6 - 1
Introduction to Encryption II – SANS GIAC LevelOne
©2000, 2001
1
SANS GIAC LevelOne
Security Essentials
Introduction to Encryption II
Hello, the primary author of this course is Harish Bhatt with updates by Stephen Northcutt and Eric
Cole. This is the second of two of the most important classes we have the privilege to teach as part
of GIAC. In the first course, we went on a quick tour of some of the important issues and concepts
in the field of cryptography. We saw that encryption is real, it is crucial, it is a foundation of so
much that happens in the world around us today --and, most of it in a manner that is completely
transparent to us.
I guess you know that one of SANS’ mottos is to never teach anything in a class which the student
can’t use at work the next day. One of our goals in this course is to help you be aware of how
cryptography operates under the covers in some of the major cryptosystems which are used on a
24x7 basis in our world. Along the way, we’ll share some hard-earned pragmatic lessons we’ve
learned, and hope that our experience will be of help to you.
Enjoy!
6 - 2
Introduction to Encryption II – SANS GIAC LevelOne
©2000, 2001
2
Why Do I Care About Crypto?
U.S. Dept. of Commerce
no longer supports DES...
Distributed Denial of Service
attack daemon found to be
protected by “blowfish”
--a DES-like block cipher...
National Institute of Standards

and Technology (NIST) is
leading the development of AES
--the replacement for DES...
Mobile Code
Communications in the presence of adversaries…
Confidentiality !
!!
! Integrity !
!!
! Authentication !
!!
! Non-Repudiation
Insecure Global Networks
Privacy
The Internet
E-Business
E-Commerce
Smart Cards
“Alice” “Bob”
“Adversary”
Digital Signatures
Public Key Infrastructure (PKI)
Digital Certificates
Without cryptography there is no e-business, no viable e-commerce infrastructures, no military
presence on the Internet and no privacy for the citizens of the world. There are numerous and
continually increasing everyday instances in which we encounter cryptosystems at work and at play,
often without even realizing it. The underlying cryptographic infrastructure actually works so well
that we only take notice when it is absent, or implemented incorrectly!
When you use a secure mobile telephone, all communications between you and the party on the
other end are rapidly encrypted and decrypted on the fly, so that any eavesdropper will not be able to

listen in on your conversation. Every once in a while we hear how the confidential communication
of a public figure was intercepted and his or her privacy compromised. Yet another example of not
using cryptographically enabled products.
One of the more important emerging applications of cryptographically-enabled communications is at
e-commerce-enabled web sites on the Internet and the World Wide Web. When supported with an
enterprise-wide Public Key Infrastructure (PKI) a whole suite of new and innovative products and
services is instantly enabled. Today, this is leading to new business opportunities, new capabilities
being delivered to consumers, new functionality provided by organizations to their shareholders,
fundamental changes in the way entire industries function, new legislation, tapping into global
opportunities…
6 - 3
Introduction to Encryption II – SANS GIAC LevelOne
©2000, 2001
3
• Concepts in Cryptography
• Secret (Symmetric) Key Systems
–Triple-DES
–AES
• Public (Asymmetric) Key Systems
–RSA
–ECC
Course Objectives
We begin this course by examining the conceptual underpinnings behind major cryptosystems that
are in use today. In particular, we’ll look at Triple-DES which is a good alternative for the now
obsolete DES algorithm, which is officially no longer considered to be secure. Next, we’ll stop by
for a quick status update on the development activity that is currently underway throughout the
global cryptographic community in connection with the new Advanced Encryption Standard
(AES).
Our next stop will be the RSA algorithm, which is a widely implemented public key cryptographic
algorithm, and which came off-patent in September 2000. We’ll perform an exercise in which we’ll

