Cryptography Part 1: Classical Ciphers Jerzy Wojdyło May 4, 2001.

CryptographyPart 1: Classical Ciphers

Jerzy Wojdyło

May 4, 2001

Cryptography, Jerzy Wojdylo, 5/4/01

Overview

Classical Cryptography– Simple Cryptosystems– Cryptoanalysis of Simple Cryptosystems

Shannon’s Theory of Secrecy Modern Encryption Systems

– DES, Rijndel– RSA

Signature Schemes


Cryptosystem

A cryptosystem is a five-tuple (P,C,K,E,D), where the following are satisfied:

1. P is a finite set of possible plaintexts

2. C is a finite set of possible ciphertexts

3. K, the keyspace, is a finite set of possible keys

4. KK, eKE (encryption rule), dKD (decryption rule). Each eK: PC and dK: CP are functions such that xP, dK(eK(x)) = x.


Notation

English alphabet Lower case: a, b, c,…, z for plaintext Upper case: A, B, C,…, Z for ciphertext For encryption and decryption algorithms,

we will substitute letters a, b, c,…, z with numbers 0, 1, 2,…, 25.


Classical Cryptography

Monoalphabetic CiphersOnce a key is chosen, each alphabetic character of a plaintext is mapped onto a unique alphabetic character of a ciphertext.

– The Shift Cipher (Caesar Cipher)

– The Substitution Cipher

– The Affine Cipher


Classical Cryptography

Polyalphabetic CiphersEach alphabetic character of a plaintext can be mapped onto m alphabetic characters of a ciphertext. Usually m is related to the encryption key.

– The Vigenère Cipher

– The Hill Cipher

– The Permutation Cipher


The Shift (Caesar) Cipher

Let P = C = K = Z26.

xP, yC, KK, define

eK(x) = x + K (mod 26)

and

dK(y) = y - K (mod 26).

Example on www.


The Substitution Cipher

Let P = C = Z26, let K = S26

xP, yC, K, define

e(x) = (x)

and

d(x) = -1(x).

Example on www.


The Affine Cipher

Let P = C = Z26, let

K = {(a, b) Z26 Z26 | gcd(a, 26) = 1}.xP, yC, K K, define

eK(x) = ax + b (mod 26)and

dK(y) = a-1(y – b) (mod 26).

Example on www.


The Vigenère Cipher

Let m Z+, let P = C = K = (Z26)m. For a key K = (k1, k2, ,…, km),

we define

eK (x1, x2, ,…, xm) = (x1+ k1, x2+ k2,…, xm + km)and

dK (x1, x2, ,…, xm) = (x1– k1, x1 – k1,…, xm – km)where all operations are modulo 26.

This is an example (www) of a block cipher.


The Hill Cipher

Let m Z+, let P = C = (Z26)m, let

K = {mm invertible matrices over Z26}.For a key K, we define

eK(x) = Kx (mod 26)and

dK(y) = K-1y (mod 26).

Example MATLAB.


The Permutation Cipher

Let m Z+, let P = C = (Z26)m, let K = Sm.

For a key (i.e. a permutation) π we define

eπ (x1, x2, ,…, xm) = (xπ (1), xπ (2),…, xπ (m))

and

dπ (y1, y2, ,…, ym)=(yπ-1(1), yπ -1 (2),…, yπ-1(m))

where π-1 is the inverse permutation to π.

(The Hill Cipher, where K = a permutation matrix.)


Cryptoanalysis

Kerchkhoff’s Principle: cryptosystem (the algorithm) is NOT secret, the key is secret.

