Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Class 20: Running Time                cs1120 Fall 2011                David Evans                7 October 2011
Image by Jonathan Mak   2
3
Next House, MIT                  4
Whole Earth Epilog, 1974                           “On the back cover of their                           final issue was a...
Turing Machines    One of the deep mysteries to me is our logo, the    symbol of lust and knowledge, bitten into, all    c...
Last Class: TM for Unary >Input:    1a>1b#Output:   #1 if a > b, #0 otherwise.                                       7
Transition Rules(CrossOne, 1) -> (LookForGT, X, R)    ; found a 1 in a, look for a 1 in b to cross off(CrossOne, >) -> (Wr...
(CrossOne, 1) -> (LookForGT, X, R)                                                              (GoBack, X) -> (GoBack, X,...
Binary >Input:     a>b#Output: #1 if the value a interpreted as a  binary number is greater than the value of b  interpret...
1/1,                                            Look                           1/X,                                       ...
1/1,                                            0/0,                                                                      ...
“Sensible” Algorithm AnalysisWriting TM programs is long and tedious  (and, at least for normal size inputs, does not  cor...
What’s Coming NextChapter 7: CostChapter 8: Searching and Sorting  We’ll do lots of examples in class alsoChapter 9: Mutat...
Breaking Lorenz                  15
One-Time Pad   C=M                             KClaude Shannon, A Mathematical Theory ofCryptography, 1946 (declassified l...
Why perfectly secure?For any given ciphertext, all plaintexts areequally possible.Ciphertext:           J = 01001Key1:    ...
Vernam’s One-Time Pad (1919)A long paper tape with random   letters on it (using Baudot   code)Cannot reuse key – tape mus...
Lorenz CipherBased on the Vernam and Morehouse machines  Used Baudot codeBelieved managing long paper tapes during  wartim...
HQIBPEXEZMUG!May 1941: GCHQ learns about first Fish link (Tunny)     Intercepted unencrypted     Baudot-encoded test messa...
“Two Time” PadAllies have intercepted:    C1 = M1 K1    C2 = M2 K1  Same key used for both (same starting configuration)  ...
“Cribs”Know: C1, C2 (intercepted ciphertext)         C1 C2 = M1 M2Don’t know M1 or M2   Can make some guesses (cribs)     ...
Learning the KeyFrom the 2 intercepted  messages, Col. John Tiltman  worked on guessing cribs to  find M1 and M24000 lette...
Reverse Engineering LorenzMajor G. W. Morgan to Bill Tutte  (recent Chemistry graduate):  “See what you can do with  this....
Lorenz Structure        Main weakness: each step, either all        S wheels turn, or none of them do!                    ...
Intercepting TrafficSet up listening post to intercept traffic from 12  Lorenz (Fish) links  Different links between Berli...
Breaking TrafficKnew machine structure, but a different initial  configuration was used for each messageNeed to determine ...
Recognizing a Good GuessIntercepted Message (divided into 5 channels for  each Baudot code bit)    Zc = z0z1z2z3z4z5z6z7… ...
Double Delta              Zc,i = Zc,i   Zc,i+1Combine two channels:    Z1,i     Z2,i =     M1,i     M2,i > ½ Yippee!      ...
Actual AdvantageProbability of repeating letters  Prob[ M1,i        M2,i = 0] 0.614    3.3% of German digraphs are repeati...
Using the AdvantageIf the guess of X is correct, should see higher than ½   of the double deltas are 0Try guessing differe...
Heath RobinsonDec 1942: Decide to build a   machine to do these s   quickly, due June 1943Apr 1943: first Heath Robinson  ...
ColossusHeath Robinson machines were too slowColossus designed and first built in Jan 1944Replaced keytext tape loop with ...
Colossus Design                   Ciphertext TapeElectronic Keytext       Logic                Tape ReaderGenerator       ...
Impact on WWII10 Colossus machines operated at BletchleyDecoded 63 million letters in Nazi messagesLearned German troop lo...
Colossus HistoryKept secret after the war, all machines destroyed   During WWII                 Rebuilt (Summer 2004)     ...
How could Bletchley Park solve a problem  a quintillion times harder than PS4?                                     38
Poster in RAF Museum                       39
Confronted with the prospectof defeat, the Alliedcryptanalysts had worked nightand day to penetrate Germanciphers. It woul...
ChargeNo problem on your exam is one quintillionth as hard  as breaking Lorenz!      No real fear or adversity should be n...
Lecture20
Upcoming SlideShare
Loading in …5
×

