Lecture 46: Cryptoanalisis

Summary

In this lecture, the concept of cryptanalysis is explored, which is essentially the art of breaking cryptographic systems. Unlike cryptography which involves design and development, cryptanalysis focuses on attacking these protocols. Various models of cryptanalysis attacks are discussed, including known plaintext attacks and ciphertext-only attacks. The discussion further delves into generic attacks on cryptosystems such as exhaustive search and table lookup methods. These methods highlight the difficulty of breaking cipher systems without knowing the key, underlining the importance of robust encryption methods.

Highlights

• Cryptanalysis is about attacking a cryptographic protocol to break it. 🔍
• Known plaintext and ciphertext-only attacks are fundamental models in cryptanalysis. 📜
• Exhaustive search and table lookup are examples of generic attacks on block ciphers. 🔑
• Temporary access to encryption or decryption machinery poses significant security challenges. 🚪
• Successfully breaking a cipher often involves finding the secret key, the 'Holy Grail' of cryptanalysis. ✨

Key Takeaways

• Cryptanalysis is the 'dark side' of cryptology, focusing on breaking cryptographic systems rather than building them. 💥
• Understanding different attack models helps in enhancing the security of cryptographic systems. 🛡️
• Knowing the key is crucial for decrypting messages, making it the primary target in cryptanalysis. 🔑
• Table lookup and exhaustive search are generic attacks that don’t rely on the specific design of a cipher, but rather on its key size. 📚
• Temporary access to decryption machinery can be a threat if not properly controlled, highlighting the importance of secure systems. 🚨

Overview

Cryptanalysis is a key aspect of cryptology, distinct from cryptography which focuses on creating secure protocols. It examines methods to breach these systems, exploring the 'dark side' of the cryptographic coin. The lecture explains how cryptanalysis operates on attacking protocols, a process often personified through the traditional adversary known as Oscar.

Various models of cryptanalysis are explained, each providing unique insights into the vulnerabilities of cryptographic systems. This includes known plaintext attacks, where some previous messages are known, and ciphertext-only attacks, where only the message in transit is known. These models help in understanding the potential security loopholes that can be exploited.

The lecture also delves into generic attacks such as exhaustive search and table lookup. These strategies don’t depend on the specific design of a cipher but rather its key size, illustrating a form of attack that leverages computational power. Discussions on temporary access to decryption machinery highlight the ongoing challenge of maintaining secure communication channels against increasingly sophisticated attacks.

Chapters

• 00:00 - 03:00: Introduction to Cryptanalysis The chapter provides an introduction to cryptanalysis, focusing on methods to attack cryptographic schemes or protocols. It contrasts with previous discussions that have likely focused on the design and implementation of cryptographic systems, highlighting this as "the other side of the coin."
• 03:00 - 07:00: Cryptanalysis and Cryptology The chapter "Cryptanalysis and Cryptology" explores the concepts of cryptography and cryptology. Cryptology is explained as having two main components, one of which is cryptography. The transcript introduces the topic of designing within the space of cryptography, likely touching on various cryptographic protocols and systems such as RSA and AES, although the transcript is incomplete to make full conclusive remarks.
• 07:00 - 13:00: Cryptanalysis Attack Models The chapter titled 'Cryptanalysis Attack Models' delves into the realm of cryptanalysis, focusing on the methodologies for attacking and breaking cryptographic protocols. It underscores the importance of understanding design techniques and cryptographic protocols to effectively break codes.
• 13:00 - 18:00: Exhaustive Search Attack The chapter titled "Exhaustive Search Attack" delves into the basic concepts of cryptology, particularly focusing on cryptanalysis. Cryptanalysis is the study of decoding encrypted information and is a crucial aspect of understanding how cryptography secures communications. The text explains that cryptanalysis involves efforts to break the code or guess keys and messages exchanged between parties, such as Alice and Bob. The chapter introduces the role of a 'cryptanalyst,' represented by the fictitious character Oscar, who embodies the adversary's efforts in trying to decipher encrypted information or compromise the security of a communication channel. This section provides insight into the dual aspects of cryptology, highlighting both the creation of secret communications through cryptography and the attempts to break these codes through cryptanalysis.
• 18:00 - 25:00: Table Lookup Attack In the chapter titled 'Table Lookup Attack,' the discussion centers around the concept of cryptanalysis, particularly how an attacker, often referred to as 'Oscar,' approaches breaking cryptographic systems. The chapter explores different models of cryptanalysis, beginning with a focus on the design phase and transitioning to the phase where these systems are broken. The narrative elaborates on the contrasting roles in cryptosystems: designing secure encryptions versus strategizing their breach.
• 25:00 - 29:00: Time-Memory Trade-Offs This chapter introduces the concept of cryptanalysis attack models, focusing specifically on time-memory trade-offs. The primary models discussed are the known plaintext attack and the known ciphertext attack, with the suggestion that combinations of these models may also be considered. The discussion briefly mentions Alice and Bob, standard placeholders in cryptography to represent parties in communication.

