 All right, cool normal class All right new assignment. Yeah So just like you've been doing just like we've been talking about how to break encryptions Now you're gonna actually put that through the test and break some encryption so there's two parts to this assignment and On the website, we'll be able to see your signer text We got to talk about it a little bit I'm not just throwing you to the wall so though. I really like to do that so You've got some encoded ciphertext and the keyword there is encoded. We'll look at this briefly so In this crypto system encrypt and decrypt on the same operation. I will leave this To you to figure out why exactly that is but it's the same function here also Our analysis shows that the encryption function if you input a string depending on the size of your key It could output non printable characters So is that a problem when trying to share secret documents with people? Yes, Mark print out part of maybe if you wanted to let's say this document was stolen from somewhere And so it's some snippet of some text or something So because of that not only does this use encryption. There's also some encoding So what's the difference between encryption and encoding? Encoding is probably known so our encryption algorithm, so it's true true You don't need a key to encode right so encoding is just transforming text from one way to the other Transforming any kind of input from one to the other. So what are some encoding functions that you're aware of already? binary yeah, so 1s and 0s, so that's Ascii so interpreting maybe binary sequence as 8-bit bytes and mapping those bytes to printable characters Sure string reversal reversing a string that would be a way of encoding UTF-8, so UTF-8 is a way of encoding all kinds of characters that extends beyond ASCII and can have multi-byte characters, so you can have 32 bits actually representing one character Yeah, awesome hexadecimal I'd say is the way of encoding an integer you can represent an integer as a hexadecimal number as a deathhole number as a base to binary number Octol number there's different ways of viewing information can be easily translated between one another So this assignment from this crypto scheme specifically uses base 64 as it's encoding Any familiar with base 64? Yeah, so that definitely happens sometimes what other context so band it Yeah Authenticating with a rest API so usually there you're not relying on the base 64 encoding to actually do anything safe But you've generated some random number. There's some part of your crypto scheme that to do that Authentication needs to be encoded so they can be easily translated to a web server, but also base 64 is used a lot actually in not just the web, but also emails I think a lot of emails are Transparenly to you encoded using base 64 Attackments, I think all these kinds of stuff. So it's actually an important thing to kind of be aware of You can use a lot of instances also a lot of great libraries for it. So it's very easy to use So as we see here this so if we know that this has been basic before encoded, then what are we looking at? So we base 64 decode this what will we get? Some string or some a string of what I mean not specifically, but a binary and what in the crypto system? Psycho tax, there should be cyber tax, right? So this should be something that somebody's taken some plain text clear text message They've encrypted it and then they base 64 encoded it and that's what we have here And so your goal is to do what? Get the plain text More generally, that's more important than just this plain text The key right the key is the important thing Cool, you can play and I urge you to play with these so you understand how these work But we can just run through this very briefly so this And I'll leave it to you to kind of go to the details of this specific algorithm but when we Let's see if you take the string test we encrypt it with the key hex 80 And encode that and we get some base 64 output and then to verify that encryption decryption of the same if we take That string that was output decoded With the key hex 80 or decoded and then pass that the encryption function with the key hex 80 print that out We get the value test Make sense, and there's also Java implementation of this and C implementation of this So you can do the C implementation more of a pain because of the basic support Which I took from somebody on open-source thing online So your goal break the encryption and recover the key questions on the high-level goal So good So you will submit a review file that describes what approach you took how you went about breaking it You'll submit the actual key. So for this one you'll submit the key and that's all starting with zero X So the system will do that check verify it and then submit all code you wrote to break the ciphertext. So If just whatever we're not gonna run it It's not we just want to see what kinds of things and what approaches you took to break this It does not you don't have to make something that does this completely automatic if you want to that's great But whatever functions if it's anything you wrote to help you with this project Yeah, so since the pythons of Python 2 are we allowed to convert it to Python? You do whatever you want. These are just to help you I'm not gonna I mean I can try to answer questions, but this is just for you to start from you can Feel free and plenty of whatever crazy language if you want And you have some samples here, and you at least have a standard so that you can verify that your re-implementation actually works. Thank you Yeah, so this should be you know fun, right? We should do this in whatever language you want Part two is a different type of cybertext for the different algorithm So some cybertext here similar thing This time the key is the string one two in this example And it takes the string. This is the test and encrypt it with that key output same in base 64 encoding and Decrypt works exactly