Cryptography

Mr S. D Kanengoni
Masters in International
Computer Science
 Cryptography
Goal Of This Lecture

1. Cryptography basics
• History -
• Cipher and Deciphering

2. One way encryption algorithms (MD5, SHA1)

3. Two way encryption algorithms (DES, AES, Triple

DES, RSA)

4. Public key private key encryption

5. Secure Socket Layer (SSL) Digital Certificate

 CRYPTOLOGY : CRYPTOGRAPHY + CRYPTANALYSIS

Cryptology = science of
secrecy. How :
encipher a plaintext into a ciphertext to protect its secrecy.
The recipient deciphers the ciphertext to recover the plaintext.
A cryptanalyst shouldn’t complete a successful
cryptanalysis. Attacks [6] :
• known ciphertext : access only to the ciphertext
• known plaintexts/ciphertexts : known
pairs (plaintext,ciphertext) ; search for the
key
•
chosen plaintext : known cipher, chosen cleartexts
; search for the key
Cryptography
What is Cryptography
• Cryptography or cryptology
(from Ancient Greek: κρυπτός, romanized:
kryptós "hidden, secret"; and γράφειν graphein, "to write", or -
λογία -logia, "study", respectively)

• is the practice and study of

techniques for secure
communication in the presence of
third parties called adversaries.
Cryptography
Cryptology
Cryptanalysis
 Cryptography terminology

Cryptography
Study of methods, mathematic technics related to security
concept

Cryptosystem
Set of algorithm, key and secured protocol

Cryptanalysis
Study of existing cryptosystem

© 2011 SAP AG. All rights reserved.

 Short history

J. Stern [8] : 3 ages :

• craft age : hieroglyph, bible, ..., renaissance, → WW2
• technical age : complex cipher machines
• paradoxical age : P KC

Evolves through maths’ history, computing and cryptanalysis :

• manual
• electro-mechanical
• by computer
 Polybius’s square
Polybius, Ancient Greece : communication with torches

1 2 3
4 5
1 a b c d
e
2 f g h ij
k
3 l m n o
p
4 q r s t
u
5 v w x y
z

TEXT changed in 44,15,53,44. Characteristics

• encoding letters by numbers
 History – ancient Greece

500 B C : scytale of Sparta’s

generals

Secret key : diameter of the

stick
 History – Caesar

Change each char by a char 3 positions farther

A becomes d, B becomes e. . .
The plaintext TOUTE LA GAULE becomes wrxwh od
jdxoh.
 Why enciphering ?

• Yesterday :
) for strategic purposes
(the enemy shouldn’t be able to read messages)
) by the church
) diplomacy

• Today, with our numerical

environment
) confidentiality
) integrity
) authentication
 Goals of
cryptology

Increasing number of goals :

• secrecy : an enemy shouldn’t gain access to information
• authentication : provides evidence that the
message comes from its claimed sender
• signature : same as auth but for a third party
• minimality : encipher only what is needed.
 The tools

• Information Theory : perfect cipher

• Complexity : most of the ciphers just ensure
computational security
• Computer science : all make use of algorithms
• Mathematics : number theory, probability,
statistics, algebra, algebraic geometry,...
Ciphers Classification

cipher

secret key public key

variable bloc ciphers

length
(stream
ciphers) substitution transposition product

simple (monoalphabetical)
polyalphabetical
homophone
polygramme
 Symmetrical ciphers

Made of [1] :
• plaintext alphabet : A M
• ciphertext alphabet : A C
• keys alphabet : A K
• encipher ; application E : AK٨ × A٨M → ٨C
A ;
decipher ; application D : AK × A٨ → ٨
• ٨ C M
A ٨
E and D are such that ∀K ∈ A K , ∀M ∈ ٨

AM :

D (K , E (K , M )) = M
 Monoalphabetical ciphers

Monoalphabetical cipher : bijection between letters from A M

and A C . If both alphabets are identical : permutation.
Example : Caesar. {a,. . . ,z}≡{A,. . . ,Z} ≡ {0, . . . , 25} =
Z26
Caesar cipher is additive.
Encipher : ∀x ∈ Z 26 , x ›→ x + 3 mod
26 Decipher : ∀y ∈ Z 26 , y ›→ y − 3
mod 26
 Multiplicative
We consider : x ›→ t · x mod 26 for t ∈ N.
cipher
Acceptable values of t are s.t. gcd(t, 26) = 1 ⇔ t ‡
26.
ϕ(26) acceptables values {1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23,
25} Other values don’t ensure the uniqueness of the
deciphering (e.g. 2)
a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y z
13 14 15 16 17 18 19 20 21 22 23 24 25
0 2 4 6 8 10 12 14 16 18 20 22 24

To decipher, we require the existence of t − 1 modulo 26.

