Upload
steven-cross
View
229
Download
4
Tags:
Embed Size (px)
Citation preview
Chapter 3 Evolution of Classical Cryptography
Cryptography-Application and PracticeHarbin Institute of TechnologySchool of Computer Science and Technology
Zhijun Lihttp://cst.hit.edu.cn/~lizhijun
Zhijun Li S1034040/Autumn08/HIT 2
Outline
• Symmetric Cipher
• Substitution Ciphers– Monoalphabetic Substitution Ciphers– Polyalphabetic Substitution Ciphers– Polygraphic Substitution Ciphers
• Transposition Ciphers
Zhijun Li S1034040/Autumn08/HIT 3
MessageSource
EncryptionAlgorithm
DecryptionAlgorithm
Secure Channel
CRYPTANALYST
P CP
K
InsecureChannel
C
Key Generator
Alice Bob
Oscar
Model of Symmetric Cipher
Zhijun Li S1034040/Autumn08/HIT 4
Formal Description
• A Cipher is (K,P,C, E, D)– c=EK(p)
– p=DK(c)
– Use the same key K to encrypt and decrypt– So symmetric encryption
– K must be secret, why?
Zhijun Li S1034040/Autumn08/HIT 5
Math in Classical Ciphers
• Typical transforms – Substitution
• Substitute x by y if x present• Example: axxbcx ayybcy
– Permutation (Transposition) • Transposes the alpha at position I by J • Example: ababc cabab
Zhijun Li S1034040/Autumn08/HIT 6
Outline
• Symmetric Cipher
• Substitution Ciphers– Monoalphabetic Substitution Ciphers– Polyalphabetic Substitution Ciphers– Polygraphic Substitution Ciphers
• Transposition Ciphers
Zhijun Li S1034040/Autumn08/HIT 7
Example: Caesar Cipher
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
mnop
Replaces each letter by 3rd letter further down the alphabet
Encryption algorithm
Y= EK(X)=(X+3) mod 26
Zhijun Li S1034040/Autumn08/HIT 8
Shift Cipher: Definition
• Associate numbers with the alphabet A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
={A, B, C, …, Z}=Z26
• K= Z26 • P=C=+
• Encrypt a message m ci=ek(mi)=(mi+k) mod 26• Decrypt a ciphertext c mi=dk(ci)=(ci-k) mod 26
Zhijun Li S1034040/Autumn08/HIT 9
Shift Cipher: Cryptanalysis
• Search the key space - brute force• |K|=26
LIZHZLVKWRUHSODFHOHWWHUV Ciphertext KHYGYKUJVQTGRNCEGNGVVGTU try shift of 1 JGXFXJTIUPSFQMBDFMFUUFST try shift of 2 IFW
EWISHTOREPLACELETTERS try shift of 3 *** Plaintext HEVDVHRGSNQDOKZBDKDSSDQR try shift of 4 GD
UCUGQFRMPCNJYACJCRRCPQ try shift of 5 ..... MJAIAMWLXSVITPEGIPIXXIVW try shift of 25
Zhijun Li S1034040/Autumn08/HIT 10
Why Brute Force Can?
• |K| is too small– For brute force attack (alphabet of size n)– complexity (n-1)/2 in average case– complexity (n-1) in worst-case
• Lessons Learnt– Larger the key space
Zhijun Li S1034040/Autumn08/HIT 11
Affine Cipher
• An extension of the shift cipher
p=am+b mod m
a and b define the key
• Example:
What’s wrong with this?
ax1+bax2+b mod n
Zhijun Li S1034040/Autumn08/HIT 12
Affine Cipher: Definition
• Message Space: P=Zn
• Cryptogram Space: C=Zn
• Key Space: K={(a,b)ZnXZn| gcd(a,n)=1}
• Encryption: ek(m)=am+b (mod n)
• Decryption: dk(c)=(c-b)a-1 (mod n)
Zhijun Li S1034040/Autumn08/HIT 13
Affine Cipher: Cryptanalysis
• Brute force attack– |K|=mX(m) for Zm
– |K|=312 for Z26 it is feasible
– for Z100
(100)=80 and |K|=8000 • Computing by hand? • Computing by computer!
