1 Ch. 2 Classical Encryption Techniques
1
Ch. 2 Classical Encryption
Techniques
2
Contents
Symmetric Cipher Model
Substitution Techniques
Transposition Techniques
Rotor Machines
Steganography
3
Symmetric Cipher Model
Plaintext (or message)- The original message
Ciphertext - The coded message
Encipher (or encrypt) - Converting plaintext to ciphertext
Decipher (or decrypt) - Restoring plaintext from ciphertext
Key – Secret input to encryption and decryption.
4
Symmetric Cipher Model
Cryptography
� A study on creating encryption schemes
Cryptanalysis
� A study on breaking encryption schemes
Cryptology
� Cryptography + Cryptanalysis
Cryptographic system (or a cipher)
� An encryption scheme
5
Symmetric Cipher Model
Two requirements for symmetric ciphers
� The encryption algorithm should be strong.
� An opponent cannot decrypt a ciphertext and discover the key
even if the opponent knows the encryption algorithm.
� So, the encryption algorithm does not need to be kept secret.
� This feature makes it convenient for widespread use.
� A secret key should be known only to sender and receiver.
� Because if someone has the key, he can decrypt every ciphertext.
6
Key source may be either a sender or a third party.
The key should be distributed securely to the sender and receiver.
A cryptanalyst tries to find either the plaintext or the secret key.
Formal Notations
7
Cryptography
Classification of cryptographic system
� The type of encryption operations
� Substitution
� Each element in the plaintext is mapped into another element.
� A � C, B� F, …
� Transposition
� Elements in the plaintext are rearranged.
� message � essgeam
8
Cryptography
Classification of cryptographic system
� The number of keys
� Secret-key or symmetric or conventional encryptions
� Both sender and receiver use the same key.
� Two-key or public-key encryptions
� Sender and receiver use different keys.
9
Cryptography
Classification of cryptographic system
� The way in which plaintext is processed
� A block cipher
� Processes the input one block of elements at a time.
� Produces an output block for each input block.
� A stream cipher
� Processes the input elements continuously.
� Produces output one element at a time.
10
Cryptanalysis
Types of cryptanalytic attacks
� Based on the amount of information known to the cryptanalyst
� Ciphertext only
� Known plaintext
� Chosen plaintext more information
� Chosen ciphertext
� Chosen text
11
Ciphertext only
� Known information
� Encryption algorithm
� Ciphertext
Known plaintext
� Known information.
� Encryption algorithm
� Ciphertext
� One or more plaintext-ciphertext pairs
Cryptanalysis
12
Chosen plaintext
� Known information.
� Encryption algorithm
� Ciphertext
� One or more plaintext-ciphertext pairs where the opponent can
choose the plaintext.
Chosen ciphertext
� Known information.
� Encryption algorithm
� Ciphertext
� One or more plaintext-ciphertext pairs where the opponent can
choose the ciphertext.
Cryptanalysis
13
Chosen text
� Known information.
� Encryption algorithm
� Ciphertext
� One or more plaintext-ciphertext pairs where the opponent can
choose either the plaintext or the ciphertext.
Generally, an encryption algorithm is designed to withstand a
known-plaintext attack.
Cryptanalysis
14
Unconditionally Secure
An encryption scheme is unconditionally secure (Stinson).
� If the ciphertext does not contain enough information to determine
uniquely the corresponding plaintext, no matter how much ciphertext is
available.
� Developing an unconditionally secure encryption scheme is hard to
achieve.
15
Computationally Secure
Computationally secure (Stinson)
� The cost of breaking the cipher exceeds the value of the encrypted
information.
� The value of the contents of the encrypted original message is not
big enough to decrypt.
� The time required to break the cipher exceeds the useful lifetime of
the information.
� After the decryption, the message is no longer valuable.
16
Brute-force Attack
Trying every possible key until an intelligible translation of
the ciphertext into plaintext is obtained.
� On average, half of all possible keys must be tried to achieve success.
