Chapter 3 Evolution of Classical Cryptography

Chapter 3 Evolution of Classical Cryptography
Cryptography-Application and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li

Outline Symmetric Cipher Substitution Ciphers Transposition Ciphers
Monoalphabetic Substitution Ciphers Polyalphabetic Substitution Ciphers Polygraphic Substitution Ciphers Transposition Ciphers Zhijun Li S /Autumn08/HIT

Model of Symmetric Cipher
Oscar CRYPTANALYST Alice Bob P C Message Source Encryption Algorithm C Insecure Channel P Decryption Algorithm K Secure Channel Key Generator Zhijun Li S /Autumn08/HIT

Formal Description A Cipher is (K,P,C, E, D) c=EK(p) p=DK(c)
Use the same key K to encrypt and decrypt So symmetric encryption K must be secret, why? Zhijun Li S /Autumn08/HIT

Math in Classical Ciphers
Typical transforms Substitution Substitute x by y if x present Example: axxbcx  ayybcy Permutation (Transposition) Transposes the alpha at position I by J Example: ababc  cabab Zhijun Li S /Autumn08/HIT

Example: Caesar Cipher
meet me after the toga party PHHW PH DIWHU WKH WRJD SDUWB m n o p Replaces each letter by 3rd letter further down the alphabet Encryption algorithm Y= EK(X)=(X+3) mod 26 Zhijun Li S /Autumn08/HIT

Shift Cipher: Definition
Associate numbers with the alphabet A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ={A, B, C, …, Z}=Z26 K= Z26 P=C=+ Encrypt a message m ci=ek(mi)=(mi+k) mod 26 Decrypt a ciphertext c mi=dk(ci)=(ci-k) mod 26 Zhijun Li S /Autumn08/HIT

Shift Cipher: Cryptanalysis
Search the key space - brute force |K|=26 LIZHZLVKWRUHSODFHOHWWHUV Ciphertext KHYGYKUJVQTGRNCEGNGVVGTU try shift of 1 JGXFXJTIUPSFQMBDFMFUUFST try shift of 2 IFWEWISHTOREPLACELETTERS try shift of 3 *** Plaintext HEVDVHRGSNQDOKZBDKDSSDQR try shift of 4 GDUCUGQFRMPCNJYACJCRRCPQ try shift of MJAIAMWLXSVITPEGIPIXXIVW try shift of 25 Zhijun Li S /Autumn08/HIT

Why Brute Force Can? |K| is too small
For brute force attack (alphabet of size n) complexity (n-1)/2 in average case complexity (n-1) in worst-case Lessons Learnt Larger the key space Zhijun Li S /Autumn08/HIT

Affine Cipher p=am+b mod m a and b define the key
An extension of the shift cipher p=am+b mod m a and b define the key Example: What’s wrong with this? ax1+bax2+b mod n Zhijun Li S /Autumn08/HIT

Affine Cipher: Definition
Message Space: P=Zn Cryptogram Space: C=Zn Key Space: K={(a,b)ZnXZn| gcd(a,n)=1} Encryption: ek(m)=am+b (mod n) Decryption: dk(c)=(c-b)a-1 (mod n) Zhijun Li S /Autumn08/HIT

Affine Cipher: Cryptanalysis
Brute force attack |K|=mX(m) for Zm |K|=312 for Z26 it is feasible for Z100 (100)=80 and |K|=8000 Computing by hand? Computing by computer! Zhijun Li S /Autumn08/HIT

Monoalphabetic Substitution
The key space: All permutations in  Encryption given a key : each letter m in the plaintext P is replaced with (m) Decryption given a key -1: each letter c in the cipherext C is replaced with -1(c) Example: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z  = B A D C Z H W Y G O Q X S V T R N M S K J I P F E U BECAUSE → AZDBJSZ Zhijun Li S /Autumn08/HIT

Strength of Substitution Cipher
Exhaustive search is infeasible key space size is 26!  4×1026 If every person on earth tried one per second, it would take 91 years Frequency statistical analysis Each language has certain features: frequency of letters, or of groups of two or more letters Substitution ciphers preserve the language features So vulnerable to frequency analysis attacks Zhijun Li S /Autumn08/HIT

Frequency of English Letters
Zhijun Li S /Autumn08/HIT

Other Frequency Features
EN is the most common two-letter combination, followed by RE, ER, and NT The letter A is often found in the beginning of a word or second from last. The letter Q is followed only by U And more … English: about 1.3 bits of information per letter Compress English with gzip – about 1:6 Zhijun Li S /Autumn08/HIT

