Presentation is loading. Please wait.

Presentation is loading. Please wait.

Classical Cryptography

Published byFrida Burgstaller Modified over 5 years ago

Similar presentations

Presentation on theme: "Classical Cryptography"— Presentation transcript:

1 Classical Cryptography
2. Cryptanalysis

2 Cryptanalysis [2] Cryptanalysis Assumption:(Kerckhoffs’ principle)
The opponent knows the cryptosystem being used Attack models: ciphertext only attack known plaintext attack chosen plaintext attack chosen ciphertext attack

3 Cryptanalysis Statistical properties of the English language: (see Table 1.1) E: probability about 0.120 T, A, O, I, N, S, H, R: between 0.06 and 0.09 D, L: 0.04 C, U, M, W, F, G, Y, P, B: between and 0.028 V, K, J, X, Q, Z: 0.01 Most common digrams: TH, HE, IN, ER, AN, ND, … Most common trigrams: THE, ING, AND, END, …

4 Cryptanalysis Table 1.1 letter probability A .082 N .067 B .015 O .075
.028 P .019 D .043 Q .001 E .127 R .060 F .022 S .063 G .020 T .091 H .061 U I .070 V .010 J .002 W .023 K .008 X L .040 Y M .024 Z Table 1.1

5 Cryptanalysis <1> Cryptanalysis of the Affine Cipher
Ciphertext obtained form an Affine Cipher: FMXVEDKAPHFERBNDKRXRSREFMORUDSDKDVSHVUFEDKAPRKDLYEVLRHHRH Frequency analysis: Table 1.2 Most frequent ciphertext characters: R: 8 occurrences D: 7 occurrences E,H,K: 5 occurrences We now guess the mapping and solve the equation eK(x)=ax+b mod 26

6 Cryptanalysis Table 1.2 letter frequency A 2 N 1 B O C P D 7 Q E 5 R 8
P D 7 Q E 5 R 8 F 4 S 3 G T H U I V J W K X L Y M Z Table 1.2

7 Cryptanalysis Guess e→R,t→D eK(4)=17, eK(19)=3 a=6, b=19
ILLEGAL (gcd(a,26)>1) Guess e→R,t→E eK(4)=17, eK(19)=4 a=13, b=17 Guess e→R,t→H eK(4)=17, eK(19)=7 a=8, b=11

8 Cryptanalysis Guess e→R,t→K eK(4)=17, eK(19)=10 a=3, b=5 LEGAL
dK(y)=9y-19 Plaintext: algorithmsarequitegeneraldefinitionsofarithmeticprocesses

9 Cryptanalysis <2> Crytanalysis of the Substitution Cipher
Ciphertext obtained from a Substitution Cipher YIFQFMZRWQFYVECFMDZPCVMRZWNMDZVEJBTXCDDUMJNDIFEFMDZCDMQZKCEYFCJMYRNCWJCSZREXCHZUNMXZNZUCDRJXYYSMRTMEYIFZWDYVZVYFZUMRZCRWNZDZJJXZWGCHSMRNMDHNCMFQCHZJMXJZWIEJYUCFWDJNZDIR Frequency analysis: Table 1.3 Z occurs most: guess dK(Z)=e occur at least 10 times: C,D,F,J,M,R,Y These are encryptions of {t,a,o,i,n,s,h,r} But the frequencies do not vary enough to guess

10 Cryptanalysis Table 1.3 letter frequency A N 9 B 1 O C 15 P D 13 Q 4 E
N 9 B 1 O C 15 P D 13 Q 4 E 7 R 10 F 11 S 3 G T 2 H U 5 I V J W 8 K X 6 L Y M 16 Z 20 Table 1.3

11 Cryptanalysis We now look at digrams: -Z or Z- 4 times: DZ,ZW
Guess dK(W)=d: ed→ZW 3 times: NZ,ZU Guess dk(N)=h: he→NZ We have ZRW: guess dk(R)=n, end→ZRW We have CRW: guess dk(C)=a, and→CRW We have RNM, which decrypts to nh- Suggest h- begins a word: M should be a vowel We have CM: guess dk(M)=i (ai is more likely than ao)

12 - i e n d a Y I F Q M Z R W V E C D P h N J B T X U K S H G

13 Cryptanalysis We have DZ(4 times) and ZD(2 times) Guess dK(D)∈{r,s,t}
Since o is a common letter Guess eK(o)∈{F,J,Y} We have CFM and CJM: guess dK(Y)=o (aoi is impossible) Guess NMD→his : dK(D)=s Guess HNCMF→chair: dK(H)=c, dK(F)=r dK(J)=t: the→JNZ

14 o - r i e n d a s Y I F Q M Z R W V E C D P h t N J B T X U K c S H G

15 Cryptanalysis Now easy to determine the others dK(I)=u dK(Q)=f dK(V)=m
dK(E)=p dK(P)=x dK(B)=y dK(T)=g dK(X)=l dK(U)=w dK(K)=v dK(S)=k dK(G)=b

