DOCSLIB.ORG

Cryptography

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Cryptography Prof. Dr. Carsten Damm Dr. Henrik Brosenne University of Goettingen Institut of Computer Science Winter 2013/2014 Table of Contents Elementary Cryptanalysis Classification of Cryptanalytic Attacks Stochastic structure of natural language - Part 1 Cryptanalysis by Frequency Analysis Breaking the Vigenere cipher Statistical Measures Cryptanalysis of Transposition Ciphers Starring Alice = first person in all protocols (initiator) Bob = second person in all protocols Eve = an eavesdropper, i.e., passive attacker Mallory = malicious active attacker In this chapter we study passive attacks. Eve tries to get information about the plaintext, while observing only ciphertext messages in a cryptographic protocol. All attacks rely on a fixed cryptosystem (E; D). Ciphertext-only attack The ciphertext-only attack is the type of attack we will study in this chapter. given ciphertexts C1 = EK (M1) ::: Ci = EK (Mt ) of several messages, all generated by the same cipher EK . wanted an algorithm to infer Mt+1 from Ct+1 = EK (Mt+1). weaker: recover some information about M1 ::: Mt . stronger: recover the key K (or at least information about it). Known plaintext attack additionally given M1;:::; Mt scenario: disclosure of formerly classified documents Chosen plaintext attack instead given (limited) access to the cipher EK , so that the analyst can choose M1;:::; Mt and generate the corresponding ciphertexts C1 = EK (M1);:::; Ci = EK (Mt ) scenario: a spy that is able to plant some specially prepared messages on the Enigma-operator Adaptive-chosen-plaintext attack special variant of chosen plaintext attack: I the attacker doesn't need to fix the chosen plaintexts in advance but rather can watch the outcome of chosen plaintext encryptions and based on that choose the next one(s) scenario: before World War II Polish cryptanalysts were in posession of a copy of the Enigma machine (http://en.wikipedia.org/wiki/Biuro Szyfrow) Table of Contents Elementary Cryptanalysis Classification of Cryptanalytic Attacks Stochastic structure of natural language - Part 1 Cryptanalysis by Frequency Analysis Breaking the Vigenere cipher Statistical Measures Cryptanalysis of Transposition Ciphers Published Worksheet Published worksheet 04 stochastic structure of natural languages part1. Simple observations Well known: each language (English, German, . ) has statistical characteristics that can be used to differentiate between various text sources. frequencies of letters and words of pairs, triples, . n-grams, or more general patterns starting/ending letters of words, starting/ending words of sentences lengths of words/sentences ... Letter frequencies of typical english text samples ABCDEFGHIJKLM 7.3 0.9 3.0 4.4 13.0 2.8 1.6 3.5 7.4 0.2 0.3 3.5 2.5 NOPQRSTUVWXYZ 7.8 7.4 2.7 0.3 7.7 6.3 9.3 2.7 1.3 1.6 0.5 1.9 0.1 heavy vowels: fE; I; O; Ag = more than 1/3 heavy consonants: fT; N; R; Sg = almost 1/3 low frequency symbols fJ; K; Q; X; Zg = less than 2/100 Popular frequency ordered alphabets (cited from F.L.Bauer: Entzifferte Geheimnisse) English (various sources) I etaoins(h)r dlucmfwypvbgkqjxz (1884) I etoanirs hdlcufmpywgbvkxjqz (1893) I etaoinsr hldcumfpgwybvkxjqz (1982) German (various sources) I enrisdutaghlobmfzkcwvjpqxy (1840) I enirsahtudlcgmwfbozkpjvqxy (1863) I enisratduhglcmwobfzkvpjqxy (1955) Artificial text samples one can generate random text by drawing symbols according to symbol frequencies in genuine text sources (0 order Markov source) better: Shannon's method (gives a 1st order Markov source) 1 take a large text sample (typical of the language) 2 select a random cursor position, σ = symbol at cursor 3 output σ, select a random cursor position 4 locate first occurence of σ after cursor 5 σ = character following cursor 6 back to 3. or STOP see published worksheet for illustration can be extended to 2nd, 3rd, . order sources Law of large numbers wanted: a suitable mathematical model for plaintext sources a stochastic source over alphabet A is a device that randomly emits ! “infinite texts" X = X1X2 ::: 2 A the source is called memoryless, if for every symbol a the probability P(Xn = a) =: pa is independent of n and of all previous or future symbols emitted let Nn(a; X ) denote the number of occurrences i, Xi = a in the prefix Nn(a;X ) X1;:::; Xn and let fn(a; X ) := n be the relative frequency of a in the prefix X1X2 ::: Xn Theorem If X is a random emission from a memoryless source with symbol probabilites (pa)a2A, then with probability 1 holds lim fn(a; X ) = pa : n!1 this law holds true also for relative frequency of pairs, triples, . , and more general \patterns" in the prefix important: the longer the text sample, the more stable are its stochastic features in terms of pattern frequency Ergodic sources a source is called stationary if probabilty of occurence of arbitrary \patterns" at position n of X is independent of n generalization of memoryless sources: source is called ergodic, if it is stationary and the law of large numbers holds for arbitrary patterns natural language sources are \close to" ergodic sources one feature is that for an ergodic source the (infinite) emission is \almost surely typical" (where typicality has a precise mathematical meaning that we will discuss later) Exercise 11 1 Implement a digram counter for text data and try to find some important \heavy pairs" by testing various text samples. 