1. Chapter 2 Crypto Basics How to speak crypto Substitution Cipher
Transposition Cipher
One-Time Pad
Codebook Cipher
Crypto history
Taxonomy

2. Crypto
Cryptology  The art and science of making and breaking “secret codes”
Cryptography  making “secret codes”
Cryptanalysis  breaking “secret codes”
Crypto  all of the above (and more)
암호학(Cryptology)
“비밀코드”를 만들거나 해독하는 과학
암호생산(Cryptography)
“비밀코드”를 만드는 것
암호분석(Cryptanalysis)
“비밀코드”를 해독하는 것
암호(Crypto)
상기한 모든 것 또는 그 이상
Chapter 2 Crypto Basics

3. How to Speak Crypto
A cipher or cryptosystem is used to encrypt the plaintext
The result of encryption is ciphertext
We decrypt ciphertext to recover plaintext
A key is used to configure a cryptosystem
A symmetric key cryptosystem uses the same key to encrypt as to decrypt
A public key cryptosystem uses a public key to encrypt and a private key to decrypt (sign)
암호체계는 평문을 암호화 하는데 사용
암호화 결과는 암호문
암호문을 평문으로 복원하는 것은 복호화
키는 암호체계를 만드는데 사용
대칭키 암호체계는 같은 키를 암호화와 복호화를 위해 사용
공개키 암호체계는 공개키는 암호화, 개인키는 복호화(서명)에 사용
Chapter 2 Crypto Basics

4. Crypto Basis assumption Also known as Kerckhoffs Principle
The system is completely known to the attacker
Only the key is secret
Also known as Kerckhoffs Principle
Crypto algorithms are not secret
Why do we make this assumption?
Experience has shown that secret algorithms are weak when exposed
Secret algorithms never remain secret
Better to find weaknesses beforehand
In cryptography, Kerckhoffs' principle (also called Kerckhoffs' assumption, axiom or law) was stated by Auguste Kerckhoffs in the 19th century: a cryptosystem should be secure even if everything about the system, except the key, is public knowledge. It was reformulated (perhaps independently) by Claude Shannon as "the enemy knows the system". In that form it is called Shannon's maxim. In contrast to security through obscurity, it is widely embraced by cryptographers.
In accordance with Kerckhoffs' principle, the majority of civilian cryptography makes use of publicly-known algorithms. By contrast, ciphers used to protect classified government or military information are often kept secret (see Type 1 encryption).
The law was one of six design principles laid down by Kerckhoffs for military ciphers. Translated from French, they are:
The system must be practically, if not mathematically, indecipherable;
It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience;
Its key must be communicable and retainable without the help of written notes, and changeable or modifiable at the will of the correspondents;
It must be applicable to telegraphic correspondence;
It must be portable, and its usage and function must not require the concourse of several people;
Finally, it is necessary, given the circumstances that command its application, that the system be easy to use, requiring neither mental strain nor the knowledge of a long series of rules to observe.
Bruce Schneier ties it in with a belief that all security systems must be designed to fail as gracefully as possible:
"Kerckhoffs' principle applies beyond codes and ciphers to security systems in general: every secret creates a potential failure point. Secrecy, in other words, is a prime cause of brittleness—and therefore something likely to make a system prone to catastrophic collapse. Conversely, openness provides ductility."[1] It is worth expanding on what Schneier means by brittleness: after all, any security system depends crucially on keeping some things secret. What Schneier means is that the things which are kept secret ought to be those which are least costly to change should they be inadvertently disclosed. A cryptographic algorithm may be implemented by hardware and software which is widely distributed among its users; if security depended on keeping that secret, then disclosure would lead to major logistic headaches in developing, testing and distributing implementations of a new algorithm. Whereas if the secrecy of the algorithm were not important, but only that of the keys used with the algorithm, then disclosure of the keys would require the much less arduous process of generating and distributing new keys.
Or in other words, the fewer and simpler the things one needs to keep secret in order to ensure the security of the system, the easier it is to maintain that security.
Eric Raymond extends this principle in support of open source software, saying
"Any security software design that doesn't assume the enemy possesses the source code is already untrustworthy; therefore, *never trust closed source*. [2] The controversial idea that open-source software is inherently more secure than closed-source is promoted by the concept of security through transparency.
It's possible to have a secret cryptosystem while still reaping the benefits of public cryptography research: make a non-weakening change to a public algorithm, like changing the Nothing up my sleeve numbers, or, in the case of Symmetric-key algorithms, chaining the public cipher with an unrelated secret cipher.
An example of technology which relies upon a secret cryptosystem is WAPI, the wireless LAN security standard the Chinese government has proposed to encompass civilian uses on a global scale.
Chapter 2 Crypto Basics

