Symmetric Key Cryptography

00:01

all right so today's topic is very

00:04

important which is called block ciphers

00:06

so we have seen the historical ciphers

00:09

so we understand why we need to replace

00:13

a pair of characters instead of a single

00:15

character right because it is easy to

00:17

break by using statistical techniques

00:20

like frequency analysis now uh we are in

00:24

the modern AG so instead of uh

00:26

encrypting pairs of characters we are

00:29

actually going to pairs of bites right

00:31

because we are dealing with zeros and

00:33

ones so first we have to agree on the

00:36

encoding okay in order to people or to

00:39

device to communicate they have to agree

00:41

in the language right so here encoding

00:44

is what we are going to tell it so

00:46

historical sers mostly operate on

00:48

letters since they are pen and paper

00:50

methods when working with digital data

00:52

we can represent letters number symbols

00:54

Etc a string of bits right thus the

00:58

communicating parties must first agree

01:00

on an

01:01

encoding this is why we have standards

01:03

right ask is the best known because it

01:05

is American Standard but generally we

01:08

prefer utf8 because ASI doesn't contain

01:11

the some of special Turkish characters

01:14

right so for this reason we cannot use

01:16

directly ask this is why years ago most

01:19

probably you remember whenever you chat

01:23

in a video game or in the general uh

01:26

chat program you could when you press a

01:29

Turkish character and send it you will

01:31

see a different symbol there this is

01:33

because of asky table okay they were

01:35

using asky okay so let me show you uh

01:41

the full ask key table so since we are

01:44

representing data as bits you know

01:47

Gathering bits together allows you to

01:49

represent more characters like because

01:51

with a single bit you can represent zero

01:53

or one so you can only represent two

01:56

character right you can say a is zero

01:58

and B is one and that's it but your

02:00

alphabet has more letters right so you

02:02

have to use

02:04

more uh bits so if you use two bits 2 to

02:09

the two is four so you can represent

02:11

four characters right so this way

02:13

actually if you look at the powers of

02:14

two you will realize that the switch

02:17

spot is something like seven or eight

02:19

because 2 to the 7 is

02:20

128 which is enough actually this part

02:23

of the table is 2 to the 7 which gives

02:27

you 128 characters

02:31

but if you add one more bit and make it

02:34

eight bits you can actually represent

02:37

two to

02:38

256 different characters right we are

02:41

starting from zero so this is why we end

02:43

up with

02:44

255

02:46

so first you have to agree on the

02:48

encoding and here as you can see uh

02:52

capital letters and then small letters

02:54

appear here we have the numbers and so

02:57

on and so forth at this extended part we

02:59

have have more Latin characters that are

03:01

used especially in French right but as

03:04

you can see we don't have some special

03:07

Turkish characters like sh or soft G

03:11

right this is why we cannot use it also

03:14

this picture shows explains one of the

03:17

problems when you see a list in a

03:20

Turkish web page or a database however

03:22

if your name starts with ch like

03:26

here and when you see a alphabetical

03:29

list you would expect to find your name

03:32

after C right but sometimes you don't

03:36

appear there the all alphabet ends with

03:39

the name Z and then you appear below it

03:42

this is because

03:43

128 is larger than these numbers okay

03:49

this is the whole reason they are using

03:50

asky table so CH comes a lot later than

03:54

Z this is the whole reason so this is

03:57

wrong database design if if you are

03:59

allowing Turkish characters then you

04:01

should be using a different encoding

04:03

this is the whole Li but here I'm only

04:06

talking this to say that we are going to

04:08

work on bits and we have a method to

04:11

represent every character in terms of

04:13

bits okay we agree on that then we will

04:15

talk about how we encrypt them okay

04:18

so in our case a single bite is 8 Bits

04:23

you know 1,24 by is 1 kiloby and so on

04:27

and so forth but uh we have very length

04:30

input in our cases for instance we are

04:32

going to encrypt maybe one megabyte or 2

04:34

terabytes we should have a method to do

