8/9/2019 Corsello Cryptography Paper Spring 2009
1/10
Corsello Research Foundation
CryptographyConcepts of cryptography and computational methods
michael.corsello
3/28/2009
8/9/2019 Corsello Cryptography Paper Spring 2009
2/10
Abstract
Cryptography is the practice of rendering information unintelligible to all but a selected set of recipients.
This practice has been used for over a thousand years in various forms, such as the simple Caesar
ciphers reported to have been used in ancient Rome. Modern cryptography is computer based,
intensely mathematical in nature, and largely infeasible to defeat. Most attacks on modern
cryptographic systems involve weaknesses in the randomness of output generated. This paper will
discuss some of the cryptographic methodologies and attack vectors for these systems.
8/9/2019 Corsello Cryptography Paper Spring 2009
3/10
Michael Corsello Cryptography Paper CSci 283 Computer Security
P a g e | 1 Cryptography
Introduction
Cryptography is the practice of rendering information unintelligible for all but a selected group. This is
accomplished through the use of shared secrets (keys) or complementary information (key pairs). The
process used in cryptography includes 2 phases: encryption and decryption. Encryption is the process of
converting plaintext into unintelligible ciphertext through the use of some process involving a key
or keys. Decryption is the reverse process of converting the ciphertext back into the original
plaintext through the use of the same key or keys or via a complementary key (as in public key
cryptography).
Types of Ciphers
Early cryptographic systems involved concepts such as substitution where characters of the plaintext
were replaced with corresponding characters in a substitution key or transposition where characters
were moved around in conjunction with a key in the form of a rule set. Over time, these manual
forms of cryptographic systems were found to be defeated with minimal effort in excess of the effort
used to encrypt the information. A continual need to maintain the confidentiality of information has
lead to the continual improvement in cryptographic systems ever since.
Substitution Ciphers
A single substitution cipher is the simplest form of cipher and is performed by substituting one character
for another in a consistent manner. For example, the character a is substituted with the character
m and the character p is substituted with the character g until each possible character in plaintext
has a single corresponding character in the substitution set (key). This form of cipher is easily broken
using frequency analysis where an expected frequency of each character in plaintext is known (primarily
works for natural language plaintext and not for other forms of plaintext). For example, the relative
frequency of the letter e is well known in the English language. By performing this analysis on a
8/9/2019 Corsello Cryptography Paper Spring 2009
4/10
Michael Corsello Cryptography Paper CSci 283 Computer Security
P a g e | 2 Cryptography
ciphertext, the probable substituted character can be ascertained. Since the substitution is one to one,
the frequencies hold and can be built up as individually discovered.
A stronger form of substitution cipher involves the use of multi-substitution, where each plaintext
character maps to more than one ciphertext character in the key. This form of cipher requires the key
to contain more distinct characters than the source alphabet to ensure a reversal is possible. This form
of substitution provides a limited resistance to frequency analysis, but is still broken using these same
techniques over a longer period of time.
Transposition Ciphers
Transposition ciphers perform a permutation of the plaintext to generate ciphertext. This process
involves altering the positions of characters within the plaintext using a key that defines a regular
system for this transposition. This form of cipher often develops the plaintext into a two dimensional
matrix and reads out the ciphertext in the opposing direction to the generation of the matrix. For
example, the key may define a column oriented generation of the matrix of order 5. In this manner, the
plaintext is placed into the 5 columns sequentially character by character until all plaintext is entered.
The ciphertext is then read out in a row oriented manner.
In this form of cipher, the text Hello, Welcome home you merry gentlemen. would be generated into
the matrix:
H , c h y e g e
e o o o r e m
l W m m u r n e
l e e e y t n
O l m l .
8/9/2019 Corsello Cryptography Paper Spring 2009
5/10
Michael Corsello Cryptography Paper CSci 283 Computer Security
P a g e | 3 Cryptography
This matrix is then read out in a row oriented manner to produce the ciphertext H,chyegee
oooremlWmmurneleee ytnol m l..
There are many form of transposition ciphers, which will transform the plaintext into a matrix based
upon one rule, and read out ciphertext from the matrix based upon a second rule. The combination of
these 2 rules forms the key. While in the example we read out the ciphertext in a row oriented manner,
it is practical to read out the ciphertext in other manners as well, such as radially inward from some
origin position in the matrix, as long as the ciphertext generation method is not the inverse of the matrix
generation method (ciphertext would be equivalent to the plaintext).
For further protection, multiple transpositions may be used in series to further complicate the path and
thus the breaking of the cipher. When used in conjunction with a multi-alphabetic substitution cipher,
the cipher can be quite challenging to break. Unfortunately, with computational assistance, even these
can be broken in short enough times to be largely ineffective at practical protection of information.
