Download presentation
Presentation is loading. Please wait.
1
Chapter 3 Evolution of Classical Cryptography
Cryptography-Application and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li
2
Outline Symmetric Cipher Substitution Ciphers Transposition Ciphers
Monoalphabetic Substitution Ciphers Polyalphabetic Substitution Ciphers Polygraphic Substitution Ciphers Transposition Ciphers Zhijun Li S /Autumn08/HIT
3
Model of Symmetric Cipher
Oscar CRYPTANALYST Alice Bob P C Message Source Encryption Algorithm C Insecure Channel P Decryption Algorithm K Secure Channel Key Generator Zhijun Li S /Autumn08/HIT
4
Formal Description A Cipher is (K,P,C, E, D) c=EK(p) p=DK(c)
Use the same key K to encrypt and decrypt So symmetric encryption K must be secret, why? Zhijun Li S /Autumn08/HIT
5
Math in Classical Ciphers
Typical transforms Substitution Substitute x by y if x present Example: axxbcx ayybcy Permutation (Transposition) Transposes the alpha at position I by J Example: ababc cabab Zhijun Li S /Autumn08/HIT
6
Outline Symmetric Cipher Substitution Ciphers Transposition Ciphers
Monoalphabetic Substitution Ciphers Polyalphabetic Substitution Ciphers Polygraphic Substitution Ciphers Transposition Ciphers Zhijun Li S /Autumn08/HIT
7
Example: Caesar Cipher
meet me after the toga party PHHW PH DIWHU WKH WRJD SDUWB m n o p Replaces each letter by 3rd letter further down the alphabet Encryption algorithm Y= EK(X)=(X+3) mod 26 Zhijun Li S /Autumn08/HIT
8
Shift Cipher: Definition
Associate numbers with the alphabet A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ={A, B, C, …, Z}=Z26 K= Z26 P=C=+ Encrypt a message m ci=ek(mi)=(mi+k) mod 26 Decrypt a ciphertext c mi=dk(ci)=(ci-k) mod 26 Zhijun Li S /Autumn08/HIT
9
Shift Cipher: Cryptanalysis
Search the key space - brute force |K|=26 LIZHZLVKWRUHSODFHOHWWHUV Ciphertext KHYGYKUJVQTGRNCEGNGVVGTU try shift of 1 JGXFXJTIUPSFQMBDFMFUUFST try shift of 2 IFWEWISHTOREPLACELETTERS try shift of 3 *** Plaintext HEVDVHRGSNQDOKZBDKDSSDQR try shift of 4 GDUCUGQFRMPCNJYACJCRRCPQ try shift of MJAIAMWLXSVITPEGIPIXXIVW try shift of 25 Zhijun Li S /Autumn08/HIT
10
Why Brute Force Can? |K| is too small
For brute force attack (alphabet of size n) complexity (n-1)/2 in average case complexity (n-1) in worst-case Lessons Learnt Larger the key space Zhijun Li S /Autumn08/HIT
11
Affine Cipher p=am+b mod m a and b define the key
An extension of the shift cipher p=am+b mod m a and b define the key Example: What’s wrong with this? ax1+bax2+b mod n Zhijun Li S /Autumn08/HIT
12
Affine Cipher: Definition
Message Space: P=Zn Cryptogram Space: C=Zn Key Space: K={(a,b)ZnXZn| gcd(a,n)=1} Encryption: ek(m)=am+b (mod n) Decryption: dk(c)=(c-b)a-1 (mod n) Zhijun Li S /Autumn08/HIT
13
Affine Cipher: Cryptanalysis
Brute force attack |K|=mX(m) for Zm |K|=312 for Z26 it is feasible for Z100 (100)=80 and |K|=8000 Computing by hand? Computing by computer! Zhijun Li S /Autumn08/HIT
14
Monoalphabetic Substitution
The key space: All permutations in Encryption given a key : each letter m in the plaintext P is replaced with (m) Decryption given a key -1: each letter c in the cipherext C is replaced with -1(c) Example: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z = B A D C Z H W Y G O Q X S V T R N M S K J I P F E U BECAUSE → AZDBJSZ Zhijun Li S /Autumn08/HIT
15
Strength of Substitution Cipher
Exhaustive search is infeasible key space size is 26! 4×1026 If every person on earth tried one per second, it would take 91 years Frequency statistical analysis Each language has certain features: frequency of letters, or of groups of two or more letters Substitution ciphers preserve the language features So vulnerable to frequency analysis attacks Zhijun Li S /Autumn08/HIT
