Classical Encryption Techniques Computer Security Dept. of Computer Science, College of Computer and Information Sciences King Saud University Prepared by Yuan Tian
Classical Encryption
Techniques Computer Security
Dept. of Computer Science,
College of Computer and Information Sciences
King Saud University
Prepared by Yuan Tian
Outline
• Symmetric Encryption Principles
• Classical Substitution Ciphers
• Classical Transposition Ciphers
Types of ciphers
• Symmetric cipher
– Called “conventional, secret-key, or single-key”
– Use of the same key between sender and receiver
– The only type of cryptography, prior to invention of public-key in 1970’s
• Asymmetric cipher
– Called, “public-key or 2-keys”
– Use of different keys for encryption and decryption
Symmetric Encryption Principles
• An encryption scheme has five ingredients:
– Plaintext (input to encryption algorithm)
– Encryption algorithm (substitution & transposition)
– Secret Key (input to encryption algorithm)
– Ciphertext (result of encryption)
– Decryption algorithm (reverse of encryption algorithm)
• Security depends on the secrecy of the key, not the
secrecy of the algorithm
Symmetric Encryption Principles
X
Y = E[K,X]
Transmitted
ciphertext
X = D[K,Y]
Plaintext
input
Plaintext
output
Secret key shared by
sender and recipient
Secret key shared by
sender and recipient
Encryption algorithm Decryption algorithm (reverse of encryption algorithm)
Simplified Model of Symmetric Cipher
Two Requirements of Symmetric Encryption
• A strong encryption algorithm:
Unable to decrypt ciphertext or discover the key,
though algorithm and plain/ ciphertext are known to
the opponents.
• The secret key:
Obtained and kept in a secure way for only the sender
and receiver
Characterizing Cryptographic Systems
• Operations used for encryption:
– Substitution replace one element in plaintext with another
– Transposition re-arrange elements
– Product systems multiple stages of substitutions and transpositions
• Number of keys used:
– Symmetric sender/receiver use same key (single-key, secret-key,
shared-key, conventional)
– Public-key sender/receiver use different keys (asymmetric)
• Processing of plaintext:
– Block cipher process one block of elements at a time(typically 64
or 128 bits)
– Stream cipher process input elements continuously (bit-by-bit or
byte-by-byte)
Cryptanalysis and Brute-Force Attacks
• Objective of attacker: recover key (not just message)
• Approaches of attacker:
– Cryptanalysis Exploit characteristics of algorithm to deduce
plaintext or key
– Brute-force attack Try every possible key on ciphertext until
intelligible translation into plaintext obtained
• If either attack finds key, all future/past messages are
compromised
Cryptanalysis
• The process of attempting to discover the plaintext
or key or both.
• The strategy of cryptanalysis depends on the nature
of encryption scheme and the information available
to the cryptanalyst
• Types of cryptanalytic attacks:
– Ciphertext only
– Known plaintext
– Chosen plaintext
– Chosen ciphertext
– Chosen text
Types of Cryptanalytic Attacks
Type of Attack Known to Cryptanalyst
Ciphertext only • Encryption algorithm • Ciphertext to be decoded
Known plaintext • Encryption algorithm • Ciphertext to be decoded • One or more plaintext-ciphertext pairs formed with the secret key
Chosen plaintext
• Encryption algorithm • Ciphertext to be decoded • Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with the secret key
Chosen ciphertext
• Encryption algorithm • Ciphertext to be decoded • Purported ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key
Chosen text
• Encryption algorithm • Ciphertext to be decoded • Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with the secret key • Purported ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key
Measures of Security
• Unconditionally Secure
– Ciphertext does not contained enough information to derive
plaintext or key
– One-time pad is only unconditionally secure cipher (but not very
practical)
• Computationally Secure
If either:
– Cost of breaking cipher exceeds value of encrypted information
– Time required to break cipher exceeds useful lifetime of encrypted
information
• Hard to estimate value/lifetime of some information
• Hard to estimate how much effort needed to break cipher
Average time required for exhaustive key search
Key Size (bits)
Number of Alternative Keys
Time required at 106 Decryption/µs
32 232 = 4.3 x 109 2.15 milliseconds
56 256 = 7.2 x 1016 10 hours
128 2128 = 3.4 x 1038 5.4 x 1018 years
168 2168 = 3.7 x 1050 5.9 x 1030 years
Basic Terminology (1/2)
• plaintext - the original message
• ciphertext - the coded message
• cipher - algorithm for transforming plaintext to ciphertext
• key - info used in cipher known only to sender/receiver
• encipher (encrypt) - converting plaintext to ciphertext
• decipher (decrypt) - recovering plaintext from ciphertext
• cryptography - study of encryption principles/methods
• cryptanalysis (codebreaking) - the study of principles/ methods of deciphering ciphertext without knowing key
Basic Terminology (2/2)
• secret key: A secret key is used to set some or all of the various parameters used by the encryption algorithm.
