Cryptography. Secret (crypto) Writing (graphy) –[Greek word] Practice and study of hiding information Concerned with developing algorithms for: –Conceal.

Cryptography

Cryptography• Secret (crypto) Writing (graphy)

– [Greek word]

• Practice and study of hiding information

• Concerned with developing algorithms for:– Conceal the context of some message from all

except the sender & recipient and/or– Verify the correctness of a msg. to the

recipient(authentication)– Form basis of many technological solutions to

computer & communications security problems

Symmetric Encryption• (Or) conventional / private-key /

single-key

• sender and recipient share a common key

• all classical encryption algorithms are private-key

• was only type prior to invention of public-key in 1970’s

Basic Terminology• plaintext - the original message • ciphertext - the coded message • cipher - algorithm for transforming plaintext

to ciphertext • key - info used in cipher known only to

sender/receiver • encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering ciphertext from

plaintext• cryptography - study of encryption principles/methods• cryptanalysis (codebreaking) - the study of

principles/ methods of deciphering ciphertext without knowing key

• cryptology - the field of both cryptography and cryptanalysis

Basic Encryption/Decryption

Symmetric Cipher Model

5 Basic Ingredients for Symmetric Encryption

- plaintext- encryption algorithm – performs

substitutions/transformations on plaintext

- secret key – output depend on specific key used; control exact substitutions/transformations used in encryption algorithm

- ciphertext- decryption algorithm – inverse of encryption

algorithm

Requirements• two requirements for secure use of

symmetric encryption:– a strong encryption algorithm– a secret key known only to sender /

receiver

C = EK(P)

P = DK(C)

• assume encryption algorithm is known; keep key secret.

• implies a secure channel to distribute key

Symmetric algorithm

• encryption, decryption keys are the same

• denote plaintext P = <p1,p2, … , pm>

• denote ciphertext C = <c1,c2, … , cn>

• Key k of form k = <k1,k2, … , kj>

– Example:– plaintext “Hello how are you”– P = <H,E,L,L,O,H,O,W,A,R,E,Y,O,U>– ciphertext “KHOOR KRHZ DUH BRX”– C = < K,H,O,O,R,K,R,H,Z,D,U,H,B,R,X >

• More formally:

– C=Ek(P) P=Dk (C)

– P=Dk (Ek (P))

Notation

Cryptography

• Can be characterized on 3 independent dimensions:

–type of encryption operations used• substitution / transposition / product

–number of keys used• single-key or private / two-key or public

–way in which plaintext is processed• block / stream

Cryptanalysis• 2 approaches for attacking a conventional

encryption scheme:– Cryptanalysis

• Nature of algorithm• Some knowledge of general characteristics of

plaintext• Or some sample plaintext - ciphertext pairs• Deduce a specific plaintext or key

– Brute-force attack• Try every possible key on a ciphertext• On the average,half the keys must be tried

for success

Types of Cryptanalytic Attacks• ciphertext only

– only know algorithm / ciphertext, statistical, can identify plaintext

• known plaintext – know/suspect plaintext & ciphertext to attack cipher

• chosen plaintext – select plaintext and obtain ciphertext to attack cipher

• chosen ciphertext – select ciphertext and obtain plaintext to attack cipher

• chosen text – select either plaintext or ciphertext to en/decrypt to

attack cipher

Brute Force Search

• always possible to simply try every key

• most basic attack, proportional to key size

• assume either know / recognise plaintext

Classical Substitution Ciphers

• where letters of plaintext are replaced by other letters or symbols by numbers

• or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns

• Simple systems

Caesar Cipher

• earliest known substitution cipher

• by Julius Caesar

• first attested use in military affairs

• replaces each letter by 3rd letter on

• example:meet me after the toga party

PHHW PH DIWHU WKH WRJD SDUWB

Caesar Cipher• Shift plaintext chars. three characters

P: a b c d e f g h i j k l m

C: D E F G H I J K L M N O P

P: n o p q r s t u v w x y z

C: Q R S T U V W X Y Z A B C

meet me after the toga party

PHHW PH DIWHU WKH WRJD SDUWB

Caesar Cipher• mathematically give each letter a

numbera b c d e f g h i j k l m0 1 2 3 4 5 6 7 8 9 10 11 12n o p q r s t u v w x y Z13 14 15 16 17 18 19 20 21 22 23 24 25

• then have Caesar cipher as:C = E(p) = (p + 3) mod (26)p = D(C) = (C – 3) mod (26)

• Shift cipherC = E(p) = (p + k) mod (26)p = D(C) = (C – k) mod (26)

• k => 1 to 25

• example: k=5• A: a b c d e f g h i j k l m n o p q r s t u v w x y z

• C: F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

• “summer vacation was too short” encrypts to

• XZRR JWAF HFYN TSBF XYTT XMTW Y

Problem

Breaking Shift Ciphers

• How difficult?

• How many possibilities?

Cryptanalysis of Caesar Cipher

• only have 26 possible ciphers – A maps to A,B,..Z

• could simply try each in turn

• a brute force search

• 3 characteristics:– Encryption & decryption algorithms are known– Only 25 keys to try– Language of plaintext is known & easily

recognizable

Monoalphabetic Cipher

• rather than just shifting the alphabet • could shuffle (jumble) the letters arbitrarily • each plaintext letter maps to a different random

ciphertext letter • hence key is 26 letters long

Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZNPlaintext: ifwewishtoreplacelettersCiphertext: WIRFRWAJUHYFTSDVFSFUUFYA

Monoalphabetic Cipher

• how many possible substitution alphabets?

• can we try all permutations?

• how would you try to break them?

