introduction to cryptology
play

Introduction to Cryptology Laboratory for cryptologic algorithms - PDF document

Nov 27, 2023 •354 likes •959 views

Introduction to Cryptology Laboratory for cryptologic algorithms Arjen K. Lenstra What is Cryptology? The art and science of secret writing What this talk could be: ------------------------------------

  1. Introduction to Cryptology Laboratory for cryptologic algorithms Arjen K. Lenstra

  2. What is Cryptology? ‘The art and science of secret writing’ What this talk could be: ------------------------------------ ---------------------------------------------------- How the basics of cryptology work What this talk is: How the basics of cryptology don’t work

  3. Context Cryptology is crucial to achieve Information Security Some other issues on which Information Security depends: users, employees, passwords, confusion, lethargy, incompetence, stupidity, inertia, policies and their enforcement, regulations, legislation, jurisdiction, juries, monitoring, auditing, risk management, profits/losses, liabilities, business considerations, access control, verification, operating systems, implementation, software, patches, networks, legacy systems, errors, hackers, viruses, public relations, public perception, conventions, physical protection, standards, fear, …

  4. Why is cryptology interesting? • Crypto: strongest link in information security • Obviously: like to keep it that way • But: many aspects we have no clue about! Interesting because: • Lots of challenging problems with impact on real life • Covers broad range of mathematics and computer science • Nothing can be taken for granted: lots of surprises

  5. Examples of current cluelessness 1. The current hashing nightmare 2. The case of the Advanced Encryption Standard 3. Public Key Crypto: mathematics or religion? 4. Cryptography related products

  6. The current hashing nightmare ‘Hashing’: • A way to quickly, uniquely identify a document • Comparable to a fingerprint: of fixed small size • Tiny change in document leads to a completely different hash

  7. The current hashing nightmare ‘Hashing’: • A way to quickly, uniquely identify a document • Comparable to a fingerprint: of fixed small size • Tiny change in document leads to a completely different hash • Lots of other nice properties: – Given the hash, can’t construct the document – Can’t make two documents with same hash – …

  8. Aside: hash versus encryption Hashing and encrypting are totally different things: • Hashing a document of any size: – always results in a fingerprint of the same small size – fingerprint cannot be used to reconstruct document • Encrypting a document: – results in an encryption of about the same size – encryption used to reconstruct original document

  9. Aside: hash versus encryption Hashing and encrypting are totally different things: • Hashing a document of any size: – always results in a fingerprint of the same small size – fingerprint cannot be used to reconstruct document • Encrypting a document: – results in an encryption of about the same size – encryption used to reconstruct original document So, what are hashes good for? to identify data/docs/software succinctly

  10. ‘Popular’ hashes Popular? • Early 1990s: Both by Ron Rivest – MD4 – MD5 • Mid 1990s: Both by – SHA NSA, based on MD4/MD5 – SHA1

  11. Relevant related events • Almost right away: MD4 considered weak, not used • mid 1990s: MD5 ‘suspicious’, but widely used • SHA mysteriously updated to SHA1 • Everyone happy with SHA1 (and some with MD5) • 2002: announcement of SHA2, extension of SHA1

  12. Relevant related events • Almost right away: MD4 considered weak, not used • mid 1990s: MD5 ‘suspicious’, but widely used • SHA mysteriously updated to SHA1 • Everyone happy with SHA1 (and some with MD5) • 2002: announcement of SHA2, extension of SHA1 • Fall of 2004: (US) National – MD4 disastrously weak Institute of Standards and – MD5 very weak Technology – SHA weak • February 7 ’05, NIST: don’t worry, SHA1&2 are fine!

