Your SlideShare is downloading. ×
0
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Classical cryptography1
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Classical cryptography1

281

Published on

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
281
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Unconditional security would be nice, but the only known such cipher is the one-time pad (later). For all reasonable encryption algorithms, have to assume computational security where it either takes too long, or is too expensive, to bother breaking the cipher.
  • With a caesar cipher, there are only 26 possible keys, of which only 25 are of any use, since mapping A to A etc doesn't really obscure the message! Note this basic rule of cryptanalysis "check to ensure the cipher operator hasn't goofed and sent a plaintext message by mistake"!
    Can try each of the keys (shifts) in turn, until can recognise the original message. See Stallings Fig 2.3 for example of search.
    Note: as mentioned before, do need to be able to recognise when have an original message (ie is it English or whatever). Usually easy for humans, hard for computers. Though if using say compressed data could be much harder.
    Example "GCUA VQ DTGCM" when broken gives "easy to break", with a shift of 2 (key C).
  • With only 25 possible keys, the Caesar cipher is far from secure. A dramatic increase in the key space can be achieved by allowing an arbitrary substitution, where the translation alphabet can be any permutation of the 26 alphabetic characters. A permutation of a finite set of elements S is an ordered sequence of all the elements of S, with each element appearing exactly once. In general, there are n! permutations of a set of n elements.
    See text example of a translation alphabet, and an encrypted message using it.
  • Note that even given the very large number of keys, being 10 orders of magnitude greater than the key space for DES, the monoalphabetic substitution cipher is not secure, because it does not sufficiently obscure the underlying language characteristics.
  • Note that all human languages have varying letter frequencies, though the number of letters and their frequencies varies. Stallings Figure 2.5 shows English letter frequencies. Seberry & Pieprzyk, "Cryptography - An Introduction to Computer Security", Prentice-Hall 1989, Appendix A has letter frequency graphs for 20 languages (most European & Japanese & Malay). Also useful are tables of common two-letter combinations, known as digrams, and three-letter combinations, known as trigrams.
  • The simplicity and strength of the monoalphabetic substitution cipher meant it dominated cryptographic use for the first millenium AD. It was broken by Arabic scientists. The earliest known description is in Abu al-Kindi's "A Manuscript on Deciphering Cryptographic Messages", published in the 9th century but only rediscovered in 1987 in Istanbul, but other later works also attest to their knowledge of the field. Monoalphabetic ciphers are easy to break because they reflect the frequency data of the original alphabet. The cryptanalyst looks for a mapping between the observed pattern in the ciphertext, and the known source language letter frequencies. If English, look for peaks at: A-E-I triple, NO pair, RST triple, and troughs at: JK, X-Z.
    Monoalphabetic ciphers are easy to break because they reflect the frequency data of the original alphabet.
  • Illustrate the process with this example from the text in Stallings section 2.2. Comparing letter frequency breakdown with Figure 2.5, it seems likely that cipher letters P and Z are the equivalents of plain letters e and t, but it is not certain which is which. The letters S, U, O, M, and H are all of relatively high frequency and probably correspond to plain letters from the set {a, h, i, n, o, r, s}. The letters with the lowest frequencies (namely, A, B, G, Y, I, J) are likely included in the set {b, j, k, q, v, x, z}. A powerful tool is to look at the frequency of two-letter combinations, known as digrams. A table similar to Figure 2.5 could be drawn up showing the relative frequency of digrams. The most common such digram is th. In our ciphertext, the most common digram is ZW, which appears three times. So we make the correspondence of Z with t and W with h. Then, by our earlier hypothesis, we can equate P with e. Now notice that the sequence ZWP appears in the ciphertext, and we can translate that sequence as "the." This is the most frequent trigram (three- letter combination) in English, which seems to indicate that we are on the right track. Next, notice the sequence ZWSZ in the first line. We do not know that these four letters form a complete word, but if they do, it is of the form th_t. If so, S equates with a. Only four letters have been identified, but already we have quite a bit of the message. Continued analysis of frequencies plus trial and error should easily yield a solution from this point. The complete plaintext, with spaces added between words, is shown on slide.