Modern Ciphers
In modern cryptography there are 2 basic classes of cryptosystem: symmetric (private key) and
asymmetric (public key). The classic form of cryptography is symmetric, in that the encryption and
decryption of a message both use the same key, which is a shared secret between the sender and
recipients. The creation of asymmetric cryptography was a major breakthrough in which there is a pair
of keys, one private to decrypt and one that is public to encrypt. This permits a recipient of a message
to provide a key freely to the world without fear of compromise. Unfortunately, this also results in a
form of the N-way problem in that each recipient of a message has to provide their individual public key
and the message is repeatedly encrypted to each recipient. This was ameliorated by the use of a hybrid
system in which the actual message is encrypted with a symmetric key, and only that key is encrypted
8/9/2019 Corsello Cryptography Paper Spring 2009
6/10
Michael Corsello Cryptography Paper CSci 283 Computer Security
P a g e | 4 Cryptography
repeatedly for each recipient. In this manner, as long as the number of recipients is small, a single
message can contain the ciphertext and all encrypted copies of the symmetric key.
Operations
The actual operations performed in any cryptosystem is generally an exclusive-or (XOR) in which the
binary data (zeros and ones) are operated on with a simple logic rule: if exactly one of the 2 bits being
compared are a one, then output a one; otherwise, output a zero. In a truth table, the XOR operation
looks like this:
XOR 0 1
0 0 1
1 1 0
In a simple encryption / decryption scheme, the plaintext can be directly bitwise XORed against the key,
and returned to plaintext via the same operation. This is the general backbone operation of most
modern digital cryptographic methodologies.
Randomness
In talking about cryptography, the subject of generating random values for keys and random values for
starting points within a process become quite natural. A key for modern cryptography will be at least
256-bits in length and will often be over 1024-bits in length (especially for public key systems).
Additionally, there are other random numbers used within the cryptographic processing in conjunction
with the actual encryption / decryption process. The generation of these random values must be
automatic and therefore, machine generated.
While there are several mechanisms for generating random numbers, they are all based upon one
principle governing all computers, they are generated using an algorithm that is by definition
8/9/2019 Corsello Cryptography Paper Spring 2009
7/10
Michael Corsello Cryptography Paper CSci 283 Computer Security
P a g e | 5 Cryptography
deterministic. This means that any computer using the same algorithm for generating the random
number will generate the same exact sequence of numbers. This is what is known as pseudo-random
and is the basis (and primary weakness) of modern cryptosystems. These pseudo-random numbers
(PRNs) and their generators (PRNGs) are varied in strength, speed and predictability. For instance, many
operating systems (OSes) have multiple random number generators that are used. The primary one
used in applications is a general purpose random number generator which is not to be used for
cryptographic purposes. Additionally, these OSes will have multiple cryptographic strength PRNGs
specifically for use in cryptographic implementations.
For specialized cryptosystems, hardware PRNGs are used and in both hardware and software, one
common mechanism for PRNG is the linear feedback shift register (LFSR). This form of PRNG has a
maximum sequence length of PRN generation until a repeating sequence is generated. In other words,
there is a certain number of uniquely pseudo-random bits that are generated until the exact same
sequence of bits repeats. If this sequence length is the maximum possible given the internal register
(memory) size, this is a maximal LFSR. Based upon the needs of the PRNG (and applications using it), the
minimum practical size LFSR (bigger is exponentially more costly) can be selected for use.
Classes of Ciphers
There are generally two broad classes of ciphers: block and stream. Most all modern cryptosystems fall
into one of these two categories, with the majority of strong cryptosystems being of the block type.
Stream Ciphers
A stream cipher is a symmetric key cipher that works like a zipper where the 2 halves of the zipper are
the plaintext and key, with the zipped output being the ciphertext. The operation that performs the
union of the streams is generally just an XOR. The operation happens on a bit-by-bit or byte-by-byte
manner throughout the plaintext stream. The primary benefit of a stream cipher is speed and low
8/9/2019 Corsello Cryptography Paper Spring 2009
8/10
Michael Corsello Cryptography Paper CSci 283 Computer Security
P a g e | 6 Cryptography
memory utilization as both inputs and the output are streams that could be mapped to or from any
location (memory, network or disk).
Due to the streaming nature of the key, it must be capable of long non-repeating periods with respect to
the plaintext stream length. Additionally, the starting point of the stream cipher with respect to its state
is of great importance to its security. If the same key sequence is used more than once (or seed to
generate the key sequence), then the cipher can be compromised by temporal analysis. The starting
point of a stream within the keystream also can lead to variation when key reuse or restart is needed.
Block Ciphers
The workhorse of modern ciphers are the block ciphers. A block cipher is a symmetric key cipher that
operates over a block of data of fixed size using a fixed algorithmic transform. The primary
cryptosystems in use in the USA (AES and Triple DES) are both block ciphers. A block cipher works much
like a transposition cipher in that an input block of fixed size is transformed into an internal structure
that is then operated on in conjunction with the key. These operations may be performed in iterations
to further randomize the appearance of the output ciphertext. In many block cryptosystems, not all of
the iterations will utilize the plaintext and the key, instead only performing operations on the plaintext
to increase the randomness and reduce the linearity of the original input.
