Chapter 2 Crypto Basics How to speak crypto Substitution Cipher Transposition Cipher One-Time Pad Codebook Cipher Crypto history Taxonomy

Crypto Cryptology  The art and science of making and breaking “secret codes” Cryptography  making “secret codes” Cryptanalysis  breaking “secret codes” Crypto  all of the above (and more) 암호학(Cryptology) “비밀코드”를 만들거나 해독하는 과학 암호생산(Cryptography) “비밀코드”를 만드는 것 암호분석(Cryptanalysis) “비밀코드”를 해독하는 것 암호(Crypto) 상기한 모든 것 또는 그 이상 Chapter 2 Crypto Basics

How to Speak Crypto A cipher or cryptosystem is used to encrypt the plaintext The result of encryption is ciphertext We decrypt ciphertext to recover plaintext A key is used to configure a cryptosystem A symmetric key cryptosystem uses the same key to encrypt as to decrypt A public key cryptosystem uses a public key to encrypt and a private key to decrypt (sign) 암호체계는 평문을 암호화 하는데 사용 암호화 결과는 암호문 암호문을 평문으로 복원하는 것은 복호화 키는 암호체계를 만드는데 사용 대칭키 암호체계는 같은 키를 암호화와 복호화를 위해 사용 공개키 암호체계는 공개키는 암호화, 개인키는 복호화(서명)에 사용 Chapter 2 Crypto Basics

Crypto Basis assumption Also known as Kerckhoffs Principle The system is completely known to the attacker Only the key is secret Also known as Kerckhoffs Principle Crypto algorithms are not secret Why do we make this assumption? Experience has shown that secret algorithms are weak when exposed Secret algorithms never remain secret Better to find weaknesses beforehand http://en.wikipedia.org/wiki/Kerckhoffs'_principle In cryptography, Kerckhoffs' principle (also called Kerckhoffs' assumption, axiom or law) was stated by Auguste Kerckhoffs in the 19th century: a cryptosystem should be secure even if everything about the system, except the key, is public knowledge. It was reformulated (perhaps independently) by Claude Shannon as "the enemy knows the system". In that form it is called Shannon's maxim. In contrast to security through obscurity, it is widely embraced by cryptographers. In accordance with Kerckhoffs' principle, the majority of civilian cryptography makes use of publicly-known algorithms. By contrast, ciphers used to protect classified government or military information are often kept secret (see Type 1 encryption). The law was one of six design principles laid down by Kerckhoffs for military ciphers. Translated from French, they are: The system must be practically, if not mathematically, indecipherable; It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience; Its key must be communicable and retainable without the help of written notes, and changeable or modifiable at the will of the correspondents; It must be applicable to telegraphic correspondence; It must be portable, and its usage and function must not require the concourse of several people; Finally, it is necessary, given the circumstances that command its application, that the system be easy to use, requiring neither mental strain nor the knowledge of a long series of rules to observe. Bruce Schneier ties it in with a belief that all security systems must be designed to fail as gracefully as possible: "Kerckhoffs' principle applies beyond codes and ciphers to security systems in general: every secret creates a potential failure point. Secrecy, in other words, is a prime cause of brittleness—and therefore something likely to make a system prone to catastrophic collapse. Conversely, openness provides ductility."[1] It is worth expanding on what Schneier means by brittleness: after all, any security system depends crucially on keeping some things secret. What Schneier means is that the things which are kept secret ought to be those which are least costly to change should they be inadvertently disclosed. A cryptographic algorithm may be implemented by hardware and software which is widely distributed among its users; if security depended on keeping that secret, then disclosure would lead to major logistic headaches in developing, testing and distributing implementations of a new algorithm. Whereas if the secrecy of the algorithm were not important, but only that of the keys used with the algorithm, then disclosure of the keys would require the much less arduous process of generating and distributing new keys. Or in other words, the fewer and simpler the things one needs to keep secret in order to ensure the security of the system, the easier it is to maintain that security. Eric Raymond extends this principle in support of open source software, saying "Any security software design that doesn't assume the enemy possesses the source code is already untrustworthy; therefore, *never trust closed source*. [2] The controversial idea that open-source software is inherently more secure than closed-source is promoted by the concept of security through transparency. It's possible to have a secret cryptosystem while still reaping the benefits of public cryptography research: make a non-weakening change to a public algorithm, like changing the Nothing up my sleeve numbers, or, in the case of Symmetric-key algorithms, chaining the public cipher with an unrelated secret cipher. An example of technology which relies upon a secret cryptosystem is WAPI, the wireless LAN security standard the Chinese government has proposed to encompass civilian uses on a global scale. Chapter 2 Crypto Basics

