Upcoming SlideShare
Loading in …5
×

# Classical cryptography

436 views

Published on

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
• Full Name
Comment goes here.

Are you sure you want to Yes No
Your message goes here
• Be the first to comment

• Be the first to like this

No Downloads
Views
Total views
436
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
• Unconditional security would be nice, but the only known such cipher is the one-time pad (later). For all reasonable encryption algorithms, have to assume computational security where it either takes too long, or is too expensive, to bother breaking the cipher.
• With a caesar cipher, there are only 26 possible keys, of which only 25 are of any use, since mapping A to A etc doesn&amp;apos;t really obscure the message! Note this basic rule of cryptanalysis &amp;quot;check to ensure the cipher operator hasn&amp;apos;t goofed and sent a plaintext message by mistake&amp;quot;!
Can try each of the keys (shifts) in turn, until can recognise the original message. See Stallings Fig 2.3 for example of search.
Note: as mentioned before, do need to be able to recognise when have an original message (ie is it English or whatever). Usually easy for humans, hard for computers. Though if using say compressed data could be much harder.
Example &amp;quot;GCUA VQ DTGCM&amp;quot; when broken gives &amp;quot;easy to break&amp;quot;, with a shift of 2 (key C).
• With only 25 possible keys, the Caesar cipher is far from secure. A dramatic increase in the key space can be achieved by allowing an arbitrary substitution, where the translation alphabet can be any permutation of the 26 alphabetic characters. A permutation of a finite set of elements S is an ordered sequence of all the elements of S, with each element appearing exactly once. In general, there are n! permutations of a set of n elements.
See text example of a translation alphabet, and an encrypted message using it.
• Note that even given the very large number of keys, being 10 orders of magnitude greater than the key space for DES, the monoalphabetic substitution cipher is not secure, because it does not sufficiently obscure the underlying language characteristics.
• Note that all human languages have varying letter frequencies, though the number of letters and their frequencies varies. Stallings Figure 2.5 shows English letter frequencies. Seberry &amp; Pieprzyk, &amp;quot;Cryptography - An Introduction to Computer Security&amp;quot;, Prentice-Hall 1989, Appendix A has letter frequency graphs for 20 languages (most European &amp; Japanese &amp; Malay). Also useful are tables of common two-letter combinations, known as digrams, and three-letter combinations, known as trigrams.
• The simplicity and strength of the monoalphabetic substitution cipher meant it dominated cryptographic use for the first millenium AD. It was broken by Arabic scientists. The earliest known description is in Abu al-Kindi&amp;apos;s &amp;quot;A Manuscript on Deciphering Cryptographic Messages&amp;quot;, published in the 9th century but only rediscovered in 1987 in Istanbul, but other later works also attest to their knowledge of the field. Monoalphabetic ciphers are easy to break because they reflect the frequency data of the original alphabet. The cryptanalyst looks for a mapping between the observed pattern in the ciphertext, and the known source language letter frequencies. If English, look for peaks at: A-E-I triple, NO pair, RST triple, and troughs at: JK, X-Z.
Monoalphabetic ciphers are easy to break because they reflect the frequency data of the original alphabet.
• Illustrate the process with this example from the text in Stallings section 2.2. Comparing letter frequency breakdown with Figure 2.5, it seems likely that cipher letters P and Z are the equivalents of plain letters e and t, but it is not certain which is which. The letters S, U, O, M, and H are all of relatively high frequency and probably correspond to plain letters from the set {a, h, i, n, o, r, s}. The letters with the lowest frequencies (namely, A, B, G, Y, I, J) are likely included in the set {b, j, k, q, v, x, z}. A powerful tool is to look at the frequency of two-letter combinations, known as digrams. A table similar to Figure 2.5 could be drawn up showing the relative frequency of digrams. The most common such digram is th. In our ciphertext, the most common digram is ZW, which appears three times. So we make the correspondence of Z with t and W with h. Then, by our earlier hypothesis, we can equate P with e. Now notice that the sequence ZWP appears in the ciphertext, and we can translate that sequence as &amp;quot;the.&amp;quot; This is the most frequent trigram (three- letter combination) in English, which seems to indicate that we are on the right track. Next, notice the sequence ZWSZ in the first line. We do not know that these four letters form a complete word, but if they do, it is of the form th_t. If so, S equates with a. Only four letters have been identified, but already we have quite a bit of the message. Continued analysis of frequencies plus trial and error should easily yield a solution from this point. The complete plaintext, with spaces added between words, is shown on slide.
