 All right, let's rock and roll cool Hey, everyone It's gonna start with did you miss me, but I actually don't want to hear if you didn't so I'd rather just not know Let me make sure I'm following the stream here We're all good Hello, why is technology so terrible? Okay, okay, so You take a moment. It's like who's talking that's okay. Don't need that. Okay So if you take a moment and reflect a little bit on where you are in the course Think about all the things that you've done. It's actually kind of crazy. Maybe you didn't think you could fit all that into Blah-blah-blah weeks. Maybe know what week it is 10 9 I think it's roughly 9. There's like six more weeks. So you've learned assembly Britain a web server and assembly you've Reverse engineered binaries cracked Password or a cracked Key-Gen Checkers you've performed a networking attacks Now we're gonna learn about the stuff that tries to defend against a lot of that. So we're gonna look at crypto or cryptography The first question or the first I guess statement just in case you are curious We will not be talking about Bitcoin or Ethereum or any of your favorite like cryptocurrency scams We're not gonna touch any of that stuff. Okay Good There are lots of good resources to learn about those things. That is not what we are interested in in this class We are interested in the old real definition of cryptography. So what is that? What does that mean? I think that's not true unless unless you may become a cryptographer that works for the NSA then you can get Have a good life. I don't know if they're becoming like super rich, but so what's cryptography? Hiding data keeping things secret keeping things safe. Is that something you care about? Yes, because you're sitting in a classroom or online watching somebody talk about this in a class that you're required to take So you have to care about it somewhat So if you break it down, I don't speak if anybody speaks a Greek it comes from hidden or secret writing so this is kind of actually the the Groundwork of cryptography and it's really actually and this is The really interesting thing that we'll learn is this only one aspect of cryptography is this notion of keeping something secret or hidden There's other properties that we actually want to enforce with cryptographic and cryptography Cryptographic primitives or with cryptography and so we'll see that as we go along but let's First define some terms and terminology is very helpful like what I mentioned of what we're not going to be talking about right? That's part of defining terminology of what cryptography is So we're gonna talk about encryption So if you were to what using what you know or heard already, what is encryption? Seems like a fancy word they use on a TV show like oh, no, it's encrypted Yeah, maybe Stipulating data in some such a way that the I guess I can make a great Cryptographic encryption algorithm you give me any data you want I'll give you back a bunch of zeros and now you can no longer read that data. Is that a good encryption mechanism? Yeah, it's only really good one way and then it's kind of useful because you can't ever go back, right? So the key Idea the notion that we're trying to do is with encryption of transforming a message and message here can be very very broad Transforming it so that the meaning is concealed so that that way if I encrypt something and I send it to every one of you in this Class none of you will actually know what that message means and what I'm trying to say And again what I was trying to get at the only reason encryption is useful is if you can decrypt something So that is to reverse it if you just gave me something and I gave you back zeros for everything you give me That's not an encryption function because you can't decrypt it if if you gave me those zeros back and was like Yo, I want this original message. I'd say hey, I don't know. I just I encrypt it. I don't know how to decrypt that So that's a Key aspect here. So this is like again defining terms right encryption You can think of it as we will end as we'll get to We'll look at usually what we talk about is plain text So plain text meaning the message that exists in a language that we can understand and read We transform that through some encryption process and we get cipher text So the cipher text so it should be the case that as we'll see nobody else can derive what the plain text is from that cipher text We'll see various cases where this is true or not true and in your assignment you will be actually breaking these crypto systems and Demonstrating that you can extract meaning Which brings us to our next thing a crypto system. So this is just a definition So when I say that I mean a specific type of cryptography and we'll talk about these specific things of exactly what that means We'll start all the way from very very basic ciphers that you can do and a crypto system that you can do with just pen and paper very easily To what is in modern-day? Cryptography and cryptographic systems. Oh great plain text the original message cipher texts So you can think of and you should think of Encryption as a function so it takes in plain text and what does it output cipher text and what about decryption takes in what? Cipher text and outputs Plain text. Yeah, this is a way to conceptualize and remember these concepts in these things Okay, a cryptographer is probably not you. It's also not me. I'll be very straightforward up here Maybe should have told this at the start, but that's fine I am Not a cryptographer cryptography is I don't know if it's my least favorite part of security, but I I Don't know if any of you are super mathematical people if you are I think that's excellent and you will hopefully get the underlying knowledge behind these cryptography schemes I definitely do not have enough math intuition and knowledge, but I know what cryptosystems are I know how to use them. I know what they do. I know how to attack them Even I can do that which means you can do that So You will and I'll harp on this you will probably So cryptographers usually invent new encryption algorithms There's all kinds of crazy stuff and schemes that are even now being being introduced On the flip side people that break Cryptographic systems are called crypt analysts and these are either break the algorithms Which means they break kind of fundamentally how it's done or they break the implementation Questions on this so you will be Right now you're playing the role of the Student cryptographer understanding how these algorithms work and on the assignment you'll be playing the role of the crypt analyst breaking these things All right, so we talked about this a little bit In terms of the security properties that we talked about what can cryptography give you so we talked about concealing meaning Right What of the three super important I said you should never forget this security properties Does that enforce? And you remember the acronym for those three at least CIA so which one of those does that Confidentiality exactly so and this