Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intro To Encryption Exercise 1. Monoalphabetic Ciphers Examples:  Caesar Cipher  At Bash  PigPen (Will be demonstrated)  …

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Intro To Encryption Exercise 1. Monoalphabetic Ciphers Examples:  Caesar Cipher  At Bash  PigPen (Will be demonstrated)  …"— Presentation transcript:

1 Intro To Encryption Exercise 1

2 Monoalphabetic Ciphers Examples:  Caesar Cipher  At Bash  PigPen (Will be demonstrated)  …

3 PigPen CIpher Replaces letters with symbols What type of cipher is this one? Does it add additional strength? What kind of an attack can be preformed on this cipher? How can we protect against the retrieval of single/double letter words? How can we protect against trivial statistical approach? How do we build a stream cipher from this cipher

4 Common Pairs and combinations Attack: 1. Check frequency of letters in cipher text. 2. Check against language frequency table. 3. Check groups of repeating letters 4. Decipher. Ss,ee,tt,ff,ll,mm,oo If cipher text contains spaces, try and identify short words: a, of, to, is, and, the …

5 Language Frequency Table (English) Frequency of occurrence in 1000 letters Frequency of occurrence in 1000 words LetterRank 131.05591E1 104.68473T2 81.51368A3 79.95360O4 70.98320N5 68.32308R6 63.45286I7 61.01275S8 52.59237H9 37.88171D10 33.89153L11 29.24132F12 27.58124C13 25.36114M14 24.59111U15 19.9490G16 19.8289Y17 19.8289P18 15.3968W19 14.4065B20 9.1941V21 4.2019K22 1.667X23 1.326J24 1.215Q25.773Z26

6 One Time Pad Shared Key cipher Un conditionally secure (why?) Theoretical (why?)

7 Attacks (reminder) Cipher text only Known Plain Text Chosen Plain Text

8 From The Lecture OTP Cons: “Also requires perfect synchronization to decrypt” Suggest Ways To Solve…

9 A possible solution Modify the transmission protocol  Add a counter  Should we encrypt it?  What if the counter is known? How does it affect the message?  How can we prevent counter sabotage?

10 Problem Suggest a way where Alice can transmit 2 messages with one OTP key. The system should protect each message. When the 2 messages are intercepted the key can be recovered.

11 Solution Let r be a random number (in the size of k) E k (M1)=M1  (k)||k  r E’ k (M2)=M2  (k)||r When both messages are intercepted, k is revealed. Secrecy kept when only one message is intercepted.

12 Problem Given the following input domain: P = {0,1} 8 U {0,1} 16 U {0,1} 24 U {0,1} 32 i.e. the message can be either byte long, 2 byte long … until 4 bytes long. Design and prove security for an unconditionally secure cipher, i.e. where an attacker cannot learn anything about the plaintext, including its length, given a ciphertext. You may assume that the keys are random, and you can generate a key with any needed length, although of course try to be efficient. Your design can be based on OTP.

13 Solution All messages shall take 4 bytes + redundancy Add 2 more redundant bits to designate the number of bytes occupied For each byte not containing a valid data, randomly choose bits. Should we encrypt the random bits?

14 Problem An idea offered by Professor I.M. Shorter, (from LongTerm University) is given to suggest a shorter key-length implementation for encryption/decryptions in a similar way to the 'classic' OTP. Assuming we have an even-length message, we need a key at only half of the plaintext length.

15 Cont’ Given a plaintext: m[1,...,2l], there's the need of a random key, k[1,....,l], provided that instead of using the 'classical' encryption form, e(m ^ k), we use to the following encryption function: e'(m[1,...,2l], k[1,....,l] ) = m[1]  k[1] || m[2]  m[1]  k[1] || || m[3]  k[2] || m[4]  m[3]  k[2] ||.... || m[2l-3]  k[l-1]|| m[2l-2]  m[2l-3]  k[l-1] || || m[2l-1]  k[l] || m[2l]  m[2l-1]  k[l] = c[1,...,2l]

16 Cont’ Build a decryption function d', that given a ciphertext and a key, returns the initial plaintext message (m). What do you think about the Professor's suggestion? Is this cryptosystem (provided that we have a random KG) unconditionally secure ? Please explain (support your answer with definition studied in class if needed, or with a solid example of input/ output etc... that support your argument).

17 Solution Lets assume a message m1: 10010110 and a key K:1101 C=E k (M)=00100100 We need a decryption function such that D k (C)=M. C = 00 10 01 00 The Function:  c[1]  k[1] || c[2]  c[1]  …  c[2l-1]  k[l] || c[2l-1]  c[2l] Any Problems???