16
Frequency of English Letters
Zhijun Li S /Autumn08/HIT
17
Other Frequency Features
EN is the most common two-letter combination, followed by RE, ER, and NT The letter A is often found in the beginning of a word or second from last. The letter Q is followed only by U And more … English: about 1.3 bits of information per letter Compress English with gzip – about 1:6 Zhijun Li S /Autumn08/HIT
18
A Cryptanalysis Example
Ciphertext: “XBW HGQW XS ACFPSUWG FWPGWXF CF AWWKZV CDQGJCDWA CD BHYJD DJXHGW; WUWD XBW ZWJFX PHGCSHF YCDA CF GSHFWA LV XBW KGSYCFW SI FBJGCDQ RDSOZWAQW OCXBBWZA IGSY SXBWGF.” Zhijun Li S /Autumn08/HIT
19
Frequency Analysis “XBW HGQW XS ACFPSUWG FWPGWXF CF AWWKZV CDQGJCDWA CD BHYJD DJXHGW; WUWD XBW ZWJFX PHGCSHF YCDA CF GSHFWA LV XBW KGSYCFW SI FBJGCDQ RDSOZWAQW OCXBBWZA IGSY SXBWGF.” W: 20 “Normal” English: C: 11 e 12% F: 11 t % G: 11 a 8% Zhijun Li S /Autumn08/HIT
20
Pattern Analysis “XBe HGQe XS ACFPSUeG FePGeXF CF AeeKZV CDQGJCDeA CD BHYJD DJXHGe; eUeD XBe ZeJFX PHGCSHF YCDA CF GSHFeA LV XBe KGSYCFe SI FBJGCDQ RDSOZeAQe OCXBBeZA IGSY SXBeGF.” XBe = “the” Most common trigrams in English: the = 6.4% and = 3.4% Zhijun Li S /Autumn08/HIT
21
Guessing “the HGQe tS ACFPSUeG FePGetF CF AeeKZV CDQGJCDeA CD hHYJD DJtHGe; eUeD the ZeJFt PHGCSHF YCDA CF GSHFeA LV the KGSYCFe SI FhJGCDQ RDSOZeAQe OCthheZA IGSY StheGF.” S = “o” Zhijun Li S /Autumn08/HIT
22
Guessing otheGF = “others”
“the HGQe to ACFPoUeG FePGetF CF AeeKZV CDQGJCDeA CD hHYJD DJtHGe; eUeD the ZeJFt PHGCoHF YCDA CF GoHFeA LV the KGoYCFe oI FhJGCDQ RDoOZeAQe OCthheZA IGoY otheGF.” otheGF = “others” Zhijun Li S /Autumn08/HIT
23
Guessing “sePrets” = “secrets”
“the HrQe to ACsPoUer sePrets Cs AeeKZV CDQrJCDeA CD hHYJD DJtHre; eUeD the ZeJst PHrCoHs YCDA Cs roHseA LV the KroYCse oI shJrCDQ RDoOZeAQe OCthheZA IroY others.” “sePrets” = “secrets” Zhijun Li S /Autumn08/HIT
24
Plaintext - John Chadwick
“The urge to discover secrets is deeply ingrained in human nature; even the least curious mind is roused by the promise of sharing knowledge withheld from others.” - John Chadwick Zhijun Li S /Autumn08/HIT
25
Ways to Improve the Security
Polyalphbetic substitution cipher The letter list is substituted by substitution list f=(f1,f2,…), x=x1x2…, c=ek(x)=f(x)=f1(x1)f2(x2)… Vigenère cipher Ploygram substitution cipher Multiple letters of plaintext substitute at the same time f:mm, c=ek(x)=f(x1x2…xm)f(xm+1xm+2…x2m)… Hill cipher Zhijun Li S /Autumn08/HIT
26
Outline Symmetric Cipher Substitution Ciphers Transposition Ciphers
Monoalphabetic Substitution Ciphers Polyalphabetic Substitution Ciphers Polygraphic Substitution Ciphers Transposition Ciphers Zhijun Li S /Autumn08/HIT
27
Vigenère Cipher: Example
Encrypt the message INDIVIDUAL CHARACTER with the key HOST m = INDI VIDU ALCH ARAC TER k = HOST HOST HOST HOST HOS Ek(m)=PBVB CWVN HZUA HFSV ASJ Zhijun Li S /Autumn08/HIT
28
Vigenère Cipher: Definition
P = C = K = (Zm)n K = (k1, k2, k3, …kn) eK(x1, x2,…xn) = (x1+k1,x2+k2,…,xn+kn) mod 26 dK(y1, y2,…yn) = (y1 -k1,y2 -k2,…,yn -kn) mod 26 Remark: |K| = mn Vigenere can mask the frequency Vigenere cipher is a collection of substitution ciphers! Zhijun Li S /Autumn08/HIT
29
Vigenère Cipher: Cryptanalysis
C1 = c1cm+1c2m+1… C2 = c2cm+2c2m+2… … Cm = cmc2mc3m… For k1 For k2 For km Attack each shift cipher Zhijun Li S /Autumn08/HIT
30
Vigenère Cipher: Cryptanalysis