We use the extended Euclidean algorithm which
provides
Bezout coefficients i.e. x, y ∈ N st. d = gcd(a, b) = ax +
by . From Bezout coefficients, one can deduce t − 1 modulo
26 :
 Iterative
computation
Extended Euclidean(q, r ) with q < r
Q← (1, 0) ;
R ← (0, 1) ;
while r /= 0 do
t ← q mod r ;
T ← Q − [ q/ r ♩R ;
(q, r ) ← (r , t ) ;
(Q , R ) ← (R , T ) ;
end
return (q, Q ) ; q : gcd value and Q provides the
coeffs.
end
 Extended Euclidean (11,
26)
q r t Q [q/r ♩ R T
11 26 11 (1, 0 (0, 1) (1, 0)
0)
26 11 4 (0, 1) 2 (1, 0) (−2, 1)
11 4 3 (1, 0) 2 (−2, 1) (5, −2)
4 3 1 (−2, 1) (5, −2) (−7, 3)
1 (− 7, 3) (26,
3 1 0 (−7,(5, −2)
3) −11)
(26,
3 −11)
pgcd(11, 26) = 1 and Bezout’s coefficients are (−7,
1 0
3).
The mult. inverse of 11 mod 26 = −7 = 19.
 Affines Ciphers

When combining 26 additive ciphers and 12 multiplicative ones,

we get affine ciphers :
given s and t ∈ N, encipher with : x ›→ (x + s) · t mod
26. The key is the pair (s, t ) and the deciphering is
done by applying successively the previous methods.
There are 26.12=312 possible affine ciphers. Far from
the 26 !=403291461126605635584000000 possible
ones.
 Ciphers defined by keyword

To get all possible monoalphabetical ciphers by :

• a keyword like, for instance CRYPTANALYSIS ;
• a key letter like e.
Remove multiple occurrences of the same letter in the
keyword
-here CRYPTANLSI- then

a b c d e f g h i j k l m n o p q r s t u v w x y z
V W X Z C R Y P T A N L S I B E D F G H J K M O Q
U
 Cryptanalysis

Shannon : a small proportion of letters provides

more information than the remaining 2/3 of the text.

By applying a frequency analysis on the letters then

of bigrams,
... in the ciphertext.
 Solving ax ≡ b mod n

We have used the method for solving the integer

equation
ax ≡ b mod n. There are two cases :
• gcd(a, n) = 1 : ax ≡ b mod n ⇔ x ≡ a − 1 b mod n with
given
a − 1 by the extended Euclidean algorithm.
• gcd(a, n) = d =/ 1 splits into two new
cases
) :d ‡ b, the equation has no solution ;
) d |b ax ≡ b mod n ⇔ da ′ x ≡ db′ mod dn′. We divide lhs
and rhs by d and we solve a′ x ≡ b′ mod n′ . We get a
set
of solutions : { x = a′ − 1 b′ + kn′ : 0 ≤ k < d } .
 Conclusion

Monoalphabetical ciphers aren’t robust against a

frequency analysis.
We need ciphers for which the statistical distribution of
the letters tend to be a uniform one.
1.st attempt : use a crypto transformation which associates
a set of distinct letters in the ciphertext to the plaintext
letters.
We get what is called polyalphabetical ciphers
 Vigenère’s cipher (1586)

In a polyalphabetical cipher, plaintext characters are

transformed by means of a key K = k0, . . . , k j − 1 which
defines j distinct functions f0 , . . . , fj− 1 s.t.

∀i, 0 < j ≤ n fkl : A M ›→ A C , ∀l, 0 ≤ l < j

c i = fki mod j (mi )

Idea : use j distinct monoalphabetical ciphers.

