Computer

security
UNIT 1
CRYPTOGRAP
HY
By: Andrew Mwamba
2024
 Contents
 Introduction to Cryptography
 Classic ciphers
 Caesar Cipher
 Vigenère Cipher
 One-time Pad and Perfect Secrecy
 Vernam cipher
 Pseudo-random functions
 Permutations
 Computational security
 Random bit generation
 Secure hash functions
 Birthday problem
 Introduction
The Internet or the global Internet is the internationally
connected network of computer networks with addresses that are
administrated by IANA (Internet address and Naming Authority).

There are many aspects to security and many applications,

ranging from secure commerce and payments to private
communications and protecting passwords.
One essential aspect for secure communications is that of
cryptography.
 What is Cryptography?
Cryptography derived its name from a Greek word called
“krypto’s” which means “Hidden Secrets”.

Cryptography is the practice and study of hiding information. It

is the Art or Science of converting a plain intelligible data into an
unintelligible data and again retransforming that message into
its original form.

It provides Confidentiality, Integrity, and Accuracy.

 Purpose of Cryptography
 Authentication:
The process of proving one's identity. (The primary forms of
host-to-host authentication on the Internet today are name-
based or address-based, both of which are notoriously weak.)
 Privacy/confidentiality:
Ensuring that no one can read the message except the intended
receiver.
 Integrity:
Assuring the receiver that the received message has not been
altered in any way from the original.
 Non-repudiation:
A mechanism to prove that the sender really sent this message.
Architecture of cryptography
Types of Cryptography
Secret Key Cryptography

• Single key used to encrypt and decrypt.

• Key must be known by both parties.

• Assuming we live in a hostile environment (otherwise - why the

need for cryptography?),
it may be hard to share a secret key.
Public Key Cryptography
One of the keys allocated to each person is called the "public
key", and is published in an open directory somewhere where
anyone can easily look it up, for example by email address.

 Each entity has 2 keys:

 Private Key (a secret)
 Public key (well known).
 Using Keys
 Private keys are used for decrypting.
 Public keys are used for encrypting.
Process of cryptography
TYPES OF CRYPTOGRAPHIC
ALGORITHMS
Public/Private Key Cryptography
 Asymmetric key cryptography overcomes the key
management problem by using different encryption and
decryption key pairs.
 Having knowledge of one key, say the encryption key, is not
sufficient enough to determine the other key - the decryption
key.
 The mathematical relationship between the public/private key
pair permits a general rule:
 any message encrypted with one key of the pair can be
successfully decrypted only with that key's counterpart.
Hash functions
Is a type of one-way function this are fundamental for
much of cryptography.
A one way function - is a function that is easy to
calculate but hard to invert.
It is difficult to calculate the input to the function given
its output.
The precise meanings of "easy" and "hard" can be
specified mathematically.
With rare exceptions, almost the entire field of public
key cryptography rests on the existence of one-way
functions.
Attacks of cryptography
Cipher text only attack
 The only data available is a target cipher text
Known plaintext attack
 A target cipher text
 Pairs of other cipher text and plaintext (say, previously broken or
guessing)
Chosen plaintext attacks
 A target cipher text
 Can feed encryption algorithm with plaintexts and obtain the

matching cipher texts

Chosen cipher text attack
 A target cipher text
 Can feed decryption algorithm with cipher texts and obtain the matching
plaintext matching cipher texts
Classic Crypto
In cryptography, a classical cipher is a type of
cipher that was used historically but for
the most part, has fallen into disuse.
Classical Cryptography:
Classical cryptography is based on the
mathematics and it relies on the
computational difficulty of factorizing large
number.
The security of classical cryptography is based
on the high complexity of the mathematical
problem for the instance factorization of large
number.
Classical Cypher diagram
Terminologies
Encrypt – Encode a message
Decrypt – Decode a message
Plaintext – The message
Ciphertext – The encoded message (called a
“cipher”)
Symmetric – Encode and decode a message
using the same secret
Substitution cipher – Substitute one
character for another
Polyalphabetic cipher – Substitute one
character for another, but uses multiple
substitution alphabets in one cipher
Caesar Cipher
 Simply substitute one letter for another
 Goes back to Egyptian times but contributed to Julius
Caesar
 Caesar Cipher – substitute letters +3 (c is for Caesar)
 A becomes D
 B becomes E
 C becomes F
 ….
 Z becomes C