Lecture20

655 views

Published on

Published in: Sports, Technology
  • Be the first to comment

  • Be the first to like this

Lecture20

  1. 1. Class 20: Running Time cs1120 Fall 2011 David Evans 7 October 2011
  2. 2. Image by Jonathan Mak 2
  3. 3. 3
  4. 4. Next House, MIT 4
  5. 5. Whole Earth Epilog, 1974 “On the back cover of their final issue was a photograph of an early morning country road, the kind you might find yourself hitchhiking on if you were so adventurous. Beneath it were the words: “Stay Hungry. Stay Foolish.” It was their farewell message as they signed off. Stay Hungry. Stay Foolish. And I have always wished that for myself.” Steve Job’s 2005 Stanford Commencement Speech 5
  6. 6. Turing Machines One of the deep mysteries to me is our logo, the symbol of lust and knowledge, bitten into, all crossed with the colors of the rainbow in the wrong order. You couldn’t dream a more appropriate logo: lust, knowledge, hope and anarchy. Jean-Louis Gassée 6
  7. 7. Last Class: TM for Unary >Input: 1a>1b#Output: #1 if a > b, #0 otherwise. 7
  8. 8. Transition Rules(CrossOne, 1) -> (LookForGT, X, R) ; found a 1 in a, look for a 1 in b to cross off(CrossOne, >) -> (Write0Out, #, R) ; no more 1s in a, so a <= b(LookForGT, 1) -> (LookForGT, 1, R) ; keep looking(LookForGT, >) -> (LookForB1, >, R) ; found the >(LookForB1, X) -> (LookForB1, X, R) ; keep looking(LookForB1, 1) -> (GoBack, X, L) ; crossed off match, return for next(LookForB1, #) -> (Write1Out, #, R) ; no match, a > b(GoBack, X) -> (GoBack, X, L) ; keep looking for >(GoBack, >) -> (Reset, >, L) ; now, look for the rightmost X(Reset, 1) -> (Reset, 1, L) ; keep looking for X(Reset, X) -> (CrossOne, X, R) ; found it!(Write0Out, *) -> (Halt, 0, HALT)(Write1Out, *) -> (Halt, 1, HALT) 8
  9. 9. (CrossOne, 1) -> (LookForGT, X, R) (GoBack, X) -> (GoBack, X, L)(CrossOne, >) -> (Write0Out, #, R) (GoBack, >) -> (Reset, >, L)(LookForGT, 1) -> (LookForGT, 1, R) (Reset, 1) -> (Reset, 1, L)(LookForGT, >) -> (LookForB1, >, R) (Reset, X) -> (CrossOne, X, R)(LookForB1, X) -> (LookForB1, X, R) 1/1, (Write0Out, *) -> (Halt, 0, HALT)(LookForB1, 1) -> (GoBack, X, L) (Write1Out, *) -> (Halt, 1, HALT)(LookForB1, #) -> (Write1Out, #, R) Look 1/X, X/X, For Look GT >/>, For Cross B1 Start #/#, One 1/X, >/>, Reset Go >/#, X/X, Back Write 1 Out Write 1/1, X/X, 0 Out /0,Halt /1,Halt HALT 9
  10. 10. Binary >Input: a>b#Output: #1 if the value a interpreted as a binary number is greater than the value of b interpreted as a binary number, #0 otherwise. 10
  11. 11. 1/1, Look 1/X, X/X, For Look GT >/>, For Cross B1Start #/#, One 1/X, >/>, Reset Go >/#, X/X, Back Write 1 Out Write 1/1, X/X, 0 Out /0,Halt /1,Halt HALT 11
  12. 12. 1/1, 0/0, X/X, Look Look For >/>, For #/#, GT-0 B-0 1/1, 1/X, 0/0, 0/X, 0/X, Look 1/X, X/X, For Look GT >/>, For Cross B1Start #/#, One >/>, 1/X, Reset Go >/#, X/X, Back Write 1 Out Write 1/1, X/X, /1,Halt 0 Out /0,Halt Lots more changes needed… but you get the idea HALT 12