5. Crypto as Black Box A generic use of crypto key key plaintext
encrypt
decrypt
ciphertext
A generic use of crypto
Chapter 2 Crypto Basics

6. Simple Substitution Plaintext: fourscoreandsevenyearsago Key:
Ciphertext a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Ciphertext:
IRXUVFRUHDAGVHYHABHDUVDIR
Shift by 3 is “Caesar’s cipher”
Chapter 2 Crypto Basics

7. Ceasar’s Cipher Decryption
Suppose we know a Ceasar’s cipher is being used
Ciphertext: VSRQJHEREVTXDUHSDQWU
Plaintext
Ciphertext a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Plaintext: spongebobsquarepants
Chapter 2 Crypto Basics

8. Not-so-Simple Substitution
Shift by n for some n  {0,1,2,…,25}
Then key is n
Example: key = 7
Plaintext
Ciphertext a b c d e f g h i j k l m n o p q r s t u v w x y z H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
Chapter 2 Crypto Basics

9. Cryptanalysis I: Try Them All
Given
A simple substitution (shift by n) is used
But the key is unknown
Given ciphertext: meqefscerhcsyeviekmvp
How to find the key?
Exhaustive key search
Only 26 possible keys  try them all!
Solution: key = 4 IAMABOYANDYOUAREAGIRL
Chapter 2 Crypto Basics

10. Even-less-Simple Substitution
Key is some permutation of letters
Need not be a shift
For example
Plaintext
Ciphertext a b c d e f g h i j k l m n o p q r s t u v w x y z J I C A X S E Y V D K W B Q T Z R H F M P N U L G O
Then 26! > 288 possible keys!
Dominates the art of secret writing throughout the first millennium
Chapter 2 Crypto Basics

11. Cryptanalysis II: Be Clever
We know that a simple substitution is used
But not necessarily a shift by n
Can we find the key given ciphertext:
PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXTOXBTFXQWAXBVCXQWAXFQJVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJVWLBTPQWAEBFPBFHCVLXBQUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGFOTHFEFBQUFTDHZBQPOTHXTYFTODXQHFTDPTOGHFQPBQWAQJJTODXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQWKFABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQJHDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQWAUVWFLQHGFXVAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAITIXPFHXAFQHEFZQWGFLVWPTOFFA
Chapter 2 Crypto Basics

12. Cryptanalysis II Can’t try all 288 simple substitution keys
Can we be more clever?
English letter frequency counts…
Chapter 2 Crypto Basics

13. Cryptanalysis II Ciphertext: Decrypt this message using info below
PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXTOXBTFXQWAXBVCXQWAXFQJVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJVWLBTPQWAEBFPBFHCVLXBQUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGFOTHFEFBQUFTDHZBQPOTHXTYFTODXQHFTDPTOGHFQPBQWAQJJTODXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQWKFABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQJHDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQWAUVWFLQHGFXVAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAITIXPFHXAFQHEFZQWGFLVWPTOFFA
Decrypt this message using info below
Ciphertext frequency counts: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 21 26 6 10 12 51 25 9 3 1 15 28 42 27 4 24 22 8
Chapter 2 Crypto Basics

14. Frequency analysis histrory
Discovered by the Arabs
Earliest known description of frequency analysis is in a book by the 9-century scientist al-Kindi
Rediscovered or introduced from the Arabs in Europe during the Renaissance
Frequency analysis made substitution cipher inscure.
Chapter 2 Crypto Basics

15. Cryptanalysis: Terminology
Cryptosystem is secure if best known attack is to try all keys
Cryptosystem is insecure if any shortcut attack is known
By this definition, an insecure system might be harder to break than a secure system!
Chapter 2 Crypto Basics