6.4××××106 years2××××1026 ㎲㎲㎲㎲ =6.4××××1012years26!=4××××102626characters
(permutation)
5.9××××1030 years2167 ㎲㎲㎲㎲ =5.9××××1036years2168=3.7××××1050168 (Triple DES)
5.4××××1018 years2127 ㎲㎲㎲㎲ =5.4××××1024years2128=3.4××××1038128 (AES)
10.01 hours255 ㎲㎲㎲㎲ =1142 years256=7.2××××101656 (DES)
2.15 milliseconds231 ㎲㎲㎲㎲ =35.8 minutes232=4.3××××10932
Time required at
106 encryptions/ ㎲㎲㎲㎲
Time required at
1 encryption/㎲㎲㎲㎲
Number of
Alternative Keys
Key Size (bit)
17
Contents
Symmetric Cipher Model
Substitution Techniques
� Shift Cipher (Caesar Cipher)
� Monoalphabetic Ciphers
� Playfair Cipher
� Hill Cipher
� Polyalphabetic Ciphers
� One-Time Pad
Transposition Techniques
Rotor Machines
Steganography
18
Shift Cipher
A simple substitution cipher
Substitution rule
� Circular right shift by k alphabets where k is the key.
� When k = 4, A � E, B �F, … X � B, Y � C, Z � D.
� Encryption of plaintext baby with k = 4.
When k = 3, the shift cipher is called Caesar Cipher.
19
Shift Cipher
Decryption of ciphertext FEFC
� Inverse of encryption
Cryptanalysis of shift cipher
� Brute-force approach
� The key space is too small: only 26 possible keys
JBCRCLQRWCRVNBJENBWRWN
astitchintimesavesnineastitchintimesavesnineastitchintimesavesnineastitchintimesavesnine9999
……………………
IabqbkpqvbqumaidmavqvmIabqbkpqvbqumaidmavqvmIabqbkpqvbqumaidmavqvmIabqbkpqvbqumaidmavqvm1111
JbcrclqrwcrvnbjenbwrwnJbcrclqrwcrvnbjenbwrwnJbcrclqrwcrvnbjenbwrwnJbcrclqrwcrvnbjenbwrwn0000
20
Three characteristics of brute-force attack
� What generally makes brute-force cryptanalysis impractical is the
use of an algorithm that employs a large number of keys.
1. The encryption and decryption algorithms are known.
2. There are only 25 keys to try.
3. The language of the plaintext is known and easily recognizable.
21
Monoalphabetic Cipher
Encryption
� Substitute each symbol in a plaintext using a permutation.
TBWQZGOPHAYNX
mlkjihgfedcba
IDJKEUMVCRLFS
zyxwvutsrqpon
22
Monoalphabetic Cipher
Decryption
� Substitute each symbol in a ciphertext using the inverse
permutation.
� Quiz
� MGZVYZLGHCMHJMYXSSFMNHAHYCDLMHA ?
The Shift Cipher is a special case of monoalphabetic cipher.
23
Monoalphabetic Cipher
Brute-force attack is impossible.
� 26! possible permutation is available
� 4 × 1026 possible keys
6.4××××106 years2××××1026 ㎲㎲㎲㎲ =6.4××××1012years26! = 4××××102626 characters
5.9××××1030 years2167 ㎲㎲㎲㎲ =5.9××××1036years2168 = 3.7××××1050168 (Triple DES)
5.4××××1018 years2127 ㎲㎲㎲㎲ =5.4××××1024years2128 = 3.4××××1038128 (AES)
10.01 hours255 ㎲㎲㎲㎲ =1142 years256 = 7.2××××101656 (DES)
2.15 milliseconds231 ㎲㎲㎲㎲ =35.8 minutes232 = 4.3××××10932
Time required at
106 encryptions/ ㎲㎲㎲㎲
Time required at
1 encryption/㎲㎲㎲㎲
Number of
Alternative Keys
Key Size (bit)
24
Attack with frequency information
If the cryptanalyst knows the nature of the plaintext,
the analyst can exploit the regularities of the language.
� Using a standard frequency distribution for English.
25
The 1st step
� Determine the relative frequency of the letters in ciphertext and
compare them to a standard frequency distribution for English.
