DOCSLIB.ORG

Data Encryption Standard

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Data Encryption Standard Overview: The data encryption standard is probably the most widely used conventional encryption algorithm. A detailed study of DES provides an understanding of the principles used in other conventional encryption algorithms. Compared to public-key encryption schemes such as RSA, the structure of DES and most conventional encryption algorithms, is very complex. Accordingly, we begin with a simplified version of DES, called S-DES. Classroom experience indicates that a study of this simplified version enhances understanding of DES. S-DES: It is an educational algorithm rather than a secure encryption algorithm. The S-DES encryption algorithm takes an 8-bit block of plaintext (e.g. 10111101) and a 10-bit key as input and produces an 8-bit block of ciphertext as output. Whereas the original DES uses 64-bit block of plaintext and 56-bit key. The S-DES decryption algorithm takes an 8-bit block of ciphertext and the same 10-bit key to produce the original plaintext. The encryption algorithm involves FIVE functions: o An initial Permutation (IP) o A complex function labeled fk – involves permutation and substitution o A simple permutation function that switches the two halves of the data o The function fk again o A permutation function that is the inverse of the IP (IP-1) See figure 3.1 for complete process of S-DES. 10-bit key ENCRYPTION DECRYPTION P10 8-bit plaintext 8-bit plaintext Shift IP IP-1 P8 K1 K1 fK fK Shift SW SW P8 K2 K2 fK fK IP-1 IP 8-bit ciphertext 8-bit ciphertext Figure 3.1 Simplified DES Scheme 10-bit key 10 P10 5 5 LS-1 LS-1 5 5 P8 8 K1 LS-2 LS-2 5 5 P8 8 K2 Figure 3.2 Key Generation for Simplified DES 8-bit plaintext 8 IP 4 f 4 K E/P 8 F 8 + K1 4 4 S0 S1 2 2 P4 4 + 4 SW 4 f 4 K E/P 8 F 8 + K2 4 4 S0 S1 2 2 P4 4 + 4 IP-1 8 8-bit ciphertext Figure 3.3 Simplified DES Encryption Detail S-DES Key Generation for S-DES: An Example 10-bit key: 1-2-3-4-5-6-7-8-9-x 1-0-1-0-0-0-0-0-1-0 P10: 3-5-2-7-4-x-1-9-8-6 1-0-0-0-0-0-1-1-0-0 5-bits 5-bits 1-0-0-0-0 0-1-1-0-0 LS-1: Circular left LS-1 LS-1 shift by 1 bit => 0-0-0-0-1 1-1-0-0-0 Merge: 1-2-3-4-5-6-7-8-9-x 0-0-0-0-1 0-0-0-0-1-1-1-0-0-0 1-1-0-0-0 P8: 6-3-7-4-8-5-x-9 0-0-0-0-1 1-0-1-0-0-1-0-0 1-1-0-0-0 This is the key K1 LS-2: Circular left LS-2 LS-2 shift by 2 bits => 0-0-1-0-0 0-0-0-1-1 Merge: 1-2-3-4-5-6-7-8-9-x 0-0-1-0-0-0-0-0-1-1 P8: 6-3-7-4-8-5-x-9 0-1-0-0-0-0-1-1 This is the key K2 S-DES S-DES: An Example 8-bit plain text: 1-2-3-4-5-6-7-8 1-1-1-1-0-0-1-1 IP: 2-6-3-1-4-8-5-7 1-0-1-1-1-1-0-1 Left 4-bits: Right 4-bits: Right 4-bits: 1-0-1-1 1-2-3-4 1-1-0-1 1-1-0-1 E/P: Expansion/Permutation: 4-1-2-3-2-3-4-1 1-1-1-0-1-0-1-1 XOR: 1-1-1-0-1-0-1-1 1-0-1-0-0-1-0-0 (Key K1) 0-1-0-0-1-1-1-1 Left 4-bits: Right 4-bits: 0-1-0-0 1-1-1-1 First &Last bits: First &Last bits: 0,0 = 0 1,1 =3 Second & Third bits: Second & Third bits: 1,0 = 2 1,1 = 3 S0 0 1 2 3 row = 0 row = 3 S1 0 1 2 3 0 1 0 3 2 column = 2 column = 3 0 0 1 2 3 1 3 2 1 0 Use S0 Box Use S1 Box 1 2 0 1 3 2 0 2 1 3 3 3 2 3 0 1 0 3 3 1 3 2 3 2 1 0 3 In bits: In bits: 1-1 1-1 New 4-bits: 1-2-3-4 1-1-1-1 P4: 2-4-3-1 1-0-1-1 1-1-1-1 XOR: 1-0-1-1 1-1-1-1 0-1-0-0 1-1-0-1 (Left 4-bits) (Right 4-bits) SWITCH Left bits: Right bits: Right 4-bits: 1-1-0-1 1-2-3-4 0-1-0-0 0-1-0-0 E/P: Expansion/Permutation: 4-1-2-3-2-3-4-1 0-0-1-0-1-0-0-0 XOR: 0-0-1-0-1-0-0-0 0-1-0-0-0-0-1-1 (Key K2) 0-1-1-0-1-0-1-1 Left 4-bits: Right 4-bits: 0-1-1-0 1-0-1-1 First &Last bits: First &Last bits: 00 = 0 11 =3 Second & Third bits: Second & Third bits: 11 = 3 01 = 1 S0 0 1 2 3 row = 0 row = 3 S1 0 1 2 3 0 1 0 3 2 column = 3 column = 1 0 0 1 2 3 1 3 2 1 0 Use S0 Box Use S1 Box 1 2 0 1 3 2 0 2 1 3 2 1 2 3 0 1 0 3 3 1 3 2 3 2 1 0 3 In bits: In bits: 1-0 0-1 New 4-bits: 1-2-3-4 1-0-0-1 P4: 2-4-3-1 1-1-0-1 0-1-0-1 XOR: 1-1-0-1 0-1-0-1 1-0-0-0 0-1-0-0 (Left 4-bits) (Right 4-bits) 1-2-3-4-5-6-7-8 1-0-0-0-0-1-0-0 IP-1: 4-1-3-5-7-2-8-6 0-1-0-0-0-0-0-1 (This is the 8-bit cipher text) BRUTE-FORCE ATTACK: With 10-bit key, there are only 210 = 1024 possibilities. Given a ciphertext, an attacker can try each possibility and analyze the result to determine if it is a reasonable plaintext. CRYPTANALYSIS: Assume some 8-bit plaintext and the corresponding ciphertext are known and 10-bit key is unknown. S-box makes the S-DES non-linear and makes the cryptanalysis difficult. Possible non-linear equation for the 4-bit (a, b, c, d) input to S-box and the 4-bit (q, r, s, t) output from the S-Box would be: q=abcd+ab+ac+b+d r=abcd+abd+ab+ac+ad+a+c+1 .
Recommended publications
  • Public-Key Cryptography

