2. Classical Encryption Techniques · Ch. 2 Classical Encryption Techniques. 2 Contents Symmetric Cipher Model Substitution Techniques Transposition Techniques Rotor Machines Steganography.

1

Ch. 2 Classical Encryption

Techniques

2

Contents

Symmetric Cipher Model

Substitution Techniques

Transposition Techniques

Rotor Machines

Steganography

3


Plaintext (or message)- The original message

Ciphertext - The coded message

Encipher (or encrypt) - Converting plaintext to ciphertext

Decipher (or decrypt) - Restoring plaintext from ciphertext

Key – Secret input to encryption and decryption.

4


Cryptography

� A study on creating encryption schemes

Cryptanalysis

� A study on breaking encryption schemes

Cryptology

� Cryptography + Cryptanalysis

Cryptographic system (or a cipher)

� An encryption scheme

5


Two requirements for symmetric ciphers

� The encryption algorithm should be strong.

� An opponent cannot decrypt a ciphertext and discover the key

even if the opponent knows the encryption algorithm.

� So, the encryption algorithm does not need to be kept secret.

� This feature makes it convenient for widespread use.

� A secret key should be known only to sender and receiver.

� Because if someone has the key, he can decrypt every ciphertext.

6

Key source may be either a sender or a third party.

The key should be distributed securely to the sender and receiver.

A cryptanalyst tries to find either the plaintext or the secret key.

Formal Notations

7

Cryptography

Classification of cryptographic system

� The type of encryption operations

� Substitution

� Each element in the plaintext is mapped into another element.

� A � C, B� F, …

� Transposition

� Elements in the plaintext are rearranged.

� message � essgeam

8

Cryptography


� The number of keys

� Secret-key or symmetric or conventional encryptions

� Both sender and receiver use the same key.

� Two-key or public-key encryptions

� Sender and receiver use different keys.

9

Cryptography


� The way in which plaintext is processed

� A block cipher

� Processes the input one block of elements at a time.

� Produces an output block for each input block.

� A stream cipher

� Processes the input elements continuously.

� Produces output one element at a time.

10

Cryptanalysis

Types of cryptanalytic attacks

� Based on the amount of information known to the cryptanalyst

� Ciphertext only

� Known plaintext

� Chosen plaintext more information

� Chosen ciphertext

� Chosen text

11

Ciphertext only

� Known information

� Encryption algorithm

� Ciphertext

Known plaintext

� Known information.


� Ciphertext

� One or more plaintext-ciphertext pairs

Cryptanalysis

12

Chosen plaintext



� Ciphertext

� One or more plaintext-ciphertext pairs where the opponent can

choose the plaintext.

Chosen ciphertext



� Ciphertext


choose the ciphertext.

Cryptanalysis

13

Chosen text



� Ciphertext


choose either the plaintext or the ciphertext.

Generally, an encryption algorithm is designed to withstand a

known-plaintext attack.

Cryptanalysis

14

Unconditionally Secure

An encryption scheme is unconditionally secure (Stinson).

� If the ciphertext does not contain enough information to determine

uniquely the corresponding plaintext, no matter how much ciphertext is

available.

� Developing an unconditionally secure encryption scheme is hard to

achieve.

15

Computationally Secure

Computationally secure (Stinson)

� The cost of breaking the cipher exceeds the value of the encrypted

information.

� The value of the contents of the encrypted original message is not

big enough to decrypt.

� The time required to break the cipher exceeds the useful lifetime of

the information.

� After the decryption, the message is no longer valuable.

16

Brute-force Attack

Trying every possible key until an intelligible translation of

the ciphertext into plaintext is obtained.

� On average, half of all possible keys must be tried to achieve success.

