Department of Computer Science & Engineering

CSE-411 Cryptography
Instructor : Dr. Ahmed Gomaa

Fall, 2024
 GENERAL INFORMATION

CSE 411 - Cryptography

Level Under-Graduate
Pre-requisites MTH 211 + CSE 312 ( Probability and Statistics + Discrete Mathematics).

Course web-page Blackboard

Schedule
Thursday 10:45 – 12:15 pm , Office Hours : TBD
Attendance Policy A minimum of 75% attendance is expected.

Instructor contact [email protected]

Grading Scheme Final Exam - 50 %

Mid Term Exam - 20 %
Assignments - 20 % Project – 10%
 GENERAL INFORMATION

CSE 411 - Cryptography

Course The course provides an introduction to cryptographic techniques ,definition of perfect

Overview and computational secrecy; one-way functions; computational number theory; random
sequences and generators; symmetric and asymmetric cryptosystems; identification
systems and digital signatures; zero-knowledge proofs; advanced topics such as elliptic
curves and quantum cryptography.
Expected  apply modular arithmetic mathematic and basic group theoretic/finite field operations
Outcome
related to cryptographic techniques.
 understand basic concepts and algorithms of cryptography, including
encryption/decryption, hash functions, pseudo random number generation.
 make critique and assessment on the security of cryptographic functions, and evaluate their
strength.
 create and analyze protocols for various security objectives with cryptographic tools.
 develop an ability to explore and analyse the impact of potential future development of
cryptography such as quantum cryptography.
 GENERAL INFORMATION

CSE 411 - Cryptography

Recommended 1. “Introduction to Modern Cryptography”, 2nd edition, by Jonathan Katz and Jonathan Katz
References 2. A Graduate Course in Applied Cryptography (V 0.5), by D. Boneh and V. Shoup.

Disclaimer Slides throughout the course are based on the textbooks above and some slides will be
modified from the slides made available by the above mentioned textbook publishers &
authors.

Copyright © 2016 Elsevier

Cryptography
Lecture 1
Course Overview
 Welcome

Course objectives:
• Learn how crypto primitives work
• Learn how to use them correctly and reason about security

My recommendations:
• Take notes
 Course goals

• Understand the theoretical basis for real-

world crypto
• When you encounter crypto in your career:
– Understand the key terms
– Understand the security guarantees
needed/provided
– Know how to use crypto
– Understand what goes on “under the hood”
• “Crypto mindset”
 Cryptography is everywhere

Secure communication:
– web traffic: HTTPS
– wireless traffic: 802.11i WPA2 (and WEP), GSM, Bluetooth

Encrypting files on disk: EFS, TrueCrypt

Content protection (e.g. DVD, Blu-ray): CSS, AACS

User authentication

… and much much more

Secure communication

no eavesdropping
no tampering
 Secure Sockets Layer / TLS

Two main parts

1. Handshake Protocol: Establish shared secret key

using public-key cryptography

2. Record Layer: Transmit data using shared secret key

Ensure confidentiality and integrity
 Protected files on disk
Disk

Alice File 1 Alice

No eavesdropping
No tampering
File 2

Analogous to secure communication:

Alice today sends a message to Alice tomorrow
 Building block: sym. encryption
Alice Bob
m E(k,m)=c c D(k,c)=m
E D

k k

E, D: cipher k: secret key (e.g. 128 bits)

m, c: plaintext, ciphertext

Encryption algorithm is publicly known

• Never use a proprietary cipher
 Use Cases

Single use key: (one time key)

• Key is only used to encrypt one message
• encrypted email: new key generated for every email

Multi use key: (many time key)

• Key used to encrypt multiple messages
• encrypted files: same key used to encrypt many files

• Need more machinery than for one-time key

 Things to remember

Cryptography is:
– A tremendous tool
– The basis for many security mechanisms

Cryptography is not:
– The solution to all security problems
– Reliable unless implemented and used properly
– Something you should try to invent yourself
• many many examples of broken ad-hoc designs
What is cryptography?
 Crypto core Talking to
Talking to
Alice
Bob

Secret key establishment: Alice

Bob

attacker???

Secure communication: k m1
k
m2
confidentiality and integrity
 But crypto can do much more

• Digital signatures

• Anonymous communication
Alice
Who did I signature
just talk to?

Alice
Bob
 But crypto can do much more
• Digital signatures

• Anonymous communication

• Anonymous digital cash

– Can I spend a “digital coin” without anyone knowing who I am?
– How to prevent double spending?
Who was
1$ Alice that?
Internet
(anon. comm.)
 Crypto magic
• Privately outsourcing computation What did she
search for?
search
query E[ query ]
Alice

E[ results ]
results

• Zero knowledge (proof of knowledge)

???

