Information and network security 11 cryptography and cryptanalysis
- 1. Information and Network Security:11 Cryptography and Cryptanalysis Prof Neeraj Bhargava Vaibhav Khanna Department of Computer Science School of Engineering and Systems Sciences Maharshi Dayanand Saraswati University Ajmer
- 2. Cryptography • can characterize cryptographic system by: • type of encryption operations used • substitution • transposition • product • number of keys used • single-key or private • two-key or public • way in which plaintext is processed • block • stream
- 3. Cryptography • Cryptographic systems can be characterized along these three independent dimensions. • The type of operations used for transforming plaintext to ciphertext. All encryption algorithms are based on two general principles: substitution, in which each element in the plaintext (bit, letter, group of bits or letters) is mapped into another element, and transposition, in which elements in the plaintext are rearranged. The fundamental requirement is that no information be lost (that is, that all operations are reversible). Most systems, referred to as product systems, involve multiple stages of substitutions and transpositions.
- 4. Cryptography • The number of keys used. If both sender and receiver use the same key, the system is referred to as symmetric, single-key, secret-key, or conventional encryption. If the sender and receiver use different keys, the system is referred to as asymmetric, two-key, or public-key encryption. • The way in which the plaintext is processed. A block cipher processes the input one block of elements at a time, producing an output block for each input block. A stream cipher processes the input elements continuously, producing output one element at a time, as it goes along.
- 5. Cryptanalysis • objective to recover key not just message • general approaches: • cryptanalytic attack • brute-force attack • if either succeed all key use compromised
- 6. Cryptanalysis • Typically objective is to recover the key in use rather then simply to recover the plaintext of a single ciphertext. There are two general approaches: • Cryptanalysis: relies on the nature of the algorithm plus perhaps some knowledge of the general characteristics of the plaintext or even some sample plaintext- ciphertext pairs. This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used. •
- 7. Cryptanalysis • Brute-force attacks try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. On average,half of all possible keys must be tried to achieve success. • If either type of attack succeeds in deducing the key, the effect is catastrophic: All future and past messages encrypted with that key are compromised.
- 8. Cryptanalytic Attacks ciphertext only only know algorithm & ciphertext, is statistical, know or can identify plaintext known plaintext know/suspect plaintext & ciphertext chosen plaintext select plaintext and obtain ciphertext chosen ciphertext select ciphertext and obtain plaintext chosen text select plaintext or ciphertext to en/decrypt
- 9. More Definitions unconditional security no matter how much computer power or time is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext computational security given limited computing resources (eg time needed for calculations is greater than age of universe), the cipher cannot be broken
- 10. More Definitions • Two more definitions are worthy of note. An encryption scheme is unconditionally secure if the ciphertext generated by the scheme does not contain enough information to determine uniquely the corresponding plaintext, no matter how much ciphertext is available. • An encryption scheme is said to be computationally secure if either the cost of breaking the cipher exceeds the value of the encrypted information, or the time required to break the cipher exceeds the useful lifetime of the information. Unconditional security would be nice, but the only known such cipher is the one-time pad (later). • For all reasonable encryption algorithms, we have to assume computational security where it either takes too long, or is too expensive, to bother breaking the cipher.
- 11. Brute Force Search • always possible to simply try every key • most basic attack, proportional to key size • assume either know / recognise plaintext Key Size (bits) Number of Alternative Keys Time required at 1 decryption/µs Time required at 106 decryptions/µs 32 232 = 4.3 109 231 µs = 35.8 minutes 2.15 milliseconds 56 256 = 7.2 1016 255 µs = 1142 years 10.01 hours 128 2128 = 3.4 1038 2127 µs = 5.4 1024 years 5.4 1018 years 168 2168 = 3.7 1050 2167 µs = 5.9 1036 years 5.9 1030 years 26 characters (permutation) 26! = 4 1026 2 1026 µs = 6.4 1012 years 6.4 106 years
- 12. Assignment • What is Cryptography. • Explain Cryptanalysis and briefly describe Cryptanalytic Attacks