Chapter 3 Evolution of Classical Cryptography Cryptography-Application and Practice Harbin Institute of Technology School of Computer Science and Technology

Chapter 3 Evolution of Classical Cryptography

Cryptography-Application and PracticeHarbin Institute of TechnologySchool of Computer Science and Technology

Zhijun Lihttp://cst.hit.edu.cn/~lizhijun

[email protected]

Zhijun Li S1034040/Autumn08/HIT 2

Outline

• Symmetric Cipher

• Substitution Ciphers– Monoalphabetic Substitution Ciphers– Polyalphabetic Substitution Ciphers– Polygraphic Substitution Ciphers

• Transposition Ciphers


MessageSource

EncryptionAlgorithm

DecryptionAlgorithm

Secure Channel

CRYPTANALYST

P CP

K

InsecureChannel

C

Key Generator

Alice Bob

Oscar

Model of Symmetric Cipher


Formal Description

• A Cipher is (K,P,C, E, D)– c=EK(p)

– p=DK(c)

– Use the same key K to encrypt and decrypt– So symmetric encryption

– K must be secret, why?


Math in Classical Ciphers

• Typical transforms – Substitution

• Substitute x by y if x present• Example: axxbcx ayybcy

– Permutation (Transposition) • Transposes the alpha at position I by J • Example: ababc cabab


Outline





Example: Caesar Cipher

meet me after the toga party

PHHW PH DIWHU WKH WRJD SDUWB

mnop

Replaces each letter by 3rd letter further down the alphabet

Encryption algorithm

Y= EK(X)=(X+3) mod 26


Shift Cipher: Definition

• Associate numbers with the alphabet A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

={A, B, C, …, Z}=Z26

• K= Z26 • P=C=+

• Encrypt a message m ci=ek(mi)=(mi+k) mod 26• Decrypt a ciphertext c mi=dk(ci)=(ci-k) mod 26


Shift Cipher: Cryptanalysis

• Search the key space - brute force• |K|=26

LIZHZLVKWRUHSODFHOHWWHUV Ciphertext KHYGYKUJVQTGRNCEGNGVVGTU try shift of 1 JGXFXJTIUPSFQMBDFMFUUFST try shift of 2 IFW

EWISHTOREPLACELETTERS try shift of 3 *** Plaintext HEVDVHRGSNQDOKZBDKDSSDQR try shift of 4 GD

UCUGQFRMPCNJYACJCRRCPQ try shift of 5 ..... MJAIAMWLXSVITPEGIPIXXIVW try shift of 25


Why Brute Force Can?

• |K| is too small– For brute force attack (alphabet of size n)– complexity (n-1)/2 in average case– complexity (n-1) in worst-case

• Lessons Learnt– Larger the key space


Affine Cipher

• An extension of the shift cipher

p=am+b mod m

a and b define the key

• Example:

What’s wrong with this?

ax1+bax2+b mod n


Affine Cipher: Definition

• Message Space: P=Zn

• Cryptogram Space: C=Zn

• Key Space: K={(a,b)ZnXZn| gcd(a,n)=1}

• Encryption: ek(m)=am+b (mod n)

• Decryption: dk(c)=(c-b)a-1 (mod n)


Affine Cipher: Cryptanalysis

• Brute force attack– |K|=mX(m) for Zm

– |K|=312 for Z26 it is feasible

– for Z100

(100)=80 and |K|=8000 • Computing by hand? • Computing by computer!


Monoalphabetic Substitution

• The key space: All permutations in • Encryption given a key :

– each letter m in the plaintext P is replaced with (m)• Decryption given a key -1:

– each letter c in the cipherext C is replaced with -1(c)

• Example: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z = B A D C Z H W Y G O Q X S V T R N M S K J I P F E U

BECAUSE → AZDBJSZ


• Exhaustive search is infeasible– key space size is 26! 4×1026

– If every person on earth tried one per second, it would take 91 years

• Frequency statistical analysis– Each language has certain features: frequency of

letters, or of groups of two or more letters– Substitution ciphers preserve the language features– So vulnerable to frequency analysis attacks

Strength of Substitution Cipher


Frequency of English Letters


Other Frequency Features

• EN is the most common two-letter combination, followed by RE, ER, and NT

• The letter A is often found in the beginning of a word or second from last.

