classic crypto assignment 2009 - website staff ui...
TRANSCRIPT
CLASSICAL CRYPTOGRAPHYA Brief Reference for “Self Build Crypto” assignment
CLASSICAL CRYPTOGRAPHY
Cryptography is the study of secret (crypto-) writing (-graphy) writing (-graphy)
Concerned with developing algorithms which may be used to:
Conceal the context of some message from all except the sender and recipient (privacy or secrecy), and/or Verify the correctness of a message to the recipient Verify the correctness of a message to the recipient (authentication or integrity)
Basis of many technological solutions to computer and i ti it bl communications security problems
BASIC TERMINOLOGY
CryptographyThe art or science encompassing the principles and methods of transforming message an intelligible into one that is unintelligible, and then retransforming that message back to its original form
PlaintextThe original intelligible message
CiphertextThe transformed message
CipherC p eAn algorithm for transforming an intelligible message into one that is unintelligible by transposition and/or substitution methods
KeySome critical information used by the cipher, known only to the sender & receiver
Basic Terminology - 2 Encipher (encode)
Process of converting plaintext to ciphertext using a cipher and a key
Decipher (decode) The process of converting ciphertext back into plaintext using a The process of converting ciphertext back into plaintext using a cipher and a key
Cryptanalysis (codebreaking)Th t d f i i l d th d f t f i The study of principles and methods of transforming an unintelligible message back into an intelligible message withoutknowledge of the key.
CCryptologyThe field encompassing both cryptography and cryptanalysis
Basic Terminology - 3 Encryption
The mathematical function mapping plaintext to ciphertext using h ifi d kthe specified key:
Y = EK(X)Decryption
The mathematical function mapping ciphertext to plaintext using the specified key:
X = DK(Y) = EK-1(Y)K K
Cryptographic systemThe family of transformations from which the cipher function E is chosen EK is chosen
SIMPLIFIED CONVENTIONAL ENCRYPTION MODEL
Conventional
Not secret
Private-Key (⇔ Public-Key)Secret-KeySingle-KeySymmetric (⇔ Asymmetric)Symmetric (⇔ Asymmetric)
CONVENTIONAL CRYPTOSYSTEM MODEL
CRYPTANALYSIS
P f tt ti t di X K b thProcess of attempting to discover X or K or both.Various types of cryptanalytic attacks
EXHAUSTIVE KEY SEARCH
Always theoretically possible to simply try every key Most basic attack, directly proportional to key size A ith k i h l i t t i Assume either know or can recognize when plaintext is found
Average Time Required for Exhaustive Key Search
UNCONDITIONAL AND COMPUTATIONAL SECURITY
Unconditionally secureNo matter how much computer power is available, the i h t b b k i th i h t t id cipher cannot be broken since the ciphertext provides
insufficient information to uniquely determine the corresponding plaintext
Computationally secureThe cost of breaking the security exceeds the value of the The cost of breaking the security exceeds the value of the secured service or information.The time required to break the security exceeds the useful lifetime of the informationuseful lifetime of the information
STEGANOGRAPHY“The art of covered writing”The art of covered writing“Security by obscurity”Hide messages in other messages.g gConceal the existence of messageConceal what you are communicating (Sending encrypted messages would make you a spy)messages would make you a spy)
Character marking. Overwrite with a pencilInvisible ink, - Pin punctures, - First letter of each wordLetter position on page, - Drawings, - CodesTypewriter correction ribbonTypewriter correction ribbonMicrodots
Digital steganographyDigital steganographySpread spectrum
Steganography - ExampleNews Eight Weather: Tonight increasing snow. Unexpected precipitation Smothers Eastern towns. Be extremely cautious and use snowtires especiallyheading east. The highways are knowingly slippery. Highway evacuation is g g y g y pp y g ysuspected. Police report emergency situations in downtown ending nearTuesday
First letter of each word yields: Newt is upset because he thinks he is President
This example was created by Neil F. Johnson, and was published in Steganography Technical Report TR 95 11 nfj 1995Steganography,Technical Report TR_95_11_nfj, 1995. URL: http://www.jjtc.com/pub/tr_95_11_nfj/
From WWII German spy (Kahn):Apparently neutral’s protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on by products, ejecting
t d t bl Oilsuets and vegetable Oils.
Second letter of each word yields: Pershing sails from NY June 1.
Steganography - Exercise
What is the messageembedded in theleft figure?