    Public-Key Cryptography

    Public Key Cryptography EJ Jung Basic Public Key Cryptography public key public key ? private key Alice Bob Given: Everybody knows Bob’s public key - How is this achieved in practice? Only Bob knows the corresponding private key Goals: 1. Alice wants to send a secret message to Bob 2. Bob wants to authenticate himself Requirements for Public-Key Crypto ! Key generation: computationally easy to generate a pair (public key PK, private key SK) • Computationally infeasible to determine private key PK given only public key PK ! Encryption: given plaintext M and public key PK, easy to compute ciphertext C=EPK(M) ! Decryption: given ciphertext C=EPK(M) and private key SK, easy to compute plaintext M • Infeasible to compute M from C without SK • Decrypt(SK,Encrypt(PK,M))=M Requirements for Public-Key Cryptography 1. Computationally easy for a party B to generate a pair (public key KUb, private key KRb) 2. Easy for sender to generate ciphertext: C = EKUb (M ) 3. Easy for the receiver to decrypt ciphertect using private key: M = DKRb (C) = DKRb[EKUb (M )] Henric Johnson 4 Requirements for Public-Key Cryptography 4. Computationally infeasible to determine private key (KRb) knowing public key (KUb) 5. Computationally infeasible to recover message M, knowing KUb and ciphertext C 6. Either of the two keys can be used for encryption, with the other used for decryption: M = DKRb[EKUb (M )] = DKUb[EKRb (M )] Henric Johnson 5 Public-Key Cryptographic Algorithms ! RSA and Diffie-Hellman ! RSA - Ron Rives, Adi Shamir and Len Adleman at MIT, in 1977. • RSA
  • Basic Cryptography