Perfect Ciphers
There is one theoretically perfect method of cryptography, the onetime pad (OTP). In this form of
cipher, a plaintext message is encrypted using a corresponding key of at least the same length as the
plaintext message. Each character in the plaintext is operated on based upon the corresponding
character in the key. This operation is commonly an XOR operation or summation. The resulting
ciphertext can only be decrypted using the same key, and that key is NEVER REUSED. The problem with
the OTP is the reuse of the key and the exchange of the key with the recipients. Since the key is at least
8/9/2019 Corsello Cryptography Paper Spring 2009
9/10
Michael Corsello Cryptography Paper CSci 283 Computer Security
P a g e | 7 Cryptography
the same length of the message, it requires a minimum of double the transmission space, one for the
ciphertext and one for the key, which must be protected.
The OTP methodology was patented in a device by Gilbert Vernam and named the Vernam Cipher
(1917). This device used a paper tape key that is prepared and shared a priori to the exchange of
messages.
The practical use of the OTP is limited, though it is used in part in the RC4 cipher system in use today.
The most common practical use of a OTP cipher is based upon a priori agreement of parties to select a
text (an actual book such as a specific edition and printing of an encyclopedia). Each message to be sent
between parties will indicate an identifier that indicates where in that text to begin the key. The sender
will then encrypt the message based upon the plaintext and the text of the larger key text. In this
manner, the actual text may be reused with different starting points over time. It is believed that such
ciphers are currently in use by covert organizations using internet based text volumes on sites such as
Project Gutenburg (http://www.gutenberg.org).
Conclusions
Cryptography is a branch of mathematics that has far reach in everyday life and has so for over a
thousand years. The history of cryptography is quite rich and has provided us with many ways of
protecting information from prying eyes. Even with all the advances, there is still only one truly
unbreakable (except by luck and brute force) cipher, which is generally one of the more low-tech and
impractical ciphers in existence. Given all of that, the cryptographic mechanisms of today are still
resistant enough to attack that for all but the most sensitive of information, there are no deterministic
methods to break them in a practical timeframe. Overall, we are most vulnerable to defeating modern
cryptosystems due to the inherent difficulty in generating truly random information to use for keys.
http://www.gutenberg.org/http://www.gutenberg.org/http://www.gutenberg.org/http://www.gutenberg.org/8/9/2019 Corsello Cryptography Paper Spring 2009
10/10
Michael Corsello Cryptography Paper CSci 283 Computer Security
P a g e | 8 Cryptography
References
Bishop, M. (2003). Computer Security. Boston: Addison Wesley.
"Block cipher." Wikipedia, The Free Encyclopedia. 19 Mar 2009, 12:46 UTC. 28 Mar 2009
.
"Cryptography." Wikipedia, The Free Encyclopedia. 27 Mar 2009, 13:58 UTC. 28 Mar 2009
.
"Gilbert Vernam." Wikipedia, The Free Encyclopedia. 20 Mar 2009, 15:54 UTC. 28 Mar 2009
.
"Linear feedback shift register." Wikipedia, The Free Encyclopedia. 8 Mar 2009, 02:50 UTC. 28 Mar 2009
.
"Stream cipher." Wikipedia, The Free Encyclopedia. 8 Mar 2009, 10:27 UTC. 28 Mar 2009.
"Substitution cipher." Wikipedia, The Free Encyclopedia. 17 Mar 2009, 12:52 UTC. 28 Mar 2009
.
"Transposition cipher." Wikipedia, The Free Encyclopedia. 18 Jan 2009, 17:49 UTC. 28 Mar 2009
.
http://en.wikipedia.org/w/index.php?title=Block_cipher&oldid=278319061http://en.wikipedia.org/w/index.php?title=Cryptography&oldid=280008317http://en.wikipedia.org/w/index.php?title=Cryptography&oldid=280008317http://en.wikipedia.org/w/index.php?title=Gilbert_Vernam&oldid=278551236http://en.wikipedia.org/w/index.php?title=Linear_feedback_shift_register&oldid=275728948http://en.wikipedia.org/w/index.php?title=Stream_cipher&oldid=275784503http://en.wikipedia.org/w/index.php?title=Substitution_cipher&oldid=277852434http://en.wikipedia.org/w/index.php?title=Substitution_cipher&oldid=277852434http://en.wikipedia.org/w/index.php?title=Transposition_cipher&oldid=264902633http://en.wikipedia.org/w/index.php?title=Transposition_cipher&oldid=264902633http://en.wikipedia.org/w/index.php?title=Transposition_cipher&oldid=264902633http://en.wikipedia.org/w/index.php?title=Substitution_cipher&oldid=277852434http://en.wikipedia.org/w/index.php?title=Stream_cipher&oldid=275784503http://en.wikipedia.org/w/index.php?title=Linear_feedback_shift_register&oldid=275728948http://en.wikipedia.org/w/index.php?title=Gilbert_Vernam&oldid=278551236http://en.wikipedia.org/w/index.php?title=Cryptography&oldid=280008317http://en.wikipedia.org/w/index.php?title=Block_cipher&oldid=278319061