Presentation is loading. Please wait.

Presentation is loading. Please wait.

Classical Cryptography 2. Cryptanalysis. p2. Cryptanalysis [2] Cryptanalysis Assumption:(Kerckhoffs’ principle) The opponent knows the cryptosystem being.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Classical Cryptography 2. Cryptanalysis. p2. Cryptanalysis [2] Cryptanalysis Assumption:(Kerckhoffs’ principle) The opponent knows the cryptosystem being."— Presentation transcript:

1 Classical Cryptography 2. Cryptanalysis

2 p2. Cryptanalysis [2] Cryptanalysis Assumption:(Kerckhoffs’ principle) The opponent knows the cryptosystem being used Attack models: ciphertext only attack known plaintext attack chosen plaintext attack chosen ciphertext attack

3 p3. Cryptanalysis Statistical properties of the English language: (see Table 1.1) E: probability about 0.120 T, A, O, I, N, S, H, R: between 0.06 and 0.09 D, L: 0.04 C, U, M, W, F, G, Y, P, B: between 0.015 and 0.028 V, K, J, X, Q, Z: 0.01 Most common digrams: TH, HE, IN, ER, AN, ND, … Most common trigrams: THE, ING, AND, END, …

4 p4. Cryptanalysis letterprobabilityletterprobability A.082N.067 B.015O.075 C.028P.019 D.043Q.001 E.127R.060 F.022S.063 G.020T.091 H.061U.028 I.070V.010 J.002W.023 K.008X.001 L.040Y.020 M.024Z.001 Table 1.1

5 p5. Cryptanalysis Cryptanalysis of the Affine Cipher Ciphertext obtained form an Affine Cipher: FMXVEDKAPHFERBNDKRXRSREFMORUDSDKDVSH VUFEDKAPRKDLYEVLRHHRH Frequency analysis: Table 1.2 Most frequent ciphertext characters: R: 8 occurrences D: 7 occurrences E,H,K: 5 occurrences We now guess the mapping and solve the equation e K (x)=ax+b mod 26

6 p6. Cryptanalysis letterfrequencyletterfrequency A2N1 B1O1 C0P2 D7Q0 E5R8 F4S3 G0T0 H5U2 I0V4 J0W0 K5X2 L2Y1 M2Z0 Table 1.2

7 p7. Cryptanalysis Guess e → R,t → D  e K (4)=17, e K (19)=3  a=6, b=19  ILLEGAL (gcd(a,26)>1) Guess e → R,t → E  e K (4)=17, e K (19)=4  a=13, b=17  ILLEGAL (gcd(a,26)>1) Guess e → R,t → H  e K (4)=17, e K (19)=7  a=8, b=11  ILLEGAL (gcd(a,26)>1)

8 p8. Cryptanalysis Guess e → R,t → K  e K (4)=17, e K (19)=10  a=3, b=5  LEGAL  d K (y)=9y-19 Plaintext: algorithmsarequitegeneraldefinitionsofarithmetic processes

9 p9. Cryptanalysis Crytanalysis of the Substitution Cipher Ciphertext obtained from a Substitution Cipher YIFQFMZRWQFYVECFMDZPCVMRZWNMDZVEJBTX CDDUMJNDIFEFMDZCDMQZKCEYFCJMYRNCWJCS ZREXCHZUNMXZNZUCDRJXYYSMRTMEYIFZWDYV ZVYFZUMRZCRWNZDZJJXZWGCHSMRNMDHNCMF QCHZJMXJZWIEJYUCFWDJNZDIR Frequency analysis: Table 1.3 Z occurs most: guess d K (Z)=e occur at least 10 times: C,D,F,J,M,R,Y  These are encryptions of {t,a,o,i,n,s,h,r} But the frequencies do not vary enough to guess

10 p10. Cryptanalysis letterfrequencyletterfrequency A0N9 B1O0 C15P1 D13Q4 E7R10 F11S3 G1T2 H4U5 I5V5 J W8 K1X6 L0Y10 M16Z20 Table 1.3