the same and there's also a job file and see code same then break the encryption recovery to key Create a reading file a key and all the code used in this one to break the cybertext or break the key questions Nobody's clapping anymore The Java the C in the Python is all exactly the same algorithm implemented in the three languages So it's just so that you have the encryption algorithm and then from there Whatever you do is up to you. I'll be beside the break it you print it out do it on like pen and paper I don't really care it's totally up to you at that point so so they're just Help help you get started so if you're more because I know some people aren't really familiar with Python very much So some of the weird stuff like the horde and char and all those kinds of things I don't want back to get in the way so that way you have three different limitations We're all exactly the same you can look at and get that how that this encryption algorithm works More questions or like three hands up. You'll have that exact same question All right Cool Yeah, don't know you tell me all you get is this basically so or that's up to you to figure out not to guess It is Get back to crypto So to this point we've been studying kind of plastic cryptography, so why do we? Consider these kind of more classical things Yeah, so you can think of that they're old They're created without computers in mind or with a different a much faster type of computer, right? It helps to remember that the old work for computer is somebody who would do like math equations and stuff by hand, right? So like a person was a computer now Machines are much faster than humans at doing that those types of operations, right? So, you know things like we talked about like the Caesar Cypher as a key space of 26 Not really gonna stand up in the days of modern processors, right? So that's why and as this processing power got better and better we started creating modern systems that would Be much more secure than these other schemes So all of these use product cycles and this is actually why we discussed and we looked in detail of Transition and substitution cycles, right? Because at the core of all of these things are just Many and in a very complicated way of all of these operations There's a very long history here you can I believe we have a cryptography course here. Is that true for a level course? Yes, I'm saying nothing. So, okay, yes So you can go learn all about all this kind of cool stuff you know some interesting notable things are part of The allies in World War two were able to break the German enigma machine so that's a very cool kind of story that Has to go into what do you do when you break, you know, there's all kind of interesting stuff of How do you act on information that you've gotten by breaking somebody's encryption because it? Well, because why? Yeah, so you you may indicate to them that You know that you know how to break it, right? So when you act on it if the action is not gonna let's say end the war Right and then that way they know and then that information is no longer valuable who knows what that is gonna do So anyway, there's all sorts of interesting high-level like information theory properties of how do you? Act on that information without letting them know you create a fake trail of evidence so that they say oh They stole this message from some career or something rather than actually broke the encryption huge active still active symmetric encryption is an active Area of development so now I'm talking about so what properties do we want from a? Modern symmetric encryption system Unbreakable define unbreakable that there aren't any Like inherent flaws behind it. Okay, so we want there to we want some probably formal or mathematical guarantees about the security of the system so or on the flip side Absence of a proof that it's correct. We want to not use anything that is known to be incorrect Right, okay. That's one property. What are some other properties? Should be fast. Why do we want to fast? Yeah, well, yeah, you you elaborate Yeah, so speed is actually one of these interesting things and we'll see this in different aspects There are certain type of operation. You actually want to be slow. We'll get to that later But in general right so fast means multiple things right so it means that it is It can be done quickly obviously right but the corollary there is it also uses less CPU and it has less over 10 So if you're a business and you're deciding do I want to encrypt all traffic coming out of my website? If it takes 10 seconds to encrypt a web page, are you gonna do that? I don't hear a resounding no Would you use a website that took 10 minutes 10 seconds to load every page? No, you would definitely not right? So as a business you want to actually you're gonna introduce this you want to be as fast as possible But you also want to be trivial trivially breakable, right? Which is some other stuff so actually as we'll see some of these crypto implementations are actually now Operations that the CPU itself will do like AES. There's a AES on Intel chips so it can do encryption Very very fast one of the properties so fast Right so this has to do with the either size of the key or the key space, right? So how large is the key space if it's only 10 bits? How many keys do you have to try to guess the right key? You want to exhaust that 10 bits? Two to the ten right, which is what? 1024 yeah, it's not very much right it seems like a lot of it got to the 10. Yes, that's a lot even to the 32 is What 4 billion roughly somewhere in there? Right, that's still not a lot especially so this is actually the interesting thing when you have speed as one of the properties But then if the system is very fast then guessing a key becomes very cheap and easy as well Right, so you want your key size to be? huge like that that Or another way to put that is we want the security of the algorithm to rest on the key space Right, which is also