<Ciphertext>
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
Attack with frequency information
6.67M
0.00R0.83J1.67A4.17X7.50O
0.00N0.83I2.50T4.17V8.33U
0.00L1.67Y2.50Q5.00E8.33S
0.00K1.67G3.33W5.00D11.67Z
0.00C1.67B3.33F5.83H13.33P
26
English Letter Frequencies
0.00
0.00
0.00
0.00
0.00
0.83
0.83
1.67
1.67
1.67
2.50
2.50
3.33
3.33
4.17
4.17
4.17
5.00
5.00
5.83
6.67
7.50
8.33
8.33
11.67
13.33
RW
NF
LX
KV
CE
JD
IH
YM
GO
BU
AS
TZ
QP
0.074
0.095
0.150
0.153
0.772
0.978
1.492
1.929
1.974
2.015
2.228
2.306
2.406
2.758
2.782
4.025
4.253
5.987
6.094
6.327
6.749
6.996
7.507
8.167
9.056
12.702
zu
qc
xl
jd
kr
vh
bs
pn
yI
go
fa
wt
me
Compare
Relative Frequency of Letters
in English Text
Relative Frequency of Letters
in Ciphertext
27
Comparing this breakdown with Figure 2.5
� It seems that cipher text letters P and Z are the equivalent of plain text
letters e and t, but it is not certain which is which.
But it is not certain which is which
� The letter S,U,O,M and H ⇒
plaintext letters from the set {a, h, i, n, o, r, s}.
Attack with frequency information
28
A powerful tool is to look at the frequency of two-letter
combinations (as diagram).
� The most common such diagram is th.
� In our ciphertext, the most common diagram is ZW.
� Guess ZW ⇒ th.
Most frequent trigrams (three-letter combination)
� ZWP appears in the ciphertext, and translate that we sequence as “the”.
Attack with frequency information
29
2nd step
� Notice the sequence ZWSZ in the first line.
� it is of the form th_t.
� S => a
The completed plaintext
� it was disclosed yesterday that several informal but direct it was disclosed yesterday that several informal but direct it was disclosed yesterday that several informal but direct it was disclosed yesterday that several informal but direct contacts have been made with political representatives of the contacts have been made with political representatives of the contacts have been made with political representatives of the contacts have been made with political representatives of the vietvietvietviet cong in cong in cong in cong in moscowmoscowmoscowmoscow
U Z Q S O V U O H X M O P V G P O Z P E V S G Z W S Z O P F P E S X U D B M E T S X A I Zt a e e t e a t h a t e e a a
V U E P H Z H M D Z S H Z O W S F P A P P D T S V P Q U Z W Y M X U Z U H S Xe t t a t h a e e e a e t h t a
E P Y E P O P D Z S Z U F P O M B Z W P F U P Z H M D J U D T M O H M Qe e e t a t e t h e t
Attack with frequency information
30
A countermeasure by Carl Friedrich Gauss
� Homophones
� The number of symbols assigned to each letter is proportional to the
relative frequency of that letter.
� The letter e ⇒ 16, 74, 35 and 21
� Frequency of single letter is ideal.
� But multiple-letter patterns still survive in the ciphertext.
Attack with frequency information
31
Playfair cipher
Two methods to lessen the extent to which the structure of
the plaintext survives in the ciphertext.
� One is to encrypt multiple letters of plaintext.
� The other is to use multiple cipher alphabets.
32
Playfair cipher
Key is a 5 x 5 matrix.
� Key : MONARCHY
� Filling in the letters of the keyword from
(minus duplicates) left to right and from
top to bottom.
� Filling in the remainder of the matrix with
the remaining letters in alphabetic order.
� The letter I and J count as one letter. ZXWVU
TSQPL
KI/JGFE
DBYHC
RANOM
Treats diagrams (two letter) in the plaintext as single
units and translates these units into ciphertext.
33
Playfair cipher
Encryption
� Each plaintext letter is replaced by the letter that
lies in its own row and the column of its pair.
� hs : BP
� ea ?
� IM or JM
� If two letters are in the same column or row?
� rm ?
ZXWVU
TSQPL
KI/JGFE
DBYHC
RANOM
34
Playfair cipher
Two letters in the same row
� Replace each letter by the letter to the right, circularly.
� ar : RM
Two letters in the same column.
� Replace each letter by the letter beneath, circularly.
� mu : CM
Two letters in the pair are the same.
� Separate them with a filler letter.