 Vigenère’s square
abcdefghijklmnopqrstuvwxyz abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
NOPQRSTUVWXYZABCDEFGHIJKLM
BCDEFGHIJKLMNOPQRSTUVWXYZA OPQRSTUVWXYZABCDEFGHIJKLMN
CDEFGHIJKLMNOPQRSTUVWXYZAB
PQRSTUVWXYZABCDEFGHIJKLMNO
DEFGHIJKLMNOPQRSTUVWXYZABC QRSTUVWXYZABCDEFGHIJKLMNOP
EFGHIJKLMNOPQRSTUVWXYZABCD
RSTUVWXYZABCDEFGHIJKLMNOPQ
FGHIJKLMNOPQRSTUVWXYZABCDE STUVWXYZABCDEFGHIJKLMNOPQR
GHIJKLMNOPQRSTUVWXYZABCDEF
TUVWXYZABCDEFGHIJKLMNOPQRS
HIJKLMNOPQRSTUVWXYZABCDEFG UVWXYZABCDEFGHIJKLMNOPQRST
IJKLMNOPQRSTUVWXYZABCDEFGH
VWXYZABCDEFGHIJKLMNOPQRSTU
JKLMNOPQRSTUVWXYZABCDEFGHI WXYZABCDEFGHIJKLMNOPQRSTUV
KLMNOPQRSTUVWXYZABCDEFGHIJ
XYZABCDEFGHIJKLMNOPQRSTUVW
LMNOPQRSTUVWXYZABCDEFGHIJK YZABCDEFGHIJKLMNOPQRSTUVWX
 Cryptanalysis..
.
... becomes more difficult : we tend to a uniform
distribution.
But, if we re-arrange the ciphertext in a matrix with as many
columns as the key length, all the letters in the same
column come from the same monoalphabetical cipher.
Cryptanalysis works as follows :
(1) find the key length
(2) apply the previous methods
2 tests to find the key length : Kasiski and Friedman.
 Homophone Ciphers

Goal : smooth the frequency distribution of the letters.

The ciphertext alphabet contains several equivalents for
the same plaintext letter.
We thus define a multiple representation substitution.
Thus, letter e from the plaintext, instead of being always
enciphered by a 4 could be replaced for instance by 37, 38,
39,
....
These different cryptographic units corresponding to the
same plaintext character are called homophones.
letter frequency letter frequency
a 0,26,27,28,29,30 n 13,68,69,70,71,72
b 1 o 14,73,74,75,76
c 2,31,32,33,34 p 15,77,78
d 3,35,36 q 16
e 4,37,. . . ,54 r 17,79,80,81,82
f 5,55 s 18,83,84,85,86,87
g 6,56 t 19,88,89,90,91,92,93
h 7,57 u 20,94,95,96,97
i 8,58,59,60,61,62 v 21
j 9 w 22
k 10 x 23
l 11,63,64,65,66 y 24,98
m 12,67 z 25
 Transposition

Implements a permutation of the plaintext letters A C = A M .

∀i, 0 ≤ i < 0 f : A M → A M
η : Zn → Zn
c i = f (mi ) = mη(i)
 Simple array transposition

Given a passphrase, we define a numerical key :

T R A N S P O S I T I O N S I M P L E
18 14 1 8 15 12 10 16 3 19 4 11 9 17 5 7 13 6 2
We encipher, «le chiffrement est l’opération qui consiste
à transformer un texte clair, ou libellé, en un autre texte
inintelligible appelé texte chiffré ou chiffré» [5].
18 14 1 8 15 12 10 16 3 19 4 11 9 17 5 7 13 6 2
l e c h i f f r e m e n t e s t l o p
é r a t i o n q u i c o n s i s t e à
t r a n s f o r m e r u n t e x t e c
l a i r o u l i b e l l é e n u n a u
t r e t e x t e i n i n t e l l i g i
b l e a p p e l é t e x t e c h i f f
r é o u c r y p t o g r a m m e
 Vernam cipher (1917)
Is the one-time pad a «perfect» cipher ?

A and B share a true random sequence of n bits : the

secret key K .
A enciphers M of n bits in C = M ⊕ K .
B deciphers C by M = K ⊕ C .

Example
M = 0011, K = 0101
C = 0011 ⊕ 0101 = 0110
M = K ⊕ C.

Non-reusability : for every new message, we need a new

key.
 Why a new
keyinformation
... To avoid revealing ? on the ⊕ of plaintexts.

Eve can sniff C = { M } K and C J = { M J} K and computes :

C ⊕ C J = (M ⊕ K ) ⊕ (M J ⊕ K ) = M ⊕ M J

Given enough ciphertexts, she’s able to recover a plaintext by

a frequency analysis and with the help of a dictionnary [4].

