Topic : Cryptography Mini-Tutorial
Author : William Moore
Page : 1 Next >>
Go to page :


Internet Autopsy Database: Cryptography Mini-Tutorial


Copyright 1997 G. William Moore, MD, PhD.

This file may be copied and distributed without restriction.




PRINCIPLES AND METHODS OF CRYPTOGRAPHY.
What is classical cryptography?
In classical cryptography, there is a message, a sender, and a receiver. It is assumed that any communication between sender and receiver may be easily read by a hostile person, or attacker. The usual objective of cryptography is to encode the sender's message in such a way that the attacker cannot understand it. In more complex cryptographic models, methods are used to authenticate the identity of the sender, to prevent the attacker from altering the message unbeknownst to the receiver, and to prevent the sender from later denying that he/she sent a particular message on a particular date and time. The following book is an absolutely fabulous introduction to cryptography, which can profitably be read by amateurs and professionals alike:
Schneier B. Applied Cryptography, Second Edition. Protocols, Algorithms, and Source Code in C. New York: John Wiley & Sons, 1996.
What is encryption?
The initial message prepared by the sender is written as plaintext, which the sender converts into ciphertext before the message is transmitted. The process of converting plaintext into ciphertext is called encryption. The encryption process requires an encryption algorithm and a key. the process of recovering plaintext from ciphertext is called decryption.
How is encryption performed?
In classical cryptography, the key is exchanged secretly between sender and receiver over secured communication, or through a trusted intermediary. The accepted view among professional cryptographers it that the encryption algorithm should be published, whereas the key must be kept secret. The purpose of publishing the encryption algorithm is to place it before the academic cryptography community, which will discover its flaws. Better that the flaws in the encryption algorithm be first discovered in academia than when the message is secretly decoded by the attacker.
Sample encryption calculation.
Both the initial plaintext and the resulting ciphertext may contain words or numbers or both, but is ultimately convertible into a sequence of numerals, which can be processed by computer and distributed through public communications, including the Internet. For simplicity of discussion, we can speak of an initial plaintext expressed as a sequence of decimal numerals. For example, let the letters of the alphabet be represented as two-digit numbers from A=00 to Z=25 (ignore blank-spaces for now). Then the plaintext for THE QUICK BROWN FOX becomes numeralized as 19070406200802100117142213051423, as follows:

       THEQUICKBROWNFOX
       T  H  E  Q  U  I  C  K  B  R  O  W  N  F  O  X
      19 07 04 06 20 08 02 10 01 17 14 22 13 05 14 23


Analogously, we may form a simple key consisting, say, of the consecutive letters of the alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZABCD....

       ABCDEFGHIJKLMNOPQRS
       A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P
      00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15


A simple encryption algorithm might consist of adding the plaintext to the encryption-key, using modulo-26 arithmetic. That is, if the sum of any two numbers obtained by ordinary addition is 26 or greater, then you subtract 26 from the ordinary sum to obtain the modulo-26 sum. Thus, 05+12=17 by both ordinary and modulo-26 arithmetic, but 15+12=27 by ordinary arithmetic but 15+12=01 by modulo-26 arithmetic. Hence, the ciphertext for THEQUICKBROWNFOX is 19080609241308170901240725180212, as follows:

      19 07 04 06 20 08 02 10 01 17 14 22 13 05 14 23
(+)  00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15   (modulo-26)
_____________________________________________________
      19 08 06 09 24 13 08 17 09 01 24 07 25 18 02 12


The ciphertext may then be decrypted by the receiver, using the decryption-key AZYXWVUTSRQPONMLKJIHGFEDCBAZYX... and modulo-26 arithmetic, as follows:

      19 08 06 09 24 13 08 17 09 01 24 07 25 18 02 12
(+)  00 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11  (modulo-26)
_____________________________________________________
      19 07 04 06 20 08 02 10 01 17 14 22 13 05 14 23