walk through a highly simplified version of the mathematical mechanism upon which the RSA
algorithm is based.
We’ll wrap up this course by considering the characteristics of emerging Elliptic Curve
Cryptosystems (ECC), which are rapidly growing in popularity due to the proliferation of such
devices as PDAs, mobile telephones, information appliances, ATMs, and smart cards.
All right. Enough of the big picture. Let’s dive right into it…
6 - 4
Introduction to Encryption II – SANS GIAC LevelOne
©2000, 2001
4
• What if…
– we can find a mathematical “problem”
that exhibits characteristics of one-way
functions (with trapdoors)?
– or, as mathematicians would prefer to say,
a problem that is “impossible” to solve in
polynomial time?
Concepts in Cryptography 1
• Probability Theory
• Information Theory
• Complexity Theory
• Number Theory
• Abstract Algebra
• Finite Fields
• Hmm…
– we could use it to build a new cryptosystem!
Confidentiality Integrity of Data
Authentication Non-Repudiation
You’ll recognize the four important characteristics of cryptosystems that are at the top of this slide:
Confidentiality, Integrity of Data, Authentication, and Non-Repudiation. We covered this

material in Encryption I. OK. So we know that these are important characteristics that any good
cryptosystem must have. But, how do we go about actually constructing such a cryptosystem?
Where do we begin?
Mathematics comes to our rescue. In general, there are many fields in mathematics that contain
concepts that could prove to be useful as we seek to build a cryptosystem. Specifically, we find that
the following branches of mathematics are particularly rich in ideas we could use: Probability
Theory, Information Theory, Complexity Theory, Number Theory, Abstract Algebra, and Finite
Fields.
In Encryption I, we were introduced to one-way mathematical functions. We saw how such
functions which have “trapdoors” have interesting properties that could prove to be useful in
cryptography. We are using the term “trapdoor” to refer to a way to decrypt a message using a
different key. So with public key cryptography, one would encrypt the message with a public key.
The “trapdoor” would be the corresponding private key that would be used to decrypt or retrieve the
message. If the one-way function deals with a “hard” mathematical problem – one that is impossible
to solve in polynomial time – then it could be used to make things very difficult for any adversary
who might be eavesdropping on our communications over an insecure public network like the global
Internet. At the same time, the existence of a “trapdoor” could be used to provide an easy solution to
the “intractable” problem for use by the sender and/or the recipient. Hmmm...
6 - 5
Introduction to Encryption II – SANS GIAC LevelOne
©2000, 2001
5
Concepts in Cryptography 2
Tractable Problems
“Easy” problems. Can be solved in polynomial
time (i.e. “quickly”) for certain inputs
Examples:
• constant problems
• linear problems
• quadratic problems

•cubic problems
Intractable Problems
“Hard” problems. Cannot be solved in polynomial
time (i.e. “quickly”)
Examples:
• exponential or super-polynomial problems
• factoring large integers into primes (RSA)
• solving the discrete logarithm problem (El Gamal)
• computing elliptic curves in a finite field (ECC)
Computational Complexity deals
with time and space requirements for
the execution of algorithms.
Problems can be classified as
tractable or intractable.
This is exactly the
class of problems
we are looking for!
Following this train of thought, let’s see what hard or intractable problems are already well known
in mathematics. These problems just might provide us with the building blocks upon which we
could build our cryptosystem.
Computational complexity is a branch of mathematics which studies time and space requirements
for the execution of algorithms. It classifies problems as either tractable (easy to solve) or
intractable (hard to solve). This is really neat, because its exactly what we’re looking for.
It turns out that there are many well known intractable problems – the class of problems we’re
interested in. These exponential or super-polynomial problems are “hard” problems which cannot
be solved in polynomial time (i.e., quickly). Actually, it is more accurate to say that these problems
are believed to be intractable by the worldwide mathematical community that is active in researching
issues in the field of computation complexity.
Three well known examples of intractable problems include: factoring large integers into their two
prime factors (the basis for RSA); solving the discrete logarithm problem over finite fields (the basis