  • Consider ways to reduce the "spikyness" of natural language text, since if just map one letter always to another, the frequency distribution is just shuffled. One approach is to encrypt more than one letter at once. The Playfair cipher is an example of doing this, treats digrams in the plaintext as single units and translates these units into ciphertext digrams.
  • The best-known multiple-letter encryption cipher is the Playfair, which treats digrams in the plaintext as single units and translates these units into ciphertext digrams. The Playfair algorithm is based on the use of a 5x5 matrix of letters constructed using a keyword. The rules for filling in this 5x5 matrix are: L to R, top to bottom, first with keyword after duplicate letters have been removed, and then with the remain letters, with I/J used as a single letter. This example comes from Dorothy Sayer's book "Have His Carcase", in which Lord Peter Wimsey solves it, and describes the use of a probably word attack.
  • Plaintext is encrypted two letters at a time,according to the rules as shown. Note how you wrap from right side back to left, or from bottom back to top.
    if a pair is a repeated letter, insert a filler like 'X', eg. "balloon" encrypts as "ba lx lo on"
    if both letters fall in the same row, replace each with letter to right (wrapping back to start from end), eg. “ar" encrypts as "RM"
    if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom), eg. “mu" encrypts to "CM"
    otherwise each letter is replaced by the one in its row in the column of the other letter of the pair, eg. “hs" encrypts to "BP", and “ea" to "IM" or "JM" (as desired)
    Decrypting of course works exactly in reverse. Can see this by working the example pairs shown, backwards.
  • The Playfair cipher is a great advance over simple monoalphabetic ciphers, since there are 26*26=676 digrams (vs 26 letters), so that identification of individual digrams is more difficult. Also,the relative frequencies of individual letters exhibit a much greater range than that of digrams, making frequency analysis much more difficult. The Playfair cipher was for a long time considered unbreakable. It was used as the standard field system by the British Army in World War I and still enjoyed considerable use by the U.S.Army and other Allied forces during World War II. Despite this level of confidence in its security, the Playfair cipher is relatively easy to break because it still leaves much of the structure of the plaintext language intact. A few hundred letters of ciphertext are generally sufficient.
  • The best known, and one of the simplest, such algorithms is referred to as the Vigenère cipher, where the set of related monoalphabetic substitution rules consists of the 26 Caesar ciphers, with shifts of 0 through 25. Each cipher is denoted by a key letter, which is the ciphertext letter that substitutes for the plaintext letter ‘a’, and which are each used in turn, as shown next.
  • The ultimate defense against such a cryptanalysis is to choose a keyword that is as long as the plaintext and has no statistical relationship to it. Such a system was introduced by an AT&T engineer named Gilbert Vernam in 1918. His system works on binary data (bits0 rather than letters. The system can be expressed succinctly as follows: ci = pi XOR ki
    The essence of this technique is the means of construction of the key. Vernam proposed the use of a running loop of tape that eventually repeated the key, so that in fact the system worked with a very long but repeating keyword. Although such a scheme, with a long key, presents formidable cryptanalytic difficulties, it can be broken with sufficient ciphertext, the use of known or probable plaintext sequences, or both.
  • The One-Time Pad is an evolution of the Vernham cipher. An Army Signal Corp officer, Joseph Mauborgne, proposed an improvement using a random key that was truly as long as the message, with no repetitions, which thus totally obscures the original message. It produces random output that bears no statistical relationship to the plaintext. Because the ciphertext contains no information whatsoever about the plaintext, there is simply no way to break the code, since any plaintext can be mapped to any ciphertext given some key.
    The one-time pad offers complete security but, in practice, has two fundamental difficulties:
    There is the practical problem of making large quantities of random keys.