16 o u r f i e n d m p a s x Y I F Q M Z R W V E C D P h t y g l w N J B T X U v K k c S H b G

17 Cryptanalysis <3> Cryptanalysis of the Vigenère Cipher
Kasiski test (1863): Search the ciphertext for pairs of identical segments (length at least 3) Record the distance between the starting positions of the 2 segments If we obtain several such distances d1,d2,…, we would conjecture that the key length m divides all of the di’s m divides the gcd of the di’s

18 Cryptanalysis Friedman’s index of coincidence (1920)
Suppose X=x1x2…xn is a string of n alphabetic characters Index of coincidence of X, denoted IC(X): the probability that 2 random elements of X are identical We denote the frequencies of A,B,..,Z in X by f0,f1,…,f25

19 Cryptanalysis Using the expected probabilities in Table 1.1
p0,…,p25: the expected probability of A,…,Z Suppose a ciphertext Y=y1y2…yn Define m substrings of Y1,…,Ym of Y Each value IC(Yi) should be roughly equal to 0.065

20 Cryptanalysis If m is not the keyword length
Yi will look much more random A completely random string will have

21 Cryptanalysis Ciphertext obtained from a Vigenere Cipher
CHREEVOAHMAERATBIAXXWTNXBEEOPHBSBQMQEQERBWRVXUOAKXAOSXXWEAHBWGJMMQMNKGRFVGXWTRZXWIAKLXFPSKAUTEMNDCMGTSXMXBTUIADNGMGPSRELXNJELXVRVPRTULHDNQWTWDTYGBPHXTFALJHASVBFXNGLLCHRZBWELEKMSJIKNBHWRJGNMGJSGLXFEYPHAGNRBIEQJTAMRVLCRREMNDGLXRRIMGNSNRWCHRQHAEYEVTAQEBBIPEEWEVKAKOEWADREMXMTBHHCHRTKDNVRZCHRCLQOHPWQAIIWXNRMGWOIIFKEE CHR occurs in 5 places: 1,166,236,276,286 The distances from the 1st one: 165,235,275,285 g.c.d. is 5: we guess m=5

22 Cryptanalysis We check the indices of coincidences: m=1: IC(Y)=0.045
m=2: IC(Y1)=0.046, IC(Y2)=0.041 m=3: IC=0.043, 0.050, 0.047 m=4: IC=0.042, 0.039, 0.046, 0.040 m=5: IC=0.063, 0.068, 0.069, 0.061, 0.072 We sure m=5

23 Cryptanalysis Now we want to determine the key K=(k1,k2,…,km)
f0,f1,…f25: the frequencies of A,B,…,Z n’=n/m: the length of the string Yi The probability distribution of the 26 letters in Yi: Yi is obtained by shift encryption using a shift ki We hope that the shifted probability distribution would be close to p0,…,p25

24 Cryptanalysis Define the quantity Mg: For each ki, i=1, …, m
for 0 ≤ g ≤ 25 If g=ki: If g≠ki, Mg will smaller than 0.065 Return to the previous example: Computes the values Mg, for 1≤i≤5 (Table 1.4) For each i, look for a value of Mg close to 0.065 From Table 1.4: K=(9,0,13,4,19) The keyword is JANET

25 i Value of Mg(Yi) 1 0.35 0.31 0.36 0.37 0.39 0.28 0.48 0.61 0.32 0.40 0.38 0.44 0.30 0.42 0.43 0.33 0.49 0.41 2 0.69 0.34 0.45 0.46 0.26 0.47 3 0.29 0.65 0.27 4 0.60 0.50 5 0.72 Table 1.4

26 Cryptanalysis <4> Cryptanalysis of the Hill Cipher
Hill Cipher is difficult to break with a ciphertext-only attack We use a known plaintext attack Suppose the unknown key is an m╳m matrix and we have at least m distinct plaintext-ciphertext pairs xj=(x1,j,x2,j,…,xm,j) yj=(y1,j,y2,j,…,ym,j) yj=eK(xj), for 1≤j≤m

27 Cryptanalysis We define 2 m╳m matrices X=(xi,j) and Y=(yi,j) Y=XK
K=X-1Y e.g.: m=2, plaintext: friday, ciphertext: PQCFKU eK(5,17)=(15,16) eK(8,3)=(2,5) eK(0,24)=(10,20)

28 Cryptanalysis e.g. (cont.)

29 Cryptanalysis <5> Cryptanalysis of the LFSR Stream Cipher
Recall this system is mudulo 2 yi=(xi+zi) mod 2 (z1,…,zm)=(k1,…km) i≥1, c0,…,cm-1∈Z2

30 Cryptanalysis We use a known-plaintext attack here
If plaintext length ≥ 2m We can solve the system of m linear equations:

31 Cryptanalysis e.g.: suppose the system uses a 5-stage LFSR
Plaintext: Ciphertext: Keystream bits:

32 Cryptanalysis e.g. (cont.) zi+5=(zi+zi+3) mod 2

Download ppt "Classical Cryptography"

Similar presentations

Cryptology  Terminology  plaintext - text that is not encrypted.  ciphertext - the output of the encryption process.  key - the information required.