actually like I mean they should kind of blow your mind that we can use math for this stuff Like we'll get into I think probably on monday. We'll get into public key crypto with integer Exponentiation and all this insanity that like as they were discovering this math They thought they were doing pure mathematics and it turns out it has an application That's used every day by you when you go on the internet. It's uh wild That that these parts of math allow us to do this But confidentiality is not the only thing we may want we may want Integrity so we talked about integrity cia triad What may or what things Like how could cryptography help you with something Verifying the integrity of something or why would that be useful? Let's say Making sure only authorized people can edit I would say we'll get into that. I think next we'll talk about access control that decides who does what but uh Maybe we'd want to know if somebody tampered with it. Ever you guys ever seen like a spy movie or something where they um They'll put like a hair on the door like right on the door So that that way if the door is opened the hair will fly away and they can check if that hair was there That means nobody has entered that door Let's do seen this at all or am I just making stuff up and you're just nodding along Yeah, it seems plausible Somebody could have done this once Yeah, anyways, that would be something to a measure to try to ensure integrity as we'll see there's other ways where where you can I can send a message to this whole class and you can all verify that it was exactly the message I intended to send And connor or jj weren't spoofing me and actually changing the content of that message We'll see later about authentic authentication of how we can use cryptography to authenticate. Hey, who are you? Uh, what kind of actually we'll see it in this module and finally, um, the property this is a little unintuitive, but non-repudiation I think we talked about that briefly when we talked about the security properties, but This is the notion that if I tell I don't want to use I'll use the stock stock analogy So if I tell my stock broker, hey, I want you to sell 100 shares of apple and the apple prices go up like apple share prices go up and I say them Oh, why'd you sell all my stocks? That wasn't me that sent that that was somebody else Right, so this would be a way that I could send a message to you all And you know that it was from me and I couldn't say that it was actually from somebody else Cool, okay So there's a lot of math in cryptography in general and crypto systems specifically But this stuff is very easy. This is just used in order to conceptualize and understand what are the different pieces here involved So you see fancy mathy letterings, I guess font would be the right word here of these quintuples and e d m k c if you're not a math person Don't freak out. It's okay. The stuff is very just take it thing by thing of what is what are these things? What are they trying to say? You know about sets Yes sets just groupings of things. That's all these are so M here is a set of plain text. So some crypto system has a set of plain texts a set of keys A set of cipher texts A set of encryption functions So usually we'll talk about encryption function as one thing but you can consider different types of Encryption functions. What's this notation here when I say a set of encryption functions e such that m x x m x k Arrow c. What does that mean? Yeah It's a function and what is yeah, so it's a function And what does it mean? So the arrow basically means function. And so how do you interpret the rest? m cross k essentially I treat this as a Programming function because I say I don't want to think about math. I don't think about programming because that's what I like And so this is a function e that takes in two parameters one from m a plain text one from k A key and outputs Something from c a cipher text And if you think about at that level, this is telling you the type of that function Literally like you're used to thinking about types. There's a function e Takes two returns one and you know the types of each of those things a plain text a key and a cipher text Pretty cool, right? This actually matches Similar to what we talked about as an encryption function being a black black box That you shove in plain text and you get out cipher text. Well, what was missing there was this notion of a key And we'll understand what that means in a second So d is going to be the reverse of this Where is a set of decryption functions with the type signature of A cipher text and a key and returns and outputs a plain text easy All right, that's it. Is that it did we do all of them five five? Yeah So simple there's just a formal way of defining if somebody says they have a brand new crypto system You don't have to say what does that mean you can say okay great show me these things Uh has any of you I said uh, I said you're learning to be cryptographers. Have any of you played the role of a cryptographer before? Have you invented a cryptography or a crypto system? None of you Yeah Okay, that's too advanced talking like when you were younger like I invented we my me and my friends invented something incredibly stupid to write letters to each other where uh I think it was You'd write like a paragraph or words and the first letter of each word was the actual message that you wanted to send and No, I'm the only one who's done that You guys all had phones growing up, huh? Yeah Yeah Yeah, see it's like people Ah, see okay pig latin is a good example, right? We're doing a tweak on pig latin I definitely can't do pig latin, but my neighbors could do it drove me crazy That's I had no idea what they were saying So yeah, anyways, these are things that you can do. Yeah I guess I did. Yeah, you need I guess that's step one get friends as a kid and then send messages to each other um Crazy is that this notion of cryptography and wanting to keep secrets has existed for a long time Why is this so important? So in what context let's say before computers Is keeping secrets or being able to pass secret messages not to your friends or I guess imaginary friends. You can always write a letter to your imaginary friend Why would that be useful there you have thoughts Ladder louder louder Yeah, so a military context, right? So you're telling you're a general and you need to tell your whatever is under a general your captains that like, okay, we're gonna attack At dawn, I think that's actually an example not here, but you know other stuff And so you send out messengers with that message if they get intercepted by the enemy now, they know your plans Right and you may or may not know depending on that communication mechanism if that message was intercepted But if it's encrypted in a way that they can't read it Like should you just assume that they can't read it because you speak a different language than them? Why not? Yeah, they could have translators like that would be the very first thing if you're fighting someone