  13. Relevant related events • Almost right away: MD4 considered weak, not used • mid 1990s: MD5 ‘suspicious’, but widely used • SHA mysteriously updated to SHA1 • Everyone happy with SHA1 (and some with MD5) • 2002: announcement of SHA2, extension of SHA1 • Fall of 2004: (US) National – MD4 disastrously weak Institute of Standards and – MD5 very weak Technology – SHA weak • February 7 ’05, NIST: don’t worry, SHA1&2 are fine! • February 14 ‘05: SHA1 weaker than expected

  14. What happened? 2004/2005: Xiaoyun Wang ‘broke’ almost all hashes in sight (and, strangely, all cryptologists loved it!)

  15. Something weird in cryptology • Why did Xiaoyun Wang break all our hashes? • Shouldn’t she be locked up?

  16. Something weird in cryptology • Why did Xiaoyun Wang break all our hashes? • Shouldn’t she be locked up? If, in crypto, you manage to destroy others’ toys: • (research-)people love and appreciate it • it’s a sign of progress (even if results may be disastrous)

  17. The ‘after Wang’ era • SHA1 definitely on the way out • SHA2 no longer fully trusted either But : SHA1 and SHA2 are essentially all we have • Good hashes are crucial for applications • At this point no one has a clue what to do

  18. This just in from NIST March 15, 2006: The SHA-2 family of hash functions (i.e., SHA-224, SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all applications using secure hash algorithms. Federal agencies should stop using SHA-1 for digital signatures, digital time stamping and other applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010.

  19. AES (Advanced Encryption Standard): The case of AES

  20. Intermezzo What is an Encryption Standard supposed to do? • Communicating parties A and B share a key K • A uses K to quickly encrypt any volume of data • The encrypted data is sent over public channels • Only B can decrypt it and retrieve the data (Most likely you’ve used it often)

  21. AES (Advanced Encryption Standard): The case of AES

  22. The case of AES AES (Advanced Encryption Standard): The successor of DES (Data Encryption Standard) DES: • Designed in the mid 1970s, mostly by the NSA • Regarded with utmost suspicion for a long time • Still ‘unbroken’, but by late 1990s too weak due to increasing computer speed

  23. Finding a successor for DES 1997, NIST opted for open public design competition: • Free exploitation of public know-how • Avoid suspicion about cooked design

  24. Finding a successor for DES 1997, NIST opted for open public design competition: • Free exploitation of public know-how • Avoid suspicion about cooked design This turned out to be very successful approach • At least 20 proposals from researchers worldwide • Proposals presented to each other – some cracked • Resulted in 5 finalists in 2000

  25. The five finalists • MARS: IBM team with Don Coppersmith • RC6: RSA team with Ron Rivest • Rijndael: BE team Vincent Rijmen & Joan Daemen • Serpent: DK/IL/UK team with Eli Biham • Twofish: private US team with Bruce Schneier

  26. And the winner was… Rijndael, the one no one can pronounce (other names considered: ‘koeieuier’ and ‘angstschreeuw’) • Soon ‘all’ our communications will be protected by a Belgian cipher • Let’s keep our fingers crossed that AES = Rijndael is indeed as strong as we hope it to be

  27. Cryptanalytic progress against AES? No effective breaks affecting the AES algorithm yet: finding a secret key is computationally infeasible

  28. Cryptanalytic progress against AES? No effective breaks affecting the AES algorithm yet: finding a secret key is computationally infeasible How infeasible?

  29. Cryptanalytic progress against AES? No effective breaks affecting the AES algorithm yet: finding a secret key is computationally infeasible How infeasible? Effort 2 128 , that’s more than 3 × 10 38

  30. Cryptanalytic progress against AES? No effective breaks affecting the AES algorithm yet: finding a secret key is computationally infeasible How infeasible? Effort 2 128 , that’s more than 3 × 10 38 Why would that be hard?

