history of cryptography
TRANSCRIPT
![Page 1: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/1.jpg)
1
Steganography andHistory of Cryptography
Dr. Ron Rymon
Efi Arazi School of Computer Science
IDC, Herzliya. 2010/11
Pre-Requisites: None
![Page 2: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/2.jpg)
2
Overview
Steganography History of Cryptography Modern Cryptography General Model of Modern Cryptography
![Page 3: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/3.jpg)
3
Steganography
Main source: “The Code Book” / Singh
![Page 4: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/4.jpg)
4
Steganography In Greek
– Steganos = covered– Graphein = to write
Steganography is about hiding messages
Historically, secret messages were often hidden (or memorized)
Today, steganography is used primarily to protect digital rights– “watermarking” copyright notices– “fingerprinting” a serial ID
![Page 5: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/5.jpg)
5
History of Steganography(Physically Hiding)
Runners were memorizing messages– Sometimes killed after delivering the message
Demaratus tells Athens of Persia’s attack plans– Writes the secret message on a tablet, and covers it with wax
Greek Histaiaeus encouraged Aristagoras of Miletus to revolt against the Persian King.– Writes message on the shaved head of the messenger, and sends
him after his hair grew
Chinese silk balls– Message is written on silk, turned into wax-covered ball that was
swallowed by the messenger…
Invisible ink-jet technology– Ink that is too small for human eye (Univ of Buffalo, 2000)
![Page 6: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/6.jpg)
6
History of Steganography (cont.)
Invisible Ink– Certain organic fluids (milk, fruit juice) are transparent when dried but
the deposit can be charred and is then visible
– Romans used to write between the lines
– A mixture of alum and vinegar may be used to write on hardboiled eggs, so that can only be read once shell is broken
![Page 7: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/7.jpg)
7
History of Steganography (cont.)
Microdots– WW2 Germany - documents shrunk to the size
of a dot, and embedded within innocent letters– DNA microdot, embedding synthetically
formed DNA sequence (secret) into a normal DNA strand, then posting as microdot
– Inkjet dots, smaller than human eye can see– Microdots with barcode-like information
Easter eggs– Programmers embed in software
• See http://www.eeggs.com
– Claims that Beatles embedded secret messages in their music
![Page 8: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/8.jpg)
8
Hiding a message within a text An actual message from a German spy
– read second letter in each word
“Apparently, neutral’s protest is thoroughly
discounted and ignored. Isman hard hit. Blockade issue affect pretext for embargo on by
products, ejecting suets and vegetable oils.”
“Pershing Sails from NY June 1”
![Page 9: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/9.jpg)
9
Hiding a message within a text (more)
Shift some words by one point/pixel.– Shifted words (or their first letters) make the sentence
Use different fonts– Letter by letter or word by word (Francis Bacon Cipher)
Lexical steganography uses the redundancy of the English language– “I feel well” and “I feel fine” seem the same, but one
may be used to encode “SOS” Chaffing and winnowing
– Riddle text with extra parts that the receiver will know how to remove (e.g., those that don’t “authenticate”)
![Page 10: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/10.jpg)
10
Modern Steganography Hiding one message within another (“container”)
Most containers are rich media– Images, audio, video are very redundant, can be tweaked without
affecting human eye/ear– US argued that Bin Laden implanted instructions within taped interviews
Copyright notices embedded in digital art– Prove ownership– Serial number embedded to prevent replication– Seek infringements on the web using spiders
Digital cameras EXIF tags– Not secretive, but hidden from the eye– Embed info such as camera type, date, shutter speed, focal length,..
Similarly, possible to embed messages in invisible parts of html pages
![Page 11: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/11.jpg)
11
Example: use 1-2 Least Significant Bits (LSB) in each pixel– human eye wont notice the difference– message can be compressed to reduce number of bits needed– only half the bits are likely to change on average– prefer “containers” with a lot of variations
Message (M1) in an Image– Steganography is the art and science of communicating in a way which hides the existence of
the communication. In contrast to cryptography, where the "enemy" is allowed to detect, intercept and modify messages without being able to violate certain security premises guaranteed by a cryptosystem, the goal of steganography is to hide messages inside other "harmless" messages in a way that does not allow any "enemy" to even detect that there is a second secret message present [Markus Kuhn 1995-07-03].