for ElGamal); and computing elliptic curves over finite fields (the basis for Elliptic Curve
Cryptosystems).
Now, let’s examine each of these three important classes of intractable problems in greater detail, as
each one of them forms the basis of important cryptosystems that are widely used all over the world
today.
6 - 6
Introduction to Encryption II – SANS GIAC LevelOne
©2000, 2001
6
Concepts in Cryptography 3
Example: RSA
• based on difficulty of
factoring a large integer
into its prime factors
• ~1000 times slower
than DES
• considered “secure”
• de facto standard
• patent expires in 2000
An Example of an Intractable Problem...
Difficulty of factoring a large integer into its two
prime factors
• A “hard” problem
• Years of intense public scrutiny
suggest intractability
• No mathematical proof so far
Every middle school student knows how to factor integers. So, given an integer 15, they can
immediately respond that the integer factors are 1x15 and 3x5. Easy enough! So why is this a hard
problem? Why is it on our list of intractable problems?
It turns out that the key here – no pun intended – is the word “large.” Factoring a large integer into

its prime factors is decidedly non-trivial. In fact, there is no easy solution to the problem. This is
the general consensus of the global community that actively researches such mathematical topics. It
is important to note, however, that there is no unequivocal mathematical “proof” that this problem
cannot be solved easily. It’s the years of public scrutiny of the problem that leads us to conclude that
it is a hard problem which cannot be solved in polynomial time.
For our purposes, this is good enough to build a cryptosystem upon. Actually...that’s already been
done! The most widely used example is the RSA algorithm, which takes advantage of the
intractability of the integer factorization problem to build the public key (asymmetric)
cryptosystem which is widely used throughout the world.
How about some of the other intractable problems we found from our brief survey of the field of
mathematics? Can they also be used to construct cryptosystems?
Great question! Glad you asked.
6 - 7
Introduction to Encryption II – SANS GIAC LevelOne
©2000, 2001
7
Concepts in Cryptography 4
Examples
• El Gamal encryption
and signature schemes
• Diffie-Hellman key
agreement scheme
• Schnorr signature
scheme
• NIST’s Digital Signature
Algorithm (DSA)
Another Intractable Problem...
Difficulty of solving the discrete logarithm problem
--for finite fields
• A “hard” problem

• Years of intense public scrutiny
suggest intractability
• No mathematical proof so far
• The discrete logarithm problem
is as difficult as the problem of
factoring a large integer into its
prime factors
Another intractable problem that appears to have useful properties that we can use to build a
cryptosystem upon is the difficulty of solving what is known as the discrete logarithm problem for
finite fields. The mathematics behind this type of problem are complex and we will not attempt an
explanation of the working mechanism in this brief course.
It turns out that there is no easy solution to this problem either. Again, this is the general consensus
of the global community that actively researches such mathematical topics. It is important to note,
however, that there is no unequivocal mathematical “proof” that this problem cannot be solved
easily. It’s the years of public scrutiny of the problem that leads us to conclude that it is a hard
problem which cannot be solved in polynomial time.
But, how does it compare with the previous intractable problem we looked at – the factorization of
large integers into their two prime factors? There is evidence that the discrete logarithm problem is
just as difficult.
So, we should be able to use this problem in building a cryptosystem? Right? Absolutely!
Again...that’s already been done! The following cryptosystems are all built upon the intractability of
the discrete logarithm problem over finite fields: the ElGamal encryption and signature schemes,
the Diffie-Hellman key agreement scheme, the Schnorr signature scheme, and the Digital
Signature Algorithm (DSA) by the U.S. Department of Commerce’s National Institute of Standards
and Technology (NIST).
6 - 8
Introduction to Encryption II – SANS GIAC LevelOne
©2000, 2001
8
Concepts in Cryptography 5

Examples
• Elliptic curve El Gamal
encryption and signature
schemes
• Elliptic curve Diffie-Hellman
key agreement scheme
• Elliptic curve Schnorr
signature scheme
• Elliptic Curve Digital
Signature Algorithm
(ECDSA)
Yet Another Intractable Problem...
Difficulty of solving the discrete logarithm problem
--as applied to elliptic curves
• A “hard” problem
• Years of intense public scrutiny
suggest intractability
• No mathematical proof so far
• In general, elliptic curve
cryptosystems (ECC) offer
higher speed, lower power
consumption, and tighter code
Now, let’s take a quick look at yet another class of intractable problems. This one involves the
difficulty of solving the discrete logarithm problem (we just discussed it in the previous slide) as
applied to elliptic curves.
So, how does this class of intractable problem compare with the previous intractable problem we’ve
looked at – the factorization of large integers into their two prime factors, and solving the discrete
logarithm problem over finite fields? Very well, thank you! And…it has a number of very attractive
features to boot. Features that include high security levels even at low key lengths, high speed
processing, and low power and storage requirements.