METHODS OF ENCRYPTION.
What is the One-Time Pad?
The one-time pad is a nearly-perfect method of encryption, invented in 1917 by Major Joseph Mauborgne and Gilbert Vernam. In this method, the sender and receiver agree upon a common text, which forms the key. Each key letter is used exactly once, and then discarded forever. Ideally, the key should be completely random. For example, if the receiver and sender employ the text for George Orwell's 1984 as their one-time pad, then the encryption-key becomes:
ITWASABRIGHTCOLDDAYINAPRILANDTHECLOCKSWERESTRIKINGTHIRTEENWINSTON....
Analogously, the decryption-key becomes:
SHEAIAZJSUTHYMPXXACSNALJSPANXHTWYPMYQIEWJW
Encryption of the plaintext, THEQUICKBROWNFOX, yields the ciphertext, BAAGMIDCJXFPPTZA, as follows:

       THEQUICKBROWNFOX
(+)   ITWASABRIGHTCOLD
_______________________
       BAAGMIDCJXFPPTZA
that is:
      19 07 04 06 20 08 02 10 01 17 14 22 13 05 14 23  (plaintext)
(+)  08 19 22 00 18 00 01 17 08 06 07 19 02 14 11 03  (encryption-key)
_____________________________________________________
      01 00 00 06 12 08 03 01 09 23 21 15 15 19 25 00  (ciphertext)
       B  A  A  G  M  I  D  B  J  X  V  P  P  T  Z  A


Decryption of the ciphertext, BAAGMIDBJXVPPTZA, returns the plaintext, THEQUICKBROWNFOX, as follows:

       BAAGMIDBJXVPPTZA
(+)   SHEAIAZJSUTHYMPX
_______________________
       THEQUICKBROWNFOX
that is:
      01 00 00 06 12 08 03 01 09 23 21 15 15 19 25 00  (ciphertext)
(+)  18 07 04 00 08 00 25 09 18 20 19 07 24 12 15 23  (decryption-key)
_____________________________________________________
      19 07 04 06 20 08 02 10 01 17 14 22 13 05 14 23  (plaintext)


The next message between sender and receiver begins with the key, DAYINAPRILANDTHECLOCKSWERESTRIKINGTHIRTEENWINSTONSMITHHISCHINNUZZLED....
      The one-time-pad has the advantage of simplicity and relative security, but it requires the maintenance of a large key, which sender and receiver must maintain in synchrony.
What is the U. S. DATA ENCRYPTION STANDARD (USDES)?
The U. S. DATA ENCRYPTION STANDARD (USDES), equivalent to the DATA ENCRYPTION ALGORITHM (DEA) by the American National Standards Institute (ANSI), and DEA-1 by the International Standards Organization (ISO), has been a worldwide standard for data encryption for over two decades. In the May 15, 1973, Federal Register, the U. S. National Institute for Standards and Technology (NIST, formerly U. S. National Bureau of Standards), issued a public request for a data encryption algorithm, which ultimately evolved into USDES.
      In USDES, the plaintext is converted into a sequence of bits (0s and 1s), in blocks of 64 bits apiece, padded with trailing 0s in case the message is not an even multiple of 64. For example, in the Latin-1 character set for the American Standard Code for Information Interchange (ASCII), which is the International Standards Organization (ISO) standard ....., an 8-bit-sequence, in which 00100001 is A, 00100010 is B, 00100011 is C, 00010000 is blank-space, 00010001 is !, etc.
      A 64-bit block of plaintext enters USDES, and a 64-bit block of ciphertext is returned by the algorithm. The same algorithm and key are used for both encryption and decryption, with minor changes. The key length is 56 bits. (The key is expressed as a 64-bit number, but every eighth bit is an internal arithmetic check, and not used by the encryption algorithm.) The algorithm is completely public. All security resides within the key.
      After initial permutation of the plaintext, the block is broken into a left and right half, 32 bits apiece. Then there are 16 rounds of identical operations, in which data are combined within the key. The resulting right and left halves are joined, and a final permutation concludes the calculation. The patent belongs to IBM. Nowadays, various implementations of USDES are in widespread use, including as a built-in function in PERL.
      In USDES, the plaintext is converted into a sequence of bits (0s and 1s), in blocks of 64 bits apiece, padded with trailing 0s in case the message is not an even multiple of

Page : 1 Next >>