1. Classical Encryption Techniques Lecture slides adapted from Lawrie Brown 1

2. Chapter 2 – Classical Encryption Techniques Many savages at the present day regard their names as vital parts of themselves, and therefore take great pains to conceal their real names, lest these should give to evil-disposed persons a handle by which to injure their owners. —The Golden Bough, Sir James George Frazer 2

3. Symmetric Encryption or conventional / private-key / single-key sender and recipient share a common key all classical encryption algorithms are private-key was only type prior to invention of public- key in 1970’s 3

4. Basic Terminology plaintext - the original message ciphertext - the coded message cipher - algorithm for transforming plaintext to ciphertext key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext from plaintext cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - the study of principles/ methods of deciphering ciphertext without knowing key cryptology - the field of both cryptography and cryptanalysis 4

5. Symmetric Cipher Model 5

6. Requirements two requirements for secure use of symmetric encryption: –a strong encryption algorithm –a secret key known only to sender / receiver Y = E K (X) X = D K (Y) assume encryption algorithm is known implies a secure channel to distribute key 6

7. Figure 2-1 Encryption. 7

8. Figure 2-2 Encryption with Keys. 8

9. Cryptography can characterize by: –type of encryption operations used substitution / transposition / product –number of keys used single-key or private / two-key or public –way in which plaintext is processed block / stream 9

10. Types of Cryptanalytic Attacks ciphertext only –only know algorithm / ciphertext, statistical, can identify plaintext known plaintext –know/suspect plaintext & ciphertext to attack cipher chosen plaintext –select plaintext and obtain ciphertext to attack cipher chosen ciphertext –select ciphertext and obtain plaintext to attack cipher chosen text –select either plaintext or ciphertext to en/decrypt to attack cipher 10

11. Brute Force Search always possible to simply try every key most basic attack, proportional to key size assume either know / recognise plaintext 11

12. More Definitions unconditional security –no matter how much computer power is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext computational security –given limited computing resources (eg time needed for calculations is greater than age of universe), the cipher cannot be broken 12

13. Classical Substitution Ciphers where letters of plaintext are replaced by other letters or by numbers or symbols or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns 13

14. Caesar Cipher earliest known substitution cipher by Julius Caesar first attested use in military affairs replaces each letter by 3rd letter on example: meet me after the toga party PHHW PH DIWHU WKH WRJD SDUWB 14

15. Caesar Cipher can define transformation as: a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C mathematically give each letter a number a b c d e f g h i j k l m 0 1 2 3 4 5 6 7 8 9 10 11 12 n o p q r s t u v w x y Z 13 14 15 16 17 18 19 20 21 22 23 24 25 then have Caesar cipher as: C = E(p) = (p + k) mod (26) p = D(C) = (C – k) mod (26) 15

16. Cryptanalysis of Caesar Cipher only have 26 possible ciphers –A maps to A,B,..Z could simply try each in turn a brute force search given ciphertext, just try all shifts of letters do need to recognize when have plaintext eg. break ciphertext "GCUA VQ DTGCM" 16

17. Monoalphabetic Cipher rather than just shifting the alphabet could shuffle (jumble) the letters arbitrarily each plaintext letter maps to a different random ciphertext letter hence key is 26 letters long Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN Plaintext: ifwewishtoreplaceletters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA 17

18. Sample of Compressed Text ˜+Wµ"— !–O)"4{#‡¸ ë~!%ràu·¯Í $¯Z- Ú%2Ò# Åæ& oe«q7¸!n·®3N$Ú OEz’Y-ƒ#Í[±Û_ è!‚<NO¬±«.xã Åä£èü3Å x}ö§kºÂ _yÍ ˆ'É] ²¤ J/°iTê&ý( 'c<u!- ÄD(G WÄC~y_ïõÄW PÔý«Î܆ç]‚¤¡.Ì^üÑ )¢*¡L¡9OgflO¢&OE"(¬"(ØÔ§½: ¡OE!SGqèvoˆ úError! 18

19. Monoalphabetic Cipher Security now have a total of 26! = 4 x 10 26 keys with so many keys, might think is secure but would be !!!WRONG!!! problem is language characteristics 19

20. Language Redundancy and Cryptanalysis human languages are redundant eg "th lrd s m shphrd shll nt wnt" letters are not equally commonly used in English e is by far the most common letter then T,R,N,I,O,A,S other letters are fairly rare cf. Z,J,K,Q,X have tables of single, double & triple letter frequencies 20

21. English Letter Frequencies 21

22. Use in Cryptanalysis key concept - monoalphabetic substitution ciphers do not change relative letter frequencies discovered by Arabian scientists in 9 th century calculate letter frequencies for ciphertext compare counts/plots against known values if Caesar cipher look for common peaks/troughs –peaks at: A-E-I triple, NO pair, RST triple –troughs at: JK, X-Z for monoalphabetic must identify each letter –tables of common double/triple letters help 22

