Cryptology = Cryptography + Crypotoanalysis Cryptography = 1. keeping (written) secrets, from all but authorized users. Cryptoanalysis = 1. discovering those secrets when unauthorized. 2. analyzing the security of systems of keeping secrets. Modern techniques have also found uses in 1. Authentication = assurance that someone is who they claim 2. Data integrity = assurance that document/data has not been altered 3. Oblivious transfer = No tracks on information transferred (or not) 4. Zero-knowledge proofs = Prove possession of certain information without conveying anything about it. Terminology: Cryptosystem or cipher - whole procedure Encryption Decryption Plaintext Ciphertext Key Kerckhoff's priniciple - only the key should be secret (standardization) Code vs. Cipher in classical usage Classical cipher (pre-computation, pre WWII) Symmetric cipher Asymmetric cipher (modern) Attacks Cipherext only - goal, obtain plaintext, or key Known plaintext (partially known plaintext, crib) - goal, obtain key Chosen plaintext - goal, obtain key Encryption key (with asymmetric cipher) - goal, obtain decryption key Modulo arithmetic Equivalence mod m: a == b mod m iff a = b + km for some integer k. "x reduced modulo m" Canonical representation: use integers 0 = m - 1 to represent integers mod m. Use of division with remainder: x = qm + r In C, use x % m for x positive. To reduce negative numbers, use fact that x == m - (-x) mod m In C m - (-x) % m Multiplicative inverse for x: integer y such that xy == 1 mod m For given m and x, multiplicative inverse exists iff m and x are relatively prime. Not currently clear how to find For ordinary arithmetic, (+ - *, integer division, % with same modulus) reduction mod m can be done at any point in the calculation, and result will be the same. (casting out nines). Situation more complicated for exponentiation, Some Simple ciphers based on modulo arithmetic * We let integers mod 26, 0-25, represent letters a-z. Various generalizations * Recall trick for getting x from ascii: (int)(xchar - 'a'); (int)(xchar - 'A') Shift cipher (Caesar shift), rot13 E(x) = x + a % 26 D(x) = x - a % 26 * key is integer a, only 26 (25 useful) of them. Affine Cipher E_(ab)(x) = (a*x + b) % 26 D(x) = E_(a^(-1), -a^(-1)*b) if a^(-1) mod 26 exists * 12 * 26 - 1 = 311 useful keys (all odd numbers between 1 and 25 except 13 are relatively prime to 26) Mono-alphabetic substitution cipher (cryptogram) E(x) = x + p(x) % 26 where p(x) is a permutation of 0 - 25 D(x) = x - p^(-1)(x) % 26 (inverse permutation) * Close to 26! =~ 4 X 10^26 useful keys. * Permutation can be usefully specified using a list, possibly derived from a key string. e.g. "king xerxes" -> abcdefghijklmnopqrstuvwxyz KINGXERSTUVWYZABCDFHJLMOPQ * "Aristocrat" cryptogram has word boundaries and puctuation preserved Characters need not be letters. * Note that Caesar and Affine are special cases of substitution. One-time pad (Vernam cipher, Gilbert Vernam c. 1917) E(x_n) = (x_n + y_n) % 26. For random key string y_1, y_2,... D(x_n) = (x_n - y_n) %26 * Perfectly secure if properly used (Aye, there's the rub). * Biggest problem is key distribution. * Key must be as long as meesage. * Key must NEVER be reused. * Breakable if key is not random (e.g if it is English prose)