Plaintext: cybersecurity is fun

Ciphertext: fbehuvhfxulwb lv ixq
Substitution Cipher Variations
• Substitute a different offset, +1,+2,+4, +24…
• Atbash – Wrap the Alphabet (or +25)

Plaintext: If you think you can do a thing or think you can’t

do a thing, you are right.
Ciphertext: ???

• ROT13 is +13 (Originally used to encrypt word documents!)

Fun way to do substitution ciphers
Build a Caesar Cipher Wheel!

When the inner A aligns with the

outer A, this is called position 0.
The key indicates how many
letters to shift each letter. For
example, +4 means to rotate the
inner wheel counter clockwise
such that the inner E aligns to the
outer A
Some More Ciphers to Try….
Ciphertext: lwfhj mtuujw nsajsyji htgtq
Plaintext: ???

Ciphertext: wlmgurmwuzfogurmwzivnvwb
Plaintext: ????

What are some techniques to discover the

cipher?
Why can’t we use these ciphers to secure
our personal information?
One Way to Break the Substitution Cipher:
Frequency Analysis
In a long enough English text, the letters are
distributed approximately as shown in this
graph:
Polybius Square

1 2 3 4 5
1 A B C D E
2 F G H I/J K
3 L M N O P
4 Q R S T U
5 V W X Y Z
Vigenère Cipher
 A shift cipher where every character is shifted differently
based on a code word (key)
 In this example, the key is PIE. Then use the ciphertext
generated from the character before.
 Row = Key, Column =Plaintext, Middle = Ciphertext

Plaintext: VI GENE RE
Key: PI E PI E P I
Ciphertext: K Q K T V I G M
Vigenère Cipher
Alberti Cipher Disk
Created by Italian Leon Battista Alberti
(1404)
Both parties agree on a priming key (inner
circle) – Lets use k
Every time you see a capital letter, you
switch to use that as the priming key

Ft&yxaepQmmepe&vmsGgimhvaahmyiAakz

Alberti was a true renaissance man

Alberti Cipher Disk Diagram
One-time Pad and Perfect Secrecy
• One-time pad
• Perfect secrecy
• Limitation of perfect secrecy
• Usages of one-time pad
One-Time Pad
Fix the vulnerability of the Vigenere cipher by
using very long keys

Key is a random string that is at least as long

as the plaintext
Encryption is similar to shift cipher
Invented by Vernam in the 1920s
OTP
The Binary Version of One-Time Pad
Plaintext space = Ciphtertext space =
Keyspace = {0,1}n
Key is chosen randomly
For example:
Plaintext is 11011011
Key is 01101001
Then ciphertext is 10110010
Bit Operators
Bit AND
00=0 01=0 10=0 11=1

Bit OR
00=0 01=1 10=1 11=1

Addition mod 2 (also known as Bit XOR)

0  0 = 0 01=1 10=1 11=0

Can we use operators other than Bit XOR for

binary version of One-Time Pad?
How Good is One-Time Pad?
Intuitively, it is secure …
 The key is random, so the ciphertext is completely random
How to formalize the confidentiality requirement?
 Want to say “certain thing” is not learnable by the
adversary (who sees the ciphertext). But what is the
“certain thing”?
Which (if any) of the following is the correct
answer?
 The key.
 The plaintext.
 Any bit of the plaintext.
 Any information about the plaintext.
 E.g., the first bit is 1, the parity is 0, or that the
plaintext is not “aaaa”, and so on
Perfect Secrecy: Shannon (Information-
Theoretic) Security
Basic Idea: Ciphertext should provide no
“information” about Plaintext
Have several equivalent formulations:
The two random variables M and C are
independent
Observing what values C takes does not
change what one believes the distribution M is
Knowing what is value of M does not change
the distribution of C
Encrypting two different messages m0 and m1
results in exactly the same distribution.
Perfect Secrecy Definition 1

