1. Chapter 2 – Classical Encryption
Techniques
Jen-Chang Liu, 2004
Adopted from
lecture slides by Lawrie Brown
2. Many savages at the present day regard
their names as vital parts of themselves,
and therefore take great pains to conceal
their real names, lest these should give to
evil-disposed persons a handle by which
to injure their owners. —The Golden
Bough, Sir James George Frazer
3. Sir James George Frazer
《金枝》一書原名應作「The Golden
Bough」,作者Sir James Frazer (1854-1941),
他是英國人類學家、民俗學家,和古典學者。
《金枝》 一書的主旨在於:人類思想方式的
發展過程是由巫術、宗教發展為科 學。
一個小鎮每年到了6月27日都會舉行 一種儀式:
全鎮居民集合然後抽籤,抽中的人必須讓其他
居民用亂石打死,且 不得反抗;這是為了驅
除災難,被打死的人是為全鎮犧牲的英雄
4. Review: Model for Network
Security
1
2
3
3 roles to play in security system
5. Cryptography
Cryptographic systems can be characterized
by:
encryption operations used for transforming
plaintext to ciphertext
substitution / transposition (permutation) / product
number of keys used
single-key or private / two-key or public
way in which plaintext is processed
block / stream
密碼學
9. Symmetric Encryption
conventional / single-key encryption
sender and recipient share a common key
all classical encryption algorithms are private-
key
was only type prior to invention of public-key
in 1970’s
10. Basic Terminology
plaintext - the original message
ciphertext - the coded message
cipher - algorithm for transforming plaintext to
ciphertext
key - info used in cipher known only to sender/receiver
encipher (encrypt) - converting plaintext to ciphertext
decipher (decrypt) - recovering ciphertext from
plaintext
cryptography - study of encryption principles/methods
cryptanalysis (codebreaking) - the study of
principles/ methods of deciphering ciphertext without
knowing key
cryptology - the field of both cryptography and
cryptanalysis
明文
密文
12. Example: Caesar Cipher
earliest known substitution cipher by Julius
Caesar
first attested use in military affairs
example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
m
n
o
p
replaces each letter by 3rd letter further down the alphabet
13. Example: Caesar Cipher (cont.)
Plaintext alphabets
z
y
x
d
c
b
a
X ,
,
,...,
,
,
,
Assign a number to each alphabet:
25
,
24
,
23
,...,
3
,
2
,
1
,
0
X
Ciphertext alphabets
25
,
24
,
23
,...,
3
,
2
,
1
,
0
Y
Encryption algorithm
Y = EK(X)=(X+3) mod 26
14. Security Requirements
two requirements for secure use of
symmetric encryption:
a strong encryption algorithm
assume encryption algorithm is known, the opponent
is unable to decipher the ciphertext
a secret key known only to sender / receiver
implies a secure channel to distribute key
15. Cryptanalysis of Caesar Cipher
Assume that the encryption is known as a
Caesar cipher
Try 25 possible keys – brute force
See fig. 2.3
Why brute force attack works?
Encryption (decryption) algorithm is known
25 keys too small
The language of plaintext is recognizable
Ex. A zipped file
16. Brute Force Search
Given encryption algorithm, it’s always possible to
simply try every key
On average, try half of all keys
assume either know / recognise plaintext
decryption
DES
AES
3DES
18. Degree of security for encryption
schemes
unconditional security
no matter how much computer power is available,
the cipher cannot be broken since the ciphertext
provides insufficient information to uniquely
determine the corresponding plaintext
不論花多少時間也無法破解
computational security
given limited computing resources (eg time
needed for calculations is greater than age of
universe), the cipher cannot be broken
19. Mini break
There will be a programming project this
semester
Implementation of DES or AES
21. Classical Substitution Ciphers
where letters of plaintext are replaced by
other letters or by numbers or symbols
if plaintext is viewed as a sequence of bits,
then substitution involves replacing plaintext
bit patterns with ciphertext bit patterns
A
B
C
.
.
Y
Z
A
B
C
.
.
Y
Z
26! Possible transforms
22. Caesar Cipher
can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
then have Caesar cipher as:
C = E(p) = (p + k) mod (26)
p = D(C) = (C – k) mod (26)
Caesar cipher can be cryptoanalyzed by brute-force attack
=> Far from secure
23. Monoalphabetic Cipher
rather than just shifting the alphabet
each plaintext letter maps to a different
random ciphertext letter
A
B
C
.
.
Y
Z
A
B
C
.
.
Y
Z
26! Possible transforms
E(.)
.
.
.