    And the problem of key distribution and protection, where for every message to be sent, a key of equal length is needed by both sender and receiver.
    Because of these difficulties, the one-time pad is of limited utility, and is useful primarily for low-bandwidth channels requiring very high security. The one-time pad is the only cryptosystem that exhibits what is referred to as perfect secrecy.
  • All the techniques examined so far involve the substitution of a ciphertext symbol for a plaintext symbol. A very different kind of mapping is achieved by performing some sort of permutation on the plaintext letters. This technique is referred to as a transposition cipher, and form the second basic building block of ciphers. The core idea is to rearrange the order of basic units (letters/bytes/bits) without altering their actual values.
  • The simplest such cipher is the rail fence technique, in which the plaintext is written down as a sequence of diagonals and then read off as a sequence of rows.
    The example message is: "meet me after the toga party" with a rail fence of depth 2.
    This sort of thing would be trivial to cryptanalyze.
  • Have seen that ciphers based on just substitutions or transpositions are not secure, and can be attacked because they do not sufficient obscure the underlying language structure
    So consider using several ciphers in succession to make harder.
    A substitution followed by a transposition is known as a Product Cipher, and makes a new much more secure cipher, and forms the bridge to modern ciphers.
  • Transcript

    • 1. CRYPTOSYSTEMS &CRYPTOSYSTEMS & AUTHENTICATIONAUTHENTICATION Classical Cryptography-Substitution Ciphers-permutation Ciphers-Block Ciphers-DES Modes of Operation- AES- Linear Cryptanalysis, Differential Cryptanalysis- Hash Function -SHA 512- Message Authentication Codes- HMAC - Authentication Protocols UNIT II
    • 2. Objectives 0To introduce basic concepts & terminology of encryption 0To prepare us for studying modern cryptography IFETCE/M.E CSE/NE7202-NIS/Unit 2 2
    • 3. Overview 0 Cryptography 0 Basic Terminology 0 Classical Cryptography 0 Substitution 0 Transposition 0 Product IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-3
    • 4. What is Cryptography? 0 The idea of storing and transmitting data in a form that only the authorized parties can interpret. 0 Process of making and using codes to secure transmission of information IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-4
    • 5. Cryptography 0 Can be characterized by: 0 type of encryption operations used 0 substitution / transposition / product 0 number of keys used 0 single-key or private / two-key or public 0 way in which plaintext is processed 0 block / stream IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-5
    • 6. Basic terminology 0 Plaintext: original message to be encrypted 0 Ciphertext: the encrypted message 0 Enciphering or encryption: the process of converting plaintext into ciphertext 0 Encryption algorithm: performs encryption 0 Two inputs: a plaintext and a secret key IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-6
    • 7. Basic terminology 0 Deciphering or decryption: recovering plaintext from ciphertext 0 Decryption algorithm: performs decryption 0 Two inputs: ciphertext and secret key 0 Secret key: same key used for encryption and decryption 0 Also referred to as a symmetric key IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-7
    • 8. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-8
    • 9. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-9
    • 10. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-10
    • 11. Cryptanalysis 0 Opponent whose goal is to break cryptosystem is the adversary 0 Objective: to recover the plaintext of a ciphertext or, more typically, to recover the secret key. 0 Kerkhoff’s principle: adversary knows algorithm used, but not key 0 Two general approaches: 0 brute-force attack 0 non-brute-force attack (cryptanalytic attack) IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-11