another way of saying we don't want ways to break it We want for somebody to break this they would have to guess every possible key And if we can keep the size of the keys long enough that they would have to Compute until the universe is dead in order to break We call that the heat depth of the universe or whatever how many billions of billions of billions of years And we're probably okay like we don't care about that cool So and so an interesting thing actually happened, so then where do you come up with these? encryption algorithms or how do you so we have some properties, so do you just like write some algorithm and then Hope people use it Possibly but that's more on the technical side I don't think more on the like human society wise right so I say I create my own encryption system I'm encrypting all my documents. It's great now. I want to send you a encrypted document Will you be able to read my documents even if I give you the key? Yeah, so there's actually a key aspect here of interoperability Right, we want it to be the case that you can go visit a website No matter what browser you're using or if it's on your phone or your laptop or whatever If it's using encryption, then the page will decrypt properly Right, so these that's actually another thing we want and Will you trust the middle? Yes Everybody Right, so standard is important there right so yeah, so in some sense we kind of all of these what if I gave you an encryption system, I said use this in the box What can I do to that system before I gave it to you? A backdoor so I could maybe Put something in the algorithm that is not obvious that gives me a backdoor into your system Are you just worried about me doing that? Who else are you worried about doing that? Who really wants to read people's private communications? I was at Facebook, maybe you're already giving them all your private communications The government Large organization law enforcement, right? It's actually kind of sadder in a state where companies can get a lot of money off of your private communications But they definitely can from the data they can gather from you so Realizing this essentially So there's been this really interesting contest style approach to creating and standardizing on different encryption algorithms So these are usually government either government sponsored or like a government organization will sponsor a NIST I think is in charge of doing these things Which is they're technically a government. I think they're technically independent, but The reason why people pay attention to this is the government will then say okay We will mandate that all documents use this encryption standard that comes from NIST And so a lot of them cryptographers and mathematicians will submit different types of encryption algorithms It goes through and each of them are evaluated in terms of performance security all these kinds of things It's a multi multi-year process to doing all of this so This is proposed By IBM as a standard for DES for encrypting sensitive and unclassified government information So specifically what this was used for and it was standardized in 1976 Which actually kind of crazy so thinking about how but you can already see the power of Kind of computing systems even back then where they realized the need that this is very clearly going to be a space where we need Better modern encryption algorithms, and we need them standardized so that everyone can use them so Just like we looked at the Well, maybe not just like So most of these algorithms that we look at for symmetric encryptions operate on a block So what does that mean? Exactly so just like the vision air cipher essentially so you have a key size of three Essentially splits the input up into chunks of three and then does an operation on each of them. So similarly most modern Symmetric encryption systems will operate on blocks. So for instance, DES takes in a 64-bit block size So what happens if you have less than 64 bits? Yeah, you have to do something right you can't just give up because then they may be able to search through Take the last block which was only use maybe three bits of plain text or something that could lead to breakage or errors It's still encrypted with the same key So you need to have some way of dealing with that we're gonna ignore that for now But as you get more into this they've actually had problems where because of the padding that's used you can actually break The encryption system by knowing that it was a padding error versus a different air and Specifically DS 56 bit key so how big is that key size? Yeah, I know it's tuned to the 56 What's that 7.2 times 10 to the 16th is that even enough a named number? I don't know. It's a lot. That's pretty big, right? Yeah, so think about that So then Again, this algorithm is standard you go to Wikipedia you can read the description or several open source of limitations It's fundamentally going to operate at the it's gonna make 64 bits And it's gonna take in a key and it's gonna output what? cyber-sex what size? Multiple same size less than What makes sense Yeah, it's 64 minutes, so why not less size lose data why Yeah, so I don't know if this is this isn't the pigeonhole principle is it I don't know. It's just Yeah Right, so we're going bigger. That's the smaller right so think about so we have to be able to turn every possible 64 bit You can think of it as a number, but whatever every possible 64 bits from 64 zeros all the way up to 64 ones every possible combination Needs to be converted with the key into some output that we need to then go backwards Right, so we start with 64 bits and we end up is very easy. We end up with 20 bits Right, so that means every 64 to two to the 64 input size, right There must be the case that two inputs map to the same output There's way less choices So then there's no possible way to be correct that we would have known which one And bigger you can kind of make the same argument in the sense