Zhijun Li S1034040/Autumn08/HIT 14
Monoalphabetic Substitution
• The key space: All permutations in • Encryption given a key :
– each letter m in the plaintext P is replaced with (m)• Decryption given a key -1:
– each letter c in the cipherext C is replaced with -1(c)
• Example: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z = B A D C Z H W Y G O Q X S V T R N M S K J I P F E U
BECAUSE → AZDBJSZ
Zhijun Li S1034040/Autumn08/HIT 15
• Exhaustive search is infeasible– key space size is 26! 4×1026
– If every person on earth tried one per second, it would take 91 years
• Frequency statistical analysis– Each language has certain features: frequency of
letters, or of groups of two or more letters– Substitution ciphers preserve the language features– So vulnerable to frequency analysis attacks
Strength of Substitution Cipher
Zhijun Li S1034040/Autumn08/HIT 16
Frequency of English Letters
Zhijun Li S1034040/Autumn08/HIT 17
Other Frequency Features
• EN is the most common two-letter combination, followed by RE, ER, and NT
• The letter A is often found in the beginning of a word or second from last.
• The letter Q is followed only by U
• And more …
• English: about 1.3 bits of information per letter • Compress English with gzip – about 1:6
Zhijun Li S1034040/Autumn08/HIT 18
A Cryptanalysis Example
• Ciphertext:
“XBW HGQW XS ACFPSUWG FWPGWXF CF AWWKZV CDQGJCDWA CD BHYJD DJXHGW; WUWD XBW ZWJFX PHGCSHF YCDA CF GSHFWA LV XBW KGSYCFW SI FBJGCDQ RDSOZWAQW OCXBBWZA IGSY SXBWGF.”
Zhijun Li S1034040/Autumn08/HIT 19
Frequency Analysis
“XBW HGQW XS ACFPSUWG FWPGWXF CF AWWKZV CDQGJCDWA CD BHYJD DJXHGW; WUWD XBW ZWJFX PHGCSHF YCDA CF GSHFWA LV XBW KGSYCFW SI FBJGCDQ RDSOZWAQW OCXBBWZA IGSY SXBWGF.”
W: 20 “Normal” English:C: 11 e 12%F: 11 t 9%
G: 11 a 8%
Zhijun Li S1034040/Autumn08/HIT 20
Pattern Analysis
“XBe HGQe XS ACFPSUeG FePGeXF CF AeeKZV CDQGJCDeA CD BHYJD DJXHGe; eUeD XBe ZeJFX PHGCSHF YCDA CF GSHFeA LV XBe KGSYCFe SI FBJGCDQ RDSOZeAQe OCXBBeZA IGSY SXBeGF.”
XBe = “the”Most common trigrams in English:
the = 6.4%and = 3.4%
Zhijun Li S1034040/Autumn08/HIT 21
Guessing
“the HGQe tS ACFPSUeG FePGetF CF AeeKZV CDQGJCDeA CD hHYJD DJtHGe; eUeD the ZeJFt PHGCSHF YCDA CF GSHFeA LV the KGSYCFe SI FhJGCDQ RDSOZeAQe OCthheZA IGSY Sthe
GF.”
S = “o”
Zhijun Li S1034040/Autumn08/HIT 22
Guessing
“the HGQe to ACFPoUeG FePGetF CF AeeKZV CDQGJCDeA CD hHYJD DJtHGe; eUeD the ZeJFt PHGCoHF YCDA CF GoHFeA LV the KGoYCFe oI FhJGCDQ RDoOZeAQe OCthheZA IGoY otheGF.”
otheGF = “others”
Zhijun Li S1034040/Autumn08/HIT 23
Guessing
“the HrQe to ACsPoUer sePrets Cs AeeKZV CDQrJCDeA CD hHYJD DJtHre; eUeD the ZeJst PHrCoHs YCDA Cs roHseA LV the KroYCse oI shJrCDQ RDoOZeAQe OCthheZA IroY others.”