� balloon : ba lx lo on
ZXWVU
TSQPL
KI/JGFE
DBYHC
RANOM
35
Playfair cipher
The strength of playfair cipher
� A great advance over simple Monoalphabetic cipher
� 26 × 26 =676 diagrams
� Making frequency analysis much more difficult.
� However, it still leaves much of the structure of the plaintext language.
� A few hundred letters of ciphertext are generally sufficient to break
Playfair cipher.
36
Playfair cipher
37
Hill Cipher
Take m successive plaintext letters and substitutes for
them m ciphertext letters.
38
Hill Cipher
Encryption
� key: m x m matrix
=
−−−−
−
−
−−
1,11,10,1
1,11.10,1
1,01,00,0
11,0110
...
.........
...
...
),...,(),...,,(
mmmm
m
m
mm
kkk
kkk
kkk
xxxyyy
−−−−
−
−
1,11,10,1
1,11.10,1
1,01,00,0
...
.........
...
...
mmmm
m
m
kkk
kkk
kkk
39
Hill Cipher
Encrypt the plaintext july with k =
� We partition july into ju and ly.
� ju: (9, 20)
� ly: (11, 24)
77773333
888811111111
(3,4)(3,4)(3,4)(3,4)(159,212)(159,212)(159,212)(159,212)140)140)140)140)60,7260,7260,7260,72(99(99(99(9977773333
888811111111(9,20)(9,20)(9,20)(9,20) ==++=
(11,22)(11,22)(11,22)(11,22)(84,256)(84,256)(84,256)(84,256)168)168)168)168)72,8872,8872,8872,88(12(12(12(1277773333
888811111111(11,24)(11,24)(11,24)(11,24) ==++=
40
Hill Cipher
Decryption
� Use the inverse of key matrix
),...,(
1
...
.........
...
...
),...,,( 11,0
1,11,10,1
1,11.10,1
1,01,00,0
110 −
−−−−
−
−
− =
−
m
mmmm
m
m
m xxx
kkk
kkk
kkk
yyy
41
Hill Cipher
The hill cipher can be difficult to break with a ciphertext-
only attack.
But it succumbs to a known plaintext attack.
� Assume that the opponent know the value of m.
42
Suppose he has m distinct plaintext-ciphertext pairs
, for 0 ≤≤≤≤ j ≤≤≤≤ m-1.
Hill Cipher
),...,,( ,1,1,0 jmjjj xxxx −= ),...,,( ,1,1,0 jmjjj yyyy −=
Kxxxyyy mm ),...,(),...,,( 0,10,1,0,00,10,10,0 −− =
Kxxxyyy mm ),...,(),...,,( 1,11,1,1,01,11,11,0 −− =
=
−−−−
−
−
−−−−
−
−
−−−−
−
−
1,11,10,1
1,11.10,1
1,01,00,0
1,11,11,0
1,11,11,0
0,10,10,0
1,11,11,0
1,11,11,0
0,10,10,0
...
.........
...
...
...
.........
...
...
...
.........
...
...
mmmm
m
m
mmmm
m
m
mmmm
m
m
kkk
kkk
kkk
xxx
xxx
xxx
yyy
yyy
yyy
·
·
·
·
43
Hill Cipher
=
−−−−
−
−
−−−−
−
−
−−−−
−
−
1,11,10,1
1,11.10,1
1,01,00,0
1,11,10,1
1,11.10,1
1,01,00,0
1,11,10,1
1,11.10,1
1,01,00,0
...
.........
...
...
...
.........
...
...
...
.........
...
...
mmmm
m
m
mmmm
m
m
mmmm
m
m
kkk
kkk
kkk
xxx
xxx
xxx
yyy
yyy
yyy
=
−
−−−−
−
−
−−−−
−
−
−−−−
−
−
1,11,10,1
1,11.10,1
1,01,00,0
1,11,10,1
1,11.10,1
1,01,00,0
1,11,10,1
1,11.10,1
1,01,00,0
...
.........
...
...
...
.........
...
...1
...
.........
...
...
mmmm
m
m
mmmm
m
m
mmmm
m
m
kkk
kkk
kkk
yyy
yyy
yyy
xxx
xxx
xxx
44
Hill Cipher
Suppose the plaintext Friday is encrypted to the ciphertext PQCFKU using a Hill Cipher with m = 2.� eK(5, 17) = (15, 16), eK(8, 3) = (2, 5), eK(0, 24) = (10, 20)
� We get the matrix equation.