• The letter Q is followed only by U

• And more …

• English: about 1.3 bits of information per letter • Compress English with gzip – about 1:6


A Cryptanalysis Example

• Ciphertext:

“XBW HGQW XS ACFPSUWG FWPGWXF CF AWWKZV CDQGJCDWA CD BHYJD DJXHGW; WUWD XBW ZWJFX PHGCSHF YCDA CF GSHFWA LV XBW KGSYCFW SI FBJGCDQ RDSOZWAQW OCXBBWZA IGSY SXBWGF.”


Frequency Analysis

“XBW HGQW XS ACFPSUWG FWPGWXF CF AWWKZV CDQGJCDWA CD BHYJD DJXHGW; WUWD XBW ZWJFX PHGCSHF YCDA CF GSHFWA LV XBW KGSYCFW SI FBJGCDQ RDSOZWAQW OCXBBWZA IGSY SXBWGF.”

W: 20 “Normal” English:C: 11 e 12%F: 11 t 9%

G: 11 a 8%


Pattern Analysis

“XBe HGQe XS ACFPSUeG FePGeXF CF AeeKZV CDQGJCDeA CD BHYJD DJXHGe; eUeD XBe ZeJFX PHGCSHF YCDA CF GSHFeA LV XBe KGSYCFe SI FBJGCDQ RDSOZeAQe OCXBBeZA IGSY SXBeGF.”

XBe = “the”Most common trigrams in English:

the = 6.4%and = 3.4%


Guessing

“the HGQe tS ACFPSUeG FePGetF CF AeeKZV CDQGJCDeA CD hHYJD DJtHGe; eUeD the ZeJFt PHGCSHF YCDA CF GSHFeA LV the KGSYCFe SI FhJGCDQ RDSOZeAQe OCthheZA IGSY Sthe

GF.”

S = “o”


Guessing

“the HGQe to ACFPoUeG FePGetF CF AeeKZV CDQGJCDeA CD hHYJD DJtHGe; eUeD the ZeJFt PHGCoHF YCDA CF GoHFeA LV the KGoYCFe oI FhJGCDQ RDoOZeAQe OCthheZA IGoY otheGF.”

otheGF = “others”


Guessing

“the HrQe to ACsPoUer sePrets Cs AeeKZV CDQrJCDeA CD hHYJD DJtHre; eUeD the ZeJst PHrCoHs YCDA Cs roHseA LV the KroYCse oI shJrCDQ RDoOZeAQe OCthheZA IroY others.”

“sePrets” = “secrets”


Plaintext

“The urge to discover secrets is deeply ingrained in human nature; even the least curious mind is roused by the promise of sharing knowledge withheld from others.”

- John Chadwick


• Polyalphbetic substitution cipher – The letter list is substituted by substitution list

– f=(f1,f2,…), x=x1x2…, c=ek(x)=f(x)=f1(x1)f2(x2)…

– Vigenère cipher

• Ploygram substitution cipher– Multiple letters of plaintext substitute at the same time

– f:mm, c=ek(x)=f(x1x2…xm)f(xm+1xm+2…x2m)…

– Hill cipher

Ways to Improve the Security


Outline





Vigenère Cipher: Example

• Encrypt the message

INDIVIDUAL CHARACTER

with the key HOST

m = INDI VIDU ALCH ARAC TER

k = HOST HOST HOST HOST HOS

Ek(m)=PBVB CWVN HZUA HFSV ASJ


Vigenère Cipher: Definition

• P = C = K = (Zm)n

• K = (k1, k2, k3, …kn)

• eK(x1, x2,…xn) = (x1+k1,x2+k2,…,xn+kn) mod 26

• dK(y1, y2,…yn) = (y1 -k1,y2 -k2,…,yn -kn) mod 26

• Remark:– |K| = mn

– Vigenere can mask the frequency– Vigenere cipher is a collection of substitution ciphers!