These characteristics are very useful in crypto-enabling the many new devices that are rapidly
appearing in the marketplace, e.g. mobile telephones, information appliances, smart cards, and even
the venerable ATMs. Of course it has been broken a few times so they are still working on this one.
6 - 9
Introduction to Encryption II – SANS GIAC LevelOne
©2000, 2001
9
Voila! We Can Now Build...
Hash
Digital
Signature
Original
Document
----------
Ciphertext
or
plaintext
Original
Document
----------
Ciphertext
or
plaintext
Digital
Signature
Hash
Hash
“Alice” first creates a Hash of the Original
Document. Next, she encrypts the Hash
with her Private Key

to generate a Digital
Signature. Finally, she transmits the
Original Document and the Digital
Signature to “Bob.”
“Bob” first creates a Hash of the Original
Document. Next, he decrypts the Digital
Signature with Alice’s Public Key to
regenerate the Hash that Alice originally
created. Finally, he compares the two
Hashes. A match indicates the Original
Document was not tampered with.
Bob compares
the two hashes
Hash
Algorithm
Same
Hash
Algorithm
Alice encrypts
with her
Private Key
Bob decrypts
with Alice’s
Public Key
Authentication!
Non-Repudiation!
Integrity of Data!
Confidentiality!
Communications in the presence of adversaries…
Confidentiality !

!!
! Integrity !
!!
! Authentication !
!!
! Non-Repudiation
We started out by noting that communicating in the presence of adversaries meant constructing a
cryptosystem that was capable of providing support for important requirements such as
Confidentiality, Integrity of Data, Authentication, and Non-Repudiation. We briefly examined some
of the well known intractable mathematical problems which could be used as building blocks upon
which to construct our cryptosystem.
But how do we make the connection between complex and abstract mathematical concepts, to
crypto-enabled products we use routinely every day of our lives?
While each type of cryptosystem addresses the specific details in its own unique way, the
fundamental concepts behind the working crypto-mechanism that actually delivers the functionality
that makes it possible to support Confidentiality, Integrity of Data, Authentication, and Non-
Repudiation are fundamentally quite similar.
This “big picture” slide puts it all together from the perspective of a message being sent by Alice
over an insecure public network (like the global Internet) to Bob. Please study this slide carefully for
a few moments, and trace the working mechanism that is at the foundation of many cryptosystems.
See for yourself exactly how the users of the cryptosystem are able to tap into the Confidentiality,
Integrity of Data, Authentication, and Non-Repudiation services that are supported by the
cryptosystem.
6 - 10
Introduction to Encryption II – SANS GIAC LevelOne
©2000, 2001
10
Exercise
Mix-n-Match Game: Can you pair them up?
1. Authentication A. Used in generating a digital signature

2. Diffusion B. Ciphertext does not yield any information about the
plaintext
3. Confidentiality C. Validate identity of a person or entity
4. Perfect Forward Secrecy D. Property of a cryptosystem that makes it
technically
impossible for a person or entity to fraudulently claim
that it did not participate in a cryptographically-enabled
transaction
5. Data Integrity E. Any relationship between the ciphertext and the plaintext
is obscured
6. Hash Function F. Guarantee that messages have not been tampered with
7. Confusion G. Dissipate patterns and redundancies in the plaintext
8. Non-Repudiation H. Prevent unauthorized parties from eavesdropping
All right, now. It’s time to get warmed up for the upcoming mathematical exercise on the
mechanism of the RSA algorithm. Let’s play the Mix-n-Match Game!
On the left hand side of this slide we have eight important concepts that are of significance in
cryptography. On the right hand side of the slide, we have a description of these important concepts.
The only problem is that they are not listed in the same order as the concepts on the left hand side.
Your job is to mix-n-match the concepts on the left, to the descriptions on the right. If you have the
ability to pause your audio, please pause and work on this exercise. If you do not have the ability to
pause your audio,, just go on to the next slide and we will tell you the answers.
6 - 11
Introduction to Encryption II – SANS GIAC LevelOne
©2000, 2001
11
How Did You Do?
Mix-n-Match Game: The Answers...
1. Authentication C. Validate identity of a person or entity
2. Diffusion G. Dissipate patterns and redundancies in the plaintext.
Permutation operations are often used to introduce diffusion.