A Cryptanalysis Example
Ciphertext: “XBW HGQW XS ACFPSUWG FWPGWXF CF AWWKZV CDQGJCDWA CD BHYJD DJXHGW; WUWD XBW ZWJFX PHGCSHF YCDA CF GSHFWA LV XBW KGSYCFW SI FBJGCDQ RDSOZWAQW OCXBBWZA IGSY SXBWGF.” Zhijun Li S /Autumn08/HIT

Frequency Analysis “XBW HGQW XS ACFPSUWG FWPGWXF CF AWWKZV CDQGJCDWA CD BHYJD DJXHGW; WUWD XBW ZWJFX PHGCSHF YCDA CF GSHFWA LV XBW KGSYCFW SI FBJGCDQ RDSOZWAQW OCXBBWZA IGSY SXBWGF.” W: 20 “Normal” English: C: 11 e 12% F: 11 t % G: 11 a 8% Zhijun Li S /Autumn08/HIT

Pattern Analysis “XBe HGQe XS ACFPSUeG FePGeXF CF AeeKZV CDQGJCDeA CD BHYJD DJXHGe; eUeD XBe ZeJFX PHGCSHF YCDA CF GSHFeA LV XBe KGSYCFe SI FBJGCDQ RDSOZeAQe OCXBBeZA IGSY SXBeGF.” XBe = “the” Most common trigrams in English: the = 6.4% and = 3.4% Zhijun Li S /Autumn08/HIT

Guessing “the HGQe tS ACFPSUeG FePGetF CF AeeKZV CDQGJCDeA CD hHYJD DJtHGe; eUeD the ZeJFt PHGCSHF YCDA CF GSHFeA LV the KGSYCFe SI FhJGCDQ RDSOZeAQe OCthheZA IGSY StheGF.” S = “o” Zhijun Li S /Autumn08/HIT

Guessing otheGF = “others”
“the HGQe to ACFPoUeG FePGetF CF AeeKZV CDQGJCDeA CD hHYJD DJtHGe; eUeD the ZeJFt PHGCoHF YCDA CF GoHFeA LV the KGoYCFe oI FhJGCDQ RDoOZeAQe OCthheZA IGoY otheGF.” otheGF = “others” Zhijun Li S /Autumn08/HIT

Guessing “sePrets” = “secrets”
“the HrQe to ACsPoUer sePrets Cs AeeKZV CDQrJCDeA CD hHYJD DJtHre; eUeD the ZeJst PHrCoHs YCDA Cs roHseA LV the KroYCse oI shJrCDQ RDoOZeAQe OCthheZA IroY others.” “sePrets” = “secrets” Zhijun Li S /Autumn08/HIT

Plaintext - John Chadwick
“The urge to discover secrets is deeply ingrained in human nature; even the least curious mind is roused by the promise of sharing knowledge withheld from others.” - John Chadwick Zhijun Li S /Autumn08/HIT

Ways to Improve the Security
Polyalphbetic substitution cipher The letter list is substituted by substitution list f=(f1,f2,…), x=x1x2…, c=ek(x)=f(x)=f1(x1)f2(x2)… Vigenère cipher Ploygram substitution cipher Multiple letters of plaintext substitute at the same time f:mm, c=ek(x)=f(x1x2…xm)f(xm+1xm+2…x2m)… Hill cipher Zhijun Li S /Autumn08/HIT

Vigenère Cipher: Example
Encrypt the message INDIVIDUAL CHARACTER with the key HOST m = INDI VIDU ALCH ARAC TER k = HOST HOST HOST HOST HOS Ek(m)=PBVB CWVN HZUA HFSV ASJ Zhijun Li S /Autumn08/HIT

Vigenère Cipher: Definition
P = C = K = (Zm)n K = (k1, k2, k3, …kn) eK(x1, x2,…xn) = (x1+k1,x2+k2,…,xn+kn) mod 26 dK(y1, y2,…yn) = (y1 -k1,y2 -k2,…,yn -kn) mod 26 Remark: |K| = mn Vigenere can mask the frequency Vigenere cipher is a collection of substitution ciphers! Zhijun Li S /Autumn08/HIT

Vigenère Cipher: Cryptanalysis
C1 = c1cm+1c2m+1… C2 = c2cm+2c2m+2… … Cm = cmc2mc3m… For k1 For k2 For km Attack each shift cipher Zhijun Li S /Autumn08/HIT

