By the end of today, you should:

- understand the terminology used when talking about encryption, decryption, and cryptography
- understand encryption systems that use private keys and public keys
- use public key encryption for your own communication
- be informed of the different uses of private and public key cryptography

Foundation

- What makes general-purpose encryption
*possible*is that*everything*can be represented using*bits*. This is crucially important. - Encryption just works on the bits; it doesn't care whether the bits are text, images, sound, movies, or anything else

Kinds of Encryption:

**Symmetric**or**private key**encryption. The idea is relatively intuitive, even if the implementations are complex. Examples:- Caesar,
- Vigenere,
- Enigma

The weakness of private key encryption is

*the key distribution*problem:How do you securely transmit the

*secret key*to your interlocutor so that you can securely communicate with them?**Public key**or**asymmetric**encryption. The idea is revolutionary.- Solves the
*key distribution problem* - How do you prove who you are without giving away your identity? Solved!
- Allows for
*digital signatures*, which an*amazing*technology.How can you

sign

a document without allowing others to forge your signature or to copy/paste your signature onto another document? Solved!We'll cover digital signatures next time.

- Solves the

- Alice and Bob somehow share a secret key, K, that Eve does not
- Alice composes a message, M, to Bob. She encrypts it with the
key. She sends E
_{K}(M) to Bob. - The function E is a mathematical function that maps plaintext bitstrings to ciphertext bitstrings. It doesn't matter whether the bitstring is text, images, sounds, movies, or anything else.
- Bob decrypts it with K by computing
D
_{K}(E_{K}(M)) = M and reads the message. - He can reply the same way.

- Alice creates a key
*pair*(P,S). They are*inverses*: S can decrypt what P encrypts (and vice versa). - Alice sends Bob her public key, P. She can send a copy to Eve, too.
- Bob composes a message, M to Alice. He encrypts it with P. He
sends E
_{P}(M) to Alice. - Alice decrypts it with the secret key, computing
D
_{S}(E_{P}(M)) = M and reads the message.

The trick is to come up with algorithms and key pairs where knowing P doesn't help Eve find S.

One such trick is factoring, which is the basis of the RSA
(Rivest-Shamir-Adelman method). If P is the product of
two *very* large prime numbers, and S is related to those prime
factors, Eve can only find S by factoring P.

Encryption is:

information that cannot be read without special information

the process of converting plaintext into ciphertext

the process of converting ciphertext into plaintext

the process of cracking the code with the use of a computer program

Which of the following codes is not a kind of cryptographic code?

The Caesar Code

The Vigenere Code

The ASCII Code

The Enigma Code

Assuming a Caesar code with rotation 10 and the use of the
whole ASCII
character set of 128 characters for typing a message, which of the
following numbers will represent the letter
lowercase **z** (its ASCII code is 122) in the
ciphertext?

2

4

16

132

Do you see any problem with the setup described in Quiz Question Nr. 3?

Which of the following statements about breaking the Caesar Code is TRUE?

It is secure against all but brute-force attacks.

It can be broken

**only**with the help of a computer to execute many trial-and-error runs.It can be broken with the help of ASCII encoding and the modulo operator.

It can be broken with the help of statistical analysis.

The Vigenere Cipher is more secure if:

the codeword is short

the codeword is long

a different codeword is used for every message

the codeword has a known length

Systems that use private keys are

unbreakable.

difficult to break, depending on the algorithm

difficult to break, depending on the private key

difficult to break, depending on the algorithm and private key

Which of the following statements is TRUE?

Public key encryption is

**insecure**because it needs two keys.Public key encryption is

**secure**because it needs two keys.Public key encryption is

**insecure**because everyone knows your public key.Public key encryption is

**secure**because no one else knows your private key.

For simplicity, I may just demo this on a single machine, but you can test that I'm not cheating by doing the exercise.

- Go to Herbert Hanewinkel's RSA page. (If that's down or missing, you can use this local copy.
- From the pulldown menu, choose a number of bits. This is the
number of bits that n will be (approximately), and, because factoring
n is the hard part, the bigger n, the stronger the encryption scheme.
(FYI, 2048 bits is considered barely acceptable for commercial websites, but takes 90+ seconds to compute on my office desktop computer, whereas 1024 bits takes just 5 seconds.)

- click on
generate key

- Notice how big the
Public Modulo (p*q)

is. This is the value of n. Imagine trying to factor that to get p and q! - Skip down to below the solid line to the pair of boxes labeled
plaintext

andciphertext in hex

. (Notice how you now understand whathex

means: since the encryption is going to be a long string of bits, hex is incredibly useful here..) - Type in a message (plaintext) and encrypt it. Erase the plaintext and decrypt it.

Let's make this a bit more realistic. Choose a partner (say from the
row in front of or behind you, so you can't easily look onto her
monitor, though it doesn't really matter). One of you will be
the *sender* and the other the *receiver*.

- The
*receiver*uses this customized receiver version of Herbert Hanewinkel's form to create a key pair.q - She transmits the public key to the sender. Specifically, she
sends the last field of the form above the horizontal line, the
input labeled
OpenPGP Multi Precision Integer (MPI) of Public Key (base64)

. (This is an encoding of both e and n, in one relatively compact representation.) - (For a less-realistic but faster short-cut, just use two different browsers on the same machine, say Chrome and Firefox. One is the sender and one is the receiver. You can then just copy/paste between browsers instead of using email.)
- The sender copies the packed public key into this customized public version of the RSA encryption form. She clicks on the button to unpack e and n from the public key.
- The sender encrypts her message. The message can be anything.
It doesn't even have to be private. If you're feeling stumped,
send the identity of the important character who dies
in
*Harry Potter and the Half-Blood Prince*and who kills him. This is an important secret; don't assume everyone has read the book. - The sender then copy/pastes the ciphertext into an email message and emails it to the receiver.
- The receiver copy/pastes the ciphertext into the same RSA form, above (the one that knows the decryption key) and decrypts the message.
- Verify that the message was transmitted correctly and secretly.

Notice the contrast between using public key and private key
encryption. In private key encryption, as with Caesar and
Vigenère, both the sender and receiver have the key and do pretty
much the same thing. Thus, codes like that are
called *symmetric* cryptosystems. In public key encryption, on
the other hand, the sender and receiver do very different things. The
receiver has to generate the public key that allows her to receive
messages that only she can read; the sender doesn't know anything that
Eve doesn't know. Thus, public key systems are also
called *asymmetric* cryptosystems.

Public key encryption is useful because:

it is used by people who want to keep their communication secret from the government

it is used by websites such as Google, Facebook, Tumblr, etc.

it is used for financial transactions on the web

all of the above

But, of course, the most important thing it does is solve the *key
distribution problem*.

Which of the following is TRUE:

the public key encrypts a message that is decrypted by the private key

the private key encrypts a message that is decrypted by the public key

both A and B

neither A nor B

We hope that after these activities you can:

- understand how encryption and decryption work
- understand the difference between private and publick key cryptography
- the uses of private and public key cryptography

Will be posted later, visit again after .