    Basic Cryptography

    Basic cryptography • How cryptography works... • Symmetric cryptography... • Public key cryptography... • Online Resources... • Printed Resources... I VP R 1 © Copyright 2002-2007 Haim Levkowitz How cryptography works • Plaintext • Ciphertext • Cryptographic algorithm • Key Decryption Key Algorithm Plaintext Ciphertext Encryption I VP R 2 © Copyright 2002-2007 Haim Levkowitz Simple cryptosystem ... ! ABCDEFGHIJKLMNOPQRSTUVWXYZ ! DEFGHIJKLMNOPQRSTUVWXYZABC • Caesar Cipher • Simple substitution cipher • ROT-13 • rotate by half the alphabet • A => N B => O I VP R 3 © Copyright 2002-2007 Haim Levkowitz Keys cryptosystems … • keys and keyspace ... • secret-key and public-key ... • key management ... • strength of key systems ... I VP R 4 © Copyright 2002-2007 Haim Levkowitz Keys and keyspace … • ROT: key is N • Brute force: 25 values of N • IDEA (international data encryption algorithm) in PGP: 2128 numeric keys • 1 billion keys / sec ==> >10,781,000,000,000,000,000,000 years I VP R 5 © Copyright 2002-2007 Haim Levkowitz Symmetric cryptography • DES • Triple DES, DESX, GDES, RDES • RC2, RC4, RC5 • IDEA Key • Blowfish Plaintext Encryption Ciphertext Decryption Plaintext Sender Recipient I VP R 6 © Copyright 2002-2007 Haim Levkowitz DES • Data Encryption Standard • US NIST (‘70s) • 56-bit key • Good then • Not enough now (cracked June 1997) • Discrete blocks of 64 bits • Often w/ CBC (cipherblock chaining) • Each blocks encr. depends on contents of previous => detect missing block I VP R 7 © Copyright 2002-2007 Haim Levkowitz Triple DES, DESX,
  • Block Ciphers and the Data Encryption Standard

    Block Ciphers and the Data Encryption Standard

    Lecture 3: Block Ciphers and the Data Encryption Standard Lecture Notes on “Computer and Network Security” by Avi Kak ([email protected]) January 26, 2021 3:43pm ©2021 Avinash Kak, Purdue University Goals: To introduce the notion of a block cipher in the modern context. To talk about the infeasibility of ideal block ciphers To introduce the notion of the Feistel Cipher Structure To go over DES, the Data Encryption Standard To illustrate important DES steps with Python and Perl code CONTENTS Section Title Page 3.1 Ideal Block Cipher 3 3.1.1 Size of the Encryption Key for the Ideal Block Cipher 6 3.2 The Feistel Structure for Block Ciphers 7 3.2.1 Mathematical Description of Each Round in the 10 Feistel Structure 3.2.2 Decryption in Ciphers Based on the Feistel Structure 12 3.3 DES: The Data Encryption Standard 16 3.3.1 One Round of Processing in DES 18 3.3.2 The S-Box for the Substitution Step in Each Round 22 3.3.3 The Substitution Tables 26 3.3.4 The P-Box Permutation in the Feistel Function 33 3.3.5 The DES Key Schedule: Generating the Round Keys 35 3.3.6 Initial Permutation of the Encryption Key 38 3.3.7 Contraction-Permutation that Generates the 48-Bit 42 Round Key from the 56-Bit Key 3.4 What Makes DES a Strong Cipher (to the 46 Extent It is a Strong Cipher) 3.5 Homework Problems 48 2 Computer and Network Security by Avi Kak Lecture 3 Back to TOC 3.1 IDEAL BLOCK CIPHER In a modern block cipher (but still using a classical encryption method), we replace a block of N bits from the plaintext with a block of N bits from the ciphertext.
  • 1 Perfect Secrecy of the One-Time Pad

    1 Perfect Secrecy of the One-Time Pad

    1 Perfect secrecy of the one-time pad In this section, we make more a more precise analysis of the security of the one-time pad. First, we need to define conditional probability. Let’s consider an example. We know that if it rains Saturday, then there is a reasonable chance that it will rain on Sunday. To make this more precise, we want to compute the probability that it rains on Sunday, given that it rains on Saturday. So we restrict our attention to only those situations where it rains on Saturday and count how often this happens over several years. Then we count how often it rains on both Saturday and Sunday. The ratio gives an estimate of the desired probability. If we call A the event that it rains on Saturday and B the event that it rains on Sunday, then the intersection A ∩ B is when it rains on both days. The conditional probability of A given B is defined to be P (A ∩ B) P (B | A)= , P (A) where P (A) denotes the probability of the event A. This formula can be used to define the conditional probability of one event given another for any two events A and B that have probabilities (we implicitly assume throughout this discussion that any probability that occurs in a denominator has nonzero probability). Events A and B are independent if P (A ∩ B)= P (A) P (B). For example, if Alice flips a fair coin, let A be the event that the coin ends up Heads. If Bob rolls a fair six-sided die, let B be the event that he rolls a 3.
  • Related-Key Cryptanalysis of 3-WAY, Biham-DES,CAST, DES-X, Newdes, RC2, and TEA

