ECE 646 - Lecture 7 Required Reading
• W. Stallings, Cryptography and Network Security, Historical Ciphers Chapter 3, Classical Encryption Techniques
Part 2 • A. Menezes et al., Handbook of Applied Cryptography,
Chapter 7.3 Classical ciphers and historical development
1 2
14 Substitution Ciphers (2) 12 Character frequency 2. Polyalphabetic substitution cipher 10 in a long English 8 plaintext M = m1 m2 … md 6 m m … m d+1 d+2 2d 4 m2d+1 m2d+2 … m3d 2 ….. 0 a b c d e f g h i j k l m n o p q r s t u v w x y z C = f1(m1) f2(m2) … fd(md) Character frequency 14 in the corresponding f1(md+1) f2(md+2) … fd(m2d ) 12 ciphertext f1(m2d+1 ) f2( m2d+2) … fd(m3d ) 10 for a polyalphabetic ….. 8 substitution cipher d is a period of the cipher 6 1 4 × 100% » 3.8 % Key = d, f1, f2, …, fd 26 2 d 26 d Number of keys for a given period d = (26!) » (4 × 10 ) 0 a b c d e f g h i j k l m n o p q r s t u v w x y z 3 4
1 Polyalphabetic substitution ciphers Vigenère Cipher - Example Simplifications (1) Plaintext: TO BE OR NOT TO BE A. Vigenère cipher: polyalphabetic shift cipher Key: NSA Invented in 1568 Encryption: T O B E O R ci = fi mod d(mi) = mi + ki mod d mod 26 N O T T O B -1 mi = f i mod d(ci) = ci - ki mod d mod 26 E
Key = k0, k1, … , kd-1
Number of keys for a given period d = (26)d
5 6
Vigenère Square Vigenère Square plaintext: a b c d e f g h i j k l m n o p q r s t u v w x y z plaintext: a b c d e f g h i j k l m n o p q r s t u v w x y z
3 a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a N S A c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c T O B e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e E O R g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g N O T i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h T O B j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j E l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l G G B 1 n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n R G R p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p A G T r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q G G B 2 s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s R u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y 7 8
2 Vigenère Cipher - Example Determining the period of the polyalphabetic cipher ’ Plaintext: TO BE OR NOT TO BE Kasiski s method Key: NSA N S A Ciphertext: G G B R G R A G T G G B R Encryption: T O B E O R N O T Distance = 9 T O B E Period d is a divisor of the distance between G G B identical blocks of the ciphertext R G R A G T G G B In our example: d = 3 or 9 R Ciphertext: GGBRGRAGTGGBR
9 10
Index of coincidence method (1) Index of coincidence method (2)
ni - number of occurances of the letter i in the ciphertext Measure of roughness: i = a .. z z 2 z æ 1 ö 2 1 N - length of the ciphertext M.R. = ç p - ÷ = p - åè i 26 ø å i 26 pi = probability that the letter of the ciphertext is equal to i i=a i=a
ni pi = lim M.R. 0.028 0.014 0.006 0.003 N® ¥ N z period 1 2 5 10 = 1 å pi i=a
11 12
3 Index of coincidence method (3) Index of coincidence method (4)
Index of coincidence Measure of roughness z z The approximation of 2 pi å (ni -1) × ni i=a å Definition: 1 i=a 1 M.R. = I.C. - = - Probability that two random elements of the ciphertext 26 (N -1) × N 26 are identical z n Formula: z i å (ni -1) × ni M.R. 0.028 0.014 0.006 0.003 2 I.C. = = i=a å N period 1 2 5 10 i=a (N -1) × N 2
13 14
Polyalphabetic substitution ciphers Military Enigma Simplifications (2)
B. Rotor machines used before and during the WWII
Country Machine Period
Germany: Enigma d=26×25×26 = 16,900 U.S.A.: M-325, Hagelin M-209 Japan: “Purple” UK: Typex d=26×(26-k)×26, k=5, 7, 9 Poland: Lacida d=24×31×35 = 26,040
15 16
4 Functional diagram & dataflow
17 18
Enigma Daily Keys
19 20
5 Order of rotors (Walzenlage) Positions of rings (Ringstellung)
263 combinations 6 combinations
21 22
Plugboard Connections Initial Positions of Rotors (Steckerverbindung) (Grundstellung)
~ 0.5 · 1015 3 combinations 26 combinations
23 24
6 Total Number of Keys
3.6 · 1022 » 275 Number of possible internal 3 · 10114 connections of Enigma Larger number of keys than DES.
Estimated number of atoms 80 in the universe 10
25 26
Broken by Polish Cryptologists Enigma Timetable: 1939 1932-1940
Jul 25-26, 1939: A secret meeting takes place in the Kabackie Woods near the town Pyry (South of Warsaw), where the Poles hand over to the French and British Intelligence Service their complete solution to the German Enigma cipher, and two replicas of the Enigma machine.
Marian Rejewski Jerzy Różycki Henryk Zygalski (born 1905) (born 1909) (born 1907)
27 28
7 Improvements and new methods developed by British cryptologists 1939-1945
Alan Turing Gordon Welchman (born 1912) (born 1906)
29 30
Enigma Timetable: 1939-1940 Original British cryptological “Bombe”
1939-1940: Alan Turing develops an idea of the British cryptological “Bombe” based on the known-plaintext attack.