23. Example Cryptanalysis given ciphertext: UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ count relative letter frequencies (see text) guess P & Z are e and t guess ZW is th and hence ZWP is the proceeding with trial and error fially get: it was disclosed yesterday that several informal but direct contacts have been made with political representatives of the viet cong in moscow 23

24. Playfair Cipher not even the large number of keys in a monoalphabetic cipher provides security one approach to improving security was to encrypt multiple letters the Playfair Cipher is an example invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair 24

25. Playfair Key Matrix a 5X5 matrix of letters based on a keyword fill in letters of keyword (sans duplicates) fill rest of matrix with other letters eg. using the keyword MONARCHY MONAR CHYBD EFGIK LPQST UVWXZ 25

26. Encrypting and Decrypting plaintext encrypted two letters at a time: 1.if a pair is a repeated letter, insert a filler like 'X', eg. "balloon" encrypts as "ba lx lo on" 2.if both letters fall in the same row, replace each with letter to right (wrapping back to start from end), eg. “ar" encrypts as "RM" 3.if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom), eg. “mu" encrypts to "CM" 4.otherwise each letter is replaced by the one in its row in the column of the other letter of the pair, eg. “hs" encrypts to "BP", and “ea" to "IM" or "JM" (as desired) 26

27. Security of the Playfair Cipher security much improved over monoalphabetic since have 26 x 26 = 676 digrams would need a 676 entry frequency table to analyse (verses 26 for a monoalphabetic) and correspondingly more ciphertext was widely used for many years (eg. US & British military in WW1) it can be broken, given a few hundred letters since still has much of plaintext structure 27

28. Polyalphabetic Ciphers another approach to improving security is to use multiple cipher alphabets called polyalphabetic substitution ciphers makes cryptanalysis harder with more alphabets to guess and flatter frequency distribution use a key to select which alphabet is used for each letter of the message use each alphabet in turn repeat from start after end of key is reached 28

29. Vigenère Cipher simplest polyalphabetic substitution cipher is the Vigenère Cipher effectively multiple caesar ciphers key is multiple letters long K = k1 k2... kd i th letter specifies i th alphabet to use use each alphabet in turn repeat from start after d letters in message decryption simply works in reverse 29

30. Example write the plaintext out write the keyword repeated above it use each key letter as a caesar cipher key encrypt the corresponding plaintext letter eg using keyword deceptive key: deceptivedeceptivedeceptive plaintext: wearediscoveredsaveyourself ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ 30

31. Aids simple aids can assist with en/decryption a Saint-Cyr Slide is a simple manual aid –a slide with repeated alphabet –line up plaintext 'A' with key letter, eg 'C' –then read off any mapping for key letter can bend round into a cipher disk or expand into a Vigenère Tableau (see text Table 2.3) 31

32. Security of Vigenère Ciphers have multiple ciphertext letters for each plaintext letter hence letter frequencies are obscured but not totally lost start with letter frequencies –see if look monoalphabetic or not if not, then need to determine number of alphabets, since then can attach each 32

33. Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the bit –performs both substitution and transposition (permutation) on the bits Cipher consists of 16 rounds (iterations) each with a round key generated from the user- supplied key 33

34. Generation of Round Keys Round keys are 48 bits each 34

35. Encipherment 35

36. The f Function 36

37. DES Computations The cipher consists of 16 rounds or iterations Each round uses a separate key of 48 bits –These round keys are generated by dropping the parity bits (reducing the effective key size to 56 bits) –Permuting the bits and extracting 48 bits (out of the 56 bits) A different set of 48 bits is extracted for each round of the 16 rounds The rounds are extracted sequentially –The input of one round is the output of the previous round 37

38. DES Computations The right half of the input, and the round key, are run through a function f that produces 32 bits of output The 32 bits output are XORed into the left half, and the resulting left and right halves are swapped The function f provides the strength of the DES. The right half of the input (32 bits) is expanded to 48 bits These 48 bits are XORed with the round key (48 bits) 38

39. DES Computations The resulting 48 bits are split into eight sets of six bits each Each set is put through a substitution table called S-box. Each S-box produces four bits output. They are catenated into a single 32-bit quantity, which is permuted. The resulting 32 bits constitute the output of function f. 39

40. 40 Public Key Cryptography Two keys –Private key known only to individual –Public key available to anyone Public key, private key inverses Idea –Confidentiality: encipher using public key, decipher using private key –Integrity/authentication: encipher using private key, decipher using public one

41. 41 Requirements 1.It must be computationally easy to encipher or decipher a message given the appropriate key 2.It must be computationally infeasible to derive the private key from the public key 3.It must be computationally infeasible to determine the private key from a chosen plaintext attack

42. 42 RSA Exponentiation cipher Relies on the difficulty of determining the number of numbers relatively prime to a large integer n

43. 43 Background Totient function  (n) –Number of positive integers less than n and relatively prime to n Relatively prime means with no factors in common with n Example:  (10) = 4 –1, 3, 7, 9 are relatively prime to 10 Example:  (21) = 12 –1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20 are relatively prime to 21

