sign in sign up
<<
Home , Transposition cipher

Organisation Organisation Overview Overview Historic Historic Ciphers Symmetric Ciphers Symmetric Ciphers Arrangements

Cryptography Lecture Course in Autumn Term 2013 University of Birmingham Will have two lectures (Tue 2pm, Fri 11am and one exercise class (Fri 2pm) per week, all in UG07, Learning Centre There will be six assessed exercise sheets plus exam Eike Ritter Exam counts 80%, all exercises 20% towards final mark

Eike Ritter 2013/14 1 Eike Ritter Cryptography 2013/14 2 Organisation Organisation Overview Overview Historic Ciphers Historic Ciphers Symmetric Ciphers Symmetric Ciphers What is Cryptography

For syllabus, lecture notes etc see webpage (http://www.cs. essential for security on the internet bham.ac.uk/~exr/teaching/lectures/crypto/13_14) Confidentiality, integrity, privacy cannot be guaranteed otherwise Have also facebook group UoBCryptography Works in principle as follows: Alice and Bob share a secret HOW?? I am happy to add anyone taking this module • Alice uses secret key to scramble data encryption • Alice sends scrambled data to Bob • Bob decrypts data with secret key, gets message back •

Eike Ritter Cryptography 2013/14 3 Eike Ritter Cryptography 2013/14 4 Organisation Organisation Overview Overview Historic Ciphers Historic Ciphers Symmetric Ciphers Symmetric Ciphers Course content Kinds of cryptography

Transposition: permutes components of a message • Substitution: replacing components. Two main ways: Lecture course will explain basic cryptographic algorithms • Codes: algorithms for substitution of entire words Will also reason about their security • (working on meaning) Will explain how to use the algorithms properly Ciphers: algorithms substituting single letters or blocks • Ciphers are easiest to use and mathematically well understood will concentrate on those ⇒

Eike Ritter Cryptography 2013/14 5 Eike Ritter Cryptography 2013/14 6 Organisation Organisation Overview Overview Historic Ciphers Historic Ciphers Symmetric Ciphers Symmetric Ciphers Terminology Transposition

Plaintext Message before encryption Used already since antiquity Plaintext Message before encryption Example: Encryption Process of scrambling a message Key: Column size • Encryption: Arrange message in columns of fixed size (the An enciphered message • Decryption Process of unscrambling a message key). Add dummy text to fill the last column. Ciphertext consists of rows. Decryption: Calculate row size by dividing message length by Plaintext DecryptionCiperhtext Original• plaintext Encryption the key. Arrange message in rows of this size. Plaintext consists of columns.

Eike Ritter Cryptography 2013/14 7 Eike Ritter Cryptography 2013/14 8 Organisation Organisation Overview Overview Historic Ciphers Historic Ciphers Symmetric Ciphers Symmetric Ciphers Security of Transposition Cipher Precise formulation of security

Use game between two parties: Attacker(A): Aim is to obtain plaintext for given ciphertext • Challenger(C): provides the challenge for the attacker • Is this cipher secure? Moves of the game: Informal answer: : No. C selects message length n and chooses a key k < n. • Given any ciphertext, attacker tries all possible values for the key. C chooses message m and sends encrypted message to A • For a message of size n there are at most n possibilities for the key, A does some computations and eventually outputs a message • hence attacker will obtain plaintext. A wins the game if m is initial substring of A’s output. (Note: A doesn’t have key!)

1 A has probability of at least n of winning this game for any message. Protocol insecure. ⇒

Eike Ritter Cryptography 2013/14 9 Eike Ritter Cryptography 2013/14 10 Organisation Organisation Overview Overview Historic Ciphers Historic Ciphers Symmetric Ciphers Symmetric Ciphers Precise formulation of security Permutations

A permutation describes the re-arrangement of the elements of an Use game between two parties: ordered list into a one-to-one correspondence of itself Attacker(A): Aim is to obtain plaintext for given ciphertext • Permutation is therefore a function from 1,..., n to itself which Challenger(C): provides the challenge for the attacker { } • is one-to-one. Moves of the game: Example: reordering of (1, 2, 3) to (3, 1, 2). C selects message length n and chooses a key k < n. • Two notations used C chooses message m and sends encrypted message to A • Array notation: Write the re-ordered list below the original A does some computations and eventually outputs a message • 1 2 3 • one, here A wins the game if m is initial substring of A’s output. 2 3 1 (Note: A doesn’t have key!) Write down the cycles. The first cycle is the list of numbers • obtained by applying the permutation first to 1, then to the 1 A has probability of at least n of winning this game for any result and so on. Stop when 1 appears again. The other message. cycles are obtained by starting with the lowest number not Protocol insecure. appearing in the previous cycle and applying the same recipe. ⇒ Cycles of length 1 are omitted. Example would be (123). Eike Ritter Cryptography 2013/14 11 Eike Ritter Cryptography 2013/14 12 Organisation Organisation Overview Overview Historic Ciphers Historic Ciphers Symmetric Ciphers Symmetric Ciphers Operations on permutations Permutation cipher