Crypto as Black Box A generic use of crypto key key plaintext encrypt decrypt ciphertext A generic use of crypto Chapter 2 Crypto Basics

Simple Substitution Plaintext: fourscoreandsevenyearsago Key: Ciphertext a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C Ciphertext: IRXUVFRUHDAGVHYHABHDUVDIR Shift by 3 is “Caesar’s cipher” Chapter 2 Crypto Basics

Ceasar’s Cipher Decryption Suppose we know a Ceasar’s cipher is being used Ciphertext: VSRQJHEREVTXDUHSDQWU Plaintext Ciphertext a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C Plaintext: spongebobsquarepants Chapter 2 Crypto Basics

Not-so-Simple Substitution Shift by n for some n  {0,1,2,…,25} Then key is n Example: key = 7 Plaintext Ciphertext a b c d e f g h i j k l m n o p q r s t u v w x y z H I J K L M N O P Q R S T U V W X Y Z A B C D E F G Chapter 2 Crypto Basics

Cryptanalysis I: Try Them All Given A simple substitution (shift by n) is used But the key is unknown Given ciphertext: meqefscerhcsyeviekmvp How to find the key? Exhaustive key search Only 26 possible keys  try them all! Solution: key = 4 IAMABOYANDYOUAREAGIRL Chapter 2 Crypto Basics

Even-less-Simple Substitution Key is some permutation of letters Need not be a shift For example Plaintext Ciphertext a b c d e f g h i j k l m n o p q r s t u v w x y z J I C A X S E Y V D K W B Q T Z R H F M P N U L G O Then 26! > 288 possible keys! Dominates the art of secret writing throughout the first millennium Chapter 2 Crypto Basics

Cryptanalysis II: Be Clever We know that a simple substitution is used But not necessarily a shift by n Can we find the key given ciphertext: PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXTOXBTFXQWAXBVCXQWAXFQJVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJVWLBTPQWAEBFPBFHCVLXBQUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGFOTHFEFBQUFTDHZBQPOTHXTYFTODXQHFTDPTOGHFQPBQWAQJJTODXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQWKFABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQJHDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQWAUVWFLQHGFXVAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAITIXPFHXAFQHEFZQWGFLVWPTOFFA Chapter 2 Crypto Basics

Cryptanalysis II Can’t try all 288 simple substitution keys Can we be more clever? English letter frequency counts… Chapter 2 Crypto Basics

Cryptanalysis II Ciphertext: Decrypt this message using info below PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXTOXBTFXQWAXBVCXQWAXFQJVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJVWLBTPQWAEBFPBFHCVLXBQUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGFOTHFEFBQUFTDHZBQPOTHXTYFTODXQHFTDPTOGHFQPBQWAQJJTODXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQWKFABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQJHDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQWAUVWFLQHGFXVAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAITIXPFHXAFQHEFZQWGFLVWPTOFFA Decrypt this message using info below Ciphertext frequency counts: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 21 26 6 10 12 51 25 9 3 1 15 28 42 27 4 24 22 8 Chapter 2 Crypto Basics

Frequency analysis histrory Discovered by the Arabs Earliest known description of frequency analysis is in a book by the 9-century scientist al-Kindi Rediscovered or introduced from the Arabs in Europe during the Renaissance Frequency analysis made substitution cipher inscure. Chapter 2 Crypto Basics

Cryptanalysis: Terminology Cryptosystem is secure if best known attack is to try all keys Cryptosystem is insecure if any shortcut attack is known By this definition, an insecure system might be harder to break than a secure system! Chapter 2 Crypto Basics

