95-752:4-1 Encryption - I. 95-752:4-2 Definitions Plaintext: easy to understand form (original message) Ciphertext: difficult to understand form Encryption:

Presentation on theme: "95-752:4-1 Encryption - I. 95-752:4-2 Definitions Plaintext: easy to understand form (original message) Ciphertext: difficult to understand form Encryption:"— Presentation transcript:

95-752:4-1 Encryption - I

95-752:4-2 Definitions Plaintext: easy to understand form (original message) Ciphertext: difficult to understand form Encryption: encoding (plaintext -> ciphertext) Decryption: decoding (ciphertext -> plaintext) Cryptology: study of encryption Cryptography: use of encryption Cryptanalysis: breaking encryption

95-752:4-3 Cryptanalysts Role Break single message Recognize patterns to create decryption method Find general weakness in encryption algorithm

95-752:4-4 Breakable Encryption Feasible given time and data Brute force usually impractical Estimates based on current technology Just because the underlying scheme is based on a 'hard' problem doesn't mean that the cryptanalyst will attempt to solve it that way

95-752:4-5 Cryptanalyst’s tools Letter frequency data Prefix/suffix lists Letter pair/triple lists Common pattern lists

95-752:4-6 Encryption Algorithm Transformation: C=E(P) P=D(C) P=D(E(P)) Keyed – adds security even if algorithm is known Symmetric: C=E(k,P) P=D(k,C) Asymmetric: C=E(k 1,P) P=D(k 2,C)

95-752:4-7 Character Representation Enumeration – cyclic Y+3=B (24+3=1 with wrapping) Modulus Arithmetic –0 mod 26 = 0 –1 mod 26 = 1 –26 mod 26 = 0 –27 mod 26 = 1 ABCDE…XYZABC 01234…232425012

95-752:4-8 Caesar Cipher Julius Caesar – Gallic Wars Shift of three characters P= “ PROFESSIONAL COURTESY ” C=“ SURIHVVLRQDO GRXUWHVB ” Easy to use in the field Pattern is easy to spot and break ABCDEFGHIJKLMNOPQRSTUVWXYZ DEFGHIJKLMNOPQRSTUVWXYZABC

95-752:4-9 Cryptanalysis of Caesar Cipher Obvious break between words Double letters easy to spot Repeating letter patterns Small words easy to peg C=“ WKLV LV WRR HDVB ” THIS IS TOO __S_ small words THIS IS TOO EASY spot shift of 3

95-752:4-10 Keyed Monoalphabetic Ciphers Key Permutation (key has no repeating letters) Multiplicative Modulus (key is multiplier) –f(i) = (3*i) mod 26 –f(‘K’) = 3*10 mod 26 = 4 = ‘E’ ABCDEFGHIJKLMNOPQRSTUVWXYZ KEYABCDFGHIJLMNOPQRSTUVWXZ ABCDEFGHIJKLMNOPQRSTUVWXYZ ADGJMPSVYBEHKNQTWZCFI`LORUX

95-752:4-11 Monoalphabetic Ciphers Can be done by direct table lookup (easy in field) Time to encrypt/decrypt varies directly with length Betrayed by letter frequencies

95-752:4-12 Example Ciphertext: HQFUBSWLRQLVDPHDQVRIDWWDLWLWJ VHFXUHFRPSXWDWLRQRYHULQVHFXUH FKDQQHOVEBXVLQJHQFUBSWLRQZHGL VXLVHWHKPHVVDJH Plaintext: ENCRYPTIONISAMEANSOFATTAINGSE CURECOMPUTATIONOVERINSECURECH ANNELSBYUSINGENCRYPTIONWEDISG UISETHEMESSAGE

95-752:4-13 Letter Frequencies English vowel frequencies Ciphertext frequencies (104 letters) VowelAEIOU percent7.4914.06.677.373.0 VowelAEIOU percent00.96 4.81 LetterHLVQW percent13.511.59.62 8.65