Check out Steganos (www.steganos.com), Digimarc (www.digimarc.com)
Hiding a Message in an Image
![Page 12: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/12.jpg)
12
Example (Steganos)Original Picture Embedded Picture
With embedded picture JPG version
![Page 13: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/13.jpg)
13
Steganalysis Detection: is there a hidden message?
– Develop signatures for known steganographic tools, e.g. in LSB method, expect local homogeneity
– When content is encrypted, the message should have a high entropy (“white noise”)
– Promising results: high detection rates
Decoding: recover hidden message– No significant work in this area !
Prevention: destroy or remove a hidden message– Most steganographies not robust to image alterations– Short messages (e.g. copyright) can be encoded
redundantly and survive an alternation
![Page 14: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/14.jpg)
14
Steganography (Summary)
Steganography is arguably weaker than cryptography because the information is revealed once the message is intercepted
On the other hand, an encrypted message that is not hidden may attract attention, and in some cases may itself incriminate the messenger
In any event, steganography can be used in conjunction with cryptography
![Page 15: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/15.jpg)
15
History of Cryptography
Main source: “The Code Book” / Singh
![Page 16: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/16.jpg)
16
Cryptography In Cryptography, the meaning of the message is hidden, not
its existence– Kryptos = “hidden” in Greek
Historically, and also today, encryption involves– transposition of letters
• Sparta’s scytale is first cryptographic device (5th Century BC)– Message written on a leather strip, which is then unwound to scramble the
message
– substitution• Hebrew ATBASH (אתבש)• Kama-Sutra suggests that women learn to encrypt their love messages by
substituting pre-paired letters (4th Century AD)• Cipher – replace letters• Code – replace words
![Page 17: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/17.jpg)
17
Monoalphabetic Ciphers Caesar Shift Cipher
– Each letter substituted by shifting n=3 places• E X A M P L E• H A D P S O H
– Only 25 such ciphers
Jefferson wheel implementation– Set the message across the wheels– Select another line (in random) as cipher
Substitution based on key phrase– Substitution key consists of phrase’s letters (uniquely) followed by rest of the
alphabet in order• Phrase: THIS IS ALICE AND BOB’S KEY• Key: THISALCENDBOKY-FGJMPQRUVWXZ
– 26! (roughly 1026) monoalphabetic substitution ciphers
![Page 18: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/18.jpg)
18
Breaking Monoalphabetic Ciphers The Arabs broke monoalphabetic substitution using frequency
analysis– In English (Source: Beker & Piper)
– Thus, letters ciphering e, t, and a are easily discovered– Subsequently can look for the rest of the letters and letter pairs
a 8.2% j 0.2 s 6.3
b 1.5 k 0.8 t 9.1
c 2.8 l 4.0 u 2.8
d 4.3 m 2.4 v 1.0
e 12.7 n 6.7 w 2.4
f 2.2 o 7.5 x 0.2
g 2.0 p 1.9 y 2.0
h 6.1 q 0.1 z 0.1
i 7.0 r 6.0
![Page 19: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/19.jpg)
19
Homophonic Substitution Homophonic substitution cipher can be used to
foil frequency analysis– Keyed 2-digit substitution
– Reverse frequency
A B C D E F G H I J K L M N O P Q R S T U V W X Y/Z
T 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 00 01 02 03 04 05H 43 44 45 46 47 48 49 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42E 71 72 73 74 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70K 90 91 92 93 94 95 96 97 98 99 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 00 01 02 03 04 68 0543 44 45 46 47 48 49 25 26 29 30 31 32 33 35 36 37 38 40 8771 73 74 50 53 54 57 59 60 63 64 65 6690 93 94 97 98 76 78 79 82 83 8472 51 56 58 61 34 39 86 4291 95 81 77 80 62 67 88 7092 52 85 8975 96 41
27 69559928
![Page 20: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/20.jpg)
20
Vigenere Polyalphabetic Cipher Vigenere’s polyalphabetic cipher (19th century) generalizes
Caesar’s shift cipher– Use keyword to select encrypting rows
