Chapter 2 – Classical Encryption Techniques Jen-Chang Liu, 2005 Adopted from lecture slides by Lawrie Brown.

Chapter 2 – Classical EncryptionTechniques

Jen-Chang Liu, 2005

Adopted from lecture slides by Lawrie Brown

Many savages at the present day regard their names as vital parts of themselves, and therefore take great pains to conceal their real names, lest these should give to evil-disposed persons a handle by which to injure their owners. —The Golden Bough, Sir James George Frazer

Sir James George Frazer

《金枝》一書原名應作「 The Golden Bough 」，作者 Sir James Frazer (1854-1941) ，他是英國人類學家、民俗學家，和古典學者。《金枝 》 一書的主旨在於：人類思想方式的發展過程是由巫術、宗教發展為科 學。

一個小鎮每年到了 6 月 27 日都會舉行 一種儀式：全鎮居民集合然後抽籤，抽中的人必須讓其他居民用亂石打死，且 不得反抗；這是為了驅除災難，被打死的人是為全鎮犧牲的英雄

Review: Model for Network Security

12

3

3 roles to play in security system

Cryptography

Cryptographic systems can be characterized by: encryption operations used for

transforming plaintext to ciphertext substitution / transposition (permutation) /

product number of keys used

single-key or secret-key / two-key or public-key way in which plaintext is processed

block / stream

密碼學

What’s the secret information?

Outline

Symmetric cipher model Substitution technique Transposition technique Rotor machines Steganography

Symmetric Cipher Model

?

對稱式

Symmetric Encryption conventional / single-key / single-key

encryption sender and recipient share a common

key was the only type prior to invention of

public-key in 1970’s

Basic Terminology

plaintext - the original message ciphertext - the coded message cipher - algorithm for transforming plaintext to

ciphertext key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext from

plaintext cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - the study of

principles/ methods of deciphering ciphertext without knowing key

cryptology - the field of both cryptography and cryptanalysis

明文密文

Mathematical formulation

Y = EK(X)X = DK(Y)

Cryptosystem A cryptosystem is a five-tuple (P,C,K,E,D),

where the following conditions are satisfied:

1. P is a finite set of possible plaintexts2. C is a finite set of possible ciphertexts3. K ,the keyspace,is a finite set of possible

keys4. For each kK, there is an encryption rule ek E

and a corresponding decryption rule dk D. Each ek:PC and dk:CP are functions such that dk(ek(x))=x for each xP

Ref: Cryptography: theory andPractice, D. Stinson

Example: Caesar Cipher earliest known substitution cipher by

Julius Caesar first attested use in military affairs example:

meet me after the toga party

PHHW PH DIWHU WKH WRJD SDUWB

mnop

replaces each letter by 3rd letter further down the alphabet

Example: Caesar Cipher (cont.)

Plaintext alphabets

zyxdcbaX ,,,...,,,,Assign a number to each alphabet:

25 ,24 ,23 ,...,3 ,2 ,1 ,0X Ciphertext alphabets

25 ,24 ,23 ,...,3 ,2 ,1 ,0Y Encryption algorithm

Y = EK(X)=(X+3) mod 26

Security Requirements two requirements for secure use of

symmetric encryption: a strong encryption algorithm

assume encryption algorithm is known, the opponent is unable to decipher the ciphertext (Kerckhoff’s principle)

a secret key known only to sender / receiver implies a secure channel to distribute key

Cryptanalysis of Caesar Cipher

Assume that the encryption is known as a Caesar cipher Try 25 possible keys – brute force

PHHW PH DIWHU WKH WRJD SDUWBk=0

OGGV OG CHUGT VJG VQIC RCTVAk=1

MEET ME AFTER THE TOGA PARTYk=3

…

k=25

…

Cryptanalysis of Caesar Cipher

Why brute force attack works? Encryption (decryption) algorithm is known 25 keys too small The language of plaintext is recognizable

