Presentation is loading. Please wait.

Presentation is loading. Please wait.

David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 4: Captain Ridley’s Shooting Party.

Published byBrittany Bridges Modified over 9 years ago

Similar presentations

Presentation on theme: "David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 4: Captain Ridley’s Shooting Party."— Presentation transcript:

1 David Evans http://www.cs.virginia.edu/evans CS588: Security and Privacy University of Virginia Computer Science Lecture 4: Captain Ridley’s Shooting Party Confronted with the prospect of defeat, the Allied cryptanalysts had worked night and day to penetrate German ciphers. It would appear that fear was the main driving force, and that adversity is one of the foundations of successful codebreaking. Simon Singh, The Code Book Bletchley Park (June 2004)

2 1 February 2005University of Virginia CS 5882 Menu Enigma Take pictures

3 1 February 2005University of Virginia CS 5883 Enigma Invented commercially, 1923 Used by German Navy, Army, Air Force About 50,000 in use Modified throughout WWII, believed to be perfectly secure Kahn’s Codebreakers (1967) didn’t know it was broken Turing’s 1940 Treatise on Enigma declassified in 1996 Enigma machine at Bletchley Park

4 1 February 2005University of Virginia CS 5884 Enigma Mechanics Three rotors (chosen from 5), scrambled letters Each new letter, first rotor advances Other rotors advance when ring is hit Reflector Plugboard

5 1 February 2005University of Virginia CS 5885 Rotor Wheel Simple substitution No letter maps to itself Latch turns next rotor once per rotation

6 1 February 2005University of Virginia CS 5886 Settings Plugboard –Swap pairs of letters –Number of plugs varied (  6 until 1939, up to 10 after) Rotors –Before 1939 – Three rotors (choose order) –After – Choose 3 from set of 5 rotors –Orientations (3) – start orientations of the 3 rotors –Ring settings (2) – when next ring advances Reflector –Fixed symmetric substitution (A  B  B  A) Involution: R 2 = Identity

7 1 February 2005University of Virginia CS 5887 Image from http://en.wikipedia.org/wiki/Image:Enigma-action.png

8 1 February 2005University of Virginia CS 5888 Enigma Schematic Plaintext B Plugboard L Rotor 1 M Rotor 2 N Rotor 3 R Reflector Ciphertext C = B -1 L -1 M -1 N -1 RNMLB(P) Turns every letter

9 1 February 2005University of Virginia CS 5889 Does Decryption Work? C = B -1 L -1 M -1 N -1 RNMLB(P) P = B -1 L -1 M -1 N -1 RNMLB(C) = B -1 L -1 M -1 N -1 RNMLB(B -1 L -1 M -1 N - 1 RNMLB(P)) R is an involution (A  B  B  A) Plaintext B Plugboard L Rotor 1 M Rotor 2 N Rotor 3 R Reflector Ciphertext

10 1 February 2005University of Virginia CS 58810 Key Space Plugboard with 6 plugs: (26 * 25/2) * … * (16*15 / 2) / 6!  10 11 Plaintext B Plugboard L Rotor 1 M Rotor 2 N Rotor 3 R Reflector Ciphertext Rotors: (26!) 3  4 * 10 26 Ring settings: 26 2 = 676 Message Key: 26 3 = 17576 Reflector: (26 * 25 / 2) * (24 * 23 / 2) * … * (2 * 2) / 13!  8 * 10 12 Total:  6 * 10 110 (not all are different) >> 10 84 atoms in the universe

11 1 February 2005University of Virginia CS 58811 Capture a Machine “This fictional movie about a fictional U.S. submarine mission is followed by a mention in the end credits of those actual British missions. Oh, the British deciphered the Enigma code, too. Come to think of it, they pretty much did everything in real life that the Americans do in this movie.” Roger Ebert’s review of U-571

12 1 February 2005University of Virginia CS 58812 Key Space Plugboard with 6 plugs: (26 * 25/2) * … * (16*15 / 2) / 6!  10 11 Plaintext B Plugboard L Rotor 1 M Rotor 2 N Rotor 3 R Reflector Ciphertext Rotors: (26!) 3  4 * 10 26 Ring settings: 26 2 = 676 Message Key: 26 3 = 17576 Reflector: (26 * 25 / 2) * (24 * 23 / 2) * … * (2 * 2) / 13!  8 * 10 12 Total:  7 * 10 19 5 C 3 = 60 1 (> 2 64, still too big for exhaustive search)