27. Cryptanalysis (cont.)
One alphabet frequencies: guess P & Z are e and t
Digrams and trigrams: frequencies of compound
letters
guess ZW is th and hence ZWP is the
proceeding with trial and error
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
t t t t t
t t t t
t
t
t t
t
e e e e e
e
ee
e
e
e e e e e e
h
h
h
h
28. How to improve monoalphabetic
cipher?
Encrypt multiple letters of plaintext at the
same time
Playfair cipher
Hill cipher
Use multiple cipher alphabets
Polyalphabetic cipher
29. Playfair Cipher
Best-known multiple-letter encryption cipher
invented by Charles Wheatstone in 1854, but
named after his friend Baron Playfair
Example: digram mapping
x
y
c
g
26x26 diagrams
30. Playfair Key Matrix
a 5X5 matrix of letters based on a keyword
eg. using the keyword MONARCHY
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
fill in letters of keyword
fill rest of matrix with other letters in
alphabetic order
31. Playfair: Encrypting and
Decrypting
plaintext encrypted two letters at a time:
if a pair is a repeated letter, insert a filler like 'X',
eg. "balloon" encrypts as "ba lx lo on"
if both letters fall in the same row, replace each
with letter to right (wrapping back to start from
end), eg. “ar" encrypts as "RM"
if both letters fall in the same column, replace
each with the letter below it (again wrapping to
top from bottom), eg. “mu" encrypts to "CM"
otherwise each letter is replaced by the one in its
row in the column of the other letter of the pair,
eg. “hs" encrypts to "BP", and “ea" to "IM" or "JM"
(as desired)
M O N
C H Y
E F G
L P Q
U V W
32. Security of the Playfair Cipher
security much improved over monoalphabetic
26 x 26 = 676 digrams
would need a 676 entry frequency table to analyse
(verses 26 for a monoalphabetic)
was widely used for many years (eg. US & British
military in WW1)
it can be broken, given a few hundred letters
since still has much of plaintext structure
33. Idea: Relative frequency of
occurrence of letters in ciphertext
* Make the freq. Distribution information concealed => flatter
34. Hill cipher
Mathematician Lester Hill in 1929
Multi-letter cipher
Ex. 3-letter cipher
p1
p2
p3
c1
c2
c3
?
Input: 263 Output: 263
26
mod
3
2
1
33
32
31
23
22
21
13
12
11
3
2
1
p
p
p
k
k
k
k
k
k
k
k
k
c
c
c
Key matrix
Linear equations: C=KP mod 26
35. Hill cipher (cont.)
Encryption: C = KP mod 26
Decryption: P = K-1C mod 26
Idea: hide single-letter frequencies
2x2 key matrix: hide single-letter freq.
3x3 key matrix: hide single-letter and digram
freq.
…
How to attack Hill cipher?
36. Cryptanalysis on Hill cipher
Known ciphertext X
Ex. 2x2 key matrix, given “friday” => “PQCFKU”
d
r
i
f
K
F
Q
C
P
26
mod
3
17
8
5
5
16
2
15
K
=>
=> 解出K !!!
Known plaintext-ciphertext pairs
37. How to improve monoalphabetic
cipher?
Encrypt multiple letters of plaintext at the
same time
Playfair cipher
Hill cipher
Use multiple cipher alphabets
Polyalphabetic cipher Monoalph. Cipher:
a k
Polyalph. Cipher:
a k
J
Rule 1
Rule 2
38. Polyalphabetic Ciphers
Polyalphabetic substitution ciphers
A set of related monoalphabetic substitution rules
is used
use a key to select which alphabet is used for
each letter of the message
39. Vigenère Cipher
simplest polyalphabetic substitution cipher is
the Vigenère Cipher
26 Caesar ciphers
Each Caesar cipher is labelled by a key letter
See Table 2.3
41. Example: Vigenère Cipher
Encryption: need a key and the plaintext
Eg. using keyword deceptive
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Decryption: the table and the key are known
• advantage: multiple ciphertext letters for each plaintext letter
=> hide letter frequency
=> See Fig. 2.6
42. Cryptanalysis on Substitution
Cipher
Calculate the statistical properties of the
ciphertext
Match language letter freq.
Monoalphabetic cipher
Polyalphabetic cipher (Vigenère Cipher)
Find the length of keyword
Attack each monoalphabetic cipher
Yes
No
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Guess key length
43. Improve over Vigenère Cipher
Avoid repetition of key
Autokey system
weakness: the key and plaintext share the same
frequency
key: deceptivewearediscoveredsav
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA
44. Improve over Vigenère Cipher
(cont.)