    • 12. Brute-Force Attack 0 Try every key to decipher the ciphertext. 0 On average, need to try half of all possible keys 0 Time needed proportional to size of key space Key Size (bits) Number of Alternative Keys Time required at 1 decryption/µs Time required at 106 decryptions/µs 32 232 = 4.3 × 109 231 µs = 35.8 minutes 2.15 milliseconds 56 256 = 7.2 × 1016 255 µs = 1142 years 10.01 hours 128 2128 = 3.4 × 1038 2127 µs = 5.4 × 1024 years 5.4 × 1018 years 168 2168 = 3.7 × 1050 2167 µs = 5.9 × 1036 years 5.9 × 1030 years 26 characters (permutation) 26! = 4 × 1026 2 × 1026 µs = 6.4 × 1012 years 6.4 × 106 years
    • 13. Cryptanalytic Attacks 0 Classified by how much information needed by the attacker 0 Three types of attacks: 0 Ciphertext only: adversary has only ciphertext; goal is to find plaintext, possibly key. 0 Known plaintext: adversary has ciphertext, corresponding plaintext; goal is to find key 0 Chosen plaintext: adversary may supply plaintexts and obtain corresponding ciphertext; goal is to find key 0 Chosen-ciphertext attack: adversary may choose ciphertext and corresponding decrypted plaintext ; goal is to find key IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-13
    • 14. Ciphertext-only attack 0 Given: a ciphertext c 0 Q: what is the plaintext m? 0 An encryption scheme is completely insecure if it cannot resist ciphertext-only attacks. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-14
    • 15. Known-plaintext attack 0 Given: (m1,c1), (m2,c2), …, (mk,ck) and a new ciphertext c. 0 Q: what is the plaintext of c? 0 Q: what is the secret key in use? IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-15
    • 16. Chosen-plaintext attack 0 Given: (m1,c1), (m2,c2), …, (mk,ck), where m1,m2, …, mk are chosen by the adversary; and a new ciphertext c. 0 Q: what is the plaintext of c, or what is the secret key? IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-16
    • 17. Chosen-Plaintext Attack Crook #1 changes his PIN to a number of his choice cipher(key,PIN) PIN is encrypted and transmitted to bank Crook #2 eavesdrops on the wire and learns ciphertext corresponding to chosen plaintext PIN … repeat for any PIN value
    • 18. Chosen-ciphertext attack 0 Given: (m1,c1), (m2,c2), …, (mk,ck), where c1,c2, …, ck are chosen by the adversary; and a new ciphertext c. 0 Q: what is the plaintext of c, or what is the secret key? IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-18
    • 19. Basis for Attacks 0 Mathematical attacks 0 Based on analysis of underlying mathematics 0 Statistical attacks 0 Make assumptions about the distribution of letters, pairs of letters (digrams), triplets of letters (trigrams), etc. 0 Called models of the language 0 Examine ciphertext, correlate properties with the assumptions. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-19
    • 20. Statistical Attack 0 Compute frequency of each letter in ciphertext: G 0.1 H 0.1 K 0.1 O 0.3 R 0.2 U 0.1 Z 0.1 0 Apply 1-gram model of English 0 Frequency of characters (1-grams) in English is on next slide IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-20
    • 21. Cryptology CRYPTOLOGY CRYPTOGRAPHY CRYPTANALYSIS Private Key (Secret Key) Public Key Block Cipher Stream Cipher Integer Factorization Discrete Logarithm
    • 22. More Definitions 0 Unconditional security 0 no matter how much computer power is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext 0 Computational security 0 given limited computing resources (eg time needed for calculations is greater than age of universe), the cipher cannot be broken
    • 23. Cryptosystem 0 Quintuple (E, D, M, K, C) 0 M set of plaintexts 0 K set of keys 0 C set of ciphertexts 0 E set of encryption functions e: M × K → C 0 D set of decryption functions d: C × K → M IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-23