04:37

that right block cers can do that this

04:39

is the whole idea

04:41

so let's remember where we are and then

04:44

we are going to talk about how block

04:47

ciphers work so as I mentioned before

04:49

cryptography solves a lot of problems

04:51

for the case of confidentiality which is

04:54

our current topic today we can provide

04:59

confidence confidentiality by encryption

05:01

algorithms like blog sers stream cers

05:03

these are symmetric key encryption

05:05

algorithms or you can use public

05:07

encryption algorithms like RSA or algama

05:10

which will'll be talking Weeks

05:12

Later nowadays we are we have

05:15

authenticated encryption algorithms

05:17

which provide both confidentiality but

05:20

also data

05:22

authentication also you can provide data

05:24

authentication with hash functions

05:26

message authentication codes moreover

05:29

you can obtain anti authentication with

05:31

digital signature zero knowledge proofs

05:34

or with digital signatures we also solve

05:36

the problem of origin non reputation so

05:39

this is actually the small picture of

05:41

all cryptography it doesn't contain

05:43

everything in order to talk about

05:45

everything in cryptography actually the

05:47

picture has to be a lot larger because a

05:50

lot of things are missing in this

05:51

picture like postquantum cryptography

05:53

full homomorphic full homomorphic

05:56

encryption multiparty computation

05:58

Randomness and so on and so forth so it

06:00

is a huge list and we are going to

06:03

actually cover almost everything that is

06:05

in this picture and some more

06:09

okay so let's talk about cryptographic

06:13

algorithms some algorithms use key and

06:16

some do not for instance cryptographic H

06:18

functions are keyless algorithms so you

06:20

don't have a secret information that is

06:22

shared between parties but for the case

06:25

of encryption we need keys so that

06:28

communic parties can agree right or for

06:31

also for message authentication and so

06:35

so we divide these key algorithms as

06:37

symmetric and asymmetric or secret key

06:39

and public key in the secret key case

06:43

secret key algorithms use the same key

06:45

material for both encryption and

06:46

decryption hence the name symmetric key

06:48

cryptography there are three types of

06:50

algorithms in this category blog ciphers

06:53

which is today's topic stream sers and

06:56

another way of encryption and message

06:59

authentication C this is not an

07:01

encryption algorithm as I mentioned this

07:03

is for data authentication okay here

07:06

you're not encrypting anything but you

07:08

are proving that the data didn't change

07:12

after you the person received okay so we

07:16

will see all of

07:18

them although these algorithms look very

07:21

different like log ciphers stream

07:23

ciphers they can actually uh in order to

07:26

understand one of them you have also

07:28

need to know the other so you cannot

07:30

simply learn block cers without learning

07:33

steam ciphers or hash functions and so

07:35

on so block ciphers and steam ciphers as

07:37

I mentioned are encryption Primitives

07:39

while the message authentication code is

07:41

used for data and data origin

07:45

authentication however as I mentioned

07:47

these topics are not completely

07:49

unrelated we can use a block CER to

07:51

build a b stream CER and the message

07:54

authentication code even we can turn a

07:57

block Cipher into a hash function

08:00

okay there are methods for that which

08:01

we'll be talking about when we talk

08:03

about HH functions a symmetri key crypto

08:06

system

08:07

part is uh relatively new compared to

08:10

symmetric key crypto systems because

08:13

symmetric key crypto systems actually

08:15

dates back to the invention of the you

08:17

know maybe the letters right but

08:19

asymmetric key cryptography thanks to Dy

08:23

Helman uh became famous around

08:28

1976 so there are different types of

08:30

algorithms here one of them is key

08:32

agreement algorithms like def key

08:34

exchange algorithm so this is important

08:36

because in key crypto systems we start

08:39

with the assumption that communicating

08:41

parties both securely shared the secret

08:44

key between each other right so they

08:47

need a secure channel to do that in the

08:50

key agreement algorithm we will do it on

08:52

an insecure Channel this is the nice

08:54

