Classical Encryption

1

Cryptography and Network

Security

Lecture 2: Classical encryption

2

OutlineOutline• Conventional Encryption Principles• Conventional Encryption Algorithms• Cipher Block Modes of Operation• Location of Encryption Devices• Key Distribution

3

Background

• Cryptography is the science of writing in secret code

• Ancient art; – the first documented use of cryptography in writing

dates back to 1900 B.C. – Egyptian scribe used non-standard hieroglyphs in an

inscription. Some experts argue that cryptography appeared spontaneously sometime after writing was invented, with applications ranging from diplomatic missives to war-time battle plans.

4

Secret-key cryptography

• Will cover more than half of this course• I.1 Secret-key cryptography• Also called symmetric or conventional cryptography• �Five ingredients

– �Plaintext– �Encryption algorithm: runs on the plaintext and the encryption key to yield the cipher text– �Secret key: an input to the encryption algorithm, value independent of the plaintext;

different keys will yield different outputs– �Cipher text: the scrambled text produced as an output by the encryption algorithm– �Decryption algorithm: runs on the cipher text and the key to produce the plaintext

• �Requirements for secure conventional encryption– �Strong encryption algorithm

• �An opponent who knows one or more cipher texts would not be able to find the plaintexts or the key • �Ideally, even if he knows one or more pairs plaintext-cipher text, he would not be able to find the key

• �Sender and receiver must share the same key. Once the key is compromised, all communications using that key are readable�

• It is impractical to decrypt the message on the basis of the cipher text plus the knowledge of the encryption algorithm �encryption algorithm is not a secret

5

Cryptography –some notations

• �Notation for relating the plaintext, cipher text, and the keys– �C=EK(P) denotes that C is the encryption of the

plaintext P using the key K– �P=DK(C) denotes that P is the decryption of the

cipher text C using the key K– �Then DK(EK(P))=P

6

Conventional Encryption Conventional Encryption PrinciplesPrinciples

7

Disadvantage of symmetric crypto

• The disadvantage of symmetric cryptography is that it presumes two parties have agreed on a key and been able to exchange that key in a secure manner prior to communication. This is a significant challenge

8

CryptographyCryptography• Classified along three independent

dimensions:– The type of operations used for transforming

plaintext to cipher text– The number of keys used

• symmetric (single key)• asymmetric (two-keys, or public-key encryption)

– The way in which the plaintext is processed

9

Cryptanalysis & Brute force• Cryptanalysis:

– refers to the study of ciphers, ciphertext, with a view to finding weakness in them that will permit retrieval of the plaintext from the ciphertext , without knowing the key or the algorithm. This is known as breaking cipher, or ciphertext.

• Brute-force attack: – The attacker tries every possible key on a piece of ciphertext until an

intelligible translation into plaintext is obtained. On average, half of all possible keys must be tried to achieve success.

10

Caesar Cipher

• Mathematically give each letter a number– a b c d e f g h i j k l m n o p q r s t u v w x y z– 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 2425

• The key is a number from 0 to 25• Caesar cipher can now be given as

11

Caesar Cipher• It is a typical substitution cipher and the oldest known –attributed to

Julius Caesar• Simple rule: replace each letter of the alphabet with the letter

standing 3 places further down the alphabet• For decryption move back ward• Example:

– MEET ME AFTER THE TOGA PARTY– PHHW PH DIWHU WKH WRJD SDUWB

• Here the key is 3 –choose another key to get a different substitution• The alphabet is wrapped around so that after Z follows A:

a b c d e f g h i j k l m n o p q r s t u v w x y z• D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

12

Attacking Caesar

• Caesar can be broken if we only know one pair (plain letter, encrypted letter) – The difference between them is the key

• Caesar can be broken even if we only have the encrypted text and no knowledge of the plaintext– Brute-force attack is easy: there are only 25 keys

possible– Try all 25 keys and check to see which key gives an

intelligible message

13

Why is Caesar easy to break?�Only 25 keys to try�The language of the plaintext is known and easily recognizable

14

Another example• Key Text• 0 exxegoexsrgi• 1 dwwdfndwrqfh• 2 cvvcemcvqpeg• 3 buubdlbupodf• 4 attackatonce• 5 zsszbjzsnmbd• 6 yrryaiyrmlac...• 23 haahjrhavujl• 24 gzzgiqgzutik• 25 fyyfhpfytshj