figure find people hire them That know that language. Yeah Yeah, or privacy. Uh, I think it was The da Vinci I'm thinking of who took notes in his notebook with his left hand and backwards So that that as a form of encryption so that other people couldn't read and steal his notes, but he could read it later Second just undone by a mirror Yeah, not the greatest encryption scheme, but maybe it's like you have to I guess having a mirror would be Assign a wealth then anyways getting on topic so crazy Is that this description of crypto system? So this is again kind of insane that like nowadays what is literally The reason why you on your laptop today can talk securely to your bank and transfer money between people is Because of ideas that were Alive back then so this is um, I think this is 56 ad So this was about the life of Julius Caesar Uh, if he had anything confidential to say he wrote it in a cipher That is by so changing the order of the letters of the alphabet That not a word could be made out if anyone wishes to decipher these and get to their meaning He must substitute the fourth letter of the alphabet namely d for a and so on with the others So this is a very simple Caesar cipher. I mean this is literally named after Julius Caesar. We call it a Caesar cipher The idea is you shift each of the letters of the alphabet in this case forward four. So if you had a Uh, if you had an a in your plain text, you would substitute a d In the cipher text if you had a b Uh, you'd have e and this alphabet is hard. So I'm not going to do all of them But uh, you would do that for each of them. What happens at the end? What do you do with z? You just say no z's No wise because it's gone off the edge of the earth. It's fallen Wraps around to the front. So you'd go down to the front. So z would go four so it'd be a b c Right pretty cool stuff and something you could do. I mean Obviously they did it without computers because they literally were doing this in 56 a b It's 56 bc. I don't know Uh So we can describe using our formalism of a crypto system this Caesar cipher We can say that m is a sequences of letters. So that's the plain text messages k Is the keys are i such that i is some integer between zero and 25. Why is it zero and 25? Yeah, because there's 26 letters. So this is how much we're shifting Is zero a good key to use in this crypto system? Why not? Yeah, because then your cipher text is literally exactly the same as your input your plain text Cool. So your encryption algorithm is uh Yeah, take all the letters from the message And do m plus k so increase Right m plus k. So take whatever the integer zero through 26 or zero through 25 of the alphabet Add k to it mod 26. What does mod take care of? The wraparound so we don't have to worry about the wraparound. That's what uh, what mod is great for And how do we decrypt not break it? How do we decrypt it? If we decrypt we know the key We know the k key k and we have a cipher text message c Say again Subtract k exactly same algorithm Or you can do 26 plus c minus k because this is more confusing I guess but your way is much better So yeah, take the cipher text subtract k. So essentially move backwards So if you knew the key was four And you got the d in the cipher text you would go c b d a four back So I know that's a in the plain text and that's how you could decrypt the message And the language the set of plain text characters is the same as the set of c characters Cool. So is this the perfect crypto system did cryptography never evolved since then? We're all just using complicated Caesar ciphers Why not? Yeah, so brute force to break it. So if you were going to break it now if you imagine what is the crypt analyst job The idea would be you get a cipher text c You do not know the key k. So can you follow this decryption algorithm d? No, because you don't know k Now if you were to break this what would you do? So somebody said brute force. What does that mean? Yeah, so try every number from zero to 25 Of the ships you probably don't need to try zero, but that doesn't matter for this You do the shift you write out what that resulting message is and how do you know when you've got the message? Yeah, but it looks like a word or sounds like a word. Yeah, it looks like it could be in the language that you care about cool Yeah, so So we talked about uh the adversary. So now you're playing the role of the adversary the attacker Why do we want to pretend to be attackers and break these systems? Isn't that mean and bad? You should just be a nice person and not break anything To test them. Why do we care about testing them? I created them. I know it's great Caesar created this. He's great Yeah, so one way would be do we know they work if we can't break it? Do we know that they work? Yeah, maybe not if we can break it if we can break it in this class. We know it's bad, right? Uh, but if we can prove that it's broken then we can demonstrate that we shouldn't use it um, so The for the crypto systems we're talking about now. We assume the adversary doesn't know the key Is this a realistic assumption? Why shouldn't we assume that they don't know what algorithm we're using? Maybe with the code we can reverse engineer it which is actually why I'm also why we looked at reverse engineering there's a lot of what uh In the past I don't know about this year's that the NSA code breaker challenge it a previous one was a Uh, some kind of software that did a one-time passcode that changed every second that you had to reverse engineer and extract and that was like A crypto thing that you were breaking um So yeah, we can extract it from the implementation Sometimes you can make a guess you can maybe guess what it is But again, what's our goal? Why are we trying to break this stuff? Yeah, to to either Show that it can be broken and we shouldn't use it right if the us Uh, if the u.s. Government was saying hey, don't worry. We've encrypted all of your secrets with a great scissor cipher You should say whoa, whoa, whoa No, thank you. I would like a real cryptographic algorithm that has been verified by site like mathematicians and cryptographers and something that's with steward cryptograph crypt analysis by attacks Because you could say I could break that that's not encryption. It's it's the scheme is fundamentally broken um And so the really the assumption here, there's a kind of underlying notion that i'm trying to get at of This concept that people uh bring up of security through obscurity So that's like my that cryptosystem that I told you about about hiding the messages in the first letter of each word If you don't know what that that that's the cryptosystem and I write plausible looking texts You may never actually identify it. That doesn't mean it's a secure system Right, so the notion should be that like if you want to convince somebody that your system is secure You can't say but i'm not going to tell you how it works Like the whole security of a cryptosystem must depend on this key And the underlying algorithm Not the fact that like