“sePrets” = “secrets”
Zhijun Li S1034040/Autumn08/HIT 24
Plaintext
“The urge to discover secrets is deeply ingrained in human nature; even the least curious mind is roused by the promise of sharing knowledge withheld from others.”
- John Chadwick
Zhijun Li S1034040/Autumn08/HIT 25
• Polyalphbetic substitution cipher – The letter list is substituted by substitution list
– f=(f1,f2,…), x=x1x2…, c=ek(x)=f(x)=f1(x1)f2(x2)…
– Vigenère cipher
• Ploygram substitution cipher– Multiple letters of plaintext substitute at the same time
– f:mm, c=ek(x)=f(x1x2…xm)f(xm+1xm+2…x2m)…
– Hill cipher
Ways to Improve the Security
Zhijun Li S1034040/Autumn08/HIT 26
Outline
• Symmetric Cipher
• Substitution Ciphers– Monoalphabetic Substitution Ciphers– Polyalphabetic Substitution Ciphers– Polygraphic Substitution Ciphers
• Transposition Ciphers
Zhijun Li S1034040/Autumn08/HIT 27
Vigenère Cipher: Example
• Encrypt the message
INDIVIDUAL CHARACTER
with the key HOST
m = INDI VIDU ALCH ARAC TER
k = HOST HOST HOST HOST HOS
Ek(m)=PBVB CWVN HZUA HFSV ASJ
Zhijun Li S1034040/Autumn08/HIT 28
Vigenère Cipher: Definition
• P = C = K = (Zm)n
• K = (k1, k2, k3, …kn)
• eK(x1, x2,…xn) = (x1+k1,x2+k2,…,xn+kn) mod 26
• dK(y1, y2,…yn) = (y1 -k1,y2 -k2,…,yn -kn) mod 26
• Remark:– |K| = mn
– Vigenere can mask the frequency– Vigenere cipher is a collection of substitution ciphers!
Zhijun Li S1034040/Autumn08/HIT 29
C1 = c1cm+1c2m+1…
C2 = c2cm+2c2m+2…
…
Cm = cmc2mc3m…
For k1
Attack each shift cipher
For k2
For km
Vigenère Cipher: Cryptanalysis
Zhijun Li S1034040/Autumn08/HIT 30
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Guess key length
Vigenère Cipher: Cryptanalysis
• Find the length of key
• Ways:– Kasisky test– Index of coincidence
Zhijun Li S1034040/Autumn08/HIT 31
Kasisky Test
• Note: two identical segments of plaintext will be encrypted to the same ciphertext
• if they occur at the distance ∆ and ∆≡0 (mod m), m is the key length
• Algorithm:– Search for pairs of identical segments of length at lea
st 3– Record distances between the two segments: ∆1, ∆2,
…– m divides gcd(∆1, ∆2, …)
Zhijun Li S1034040/Autumn08/HIT 32
Index of Coincidence
• Definition:
A string x = x1x2 . . . xn
The Ic(x), index of coincidence of x is the probability that two random elements of x are identical:
Ic(x)=xi,xjx Pr(xi=xj)
Zhijun Li S1034040/Autumn08/HIT 33
Computing the Ic(x)
• Suppose the frequencies of A, B, C, . . . , Z in x i
s f0, f1, . . . , f25
Ic(x) = i=025Cfi
2/Cn2
= i=025fi(fi-1)/n(n-1)
i=025(fi/n)2
Zhijun Li S1034040/Autumn08/HIT 34
Ic(x) for Cryptanalysis
• For English
Ic(x) i=025(fi/n)2
i=025(pi)2 0.065
• For Random
Ic(x) i=025(fi/n)2
26/262=0.038
• Note:– More random of x, more less Ic(x)– Random means the less bias in distribution
Zhijun Li S1034040/Autumn08/HIT 35
C1 = c1cm+1c2m+1…
C2 = c2cm+2c2m+2…
…
Cm = cmc2mc3m…
If m is the key length, then the text ``looks like’’ English text:
Ic(yi)=0.065
If m is not the key length, the text ``looks like’’ random text:
Ic(yi)=0.038
Find the Key Length of Vigenère
Zhijun Li S1034040/Autumn08/HIT 36
key: deceptivewearediscoveredsavplaintext: wearediscoveredsaveyourselfciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA
Random key stream
Vigenère Cipher: Improvement
• Avoid repetition of key– Autokey system
Zhijun Li S1034040/Autumn08/HIT 37
One-Time Pad
• Use a random key stream K that was truly as long as the message
• Encryption: P = C = K = Z2n
Ci = Pi Ki
• Why One-Time?– For KPA: Very easy to Know K
– Ki= PiCi
Zhijun Li S1034040/Autumn08/HIT 38
OTP: Security Analysis
• Model: Complexity or Information
Pr(M|C) =? Pr(M)
• Theorem: OTP is Unconditional Security• Proof: P=C=K= {0,1}n, key is chosen randomly, and for
any probability of the plaintext:
Pr [P=m|C=c] = Pr[P=m,C=c]/Pr[C=c]
= Pr[P=m]Pr[C=c|P=m]/m’M(Pr[P=m’]Pr[C=c|P=m’])
= Pr[P=m]1/2n/m’M(Pr[P=m’]1/2n)
= Pr[P=m]/m’M(Pr[P=m’]) = Pr[P=m]
Zhijun Li S1034040/Autumn08/HIT 39
OTP: Practicability
• One-Time – known-plaintext attacks– x x’ = y y’
• Long Key
– As long as messages
• So NOT usable in commercial situation • BUT usable in military situation
Zhijun Li S1034040/Autumn08/HIT 40
OTP: Rotor Machine
• Rotor Machine: multiple rounds of substitution– Multiple cylinders, each cylinder has 26 states– Each state is a substitution cipher– A m-cylinder has 26m substitution ciphers
• 263 = 17576• 264 = 456,976• 265 = 11,881,376
Zhijun Li S1034040/Autumn08/HIT 41
Enigma Machine
• Use 3 scramblers:– 263=17576 substitutions
• Scramblers can be in any order:– 3!=6 combinations
• Plug board: – 6 pairs of letters are swapped
– 26!/(14!6!64)1011
• Total number of keys1016
Zhijun Li S1034040/Autumn08/HIT 42
• How to use: – Sender and receiver set up the machine the same
way• Plugboard setting• Scrambler arrangement• Scrambler starting position
• History:– Patented by Scherius in 1918– Widely used by the Germans from 1926– First successfully broken by Polish’s in the thirties – Broken by the UK intelligence during the WW II
Enigma Machine: Remark
Zhijun Li S1034040/Autumn08/HIT 43
Outline
• Symmetric Cipher
• Substitution Ciphers– Monoalphabetic Substitution Ciphers– Polyalphabetic Substitution Ciphers– Polygraphic Substitution Ciphers
• Transposition Ciphers
Zhijun Li S1034040/Autumn08/HIT 44
• Key Matrix– 2x2 key matrix: hide single-letter freq.– 3x3 key matrix: hide single-letter and digram freq.– …
44434241
34333231
24232221
14131211
43214321
kkkk
kkkk
kkkk
kkkk
mmmmcccc
Key Matrix
Hill Cipher
Zhijun Li S1034040/Autumn08/HIT 45
Hill Cipher : Definition
• P = C = (Zm)n
• K = {all n n invertible matrices over Zm}
• Encryption: ek(m) = m k mod m• Decryption: dk(c) = c k-1 mod m
• Example:
0983
4851732263234321
mod 13 = 7 10 10 5
Zhijun Li S1034040/Autumn08/HIT 46
Hill Cipher: Cryptanalysis
• Difficult to break under OCA
• Easy to break under KPA– Know the n (the size of the key matrix)
• Can find the K easily • Lots of c=mK C=MK K=CM-1
• S(n) = O(n2)
– n is unknown • How to find n?
Zhijun Li S1034040/Autumn08/HIT 47
Ciphers: Frequency Features
Zhijun Li S1034040/Autumn08/HIT 48
Outline
• Symmetric Cipher
• Substitution Ciphers– Monoalphabetic Substitution Ciphers– Polyalphabetic Substitution Ciphers– Polygraphic Substitution Ciphers
• Transposition Ciphers
Zhijun Li S1034040/Autumn08/HIT 49
x 1 2 3 4 5
(x) 3 2 5 1 4
x 1 2 3 4 5
-1(x) ? ? ? ? ?
