Classical cryptography1

CRYPTOSYSTEMS &CRYPTOSYSTEMS &
AUTHENTICATIONAUTHENTICATION
Classical Cryptography-Substitution
Ciphers-permutation Ciphers-Block
Ciphers-DES Modes of Operation- AES-
Linear Cryptanalysis, Differential
Cryptanalysis- Hash Function -SHA
512- Message Authentication Codes-
HMAC - Authentication Protocols
UNIT II

Objectives
0To introduce basic concepts & terminology
of encryption
0To prepare us for studying modern
cryptography
IFETCE/M.E CSE/NE7202-NIS/Unit 2
2

Overview
0 Cryptography
0 Basic Terminology
0 Classical Cryptography
0 Substitution
0 Transposition
0 Product
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-3

What is Cryptography?
0 The idea of storing and transmitting data in a form
that only the authorized parties can interpret.
0 Process of making and using codes to secure
transmission of information

Cryptography
0 Can be characterized by:
0 type of encryption operations used
0 substitution / transposition / product
0 number of keys used
0 single-key or private / two-key or public
0 way in which plaintext is processed
0 block / stream

Basic terminology
0 Plaintext: original message to be encrypted
0 Ciphertext: the encrypted message
0 Enciphering or encryption: the process of converting
plaintext into ciphertext
0 Encryption algorithm: performs encryption
0 Two inputs: a plaintext and a secret key

Basic terminology
0 Deciphering or decryption: recovering plaintext from
ciphertext
0 Decryption algorithm: performs decryption
0 Two inputs: ciphertext and secret key
0 Secret key: same key used for encryption and decryption
0 Also referred to as a symmetric key

Cryptanalysis
0 Opponent whose goal is to break cryptosystem is the
adversary
0 Objective: to recover the plaintext of a ciphertext or,
more typically, to recover the secret key.
0 Kerkhoff’s principle: adversary knows algorithm used,
but not key
0 Two general approaches:
0 brute-force attack
0 non-brute-force attack (cryptanalytic attack)

Brute-Force Attack
0 Try every key to decipher the ciphertext.
0 On average, need to try half of all possible keys
0 Time needed proportional to size of key space
Key Size (bits) Number of Alternative
Keys
Time required at 1
decryption/µs
Time required at 106
decryptions/µs
32 232
= 4.3 × 109 231
µs = 35.8 minutes 2.15 milliseconds
56 256
= 7.2 × 1016 255
µs = 1142 years 10.01 hours
128 2128
= 3.4 × 1038
2127
µs = 5.4 × 1024
years 5.4 × 1018
years
168 2168
= 3.7 × 1050
2167
µs = 5.9 × 1036
years 5.9 × 1030
years
26 characters
(permutation)
26! = 4 × 1026
2 × 1026
µs = 6.4 × 1012
years 6.4 × 106
years

Cryptanalytic Attacks
0 Classified by how much information needed by the
attacker
0 Three types of attacks:
0 Ciphertext only: adversary has only ciphertext; goal is to find
plaintext, possibly key.
0 Known plaintext: adversary has ciphertext, corresponding
plaintext; goal is to find key
0 Chosen plaintext: adversary may supply plaintexts and obtain
corresponding ciphertext; goal is to find key
0 Chosen-ciphertext attack: adversary may choose ciphertext
and corresponding decrypted plaintext ; goal is to find key

Ciphertext-only attack
0 Given: a ciphertext c
0 Q: what is the plaintext m?
0 An encryption scheme is completely insecure if it
cannot resist ciphertext-only attacks.

Known-plaintext attack
0 Given: (m1,c1), (m2,c2), …, (mk,ck) and a new ciphertext c.
0 Q: what is the plaintext of c?
0 Q: what is the secret key in use?

Chosen-plaintext attack
0 Given: (m1,c1), (m2,c2), …, (mk,ck), where m1,m2, …, mk are
chosen by the adversary; and a new ciphertext c.
0 Q: what is the plaintext of c, or what is the secret key?