• Cryptology: the field of both cryptography and cryptanalysis
• block cipher: A block cipher processes a block of input data at a time and produces a ciphertext block of the same size.
• stream cipher: A stream cipher encrypts data on the fly, usually one byte at a time
• brute-force attack: A block cipher processes a block of input data at a time and produces a ciphertext block of the same size.
• key space: The total number of all possible keys that can be used in a cryptographic system
Types of Classical Ciphers
• Substitution ciphers
• Permutation (or transposition) ciphers
• Product ciphers
Classical Substitution Ciphers
• Letters of plaintext are replaced by other
letters or by numbers or symbols
• If plaintext is viewed as a sequence of bits,
then substitution involves replacing
plaintext bit patterns with ciphertext bit
patterns
Caesar Cipher
• The earliest known substitution cipher used by
Julius Caesar
• Replacement of each letter with the 3rd letter
down from the alphabet
- E(p)=(p+3) mod 26, p : a plaintext letter
- example: plaintext: a r e y o u r e a d y
ciphertext: DUH BRX UHDGB
What’s the key?
Caesar Cipher
• Can define transformation as: a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
• Mathematically give each letter a number
• Then Caesar cipher is generalized as below:
– C = E(p) = (p + k) mod (26)
– p = D(C) = (C – k) mod (26)
a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y z
13 14 15 16 17 18 19 20 21 22 23 24 25
Cryptanalysis of Caesar Cipher
• Three important characteristics
- The encryption / decryption algorithm are known
- There are only 25 keys to try
- The language is known and easily readable
• A brute force search easily performed
- given a ciphertext, just try all the 25 possible keys
- e.g., break ciphertext "GCUA VQ DTGCM"
Monoalphabetic Ciphers
• A dramatic increase in the key space by an arbitrary
substitution.
– Any letter substituted by any letter.
– Then 26!(› 4*1026 ) possible keys.
– Likely to effectively eliminate brute-force techniques.
– plaintext letters: a b c d e f .....
– substitution letters: t h i j a b .....
Monoalphabetic Ciphers
• A dramatic increase in the key space by an arbitrary
substitution.
– Any letter substituted by any letter.
– Then 26!(› 4*1026 ) possible keys.
– Likely to effectively eliminate brute-force techniques.
plaintext letters: a b c d e f .....
substitution letters: t h i j a b .....
– But, the characteristics of this algorithm are similar to Caesar
cipher.
– Known algorithm and language.
Cryptanalysis of Monoalphabetic Ciphers
• Use the relative frequency of letters in English text.
– For single letter : e, t, r, n, i, o, a, s, d
– For digraphs : th,
– For trigraphs : the,
• A powerful tool
– Start with the frequency of digraphs
– Then replace the letter adjacent to the digraph with
a letter appropriate for the frequency of single letter
– Repeat the above steps
23
Monoalphabetic Ciphers
Figure 1 shows the relative frequencies for the letters of the
English alphabet in a sample of English text.