Ex. A zipped file

Brute Force Search Given encryption algorithm, it’s always

possible to simply try every key On average, try half of all keys

assume either know / recognise plaintext

decryption

DES

AES

3DES

Degree of security for encryption schemes

unconditional security no matter how much computer power is

available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext

不論花多少時間也無法破解 computational security

given limited computing resources (eg time needed for calculations is greater than age of universe), the cipher cannot be broken

Types of Cryptanalytic Attacks

Mini break There will be a programming project

this semester Implementation of DES or AES

Outline Symmetric cipher model

Caesar cipher Substitution technique Transposition technique Rotor machines Steganography

Classical Substitution Ciphers

where letters of plaintext are replaced by other letters or by numbers or symbols

if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns

ABC..YZ

ABC..YZ

Caesar Cipher can define transformation as:

a b c d e f g h i j k l m n o p q r s t u v w x y zD E F G H I J K L M N O P Q R S T U V W X Y Z A B C

then have Caesar cipher as:C = E(p) = (p + k) mod (26)p = D(C) = (C – k) mod (26)

Caesar cipher can be cryptoanalyzed by brute-force attack=> Far from secure

Monoalphabetic Cipher rather than just shifting the alphabet each plaintext letter maps to a different

random ciphertext letter

ABC..YZ

ABC..YZ

26! Possible transforms

E(.)

.

.

.

Monoalphabetic Cipher Security

now have a total of 26! = 4 x 1026 keys Very secure !? How to break?

Language Redundancy and Cryptanalysis

human languages are redundant

Cryptanalysis of monoalphabetic cipher

Given ciphertext:

Calculate its relative frequencies:

* Compare it with the previous table

Cryptanalysis (cont.) One alphabet frequencies: guess P & Z are e and

t Digrams and trigrams: frequencies of compound

letters guess ZW is th and hence ZWP is the

proceeding with trial and error

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ

VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX

EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

t t t t t

t t t t

ttt t

t

e e e e e

eeeee

e e e e e e

h

h

h

h

How to improve monoalphabetic cipher?

Encrypt multiple letters of plaintext at the same time Playfair cipher Hill cipher

Use multiple cipher alphabets Polyalphabetic cipher

Playfair Cipher Best-known multiple-letter encryption

cipher invented by Charles Wheatstone in

1854, but named after his friend Baron Playfair

Example: digram mapping

xy

cg

26x26 diagrams

Playfair Key Matrix a 5X5 matrix of letters based on a

keyword eg. using the keyword MONARCHY

M O N A R

C H Y B D

E F G I/J K

L P Q S T

U V W X Z

fill in letters of keywordfill rest of matrix with other letters in alphabetic order

Playfair: Encrypting and Decrypting

plaintext encrypted two letters at a time: if a pair is a repeated letter, insert a filler like

'X', eg. "balloon" encrypts as "ba lx lo on"

if both letters fall in the same row, replace each with letter to right (wrapping back to start from end), eg. “ar" encrypts as "RM" if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom), eg. “mu" encrypts to "CM" otherwise each letter is replaced by the one in its row in the column of the other letter of the pair, eg. “hs" encrypts to "BP", and “ea" to "IM" or "JM" (as desired)

M O N A RC H Y B DE F G I/J KL P Q S TU V W X Z

Security of the Playfair Cipher

security much improved over monoalphabetic 26 x 26 = 676 digrams

would need a 676 entry frequency table to analyse (verses 26 for a monoalphabetic)

was widely used for many years (eg. US & British military in WW1)

it can be broken, given a few hundred letters since still has much of plaintext structure

Idea: Relative frequency of occurrence of letters in ciphertext

* Make the freq. Distribution information concealed => flatter

Hill cipher Mathematician Lester Hill in 1929 Multi-letter cipher

Ex. 3-letter cipher

p1

p2

p3

c1

c2

c3

?