C1 = c1cm+1c2m+1…

C2 = c2cm+2c2m+2…

…

Cm = cmc2mc3m…

For k1

Attack each shift cipher

For k2

For km

Vigenère Cipher: Cryptanalysis


key: deceptivedeceptivedeceptive

plaintext: wearediscoveredsaveyourself

ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ

Guess key length

Vigenère Cipher: Cryptanalysis

• Find the length of key

• Ways:– Kasisky test– Index of coincidence


Kasisky Test

• Note: two identical segments of plaintext will be encrypted to the same ciphertext

• if they occur at the distance ∆ and ∆≡0 (mod m), m is the key length

• Algorithm:– Search for pairs of identical segments of length at lea

st 3– Record distances between the two segments: ∆1, ∆2,

…– m divides gcd(∆1, ∆2, …)


Index of Coincidence

• Definition:

A string x = x1x2 . . . xn

The Ic(x), index of coincidence of x is the probability that two random elements of x are identical:

Ic(x)=xi,xjx Pr(xi=xj)


Computing the Ic(x)

• Suppose the frequencies of A, B, C, . . . , Z in x i

s f0, f1, . . . , f25

Ic(x) = i=025Cfi

2/Cn2

= i=025fi(fi-1)/n(n-1)

i=025(fi/n)2


Ic(x) for Cryptanalysis

• For English

Ic(x) i=025(fi/n)2

i=025(pi)2 0.065

• For Random

Ic(x) i=025(fi/n)2

26/262=0.038

• Note:– More random of x, more less Ic(x)– Random means the less bias in distribution


C1 = c1cm+1c2m+1…

C2 = c2cm+2c2m+2…

…

Cm = cmc2mc3m…

If m is the key length, then the text ``looks like’’ English text:

Ic(yi)=0.065

If m is not the key length, the text ``looks like’’ random text:

Ic(yi)=0.038

Find the Key Length of Vigenère


key: deceptivewearediscoveredsavplaintext: wearediscoveredsaveyourselfciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA

Random key stream

Vigenère Cipher: Improvement

• Avoid repetition of key– Autokey system


One-Time Pad

• Use a random key stream K that was truly as long as the message

• Encryption: P = C = K = Z2n

Ci = Pi Ki

• Why One-Time?– For KPA: Very easy to Know K

– Ki= PiCi


OTP: Security Analysis

• Model: Complexity or Information

Pr(M|C) =? Pr(M)

• Theorem: OTP is Unconditional Security• Proof: P=C=K= {0,1}n, key is chosen randomly, and for

any probability of the plaintext:

Pr [P=m|C=c] = Pr[P=m,C=c]/Pr[C=c]

= Pr[P=m]Pr[C=c|P=m]/m’M(Pr[P=m’]Pr[C=c|P=m’])

= Pr[P=m]1/2n/m’M(Pr[P=m’]1/2n)

= Pr[P=m]/m’M(Pr[P=m’]) = Pr[P=m]


OTP: Practicability

• One-Time – known-plaintext attacks– x x’ = y y’

• Long Key

– As long as messages

• So NOT usable in commercial situation • BUT usable in military situation


OTP: Rotor Machine

• Rotor Machine: multiple rounds of substitution– Multiple cylinders, each cylinder has 26 states– Each state is a substitution cipher– A m-cylinder has 26m substitution ciphers

• 263 = 17576• 264 = 456,976• 265 = 11,881,376


Enigma Machine

• Use 3 scramblers:– 263=17576 substitutions

• Scramblers can be in any order:– 3!=6 combinations

• Plug board: – 6 pairs of letters are swapped

– 26!/(14!6!64)1011

• Total number of keys1016


• How to use: – Sender and receiver set up the machine the same

way• Plugboard setting• Scrambler arrangement• Scrambler starting position

• History:– Patented by Scherius in 1918– Widely used by the Germans from 1926– First successfully broken by Polish’s in the thirties – Broken by the UK intelligence during the WW II

Enigma Machine: Remark


Outline





• Key Matrix– 2x2 key matrix: hide single-letter freq.– 3x3 key matrix: hide single-letter and digram freq.– …

44434241

34333231

24232221

14131211

43214321

kkkk

kkkk

kkkk

kkkk

mmmmcccc

Key Matrix

Hill Cipher


Hill Cipher : Definition

• P = C = (Zm)n

• K = {all n n invertible matrices over Zm}

• Encryption: ek(m) = m k mod m• Decryption: dk(c) = c k-1 mod m

• Example:

0983

4851732263234321

mod 13 = 7 10 10 5


Hill Cipher: Cryptanalysis

• Difficult to break under OCA

• Easy to break under KPA– Know the n (the size of the key matrix)

• Can find the K easily • Lots of c=mK C=MK K=CM-1

• S(n) = O(n2)

– n is unknown • How to find n?


