1_ClassicCrypto

7/29/2019 1_ClassicCrypto

1/57

Classic Crypto 1

Classic Crypto


2/57

Classic Crypto 2

Overview

We briefly consider the following classic(pen and paper) cipherso Transposition ciphers

o Substitution cipherso One-time pado Codebook

These were all chosen for a reasono We see same principles in modern ciphers


3/57

Classic Crypto 3

Transposition Ciphers

In transposition ciphers, we transpose(scramble) the plaintext letterso The scrambled text is the ciphertext

o The transposition is the key

Corresponds to Shannons principle ofdiffusion (more about this later)

o This idea is widely used in modern ciphers


4/57

Classic Crypto 4

Scytale

Spartans, circa 500 BC Wind strip of leather around a rod Write message across the rod

T H E T I M E H AS C O M E T H E W

A L R U S S A I DT O T A L K O F M

A N Y T H I N G S When unwrapped, letters are scrambled

TSATAHCLONEORTYTMUATIESLHMTS


5/57

Classic Crypto 5

Scytale

Suppose Alice and Bob use Scytale to encrypta messageo What is the key?

o How hard is it for Trudy to break without key? Suppose many different rod diameters are

available to Alice and Bobo How hard is it for Trudy to break a message?

o Can Trudy attack messages automaticallywithoutmanually examining each putative decrypt?


6/57

Classic Crypto 6

Columnar Transposition Put plaintext into rows of matrix then read

ciphertext out of columns For example, suppose matrix is 3 x 4

o Plaintext: SEETHELIGHT

o Ciphertext: SHGEEHELTTIX

Same effect as Scytaleo What is the key?


7/57

Classic Crypto 7

Keyword Columnar Transposition For example

o Plaintext: CRYPTOISFUNo Matrix 3 x 4 and keyword MATH

o Ciphertext: ROUPSXCTFYIN

What is the key? How many keys are there?


8/57

Classic Crypto 8

Keyword Columnar Transposition

How can Trudy cryptanalyze this cipher? Consider the ciphertext

VOESA IVENE MRTNL EANGE WTNIM HTMLL ADLTR NISHODWOEH

Matrix is n x m for some n and m Since 45 letters, nm = 45

How many cases to try? How will Trudy know when she is correct?


9/57

Classic Crypto 9

Keyword Columnar Transposition

The ciphertext isVOESA IVENE MRTNL EANGE WTNIM HTMLL ADLTR NISHO

DWOEH

If encryption matrix was 9 x 5, then


10/57

Classic Crypto 10

Cryptanalysis: Lesson I

Exhaustive key searcho Always an option for Trudy

If keyspace is too large, such an attack willnot succeed in a reasonable timeo Or it will have a low probability of success

A large keyspace is necessary for security

But, large keyspace is not sufficient


11/57

Classic Crypto 11

Double Transposition

Plaintext:ATTACK AT DAWN

Permute rowsand columns

Ciphertext: XTAWXNATTXADAKCKey?

o 5 x 3 matrix, perms (2,4,0,3,1) and (0,2,1)

columns 0 1 2row 0 A T Trow 1 A C K

row 2 X A Trow 3 X D Arow 4 W N X

columns 0 2 1row 2 X T Arow 4 W X N

row 0 A T Trow 3 X A Drow 1 A K C


12/57

Classic Crypto 12


How can Trudy attack double transposition? Spse Trudy sees 45-letter ciphertext Then how many keys?

o Size of matrix: 3 x 15, 15 x 3, 5 x 9, or 9 x 5o A lot of possible permutations!

5! 9! 225 and 3! 15! 242

Size of keyspace is greater than 243

Is there a shortcut attack?


13/57

Classic Crypto 13


Shortcut attack on double transposition? Suppose ciphertext is

ILILWEAHREOMEESANNDDVEGMIERWEHVEMTOSTTAONNTNH

Suppose Trudy guesses matrix is9 x 5

Then Trudy has:

Now what? Try all perms?