 Double Transposition Plaintext: attackxatxdawn Permute rows and columns  Ciphertext: xtawxnattxadakc Key: matrix size and permutations (3,5,1,4,2) and (1,3,2) Chapter 2 Crypto Basics

One-time Pad Encryption e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111 Encryption: Plaintext  Key = Ciphertext P h e i l t r 001 000 010 100 111 101 K 110 C s Chapter 2 Crypto Basics

One-time Pad Decryption e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111 Decryption: Ciphertext  Key = Plaintext C s r l h t 110 101 100 001 111 K 000 P 010 e i Chapter 2 Crypto Basics

One-time Pad Double agent claims sender used “key”: C P s r l h t K k 110 101 100 001 111 K 000 P 011 010 k i e e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111 Chapter 2 Crypto Basics

One-time Pad Sender is captured and claims the key is: C P s r l h t K 110 101 100 001 111 K 000 011 P 010 e i k e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111 Chapter 2 Crypto Basics

One-time Pad Summary Provably secure, when used correctly Ciphertext provides no info about plaintext All plaintexts are equally likely Pad must be random, used only once Pad is known only by sender and receiver Pad is same size as message No assurance of message integrity Why not distribute message(plaintext) the same way as the pad(key)? Chapter 2 Crypto Basics

Real-world One-time Pad Project VENONA Soviet spy messages from U.S. in 1940’s Nuclear espionage, etc. Thousands of messaged Spy carried one-time pad into U.S. Spy used pad to encrypt secret messages Repeats within the “one-time” pads made cryptanalysis possible espionage [éspienà:¥|èspien:¥] n. (타인R타국에 대한) 스파이 행위, 첩보 활동, 정찰. a novel of intrigue and ∼ 음모 및 스파이 소설. political[military] ∼ 정치[군사] 정보 활동 Chapter 2 Crypto Basics

VENONA Decrypt (1944) [C% Ruth] learned that her husband [v] was called up by the army but he was not sent to the front. He is a mechanical engineer and is now working at the ENORMOUS [ENORMOZ] [vi] plant in SANTA FE, New Mexico. [45 groups unrecoverable] detain VOLOK [vii] who is working in a plant on ENORMOUS. He is a FELLOWCOUNTRYMAN [ZEMLYaK] [viii]. Yesterday he learned that they had dismissed him from his work. His active work in progressive organizations in the past was cause of his dismissal. In the FELLOWCOUNTRYMAN line LIBERAL is in touch with CHESTER [ix]. They meet once a month for the payment of dues. CHESTER is interested in whether we are satisfied with the collaboration and whether there are not any misunderstandings. He does not inquire about specific items of work [KONKRETNAYa RABOTA]. In as much as CHESTER knows about the role of LIBERAL's group we beg consent to ask C. through LIBERAL about leads from among people who are working on ENOURMOUS and in other technical fields. “Ruth” == Ruth Greenglass “Liberal” == Julius Rosenberg “Enormous” == the atomic bomb Chapter 2 Crypto Basics

Codebook Literally, a book filled with “codewords” Zimmerman Telegram encrypted via codebook Februar 13605 fest 13732 finanzielle 13850 folgender 13918 Frieden 17142 Friedenschluss 17149 : : Modern block ciphers are codebooks! More on this later… Chapter 2 Crypto Basics

Zimmerman Telegram One of most famous codebook ciphers ever Led to US entry in WWI Ciphertext shown here… Chapter 2 Crypto Basics

Zimmerman Telegram Decrypted British had recovered partial codebook Able to fill in missing parts Chapter 2 Crypto Basics