Find the length of key Ways: Kasisky test Index of coincidence key: deceptivedeceptivedeceptive plaintext: wearediscoveredsaveyourself ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ Guess key length Zhijun Li S /Autumn08/HIT
31
Kasisky Test Note: two identical segments of plaintext will be encrypted to the same ciphertext if they occur at the distance ∆ and ∆≡0 (mod m), m is the key length Algorithm: Search for pairs of identical segments of length at least 3 Record distances between the two segments: ∆1, ∆2, … m divides gcd(∆1, ∆2, …) Zhijun Li S /Autumn08/HIT
32
Index of Coincidence A string x = x1x2 . . . xn Definition:
The Ic(x), index of coincidence of x is the probability that two random elements of x are identical: Ic(x)=xi,xjx Pr(xi=xj) Zhijun Li S /Autumn08/HIT
33
Computing the Ic(x) Ic(x) = i=025Cfi2/Cn2 = i=025fi(fi-1)/n(n-1)
Suppose the frequencies of A, B, C, , Z in x is f0, f1, , f25 Ic(x) = i=025Cfi2/Cn2 = i=025fi(fi-1)/n(n-1) i=025(fi/n)2 Zhijun Li S /Autumn08/HIT
34
Ic(x) for Cryptanalysis
For English Ic(x) i=025(fi/n)2 i=025(pi)2 0.065 For Random 26/262=0.038 Note: More random of x, more less Ic(x) Random means the less bias in distribution Zhijun Li S /Autumn08/HIT
35
Find the Key Length of Vigenère
C1 = c1cm+1c2m+1… C2 = c2cm+2c2m+2… … Cm = cmc2mc3m… If m is the key length, then the text ``looks like’’ English text: Ic(yi)=0.065 If m is not the key length, the text ``looks like’’ random text: Ic(yi)=0.038 Zhijun Li S /Autumn08/HIT
36
Vigenère Cipher: Improvement
Avoid repetition of key Autokey system Random key stream key: deceptivewearediscoveredsav plaintext: wearediscoveredsaveyourself ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA Zhijun Li S /Autumn08/HIT
37
One-Time Pad Use a random key stream K that was truly as long as the message Encryption: P = C = K = Z2n Ci = Pi Ki Why One-Time? For KPA: Very easy to Know K Ki= PiCi Zhijun Li S /Autumn08/HIT
38
OTP: Security Analysis
Model: Complexity or Information Pr(M|C) =? Pr(M) Theorem: OTP is Unconditional Security Proof: P=C=K= {0,1}n, key is chosen randomly, and for any probability of the plaintext: Pr [P=m|C=c] = Pr[P=m,C=c]/Pr[C=c] = Pr[P=m]Pr[C=c|P=m]/m’M(Pr[P=m’]Pr[C=c|P=m’]) = Pr[P=m]1/2n/m’M(Pr[P=m’]1/2n) = Pr[P=m]/m’M(Pr[P=m’]) = Pr[P=m] Zhijun Li S /Autumn08/HIT
39
OTP: Practicability One-Time Long Key known-plaintext attacks
x x’ = y y’ Long Key As long as messages So NOT usable in commercial situation BUT usable in military situation Zhijun Li S /Autumn08/HIT
40
OTP: Rotor Machine Rotor Machine: multiple rounds of substitution
Multiple cylinders, each cylinder has 26 states Each state is a substitution cipher A m-cylinder has 26m substitution ciphers 263 = 17576 264 = 456,976 265 = 11,881,376 Zhijun Li S /Autumn08/HIT
41
Enigma Machine Total number of keys1016 Use 3 scramblers:
263=17576 substitutions Scramblers can be in any order: 3!=6 combinations Plug board: 6 pairs of letters are swapped 26!/(14!6!64)1011 Total number of keys1016 Zhijun Li S /Autumn08/HIT
42
Enigma Machine: Remark
How to use: Sender and receiver set up the machine the same way Plugboard setting Scrambler arrangement Scrambler starting position History: Patented by Scherius in 1918 Widely used by the Germans from 1926 First successfully broken by Polish’s in the thirties Broken by the UK intelligence during the WW II Zhijun Li S /Autumn08/HIT
43
Outline Symmetric Cipher Substitution Ciphers Transposition Ciphers
Monoalphabetic Substitution Ciphers Polyalphabetic Substitution Ciphers Polygraphic Substitution Ciphers Transposition Ciphers Zhijun Li S /Autumn08/HIT
44
Hill Cipher [ ] Key Matrix 2x2 key matrix: hide single-letter freq.