3. Confidentiality H. Prevent unauthorized parties from eavesdropping
4. Perfect Forward Secrecy B. Ciphertext does not yield any information about plaintext
5. Data Integrity F. Guarantee that messages have not been tampered with
6. Hash Function A. Used in generating a digital signature
7. Confusion E. Any relationship between ciphertext and plaintext is obscured.
Substitution operations often used to introduce confusion.
8. Non-Repudiation D. Property of a cryptosystem that makes it
technically
impossible for a person or entity to fraudulently claim that
it did not participate in a cryptographically-enabled
transaction
OK. It’s time to see how we did on the Mix-n-Match Game…
Most of the above cryptographic concepts should have been familiar to you from Encryption I, and
also from our discussion earlier in this course. However, there were probably three new
cryptographic concepts that you might not have been familiar with: Perfect Forward Secrecy,
Diffusion, and Confusion. Take a look at the descriptions above to see what they mean.
As you review these concepts, keep in mind the context within which we are operating in a typical
cryptographic scenario. We are communicating in the presence of adversaries, and we want to make
sure that the cryptosystem we are using supports our requirements for Confidentiality, Integrity of
Data, Authentication, and Non-Repudiation.
Take about a minute to review and brush up on the above concepts.
All right. Time to move on...
6 - 12
Introduction to Encryption II – SANS GIAC LevelOne
©2000, 2001
12
Milestones in Cryptography
Index of Coincidence
(Friedman, 1918)
Vernam Cipher

(Vernam, 1926)
Secure Communications
(Shannon, 1949)
Lucifer Cryptosystem
(Feistel, 1974)
Public-Key Cryptography
(Diffie and Hellman, 1976)
RSA
(Rivest, Shamir, Adleman, 1978)
Public-Key Encryption
(Rabin, 1979)
Public-Key Encryption & Signature
(ElGamal, 1985)
Elliptic Curve Cryptography
(Miller, 1986 & Koblitz, 1987)
ECA: Elliptic Curve Algorithm
(Lenstra, 1987)
Differential Cryptanalysis
(Biham and Shamir, 1993)
X.509 v3 Digital Certificates
(ITU-T, 1993)
Linear Cryptanalysis
(Matsui, 1994)
AES: Advanced Encryption Standard
(sponsored by NIST, finalist selected.)
Origins of Cryptography
(traced as far back as 4000 years!
Key-Exchange Method
(Diffie and Hellman, 1976)
DES: Data Encryption Standard

(U.S. FIPS-46, 1977)
Public-Key Cryptography
(Merkle, 1978)
...
…built upon
the work of
giants!
We noted earlier in our discussion that a number of mathematicians and researchers had made
important contributions, over the years, to the advanced mathematical ideas that serve as the
foundation of many widely used cryptosystems in use today. We also noted that each of the three
classes of intractable problems we discussed had been successfully employed as building blocks for
constructing cryptosystems.
There is a long, rich history behind modern cryptosystems. This slide lists a few (by no means, all!)
of the leading cryptographers whose work and ideas have been successfully incorporated into
everyday products that we use on a routine basis. Modern day cryptosystems are truly built upon the
work of giants!
The mathematics behind cryptosystems is invariably abstract and can be highly complex. The
process of developing new cryptographic algorithms works best when the attention of the entire
global cryptographic community can be focused on the development activity. It is generally
acknowledged that openness to intense scrutiny by the global cryptographic community in the
development process of new cryptographic algorithms is the most effective way to achieving
algorithms that can be trusted to serve at the foundation of our growing ecommerce infrastructure.
The U.S. Department of Commerce’s NIST has done just that as it selected the finalist for the
Advanced Encryption Standard (AES).