Avoid repetition of key
Gilbert Vernam, 1918
Use of a running loop of tape that eventually
repeat the key
A very long but repeating keyword
Encryption: bitwise operation
i
i
i k
p
c
i-th bit
plaintext
i-th bit
key
i-th bit
ciphertext
45. One-Time Pad
Unconditional security !!!
Improve on Vigenère Cipher, by Jeseph
Mauborgne
Use a random key that was truly as long as
the message, no repetitions
46. Example: one-time pad
Known Vigenère Cipher with one-time key
Given ciphertext:
ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
Decrypt by hacker 1:
Ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
Key: pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyih
Plaintext: mr mustard with the candlestick in the hall
Decrypt by hacker 2:
Ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
Key: pftgpmiydgaxgoufhklllmhsqdqogtewbqfgyovuhwt
Plaintext: miss scarlet with the knife in the library
Which one?
47. a b c d e f g h i j k l m n o p q r s t u v w x y z ?
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ?
B C D E F G H I J K L M N O P Q R S T U V W X Y Z ? A
C D E F G H I J K L M N O P Q R S T U V W X Y Z ? A B
D E F G H I J K L M N O P Q R S T U V W X Y Z ? A B C
E F G H I J K L M N O P Q R S T U V W X Y Z ? A B C D
F G H I J K L M N O P Q R S T U V W X Y Z ? A B C D E
G H I J K L M N O P Q R S T U V W X Y Z ? A B C D E F
H I J K L M N O P Q R S T U V W X Y Z ? A B C D E F G
I J K L M N O P Q R S T U V W X Y Z ? A B C D E F G H
J K L M N O P Q R S T U V W X Y Z ? A B C D E F G H I
K L M N O P Q R S T U V W X Y Z ? A B C D E F G H I J
L M N O P Q R S T U V W X Y Z ? A B C D E F G H I J K
M N O P Q R S T U V W X Y Z ? A B C D E F G H I J K L
N O P Q R S T U V W X Y Z ? A B C D E F G H I J K L M
O P Q R S T U V W X Y Z ? A B C D E F G H I J K L M N
P Q R S T U V W X Y Z ? A B C D E F G H I J K L M N O
Q R S T U V W X Y Z ? A B C D E F G H I J K L M N O P
R S T U V W X Y Z ? A B C D E F G H I J K L M N O P Q
S T U V W X Y Z ? A B C D E F G H I J K L M N O P Q R
T U V W X Y Z ? A B C D E F G H I J K L M N O P Q R S
U V W X Y Z ? A B C D E F G H I J K L M N O P Q R S T
V W X Y Z ? A B C D E F G H I J K L M N O P Q R S T U
W X Y Z ? A B C D E F G H I J K L M N O P Q R S T U V
X Y Z ? A B C D E F G H I J K L M N O P Q R S T U V W
Y Z ? A B C D E F G H I J K L M N O P Q R S T U V W X
Z ? A B C D E F G H I J K L M N O P Q R S T U V W X Y
? A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
?
48. Problem with one-time pad
Truly random key with arbitrary length?
Distribution and protection of long keys
The key has the same length as the plaintext!
49. Summary
Caesar cipher
Monoalphabetic cipher
Encrypt multiple letters of plaintext at the
same time
Playfair cipher
Hill cipher
Use multiple cipher alphabets
Polyalphabetic cipher
Vernam cipher
One-time Pad
51. Transposition Ciphers
Transposition cipher: permutation on the
plaintext letters
these hide the message by rearranging the letter
order
without altering the actual letters used
Feature: have the same frequency distribution as
the original text
排列
52. Rail Fence cipher
write message letters out diagonally over a
number of rows
eg. Plaintext: “meet me after the toga party”
m e m a t r h t g p r y
e t e f e t e o a a t
then read off cipher row by row
MEMATRHTGPRYETEFETEOAAT
53. Row Transposition Ciphers
Improve on Rain Fence cipher
write letters of message out in rows over a
specified number of columns
Key: 4 3 1 2 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
reorder the columns according to some key
before reading off the rows
55. Product Ciphers
ciphers using substitutions or transpositions are not
secure because of language characteristics
hence consider using several ciphers in succession
to make harder, but:
two substitutions make a more complex substitution
two transpositions make more complex transposition
but a substitution followed by a transposition makes a
new much harder cipher
this is bridge from classical to modern ciphers
57. Rotor Machines
apply multiple stages of encryption
were widely used in WW2
German Enigma, Allied Hagelin, Japanese Purple
with 3 cylinders have 263=17576 alphabets
Each cylinder is a monoalphabetic
substitution