• Consider ways to reduce the &amp;quot;spikyness&amp;quot; of natural language text, since if just map one letter always to another, the frequency distribution is just shuffled. One approach is to encrypt more than one letter at once. The Playfair cipher is an example of doing this, treats digrams in the plaintext as single units and translates these units into ciphertext digrams.
• The best-known multiple-letter encryption cipher is the Playfair, which treats digrams in the plaintext as single units and translates these units into ciphertext digrams. The Playfair algorithm is based on the use of a 5x5 matrix of letters constructed using a keyword. The rules for filling in this 5x5 matrix are: L to R, top to bottom, first with keyword after duplicate letters have been removed, and then with the remain letters, with I/J used as a single letter. This example comes from Dorothy Sayer&amp;apos;s book &amp;quot;Have His Carcase&amp;quot;, in which Lord Peter Wimsey solves it, and describes the use of a probably word attack.
• Plaintext is encrypted two letters at a time,according to the rules as shown. Note how you wrap from right side back to left, or from bottom back to top.
if a pair is a repeated letter, insert a filler like &amp;apos;X&amp;apos;, eg. &amp;quot;balloon&amp;quot; encrypts as &amp;quot;ba lx lo on&amp;quot;
if both letters fall in the same row, replace each with letter to right (wrapping back to start from end), eg. “ar&amp;quot; encrypts as &amp;quot;RM&amp;quot;
if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom), eg. “mu&amp;quot; encrypts to &amp;quot;CM&amp;quot;
otherwise each letter is replaced by the one in its row in the column of the other letter of the pair, eg. “hs&amp;quot; encrypts to &amp;quot;BP&amp;quot;, and “ea&amp;quot; to &amp;quot;IM&amp;quot; or &amp;quot;JM&amp;quot; (as desired)
Decrypting of course works exactly in reverse. Can see this by working the example pairs shown, backwards.
• The Playfair cipher is a great advance over simple monoalphabetic ciphers, since there are 26*26=676 digrams (vs 26 letters), so that identification of individual digrams is more difficult. Also,the relative frequencies of individual letters exhibit a much greater range than that of digrams, making frequency analysis much more difficult. The Playfair cipher was for a long time considered unbreakable. It was used as the standard field system by the British Army in World War I and still enjoyed considerable use by the U.S.Army and other Allied forces during World War II. Despite this level of confidence in its security, the Playfair cipher is relatively easy to break because it still leaves much of the structure of the plaintext language intact. A few hundred letters of ciphertext are generally sufficient.
• The best known, and one of the simplest, such algorithms is referred to as the Vigenère cipher, where the set of related monoalphabetic substitution rules consists of the 26 Caesar ciphers, with shifts of 0 through 25. Each cipher is denoted by a key letter, which is the ciphertext letter that substitutes for the plaintext letter ‘a’, and which are each used in turn, as shown next.
• The ultimate defense against such a cryptanalysis is to choose a keyword that is as long as the plaintext and has no statistical relationship to it. Such a system was introduced by an AT&amp;T engineer named Gilbert Vernam in 1918. His system works on binary data (bits0 rather than letters. The system can be expressed succinctly as follows: ci = pi XOR ki
The essence of this technique is the means of construction of the key. Vernam proposed the use of a running loop of tape that eventually repeated the key, so that in fact the system worked with a very long but repeating keyword. Although such a scheme, with a long key, presents formidable cryptanalytic difficulties, it can be broken with sufficient ciphertext, the use of known or probable plaintext sequences, or both.
