classical ciphers

CSCI 284/162

Spring 2008

GWU

Classical Ciphers

04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers

2

Formal definition: cryptosystem

A cryptosystem consists of: P set of all plaintext C set of all ciphertext K set of all keys

E set of encryption rules, eK: P C

D set of decryption rules dK : C P

dK eK(x) = x

dK eK invertible and inverses of each other


3

Typical Scenario

• Alice and Bob choose a key, K K when they are unobserved or communicating on a secure channel

• If Alice wants to send Bob a message,

x1x2x3x4…xn

She sends:

y1y2y3y4…yn

Where yi = eK(xi)

xi is a symbol from the alphabet


4

Encryption is an invertible functionInversion should be somewhat easier than a lookup table, because both Alice and Bob would need the entire lookup table. “Structure” in the encryption function enables encryption and decryption without a lookup table.

However, structure helps adversary decryptP

C


5

Example of Encryption: 1Shift Cipher on English Alphabet

P = C = K = English Alphabet

Example: key = D

A B C D E F G H I J

D E F G H I J K L M


6

Examples for students to do in class2 minutes for first two, 3 for third

Key = Y

Encrypt: math is cool

Key=C

Decrypt: uqctgdgpcpfawcp

Unknown key

Decrypt: vdvdqdsnkcsnrzxrn

Brute force: try every key; requires only 26 attempts


7

Shift Cipher

P = C = K = Zm = {0, 1, ….. m-1} = set of remainders on division by m

m=26 for English, 0 corresponds to a

eK(x) = x + k mod m where “mod m” provides the remainder on dividing by m

dK(x) = x - k mod m


8

Example of Encryption: 2Affine Cipher on English Alphabet

P = C = English Alphabet

Key = (a, b) (more mathematical details later)

eK(x) = ax + b mod m

dK(x) = ? (do next week)

Encryption example: key = (2, 3)

a b c d

D F G J


9

Example of Encryption: 3Vigenère Cipher

Shift cipher with a different key for each letter: a e i o u plaintextf g y l o keyFKGZI

Key:cipherCiphertext: LIAA Decrypts to: salt(note that two different letters in plaintext go to the

same letter in ciphertext)


10

Definition: Vigenère Cipher

P = C = K = (Zm)n

For K = (k1, k2, k3, …kn)

eK(x1, x2, x3, …xn) = (x1+k1, x2+k2, x3+k3, …xn+kn)

Alphabet is Zm, encryption done in blocks of n symbols

dK(x1, x2, x3, …xn) = (x1-k1, x2-k2, x3-k3, …xn-kn)(addition and subtraction understood to be mod m)

Number of keys=mn Cryptanalysis: difficult; brute force requires trying each

key


11

Example of Encryption: 4 Permutation Cipher

x 1 2 3 4 5

(x) 3 2 5 1 4

x 1 2 3 4 5

-1(x)

Encrypt: canwegohomenow

Fill in:


12

Definition: Permutation Cipher

P = C = (Zm)n

K = { | a permutation of {1, 2, ….n}}

e (x1, x2,…xn) = (x (1), x (2),…x (n))

d (x1, x2,…xn) = (x -1(1), x -1(2),…x -1(n))


13

Special Permutation Cipherperhaps the oldest known cipher

classisboringtoday

C L A S SI S B O RI N G T OD A Y α β

α β can be anythingCiphertext: C I I D L S N

A A B G Y S O T α S R O β

Such a permutation resulted from wrapping a belt around a baton, and writing the message across. When the belt is unwrapped, the ciphertext appears along it. The width of the baton is the key. Used by Greek soldiers to carry messages.

How about a cipher with many, many possible keys?


15

ABCDEFGHIJKLMNOPQRSTUVWXYZ

cjmzuvywrdbunjoxaeslptfghi

Different key for each letter in the alphabet?

A letter goes to another one.

Each time a letter appears in the message it encrypts to the same letter in the ciphertext

How about using many, many keys?


16

P = C = Zm

K = all permutations of Zm

e(x) = (x)

d(y) = -1(y)

The key is the table: 26! Keys for English alphabet

Brute force could be expensive

Example of Encryption: 5Substitution cipher


17

Substitution cipher - cryptanalysis

lxr rwq zoazqgr sfuqb bqabq virw gxlkiz uqnb, vwqjq ir bIsgkn sqfab fggkniay rwq gjicfrq rjfabmojsfrioa mijbr fad rwqa rwq gxlkiz oaq. wq wfcq aorqd rwfr f sfeoj gjolkqs virw gjicfrq uqnb ib rwq bwqqj axslqj om uqnb f biaykq xbqj wfb ro brojq fad rjfzu. virw gxlkiz uqnb, oakn rvo uqnb fjq aqqdqd gqj xbqj: oaq gxlkiz fad oaq gjicfrq. Kqr xb bqq vwfr dimmejqazq rwib sfuqb ia rwq axslqj om uqnb aqqdqd.


