Cryptography Part 1: Classical Ciphers Jerzy Wojdyło May 4, 2001

Cryptography, Jerzy Wojdylo, 5/4/01 Overview  Classical Cryptography –Simple Cryptosystems –Cryptoanalysis of Simple Cryptosystems  Shannon’s Theory of Secrecy  Modern Encryption Systems –DES, Rijndel –RSA  Signature Schemes

Cryptography, Jerzy Wojdylo, 5/4/01 Cryptosystem A cryptosystem is a five-tuple ( P, C, K, E, D ), where the following are satisfied: 1. P is a finite set of possible plaintexts 2. C is a finite set of possible ciphertexts 3. K, the keyspace, is a finite set of possible keys 4.  K  K,  e K  E (encryption rule),  d K  D (decryption rule). Each e K : P  C and d K : C  P are functions such that  x  P, d K (e K (x)) = x.

Cryptography, Jerzy Wojdylo, 5/4/01 Notation  English alphabet  Lower case: a, b, c,…, z for plaintext  Upper case: A, B, C,…, Z for ciphertext  For encryption and decryption algorithms, we will substitute letters a, b, c,…, z with numbers 0, 1, 2,…, 25.

Cryptography, Jerzy Wojdylo, 5/4/01 Classical Cryptography  Monoalphabetic Ciphers Once a key is chosen, each alphabetic character of a plaintext is mapped onto a unique alphabetic character of a ciphertext. –The Shift Cipher (Caesar Cipher) –The Substitution Cipher –The Affine Cipher

Cryptography, Jerzy Wojdylo, 5/4/01 Classical Cryptography  Polyalphabetic Ciphers Each alphabetic character of a plaintext can be mapped onto m alphabetic characters of a ciphertext. Usually m is related to the encryption key. –The Vigenère Cipher –The Hill Cipher –The Permutation Cipher

Cryptography, Jerzy Wojdylo, 5/4/01 The Shift (Caesar) Cipher Let P = C = K = Z 26.  x  P,  y  C,  K  K, define e K (x) = x + K (mod 26) and d K (y) = y - K (mod 26). Example on

Cryptography, Jerzy Wojdylo, 5/4/01 The Substitution Cipher Let P = C = Z 26, let K = S 26  x  P,  y  C,    K, define e  (x) =  (x) and d  (x) =  -1 (x).  Example on

Cryptography, Jerzy Wojdylo, 5/4/01 The Affine Cipher Let P = C = Z 26, let K = {(a, b)  Z 26  Z 26 | gcd(a, 26) = 1}.  x  P,  y  C,  K  K, define e K (x) = ax + b (mod 26) and d K (y) = a -1 (y – b) (mod 26).  Example on www.

Cryptography, Jerzy Wojdylo, 5/4/01 The Vigenère Cipher Let m  Z +, let P = C = K = (Z 26 ) m. For a key K = (k 1, k 2,,…, k m ), we define e K (x 1, x 2,,…, x m ) = (x 1 + k 1, x 2 + k 2,…, x m + k m ) and d K (x 1, x 2,,…, x m ) = (x 1 – k 1, x 1 – k 1,…, x m – k m ) where all operations are modulo 26. This is an example (www) of a block cipher.www

Cryptography, Jerzy Wojdylo, 5/4/01 The Hill Cipher Let m  Z +, let P = C = (Z 26 ) m, let K = {m  m invertible matrices over Z 26 }. For a key K, we define e K (x) = Kx (mod 26) and d K (y) = K -1 y (mod 26).  Example MATLAB.

Cryptography, Jerzy Wojdylo, 5/4/01 The Permutation Cipher Let m  Z +, let P = C = (Z 26 ) m, let K = S m. For a key (i.e. a permutation) π we define e π (x 1, x 2,,…, x m ) = (x π (1), x π (2),…, x π (m) ) and d π (y 1, y 2,,…, y m )=(y π -1 (1), y π -1 (2),…, y π -1 (m) ) where π -1 is the inverse permutation to π. (The Hill Cipher, where K = a permutation matrix.)

