Encryption basics

Encryption Basics
Kevin O'Brien
Washtenaw Linux Users Group

Ancient History
● Wax tablets – Herodotus
● Shaved head – Herodotus
● Both examples of Steganography (hidden writing)
– Steganos (Greek) = hidden
– Graphei (Greek) = writing
● Essentially security by obscurity
● More modern version = microdots

Encryption
● Kryptos (Greek) = hidden
● A message should be unreadable to someone
who finds it
● Employs a cipher
● Substitutes one symbol for another
● Not the same as a code!

Codes
● Codes do not try to obscure the message
● Examples:
– Morse code
– ASCII
● Codes transform one set of symbols into
another without trying to hide the meaning

Caesar Cipher
● Moved each letter a fixed number of spaces
● Same as ROT13
● HAL = IBM
● Not very secure, but then Caesar was dealing
with barbarians :)
● Trivial to break since there are only 25 schemes
to try.

Substitution Cipher
● Better than Caesar Cipher
● No fixed pattern to how symbols are substituted
● Think of the “brain teaser” puzzles in the
newspaper
● Obviously, these can be broken by ordinary
people with small effort

Statistical analysis
● The weakness of Substitution Ciphers is that
they are susceptible to statistical analysis
●
First shown by Al-Kindi in the 9th
century
● In English, letters have a certain frequency
– e,t,a,o,i,n,s,h,r,d,l,u....
● Letter q almost always followed by u, “the” is
most common three-letter word, and so on

Vigenere Square
● Uses a key word or phrase to create a different
substitution for each letter of the message
● But if reused could also be analyzed
● Charles Babbage showed that it could be
attacked statistically

One-Time Pads
● A series of unique Vigenere Squares
● Each one is used only once
● Absolutely secure
● But pain the butt to create
● And distribution is an issue
● If enemy gets it, no security

Mechanical solutions
● Captain Midnight Decoder Ring
● Rotate one disk against another
● Essentially just another Caesar Cipher

Enigma
● Decoder ring on steroids
● Multiple disks
● Settings change after each letter
● Poles figured out how to analyze
● Passed to Brits
● Bletchley Park & Turing

Enigma flawed
● First, essentially mechanical means there is a
way to attack
● Mechanical cannot be truly random
● No letter could be encrypted as itself
● Key turned out to be mathematics

Computers
● Originally created to break ciphers
● Collosus used against German Lorenz Cipher
● But computers could be used to create ciphers
as well
● By the 1960s it was clear that computers could
create unbreakable encryption schemes as
long users did not make a mistake

Key distribution
● But how to distribute keys securely?
● Same issue as with one-time pads
● Whitfield Diffie, Martin Hellman, and Ralph
Merkle solved that and created Diffie-Hellman-
Merkle Key Exchange
● Diffie later realized that publicly distributed keys
could be asymmetric

RSA
● Ron Rivest, Adi Shamior, and Leonard Adelman first
figured out how to do it practically
● Based on one-way function
● Easy to compute, impractical to reverse
● They used large prime numbers which they multiplied
together to get an even larger number
● Extremely large numbers are hard to factor, hence
the one-way

Key Pair
● RSA procedure creates two keys
● Each key can decrypt what the other key has
encrypted
● But no key can decrypt what it itself has
encrypted

Other Algorithms
● In addition to the RSA prime number algorithm
there are two well-known alternatives
● Discrete Logarithm
● Elliptical Curve
● Both are also “one-way” functions that are easy
to compute but impractical to reverse

Symmetric vs. Asymmetric Encryption
● Symmetric means the same key that encrypted
the message will also decrypt it
● Very efficient = can easily and quickly encrypt
and decrypt
● Key distribution is a problem
● Alice has to send Bob the key before sending
the encrypted message
● Eve can listen in and get the key

Public Key
● This is Asymmetric
● A key pair is generated
● One of the keys is designated as private, the
other public
● Arbitrary which is which

Key Distribution
● Public key gets around the key distribution
problem
● The Public key can be freely distributed
● But only the Private key can decrypt what the
Public key has encrypted
● But also requires a lot more resources

Symmetric Standard DES
● Data Encryption Standard (DES) developed by
IBM for the U.S. Government
● Employed several techniques still in use today
– Block Cipher
– XOR
● http://en.wikipedia.org/wiki/Data_Encryption_St
andard

Block Cipher
● A Block Cipher operates on a fixed-length block
of bits to transform them
● Plain text is turned into ciphertext block by
block
● Generally the transformation is repeated a
number times called rounds
● https://en.wikipedia.org/wiki/Block_cipher