thing okay the whole internet actually

08:57

works with this principle okay okay and

09:01

imagine that you are adding a new device

09:03

to a network right so you initially want

09:06

to start communicating in an encrypted

09:08

way but you don't know other devices yet

09:11

so this is very very

09:14

important we have public encryption

09:16

algorithms like RSA or

09:19

ALG uh we have digital signature

09:22

algorithms like DSA which is digital

09:24

signature algorithm or standard DSS or

09:28

you can use the elliptic curve version

09:30

and you have ecdsa elliptic curve

09:32

digital signature algorithm which is

09:35

again very important and all Bitcoin or

09:38

cryptocurrency transactions are actually

09:40

elliptic C digital signature

09:43

okay so these are important

09:47

topics so let's remember the basic

09:49

definitions and terms we are going to

09:51

talk about the cipher or a crypto system

09:54

both are the same in my case but Cipher

09:58

is translated into Turkish in a wrong

10:01

way because whenever we say shifra which

10:03

is the Turkish translation of Cipher

10:06

actually people talk about

10:09

passwords okay here we are talking about

10:12

crypto systems this is

10:14

important so that mistake is actually

10:17

originating from maybe aund years ago

10:21

because whenever there's something

10:23

unknown people refer it to as shifra

10:26

Cipher but actually it is not so here

10:29

I'm going to talk about Cipher text in a

10:32

second we also call it the shif and so

10:35

so it is not in Turkish the there's a

10:37

confusion and I hope at one

10:40

point uh it will be corrected by

10:44

authorities okay so what is a crypto

10:47

system PL Tex is what you want to

10:49

protect so PL Tex can be an SMS message

10:51

a WhatsApp message a file in your

10:54

computer or your voice while you are

10:56

calling somebody and you're talking okay

10:59

so that is the plain text that is the

11:00

thing that you want to

11:03

protect a crypto system or a CER is just

11:06

a pair of algoritms that convert plain

11:08

text to Cipher text and back okay so a

11:11

cipher is not something that you can

11:13

press on your phone buttons and enter

11:15

that's is password okay this is cipher

11:18

so Cipher text is the encrypted version

11:21

of the plain text and Cipher text should

11:23

appear like a random sence so this is

11:25

the idea you have a plain text you want

11:28

to communicate or store that data but

11:31

you don't trust the medium that you are

11:33

using the communication Channel we

11:35

always assume that is insecure okay so I

11:39

need an

11:40

algorithm which we call encryption that

11:43

turns this plain text into Cipher text

11:45

which looks like just random zeros and

11:47

ones so in the communication Channel you

11:51

send this data and people receive that

11:54

every enemy or other people can listen

11:58

to this Communication channel and obtain

12:00

this but you still feel secure because

12:03

you know that if your algorithm is good

12:06

nobody can learn anything about the

12:08

plain text just by looking at the cipher

12:11

text okay but when you're the person you

12:14

want to communicate receive the cipher

12:16

text they have the decryption algorithm

12:19

and the secret key that they can decrypt

12:21

that is the whole idea

12:24

okay this is the nice thing so in the

12:26

symmetri key crypto systems you have a a

12:29

secret key and this is used for both

12:32

encryption and decryption sometimes you

12:34

use the identical key for encryption or

12:36

decryption sometimes you use in a

12:38

reverse order but important thing is

12:41

that encryption and decryption algorithm

12:43

are identical or closely related or if

12:46

we want a more scientific term we say

12:49

that one can be obtained from the other

12:51

in polinomial time okay in public key

12:53

cryptography this won't be the case Okay

12:56

because everybody will know the public

12:58

key and they will be allowed to encrypt

13:01

any message and sent to you but only you

13:03

have the private key where you can

13:05

decrypt it okay that's completely a

13:08

different scenario so symmetri case you

13:11

have to securely share this key between

13:14

parties before you want to communicate

13:16

maybe meet in person you know write it

13:19

into a paper and give it to them and so

13:22

but

13:24

uh however you do it we assume that the

13:28