  13. 13. “Sensible” Algorithm AnalysisWriting TM programs is long and tedious (and, at least for normal size inputs, does not correspond well to what a real machine does for simple operations)Common Simplifying Assumptions Arithmetic operations are constant time This is true if numbers are bounded Cannot be true for arbitrarily large numbers 13
  14. 14. What’s Coming NextChapter 7: CostChapter 8: Searching and Sorting We’ll do lots of examples in class alsoChapter 9: Mutation (PS5)Chapter 10: Objects (PS6) Ways to program more expressively 14
  15. 15. Breaking Lorenz 15
  16. 16. One-Time Pad C=M KClaude Shannon, A Mathematical Theory ofCryptography, 1946 (declassified later): Provedthat a one-time pad is a perfect cipher! Frank Miller 1882 PS4, Question 3! 16
  17. 17. Why perfectly secure?For any given ciphertext, all plaintexts areequally possible.Ciphertext: J = 01001Key1: I = 00110Plaintext1: 01111 = KKey2: L = 10010Plaintext2: = 11011 = shift
  18. 18. Vernam’s One-Time Pad (1919)A long paper tape with random letters on it (using Baudot code)Cannot reuse key – tape must be very long! This has 6 holes per letter (not Baudot code)
  19. 19. Lorenz CipherBased on the Vernam and Morehouse machines Used Baudot codeBelieved managing long paper tapes during wartime was too difficultMachine generates key sequence If two machines start in same configuration, same key sequence Will not repeat for ~ 1019 letters All words ever written by all humans is 1018 letters
  20. 20. HQIBPEXEZMUG!May 1941: GCHQ learns about first Fish link (Tunny) Intercepted unencrypted Baudot-encoded test messagesAugust 30, 1941: GCHQ Today (not what it looked like in 1941!) Operator retransmits failed message with same starting configuration Gets lazy and uses some abbreviations, makes some SPRUCHNUMMER/SPRUCHNR (Serial Number) mistakes 21
  21. 21. “Two Time” PadAllies have intercepted: C1 = M1 K1 C2 = M2 K1 Same key used for both (same starting configuration) 22
  22. 22. “Cribs”Know: C1, C2 (intercepted ciphertext) C1 C2 = M1 M2Don’t know M1 or M2 Can make some guesses (cribs) SPRUCHNUMMER Sometimes allies moved ships, sent out bombers to help the cryptographers get good cribsGiven guess for M1, calculate M2 M2 = C1 C2 M1If M2 seems plausible, calculate key: K1 = M1 C1 = M2 C2 23
  23. 23. Learning the KeyFrom the 2 intercepted messages, Col. John Tiltman worked on guessing cribs to find M1 and M24000 letter messagesFound 4000 letter key K1 24
  24. 24. Reverse Engineering LorenzMajor G. W. Morgan to Bill Tutte (recent Chemistry graduate): “See what you can do with this.” (Tiltman’s K1)Found period of 574 = 41 14Six months later new machine structure likely to generate K1 Bill Tutte U. Waterloo (1917-2002) 25
  25. 25. Lorenz Structure Main weakness: each step, either all S wheels turn, or none of them do! 26
  26. 26. Intercepting TrafficSet up listening post to intercept traffic from 12 Lorenz (Fish) links Different links between Berlin and conquered capitals Slightly different coding procedures, and different configurations600 people worked on intercepting traffic 27
  27. 27. Breaking TrafficKnew machine structure, but a different initial configuration was used for each messageNeed to determine wheel setting: Initial position of each of the 12 wheels Needed to try them fast enough to decrypt message while it was still strategically valuable This is what you did for PS4 (except with fewer wheels) 28