XOR
● Most common transformation
● Stands for “Exclusive Or”
● In logic, means that either A is true or B is true,
but not both
● In circuit design, if either A or B is sending a
signal it is output, but if both are, nothing is
output

XOR in Cryptography
● The message and the key are expressed in
binary
● They are XORed together
● This essentially means adding without carrying
the 1
● If both A and B are 0, or both are 1, the result is
0. If one is zero and the other is 1, the result is
1

Coding
● Remember that a code is just a transparent
transform of information from one scheme to
another
● ASCII is such a code
● It takes letters and symbols and turns them into
binary numbers
● http://en.wikipedia.org/wiki/ASCII

Coding Example 1
● I want to send a message “cat”
● C=1100011
● A=1100001
● T=1110100
● CAT=110001111000011110100
● This is still transparent

Key
● Now I will choose a key to use, and I choose
“dog”
● D=1100100
● 0=1101111
● G=1100111
● DOG=110010011011111100111

XOR is reversible
● If you take the result text from the example, and
XOR it with the key, you get back the original
message

Encryption Algorithm
● Combines a number of transformations and
combines them in rounds
● For symmetric encryption needs to be
reversible
● XOR is always part of the process

DES
● Block size was initially 64-bits
● But one bit from each byte was devoted to
parity checking
● Effective length 56-bits, therefore

DES role
● Bruce Schneier said about it “”DES did more to
galvanize the field of cryptanalysis than
anything else. Now there was an algorithm to
study.”
● Standard against which all others were
compared
● Key length just too small
● Cracked in 22 hours in 1999

Triple DES
● Uses 3 independent 56-bit keys in a repeated
process
● Each block encrypted three times, once with
each key
● Probably safe for now

AES
● Advanced Encryption Standard
● Adopted in 2001 by NIST
● Considered best symmetric algorithm available
now

Rijndael Cipher
● Named for developers, Vincent Rijman and Joan
Daeman
● Basis of AES
● Block size of 128-bits
● Key sizes of 128, 192, or 256 bits are allowed
● Called AES-128, AES192, or AES-256
● As with all other algorithms, repeated rounds of
transformations

Symmetric Summed Up
● Fast and efficient
● Relies on a single shared key
● Does not require entropy because the key
needs only to be agreed, not random

Asymmetric Standards
● Solve the key distribution problem
● Requires entropy (randomness) along with one-
way functions
● Three kinds
– Multiplying large prime numbers
– Discrete logarithm
– Elliptic Curve

Prime Number Approach
● This is what RSA uses
● Two large prime numbers are multiplied together
● This is easy to do
● But factoring the result to get back the original primes
is computationally infeasible with current technology
● But research into factorization is ongoing, it is an
arms race

What numbers?
● Generally in the neighborhood of 1024 digits
● Must be randomly selected
● Should not be “near” each other
● Product is used to generate other prime
numbers which help form the key pair
● One is arbitrarily made private, the other public

Discrete Logarithm
● Involves finding an integer that solves a
logarithmic equation
● Used in Elgamal encryption and Diffie-Hellman-
Merkle Key Exchange
● Choosing the particular numbers for the
logarithmic equation is where the entropy comes in
● Diffie-Hellman-Merkle Key Exchange is used for
Perfect Forward Secrecy

Elliptic Curve
● Builds on Discrete Logarithm approach
● A curve with the right properties is chosen,
then a point on that curve
● Then you need to find the discrete logarithm of
that point
● Entropy comes in when choosing the point on
the curve

Issues with Elliptic Curve
● NIST has recommended 15 curves as suitable
● It appears NSA pushed one with weaknesses
as the default
● But Elliptic Curve done right is faster and more
efficient than RSA or general Discrete
Logarithm approaches
● So it should be the future.

Symmetric vs. Asymmetric
● Symmetric is fast and efficient, but needs no
entropy
● Symmetric has key exchange problems
● Asymmetric is resource-intensive, requires
randomness
● Asymmetric solves key exchange

Hybrid Approach
● Most public key crypto uses Asymmetric
encryption to distribute a Symmetric key
● So the inefficient algorithm is only used at the
beginning
● Everything after that is done with the efficient
Symmetric algorithm

Example: E-mail
● When you encrypt a message to someone, you
use a Symmetric key to encrypt a message
● Then you use their Public key to encrypt the
Symmetric key
● They get the message and use their Private key
to decrypt the Symmetric key
● Then they use the Symmetric key to decrypt the
message

See also
● SSL certificates
● SSH tunnels
● Generally, the same techniques are used over
and over
● So learn it once and you can quickly learn other
uses

Encryption basics

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Encryption basics (20)

More from Kevin OBrien (20)

Recently uploaded (20)

Encryption basics