6.4××××106 years2××××1026 ㎲㎲㎲㎲ =6.4××××1012years26!=4××××102626characters

(permutation)

5.9××××1030 years2167 ㎲㎲㎲㎲ =5.9××××1036years2168=3.7××××1050168 (Triple DES)

5.4××××1018 years2127 ㎲㎲㎲㎲ =5.4××××1024years2128=3.4××××1038128 (AES)

10.01 hours255 ㎲㎲㎲㎲ =1142 years256=7.2××××101656 (DES)

2.15 milliseconds231 ㎲㎲㎲㎲ =35.8 minutes232=4.3××××10932

Time required at

106 encryptions/ ㎲㎲㎲㎲

Time required at

1 encryption/㎲㎲㎲㎲

Number of

Alternative Keys

Key Size (bit)

17

Contents



� Shift Cipher (Caesar Cipher)

� Monoalphabetic Ciphers

� Playfair Cipher

� Hill Cipher

� Polyalphabetic Ciphers

� One-Time Pad


Rotor Machines

Steganography

18

Shift Cipher

A simple substitution cipher

Substitution rule

� Circular right shift by k alphabets where k is the key.

� When k = 4, A � E, B �F, … X � B, Y � C, Z � D.

� Encryption of plaintext baby with k = 4.

When k = 3, the shift cipher is called Caesar Cipher.

19

Shift Cipher

Decryption of ciphertext FEFC

� Inverse of encryption

Cryptanalysis of shift cipher

� Brute-force approach

� The key space is too small: only 26 possible keys

JBCRCLQRWCRVNBJENBWRWN

astitchintimesavesnineastitchintimesavesnineastitchintimesavesnineastitchintimesavesnine9999

……………………

IabqbkpqvbqumaidmavqvmIabqbkpqvbqumaidmavqvmIabqbkpqvbqumaidmavqvmIabqbkpqvbqumaidmavqvm1111

JbcrclqrwcrvnbjenbwrwnJbcrclqrwcrvnbjenbwrwnJbcrclqrwcrvnbjenbwrwnJbcrclqrwcrvnbjenbwrwn0000

20

Three characteristics of brute-force attack

� What generally makes brute-force cryptanalysis impractical is the

use of an algorithm that employs a large number of keys.

1. The encryption and decryption algorithms are known.

2. There are only 25 keys to try.

3. The language of the plaintext is known and easily recognizable.

21

Monoalphabetic Cipher

Encryption

� Substitute each symbol in a plaintext using a permutation.

TBWQZGOPHAYNX

mlkjihgfedcba

IDJKEUMVCRLFS

zyxwvutsrqpon

22


Decryption

� Substitute each symbol in a ciphertext using the inverse

permutation.

� Quiz

� MGZVYZLGHCMHJMYXSSFMNHAHYCDLMHA ?

The Shift Cipher is a special case of monoalphabetic cipher.

23


Brute-force attack is impossible.

� 26! possible permutation is available

� 4 × 1026 possible keys

6.4××××106 years2××××1026 ㎲㎲㎲㎲ =6.4××××1012years26! = 4××××102626 characters

5.9××××1030 years2167 ㎲㎲㎲㎲ =5.9××××1036years2168 = 3.7××××1050168 (Triple DES)

5.4××××1018 years2127 ㎲㎲㎲㎲ =5.4××××1024years2128 = 3.4××××1038128 (AES)

10.01 hours255 ㎲㎲㎲㎲ =1142 years256 = 7.2××××101656 (DES)

2.15 milliseconds231 ㎲㎲㎲㎲ =35.8 minutes232 = 4.3××××10932

Time required at

106 encryptions/ ㎲㎲㎲㎲

Time required at

1 encryption/㎲㎲㎲㎲

Number of

Alternative Keys

Key Size (bit)

24

Attack with frequency information

If the cryptanalyst knows the nature of the plaintext,

the analyst can exploit the regularities of the language.

� Using a standard frequency distribution for English.

25

The 1st step

� Determine the relative frequency of the letters in ciphertext and

compare them to a standard frequency distribution for English.