both party have the secret key and also

13:31

this is the only thing that we keep

13:32

secret okay we don't care if the

13:35

algorithm is lost I mean if enemy knows

13:39

the this encryption and decryption

13:40

algorithm we don't care actually this is

13:42

casual principle saying that it should

13:45

be freely uh left to the uh enemy okay

13:50

we do we don't care as long as your

13:52

secret key is kept secure and secret

13:56

then enemy knowing everything about

13:58

about the algorithm shouldn't be a

14:00

problem and this is actually how modern

14:02

cryptography works because we have all

14:05

of these algorithms encryption and

14:07

decryption algorithms completely

14:09

detailed in the standard so you know how

14:12

the algorithm works it is not a secret

14:15

okay so how the block ciphers work block

14:18

ciphers operate on B bit blocks of data

14:22

so it is

14:23

fixed plain text is divided into b-bit

14:26

blocks each block is encrypted by secret

14:29

key K to produce B bit

14:31

output output blocks form the cipher

14:34

text so this is the whole idea instead

14:36

of working with a variable length data

14:38

you divide it into B bit blocks and then

14:41

work on

14:42

that th if you look at it in a

14:44

mathematical way a block Cipher and the

14:47

key you choose is actually a permutation

14:50

from 2 to the B elements to the two to

14:52

the B elements okay because you are your

14:56

input is bbits and you are mapping it to

14:58

to another bbits okay so you are

15:01

actually your input space is two to the

15:02

B output space is the same you are

15:05

mapping actual elements to each other so

15:07

this is just a

15:09

permutation nowadays we choose b as 64

15:12

or 128 depends actually on the use case

15:16

sometimes you can even choose as small

15:18

as 32 in some lightweight ciphers but if

15:21

you choose the block size as small as

15:24

that recall our historical ciphers we

15:26

said that you know replacing one bit

15:29

sorry one character with one character

15:31

didn't work due to frequency analysis

15:33

right so if you're choosing your bs32

15:38

bits divided by8 this means four bytes

15:41

right you are replacing four byes with

15:42

four bytes so as you can

15:45

imagine uh it is not that hard to attack

15:49

that kind of thing also you have to you

15:51

shouldn't be using that uh

15:54

Cipher for a very long time because

15:56

attacker May capture a lot of Cipher Tex

15:59

and pl Tex which actually covers the

16:01

whole Space so block size should be

16:04

large 64 is acceptable but generally we

16:08

use 128 so secret key size today we use

16:13

for instance Advanced encryption

16:15

standard allows three choices

16:18

128 this is for personal use so as a

16:22

individual person you shouldn't be

16:24

accepting any algorithm that has

16:27

security less than one 128 bits okay but

16:31

if you are military you should be using

16:33

256 bits and shouldn't accept anything

16:36

less

16:37

standard so you might ask what is the

16:41

point for 100 9 to2 nobody using it okay

16:45

so either choose this or CH choose that

16:47

you know I mean in libraries it is

16:49

implemented but nobody is using okay

16:52

even in papers when we obtain results

16:54

for all three cases we provide them in

16:57

the paper for 128 and 256 and put 192 K

17:03

in the appendix because of the page

17:06

limits okay so let's go back to our

17:10

initial claim I said that this is a

17:12

mapping from 2 to the B elements to the

17:14

two to the B element so this is just a

17:16

permutation so question is how many

17:18

permutations can you have and this

17:21

number is really huge you can have 2 to

17:23

the B factorial permutations mapping 2

17:27

to the B elements to the 2 to the B

17:28

elements and this number is really

17:31

really just imagine b equal to 128 right

17:34

2 to the power of 2 to the B is a huge

17:37

number so there are a huge number of

17:41

permutations but when you design a block

17:44

CER and when you choose a key you are

17:47

actually choosing a small sets from this

17:49

huge sets Okay so a block Cipher will

17:53

provide only a tiny fractional of all

17:56

these available permutations for typical

17:59

values of B and K namely 2 to the K so 2

18:02

to the

18:04

128 is a very small number compared to

18:07

two to the 2 to the

18:09

120 right so there are a huge number of

18:13

permutations in which looks like