11 p11. Cryptanalysis We now look at digrams: -Z or Z- 4 times: DZ,ZW Guess d K (W)=d: ed → ZW 3 times: NZ,ZU Guess d k (N)=h: he → NZ We have ZRW: guess d k (R)=n, end → ZRW We have CRW: guess d k (C)=a, and → CRW We have RNM, which decrypts to nh- Suggest h- begins a word: M should be a vowel We have CM: guess d k (M)=i (ai is more likely than ao)

12 p12. -----iend-----a-i-e-a YIFQFMZRWQFYVECFMDZPC -inedhi-e------a---i- VMRZWNMDZVEJBTXCDDUMJ h-----i-ea-i-e-a---a- NDIFEFMDZCDMQZKCEYFCJ i-nhad-a-en--a-e-hi-e MYRNCWJCSZREXCHZUNMXZ he-a-n-----in-i----ed NZUCDRJXYYSMRTMEYIFZW ---e---e-ineandhe-e-- DYVZVYFZUMRZCRWNZDZJJ -ed-a--inhi--hai--a-e XZWGCHSMRNMDHNCMFQCHZ -i--ed-----a-d--he--n JMXJZWIEJYUCFWDJNZDIR

13 p13. Cryptanalysis We have DZ(4 times) and ZD(2 times) Guess d K (D) ∈ {r,s,t} Since o is a common letter Guess e K (o) ∈ {F,J,Y} We have CFM and CJM: guess d K (Y)=o (aoi is impossible) Guess NMD → his : d K (D)=s Guess HNCMF → chair: d K (H)=c, d K (F)=r d K (J)=t: the → JNZ

14 p14. o-r-riend-ro--arise-a YIFQFMZRWQFYVECFMDZPC -inedhise--t---ass-it VMRZWNMDZVEJBTXCDDUMJ hs-r-riseasi-e-a-orat NDIFEFMDZCDMQZKCEYFCJ ionhadta-en--ace-hi-e MYRNCWJCSZREXCHZUNMXZ he-asnt-oo-in-i-o-red NZUCDRJXYYSMRTMEYIFZW so-e-ore-ineandhesett DYVZVYFZUMRZCRWNZDZJJ -ed-ac-inhischair-ace XZWGCHSMRNMDHNCMFQCHZ ti-ted--to-ardsthes-n JMXJZWIEJYUCFWDJNZDIR

15 p15. Cryptanalysis Now easy to determine the others d K (I)=ud K (Q)=f d K (V)=md K (E)=p d K (P)=xd K (B)=y d K (T)=gd K (X)=l d K (U)=wd K (K)=v d K (S)=kd K (G)=b

16 p16. ourfriendfromparisexa YIFQFMZRWQFYVECFMDZPC minedhisemptyglasswit VMRZWNMDZVEJBTXCDDUMJ hsurpriseasifevaporat NDIFEFMDZCDMQZKCEYFCJ ionhadtakenplacewhile MYRNCWJCSZREXCHZUNMXZ hewasntlookingipoured NZUCDRJXYYSMRTMEYIFZW somemorewineandhesett DYVZVYFZUMRZCRWNZDZJJ ledbackinhischairface XZWGCHSMRNMDHNCMFQCHZ tilteduptowardsthesun JMXJZWIEJYUCFWDJNZDIR

17 p17. Cryptanalysis Cryptanalysis of the Vigenère Cipher Kasiski test: Search the ciphertext for pairs of identical segments (length at least 3) Record the distance between the starting positions of the 2 segments If we obtain several such distances  1,  2, …, we would conjecture that the key length m divides all of the  i ’ s m divides the gcd of the  i ’ s

18 p18. Cryptanalysis Definition 1.7: Suppose X=x 1 x 2 … x n is a string of n alphabetic characters Index of coincidence of X, denoted I C (x): the probability that 2 random elements of X are identical We denote the frequencies of A,B,..,Z in X by f 0,f 1, …,f 25

19 p19. Cryptanalysis Using the expected probabilities in Table 1.1 p 0, …,p 25 : the expected probability of A, …,Z Suppose a ciphertext Y=y 1 y 2 …y n Define m substrings of Y 1, …,Y m of Y Each value I C (Y i ) should be roughly equal to 0.065

20 p20. Cryptanalysis If m is not the keyword length Y i will look much more random A completely random string will have

