introduction to cryptology
play

Introduction to Cryptology Laboratory for cryptologic algorithms - PDF document

Nov 27, 2023 •354 likes •959 views

Introduction to Cryptology Laboratory for cryptologic algorithms Arjen K. Lenstra What is Cryptology? The art and science of secret writing What this talk could be: ------------------------------------

  1. Introduction to Cryptology Laboratory for cryptologic algorithms Arjen K. Lenstra

  2. What is Cryptology? ‘The art and science of secret writing’ What this talk could be: ------------------------------------ ---------------------------------------------------- How the basics of cryptology work What this talk is: How the basics of cryptology don’t work

  3. Context Cryptology is crucial to achieve Information Security Some other issues on which Information Security depends: users, employees, passwords, confusion, lethargy, incompetence, stupidity, inertia, policies and their enforcement, regulations, legislation, jurisdiction, juries, monitoring, auditing, risk management, profits/losses, liabilities, business considerations, access control, verification, operating systems, implementation, software, patches, networks, legacy systems, errors, hackers, viruses, public relations, public perception, conventions, physical protection, standards, fear, …

  4. Why is cryptology interesting? • Crypto: strongest link in information security • Obviously: like to keep it that way • But: many aspects we have no clue about! Interesting because: • Lots of challenging problems with impact on real life • Covers broad range of mathematics and computer science • Nothing can be taken for granted: lots of surprises

  5. Examples of current cluelessness 1. The current hashing nightmare 2. The case of the Advanced Encryption Standard 3. Public Key Crypto: mathematics or religion? 4. Cryptography related products

  6. The current hashing nightmare ‘Hashing’: • A way to quickly, uniquely identify a document • Comparable to a fingerprint: of fixed small size • Tiny change in document leads to a completely different hash

  7. The current hashing nightmare ‘Hashing’: • A way to quickly, uniquely identify a document • Comparable to a fingerprint: of fixed small size • Tiny change in document leads to a completely different hash • Lots of other nice properties: – Given the hash, can’t construct the document – Can’t make two documents with same hash – …

  8. Aside: hash versus encryption Hashing and encrypting are totally different things: • Hashing a document of any size: – always results in a fingerprint of the same small size – fingerprint cannot be used to reconstruct document • Encrypting a document: – results in an encryption of about the same size – encryption used to reconstruct original document

  9. Aside: hash versus encryption Hashing and encrypting are totally different things: • Hashing a document of any size: – always results in a fingerprint of the same small size – fingerprint cannot be used to reconstruct document • Encrypting a document: – results in an encryption of about the same size – encryption used to reconstruct original document So, what are hashes good for? to identify data/docs/software succinctly

  10. ‘Popular’ hashes Popular? • Early 1990s: Both by Ron Rivest – MD4 – MD5 • Mid 1990s: Both by – SHA NSA, based on MD4/MD5 – SHA1

  11. Relevant related events • Almost right away: MD4 considered weak, not used • mid 1990s: MD5 ‘suspicious’, but widely used • SHA mysteriously updated to SHA1 • Everyone happy with SHA1 (and some with MD5) • 2002: announcement of SHA2, extension of SHA1

  12. Relevant related events • Almost right away: MD4 considered weak, not used • mid 1990s: MD5 ‘suspicious’, but widely used • SHA mysteriously updated to SHA1 • Everyone happy with SHA1 (and some with MD5) • 2002: announcement of SHA2, extension of SHA1 • Fall of 2004: (US) National – MD4 disastrously weak Institute of Standards and – MD5 very weak Technology – SHA weak • February 7 ’05, NIST: don’t worry, SHA1&2 are fine!

