1 of 10

IMPORTANT: we need to harvest your school ids

tinyurl.com/blairsec-roster

2 of 10

Intro to Cryptography

Cybersecurity Club

3 of 10

What is cryptography?

  • "Secure communication in the presence of adversarial behavior" - Wikipedia
  • Before 1970s (classical crypto): Encryption, decryption, cryptanalysis
    • Notable example: Enigma
  • After 1970: More focus on primitives
    • Public-key cryptography
    • Hashing
    • Digital signatures
    • Private information retrieval
    • Commitment schemes
    • CSPRNGs

4 of 10

What changed?

  • Computers
  • 1949 - "A mathematical theory of cryptography" by Claude Shannon
    • Introduces two goals of cryptography: security and authenticity
  • 1975 - Publication of DES, developed by IBM
  • 1976 - "New Directions in Cryptography" by Diffie and Hellman
    • Introduces the Diffie-Hellman key exchange
    • Launches development of public-key cryptography

5 of 10

Kerckhoffs's Principle

  • "The enemy knows the system" (Shannon's Maxim)
  • The security of a system should rely on its key, not the secrecy of its design
  • Opposite: Security by obscurity, steganography
    • What's wrong with relying on these alone?
    • Example: locks

6 of 10

Classical Cryptography

  • Three related ciphers:
    • Caesar: Shift each letter in the alphabet by a fixed number, wrapping around if necessary
    • Vigenere: Like Caesar, but change the shift according to a predefined key, repeating the key if it is too short
    • Vernam: Vigenere, but the key is as long as the message
  • Substitution
  • Advantages/disadvantages of each?

7 of 10

Cryptanalysis

  • Letter frequency
    • Relative frequencies of letters are preserved by substitution
  • Crib dragging
    • A known plaintext can reveal some or all of the key (will demo later)
  • Kasiski examination
    • Relies on repeated text being encrypted with the same key letters
    • Mostly superseded by Index of Coincidence
  • (Normalized) Index of Coincidence
    • Measures the probability that two randomly selected letters will be the same
      • Encodes relative letter frequency into a single number
    • Gives an indicator for whether a text is in English (or some other language)
    • Preserved by substitution

8 of 10

A New Operation

  • Fundamental operation of classical cryptography
    • Turn letters into numbers by finding index in alphabet
    • Encryption: a+b mod 26 (mod for modular arithmetic, clock arithmetic)
    • Decryption: a-b mod 26
  • XOR
    • Turn letters into numbers using ASCII (alternative link)
    • Encryption: a⊕b
    • Decryption a⊕b
    • (this is addition AND subtraction mod 2)

9 of 10

XOR Variants of Classical Ciphers

  • Caesar → One-byte XOR
  • Vigenere → Multi-byte XOR
  • Vernam → One-Time Pad
  • Cryptanalysis still works!
  • Demo: Half and Half (ångstromCTF 2019)

10 of 10

Try it yourself!

  • https://blairsec.clamchowder.repl.co/classical/
  • Tools
    • CyberChef
    • quipqiup (for substitution ciphers)
    • Rumkin (has lots of classical ciphers)
    • dcode.fr (this tool sucks but some low quality CTFs will pick random ciphers from this list)
  • Next week: How do we exchange key material securely?