Ciphers: Frequency Features


Outline





x 1 2 3 4 5

(x) 3 2 5 1 4

x 1 2 3 4 5

-1(x) ? ? ? ? ?

Permutation Cipher

• Encryption: permutation on the plaintext letters

• Example: transpositionciphers NRTSAIOPTSCONIINRHPSE• Decryption?


• P = C = (Zm)n

• K = { | a permutation of {1, 2, ….n}}

e (x1, x2,…xn) = (x (1), x (2),…x (n))

d (x1, x2,…xn) = (x -1(1), x -1(2),…x -1(n))

• Remark:– Hide the meaning by rearranging the letter order– Single-letter distribution in plaintext is useless!– BUT there are other features in the plaintext!

Permutation Cipher: Definition


Permutation Cipher Cryptanalysis

• Features of English– Frequent (scarce) patterns

• Such as th, ch …

– Pilot letters (can be followed limited letters)• Such as q is always followed by u• j can only followed by a vowel …

– Others …

• Example: P U 33J U 25A F 38O I 42E R 94G R42

P A 61J U 25A R 82O A 48E E 81G E 61

274 358rankMore Preferable


Some Transposition Ciphers

Formal definition of the ciphers?Cryptanalysis?

IC A M

E I S A W

= ECIIA SMAW

• Rail Fence Cipher– Example: E( I A E S W

C M I A ) = IAESW CMIA

• Triangle Transposition Cipher– Example:

• Scytale Cipher


• Encrypt: CRYPTANALYST 1 2 3 4 (coat) C R Y P T A N A L Y S T• Read by column 2,3,1,4 RAYYNSCTLPAT

• Decrypt: RAYYNSCTLPAT 1 2 3 4 C R Y P T A N A L Y S T• Read by row CRYPTANALYST

Block Transposition Cipher


Block Transposition Cryptanalysis

• Step 1: Find possible block sizes – A full rectangle: factoring

• Example: 153 = 3 51, 51 3, 17 9, 9 17

– Only the last line is fragmentary: fill and factoring• n-m < ml < n

• Step 2: Determining the correct rectangle– The feature of the correct rectangle

• Each line represents a line of standard English• A line of English consist of about 40% vowels

• Step 3: Break the permutation cipher


Initial plaintext: 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

1st transposition: 03 10 17 24 04 11 18 25 02 09 16 23 01 08 15 22 05 12 19 26 06 13 20 27 07 14 21 28

2nd transposition: 17 09 05 27 24 16 12 07 10 02 22 20 03 25 15 13 04 23 19 14 11 01 26 21 18 08 06 28

Double Block Transposition

• Re-encryption using same block transposition– Example:

• Why more secure?


Introduction of Product Cipher

• Combine two transforms– Combine two same operators (iteration)

• Example: two permutation ciphers (1 2)

– Let the period of 1 is n1, the period of 2 is n2

– If n1=n2, then 1 2 = ?

– If n1|n2, then 1 2 = ?

– If gcd(n1, n2) = 1, then 1 2 = ?

– Combine two different operators• Example: Affine = Shift Hill (n=1)• Example: Substation Transposition


Summary

• Ciphers can be characterized by:– Number of keys used

• asymmetric or private / symmetric or public

• Classical Ciphers are asymmetric ciphers– Math transformations– Substitution

• Monoalphabetic / Polyalphabetic Substitution • Polygraphic Substitution

– Transpositions• Permutation / Block transpositions

– Product


Homework

• HTTP URL http://cst.hit.edu.cn/cryptography/

• Due Date

Documents

Chapter 3 Evolution of Classical Cryptography Cryptography-Application and Practice Harbin Institute of Technology School of Computer Science and Technology