<Ciphertext>

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ

VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX

EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ


6.67M

0.00R0.83J1.67A4.17X7.50O

0.00N0.83I2.50T4.17V8.33U

0.00L1.67Y2.50Q5.00E8.33S

0.00K1.67G3.33W5.00D11.67Z

0.00C1.67B3.33F5.83H13.33P

26

English Letter Frequencies

0.00

0.00

0.00

0.00

0.00

0.83

0.83

1.67

1.67

1.67

2.50

2.50

3.33

3.33

4.17

4.17

4.17

5.00

5.00

5.83

6.67

7.50

8.33

8.33

11.67

13.33

RW

NF

LX

KV

CE

JD

IH

YM

GO

BU

AS

TZ

QP

0.074

0.095

0.150

0.153

0.772

0.978

1.492

1.929

1.974

2.015

2.228

2.306

2.406

2.758

2.782

4.025

4.253

5.987

6.094

6.327

6.749

6.996

7.507

8.167

9.056

12.702

zu

qc

xl

jd

kr

vh

bs

pn

yI

go

fa

wt

me

Compare

Relative Frequency of Letters

in English Text

Relative Frequency of Letters

in Ciphertext

27

Comparing this breakdown with Figure 2.5

� It seems that cipher text letters P and Z are the equivalent of plain text

letters e and t, but it is not certain which is which.

But it is not certain which is which

� The letter S,U,O,M and H ⇒

plaintext letters from the set {a, h, i, n, o, r, s}.


28

A powerful tool is to look at the frequency of two-letter

combinations (as diagram).

� The most common such diagram is th.

� In our ciphertext, the most common diagram is ZW.

� Guess ZW ⇒ th.

Most frequent trigrams (three-letter combination)

� ZWP appears in the ciphertext, and translate that we sequence as “the”.


29

2nd step

� Notice the sequence ZWSZ in the first line.

� it is of the form th_t.

� S => a

The completed plaintext

� it was disclosed yesterday that several informal but direct it was disclosed yesterday that several informal but direct it was disclosed yesterday that several informal but direct it was disclosed yesterday that several informal but direct contacts have been made with political representatives of the contacts have been made with political representatives of the contacts have been made with political representatives of the contacts have been made with political representatives of the vietvietvietviet cong in cong in cong in cong in moscowmoscowmoscowmoscow

U Z Q S O V U O H X M O P V G P O Z P E V S G Z W S Z O P F P E S X U D B M E T S X A I Zt a e e t e a t h a t e e a a

V U E P H Z H M D Z S H Z O W S F P A P P D T S V P Q U Z W Y M X U Z U H S Xe t t a t h a e e e a e t h t a

E P Y E P O P D Z S Z U F P O M B Z W P F U P Z H M D J U D T M O H M Qe e e t a t e t h e t


30

A countermeasure by Carl Friedrich Gauss

� Homophones

� The number of symbols assigned to each letter is proportional to the

relative frequency of that letter.

� The letter e ⇒ 16, 74, 35 and 21

� Frequency of single letter is ideal.

� But multiple-letter patterns still survive in the ciphertext.


31

Playfair cipher

Two methods to lessen the extent to which the structure of

the plaintext survives in the ciphertext.

� One is to encrypt multiple letters of plaintext.

� The other is to use multiple cipher alphabets.

32

Playfair cipher

Key is a 5 x 5 matrix.

� Key : MONARCHY

� Filling in the letters of the keyword from

(minus duplicates) left to right and from

top to bottom.

� Filling in the remainder of the matrix with

the remaining letters in alphabetic order.

� The letter I and J count as one letter. ZXWVU

TSQPL

KI/JGFE

DBYHC

RANOM

Treats diagrams (two letter) in the plaintext as single

units and translates these units into ciphertext.

33

Playfair cipher

Encryption

� Each plaintext letter is replaced by the letter that

lies in its own row and the column of its pair.

� hs : BP

� ea ?

� IM or JM

� If two letters are in the same column or row?

� rm ?

ZXWVU

TSQPL

KI/JGFE

DBYHC

RANOM

34

Playfair cipher

Two letters in the same row

� Replace each letter by the letter to the right, circularly.

� ar : RM

Two letters in the same column.

� Replace each letter by the letter beneath, circularly.

� mu : CM

Two letters in the pair are the same.

� Separate them with a filler letter.

� balloon : ba lx lo on

ZXWVU

TSQPL

KI/JGFE

DBYHC

RANOM

35

Playfair cipher

The strength of playfair cipher

� A great advance over simple Monoalphabetic cipher

� 26 × 26 =676 diagrams

� Making frequency analysis much more difficult.

� However, it still leaves much of the structure of the plaintext language.

� A few hundred letters of ciphertext are generally sufficient to break

Playfair cipher.