Cryptography, Jerzy Wojdylo, 5/4/01 Cryptoanalysis  Kerchkhoff’s Principle: cryptosystem (the algorithm) is NOT secret, the key is secret.  Common attacks to obtain the key –Ciphertext-only –Known plaintext –Chosen plaintext –Chosen ciphertext

Cryptography, Jerzy Wojdylo, 5/4/01 Attack on a Shift Cipher  Ciphertext-only  Exhaustive search  26 cases  Very insecure cipher

Cryptography, Jerzy Wojdylo, 5/4/01 Cryptoanalysis of a Monoalphabetic Cipher  Ciphertext-only attack  Letter frequencies the English language

Cryptography, Jerzy Wojdylo, 5/4/01 Attack on a Substitution Cipher  Insecure cipher, even though the number of possible keys is 26! = (approximately ·10 26 )  Letter frequencies calculator  www www

Cryptography, Jerzy Wojdylo, 5/4/01 Attack on the Vigenère Cipher  Kasiski test (m, length of the key) –Fredrich Wilhelm Kasiski (1863) –Charles Babbage (1854, result remained secret)  Two identical segments of plaintext will be encrypted to the same ciphertext if their occurrence in the plaintext is x position apart, where x is a multiple of m.

Cryptography, Jerzy Wojdylo, 5/4/01 Attack on the Vigenère Cipher CHREEVOAHMAERATBIAXXWTNXBEEOP HBSBQMQEQERBWRVXUOAKXAOSXXWE AHBWGJMMQMNKGRFVGXWTRZXWIAKL XFPSKAUTEMNDCMGTSXMXBTUIADNGM GPSRELXNJELXVRVPRTULHDNQWTWDTY GBPHXTFALJHASVBFXNGLLCHRZBWELE KMSJIKNBHWRJGNMGJSGLXFEYPHAGNR BIEQJTAMRVLCRREMNDGLXRRIMGNSNR WCHRQHAEYEVTAQEBBIPEEWEVKAKOE WADREMXMTBHHCHRTKDNVRZCHRCLQ OHPWQAIIWXNRMGWOIIFKEE

Cryptography, Jerzy Wojdylo, 5/4/01 Attack on the Vigenère Cipher  Positions of CHR: 1, 166, 236, 276, 286.  Differences of positions: 166 – 1 = – 1 = – 1 = – 1 = 285  The gcd of these differences is 5, so the key is most likely of length m = 5.

Cryptography, Jerzy Wojdylo, 5/4/01 Attack on the Vigenère Cipher  Divide the ciphertext into 5 subsrtings (positions 5k, 5k+1, 5k+2, 5k+3, 5k+4)  Analize each substring as a monoalphabetic cipher.  Continue on  Also an insecure cipher

Cryptography, Jerzy Wojdylo, 5/4/01 Cryptonalysis of the Hill Cipher  Number of keys k = number of invertible m  m matrices with coefficients from Z 26. Does anyone know the formula?  If p is prime, the alphabet is Z p then  If p = 29 and m34510 k1.4· · · ·10 146

Cryptography, Jerzy Wojdylo, 5/4/01 Cryptonalysis of the Hill Cipher  Easily broken with known plaintext attack.  Permutation Cipher = Hill Cipher, where the key is a permutation matrix.  Both ciphers are insecure.

Cryptography, Jerzy Wojdylo, 5/4/01 Perfect Secrecy  A cryptosystem is computationally secure if the best algorithm for breaking it requires at least N operations, where N is some specified, very large number. Problems…  A cryptosystem is unconditionally secure if it cannot be broken with infinite computational resources.

Cryptography, Jerzy Wojdylo, 5/4/01 Perfect Secrecy  None of the classical cryptosystems is even computationally secure.  However the Shift Cipher, the Substitution Cipher, and the Vigènere Cipher are unconditionally secure if only one element of plaintext is encrypted with a given key! REALLY???

Cryptography, Jerzy Wojdylo, 5/4/01 Perfect Secrecy  Claude Shannon “Communication Theory of Secrecy Systems”, Bell Systems Technical Journal, (1949).  A cryptosystem has perfect secrecy if p P (x|y) = p P (x) for any x  P and y  C. That is the a posteriori probability that the plaintext is x, given that the ciphertext is y, is identical to the a priori probability that the plaintext is x.

Cryptography, Jerzy Wojdylo, 5/4/01 Perfect Secrecy  Theorem (Shannon). Suppose the 26 keys in the Shift Cipher are used with equal probability 1/26. Then for any plaintext probability distribution, the Shift Cipher has perfect secrecy.  Consequences: One-time Pad Cryptosystem (Gilbert Vernam, 1917). Key, plaintext, and ciphertext have the same length. Problems with keys: very long, distribution. Each key can be used only ONCE!

The End Cryptography, Part 1: Classical Ciphers Cryptography Part 2: Modern Cryptosystems Stay Tuned…