3x3 key matrix: hide single-letter and digram freq. … [ ] ú û ù ê ë é = 44 43 42 41 34 33 32 31 24 23 22 21 14 13 12 11 4 3 2 1 k m c Key Matrix Zhijun Li S /Autumn08/HIT
45
Hill Cipher : Definition
P = C = (Zm)n K = {all n n invertible matrices over Zm} Encryption: ek(m) = m k mod m Decryption: dk(c) = c k-1 mod m Example: [ ] ú û ù ê ë é 9 8 3 4 5 1 7 2 6 mod 13 = Zhijun Li S /Autumn08/HIT
46
Hill Cipher: Cryptanalysis
Difficult to break under OCA Easy to break under KPA Know the n (the size of the key matrix) Can find the K easily Lots of c=mK C=MK K=CM-1 S(n) = O(n2) n is unknown How to find n? Zhijun Li S /Autumn08/HIT
47
Ciphers: Frequency Features
Zhijun Li S /Autumn08/HIT
48
Outline Symmetric Cipher Substitution Ciphers Transposition Ciphers
Monoalphabetic Substitution Ciphers Polyalphabetic Substitution Ciphers Polygraphic Substitution Ciphers Transposition Ciphers Zhijun Li S /Autumn08/HIT
49
Permutation Cipher Encryption: permutation on the plaintext letters
Example: transpositionciphers NRTSAIOPTSCONIINRHPSE Decryption? x 1 2 3 4 5 (x) x 1 2 3 4 5 -1(x) ? Zhijun Li S /Autumn08/HIT
50
Permutation Cipher: Definition
P = C = (Zm)n K = { | a permutation of {1, 2, ….n}} e (x1, x2,…xn) = (x (1), x (2),…x (n)) d (x1, x2,…xn) = (x -1(1), x -1(2),…x -1(n)) Remark: Hide the meaning by rearranging the letter order Single-letter distribution in plaintext is useless! BUT there are other features in the plaintext! Zhijun Li S /Autumn08/HIT
51
Permutation Cipher Cryptanalysis
Features of English Frequent (scarce) patterns Such as th, ch … Pilot letters (can be followed limited letters) Such as q is always followed by u j can only followed by a vowel … Others … Example: P U 33 J U 25 A F 38 O I 42 E R 94 G R P A 61 J U 25 A R 82 O A 48 E E 81 G E More Preferable rank 274 358 Zhijun Li S /Autumn08/HIT
52
Some Transposition Ciphers
Rail Fence Cipher Example: E( I A E S W C M I A ) = IAESW CMIA Triangle Transposition Cipher Example: Scytale Cipher I = ECIIA SMAW C A M E I S A W Formal definition of the ciphers? Cryptanalysis? Zhijun Li S /Autumn08/HIT
53
Block Transposition Cipher
Encrypt: CRYPTANALYST (coat) C R Y P T A N A L Y S T Read by column 2,3,1,4 RAYYNSCTLPAT Decrypt: RAYYNSCTLPAT Read by row CRYPTANALYST Zhijun Li S /Autumn08/HIT
54
Block Transposition Cryptanalysis
Step 1: Find possible block sizes A full rectangle: factoring Example: 153 = 3 51, 51 3, 17 9, 9 17 Only the last line is fragmentary: fill and factoring n-m < ml < n Step 2: Determining the correct rectangle The feature of the correct rectangle Each line represents a line of standard English A line of English consist of about 40% vowels Step 3: Break the permutation cipher Zhijun Li S /Autumn08/HIT
55
Double Block Transposition
Re-encryption using same block transposition Example: Why more secure? Initial plaintext: 1st transposition: 2nd transposition: Zhijun Li S /Autumn08/HIT
56
Introduction of Product Cipher
Combine two transforms Combine two same operators (iteration) Example: two permutation ciphers (1 2) Let the period of 1 is n1, the period of 2 is n2 If n1=n2, then 1 2 = ? If n1|n2, then 1 2 = ? If gcd(n1, n2) = 1, then 1 2 = ? Combine two different operators Example: Affine = Shift Hill (n=1) Example: Substation Transposition Zhijun Li S /Autumn08/HIT
57
Summary Ciphers can be characterized by: Number of keys used
asymmetric or private / symmetric or public Classical Ciphers are asymmetric ciphers Math transformations Substitution Monoalphabetic / Polyalphabetic Substitution Polygraphic Substitution Transpositions Permutation / Block transpositions Product Zhijun Li S /Autumn08/HIT
58
Homework HTTP URL Due Date Zhijun Li S1034040/Autumn08/HIT
Due Date Zhijun Li S /Autumn08/HIT
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.