2 Extend this to triples (going much further probably doesn't make much sense for cryptanalysis) Table of Contents Elementary Cryptanalysis Classification of Cryptanalytic Attacks Stochastic structure of natural language - Part 1 Cryptanalysis by Frequency Analysis Breaking the Vigenere cipher Statistical Measures Cryptanalysis of Transposition Ciphers Published Worksheet Published worksheet 04 cryptanalysis by frequency analysis. Breaking a simple substitution cipher Ciphertext from a simple substitution cipher QWMMPQDVKUVFDTXJQVDBOPIDUHDQQUGDLAMWJGXBGURRBPBURMKULDVX OOKUJUOVDJQDGBWHLDJQQMUODQUBIMWBOVWUVXPBUBIOKUBGXBGURROK UJUOVDJQVPWMMDJOUQDVKDBVKDCDAQXEDFKXOKLPWBIQVKDQDOWJXVAP TVKDQAQVDHXQURMKULDVXOOKUJUOVDJQVKDJDTPJDVKDVPVURBWHLDJP TCDAQXQPTDBPJHPWQQXEDBDNDJVKDRDQQFDFXRRQDDVKUVQXHMRDQWLQ VXVWVXPBXQNDJAQWQODMVXLRDVPOJAMVUBURAVXOUVVUOCQ most frequent cipher symbols are D, V, Q, V, U, O, J, K, B (conjecture: these correspond to the heavy symbols) looks like the cipher takes E 7! D and T 7! V or T 7! Q rarest are E, N, S, Y, Z (conjecture: these correspond to the low frequency symbols) Exercise 12 1 Complete the analysis of this ciphertext. Hint: It is useful to replace recovered plaintext letters in lower case in the ciphertext. i.e. replacing e for D gives QWMMPQeVKUVFeTXJQVeBOPIeUHeQQUGeLAMWJGXBGURRBPBURMKULeVX... Once several letters have been identified it may help to first ignore the unidentified ones, as in the below ficticious example) and make a good guess. t.etopo.t.et.reetreesisato..o.oneo.t.reetree. 1 Using a brute force attack is an option for Caesar ciphers. Suggest a method to avoid it. Implement it in Sage. 2 Using a brute force attack is an option for affine ciphers. Suggest a method to avoid it. Try to implement it in Sage. 3 Implement a digram counter for text data and try to find some important \heavy pairs" by testing various text samples Analysis of Vigen`ereCiphers consider Vigenere ciphers as synonymous to periodic substitution cipher on the standard alphabet and with \short period" methods apply in principle to any periodic substitution cipher but are probably not powerful enough to break the Enigma or similar ciphers The column trick if (E; C) is polylaphabetic cryptosystem and for a specific key cipher EK has period `, then each of the \plaintext columns" (1) M = M1 M1+` M1+2` ::: (2) M = M2 M2+` M2+2` ::: ::: (`) M = M` M2` M3` ::: is enciphered by the same monoalphabetic cipher. the corresponding ciphertext columns C (1);:::; C (`) can be deciphered as simple substitution ciphers in particular: I the symbol distributions in the columns are permuted versions of the source language symbol distribution I the symbol distributions falling ordered are all very similar Frequency analysis of periodic ciphers Observation periodic ciphers destroy the stochastic structure of the source language, the distribution looks \more random" than normal source language the first task for the cryptanalist is to determine the period there are several methods of estimating the period often a combination is to be applied Decimation of a sequence given a sequence S = s0 s1 s3 ::: of symbols and a positive integer ` (the period) for 0 ≤ k < ` the k-th decimation of S is the sequence (`) Sk := sk sk+` sk+2` ::: decimating a sequence is a kind of downsampling Idea if m is a candidate period, consider and compare the decimated symbol distributions: compare them to \typical" source language distributions compare the decimations among each other (e.g., by bar-charts, if you have no other idea) more efficient: compare numerical parameters of distributions expectation of rank, variance of rank, entropy, index of coincidence (see below) Reminder on entropy binary entropy h(p) = −p log2 p − (1 − p) log2(1 − p) maximum at p = 0:5 (uniform distribution) general entropy P H(p1;:::; pN ) = − pi log2 pi 1 maximum at p1 = p2 = ::: = pN = N (uniform distribution) Fact. The \more uncertain" a distribution, the larger the entropy Remark Symbol distributions of natural languages (or programming source code or . ), are pretty predictable, i.e. they should have small entropy values. Kasiski's method Kasiski (1805-1881) was a Prussian officer (http://en.wikipedia.org/wiki/Friedrich
Recommended publications
  • Vigenère Cipher Cryptanalysis