  31. Cryptanalytic progress against AES? No effective breaks affecting the AES algorithm yet: finding a secret key is computationally infeasible How infeasible? Effort 2 128 , that’s more than 3 × 10 38 Why would that be hard? PCs run at 4GHz, say 1000GHz: 10 12 ops/sec

  32. Cryptanalytic progress against AES? No effective breaks affecting the AES algorithm yet: finding a secret key is computationally infeasible How infeasible? Effort 2 128 , that’s more than 3 × 10 38 Why would that be hard? PCs run at 4GHz, say 1000GHz: 10 12 ops/sec fewer than 3 × 10 7 sec/year: 3 × 10 19 ops/year

  33. Cryptanalytic progress against AES? No effective breaks affecting the AES algorithm yet: finding a secret key is computationally infeasible How infeasible? Effort 2 128 , that’s more than 3 × 10 38 Why would that be hard? PCs run at 4GHz, say 1000GHz: 10 12 ops/sec fewer than 3 × 10 7 sec/year: 3 × 10 19 ops/year 10 10 people, each 1000 PCs: 3 × 10 32 ops/year

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cryptology Cryptology = Cryptography + Cryptanalysis Usage: SSL/TLS, ssh, gpg GSM, Wifi,

Cryptology Cryptology = Cryptography + Cryptanalysis Usage: SSL/TLS, ssh, gpg GSM, Wifi,

An introduction to Cryptology 1 2015/03/ EMA, Franceville, Gabon Damien Robert quipe LFANT, Inria Bordeaux Sud-Ouest Institut de Mathmatiques de Bordeaux quipe MACISA, Laboratoire International de Recherche en Informatique et

809 views • 61 slides
Security building blocks: cryptology Markus Peuhkuri 2005-02-08 Lecture topics Cryptology

Security building blocks: cryptology Markus Peuhkuri 2005-02-08 Lecture topics Cryptology

Security building blocks: cryptology Markus Peuhkuri 2005-02-08 Lecture topics Cryptology Encryption Secure hash Security and cryptology Information security = crypto? A significant art by

422 views • 7 slides
CRYPTOLOGY WITH CRYPTOOL 1 Practical Introduction to Cryptography and Cryptanalysis Scope,

CRYPTOLOGY WITH CRYPTOOL 1 Practical Introduction to Cryptography and Cryptanalysis Scope,

CRYPTOLOGY WITH CRYPTOOL 1 Practical Introduction to Cryptography and Cryptanalysis Scope, Technology, and Future of CrypTool 1.4.xx Prof. Bernhard Esslinger and the CrypTool Team www.cryptool.org (Updated: 19 September 2017, with release CT

1.22k views • 121 slides
Introduction to Cryptology: confidentiality, integrity, authenticity 2015/12 Yaound,

Introduction to Cryptology: confidentiality, integrity, authenticity 2015/12 Yaound,

Introduction to Cryptology: confidentiality, integrity, authenticity 2015/12 Yaound, Cameroun Damien Robert quipe LFANT, Inria Bordeaux Sud-Ouest Institut de Mathmatiques de Bordeaux quipe MACISA, Laboratoire International de

753 views • 53 slides
Grbner Bases: a Tools for Cryptology Jean-Charles Faugre PolSys - INRIA/UPMC ECRYPT II

Grbner Bases: a Tools for Cryptology Jean-Charles Faugre PolSys - INRIA/UPMC ECRYPT II

Grbner Bases: a Tools for Cryptology Jean-Charles Faugre PolSys - INRIA/UPMC ECRYPT II Summer School on Tools 2012 Plan Grbner Bases: a Tools for Cryptology Introduction to Algebraic Cryptanalysis and Grbner bases. Part I

1.26k views • 104 slides
Information Transmission Chapter 6 Cryptology OVE EDFORS ELECTRICAL AND INFORMATION TECHNOLOGY

Information Transmission Chapter 6 Cryptology OVE EDFORS ELECTRICAL AND INFORMATION TECHNOLOGY

1 Information Transmission Chapter 6 Cryptology OVE EDFORS ELECTRICAL AND INFORMATION TECHNOLOGY Learning outcomes After this lecture the student should undertand what cryptology is and how it is used, be familiar with the crypto

307 views • 18 slides
Seminar 1: Introduction Helger Lipmaa Helsinki University of Technology