13 1 February 2005University of Virginia CS 58813 Plugless Enigma Plaintext L Rotor 1 M Rotor 2 N Rotor 3 R Reflector Ciphertext C = L -1 M -1 N -1 RNML(P) Used in Spanish Civil War (1937-9) by all participants (including British, Germans and Spanish)

14 1 February 2005University of Virginia CS 58814 Plugless Enigma Plaintext L Rotor 1 M Rotor 2 N Rotor 3 R Reflector Ciphertext C = L -1 ZL(P) L(C) = ZL(P) Z Probable words (4-10 letters) What is the probability that Rotor 2 and Rotor 3 do not move in 4 letter crib? = 22/26 =.85

15 1 February 2005University of Virginia CS 58815 Plugless Enigma C = L -1 ZL(P) L(C) = ZL (P) Plaintext L Rotor 1 M Rotor 2 N Rotor 3 R Reflector Ciphertext Z Z is a fixed substitution (monoalphabetic) if R2&3 don’t move Guess a crib – have C and P guess L(C) = ZL(P guess ) Try possible rotors and starting positions for L : 3 rotor choices * 26 starting positions = 78 L i = effect of Rotor 1 in the i th rotation position

16 1 February 2005University of Virginia CS 58816 C = XTSWVUINZ P guess = wehrmacht (“armed forces”) L 1 ( X ) = Z L 1 ( w ) L 2 ( T ) = Z L 2 ( e ) L 3 ( S ) = Z L 3 ( h ) L 4 ( W ) = Z L 4 ( r ) L 5 ( V ) = Z L 5 ( m ) L 6 ( U ) = Z L 6 ( a ) L 7 ( I ) = Z L 7 ( c ) ABCDEFGHIJKLMNOPQRSTUVWXYZ EKMFLGDQVZNTOWYHXUSPAIBRCJ JEKMFLGDQVZNTOWYHXUSPAIBRC CJEKMFLGDQVZNTOWYHXUSPAIBR RCJEKMFLGDQVZNTOWYHXUSPAIB BRCJEKMFLGDQVZNTOWYHXUSPAI IBRCJEKMFLGDQVZNTOWYHXUSPA AIBRCJEKMFLGDQVZNTOWYHXUSP Batons Attack For a given starting rotor setting, solve for Z 1: R = Z (B)2: S = Z (F)3: X = Z (G)4: P = Z (Y) 5: U = Z (V)6: H = Z (I)7: M = Z (B)

17 1 February 2005University of Virginia CS 58817 Batons Attack We know Z is: –Function: contradiction if Z (x)  Z (x) –Involution: contradiction if Z (x) = y & Z (y)  x Find a rotor setting with no contradictions –Long enough crib, there will only be one –But if crib is too long, need to deal with R2 moving List of probable 4-10 letter words Catalog to map Z to rotor settings for R2 and R3

18 1 February 2005University of Virginia CS 58818 Plugless Enigma Plaintext L Rotor 1 M Rotor 2 N Rotor 3 R Reflector Ciphertext Ideas for making Batons attack harder?

19 1 February 2005University of Virginia CS 58819 Enter the Plugboard Plaintext B Plugboard L Rotor 1 M Rotor 2 N Rotor 3 R Reflector Ciphertext 6 plugs: (26*25)/2 * (24*23)/2 * … * (16*15/2) / 6! = 10 11 times more keys

20 1 February 2005University of Virginia CS 58820 Operation Day key (distributed in code book) Each message begins with message key (“randomly” chosen by sender) encoded using day key Message key sent twice to check After receiving message key, re-orient rotors according to key

21 1 February 2005University of Virginia CS 58821 Repeated Message Key P = P 1 P 2 P 3 P 1 P 2 P 3 C 1 = E 1 (P 1 ) = B -1 L 1 -1 M -1 N -1 RNML 1 B(P 1 ) C 4 = E 4 (P 1 ) =B -1 L 4 -1 M -1 N -1 RNML 4 B(P 1 ) P 1 = E 1 (C 1 ) = B -1 L 1 -1 M -1 N -1 RNML 1 B(C 1 ) P 1 = E 4 (C 4 ) = B -1 L 4 -1 M -1 N -1 RNML 4 B(C 4 ) E 4 o E 1 (C 1 ) = E 4 (P 1 ) = C 4 E 4 o E 1 = B -1 L 1 -1 M -1 N -1 RNML 1 B B -1 L 4 -1 M -1 N -1 RNML 4 B = B -1 L 1 -1 M -1 N -1 RNML 1 L 4 -1 M -1 N -1 RNML 4 B