Monoalphabetic – Brute force

• how many possible substitution alphabets?– 26! ≈ 4 * 1026 possible keys

• can we try all permutations?– sure. have some time?– at 1 encryption/μsec

2* 1026 μsec = 6.4* 1012 years

• how would you try to break them?– use what you know to reduce the possibilities

Monoalphabetic Cipher Security

• now have a total of 26! = 4 x 1026 keys

• with so many keys, might think is secure

• !!!WRONG!!!

• problem is language characteristics

Language Redundancy and Cryptanalysis

• human languages are redundant • letters are not equally commonly used • Eg. in English e is by far the most common letter

– look at common letters (E, T, O, A, N, ...)– single-letter words (I, and A)– two-letter words (of, to, in, ...)– three-letter words (the, and, ...)– double letters (ll, ee, oo, tt, ff, rr, nn, ...)– other tricks?

Language Redundancy and Cryptanalysis

• Basic idea is to count the relative frequencies of letters

• have tables of single, double & triple letter frequencies

• calculate letter frequencies for ciphertext

• compare counts/plots against known values

English Letter Frequencies

Example Cryptanalysis• given ciphertext:UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

• count relative letter frequencies

PZSUOM

13.1111.678.338.337.506.67

HDEVX

5.835.005.004.174.17

FWQTA

3.333.332.502.501.67

BGYIJ

1.671.671.670.830.83

CKLNR

0.000.000.000.000.00

Example Cryptanalysis• given ciphertext:UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ

VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX

EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Example Cryptanalysis

• guess P & Z are e and t• Relatively high frequency letters S,U,O,M,H => { a,h,i,n,o,r,s }• Letters with lowest frequency A,B,G,Y,I,J => { b,j,k,q,v,x,z }• guess ZW is th • hence ZWP is the• ZWSZ if a complete word =>th_t

– So S equates with a

Example Cryptanalysis

• So far t a e e te a that e e a a t e t ta t ha e ee a e th t a e e e tat e the et

• proceeding with trial and error,we finally get:it was disclosed yesterday that several informal butdirect contacts have been made with politicalrepresentatives of the viet cong in moscow

Problem

Polyalphabetic Ciphers

• another approach to improving security is to use multiple cipher alphabets

• called polyalphabetic substitution ciphers • makes cryptanalysis harder with more alphabets

to guess and flatter frequency distribution • use a key to select which alphabet is used for

each letter of the message • use each alphabet in turn • repeat from start after end of key is reached

Vigenère Cipher• simplest polyalphabetic substitution cipher

is the Vigenère Cipher • multiple caesar ciphers • Vigenère tableau • Each of 26 ciphers arranged horizontally • Key letter for each on its left• Plaintext letters arranged on top row• Ciphertext occurs in intersection of key

letter in row x and plaintext in coloumn y• decryption simply works in reverse

Modern Vigenère Tableau

Example

• write the plaintext out • write the keyword repeated above it• use each key letter as a caesar cipher key • encrypt the corresponding plaintext letter• eg using keyword deceptive

key: deceptivedeceptivedeceptive

plaintext: wearediscoveredsaveyourself

ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ

Security of Vigenère Ciphers

• have multiple ciphertext letters for each plaintext letter

• hence letter frequencies are obscured

• but not totally lost

• start with letter frequencies– see if monoalphabetic or not

• if not, then need to determine length of keyword

Autokey Cipher• Ideally - a key as long as the message• Vigenère proposed the autokey cipher • keyword is prefixed to message as key• eg. given key deceptive

Key: deceptivewearediscoveredsav

plaintext:wearediscoveredsaveyourself

ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA

Transposition Ciphers

• now consider classical transposition or permutation ciphers

• these hide the message by rearranging the letter order

• without altering the actual letters used

• can recognise these since have the same frequency distribution as the original text

Rail Fence cipher

• write message letters out diagonally over a number of rows

• then read off cipher row by row

• eg. write message out as:m e m a t r h t g p r y

e t e f e t e o a a t

• giving ciphertextMEMATRHTGPRYETEFETEOAAT

Problem

• Create Rail Fence

DLTAOAHCNYEKTOTSPNR

Columnar Transposition Ciphers• a more complex scheme• write letters of message out in rows over a

specified number of columns• then reorder the columns(permute) according

to some key before reading off column by column.Key: 4 3 1 2 5 6 7Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m x y zCiphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

Double Transposition

Key: 4 3 1 2 5 6 7Plaintext: t t n a a p t m t s u o a o d w c o i x k n l y p e t zCiphertext: NSCYAUOPTTWLTMDNAOIEPAXTTOKZ

Product Ciphers

• ciphers using substitutions or transpositions are not secure because of language characteristics

• hence consider using several ciphers in succession to make harder, but: – two substitutions make a more complex substitution – two transpositions make more complex transposition – but a substitution followed by a transposition makes a

new much harder cipher

• this is bridge from classical to modern ciphers

Rotor Machines

• before modern ciphers, rotor machines were most common product cipher

• were widely used in WW2– German Enigma, Allied Hagelin, Japanese Purple

• implemented a very complex, varying substitution cipher

• used a series of cylinders, each giving one substitution, which rotated and changed after each letter was encrypted

• with 3 cylinders have 263=17576 alphabets

Steganography

• an alternative to encryption

• hides existence of message– using only a subset of letters/words in a

longer message marked in some way– using invisible ink– hiding in LSB in graphic image or sound file

• has drawbacks– high overhead to hide relatively few info bits

Summary

• have considered:– classical cipher techniques and terminology– Caesar substitution ciphers– monoalphabetic substitution ciphers– cryptanalysis using letter frequencies– polyalphabetic ciphers– transposition ciphers– product ciphers