36

Playfair cipher

37

Hill Cipher

Take m successive plaintext letters and substitutes for

them m ciphertext letters.

38

Hill Cipher

Encryption

� key: m x m matrix

=

−−−−

−

−

−−

1,11,10,1

1,11.10,1

1,01,00,0

11,0110

...

.........

...

...

),...,(),...,,(

mmmm

m

m

mm

kkk

kkk

kkk

xxxyyy

−−−−

−

−

1,11,10,1

1,11.10,1

1,01,00,0

...

.........

...

...

mmmm

m

m

kkk

kkk

kkk

39

Hill Cipher

Encrypt the plaintext july with k =

� We partition july into ju and ly.

� ju: (9, 20)

� ly: (11, 24)

77773333

888811111111

(3,4)(3,4)(3,4)(3,4)(159,212)(159,212)(159,212)(159,212)140)140)140)140)60,7260,7260,7260,72(99(99(99(9977773333

888811111111(9,20)(9,20)(9,20)(9,20) ==++=

(11,22)(11,22)(11,22)(11,22)(84,256)(84,256)(84,256)(84,256)168)168)168)168)72,8872,8872,8872,88(12(12(12(1277773333

888811111111(11,24)(11,24)(11,24)(11,24) ==++=

40

Hill Cipher

Decryption

� Use the inverse of key matrix

),...,(

1

...

.........

...

...

),...,,( 11,0

1,11,10,1

1,11.10,1

1,01,00,0

110 −

−−−−

−

−

− =

−

m

mmmm

m

m

m xxx

kkk

kkk

kkk

yyy

41

Hill Cipher

The hill cipher can be difficult to break with a ciphertext-

only attack.

But it succumbs to a known plaintext attack.

� Assume that the opponent know the value of m.

42

Suppose he has m distinct plaintext-ciphertext pairs

, for 0 ≤≤≤≤ j ≤≤≤≤ m-1.

Hill Cipher

),...,,( ,1,1,0 jmjjj xxxx −= ),...,,( ,1,1,0 jmjjj yyyy −=

Kxxxyyy mm ),...,(),...,,( 0,10,1,0,00,10,10,0 −− =

Kxxxyyy mm ),...,(),...,,( 1,11,1,1,01,11,11,0 −− =

=

−−−−

−

−

−−−−

−

−

−−−−

−

−

1,11,10,1

1,11.10,1

1,01,00,0

1,11,11,0

1,11,11,0

0,10,10,0

1,11,11,0

1,11,11,0

0,10,10,0

...

.........

...

...

...

.........

...

...

...

.........

...

...

mmmm

m

m

mmmm

m

m

mmmm

m

m

kkk

kkk

kkk

xxx

xxx

xxx

yyy

yyy

yyy

·

·

·

·

43

Hill Cipher

=

−−−−

−

−

−−−−

−

−

−−−−

−

−

1,11,10,1

1,11.10,1

1,01,00,0

1,11,10,1

1,11.10,1

1,01,00,0

1,11,10,1

1,11.10,1

1,01,00,0

...

.........

...

...

...

.........

...

...

...

.........

...

...

mmmm

m

m

mmmm

m

m

mmmm

m

m

kkk

kkk

kkk

xxx

xxx

xxx

yyy

yyy

yyy

=

−

−−−−

−

−

−−−−

−

−

−−−−

−

−

1,11,10,1

1,11.10,1

1,01,00,0

1,11,10,1

1,11.10,1

1,01,00,0

1,11,10,1

1,11.10,1

1,01,00,0

...

.........

...

...

...

.........

...

...1

...

.........

...

...

mmmm

m

m

mmmm

m

m

mmmm

m

m

kkk

kkk

kkk

yyy

yyy

yyy

xxx

xxx

xxx

44

Hill Cipher

Suppose the plaintext Friday is encrypted to the ciphertext PQCFKU using a Hill Cipher with m = 2.� eK(5, 17) = (15, 16), eK(8, 3) = (2, 5), eK(0, 24) = (10, 20)

� We get the matrix equation.

� So

K

=

38

175

52

1615

=

−

−−=

+

−

152

19

38

173det)1(

38

1751,1

11

1

A

=

=

38

197

52

1615

152

19K

45

What would the opponent do if he does not know m?

