) and being able to go out into the world with a movie camera and a bunch of unexposed film and actually make one." --- Neal Stephenson, Cryptonomicon, Avon Books, New York, 1999, p. 742