• The One-Time Pad is an evolution of the Vernham cipher. An Army Signal Corp officer, Joseph Mauborgne, proposed an improvement using a random key that was truly as long as the message, with no repetitions, which thus totally obscures the original message. It produces random output that bears no statistical relationship to the plaintext. Because the ciphertext contains no information whatsoever about the plaintext, there is simply no way to break the code, since any plaintext can be mapped to any ciphertext given some key.
The one-time pad offers complete security but, in practice, has two fundamental difficulties:
There is the practical problem of making large quantities of random keys.
And the problem of key distribution and protection, where for every message to be sent, a key of equal length is needed by both sender and receiver.
Because of these difficulties, the one-time pad is of limited utility, and is useful primarily for low-bandwidth channels requiring very high security. The one-time pad is the only cryptosystem that exhibits what is referred to as perfect secrecy.
• All the techniques examined so far involve the substitution of a ciphertext symbol for a plaintext symbol. A very different kind of mapping is achieved by performing some sort of permutation on the plaintext letters. This technique is referred to as a transposition cipher, and form the second basic building block of ciphers. The core idea is to rearrange the order of basic units (letters/bytes/bits) without altering their actual values.
• The simplest such cipher is the rail fence technique, in which the plaintext is written down as a sequence of diagonals and then read off as a sequence of rows.
The example message is: &amp;quot;meet me after the toga party&amp;quot; with a rail fence of depth 2.
This sort of thing would be trivial to cryptanalyze.
• Have seen that ciphers based on just substitutions or transpositions are not secure, and can be attacked because they do not sufficient obscure the underlying language structure
So consider using several ciphers in succession to make harder.
A substitution followed by a transposition is known as a Product Cipher, and makes a new much more secure cipher, and forms the bridge to modern ciphers.
• ### Classical cryptography

1. 1. CRYPTOSYSTEMS &CRYPTOSYSTEMS & AUTHENTICATIONAUTHENTICATION Classical Cryptography-Substitution Ciphers-permutation Ciphers-Block Ciphers-DES Modes of Operation- AES- Linear Cryptanalysis, Differential Cryptanalysis- Hash Function -SHA 512- Message Authentication Codes- HMAC - Authentication Protocols UNIT II
2. 2. Objectives 0To introduce basic concepts & terminology of encryption 0To prepare us for studying modern cryptography IFETCE/M.E CSE/NE7202-NIS/Unit 2 2
3. 3. Overview 0 Cryptography 0 Basic Terminology 0 Classical Cryptography 0 Substitution 0 Transposition 0 Product IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-3
4. 4. What is Cryptography? 0 The idea of storing and transmitting data in a form that only the authorized parties can interpret. 0 Process of making and using codes to secure transmission of information IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-4
5. 5. Cryptography 0 Can be characterized by: 0 type of encryption operations used 0 substitution / transposition / product 0 number of keys used 0 single-key or private / two-key or public 0 way in which plaintext is processed 0 block / stream IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-5
6. 6. Basic terminology 0 Plaintext: original message to be encrypted 0 Ciphertext: the encrypted message 0 Enciphering or encryption: the process of converting plaintext into ciphertext 0 Encryption algorithm: performs encryption 0 Two inputs: a plaintext and a secret key IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-6
7. 7. Basic terminology 0 Deciphering or decryption: recovering plaintext from ciphertext 0 Decryption algorithm: performs decryption 0 Two inputs: ciphertext and secret key 0 Secret key: same key used for encryption and decryption 0 Also referred to as a symmetric key IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-7
8. 8. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-8
9. 9. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-9
10. 10. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-10
