classical encryption techniques · classical encryption techniques computer security dept. of...

Classical Encryption

Techniques Computer Security

Dept. of Computer Science,

College of Computer and Information Sciences

King Saud University

Prepared by Yuan Tian

Outline

• Symmetric Encryption Principles

• Classical Substitution Ciphers

• Classical Transposition Ciphers

Types of ciphers

• Symmetric cipher

– Called “conventional, secret-key, or single-key”

– Use of the same key between sender and receiver

– The only type of cryptography, prior to invention of public-key in 1970’s

• Asymmetric cipher

– Called, “public-key or 2-keys”

– Use of different keys for encryption and decryption

Symmetric Encryption Principles

• An encryption scheme has five ingredients:

– Plaintext (input to encryption algorithm)

– Encryption algorithm (substitution & transposition)

– Secret Key (input to encryption algorithm)

– Ciphertext (result of encryption)

– Decryption algorithm (reverse of encryption algorithm)

• Security depends on the secrecy of the key, not the

secrecy of the algorithm

Symmetric Encryption Principles

X

Y = E[K,X]

Transmitted

ciphertext

X = D[K,Y]

Plaintext

input

Plaintext

output

Secret key shared by

sender and recipient

Secret key shared by

sender and recipient

Encryption algorithm Decryption algorithm (reverse of encryption algorithm)

Simplified Model of Symmetric Cipher

Two Requirements of Symmetric Encryption

• A strong encryption algorithm:

Unable to decrypt ciphertext or discover the key,

though algorithm and plain/ ciphertext are known to

the opponents.

• The secret key:

Obtained and kept in a secure way for only the sender

and receiver

Characterizing Cryptographic Systems

• Operations used for encryption:

– Substitution replace one element in plaintext with another

– Transposition re-arrange elements

– Product systems multiple stages of substitutions and transpositions

• Number of keys used:

– Symmetric sender/receiver use same key (single-key, secret-key,

shared-key, conventional)

– Public-key sender/receiver use different keys (asymmetric)

• Processing of plaintext:

– Block cipher process one block of elements at a time(typically 64

or 128 bits)

– Stream cipher process input elements continuously (bit-by-bit or

byte-by-byte)

Cryptanalysis and Brute-Force Attacks

• Objective of attacker: recover key (not just message)

• Approaches of attacker:

– Cryptanalysis Exploit characteristics of algorithm to deduce

plaintext or key

– Brute-force attack Try every possible key on ciphertext until

intelligible translation into plaintext obtained

• If either attack finds key, all future/past messages are

compromised

Cryptanalysis

• The process of attempting to discover the plaintext

or key or both.

• The strategy of cryptanalysis depends on the nature

of encryption scheme and the information available

to the cryptanalyst

• Types of cryptanalytic attacks:

– Ciphertext only

– Known plaintext

– Chosen plaintext

– Chosen ciphertext

– Chosen text

Types of Cryptanalytic Attacks

Type of Attack Known to Cryptanalyst

Ciphertext only • Encryption algorithm • Ciphertext to be decoded

Known plaintext • Encryption algorithm • Ciphertext to be decoded • One or more plaintext-ciphertext pairs formed with the secret key

Chosen plaintext

• Encryption algorithm • Ciphertext to be decoded • Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with the secret key

Chosen ciphertext

• Encryption algorithm • Ciphertext to be decoded • Purported ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key

Chosen text

• Encryption algorithm • Ciphertext to be decoded • Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with the secret key • Purported ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key

Measures of Security

• Unconditionally Secure

– Ciphertext does not contained enough information to derive

plaintext or key

– One-time pad is only unconditionally secure cipher (but not very

practical)

• Computationally Secure

If either:

– Cost of breaking cipher exceeds value of encrypted information

– Time required to break cipher exceeds useful lifetime of encrypted

information

• Hard to estimate value/lifetime of some information

• Hard to estimate how much effort needed to break cipher

Average time required for exhaustive key search

Key Size (bits)

Number of Alternative Keys

Time required at 106 Decryption/µs

32 232 = 4.3 x 109 2.15 milliseconds

56 256 = 7.2 x 1016 10 hours

128 2128 = 3.4 x 1038 5.4 x 1018 years

168 2168 = 3.7 x 1050 5.9 x 1030 years

Basic Terminology (1/2)

• plaintext - the original message

• ciphertext - the coded message

• cipher - algorithm for transforming plaintext to ciphertext

• key - info used in cipher known only to sender/receiver

• encipher (encrypt) - converting plaintext to ciphertext

• decipher (decrypt) - recovering plaintext from ciphertext

• cryptography - study of encryption principles/methods

• cryptanalysis (codebreaking) - the study of principles/ methods of deciphering ciphertext without knowing key

Basic Terminology (2/2)

• secret key: A secret key is used to set some or all of the various parameters used by the encryption algorithm.

