CSCI 5857: Encoding and Encryption History and Background Part 2: Polyalphabetic Substitution and Transposition CSCI 5857: Encoding and Encryption

Outline The Vigenére polyalpabetic cipher Enigma One-time pads Transposition ciphers Attacks on transposition ciphers Effectiveness of using multiple keys Avalanche effect as a goal of encryption Kerckhoff’s Principle

Polyalphabetic Substitution Single plaintext character may map to multiple possible ciphertext characters Frequency analysis attacks much harder Example: Vigenére cipher Key = some word or phrase of length n ci = (pi + ki mod n) mod 26

Vigenére cipher

Vigenére cipher Example: Key: “python” Plaintext: “rabbitwithbigpointyteeth” Ciphertext: r a b i t w h g p o n y e p y t h o n G Y U I V L M N H P B R

Polyalphabetic Substitution Vigenére cipher still vulnerable to frequency-based cryptanalysis Guess key size n Treat like n different monoalphabetic substitutions General principle: Larger n  more secure (that is, number of characters before repetition)

Enigma Developed by Germany in WW2 Arguably most complex pre-computer substitution cipher Flash simulation at http://enigmaco.de/enigma/enigma.html

Enigma Consists of 3 to 5 rotors Rotors turn after each character! Each rotor is a monoalphabetic mapping of a plaintext character to a ciphertext character Output of one rotor fed into input of next rotor so final output the result of 3 to 5 monoalphabetic substitutions Rotors turn after each character! Fast rotor: every character Middle rotor: every 26 characters Slow rotor: every 26 x 26 = 676 characters

Enigma

Enigma 26 x 26 x 26 = 17,576 characters entered before repetition Essentially invulnerable to frequency-based cryptanalysis (particularly if rotors changed at regular intervals) Required Alan Turing’s Bletchley Group to crack Captured machines to understand patterns Large numbers of known plaintexts Exhaustive searches using primitive computers

One-Time Pad Idea: Make key as long as the message itself! (Joseph Mauborgne) Unconditionally secure since inherently ambiguous for attacker

One-Time Pad Example ciphertext: NZAKBMK Ciphertext: NZAKBMK NZAKBMK Possible keys: nlvwker wtnkxmm Plaintext: goforit runaway Which key is correct? We have no way of knowing since both are plausible plaintext! ???

One-Time Pad Only get to use a key for one message Unlikely that different possible keys would still both result in plausible plaintext for more than one message Adversary could find correct key by process of elimination Ciphertext: WMGKZX WMGKZX Possible keys: nlvwke wtnkxm Plaintext: jblopt attack Would need to securely distribute a new key for each message! “This is the one!”

Transposition Cipher Ciphertext = Permutation of plaintext Simple example: runaway  r n w y u a a  rnwyuaa Key = permutation order Above example: 1357246

Column Transposition Ciphers Break plaintext into columns Example plaintext: longlongagoinagalaxyfaraway Key: 5241763 (size n of key = 7 columns) 5241763 longlon gagoina galaxyf arawayx Break plaintext into rows of size n of key Insert extra chars to fill columns (padding)

Column Transposition Ciphers 5 2 4 1 7 6 3 l o n g l o n g a g o i n a g a l a x y f a r a w a y x For column with label i: Append contents of column i to ciphertext Resulting ciphertext: goaw oaar nafx ngla lgga onyy lixa This column first This column second, and so on

Column Transposition Ciphers Decryption: Divide ciphertext into n strings Arrange strings into columns, with order of columns determined by key goawoaarnafxnglalggaonyylixa 5 2 4 1 7 6 3 l o n g l o n g a g o i n a g a l a x y f a r a w a y x

Attacks on Transposition Ciphers Brute force: Trying all possible permutations Key of size n  n! possible keys Solution: Choose key such that n! tests is computationally secure Cryptographic attacks: Eliminate column pairs with unlikely adjacent letters l i x a n a f x

Attacks on Transposition Ciphers Can apply transposition multiple times with same key to defeat cryptographic attacks Ciphertext after first permutation: goawoaarnafxngla lggaonyylixa Ciphertext after second permutation: wfglonayagoaaaly grnlanaxoxgi 5 2 4 1 7 6 3 g o a w o a a r n a f x n g l a l g g a o n y y l i x a

Using Multiple Keys Is this more secure than C = E(p, k1)? Important question: Does using multiple keys always make encryption more secure? Brute force attacks Cryptographic attacks Mathematically: C = E(E(p, k1), k2) Is this more secure than C = E(p, k1)?

Using Multiple Keys Example: Caesar cipher with 2 keys K1 = 3 K2 = 8 Equivalent to single key K3 = 11 Still only 26 possible mappings from P to C Example: Transposition cipher with 2 keys K1 = 5241763 K2 = 7325641 Equivalent to single key K3 = 6357142 Still only 7! possible mappings from P to C No more secure in either case!

Using Multiple Keys Only if: Using multiple keys greatly increases the number of possible ciphertexts Applying multiple keys is not equivalent to applying a single key No k3 such that E(E(p, k1), k2) = E(p, k3) After applying K1 and K2 Possible ciphertexts Possible ciphertexts After applying K1

Avalanche Effect Small change in key  Large change in ciphertext Desirable property of cipher Knowing some of key  rest of key still hard to find Not a property of substitution ciphers Property of transposition ciphers (particularly if applied multiple times)

Avalanche Effect Example: two similar keys applied twice plaintext = longlongagoinagalaxyfaraway k1 = 5241763 ciphertext = wfglonayagoaaalygrnlanaxoxgi k2 = 5421763 ciphertext = wfglaalylaoaonrygaangoaxnxgi Already different in 14 of 28 characters

Substitution and Transposition Most modern block ciphers combine substitution and transposition Substitution gives large number of possible keys to defeat brute force attacks Transposition gives avalanche effect to defeat cryptographic attacks

Kerckhoff’s Principle c = E(p, k) If can’t hide k, can we hide the encryption algorithm E? Assumption: Adversary knows algorithm we use All encryption algorithms currently in use are well known! Much easier to conceal/change key than entire algorithm