18 Solution Cont’ No key is needed to decipher Half of the original message.

19 Problen Professor I.M. Shorter has decided to make his solution better (after the decrease in stock values). The following encryption scheme shall be used: e'(m[1,...,2l], k[1,....,l] ) = m[1]  k[1] || m[2]  k[1] || || m[3]  k[2] || m[4]  k[2] ||.... || m[2l-3]  k[l-1]|| m[2l-2]  k[l-1] || || m[2l-1]  k[l] || m[2l]  k[l] = c[1,...,2l]

20 Problem (additional) In order to ease the key transmission problem of One-Time Pad, Dr. Trick suggests to use 2 random keys: k1and k2, for 3 messages: m1, m2, m3, in the following form  c1 = m1  k1  c2 = m2  k2  c3 = m3  (k1  k2) Assume that m1, m2, m3, k1, k2 are of the same length (l-bits long).

21 Cont’ Are the solutions to both problems unconditionally secure? If not what kind of attacks should we try?

22 Solution They are not unconditionally secure Why?  In case of a biased text we can uncover key bits and use on M3, M2 or M1 (depends on the biased bits).  Known plaintext attack may uncover information about the key  What additional strength does chosen plaintext attack provide here? What is a very obvious statistical attack?  In case of a biased plain text, some key bits may be discovered. The cipher bit distribution may no be uniform. Thus: it is NOT unconditionally secured.

23 Problem The hardware company TernaryHW has built a computer that does not work with base 2 bits (that store the values 0,1), but is ternary (base-3) based, where each bit may hold the values 0,1 or 2. The bit-wise XOR operator works with no changes (x  y=1 ↔x≠ y, x  y=0 ↔x= y). The OTP encryption works the same here, and it is referred to as OTP3 (when works on the ternary bits), where: e(m,k) = m^k, as usual.

24 Problem Dr. Seller argues that their system (their computer with OTP3) is more secure than the binary based OTP since it is harder to decrypt a ciphertext, c, even if the key, k, is exposed. As he explains: In OTP, since c= m  k, given c and k, it is easy to computer m, since: c  k = m. In OTP3, c= m  k, but c  k != m, therefore it is harder to reveal m when the key, k, is exposed. Is Dr. Seller right ? Is OTP3 safer than OTP ? Is it unconditionally secure?

25 Solution OTP3 isn’t an encryption system at all Assuming only 0 and 1 bits are used, then the OTP3 is unconditionally secure i.e. OTP3=OTP. Using bits other than 1 and 0 suggests it is not unconditionally secure since another algorithm is in use. Can we even get the plaintext message back? Suggest a better approach where this hardware can be used.

26 Solution 2 E(m,k)= m[i] + k[i] mod 3 = c[i] D(m,k)= c[i] – k[i] mod 3=m[i] Is this design unconditionally secure?

Download ppt "Intro To Encryption Exercise 1. Monoalphabetic Ciphers Examples:  Caesar Cipher  At Bash  PigPen (Will be demonstrated)  …"

Similar presentations

CLASSICAL ENCRYPTION TECHNIQUES

CLASSICAL ENCRYPTION TECHNIQUES
Cryptography encryption authentication digital signatures

Cryptography encryption authentication digital signatures
CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 Cryptanalysis-tolerant CPA crypt. ● Suppose E, E’ are two encryption schemes which on of them is CPA - secure  E.g., a standard and a proprietary, a.

1 Cryptanalysis-tolerant CPA crypt. ● Suppose E, E’ are two encryption schemes which on of them is CPA - secure  E.g., a standard and a proprietary, a.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Cryptology  Terminology  plaintext - text that is not encrypted.  ciphertext - the output of the encryption process.  key - the information required.

Cryptology  Terminology  plaintext - text that is not encrypted.  ciphertext - the output of the encryption process.  key - the information required.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea 34901784 443099

Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea
RC4 1 RC4 RC4 2 RC4  Invented by Ron Rivest o “RC” is “Ron’s Code” or “Rivest Cipher”  A stream cipher  Generate keystream byte at a step o Efficient.

RC4 1 RC4 RC4 2 RC4  Invented by Ron Rivest o “RC” is “Ron’s Code” or “Rivest Cipher”  A stream cipher  Generate keystream byte at a step o Efficient.
CSE331: Introduction to Networks and Security Lecture 17 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 17 Fall 2002.
Network Management and Security

Network Management and Security
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
CS1001 Lecture 24. Overview Encryption Encryption Artificial Intelligence Artificial Intelligence Homework 4 Homework 4.

CS1001 Lecture 24. Overview Encryption Encryption Artificial Intelligence Artificial Intelligence Homework 4 Homework 4.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
ORYX 1 ORYX ORYX 2 ORYX  ORYX not an acronym, but upper case  Designed for use with cell phones o To protect confidentiality of voice/data o For “data.

ORYX 1 ORYX ORYX 2 ORYX  ORYX not an acronym, but upper case  Designed for use with cell phones o To protect confidentiality of voice/data o For “data.

Similar presentations

Ads by Google