15

Strengthening Caesar: monoalphabetic ciphers

• Caesar only has 25 possible keys –far from secure• Idea: instead of shifting the letters with a fixed amount

how about allowing any permutation of the alphabet– Plain: a b c d e f g h I j k l m n o p q r s t u v w x y z– Cipher: D K V Q F I B J W PE S C X H T M Y A U O L R G Z N

– Plaintext: if we wish to replace letters– Cipher text: WI RF RWAJ UH YFTSDVF SFUUFYA

• This is called monoalphabetic substitution cipher–a single alphabet is used

• The increase in the number of keys is dramatic: 26!, i.e., more than 400,000,000,000,000,000,000,000,000 such rearrangements

16

Monoalphabetic ciphers• Having SO MANY possible keys appears to make the system

challenging: difficult to perform brute-force attacks • �There is however another line of attack that easily defeats the

system even when a relatively small ciphertext is known

– If the cryptanalyst knows the nature of the text, e.g., non compressed English text, then he can exploit the regularities of

the language

17

Language redundancy and cryptanalysis

• Human languages are redundant• �Letters are not equally commonly used

– �In English E is by far the most common letter – �Follows T,R,N,I,O,A,S – �Other letters are fairly rare

• �See Z,J,K,Q,X • �Tables of single, double & triple letter frequencies exist

– �Most common diagram in English is TH– �Most common trigram in English in THE

• Here is the cipher text:– Ftt bdv bfhvq efno ukvj f tnmvbnxv ic bdv fkvjfyv Fxvjnlfz fjv

qevzb ic bdv yukvjzxvzb nz tvqq bdfz f qvluzo.

18

Cryptanalysis of monoalphabetic ciphers

• Key concept –monoalphabetic substitution ciphers do not change relative letter frequencies – �Discovered by Arabs in the 9thcentury

• �Calculate letter frequencies for cipher text• �Compare counts/plots against known values

• �Most frequent letter in the cipher text may well encrypt E• �The next one could encrypt T or A• �After relatively few tries the system is broken• �If the cipher text is relatively short (and so, the frequencies are not

fully relevant) then more guesses may be needed

• �Powerful tool: look at the frequency of two-letter combinations (digrams)

19

English Letter Frequencies

20

Breaking contd• Let’s count some letters. The most common letter is V,

followed by F, N, B, Z • The most common English letters are ETAIN… it is

highly likely that we have some matches here – though it is not a certainty. Also ‘F’ probably stands for I or A as ‘F’ appears alone more than once

• It should also be noted that where V ends a three letter word, that word is ‘BDV’. The most common trigraph (three letter sequence) in English is ‘THE’ – so let us guess that ‘BDV’is ‘THE’.

• The sequence ‘BDFZ’ gives a little hope, as f is likely tobe ‘A’ or ‘I’ then ‘BDFZ’ could be ‘THIS’ or ‘THAN’ (not ‘THAT’

21

Breaking contd• What else can we establish? Either N or Z is likely to be

a vowel (‘NZ’) – and so is I or C (‘IC’).• Looking at the first word, Ftt – F is likely to be A or I,

so what could this be?• ADD • AHH • ALL • ANN • ASS • Resonable one is ALL• BDFZ’ is ‘THAN’

22

Breaking contd

• All the ta e a e a l et e the

• Ftt bdv bfhvq efno ukvj f tnmvbnxv ic bdv

23

Block Cipher• First break the plain text into equal sized blocks.• Most popular block is 8 character, or 64 bits• Operates on a fixed size block • Add extra character if block is not complete plaintext: The only thing we have to fear is fear

itselfmodified plaintext:

Theonlythingwehavetofearisfearitself   plaintext blocks:

Theonlyt hingweha vetofear isfearit selfXend

24

Block Cipher

• Extra bit adding is called padding

• If block size is 8 each block would be transformed into different 8 character cipher block

• Block cipher can use number of other cryptography techniques to transform each block