Input: 263 Output: 263

26 mod

3

2

1

333231

232221

131211

3

2

1

p

p

p

kkk

kkk

kkk

c

c

c

Key matrix

Linear equations: C=KP mod 26

Hill cipher (cont.) Encryption: C = KP mod 26 Decryption: P = K-1C mod 26 Idea: hide single-letter frequencies

2x2 key matrix: hide single-letter freq. 3x3 key matrix: hide single-letter and

digram freq. …

How to attack Hill cipher?

Cryptanalysis on Hill cipher

Known ciphertext X

Ex. 2x2 key matrix, given “friday” => “PQCFKU”

dr

ifK

FQ

CP

26 mod 317

85

516

215

K=>

=> 解出 K !!!

Known plaintext-ciphertext pairs

How to improve monoalphabetic cipher?

Encrypt multiple letters of plaintext at the same time Playfair cipher Hill cipher

Use multiple cipher alphabets Polyalphabetic cipher Monoalph. Cipher:

a k

Polyalph. Cipher:a k

J

Rule 1

Rule 2

Polyalphabetic Ciphers Polyalphabetic substitution ciphers

A set of related monoalphabetic substitution rules is used

use a key to select which alphabet is used for each letter of the message

Vigenère Cipher simplest polyalphabetic substitution

cipher is the Vigenère Cipher 26 Caesar ciphers Each Caesar cipher is labelled by a key

letter See Table 2.3

key plaintext

Example: Vigenère Cipher Encryption: need a key and the plaintext Eg. using keyword deceptive

key: deceptivedeceptivedeceptive

plaintext: wearediscoveredsaveyourself

ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ

Decryption: the table and the key are known

• advantage: multiple ciphertext letters for each plaintext letter => hide letter frequency => See Fig. 2.6

Cryptanalysis on Substitution Cipher

Calculate the statistical properties of the ciphertext Match language letter freq. Monoalphabetic cipher Polyalphabetic cipher (Vigenère Cipher)

Find the length of keyword

Attack each monoalphabetic cipher

Yes

No

key: deceptivedeceptivedeceptive

plaintext: wearediscoveredsaveyourself

ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJGuess key length

Improve over Vigenère Cipher (1)

Avoid repetition of key Autokey system

key: deceptivewearediscoveredsavplaintext: wearediscoveredsaveyourselfciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA

Improve over Vigenère Cipher (2)

Avoid repetition of key Gilbert Vernam, 1918 Use of a running loop of tape that

eventually repeat the key A very long but repeating keyword

One-Time Pad Unconditional security !!! Improve on Vigenère Cipher, by Jeseph

Mauborgne Use a random key that was truly as

long as the message, no repetitions

Example: one-time pad Known Vigenère Cipher with one-time

key Given ciphertext:

ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS

Decrypt by hacker 1:

Ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTSKey: pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyihPlaintext: mr mustard with the candlestick in the hall

Decrypt by hacker 2:

Ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTSKey: pftgpmiydgaxgoufhklllmhsqdqogtewbqfgyovuhwtPlaintext: miss scarlet with the knife in the library

Which one?