Vigenère Cipher: Cryptanalysis
Find the length of key Ways: Kasisky test Index of coincidence key: deceptivedeceptivedeceptive plaintext: wearediscoveredsaveyourself ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ Guess key length Zhijun Li S /Autumn08/HIT

Kasisky Test Note: two identical segments of plaintext will be encrypted to the same ciphertext if they occur at the distance ∆ and ∆≡0 (mod m), m is the key length Algorithm: Search for pairs of identical segments of length at least 3 Record distances between the two segments: ∆1, ∆2, … m divides gcd(∆1, ∆2, …) Zhijun Li S /Autumn08/HIT

Index of Coincidence A string x = x1x2 . . . xn Definition:
The Ic(x), index of coincidence of x is the probability that two random elements of x are identical: Ic(x)=xi,xjx Pr(xi=xj) Zhijun Li S /Autumn08/HIT

Computing the Ic(x) Ic(x) = i=025Cfi2/Cn2 = i=025fi(fi-1)/n(n-1)
Suppose the frequencies of A, B, C, , Z in x is f0, f1, , f25 Ic(x) = i=025Cfi2/Cn2 = i=025fi(fi-1)/n(n-1)  i=025(fi/n)2 Zhijun Li S /Autumn08/HIT

Ic(x) for Cryptanalysis
For English Ic(x)  i=025(fi/n)2  i=025(pi)2  0.065 For Random  26/262=0.038 Note: More random of x, more less Ic(x) Random means the less bias in distribution Zhijun Li S /Autumn08/HIT

Find the Key Length of Vigenère
C1 = c1cm+1c2m+1… C2 = c2cm+2c2m+2… … Cm = cmc2mc3m… If m is the key length, then the text ``looks like’’ English text: Ic(yi)=0.065 If m is not the key length, the text ``looks like’’ random text: Ic(yi)=0.038 Zhijun Li S /Autumn08/HIT

Vigenère Cipher: Improvement
Avoid repetition of key Autokey system Random key stream key: deceptivewearediscoveredsav plaintext: wearediscoveredsaveyourself ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA Zhijun Li S /Autumn08/HIT

One-Time Pad Use a random key stream K that was truly as long as the message Encryption: P = C = K = Z2n Ci = Pi  Ki Why One-Time? For KPA: Very easy to Know K Ki= PiCi Zhijun Li S /Autumn08/HIT

OTP: Security Analysis
Model: Complexity or Information Pr(M|C) =? Pr(M) Theorem: OTP is Unconditional Security Proof: P=C=K= {0,1}n, key is chosen randomly, and for any probability of the plaintext: Pr [P=m|C=c] = Pr[P=m,C=c]/Pr[C=c] = Pr[P=m]Pr[C=c|P=m]/m’M(Pr[P=m’]Pr[C=c|P=m’]) = Pr[P=m]1/2n/m’M(Pr[P=m’]1/2n) = Pr[P=m]/m’M(Pr[P=m’]) = Pr[P=m] Zhijun Li S /Autumn08/HIT

OTP: Practicability One-Time Long Key known-plaintext attacks
x  x’ = y  y’ Long Key As long as messages So NOT usable in commercial situation BUT usable in military situation Zhijun Li S /Autumn08/HIT

OTP: Rotor Machine Rotor Machine: multiple rounds of substitution
Multiple cylinders, each cylinder has 26 states Each state is a substitution cipher A m-cylinder has 26m substitution ciphers 263 = 17576 264 = 456,976 265 = 11,881,376 Zhijun Li S /Autumn08/HIT

Enigma Machine Total number of keys1016 Use 3 scramblers:
263=17576 substitutions Scramblers can be in any order: 3!=6 combinations Plug board: 6 pairs of letters are swapped 26!/(14!6!64)1011 Total number of keys1016 Zhijun Li S /Autumn08/HIT

Enigma Machine: Remark
How to use: Sender and receiver set up the machine the same way Plugboard setting Scrambler arrangement Scrambler starting position History: Patented by Scherius in 1918 Widely used by the Germans from 1926 First successfully broken by Polish’s in the thirties Broken by the UK intelligence during the WW II Zhijun Li S /Autumn08/HIT

Hill Cipher [ ] Key Matrix 2x2 key matrix: hide single-letter freq.
3x3 key matrix: hide single-letter and digram freq. … [ ] ú û ù ê ë é = 44 43 42 41 34 33 32 31 24 23 22 21 14 13 12 11 4 3 2 1 k m c Key Matrix Zhijun Li S /Autumn08/HIT