18:16

Infinity a huge space so you're are

18:18

trying to design a cipher which actually

18:20

chooses a good subset of it for security

18:25

for any chosen key we expect a good

18:27

block Cipher to act like as if it is a

18:30

randomly selected permutation so encrypt

18:33

analysis this will make more

18:36

sense even more we expect no relation

18:39

between permutations that are obtained

18:41

by keys that are related

18:43

somehow we will return to this when we

18:46

are talking about related key Crypt

18:48

analysis but here the IDE is as follows

18:50

so you design the block Cipher you chose

18:53

a key so this key and the cipher

18:55

actually Maps two to the B elements to

18:57

the two to the B element right this is a

18:59

permutation if you make a small change

19:01

to your secret key maybe flipping the

19:03

rightmost bit let's say then it will

19:06

give you a completely different

19:08

permutation there shouldn't be a

19:10

relation between these two cases okay

19:12

that is the idea and if there is such a

19:15

relation then we can perform a related

19:17

key attack which breaks the system

19:20

okay so before moving on to uh examples

19:25

and see what kind of ciphers we have to

19:28

today we have to understand how we

19:30

design them or what makes a block

19:33

ciphers a good Cipher so there are some

19:36

abstract Concepts and there's not an

19:39

actually

19:40

a mathematical way to actually show that

19:44

this uh Cipher is good or not currently

19:46

what we are doing is when we design a

19:49

cipher we actually try to break it with

19:51

every non Crypt analysis techniques and

19:53

see if it is secure or not okay you

19:56

cannot prove that it is secure maybe one

19:58

year later somebody may come up with a

20:01

new crypto analysis technique and break

20:03

the

20:04

cipher so let's look at this abstract

20:06

Concepts K Channon is considered as the

20:08

father of information Theory and

20:10

contribut to the field of Crypt analysis

20:12

for USA defense during World War II his

20:16

Landmark paper communication theory of

20:18

secrecy systems introduced the t ideas

20:20

of confusion and diffusion for practical

20:22

Cipher design so we will be talking

20:25

about sboxes permutations and so on all

20:28

those come from these confusion and

20:29

diffusion ideas okay our aim is to

20:32

provide confusion and

20:34

diffusion confusion is defined by him as

20:37

follows to make the relation between the

20:39

simple statistics of the cipher text and

20:41

the simple description of the key a very

20:43

complex and invol

20:45

one and for the diffusion the

20:48

statistical structure of the plain text

20:50

which leads to its redundancy is

20:51

dissipated into long range statistics in

20:54

the

20:55

cryptogram so note that this concept

20:58

concepts of confusion and diffusion are

20:59

not measurable Concepts they're absolute

21:02

Concepts right they're abstract so must

21:06

try to give alternative definitions for

21:09

this so confusion the cipher T

21:11

statistics should depend on the plain T

21:13

statistics in a manner too complicated

21:15

to be exploited by the Crypt

21:18

analyst diffusion each digit of the pl

21:21

text and each digit of the secret key

21:23

should influence many digit of the cyer

21:25

text so these definitions are a lot

21:27

better or easier to understand let's say

21:30

because our aim is to you know map bbits

21:33

to bbits right so by confusion we are

21:36

trying to design it so that by looking

21:38

at the cipher text for instance last

21:41

bite of the cipher Tex this shouldn't

21:43

give you an idea about the last bite of

21:45

the pl text right you are causing a

21:47

confusion so you are

21:50

actually making some modifications like

21:52

substitutions so this try creates a

21:55

confusion but if you work on bytes for

21:57

instance then you'll be working on

21:59

individual B right diffusion says that

22:02

if you make a small change of one part

22:04

of the cipher like one bit it should

22:07

affect as many bits as possible so this

22:11

is the whole idea

22:13

actually uh in terms of mathematics when

22:16

we assume that you have a plain text and

22:18

we encrypted and obtain a cipher text so

22:21

if you flip one bit of the plain text we

22:24

actually expect half of the cipher text

22:27

bits to be changed this is the actually

22:31

uh how we Define it

22:35

okay