CLASSICAL ENCRYPTION TECHNIQUES
Substitution TechniquesCaesar CipherpMonoalphabetic CiphersPlayfair CipherHill CipherHill CipherPolyalphabetic Ciphers
T iti (P t ti ) T h iTransposition (Permutation) TechniquesRail Fence TechniqueBlock (Columnar) Transposition Technique
Product TechniquesSubstitution and transposition ciphers are concatenatedSubstitution and transposition ciphers are concatenated
CAESAR CIPHER
2000 years ago, by Julius CaesarA simple substitution cipher, known as Caesar cipherA simple substitution cipher, known as Caesar cipherReplace each letter with the letter standing 3 places further down the alphabet
Plain: meet me after the toga partyPlain: meet me after the toga partyCipher: PHHW PH DIWHU WKH WRJD SDUWB
ci=E(pi)=(pi+3) mod 26; p =D(c )=(c 3) mod 26pi=D(ci)=(ci-3) mod 26No key, just one mapping (translation)
Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ Ci h DEFGHIJKLMNOPQRSTUVWXYZABCCipher: DEFGHIJKLMNOPQRSTUVWXYZABC
GENERALIZED CAESAR CIPHER
Can use any shift from 1 to 25, i.e., replace each letter by a letter a fixed distance awayby a letter a fixed distance awayci=E(pi)=(pi+k) mod 26; p=D(ci)=(ci-k) mod 26Shift cipherKey = kKey letter: the letter a plaintext A maps toKey letter: the letter a plaintext A maps to
e.g. a key letter of F means A maps to F, B to G, …, Y to D, Z to E
H h 26 (25 f l) i hHence have 26 (25 useful) ciphersKey space = 26
Brute-Force Cryptanalysis of Caesar Cipher
AFFINE CIPHER
ci=E(pi)=(k1pi+k2) mod 26; gcd(k1,26)=1
p =D(c )=(k -1(c k )) mod 26pi=D(ci)=(k1 1(ci-k2)) mod 26
Key = (k1, k2)
Number of keys = 12x26 = 312Number of keys 12x26 312
Caesar/Shift ciphers are special cases of affine ciphers
MONOALPHABETIC SUBSTITUTION CIPHERS
Further generalization of the Caesar cipher,Plain:
ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ Cipher:
DEFGHIJKLMNOPQRSTUVWXYZABC
i bt i d b ll i t ti f 26 is obtained by allowing any permutation of 26 characters for the cipher
Key size = 26Key space = 26! ≈ 4x1026
Unique mapping of plaintext alphabet to ciphertext alphabet Monoalphabeticalphabet Monoalphabetic
For a long time thought secure, but easily breakable by frequency analysis attack
RELATIVE FREQUENCY OF LETTERS IN ENGLISH TEXT
FREQUENCY STATISTICS OF LANGUAGE
In addition to the frequency info of single letters, the frequency info of two-letter (digram) or three-letter ( i ) bi i b d f h (trigram) combinations can be used for the cryptanalysis
Most frequent digramsTH, HE, IN, ER, RE, AN, ON, EN, AT
Most frequent trigramsTHE, ING, AND, HER, ERE, ENT, THA, NTH, WAS, ETH, FOR, DTH
HOMOPHONES
Monoalphabetic substitution ciphers are easy to cryptanalyze through letter frequency analysisM lti l b tit t (h h ) f i l l tt Multiple substitutes (homophones) for a single letter can be used to hide the single-letter frequency informationB t ith h h lti l l tt tt But even with homophones, multiple-letter patterns (e.g. digram frequencies) still survive in the ciphertext
T h f hi blTwo approaches for this problemEncrypt multiple letters of plaintext
Playfair cipherHill cipherHill cipher
Use multiple cipher alphabetsPolyalphabetic cipher
PLAYFAIR CIPHER
Best-known multiple-letter substitution cipherDigram cipher (diagram to digram, i.e., E(pipi+1)=cici+1th h k b d 5 5 t f ti t bl )through key-based 5x5 transformation table)
Keyword = monarchyM O N A RC H Y B D
Plaintext: H S E A A R M UCiphertext: B P I M R M C M
C H Y B DE F G I/J KL P Q S TU V W X Z
Great advance over simple monoalphabetic cipher
U V W X Z
(26 letters ⇔ 26x26=676 digrams)Still leaves much of the structure of the plaintext language relatively easy to breaklanguage relatively easy to breakCan be generalized to polygram cipher
Relative Frequency of Occurrence of LettersLetters
HILL CIPHER