25

The first character in each block becomes the last

plaintext: The only thing we have to fear is fear itself

plaintext blocks: Theonlyt hingweha vetofear isfearit selfXend

ciphertext blocks: tylnoehT ahewgnih raefotev tiraefsi dneXfles

ciphertext: tylnoehTahewgnihraefotevtiraefsidneXfles

26

Block cipher

• To send cryptanalysis in the wrong direction, the cipher text can be sent in blocks of a different size than the size used to encrypt the plaintext. For example, the above cipher text could be sent in blocks of five

• ciphertext: selfXendisfearitvetofearhingwehaTheonlyt

27

Block Cipher

• Although this message may appear like total garbage at first, a cryptanalysis would have absolutely no problem decoding this quote. Simply be reversing the entire ciphertext and eliminating any white space (empty spaces), parts of the quote can be read. Here is what the ciphertext looks like when it is reversed:

• ciphertext: selfXendisfearitvetofearhingwehaTheonlyt

28

Stream Cipher• Stream cipher are faster compared to block cipher• Operates on small group of bits• Cryptography key and algorithm are applied to each binary digit in a

data stream, one bit at a time. (encrypt data bit by bit)• Produces output on element at a time.• Consist of a state machine that outputs at each state one bit of

information.• This stream of output bits is commonly called running key.• State machine is nothing more than a pseudo random number

generator• Attack is possible if the same key stream is used• Not used in modern cryptography

29

Determining the Difficulty of a Brute Force Attack

• The difficulty of a brute force attack depends on several factors, such as:– How long can the key be? – How many possible values can each component of

the key have? – How long will it take to attempt each key? – Is there a mechanism which will lock the attacker out

after a number of failed attempts?

30

Average time required for Average time required for exhaustiveexhaustive key search key search

Key Size (bits)

Number of Alternative Keys

Time required at 106 Decryption/µs

32 232 = 4.3 x 109 2.15 milliseconds

56 256 = 7.2 x 1016 10 hours

128 2128 = 3.4 x 1038 5.4 x 1018 years

168 2168 = 3.7 x 1050 5.9 x 1030 years

31

Substitution techniques

• A study of these techniques enables us to illustrate the basic approaches to symmetric encryption

• A substitution technique is one in which the letters of plaintext are replaced by other letters or by numbers or symbols

• The two basic building blocks of all encryption techniques are substitution and transposition

32

Play fair Cipher

• The Playfair Cipher is an example of multiple-letter encryption

• Invented by Sir Charles Wheatstone in 1854, but named after his friend Baron Play fair who championed the cipher at the British foreign office

• Based on the use of a 5x5 matrix in which the letters of the alphabet are written (I is considered the same as J)

• This is called key matrix

33

Playfair Matrix

• �A 5X5 matrix of letters based on a keyword • �Fill in letters of keyword (no duplicates)

– �Left to right, top to bottom• �Fill the rest of matrix with the other letters in alphabetic order• �E.g. using the keyword MONARCHY, we obtain the following

matrix

M O N A RC H Y B DE F G I KL P Q S TU V W X Z

34

Encrypting and decrypting with Playfair

The plaintext is encrypted two letters at a time:1 .Break the plaintext into pairs of two consecutive letters2. If a pair is a repeated letter, insert a filler like 'X‘ in the plaintext, eg. "balloon" is treated as "ba lx

lo on" 3. If both letters fall in the same row of the key matrix, replace each with the letter to its right

(wrapping back to start from end), eg. “AR" encrypts as "RM" 4. If both letters fall in the same column, replace each with the letter below it (again wrapping to top

from bottom), eg. “MU" encrypts to "CM" 5. Otherwise each letter is replaced by the one in its row in the column of the other letter of the pair,

eg. “HS" encrypts to "BP", and “EA" to "IM" or "JM" (as desired) • �Decryption works in the reverse direction• �The examples above are based on this key matrix:

• M O N A R M O N A R• C H Y B D C HY BD• E F G I K E F G I K• L P Q S T LPQ ST• U V W X Z U V W X Z

36

CIPHER TEXT:

kxjeyurebezwehewrytuheyfskrehegoyfiwtttuolskycajpoboteizontxbybntgoneycuzwrgdsonsxbouywrhebaahyusedq