Definition 2.1 (From textbook). (Gen,Enc,Dec)

over a message space M is perfectly secure if
 probability distribution over M
 message mM
 ciphertext cC for which Pr[C=c] > 0
We have
Pr [M=m | C=c] = Pr [M = m].
Perfect Secrecy Definition 0
Definition. (Gen,Enc,Dec) over a message space
M is perfectly secure if
 probability distribution over M
The random variables M and C are independent.

That is,
 message mM
 ciphertext c C
Pr [M=m C=c] = Pr [M = m] Pr [C = c]
Definition 0 equiv. Definition 1
Definition 0 implies Definition 1
Idea: Given Pr [M=mC=c] = Pr [M = m] Pr [C = c],
for any c such that Pr [C = c] > 0, divide both
sides of the above with Pr [C = c], we have Pr
[M=m | C=c] = Pr [M = m].
Definition 1 implies Definition 0
Idea:  cC s.t. Pr[C=c] > 0
Pr [M=m | C=c] = Pr [M = m], multiple both side by
Pr[C=c], obtain Pr [M=mC=c] = Pr [M = m]
Pr [C = c]
 cC s.t. Pr[C=c] = 0 we have Pr
[M=mC=c] = 0 = Pr [M=m] Pr[C=c]
Perfect Secrecy. Definition 2.
Definition in Lemma 2.2. (Gen,Enc,Dec) over a
message space M is perfectly secure if
 probability distribution over M
 message mM (assuming Pr[M=m]>0)
 ciphertext cC
We have
Pr [C=c | M=m] = Pr [C = c].

Equivalence with Definition 0 straightforward.

Perfect Indistinguishability
Definition in Lemma 2.3. (Gen,Enc,Dec) over a
message space M is perfectly secure if
 probability distribution over M
 messages m0,m1M
 ciphertext cC
We have
Pr [C=c | M=m0] = Pr [C=c | M=m1]

To prove that this definition implies Definition 0,

consider Pr [C=c].
Adversarial Indistinguishability
Define an experiment called PrivKeav:
Involving an Adversary and a Challenger
Instantiated with an Adv algorithm A, and an
encryption scheme  = (Gen, Enc, Dec)

Challenger Adversary
k  Gen() m0 , m 1 chooses m0, m1 M
b R {0,1} C=Ek[mb]
b’ {0,1}

PrivKeav = 1 if b=b’, and PrivKeav = 0 if b b’

Adversarial Indistinguishability
(con’d)
Definition 2.4. (Gen,Enc,Dec) over a message
space M is perfectly secure if
 adversary A it holds that
Pr[PrivKeavA,=1] = ½

Proposition 2.5. Definition 2.1 is equivalent to

Definition 2.4.
Perfect Secrecy
Fact: When keys are uniformly chosen in a
cipher, a deterministic cipher has Shannon
security iff. the number of keys encrypting m
to c is the same for any pair of (m,c)

One-time pad has perfect secrecy (Proof?)