� Assuming that m is not too big, he could simply try m = 2, 3, …. ,

untill the key found.

Hill Cipher

46

Polyalphabetic Ciphers

Another way to improve monoalphabetic ciphers

� To use multiple cipher alphabets

� Vigenère cipher

� A set of shift ciphers are used.

47

Vigenère Cipher

Encryption

� m = 6, K = (2,8,15,7,4,7)

Decryption

� Inverse of encryption

241814191524172188719

1747158217471582

15222182308625231521

plaintext

key

ciphertext

48

Vigenère Cipher

Cryptanalysis

� The number of possible keys

� 26m

� Exhaustive key search is infeasible if m is not too small.

� However, the Vigenère cipher can be cryptanalyzed using the frequency

of letters.

49

Vigenère Cipher

50

Vigenère Cipher

Encryption� m = 6, K = (2,8,15,7,4,7)

We first compute m and then compute K.

� Techniques used

� Kasiski test

� The index of coincidence

241814191524172188719

1747158217471582

15222182308625231521

plaintext

key

ciphertext

51

Vigenère Cipher

Observation: Two identical segments of plaintext will be encrypted to the same ciphertext whenever their occurrence in the plaintext is δδδδ positions apart, where .

Kasiski test

� Search the ciphertext for pair of identical segments of length at least three.

� Record the distance between the starting positions of the two segments

� If we obtain several such distances, sayδ1,δ2, … ,

� Then we would conjecture that m divides all of the δδδδi’s

� Hence m divides the greatest common divisor of theδi’s

)(mod 0 m≡δ

52

Vigenère Cipher

� The distances from the first occurrence to other four occurrences are 165, 235, 275, 285.

� The greatest common divisor of these four integers is 5. (very likely keyword length)

CHREEVOAHMAERATBIAXXWTNXBEEOPHBSQMQEQERBW

RVXUOAKXAOSXXWEAHBWGJMMQMNKGRFVGXWTRZXWIAK

LXFPSKAUTEMNDCMGTSXMXBTUIADNGMGPSRELXNJELX

VRVPRTULHDNQWTWDTYGBPHXTFALJHASVBFXNGLLCHR

ZBWELEKMSJIKNBHWRJGNMGJSGLXFEYPHAGNRBIEQJT

AMRVLCRREMNDGLXRRIMGNSNRWCHRQHAEYEVTAQEBBI

PEEWEVKAKOEWADREMXMTBHHCHRTKDNVRZCHRCLQOHP

WQAIIWXNRMGWOIIFKEE

53

Vigenère Cipher

� The index of coincidence

� Observe that a completely

random string will have

� The two values 0.065 and

0.038 are quite apart.

probabilityletterprobabilityletter

.024

.040

.008

.002

.070

.061

.020

.022

.127

.043

.028

.015

.082

.001ZM

.020YL

.001XK

.023WJ

.010VI

.028UH

.091TG

.063SF

.060RE

.001QD

.019PC

.075OB

.067NA

065.0)(25

0

2 =≈∑=i

ic pI x

038.026

1)

26

1(26 2 ==≈cI

54

Vigenère Cipher

Using index of coincidence� Define m substring of y, denoted y1, y2, … , ym,

y1 = y1ym+1y2m+1 …

y2 = y2ym+2y2m+2 …

…

ym= ymy2my3m…

� If m is indeed the keyword length� Each value Ic(yi) ≈ 0.065.

� If m is not the keyword length� The substrings yi will look much more random.

� Each value Ic(yi) ≈ 0.038.

55

Vigenère Cipher

Computation of indices of coincidence� m = 1, index of coincidence is 0.045

� m = 2, we get 0.046 and 0.041

� m = 3, we get 0.043, 0.050, and 0.047

� m = 4, we get 0.042. 0.039. 0.046, and 0.040

� m = 5, we get 0.063, 0.068, 0.069, 0.061, and 0.072

56

Vigenère Cipher

How to determine the key K = (k1, k2, … , km).

� Let p’0, … , p’25 denote the probabilities of A, B, …, Z in the

string yi.