16.  Double Transposition Plaintext: attackxatxdawn
Permute rows
and columns 
Ciphertext: xtawxnattxadakc
Key: matrix size and permutations (3,5,1,4,2) and (1,3,2)
Chapter 2 Crypto Basics

17. One-time Pad Encryption
e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111
Encryption: Plaintext  Key = Ciphertext P h e i l t r
001
000
010
100
111
101 K
110 C s
Chapter 2 Crypto Basics

18. One-time Pad Decryption
e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111
Decryption: Ciphertext  Key = Plaintext C s r l h t
110
101
100
001
111 K
000 P
010 e i
Chapter 2 Crypto Basics

19. One-time Pad Double agent claims sender used “key”: C P s r l h t K k
110
101
100
001
111 K
000 P
011
010 k i e
e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111
Chapter 2 Crypto Basics

20. One-time Pad Sender is captured and claims the key is: C P s r l h t K
110
101
100
001
111 K
000
011 P
010 e i k
e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111
Chapter 2 Crypto Basics

21. One-time Pad Summary Provably secure, when used correctly
Ciphertext provides no info about plaintext
All plaintexts are equally likely
Pad must be random, used only once
Pad is known only by sender and receiver
Pad is same size as message
No assurance of message integrity
Why not distribute message(plaintext) the same way as the pad(key)?
Chapter 2 Crypto Basics

22. Real-world One-time Pad
Project VENONA
Soviet spy messages from U.S. in 1940’s
Nuclear espionage, etc.
Thousands of messaged
Spy carried one-time pad into U.S.
Spy used pad to encrypt secret messages
Repeats within the “one-time” pads made cryptanalysis possible
espionage [éspienà:¥|èspien:¥] n. (타인R타국에 대한) 스파이 행위, 첩보 활동, 정찰. a novel of intrigue and ∼ 음모 및 스파이 소설. political[military] ∼ 정치[군사] 정보 활동
Chapter 2 Crypto Basics

23. VENONA Decrypt (1944)
[C% Ruth] learned that her husband [v] was called up by the army but he was not sent to the front. He is a mechanical engineer and is now working at the ENORMOUS [ENORMOZ] [vi] plant in SANTA FE, New Mexico. [45 groups unrecoverable]
detain VOLOK [vii] who is working in a plant on ENORMOUS. He is a FELLOWCOUNTRYMAN [ZEMLYaK] [viii]. Yesterday he learned that they had dismissed him from his work. His active work in progressive organizations in the past was cause of his dismissal. In the FELLOWCOUNTRYMAN line LIBERAL is in touch with CHESTER [ix]. They meet once a month for the payment of dues. CHESTER is interested in whether we are satisfied with the collaboration and whether there are not any misunderstandings. He does not inquire about specific items of work [KONKRETNAYa RABOTA]. In as much as CHESTER knows about the role of LIBERAL's group we beg consent to ask C. through LIBERAL about leads from among people who are working on ENOURMOUS and in other technical fields.
“Ruth” == Ruth Greenglass
“Liberal” == Julius Rosenberg
“Enormous” == the atomic bomb
Chapter 2 Crypto Basics

24. Codebook Literally, a book filled with “codewords”
Zimmerman Telegram encrypted via codebook
Februar
fest
finanzielle
folgender
Frieden
Friedenschluss
: :
Modern block ciphers are codebooks!
More on this later…
Chapter 2 Crypto Basics

25. Zimmerman Telegram One of most famous codebook ciphers ever
Led to US entry in WWI
Ciphertext shown here…
Chapter 2 Crypto Basics

26. Zimmerman Telegram Decrypted
British had recovered partial codebook
Able to fill in missing parts
Chapter 2 Crypto Basics

