classical ciphers
DESCRIPTION
Classical Ciphers. CSCI 284/162 Spring 2008 GWU. Formal definition: cryptosystem. A cryptosystem consists of: P set of all plaintext C set of all ciphertext K set of all keys E set of encryption rules, e K : P C D set of decryption rules d K : C P d K e K (x) = x - PowerPoint PPT PresentationTRANSCRIPT
CSCI 284/162
Spring 2008
GWU
Classical Ciphers
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
2
Formal definition: cryptosystem
A cryptosystem consists of: P set of all plaintext C set of all ciphertext K set of all keys
E set of encryption rules, eK: P C
D set of decryption rules dK : C P
dK eK(x) = x
dK eK invertible and inverses of each other
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
3
Typical Scenario
• Alice and Bob choose a key, K K when they are unobserved or communicating on a secure channel
• If Alice wants to send Bob a message,
x1x2x3x4…xn
She sends:
y1y2y3y4…yn
Where yi = eK(xi)
xi is a symbol from the alphabet
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
4
Encryption is an invertible functionInversion should be somewhat easier than a lookup table, because both Alice and Bob would need the entire lookup table. “Structure” in the encryption function enables encryption and decryption without a lookup table.
However, structure helps adversary decryptP
C
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
5
Example of Encryption: 1Shift Cipher on English Alphabet
P = C = K = English Alphabet
Example: key = D
A B C D E F G H I J
D E F G H I J K L M
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
6
Examples for students to do in class2 minutes for first two, 3 for third
Key = Y
Encrypt: math is cool
Key=C
Decrypt: uqctgdgpcpfawcp
Unknown key
Decrypt: vdvdqdsnkcsnrzxrn
Brute force: try every key; requires only 26 attempts
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
7
Shift Cipher
P = C = K = Zm = {0, 1, ….. m-1} = set of remainders on division by m
m=26 for English, 0 corresponds to a
eK(x) = x + k mod m where “mod m” provides the remainder on dividing by m
dK(x) = x - k mod m
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
8
Example of Encryption: 2Affine Cipher on English Alphabet
P = C = English Alphabet
Key = (a, b) (more mathematical details later)
eK(x) = ax + b mod m
dK(x) = ? (do next week)
Encryption example: key = (2, 3)
a b c d
D F G J
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
9
Example of Encryption: 3Vigenère Cipher
Shift cipher with a different key for each letter: a e i o u plaintextf g y l o keyFKGZI
Key:cipherCiphertext: LIAA Decrypts to: salt(note that two different letters in plaintext go to the
same letter in ciphertext)
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
10
Definition: Vigenère Cipher
P = C = K = (Zm)n
For K = (k1, k2, k3, …kn)
eK(x1, x2, x3, …xn) = (x1+k1, x2+k2, x3+k3, …xn+kn)
Alphabet is Zm, encryption done in blocks of n symbols
dK(x1, x2, x3, …xn) = (x1-k1, x2-k2, x3-k3, …xn-kn)(addition and subtraction understood to be mod m)
Number of keys=mn Cryptanalysis: difficult; brute force requires trying each
key
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
11
Example of Encryption: 4 Permutation Cipher
x 1 2 3 4 5
(x) 3 2 5 1 4
x 1 2 3 4 5
-1(x)
Encrypt: canwegohomenow
Fill in:
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
12
Definition: Permutation Cipher
P = C = (Zm)n
K = { | a permutation of {1, 2, ….n}}
e (x1, x2,…xn) = (x (1), x (2),…x (n))
d (x1, x2,…xn) = (x -1(1), x -1(2),…x -1(n))
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
13
Special Permutation Cipherperhaps the oldest known cipher
classisboringtoday
C L A S SI S B O RI N G T OD A Y α β
α β can be anythingCiphertext: C I I D L S N
A A B G Y S O T α S R O β
Such a permutation resulted from wrapping a belt around a baton, and writing the message across. When the belt is unwrapped, the ciphertext appears along it. The width of the baton is the key. Used by Greek soldiers to carry messages.
How about a cipher with many, many possible keys?
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
15
ABCDEFGHIJKLMNOPQRSTUVWXYZ
cjmzuvywrdbunjoxaeslptfghi
Different key for each letter in the alphabet?
A letter goes to another one.
Each time a letter appears in the message it encrypts to the same letter in the ciphertext
How about using many, many keys?
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
16
P = C = Zm
K = all permutations of Zm
e(x) = (x)
d(y) = -1(y)
The key is the table: 26! Keys for English alphabet
Brute force could be expensive
Example of Encryption: 5Substitution cipher
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
17
Substitution cipher - cryptanalysis
lxr rwq zoazqgr sfuqb bqabq virw gxlkiz uqnb, vwqjq ir bIsgkn sqfab fggkniay rwq gjicfrq rjfabmojsfrioa mijbr fad rwqa rwq gxlkiz oaq. wq wfcq aorqd rwfr f sfeoj gjolkqs virw gjicfrq uqnb ib rwq bwqqj axslqj om uqnb f biaykq xbqj wfb ro brojq fad rjfzu. virw gxlkiz uqnb, oakn rvo uqnb fjq aqqdqd gqj xbqj: oaq gxlkiz fad oaq gjicfrq. Kqr xb bqq vwfr dimmejqazq rwib sfuqb ia rwq axslqj om uqnb aqqdqd.