  13. Relevant related events • Almost right away: MD4 considered weak, not used • mid 1990s: MD5 ‘suspicious’, but widely used • SHA mysteriously updated to SHA1 • Everyone happy with SHA1 (and some with MD5) • 2002: announcement of SHA2, extension of SHA1 • Fall of 2004: (US) National – MD4 disastrously weak Institute of Standards and – MD5 very weak Technology – SHA weak • February 7 ’05, NIST: don’t worry, SHA1&2 are fine! • February 14 ‘05: SHA1 weaker than expected

  14. What happened? 2004/2005: Xiaoyun Wang ‘broke’ almost all hashes in sight (and, strangely, all cryptologists loved it!)

  15. Something weird in cryptology • Why did Xiaoyun Wang break all our hashes? • Shouldn’t she be locked up?

  16. Something weird in cryptology • Why did Xiaoyun Wang break all our hashes? • Shouldn’t she be locked up? If, in crypto, you manage to destroy others’ toys: • (research-)people love and appreciate it • it’s a sign of progress (even if results may be disastrous)

  17. The ‘after Wang’ era • SHA1 definitely on the way out • SHA2 no longer fully trusted either But : SHA1 and SHA2 are essentially all we have • Good hashes are crucial for applications • At this point no one has a clue what to do

  18. This just in from NIST March 15, 2006: The SHA-2 family of hash functions (i.e., SHA-224, SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all applications using secure hash algorithms. Federal agencies should stop using SHA-1 for digital signatures, digital time stamping and other applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010.

  19. AES (Advanced Encryption Standard): The case of AES

  20. Intermezzo What is an Encryption Standard supposed to do? • Communicating parties A and B share a key K • A uses K to quickly encrypt any volume of data • The encrypted data is sent over public channels • Only B can decrypt it and retrieve the data (Most likely you’ve used it often)

  21. AES (Advanced Encryption Standard): The case of AES

  22. The case of AES AES (Advanced Encryption Standard): The successor of DES (Data Encryption Standard) DES: • Designed in the mid 1970s, mostly by the NSA • Regarded with utmost suspicion for a long time • Still ‘unbroken’, but by late 1990s too weak due to increasing computer speed

  23. Finding a successor for DES 1997, NIST opted for open public design competition: • Free exploitation of public know-how • Avoid suspicion about cooked design

  24. Finding a successor for DES 1997, NIST opted for open public design competition: • Free exploitation of public know-how • Avoid suspicion about cooked design This turned out to be very successful approach • At least 20 proposals from researchers worldwide • Proposals presented to each other – some cracked • Resulted in 5 finalists in 2000

  25. The five finalists • MARS: IBM team with Don Coppersmith • RC6: RSA team with Ron Rivest • Rijndael: BE team Vincent Rijmen & Joan Daemen • Serpent: DK/IL/UK team with Eli Biham • Twofish: private US team with Bruce Schneier

  26. And the winner was… Rijndael, the one no one can pronounce (other names considered: ‘koeieuier’ and ‘angstschreeuw’) • Soon ‘all’ our communications will be protected by a Belgian cipher • Let’s keep our fingers crossed that AES = Rijndael is indeed as strong as we hope it to be

  27. Cryptanalytic progress against AES? No effective breaks affecting the AES algorithm yet: finding a secret key is computationally infeasible

  28. Cryptanalytic progress against AES? No effective breaks affecting the AES algorithm yet: finding a secret key is computationally infeasible How infeasible?

  29. Cryptanalytic progress against AES? No effective breaks affecting the AES algorithm yet: finding a secret key is computationally infeasible How infeasible? Effort 2 128 , that’s more than 3 × 10 38

  30. Cryptanalytic progress against AES? No effective breaks affecting the AES algorithm yet: finding a secret key is computationally infeasible How infeasible? Effort 2 128 , that’s more than 3 × 10 38 Why would that be hard?