Cryptanalysis of Monoalphabetic Ciphers
Relative frequency of Letters in EnglishText
Letter
Relative
Frequency
(%)
Letter
Relative
Frequency
(%)
Letter
Relative
Frequency
(%)
E 12.75 L 3.75 W 1.50
T 9.25 H 350 V 1.50
R 8.50 C 3.50 B 1.25
N 7.75 F 3.00 K 0.50
I 7.75 U 3.00 X 0.50
O 7.50 M 2.75 Q 0.50
A 7.25 P 2.75 J 0.25
S 6.00 Y 2.25 Z 0.25
D 4.25 G 2.00
Cryptanalysis of Monoalphabetic Ciphers
• Try to break the ciphertext as below:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEP
HZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFP
OMBZWPFUPZHMDJUDTMOHMQ
Relative frequency of Letters in CipherText
Letter
Relative
Frequency
(%)
Letter
Relative
Frequency
(%)
Letter
Relative
Frequency
(%)
Letter
Relative
Frequency
(%)
Letter
Relative
Frequency
(%)
P 13.13 H 5.83 F 3.33 B 1.67 C 0.00
Z 11.67 D 5.00 W 3.33 G 1.67 K 0.00
S 8.33 E 5.00 Q 2.50 Y 1.67 L 0.00
U 8.33 V 4.17 T 2.50 I 0.83 N 0.00
O 7.50 X 4.17 A 1.67 J 0.83 R 0.00
M 6.67
The Example of Cryptanalysis
• At a first step, compare the relative frequency of
letters in ciphertext with the standard frequency
distribution for English. – This example is a relatively short message with no
assurance of exact match
– P and Z seems the equivalents of plain letters e ant t
– S,U,O,M are probably in the set of {r,n,i,o,a,s}
• Pairs of adjacent characters are referred to as digrams, and triples of characters
as trigrams
• The most frequently occurring trigrams ordered by decreasing frequency are:
the and ent ion tio for nde .....
Cryptanalysis of Monoalphabetic Ciphers
Table 1 are the digram frequencies (The table does not include digrams whose relative
frequencies are below 0.47)
The Example of Cryptanalysis
• Make some tentative assignments and start to fill them in the
plaintext
• Then, See if it looked like a reasonable skeleton of a message,
• If needed, look for other regularity, such as deducing the
plaintext equivalents from repeating sequences of cipher letters
• The most common digraph are “ZW”, in ciphertext and “th“ in
English
• Then , try to equate p with e ( the letters with the most relative frequency in CT & PT)
- the ZWP apperars in CT
- the most frequent trigraph is “the” in English
-
The Example of Cryptanalysis
• Next, notice the sequence ZWSZ in the first line.
-We can quess that it is the form th_t.
-Therefore, S equates with a.
• So far, we have :
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
t a e e te a t h at e e a a
VUEPHZHMDZSHZOWSFPAPPDTSVPQZWYMXUZUHSX
e t ta t h a e ee a e th t a
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
e e e tat e the t
-
Cryptanalysis of Monoalphabetic
• Two main methods to lessen the frequency regularity
of letters in ciphertext are :
- To encrypt multiple letters of plaintext at a time
(Multiple-letter Encryption)
- To use multiple cipher alphabets for a plaintext alphabet
(Polyalphabetic Ciphers)
-
Playfair Algorithm
• This is the best known multiple-letter encryption.
• Treats digraphs in the plaintext as single units
• Translates these units into ciphertext digraphs.
• Is based on the use of a 5x5 matrix of letters
constructed by using a keyword.
Playfair Algorithm
• An example matrix
• The keyword is “MONARCHY”
• The keyword is filled into the matrix from left to right
and from top to bottom.
• Then, other letters are filled into the matrix by the
same way with alphabetic order.
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
How Secure is the Playfair Cipher?
• Encryption rules:
– Repeating plaintext letters are separated with a filler letter,
such as x.(balloon -> ba lx lo on)
– Letters in the same row are each replaced by the letter to
right.(ar-> RM)
– Letters in the same column are each replaced by the letter
beneath.(mu->CM)
– Otherwise, each letter is replaced by the letter crossed at the
its row and column of the other letter in the digraph.(ea->IM)
Playfair Algorithm
• A great advance over monoalphabetic ciphers.
– There are not 26 letters, but 26x26=676 digraphs.
– More difficult to identify each digraph.
– Much more difficult for frequency analysis due to a much
greater frequency range of individual letters than that of
digraph.
– Used as the standard field system by the British Army in
World War Ⅰ & Ⅱ.
• Despite this level of confidence in its security, the
Playfair cipher is in fact relatively easy to break
because it still leaves much of the structure of the
plaintext language intact.
Relative Frequency of Occurrence of Letters
0
10
20
100
60
50
40
30
90
80
70
2 4 6 8 10 12 14 16 18 20 22 24 26
Plaintext
Playfair cipher
Vigenere cipher
Random polyalphabetic cipher
How Secure is the Playfair Cipher?
The cryptanalysis of the Playfair cipher is also aided by the
fact that a digram and its reverse will encrypt in a similar
fashion.
