History and Background Part 2: Polyalphabetic Substitution and Transposition CSCI 5857: Encoding and Encryption.

History and BackgroundPart 2: Polyalphabetic Substitution

and Transposition

CSCI 5857: Encoding and Encryption

Outline

• The Vigenére polyalpabetic cipher• Enigma• One-time pads• Transposition ciphers• Attacks on transposition ciphers• Effectiveness of using multiple keys• Avalanche effect as a goal of encryption• Kerckhoff’s Principle

Polyalphabetic Substitution

• Single plaintext character may map to multiple possible ciphertext characters

• Frequency analysis attacks much harder

Example: Vigenére cipher• Key = some word or phrase of length n• ci = (pi + ki mod n) mod 26

Vigenére cipher

Vigenére cipher

Example:• Key: “python”• Plaintext: “rabbitwithbigpointyteeth”Ciphertext:

p y t h o n p y t h o n p y t h o n p y t h o n

G Y U I V G L G M Y M V V N H P B G N R P L H U

r a b b i t w i t h b i g p o i n t y t e e t h

Polyalphabetic Substitution

• Vigenére cipher still vulnerable to frequency-based cryptanalysis– Guess key size n– Treat like n different monoalphabetic substitutions

• General principle:Larger n more secure

(that is, number of characters before repetition)

Enigma

• Developed by Germany in WW2

• Arguably most complex pre-computer substitution cipher

Flash simulation at http://enigmaco.de/enigma/enigma.html

Enigma• Consists of 3 to 5 rotors

– Each rotor is a monoalphabetic mapping of a plaintext character to a ciphertext character

– Output of one rotor fed into input of next rotor so final output the result of 3 to 5 monoalphabetic substitutions

• Rotors turn after each character!– Fast rotor: every character– Middle rotor: every 26 characters– Slow rotor: every 26 x 26 = 676 characters

Enigma

Enigma• 26 x 26 x 26 = 17,576 characters entered before

repetition• Essentially invulnerable to frequency-based

cryptanalysis (particularly if rotors changed at regular intervals)

• Required Alan Turing’s Bletchley Group to crack– Captured machines to understand patterns– Large numbers of known plaintexts– Exhaustive searches using primitive computers

One-Time Pad

• Idea: Make key as long as the message itself!(Joseph Mauborgne)

• Unconditionally securesince inherently ambiguous for attacker

One-Time PadExample ciphertext: NZAKBMK

• Ciphertext: NZAKBMK NZAKBMKPossible keys: nlvwker wtnkxmmPlaintext: goforit runaway

• Which key is correct?We have no way of knowing since both are plausible plaintext! ???

One-Time Pad

Only get to use a key for one message• Unlikely that different possible keys would still both result in

plausible plaintext for more than one message• Adversary could find correct key by process of elimination

Ciphertext: WMGKZX WMGKZX

Possible keys: nlvwke wtnkxm Plaintext: jblopt attack

• Would need to securely distribute a new key for each message!

“This is the one!”

Transposition Cipher

• Ciphertext = Permutation of plaintext• Simple example:runaway r n w y

u a a rnwyuaa

• Key = permutation order – Above example: 1357246

Column Transposition Ciphers

• Break plaintext into columns• Example plaintext: longlongagoinagalaxyfaraway

Key: 5241763 (size n of key = 7 columns)

5241763longlongagoinagalaxyfarawayx

Break plaintext into rows of size n of key

Insert extra chars to fill columns(padding)

Column Transposition Ciphers

• For column with label i:– Append contents of

column i to ciphertext

• Resulting ciphertext:goaw oaar nafx nglalgga onyy lixa

5 2 4 1 7 6 3l o n g l o ng a g o i n ag a l a x y fa r a w a y x

This column first

This column second, and so on

Column Transposition Ciphers• Decryption:

– Divide ciphertext into n strings– Arrange strings into columns, with order of

columns determined by key

goawoaarnafxnglalggaonyylixa

5 2 4 1 7 6 3l o n g l o ng a g o i n ag a l a x y fa r a w a y x

Attacks on Transposition Ciphers

• Brute force: Trying all possible permutations– Key of size n n! possible keys– Solution: Choose key such that n! tests is

computationally secure• Cryptographic attacks:

– Eliminate column pairs with unlikely adjacent letters l

i x a

n a f x

Attacks on Transposition Ciphers

• Can apply transposition multiple times with same key to defeat cryptographic attacks

• Ciphertext after first permutation:goawoaarnafxnglalggaonyylixa

• Ciphertext after second permutation:wfglonayagoaaalygrnlanaxoxgi

5 2 4 1 7 6 3g o a w o a ar n a f x n gl a l g g a on y y l i x a

Using Multiple Keys

• Important question:Does using multiple keys always make encryption more secure?– Brute force attacks– Cryptographic attacks

• Mathematically:C = E(E(p, k1), k2)

Is this more secure than C = E(p, k1)?

Using Multiple Keys• Example: Caesar cipher with 2 keys

K1 = 3 K2 = 8– Equivalent to single key K3 = 11– Still only 26 possible mappings from P to C

• Example: Transposition cipher with 2 keys K1 = 5241763 K2 = 7325641– Equivalent to single key K3 = 6357142– Still only 7! possible mappings from P to C

No more secure in either case!

Using Multiple KeysOnly if:• Using multiple keys greatly increases the number of

possible ciphertexts

• Applying multiple keys is not equivalent to applying a single keyNo k3 such that E(E(p, k1), k2) = E(p, k3)

Possible ciphertexts

Possible ciphertexts

After applying K1 and K2

After applying K1

Avalanche Effect

Small change in key Large change in ciphertext

• Desirable property of cipherKnowing some of key rest of key still hard to find

• Not a property of substitution ciphers• Property of transposition ciphers

(particularly if applied multiple times)

Avalanche Effect

Example: two similar keys applied twice• plaintext = longlongagoinagalaxyfaraway• k1 = 5241763

ciphertext = wfglonayagoaaalygrnlanaxoxgi

• k2 = 5421763ciphertext = wfglaalylaoaonrygaangoaxnxgi

• Already different in 14 of 28 characters

Substitution and Transposition

• Most modern block ciphers combine substitution and transposition– Substitution gives large number of possible keys to

defeat brute force attacks– Transposition gives avalanche effect to defeat

cryptographic attacks

Kerckhoff’s Principle

c = E(p, k)• If can’t hide k, can we hide the encryption algorithm E?

Assumption: Adversary knows algorithm we use• All encryption algorithms currently in use are well known!• Much easier to conceal/change key than entire algorithm