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A A B C D E F G H I J K L M N O P Q R S T U V W X Y ZB B C D E F G H I J K L M N O P Q R S T U V W X Y Z AC C D E F G H I J K L M N O P Q R S T U V W X Y Z A BD D E F G H I J K L M N O P Q R S T U V W X Y Z A B CE E F G H I J K L M N O P Q R S T U V W X Y Z A B C DF F G H I J K L M N O P Q R S T U V W X Y Z A B C D EG G H I J K L M N O P Q R S T U V W X Y Z A B C D E FH H I J K L M N O P Q R S T U V W X Y Z A B C D E F GI I J K L M N O P Q R S T U V W X Y Z A B C D E F G HJ J K L M N O P Q R S T U V W X Y Z A B C D E F G H IK K L M N O P Q R S T U V W X Y Z A B C D E F G H I JL L M N O P Q R S T U V W X Y Z A B C D E F G H I J KM M N O P Q R S T U V W X Y Z A B C D E F G H I J K LN N O P Q R S T U V W X Y Z A B C D E F G H I J K L MO O P Q R S T U V W X Y Z A B C D E F G H I J K L M NP P Q R S T U V W X Y Z A B C D E F G H I J K L M N OQ Q R S T U V W X Y Z A B C D E F G H I J K L M N O PR R S T U V W X Y Z A B C D E F G H I J K L M N O P SS S T U V W X Y Z A B C D E F G H I J K L M N O P Q RT T U V W X Y Z A B C D E F G H I J K L M N O P Q R SU U V W X Y Z A B C D E F G H I J K L M N O P Q R S TV V W X Y Z A B C D E F G H I J K L M N O P Q R S T UW W X Y Z A B C D E F G H I J K L M N O P Q R S T U VX X Y Z A B C D E F G H I J K L M N O P Q R S T U V WY Y Z A B C D E F G H I J K L M N O P Q R S T U V W XZ Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
Vigenere Tableau
The Vigenere cipher is not amenable to simple frequency analysis
Actually invented earlier (16th century)
Called “The Unbreakable Cipher”
![Page 21: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/21.jpg)
21
Babbage breaks Vigenere Cipher Babbage broke Vigenere’s Cipher (1854, Crimean war)
– Stage 1: Discover key length• Look for repeated sequences, and measure their distance
• The key length is a factor of these distances
– Stage 2: Identify the key itself• Compare distributions for each of the key letters with the standard
distribution, to identify the shift
Babbage could not publish his work– Similar techniques developed independently by Kasiski (a
Prussian officer); Kerckhoff (French cryptographer)
Check out an applet that breaks Vigenere: http://math.ucsd.edu/~crypto/java/EARLYCIPHERS/Vigenere.html
![Page 22: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/22.jpg)
22
Historical Coding Louis XIV’s Great Cipher (Rossignols) used one symbol
(3-digit number) per syllable (held 200 years) Mary Queen of Scots used a combination of cipher and
coded words– Referred to as a nomenclature because many codes were for names
e.g,
US Army used Navajo language as code in WWII
![Page 23: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/23.jpg)
23
Transposition Ciphers
Railfence: TRHCEEIETGSSMAIAEASS
Redfence (by key): IETGIAESHCEESSMATRSS
Columnar– IEEIRSHSMESCSTATGSEA
T 5 T RH 3 H C E EE 1 I E T GK 4 S S M AE 2 I A E SY 6 S S
T H E K E Y5 3 1 4 2 6
T H I S I SA S E C R ET M E S S AG E
![Page 24: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/24.jpg)
24
Unbreakable Encryption One time pads
– Sender and receiver use a pre-arranged random stream of letters– Encryption=addition modulo 26
• XOR when binary
– Every letter in the key used only once
One time pads provide for the only perfectly secure encryption algorithms– All the rest are only computationally secure– Used by Soviet spies, and also for US-USSR hotline
Requires significant logistical effort and coordination Relies on randomness of key
M E S S A G ET H I S K E Y
F L A K K K C
![Page 25: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/25.jpg)
25
Summary of Historical Crypto Encryption Algorithms and Keys
– Substitution : letters (bits), words– Transposition
Decryption Algorithms– Reversed process– Require knowledge of the algorithm and the key
Cryptanalysis– Identify algorithm– Obtain as many plaintext-ciphertext pairs– Use systematicity (patterns)– Use hints (cribs)
![Page 26: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/26.jpg)
26
Modern Cryptography
Main source: Network Security Essentials / Stallings
![Page 27: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/27.jpg)
27
1. The system must be substantially, if not mathematically, undecipherable;
2. The system must not require secrecy and can be stolen by the enemy without causing trouble;
3. It must be easy to communicate and remember the keys without requiring written notes, it must also be easy to change or modify the keys with different participants;
4. The system ought to be compatible with telegraph communication; 5. The system must be portable, and its use must not require more than
one person; 6. Finally, regarding the circumstances in which such system is applied,
it must be easy to use and must neither require stress of mind nor the knowledge of a long series of rules.