27. A Few Historical Items Crypto timeline Answers.com Wikipedia
Transposition cipher
Spartan Scytale[saiteil]
Substitution cipher
Caesar’s cipher
Poe’s The Gold Bug: See here
Election of 1876
풍뎅이 [The Gold-Bug] 요약 미국의 시인 E.A.포의 단편소설. 저자 포 장르 소설 발표 1843년 본문
1843년 발표. 1845년 《단편집》에 수록되었다. 남(南)캐롤라이나주의 새리번섬에 사는 르글란드는 어느 날 우연히 바닷가에서 희귀한 풍뎅이와 한 조각의 양피지(羊皮紙)를 발견하고 그 양피지를 불에 쬐어서 나타난 암호를 단서로 섬에 숨겨진 보물의 소재를 알아낸다. 밤중에 반신반의하는 친구와 하인을 데리고 숲으로 들어가 암호에 있는 대로 마른가지 끝에 달린 해골의 한쪽 눈에서 실로 맨 풍뎅이를 늘어뜨렸더니 그 땅속에서 예의 보석이 나온다.
유명한 해적 선장 키드의 보물전설과 포가 특기로 하는 암호 해독을 결부시킨 독특한 추리소설이다.
Chapter 2 Crypto Basics

28. Election of 1876
“Rutherfraud” Hayes vs “Swindling” Tilden: Popular vote was virtual tie
Electoral college delegations for 4 states (including Florida) in dispute
Commission: All 4 states to Hayes
Tilden accused Hayes of bribery
Was it true?
delegation [dèlegéiòen] n.1 대표 파견[임명]; (권한R임무 등의) 위임, 위촉.
Chapter 2 Crypto Basics

29. Election of 1876 Encrypted messages by Tilden supporters later emerged
Cipher: Partial codebook, plus transposition
Codebook substitution for important words
ciphertext plaintext
Copenhagen Greenbacks
Greece Hayes
Rochester votes
Russia Tilden
Warsaw telegram
: :
Chapter 2 Crypto Basics

30. Election of 1876 Apply codebook to original message
Pad message to multiple of 5 words (total length, 10,15,20,25 or 30 words)
For each length, a fixed permutation applied to resulting message
Permutations found by comparing many messages of same length
Note that the same key is applied to all messages of a given length
Chapter 2 Crypto Basics

31. Election of 1876
Ciphertext: Warsaw they read all unchanged last are idiots can’t situation
Codebook: Warsaw  telegram
Transposition: 9,3,6,1,10,5,2,7,4,8
Plaintext: Can’t read last telegram. Situation unchanged. They are all idiots.
A weak cipher made worse by reuse of key
Lesson: Don’t reuse/overuse keys!
Chapter 2 Crypto Basics

32. Early 20th Century WWI  Zimmerman Telegram
“Gentlemen do not read each other’s mail”  Henry L. Stimson, Secretary of State, 1929
WWII  golden age of cryptanalysis
Japanese Purple (codename MAGIC)
German Enigma (codename ULTRA)
Chapter 2 Crypto Basics

33. Enigma Machine
Encryption machine used by Germans in the WWII, relies on electricity
Plug board: allowed for pairs of letters to be remapped before the encryption process started and after it ended.
Light board
Keyboard
Set of rotors: user must select three rotors from a set of rotors to be used in the machine. A rotor contains one-to-one mappings of all the letters.
Reflector (half rotor).
Chapter 2 Crypto Basics

34. How does it work? Current passes through:
the plug board,
the three rotors,
the reflector which reverses the current,
back through the three rotors,
back through the plug board
then the encrypted letter is lit on the display.
For each letter, the rotors rotate. The rotors rotate such as the right most rotor must complete one revolution before the middle rotor rotated one position and so on.
Chapter 2 Crypto Basics

35. Letters Remapped
The whole encryption process for a single letter contains a minimum of 7 remappings (the current passes through the rotors twice) and a maximum of 9 remappings (if the letter has a connection in the plug board).
Plug board performs the first remapping, if the letter has a connection in the plug board.
Rotors remap letters. Each rotor contains one-to-one mappings of letters but since the rotors rotate on each key press, the mappings of the rotors change on every key press.
The reflector does one more remapping, the one-to-one mappings are always the same.
Chapter 2 Crypto Basics

36. Decryption
Need the encrypted message, and know which rotors were used, the connections on the plug board and the initial settings of the rotors.
Without the knowledge of the state of the machine when the original message was typed in, it is extremely difficult to decode a message.
Chapter 2 Crypto Basics