Lecture 46: Cryptoanalisis Transcription

• 00:00 - 00:30 [Music] okay so we talked about crypt analysis or the that means how to attack the cryptographic scheme or keep the base protocol so basically this is the other side of the coil so so far we have seen
• 00:30 - 01:00 the design space like cryptography so basically cryptography so cryptology is [Applause] nadi has two part one is cryptography so which we have talked about so far which is basically this this area deals with the cryptographic protocols crypto system RSA in the mall AES da so all the
• 01:00 - 01:30 design design techniques like design of the cryptographic protocol and this is the attack breaking the code breaking so we have a cryptographic protocol how we can attack that so this this is this is this area is called crypt analysis crypt
• 01:30 - 02:00 analysis so basically cryptology is consists of cryptography and cryptanalysis so crypt analysis means the attacker I mean the attack on the photo column okay how we can break the code how we can guess the key or the message sending between Alice and Bob so all the type of job is done in this area crypt analysis and the person who is doing this is called cryptanalyst and that is named as Oscar okay so that
• 02:00 - 02:30 is the traditional name we used to denote a attacker Oscar okay so this is the this crypt analysis is the other side of the coin so this is the design phase script to give to graffia and this is the braking phase so we talk about we start the crypt analysis so we talk about the models of
• 02:30 - 03:00 crypt analysis attack model specially on this this is so attack models okay so there are basically usually four types of models but there are some combination of this type also one is the non plaintext attack by known ciphertext attack so the Alice and Bob they are
• 03:00 - 03:30 communicating over a public channel so either by symmetric key encryption or by publication and the Oscar Oscar is having access to this this is the public channel and Oscar is having full access
• 03:30 - 04:00 to this channel okay it could be passively or actively passively means or asker passive attack means what Oscar can only see what is being communicating and that typically means Oscar can change the communication okay so these under this attack model means Oscar knows the cipher takes so the what is called ciphertext I Alice is the message Alice wants to send to Bob that is
• 04:00 - 04:30 called plaintext or the message and while it is encrypting the to see either by symmetric key encryption or by public key encryption this is called hypertext and it is being sent to Bob over the public Channel so this is called non ciphertext on the attack known cipher takes all the attacks so Oscar knows only the cipher takes okay so this is more secure scenario we are not giving
• 04:30 - 05:00 any extra facility to the Oscar is only have the access to this public chain right which is quite obvious to asking because if we say that we will not allow a skirt to listen what is being communicating about public Shannon that nobody will believe you okay so your scheme should be secure at least under this model okay the second one is second one is so second one is
• 05:00 - 05:30 known plaintext attack the first one is known ciphertext only attack cyber tricks the second one is known plaintext known
• 05:30 - 06:00 plaintext attack on plane ticket so in this attack model Oscar knows some pair of Lin takes in the ciphertext so Alice and Bob communicating over this public an Oscar is sitting here okay so in this known plaintext attack means Oscar knows
• 06:00 - 06:30 the third party or the adversary Oscar is the adversary Oscar knows some plane takes and the corresponding ciphertext for some I is equal to 1 to K suppose Kemeny so Oscar no sir maybe these are the old communication between Alice and Bob so we can send the history of this to Bhaskar these are old communication maybe two years ago there they were
• 06:30 - 07:00 communicating I mean their their message was like this your plaintext and the cipher text this has no much relevance now I mean this is already being I mean communicated two years ago so under this model model Oscar knows Oscar knows or Oscar has given some Oscar p IC i-- p I am corresponding CI I is
• 07:00 - 07:30 the guide to 1 to l 1 to k and the goal of the Oscar is to goal is to get the key he is not known the secret key is not done okay so if it is a symmetric key encryption that symmetric key is not known to the Oscar so goal it is to get the key what is the K and suppose Alice