Kerckhoffs PrinciplesSystem + Keys
August Kerckhoffs, Journal of Military Science, 1883
![Page 28: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/28.jpg)
28
The German Enigma Invented as a commercial machine (Scherbius), and
failed– Electrical typewriter-like encryption machine– Each keystroke lights a letter
Performing substitutions– Letter-pairs are switched– Pulse goes through scramblers– Hits reflector and goes back
Original Enigma (M3) based on commercial version– Reconfigurable 6 swapped letter-pairs – 3 rotating scramblers (263 orientations)– scramblers can be configured in 6 (3!) ways– Later, up to 5 scramblers to choose from
Theoretical key space = a total of 1017 combinations
Used extensively by Germans in WW2
![Page 29: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/29.jpg)
29
Poles Crack the Enigma Polish obtained an Enigma from a German spy (1933)
– Hans-Thilo Schmidt sold to French intelligence Obtained information on its usage
– daily code book indicated rotors and orientation– a different orientation key for each message
Rejewski focused on the repetitions– Message key encrypted twice in the message header– Formalized relationships between 1st-4th ,2nd-5th, and 3rd-6th letters
• ABCDEFGHIJKLMNOPQRSTUVWXYZ• FQHPLWOGBMVRXUYCZITNJEASDK
– Built chains• (AFW), (BQZKVELRI), (CHGOYDP), (JMXSTNU)
– Chains depend only on scrambler orientation, not on pairs swaps• Thus need to consider only 3! x 263 = 105456 configurations
– Built a catalog of characteristic chains for all configurations
![Page 30: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/30.jpg)
30
Poles Crack the Enigma Rejewski’s algorithm to discover the day key
– First, use catalog to identify the scrambler setting and orientation
– Then, run the ciphertext through an Enigma and look at the text to identify swapped letter pairs
Bombe machines were constructed to mechanize the search
![Page 31: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/31.jpg)
31
British Crack Improved Enigma In 1939, Germans increased Enigma security
– Navy admiral added 2 extra scramblers to choose from – 10x arrangements (5 choose 3, times the 3! orderings)
– Hitler used a more complex version – Lorenz Cipher– increased to 10 letter pair swaps
British (Bletchley Park) continued where the Polish left– Recruited best Mathematicians (Turing) and large staff (7000)– Did not make much progress until received Bombes from Polish
Used human weaknesses. Provided hints and cribs– Trivial message keys (key sequences, names initials)– Artificial restrictions on scramblers selection/orientation– Standard messages (weather) sent with 4th scrambler neutralized– Some German codebooks were captured
![Page 32: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/32.jpg)
32
British Crack Improved Enigma Turing built swap-independent chains (a la Rejewski)
– First British Bombe (Victory) delivered in 1940– Search still required significant human help
In 1942, Germans add 4th active scrambler (M4)– Bletchley Park could not decipher M4’s messages for 10 months
Could only break it when info was captured in u-boats– Captured machines, rotors, weather manuals, providing cribs
Later in the war, US Navy also constructed even faster and more sophisticated bombes– Japanese used PURPLE, a machine modeled after Enigma– Pearl Harbor Attack was broken hours before the attack
The British ULTRA – broken German, Italian and Japanese communications were crucial to winning the war
![Page 33: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/33.jpg)
33
A General Model of Cryptography
Main source: Network Security Essentials / Stallings
![Page 34: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/34.jpg)
34
Modern Encryption Principles An encryption scheme has 5 ingredients
– Plaintext, Encryption Algorithm, Key, Ciphertext, and Decryption Algorithm
– Security depends on secrecy of the key, not algorithm• Recall Kerckhoff
![Page 35: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/35.jpg)
35
Notation
M, or P will usually denote the plaintext message C will usually denote the ciphertext K will usually denote a key Ek(M)=C is the encryption function
Dk(C)=M is the decryption function