Chosen-Plaintext Attack
Crook #1 changes
his PIN to a number
of his choice
cipher(key,PIN)
PIN is encrypted and
transmitted to bank
Crook #2 eavesdrops
on the wire and learns
ciphertext corresponding
to chosen plaintext PIN
… repeat for any PIN value

Chosen-ciphertext attack
0 Given: (m1,c1), (m2,c2), …, (mk,ck), where c1,c2, …, ck are
chosen by the adversary; and a new ciphertext c.
0 Q: what is the plaintext of c, or what is the secret key?

Basis for Attacks
0 Mathematical attacks
0 Based on analysis of underlying mathematics
0 Statistical attacks
0 Make assumptions about the distribution of letters,
pairs of letters (digrams), triplets of letters (trigrams),
etc.
0 Called models of the language
0 Examine ciphertext, correlate properties with the
assumptions.

Statistical Attack
0 Compute frequency of each letter in ciphertext:
G 0.1 H 0.1 K 0.1 O 0.3
R 0.2 U 0.1 Z 0.1
0 Apply 1-gram model of English
0 Frequency of characters (1-grams) in English is on next
slide

Cryptology
CRYPTOLOGY
CRYPTOGRAPHY CRYPTANALYSIS
Private Key
(Secret Key)
Public Key
Block Cipher Stream Cipher Integer Factorization
Discrete Logarithm

More Definitions
0 Unconditional security
0 no matter how much computer power is available, the
cipher cannot be broken since the ciphertext provides
insufficient information to uniquely determine the
corresponding plaintext
0 Computational security
0 given limited computing resources (eg time needed for
calculations is greater than age of universe), the cipher
cannot be broken

Cryptosystem
0 Quintuple (E, D, M, K, C)
0 M set of plaintexts
0 K set of keys
0 C set of ciphertexts
0 E set of encryption functions e: M × K → C
0 D set of decryption functions d: C × K → M

Example
0 Example: Cæsar cipher
0 M = { sequences of letters }
0 K = { i | i is an integer and 0 ≤ i ≤ 25 }
0 E = { Ek | k ∈ K and for all letters m,
Ek(m) = (m + k) mod 26 }
0 D = { Dk | k ∈ K and for all letters c,
Dk(c) = (26 + c – k) mod 26 }
0 C = M

Ciphers
0Symmetric cipher: same key used for
encryption and decryption
0 Block cipher: encrypts a block of plaintext at a time
(typically 64 or 128 bits)
0 Stream cipher: encrypts data one bit or one byte at
a time
0Asymmetric cipher: different keys used for
encryption and decryption
25

Classical Cryptography
0Sender, receiver share common key
0 Keys may be the same, or trivial to derive
from one another
0 Sometimes called symmetric cryptography
0Two basic types
0 Transposition ciphers
0 Substitution ciphers
0 Combinations are called product ciphers

Classical Ciphers
0 Plaintext is viewed as a sequence of elements
(e.g., bits or characters)
0 Substitution cipher: replacing each element of
the plaintext with another element.
0 Transposition (or permutation) cipher:
rearranging the order of the elements of the
plaintext.
0 Product cipher: using multiple stages of
substitutions and transpositions
28

Substitution Ciphers
0 Change characters in plaintext to produce
ciphertext
0 Monoalphabetic Substitution
0 Each plaintext character is mapped onto a unique
character of a ciphertext.
0 Polyalphabetic Substitution
0 Each plaintext character can be mapped onto m
alphabetic characters of a ciphertext.

Monoalphabetic Ciphers
0 Shift Cipher(Ceaser)
0 Substitution Cipher
0 Playfair Cipher
0 Affine Cipher
0 Hill Cipher

1.Caesar Cipher
0 Earliest known substitution cipher
0 Invented by Julius Caesar
0 Each letter is replaced by the letter three positions further
down the alphabet.
Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
0 Example: ohio state  RKLR VWDWH

Caesar Cipher
0Mathematically, map letters to numbers:
a, b, c, ..., x, y, z
0, 1, 2, ..., 23, 24, 25
0Then the general Caesar cipher is:
c = EK(p) = (p + k) mod 26
p = DK(c) = (c – k) mod 26
0Can be generalized with any alphabet.