18

Substitution cipher – cryptanalysisfrequency table of letters in ciphertext

• a 22• b 24• c 4• d 9• e 2• f 21• g 13• h• i 20• j 16• k 10• l 8• m 6

• n 9• o 15• p• q 51• r 28• s 9• t• u 9• v 7• w 16• x 10• y 2• z 8


19

Frequency of occurrence

• English (every 1000)

E 127

T 91

A 82

O 75

I 70

N 67

S 63

H 61

R 60

D 43

L 40

C 28

• Ciphertext

q 51r 28b 24a 22f 21i 20j 16w 16o 15g 13x 10k 10d 9

U 28M 24

W 23

F 22

G 20

Y 20

P 19

B 15

V 10

K 8J 2Q 1X 1Z 1

u 9

n 9

s 9

l 8z 8v 7m 6c 4e 2y 2h 0t 0p 0

From StinsonFrom Stinson


20

q = E

lxr rwE zoazEgr sfuEb bEabE virw gxlkiz uEnb, vwEjE ir bIsgkn sEfab fggkniay rwE gjicfrE rjfabmojsfrioa mijbr fad rwEa rwE gxlkiz oaE. vE wfcE aorEd rwfr f sfeoj gjolkEs virw gjicfrE uEnb ib rwE bwEEj axslEj om uEnb f biaykE xbEj wfb ro brojE fad rjfzu. virw gxlkiz uEnb oakn rvo uEnb fjE aEEdEd gEj xbEj: oaE gxlkiz fad oaE gjicfrE. kEr xb bEE vwfr dimmejEazE rwib sfuEb ia rwE axslEj om uEnb aEEdEd.


21

Digrams/Trigrams in order of frequency of occurrence (letters following E in bold)

• Digrams

TH

HE

IN

ER

AN

RE

ED

ON

ES

ST

EN

AT

• TrigramsTHEINGANDHEREREENTTHANTHWASETHFORDTH

TO

NT

HA

ND

OU

EA

NG

AS

OR

TI

IS

ET

IT

AR

TE

SE

HI

OF

From StinsonFrom Stinson


22

To count digrams/trigrams containing E in ciphertext

lxr rwE zoazEgr sfuEb bEabE virw gxlkiz uEnb vwEjE ir bIsgkn sEfab fggkniay rwE gjicfrE rjfabmojsfrioa mijbr fad rwEa rwE gxlkiz oaE. vE wfcE aorEd rwfr f sfeoj gjolkEs virw gjicfrE uEnb ib rwE bwEEj axslEj om uEnb f biaykE xbEj wfb ro brojE fad rjfzu. Virw gxlkiz uEnb, oakn rvo uEnb fjE aEEdEd gEj xbEj: oaE gxlkiz fad oaE gjicfrE. kEr xb bEE vwfr dimmejEazE rwib sfuEb ia rwE axslEj om uEnb aEEdEd.

En 6 Ej 6 Ed 5 Ea 2 Eb 2 Er 1 Ef 1 Es 1 Eg 1 ER ED ES EN EA ETuE 8 wE 8 aE 5 bE 5 rE 4 kE 3 jE 3 dE 2 zE 2 gE 1 vE 1 cE lE 1 sE 1HE RE TE SE

TAOI NSHRD r b af i j wogxkdj=R; d = D; b or a = S; w = H;


23

q = E; j=R; w=H; d=D

lxr rHE zoazEgr sfuEb bEabE virH gxlkiz uEnb vHERE ir bIsgkn sEfab fggkniay rHE gRicfrE rRfabmoRsfrioa miRbr fad rHEa rHE gxlkiz oaE. vE HfcE aorEd rHfr f sfeoR gRolkEs virH gjicfrE uEnb ib rHE bHEER axslER om uEnb f biaykE xbER Hfb ro broRE fad rRfzu. HirH gxlkiz uEnb, oakn rvo uEnb fRE aEEdEd gER xbER: oaE gxlkiz fad oaE gRicfrE. kEr xb bEE vHfr dimmeREazE rHib sfuEb ia rHE axslER om uEnb aEEdEd.