Dk(Ek(M))=M represents the typical flow
![Page 36: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/36.jpg)
36
Cryptographic Protocols
Self enforcing protocols Arbitrated protocols
– Trusted third party helps in real time
Adjudicated protocols– Trusted third party, but only if needed and after the fact
Self enforcing protocols Self enforcing protocols Arbitrated protocols
– Trusted third party helps in real time
![Page 37: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/37.jpg)
37
Attacks Against Cryptographic Protocols (Not the Algorithms) Passive attacks (eavesdropping)
– Cryptanalysis
– Traffic analysis
Active attacks– Impersonation
– Interruption / denial
– Modification of messages
– Fabrication of new messages
– Replay / Reflect messages
“man-in-the-middle” is a common tactic in active attacks
![Page 38: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/38.jpg)
38
Cryptographic Algorithms Typology
Type of operations applies to plaintext– Substitution and transposition
Type of key(s)– Symmetric : same key: Dk(Ek(M))=M – Asymmetric, Public-Key : Dk2(Ek1(M))=M
How plaintext is processed into ciphertext– Which operations– How many operations– How the operations are combined– Block ciphers, Stream ciphers
![Page 39: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/39.jpg)
39
Cryptanalysis: Attacks against Cryptographic Algorithms Ciphertext only
– Uses only knowledge of algorithm and ciphertext
Known plaintext– Uses one or more plain-ciphertext pairs
– Or, probable words: dictionary, known formats, etc.
Chosen text– Chosen to reveal information about the key
– Chosen plaintext and its ciphertext• Differential chosen plaintext
• Adaptive chosen plaintext
– Chosen ciphertext and its original plaintext• Mostly against public-keys
![Page 40: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/40.jpg)
40
Computationally Secure Encryption Encryption scheme is computationally secure if
– The cost of breaking the cipher exceeds the value of the encrypted information; or
– The time required to break the cipher exceeds the useful lifetime of the information
Most schemes that we will discuss are not unbreakable in principle, but are computationally secure
Rely on lack of knowledge of effective algorithms for certain hard problems, not on a proven inexistence of ones– E.g., factorization, discrete logarithms, or square roots mod p
Rely on very large key-space, impregnable to brute force
![Page 41: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/41.jpg)
41
Shannon’s Theory of Secrecy Cryptanalysts try to modify the a priori probabilities of
alternative messages until one emerges
A cryptographic scheme is perfectly secure if knowledge of the ciphertext does not change the odds in favor of any of the possible plaintexts– i.e., the probability function remains uniform
Shannon’s Theory: the key must be at least as large as the message (entropy) and cannot be reused– Message entropy = minimum number of bits needed to express all
possible messages, e.g., English entropy is 1.3 bits per letter– Therefore, the secrecy of a cryptographic scheme depends on its
entropy, i.e. the number of key bits, or the size of the key space
Only the one-time pad achieves perfect secrecy
![Page 42: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/42.jpg)
42
Shannon’s Diffusion and Confusion Principles In the lack of perfect security, a cryptographic algorithm
shall at least try to foil statistical attacks– E.g., use frequency of plaintext to rule out or substantially change
the odds of possible cipher texts
Shannon’s Cryptographic Principles:– Diffusion: every letter of plaintext should affect many letters in
ciphertext• Sometimes called avalanche effect
– Confusion: the relationship between plaintext and ciphertext shall be complex
• Many substitutions and transpositions make it difficult to reverse engineer the relationship
Shannon’s principles are the cornerstone of block cipher design
![Page 43: history of cryptography](https://reader036.vdocuments.us/reader036/viewer/2022081413/547322ecb4af9f06488b46f0/html5/thumbnails/43.jpg)
43
Next Classes
First
– Conventional (Symmetric) Cryptography Then
– Public-Key Cryptography