Gordon Welchman develops an improvement to the Turing’s idea called “diagonal board”.
Harold “Doc” Keen, engineer at British Tabulating Machines (BTM) becomes responsible for implementing British “Bombe”.
31 32
8 Reconstructed British cryptological “Bombe” May 1940: First British cryptological bombe developed to reconstruct daily keys goes into operation.
Over 210 Bombes are used in England throughout the war. Each bombe weighed one ton, and was 6.5 feet high, 7 feet long, 2 feet wide.
Machines were operated by members of the Women’s Royal Naval Service, “Wrens”.
33 34
Enigma Timetable: 1943
April 1943: The production of the American Bombe starts in the National Cash Register Company (NCR) in Dayton, Ohio. The engineering design of the bombe comes from Joseph Desch.
https://en.wikipedia.org/wiki/The_Imitation_Game
35 36
9 Substitution Ciphers (3) 14 12 Character frequency 10 3. Running-key cipher in a long English 8 plaintext 6
M = m1 m2 m3 m4 . . . . mN 4 K = k1 k2 k3 k4 . . . . kN 2
0 a b c d e f g h i j k l m n o p q r s t u v w x y z K is a fragment of a book Character frequency 14 in the corresponding C = c1 c2 c3 c4 . . . . cN 12 ciphertext 10 for a running-key 8 ci = mi + ki mod 26 cipher 6 1 × 100% » 3.8 % mi = ci - ki mod 26 4 26 2
Key: book (title, edition), position in the book (page, row) 0 a b c d e f g h i j k l m n o p q r s t u v w x y z
37 38
Substitution Ciphers (4) Playfair Cipher 1854 4. Polygram substitution cipher Key:
M = m1 m2 … md - M1 PLAYFAIR IS A DIGRAM CIPHER md+1 md+2 … m2d - M2 m2d+1 m2d+2 … m3d - M3 P L A Y F ….. Convention 1 (Stallings) C = c1 c2 … cd - C1 I R S D G cd+1 cd+2 … c2d - C2 message P O L A N D c2d+1 c2d+2 … c3d - C3 M C H E B ciphertext A K A Y Q R ….. d is the length of a message block K N O Q T Convention 2 (Handbook) -1 U V W X Z Ci = f(Mi) Mi = f (Ci) message P O L A N D ciphertext K A A Y R Q Key = d, f Number of keys for a given block length d = (26d)! 39 40
10 Hill Cipher 1929 Hill Cipher Deciphering: Ciphering: -1 M[1xd] = C[1xd] · K [dxd]
C[1xd] = M[1xd] · K[dxd] message block = ciphertext block · inverse key matrix
k11, k12, …, k1d where 1, 0, …, 0, 0
(c1, c2, …, cd) = (m1, m2, …, md) 0, 1, …, 0, 0 K · K-1 = …………… k , k , …, k [dxd] [dxd] d1 d2 dd 0, 0, …, 1, 0 0, 0, …, 0, 1 ciphertext block = message block · key matrix key matrix · inverse key matrix = identity matrix
41 42
Hill Cipher - Known Plaintext Attack (1) Hill Cipher - Known Plaintext Attack (2)
Known: k11, k12, …, k1d c11, c12, …, c1d m11, m12, …, m1d C1 = (c11, c12, …, c1d) M1 = (m11, m12, …, m1d) C2 = (c21, c22, …, c2d) M2 = (m21, m22, …, m2d) c21, c22, …, c2d = m21, m22, …, m2d k21, k22, …, k2d …………………………………………………. ………………. ………………….. C = (c , c , …, c ) M = (m , m , …, m ) cd1, cd2, …, cdd md1, md2, …, mdd d d1 d2 dd d d1 d2 dd kd1, kd2, …, kdd We know that:
(c11, c12, …, c1d) = (m11, m12, …, m1d) · K[dxd] C[dxd] = M[dxd] · K[dxd] (c21, c22, …, c2d) = (m21, m22, …, m2d) · K[dxd] ………………………………………………… -1 (cd1, cd2, …, cdd) = (md1, md2, …, mdd) · K[dxd] K[dxd] = M [dxd] · C[dxd]
43 44
11 Transposition ciphers 14 12 10 Character frequency M = m1 m2 m3 m4 . . . . mN 8 C = mf(1) mf(2) mf(3) mf(4) . . . . mf(N) in a long English 6 plaintext 4 2
Letters of the plaintext are rearranged without 0 a b c d e f g h i j k l m n o p q r s t u v w x y z changing them 14 12 10 Character frequency 8 in the corresponding 6 ciphertext 4 for a transposition cipher 2 0 a b c d e f g h i j k l m n o p q r s t u v w x y z
45 46
Transposition cipher Example
Plaintext: CRYPTANALYST Key: KRIS 2 3 1 4 Encryption: K R I S C R Y P T A N A L Y S T
Ciphertext: YNSCTLRAYPAT
47
12