95-752:4-14 Cryptoquote ZJ ZJZON CZYYZQP VKQVYK LDN D JQQYZLR ORZPE, ZP ZL LOZYY D JQQYZLR ORZPE. -- DPDOQYK JADPIK Sept 11, 2003 Pittsburgh Tribune-Review

95-752:4-15 Security of Monoalphabetic Ciphers Are they secure? –26! Possible ciphers –Modern computers – 10 years to brute force –NO! In long message letter frequencies betray text

95-752:4-16 Meaningful Observations 1.An encryption based on a hard problem is not secure just because of the difficulty of the problem 2.An encryption algorithm must be regular -- this is its weakness 3.A security measure must be strong enough to keep out the attacker only for the life of the data

95-752:4-17 Polyalphabetic Ciphers Flatten frequency distributions Conceal letter pairs Conceal prefixes/suffixes Example: (using multiplicative modulus) Odd positions use: f(i)=(3*i) mod 26 Even positions use: f(i)=((5*i)+13) mod 26

95-752:4-18 Vigenere Tableaux ABCDEFGHIJKLMNOPQRSTUVWXYZ BCDEFGHIJKLMNOPQRSTUVWXYZA CDEFGHIJKLMNOPQRSTUVWXYZAB DEFGHIJKLMNOPQRSTUVWXYZABC EFGHIJKLMNOPQRSTUVWXYZABCD FGHIJKLMNOPQRSTUVWXYZABCDE GHIJKLMNOPQRSTUVWXYZABCDEF HIJKLMNOPQRSTUVWXYZABCDEFG IJKLMNOPQRSTUVWXYZABCDEFGH JKLMNOPQRSTUVWXYZABCDEFGHI KLMNOPQRSTUVWXYZABCDEFGHIJ LMNOPQRSTUVWXYZABCDEFGHIJK MNOPQRSTUVWXYZABCDEFGHIJKL NOPQRSTUVWXYZABCDEFGHIJKLM OPQRSTUVWXYZABCDEFGHIJKLMN PQRSTUVWXYZABCDEFGHIJKLMNO QRSTUVWXYZABCDEFGHIJKLMNOP RSTUVWXYZABCDEFGHIJKLMNOPQ STUVWXYZABCDEFGHIJKLMNOPQR TUVWXYZABCDEFGHIJKLMNOPQRS UVWXYZABCDEFGHIJKLMNOPQRST

95-752:4-19 Using Vigenere Tableaux One method: 1.Choose a key 2.Break text into groups of five characters 3.Write key in repeating fashion 4.Use letter of key to establish column 5.Use letter of plaintext to establish row 6.Encrypt by using intercept of row and column 7.Decrypt by finding row with ciphertext in column

95-752:4-20 Vigenere Example Enciphering “Tale of Two Cities” using Key of “DICKENS” MIT WASTHEBESTOFTIMES KDICKE NSDIC KENSD ICKEN PITWASTHEBESTOFTIMESX CLBZKWGZHJGCXBXWQOOWK

95-752:4-21 Cryptanalysis of Polyalphabetic Ciphers Appears to be more secure More complex, but not immune from breaking Two tools: –Kasiski Method –Index of coincidence

95-752:4-22 Repeated Patterns English has regularities (letters, letter groups, words) that repeat Observations: 1.If code uses n alphabets in cyclic rotation, and if a particular letter sequence appears k times in the plaintext, it will be encoded approximately k/n times from the same alphabet 2.If letter sequence is encoded the same way twice, key must have gone through a whole number of rotations and be back at the same point 3.Distance between repeats is multiple of key length

95-752:4-23 Kasiski Method 1.Identify repeated patterns of three or more letters 2.Jot down starting position of each instance 3.Compute difference between starting points 4.Determine all factors of each difference 5.Key length is one of these factors

