 So this topic is called classical encryption techniques because we're going to introduce encryption, what do we mean by encryption, and the way that we'll introduce that is look at some very old techniques for encryption. Very old, very easy to do examples with, but we'll use these very old techniques, these classical techniques to illustrate the key concepts used in current encryption techniques, which will be in the next topics. Before we go through some specific encryption techniques, we'll just talk about the terminology in general, what do we mean by encryption, and what are the approaches. So we commonly use encryption to provide the service of confidentiality. I want to keep my data confidential, two ways I want to keep it, or two locations I want to keep it confidential, I want to keep the data confidential at rest, we say at rest on my computer, let's say I save a file on my computer, that computer can be accessed by other people, I don't want them even if they can access that computer to access the contents of that file, so I encrypt the file, and the other way is we want to keep the data confidential in transit as we send it across a network. So I send a file or a message across a network, I don't want people to intercept that message and be able to see the contents, so I encrypt it before I send it. And to do that, we need to understand what encryption does. So we want to make sure that our confidential information is not made available to unauthorised individuals. We want to make it available to some people, usually one other person in the simple model, but other people cannot access it. So there's no need, no use to encrypt something such that no one can ever read that message again. That's not what we'll call encryption. We need to be able to encrypt something such that some people can read the contents, but others cannot. Well, what we do, we encrypt the original data, we assume that anyone can see that encrypted form of the message, but the algorithm that we use to encrypt that original data should be such that only authorised people can decrypt and see the original message, the original data. So we need to talk about what algorithm can be used to do this, and how can we indicate who's the authorised individual. So this is, encryptions used for both sending data across a network, I encrypt before I send, and for storing data on a computer system, storing a file for example on my hard disk. So the general model we'll use, we'll talk about the model from the perspective of sending across a network, but it applies also of storing on a disk, on a computer system. We assume there are two users, A and B. A wants to send a message to B, and A knows the contents of the message, A creates the message. They want to send it to B such that B can read the contents of the message, but they don't want anyone else in the world to be able to read the contents of the message. So that's what our aim here, A wants to send a confidential message to B. Well, we'll introduce instead of looking at anyone else in the world, let's assume there's an attacker, user C in this case, and we'll assume when A sends something to B, we'll assume the attacker can somehow intercept that message and read anything that's sent from A to B. So whether it's using some interception of the wireless link or they've tapped into a hardware line or they've gained access to a server or a router in the network, somehow the attacker can see whatever is sent from A to B. That's our assumption. So what we do is that we start with a message that A wants to send, and here we'll introduce some terminology. The original message we'll call the plain text, some text. And it's in its plain form. So that's the original message. A wants to send this plain text message to B. They can't just send it because if they just send it, the attacker will be able to intercept and see the message. And our aim is such that the attacker cannot see the message. So what they do is they take the plain text and they encrypt that. And when you encrypt plain text, the output of the encryption will call ciphertext. We encrypt, in another word, we say we encypher. So it's called the ciphertext. And to indicate who is allowed to decrypt, we'll use not just the plain text as input to the encryption, we'll use a key. I'll denote here key one in general. So what A does, they have some key, some information that we'll call a key. They have a message they want to send. They use some algorithm, an encryption algorithm, to encrypt that plain text and the output will be the ciphertext. And they send the ciphertext to B, not the plain text. When B receives that ciphertext, assuming they know the algorithm being used for encryption, they can then apply the corresponding decryption algorithm. And in all of our studies, we'll assume that A and B know the algorithm being used. We'll see that there are different algorithms. But assume that they're using the same one. So what the user B does, when they receive ciphertext, they will apply some decryption algorithm and they'll use as input a key. I denote here key two, because it may be different from key one. It may be the same or it may be different. And the algorithm must be such that what comes out is the original message, the plain text. So the encryption algorithms must be designed such that if we encrypt the plain text with some key and get ciphertext, if we then decrypt that ciphertext with a key, we must get the original plain text. If we don't, then the algorithm doesn't work correctly. The security feature is such that the encryption should be so that the ciphertext produced, which will be intercepted and learned by user C, the attacker, it should be such that the attacker cannot decrypt the ciphertext unless they know the key. And it should be hard for the attacker to find the key. So the key that's used for decryption will be important part here. We'll assume that originally the attacker doesn't know the key. If they do, they can decrypt easily. What we need to do is design encryption and decryption algorithms such that given the ciphertext and the algorithm, the attacker cannot find the plain text if they don't have the key. And they cannot find the key from the ciphertext or the algorithm. If the attacker cannot decrypt the ciphertext, they cannot get the original plain text. And therefore, we've provided data confidentiality. So that will be our general model for encryption. But it turns out there are two different approaches to subsets of this. And they differ by the keys used. The first approach we'll look at in this course is where both the encryptor and decryptor use the same key. Key one and key two are the same value. Another approach we'll see later is when they have different keys. If they are the same keys, we say that the keys are