11. 11. Cryptanalysis 0 Opponent whose goal is to break cryptosystem is the adversary 0 Objective: to recover the plaintext of a ciphertext or, more typically, to recover the secret key. 0 Kerkhoff’s principle: adversary knows algorithm used, but not key 0 Two general approaches: 0 brute-force attack 0 non-brute-force attack (cryptanalytic attack) IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-11
12. 12. Brute-Force Attack 0 Try every key to decipher the ciphertext. 0 On average, need to try half of all possible keys 0 Time needed proportional to size of key space Key Size (bits) Number of Alternative Keys Time required at 1 decryption/µs Time required at 106 decryptions/µs 32 232 = 4.3 × 109 231 µs = 35.8 minutes 2.15 milliseconds 56 256 = 7.2 × 1016 255 µs = 1142 years 10.01 hours 128 2128 = 3.4 × 1038 2127 µs = 5.4 × 1024 years 5.4 × 1018 years 168 2168 = 3.7 × 1050 2167 µs = 5.9 × 1036 years 5.9 × 1030 years 26 characters (permutation) 26! = 4 × 1026 2 × 1026 µs = 6.4 × 1012 years 6.4 × 106 years
13. 13. Cryptanalytic Attacks 0 Classified by how much information needed by the attacker 0 Three types of attacks: 0 Ciphertext only: adversary has only ciphertext; goal is to find plaintext, possibly key. 0 Known plaintext: adversary has ciphertext, corresponding plaintext; goal is to find key 0 Chosen plaintext: adversary may supply plaintexts and obtain corresponding ciphertext; goal is to find key 0 Chosen-ciphertext attack: adversary may choose ciphertext and corresponding decrypted plaintext ; goal is to find key IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-13
14. 14. Ciphertext-only attack 0 Given: a ciphertext c 0 Q: what is the plaintext m? 0 An encryption scheme is completely insecure if it cannot resist ciphertext-only attacks. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-14
15. 15. Known-plaintext attack 0 Given: (m1,c1), (m2,c2), …, (mk,ck) and a new ciphertext c. 0 Q: what is the plaintext of c? 0 Q: what is the secret key in use? IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-15
16. 16. Chosen-plaintext attack 0 Given: (m1,c1), (m2,c2), …, (mk,ck), where m1,m2, …, mk are chosen by the adversary; and a new ciphertext c. 0 Q: what is the plaintext of c, or what is the secret key? IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-16
17. 17. Chosen-Plaintext Attack Crook #1 changes his PIN to a number of his choice cipher(key,PIN) PIN is encrypted and transmitted to bank Crook #2 eavesdrops on the wire and learns ciphertext corresponding to chosen plaintext PIN … repeat for any PIN value
18. 18. Chosen-ciphertext attack 0 Given: (m1,c1), (m2,c2), …, (mk,ck), where c1,c2, …, ck are chosen by the adversary; and a new ciphertext c. 0 Q: what is the plaintext of c, or what is the secret key? IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-18
19. 19. Basis for Attacks 0 Mathematical attacks 0 Based on analysis of underlying mathematics 0 Statistical attacks 0 Make assumptions about the distribution of letters, pairs of letters (digrams), triplets of letters (trigrams), etc. 0 Called models of the language 0 Examine ciphertext, correlate properties with the assumptions. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-19
20. 20. Statistical Attack 0 Compute frequency of each letter in ciphertext: G 0.1 H 0.1 K 0.1 O 0.3 R 0.2 U 0.1 Z 0.1 0 Apply 1-gram model of English 0 Frequency of characters (1-grams) in English is on next slide IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-20
21. 21. Cryptology CRYPTOLOGY CRYPTOGRAPHY CRYPTANALYSIS Private Key (Secret Key) Public Key Block Cipher Stream Cipher Integer Factorization Discrete Logarithm
22. 22. More Definitions 0 Unconditional security 0 no matter how much computer power is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext 0 Computational security 0 given limited computing resources (eg time needed for calculations is greater than age of universe), the cipher cannot be broken
23. 23. Cryptosystem 0 Quintuple (E, D, M, K, C) 0 M set of plaintexts 0 K set of keys 0 C set of ciphertexts 0 E set of encryption functions e: M × K → C 0 D set of decryption functions d: C × K → M IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-23