    Vigenère Cipher Cryptanalysis

    Spring 2015 Chris Christensen MAT/CSC 483 Cryptanalysis of the Vigenère Cipher: Kasiski Test The keyword of a Vigenère cipher describes the rotation among the Caesar cipher alphabets that are used. That rotation leads to patterns that can be exploited by a cryptanalyst. If we know the length of the keyword, we can often determine the keyword and, hence, decrypt all messages encrypted with that keyword. Here is a ciphertext message that has been encrypted with a Vigenère cipher. nifon aicum niswt luvet vxshk nissx wsstb husle chsnv ytsro cdsoy nisgx lnona chvch gnonw yndlh sfrnh npblr yowgf unoca cossu ouoll iuvef issoe xgosa cpbew uormh lftaf cmwak bbbdv cqvek muvil qbgnh ntiri ljgig atwnv yuvev iorim cpbsb hxviv buvet vxshk uorim mjbdb pjrut fbueg ntgof yuwmx miodm ipdek uuswx lfjek sewfy yssnm zscmm bpgeb huvez ysaag usaew mffvb wfgim qpilw bbjeu yfbef vbfrt mtwnz uorig wpbvx hjsnm zpfag uhsnm npglb jbqrh mttrh huwek mpfak ljjen hbbnh ooqew vzdak udvum yucbx yoquf vffew vzonx hjumt lfgef vmwnz uxsiz bumag xbbtb kvotx xumpx qswtx l Assume that, somehow, we have discovered that the keyword has length five (which is conveniently the same as the size of the blocks). Then the first letter of each block is encrypted with the same row of the Vigenère square – they are encrypted with the same Caesar cipher. Similarly, the second letter of each block is encrypted with the same row – the same Caesar cipher. The third letters with the same Caesar cipher. The fourth letters with the same Caesar cipher. And, the fifth letters with the same Caesar cipher.
  • Amy Bell Abilene, TX December 2005

    Amy Bell Abilene, TX December 2005

    Compositional Cryptology Thesis Presented to the Honors Committee of McMurry University In partial fulfillment of the requirements for Undergraduate Honors in Math By Amy Bell Abilene, TX December 2005 i ii Acknowledgements I could not have completed this thesis without all the support of my professors, family, and friends. Dr. McCoun especially deserves many thanks for helping me to develop the idea of compositional cryptology and for all the countless hours spent discussing new ideas and ways to expand my thesis. Because of his persistence and dedication, I was able to learn and go deeper into the subject matter than I ever expected. My committee members, Dr. Rittenhouse and Dr. Thornburg were also extremely helpful in giving me great advice for presenting my thesis. I also want to thank my family for always supporting me through everything. Without their love and encouragement I would never have been able to complete my thesis. Thanks also should go to my wonderful roommates who helped to keep me motivated during the final stressful months of my thesis. I especially want to thank my fiancé, Gian Falco, who has always believed in me and given me so much love and support throughout my college career. There are many more professors, coaches, and friends that I want to thank not only for encouraging me with my thesis, but also for helping me through all my pursuits at school. Thank you to all of my McMurry family! iii Preface The goal of this research was to gain a deeper understanding of some existing cryptosystems, to implement these cryptosystems in a computer programming language of my choice, and to discover whether the composition of cryptosystems leads to greater security.
  • Elementary Cryptanalysis Classification of Cryptanalytic Attacks