Key: permutation of length n of the alphabet • Encryption: Split plaintext into blocks of length n and apply • permutation Decryption: Split ciphertext into blocks of length n and apply Have identity which maps any number to itself • inverse permutation Multiplying permutations is composition of functions Inverse of a permutation s is the permutation t such that s Have also variant for deriving key: Choose keyword multiplied with t is the identity • remove all duplicate letters from keyword • start cipher-alphabet with letters from duplicate-free keyword • and the end of the codeword continue with next unused letter • of alphabet following last letter in codeword continue filling in letters in alphabetical order leaving out • already used letters

Eike Ritter Cryptography 2013/14 13 Eike Ritter Cryptography 2013/14 14 Organisation Organisation Overview Overview Historic Ciphers Historic Ciphers Symmetric Ciphers Symmetric Ciphers Security Enigma

Encryption was mechanised at the beginning of 20th century Famous example: (used by German military in WW2) consisted of keyboard, plug board, three rotors and reflector How difficult is it for the attacker to break this cipher? Have 26! 286 permutations ≈ But: Have other tools available, eg Frequency of letter occurrence varies dramatically amongst letters In English text, 12.7% of all letters are “e”, and 0.2% of all letters are “x”.

Eike Ritter Cryptography 2013/14 15 Eike Ritter Cryptography 2013/14 16

Encryption method: Letters from keyboard are substituted using plugboard with • In next step, each rotor applies fixed substitution to the letters • Key point: rotors are dynamic: rotors advance after each • letter Message passes through the reflector, which applies one more • permutation and applies all three rotors in opposite direction. Successfully broken by scientist in Bletchley Park (Turing) Also initiated the development of modern day computers Organisation Organisation Overview Overview Historic Ciphers Historic Ciphers Symmetric Ciphers Symmetric Ciphers Modular arithmetic Probability

Will use discrete probabilities Definition Definition We say two numbers a, b Z are congruent modulo n Z, • ∈ ∈ Let U be a finite set. A probability distribution P is a function written a b(mod n), if a b is divisible by n ≡ − P : U [0, 1] such that If 0 a n, we write [a] , called the residue class of a → • ≤ ≤ n modulo n, for the set of all numbers b such that P(u) = 1 a b(mod n). ≡ u U We define addition, subtraction and multiplication on residue X∈ • classes by We denote by U the size of U (the number of elements in U) | | Example [a] + [b] = [c] if (a + b) c(mod n) n n n ≡ [a] [b] = [c] if (a b) c(mod n) Let U be a finite set. The uniform distribution is the probability n − n n − ≡ [a] [b] = [c] if (a b) c(mod n) distribution P defined by n ∗ n n ∗ ≡ 1 P(u) = U Eike Ritter Cryptography 2013/14 17 | | Eike Ritter Cryptography 2013/14 18 Organisation Organisation Overview Overview Historic Ciphers Historic Ciphers Symmetric Ciphers Symmetric Ciphers Probabilities, continued Precise formulation of cipher algorithm

Definition Definition Let P : U [0, 1] be a probability distribution. Let , and be three sets of keys, messages and ciphertext. A → K M C An event A is a subset of U. cipher over ( , , ) is a pair of efficient algorithms • K M C The probability of an event A, written P[A], is defined as (E : , : ) such that for all m and • K × M → C D K × C → M ∈ M k ∈ K P[A] = P(u) D(k, E(k, m)) = m u A X∈

Eike Ritter Cryptography 2013/14 19 Eike Ritter Cryptography 2013/14 20 Organisation Organisation Overview Overview Historic Ciphers Historic Ciphers Symmetric Ciphers Symmetric Ciphers Bitstrings One-time pad

First cipher which is secure We write 0, 1 n for the set of all sequences of n bits. Message and keys are bitstrings { } Have important operation on bitstrings: Key: Random bitstring k1,..., kn, as long as message ⊕ • is addition modulo 2 on each bit m1,..., mn ⊕ Encryption: k m ,..., k m • 1⊕ 1 n⊕ n Decryption of ciphertext c ,..., c : k c ,..., k c • 1 n 1⊕ 1 n⊕ n

Eike Ritter Cryptography 2013/14 21 Eike Ritter Cryptography 2013/14 22 Organisation Organisation Overview Overview Historic Ciphers Historic Ciphers Symmetric Ciphers Symmetric Ciphers Security of one-time pad

One-time pad satisfies very strong notion of security: Attacker Theorem cannot learn any information by looking only at The one-time pad satisfies perfect security. Formalised by: Proof. Definition For all m, c and n, A cipher (E, D) over ( , , ) satisfies perfect security if for any K M C 1 length n all messages m1 and m2 of length n and all ciphertext c P[E(k, m) = c] = 2n P[E(k, m1) = c] = P[E(k, m2)] = c

where P is the uniform distribution over keys of length n.

Eike Ritter Cryptography 2013/14 23 Eike Ritter Cryptography 2013/14 24