    • 24. Example 0 Example: Cæsar cipher 0 M = { sequences of letters } 0 K = { i | i is an integer and 0 ≤ i ≤ 25 } 0 E = { Ek | k ∈ K and for all letters m, Ek(m) = (m + k) mod 26 } 0 D = { Dk | k ∈ K and for all letters c, Dk(c) = (26 + c – k) mod 26 } 0 C = M IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-24
    • 25. Ciphers 0Symmetric cipher: same key used for encryption and decryption 0 Block cipher: encrypts a block of plaintext at a time (typically 64 or 128 bits) 0 Stream cipher: encrypts data one bit or one byte at a time 0Asymmetric cipher: different keys used for encryption and decryption IFETCE/M.E CSE/NE7202-NIS/Unit 2 25
    • 26. Classical Cryptography 0Sender, receiver share common key 0 Keys may be the same, or trivial to derive from one another 0 Sometimes called symmetric cryptography 0Two basic types 0 Transposition ciphers 0 Substitution ciphers 0 Combinations are called product ciphers IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-26
    • 27. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-27
    • 28. Classical Ciphers 0 Plaintext is viewed as a sequence of elements (e.g., bits or characters) 0 Substitution cipher: replacing each element of the plaintext with another element. 0 Transposition (or permutation) cipher: rearranging the order of the elements of the plaintext. 0 Product cipher: using multiple stages of substitutions and transpositions IFETCE/M.E CSE/NE7202-NIS/Unit 2 28
    • 29. Substitution Ciphers 0 Change characters in plaintext to produce ciphertext 0 Monoalphabetic Substitution 0 Each plaintext character is mapped onto a unique character of a ciphertext. 0 Polyalphabetic Substitution 0 Each plaintext character can be mapped onto m alphabetic characters of a ciphertext. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-29
    • 30. Monoalphabetic Ciphers 0 Shift Cipher(Ceaser) 0 Substitution Cipher 0 Playfair Cipher 0 Affine Cipher 0 Hill Cipher IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-30
    • 31. 1.Caesar Cipher 0 Earliest known substitution cipher 0 Invented by Julius Caesar 0 Each letter is replaced by the letter three positions further down the alphabet. Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C 0 Example: ohio state  RKLR VWDWH IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-31
    • 32. Caesar Cipher 0Mathematically, map letters to numbers: a, b, c, ..., x, y, z 0, 1, 2, ..., 23, 24, 25 0Then the general Caesar cipher is: c = EK(p) = (p + k) mod 26 p = DK(c) = (c – k) mod 26 0Can be generalized with any alphabet. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-32
    • 33. Cryptanalysis of Caesar Cipher 0 Only have 26 possible ciphers 0 A maps to A,B,..Z 0 Could simply try each in turn 0 A brute force search 0 Given ciphertext, just try all shifts of letters 0 Do need to recognize when have plaintext 0 Eg. break ciphertext "GCUA VQ DTGCM" IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-33
    • 34. 2.Monoalphabetic Cipher 0 Shuffle (jumble) the letters arbitrarily 0 Each plaintext letter maps to a different random ciphertext letter 0 Hence key is 26 letters long Plain letters: abcdefghijklmnopqrstuvwxyz Cipher letters: DKVQFIBJWPESCXHTMYAUOLRGZN Plaintext: ifwewishtoreplaceletters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-34
    • 35. Monoalphabetic Cipher Security 0 Now have a total of 26! = 4 x 1026 keys 0 With so many keys, might think is secure 0 But not secure against some cryptanalytic attacks. 0 Problem is language characteristics IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-35
    • 36. Language Statistics and Cryptanalysis 0 Human languages are not random. 0 Letters are not equally frequently used. 0 In English, E is by far the most common letter, followed by T, R, N, I, O, A, S. 0 Other letters like Z, J, K, Q, X are fairly rare. 0 There are tables of single, double & triple letter frequencies for various languages IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-36