that it's not giving you any additional information Right additional bits are helping you figure out how to go backwards You can think of like Encryption at a very high level does kind of a one-to-one mapping between to the 64 blocks Or 64 blocks and that mapping is always on the key So let's look at it. So essentially like I said that this is why I keep mentioning this It is complicated. So BDS Uses so essentially There are a number of different operations. So the plain text of the block comes in at the top You have the different IP and FPE are different permutations. I mean it's initial permutation and final permutation And so you take the plain text you can permute the bits you then Then there is this complicated operation where the key comes in the key is shifted around and stuff happens and then Then 48 bits for every round. There are 16 rounds. So basically you're doing this operation 16 times And each time you're taking like the upper half of the key the lower half of the key You're running through permutation and then you're out putting 48 bits of the key which then It's passing this function f which is an x-word with the plain text and so on it just keeps happening 16 times So this So this is kind of what I don't see that in the upper right But this is the way that the bits of the key are permuted into the At various stages. So each of these easy one and easy two these are different Permutations of where bits go the point is not to understand or memorize each of these parts. That would be silly and not helpful What's helpful is get an appreciation kind of what's going on at a high level by understanding with these details Then digging in even more So here is One of these F's so we're taking in A half block and a sub key and x-wording it and then all these bits are then being Passed to these x-boxes. There's the S's for substitutions. These are substitution boxes that essentially So the substitution boxes are just like Caesar cypress, right? So the mapping it's changing six bits to Mapping out Permutations where this is not these bits are being moved to different orders. It's being fed back into itself And you can even dig so far as to get into each of these different 8x s boxes And this table tells you this specific box when it's given Zero when the outside bits are zero and one and Inside bits are zero zero one zero the output is four pretty complicated, right? Is it secure? It's not shrug. I think that's probably maybe the best answer. Why is it shrug? Seems secure against you. So how did you how do you verify that to yourself? What are some properties you would use to just I mean not saying prove it mathematically, but how could you maybe? prove that it's or try to demonstrate that it has some Something well, I don't know about demonstrate, but I would see if any large organization still use it Okay, also like herd immunity or like wisdom of the crowds kind of a thing could say the same way to use this anymore What else yeah Multiple things map to like one number Okay, so about that yeah, you're on some shady characters and casual stuff in the conversation No, you are the smart one here. You do it not you don't have sorts of somebody else How do we try breaking the other ciphers and the other methods? So it's a statistics brute force. So we want to brute force it. How what do we need to brute force? The key the key size right the size of the key Right, so we can see we can actually test we can implement des We maybe try to implement it as fast as possible and we can say how long does it take us to do to the 64? Key isn't The key is 56 minutes, but it's extended to 64 minutes There's some operation that was a key extension, but fundamentally that doesn't matter But we can try 256 bits and we can see how fast to see get some notion and some understanding of how fast We would force this You could also check for like collisions, right or if the same Text comes from different keys. Yeah, so you keep track of that like a super computer. Yeah Much more difficult you have to keep track of all the 64-bit mappings Maybe some ways to do it Let's see what are some other things we could do Somebody said statistics, so what about statistics? Yeah, so we can do exactly what we're doing with the cether cipher and the vision air cipher, right? So it's 64 bits is how many characters we just want to think in terms of characters eight Yeah, so you can try the string of eight a's And then quit that with a key and then what we want to see in the outlet what key do you want to use? It was zero. It's just an input zero zero bits For 56 bits and it gives us an output. We'll just call it alpha for right now I don't know what it is. You could run this right very easy to run this algorithm So it's something you'd look for what are the patterns in the text or in the input in the play text It's all the same So well, it's not all the same, right? It's not all ones are all zeroes It's sort of binary at a bit level, right? So then what are these bits for that? So what's what's The same about it I Yeah Okay, so if we think about this input of eight a's this means that The first eight bits are the same It's forty 61 Right each of these eight bit Bites are exactly the same in the input So what would we check about alpha to see if that pattern remains that check for duplicate a big box Yeah, so we just look at the alpha and say okay the first eight bits. Is it a repeating pattern of eight bits Right, because that would be something we would definitely not want I'm fairly Very very confident if it's not What else what else? Yeah, we can try repeating blocks of two bits three bits four bits five bits six bits. Yeah, that's a good idea Yeah, maybe interesting to increment the key by one and see the difference. Yeah, so increment the key by one so think about a Caesar cipher, right? So we'll use DES key of one how many bits change in that input. I'm sorry, not the key How many bits in this key change from zero to one? One