•if AB encrypts to XY, then BA will encrypt to YX
•Example of words that begin and end in reversed digrams:
receiver, departed, repairer, redder, denuded, etc.
Polyalphabetic Ciphers
• Use of different monoalphabetic substitutions
through enciphering the plaintext.
• Common features in these techniques
– A set of related monoalphabetic substitution rules is used. (the 26 Caesar
cipher rules)
– A key determines which particular rule is chosen for a given
transformation.
– The key is a repeating keyword.
Vigenère Cipher
• The best-known and simplest polyalphabetic
substitution cipher.
• Encryption process
– Use of the Vigenère tableau which is a matrix of 26x26.
– The matrix consists of 26 cipher letters at horizontal line, the
key letter for each cipher to its left, and 26 normal letters on the
top horizontal line.
– A cipher letter is determined at the cross of a key letter(x) and a
normal letter(y), i.e. C=I(x,y), I=intersection
Vigenère Cipher
• To encrypt a message,
– A key is needed that is as long as the message
– So, the key is a repeating keyword.
• For example,
– The keyword is “deceptive”.
– The message is “we are discovered save yourself”.
– Then
Key: d e c e p t i v e d e c e p t i v e d e c e p t i v e
Plaintext: w e a r e d i s c o v e r e d s a v e y o u r s e l f
Ciphertext: ZICVTWQNGRZVTWAVZHCQYGLMGJ
Vigenère Cipher
The Modern Vigenère Cipher
Vigenère Cipher
• Strength
– Multiple ciphertext letters for each plaintext letter
– The letter frequency information obscured
– An improvement achieved over the Playfair cipher.
• However, the structure of plaintext is still remained. So frequency analysis is still effective
• And the periodic nature of the keyword due to its length – Will produce identical ciphertext sequences from the two
identical sequences of plaintext letters occurred at an integer multiple of the keyword length
Cryptanalysis of Vigenère Cipher
• First, guess that the ciphertext was encrypted by either monoalphabetic substitution or a Vigenère Cipher.
- If a monoalphabetic substitution is used,
the statistical properties of the ciphertext
should be used.
- if a Vigenère is used,
the progress depends on determining the
length of the keyword.
Cryptanalysis of Vigenère Cipher
• How to determine the keyword length:
- Two identical sequences of plaintext might
generate identical ciphertext sequences at a
distance with an integer multiple of the
keyword length.
- Two instances of the sequence “red” are
separated by 9 character positions.
i.e. red =>VTW
Cryptanalysis of Vigenère Cipher
• From the appearance of VTW twice, the opponent could guess the keyword is either 3 or 9 letters in length.
• If the keyworld length is N, then the cipher consists of N monoalphabetic substitution ciphers.
- the known frequency characteristics of
plaintext language can be used to attack
this cipher
Cryptanalysis of Vigenère Cipher
• To avoid the above drawback,
- Eliminate the periodic nature by using
a nonrepeating keyword
- Vigenère proposed an autokey system a
keyword is concatanated with the plaintext
itself to provide a running key.
- for example,
key: deceptivewearediscoveredsav
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGKZEIIGASXSTSLVVWLA
• Rearrangement (permutation) of the letter order
without altering the actual letters used.
• Rail fence technique: the simplest one.
– Write the plaintext down a sequence of columns
– Read off as a sequence of rows
• For example, the message “meet me after the party” is
encrypted with a rail fence of depth 2 as below:
mematrhpry
⇒ MEMATRHPRYETEFETEAT etefeteat
Transposition Ciphers
• A more complex scheme :
– Write the message in a rectangle, row by row
– Read off column by column
– But, permute the order of the columns
– Then, the order of columns becomes the key.
• A much more complex scheme :
– Perform more than one stage of column permutation
Transposition Ciphers
• FOR EXAMPLE
– The message is “attack postponed until two am”
– Using one stage of transposition:
– Using two stages of transpositions:
Key: 4 3 1 2 5 6 7 Plaintext: a t t a c k p
o s t p o n e d u n t i l t w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPEZ
Key: 4 3 1 2 5 6 7 Plaintext: t t n a a p t
m t s u o a o D w c o i x K N l y P e t Z
Ciphertext: NSCYAUOPTTWLTMDNAOIEPAXTTOKZ
Transposition Ciphers