� So
K
=
38
175
52
1615
=
−
−−=
+
−
152
19
38
173det)1(
38
1751,1
11
1
A
=
=
38
197
52
1615
152
19K
45
What would the opponent do if he does not know m?
� Assuming that m is not too big, he could simply try m = 2, 3, …. ,
untill the key found.
Hill Cipher
46
Polyalphabetic Ciphers
Another way to improve monoalphabetic ciphers
� To use multiple cipher alphabets
� Vigenère cipher
� A set of shift ciphers are used.
47
Vigenère Cipher
Encryption
� m = 6, K = (2,8,15,7,4,7)
Decryption
� Inverse of encryption
241814191524172188719
1747158217471582
15222182308625231521
plaintext
key
ciphertext
48
Vigenère Cipher
Cryptanalysis
� The number of possible keys
� 26m
� Exhaustive key search is infeasible if m is not too small.
� However, the Vigenère cipher can be cryptanalyzed using the frequency
of letters.
49
Vigenère Cipher
50
Vigenère Cipher
Encryption� m = 6, K = (2,8,15,7,4,7)
We first compute m and then compute K.
� Techniques used
� Kasiski test
� The index of coincidence
241814191524172188719
1747158217471582
15222182308625231521
plaintext
key
ciphertext
51
Vigenère Cipher
Observation: Two identical segments of plaintext will be encrypted to the same ciphertext whenever their occurrence in the plaintext is δδδδ positions apart, where .
Kasiski test
� Search the ciphertext for pair of identical segments of length at least three.
� Record the distance between the starting positions of the two segments
� If we obtain several such distances, sayδ1,δ2, … ,
� Then we would conjecture that m divides all of the δδδδi’s
� Hence m divides the greatest common divisor of theδi’s
)(mod 0 m≡δ
52
Vigenère Cipher
� The distances from the first occurrence to other four occurrences are 165, 235, 275, 285.
� The greatest common divisor of these four integers is 5. (very likely keyword length)
CHREEVOAHMAERATBIAXXWTNXBEEOPHBSQMQEQERBW
RVXUOAKXAOSXXWEAHBWGJMMQMNKGRFVGXWTRZXWIAK
LXFPSKAUTEMNDCMGTSXMXBTUIADNGMGPSRELXNJELX
VRVPRTULHDNQWTWDTYGBPHXTFALJHASVBFXNGLLCHR
ZBWELEKMSJIKNBHWRJGNMGJSGLXFEYPHAGNRBIEQJT
AMRVLCRREMNDGLXRRIMGNSNRWCHRQHAEYEVTAQEBBI
PEEWEVKAKOEWADREMXMTBHHCHRTKDNVRZCHRCLQOHP
WQAIIWXNRMGWOIIFKEE
53
Vigenère Cipher
� The index of coincidence
� Observe that a completely
random string will have
� The two values 0.065 and
0.038 are quite apart.
probabilityletterprobabilityletter
.024
.040
.008
.002
.070
.061
.020
.022
.127
.043
.028
.015
.082
.001ZM
.020YL
.001XK
.023WJ
.010VI
.028UH
.091TG
.063SF
.060RE
.001QD
.019PC
.075OB
.067NA
065.0)(25
0
2 =≈∑=i
ic pI x
038.026
1)
26
1(26 2 ==≈cI
54
Vigenère Cipher
Using index of coincidence� Define m substring of y, denoted y1, y2, … , ym,
y1 = y1ym+1y2m+1 …
y2 = y2ym+2y2m+2 …
…
ym= ymy2my3m…
� If m is indeed the keyword length� Each value Ic(yi) ≈ 0.065.
� If m is not the keyword length� The substrings yi will look much more random.
� Each value Ic(yi) ≈ 0.038.
55
Vigenère Cipher
Computation of indices of coincidence� m = 1, index of coincidence is 0.045
� m = 2, we get 0.046 and 0.041
� m = 3, we get 0.043, 0.050, and 0.047
� m = 4, we get 0.042. 0.039. 0.046, and 0.040
� m = 5, we get 0.063, 0.068, 0.069, 0.061, and 0.072
56
Vigenère Cipher
How to determine the key K = (k1, k2, … , km).