� Since substring yi is obtained by shift encryption of a subset

of the plaintext using a shift ki ,

� p0 ≈ p’0+k , p1 ≈ p’1+k , …

57

Vigenère Cipher

� Compute

for all 0 ≤≤≤≤ k ≤≤≤≤ 25.

� If k = ki, I ≈ 0.065.

� If k ≠ ki, I ≈ 0.038.

'25

0

I ki

i

i pp +=∑=

58

Vigenère Cipher

. 0 3 4 . 0 3 1 . 0 3 5 . 0 4 4 . 0 4 7 . 0 3 7 . 0 4 3 . 0 3 8 . 0 4 2

. 0 3 7 . 0 3 3 . 0 3 2 . 0 3 5 . 0 3 7 . 0 3 6 . 0 4 5 . 0 3 2 . 0 2 9

. 0 4 4 . 0 7 2 . 0 3 6 . 0 2 7 . 0 3 0 . 0 4 8 . 0 3 6 . 0 3 7 . 0 0 0Y5

. 0 4 5 . 0 3 2 . 0 3 3 . 0 3 8 . 0 6 0 . 0 3 4 . 0 3 4 . 0 3 4 . 0 5 0

. 0 3 3 . 0 3 3 . 0 4 3 . 0 4 0 . 0 3 3 . 0 2 8 . 0 3 6 . 0 4 0 . 0 4 4

. 0 3 7 . 0 5 0 . 0 3 4 . 0 3 4 . 0 3 9 . 0 4 4 . 0 3 8 . 0 3 5 . 0 0 0Y4

. 0 4 8 . 0 2 9 . 0 4 2 . 0 4 3 . 0 4 4 . 0 3 4 . 0 3 8 . 0 3 5 . 0 3 2

. 0 4 9 . 0 3 5 . 0 3 1 . 0 3 5 . 0 6 5 . 0 3 5 . 0 3 8 . 0 3 6 . 0 4 5

. 0 2 7 . 0 3 5 . 0 3 4 . 0 3 4 . 0 3 7 . 0 3 5 . 0 4 6 . 0 4 0 . 0 0 0Y3

. 0 6 9 . 0 4 4 . 0 3 2 . 0 3 5 . 0 4 4 . 0 3 4 . 0 3 6 . 0 3 3 . 0 3 0

. 0 3 1 . 0 4 2 . 0 4 5 . 0 4 0 . 0 4 5 . 0 4 6 . 0 4 2 . 0 3 7 . 0 3 2

. 0 3 4 . 0 3 7 . 0 3 2 . 0 3 4 . 0 4 3 . 0 3 2 . 0 2 6 . 0 4 7 . 0 0 0Y2

. 0 3 5 . 0 3 1 . 0 3 6 . 0 3 7 . 0 3 5 . 0 3 9 . 0 2 8 . 0 2 8 . 0 4 8

. 0 6 1 . 0 3 9 . 0 3 5 . 0 4 0 . 0 3 8 . 0 3 8 . 0 4 4 . 0 3 6 . 0 3 0

. 0 4 2 . 0 4 3 . 0 3 6 . 0 3 3 . 0 4 9 . 0 4 3 . 0 4 1 . 0 3 6 . 0 0 0Y1

From the data in Table 1.4, the key is likely to be K = (9, 0, 13, 4, 19)

59

Vigenère Cipher

Decrytion of the ciphertext

The almond tree was in tentative blossom. The days were longer, often ending with magnificent evenings of corrugated pink skies. The hunting season was over, with hounds and guns put away for six months. The vineyards were busy again as the well-organized farm-ers treated their vines and the more lackadaisical neighbors hurried to do the pruning they should have done in November.

60

Autokey system

The problem of Vigenère cipher

� The periodic nature of the keyword

� Vigenère proposed Autokey system.

� The periodic nature is eliminated by using a nonrepeating keyword.

� The keyword is as long as the message itself.

� After key is exhausted, keyword is concatenated with the plaintext

itsself to provide a running key.

61

Autokey system

For example

� Easy to break

� Because key and plaintext share the same frequency distribution of

letters, statistical technique can be applied.