A Few Historical Items Crypto timeline Answers.com Wikipedia Transposition cipher Spartan Scytale[saiteil] Substitution cipher Caesar’s cipher Poe’s The Gold Bug: See here Election of 1876 http://100.naver.com/100.nhn?docid=183115 풍뎅이 [The Gold-Bug] 요약 미국의 시인 E.A.포의 단편소설. 저자 포 장르 소설 발표 1843년 본문 1843년 발표. 1845년 《단편집》에 수록되었다. 남(南)캐롤라이나주의 새리번섬에 사는 르글란드는 어느 날 우연히 바닷가에서 희귀한 풍뎅이와 한 조각의 양피지(羊皮紙)를 발견하고 그 양피지를 불에 쬐어서 나타난 암호를 단서로 섬에 숨겨진 보물의 소재를 알아낸다. 밤중에 반신반의하는 친구와 하인을 데리고 숲으로 들어가 암호에 있는 대로 마른가지 끝에 달린 해골의 한쪽 눈에서 실로 맨 풍뎅이를 늘어뜨렸더니 그 땅속에서 예의 보석이 나온다. 유명한 해적 선장 키드의 보물전설과 포가 특기로 하는 암호 해독을 결부시킨 독특한 추리소설이다. Chapter 2 Crypto Basics

Election of 1876 “Rutherfraud” Hayes vs “Swindling” Tilden: Popular vote was virtual tie Electoral college delegations for 4 states (including Florida) in dispute Commission: All 4 states to Hayes Tilden accused Hayes of bribery Was it true? delegation [dèlegéiòen] n.1 대표 파견[임명]; (권한R임무 등의) 위임, 위촉. Chapter 2 Crypto Basics

Election of 1876 Encrypted messages by Tilden supporters later emerged Cipher: Partial codebook, plus transposition Codebook substitution for important words ciphertext plaintext Copenhagen Greenbacks Greece Hayes Rochester votes Russia Tilden Warsaw telegram : : Chapter 2 Crypto Basics

Election of 1876 Apply codebook to original message Pad message to multiple of 5 words (total length, 10,15,20,25 or 30 words) For each length, a fixed permutation applied to resulting message Permutations found by comparing many messages of same length Note that the same key is applied to all messages of a given length Chapter 2 Crypto Basics

Election of 1876 Ciphertext: Warsaw they read all unchanged last are idiots can’t situation Codebook: Warsaw  telegram Transposition: 9,3,6,1,10,5,2,7,4,8 Plaintext: Can’t read last telegram. Situation unchanged. They are all idiots. A weak cipher made worse by reuse of key Lesson: Don’t reuse/overuse keys! Chapter 2 Crypto Basics

Early 20th Century WWI  Zimmerman Telegram “Gentlemen do not read each other’s mail”  Henry L. Stimson, Secretary of State, 1929 WWII  golden age of cryptanalysis Japanese Purple (codename MAGIC) German Enigma (codename ULTRA) Chapter 2 Crypto Basics

Enigma Machine Encryption machine used by Germans in the WWII, relies on electricity Plug board: allowed for pairs of letters to be remapped before the encryption process started and after it ended. Light board Keyboard Set of rotors: user must select three rotors from a set of rotors to be used in the machine. A rotor contains one-to-one mappings of all the letters. Reflector (half rotor). Chapter 2 Crypto Basics

How does it work? Current passes through: the plug board, the three rotors, the reflector which reverses the current, back through the three rotors, back through the plug board then the encrypted letter is lit on the display. For each letter, the rotors rotate. The rotors rotate such as the right most rotor must complete one revolution before the middle rotor rotated one position and so on. Chapter 2 Crypto Basics

Letters Remapped The whole encryption process for a single letter contains a minimum of 7 remappings (the current passes through the rotors twice) and a maximum of 9 remappings (if the letter has a connection in the plug board). Plug board performs the first remapping, if the letter has a connection in the plug board. Rotors remap letters. Each rotor contains one-to-one mappings of letters but since the rotors rotate on each key press, the mappings of the rotors change on every key press. The reflector does one more remapping, the one-to-one mappings are always the same. Chapter 2 Crypto Basics

Decryption Need the encrypted message, and know which rotors were used, the connections on the plug board and the initial settings of the rotors. Without the knowledge of the state of the machine when the original message was typed in, it is extremely difficult to decode a message. Chapter 2 Crypto Basics