and the output is gonna be something else. We'll call it beta So if only if there's only one bit difference between alpha and beta is that a good thing? It'll be bad right because that means there's some relationship. So in a Caesar cipher How does the output change if the input changes by like one or if the key changes by one? You need a direction. Yeah, everything changes, but the same right? So there's a constant offset of everything there. So we basically want there to be no relationship between alpha and beta Right, what would be another test in this same line that we want to do? Yeah, same key and change I would say one bit of the input Capital I don't know. I okay. We'll call it B for right now, but I will be very clear that this is a One bit difference. We've run that through DES. Let's use the key zero again. So we're comparing it to alpha somebody please give me another Greek letter Now when we check Yes, okay, so the key question is do we want that to be the case? Right we we should if the key changes only slightly we should have completely different output and Should be statistically unrelated Right those two outputs a better way to think about it is what we're doing right now with the input text Right if our input text changes by one bit our output our ciphertext should be completely unrelated to alpha There should be no way to get alpha and delta and drive the key or anything like that Okay, yeah, that's a great point so And I can kind of hand with that in some sense where Essentially, these are what all of these operations are doing 16 times So the idea being over here on the right-hand side different parts of the key are being used So like all this is deterministic based on the key So this is all being used but it's different parts of the key are being used in different steps of the operation so that Essentially every bit of the key will they call it diffusion and will diffuse and have a chance of influencing all of the output bits So these are all PC2 are just 40 of its subsets Exactly, which is actually a 52 bit key that they've extended the 64 bits Yeah, so I and this is where I would again tell you I'm not a photographer So how do you analyze this or prove that have these properties? I have no idea. I mean there's math theory papers You can look at this stuff how you analyze this for flaws. I also don't know. I've never done that But there are smart people who do this for a living But I can help to give the intuition behind this is why all so essentially here This is so that if any bits of this key changes That will cause a cascading effect such that all the bits of the output will have a random chance of being flipped And that that shouldn't have it so there's no correlation between Differences in the key and differences in the sector text similar thing happens with the plain text so This is why it's very weird that like You're first taking the first half of the input plain text you take in the plain text You shift all the bits around this first set takes the first half. So that's the on the left hand side It's like crisscrossing motion Right, so that's taking in the first part the left half like the 32 minutes of the plain text Xoring it with the key and I guess we're going to have that next property of X or and that is reversible Right, so when everything here is reversible you can go backwards and everything will just work So here you're taking this stuff you generated from the key so bits from the key You're X or in it with the left side of the plain text And then you take that with the right side of the last round you run it through this function F That is being X or there with the key and then that guy's X or in and he's going over and over so that's this idea of diffusion so and it should be the case that any bit in the plain text gets flipped and The same thing happens where the output ever did the output as an equal chance of getting flipped Well, okay, so we go back here. These are some of the tests we would do Right, we'd also see if so we see if there's any relation. We'd see if there's any And this is something that you could clearly do on your own right because you could tell You could maybe try to do this with the encryption algorithms that you're given in assignment three You can say does this hold like one of these things look like in these two different scenarios So you can see how that works. Well, let's go here first So it turns out that 2 to the 56 is actually too small the same kind of crazy, right? This is Let's see 72 million billion is that right? No 72 billion million billion Actually never tried to say that before Seventy-two thousand trillion yeah, okay, that's another good thing. That's also I think also an equally large Hopefully it's because of the same number so one of the interesting things is this algorithm is easy to implement in hardware so the EFF the was an electronic freedom foundation on the frontier Frontier freedom in there. It's those notes electronic frontier condition So in 1998 right so how long is this after DS was adopted roughly like 20 ish years 22 years from 76 to 98 Built a custom DS cracker for about 250,000 dollars and it would take two days to break the key That's so pretty impressive, right? That's four million dollars Nowadays some of the latest kind of numbers I can find is in 2009. There's a company They call it the co-cabana machine. They made 120 FPGAs. Never know what an FPGA is You'll program will be array basically like programmable hardware, so You could do this for about $10,000 to break an AES key DS sorry The other interesting thing is so Well, we didn't mention and what I briefly mentioned So I kind of lost over a part of this second wall is when we talk about this It was standardized in 76 77 After tweets from the submission after consultation with the NF NSA, so IBM made changes To be yes based on feedback from the NSA So what were they telling them about? Why did they make changes? So could one