� e enciphered with e would occur with a frequency of (0.1275)2 ≈0.0163 and t enciphered with t would occur with a frequency of

(0.0925)2 ≈ 0.0086.

Key: deceptivewearediscoveredsavPlaintext: wearediscoveredsaveyourselfCipheretxt: ZICVTWQNGKZEIIGASXSTSLVVWLA

62

Vernam cipher

The ultimate defense against such a cryptanalysis is to choose

a keyword that is as long as the plaintext and has no statistical

relationship to it.

Gilbert Vernam, AT&A engineer, introduced such a cipher.

� This system works on binary data rather than letters.

63

Vernam cipher

Encryption Algorithm

iii kpc ⊕=

ci = ith binary digit of ciphertext

pi = ith binary digit of plaintext

ki = ith binary digit of key

= exclusive-or (XOR) operation⊕

64

Vernam cipher

Decryption Algorithm

iii kcp ⊕=

pi = ith binary digit of plaintext

ki = ith binary digit of key

ci = ith binary digit of ciphertext

= exclusive-or (XOR) operation⊕

65

Vernam cipher

The essence of this technique is the means of construction of

the key.

Vernam proposed the use of a running loop of tape that

eventually repeated the key.

� Repeating keyword

It can be broken with sufficient ciphertext, the use of known or

probable plaintext sequences, or both.

66

One-Time Pad

An Army Signal Corp officer, Joseph Mauborgne, proposed

an improvement to the Vernam cipher.

Mauborgne suggested using a random key that is as long as

the message, with no repetitions.

Such scheme is unbreakable. (One-time pad)

� It produces random output that bears no statistical

relationship to the plaintext.

� The ciphertext contains no information whatsoever about

plaintext. (There is simply no way to break.)

67

One-Time Pad

Suppose that we are using a Vigenère scheme with 27

characters in which

� the twenty-seventh character is the space character,

� but with a one-time key that is as long as the message.

Thus, the tableau of Table 2.3 must be expanded to 27 Х27.

68

One-Time Pad

Consider the ciphertext.

Two different decryptions using two different keys:

ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS

mr mustard with the candlestick in the hallPlaintext :

pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyihKey :

ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTSciphertext :

miss scarlet with the knife in the libraryPlaintext :

pfugpmiydgaxgoufhklllmhsqdqogtewbqfgyovuhwtKey :

ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTSciphertext :

69

One-Time Pad

Suppose that cryptanalyst had managed to find these two keys.

� Two plausible plaintext are produced.

How is the cryptanalyst to decide which is the correct

decryption?

� Which is correct key?

� If the actual key were produced a truly random fashion, then

he cannot say correctly.

Thus, there is no way to decide which key or plaintext is correct.

70

One-Time Pad

The security of the one-time pad is entirely due to the

randomness of the key.

� If the stream of characters that constitute the key is truly

random, then the ciphertext will be truly random.

� No patterns.

� No regularities that a cryptanalyst can use.

71

One-Time Pad

The one-time pad offers complete security but in practice, has two fundamental difficulties:

1. The practical problem of making large quantities of random keys.� Any heavily used system might require millions of random

characters on a regular basis.

2. The problem of key distribution and protection.� For every message to be sent, a key of equal length is needed by

both sender and receiver.

Because of these difficulties, the one-time pad is of limited utility.

72

Contents




Rotor Machines

Steganography

73


All the techniques examined so far involve the substitution of

a ciphertext symbol for a plaintext symbol.

A very different kind of mapping is achieved by performing

some sort of permutation on the plaintext letters.

This technique is referred to as a transposition cipher.

74

Rail Fence

The simplest transposition technique is rail fence technique.

� The plaintext is written down as a sequence of diagonals.

� Then read off as a sequence of rows.

Example : Encryption

� Plaintext : meet me after the toga party

� Ciphertext : MEMATRHTGPRYETEFETEOAAT

� Depth : 2

m e m a t r h t g p r y m e m a t r h t g p r y

e t e f e t e o a a te t e f e t e o a a t

75

A more complex scheme

A more complex scheme is to write the message in a

rectangle, row by row, and read the message off, column by

column, but permute the order of the columns.

� The order of the columns then becomes the key to the algorithm.