24. 24. Example 0 Example: Cæsar cipher 0 M = { sequences of letters } 0 K = { i | i is an integer and 0 ≤ i ≤ 25 } 0 E = { Ek | k ∈ K and for all letters m, Ek(m) = (m + k) mod 26 } 0 D = { Dk | k ∈ K and for all letters c, Dk(c) = (26 + c – k) mod 26 } 0 C = M IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-24
25. 25. Ciphers 0Symmetric cipher: same key used for encryption and decryption 0 Block cipher: encrypts a block of plaintext at a time (typically 64 or 128 bits) 0 Stream cipher: encrypts data one bit or one byte at a time 0Asymmetric cipher: different keys used for encryption and decryption IFETCE/M.E CSE/NE7202-NIS/Unit 2 25
26. 26. Classical Cryptography 0Sender, receiver share common key 0 Keys may be the same, or trivial to derive from one another 0 Sometimes called symmetric cryptography 0Two basic types 0 Transposition ciphers 0 Substitution ciphers 0 Combinations are called product ciphers IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-26
27. 27. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-27
28. 28. Classical Ciphers 0 Plaintext is viewed as a sequence of elements (e.g., bits or characters) 0 Substitution cipher: replacing each element of the plaintext with another element. 0 Transposition (or permutation) cipher: rearranging the order of the elements of the plaintext. 0 Product cipher: using multiple stages of substitutions and transpositions IFETCE/M.E CSE/NE7202-NIS/Unit 2 28
29. 29. Substitution Ciphers 0 Change characters in plaintext to produce ciphertext 0 Monoalphabetic Substitution 0 Each plaintext character is mapped onto a unique character of a ciphertext. 0 Polyalphabetic Substitution 0 Each plaintext character can be mapped onto m alphabetic characters of a ciphertext. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-29
30. 30. Monoalphabetic Ciphers 0 Shift Cipher(Ceaser) 0 Substitution Cipher 0 Affine Cipher 0 Hill Cipher IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-30
31. 31. 1.Caesar Cipher 0 Earliest known substitution cipher 0 Invented by Julius Caesar 0 Each letter is replaced by the letter three positions further down the alphabet. Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C 0 Example: ohio state  RKLR VWDWH IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-31
32. 32. Caesar Cipher 0Mathematically, map letters to numbers: a, b, c, ..., x, y, z 0, 1, 2, ..., 23, 24, 25 0Then the general Caesar cipher is: c = EK(p) = (p + k) mod 26 p = DK(c) = (c – k) mod 26 0Can be generalized with any alphabet. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-32
33. 33. Cryptanalysis of Caesar Cipher 0 Only have 26 possible ciphers 0 A maps to A,B,..Z 0 Could simply try each in turn 0 A brute force search 0 Given ciphertext, just try all shifts of letters 0 Do need to recognize when have plaintext 0 Eg. break ciphertext "GCUA VQ DTGCM" IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-33
34. 34. 2.Monoalphabetic Cipher 0 Shuffle (jumble) the letters arbitrarily 0 Each plaintext letter maps to a different random ciphertext letter 0 Hence key is 26 letters long Plain letters: abcdefghijklmnopqrstuvwxyz Cipher letters: DKVQFIBJWPESCXHTMYAUOLRGZN Plaintext: ifwewishtoreplaceletters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-34
35. 35. Monoalphabetic Cipher Security 0 Now have a total of 26! = 4 x 1026 keys 0 With so many keys, might think is secure 0 But not secure against some cryptanalytic attacks. 0 Problem is language characteristics IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-35
36. 36. Language Statistics and Cryptanalysis 0 Human languages are not random. 0 Letters are not equally frequently used. 0 In English, E is by far the most common letter, followed by T, R, N, I, O, A, S. 0 Other letters like Z, J, K, Q, X are fairly rare. 0 There are tables of single, double & triple letter frequencies for various languages IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-36
37. 37. English Letter Frequencies IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-37
38. 38. Statistics for double & triple letters 0 In decreasing order of frequency 0 Double letters: th he an in er re es on, … 0 Triple letters: the and ent ion tio for nde, … IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-38