• Cryptology: the field of both cryptography and cryptanalysis

• block cipher: A block cipher processes a block of input data at a time and produces a ciphertext block of the same size.

• stream cipher: A stream cipher encrypts data on the fly, usually one byte at a time

• brute-force attack: A block cipher processes a block of input data at a time and produces a ciphertext block of the same size.

• key space: The total number of all possible keys that can be used in a cryptographic system

Types of Classical Ciphers

• Substitution ciphers

• Permutation (or transposition) ciphers

• Product ciphers

Classical Substitution Ciphers

• Letters of plaintext are replaced by other

letters or by numbers or symbols

• If plaintext is viewed as a sequence of bits,

then substitution involves replacing

plaintext bit patterns with ciphertext bit

patterns

Caesar Cipher

• The earliest known substitution cipher used by

Julius Caesar

• Replacement of each letter with the 3rd letter

down from the alphabet

- E(p)=(p+3) mod 26, p : a plaintext letter

- example: plaintext: a r e y o u r e a d y

ciphertext: DUH BRX UHDGB

What’s the key?

Caesar Cipher

• Can define transformation as: a b c d e f g h i j k l m n o p q r s t u v w x y z

D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

• Mathematically give each letter a number

• Then Caesar cipher is generalized as below:

– C = E(p) = (p + k) mod (26)

– p = D(C) = (C – k) mod (26)

a b c d e f g h i j k l m

0 1 2 3 4 5 6 7 8 9 10 11 12

n o p q r s t u v w x y z

13 14 15 16 17 18 19 20 21 22 23 24 25

Cryptanalysis of Caesar Cipher

• Three important characteristics

- The encryption / decryption algorithm are known

- There are only 25 keys to try

- The language is known and easily readable

• A brute force search easily performed

- given a ciphertext, just try all the 25 possible keys

- e.g., break ciphertext "GCUA VQ DTGCM"

Monoalphabetic Ciphers

• A dramatic increase in the key space by an arbitrary

substitution.

– Any letter substituted by any letter.

– Then 26!(› 4*1026 ) possible keys.

– Likely to effectively eliminate brute-force techniques.

– plaintext letters: a b c d e f .....

– substitution letters: t h i j a b .....

Monoalphabetic Ciphers

• A dramatic increase in the key space by an arbitrary

substitution.

– Any letter substituted by any letter.

– Then 26!(› 4*1026 ) possible keys.

– Likely to effectively eliminate brute-force techniques.

plaintext letters: a b c d e f .....

substitution letters: t h i j a b .....

– But, the characteristics of this algorithm are similar to Caesar

cipher.

– Known algorithm and language.

Cryptanalysis of Monoalphabetic Ciphers

• Use the relative frequency of letters in English text.

– For single letter : e, t, r, n, i, o, a, s, d

– For digraphs : th,

– For trigraphs : the,

• A powerful tool

– Start with the frequency of digraphs

– Then replace the letter adjacent to the digraph with

a letter appropriate for the frequency of single letter

– Repeat the above steps

23

Monoalphabetic Ciphers

Figure 1 shows the relative frequencies for the letters of the

English alphabet in a sample of English text.

Cryptanalysis of Monoalphabetic Ciphers

Relative frequency of Letters in EnglishText

Letter

Relative

Frequency

(%)

Letter

Relative

Frequency

(%)

Letter

Relative

Frequency

(%)

E 12.75 L 3.75 W 1.50

T 9.25 H 350 V 1.50

R 8.50 C 3.50 B 1.25

N 7.75 F 3.00 K 0.50

I 7.75 U 3.00 X 0.50

O 7.50 M 2.75 Q 0.50

A 7.25 P 2.75 J 0.25

S 6.00 Y 2.25 Z 0.25

D 4.25 G 2.00

Cryptanalysis of Monoalphabetic Ciphers

• Try to break the ciphertext as below:

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEP

HZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFP

OMBZWPFUPZHMDJUDTMOHMQ

Relative frequency of Letters in CipherText

Letter

Relative

Frequency

(%)

Letter

Relative

Frequency

(%)

Letter

Relative

Frequency

(%)

Letter

Relative

Frequency

(%)

Letter

Relative

Frequency

(%)

P 13.13 H 5.83 F 3.33 B 1.67 C 0.00

Z 11.67 D 5.00 W 3.33 G 1.67 K 0.00

S 8.33 E 5.00 Q 2.50 Y 1.67 L 0.00

U 8.33 V 4.17 T 2.50 I 0.83 N 0.00

O 7.50 X 4.17 A 1.67 J 0.83 R 0.00

M 6.67

The Example of Cryptanalysis

• At a first step, compare the relative frequency of

letters in ciphertext with the standard frequency

distribution for English. – This example is a relatively short message with no

assurance of exact match

– P and Z seems the equivalents of plain letters e ant t

– S,U,O,M are probably in the set of {r,n,i,o,a,s}

• Pairs of adjacent characters are referred to as digrams, and triples of characters

as trigrams

• The most frequently occurring trigrams ordered by decreasing frequency are:

the and ent ion tio for nde .....

Cryptanalysis of Monoalphabetic Ciphers

Table 1 are the digram frequencies (The table does not include digrams whose relative

frequencies are below 0.47)

The Example of Cryptanalysis

• Make some tentative assignments and start to fill them in the

plaintext

• Then, See if it looked like a reasonable skeleton of a message,

• If needed, look for other regularity, such as deducing the

plaintext equivalents from repeating sequences of cipher letters

• The most common digraph are “ZW”, in ciphertext and “th“ in

English

• Then , try to equate p with e ( the letters with the most relative frequency in CT & PT)

- the ZWP apperars in CT

- the most frequent trigraph is “the” in English

-

The Example of Cryptanalysis

• Next, notice the sequence ZWSZ in the first line.

-We can quess that it is the form th_t.

-Therefore, S equates with a.

• So far, we have :

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ

t a e e te a t h at e e a a

VUEPHZHMDZSHZOWSFPAPPDTSVPQZWYMXUZUHSX

e t ta t h a e ee a e th t a

EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

e e e tat e the t

-

Cryptanalysis of Monoalphabetic

• Two main methods to lessen the frequency regularity

of letters in ciphertext are :

- To encrypt multiple letters of plaintext at a time

(Multiple-letter Encryption)

- To use multiple cipher alphabets for a plaintext alphabet

(Polyalphabetic Ciphers)

-

Playfair Algorithm

• This is the best known multiple-letter encryption.

• Treats digraphs in the plaintext as single units

• Translates these units into ciphertext digraphs.

• Is based on the use of a 5x5 matrix of letters

constructed by using a keyword.

Playfair Algorithm

• An example matrix

• The keyword is “MONARCHY”

• The keyword is filled into the matrix from left to right

and from top to bottom.

• Then, other letters are filled into the matrix by the

same way with alphabetic order.

M O N A R

C H Y B D

E F G I/J K

L P Q S T

U V W X Z

How Secure is the Playfair Cipher?

• Encryption rules:

– Repeating plaintext letters are separated with a filler letter,

such as x.(balloon -> ba lx lo on)

– Letters in the same row are each replaced by the letter to

right.(ar-> RM)

– Letters in the same column are each replaced by the letter

beneath.(mu->CM)

– Otherwise, each letter is replaced by the letter crossed at the

its row and column of the other letter in the digraph.(ea->IM)

Playfair Algorithm

• A great advance over monoalphabetic ciphers.

– There are not 26 letters, but 26x26=676 digraphs.

– More difficult to identify each digraph.

– Much more difficult for frequency analysis due to a much

greater frequency range of individual letters than that of

digraph.

– Used as the standard field system by the British Army in

World War Ⅰ & Ⅱ.

• Despite this level of confidence in its security, the

Playfair cipher is in fact relatively easy to break

because it still leaves much of the structure of the

plaintext language intact.

Relative Frequency of Occurrence of Letters

0

10

20

100

60

50

40

30

90

80

70

2 4 6 8 10 12 14 16 18 20 22 24 26

Plaintext

Playfair cipher

Vigenere cipher

Random polyalphabetic cipher

How Secure is the Playfair Cipher?

The cryptanalysis of the Playfair cipher is also aided by the

fact that a digram and its reverse will encrypt in a similar

fashion.