Alice I know the factors of N !!

N=p∙q N
proof π Bob
 A rigorous science

The three steps in cryptography:

• Precisely specify threat model

• Propose a construction

• Prove that breaking construction under

threat mode will solve an underlying hard problem
 History

David Kahn, “The code breakers” (1996)

 Cryptography (historically)

“…the art of writing or solving codes…”

• Historically, cryptography focused exclusively on ensuring

private communication
between two parties sharing secret information in advance
using “codes” (aka
private-key encryption)
Classical Cryptography
 Motivation

• Allows us to “ease into things…,” introduce notation

• Shows why unprincipled approaches are dangerous
• Illustrates why things are more difficult than they may appear
 Classical cryptography

• Until the 1970s, exclusively concerned with ensuring secrecy of

communication

• I.e., encryption
 Classical cryptography

• Until the 1970s, relied exclusively on secret information (a key)

shared in advance between the communicating parties

Private-key cryptography
– aka secret-key / shared-key / symmetric-key cryptography
 Private-key encryption
key key
ciphertext

c
k k

m
c  Enck(m) message/plaintext m := Deck(c)

decryption
encryption
 Private-key encryption

k
c
m
c := Enck(m)
c
c
k

m := Deck(c)
 Private-key encryption

• A private-key encryption scheme is defined by a message space

M and algorithms (Gen, Enc, Dec):
– Gen (key-generation algorithm): outputs kK
– Enc (encryption algorithm): takes key k and message
mM as input; outputs ciphertext c
c  Enck(m)
– Dec (decryption algorithm): takes key k and
ciphertext c as input; outputs m or “error”
m := Deck(c) For all mM and k output by Gen,
Deck(Enck(m)) = m
 The shift cipher

• Consider encrypting English text

• Associate ‘a’ with 0; ‘b’ with 1; …; ‘z’ with 25

• k  K = {0, …, 25}
• To encrypt using key k, shift every letter of the plaintext by k
positions (with wraparound)
• Decryption just does thehelloworldz
reverse
ccccccccccc
jgnnqyqtnfb
 Modular arithmetic

• x = y mod N if and only if N divides x-y

• [x mod N] = the remainder when x is divided by N
– I.e., the unique value y{0, …, N-1} such that
x = y mod N

• 25 = 35 mod 10
• 25 ≠ [35 mod 10]
• 5 = [35 mod 10]
 The shift cipher, formally

• M = {strings over lowercase English alphabet}

• Gen: choose uniform k{0, …, 25}
• Enck(m1…mt): output c1…ct, where
ci := [mi + k mod 26]
• Deck(c1…ct): output m1…mt, where
mi := [ci - k mod 26]

• Can verify that correctness holds…

 Is the shift cipher secure?

• No -- only 26 possible keys!

– Given a ciphertext, try decrypting with every
possible key
– Only one possibility will “make sense”
– (What assumptions are we making here?)

• Example of a “brute-force” or “exhaustive-

search” attack
 Example

• Ciphertext uryybjbeyq
• Try every possible key…
– tqxxaiadxp
– spwwzhzcwo
–…
– helloworld
Symmetric Ciphers
 Few Historic Examples (all badly broken)

1. Substitution cipher
Caesar Cipher (no key)
What is the size of key space in the substitution cipher assuming 26 letters?

|𝒦| = 26

𝒦 = 26! (26 factorial)

|𝒦| = 226

|𝒦| = 262
 How to break a substitution cipher?

What is the most common letter in English text?

“X”
“L”
“E”
“H”
 How to break a substitution cipher?

(1) Use frequency of English letters

(2) Use frequency of pairs of letters (digrams)

 An Example

UKBYBIPOUZBCUFEEBORUKBYBHOBBRFESPVKBWFOFERVNBCVBZPRUBOFERVNBCVBPCYYFVUFOF
EIKNWFRFIKJNUPWRFIPOUNVNIPUBRNCUKBEFWWFDNCHXCYBOHOPYXPUBNCUBOYNRVNIWNC
POJIOFHOPZRVFZIXUBORJRUBZRBCHNCBBONCHRJZSFWNVRJRUBZRPCYZPUKBZPUNVPWPCYVFZI
XUPUNFCPWRVNBCVBRPYYNUNFCPWWJUKBYBIPOUZBCUIPOUNVNIPUBRNCHOPYXPUBNCUBOY
NRVNIWNCPOJIOFHOPZRNCRVNBCUNENVVFZIXUNCHPCYVFZIXUPUNFCPWZPUKBZPUNVR

B 36  E NC 11  IN UKB 6  THE
N 34 PU 10  AT RVN 6
U 33  T UB 10 FZI 4
P 32  A UN 9 trigrams
C 26 digrams
 2. Rotor Machines (1870-1943)

Early example: the Hebern machine (single rotor)

A K E N
B S K E
C T S K
. . T S
. . . T
X R . .
Y N R .
Z key E N R
 Rotor Machines (cont.)