theory could be they wanted a master key rate, which is one of the problems We said with encryption based on Somebody just hands it to you. How do you know that they don't have so a master key in this case would be one key That's able to be correct all communication or that maybe the key is somehow embedded in the ciphertext So another option would be future proof it in what sense, okay interesting so Yeah, that's a It's more of an engineering concern But yeah, that's and I think that comes up later of like how do you update a crypto system? So as we'll see they keep having contests that have new ones What else was we only two options So here's the interesting thing they The tweaks were public so there was the initial submission by IBM and Then there was the revised version that had these tweaks I think it came out later that the NSA was the one who made the tweaks, but we can assume we know that for now So you would see immediately if the key size was decreased. Yeah No, but you may need that over I Try to think through why but why would the NSA want to change this right? So we talked about answering it back door. We talked about maybe compatibility reasons Maybe they want to make it better Why would they want to make it better? What's the NSA's job? What's their stated job So, you know and Interesting things to think about what I mentioned right is the World War two part of the reason why the allies one is breaking encryption systems, right? so you could think of the NSA as Actually, so they actually have a dual purpose, which is kind of weird. They do have this Mission or statement to get intelligence from other foreign nations But also to actually like secure the US systems right from the same breaking by foreign nationals So interesting, so this is actually caused a lot of like conspiracy theories and speculation of all these reasons of why they would want to do this it turns out that in the late 1980s so roughly a decade after DES was announced, so this was thing of this is crazy an open question Nobody knew why these changes were made for 10 years like a decade and then Cryptographers discovered this concept of differential cryptanalysis Which I I don't The point is that it was discovered in the late 1980s by public Cryptographers and it turns out that the prior version of DES was vulnerable to cryptanalysis differential cryptanalysis But the proposed standard was not So then what does that tell you about the NSA? They knew about it a Decade before possibly more right they had discovered differential cryptanalysis and fix the DES standard so it would not be vulnerable to attacks that they knew about Or one of the attacks that they knew about if you want to get even more in depth with it and This led then to an area of linear cryptanalysis in 1993 Which is a more advanced form of cryptanalysis and it's finally withdrawn as a standard So because it's vulnerable in many ways, so you actually don't need all of these things If this attempts to brute force the key, but there's interesting attacks that you can do I think advantage of these things that allow you to reduce the key-size space. Yeah Yes Interesting so the question is isn't the modern security trend to Go towards maybe disclosing vulnerabilities. So there's a bit of a difference right because there's the Vulnerability in one piece of software versus a design flaw in a cryptographic system that's used by a lot of people So in some sense they did they fixed they actually prevented this vulnerability from being introduced into a public standard Without disclosing their methods for how they were able to find that vulnerability So in some sense It's like having tools and techniques to find vulnerabilities that are not public But then fixing it when you see it in something you care about Right, but of course using it as a weapon and I'm sure to break other systems, right? So yeah, it's kind of it's insane to think about that like they were essentially 10 years ahead of the public sector in terms of research on Cryptography and I mean it makes sense when you think about they're an agency with essentially unlimited budget or who knows I don't I think the budget is classified or it's not publicly known or whatever, right? So if You're making a mission that crypt Cryptography is really important and you dump millions of millions and millions of dollars to really smart people they can do really cool stuff so It's kind of interesting Brown choose example that we have that this actually happened and we have an example of classified probably top-secret knowledge that We like the public academics rediscovered a decade later Okay, we'll go to a yes in a second. But first we need to talk about how to actually use these encryption Systems, right? So if we just think about these as kind of a magic black box What do we give this black box? No, we can't give it text. We can't give it arbitrary text. Well, we're not wrong Let's go back to des so ds is the black box. What do you give it? 64 bits of a block that you want encrypted and then what else 56 bit key 56 bit key, right? So you think about a black box one input is 64 bit block One input is 56 big key And you get something out Does this tell you how to encrypt a 10 megabyte message? No, why? Right, it's too big. It's not in the size of the 64 bit block. It's great if you only ever want to send messages that are 64 bits long Which I don't know maybe that works So we need some way of actually using this in practice, right? And so this is where you get this interesting Um mix of things that we'll talk about where you have If you assume and take for granted that okay, it's underlying symmetric encryption algorithm is secure and safe But you can actually build on top of it in ways that introduce new vulnerabilities So we want to send and specifically we don't want to be limited to sending just 64 bit messages, right? We want to be able to send arbitrarily sized messages. So Here's what's going on 64 bits