44. 44 Algorithm Choose two large prime numbers p, q –Let n = pq; then  (n) = (p–1)(q–1) –Choose e < n such that e is relatively prime to  (n). –Compute d such that ed mod  (n) = 1 Public key: (e, n); private key: d Encipher: c = m e mod n Decipher: m = c d mod n

45. 45 Example: Confidentiality Take p = 7, q = 11, so n = 77 and  (n) = 60 Alice chooses e = 17, making d = 53 Bob wants to send Alice secret message HELLO (07 04 11 11 14) –07 17 mod 77 = 28 –04 17 mod 77 = 16 –11 17 mod 77 = 44 –14 17 mod 77 = 42 Bob sends 28 16 44 44 42

46. 46 Example Alice receives 28 16 44 44 42 Alice uses private key, d = 53, to decrypt message: –28 53 mod 77 = 07 –16 53 mod 77 = 04 –44 53 mod 77 = 11 –42 53 mod 77 = 14 Alice translates message to letters to read HELLO –No one else could read it, as only Alice knows her private key and that is needed for decryption

47. 47 Example: Integrity/Authentication Take p = 7, q = 11, so n = 77 and  (n) = 60 Alice chooses e = 17, making d = 53 Alice wants to send Bob message HELLO (07 04 11 11 14) so Bob knows it is what Alice sent (no changes in transit, and authenticated) –07 53 mod 77 = 35 –04 53 mod 77 = 09 –11 53 mod 77 = 44 –14 53 mod 77 = 49 Alice sends 35 09 44 44 49

48. 48 Example Bob receives 35 09 44 44 49 Bob uses Alice’s public key, e = 17, n = 77, to decrypt message: –35 17 mod 77 = 07 –09 17 mod 77 = 04 –44 17 mod 77 = 11 –49 17 mod 77 = 14 Bob translates message to letters to read HELLO –Alice sent it as only she knows her private key, so no one else could have enciphered it –If (enciphered) message’s blocks (letters) altered in transit, would not decrypt properly

49. 49 Example: Both Alice wants to send Bob message HELLO both enciphered and authenticated (integrity-checked) –Alice’s keys: public (17, 77); private: 53 –Bob’s keys: public: (37, 77); private: 13 Alice enciphers HELLO (07 04 11 11 14): –(07 53 mod 77) 37 mod 77 = 07 –(04 53 mod 77) 37 mod 77 = 37 –(11 53 mod 77) 37 mod 77 = 44 –(14 53 mod 77) 37 mod 77 = 14 Alice sends 07 37 44 44 14

50. 50 Security Services Confidentiality –Only the owner of the private key knows it, so text enciphered with public key cannot be read by anyone except the owner of the private key Authentication –Only the owner of the private key knows it, so text enciphered with private key must have been generated by the owner

51. 51 More Security Services Integrity –Enciphered letters cannot be changed undetectably without knowing private key Non-Repudiation –Message enciphered with private key came from someone who knew it

52. 52 Warnings Encipher message in blocks considerably larger than the examples here –If 1 character per block, RSA can be broken using statistical attacks (just like classical cryptosystems) –Attacker cannot alter letters, but can rearrange them and alter message meaning Example: reverse enciphered message of text ON to get NO

53. Encryption Applications 1.Cryptographic Hash Functions (Checksums) 2.Key Exchange 3.Digital Signatures 4.Certificates 53

54. Cryptographic Hash Functions Also called checksums or message digests Encryption is most commonly used for secrecy –The message content –and sometimes its existence- is not known Sometimes other things are more important –Integrity: In a document retrieval system containing legal records, it may be important to know that the copy retrieved is exactly what was stored. 54

55. Cryptographic Checksums Elements or components of the file are not bound together. –This means changing one value affects the integrity of the file, but that one change can easily go undetected. We need to put a seal or a shield around the file do that we can detect when the seal has been broken and thus know that something has been changed. One way for providing the seal is to compute a cryptographic function –One-way functions (Have no inverse functions) 55

56. 56 Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k ≤ n). –k is smaller then n except in unusual circumstances Example: ASCII parity bit –ASCII has 7 bits; 8th bit is “parity” –Even parity: even number of 1 bits –Odd parity: odd number of 1 bits

57. 57 Example Use Bob receives “10111101” as bits. –Sender is using even parity; 6 1 bits, so character was received correctly –Sender is using odd parity; even number of 1 bits, so character was not received correctly

58. Cryptographic Checksums The function must depend on all bits of the file being sealed –Any change to even a single bit will alter the checksum result The checksum value is stored with the file Each time the file is accessed or used, the checksum is recomputed If the computed checksum matches the stored value, it is likely that the file has not been changed 58

59. Cryptographic Checksums In block encryption: –Chaining: means linking each block to the previous block’s value (and therefore to all previous blocks) For example, by using an XOR to combine the encrypted previous block with the encryption of the current one A file’s cryptographic checksum could be the last block of the chained encryption of a file since that block will depend on all other blocks 59

60. Cryptographic Checksums Most widely used cryptographic hash functions: –MD4 –MD5 (MD stands for Message Digest) –SHA/SHS (Secure Hash Algorithm or Standard) –SHA-1 60