39. 39. Use in Cryptanalysis 0 Key concept - monoalphabetic substitution ciphers do not change relative letter frequencies 0 To attack, we 0 calculate letter frequencies for ciphertext 0 compare this distribution against the known one 0 If caesar cipher look for common peaks/troughs 0 peaks at: A-E-I triple, NO pair, RST triple 0 troughs at: JK, X-Z 0 For monoalphabetic must identify each letter 0 tables of common double/triple letters help IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-39
40. 40. Example Cryptanalysis 0 Given ciphertext: UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ 0 Count relative letter frequencies 0 Guess P & Z are e and t 0 Guess ZW is th and hence ZWP is the 0 Proceeding with trial and error finally get: it was disclosed yesterday that several informal but direct contacts have been made with political representatives of the viet cong in moscow IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-40
41. 41. 3.Playfair Cipher Not even the large number of keys in a monoalphabetic cipher provides security One approach to improving security was to encrypt multiple letters Playfair Cipher was invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-41
42. 42. Playfair Key Matrix 0 A 5X5 matrix of letters based on a keyword 0 Fill in letters of keyword (sans duplicates) 0 Fill rest of matrix with other letters 0 Eg. using the keyword MONARCHY MM OO NN AA RR CC HH YY BB DD EE FF GG I/JI/J KK LL PP QQ SS TT UU VV WW XX ZZ IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-42
43. 43. Encrypting and Decrypting 0Plaintext is encrypted two letters at a time 1. if a pair is a repeated letter, insert filler like 'X’ 2. if both letters fall in the same row, replace each with letter to right (wrapping back to start from end) 3. if both letters fall in the same column, replace each with the letter below it (wrapping to top from bottom) 4. otherwise each letter is replaced by the letter in the same row and in the column of the other letter of the pair IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-43
44. 44. Security of Playfair Cipher 0 Equivalent to a monoalphabetic cipher with an alphabet of 26 x 26 = 676 characters. 0 Security is much improved over the simple monoalphabetic cipher. 0 Widely used for many years eg. by US & British military in WW1 and WW2 0 Once thought to be unbreakable. 0 Actually, it can be broken, because it still leaves some structure of plaintext intact. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-44
45. 45. Polyalphabetic Substitution Ciphers 0 A sequence of monoalphabetic ciphers (M1, M2, M3, ..., Mk) is used in turn to encrypt letters. 0 A key determines which sequence of ciphers to use. 0 Each plaintext letter has multiple corresponding ciphertext letters. 0 This makes cryptanalysis harder since the letter frequency distribution will be flatter. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-45
46. 46. 1.Vigenère Cipher 0 Simplest polyalphabetic substitution cipher 0 Effectively multiple caesar ciphers 0 Key is multiple letters long K = k1 k2 ... kd 0 ith letter specifies ith alphabet to use 0 Use each alphabet in turn 0 Repeat from start after d letters in message 0 Decryption simply works in reverse IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-46
47. 47. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-47
48. 48. Example of Vigenère Cipher 0 Keyword: deceptive key: deceptivedeceptivedeceptive plaintext: wearediscoveredsaveyourself ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-48
49. 49. Security of Vigenère Ciphers 0 There are multiple ciphertext letters corresponding to each plaintext letter. 0 So, letter frequencies are obscured but not totally lost. 0 To break Vigenere cipher: 1. Try to guess the key length. How? 2. If key length is N, the cipher consists of N Caesar ciphers. Plaintext letters at positions k, N+k, 2N+k, 3N+k, etc., are encoded by the same cipher. 3. Attack each individual cipher as before.IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-49
50. 50. Guessing the Key Length 0 Main idea: Plaintext words separated by multiples of the key length are encoded in the same way. 0 In our example, if plaintext = “…thexxxxxxthe…” then “the” will be encrypted to the same ciphertext words. 0 So look at the ciphertext for repeated patterns. 0 E.g. repeated “VTW” in the previous example suggests a key length of 3 or 9: ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ 0 Of course, the repetition could be a random fluke. 0 Then attack each monoalphabetic cipher individually using same techniques as before IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-50