  28. 28. Recognizing a Good GuessIntercepted Message (divided into 5 channels for each Baudot code bit) Zc = z0z1z2z3z4z5z6z7… zc, i = mc,i xc,i sc,i Message Key (parts from S-wheels and rest)Look for statistical properties How many of the zc,i’s are 0? ½ (not useful) How many of (zc,i+1 zc,i) are 0? ½ 29
  29. 29. Double Delta Zc,i = Zc,i Zc,i+1Combine two channels: Z1,i Z2,i = M1,i M2,i > ½ Yippee! X1,i X2,i = ½ (key) S1,i S2,i > ½ Yippee! Why is M1,i M2,i > ½ Message is in German, more likely following letter is a repetition than random Why is S1,i S2,i > ½ S-wheels only turn when M-wheel is 1 30
  30. 30. Actual AdvantageProbability of repeating letters Prob[ M1,i M2,i = 0] 0.614 3.3% of German digraphs are repeatingProbability of repeating S-keys Prob[ S1,i S2,i = 0] ~ 0.73Prob[ Z1,i Z2,i X1,i X2,i = 0] = 0.614 * 0.73 + (1-0.614) * (1-0.73) M and S are 0 M and S are 1 = 0.55 if the wheel settings guess is correct (0.5 otherwise) 31
  31. 31. Using the AdvantageIf the guess of X is correct, should see higher than ½ of the double deltas are 0Try guessing different configurations to find highest number of 0 double deltasProblem: # of double delta operations to try one config = length of Z * length of X = for 10,000 letter message 1271 settings * 7 per double delta = 89 M operations 32
  32. 32. Heath RobinsonDec 1942: Decide to build a machine to do these s quickly, due June 1943Apr 1943: first Heath Robinson machine is delivered!Intercepted ciphertext on tape: 2000 characters per second (12 miles per hour) Needed to perform 7 operations each ½ ms Heath Robinson, British Cartoonist (1872-1944) 33
  33. 33. ColossusHeath Robinson machines were too slowColossus designed and first built in Jan 1944Replaced keytext tape loop with electronic keytext generatorSpeed up ciphertext tape: 5,000 chars per second = 30 mph Perform 5 double deltas simultaneously Speedup = 2.5X for faster tape 5X for parallelism 34
  34. 34. Colossus Design Ciphertext TapeElectronic Keytext Logic Tape ReaderGenerator Counter Position Counter Printer 35
  35. 35. Impact on WWII10 Colossus machines operated at BletchleyDecoded 63 million letters in Nazi messagesLearned German troop locations to plan D-Day 36
  36. 36. Colossus HistoryKept secret after the war, all machines destroyed During WWII Rebuilt (Summer 2004) 37
  37. 37. How could Bletchley Park solve a problem a quintillion times harder than PS4? 38
  38. 38. Poster in RAF Museum 39
  39. 39. Confronted with the prospectof defeat, the Alliedcryptanalysts had worked nightand day to penetrate Germanciphers. It would appear thatfear was the main driving force,and that adversity is one of thefoundations of successfulcodebreaking. Simon Singh, The Code Book 40
  40. 40. ChargeNo problem on your exam is one quintillionth as hard as breaking Lorenz! No real fear or adversity should be necessary to solve the exam problems.Exam 1: Out Now Due at beginning of class WednesdayStay Hungry! Stay Foolish! Watch or read Steve Jobs’ Commencement Speech 41

×