hey, they don't know the algorithm So therefore it's secure because if you can break it With the algorithm, then it's definitely broken. Does that make sense? Okay, but as an adversary Even if we may have this notion of okay Uh, we know the algorithm but not the key We ourselves may have different capabilities that we can do One of the things is the scenario we just said We're on the opposing side of Caesar Our forces have captured one of his messengers and now we have a cipher text Just the cipher text will Yeah, we'll talk about in a second just want to double check that we are uh, we'll talk about how to break this Even with just the cipher text Um, so this is like the lowest level of capabilities that you can have but you can actually Intentionally give your adversaries additional capabilities. You may give them the ability to Encrypt whatever they want like a known plaintext attack So known plaintext attack is I ask the cryptosystem or somebody who's writing this. Hey, I have this message m Encrypt it for me. So you don't see the key. They encrypt it for you and then you get the cipher text So if you were trying to if somebody was offering this for A Caesar cipher And you had a known plaintext attack How would you try to figure out the key? You don't have cipher text. Yeah, you have to tell me what to encrypt. So I'm Caesar I have a key in mind You tell me what you want me to encrypt. I will give you the cipher text Yeah, so you give me a I give you t. What does that tell you? The key is whatever that difference is. I just made that up my head. Let's say d because we already got there That's four. I give you back d Now can you tell me the key Yeah, the key's four, right Correct. So they know in this case we assume the adversary knows And that they don't know the key their goal is to get the key but They have the ability not that they've stolen the cipher text, but they can get me to encrypt anything So it's actually a how a lot of every time as we'll see you talk to a web server It encrypts stuff. You may or may not know exactly how it does it or Yes, the other good example here is Often websites when they store like cookies on your browser and they want to make sure you haven't modified those They will do some encryption on there and store some Encrypted stuff. So you actually have some control over what gets encrypted there. So this is another level of attack Why is this more more capabilities than just the cipher text? Yeah, because if you only have cipher text only you didn't choose you don't know what the underlying message is But if you get to choose you maybe get to manipulate things in a way to be good for you Oh, I guess I lied. Sorry you're incorrect uh, or Our example is incorrect The third capability is to choose the plain text. The second one is the known plain text So I know what the message is, but I'm trying to break the key Why does breaking the key useful because it seems counterintuitive if I already know what the plain text is And I have the cipher text of that Then why do I care about deriving the key? Yeah, later or previously sent messages, right? Any message that was sent with that key. I could break that. I believe I need to read up on my history But I believe like the enigma machines that the germans use in world war two are changed like every day or so So when they were able to break it they could break an entire day's worth of communication, which was super valuable Exactly. So a known plain text attack, right? They knew what that was and that would give them enough stuff to try to look and break for stuff Yeah, crazy Okay, so The other thing to think about is how to approach attacking some of these things. This is um, uh The one thing the beautiful thing that you have is you know that all the assignments that we give you are Doable, right? All of these things are breaking these systems you they can be done So you can use that as a great motivating thing of like even if I can't do it. I know that it can be done um But the other thing to do is to think about how to approach attacking these things. Uh, sometimes It'll be mathematical attacks. So Like the underlying math is bad. I think that's probably what you could say about the Caesar cipher, right? I think in crypto terms, we'd probably say that the uh key size isn't large enough. The key size is only 25 characters Right, so to Do a brute force attack the adversary would only have to try 25 different things What if it was uh, I used an alphabet of two billion characters be harder to brute force right because The shifts would be uh different It's a weird example because how would you read a message with the billion characters? Well, whatever the point is the shifts um Cool, so if you're a very smart mathematician, you can find flaws by trying to understand the analyze the underlying mathematics of the crypto system and this is um It could be in how it's set up how it's configured Uh, there's a lot of like ctf attacks that deal with these kind of problems Um, I think honor can correct me But I think for most of the ones the crypto the underlying math is actually correct and fine Um, and that's actually a lot of systems nowadays They use the underlying cryptography and it's fine We'll see other ways to attack them though. So uh, one of the other classic attacks And we'll look at this on a Caesar cipher is statistical attacks. So what do I mean by statistics? Is that just like a Terrible, do you have to take statistics as a CS? Yeah, to see if we're fortunate to take it it comes up again in here. So you can be like, yes, that was useful But why? Anybody play scrabble? Maybe you know what scrabble is that's ever seen a scrabble thing before What about like wheel of fortune? Yeah Slightly more why are tiles different points in scrabble? Because some are harder to award than others. Why? Because they're not as common Yes, they're not as common every letter in the english alphabet is not as common similar on wheel of fortune when you have a puzzle you need to guess Do you guess z first? Hangman two people played hangman, right? something You're guessing what a word is based on letters Why do you not guess z first? It's uncommon. It's highly unlikely for all possible words that that word exists in here So if we know If we make some assumptions about what the underlying language is let's say it's a german message We would say they're probably speaking german if it's an english person speaking we'd probably say it's probably an english message and so We would try to examine the ciphertext and correlate properties with our assumptions so try to see okay This is actually a little way depending on the ciphertext of how you can tell we'll look at this with breaking the caesar cipher But you can break the caesar cipher without doing group force just by doing statistical analysis And you shockingly don't need that many words in order to have this be effective Okay, but let's say you're using a good Modern crypto system. These two things are impossible. Do you go home? What else is