51. 51. 2.Vernam Cipher 0 Ultimate defense is to use a key as long as the plaintext with no statistical relationship to it 0 Invented by AT&T engineer Gilbert Vernam in 1918 0 Originally proposed using a very long but eventually repeating key IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-51
52. 52. 3.One-Time Pad 0 If a truly random key as long as the message is used, the cipher will be secure 0 Called as One-Time pad 0 It is unbreakable since ciphertext bears no statistical relationship to the plaintext 0 Since for any plaintext & any ciphertext there exists a key mapping one to other 0 Can use the key only once though 0 Problems in generation & safe distribution of key IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-52
53. 53. 4.Rotor Cipher Machines 0 Before modern ciphers, rotor machines were most common complex ciphers in use. 0 Widely used in WW2. 0 Used a series of rotating cylinders. 0 Implemented a polyalphabetic substitution cipher of period K. 0 With 3 cylinders, K = 263 =17,576. 0 With 5 cylinders, K = 265 =12 x 106 . 0 What is a key? 0 If the adversary has a machine 0 If the adversary doesn’t have a machine IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-53
54. 54. IFETCE/M.E CSE/NE7202-NIS/Unit 2 54
55. 55. German secret setting sheets IFETCE/M.E CSE/NE7202-NIS/Unit 2 Date Which rotors to use (there were 10 rotors) Ring setting Plugboard setting Slide #9-55
56. 56. The Rotors IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-56
57. 57. Enigma Rotor Machine IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-57
58. 58. Enigma Rotor Machine IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-58
59. 59. Transposition Ciphers 0 Also called permutation ciphers. 0 Shuffle the plaintext, without altering the actual letters used. 0 Can recognise these since have the same frequency distribution as the original text IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-59
60. 60. 1.Rail Fence cipher 0 Write message letters out diagonally over a number of rows 0 Then read off cipher row by row 0 Eg. write message out as: m e m a t r h t g p r y e t e f e t e o a a t 0 Ciphertext MEMATRHTGPRYETEFETEOAAT IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-60
61. 61. 2.Row Transposition Ciphers 0 Plaintext is written row by row in a rectangle. 0 Ciphertext: write out the columns in an order specified by a key. Key: 3 4 2 1 5 6 7 Plaintext: Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ IFETCE/M.E CSE/NE7202-NIS/Unit 2 a t t a c k p o s t p o n e d u n t i l t w o a m x y z Slide #9-61
62. 62. Product Ciphers 0 Ciphers using substitutions or transpositions are not secure because of language characteristics 0 Consider using several ciphers in succession to make harder, but: 0 two substitutions make a more complex substitution 0 two transpositions make more complex transposition 0 Uses a sequence of substitutions and transpositions 0 Harder to break than just substitutions or transpositions 0 This is a bridge from classical to modern ciphers IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-62
63. 63. Unconditional & Computational Security 0 A cipher is unconditionally secure if it is secure no matter how much resources (time, space) the attacker has. 0 A cipher is computationally secure if the best algorithm for breaking it will require so much resources (e.g., 1000 years) that practically the cryptosystem is secure. 0 All the ciphers we have examined are not unconditionally secure. IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-63
64. 64. An unconditionally Secure Cipher IFETCE/M.E CSE/NE7202-NIS/Unit 2 1 2 3 4 1 2 3 4 1 2 3 4 Key = (random, ) Plaintext = Cipherte Vernam’s one-time pad cip used one-time only xt = where Can be proved to be unconditionally sec her ur .e i i i k k k k m m m m c c c c c m k= ⊕ • • • • K K K Slide #9-64
65. 65. Classical to Modern Cryptography 0 Classical cryptography 0 Encryption/decryption done by hand 0 Modern cryptography 0 Computers to encrypt and decrypt 0 Same principles, but automation allows ciphers to become much more complex IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-65
66. 66. Summary 0 Classical Cryptography 0 Substitution 0 Transposition IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-66