symmetric. They're the same, they're symmetry in the keys. If they're different, we say the keys are asymmetric. And we'll talk about symmetric cryptography or symmetric key encryption and asymmetric key encryption. So for now, some terminology we've introduced. Plain text is the original message. Ciphertext is the encrypted or sometimes we call coded message, the output from the encryption. Encryption is the conversion from plain text to ciphertext. It's sometimes called encyphering, but in this course I'll refer to is encryption. And decryption is the opposite. Take the ciphertext, get the plain text. The key information is used in the cipher, so what's the cipher? The cipher is the algorithm used for encryption and decryption. So there are different algorithms, different ciphers. And we'll study some of them. The key we saw is used both in the encryption and decryption. And sometimes the key may be known only to the sender or receiver. We'll see some different variations. Cryptography is the study of algorithms used for encryption. So the term cryptography means we're gonna study those algorithms, how they work and how they can achieve our aims. Cryptanalysis is the study of techniques for defeating the algorithms, for breaking the algorithms. Cryptology is the combination, the combined areas of cryptography and cryptanalysis. So this course is about cryptography. We're gonna look at some of the algorithms for encryption. And as we go along, we'll look at some of the weaknesses and the ways for defeating those algorithms, cryptanalysis. Let me just see where we can stop before we have a break. In the first technique for encryption we'll use, we'll assume both the sender and receiver use the same key. And the concept's quite simple to think about. The sender encrypts something using a key. They give the key using some other mechanisms. They give the key to the receiver, so they both know the key. No one else knows the key. Anything encrypted using the key can be decrypted using that same key. If you don't have the key, you cannot decrypt any ciphertext. So that would be the normal mode of encryption that we'll use. The key used by the sender and receiver is the same. It's symmetric. It's called symmetric key encryption. For this to work, we need a good encryption algorithm. We say a strong encryption algorithm. What that means is that if the attacker knows the algorithm, they know the exact steps used to encrypt, they know the ciphertext. Then they still cannot get the key or plain text. So if we give the attacker this ciphertext, we give them, here's the algorithm I used. If they don't know the key, it should be hard for them to find the key or the plain text. If it's easy for them to find the key or plain text, we say it's not a strong algorithm. It's a weak algorithm. We need strong algorithms. And we'll talk about how can we measure the strength later. And if we use symmetric key encryption, both sides use the same key, then it's important that that key is kept secret. Because anyone who knows the key can decrypt. So if it's not kept secret, then we lose the security of our system. So it's also called secret key encryption. When we talk about symmetric key encryption from now on, we'll assume that the cipher or the algorithm is known by everyone. That is, the user A knows the encryption algorithm, knows what algorithm to use. User B knows it, and user C also knows the algorithm that they're using. So we'll assume that the cipher is known by everyone. And we'll assume that the key is known only by the intended users, A and B, for example. And somehow, they distributed the key to each other. And that will be an important issue that comes up as we go through encryption techniques. How do we get a key from A to B? Such that no one else learns that key. We'll see that with some of the issues as we go through different ciphers. How do the algorithms work, such that we can encrypt and decrypt, such that it's hard for the attacker to get the plain text? The operations used in different encryption ciphers use two basic techniques, substitution and transposition. Substitution is quite simple. You take one element of your plain text message and replace it with another from the possible set of values. For example, my plain text message is an English message. And so it's the set of elements. There are 26 possible values I can use, A through to Z, just consider lowercase. And I want to encrypt the plain text message, Steve, S-T-E-V-E. Then substitution operation would take the letter S and replace it with one of the other or one of the 26 letters. It could be S again or it could be one of the other 25 letters. That's what substitution is. Replace one element in the plain text with another possible value. Transposition is just rearranging the elements. So substitution may replace S with Q, for example. Different algorithms will define how to replace it, which one to replace with. Transposition is rearranging those letters. If it's S-T-E-V-E, a transposition may result in T-E-V-S-E. Rearrange those five letters. The same five letters are in the output, but they're just in different positions. Replace one with something else or rearrange. These operations are used in most or in the ciphers that we're going to study for symmetric key encryption. In the very simple ciphers and the very complex ciphers used today. The product system really combines not just a substitution or transposition. It has a substitution, a transposition, and then again, multiple substitutions and transpositions. So we'll see those operations come out in the classical ciphers and then see how they're used in the real ciphers. We're going to focus on symmetric key encryption. We're both the sender and receiver use the same key. So key one and key two in our model were the same value. So it's also called single key encryption, secret key encryption, shared key encryption, or conventional, the original approach. But there's a different approach where the sender and receiver use a different key, asymmetric key encryption, and that's commonly referred as public key encryption. We'll see that later, maybe towards the midterm, some examples of that. And talk about why the advantages and disadvantages of each then. When we work on plain text, we'll have two different approaches. We either work on a large set of elements in the plain text, a block, or we work on one element at a time. And today in the next few lectures, we'll look at block ciphers, but we'll explain what stream ciphers are maybe in week two or three. So what I'm going to do is stop there and after the break, in 20 minutes, we'll go through an example of a very simple cipher and we'll see what is a substitution and then we'll see what is a transposition and see how encryption works and what possible attacks can arise.