History is punctuated with codes.
They have decided
the outcomes of battles and led to the deaths of kings
and queens.
— Simon Singh,
The Code Book
Introduction to Cryptography

❖
Greek: “krypto” = hide
❖
Cryptology: science of hiding
➡
cryptography + cryptanalysis + steganography
❖
Cryptography: secret writing
❖
Cryptanalysis: analyzing (breaking) secrets
•
Decipher (decryption) is what
we
do
•
Cryptanalysis is what
they
do
W
hat is cryptology?
2

❖
“Covered” messages
❖
Technical steganography
•
Invisible ink, shaved heads, microdots
❖
Linguistic steganography
•
“Open code”: secret message appears innocent
•
“East wind rain” = war with USA
•
Broken dolls in weII
•
Hide message in low-order bits in images
Steganography
3

❖
Cryptology is a branch of mathematics
•
Lots of formal representation
•
Proofs about encryption are possible
❖
Security is a system issue
•
Easiest way to violate security is through people!
•
Security uses cryptology and other tools
•
Difficult to prove things about security
Cryptology vs. security
4

Terminology
5
5
Alice
Bob
Eve
Insecure
Channel
C
= E(
P
)
P
= D(
C
)
E must be invertible
Encrypt
Ciphertext
Decrypt
Plaintext
Plaintext

❖
Cryptography always involves two things
•
Transformation
•
Secret
❖
Security should depend only on the secrecy of the key
•
Assume the enemy can get the algorithm
•
Can capture machines (or people), disassemble programs, etc.
•
Very expensive and difficult to invent a new algorithm if the old one might
have been compromised
•
Security through obscurity
isn’t
•
Look at history of examples
•
Better to have scrutiny by open experts
❖
“The enemy knows the system being used.” (Claude Shannon)
Kerckhoff’s Principle
6

Alice and Bob
7
Alice
Bob
KE
KD
KE = KD
➠
symmetric
encryption
KE
≠
KD
➠
asymmetric
encryption
C = E(KE, P) = E
KE
(P)
P = D(KD, C) = D
KD
(C)
Insecure
Channel
Encrypt
Ciphertext
Decrypt
Plaintext
Plaintext

❖
Three basic types of algorithms
•
Symmetric (shared) key encryption
•
Asymmetric (public key) encryption
•
Secure hash functions
❖
For each type of algorithm, many choices
•
Symmetric key: DES, AES, Blowfish, RC5, RC6
•
Asymmetric key: RSA, El-Gamal, elliptic curve
•
Secure hash function: MD5, SHA-1, SHA-256, RIPEMD
❖
Different implementations within a type of algorithm share many
characteristics
•
Goal, approach are similar
•
Specific implementation details may differ
❖
Good books on algorithms include
Applied Cryptography
(somewhat dated) and
Cryptography Engineering
Overview
of modern cryptography
8

❖
Encryption key and decryption key are identical
❖
Strength of algorithm is usually proportional to 2
key_
length
•
Assumes a truly random key!
❖
Algorithm is usually fast
•
Under 20 cycles per byte for many algorithms
•
1000+ MB/s possible on today’s CPUs (often limited by memory speed!)
•
Straightforward to build hardware to run the algorithm
•
Newer CPUs often have instructions to help (e.g., AES on x86)
❖
Decryption may be the same algorithm as encryption, but isn’t always
Symmetric key encryption
9
KS
KS
Alice
Bob
Insecure
Channel
Encrypt
Ciphertext
Decrypt
Plaintext
Plaintext

❖