5! 9! 225

Is there a better way?

column 0 1 2 3 4

row 0 I L I L W

row 1 E A H R E

row 2 O M E E S

row 3 A N N D Drow 4 V E G M I

row 5 E R W E H

row 6 V E M T O

row 7 S T T A O

row 8 N N T N H


14/57

Classic Crypto 14


Shortcut attack on double transposition? Trudy tries columns first strategy

Now what?

Permutecolumns

column 0 1 2 3 4

row 0 I L I L W

row 1 E A H R Erow 2 O M E E S

row 3 A N N D D

row 4 V E G M I

row 5 E R W E H

row 6 V E M T Orow 7 S T T A O

row 8 N N T N H

column 2 4 0 1 3

row 0 I W I L L

row 1 H E E A Rrow 2 E S O M E

row 3 N D A N D

row 4 G I V E M

row 5 W H E R E

row 6 M O V E Trow 7 T O S T A

row 8 T H N N N


15/57

Classic Crypto 15

Cryptanalysis: Lesson II

Divide and conquero Trudy attacks part of the keyspaceo A great shortcut attack strategy

Requires careful analysis of algorithm We will see this again and again in the

attacks discussed later

Of course, cryptographers try to preventdivide and conquer attacks


16/57

Classic Crypto 16

Substitution Ciphers

In substitution ciphers, we replace theplaintext letters with other letterso The resulting text is the ciphertext

o The substitution rule is the key

Corresponds to Shannons principle ofconfusion (more on this later)

o This idea is used in modern ciphers


17/57

Classic Crypto 17

Ceasars Cipher

Plaintext:FOURSCOREANDSEVENYEARSAGO

Key:a b c d e f g h i j k l m n o p q r s t u v w x y

D E F G H I J K L M N O P Q R S T U V W X Y Z A B

z

C

Ciphertext:IRXUVFRUHDAGVHYHABHDUVDIR

More succinctly, key is shift by 3

Plaintext

Ciphertext


18/57

Classic Crypto 18

Ceasars Cipher

Then plaintext isSPONGEBOBSQUAREPANTS

a b c d e f g h i j k l m n o p q r s t u v w x y

D E F G H I J K L M N O P Q R S T U V W X Y Z A B

z

CPlaintext

Ciphertext

Trudy loves the Ceasars cipherSuppose ciphertext is

VSRQJHEREVTXDUHSDQWV


19/57

Classic Crypto 19

Simple Substitution

Caesars cipher is trivial if we adhereto Kerckhoffs Principle

We want a substitution cipher withlots of keys

What to do?

Generalization of Caesars cipher


20/57

Classic Crypto 20

Simple Substitution

Key is some permutation of lettersNeed not be a shift

For example

a b c d e f g h i j k l m n o p q r s t u v w x y

J I C A X S E Y V D K W B Q T Z R H F M P N U L G

z

OPlaintext

Ciphertext

Then 26! 288 possible keysThats lots of keys!


21/57

Classic Crypto 21

Cryptanalysis of Simple

Substitution Trudy know a simple substitution is used Can she find the key given ciphertext:PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWI

PBVWLXTOXBTFXQWAXBVCXQWAXFQJVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJVWLBTPQWAEBFPBFHCVLXBQUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGFOTHFEFBQUFTDHZBQPOTHXTYFTODXQHFTDPTOGHFQPBQWAQJJTODX

QHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQWKFABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQJHDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQWAUVWFLQHGFXVAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAITIXPFHXAFQHEFZQWGFLVWPTOFFA


22/57


23/57

Classic Crypto 23

Cryptanalysis of SimpleSubstitution

Ciphertext:PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXT

OXBTFXQWAXBVCXQWAXFQJVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJVWLBTPQWAEBFPBFHCVLXBQUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGFOTHFEFB

QUFTDHZBQPOTHXTYFTODXQHFTDPTOGHFQPBQWAQJJTODXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQWKF

ABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQJHDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQWAUVWFLQHGFXVAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAITIXPFHXAFQHEFZQWGFLVWPTOFFA

A B C D E F G H I J K L M N O P Q R S T U V W X Y21 26 6 10 12 51 10 25 10 9 3 10 0 1 15 28 42 0 0 27 4 24 22 28 6

Z

8

Ciphertext frequency counts:


24/57

Classic Crypto24

Cryptanalysis: Lesson III

Statistical analysiso Statistics might reveal info about key

Ciphertext should appear randomBut randomness is not easy

o Difficult to define random (entropy)

Cryptographers work hard to preventstatistical attacks


25/57


26/57


27/57

Classic Crypto27

Affine Cipher

Encryption: ci = api + b (mod 26)Decryption: pi = a

1(ci b) (mod 26)

Keyspace size?o Keyspace size is 26(26) = 312o Too small to be practical


28/57

Classic Crypto28

Vigenere Cipher Key is of the form K = (k0,k1,,kn-1)

o Where each ki{0,1,2,,25}

Encryption

ci = pi + ki (mod n) (mod 26) Decryption

pi = ci ki (mod n) (mod 26) Nothing tricky here! Just a repeating sequence of (shift by n)

simple substitutions


29/57


30/57

Classic Crypto30

Vigenere Cipher

Vigenere is just a series of k simplesubstitution ciphers

Should be able to do k simplesubstitution attackso Provided enough ciphertext

But how to determine k (key length)? Index of coincidence


31/57

Classic Crypto31

Index of Coincidence

Assume ciphertext is English letters Let n0 be number ofAs, n1 number of

Bs, , n25 number of Zs in ciphertext

Let n = n0 + n1+ + n25Define index of coincidence

What does this measure?


32/57

Classic Crypto32

Index of Coincidence Gives the probability that 2 randomly

selected letters are the same For plain English, prob. 2 letter are same:

o p02 + p1

2+ + p252 0.065, where pi is

probability of ith letter

Then for simple substitution, I 0.065 For random letters, each pi = 1/26

o Then p02 + p1

2+ + p252 0.03846

Then I 0.03846 for poly-alphabeticsubstitution with a very long keyword


33/57

Classic Crypto33

Index of Coincidence How to use this to estimate length of

keyword in Vigenere cipher? Suppose keyword is length k, message is

length no Ciphertext in matrix with k columns, n/k rows Select 2 letters from same columns

o Like selecting from simple substitution

Select 2 letters from different columnso Like selecting random letters


34/57

Classic Crypto34

Index of Coincidence Suppose k columns and n/k rows Approximate number of matching pairs from

same column, but 2 different rows:

Approximate number of matching pairs from2 different columns, and any two rows:


35/57

Classic Crypto35

Index of Coincidence

Approximate index of coincidence by:

Solve for k to find:

Use n and I (known from ciphertext) toapproximate length of Vigenere keyword


36/57

Classic Crypto36

Index of Coincidence:

Bottom LineA crypto breakthrough when invented

o By William F. Friedman in 1920s

Useful against classical and WWII-era ciphers Incidence of coincidence is a well-

known statistical testo Many other statistical tests exists


37/57

Classic Crypto37

Hill Cipher

Hill cipher is not related to small mountains

Invented by Lester Hill in 1929o A pre-modern block cipher

Idea is to create a substitution cipher with alarge alphabet

All else being equal (which it never is) cipher

should be stronger than simple substitution


38/57

Classic Crypto38

Hill Cipher

Plaintext, p0, p1, p2, Each pi is block of n consecutive letters

o As a column vector

LetA be n x n invertible matrix, mod 26 Then ciphertext block ci is given by

o ci = Api (mod 26)

o Decryption: pi= A1c

i(mod 26)

The matrixA is the key


39/57

Classic Crypto39

Hill Cipher Example Let n = 2 and Plaintext

MEETMEHERE = (12,4,4,19,12,4,7,4,17,4)

Then

And

Ciphertext:(4,22,23,9,4,22,24,19,10,25) = EWXJEWYTKZ


40/57


41/57


42/57

Classic Crypto42

One-time Pad

A provably secure cipherNo other cipher we discuss is

provably secureWhy not use one-time pad for

everything?o Impractical for most applications

o But it does have its uses


43/57


44/57

Classic Crypto44

One-time Pad Decryptione=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111

s r l h s s t h s r

110 101 100 001 110 110 111 001 110 101

111 101 110 101 111 100 000 101 110 000

001 000 010 100 001 010 111 100 000 101

h e i l h i t l e r

Decryption: Ciphertext Key = Plaintext

Ciphertext:

Key:

Plaintext:


45/57

Classic Crypto45

One-time Pad

e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111

s r l h s s t h s r

110 101 100 001 110 110 111 001 110 101101 111 000 101 111 100 000 101 110 000

011 010 100 100 001 010 111 100 000 101

k i l l h i t l e r

Ciphertext:key:

Plaintext:

Double agent claims sender used key:


46/57


47/57


48/57

Classic Crypto48

Real-world One-time Pad

Project VENONAo Soviet spy messages from U.S. in 1940so Nuclear espionage, etc.

o Thousands of messaged Spy carried one-time pad into U.S. Spy used pad to encrypt secret messages Repeats within the one-time pads made

cryptanalysis possible

VENONA D c pt (1944)
http://www.nsa.gov/venona/index.cfmhttp://www.nsa.gov/venona/index.cfm


49/57

Classic Crypto 49

VENONA Decrypt (1944)[C% Ruth] learned that her husband [v] was called up by the army buthe was not sent to the front. He is a mechanical engineer and is now

working at the ENORMOUS [ENORMOZ] [vi] plant in SANTA FE, NewMexico. [45 groups unrecoverable]

detain VOLOK [vii] who is working in a plant on ENORMOUS. He is aFELLOWCOUNTRYMAN [ZEMLYaK] [viii]. Yesterday he learned thatthey had dismissed him from his work. His active work in progressiveorganizations in the past was cause of his dismissal. In theFELLOWCOUNTRYMAN line LIBERAL is in touch with CHESTER [ix].

They meet once a month for the payment of dues. CHESTER isinterested in whether we are satisfied with the collaboration andwhether there are not any misunderstandings. He does not inquireabout specific items of work [KONKRETNAYa RABOTA]. In as muchas CHESTER knows about the role of LIBERAL's group we begconsent to ask C. through LIBERAL about leads from among peoplewho are working on ENOURMOUS and in other technical fields.

Ruth == Ruth Greenglass Liberal == Julius Rosenberg Enormous == the atomic bomb


50/57

Classic Crypto 50

Codebook Cipher

Literally, a book filled with codeso More precisely, 2 codebooks, 1 for

encryption and 1 for decryption

Key is the codebook itselfSecurity of cipher requires physical

security for codebook

Codebooks widely used thru WWII


51/57

Classic Crypto 51

Codebook Cipher

Literally, a book filled with codewords Zimmerman Telegram encrypted via codebook

Februar 13605fest 13732finanzielle 13850folgender 13918Frieden 17142Friedenschluss 17149

: :

Modern block ciphers are codebooks! More on this later
http://library.thinkquest.org/28005/flashed/timemachine/courseofhistory/zimmerman.shtml?tqskip1=1&tqtime=1029http://library.thinkquest.org/28005/flashed/timemachine/courseofhistory/zimmerman.shtml?tqskip1=1&tqtime=1029http://library.thinkquest.org/28005/flashed/timemachine/courseofhistory/zimmerman.shtml?tqskip1=1&tqtime=1029http://library.thinkquest.org/28005/flashed/timemachine/courseofhistory/zimmerman.shtml?tqskip1=1&tqtime=1029


52/57


53/57

Classic Crypto 53

ZimmermanTelegramDecrypted

British had

recoveredpartialcodebook

Able to fill in

missing parts


54/57


55/57

Classic Crypto 55

Codebook Additive

Codebook additive is another bookfilled with random number

Sequence of additive numbers added tocodeword to yield ciphertext

plaintext codeword ciphertext

lookup in

codebook

add the

additive


56/57


57/57

Cl ssi C pt 57

Cryptanalysis: Summary

Exhaustive key searchDivide and conquerStatistical analysis

Exploit linearityOr any combination thereof (or anything

else you can think of)

Alls fair in love and waro and cryptanalysis!

1_ClassicCrypto

Documents