data 56 big key 64 bit cipher texas output. So what do we do? Why don't you guys you let's Let's help me do it. I have this handy-dandy beautiful encryption algorithm And we'll actually also ignore the padding issue for now We can just ignore that and we got our key Okay, I got a message. Yeah, so you would take your original message Okay divided by 64 you get how many des blocks you need cool. So take my original message. So I have my point text I have a huge message I'm gonna ignore the lock size and say I can it's an even 64 bits. That's great I can split that up into 64 bit chunks All these are 64 bit And then I just run each through its own do I need to change the key? Because that's The entire point, right? You don't want to change the key What are some of the nice things about this? Yeah, so we just have to start talking. So I'm just gonna still draw for a little bit It's still quick. It's quick. Yeah in what sense why? Because I guess it's I think the algorithm's constant time. So it's only bounded by the length of your Message Right and then we have our output. We just concatenate all this cyber text together and then we have all of our Random cyber text cool. Okay, so That goes there that goes there. These are all 64 bit blocks We fade that and then we just re-run this process for decryption to go backwards with the key So not only is this fast we actually also get a really nice parallel effect, right? Because what is the encryption of the second lock dependent? The key and what? It's just and what yeah, there's no external dependencies You can run every single one of these operations in parallel, right? So you have the biggest file whatever you want split it up into 64 bit chunks on a bunch of machines It's happening correct bring it all together and you have your encrypted file modern Systems have whatever well 16 cores, right? You got each core doing this on different chunks of data All good. I have a pretty picture about this. So this is called And this is I hate this thing. Uh, it's called the ecb electronic code book So basically you got your plain text split it up into blocks. I think my drawing is better than just me So the dds gets the block the key cipher text and so on and outputs the cipher text So is this secure or what what are some properties of this? Yeah But we've shown that there will be no relation of the key based on the output so assuming dds is secure Right the output won't be able to go to the output to the key. So the fact that we're reusing the key In that sense doesn't matter Yeah Okay, so yeah, so the key sharing thing we'll still assume that we can't like it's I have a magic one. It's now a secure ds. It's a yes It's whatever advanced magic crypto algorithm symmetric that is not so it doesn't rely on being able to Go backwards like So we talked a little bit about The properties of symmetric crypto systems. So my plain text here is all a's Right, we actually went to this example and here my cipher text would be, uh, alpha Right So now what about this block If this block is all a's It would be alpha y The same with the same the key is the same Right, so it has to be right because the key is exactly the same so the input block is the same as the key And the key is the same the output must be the same Right Now does this tell me What so I see this What does this tell me about the plain text? So if I get cipher text that has Alpha or alpha prime something repeated in two different blocks, what does that tell me about the plain text? Do I wait, let's sorry. Do I know that it's all a's? No, why not? I don't know the plain text and I don't know the key, right? It could be anything, but what do I do know? Yeah It's it's I'd say the first 64 bits are the same as the next 64 bits, right? So I know the blocks are exactly the same So I'm actually leaking information about the plain text in my message, right? So this is what gets crazy. You can take this perfectly secure system Right, I say it's the magic secure symmetric crypto system And you can still have statistical features that persist even after encrypted based on how you use it so In a great example of this this is Where did this this is a really cool example if you take the linux penguin with tux is His or her name That doesn't matter If you take it in a not a jpeg but like a raw image format and you run it through ecd encryption You'll get something that looks like this So why is that is this a good encryption? I think probably Made a camera exactly how it's in it just made actually there's a website you can go check that out But yeah, I don't know exactly how to do that Yeah, yeah, no, no for sure it's it's a Standard encoding Like how let's do it like pixel. I think this is raw exploding. We're basically doing coding And then it's showing that so what is this showing us? So is this would you call this an encrypted image? Why not And you know exactly the content of this image, you know what this image is even though it's encrypted Right, and it's because we're using this ecd mode, which is Very insecure for exactly this reason So how do we do it better? So now I just broke in your quick little awesome scheme. So how do we do it better? In what sense? Interesting. Okay, so we could use we need We need something that's going to give us some kind of randomness, right? We're not necessarily randomness, but something in the sense of We really don't want to just be using that block and this key to output this thing, right Okay, so So Let's take this so you take So the idea is let's take uh these 52 bits here Have these 52 bits be the input to this and you can have these 52 bits be the input here What do we think about this scheme? Good Yeah, so the cipher text is totally for a good cipher text, right? So you actually couldn't break this because you don't know the key But for this block, oh right with the key version scheme Exactly. He's so quick. It's just like I keep going with your idea, right? So we're not