Ch2 Classical Encryption

7/25/2019 Ch2 Classical Encryption

1/54

Classical Encryption

Techniques

Information System Security

Lecture 1


2/54

Classical encryption techniques

As opposed to moderncryptography

Goals:

to introduce basic concepts & terminology of

encryption

to prepare us for studying moderncryptography

2


3/54

Basic terminology

Plaintext: original message to beencrypted

Ciphertext: the encrypted message nciphering or encryption: the process of

con!erting plaintext into ciphertext

ncryption algorithm: performs encryption

"#o inputs: a plaintextand a secret $ey

3


4/54

%ymmetric Cipher odel

4


5/54

'eciphering or decryption: reco!ering

plaintext from ciphertext 'ecryption algorithm: performs decryption

"#o inputs: ciphertext and secret $ey

%ecret $ey: same $ey used for encryption

and decryption

Also referred to as a symmetric $ey

5


6/54

Cipher orcryptographic system : a scheme

for encryption and decryption Cryptography: science of studying ciphers

Cryptanalysis:science of studying attac$s

against cryptographic systems

Cryptology: cryptography ( cryptanalysis

6


7/54

Ciphers

%ymmetric cipher: same $ey used forencryption and decryption

Bloc$ cipher: encrypts a bloc$ of plaintext at a

time )typically *+ or ,-. bits/

%tream cipher: encrypts data one bit or one byte

at a time

Asymmetric cipher: different $eys used forencryption and decryption

7


8/54

%ymmetric ncryption

or con!entional 0 secret1$ey 0 single1$ey

sender and recipient share a common $ey

all classical encryption algorithms aresymmetric

only type of ciphers prior to the in!ention

of asymmetric1$ey ciphers in ,2345s by far most #idely used


9/54

%ymmetric Cipher odel

!


10/54

%ymmetric ncryption

athematically: Y 6 K)X/ or Y6 )K7X/

X 6 'K)Y/ or X6 ')K7 Y/

X6 plaintext Y 6 ciphertext K6 secret $ey

6 encryption algorithm ' 6 decryption algorithm Both and ' are $no#n to public

1"


11/54

Cryptanalysis

Objective: to recover the plaintext of a ciphertextor, more typically, to recover the secret key.

Kerkhoffs principle: the adversary knows alldetails about a cryptosystem except the secret key.

Two eneral approaches:brute!forceattack

non!brute!forceattack "cryptanalytic attack#

11


12/54

Brute18orce Attac$

"ry e!ery $ey to decipher the ciphertext9

n a!erage7 need to try half of all possible $eys

"ime needed proportional to si;e of $ey space

Key Size (bits) Number of AlternativeKeys

Time required at 1decryption/s

Time required at 1$decryptions/s

%& &%& ' (.% )*+ &%)s ' %-. minutes &.)- milliseconds

-$ &-$ ' /.& )*)$ &--s ' ))(& years )*.*) hours

)& &)& ' %.( )*% &)&/s ' -.( )*&(years -.( )*)years

)$ &)$ ' %./ )*-* &)$/s ' -.+ )*%$years -.+ )*%*years

&$ characters"permutation#

&$0 ' ( )*&$ & )*&$s ' $.( )*)&years $.( )*$years

12


13/54

13

Cryptanalytic Attac$s

ay be classified by ho# much

information needed by the attac$er:

Ciphertext1only attac$


14/54

14

Ciphertext1only attac$

Gi!en: a ciphertext c

=: #hat is the plaintext m>

An encryption scheme is completelyinsecure if it cannot resist ciphertext1only

attac$s9


15/54

15

=: #hat is the secret $ey in use>


16/54

16

Chosen1plaintext attac$

Gi!en: )m,7c,/7 )m-7c-/7 ?7 )m$7c$/7 #here

m,7m-7 ?7 m$are chosen by the

ad!ersary@ and a ne# ciphertext c9

=: #hat is the plaintext of c7 or #hat is the

secret $ey>


17/54

17

xample: chosen1plaintext attac$

n ,2+-7 % a!y cryptanalysts disco!ered that

Dapan #as planning an attac$ on EA8F9

"hey belie!ed that EA8F means id#ay island9

Pentagon didn5t thin$ so9

% forces in id#ay sent a plain message that their

fresh#ater supplies #ere lo#9

%hortly7 % intercepted a Dapanese ciphertext sayingthat EA8F #as lo# on #ater9

"his pro!ed that EA8F is id#ay9


18/54

1

Chosen1ciphertext attac$

Gi!en: )m,7c,/7 )m-7c-/7 ?7 )m$7c$/7 #here

c,7c-7 ?7 c$are chosen by the ad!ersary@

and a ne# ciphertext c9

=: #hat is the plaintext of c7 or #hat is the

secret $ey>


19/54

Classical Ciphers

Plaintext is !ie#ed as a sequence of

elements )e9g97 bits or characters/

%ubstitution cipher:replacing each element

of the plaintext #ith another element9

"ransposition )or permutation/ cipher:

rearranging the order of the elements of the

plaintext9 Product cipher: using multiple stages of

substitutions and transpositions

1!