• 07:30 - 08:00 and Bob now communicating this fish star and corresponding Shh done okay this is the current message they are communicating current mass analysis wants to send to Bob so Alice computes Easter from P star this is the new message or to guess gasp Easter from sister the new message this is a new
• 08:00 - 08:30 message or the current message they are communicating this is the challenge to the adversary okay and this third third one is basically telling us non plain chosen plaintext attack chosen plaintext attack okay so this is you are giving little
• 08:30 - 09:00 more power to the Oscar adversary in the sense that the adversary can choose the plaintext and can get the corresponding ciphertext without knowing the key so the Oscar can choose choose P I and can get the CI so that means this P i CI PR Oscar is happy so that means thro we we
• 09:00 - 09:30 are giving the encryption machinery to the Oscar employee axis so maybe so this is the encryption algorithm we can in Bill the key over here he is not known to the Oscar we are not giving the key to the Oscar then everything is gone but without knowing the key we are giving the temporary access to the encryption machinery to the Oscar so that Oscar can give a plaintext and can get the
• 09:30 - 10:00 corresponding ciphertext begin another plaintext and can get the corresponding ciphertext without knowing the key so that means this could be dot exe file encryption dot exe where we are keeping the key in build so key is the in the Y if it is C code then in the C code itself in the program dot C file will keep the key there so key will be not be asking in the runtime so only in the runtime will be asking the plane takes
• 10:00 - 10:30 so we are giving that encryption machinery temporary axis of this encryption machinery to the Oscar it could be software it would be in the hardware so that Oscar can choose a plaintext and can get the corresponding ciphertext okay so this is the now what is the challenge of the Oscar what is the goal of the Oscar so Oscar goal is to guess what is
• 10:30 - 11:00 the key goal is to get the key Ek or so or now we stop that stop the temporary axis of this encryption machinery or to guess what is P star from the system this our guess P star from the system okay so this is the the
• 11:00 - 11:30 P star is that now now that they are communicating okay so this is one model so here we are giving temporary access to the encryption machinery okay now that's thorough and the fourth one is chosen ciphertext attack so chosen
• 11:30 - 12:00 [Applause] ciphertext only attack so here here we are giving the temporary access of the decryption machinery to the Oscar so we have the decryption function say it could be DES decryption key is inbuilt so Oscar can give a ciphertext and can give the corresponding plaintext okay so
• 12:00 - 12:30 we are giving the temporary access of the decryption machinery temporary access then you have to take it take it back otherwise Oscar can give the new ciphertext and get the pistol so we are giving the temporary accept access of this decryption machinery to the Oscar so what we are doing here we are just keys inbuilt so so Oscar can so Oscar
• 12:30 - 13:00 can choose choose P I I mean CIP i CIN can get get the corresponding so Oscar knows the spear ticl4 some K now the challenge of the Oscar is is to get that get the key here which is not
• 13:00 - 13:30 known and to now we stop this temporary access to this decryption machinery to Oscar now Alice and Bob is communicating bestirred sister and to guess we start from sister okay so this is the this is
• 13:30 - 14:00 another model so this is more if if we can claim that our two system is secured under this model this is we are giving more power to the adversary so that means how powerful our adversary is even though our cipher is our scheme is secure so that is the that is our goal we are making our adversary more and more powerful okay now there are some combination of this for model so those we are not going into details but these are mainly for models so now we'll talk
• 14:00 - 14:30 about some generic attack on the crypto system specially on block cipher J Mary cryptanalysis on a block cipher or it could be done for stream cipher hours let us start with block cipher the first