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
18
Substitution cipher – cryptanalysisfrequency table of letters in ciphertext
• a 22• b 24• c 4• d 9• e 2• f 21• g 13• h• i 20• j 16• k 10• l 8• m 6
• n 9• o 15• p• q 51• r 28• s 9• t• u 9• v 7• w 16• x 10• y 2• z 8
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
19
Frequency of occurrence
• English (every 1000)
E 127
T 91
A 82
O 75
I 70
N 67
S 63
H 61
R 60
D 43
L 40
C 28
• Ciphertext
q 51r 28b 24a 22f 21i 20j 16w 16o 15g 13x 10k 10d 9
U 28M 24
W 23
F 22
G 20
Y 20
P 19
B 15
V 10
K 8J 2Q 1X 1Z 1
u 9
n 9
s 9
l 8z 8v 7m 6c 4e 2y 2h 0t 0p 0
From StinsonFrom Stinson
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
20
q = E
lxr rwE zoazEgr sfuEb bEabE virw gxlkiz uEnb, vwEjE ir bIsgkn sEfab fggkniay rwE gjicfrE rjfabmojsfrioa mijbr fad rwEa rwE gxlkiz oaE. vE wfcE aorEd rwfr f sfeoj gjolkEs virw gjicfrE uEnb ib rwE bwEEj axslEj om uEnb f biaykE xbEj wfb ro brojE fad rjfzu. virw gxlkiz uEnb oakn rvo uEnb fjE aEEdEd gEj xbEj: oaE gxlkiz fad oaE gjicfrE. kEr xb bEE vwfr dimmejEazE rwib sfuEb ia rwE axslEj om uEnb aEEdEd.
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
21
Digrams/Trigrams in order of frequency of occurrence (letters following E in bold)
• Digrams
TH
HE
IN
ER
AN
RE
ED
ON
ES
ST
EN
AT
• TrigramsTHEINGANDHEREREENTTHANTHWASETHFORDTH
TO
NT
HA
ND
OU
EA
NG
AS
OR
TI
IS
ET
IT
AR
TE
SE
HI
OF
From StinsonFrom Stinson
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
22
To count digrams/trigrams containing E in ciphertext
lxr rwE zoazEgr sfuEb bEabE virw gxlkiz uEnb vwEjE ir bIsgkn sEfab fggkniay rwE gjicfrE rjfabmojsfrioa mijbr fad rwEa rwE gxlkiz oaE. vE wfcE aorEd rwfr f sfeoj gjolkEs virw gjicfrE uEnb ib rwE bwEEj axslEj om uEnb f biaykE xbEj wfb ro brojE fad rjfzu. Virw gxlkiz uEnb, oakn rvo uEnb fjE aEEdEd gEj xbEj: oaE gxlkiz fad oaE gjicfrE. kEr xb bEE vwfr dimmejEazE rwib sfuEb ia rwE axslEj om uEnb aEEdEd.
En 6 Ej 6 Ed 5 Ea 2 Eb 2 Er 1 Ef 1 Es 1 Eg 1 ER ED ES EN EA ETuE 8 wE 8 aE 5 bE 5 rE 4 kE 3 jE 3 dE 2 zE 2 gE 1 vE 1 cE lE 1 sE 1HE RE TE SE
TAOI NSHRD r b af i j wogxkdj=R; d = D; b or a = S; w = H;
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
23
q = E; j=R; w=H; d=D
lxr rHE zoazEgr sfuEb bEabE virH gxlkiz uEnb vHERE ir bIsgkn sEfab fggkniay rHE gRicfrE rRfabmoRsfrioa miRbr fad rHEa rHE gxlkiz oaE. vE HfcE aorEd rHfr f sfeoR gRolkEs virH gjicfrE uEnb ib rHE bHEER axslER om uEnb f biaykE xbER Hfb ro broRE fad rRfzu. HirH gxlkiz uEnb, oakn rvo uEnb fRE aEEdEd gER xbER: oaE gxlkiz fad oaE gRicfrE. kEr xb bEE vHfr dimmeREazE rHib sfuEb ia rHE axslER om uEnb aEEdEd.