95-752:4-24 Example for Kasiski Method Kdickensdickensdicken PITWASTHEBESTOFTIMESI Ksdickensdickensdicke PTWASTHEWORSTOFTIMESI Knsdickensdicken sdick PTWASTJEAGEOFWISDOMIT Kensdickensdicke nsdic PWASTHEAGEOFFOOLISHNE Kkensdickensdickensdi PSSITWASTHEEPOCHOFBEL Kckensdickensdickensd PIEFITWASTHEEPOCHOFIN

95-752:4-25 Example of Kasiski Method Observe “itwasthe” is encrypted with the key “nsdicken” three times StartDistanceFactors 20------ 8363 (83-20)3,7,9,21,63 104 21(104-83)3,7,21 length(“dickens”)=7

95-752:4-26 Index of Coincidence Measure of variance between frequencies in distribution Divide message into pieces enciphered with same alphabet Measure variance of frequencies in distribution If measure approximates English alphabet, guess of number of alphabets is supported Alphabets123510large Measure.068.052.047.043.042.038

95-752:4-27 Perfect Cipher Flatten distributions to 0.038 Very large number of alphabets – one time pad Large non-repeating keys on a pad Each different, each used once and discarded Problems: Printing, distribution, storage

95-752:4-28 Use long nonrepeating sequence of numbers combined with plaintext Ciphertext does not give away key Method 1.Use binary of P 2.Xor binary of random number 3.Produces binary cipher text Vernam Cipher 1 0 1 1 0 1 1 1 1 0 0 0 0 1 0

95-752:4-29 Cracking Random Numbers Computers use algorithms to create ‘random’ numbers Multiplicative modulus r i+1 = (a*r i +b) mod n a, b, n carefully chosen; r i is initially seed Advantage: can reproduce series Disadvantage: long enough series may reveal seed, a, b, n

95-752:4-30 Known-Text Attacks Messages don’t have arbitrary content –Memo, Subject, To, From, Date, –Sender’s name, Receiver’s name –Organizational terms May also have messages where entire text is known By comparing ciphertext with known plaintext, can find patterns in encryption

95-752:4-31 Transposition Ciphers Don’t substitute characters, permute them Spartans used rods of fixed diameter and strips of parchment –Write across the wrappings –Read ciphertext along the wrappings –(works great with #2 pencils) In modern terms, use a matrix

95-752:4-32 Columnar Transposition Ciphers Key is number of columns in matrix, order of columns Ciphertext: TSHAI HAORT IGWTI SEARO ITCAN SOONW ASLSO MHUPR EOMOK SWNSS THISISAMES SAGETOSHOW HOWACOLUMN ARTRANSPOS ITIONWORKS

95-752:4-33 Analysis of Columnar Transposition Simple, but effective Work per character is constant, total proportional to message length Requires whole message in encryption buffer Letter frequency looks like monoalphabetic cipher Use digram and trigram frequency tables

95-752:4-34 Breaking Columnar Transposition Problem: Which columns are adjacent Break into strips and look for digrams & trigrams TI SITA HGCS AWALE ITNSO HISOM ASOMO OEOHK RANUS TRWPW ORN S S

95-752:4-35 Double Transpositions Use two columnar transpositions – one after the other, different numbers of columns –First transposition breaks up doubled letters –Second transposition breaks up short strings and reinforces first transposition Still monoalphabetic letter frequency More difficult to decrypt

95-752:4-36 Combination Ciphers Mix substitution and permutation ciphers Substitution for confusion of information Permutation for diffusion of information Done right, each supports the other All modern ciphers are combinations

95-752:4-37 Answer to Cryptoquote IF FIFTY MILLION PEOPLE SAY A FOOLISH THING, IT IS STILL A FOOLISH THING. -- ANATOLE FRANZE

95-752:4-38 Automated Ciphers Stream Ciphers: encrypt data as it comes –fast –low error propagation –information not diffused –susceptible to modification and insertion Block Ciphers: encrypt data in fixed-size blocks –Slower –Larger error propagation –Information may be diffused –harder to modify or insert into blocks