21 p21. Cryptanalysis Ciphertext obtained from a Vigenere Cipher CHREEVOAHMAERATBIAXXWTNXBEEOPHBSBQMQ EQERBWRVXUOAKXAOSXXWEAHBWGJMMQMNKG RFVGXWTRZXWIAKLXFPSKAUTEMNDCMGTSXMXB TUIADNGMGPSRELXNJELXVRVPRTULHDNQWTWD TYGBPHXTFALJHASVBFXNGLLCHRZBWELEKMSJIK NBHWRJGNMGJSGLXFEYPHAGNRBIEQJTAMRVLC RREMNDGLXRRIMGNSNRWCHRQHAEYEVTAQEBB IPEEWEVKAKOEWADREMXMTBHHCHRTKDNVRZC HRCLQOHPWQAIIWXNRMGWOIIFKEE CHR occurs in 5 places: 1,166,236,276,286 The distances from the 1 st one: 165,235,275,285 Gcd is 5: we guess m=5

22 p22. Cryptanalysis We check the indices of coincidences: m=1: I C (Y)=0.045 m=2: I C (Y 1 )=0.046, I C (Y 2 )=0.041 m=3: I C =0.043, 0.050, 0.047 m=4: I C =0.042, 0.039, 0.046, 0.040 m=5: I C =0.063, 0.068, 0.069, 0.061, 0.072 We sure m=5

23 p23. Cryptanalysis Now we want to determine the key K=(k 1,k 2,…,k m ) f 0,f 1,…f 25 : the frequencies of A,B,…,Z n’=n/m: the length of the string Y i The probability distribution of the 26 letters in Yi: Y i is obtained by shift encryption using a shift k i  We hope that the shifted probability distribution would be close to p 0,…,p 25

24 p24. Cryptanalysis Define the quantity Mg: for 0 ≤ g ≤ 25 If g=k i : If g≠ki, Mg will smaller than 0.065 Return to the previous example: Computes the values Mg, for 1≤i≤5 (Table 1.4) For each i, look for a value of Mg close to 0.065 From Table 1.4: K=(9,0,13,4,19) The keyword is JANET

25 p25. iValue of Mg(Y i ) 1 0.350.310.360.370.350.390.28 0.48 0.610.390.320.400.38 0.440.360.30 0.420.430.360.330.490.430.410.36 2 0.690.440.320.350.440.340.360.330.30 0.310.420.450.400.450.460.420.370.32 0.340.370.320.340.430.320.260.47 3 0.480.290.420.430.440.340.380.350.32 0.490.350.310.350.650.350.380.360.45 0.270.350.34 0.370.350.460.40 4 0.450.320.330.380.600.34 0.50 0.33 0.430.400.330.280.360.400.44 0.370.500.34 0.390.440.380.35 5 0.340.310.350.440.470.370.430.380.42 0.370.330.320.350.370.360.450.320.29 0.440.720.360.270.300.480.360.37 Table 1.4

26 p26. Cryptanalysis Cryptanalysis of the Hill Cipher Hill Cipher is difficult to break with a ciphertext-only attack  We use a known plaintext attack Suppose the unknown key is an m ╳ m matrix and we have at least m distinct plaintext-ciphertext pairs x j =(x 1,j,x 2,j, …,x m,j ) y j =(y 1,j,y 2,j, …,y m,j ) y j =e K (x j ), for 1≤j≤m

27 p27. Cryptanalysis We define 2 m ╳ m matrices X=(x i,j ) and Y=(y i,j )  Y=XK  K=X -1 Y e.g.: m=2, plaintext: friday, ciphertext: PQCFKU e K (5,17)=(15,16) e K (8,3)=(2,5) e K (0,24)=(10,20)

28 p28. Cryptanalysis e.g. (cont.) 

29 p29. Cryptanalysis Cryptanalysis of the LFSR Stream Cipher Recall this system is mudulo 2 y i =(x i +z i ) mod 2 (z 1, …,z m )=(k 1, … k m ) i≥1, c 0, …,c m-1 ∈ Z 2

30 p30. Cryptanalysis We use a known-plaintext attack here If plaintext length ≥ 2m We can solve the system of m linear equations:

31 p31. Cryptanalysis e.g.: suppose the system uses a 5-stage LFSR Plaintext: 101101011110010 Ciphertext: 011001111111000 Keystream bits: 110100100001010

32 p32. Cryptanalysis e.g. (cont.)   z i+5 =(z i +z i+3 ) mod 2

Download ppt "Classical Cryptography 2. Cryptanalysis. p2. Cryptanalysis [2] Cryptanalysis Assumption:(Kerckhoffs’ principle) The opponent knows the cryptosystem being."