Multiletter cipherTakes m successive plaintext letters and substitutes for Takes m successive plaintext letters and substitutes for them m ciphertext letters3x3 Hill cipher: c1 = (k11p1 + k12p2 + k13p3) mod 26
c = (k p + k p + k p ) mod 26
C E (P) KP P D (C) K 1C K 1KP P
c2 = (k21p1 + k22p2 + k23p3) mod 26c3 = (k31p1 + k32p2 + k33p3) mod 26
C = EK(P) = KP; P=DK(C)=K-1C = K-1KP = Pm x m Hill cipher hides (m-1)-letter frequency infoStrong against for the plaintext only attack but easily Strong against for the plaintext-only attack, but easily broken with known plaintext attack
with m plaintext-ciphertext pairs, each of length m; K = CP-1
POLYALPHABETIC CIPHER
Typically a set of monoalphabetic substitution rules is usedusedKey determines which rule to use
VIGENÈRE CIPHER
Best-known polyalphabetic ciphersEach key letter determines one of 26 Caesar (shift) ciphersEach key letter determines one of 26 Caesar (shift) ciphersci = E(pi) = pi + ki mod(key length)
Example:pKey: deceptivedeceptivedeceptivePlaintext: wearediscoveredsaveyourselfCipheretxt: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Keyword is repeated to make a key as long as the plaintextGiven a sufficient amount of ciphertext, common sequences are repeated, exposing the period (keyword length) Target of the cryptanalysislength) Target of the cryptanalysis
Vigenère cipher - 2g p
VIGENÈRE CIPHER - 3
If the keyword length is N, then Vigenère cipher, in effect, consists of N monoalphabetic substitution ciphersImprovement over the Playfair cipher, but language structure and p y p , g gfrequency information still remain
Vigenère autokey system: after key is exhausted, use plaintext for running key (to eliminate the periodic nature)
K d ti di d
Key and plaintext share the same frequency distribution of letters
Key: deceptivewearediscoveredsavPlaintext: wearediscoveredsaveyourselfCipheretxt: ZICVTWQNGKZEIIGASXSTSLVVWLA
Key and plaintext share the same frequency distribution of letters a statistical technique can be used for the cryptanalysis, (e.g., e
enciphered with e would occur with a frequency of (0.1275)2 ≈0.0163, t enciphered with t would occur with a frequency of (0 0925)2 0 0086 t )(0.0925)2 ≈ 0.0086, etc.)
ONE-TIME PAD
Perfect substitution cipherUse a random key (pad) which is as long as the message, with no repetitions.
Key distribution is a problemKey distribution is a problemOr, random key stream generation is a problem
With such key, plaintext and ciphertext are With such key, plaintext and ciphertext are statistically independentUnconditionally secure
TRANSPOSITION (PERMUTATION) TECHNIQUESHid th b i th l tt d ith t Hide the message by rearranging the letter order without altering the actual letters usedRail Fence Cipher
Write message on alternate rows and read off cipher row by Write message on alternate rows, and read off cipher row by rowExample:
M e m a t r h t g p r y MEMATRHTGPRYETEFETEOAAT
Block (Columnar) Transposition CiphersMessage is written in rectangle, row by row, but read off column by column; The order of columns read off is the key
e t e f e t e o a a tMEMATRHTGPRYETEFETEOAAT
column by column; The order of columns read off is the keyExample:
Key: 4 3 1 2 5 6 7Plaintext: a t t a c k p
o s t p o n e
G li ti lti l t iti
o s t p o n ed u n t I l tw o a m x y z
Ciphertext:TTNAAPTMTSUOAODWCOIXKNLYPETZGeneralization: multiple transpositions
ROTOR MACHINES
Mechanical cipher machines, extensively used in WWII; Germany (Enigma), Japan (Purple), Sweden (Hagelin)
• Each rotor corresponds to a psubstitution cipher
• A one-rotor machine produces a polyalphabetic cipher with period 26polyalphabetic cipher with period 26
• Output of each rotor is input to next rotorAft h b l th “f t” t i • After each symbol, the “fast” rotor is rotated
• After a full rotation, the adjacent t i t t d (lik d )rotor is rotated (like odometer)
- An n rotor machine produces a polyalphabetic cipher with period 26n
Three-Rotor Machines