    Elementary Cryptanalysis Classification of Cryptanalytic Attacks

    12 Elementary Cryptography Elementary Cryptanalysis The most direct attack on a cryptosystem is an exhaustive key search attack. The key size therefore provides a lower bound on the security of a cryptosystem. As an example we compare the key sizes of several of the cryptosystems we have introduced so far. We assume that the alphabet for each is the 26 character alphabet. Substitution ciphers: Simple substitution ciphers: 26! Affine substitution ciphers: ϕ(26) · 26 = 12 · 26 = 312 Translation substitution ciphers: 26 Transposition ciphers: Transposition ciphers (of block length m): m! Enigma : Rotor choices (3 of 5): 60 Rotor positions: 263 = 17576 Plugboard settings: 105578918576 Total combinations: 111339304373506560 The size of the keyspace is a naive measure, but provides an upper bound on the security of a cryptosystem. This measure ignores any structure, like character frequencies, which might remain intact following encryption. Classification of Cryptanalytic Attacks We do not consider enumeration of all keys a valid cryptanalytic attack, since no well- designed cryptosystem is susceptible to such an approach. The types of legitimate attacks which we consider can be classified in three categories. 1. Ciphertext-only Attack. 2. Known Plaintext Attack. 3. Chosen Plainext Attack. Ciphertext-only Attack. The cryptanalyst intercepts one or more messages all encoded with the same encryption algorithm. Goal: Recover the original plaintext or plaintexts, to discover the deciphering key or find an algorithm for deciphering subsequent messages enciphered with the same key. Known Plaintext Attack. The cryptanalyst has access to not only the ciphertext, but also the plaintext for one or more of the messages. Goal: Recover the deciphering key or find an algorithm for deciphering subsequent mes- sages (or the remaining plaintext) enciphered which use the same key.
  • Historical Ciphers • A

    Historical Ciphers • A

    ECE 646 - Lecture 6 Required Reading • W. Stallings, Cryptography and Network Security, Chapter 2, Classical Encryption Techniques Historical Ciphers • A. Menezes et al., Handbook of Applied Cryptography, Chapter 7.3 Classical ciphers and historical development Why (not) to study historical ciphers? Secret Writing AGAINST FOR Steganography Cryptography (hidden messages) (encrypted messages) Not similar to Basic components became modern ciphers a part of modern ciphers Under special circumstances modern ciphers can be Substitution Transposition Long abandoned Ciphers reduced to historical ciphers Transformations (change the order Influence on world events of letters) Codes Substitution The only ciphers you Ciphers can break! (replace words) (replace letters) Selected world events affected by cryptology Mary, Queen of Scots 1586 - trial of Mary Queen of Scots - substitution cipher • Scottish Queen, a cousin of Elisabeth I of England • Forced to flee Scotland by uprising against 1917 - Zimmermann telegram, America enters World War I her and her husband • Treated as a candidate to the throne of England by many British Catholics unhappy about 1939-1945 Battle of England, Battle of Atlantic, D-day - a reign of Elisabeth I, a Protestant ENIGMA machine cipher • Imprisoned by Elisabeth for 19 years • Involved in several plots to assassinate Elisabeth 1944 – world’s first computer, Colossus - • Put on trial for treason by a court of about German Lorenz machine cipher 40 noblemen, including Catholics, after being implicated in the Babington Plot by her own 1950s – operation Venona – breaking ciphers of soviet spies letters sent from prison to her co-conspirators stealing secrets of the U.S. atomic bomb in the encrypted form – one-time pad 1 Mary, Queen of Scots – cont.
  • The Mathemathics of Secrets.Pdf

    The Mathemathics of Secrets.Pdf

    THE MATHEMATICS OF SECRETS THE MATHEMATICS OF SECRETS CRYPTOGRAPHY FROM CAESAR CIPHERS TO DIGITAL ENCRYPTION JOSHUA HOLDEN PRINCETON UNIVERSITY PRESS PRINCETON AND OXFORD Copyright c 2017 by Princeton University Press Published by Princeton University Press, 41 William Street, Princeton, New Jersey 08540 In the United Kingdom: Princeton University Press, 6 Oxford Street, Woodstock, Oxfordshire OX20 1TR press.princeton.edu Jacket image courtesy of Shutterstock; design by Lorraine Betz Doneker All Rights Reserved Library of Congress Cataloging-in-Publication Data Names: Holden, Joshua, 1970– author. Title: The mathematics of secrets : cryptography from Caesar ciphers to digital encryption / Joshua Holden. Description: Princeton : Princeton University Press, [2017] | Includes bibliographical references and index. Identifiers: LCCN 2016014840 | ISBN 9780691141756 (hardcover : alk. paper) Subjects: LCSH: Cryptography—Mathematics. | Ciphers. | Computer security. Classification: LCC Z103 .H664 2017 | DDC 005.8/2—dc23 LC record available at https://lccn.loc.gov/2016014840 British Library Cataloging-in-Publication Data is available This book has been composed in Linux Libertine Printed on acid-free paper. ∞ Printed in the United States of America 13579108642 To Lana and Richard for their love and support CONTENTS Preface xi Acknowledgments xiii Introduction to Ciphers and Substitution 1 1.1 Alice and Bob and Carl and Julius: Terminology and Caesar Cipher 1 1.2 The Key to the Matter: Generalizing the Caesar Cipher 4 1.3 Multiplicative Ciphers 6
  • Index-Of-Coincidence.Pdf