• 14:30 - 15:00 one is basically we know is the exhaustive search [Applause] exhaustive search or the boat for train who would boot boots force method so what this we have already seen suppose we have a we are Alice and Bob okay so
• 15:00 - 15:30 suppose there they are communicating over the public channel using the DA and they agree with the common key say ship to six bits D s so it is 56 bit key so now they encrypt so Alice choose a message which is 64 bit and then Alice and keep this message message usually this K key so
• 15:30 - 16:00 this is D s encryption and send it to Bob so Bob is receiving why and Bob is you have planned Eclipse an algorithm to get back this message now how we can do the exhaustive search on this block cipher D years so basically so for that Oscar need to have it so this is a known plaintext attacks so Oscar is having so Oscar is having P and C this is known so
• 16:00 - 16:30 this is a known plaintext attack Oscar is Oscar is know having a plaintext and the corresponding ciphertext but Oscar is not knowing that key so now the challenge of the Oscar is to get the key if once Oscar gate that kiosk I can get the new message so what that horse car will do Oscar I will try for all possible key so this is a key space okay
• 16:30 - 17:00 so Oscar will try for so if it is made by D s so Oscar will try for all possible keys so Oscar will choose a key from here say ki and Oscar mean they will keep this P and get a CI and Oscar will check whether this is this legal is she or not if it is C if C is C then ki is that P because we know this P R so this is a known
• 17:00 - 17:30 plaintext attack we know this P R okay so this is basically exhaustive search attack or the boot first attack so this way we have to search for all possible keys in the key space so the time complexity is basically the depending on the size of the key space if it is BS then 2 to the power 56 into time for DES encryption if it is 1 second then this many second this is huge but we know there are some attack using the parallel processing if we have many processors
• 17:30 - 18:00 then this can be reduced by the parallel processing and this type of attack you have seen so this is the exhaustive search attack and this is the generic attack generic in the sense here we are not using any information about the how this des is designed we are not looking inside the block cipher or inside the cipher we are just we need to have just to know the key sites this 56 bit so instead of des if it is some other cipher like sort of cipher and which is
• 18:00 - 18:30 having key size 56 bit then also we can have we can mount this attack by similar way so that sense it is generic attack that means this attack idea can be mount for any block cipher which has same key size so we are not looking into the inside design of this cipher we are just looking into the key size so that sense it is a generic attack okay so anyway so
• 18:30 - 19:00 now we will talk about another generic attack which is called table look of attack so table goes up so basically under this attack it is
• 19:00 - 19:30 also generated under this attack we have to phase one is so basically what we have to do this this is basically this attacking this is basically inverting a one a function what is a one a function it is defined a one a function one a function suppose F is a function from A to B so this is a say this is V set it is a mapping basically so if you take a
• 19:30 - 20:00 x over here then this is f of K this is basically why okay or we can denote this by X is f of X so one that means this part it it is easy given the X we can easily so if given X it is easy again easy is
• 20:00 - 20:30 the VEX sense easy means competition early feasible so we do have a polynomial time algorithm to compute this easy to compute f of X okay so one it is easy but other way it is hard so given a Y which we know it is basically f of X this way it is hard this is hard but this must be easy so
• 20:30 - 21:00 given a why it is happening much given a Y which is basically f of X it is hard to computationally hard had to get it so that is the one way function so one it is one a so this forward direction it is easy but backward direction it is
• 21:00 - 21:30 stopped so every cryptographic protocol is basically one a function like if we consider a block cipher so so this is basically a block cipher is basically we have say env2 so if it is say n bit block cipher so we have a K bit e so block cipher is basically function