TAOI NSr b af i ogr = T
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
24
q = E; j=R; w=H; r=T; d=D
lxT THE zONzEgr MAuES SENSE WITH gxlkIz uEnS WHERE IT SIMgkn MEANS AggknINy THE gRIcATE TRANSFORMATION FIRST AND THEN THE gxlkIz ONE. WE HAVE NOTED THAT A MAJOR PROlkEM WITH PRIVATE uEnS IS THE SHEER NxMlER OF uEnS A SIaykE xSER HAS TO STORE AND TRAzu. WITH gxlkIz uEnS, ONkn TWO uEnS ARE NEEDED gER xSER: ONE PxlkIz AND ONE PRIVATE. kET xS SEE WHAT DImmeRENzE THIS sAuESIN THE NxBlER OF uEnS NEEDED.
O NSb a ogv=W; i=I; f=A; b=S; o=O; m=F; a=N; s=M; c=V; g=P; e=J;
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
25
Substitution cipher - cryptanalysis
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z f l z d q m y w i e u k s a o g t j b r x c v h n p
BUT THE CONCEPT MAKES SENSE WITH PUBLIC KEYS WHERE IT SIMPLY MEANS APPLYING THE PRIVATE TRANSFORMATION FIRST AND THEN THE PUBLIC ONE. WE HAVE NOTED THAT A MAJOR PROBLEM WITH PRIVATE KEYS IS THE SHEER NUMBER OF KEYS A SINGLE USER HAS TO STORE AND TRACK. WITH PUBLIC KEYS ONLY TWO KEYS ARE NEEDED PER USER ONE PUBLIC AND ONE PRIVATE. LET US SEE WHAT DIFFERENCE THIS MAKES IN THE NUMBER OF KEYS NEEDED.
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
26
Substitution cipher – cryptanalysis algorithm
• Look for “a”/”I”• Compute frequency of single letters; compare to that
of English• Compute frequency of digrams, compare to that of
English• Compute frequency of trigrams, compare to that of
English
• Etc.
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
27
Substitution cipher – strengths and weaknesses
• Strengths:– Not vulnerable to brute force attacks– Encryption and decryption requires low computational
overhead, though more than Shift cipher– Ciphertext not longer than plaintext
• Weaknesses:– Vulnerable to statistical attack if language/message has
statistical structure– Requires storage of key table
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
28
Substitution cipher – lessons learnt
• In spite of 26! possible keys, can break, because of structure of message
• Can we make message without statistical structure?– Yes:
• Well-compressed images/sound/video• Zip files
Mathematical formulation
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
30
Zm
Definition: a b (mod m) m divides a-b a and b have the same remainder when divided by m
We define a mod m to be the unique remainder of a when divided by m
Zm is the “ring” of integers modulo m: The set of all possible remainders on division with m: 0, 1, 2, …m-1 with normal addition and multiplication, performed
modulo m
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
31
Need: Some group theory
What is a group? • A set of elements G with
• An additive operation such that– G is closed under the operation, i.e. if a, b G, so does a b– The operation is associative, i.e. (a b) c = a (b c)– An identity exists and is in G, i.e. e G, s.t. e g = g e = g Every element has an inverse in G, i.e.
g G g-1 G s.t g g-1 = e
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
32
Multiplicative and additive groups
The group operation can be addition or multiplication
• Example 1: Zn: An additive group for all n (do an example for n=4)
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
33
Multiplicative Group
Zp \ {0} = {1, 2, … n-1} is a multiplicative group for n prime
Example: n=5
Students work out group properties
x(?) = 1 (mod 5)
?=x-1
Students find all inverses by trial and error
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
34
Not a multiplicative group
Zn \ {0} = {1, 2, … n-1} is not a multiplicative group for n composite
Example n=6
Students find elements without inverses
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
35
Shift Cipher: generalized further
P = C = K = G
eK(x) = x g = x + g mod m (for G = Zm)
dK(x) = x g-1 = x – g mod m
Need two operations for affine cipher: addition and multiplication. Need to define a ring.
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
36
Properties of Zm (definition of a ring)
• Closed under addition () and multiplication ()If a, b Zm then a b, a b Zm
• Addition and multiplication are commutative and associativeIf a, b Zm then
a b = b a
a b = b a(a b) c = a (b c) and
(a b) c = a (b c)
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
37
Properties of Zm – contd.
• Additive and multiplicative identities in Zm
Additive identity is 0 mod m
Multiplicative identity is 1 mod m
• Distributive property holdsFor a,b,c Zm
(a b) c = (a c) (b c) and
a (b c) = (a b) (a c)
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
38
Properties of Zm – contd.
• Additive inverse?
A number y such that x y = 0 for all x in Zm
Zm/ring contains additive inverse
• Multiplicative inverse?
A number y such that x y = 1 for all x in Zm
Zm/ring need not contain multiplicative inverse
04/19/23 CS284-162/Spring08/GWU/Vora/ Classical Ciphers
39
Affine Cipher
P = C = R (R is the ring)
K R R
eK(x) = ax + b
dK(x) = a-1 (x – b)
When is a invertible? We do this next week.
Inverse wrt
Inverse wrt