Common attacks to obtain the key– Ciphertext-only– Known plaintext – Chosen plaintext– Chosen ciphertext


Attack on a Shift Cipher

Ciphertext-only Exhaustive search 26 cases Very insecure cipher


Cryptoanalysis of a Monoalphabetic Cipher Ciphertext-only attack Letter frequencies the English language

0.127

0.091

0.082

0.075

0.070

0.067

0.063

0.061

0.060

0.043

0.040

0.028

0.028

0.024

0.023

0.022

0.020

0.020

0.019

0.015

0.010

0.008

0.002

0.001

0.001

0.001

0.000

0.020

0.040

0.060

0.080

0.100

0.120

0.140

E T AO I N S HRD L CUMWFG Y P B V K J Q X Z


Attack on a Substitution Cipher

Insecure cipher, even though the number of possible keys is 26! = 403291461126605635584000000(approximately 4.0329·1026)

Letter frequencies calculator www


Attack on the Vigenère Cipher

Kasiski test (m, length of the key)– Fredrich Wilhelm Kasiski (1863)– Charles Babbage (1854, result remained secret)

Two identical segments of plaintext will be encrypted to the same ciphertext if their occurrence in the plaintext is x position apart, where x is a multiple of m.



CHREEVOAHMAERATBIAXXWTNXBEEOPHBSBQMQEQERBWRVXUOAKXAOSXXWEAHBWGJMMQMNKGRFVGXWTRZXWIAKLXFPSKAUTEMNDCMGTSXMXBTUIADNGMGPSRELXNJELXVRVPRTULHDNQWTWDTYGBPHXTFALJHASVBFXNGLLCHRZBWELEKMSJIKNBHWRJGNMGJSGLXFEYPHAGNRBIEQJTAMRVLCRREMNDGLXRRIMGNSNRWCHRQHAEYEVTAQEBBIPEEWEVKAKOEWADREMXMTBHHCHRTKDNVRZCHRCLQOHPWQAIIWXNRMGWOIIFKEE



Positions of CHR: 1, 166, 236, 276, 286. Differences of positions:

166 – 1 = 165 236 – 1 = 235276 – 1 = 235 286 – 1 = 285

The gcd of these differences is 5, so the key is most likely of length m = 5.



Divide the ciphertext into 5 subsrtings (positions 5k, 5k+1, 5k+2, 5k+3, 5k+4)

Analize each substring as a monoalphabetic cipher.

Continue on http://math.ucsd.edu/~crypto/java/EARLYCIPHERS/Vigenere.html

Also an insecure cipher


Cryptonalysis of the Hill Cipher

Number of keys k = number of invertible mm matrices with coefficients from Z26.Does anyone know the formula?

If p is prime, the alphabet is Zp then

If p = 29 and

k p pm i

i

m

c h0

1

m 3 4 5 10

k 1.4·1013 2.4·1023 3.5·1036 1.7·10146


Cryptonalysis of the Hill Cipher

Easily broken with known plaintext attack. Permutation Cipher = Hill Cipher, where

the key is a permutation matrix. Both ciphers are insecure.


Perfect Secrecy

A cryptosystem is computationally secure if the best algorithm for breaking it requires at least N operations, where N is some specified , very large number.Problems…

A cryptosystem is unconditionally secure if it cannot be broken with infinite computational resources.


Perfect Secrecy

None of the classical cryptosystems is even computationally secure.

However the Shift Cipher, the Substitution Cipher, and the Vigènere Cipher are unconditionally secure if only one element of plaintext is encrypted with a given key!REALLY???


Perfect Secrecy

Claude Shannon “Communication Theory of Secrecy Systems”, Bell Systems Technical Journal, (1949) .

A cryptosystem has perfect secrecy if pP(x|y) = pP(x) for any xP and yC. That is the a posteriori probability that the plaintext is x, given that the ciphertext is y, is identical to the a priori probability that the plaintext is x.


Perfect Secrecy

Theorem (Shannon). Suppose the 26 keys in the Shift Cipher are used with equal probability 1/26. Then for any plaintext probability distribution, the Shift Cipher has perfect secrecy.

Consequences: One-time Pad Cryptosystem (Gilbert Vernam, 1917). Key, plaintext, and ciphertext have the same length. Problems with keys: very long, distribution. Each key can be used only ONCE!

The EndCryptography, Part 1: Classical Ciphers

Cryptography

Part 2: Modern Cryptosystems

Stay Tuned…

Cryptography Part 1: Classical Ciphers Jerzy Wojdyło May 4, 2001.

Documents