� Let p’0, … , p’25 denote the probabilities of A, B, …, Z in the
string yi.
� Since substring yi is obtained by shift encryption of a subset
of the plaintext using a shift ki ,
� p0 ≈ p’0+k , p1 ≈ p’1+k , …
57
Vigenère Cipher
� Compute
for all 0 ≤≤≤≤ k ≤≤≤≤ 25.
� If k = ki, I ≈ 0.065.
� If k ≠ ki, I ≈ 0.038.
'25
0
I ki
i
i pp +=∑=
58
Vigenère Cipher
. 0 3 4 . 0 3 1 . 0 3 5 . 0 4 4 . 0 4 7 . 0 3 7 . 0 4 3 . 0 3 8 . 0 4 2
. 0 3 7 . 0 3 3 . 0 3 2 . 0 3 5 . 0 3 7 . 0 3 6 . 0 4 5 . 0 3 2 . 0 2 9
. 0 4 4 . 0 7 2 . 0 3 6 . 0 2 7 . 0 3 0 . 0 4 8 . 0 3 6 . 0 3 7 . 0 0 0Y5
. 0 4 5 . 0 3 2 . 0 3 3 . 0 3 8 . 0 6 0 . 0 3 4 . 0 3 4 . 0 3 4 . 0 5 0
. 0 3 3 . 0 3 3 . 0 4 3 . 0 4 0 . 0 3 3 . 0 2 8 . 0 3 6 . 0 4 0 . 0 4 4
. 0 3 7 . 0 5 0 . 0 3 4 . 0 3 4 . 0 3 9 . 0 4 4 . 0 3 8 . 0 3 5 . 0 0 0Y4
. 0 4 8 . 0 2 9 . 0 4 2 . 0 4 3 . 0 4 4 . 0 3 4 . 0 3 8 . 0 3 5 . 0 3 2
. 0 4 9 . 0 3 5 . 0 3 1 . 0 3 5 . 0 6 5 . 0 3 5 . 0 3 8 . 0 3 6 . 0 4 5
. 0 2 7 . 0 3 5 . 0 3 4 . 0 3 4 . 0 3 7 . 0 3 5 . 0 4 6 . 0 4 0 . 0 0 0Y3
. 0 6 9 . 0 4 4 . 0 3 2 . 0 3 5 . 0 4 4 . 0 3 4 . 0 3 6 . 0 3 3 . 0 3 0
. 0 3 1 . 0 4 2 . 0 4 5 . 0 4 0 . 0 4 5 . 0 4 6 . 0 4 2 . 0 3 7 . 0 3 2
. 0 3 4 . 0 3 7 . 0 3 2 . 0 3 4 . 0 4 3 . 0 3 2 . 0 2 6 . 0 4 7 . 0 0 0Y2
. 0 3 5 . 0 3 1 . 0 3 6 . 0 3 7 . 0 3 5 . 0 3 9 . 0 2 8 . 0 2 8 . 0 4 8
. 0 6 1 . 0 3 9 . 0 3 5 . 0 4 0 . 0 3 8 . 0 3 8 . 0 4 4 . 0 3 6 . 0 3 0
. 0 4 2 . 0 4 3 . 0 3 6 . 0 3 3 . 0 4 9 . 0 4 3 . 0 4 1 . 0 3 6 . 0 0 0Y1
From the data in Table 1.4, the key is likely to be K = (9, 0, 13, 4, 19)
59
Vigenère Cipher
Decrytion of the ciphertext
The almond tree was in tentative blossom. The days were longer, often ending with magnificent evenings of corrugated pink skies. The hunting season was over, with hounds and guns put away for six months. The vineyards were busy again as the well-organized farm-ers treated their vines and the more lackadaisical neighbors hurried to do the pruning they should have done in November.
60
Autokey system
The problem of Vigenère cipher
� The periodic nature of the keyword
� Vigenère proposed Autokey system.
� The periodic nature is eliminated by using a nonrepeating keyword.
� The keyword is as long as the message itself.
� After key is exhausted, keyword is concatenated with the plaintext
itsself to provide a running key.
61
Autokey system
For example
� Easy to break
� Because key and plaintext share the same frequency distribution of
letters, statistical technique can be applied.