a b c d e f g h i j k l m n o p q r s t u v w x y z ?A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ?B C D E F G H I J K L M N O P Q R S T U V W X Y Z ? AC D E F G H I J K L M N O P Q R S T U V W X Y Z ? A BD E F G H I J K L M N O P Q R S T U V W X Y Z ? A B CE F G H I J K L M N O P Q R S T U V W X Y Z ? A B C DF G H I J K L M N O P Q R S T U V W X Y Z ? A B C D EG H I J K L M N O P Q R S T U V W X Y Z ? A B C D E FH I J K L M N O P Q R S T U V W X Y Z ? A B C D E F GI J K L M N O P Q R S T U V W X Y Z ? A B C D E F G HJ K L M N O P Q R S T U V W X Y Z ? A B C D E F G H IK L M N O P Q R S T U V W X Y Z ? A B C D E F G H I JL M N O P Q R S T U V W X Y Z ? A B C D E F G H I J KM N O P Q R S T U V W X Y Z ? A B C D E F G H I J K LN O P Q R S T U V W X Y Z ? A B C D E F G H I J K L MO P Q R S T U V W X Y Z ? A B C D E F G H I J K L M NP Q R S T U V W X Y Z ? A B C D E F G H I J K L M N OQ R S T U V W X Y Z ? A B C D E F G H I J K L M N O PR S T U V W X Y Z ? A B C D E F G H I J K L M N O P QS T U V W X Y Z ? A B C D E F G H I J K L M N O P Q RT U V W X Y Z ? A B C D E F G H I J K L M N O P Q R SU V W X Y Z ? A B C D E F G H I J K L M N O P Q R S TV W X Y Z ? A B C D E F G H I J K L M N O P Q R S T UW X Y Z ? A B C D E F G H I J K L M N O P Q R S T U VX Y Z ? A B C D E F G H I J K L M N O P Q R S T U V WY Z ? A B C D E F G H I J K L M N O P Q R S T U V W XZ ? A B C D E F G H I J K L M N O P Q R S T U V W X Y? A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

abcdefghijklmnopqrstuvwxyz?

Problem with one-time pad Truly random key with arbitrary length? Distribution and protection of long keys

The key has the same length as the plaintext!

Summary Caesar cipher Monoalphabetic cipher Encrypt multiple letters of plaintext at

the same time Playfair cipher Hill cipher

Use multiple cipher alphabets Polyalphabetic cipher Vernam cipher One-time Pad

Outline Symmetric cipher model Substitution technique Transposition technique Rotor machines Steganography

Transposition Ciphers Transposition cipher: permutation on

the plaintext letters these hide the message by rearranging the

letter order without altering the actual letters used Feature: have the same frequency

distribution as the original text

排列

Rail Fence cipher write message letters out diagonally

over a number of rows eg. Plaintext: “meet me after the toga

party”m e m a t r h t g p r y

e t e f e t e o a a t

then read off cipher row by rowMEMATRHTGPRYETEFETEOAAT

Row Transposition Ciphers Improve on Rain Fence cipher write letters of message out in rows

over a specified number of columnsKey: 4 3 1 2 5 6 7

Plaintext: a t t a c k p

o s t p o n e

d u n t i l t

w o a m x y z

Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

reorder the columns according to some key before reading off the rows

Row Transposition Ciphers (cont.)

Improve on Row Transposition Ciphers Re-encrypt again!

Why more secure? Observe the change of plaintext position

Initial plaintext: 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

1st permutation: 03 10 17 24 04 11 18 25 02 09 16 23 01 08 15 22 05 12 19 26 06 13 20 27 07 14 21 28

2nd permutation: 17 09 05 27 24 16 12 07 10 02 22 20 03 25 15 13 04 23 19 14 11 01 26 21 18 08 06 28

Product Ciphers ciphers using substitutions or transpositions are

not secure because of language characteristics hence consider using several ciphers in

succession to make harder, but: two substitutions make a more complex substitution two transpositions make more complex transposition but a substitution followed by a transposition makes a

new much harder cipher this is bridge from classical to modern ciphers

Outline Symmetric cipher model Substitution technique Transposition technique Rotor machines Steganography

Rotor Machines apply multiple stages of encryption were widely used in WW2

German Enigma, Allied Hagelin, Japanese Purple

with 3 cylinders have 263=17576 alphabets

Each cylinder is a monoalphabetic substitution

Three-rotor machine

Rotate after an input

Steganography Encryption

Steganography: hides existence of message

偽裝

plaintext ciphertextencryption(un-recognizable)

plaintext another plaintextsteganography

Summary have considered:

classical cipher techniques and terminology monoalphabetic substitution ciphers cryptanalysis using letter frequencies Playfair ciphers polyalphabetic ciphers transposition ciphers product ciphers and rotor machines stenography