Cryptanalysis of Caesar
Cipher
0 Only have 26 possible ciphers
0 A maps to A,B,..Z
0 Could simply try each in turn
0 A brute force search
0 Given ciphertext, just try all shifts of letters
0 Do need to recognize when have plaintext
0 Eg. break ciphertext "GCUA VQ DTGCM"

2.Monoalphabetic Cipher
0 Shuffle (jumble) the letters arbitrarily
0 Each plaintext letter maps to a different
random ciphertext letter
0 Hence key is 26 letters long
Plain letters: abcdefghijklmnopqrstuvwxyz
Cipher letters: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

Monoalphabetic Cipher
Security
0 Now have a total of 26! = 4 x 1026
keys
0 With so many keys, might think is secure
0 But not secure against some cryptanalytic
attacks.
0 Problem is language characteristics

Language Statistics and
Cryptanalysis
0 Human languages are not random.
0 Letters are not equally frequently used.
0 In English, E is by far the most common letter,
followed by T, R, N, I, O, A, S.
0 Other letters like Z, J, K, Q, X are fairly rare.
0 There are tables of single, double & triple
letter frequencies for various languages

English Letter Frequencies

Statistics for double & triple
letters
0 In decreasing order of frequency
0 Double letters:
th he an in er re es on, …
0 Triple letters:
the and ent ion tio for nde, …

Use in Cryptanalysis
0 Key concept - monoalphabetic substitution ciphers do not
change relative letter frequencies
0 To attack, we
0 calculate letter frequencies for ciphertext
0 compare this distribution against the known one
0 If caesar cipher look for common peaks/troughs
0 peaks at: A-E-I triple, NO pair, RST triple
0 troughs at: JK, X-Z
0 For monoalphabetic must identify each letter
0 tables of common double/triple letters help

Example Cryptanalysis
0 Given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
0 Count relative letter frequencies
0 Guess P & Z are e and t
0 Guess ZW is th and hence ZWP is the
0 Proceeding with trial and error finally get:
it was disclosed yesterday that several informal but
direct contacts have been made with political
representatives of the viet cong in moscow

3.Playfair Cipher
Not even the large number of keys in a monoalphabetic
cipher provides security
One approach to improving security was to encrypt
multiple letters
Playfair Cipher was invented by Charles Wheatstone in
1854, but named after his friend Baron Playfair

Playfair Key Matrix
0 A 5X5 matrix of letters based on a keyword
0 Fill in letters of keyword
0 Fill rest of matrix with other letters
0 Eg. using the keyword MONARCHY
MM OO NN AA RR
CC HH YY BB DD
EE FF GG I/JI/J KK
LL PP QQ SS TT
UU VV WW XX ZZ

Encrypting and Decrypting
0Plaintext is encrypted two letters at a time
1. if a pair is a repeated letter, insert filler like
'X’
2. if both letters fall in the same row, replace
each with letter to right (wrapping back to
start from end)
3. if both letters fall in the same column,
replace each with the letter below it
(wrapping to top from bottom)
4. otherwise each letter is replaced by the
letter in the same row and in the column of
the other letter of the pair

Security of Playfair Cipher
0 Equivalent to a monoalphabetic cipher with
an alphabet of 26 x 26 = 676 characters.
0 Security is much improved over the simple
monoalphabetic cipher.
0 Widely used for many years
eg. by US & British military in WW1 and WW2
0 Once thought to be unbreakable.
0 Actually, it can be broken, because it still
leaves some structure of plaintext intact.

4.Affine Ciphers
}25,24,,2,1,0{26 =Z
1)26,gcd( =a
)( baxy +=

The affine cipher uses a pair of keys in which
the first key is from 26* and the second is
from 26.
The size of the key domain is 26 × 12 = 312.
Use an affine cipher to encrypt the message “hello”
with the key pair (7,
2).
Example 3.10
Example

0 If Alice chooses m=26, (a,b)=(7,3) and encrypts the
German word “bald” with the affine cipher, what is the
ciphertext?
Excercise

5.Hill Cipher
0 Takes two or three or more letter combinations to the
same size combinations, e.g. “the”  “rqv”
0 Uses simple linear equations
0 An example of a “block” cipher encrypting a block of
text at a time
0 Numbered alphabet: a = 0, b = 1, c = 3, etc.