� Example

Key : 4 3 1 2 5 6 7

Plaintext : a t t a c k p

o s t p o n e

d u n t i l t

w o a m x y z

Ciphertext : TTNAAPTMTSUOAODWCOIXKNIYPETZ

76


A pure transposition cipher is easily recognized because it

has the same letter frequencies as the original plaintext.

� Diagram and trigram frequency tables can be useful.

77


The transposition cipher can be made significantly more

secure by performing more than one stage of transposition.

� The result is a more complex permutation.

zyxmaow

Tlitnud

enoptso

pkcattaPlaintext :

7652134Key :

ztepyln

kxiocwd

oaoustm

tpaanttPlaintext :

7652134Key :

Ciphertext : TTNAAPTMTSUOAODWCOIXKNIYPETZ

Ciphertext : NSCYAUOPTTWLTMDNAOIEPAXTTOKZ

78

Result of this double transposition

To visualize the result of this double transposition, designate the letters in

the original plaintext message by the numbers designating their position.

After the first transposition, it has a somewhat regular structure.

After the second transposition, it becomes more difficult to cryptanalyze.

2827262524232221201918171615

1413121110090807060504030201

2821140727201306261912052215

0801231609022518110424171003

2806081821260111141923041315

2503202202100712162427050917

79

Contents




Rotor Machines

Steganography

80

Rotor Machine

Multiple stages of encryption can produce an algorithm that is

significantly more difficult to cryptanalyze.

The rotor machine adopts multiple stages of encryption.

81

Rotor Machine

Rotor machine consists of

independently rotating cylinders

� Each cylinder has 26 input

pins and 26 output pins

� Each internal wire connects an

input pin to an output pin.

82

Rotor Machine

If we associate each input and output with a

letter of the alphabet, then a single cylinder

defines a monoalphabetic substitution.

Consider a machine with a single cylinder.

� After each input key is depressed, the cylinder

rotates one position.

� The internal connection are shifted accordingly.

� Thus, a different monoalphabetic substitution

cipher is defined.

� After 26 letters of plaintext, the cylinder would

be back to the initial position.

83

Rotor Machine

The power of the rotor machine is in the use of multiple

cylinders.

� The output pins of one cylinder are connected to the inputs of the next.

84

Rotor Machine

With multiple cylinders,

� The one closest to the operator

input rotates one pin position with

each keystroke.

� For every complete rotation of the

inner cylinder, the middle cylinder

rotates one pin position.

� For every complete rotation of the

middle cylinder, the outer cylinder

rotates one pin position.

85

Rotor Machine

26 ⅹ26 ⅹ 26 = 17,576 different

substitution alphabets used.

86

Rotor Machine

87

Contents




Rotor Machines

Steganography

88

Steganography

The methods of steganography conceal the existence

of the message.

89

Steganography

A simple form of steganography

� For example

� The sequence of first letters of each word of overall message spells

out the hidden message

� An example in which a subset of the words of the overall message

is used to convey the hidden message

90

Steganography

Classic techniques

� Character marking : selected letters of printed or

typewritten text are overwritten in pencil (light)

� Invisible ink

� Pin punctures : small pin punctures on selected letters

(light)

� Typewriter correction ribbon : Used between lines typed

with a black ribbon, the results of typing with correction

tape are visible only under a strong light.

91

Steganography

Modern techniques

� Using the Least Significant Bits (LSB) of frames on a CD

� For example

� Kodak Photo CD format’s maximum resolution is 2048 by 3072

pixels.

� Each pixel contains 24 bits of RGB color information.

� LSB of each 24-bit pixel can be changed without greatly affecting

the quality of the image.

� The result, you can hide a 2.3-megabyte message in a single

digital snapshot.

92

Steganography

Drawbacks of steganography

� A lot of overhead to hide a relatively few bits of

information.

� Once the system is discovered, it becomes virtually

worthless

� Alternatively, a message can be first encrypted and then hidden

using steganography.

Advantage of steganography

� To lose the fact of parties of secret communication be

discovered.

2. Classical Encryption Techniques · Ch. 2 Classical Encryption Techniques. 2 Contents Symmetric Cipher Model Substitution Techniques Transposition Techniques Rotor Machines Steganography.

Documents