left? a wrench Because I should have that xkcd comic ready You just beat them up until they tell you the secret key It's possible. But we usually you social engineer that could be one But we kind of care more about the computers in this context Let's not beat up the computers or try to social engineer the computer So what else is left? Everything's perfect. All the software you write is perfect None of you have ever written buggy software Do you think the people that write cryptographic software is similar to you or different? They're perfect They're gods that walk among us You write perfect code No, they're not they're not different than you. They're the same Hopefully slightly better because maybe You will get better too. That's the point. It's not about where you are now. It's about where you will be So the other key thing is implementation attacks. So bugs in the implementation There's sometimes some implementations maybe will let you specify the key So you give a key of like a caesar cipher of zero and it just uses that and then now it has no encryption Has been all kinds of crazy bugs in this stuff So this is another thing that happens a lot is that implementation introduces a flaw I think I mentioned this before but also The there's timing attacks that they can do so if I give you different crypto operations But based on what data I give you and based on what the key is Causes different timings to occur. I can actually use that to derive your private your your secret key It's absolutely crazy and they've taken these attacks even further To where they could listen to the sound that your computer makes anybody have like a computer that makes sound That's like crunching data and stuff. Yeah, when it gets like hot like the they've even done it of like they put a Wall monitor to monitor the power draw on like a server And they can tell based on the power draw and extract the secret keys from the computer All kinds of crazy stuff Okay So what we looked at before The caesar cipher that we looked at is an example of what we'll call a classical cryptography The other name for this is symmetric cryptography Because there's a very important point that we didn't talk about In our caesar cipher if you and I are exchanging messages, how do we both know k? We got to tell each other It's not magic. We have to tell each other If we could tell it to each other Couldn't we just share that message Right, so the key a key notion here is that the center receiver have some Out of band way some secure way to transmit the key to each other Otherwise the adversary can just watch us when I say the key is four And then you go over there and like a great all these messages the key is four and then they'll extract them Um, but what's shocking is the caesar cipher that we used um So this is a type of cipher called the substitution cipher where you substitute one Let's say in this case character for another so we substitute a for d depending on the key This is one type the other type is transpositions moving things around And what's what's crazy to me is like modern symmetric crypto systems are all based on this Just combinations of swapping things around and moving things around They just do it a lot in ways. That's hard to go backwards, but easy to go forward Cool, okay, so we looked at this the caesar cipher So we can encrypt. Uh, so the key three Then we can encrypt hello world to k h o o r z r u o g All right, and it's kind of if you think about back in the day, this actually like does look kind of crazy because, uh I don't know. That's like a random gibberish word Okay, but when we're attacking this like we said we can just try all possible keys, but the interesting thing is doing the uh statistical analysis so What we do is compare this to the so one gram Meaning, um, like one character model of english Like how likely is this character to appear you can actually use two or three Of how likely is this character to follow this character? When would a two gram be useful for what letters or what things like what letter usually always follows another letter? English you speak english You with what? q q u right after a q. It's highly likely that there's a q Um, so if you knew that there was a q in one spot You'd be able to say confidently that there's a u in the next character Uh, yeah, so these are all the things you can use you can actually just go look this up There's like a wikipedia english like length, you know distribution of languages of english Uh here we can look at it here Uh this is from wikipedia. This is the uh letter frequency for each one So our intuition that z is highly unused is definitely correct Uh, what stands out is like e t So what we can do is If we have some cipher text that we know is encrypted with a scissor cipher So this is an example of a A fixed cipher text attack. We're trying to derive the secret message and the key So we can actually compute the frequency of each letter in this cipher text So this is probability or this is a frequency. So the most common is b h I think that's correct and maybe e in here right We compare that here and then we'd say okay So One thing we can do is uh calculate the likelihood of each key so we can actually calculate Uh I'm not going to get into this math because it's not super important We can calculate how close using statistics how close if we shifted it by one two or three Are we to this graph? And we can calculate this so we can see a shift This means the shift of 23 is uh zero five And we can see what's most likely. Oh, this is in descending order of most likely. I was wondering why it was going like that That's very weird. So we could try now rather than try root force. We can try a um Ordered list and say okay. Let's try 23 13 and 7 So we tried 23. We get something like this. Does that look correct? Nah You try 13 Although full Foublas It almost looks like it could be right except for like by gx. That seems like not something I've ever heard of 13 Ah, you should never build your own crypto seven Sumo Kind of crazy, huh? So you can build these systems up you can make them more complicated you can have a uh Rather than having one letter key you can have a multi letter key So you do shifts for each character in the key But uh But we're gonna skip all that they'll be in the slides if you really want to like dig into this stuff So in the modern in the real world When do we get out? 245 right Good. Oh cold. We're like right on time. Look at you guys. All right In the real world rather than using shifts, which are easier to conceptualize and just think about normally We use xor instead of shifts Why is that? shifts well Say they're both equally easy to shift. It just kind of depends on what you're doing. So it's it's more um Yeah, it's uh Honestly, the computers are very good at xor and less good at uh at shifts. They need to like the mod operation Requires some math xors is very easy. You can do that physically in hardware and it's very very very very very fast also it's uh That's sort of we have our commutative