    Related-Key Cryptanalysis of 3-WAY, Biham-DES,CAST, DES-X, Newdes, RC2, and TEA

    Related-Key Cryptanalysis of 3-WAY, Biham-DES,CAST, DES-X, NewDES, RC2, and TEA John Kelsey Bruce Schneier David Wagner Counterpane Systems U.C. Berkeley kelsey,schneier @counterpane.com [email protected] f g Abstract. We present new related-key attacks on the block ciphers 3- WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. Differen- tial related-key attacks allow both keys and plaintexts to be chosen with specific differences [KSW96]. Our attacks build on the original work, showing how to adapt the general attack to deal with the difficulties of the individual algorithms. We also give specific design principles to protect against these attacks. 1 Introduction Related-key cryptanalysis assumes that the attacker learns the encryption of certain plaintexts not only under the original (unknown) key K, but also under some derived keys K0 = f(K). In a chosen-related-key attack, the attacker specifies how the key is to be changed; known-related-key attacks are those where the key difference is known, but cannot be chosen by the attacker. We emphasize that the attacker knows or chooses the relationship between keys, not the actual key values. These techniques have been developed in [Knu93b, Bih94, KSW96]. Related-key cryptanalysis is a practical attack on key-exchange protocols that do not guarantee key-integrity|an attacker may be able to flip bits in the key without knowing the key|and key-update protocols that update keys using a known function: e.g., K, K + 1, K + 2, etc. Related-key attacks were also used against rotor machines: operators sometimes set rotors incorrectly.
  • A Password-Based Key Derivation Algorithm Using the KBRP Method

    A Password-Based Key Derivation Algorithm Using the KBRP Method

    American Journal of Applied Sciences 5 (7): 777-782, 2008 ISSN 1546-9239 © 2008 Science Publications A Password-Based Key Derivation Algorithm Using the KBRP Method 1Shakir M. Hussain and 2Hussein Al-Bahadili 1Faculty of CSIT, Applied Science University, P.O. Box 22, Amman 11931, Jordan 2Faculty of Information Systems and Technology, Arab Academy for Banking and Financial Sciences, P.O. Box 13190, Amman 11942, Jordan Abstract: This study presents a new efficient password-based strong key derivation algorithm using the key based random permutation the KBRP method. The algorithm consists of five steps, the first three steps are similar to those formed the KBRP method. The last two steps are added to derive a key and to ensure that the derived key has all the characteristics of a strong key. In order to demonstrate the efficiency of the algorithm, a number of keys are derived using various passwords of different content and length. The features of the derived keys show a good agreement with all characteristics of strong keys. In addition, they are compared with features of keys generated using the WLAN strong key generator v2.2 by Warewolf Labs. Key words: Key derivation, key generation, strong key, random permutation, Key Based Random Permutation (KBRP), key authentication, password authentication, key exchange INTRODUCTION • The key size must be long enough so that it can not Key derivation is the process of generating one or be easily broken more keys for cryptography and authentication, where a • The key should have the highest possible entropy key is a sequence of characters that controls the process (close to unity) [1,2] of a cryptographic or authentication algorithm .
  • Authentication and Key Distribution in Computer Networks and Distributed Systems