Key: royal new Zealand navy

Exercise

37

Security of Playfair

• Security much improved over monoalphabetic– There are 26 x 26 = 676 diagrams

• Needs a 676 entry diagram frequency table to analyse (vs. 26 for a monoalphabetic) and correspondingly more cipher text

• Widely used for many years (eg. US & British military in WW I, other allied forces in WW II)

• Can be broken, given a few hundred letters – Still has much of plaintext structure

38

Measures to hide the structure of the plaintext

• 1.Encrypt multiple letters of the plaintext at once

• 2.Use more than one substitution in encryption and decryption (polyalphabeticciphers)

39

Polyalphabetic substitution ciphers• Well, one way is to use more than one alphabet, switching between them

systematically. This type of cipher is called a polyalphabetic substitution cipher ("poly" is the Greek root for "many"). The difference, as you will see, is that frequency analysis no longer works the same way to break these

• Idea: use different monoalphabetic substitutions as one proceeds through the plaintext

• Makes cryptanalysis harder with more alphabets (substitutions) to guess and flattens frequency distribution

• A key determines which particular substitution is used in each step– �Example: the Vigenère cipher

40

Vigenère• Proposed by GiovanBatista Belaso(1553) and reinvented by

Blaisede Vigenère (1586), called “le chiffreindéchiffrable”for 300 years

• Effectively multiple Caesar ciphers • Key is a word K = k1 k2 ... kd • Encryption

– Read one letter t from the plaintext and one letter k from the key– t is encrypted according to the Caesar cipher with key k– When the key word is finished, start the reading of the key from the

beginning• Decryption works in reverse

– Example: key is “bcde”; “testing” is encrypted as “ugvxjpj”– Note that the two ‘t’ are encrypted by different letters: ‘u’ and ‘x’– The two ‘j’ in the crypto text come from different plain letters: ‘i’ and ‘j’

41

42

Example Vigenère Example• •write the plaintext out • •write the keyword repeated above it• •use each key letter as a Caesar cipher key • •encrypt the corresponding plaintext letter• •egusing keyword deceptive

– plain: wearediscoveredsaveyourself– key: deceptivedeceptivedeceptive

• cipher: ZICVTWQNGRZGVTWAVZHCQYGLMGJ

43

Security of Vigenère Ciphers• Its strength lays in the fact that each plaintext

letter has multiple cipher text letters• Letter frequencies are obscured (but not totally lost)

• Breaking Vigenère– If we need to decide if the text was encrypted with a

monoalphabetic cipher or with Vigenère:– Start with letter frequencies– See if it “looks” monoalphabetic or not: the frequencies should

be those of letters in English texts

– If not, then it is Vigenère

44

One time pad

• The idea of the auto key system can be extended to create an unbreakable system: one-time pad

• Idea: use a (truly) random key as long as the plaintext• It is unbreakable since the cipher text bears no statistical

relationship to the plaintext• Moreover, for any plaintext & any cipher text there

exists a key mapping one to the other• Thus, a cipher text can be decrypted to any plaintext of

the same length• The cryptanalyst is in an impossible situation

45

One time pad example• THE BRITISH ARE COMING • DKJFOISJOGIJPAPDIGN • Step 1-

– T H E B R I T I S H A R E C O M I N GD K J F O I S J O G I J P A P D I G N

• Step 2 - Determine an algorithm – A=0– B=1– C=2– D=3– E=4– F=5

• It follows the formula "(plaintext + key) MOD alphabet length":

46

One time pad cont’d• Step 3 - Perform the encryption

(T(19)+D(03)=22) MOD 26 = 22 = W(H(07)+K(10)=17) MOD 26 = 17 = R(E(04)+J(09)=13) MOD 26 = 13 = N(B(01)+F(05)=06) MOD 26 = 06 = G(R(17)+O(14)=31) MOD 26 = 05 = F(I(08)+I(08)=16) MOD 26 = 16 = Q(T(19)+S(18)=37) MOD 26 = 11 = L(I(08)+J(09)=17) MOD 26 = 17 = R(S(18)+O(14)=32) MOD 26 = 06 = G(H(07)+G(06)=13) MOD 26 = 13 = N(A(00)+I(08)=08) MOD 26 = 08 = I(R(17)+J(09)=26) MOD 26 = 00 = A(E(04)+P(15)=19) MOD 26 = 19 = T(C(02)+A(00)=02) MOD 26 = 02 = C(O(14)+P(15)=29) MOD 26 = 03 = D(M(12)+D(03)=15) MOD 26 = 15 = P(I(08)+I(08)=16) MOD 26 = 16 = Q(N(13)+G(06)=19) MOD 26 = 19 = T(G(06)+N(13)=19) MOD 26 = 19 = T