Seminar 1: Introduction Helger Lipmaa Helsinki University of Technology

T-79.514 Special Course on Cryptology Seminar 1: Introduction Helger Lipmaa Helsinki University of Technology http://www.tcs.hut.fi/helger T-79.514 Special Course in Cryptology, 10.09.2003 Seminar 1: Introduction, Helger Lipmaa 1 Overview

721 views • 13 slides
PBIBD and its applications in Cryptology Bimal Roy Indian Statistical Institute www.isical.ac.in/

PBIBD and its applications in Cryptology Bimal Roy Indian Statistical Institute www.isical.ac.in/

PBIBD and its applications in Cryptology Bimal Roy Indian Statistical Institute www.isical.ac.in/ bimal In this talk ... We will first describe the combinatorial framework of PBIBD And then proceed to show its applications in Cryptology 1.

578 views • 29 slides
A New Publication Model for FSE: IACR Transactions on Symmetric Cryptology (ToSC) Bart Preneel

A New Publication Model for FSE: IACR Transactions on Symmetric Cryptology (ToSC) Bart Preneel

Rump Session 2016 A New Publication Model for FSE: IACR Transactions on Symmetric Cryptology (ToSC) Bart Preneel COSIC KU Leuven and iMinds FSE ToSC Fast Software Encryption IACR Transactions on Symmetric Cryptology =

303 views • 5 slides
Dynamic, Metamorphic (and opensource) Virtual Machines A. Desnos ESIEA - Operational Cryptology

Dynamic, Metamorphic (and opensource) Virtual Machines A. Desnos ESIEA - Operational Cryptology

Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Dynamic, Metamorphic (and opensource) Virtual Machines A. Desnos ESIEA - Operational Cryptology and Virology Laboratory (CVO) 38 rue des Dr Calmette et Gurin,

1.21k views • 75 slides
Message authentication and cryptographic hashing 2MMC10 Cryptology Andreas H ulsing

Message authentication and cryptographic hashing 2MMC10 Cryptology Andreas H ulsing

Message authentication and cryptographic hashing 2MMC10 Cryptology Andreas H ulsing September 20, 2018 A. H ulsing 2MMC10 Cryptology 1 / 12 Message authentication Sometimes we want more than secrecy! Acknowledgement of receipt,

262 views • 22 slides
MACISA Mathematics applied to cryptology and information security in Africa 2014/09/24

MACISA Mathematics applied to cryptology and information security in Africa 2014/09/24

MACISA Mathematics applied to cryptology and information security in Africa 2014/09/24 LIRIMA Evaluation Seminar, Paris Tony Ezome, Damien Robert quipe LFANT, Inria Bordeaux Sud-Ouest Context High need for secure communications

468 views • 17 slides
Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY Plaintext Cyphertext More definitions block cipher stream cipher hash function shared key public key digital signature

383 views • 16 slides
Shortest Vector from Lattice Sieving: a Few Dimensions for Free eo Ducas 1 L Cryptology Group,

Shortest Vector from Lattice Sieving: a Few Dimensions for Free eo Ducas 1 L Cryptology Group,

Shortest Vector from Lattice Sieving: a Few Dimensions for Free eo Ducas 1 L Cryptology Group, CWI, Amsterdam, The Netherlands EUROCRYPT 2018 Tel Aviv, April 30th 1 Supported by a Veni Innovational Research Grant from NWO (639.021.645). L

904 views • 40 slides
Modern Cryptology: from public key cryptography to homomorphic encryption 2015/12 Yaound,

Modern Cryptology: from public key cryptography to homomorphic encryption 2015/12 Yaound,

Modern Cryptology: from public key cryptography to homomorphic encryption 2015/12 Yaound, Cameroun Damien Robert quipe LFANT, Inria Bordeaux Sud-Ouest Institut de Mathmatiques de Bordeaux quipe MACISA, Laboratoire International de

960 views • 46 slides
Proposal for Translating Cryptology Terms to Hebrew Yossi Markovitz initiated this list. Ron

Proposal for Translating Cryptology Terms to Hebrew Yossi Markovitz initiated this list. Ron

Proposal for Translating Cryptology Terms to Hebrew Yossi Markovitz initiated this list. Ron Irmai, Shraga Irmai, Adi Shamir, Moti Yung, Orr Dunkelman and Roni Roth contributed various terms and had var- ious suggestions that improved this list.