Letter to Number Substitution
A B C D E F G H I J K L M
0 1 2 3 4 5 6 7 8 9 10 11 12
N O P Q R S T U V W X Y Z
13 14 15 16 17 18 19 20 21 22 23 24 25

Modular Inverses of Mod 26
A 1 3 5 7 9 11 15 17 19 21 23 25
A-1
1 9 21 15 3 19 7 23 11 5 17 25
Example – Find the Modular Inverse of 9 for Mod 26
9 · 3 = 27
27 Mod 26 = 1
3 is the Modular Inverse of 9 Mod 26

Encryption
0 Assign each letter in alphabet a number between 0
and 25
0 Change message into 2 x 1 letter vectors
0 Change each vector into 2 x 1 numeric vectors
0 Multiply each numeric vector by encryption matrix
0 Convert product vectors to letters

Change Message to Vectors
Message to encrypt = HELLO WORLD

Convert Numbers to Letters
“hello world” has been encrypted
to SLHZY ATGZT

Decryption
0 Change message into 2 x 1 letter vectors
0 Change each vector into 2 x 1 numeric vectors
0 Multiply each numeric vector by decryption matrix
0 Convert new vectors to letters

Change Message to Vectors
Ciphertext to decrypt = SLHZYATGZ

Convert Numbers to Letters
SLHZYATGZT has been decrypted to
“hello world”

Exercise
C1 9 18 10 p1
C2 = 16 21 1 p2 (mod 26)
C3 5 12 23 p3
0 Encrypt the plaintext “pay more money” with the
given key

Polyalphabetic Substitution
Ciphers
0 A sequence of monoalphabetic ciphers (M1, M2,
M3, ..., Mk) is used in turn to encrypt letters.
0 A key determines which sequence of ciphers to
use.
0 Each plaintext letter has multiple corresponding
ciphertext letters.
0 This makes cryptanalysis harder since the letter
frequency distribution will be flatter. vc

1.Vigenère Cipher
0 Simplest polyalphabetic substitution cipher
0 Effectively multiple caesar ciphers
0 Key is multiple letters long K = k1 k2 ... kd
0 ith
letter specifies ith
alphabet to use
0 Use each alphabet in turn
0 Repeat from start after d letters in message
0 Decryption simply works in reverse

Example of Vigenère Cipher
0 Keyword: deceptive
key:
deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:
ZICVTWQNGRZGVTWAVZHCQYGLMGJ

Security of Vigenère Ciphers
0 There are multiple ciphertext letters corresponding
to each plaintext letter.
0 So, letter frequencies are obscured but not totally
lost.
0 To break Vigenere cipher:
1. Try to guess the key length. How?
2. If key length is N, the cipher consists of N Caesar
ciphers. Plaintext letters at positions k, N+k, 2N+k,
3N+k, etc., are encoded by the same cipher.
3. Attack each individual cipher as before.IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-66

Guessing the Key Length
0 Main idea: Plaintext words separated by multiples
of the key length are encoded in the same way.
0 In our example, if plaintext = “…thexxxxxxthe…”
then “the” will be encrypted to the same ciphertext
words.
0 So look at the ciphertext for repeated patterns.
0 E.g. repeated “VTW” in the previous example
suggests a key length of 3 or 9:
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
0 Of course, the repetition could be a random fluke.
0 Then attack each monoalphabetic cipher
individually using same techniques as before

2.Vernam Cipher/
0 Ultimate defense is to use a key as long as the plaintext
with no statistical relationship to it
0 Invented by AT&T engineer Gilbert Vernam in 1918
0 Originally proposed using a very long but eventually
repeating key

Vernam cipher
random key bits K1, K2,…, Kn
plaintext bits P1, P2,…, Pn
+
P1 ⊕ K1, P2 ⊕ K2,…, Pn ⊕ Kn
ciphertext bits
How do you decrypt using the Vernam cipher?