� e enciphered with e would occur with a frequency of (0.1275)2 ≈0.0163 and t enciphered with t would occur with a frequency of
(0.0925)2 ≈ 0.0086.
Key: deceptivewearediscoveredsavPlaintext: wearediscoveredsaveyourselfCipheretxt: ZICVTWQNGKZEIIGASXSTSLVVWLA
62
Vernam cipher
The ultimate defense against such a cryptanalysis is to choose
a keyword that is as long as the plaintext and has no statistical
relationship to it.
Gilbert Vernam, AT&A engineer, introduced such a cipher.
� This system works on binary data rather than letters.
63
Vernam cipher
Encryption Algorithm
iii kpc ⊕=
ci = ith binary digit of ciphertext
pi = ith binary digit of plaintext
ki = ith binary digit of key
= exclusive-or (XOR) operation⊕
64
Vernam cipher
Decryption Algorithm
iii kcp ⊕=
pi = ith binary digit of plaintext
ki = ith binary digit of key
ci = ith binary digit of ciphertext
= exclusive-or (XOR) operation⊕
65
Vernam cipher
The essence of this technique is the means of construction of
the key.
Vernam proposed the use of a running loop of tape that
eventually repeated the key.
� Repeating keyword
It can be broken with sufficient ciphertext, the use of known or
probable plaintext sequences, or both.
66
One-Time Pad
An Army Signal Corp officer, Joseph Mauborgne, proposed
an improvement to the Vernam cipher.
Mauborgne suggested using a random key that is as long as
the message, with no repetitions.
Such scheme is unbreakable. (One-time pad)
� It produces random output that bears no statistical
relationship to the plaintext.
� The ciphertext contains no information whatsoever about
plaintext. (There is simply no way to break.)
67
One-Time Pad
Suppose that we are using a Vigenère scheme with 27
characters in which
� the twenty-seventh character is the space character,
� but with a one-time key that is as long as the message.
Thus, the tableau of Table 2.3 must be expanded to 27 Х27.
68
One-Time Pad
Consider the ciphertext.
Two different decryptions using two different keys:
ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
mr mustard with the candlestick in the hallPlaintext :
pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyihKey :
ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTSciphertext :
miss scarlet with the knife in the libraryPlaintext :
pfugpmiydgaxgoufhklllmhsqdqogtewbqfgyovuhwtKey :
ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTSciphertext :
69
One-Time Pad
Suppose that cryptanalyst had managed to find these two keys.
� Two plausible plaintext are produced.
How is the cryptanalyst to decide which is the correct
decryption?
� Which is correct key?
� If the actual key were produced a truly random fashion, then
he cannot say correctly.
Thus, there is no way to decide which key or plaintext is correct.
70
One-Time Pad
The security of the one-time pad is entirely due to the
randomness of the key.
� If the stream of characters that constitute the key is truly
random, then the ciphertext will be truly random.
� No patterns.
� No regularities that a cryptanalyst can use.
71
One-Time Pad
The one-time pad offers complete security but in practice, has two fundamental difficulties:
1. The practical problem of making large quantities of random keys.� Any heavily used system might require millions of random
characters on a regular basis.
2. The problem of key distribution and protection.� For every message to be sent, a key of equal length is needed by
both sender and receiver.
Because of these difficulties, the one-time pad is of limited utility.
72
Contents
Symmetric Cipher Model
Substitution Techniques
Transposition Techniques
Rotor Machines
Steganography
73
Transposition Techniques
All the techniques examined so far involve the substitution of
a ciphertext symbol for a plaintext symbol.
A very different kind of mapping is achieved by performing
some sort of permutation on the plaintext letters.
This technique is referred to as a transposition cipher.
74
Rail Fence
The simplest transposition technique is rail fence technique.
� The plaintext is written down as a sequence of diagonals.
� Then read off as a sequence of rows.
Example : Encryption
� Plaintext : meet me after the toga party
� Ciphertext : MEMATRHTGPRYETEFETEOAAT
� Depth : 2
m e m a t r h t g p r y m e m a t r h t g p r y
e t e f e t e o a a te t e f e t e o a a t
75
A more complex scheme
A more complex scheme is to write the message in a
rectangle, row by row, and read the message off, column by
column, but permute the order of the columns.