Permutation Cipher
• Encryption: permutation on the plaintext letters
• Example: transpositionciphers NRTSAIOPTSCONIINRHPSE• Decryption?
Zhijun Li S1034040/Autumn08/HIT 50
• P = C = (Zm)n
• K = { | a permutation of {1, 2, ….n}}
e (x1, x2,…xn) = (x (1), x (2),…x (n))
d (x1, x2,…xn) = (x -1(1), x -1(2),…x -1(n))
• Remark:– Hide the meaning by rearranging the letter order– Single-letter distribution in plaintext is useless!– BUT there are other features in the plaintext!
Permutation Cipher: Definition
Zhijun Li S1034040/Autumn08/HIT 51
Permutation Cipher Cryptanalysis
• Features of English– Frequent (scarce) patterns
• Such as th, ch …
– Pilot letters (can be followed limited letters)• Such as q is always followed by u• j can only followed by a vowel …
– Others …
• Example: P U 33J U 25A F 38O I 42E R 94G R42
P A 61J U 25A R 82O A 48E E 81G E 61
274 358rankMore Preferable
Zhijun Li S1034040/Autumn08/HIT 52
Some Transposition Ciphers
Formal definition of the ciphers?Cryptanalysis?
IC A M
E I S A W
= ECIIA SMAW
• Rail Fence Cipher– Example: E( I A E S W
C M I A ) = IAESW CMIA
• Triangle Transposition Cipher– Example:
• Scytale Cipher
Zhijun Li S1034040/Autumn08/HIT 53
• Encrypt: CRYPTANALYST 1 2 3 4 (coat) C R Y P T A N A L Y S T• Read by column 2,3,1,4 RAYYNSCTLPAT
• Decrypt: RAYYNSCTLPAT 1 2 3 4 C R Y P T A N A L Y S T• Read by row CRYPTANALYST
Block Transposition Cipher
Zhijun Li S1034040/Autumn08/HIT 54
Block Transposition Cryptanalysis
• Step 1: Find possible block sizes – A full rectangle: factoring
• Example: 153 = 3 51, 51 3, 17 9, 9 17
– Only the last line is fragmentary: fill and factoring• n-m < ml < n
• Step 2: Determining the correct rectangle– The feature of the correct rectangle
• Each line represents a line of standard English• A line of English consist of about 40% vowels
• Step 3: Break the permutation cipher
Zhijun Li S1034040/Autumn08/HIT 55
Initial plaintext: 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
1st transposition: 03 10 17 24 04 11 18 25 02 09 16 23 01 08 15 22 05 12 19 26 06 13 20 27 07 14 21 28
2nd transposition: 17 09 05 27 24 16 12 07 10 02 22 20 03 25 15 13 04 23 19 14 11 01 26 21 18 08 06 28
Double Block Transposition
• Re-encryption using same block transposition– Example:
• Why more secure?
Zhijun Li S1034040/Autumn08/HIT 56
Introduction of Product Cipher
• Combine two transforms– Combine two same operators (iteration)
• Example: two permutation ciphers (1 2)
– Let the period of 1 is n1, the period of 2 is n2
– If n1=n2, then 1 2 = ?
– If n1|n2, then 1 2 = ?
– If gcd(n1, n2) = 1, then 1 2 = ?
– Combine two different operators• Example: Affine = Shift Hill (n=1)• Example: Substation Transposition
Zhijun Li S1034040/Autumn08/HIT 57
Summary
• Ciphers can be characterized by:– Number of keys used
• asymmetric or private / symmetric or public
• Classical Ciphers are asymmetric ciphers– Math transformations– Substitution
• Monoalphabetic / Polyalphabetic Substitution • Polygraphic Substitution
– Transpositions• Permutation / Block transpositions
– Product
Zhijun Li S1034040/Autumn08/HIT 58
Homework
• HTTP URL http://cst.hit.edu.cn/cryptography/
• Due Date