3.One-Time Pad
0 If a truly random key as long as the message is
used, the cipher will be secure
0 Called as One-Time pad
0 It is unbreakable since ciphertext bears no
statistical relationship to the plaintext
0 Since for any plaintext & any ciphertext there
exists a key mapping one to other
0 Can use the key only once though
0 Problems in generation & safe distribution of key

One-Time Pad
0 The message is represented as a binary string (a
sequence of 0’s and 1’s using a coding mechanism
such as ASCII coding.
0 The key is a truly random sequence of 0’s and 1’s of
the same length as the message.
0 The encryption is done by adding the key to the
message modulo 2, bit by bit. This process is often
called exclusive or, and is denoted by XOR. The symbol
⊕ is used

Example
0message =‘IF’
0then its ASCII code =(1001001 1000110)
0key = (1010110 0110001)
0Encryption:
0 1001001 1000110 plaintext
0 1010110 0110001 key
0 0011111 1110110 ciphertext
0Decryption:
0 0011111 1110110 ciphertext
0 1010110 0110001 key
0 1001001 1000110 plaintext

4.Rotor Cipher
0 Before modern ciphers, rotor machines were most common
complex ciphers in use.
0 Widely used in WW2.
0 Used a series of rotating cylinders.
0 Implemented a polyalphabetic substitution cipher of period K.
0 With 3 cylinders, K = 263
=17,576.
0 With 5 cylinders, K = 265
=12 x 106
.

Rotor Cipher
A three letter word such as “bee” is encrypted as
“BCA”.

Enigma Machine
Originally invented by Sherbius, but was modified
by the German army and extensively used during
World War II.

Enigma Rotor Machine

Transposition Ciphers
0 Also called permutation ciphers.
0 A transposition cipher reorders symbols.
0 Can recognise these since have the same
frequency distribution as the original text

1.Rail Fence cipher
0 Write message letters out diagonally over a
number of rows
0 Then read off cipher row by row
0 For example to send the message “Meet
me at the park” to Bob, Alice writes
0 Ciphertext
MEMATEAKETETHPR

2.Row Transposition Ciphers
0 Plaintext is written row by row in a rectangle.
0 Ciphertext: write out the columns in an order
specified by a key.
Key: 3 4 2 1 5 6 7
Plaintext:
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Slide #9-80

• The ciphers are vulnerable to several kinds of
ciphertext-only attacks.
• Statistical Attack:
A transposition cipher does not change the
frequency of letters in ciphertext, but dose
not preserve the frequency of digrams and
trigrams.
• Brute-Force Attack:
The number of keys can be huge (1! + 2! + … +
L!), where L is the length of the
ciphertext.
A better approach is to guess the number of
columns.
Transposition Cipher-Cryptanalysis

Product Ciphers
0 Ciphers using substitutions or transpositions are
not secure because of language characteristics
0 Consider using several ciphers in succession to
make harder, but:
0 two substitutions make a more complex substitution
0 two transpositions make more complex transposition
0 Uses a sequence of substitutions and
transpositions
0 Harder to break than just substitutions or
transpositions
0 This is a bridge from classical to modern ciphers

Stream Ciphers
Call the plaintext stream P, the ciphertext stream
C,
and the key stream K.

Block Ciphers
• In a block cipher, a group of plaintext
symbols of size m (m > 1) are encrypted
together creating a group of ciphertext of
the same size.
• A single key is used to encrypt the whole
block even if the key is made of multiple
values.

Playfair ciphers are block ciphers.
The size of the block is m = 2.
Two characters are encrypted together.
Example 1
Hill ciphers are block ciphers.
A block of plaintext, of size 2 or more
is encrypted together using a single key (a
matrix).
In these ciphers, the value of each character in the
ciphertext
depends on all the values of the characters in the
plaintext.
Although the key is made of m × m values,
it is considered as a single key.
Example 2
Block Ciphers

Classical to Modern Cryptography
0 Classical cryptography
0 Encryption/decryption done by hand
0 Modern cryptography
0 Computers to encrypt and decrypt
0 Same principles, but automation allows ciphers to
become much more complex

Summary
0 Cryptography-Definitions
0 Cryptanalysis
0 Classical Cryptography
0 Substitution
0 Transposition
0 Product
0 Steam cipher
0 Block Cipher

Classical cryptography1

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (14)

En vedette

En vedette (18)

Similaire à Classical cryptography1

Similaire à Classical cryptography1 (20)

Dernier

Dernier (20)

Classical cryptography1

Notes de l'éditeur