47

Pad cont’d• We now show two different decryptions using two

different keys:• ciphertext:

ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS• key: pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyih• plaintext: mr mustard with the candlestick in the hall• ciphertext:

ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS• key: mfugpmiydgaxgoufhklllmhsqdqogtewbqfgyovuhwt• plaintext: miss scarlet with the knife in the library

48

Pad cont’d

• Two plausible plaintexts are produced.

• How is the cryptanalyst to decide which is the correct decryption

• If the actual key were produced in a truly random fashion, then the cryptanalyst cannot say that one of these two keys is more likely than the other.

49

Security of the one-time pad• The security is entirely given by the randomness

of the key• If the key is truly random, then the ciphertext is random• A key can only be used onceif the cryptanalyst is to be kept

in the“dark”

• Problems with this “perfect” cryptosystem• Making large quantities of truly randomcharacters is a

significant task• Key distribution is enormously difficult: for any message to be

sent, a key of equal length must be available to both parties

50

Other technique of encryption: transpositions

We have considered so far substitutions to hide the plaintext: each letter is mapped into a letter according to some substitution

• Different idea: perform some sort of permutation on the plaintext letters

• Hide the message by rearranging the letter order without altering the actual letters used

• The simplest such technique: rail fence technique

51

Rail Fence cipher

• Idea:write plaintext letters diagonally over a number of rows, then read off cipher row by row

• �E.g., with a rail fence of depth 2, to encrypt the text “meet me after the toga party”, write message out as:

m e m a t r h t g p r y e t e f e t e o a a t

• �Ciphertext is read from the above row-by-row: – MEMATRHTGPRYETEFETEOAAT

• �Attack: this is easily recognized because it has the same frequency distribution as the original text

52

Row transposition ciphers• More complex scheme: row transposition�• Write letters of message out in rows over a

specified number of columns�• Reading the cryptotext column-by-column, with

the columns permuted according to some • Example: “attack postponed until two am” with

key 4312567:• Key: 4 3 1 2 5 6 7

• Plaintext: a t t a c k po s t p o n ed u n t i l tw o a m x y z

53

Row transposition ciphers• Ciphertext:

TTNAAPTMTSUOAODWCOIXKNLYPETZ• If we number the letters in the plaintext from 1 to

28, then the result of the first encryption is the following permutation of letters from plaintext:03 10 17 24 04 11 18 25 02 09 16 23 01 08 15 22 05 12 19 26 06 13 20 27 07 14 21 28�

• Note the regularity of that sequence!�• Easily recognized!

54

Iterating the encryption makes it more secure

• Idea: use the same scheme once more to increase security

• Key: 4 3 1 2 5 6 7• Input: T T N A A P T

M T S U O A O

D W C O I X K N L Y P E T Z

• Output: NSCYAUOPTTWLTMDNAOIEPAXTTOKZ• After the second transposition we get the following sequence of letters:

– 17 09 05 27 24 16 12 07 10 02 22 20 03 25 15 12 04 23 19 14 11 01 26 21 18 08 06 28

• This is far less structured and so, more difficult to cryptanalyze

55

Block cipher principles• Stream cipher is one that encrypts a digital data

stream one bit (or byte) at a time– Example: auto key Vigenère system

• Block cipher is one in which the plaintext is divided in blocks and one block is encrypted at one time producing a cipher text of equal length– Similar to substitution ciphers on very big characters:

64 bits or 128 bits are typical block lengths• Many modern ciphers are block ciphers

56

Product Ciphers

• Ciphers using substitutions or transpositions are not secure because of language characteristics

• Idea:using several ciphers in succession increases security• However:• two substitutions only make another (more complex?) substitution• two transpositions make another (more complex?) transposition • a substitution followed by a transposition makes a new much

harder cipher • This is the bridge from classical to modern ciphers