  31. Cryptanalytic progress against AES? No effective breaks affecting the AES algorithm yet: finding a secret key is computationally infeasible How infeasible? Effort 2 128 , that’s more than 3 × 10 38 Why would that be hard? PCs run at 4GHz, say 1000GHz: 10 12 ops/sec

  32. Cryptanalytic progress against AES? No effective breaks affecting the AES algorithm yet: finding a secret key is computationally infeasible How infeasible? Effort 2 128 , that’s more than 3 × 10 38 Why would that be hard? PCs run at 4GHz, say 1000GHz: 10 12 ops/sec fewer than 3 × 10 7 sec/year: 3 × 10 19 ops/year

  33. Cryptanalytic progress against AES? No effective breaks affecting the AES algorithm yet: finding a secret key is computationally infeasible How infeasible? Effort 2 128 , that’s more than 3 × 10 38 Why would that be hard? PCs run at 4GHz, say 1000GHz: 10 12 ops/sec fewer than 3 × 10 7 sec/year: 3 × 10 19 ops/year 10 10 people, each 1000 PCs: 3 × 10 32 ops/year

Recommend

Cryptology Cryptology = Cryptography + Cryptanalysis Usage: SSL/TLS, ssh, gpg GSM, Wifi,

Cryptology Cryptology = Cryptography + Cryptanalysis Usage: SSL/TLS, ssh, gpg GSM, Wifi,

An introduction to Cryptology 1 2015/03/ EMA, Franceville, Gabon Damien Robert quipe LFANT, Inria Bordeaux Sud-Ouest Institut de Mathmatiques de Bordeaux quipe MACISA, Laboratoire International de Recherche en Informatique et

809 views • 61 slides
Security building blocks: cryptology Markus Peuhkuri 2005-02-08 Lecture topics Cryptology

Security building blocks: cryptology Markus Peuhkuri 2005-02-08 Lecture topics Cryptology

Security building blocks: cryptology Markus Peuhkuri 2005-02-08 Lecture topics Cryptology Encryption Secure hash Security and cryptology Information security = crypto? A significant art by

422 views • 7 slides
CRYPTOLOGY WITH CRYPTOOL 1 Practical Introduction to Cryptography and Cryptanalysis Scope,

CRYPTOLOGY WITH CRYPTOOL 1 Practical Introduction to Cryptography and Cryptanalysis Scope,

CRYPTOLOGY WITH CRYPTOOL 1 Practical Introduction to Cryptography and Cryptanalysis Scope, Technology, and Future of CrypTool 1.4.xx Prof. Bernhard Esslinger and the CrypTool Team www.cryptool.org (Updated: 19 September 2017, with release CT

1.22k views • 121 slides
Introduction to Cryptology: confidentiality, integrity, authenticity 2015/12 Yaound,

Introduction to Cryptology: confidentiality, integrity, authenticity 2015/12 Yaound,

Introduction to Cryptology: confidentiality, integrity, authenticity 2015/12 Yaound, Cameroun Damien Robert quipe LFANT, Inria Bordeaux Sud-Ouest Institut de Mathmatiques de Bordeaux quipe MACISA, Laboratoire International de

753 views • 53 slides
Grbner Bases: a Tools for Cryptology Jean-Charles Faugre PolSys - INRIA/UPMC ECRYPT II

Grbner Bases: a Tools for Cryptology Jean-Charles Faugre PolSys - INRIA/UPMC ECRYPT II

Grbner Bases: a Tools for Cryptology Jean-Charles Faugre PolSys - INRIA/UPMC ECRYPT II Summer School on Tools 2012 Plan Grbner Bases: a Tools for Cryptology Introduction to Algebraic Cryptanalysis and Grbner bases. Part I

1.26k views • 104 slides
Information Transmission Chapter 6 Cryptology OVE EDFORS ELECTRICAL AND INFORMATION TECHNOLOGY

Information Transmission Chapter 6 Cryptology OVE EDFORS ELECTRICAL AND INFORMATION TECHNOLOGY

1 Information Transmission Chapter 6 Cryptology OVE EDFORS ELECTRICAL AND INFORMATION TECHNOLOGY Learning outcomes After this lecture the student should undertand what cryptology is and how it is used, be familiar with the crypto

307 views • 18 slides
Seminar 1: Introduction Helger Lipmaa Helsinki University of Technology

