Modern Cryptanalysis

Techniques for Advanced Code Breaking

Christopher Swenson

® WILEY

Wiley Publishing, Inc.

Contents

Acknowledgments

Introduction

Chapter 1

Chapter 2

Simple Ciphers Monoalphabetic Ciphers Keying

Keyed Alphabets ROT13 Klingon

Polyalphabetic Ciphers Vigenere Tableau

Transposition Ciphers Columnar Transpositions Double Columnar Transpositions

Cryptanalysis Breaking Monoalphabetic Ciphers

Frequency Analysis Index of Coincidence Other Issues

Breaking Polyalphabetic Ciphers Breaking Columnar Transposition Ciphers Breaking Double Columnar Transposition Ciphers

Summary Exercises

Number Theoretical Ciphers Probability

Permutations and Choices

ix

xix

1 2 4 4 5 6 7 7 9 9

10 11 11 11 12 15 15 18 21 23 23

25 25 26

xiii

xiv Contents

Dependence 27 Fun with Poker 28

The Birthday Paradox 32 Cryptographic Hashes 37

Number Theory Refresher Course 38 Divisibility and Prime Numbers 39 Congruences 39

Algebra Refresher Course 43 Definitions 43 Finite Field Inverses 46

Factoring-Based Cryptography 49 The RSA Algorithm 49

Discrete Logarithm-Based Cryptography 51 The Diffie-Hellman Algorithm 51

Elliptic Curves 52 Addition of Points 53 Elliptic Curve Cryptography 57 Elliptic Curve Diffie-Hellman 59

Summary 59 Exercises 59

Chapter 3 Factoring and Discrete Logarithms 61 Factorization 61 Algorithm Theory 62

Notation 64 A Crash Course in Python 65

Exponential Factoring Methods 67 Brute-Force 68

Analysis 69 Fermat's Difference of Squares 70

Analysis of Fermat's Difference of Squares 72 Pollard's p 71

Analysis of Pollard's p 73 Pollard's p - 1 75

Analysis of Pollard's p — 1 75 Square Forms Factorization 76

Analysis of SQUFOF 77 Elliptic Curve Factorization Method 77

Analysis ofECM 78 Subexponential Factoring Methods 78

Continued Fraction Factorization 79 Analysis of CFRAC 80

Sieving Methods 80 Discrete Logarithms 81

Brute-Force-Methods 82 Baby-Step Giant-Step Method 82

Baby-Step Giant-Step Analysis 83

Contents xv

Chapter 4

PoUard's p for Discrete Logarithms Analysis of PoUard's p for Discrete Logarithms

PoUard's X for Discrete Logarithms Analysis of PoUard's X

Index Calculus Mcthod Summary Exercises

Block Ciphers Operations on Bits, Bytes, Words

Operations Code

Product Ciphers Substitutions and Permutations

S-Box P-Box Shift Registers

Substitution-Permutation Network EASY1 Cipher

Python Implementation Feistel Structures DES

DES Key Schedule DES Round Function Triple DES DESX

FEAL S-function Key-Generating Function: f̂ Round Function: f Key Scheduling

Blowfish Blowfish Key Schedule Blowfish Algorithm Blowfish Round Function Notes on Blowfish

AES / Rijndael Rijndael Encryption Algorithm

SubBytes ShiftRows MixColumns AddRoundKey

Rijndael Decryption Algorithm Key Expansion Notes on Rijndael

Block Cipher Modes Electronic Code Book

83 85 85 86 86 86 87

91 92 93 95 95 96 96 98

100 100 102 102 106 110 111 111 112 113 114 114 116 117 119 120 120 121 121 122 122 123 124 125 125 127 127 128 129 129 129

xvi Contents

Cipher Block Chaining 131 Cipher Feedback 132 Output Feedback 133 Counter Mode 134

Skipjack 134 Skipjack Encryption Algorithm 134 Skipjack Decryption Algorithm 136 Permutations 136

Message Digests and Hashes 136 Checksums 139 Cyclic Redundancy Checks 139 MD5 140 SHA-1 141

Random Number Generators 143 Bias 143 Linear Congruential Random Number Generator 144

One-Time Päd 145 Summary 147 Exercises 147

Chapter 5 General Cryptanalytic Methods 149 Brute-Force 150 Time-Space Trade-offs 151

Meet-in-the-Middle Attack 151 Hellman Time-Space Trade-off 153 Time-Space Trade-off Success 154 Flaws 155 Multi-Table Trade-off 155 Rivest's Distinguished Endpoints 156

Rainbow Tables 156 Advantages of Rainbow Tables 157 Microsoft LAN Manager Password Hash 158

Slide Attacks 158 Slide Attacks on Feistel Ciphers 160 Advanced Slide Attacks 161

Cryptanalysis of Hash Functions 162 Cryptanalysis of Random Number Generators 163 Summary 165 Exercises 165

Chapter 6 Linear Cryptanalysis 167 Overview 168 Matsui's Algorithms 169 Linear Expressions for S-Boxes 171 Matsui's Piling-up Lemma 174 Easyl Cipher 175 Linear Expressions and Key Recovery 179

Contents xvii

Linear Cryptanalysis of DES Multiple Linear Approximations Finding Linear Expressions Linear Cryptanalysis Code Summary Exercises

Differential Cryptanalysis Overview Notation S-Box Differentials Combining S-Box Characteristics Key Derivation Differential Cryptanalysis Code Differential Cryptanalysis of Feistel Ciphers

Differential Cryptanalysis of FEAL Differential Cryptanalysis of DES

Analysis Differential-Linear Cryptanalysis Conditional Characteristics Higher-Order Differentials Truncated Differentials Impossible Differentials Boomerang Attack Interpolation Attack Related-Key Attack

Related-Key Attack on GOST Related-Key Attack on 3DES

Summary Exercises

181 184 185 187 191 192

195 195 196 197 200 202 203 206 207 207 210 211 212 214 216 217 220 222 223 224 225 226 226

Index 229