    Authentication and Key Distribution in Computer Networks and Distributed Systems

    13 Authentication and key distribution in computer networks and distributed systems Rolf Oppliger University of Berne Institute for Computer Science and Applied Mathematics {JAM) Neubruckstrasse 10, CH-3012 Bern Phone +41 31 631 89 51, Fax +41 31 631 39 65, [email protected] Abstract Authentication and key distribution systems are used in computer networks and dis­ tributed systems to provide security services at the application layer. There are several authentication and key distribution systems currently available, and this paper focuses on Kerberos (OSF DCE), NetSP, SPX, TESS and SESAME. The systems are outlined and reviewed with special regard to the security services they offer, the cryptographic techniques they use, their conformance to international standards, and their availability and exportability. Keywords Authentication, key distribution, Kerberos, NetSP, SPX, TESS, SESAME 1 INTRODUCTION Authentication and key distribution systems are used in computer networks and dis­ tributed systems to provide security services at the application layer. There are several authentication and key distribution systems currently available, and this paper focuses on Kerberos (OSF DCE), NetSP, SPX, TESS and SESAME. The systems are outlined and reviewed with special regard to the security services they offer, the cryptographic techniques they use, their conformance to international standards, and their availability and exportability. It is assumed that the reader of this paper is familiar with the funda­ mentals of cryptography, and the use of cryptographic techniques in computer networks and distributed systems (Oppliger, 1992 and Schneier, 1994). The following notation is used in this paper: • Capital letters are used to refer to principals (users, clients and servers).
  • Chapter 2 the Data Encryption Standard (DES)

    Chapter 2 the Data Encryption Standard (DES)

    Chapter 2 The Data Encryption Standard (DES) As mentioned earlier there are two main types of cryptography in use today - symmet- ric or secret key cryptography and asymmetric or public key cryptography. Symmet- ric key cryptography is the oldest type whereas asymmetric cryptography is only being used publicly since the late 1970’s1. Asymmetric cryptography was a major milestone in the search for a perfect encryption scheme. Secret key cryptography goes back to at least Egyptian times and is of concern here. It involves the use of only one key which is used for both encryption and decryption (hence the use of the term symmetric). Figure 2.1 depicts this idea. It is necessary for security purposes that the secret key never be revealed. Secret Key (K) Secret Key (K) ? ? - - - - Plaintext (P ) E{P,K} Ciphertext (C) D{C,K} Plaintext (P ) Figure 2.1: Secret key encryption. To accomplish encryption, most secret key algorithms use two main techniques known as substitution and permutation. Substitution is simply a mapping of one value to another whereas permutation is a reordering of the bit positions for each of the inputs. These techniques are used a number of times in iterations called rounds. Generally, the more rounds there are, the more secure the algorithm. A non-linearity is also introduced into the encryption so that decryption will be computationally infeasible2 without the secret key. This is achieved with the use of S-boxes which are basically non-linear substitution tables where either the output is smaller than the input or vice versa. 1It is claimed by some that government agencies knew about asymmetric cryptography before this.
  • TRANSPORT LAYER SECURITY (TLS) Lokesh Phani Bodavula

    TRANSPORT LAYER SECURITY (TLS) Lokesh Phani Bodavula

    TRANSPORT LAYER SECURITY (TLS) Lokesh Phani Bodavula October 2015 Abstract 1 Introduction The security of Electronic commerce is completely in the hands of Cryptogra- phy. Most of the transactions through e-commerce sites, auction sites, on-line banking, stock trading and many more are exchanged over the network. SSL or TLS are the additional layers that are required in order to obtain authen- tication, privacy and integrity for all kinds of communication going through network. This paper focuses on the additional layer (TLS) which is responsi- ble for the whole communication. Transport Layer Security is a protocol that is responsible for offering privacy between the communicating applications and their users on Internet. TLS is inserted between the application layer and the network layer-where the session layer is in the OSI model TLS, however, requires a reliable transport channel-typically TCP. 2 History Instead of the end-to-end argument and the S-HTTP proposal the developers at Netscape Communications introduced an interesting secured connection concept of low-layer and high-layer security. For achieving this type of security there em- ployed a new intermediate layer between the transport layer and the application layer which is called as Secure Sockets Layer (SSL). SSL is the starting stage for the evolution of different transport layer security protocols. Technically SSL protocol is assigned to the transport layer because of its functionality is deeply inter-winded with the one of a transport layer protocol like TCP. Coming to history of Transport layer protocols as soon as the National Center for Super- computing Application (NCSA) released the first popular Web browser called Mosaic 1.0 in 1993, Netscape Communications started working on SSL protocol.
  • Chap 2. Basic Encryption and Decryption