37. Japanese Purple Machine
Electromechanical stepping switch machine modeled after Enigma.
Used telephone stepping switches instead of rotors Pearl Harbor attack
preparations encoded in Purple, decoded hours before attack.
Japan's PURPLE Encryption:
The Japanese were most efficient at destroying their cryptographic machines during World War II. To this date, not even one complete machine has been discovered. However, with pure genius and ingenuity, cryptographers from the United States were able to crack the PURPLE, as it was called.
In 1940, the British, Polish, and French were working hard on cracking the German Enigma (and for the most part, succeeding). Meanwhile, the US Signals Intelligence Service (SIS) worked on Japan code machine. What made cracking the PURPLE more difficult than the enigma was that it used a revolutionary concept in machine cryptography.
In fact, PURPLE used telephone stepping switches instead of rotors in its encryption scheme. A stepping switch was used in those days to route telephone calls from source to destination. By utilizing this, the encrypted letters did not follow patterns that codebreakers were accustomed to with traditional rotor machines.
So, William Friedman, a renowned cryptographer, was curious about what could make these patterns? Eventually, he and his team were able to put together a version of the PURPLE machine almost exactly the same as the Japanese version. However, Friedman did so without ever seeing a picture or blueprint of the machine; he only saw messages encrypted with it!
So, knowing how the machine worked, the United States was able to build a machine to crack the code of PURPLE. It figured out the code used to encrypt messages, thus allowing for plaintext viewing by the user. As a result of Friedman뭩 work, allied lives were saved, and battles were won, helping to bring the war to a close as quickly as possible.
The following picture is the only part of a real Japanese PURPLE machine to have ever been recovered by anyone. Everything else was destroyed.
telephone stepping switches : In electrical controls, a stepping switch (also called a uniselector) is an electromechanical device which allows an input connection to be connected to one of a number of possible output connections, under the control of a series of electrical pulses. The major use for these devices was in early automatic telephone exchanges (commonly called Strowger exchanges) to route telephone calls. Stepping switches were invented by Almon Strowger in 1888
Chapter 2 Crypto Basics

38. Post-WWII History
Claude Shannon  father of the science of information theory
Computer revolution  lots of data
Data Encryption Standard (DES), 70’s
Public Key cryptography, 70’s
CRYPTO conferences, 80’s
Advanced Encryption Standard (AES), 90’s
Crypto moved out of classified world
Chapter 2 Crypto Basics

39. Claude Shannon The founder of Information Theory
1949 paper: Comm. Thy. of Secrecy Systems
Confusion and diffusion
Confusion  obscure relationship between plaintext and ciphertext
Diffusion  spread plaintext statistics through the ciphertext
One-time pad only uses confusion, while double transposition only uses diffusion
Proved that one-time pad is secure
Chapter 2 Crypto Basics

40. Taxonomy of Cryptography
Symmetric Key
Same key for encryption as for decryption
Stream ciphers
Block ciphers
Public Key
Two keys, one for encryption (public), and one for decryption (private)
Digital signatures  nothing comparable in symmetric key crypto
Hash algorithms
Chapter 2 Crypto Basics

41. Taxonomy of Cryptanalysis
Ciphertext only
Algorithm and ciphertext only
Known plaintext
Some of plaintext and corresponding ciphertext
Chosen plaintext
Limited access to cryptosystem
“Lunchtime attack”
Protocols might encrypt chosen text
Chapter 2 Crypto Basics

42. Taxonomy of Cryptanalysis
Adaptively chosen plaintext
Choose the plaintext, View the resulting ciphertext, And choose the plaintext based the observed ciphertext
Related key
Forward search
(public key crypto only)
The case: plaintext is “yes” or “no”
Etc., etc.
In cryptography, a related-key attack is any form of cryptanalysis where the attacker can observe the operation of a cipher under several different keys whose values are initially unknown, but where some mathematical relationship connecting the keys is known to the attacker. For example, the attacker might know that the last 80 bits of the keys are always the same, even though he doesn't know, at first, what the bits are. This appears, at first glance, to be an unrealistic model; it would certainly be unlikely that an attacker could persuade a human cryptographer to encrypt plaintexts under numerous secret keys related in some way. However, modern cryptography is implemented using complex computer protocols, often not vetted by cryptographers, and in some cases a related-key attack is made very feasible.
Chapter 2 Crypto Basics