TAOI NSr b af i ogr = T


24

q = E; j=R; w=H; r=T; d=D

lxT THE zONzEgr MAuES SENSE WITH gxlkIz uEnS WHERE IT SIMgkn MEANS AggknINy THE gRIcATE TRANSFORMATION FIRST AND THEN THE gxlkIz ONE. WE HAVE NOTED THAT A MAJOR PROlkEM WITH PRIVATE uEnS IS THE SHEER NxMlER OF uEnS A SIaykE xSER HAS TO STORE AND TRAzu. WITH gxlkIz uEnS, ONkn TWO uEnS ARE NEEDED gER xSER: ONE PxlkIz AND ONE PRIVATE. kET xS SEE WHAT DImmeRENzE THIS sAuESIN THE NxBlER OF uEnS NEEDED.

O NSb a ogv=W; i=I; f=A; b=S; o=O; m=F; a=N; s=M; c=V; g=P; e=J;


25

Substitution cipher - cryptanalysis

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z f l z d q m y w i e u k s a o g t j b r x c v h n p

BUT THE CONCEPT MAKES SENSE WITH PUBLIC KEYS WHERE IT SIMPLY MEANS APPLYING THE PRIVATE TRANSFORMATION FIRST AND THEN THE PUBLIC ONE. WE HAVE NOTED THAT A MAJOR PROBLEM WITH PRIVATE KEYS IS THE SHEER NUMBER OF KEYS A SINGLE USER HAS TO STORE AND TRACK. WITH PUBLIC KEYS ONLY TWO KEYS ARE NEEDED PER USER ONE PUBLIC AND ONE PRIVATE. LET US SEE WHAT DIFFERENCE THIS MAKES IN THE NUMBER OF KEYS NEEDED.


26

Substitution cipher – cryptanalysis algorithm

• Look for “a”/”I”• Compute frequency of single letters; compare to that

of English• Compute frequency of digrams, compare to that of

English• Compute frequency of trigrams, compare to that of

English

• Etc.


27

Substitution cipher – strengths and weaknesses

• Strengths:– Not vulnerable to brute force attacks– Encryption and decryption requires low computational

overhead, though more than Shift cipher– Ciphertext not longer than plaintext

• Weaknesses:– Vulnerable to statistical attack if language/message has

statistical structure– Requires storage of key table


28

Substitution cipher – lessons learnt

• In spite of 26! possible keys, can break, because of structure of message

• Can we make message without statistical structure?– Yes:

• Well-compressed images/sound/video• Zip files

Mathematical formulation


30

Zm

Definition: a b (mod m) m divides a-b a and b have the same remainder when divided by m

We define a mod m to be the unique remainder of a when divided by m

Zm is the “ring” of integers modulo m: The set of all possible remainders on division with m: 0, 1, 2, …m-1 with normal addition and multiplication, performed

modulo m


31

Need: Some group theory

What is a group? • A set of elements G with

• An additive operation such that– G is closed under the operation, i.e. if a, b G, so does a b– The operation is associative, i.e. (a b) c = a (b c)– An identity exists and is in G, i.e. e G, s.t. e g = g e = g Every element has an inverse in G, i.e.

g G g-1 G s.t g g-1 = e


32

Multiplicative and additive groups

The group operation can be addition or multiplication

• Example 1: Zn: An additive group for all n (do an example for n=4)


33

Multiplicative Group

Zp \ {0} = {1, 2, … n-1} is a multiplicative group for n prime

Example: n=5

Students work out group properties

x(?) = 1 (mod 5)

?=x-1

Students find all inverses by trial and error


34

Not a multiplicative group

Zn \ {0} = {1, 2, … n-1} is not a multiplicative group for n composite

Example n=6

Students find elements without inverses


35

Shift Cipher: generalized further

P = C = K = G

eK(x) = x g = x + g mod m (for G = Zm)

dK(x) = x g-1 = x – g mod m

Need two operations for affine cipher: addition and multiplication. Need to define a ring.


36

Properties of Zm (definition of a ring)

• Closed under addition () and multiplication ()If a, b Zm then a b, a b Zm

• Addition and multiplication are commutative and associativeIf a, b Zm then

a b = b a

a b = b a(a b) c = a (b c) and

(a b) c = a (b c)


37

Properties of Zm – contd.

• Additive and multiplicative identities in Zm

Additive identity is 0 mod m

Multiplicative identity is 1 mod m

• Distributive property holdsFor a,b,c Zm

(a b) c = (a c) (b c) and

a (b c) = (a b) (a c)


38

Properties of Zm – contd.

• Additive inverse?

A number y such that x y = 0 for all x in Zm

Zm/ring contains additive inverse

• Multiplicative inverse?

A number y such that x y = 1 for all x in Zm

Zm/ring need not contain multiplicative inverse


39

Affine Cipher

P = C = R (R is the ring)

K R R

eK(x) = ax + b

dK(x) = a-1 (x – b)

When is a invertible? We do this next week.

Inverse wrt

Inverse wrt

classical ciphers

Documents