Most famous: the Enigma (3-5 rotors)

# keys = 264 = 218 (actually 236 due to plugboard)

 3. Data Encryption Standard (1974)

DES: # keys = 256 , block size = 64 bits

Today: AES (2001), Salsa20 (2008) (and many others)

 Modern cryptography

• Much broader scope!

– Data integrity, authentication, protocols, …
– The public-key setting
– Group communication
– More-complicated trust models
– Foundations (e.g., number theory, quantum-resistance) to systems
(e.g., electronic voting, blockchain, cryptocurrencies)
 Modern cryptography

Design, analysis, and implementation of mathematical techniques for

securing information, systems, and distributed computations against
adversarial attack
 Cryptography (historically)

“…the art of writing or solving codes…”

• Historically, cryptography was an art

– Heuristic, unprincipled design and analysis
– Schemes proposed, broken, repeat…
 Modern cryptography

• Cryptography is now much more of a science

– Rigorous analysis, firm foundations, deeper understanding, rich
theory

• The “crypto mindset” has permeated

other areas of computer security
– Threat modeling
– Proofs of security
 Cryptography (historically)

• Used primarily for military/government applications, plus a few

niche applications in industry (e.g., banking)
 Modern cryptography

• Cryptography is ubiquitous!
– Password-based authentication, password hashing
– Secure credit-card transactions over the internet
– Encrypted WiFi
– Disk encryption
– Digitally signed software updates
– Bitcoin
–…
 Rough course outline

Secrecy Integrity
Private-key setting Private-key Message
encryption authentication codes
Public-key setting Public-key Digital signatures
encryption

• Building blocks
– Pseudorandom (number) generators
– Pseudorandom functions/block ciphers
– Hash functions
– Number theory
Discrete Probability
U: finite set (e.g. U = {0,1}n )

Def: Probability distribution P over U is a function P: U ⟶ [0,1]

such that Σ P(x) = 1
x∈U
Examples:
1. Uniform distribution: for all x∈U: P(x) = 1/|U|
2. Point distribution at x0: P(x0) = 1, ∀x≠x0: P(x) = 0

Distribution vector: ( P(000), P(001), P(010), … , P(111) )

 Events

• For a set A ⊆ U: Pr[A] = Σx∈AP(x) ∈ [0,1]

note: Pr[U]=1
• The set A is called an event
The union bound

A1
A2
 Random Variables

Def: a random variable X is a function X:U⟶V

Example: X: {0,1}n ⟶ {0,1} ; X(y) = lsb(y) ∈{0,1}

U V
For the uniform distribution on U: lsb=0 0
Pr[ X=0 ] = 1/2 , Pr[ X=1 ] = 1/2
lsb=1 1

More generally:
rand. var. X induces a distribution on V: Pr[ X=v ] := Pr[ X-1(v) ]
 The uniform random variable

Let U be some set, e.g. U = {0,1}n

R
We write r ⟵ U to denote a uniform random variable over U

for all a∈U: Pr[ r = a ] = 1/|U|

( formally, r is the identity function: r(x)=x for all x∈U )

Let r be a uniform random variable on {0,1}2

Define the random variable X = r1 + r2

Then Pr[X=2] = ¼

Hint: Pr[X=2] = Pr[ r=11 ]

 Randomized algorithms
inputs outputs
• Deterministic algorithm: y ⟵ A(m)

• Randomized algorithm m
A(m)
y ⟵ A( m ; r ) where r ⟵ {0,1} n
R

output is a random variable

y⟵
R A( m )
m
A(m)
Example: A(m ; k) = E(k, m) , y⟵
R
A( m )
U: finite set (e.g. U = {0,1}n )

Prob. distr. P over U is a function P: U ⟶ [0,1] s.t. Σ

x∈U
P(x) = 1

A ⊆ U is called an event and Pr[A] = Σ

x∈A
P(x) ∈ [0,1]

A random variable is a function X:U⟶V .

X takes values in V and defines a distribution on V
 Independence

Def: events A and B are independent if Pr[ A and B ] = Pr[A] ∙ Pr[B]

random variables X,Y taking values in V are independent if
∀a,b∈V: Pr[ X=a and Y=b] = Pr[X=a] ∙ Pr[Y=b]

2
Example: U = {0,1} = {00, 01, 10, 11} and r⟵
R
U

Define r.v. X and Y as: X = lsb(r) , Y = msb(r)

Pr[ X=0 and Y=0 ] = Pr[ r=00 ] = ¼ = Pr[X=0] ∙ Pr[Y=0]

Thank You