� The order of the columns then becomes the key to the algorithm.
� Example
Key : 4 3 1 2 5 6 7
Plaintext : a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext : TTNAAPTMTSUOAODWCOIXKNIYPETZ
76
A more complex scheme
A pure transposition cipher is easily recognized because it
has the same letter frequencies as the original plaintext.
� Diagram and trigram frequency tables can be useful.
77
A more complex scheme
The transposition cipher can be made significantly more
secure by performing more than one stage of transposition.
� The result is a more complex permutation.
zyxmaow
Tlitnud
enoptso
pkcattaPlaintext :
7652134Key :
ztepyln
kxiocwd
oaoustm
tpaanttPlaintext :
7652134Key :
Ciphertext : TTNAAPTMTSUOAODWCOIXKNIYPETZ
Ciphertext : NSCYAUOPTTWLTMDNAOIEPAXTTOKZ
78
Result of this double transposition
To visualize the result of this double transposition, designate the letters in
the original plaintext message by the numbers designating their position.
After the first transposition, it has a somewhat regular structure.
After the second transposition, it becomes more difficult to cryptanalyze.
2827262524232221201918171615
1413121110090807060504030201
2821140727201306261912052215
0801231609022518110424171003
2806081821260111141923041315
2503202202100712162427050917
79
Contents
Symmetric Cipher Model
Substitution Techniques
Transposition Techniques
Rotor Machines
Steganography
80
Rotor Machine
Multiple stages of encryption can produce an algorithm that is
significantly more difficult to cryptanalyze.
The rotor machine adopts multiple stages of encryption.
81
Rotor Machine
Rotor machine consists of
independently rotating cylinders
� Each cylinder has 26 input
pins and 26 output pins
� Each internal wire connects an
input pin to an output pin.
82
Rotor Machine
If we associate each input and output with a
letter of the alphabet, then a single cylinder
defines a monoalphabetic substitution.
Consider a machine with a single cylinder.
� After each input key is depressed, the cylinder
rotates one position.
� The internal connection are shifted accordingly.
� Thus, a different monoalphabetic substitution
cipher is defined.
� After 26 letters of plaintext, the cylinder would
be back to the initial position.
83
Rotor Machine
The power of the rotor machine is in the use of multiple
cylinders.
� The output pins of one cylinder are connected to the inputs of the next.
84
Rotor Machine
With multiple cylinders,
� The one closest to the operator
input rotates one pin position with
each keystroke.
� For every complete rotation of the
inner cylinder, the middle cylinder
rotates one pin position.
� For every complete rotation of the
middle cylinder, the outer cylinder
rotates one pin position.
85
Rotor Machine
26 ⅹ26 ⅹ 26 = 17,576 different
substitution alphabets used.
86
Rotor Machine
87
Contents
Symmetric Cipher Model
Substitution Techniques
Transposition Techniques
Rotor Machines
Steganography
88
Steganography
The methods of steganography conceal the existence
of the message.
89
Steganography
A simple form of steganography
� For example
� The sequence of first letters of each word of overall message spells
out the hidden message
� An example in which a subset of the words of the overall message
is used to convey the hidden message
90
Steganography
Classic techniques
� Character marking : selected letters of printed or
typewritten text are overwritten in pencil (light)
� Invisible ink
� Pin punctures : small pin punctures on selected letters
(light)
� Typewriter correction ribbon : Used between lines typed
with a black ribbon, the results of typing with correction
tape are visible only under a strong light.
91
Steganography
Modern techniques
� Using the Least Significant Bits (LSB) of frames on a CD
� For example
� Kodak Photo CD format’s maximum resolution is 2048 by 3072
pixels.
� Each pixel contains 24 bits of RGB color information.
� LSB of each 24-bit pixel can be changed without greatly affecting
the quality of the image.
� The result, you can hide a 2.3-megabyte message in a single
digital snapshot.
92
Steganography
Drawbacks of steganography
� A lot of overhead to hide a relatively few bits of
information.
� Once the system is discovered, it becomes virtually
worthless
� Alternatively, a message can be first encrypted and then hidden
using steganography.
Advantage of steganography
� To lose the fact of parties of secret communication be
discovered.