In textbook
The “Bad News” Theorem for Perfect
Secrecy
Question: OTP requires key as long as messages, is this
an inherent requirement for achieving perfect secrecy?
Answer. Yes. Perfect secrecy implies that
key-length  msg-length
Proof:

Cipherttext space
Plaintext space

Implication: Perfect secrecy difficult to achieve in

practice
Key Randomness in One-Time
Pad
One-Time Pad uses a very long key, what if the
key is not chosen randomly, instead, texts from,
e.g., a book are used as keys.
this is not One-Time Pad anymore
this does not have perfect secrecy
this can be broken
How?
The key in One-Time Pad should never be
reused.
If it is reused, it is Two-Time Pad, and is insecure!
Why?
Usage of One-Time Pad
To use one-time pad, one must have keys as long
as the messages.
To send messages totaling certain size, sender
and receiver must agree on a shared secret key
of that size.
 typically by sending the key over a secure channel
This is difficult to do in practice.
Can’t one use the channel for send the key to
send the messages instead?
Why is OTP still useful, even though difficult to
use?
Usage of One-Time Pad
The channel for distributing keys may exist at
a different time from when one has messages
to send.

The channel for distributing keys may have

the property that keys can be leaked, but
such leakage will be detected
Such as in Quantum cryptography
Coming Attractions …

Cryptography: Block ciphers,

encryption modes,
cryptographic functions
Vernam Cipher
Vernam Cipher, also known as the one-
time-pad.

Gilbert Vernam invented and patented

his cipher in 1917 while working at
AT&T.

Vernam cipher Also known as One-time-

pad.
What Is One-Time pad?

In cryptography, the one-time pad is an

encryption technique that cannot be
cracked, but requires the use of a one-
time pre-shared key the same size as the
message being sent.

In this technique, a plaintext is paired

with a random secret key (also referred
to as a one-time pad)
Encryption
Formula:
plaintext + key = cipher text
 Decryption Formula:

cipher text-key=plain-text
 Some Rules for Encryption
First We chose plain text which we want to
convert into cipher text.
We can chose random key.
Key length is always equal to length of cipher
text.
After adding plain text and keys .If num is
≥26 then we subtract 26 from cipher text in
Encryption.
Keys have two copies One for sender and one
for receiver.
Keys is discarded after one time use.
Encryption Example
Decryption
Another Example “same
message” but now this time
key is different.
Encyption
H E L L O
7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message

+ 23 (X) 12 (M) 2 (C) 10 (K) 11 (L) key

= 30 16 13 21 25 message + key

= 4 (E) 16 (Q) 13 (N) 21 (V) 25 (Z) (message +

key)

E Q N V Z → ciphertext
Decryption:
E Q N V Z cipher-text

4 (E) 16 (Q) 13 (N) 21 (V) 25 (Z) cipher-text

- 23 (X) 12 (M) 2 (C) 10 (K) 11 (L)

key = -19 4 11 11 14

For negative value we add 26 for make it positive

7 (H) 4 (E) 11 (L) 11 (L) 14 (O) cipher-text – key

H E L L O → message
Note
This cipher is unbreakable in a very strong
sense. The intuition is that any message can
be transformed into any cipher (of the same
length) by a pad, and all transformations are
equally likely
Modern use of the Vernam Cipher

The Vernam Cipher can also be implemented

with modern computer technology.
Why OTP is secure?
 The security depends on the randomness of the key.

Drawback in OTP

Key-stream should be as long as plain-text.

Key distribution & Management difficult.
Solutions
Stream Ciphers in which key-stream is a solution
Stream cipher generated in pseudo-random
fashion from relatively short secret key.
Conclusions
 We use different types of algorithms to establish security
services in different service mechanisms.

We use either private key cryptography or public key

cryptography according to requirement.

 If we want to send message quickly we use private key

algorithm and if we want to send messages secretly we use
public key algorithm.
Conclusions
There are many other historical ciphers to
explore:
Playfair
Bacon
Pigpen
Navajo Code Talkers
Rail Fence
Alan Turing
Read “The Gold Bug” by Edgar Allan Poe
Read “The Code Book” by Simon Singh
Conclusions
Although fun and may have worked in their
day, they are easily cracked today:

Letter Frequency Analysis

Word length
Letter patterns
Finding a crib (a word you know is being used)
References

www.researchgate.net
www.swayam.com
www.wikipedia.com