    • 37. English Letter Frequencies IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-37
    • 38. Statistics for double & triple letters 0 In decreasing order of frequency 0 Double letters: th he an in er re es on, … 0 Triple letters: the and ent ion tio for nde, … IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-38
    • 39. Use in Cryptanalysis 0 Key concept - monoalphabetic substitution ciphers do not change relative letter frequencies 0 To attack, we 0 calculate letter frequencies for ciphertext 0 compare this distribution against the known one 0 If caesar cipher look for common peaks/troughs 0 peaks at: A-E-I triple, NO pair, RST triple 0 troughs at: JK, X-Z 0 For monoalphabetic must identify each letter 0 tables of common double/triple letters help IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-39
    • 40. Example Cryptanalysis 0 Given ciphertext: UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ 0 Count relative letter frequencies 0 Guess P & Z are e and t 0 Guess ZW is th and hence ZWP is the 0 Proceeding with trial and error finally get: it was disclosed yesterday that several informal but direct contacts have been made with political representatives of the viet cong in moscow IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-40
    • 41. 3.Playfair Cipher Not even the large number of keys in a monoalphabetic cipher provides security One approach to improving security was to encrypt multiple letters Playfair Cipher was invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-41
    • 42. Playfair Key Matrix 0 A 5X5 matrix of letters based on a keyword 0 Fill in letters of keyword 0 Fill rest of matrix with other letters 0 Eg. using the keyword MONARCHY MM OO NN AA RR CC HH YY BB DD EE FF GG I/JI/J KK LL PP QQ SS TT UU VV WW XX ZZ IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-42
    • 43. Encrypting and Decrypting 0Plaintext is encrypted two letters at a time 1. if a pair is a repeated letter, insert filler like 'X’ 2. if both letters fall in the same row, replace each with letter to right (wrapping back to start from end) 3. if both letters fall in the same column, replace each with the letter below it (wrapping to top from bottom) 4. otherwise each letter is replaced by the letter in the same row and in the column of the other letter of the pair IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-43
    • 44. Security of Playfair Cipher 0 Equivalent to a monoalphabetic cipher with an alphabet of 26 x 26 = 676 characters. 0 Security is much improved over the simple monoalphabetic cipher. 0 Widely used for many years eg. by US & British military in WW1 and WW2 0 Once thought to be unbreakable. 0 Actually, it can be broken, because it still leaves some structure of plaintext intact. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-44
    • 45. 4.Affine Ciphers }25,24,,2,1,0{26 =Z 1)26,gcd( =a )( baxy +=
    • 46. The affine cipher uses a pair of keys in which the first key is from 26* and the second is from 26. The size of the key domain is 26 × 12 = 312. Use an affine cipher to encrypt the message “hello” with the key pair (7, 2). Example 3.10 Example
    • 47. 0 If Alice chooses m=26, (a,b)=(7,3) and encrypts the German word “bald” with the affine cipher, what is the ciphertext? Excercise
    • 48. 5.Hill Cipher 0 Takes two or three or more letter combinations to the same size combinations, e.g. “the”  “rqv” 0 Uses simple linear equations 0 An example of a “block” cipher encrypting a block of text at a time 0 Numbered alphabet: a = 0, b = 1, c = 3, etc. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-48
    • 49. Letter to Number Substitution A B C D E F G H I J K L M 0 1 2 3 4 5 6 7 8 9 10 11 12 N O P Q R S T U V W X Y Z 13 14 15 16 17 18 19 20 21 22 23 24 25