Seminar 1: Introduction Helger Lipmaa Helsinki University of Technology

T-79.514 Special Course on Cryptology Seminar 1: Introduction Helger Lipmaa Helsinki University of Technology http://www.tcs.hut.fi/helger T-79.514 Special Course in Cryptology, 10.09.2003 Seminar 1: Introduction, Helger Lipmaa 1 Overview

721 views • 13 slides
PBIBD and its applications in Cryptology Bimal Roy Indian Statistical Institute www.isical.ac.in/

PBIBD and its applications in Cryptology Bimal Roy Indian Statistical Institute www.isical.ac.in/

PBIBD and its applications in Cryptology Bimal Roy Indian Statistical Institute www.isical.ac.in/ bimal In this talk ... We will first describe the combinatorial framework of PBIBD And then proceed to show its applications in Cryptology 1.

578 views • 29 slides
A New Publication Model for FSE: IACR Transactions on Symmetric Cryptology (ToSC) Bart Preneel

A New Publication Model for FSE: IACR Transactions on Symmetric Cryptology (ToSC) Bart Preneel

Rump Session 2016 A New Publication Model for FSE: IACR Transactions on Symmetric Cryptology (ToSC) Bart Preneel COSIC KU Leuven and iMinds FSE ToSC Fast Software Encryption IACR Transactions on Symmetric Cryptology =

303 views • 5 slides
Dynamic, Metamorphic (and opensource) Virtual Machines A. Desnos ESIEA - Operational Cryptology

Dynamic, Metamorphic (and opensource) Virtual Machines A. Desnos ESIEA - Operational Cryptology

Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Dynamic, Metamorphic (and opensource) Virtual Machines A. Desnos ESIEA - Operational Cryptology and Virology Laboratory (CVO) 38 rue des Dr Calmette et Gurin,

1.21k views • 75 slides
Message authentication and cryptographic hashing 2MMC10 Cryptology Andreas H ulsing

Message authentication and cryptographic hashing 2MMC10 Cryptology Andreas H ulsing

Message authentication and cryptographic hashing 2MMC10 Cryptology Andreas H ulsing September 20, 2018 A. H ulsing 2MMC10 Cryptology 1 / 12 Message authentication Sometimes we want more than secrecy! Acknowledgement of receipt,

262 views • 22 slides
MACISA Mathematics applied to cryptology and information security in Africa 2014/09/24

MACISA Mathematics applied to cryptology and information security in Africa 2014/09/24

MACISA Mathematics applied to cryptology and information security in Africa 2014/09/24 LIRIMA Evaluation Seminar, Paris Tony Ezome, Damien Robert quipe LFANT, Inria Bordeaux Sud-Ouest Context High need for secure communications

468 views • 17 slides
Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY Plaintext Cyphertext More definitions block cipher stream cipher hash function shared key public key digital signature

383 views • 16 slides
Shortest Vector from Lattice Sieving: a Few Dimensions for Free eo Ducas 1 L Cryptology Group,

Shortest Vector from Lattice Sieving: a Few Dimensions for Free eo Ducas 1 L Cryptology Group,

Shortest Vector from Lattice Sieving: a Few Dimensions for Free eo Ducas 1 L Cryptology Group, CWI, Amsterdam, The Netherlands EUROCRYPT 2018 Tel Aviv, April 30th 1 Supported by a Veni Innovational Research Grant from NWO (639.021.645). L

905 views • 40 slides
Modern Cryptology: from public key cryptography to homomorphic encryption 2015/12 Yaound,

Modern Cryptology: from public key cryptography to homomorphic encryption 2015/12 Yaound,

Modern Cryptology: from public key cryptography to homomorphic encryption 2015/12 Yaound, Cameroun Damien Robert quipe LFANT, Inria Bordeaux Sud-Ouest Institut de Mathmatiques de Bordeaux quipe MACISA, Laboratoire International de

960 views • 46 slides
Proposal for Translating Cryptology Terms to Hebrew Yossi Markovitz initiated this list. Ron

Proposal for Translating Cryptology Terms to Hebrew Yossi Markovitz initiated this list. Ron

Proposal for Translating Cryptology Terms to Hebrew Yossi Markovitz initiated this list. Ron Irmai, Shraga Irmai, Adi Shamir, Moti Yung, Orr Dunkelman and Roni Roth contributed various terms and had var- ious suggestions that improved this list.