Anybody do math? So a xors b is equal to b xor a And if you get a xor b equals c c xor b equals a So for all of uh these examples like in class and stuff we're going to be using xors instead of shift shifts It's easy to get the concept of um Cool Also in the real world the things that happen is everyone thinks like i'm smarter I've taken a cryptography class. I've read things on the internet. I will create my own crypto system Uh, you should not do that like if anything this teaches you Do not do this. It is so easy to mess up as you'll see in the the Module challenges You're actually going to be like attacking crypto systems that use something like aes that is cryptographically secure It's just using a slight way that allows you to completely break the whole thing um, so it's incredibly easy to mess up so One of the key takeaways of this is don't do it use a good library If you have questions ask somebody or ask me I guess but I don't know it's a weird question again That's I guess three years after you take this class um Like I said, there's side channel attacks. So there's crazy attacks that can happen And when I say side channel, this would be there's a tax that use the cash on the cpu so We looked at the chip of the cpu right way back in the day when we were talking about assembly When data is pulled from memory other data gets pulled in it turns out for some cryptographic algorithms what data gets pulled in tells you something about the key and so Uh, there have been attacks where people can figure out what from one process What another process the cash is using because the caches are shared amongst processes usually And it's able to probe and figure that out in a crazy way So that they can infer what the key is. We've done some research stuff on this. It's nuts. Uh, like I mentioned timing attacks It's so easy to make subtle bad changes that really mess everything up What do you what if you're on a panel to developing newer version of something like aes? If you do that, you are an actual cryptographer So obviously if you become a cryptographer and do research in this area, then this does not apply to you If that's your job is making crypto systems, then Uh good for you, but I'm very confident to say that most of you will not be doing that and that is fine But as you'll see Cryptography comes up so much you'll have challenges in your programming and development careers where you're like, oh, yeah I want to store some data or I'm storing user data I should encrypt that so that that way people can't read it and then you develop some mechanism That's absolutely garbage and messes everything up cool so um We're going to go over the history of these things and then i'm going to demo some stuff because there's some stuff I want to show you so anyways the history of modern symmetric encryption So this idea that we have this key we've somehow shared it and i'm going to get some data and send it and encrypt it is A very active area we'll look at very slightly some of the history here So you want something that's fast Why do you want it fast shouldn't you want it to be slow? If it's fast then adversaries can be fast, right? And if the encryption and decryption is fast Then it's easy for an attacker to brute force things So if it's slow, then it'll slow them down when they're brute forcing Seems great, right? What's the problem? What? Yeah, make sure data retrieval slow make your program slow and guess what if you're as a developer have a choice between Something slow and secure or fast and insecure nine out of ten times people choose the fast and insecure if you had a choice between Fast insecure and fast secure. You should choose fast secure. It puts up barriers to adoption anyways So the history that I will go over starts at DES, which is the data encryption standard This was proposed by IBM For encrypting sensitive unclassified government information. It was standardized in 76 77 Um After tweaks from the submission after consultation with the NSA. This is like fascinating. So they were proposing this standard they kind of sent the The design to the people at the NSA And they said well switch these things around and then sent it back. So what do you think they were doing? Trying to figure out how it works and doing what why would they propose changes? because they did figure out how it works And what did they make it better or worse? security Yeah, so one way So one case would be they added they fixed a bug in it Right made it more secure What's the flip side made it less secure? Right put in something that they could break and only they could break and nobody else could break How are you to know if your IBM? You've already analyzed this you thought this thing was great And then you see changes and you think that's great too So we'll get back to that this operated on 64 bit block size so the blocks of data that encrypted were 64 bits and it had a 56 bit key. So the craze this is like Again Don't take notes on the details of this algorithm. I do not care if you memorize or understand the details here What's important is understanding what's going on and all of this data mixing that's going on here So you first have the plain text comes in There is this ip phase which is initial permutation. So all the bits from the plain text get mixed around And then those bits get fed into this f function Which then gets x-word with the I think this splits in half so the back af goes in and the other half comes out and then it Gets passed this way through f x-word for 16 different rounds of this And there's a final permutation and then finally you get the 64 bits of cyber text as output these this f Yeah So this pc1 was this crazy permutation Oh, this is the key that comes in so the key comes in And then it's like permuted in this way using that thing So like this just means like this bit over here goes over here and this bit here goes over here That gets mixed around and then these left Arrows are left bit shifts so the bits get moved around and then shifted around and then some of that 48 bits goes into here and 48 bits goes into here This pc2 is a different shift Then digging in more each of these like this half block of 32 bits that we saw gets passed into an e function Which then gets x-word with those 48 bits that were coming out of the key Those then get passed into these s boxes, which is a substitution box So each of these s1 through s8 is a table that says if the input is these bits output these bits So it's a substitution cypher just like the Caesar cypher Um, yeah, so this is the e function that does this like weird mixing and extending thing And then this final p this p here this permutation is another permutation thing Everyone good good for the test on this Just kidding that was a joke won't be any test on this Uh, and these were what I said the s boxes So each of the s boxes has different substitutions to say, okay If it looks like this on this side and this on this side then the output is this absolutely insane Um, and it was one of these things