    • 50. Modular Inverses of Mod 26 A 1 3 5 7 9 11 15 17 19 21 23 25 A-1 1 9 21 15 3 19 7 23 11 5 17 25 Example – Find the Modular Inverse of 9 for Mod 26 9 · 3 = 27 27 Mod 26 = 1 3 is the Modular Inverse of 9 Mod 26
    • 51. Encryption 0 Assign each letter in alphabet a number between 0 and 25 0 Change message into 2 x 1 letter vectors 0 Change each vector into 2 x 1 numeric vectors 0 Multiply each numeric vector by encryption matrix 0 Convert product vectors to letters
    • 52. Change Message to Vectors Message to encrypt = HELLO WORLD
    • 53. Multiply Matrix by Vectors
    • 54. Convert to Mod 26
    • 55. Convert Numbers to Letters “hello world” has been encrypted to SLHZY ATGZT
    • 56. Decryption 0 Change message into 2 x 1 letter vectors 0 Change each vector into 2 x 1 numeric vectors 0 Multiply each numeric vector by decryption matrix 0 Convert new vectors to letters
    • 57. Change Message to Vectors Ciphertext to decrypt = SLHZYATGZ
    • 58. Multiply Matrix by Vectors
    • 59. Convert to Mod 26
    • 60. Convert Numbers to Letters SLHZYATGZT has been decrypted to “hello world”
    • 61. Exercise C1 9 18 10 p1 C2 = 16 21 1 p2 (mod 26) C3 5 12 23 p3 0 Encrypt the plaintext “pay more money” with the given key
    • 62. Polyalphabetic Substitution Ciphers 0 A sequence of monoalphabetic ciphers (M1, M2, M3, ..., Mk) is used in turn to encrypt letters. 0 A key determines which sequence of ciphers to use. 0 Each plaintext letter has multiple corresponding ciphertext letters. 0 This makes cryptanalysis harder since the letter frequency distribution will be flatter. vc IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-62
    • 63. 1.Vigenère Cipher 0 Simplest polyalphabetic substitution cipher 0 Effectively multiple caesar ciphers 0 Key is multiple letters long K = k1 k2 ... kd 0 ith letter specifies ith alphabet to use 0 Use each alphabet in turn 0 Repeat from start after d letters in message 0 Decryption simply works in reverse IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-63
    • 64. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-64
    • 65. Example of Vigenère Cipher 0 Keyword: deceptive key: deceptivedeceptivedeceptive plaintext: wearediscoveredsaveyourself ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-65
    • 66. Security of Vigenère Ciphers 0 There are multiple ciphertext letters corresponding to each plaintext letter. 0 So, letter frequencies are obscured but not totally lost. 0 To break Vigenere cipher: 1. Try to guess the key length. How? 2. If key length is N, the cipher consists of N Caesar ciphers. Plaintext letters at positions k, N+k, 2N+k, 3N+k, etc., are encoded by the same cipher. 3. Attack each individual cipher as before.IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-66
    • 67. Guessing the Key Length 0 Main idea: Plaintext words separated by multiples of the key length are encoded in the same way. 0 In our example, if plaintext = “…thexxxxxxthe…” then “the” will be encrypted to the same ciphertext words. 0 So look at the ciphertext for repeated patterns. 0 E.g. repeated “VTW” in the previous example suggests a key length of 3 or 9: ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ 0 Of course, the repetition could be a random fluke. 0 Then attack each monoalphabetic cipher individually using same techniques as before IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-67
    • 68. 2.Vernam Cipher/ 0 Ultimate defense is to use a key as long as the plaintext with no statistical relationship to it 0 Invented by AT&T engineer Gilbert Vernam in 1918 0 Originally proposed using a very long but eventually repeating key IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-68
    • 69. Vernam cipher random key bits K1, K2,…, Kn plaintext bits P1, P2,…, Pn + P1 ⊕ K1, P2 ⊕ K2,…, Pn ⊕ Kn ciphertext bits How do you decrypt using the Vernam cipher?