Similar presentations

Kyle Johnson. Cryptology Comprised of both Cryptography and Cryptanalysis Cryptography - which is the practice and study of techniques for secure communication.

Kyle Johnson. Cryptology Comprised of both Cryptography and Cryptanalysis Cryptography - which is the practice and study of techniques for secure communication.
Cryptology  Terminology  plaintext - text that is not encrypted.  ciphertext - the output of the encryption process.  key - the information required.

Cryptology  Terminology  plaintext - text that is not encrypted.  ciphertext - the output of the encryption process.  key - the information required.
Fubswrjudskb Frxuvh qxpehu:4003-482 / 4005-705 Lqvwuxfwru:Lyrqd Ehcdnryd Wrgdb’v Wrslfv: 1.Orjlvwlfv: -Fodvv olvw -Vboodexv 2. Wkh Pdwk 3. Zkdw lv Fubswrjudskb.

Fubswrjudskb Frxuvh qxpehu: / Lqvwuxfwru:Lyrqd Ehcdnryd Wrgdb’v Wrslfv: 1.Orjlvwlfv: -Fodvv olvw -Vboodexv 2. Wkh Pdwk 3. Zkdw lv Fubswrjudskb.
Classical Cryptography 1. Introduction: Some Simple Cryptosystems.

Classical Cryptography 1. Introduction: Some Simple Cryptosystems.
Cryptography Cryptography: art or science of keeping messages secret Cryptology: branch of mathematics that studies the mathematical foundations of cryptographic.

Cryptography Cryptography: art or science of keeping messages secret Cryptology: branch of mathematics that studies the mathematical foundations of cryptographic.
Cryptography Kinder Garden Number theory and Classical Cryptosystems Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/10/2010 INCS.

Cryptography Kinder Garden Number theory and Classical Cryptosystems Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/10/2010 INCS.
Scott CH Huang COM 5336 Cryptography Lecture 1 Scott CH Huang COM 5336 Cryptography Lecture 1 Introduction.

Scott CH Huang COM 5336 Cryptography Lecture 1 Scott CH Huang COM 5336 Cryptography Lecture 1 Introduction.
Classical Cryptography. p2. Outline [1] Introduction: Some Simple Cryptosystems The Shift Cipher The Substitution Cipher The Affine Cipher The Vigen è.

Classical Cryptography. p2. Outline [1] Introduction: Some Simple Cryptosystems The Shift Cipher The Substitution Cipher The Affine Cipher The Vigen è.
CSE331: Introduction to Networks and Security Lecture 17 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 17 Fall 2002.
ICS 454: Principles of Cryptography

ICS 454: Principles of Cryptography
Shannon ’ s theory part II Ref. Cryptography: theory and practice Douglas R. Stinson.

Shannon ’ s theory part II Ref. Cryptography: theory and practice Douglas R. Stinson.
Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis.

Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis.
Chapter 2 Basic Encryption and Decryption (part B)

Chapter 2 Basic Encryption and Decryption (part B)
CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.

CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.
Cryptographic Algorithms Course information General Concepts Introductory examples Terminology Classical cryptography Cryptanalysis.

Cryptographic Algorithms Course information General Concepts Introductory examples Terminology Classical cryptography Cryptanalysis.
Classical Encryption Techniques

Classical Encryption Techniques
L1.1. An Introduction to Classical Cryptosystems Rocky K. C. Chang, February 2013.

L1.1. An Introduction to Classical Cryptosystems Rocky K. C. Chang, February 2013.
Chapter 2 – Classical Encryption Techniques

Chapter 2 – Classical Encryption Techniques
3.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 3 Traditional Symmetric-Key Ciphers.

3.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 3 Traditional Symmetric-Key Ciphers.
3.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 3 Traditional Symmetric-Key Ciphers.

3.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 3 Traditional Symmetric-Key Ciphers.

Similar presentations

Ads by Google