Hill Cipher : Definition
P = C = (Zm)n K = {all n  n invertible matrices over Zm} Encryption: ek(m) = m  k mod m Decryption: dk(c) = c  k-1 mod m Example: [ ] ú û ù ê ë é 9 8 3 4 5 1 7 2 6 mod 13 = Zhijun Li S /Autumn08/HIT

Hill Cipher: Cryptanalysis
Difficult to break under OCA Easy to break under KPA Know the n (the size of the key matrix) Can find the K easily Lots of c=mK  C=MK  K=CM-1 S(n) = O(n2) n is unknown How to find n? Zhijun Li S /Autumn08/HIT

Ciphers: Frequency Features
Zhijun Li S /Autumn08/HIT

Permutation Cipher Encryption: permutation on the plaintext letters
Example: transpositionciphers NRTSAIOPTSCONIINRHPSE Decryption? x 1 2 3 4 5 (x) x 1 2 3 4 5 -1(x) ? Zhijun Li S /Autumn08/HIT

Permutation Cipher: Definition
P = C = (Zm)n K = { |  a permutation of {1, 2, ….n}} e (x1, x2,…xn) = (x (1), x (2),…x (n)) d (x1, x2,…xn) = (x -1(1), x  -1(2),…x  -1(n)) Remark: Hide the meaning by rearranging the letter order Single-letter distribution in plaintext is useless! BUT there are other features in the plaintext! Zhijun Li S /Autumn08/HIT

Permutation Cipher Cryptanalysis
Features of English Frequent (scarce) patterns Such as th, ch … Pilot letters (can be followed limited letters) Such as q is always followed by u j can only followed by a vowel … Others … Example: P U 33 J U 25 A F 38 O I 42 E R 94 G R P A 61 J U 25 A R 82 O A 48 E E 81 G E More Preferable rank 274 358 Zhijun Li S /Autumn08/HIT

Some Transposition Ciphers
Rail Fence Cipher Example: E( I A E S W C M I A ) = IAESW CMIA Triangle Transposition Cipher Example: Scytale Cipher I = ECIIA SMAW C A M E I S A W Formal definition of the ciphers? Cryptanalysis? Zhijun Li S /Autumn08/HIT

Block Transposition Cipher
Encrypt: CRYPTANALYST (coat) C R Y P T A N A L Y S T Read by column 2,3,1,4  RAYYNSCTLPAT Decrypt: RAYYNSCTLPAT Read by row  CRYPTANALYST Zhijun Li S /Autumn08/HIT

Block Transposition Cryptanalysis
Step 1: Find possible block sizes A full rectangle: factoring Example: 153 = 3  51, 51  3, 17  9, 9  17 Only the last line is fragmentary: fill and factoring n-m < ml < n Step 2: Determining the correct rectangle The feature of the correct rectangle Each line represents a line of standard English A line of English consist of about 40% vowels Step 3: Break the permutation cipher Zhijun Li S /Autumn08/HIT

Double Block Transposition
Re-encryption using same block transposition Example: Why more secure? Initial plaintext: 1st transposition: 2nd transposition: Zhijun Li S /Autumn08/HIT

Introduction of Product Cipher
Combine two transforms Combine two same operators (iteration) Example: two permutation ciphers (1  2) Let the period of 1 is n1, the period of 2 is n2 If n1=n2, then 1  2 = ? If n1|n2, then 1  2 = ? If gcd(n1, n2) = 1, then 1  2 = ? Combine two different operators Example: Affine = Shift  Hill (n=1) Example: Substation  Transposition Zhijun Li S /Autumn08/HIT

Summary Ciphers can be characterized by: Number of keys used
asymmetric or private / symmetric or public Classical Ciphers are asymmetric ciphers Math transformations Substitution Monoalphabetic / Polyalphabetic Substitution Polygraphic Substitution Transpositions Permutation / Block transpositions Product Zhijun Li S /Autumn08/HIT

Homework HTTP URL Due Date Zhijun Li S1034040/Autumn08/HIT
Due Date Zhijun Li S /Autumn08/HIT

Chapter 3 Evolution of Classical Cryptography

Similar presentations

Presentation on theme: "Chapter 3 Evolution of Classical Cryptography"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Chapter 3 Evolution of Classical Cryptography

Similar presentations

Presentation on theme: "Chapter 3 Evolution of Classical Cryptography"— Presentation transcript:

Similar presentations

About project

Feedback