    Chap 2. Basic Encryption and Decryption

    Chap 2. Basic Encryption and Decryption H. Lee Kwang Department of Electrical Engineering & Computer Science, KAIST Objectives • Concepts of encryption • Cryptanalysis: how encryption systems are “broken” 2.1 Terminology and Background • Notations – S: sender – R: receiver – T: transmission medium – O: outsider, interceptor, intruder, attacker, or, adversary • S wants to send a message to R – S entrusts the message to T who will deliver it to R – Possible actions of O • block(interrupt), intercept, modify, fabricate • Chapter 1 2.1.1 Terminology • Encryption and Decryption – encryption: a process of encoding a message so that its meaning is not obvious – decryption: the reverse process • encode(encipher) vs. decode(decipher) – encoding: the process of translating entire words or phrases to other words or phrases – enciphering: translating letters or symbols individually – encryption: the group term that covers both encoding and enciphering 2.1.1 Terminology • Plaintext vs. Ciphertext – P(plaintext): the original form of a message – C(ciphertext): the encrypted form • Basic operations – plaintext to ciphertext: encryption: C = E(P) – ciphertext to plaintext: decryption: P = D(C) – requirement: P = D(E(P)) 2.1.1 Terminology • Encryption with key If the encryption algorithm should fall into the interceptor’s – encryption key: KE – decryption key: K hands, future messages can still D be kept secret because the – C = E(K , P) E interceptor will not know the – P = D(KD, E(KE, P)) key value • Keyless Cipher – a cipher that does not require the
  • Block Cipher and Data Encryption Standard (DES)

    Block Cipher and Data Encryption Standard (DES)

    Block Cipher and Data Encryption Standard (DES) 2021.03.09 Presented by: Mikail Mohammed Salim Professor 박종혁 Cryptography and Information Security 1 Block Cipher and Data Encryption Standard (DES) Contents • What is Block Cipher? • Padding in Block Cipher • Ideal Block Cipher • What is DES? • DES- Key Discarding Process • Des- 16 rounds of Encryption • How secure is DES? 2 Block Cipher and Data Encryption Standard (DES) What is Block Cipher? • An encryption technique that applies an algorithm with parameters to encrypt blocks of text. • Each plaintext block has an equal length of ciphertext block. • Each output block is the same size as the input block, the block being transformed by the key. • Block size range from 64 -128 bits and process the plaintext in blocks of 64 or 128 bits. • Several bits of information is encrypted with each block. Longer messages are encoded by invoking the cipher repeatedly. 3 Block Cipher and Data Encryption Standard (DES) What is Block Cipher? • Each message (p) grouped in blocks is encrypted (enc) using a key (k) into a Ciphertext (c). Therefore, 푐 = 푒푛푐푘(푝) • The recipient requires the same k to decrypt (dec) the p. Therefore, 푝 = 푑푒푐푘(푐) 4 Block Cipher and Data Encryption Standard (DES) Padding in Block Cipher • Block ciphers process blocks of fixed sizes, such as 64 or 128 bits. The length of plaintexts is mostly not a multiple of the block size. • A 150-bit plaintext provides two blocks of 64 bits each with third block of remaining 22 bits. • The last block of bits needs to be padded up with redundant information so that the length of the final block equal to block size of the scheme.
  • A Gentle Introduction to Cryptography

    A Gentle Introduction to Cryptography

    A Gentle Introduction Prof. Philip Koopman to Cryptography 18-642 / Fall 2020 “Cryptography [without system integrity] is like investing in an armored car to carry money between a customer living in a cardboard box and a person doing business on a park bench.” – Gene Spafford © 2020 Philip Koopman 1 Cryptography Overview Anti-Patterns for Cryptography Using a home-made cryptographic algorithm Using private key when public key is required Not considering key distribution in design Cryptography terms: Plaintext: the original data Ciphertext: data after a encryption Encryption: converting plaintext to ciphertext Avalanche effect: – Confusion: multiple bits in plaintext are combined to make a ciphertext bit – Diffusion: each bit of plaintext affects many bits of ciphertext – Ideally, ciphertext is random function of plaintext bits © 2020 Philip Koopman 2 Classical Cryptography Simple substitution cipher (Caesar Cipher) “IBM” left shifted 1 becomes “HAL” – 4 or 5 bit key (26 wheel positions) https://de.wikipedia.org/wiki/Caesar- Verschl%C3%BCsselung#/media/File:Ciph erDisk2000.jpg https://en.wikipedia.org/wiki/Caesar_cipher Readily broken via frequency analysis Most common letters correspond to E, T, A, O, … https://en.wikipedia.org/wiki/Caesar_cipher Gives secrecy but not explicit integrity © 2020 Philip Koopman 3 WWII Cryptography Complex Subsitution Cipher German “Enigma” machine The “Bombe” broke Enigma Electromechanical sequencing to search for correlations using guessed plaintext – See the movie: “The Imitation Game”