542 views • 10 slides
Quantum Supremacy and Its Implication to Cryptology Arpita Maitra TCG Centre for Research and

Quantum Supremacy and Its Implication to Cryptology Arpita Maitra TCG Centre for Research and

Quantum Supremacy and Its Implication to Cryptology Arpita Maitra TCG Centre for Research and Education in Science and Technology [arpita76b@gmail.com] August 27, 2020 Arpita Maitra Quantum Supremacy Controversy: Supremacy Or Advantage!

929 views • 63 slides
Performance of Privacy-Enhancing Cryptography on Smartphones BUT Cryptology Research Group Dr.

Performance of Privacy-Enhancing Cryptography on Smartphones BUT Cryptology Research Group Dr.

About Us ABCs Conclusion Performance of Privacy-Enhancing Cryptography on Smartphones BUT Cryptology Research Group Dr. Jan Hajny SIX Research Centre Brno University of Technology hajny@feec.vutbr.cz http://crypto.utko.feec.vutbr.cz Dr.

656 views • 13 slides
Grbner Bases. Applications in Cryptology Algorithms Buchberger and Macaulay Ecient

Grbner Bases. Applications in Cryptology Algorithms Buchberger and Macaulay Ecient

Grbner - Crypto J.-C. Faugre Plan Grbner bases: properties Zero dim solve Grbner Bases. Applications in Cryptology Algorithms Buchberger and Macaulay Ecient Algorithms F 5 algorithm Jean-Charles Faugre Complexity result

2.52k views • 183 slides
Cryptography Basics Part 1: Concepts Cryptology: Contents Cryptography goals Encryption

Cryptography Basics Part 1: Concepts Cryptology: Contents Cryptography goals Encryption

Cryptography Basics Part 1: Concepts Cryptology: Contents Cryptography goals Encryption principles Encryption quality Cryptography Public key cryptography The art of making Next week: Example algorithms DES, AES, AES

893 views • 78 slides
Pre-Quantum Information Theory Goutam Paul Cryptology and Security Research Unit, Indian

Pre-Quantum Information Theory Goutam Paul Cryptology and Security Research Unit, Indian

Pre-Quantum Information Theory Goutam Paul Cryptology and Security Research Unit, Indian Statistical Institute, Kolkata February 9, 2016 Lecture at International School and Conference on Quantum Information, Institute of Physics (IOP),

1.05k views • 92 slides
Linear Cryptanalysis of Stream Ciphers T-79.514 Special Course on Cryptology Seminar talk Emilia

Linear Cryptanalysis of Stream Ciphers T-79.514 Special Course on Cryptology Seminar talk Emilia

Linear Cryptanalysis of Stream Ciphers T-79.514 Special Course on Cryptology Seminar talk Emilia K asper 1 Overview Basic concept of correlation attacks on stream ciphers A correlation attack on the GSM cipher A5/1 A correlation

256 views • 22 slides
Grbner Bases. Applications in Cryptology Description of the Cipher Families Feistel cipher:

Grbner Bases. Applications in Cryptology Description of the Cipher Families Feistel cipher:

Grbner - Crypto J.-C. Faugre Plan Grbner bases: properties Grbner Bases. Applications in Cryptology Description of the Cipher Families Feistel cipher: FLURRY Feistel cipher modelling Jean-Charles Faugre Algorithms Buchberger

694 views • 57 slides
General Terms Cryptography Cryptology Cryptanalysis

General Terms Cryptography Cryptology Cryptanalysis

159 views • 3 slides

More recommend