Cryptology  Terminology  plaintext - text that is not encrypted.  ciphertext - the output of the encryption process.  key - the information required.
Fubswrjudskb Frxuvh qxpehu:4003-482 / 4005-705 Lqvwuxfwru:Lyrqd Ehcdnryd Wrgdb’v Wrslfv: 1.Orjlvwlfv: -Fodvv olvw -Vboodexv 2. Wkh Pdwk 3. Zkdw lv Fubswrjudskb.

Fubswrjudskb Frxuvh qxpehu: / Lqvwuxfwru:Lyrqd Ehcdnryd Wrgdb’v Wrslfv: 1.Orjlvwlfv: -Fodvv olvw -Vboodexv 2. Wkh Pdwk 3. Zkdw lv Fubswrjudskb.
Classical Cryptography 1. Introduction: Some Simple Cryptosystems.

Classical Cryptography 1. Introduction: Some Simple Cryptosystems.
Cryptography Cryptography: art or science of keeping messages secret Cryptology: branch of mathematics that studies the mathematical foundations of cryptographic.

Cryptography Cryptography: art or science of keeping messages secret Cryptology: branch of mathematics that studies the mathematical foundations of cryptographic.
Cryptography Kinder Garden Number theory and Classical Cryptosystems Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/10/2010 INCS.

Cryptography Kinder Garden Number theory and Classical Cryptosystems Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/10/2010 INCS.
Classical Cryptography 2. Cryptanalysis. p2. Cryptanalysis [2] Cryptanalysis Assumption:(Kerckhoffs’ principle) The opponent knows the cryptosystem being.

Classical Cryptography 2. Cryptanalysis. p2. Cryptanalysis [2] Cryptanalysis Assumption:(Kerckhoffs’ principle) The opponent knows the cryptosystem being.
Classical Cryptography. p2. Outline [1] Introduction: Some Simple Cryptosystems The Shift Cipher The Substitution Cipher The Affine Cipher The Vigen è.

Classical Cryptography. p2. Outline [1] Introduction: Some Simple Cryptosystems The Shift Cipher The Substitution Cipher The Affine Cipher The Vigen è.
CSE331: Introduction to Networks and Security Lecture 17 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 17 Fall 2002.
Index of Coincidence Meghan Emilio Professor Ralph Morelli February 18, 2004.

Index of Coincidence Meghan Emilio Professor Ralph Morelli February 18, 2004.
Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis.

Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis.
Chapter 2 Basic Encryption and Decryption (part B)

Chapter 2 Basic Encryption and Decryption (part B)
CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.

CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.
Cryptographic Algorithms Course information General Concepts Introductory examples Terminology Classical cryptography Cryptanalysis.

Cryptographic Algorithms Course information General Concepts Introductory examples Terminology Classical cryptography Cryptanalysis.
L1.1. An Introduction to Classical Cryptosystems Rocky K. C. Chang, February 2013.

L1.1. An Introduction to Classical Cryptosystems Rocky K. C. Chang, February 2013.
Chapter 2 – Classical Encryption Techniques

Chapter 2 – Classical Encryption Techniques
Cryptanalysis. The Speaker  Chuck Easttom  

Cryptanalysis. The Speaker  Chuck Easttom  
Classical Monoalphabetic Ciphers Day 2. Keyword cipher Select a keyword, if the keyword has any repeated letters, drop all but the first occurrence. Write.

Classical Monoalphabetic Ciphers Day 2. Keyword cipher Select a keyword, if the keyword has any repeated letters, drop all but the first occurrence. Write.
Cryptanalysis of the Vigenere Cipher Using Signatures and Scrawls To break a Vigenere cipher you need to know the keyword length. – The Kasiski and Friedman.

Cryptanalysis of the Vigenere Cipher Using Signatures and Scrawls To break a Vigenere cipher you need to know the keyword length. – The Kasiski and Friedman.
Chapter 2 Basic Encryption and Decryption. csci5233 computer security & integrity 2 Encryption / Decryption encrypted transmission AB plaintext ciphertext.

Chapter 2 Basic Encryption and Decryption. csci5233 computer security & integrity 2 Encryption / Decryption encrypted transmission AB plaintext ciphertext.
Section 2.2: Affine Ciphers; More Modular Arithmetic Practice HW (not to hand in) From Barr Textbook p. 80 # 2a, 3e, 3f, 4, 5a, 7, 8 9, 10 (Use affinecipherbreaker.

Section 2.2: Affine Ciphers; More Modular Arithmetic Practice HW (not to hand in) From Barr Textbook p. 80 # 2a, 3e, 3f, 4, 5a, 7, 8 9, 10 (Use affinecipherbreaker.

Similar presentations

Ads by Google