• 21:30 - 22:00 form so this is basically function from plaintext space key space to cybertechs space okay so we take a message from the Lin tech space it take a key from the so it will so basically it is this really a of M comma K will give us C so it is a coming from plaintext bit is coming on keep space it is yes see okay now if we
• 22:00 - 22:30 fix a plane takes if we fix a plane takes if we fix the plaintext let us fix a plane takes aim P from the index patient ok so then this P is fixed now this is a function form so then EP is a
• 22:30 - 23:00 function form key space to the ciphertext space okay so this function is a one a function these are different by if now key space and cyber tech space may be different size okay so this is function form key space to the so this is key space so this is a known plaintext attack cipher takes place
• 23:00 - 23:30 [Applause] okay so here what we have we have a we have a key so this is a plaintext is fixed so you have a key and then we basically apply so f of f of K is basically G of T comma K so P is fixed so this is a function of one K so this
• 23:30 - 24:00 is basically if up to so this is a cipher text C so this way it is this is one way because this should be easy because otherwise this verb our block cipher won't be popular so this is this is just encryption algorithm of the block cipher but this way it is hard because if we have a cipher takes then to get back this key
• 24:00 - 24:30 is basically breaking the block cipher under the known plaintext attack so that is hard so basically this is a one-way function f is a one-way function so now the question is how we can attack this so by table lookup method so we have seen one attack by exhaustive search generic attack another attack is by table lookup so we will do something in the PIPA sesang step so offline step so
• 24:30 - 25:00 if you have time so we can do something so this has to step on these offline another one is online so yeah so table lookup so one is it has to step off line while this is also called P possessing people sitting face or offline face and another
• 25:00 - 25:30 one is online in attack online attack okay so what we do at the offline so at the PIPA Singh phase what we do we compute the so basically we are converting this function so we have a function a to be so this is this place
• 25:30 - 26:00 this is ciphertext space we have a X and this is f of X so the question is we have given a why we need to get back X so that is the challenge so what we do we make a table so we'll choose all possible keys k1 and we get f of K 1 K 2 F of K T so K if we if the key size is say depending on the size of the key if
• 26:00 - 26:30 it is K M or in say capital n this is basically a prop in so if it is d s then n is 2 to the power 6 256 okay so in the table what we do we store this K k1 and this F of K 1 PR okay I like this M F up
• 26:30 - 27:00 in here like this okay so now now this is for all chaos you are doing so we have a huge memory so we are storing this so this is we are doing offline phase and the online phase what we have so this is the online phase we
• 27:00 - 27:30 have a cyber tech this is non plaintext attack we have a ciphertext Y or basically C which is basically if P off I mean EP off basically a for e but we do not know the K or K star so what I do we have this C or so if we store this in the the sorting order of this end points this points then we can search it we can
• 27:30 - 28:00 do the binary search on this C so suppose this is some K L F of K L see now suppose this is matching with C then we can get the key then K L is our P this is just a table lookup attack so we will just search for our this Y or C into the table now we know all the keys are there so it has to be matched with one of this then once this matching is
• 28:00 - 28:30 done so we take the corresponding key as our the key so this is the attack but here we need to have the storage so because this table has to be store and this is but online face we are not doing anything we are just doing the table lookup so if it is just binary search it is logarithm time okay log of in time capital in time it is very faster so online search less time but we are having we need to have huge memory
• 28:30 - 29:00 because to store this whole table so now there are some technique which we can trade up between the time and this space so that is called time emulated of attack which we'll discuss in the next class thank you