22 1 February 2005University of Virginia CS 58822 Letter Permutations Symmetry of Enigma: if E pos (x) = y we know E pos (y) = x Given message openings DMQ VBM E 1 (m 1 ) = D E 4 (m 1 ) = V E 1 oE 4 (D) = V VON PUY=> E 1 (D) = m 1 PUC FMQ=> E 4 (E 1 (D)) = V With enough message openings, we can build complete cycles for each position pair: E 1 oE 4 = (DVPFKXGZYO) (EIJMUNQLHT) (BC) (RW) (A) (S) Note: Cycles must come in pairs of equal length

23 1 February 2005University of Virginia CS 58823 Composing Involutions E 1 and E 2 are involutions (x  y  y  x) Without loss of generality, we can write: E 1 contains (a 1 a 2 ) (a 3 a 4 ) … (a 2k-1 a 2k ) E 2 contains (a 2 a 3 ) (a 4 a 5 ) … (a 2k a 1 ) E 1 E 2 a 1  a 2 a 2  x = a 3 or x = a 1 a 3  a 4 a 4  x = a 5 or x = a 1 Why can’t x be a 2 or a 3 ?

24 1 February 2005University of Virginia CS 58824 Rejewski’s Theorem E 1 contains (a 1 a 2 ) (a 3 a 4 ) … (a 2k-1 a 2k ) E 4 contains (a 2 a 3 ) (a 4 a 5 ) … (a 2k a 1 ) E 1 E 4 contains (a 1 a 3 a 5 …a 2k-1 ) (a 2k a 2k-2 … a 4 a 2 ) The composition of two involutions consists of pairs of cycles of the same length For cycles of length n, there are n possible factorizations

25 1 February 2005University of Virginia CS 58825 Factoring Permutations E 1 E 4 = (DVPFKXGZYO) (EIJMUNQLHT) (BC) (RW) (A) (S) (A) (S) = (AS) o (SA) (BC) (RW) = (BR)(CW) o (BW)(CR) or = (BW)(RC) o (WC) (BR) (DVPFKXGZYO) (EIJMUNQLHT) = (DE)(VI)… or (DI)(VJ) … or (DJ)(VM) … … (DT)(VE)10 possibilities

26 1 February 2005University of Virginia CS 58826 How many factorizations? (DVPFKXGZYO) (EIJMUNQLHT) D  a 2 E1E1 E2E2 a 2  V V  a 4 a 4  P Once we guess a 2 everything else must follow! So, only n possible factorizations for an n-letter cycle Total to try = 2 * 10 = 20 E 2 E 5 and E 3 E 6 likely to have about 20 to try also  About 20 3 (8000) factorizations to try (still too many in pre-computer days)

27 1 February 2005University of Virginia CS 58827 Luckily… Operators picked message keys (“cillies”) –Identical letters –Easy to type (e.g., QWE) If we can guess P 1 = P 2 = P 3 (or known relationships) can reduce number of possible factorizations If we’re lucky – this leads to E 1 …E 6

28 1 February 2005University of Virginia CS 58828 Solving? E 1 = B -1 L -1 Q LB E 2 = B -1 L -2 Q L 2 B E 3 = B -1 L -3 Q L 3 B E 4 = B -1 L -4 Q L 4 B E 5 = B -1 L -5 Q L 5 B E 6 = B -1 L -6 Q L 6 B 6 equations, 3 unknowns Not known to be efficiently solvable

29 1 February 2005University of Virginia CS 58829 Solving? E 1 = B -1 L -1 Q LB BE 1 B -1 = L -1 Q L 6 equations, 2 unknowns – solvable Often, know plugboard settings (didn’t change frequently) 6 possible arrangements of 3 rotors, 26 3 starting locations = 105,456 possibilities Poles spent a year building a catalog of cycle structures covering all of them (until Nov 1937): 20 mins to break Then Germans changed reflector and they had to start over.