going to be using this as a key Right because this is what's publicly known. We have to key What do we take this block and mix it with that block? And then increase it with the key And have essentially so this idea of using the cipher text To modify the next block So So everybody realized the problem with using the cipher text as a key Cipher text is coupling or it could be public very easily Right So what if I took this block and took it here and then Exhaord it with this block use the key here So what that mean? Yeah, well, it's good. It's still reversible because of the xor Yeah, so it's still reversible right once you have the key because it's xor Right, you just do it in a reverse order and you can go backwards Let's see. What are some other Does it matter that this cipher text is public? No, you still need the key You still need the key in order to go backwards, right? And this has been xor with that plain text and the plain text is unknown So now what would happen in the case of that I have plain text of Let's say the first three blocks are all a's So let's walk through this we're going to go we'll take here all a's Same thing. So here the same thing we're going to have alpha as the first block And then we use that xor that here with this block So now the input to des is now different right because we've xored our all of our a's with this cipher text alpha Which is some mildly random sequence of bits We xor that we'll get something else beta and then we take that xor with the third one Delta I think isn't where I'm at with my letters because I'm not very good at counting in Greek Or So even though the plain text of all three of these blocks are exactly the same Now All the outputs will be different So let's Yeah So So here so here we have a's exactly the cipher text right so we've taken the a's we've encrypted them with des so the output is essentially random ones and zeros Right that now we're exploring with all a's which gives us something different, right? So yeah, so at this point if it was all a's here, we would have a major problem But even if it happened to be the plain text I can't do the same like very highly fun like Right So what happened to our efficiency here? Are we still awesomely efficient? No, why not? There's dependency now Yeah, we've introduced this dependency, right? I can't calculate the second block of the cyber text before I've done the first block And I can't do the third block inside of the second block, right? So I have to do them in order because I'm feeding the cipher text of the previous blocking to the next block Yeah, just gonna say Possibly we have to do something like a vision air cipher so you get all the vets that are encrypted I would say in the different block sizes, right? So It's probably better to ignore that now Let's say I okay. Let's say with this scheme. I have Let's say I have a I've captured some cipher text I don't know what the key is but my first Cipher text has the blocks alpha beta and delta And the second one I capture has alpha Whatever But as these letters, so what do I know about the plain text? Do I know anything about the plain text of these messages? The first 64 bits of each are the same Yeah, the first 64 bits of each of these are the same. Why? Yeah, because it's just the alpha des right So if I let's say we're only sending and here's a problem. If I was only sending 64 bit messages Right, I'm gonna say send either buy or sell Then based on whatever happens from my message You can easily see And figure out which one is by which one to sell. Yeah Sure, but what is based on the key you export The plain text with its cells on an apron based on the key That way it's x or prior to going in in the umbrella But even if I'm just still Okay, yes, so the key problem Right, there's no x or operations here the plain text is just going directly into des There's probably a number of ways to try and do this I'll say the way basically the way that is done is create a fake block called the Constanciation vector So create a random 64 block on ones and zeros first Have that be your first block and then that one is public Okay Yeah, what would be bad to x or with the key? Uh, could you get the key from that? Prompt I don't know that's a good question. Uh, this is kind of a standard defense. So I'd say if they're not doing it It's definitely for a reason And so this is a cdc. So cyberblock chaining mode. So now I'd be here. Okay, we'll go over a yes Now we have three minutes. We do this So standard guys in 2001 it took five years to come to a standard on a yes It has a 128 bit block size So is that larger? Why is that useful? So the oh lock size. Yeah, the lock size has no impact on the key size, right Maybe just for less collisions There'll be no collision so there should be no collisions. So we can maybe double our bandwidth. We can encrypt Twice as much in the same amount depending on how much the operation is. Yeah Yeah, so repeated patterns can become less likely, right? These are all anyways The other thing is that it has You actually have a variable key size 128 192 or 256 And this is an interesting part. Uh, this is from The design and strength of all key lengths of the aes algorithm are sufficient to protect classified information up to the secret level So we learned about the levels top secret information will require use of either the 192 or 256 key lengths The implementation of aes and products intended to protect national security systems and information Must be reviewed and certified by the NSA prior to their acquisition and use, right? So interesting things here. This is literally top secret standard Encryption mechanism. So this is what the government is using to encrypt these systems The NSA has the ability to review these And as I mentioned intel actually extended the x86 instruction set to put this capability on chip So you can do aes operations on the cpu. They are super super fast We will go over we talked about this before