    • 70. Vernam Cipher Example
    • 71. 3.One-Time Pad 0 If a truly random key as long as the message is used, the cipher will be secure 0 Called as One-Time pad 0 It is unbreakable since ciphertext bears no statistical relationship to the plaintext 0 Since for any plaintext & any ciphertext there exists a key mapping one to other 0 Can use the key only once though 0 Problems in generation & safe distribution of key IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-71
    • 72. One-Time Pad 0 The message is represented as a binary string (a sequence of 0’s and 1’s using a coding mechanism such as ASCII coding. 0 The key is a truly random sequence of 0’s and 1’s of the same length as the message. 0 The encryption is done by adding the key to the message modulo 2, bit by bit. This process is often called exclusive or, and is denoted by XOR. The symbol ⊕ is used IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-72
    • 73. Example 0message =‘IF’ 0then its ASCII code =(1001001 1000110) 0key = (1010110 0110001) 0Encryption: 0 1001001 1000110 plaintext 0 1010110 0110001 key 0 0011111 1110110 ciphertext 0Decryption: 0 0011111 1110110 ciphertext 0 1010110 0110001 key 0 1001001 1000110 plaintext
    • 74. 4.Rotor Cipher 0 Before modern ciphers, rotor machines were most common complex ciphers in use. 0 Widely used in WW2. 0 Used a series of rotating cylinders. 0 Implemented a polyalphabetic substitution cipher of period K. 0 With 3 cylinders, K = 263 =17,576. 0 With 5 cylinders, K = 265 =12 x 106 . IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-74
    • 75. Rotor Cipher A three letter word such as “bee” is encrypted as “BCA”.
    • 76. Enigma Machine Originally invented by Sherbius, but was modified by the German army and extensively used during World War II.
    • 77. Enigma Rotor Machine IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-77
    • 78. Transposition Ciphers 0 Also called permutation ciphers. 0 A transposition cipher reorders symbols. 0 Can recognise these since have the same frequency distribution as the original text IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-78
    • 79. 1.Rail Fence cipher 0 Write message letters out diagonally over a number of rows 0 Then read off cipher row by row 0 For example to send the message “Meet me at the park” to Bob, Alice writes 0 Ciphertext MEMATEAKETETHPR IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-79
    • 80. 2.Row Transposition Ciphers 0 Plaintext is written row by row in a rectangle. 0 Ciphertext: write out the columns in an order specified by a key. Key: 3 4 2 1 5 6 7 Plaintext: Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ IFETCE/M.E CSE/NE7202-NIS/Unit 2 a t t a c k p o s t p o n e d u n t i l t w o a m x y z Slide #9-80
    • 81. Example 2
    • 82. • The ciphers are vulnerable to several kinds of ciphertext-only attacks. • Statistical Attack: A transposition cipher does not change the frequency of letters in ciphertext, but dose not preserve the frequency of digrams and trigrams. • Brute-Force Attack: The number of keys can be huge (1! + 2! + … + L!), where L is the length of the ciphertext. A better approach is to guess the number of columns. Transposition Cipher-Cryptanalysis
    • 83. Product Ciphers 0 Ciphers using substitutions or transpositions are not secure because of language characteristics 0 Consider using several ciphers in succession to make harder, but: 0 two substitutions make a more complex substitution 0 two transpositions make more complex transposition 0 Uses a sequence of substitutions and transpositions 0 Harder to break than just substitutions or transpositions 0 This is a bridge from classical to modern ciphers IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-83
    • 84. Stream Ciphers Call the plaintext stream P, the ciphertext stream C, and the key stream K.
    • 85. Block Ciphers • In a block cipher, a group of plaintext symbols of size m (m > 1) are encrypted together creating a group of ciphertext of the same size. • A single key is used to encrypt the whole block even if the key is made of multiple values.
    • 86. Playfair ciphers are block ciphers. The size of the block is m = 2. Two characters are encrypted together. Example 1 Hill ciphers are block ciphers. A block of plaintext, of size 2 or more is encrypted together using a single key (a matrix). In these ciphers, the value of each character in the ciphertext depends on all the values of the characters in the plaintext. Although the key is made of m × m values, it is considered as a single key. Example 2 Block Ciphers
    • 87. Classical to Modern Cryptography 0 Classical cryptography 0 Encryption/decryption done by hand 0 Modern cryptography 0 Computers to encrypt and decrypt 0 Same principles, but automation allows ciphers to become much more complex IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-87
    • 88. Summary 0 Cryptography-Definitions 0 Cryptanalysis 0 Classical Cryptography 0 Substitution 0 Transposition 0 Product 0 Steam cipher 0 Block Cipher IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-88

    ×