that was changed. So literally the nsa suggested I don't remember exactly where of like change these parameters here to these other parameters Uh in this table And so one of the key problems actually why des is no longer around is first the key size was too small. So We we looked at it for uh There's 56 bits. So that means your keys to try our 2 to the 56 Which looks like a large number, right? If I gave you this many dollars, you'd be probably pretty happy Well, I think some of you are like no, I want more Even if I gave you that many cents that'd probably be pretty good I don't have that money to give you just to be clear. This is a hypothetical um, but Remember this was developed in 1975 76 How fast were computers then compared to that computer in your pocket right now? Like not anywhere close like absurdly like Just I don't know. It's hard to overstate how absurdly fast things are now And you can build custom hardware to brute force that so in 1998 the eff built a custom Thing that could crack des keys for 250 000 and it broke can broke could broke Could break a key in two days You think that's impressive further along in 2009 A machine built out of for $10,000 was able to crack it Was able to crack des keys. So this is how like you can see that cryptography changes over time Now what's absurd going back and finishing the story about these magic nsa changes It turns out that this notion there's an area of differential crypt analysis of attacking these systems Which was discovered in the late 1980s, so this was proposed mid 1970s it wasn't until the 1980s that this concept was discovered in by public academia And it was identified that the prior version was vulnerable, but the new version was not So it turns out that so what does this then tell you about what the nsa knew in 1976? The prior das version was already vulnerable. What does that tell you about what the nsa knew? Say again They knew how to do this like 10 years a decade before the public the public knew how to do this And that they actually did fix it So if you were thinking they injected a bug at least to our knowledge for des they did not inject a backdoor into that standard And then there was a new attacks in 1993 of linear crypt analysis So it was finally withdrawn as a standard. And so now the standard is aes the advanced encryption standard This is where somebody was mentioning being on a panel. So I believe this was Um The government created a competition to create the next crypto system to supplant des and there were several different standards They were all evaluated. It was like an open competition of proposing attacks all this kind of stuff But it was standardized in 2001 Uh, yeah, so after a five-year process of evaluation and everything it operates on 128 bit blocks Keys can be either 128 192 or 256 bit and Yeah, so it's actually uh Anyways, you can use it to encrypt secret or top secret information, which is pretty cool and Intel again in the name of making things faster Extended the x86 architecture So you can use assembly instructions to do aes operations on the chip and do it much faster than in software Which is pretty cool. Okay. I am missing slides. Why am I missing slides? Where is my pad? I think I hit a slide. I was not supposed to hide. All right. Let's look Otherwise, I'll just skip over to honor slides Okay We didn't talk about which I want to talk about the most secure crypto system So believe it or not, there is a provably secure. You can never break it crypto system It's actually incredibly simple You could do this the idea is if you have a key that is randomly generated That is the same length as the message I take the key. I XOR with the message and then I send you The cipher text Why can't you break that it's impossible to do statistical analysis the key is as long as the message It's a hundred percent random Which means you have no way of knowing getting the cipher text What that original key is it could have been if you think of each bit as a one like the cipher text is a one or a zero The key could have been has equal probability each bit of being a one or a zero Therefore any if you tried to brute force, it's the exact size of the message You have to try every possible bit combination of your message now What's the problem with that? No modern computers are not that fast because I can send a long message that is is uh A thousand bits and you'd be brute forcing ten to the thousand Yeah, so if I reuse the key Right and I say okay, I send you a message a with the key And then I send somebody else message b with the key because it's xor you can just take message a message b XOR them together to get the key So that's why we it's called a one-time path Which means I use the key for this message and then never use that key ever again when I want to send a new message I have to generate a new random key Now what's the problem there? Yeah, uh, no nothing uses this and here's why because yeah, go ahead How do I deliver the key so the key has to be random as long as the message And I can never reuse it So one thing to think about is why wouldn't I just if I had a secret way to send you this key Why wouldn't I just send you that key? Or send you the message right rather than securely sending you the key. I just here's the message Now maybe we arrange something beforehand and this was actually what uh The military used code books so they would have random just a book of random letters And they would exchange these books And then when they wanted to send a message They'd start at the start Send use those things rip up that page Send the cipher text and the next time they want to send the message use the next page Send the message rip it up next page and so on so they would never reuse it But the problem is sending lots of data is insane because you have to have that amount of secret Random data shared between two parties this allegedly Yeah, so Uh, I don't know if it's should actually look up at this is used anywhere now. I don't think so Yeah, but I like this notion of like actually share pre-sharing this random key between two parties But if you can guarantee it then you can actually guarantee perfect secrecy Um So, uh, yeah, this is the xor fancy xor thing So here we can look at an example. This is a bad key bad bad bad key not random key bad key But we can take the plain text hello world In xor each byte with the key byte And because it's the same length we would get some cipher text and if you didn't know that this key was uh Was a non-ascii string and was random you would actually never be able to like it This is like perfect 100 security. It's impossible to reverse engineer or to to break it And to decrypt it we just do the reverse and it's incredibly easy Okay, I want to do that because let's I want to go over and demo some of the assignments Uh, I haven't set it up. We'll set it up later so that it's uh in your your thing Uh for these ones actually a What do you guys want ssh desktop or I don't even know if I want to offer a fiasco. What? desktop, okay So