•if AB encrypts to XY, then BA will encrypt to YX

•Example of words that begin and end in reversed digrams:

receiver, departed, repairer, redder, denuded, etc.

Polyalphabetic Ciphers

• Use of different monoalphabetic substitutions

through enciphering the plaintext.

• Common features in these techniques

– A set of related monoalphabetic substitution rules is used. (the 26 Caesar

cipher rules)

– A key determines which particular rule is chosen for a given

transformation.

– The key is a repeating keyword.

Vigenère Cipher

• The best-known and simplest polyalphabetic

substitution cipher.

• Encryption process

– Use of the Vigenère tableau which is a matrix of 26x26.

– The matrix consists of 26 cipher letters at horizontal line, the

key letter for each cipher to its left, and 26 normal letters on the

top horizontal line.

– A cipher letter is determined at the cross of a key letter(x) and a

normal letter(y), i.e. C=I(x,y), I=intersection

Vigenère Cipher

• To encrypt a message,

– A key is needed that is as long as the message

– So, the key is a repeating keyword.

• For example,

– The keyword is “deceptive”.

– The message is “we are discovered save yourself”.

– Then

Key: d e c e p t i v e d e c e p t i v e d e c e p t i v e

Plaintext: w e a r e d i s c o v e r e d s a v e y o u r s e l f

Ciphertext: ZICVTWQNGRZVTWAVZHCQYGLMGJ

Vigenère Cipher

The Modern Vigenère Cipher

Vigenère Cipher

• Strength

– Multiple ciphertext letters for each plaintext letter

– The letter frequency information obscured

– An improvement achieved over the Playfair cipher.

• However, the structure of plaintext is still remained. So frequency analysis is still effective

• And the periodic nature of the keyword due to its length – Will produce identical ciphertext sequences from the two

identical sequences of plaintext letters occurred at an integer multiple of the keyword length

Cryptanalysis of Vigenère Cipher

• First, guess that the ciphertext was encrypted by either monoalphabetic substitution or a Vigenère Cipher.

- If a monoalphabetic substitution is used,

the statistical properties of the ciphertext

should be used.

- if a Vigenère is used,

the progress depends on determining the

length of the keyword.

Cryptanalysis of Vigenère Cipher

• How to determine the keyword length:

- Two identical sequences of plaintext might

generate identical ciphertext sequences at a

distance with an integer multiple of the

keyword length.

- Two instances of the sequence “red” are

separated by 9 character positions.

i.e. red =>VTW

Cryptanalysis of Vigenère Cipher

• From the appearance of VTW twice, the opponent could guess the keyword is either 3 or 9 letters in length.

• If the keyworld length is N, then the cipher consists of N monoalphabetic substitution ciphers.

- the known frequency characteristics of

plaintext language can be used to attack

this cipher

Cryptanalysis of Vigenère Cipher

• To avoid the above drawback,

- Eliminate the periodic nature by using

a nonrepeating keyword

- Vigenère proposed an autokey system a

keyword is concatanated with the plaintext

itself to provide a running key.

- for example,

key: deceptivewearediscoveredsav

plaintext: wearediscoveredsaveyourself

ciphertext: ZICVTWQNGKZEIIGASXSTSLVVWLA

• Rearrangement (permutation) of the letter order

without altering the actual letters used.

• Rail fence technique: the simplest one.

– Write the plaintext down a sequence of columns

– Read off as a sequence of rows

• For example, the message “meet me after the party” is

encrypted with a rail fence of depth 2 as below:

mematrhpry

⇒ MEMATRHPRYETEFETEAT etefeteat

Transposition Ciphers

• A more complex scheme :

– Write the message in a rectangle, row by row

– Read off column by column

– But, permute the order of the columns

– Then, the order of columns becomes the key.

• A much more complex scheme :

– Perform more than one stage of column permutation

Transposition Ciphers

• FOR EXAMPLE

– The message is “attack postponed until two am”

– Using one stage of transposition:

– Using two stages of transpositions:

Key: 4 3 1 2 5 6 7 Plaintext: a t t a c k p

o s t p o n e d u n t i l t w o a m x y z

Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPEZ

Key: 4 3 1 2 5 6 7 Plaintext: t t n a a p t

m t s u o a o D w c o i x K N l y P e t Z

Ciphertext: NSCYAUOPTTWLTMDNAOIEPAXTTOKZ

Transposition Ciphers