20/54

Caesar Cipher

arliest $no#n substitution cipher

n!ented by Dulius Caesar

ach letter is replaced by the letter threepositions further do#n the alphabet9

Plain: a b c d e f g h i $ l m n o p q r s t u ! # x y ;

Cipher: ' 8 G H D < I P = J % " K L M N O A B C

xample: ohio stateJ


21/54

Caesar Cipher

athematically7 map letters to numbers:

a# $# c# %%%# y# '

"# 1# 2# %%%# 23# 24# 25

"hen the general Caesar cipher is:

c 6 K)p/ 6 )p ( k/ mod -*

p 6 'K)c/ 6 )c k/ mod -*

Can be generali;ed #ith any alphabet9

21


22/54

Cryptanalysis of Caesar Cipher


23/54

onoalphabetic %ubstitution Cipher

%huffle the letters and map each plaintext letter to a

different random ciphertext letter:

Plain letters: abcdefghi$lmnopqrstu!#xy;Cipher letters: '


24/54

onoalphabetic Cipher %ecurity

o# #e ha!e a total of -*T 6 + x ,4-*$eys9

Lith so many $eys7 it is secure against

brute1force attac$s9 But not secure against some cryptanalytic

attac$s9

Problem is language characteristics9

24


25/54

Ianguage %tatistics and Cryptanalysis

Human languages are not random9

Ietters are not equally frequently used9

n nglish7 is by far the most common letter7follo#ed by "7 J7 7 7 7 A7 %9

ther letters li$e O7 D7


26/54

nglish Ietter 8requencies

26


27/54

%tatistics for double & triple letters

n decreasing order of frequency

'ouble letters: th he an in er re es on7 ?

"riple letters:the and ent ion tio for nde7 ?

27


28/54

se in Cryptanalysis


29/54

xample Cryptanalysis

Gi!en ciphertext:UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ

VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX

EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Count relati!e letter frequencies )see next page/ Guess P7 OR 6 e7 tR

f double letters7 OL has highest frequency7 soguess OL 6 th and hence OLP 6 the

Proceeding #ith trial and error finally get:it was disclosd !st"da! t#at s$"al i%&o"'al ()t

di"ct co%tacts #a$ (% 'ad wit# *olitical

"*"s%tati$s o& t# $it co%+ i% 'oscow

2!


30/54

Ietter frequencies in ciphertext

P ,U9UU H Q9.U 8 U9UU B ,9*3 C 4944

O ,,9*3 ' Q944 L U9UU G ,9*3 < 4944

% .9UU Q944 = -9Q4 N ,9*3 I 4944

.9UU K +9,3 " -9Q4 49.U 4944

39Q4 M +9,3 A ,9*3 D 49.U J 4944

*9*3

3"


31/54

Playfair Cipher %ubstitution Cipher

ot e!en the large number of $eys in amonoalphabetic cipher pro!ides security9

ne approach to impro!ing security is toencrypt multiple letters at a time9

"hePlayfair Cipheris the best $no#nsuch cipher9

n!ented by Charles Lheatstone in ,.Q+7but named after his friend Baron Playfair9

31


32/54

Playfair


33/54

ncrypting and 'ecrypting

Plaintext is encrypted t#o letters at a time9

,9 f a pair is a repeated letter7 insert filler li$e VM59

-9 f both letters fall in the same ro#7 replace

each #ith the letter to its right )circularly/9

U9 f both letters fall in the same column7 replace

each #ith the the letter belo# it )circularly/9

+9 ther#ise7 each letter is replaced by the letterin the same ro# but in the column of the other

letter of the pair9

33


34/54

ncrypting and decrypting #ith Playfair

"he plaintext is encrypted two letters at a time:

,9Brea$ the plaintext into pairs of t#o consecuti!e letters-9f a pair is a repeated letter7 insert a filler li$e VMW in the plaintext7 eg9 SballoonS

is treated as Sba lx lo onS

U9f both letters fall in the same ro# of the $ey matrix7 replace each #ith the

letter to its right )#rapping bac$ to start from end/7 eg9 EAJS encrypts as SJS

+9f both letters fall in the same column7 replace each #ith the letter belo# it

)again #rapping to top from bottom/7 eg9 ES encrypts to SCSQ9ther#ise each letter is replaced by the one in its ro# in the column of the

other letter of the pair7 eg9 EH%S encrypts to SBPS7 and EAS to SS or SDS )as

desired/

X"he examples abo!e are based on this $ey matrix:


35/54

%ecurity of Playfair Cipher

qui!alent to a monoalphabetic cipher #ith analphabet of -* x -* 6 *3* characters9

%ecurity is much impro!ed o!er the simple

monoalphabetic cipher9

Las #idely used for many decades eg9 by % & British military in LL, and early LL-

nce thought to be unbrea$able9

Actually7 it canbe bro$en7 because it still lea!essome structure of plaintext intact9

35


36/54

Polyalphabetic %ubstitution Ciphers

A sequence of monoalphabetic ciphers ),7 -7

U7 9997 $/ is used in turn to encrypt letters9

A $ey determines #hich sequence of ciphers to

use9 ach plaintext letter has multiple corresponding

ciphertext letters9

"his ma$es cryptanalysis harder since the letterfrequency distribution #ill be flatter9

36


37/54

KigenYre Cipher

%implest polyalphabetic substitutioncipher

Consider the set of all Caesar ciphers:

Ca7 Cb7 Cc7 9997 C;R


38/54

xample of KigenYre Cipher


39/54


40/54

%ecurity of KigenYre Ciphers

"here are multiple )ho# many>/ ciphertext letterscorresponding to each plaintext letter9

%o7 letter frequencies are obscured but not totally lost9

"o brea$ Kigenere cipher:

,9 "ry to guess the $ey length9 Ho#>

-9 f $ey length is 7 the cipher consists of Caesar ciphers9

Plaintext letters at positions $7 ($7 -($7 U($7 etc97 are

encoded by the same cipher9

U9 Attac$ each indi!idual cipher as before9

4"


41/54

Guessing the


42/54

Jotor Cipher achines

Before modern ciphers7 rotor machines #ere most commoncomplex ciphers in use9

Lidely used in LL-9

sed a series of rotating cylinders9

mplemented a polyalphabetic substitution cipher of period f the ad!ersary has a machine

f the ad!ersary doesn5t ha!e a machine

42

A i t


43/54

43

Assignment

'ecryption


44/54

"he Jotors

44


45/54

nigma Jotor achine

45


46/54

"ransposition Ciphers

Also called permutationciphers9

%huffle the plaintext7 #ithout altering the

actual letters used9 xample: Jo# "ransposition Ciphers

46


47/54

Jo# "ransposition Ciphers

Plaintext is #ritten ro# by ro# in a rectangle9

Ciphertext: #rite out the columnsin an order

specified by a $ey9


48/54

Product Ciphers

ses a sequence of substitutions andtranspositions

Harder to brea$ than ust substitutions or

transpositions "his is a bridge from classical to modern ciphers9

4

diti l & C t ti l


49/54

nconditional & Computational

%ecurity

A cipher is unconditionally secure if it issecure no matter ho# much resources)time7 space/ the attac$er has9

A cipher is computationally secure if thebest algorithm for brea$ing it #ill require somuch resources )e9g97 ,444 years/ that

practically the cryptosystem is secure9 All the ciphers #e ha!e examined are not

unconditionally secure9

4!


50/54

An unconditionally %ecure Cipher

5"

) & % (

) & % (

) & % (

Key ' "random, #

1laintext '

2ipherte

3ernams one!time pad cip

used one!time only

xt '

where

2an be proved to be unconditionally sec

her

ur .e

i i i

k k k k

m m m m

c c c c

c m k=

+

+

+


51/54

%teganography

Hide a message in another message9

9g97 hide your plaintext in a graphic image ach pixel has U bytes specifying the JGB color

"he least significant bits of pixels can bechanged #0o greatly affecting the image quality

%o can hide messages in these I%Bs

Ad!antage: hiding existence of messages

'ra#bac$: high o!erhead

51


52/54

52

"a$e a *+4x+.4 )6U473-44/ pixel image9

sing only , I%B7 can hide ,,Q7-44 characterssing + I%Bs7 can hide +*47.44 characters9


53/54

53


54/54

%ummary

Ha!e considered:

classical cipher techniques and terminology

monoalphabetic substitution ciphers

cryptanalysis using letter frequencies

Playfair cipher

polyalphabetic ciphers

transposition ciphers

product ciphers and rotor machines

Documents

Ch2 Classical Encryption