# Lecture 17, May 8

Due: Homework #3, due May 13, 2013

Discussion Problem. The following is a passage from Sun Tsu’s book The Art of War:

There are three ways in which a sovereign can bring misfortune upon his army:
By commanding the army to advance or retreat, being ignorant of the fact that it cannot obey. This is called hobbling the army.
By attempting to govern an army in the same way as he administers a kingdom, being ignorant if the conditions that obtain in an army. This causes restlessness in the soldiers’ minds. Humanity and justice are the principles on which to govern a state, but not an army; opportunism and flexibility, on the other hand, are military rather than civic virtues.
By employing the officers of his army without discrimination, through ignorance of the military principle of adaptation to circumstances. This shakes the confidence of the soldiers.

Sun Tzu, The Art of War, Delta Publishing, New York, NY 10036 (1983) pp. 16–17

Does this apply to an organization with computers that are under attack, or are expected to be attacked? How?

Lecture outline.

1. Classical Cryptography
1. Monoalphabetic (simple substitution): f(a) = a + k mod n
2. Example: Caesar with k = 3, RENAISSANCEUHQDLVVDQFH
3. Polyalphabetic: Vigenère, fi(a) = a + ki mod n
4. Cryptanalysis: first do index of coincidence to see if it is monoalphabetic or polyalphabetic, then Kasiski method.
5. Problem: eliminate periodicity of key
2. Long key generation
1. Autokey cipher:
M = THETREASUREISBURIED
K = HELLOTHETREASUREISB
C = ALPEFXHWNIIIKVLVQWE
2. Running-key cipher
M = THETREASUREISBURIED
K = THESECONDCIPHERISAN
C = MOILVGOFXTMXZFLZAEQ
wedge is that (plaintext, key) letter pairs are not random (T/T, H/H, E/E, T/S, R/E, A/O, S/N, etc.)
3. Perfect secrecy: when the probability of computing the plaintext message is the same whether or not you have the ciphertext
4. Only cipher with perfect secrecy: one-time pads; C = AZPR; is that DOIT or DONT?
3. Product ciphers: DES, AES
4. Public-Key Cryptography
1. Basic idea: 2 keys, one private, one public
2. Cryptosystem must satisfy:
1. Given public key, computationally infeasible to get private key;
2. Cipher withstands chosen plaintext attack;
3. Encryption, decryption computationally feasible (note: commutativity not required)
3. Benefits: can give confidentiality or authentication or both
5. Use of public key cryptosystem
1. Normally used as key interchange system to exchange secret keys (cheap)
2. Then use secret key system (too expensive to use public key cryptosystem for this)

 You can also obtain a PDF version of this. Version of May 6, 2013 at 10:41PM