let's get in here Challenge run Welcome to cryptography. Thank you challenge. Uh in this series of challenges You should be working with various cryptography cryptographic mechanisms In this challenge, you'll decrypt a secret provided with a one-time pad Although simple. This is the most secure encryption mechanism if you could just securely transfer the key. Hey, that's just what we said. That's good Okay, so this is the key It looks something like this. Here's the site cipher text. It looks something like this Why does this look like gibberish? Yeah, it's encoded using the b64 is the hint here. Actually Uh, maybe I should I don't want to do that one. You can do that one This is base 64 encoded So this is a nice way of of sending you data that could be binary random Like a null byte or because after you encrypt something it could have literally random gibberish in it, right? So it's not always ASCII. So this is sent to you in base 64 encoding So we can use the if we wanted to let's look at this secret cipher text base 64 We can of course use our favorite man Look at it encode decode data print to standard output base 64 dash d Now anything I paste in will be whoop. Hello Stop that Okay, so paste this in paste it in paste it third time's the charm paste it in enter control d Ah, I get a bunch of gibberish So I can see what that gibberish looks like by using have stump dash c which I talked about sometime in the past So we can see that these are the bytes that this decodes to a e 47 e b f c 9 e 0 f e c but man, that's like really painful to type in and deal with plus if we needed to interact with this several times if we have a chosen plain text attack where we get to get it to encrypt things We may want to interact with it. So So Let's open up emacs Uh, what's this crypto 2 crypto Okay All right, so okay the one thing I will say I've been Almost all the stuff that we've been doing up till now You don't need to use phone tools to do but it's helpful And so we've been pointing you towards some resources interacting with programs like this is way Way way way helpful to use phone tools It has a lot of really cool built-in mechanisms to interact with another process So and I will say how do you all think about the documentation of scappy? Yeah, you may say what documentation right? That's kind of the joke. Yeah, the documentation is terrible But still scappy is one of the best tools for what it does So that's why you have to use it because it's very or you don't have to but that's why it's very good for what it does Okay We can So I will say so that oh that phone tools Has excellent documentation. This is part of the reason why it's so useful It just has fantastic documentation. You can look at like Any function you're using like I'm going to use process to execute a process and interact with it Yeah, it's got so much cool stuff Uh that you can really like just learn a lot in here. So I'm going to do process So what this is telling phone tools is hey execute this program And I'm going to use this process p to interact with it So I can actually send data to it as if it was coming from standard input from my typing things in I can read from it Which is what I'm going to do it because what I'm going to try to do here Is extract out this key in this cipher text because I need to do x or operations on them These are in base 64 encoding I could do it by hand by doing this by hand Translate this to bytes do the same thing for the key x or them but Again, your computer people you should not be doing things by hand that a computer can do better faster stronger Okay, so I can do p read until uh I want to write up against here So there's cool functions read until that does exactly what it sounds like reads up the standard input up until it gets To that point. Do you need me to increase the font size? Good news. Don't know how Oh, there we go That's the opposite of what I want enhance enhance cool, so read until there And every time you call one of these read until a read line it returns you what it read up until there So if I wanted to get something from there, I do that I don't need to do that And I'll say key b 64 Is equal to p dot read line. So this will read the until the end of the line I think I'm just remembering all this stuff, but all this stuff is in there We can look at what the exact syntax is in the second. Why am I calling this key underscore b 64? Why don't I just call it key? Because it's base 64 encoded and I this will remind me as I'm coding Hey later when I read this program and I have absolutely no idea what it does that Hey, it's actually base 64 encoded before I use it So if I try to decrypt something using this key that I just read that's bad So I could say key is equal to I need to import base 64 64 there is a handy dandy built into python base 64 dot b 64 decode. Okay, let's make sure this worked Key 64 And after that whole rant about how this is useful I messed it up. Okay. Yeah, there we go So this was base 64 key There's my key There's my bytes the b is telling me it's a byte string Now what's the next thing I want to read in? The secret cypher text so I can read up until here Cypher Oops p dot read until p dot read line Cypher The other thing you can do with pwn tools. I think can you do that here? So it's actually insane. I just learned this I think this summer If you just had debugged as like capital letters as one of the arguments or I think you can even do it as One of the arguments here No, you can't do that. So don't do that But pwn tools will so see all this debug output It's showing you the input output of the process as it's interacting with it So it's telling you that it received hex 138 bytes. These are all the bytes are received It received this if I want to send any bytes it will send bytes back and it'll show me what I'm sending and receiving So I can verify that those are what I think they are Pretty cool. So now I have my key and I have my cypher text in bytes. I can do all kinds of stuff so for I in For I in range length of cypher So I can do something like print uh Use a format string and say hex I want to hexed cypher I and then hex cypher Key I So I'm just iterating through the The cypher and the key just printing them out in hex just seeing each of the individual bytes And now I could obviously very easily write code to do the xor And print out that get it into a string whatever and now I can get the flag So this is how you can use this to interact with these programs Because sometimes you may need to make multiple interactions with the process And so you can use this in python to do this rather than doing it by hand because if you do it by hand You have to base 64 and code things as you send things in it just gets to be a nightmare But you have code and libraries and cool stuff to do it for you Questions before I sign off Yes Good question. You'll find out to me a day two days A week Week and a half. I'll just keep going increasing until I see less panic A month We've got other stuff to do All right, thanks everyone