If we respect the above requirements, Vernam

cipher guarantees the condition of perfect secrecy.
Condition (perfect secrecy)

Pr (M = m | C = c) = Pr (M = m)

Intercepting C doesn’t reveal any information to the

cryptanalyst
 Why is it
secure ?
Vernam ciphers provides perfect
secrecy. We have three classes of
information : Σ
• plaintexts M with proba. distribution Pr (M )/ ΣM Pr (M ) =
• 1ciphertexts C with proba. distribution Pr (C )/ C Pr (C )
=1 Σ
• keys with proba. distribution Pr (K ) s.t. K p(K ) = 1
Pr (M | C ) = proba that M has been sent knowing that C was
received (C is the corresponding ciphertext of M). The
perfect secrecy condition is defined as

Pr (M | C ) = Pr (M )
The interception of the ciphertext does not provide
any information to the crypto-analyst.
 Conclusion

Perfect secrecy but difficult to achieve

• generate truly random sequences
•store them and share them with the recipients
example of use : «red phone».
 Product and iterated
ciphers
Improvement : combine substitutions and transpositions
A cipher is iterated if the ciphertext is obtained from
repeated applications of a round function to the plaintext
At each round, we combine a round key with the plaintext.
Definition
In an iterated cipher with r rounds, the ciphertext is computed
by repeated applications of a round function g to the
plaintext :

C i = g(C i− 1 , K i ) i=
1, . . . , r

C 0 the plaintext, K i round key and C r the ciphertext.

Deciphering is achieved by inverting the previous equation.
For a fixed K i , g must be invertible.
 Feistel ciphers
A Feistel cipher with block size 2n and r rounds is defined by :

g : {0, 1} n × {0, 1} n × {0, 1} m → {0, 1} n × {0, 1} n

X , Y , Z ›→ (Y , F (Y , Z ) ⊕ X )
g function of 2n × m bits into 2n bits and ⊕ denoting the n bit
XOR
Operation mode
Given a plaintext P = (P L , P R ) and r round keys K 1 , . . . , Kr ,
Let
the Cciphertext
L = P L and LC R =
0 (C , 0C R )PisR obtained
and we compute for i =
after r rounds.
1, . . . , r
(C L , C R ) = (C R , F (C R , K i ) ⊕
CL )
i i i−1 i−1
i−1
with C i = (C L , C R ) and C R = C L and C L =
i i r
C R round keys K 1 , . . . , Kr , are obtained by a key
The r
scheduling algorithm on a master key K .
Block ciphers modes of
operation
 Modes of operation
pictured

http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
E C B : electronic codebook
mode

The one previously used ; given a plaintext, each block xi is

enciphered with the key K , and provides the ciphertext
y1 y 2 . . .
. . . , x2 , x1 ...,
y2 , y1
eK
C B C : cipher block chaining
mode
Each ciphertext yi is XORed with next plaintext x i + 1

x1 x2

IV=y0

eK eK

y1 y2
C B C – Deciphering

y1 y2

dK dK

IV=y0

x1 x2
O F B (output feedback mode) and
C F B (cipher feedback mode)

Encipher each plaintext block by successive XORing with

keys coming from the application of a secret key cipher :
• OFB : sequence of keys comes from the repeated
enciphering started on an initial value IV. We let z 0 =IV
and we compute the sequence z1 z2 . . . by zi = eK (zi− 1 ).
The plaintext is then enciphered by yi = xi ⊕ zi
• CFB : We start with y 0 =IV and the next key is obtained
by enciphering the previous ciphertext zi = e K (y i−1 ).
Otherwise, everything works like in OFB mode.
 C F B enciphering

x1 x2

IV=y0 eK eK

y1 y2
 C F B deciphering

y1 y2

IV=y0 eK eK

x1 x2
 M AC-MDC

For Message Authentication Code (Modification Detection

Code), or message fingerprint (MAC=MDC+IV/= 0).

Possible with C B C and C FB.

We start with IV=0. We build the ciphertext y1 . . . yn with
the key
K in C B C mode. MAC is the last block yn.
Alice sends the message x1 . . . xn and the M AC yn .
Upon reception of x1 . . . xn, Bob builds y1 . . . yn by using the
secret key K and verifies that yn is the same than the
received MAC.
References