Cryptography

wherein the Alice-Bob subplot develops

Textbook: Another chapter that isn't there.

STARRING

Alice	Bob	Eve	Spot

Prologue: Alice and Bob want to talk. Clever, evil Eve wants to eavesdrop. Alice and Bob wonder what to do.

(This is especially a problem on the Internet, where your very own personal packets go through the computers of people you don't even know.)

Modulo arithmetic review

x mod N is the remainder when x is divided by N.
(In Java: the % operator.)

For addition, this gives wrap-around behavior.

                {  x + y     if x + y < N
(x + y) mod N = {
                { x + y - N  otherwise

Subtraction inverts this.

                {  x - y     if x - y >= N
(x - y) mod N = {
                { x - y + N  otherwise

Note:

[(x + y) mod N - y] mod N = x

Private-key cryptography

Alice and Bob agree on a key K in private. Now they can talk aloud, encoding messages with the key.

Drat!

Fine, but what's a key, and how can we use it?

The Shift Cipher

Alice and Bob agree on a number K between 0 and 26. (Say 4.)

Alice adds K to (the ASCII value of) each letter mod 27:

   I _ D O
-> M D H S

Bob subtracts K (mod 27) from each letter received:

   M D H S
<- I _ D O

But since computers are fast, the number of possible keys needs to be very big; bigger than 26 anyways.

Kaptain Krunch Secret Decoder Ring

Arr!

Try a shuffling of letters (a substitution cipher). Alice and Bob agree on the mapping as their key:

original     _ A B C D E F G H I J K L M N O ...
destination  @ A X J E W U I D C H T N M B R ...

Alice maps her message using the mapping:

   I _ D O
-> C @ E R

She sends, ``C@ER.'' To decrypt, Bob reverses the mapping:

   C @ E R
<- I _ D O

This is better: we now have 27! possible keys (about 10²⁸).

But Eve's clever!

Any long English messages can be decoded by analyzing letter frequency.

The letter occurring most is probably an `E'!

Newspaper cryptograms show how easy breaking Kaptain Krunch's code is.

Shiver me timbers!

What do we want?

If, for every possible encrypted message X,

Pr[X is encryption]

is same regardless of original message M, we have achieved perfect security.

(The probability here is over choice of random key K.)

This has not been true of the codes we've seen so far.

Alan Turing was involved. We'll be seeing more of him.

How can we do it?

Say Alice and Bob agree to a (long) series of random numbers between 0 and 26:

   2, 23, 20, 8, 16, ...

To encrypt, Alice adds numbers to corresponding letters:

   I    _    D    O
 + 2  +23  +20  + 8
 ---  ---  ---  ---
   K    W    X    W

Bob subtracts to get original:

   K    W    X    W
 - 2  -23  -20  - 8
 ---  ---  ---  ---
   I    _    D    O

This is called the one-time pad. (Since you never reuse any of the random numbers.)

Does it work?

What is probability that encryption is KWXW if original is I_DO, for random key?

What if original is NOPE?

Drat!

Public-key cryptography

Often Alice and Bob can't communicate a key in advance in private. This is a job for public-key cryptography.

Now Bob has two keys, one (P) published, one (K) kept secret.

A message encrypted with the public key P can only be decrypted with the private key K.

Alice gets P from Bob's website, encrypts a message, and sends it to Bob. Bob uses K to decrypt the message.
Eve can easily get P, but she still cannot decrypt the message!

Drat!

(It's kind of surprising that this kind of scheme can work at all!)

RSA Cryptosystem

The most popular public-key cryptosystem is RSA (Rivest, Shamir, and Adleman). (PGP is one implementation of it.)

In RSA, the public key P is a product of two very large prime numbers. The private key K uses the two primes.
(So if you could factor P, you could break the code.)

So RSA is not as secure as one-time pad.

But after 2,500 years of looking, we still don't know a fast factoring algorithm.
So it's probably computationally irreversible in practice.
This is a form of complexity-theoretic security.

Interesting historical note:
The US Government tried to prevent the export of crypto systems in the 1990s by classifying them as "munitions"!
I have a t-shirt that was made as a protest against this.
But there's always someone crazier than you...

Cryptography Applications

Private-key
Public-key
Signatures
Special-purpose:
- voting
- bidding in auctions
- sending cash over the Internet

One example: Communicating an average

Alice, Bob, Krunch, and Spot just got their test grades.

95	88	82	50

They want to know their average score, but nobody wants to reveal their grades. What can they do?

The Algorithm

All behave the same.

Bob chooses r_BA, r_BS, r_BK randomly between 0 and 400. He calculates r_BB so that
```
  (rBA + rBS + rBK + rBB) mod 401 = Bob's score (88)
```
He privately sends r_BA to Alice, receives r_AB.
He sends r_BS, receives r_SB.
He sends r_BK, receives r_KB.
Compute
```
  cB = (rAB + rSB + rKB + rBB) mod 401
```
Give c_B to everybody, get c_A, c_S, and c_K.
The sum of all scores is (c_B + c_A + c_S + c_K) mod 401. Divide that by 4.

Why does it work?

 
              sends to whom
who     Alice  Bob   Spot  Krunch score
Alice   135    240   301   221      95
Bob     285    363   109   133      88
Spot    135    300   334    83      50
Krunch  132      5   230   116      82
total   286    106   172   152     315