30 1 February 2005University of Virginia CS 58830 1939 Early 1939 – Germany changes scamblers and adds extra plugboard cables, stop double- transmissions –Poland unable to cryptanalyze 25 July 1939 – Rejewski invites French and British cryptographers –Gives England replica Enigma machine constructed from plans, cryptanalysis 1 Sept 1939 – Germany invades Poland, WWII starts

31 1 February 2005University of Virginia CS 58831 Bletchley Park Alan Turing leads British effort to crack Enigma Use cribs (“WETTER” transmitted every day at 6am) to find structure of plugboard settings Built “bombes” to automate testing 10,000 people worked at Bletchley Park on breaking Enigma (100,000 for Manhattan Project)

32 1 February 2005University of Virginia CS 58832 Alan Turing’s “Bombe” Steps through all possible rotor positions (26 3 ), testing for probable plaintext; couldn’t search all plugboard settings (> 10 12 ); take advantage of loops in cribs

33 1 February 2005University of Virginia CS 58833 Enigma Cryptanalysis Relied on combination of sheer brilliance, mathematics, espionage, operator errors, and hard work Huge impact on WWII –Britain knew where German U-boats were –Advance notice of bombing raids –But...keeping code break secret more important than short-term uses The Coventry bombing story isn’t true, but decoy scouts is

34 1 February 2005University of Virginia CS 58834

35 1 February 2005University of Virginia CS 58835 Charge Now: take pictures Next time: Block Ciphers I have office hours today, 2:30-3:30 Problem Set 1 Due Thursday Turing’s Hut 8 at Bletchley Park

Download ppt "David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 4: Captain Ridley’s Shooting Party."

Similar presentations

Classical Encryption Techniques Week 6-wend. One-Time Pad if a truly random key as long as the message is used, the cipher will be secure called a One-Time.

Classical Encryption Techniques Week 6-wend. One-Time Pad if a truly random key as long as the message is used, the cipher will be secure called a One-Time.
Origin and Nature of the Allied Cryptographic Advantage During World War II By Grant Musick.

Origin and Nature of the Allied Cryptographic Advantage During World War II By Grant Musick.
Ciphers and Permutations. Monoalphabetic Cipher is simply a permutation abcdefghijklmnopqrstuvwxyz SATBUCVDWEXFYGZRQPONMLKJIH Cycle Form (ASOZHDB) (CTNGVLF)

Ciphers and Permutations. Monoalphabetic Cipher is simply a permutation abcdefghijklmnopqrstuvwxyz SATBUCVDWEXFYGZRQPONMLKJIH Cycle Form (ASOZHDB) (CTNGVLF)
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Team Name: team13 Programmer: 陳則凱 b99605005 Tester: 劉典恆 b01901185.

Team Name: team13 Programmer: 陳則凱 b Tester: 劉典恆 b
Solving the Enigma How the Western Allies Cracked the German Secret Codes During WW II.

Solving the Enigma How the Western Allies Cracked the German Secret Codes During WW II.
Enigma? Several Images from Wikipedia (an online encyclopedia)

Enigma? Several Images from Wikipedia (an online encyclopedia)
Enigma Meghan Emilio Faculty Sponsor: Ralph Morelli (Computer Science)

Enigma Meghan Emilio Faculty Sponsor: Ralph Morelli (Computer Science)
Modern Cryptography.

Modern Cryptography.
Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa Spring 2006 David Evans Class 4: Modern Cryptography

Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa Spring 2006 David Evans Class 4: Modern Cryptography
CS 555Topic 11 Cryptography CS 555 Topic 1: Overview of the Course & Introduction to Encryption.

CS 555Topic 11 Cryptography CS 555 Topic 1: Overview of the Course & Introduction to Encryption.
Sigaba 1 Sigaba Sigaba 2 Sigaba  Used by Americans during WWII o And afterwards (to about 1948)  Never broken o Germans quit collecting, considered.

Sigaba 1 Sigaba Sigaba 2 Sigaba  Used by Americans during WWII o And afterwards (to about 1948)  Never broken o Germans quit collecting, considered.
A Glimpse of the History of Cryptography

A Glimpse of the History of Cryptography
CSE331: Introduction to Networks and Security Lecture 17 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 17 Fall 2002.
Cryptography in World War II

Cryptography in World War II
Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
Enigma Meghan Emilio Advisor: Professor Ralph Morelli April 2004.

Enigma Meghan Emilio Advisor: Professor Ralph Morelli April 2004.
What is Cryptography? Definition: The science or study of the techniques of secret writing, esp. code and cipher systems, methods, and the like Google.

What is Cryptography? Definition: The science or study of the techniques of secret writing, esp. code and cipher systems, methods, and the like Google.
Enigma 1 Enigma Enigma 2 Enigma  Developed and patented (in 1918) by Arthur Scherbius  Many variations on basic design  Eventually adopted by Germany.

Enigma 1 Enigma Enigma 2 Enigma  Developed and patented (in 1918) by Arthur Scherbius  Many variations on basic design  Eventually adopted by Germany.
Computer Security CS 426 Lecture 3

Computer Security CS 426 Lecture 3

Similar presentations

Ads by Google