Japanese Purple Machine Electromechanical stepping switch machine modeled after Enigma. Used telephone stepping switches instead of rotors Pearl Harbor attack preparations encoded in Purple, decoded hours before attack. http://library.thinkquest.org/28005/flashed/timemachine/courseofhistory/purple.shtml Japan's PURPLE Encryption: The Japanese were most efficient at destroying their cryptographic machines during World War II. To this date, not even one complete machine has been discovered. However, with pure genius and ingenuity, cryptographers from the United States were able to crack the PURPLE, as it was called. In 1940, the British, Polish, and French were working hard on cracking the German Enigma (and for the most part, succeeding). Meanwhile, the US Signals Intelligence Service (SIS) worked on Japan code machine. What made cracking the PURPLE more difficult than the enigma was that it used a revolutionary concept in machine cryptography. In fact, PURPLE used telephone stepping switches instead of rotors in its encryption scheme. A stepping switch was used in those days to route telephone calls from source to destination. By utilizing this, the encrypted letters did not follow patterns that codebreakers were accustomed to with traditional rotor machines. So, William Friedman, a renowned cryptographer, was curious about what could make these patterns? Eventually, he and his team were able to put together a version of the PURPLE machine almost exactly the same as the Japanese version. However, Friedman did so without ever seeing a picture or blueprint of the machine; he only saw messages encrypted with it! So, knowing how the machine worked, the United States was able to build a machine to crack the code of PURPLE. It figured out the code used to encrypt messages, thus allowing for plaintext viewing by the user. As a result of Friedman뭩 work, allied lives were saved, and battles were won, helping to bring the war to a close as quickly as possible. The following picture is the only part of a real Japanese PURPLE machine to have ever been recovered by anyone. Everything else was destroyed. telephone stepping switches : In electrical controls, a stepping switch (also called a uniselector) is an electromechanical device which allows an input connection to be connected to one of a number of possible output connections, under the control of a series of electrical pulses. The major use for these devices was in early automatic telephone exchanges (commonly called Strowger exchanges) to route telephone calls. Stepping switches were invented by Almon Strowger in 1888 Chapter 2 Crypto Basics

Post-WWII History Claude Shannon  father of the science of information theory Computer revolution  lots of data Data Encryption Standard (DES), 70’s Public Key cryptography, 70’s CRYPTO conferences, 80’s Advanced Encryption Standard (AES), 90’s Crypto moved out of classified world Chapter 2 Crypto Basics

Claude Shannon The founder of Information Theory 1949 paper: Comm. Thy. of Secrecy Systems http://netlab.cs.ucla.edu/wiki/files/shannon1949.pdf Confusion and diffusion Confusion  obscure relationship between plaintext and ciphertext Diffusion  spread plaintext statistics through the ciphertext One-time pad only uses confusion, while double transposition only uses diffusion Proved that one-time pad is secure Chapter 2 Crypto Basics

Taxonomy of Cryptography Symmetric Key Same key for encryption as for decryption Stream ciphers Block ciphers Public Key Two keys, one for encryption (public), and one for decryption (private) Digital signatures  nothing comparable in symmetric key crypto Hash algorithms Chapter 2 Crypto Basics

Taxonomy of Cryptanalysis Ciphertext only Algorithm and ciphertext only Known plaintext Some of plaintext and corresponding ciphertext Chosen plaintext Limited access to cryptosystem “Lunchtime attack” Protocols might encrypt chosen text Chapter 2 Crypto Basics

Taxonomy of Cryptanalysis Adaptively chosen plaintext Choose the plaintext, View the resulting ciphertext, And choose the plaintext based the observed ciphertext Related key Forward search (public key crypto only) The case: plaintext is “yes” or “no” Etc., etc. In cryptography, a related-key attack is any form of cryptanalysis where the attacker can observe the operation of a cipher under several different keys whose values are initially unknown, but where some mathematical relationship connecting the keys is known to the attacker. For example, the attacker might know that the last 80 bits of the keys are always the same, even though he doesn't know, at first, what the bits are. This appears, at first glance, to be an unrealistic model; it would certainly be unlikely that an attacker could persuade a human cryptographer to encrypt plaintexts under numerous secret keys related in some way. However, modern cryptography is implemented using complex computer protocols, often not vetted by cryptographers, and in some cases a related-key attack is made very feasible. Chapter 2 Crypto Basics