95-752:4-39 Data Encryption Standards 1972 – NBS issues call for proposals 1974 – IBM responds with “lucifer” (DEA) 1976 – DES adopted 1986 – DES re-certification denied 1997 – NIST issues call for AES proposals 1999 – 5 submissions selected as finalists 2001 – Rijndahl algorithm selected

95-752:4-40 DES Overview Combination cipher 16 rounds of combined substitution and transposition Plaintext encrypted in 64-bit blocks Keys are 56 bits long (plus 8 error bits) Uses only arithmetic and logical operations on 64-bit numbers

95-752:4-41 DES Modes All modes: same key and algorithm encrypts and decrypts ECB – Electronic code book / Native mode CBC – Cipher-block chaining OFB – Output feedback CFB – Cipher feedback

95-752:4-42 DES Algorithms Crypting algorithm – method of encryption or decryption Key scheduling algorithm – method of generating pieces of key needed for each round of crypting algorithm Parts: –Permutation boxes (p-boxes) –Substitution boxes (s-boxes) –exclusive OR (x-or)

95-752:4-43 Permutation Boxes Used as invertible initial and final disguise of information Fixed permutations at binary level

95-752:4-44 Substitution Boxes Confusion and non-linearity Interpret bits as numbers, pull replacement from table 6-bit input, 4-bit output –first and last bit pick row of table –middle four bits pick column of table –elements of table are 4-bit numbers Not invertible Rationale for values is still secret

95-752:4-45 S-Box Values Column Number Row No. 0123456789101112131415 01441312151183106125907 10157414213110612119538 24114813621115129731050 31512824917511314100613

95-752:4-46 DES Cycle 1.Crypting algorithm feeds 32 bits to cycle 2.Subject block to Permutation Expansion, converting 32 bits to 48 bits 3.XOR expanded block with 48 bits from key to make pre-S block 4.Apply S box 1.Break pre-S block into 8 six-bit chunks 2.Process each chunk through s-box in parallel 3.Result is 32-bit post-S block 5.post-S fed into final permutation to produce 32- bit cycle result

95-752:4-47 Crypting Algorithm 1.Input 64 bits of plaintext 2.Rearrange by initial permutation p-box 3.Split block 1.two 32-bit halves (left and right) 2.save copy of right half as R0 3.leave left half alone 4.Feed right to DES Cycle 5.XOR left with cycle result to be new right 6.R0 becomes new left 7.Repeat 3-6 sixteen times 8.Submit final block to inverse of initial permutation

95-752:4-48 Key Scheduling Algorithm Combination of shifts and permutation Shifts are determined from table Permutation selects 48 of 56 bits Produces 16 different slices from key Slices are normally computed before crypting

95-752:4-49 DES Weaknesses Brute force attacks somewhat practical Error affects entire block Must use feedback modes or each block encrypted in same way Weak key produces trivial breaking

95-752:4-50 Alternatives to DES Triple DES Third party encryption (Blowfish, IDEA) AES DESDES -1 DES k1k2k1

95-752:4-51 Advanced Encryption Standard Public competition, public royalty-free algorithms Five finalists all considered equally strong Rijndahl won because of efficiency and flexibility 128 bit block size Keys can be any multiple of 64 bits (128, 192 and 256 are standard)

95-752:4-52 AES Round State: represent 128 bits as a 4x4 matrix of bytes Substitution: replace bytes via a substitution table (defined by high-level algebra) Shift row of state Mix column of state Add round key

95-752:4-53 AES Structure Apply round n times, where n depends on key size: 9 for 128, 11 for 192, 13 for 256 Longer key sizes can be accommodated by increasing n. Each operation is very fast (add is actually an xor/shift) so algorithm is very efficient

95-752:4-54 AES Cryptanalysis No significant holes Algorithm is very regular (both good and bad) Algorithm is better than usual at diffusion Underlying algebra may make hidden shortcuts unlikely

Download ppt "95-752:4-1 Encryption - I. 95-752:4-2 Definitions Plaintext: easy to understand form (original message) Ciphertext: difficult to understand form Encryption:"

Similar presentations