542 views • 10 slides
FORM 10-Q (Mark One) QUARTERLY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES

FORM 10-Q (Mark One) QUARTERLY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES

Toggle SGML Header (+) Section 1: 10-Q (10-Q) Table of Contents UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 FORM 10-Q (Mark One) QUARTERLY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT

827 views • 64 slides
XML Performance Community Group London XQuery Beer'Up Bienvenue 2007/05/15 version

XML Performance Community Group London XQuery Beer'Up Bienvenue 2007/05/15 version

XML Performance Community Group London XQuery Beer'Up Bienvenue 2007/05/15 version Contactez-nous / Contact us Innovimax 9, impasse des Orteaux - 75020 Paris Tl: +33 9 52 47 57 87 Fax: +33 1 43 56 17 46 contactus@innovimax.fr

169 views • 14 slides
When Documentation Met Computational Thinking Carlos Evia (cevia@vt.edu) @carlosevia The R2P

When Documentation Met Computational Thinking Carlos Evia (cevia@vt.edu) @carlosevia The R2P

When Documentation Met Computational Thinking Carlos Evia (cevia@vt.edu) @carlosevia The R2P genesis IBM Usability XML Task Orientation SGML John Carroll US Army (Virginia Tech) Sun/Adobe Apple JoAnn

457 views • 23 slides
Exploring information exchange opportunities between Industry and the TGA ARCS PV Teleconference

Exploring information exchange opportunities between Industry and the TGA ARCS PV Teleconference

Exploring information exchange opportunities between Industry and the TGA ARCS PV Teleconference Dr Richard Hill and Warren Arndt Pharmacovigilance and Special Access Branch PMSBSystems@tga.gov.au 17 th November 2015 Contents TGAs

548 views • 17 slides
Challenges To Deploying New DNSSEC Algorithms ICANN 55 DNSSEC Workshop March 8, 2016 Marrakech,

Challenges To Deploying New DNSSEC Algorithms ICANN 55 DNSSEC Workshop March 8, 2016 Marrakech,

Challenges To Deploying New DNSSEC Algorithms ICANN 55 DNSSEC Workshop March 8, 2016 Marrakech, Morocco Dan York, Internet Society www.internetsociety.org/deploy360 DNSSEC Algorithms Used to generate keys for signing DNSKEY Used

417 views • 15 slides
Automatic SSH public key fingerprint retrieval and publication in DNSSEC Pascal Cuylaerts &

Automatic SSH public key fingerprint retrieval and publication in DNSSEC Pascal Cuylaerts &

Automatic SSH public key fingerprint retrieval and publication in DNSSEC Pascal Cuylaerts & Marc Buijsman 2 February 2011 Overview Introduction Research Mechanism design Proof of concept Conclusion Demo 2 of 17

300 views • 17 slides
PrivacyMail: Towards Transparency in Email Tracking Max Maass , Stephan Schwr, Matthias Hollick

PrivacyMail: Towards Transparency in Email Tracking Max Maass , Stephan Schwr, Matthias Hollick

PrivacyMail: Towards Transparency in Email Tracking Max Maass , Stephan Schwr, Matthias Hollick Secure Mobile Networking Lab, TU Darmstadt 31.05.2019 | Technische Universitt Darmstadt | 1 31.05.2019 | Technische Universitt Darmstadt | 1

244 views • 20 slides
50 32 , CTO of Mail Services at

50 32 , CTO of Mail Services at

50 32 , CTO of Mail Services at Mail.ru 50 85%

1.18k views • 84 slides

More recommend