    Index-Of-Coincidence.Pdf

    The Index of Coincidence William F. Friedman in the 1930s developed the index of coincidence. For a given text X, where X is the sequence of letters x1x2…xn, the index of coincidence IC(X) is defined to be the probability that two randomly selected letters in the ciphertext represent, the same plaintext symbol. For a given ciphertext of length n, let n0, n1, …, n25 be the respective letter counts of A, B, C, . , Z in the ciphertext. Then, the index of coincidence can be computed as 25 ni (ni −1) IC = ∑ i=0 n(n −1) We can also calculate this index for any language source. For some source of letters, let p be the probability of occurrence of the letter a, p be the probability of occurrence of a € b the letter b, and so on. Then the index of coincidence for this source is 25 2 Isource = pa pa + pb pb +…+ pz pz = ∑ pi i=0 We can interpret the index of coincidence as the probability of randomly selecting two identical letters from the source. To see why the index of coincidence gives us useful information, first€ note that the empirical probability of randomly selecting two identical letters from a large English plaintext is approximately 0.065. This implies that an (English) ciphertext having an index of coincidence I of approximately 0.065 is probably associated with a mono-alphabetic substitution cipher, since this statistic will not change if the letters are simply relabeled (which is the effect of encrypting with a simple substitution). The longer and more random a Vigenere cipher keyword is, the more evenly the letters are distributed throughout the ciphertext.
  • A Hybrid Cryptosystem Based on Vigenère Cipher and Columnar Transposition Cipher

    A Hybrid Cryptosystem Based on Vigenère Cipher and Columnar Transposition Cipher

    International Journal of Advanced Technology & Engineering Research (IJATER) www.ijater.com A HYBRID CRYPTOSYSTEM BASED ON VIGENÈRE CIPHER AND COLUMNAR TRANSPOSITION CIPHER Quist-Aphetsi Kester, MIEEE, Lecturer Faculty of Informatics, Ghana Technology University College, PMB 100 Accra North, Ghana Phone Contact +233 209822141 Email: [email protected] / [email protected] graphy that use the same cryptographic keys for both en- Abstract cryption of plaintext and decryption of cipher text. The keys may be identical or there may be a simple transformation to Privacy is one of the key issues addressed by information go between the two keys. The keys, in practice, represent a Security. Through cryptographic encryption methods, one shared secret between two or more parties that can be used can prevent a third party from understanding transmitted raw to maintain a private information link [5]. This requirement data over unsecured channel during signal transmission. The that both parties have access to the secret key is one of the cryptographic methods for enhancing the security of digital main drawbacks of symmetric key encryption, in compari- contents have gained high significance in the current era. son to public-key encryption. Typical examples symmetric Breach of security and misuse of confidential information algorithms are Advanced Encryption Standard (AES), Blow- that has been intercepted by unauthorized parties are key fish, Tripple Data Encryption Standard (3DES) and Serpent problems that information security tries to solve. [6]. This paper sets out to contribute to the general body of Asymmetric or Public key encryption on the other hand is an knowledge in the area of classical cryptography by develop- encryption method where a message encrypted with a reci- ing a new hybrid way of encryption of plaintext.
  • Shift Cipher Substitution Cipher Vigenère Cipher Hill Cipher

    Shift Cipher Substitution Cipher Vigenère Cipher Hill Cipher

    Lecture 2 Classical Cryptosystems Shift cipher Substitution cipher Vigenère cipher Hill cipher 1 Shift Cipher • A Substitution Cipher • The Key Space: – [0 … 25] • Encryption given a key K: – each letter in the plaintext P is replaced with the K’th letter following the corresponding number ( shift right ) • Decryption given K: – shift left • History: K = 3, Caesar’s cipher 2 Shift Cipher • Formally: • Let P=C= K=Z 26 For 0≤K≤25 ek(x) = x+K mod 26 and dk(y) = y-K mod 26 ʚͬ, ͭ ∈ ͔ͦͪ ʛ 3 Shift Cipher: An Example ABCDEFGHIJKLMNOPQRSTUVWXYZ 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 • P = CRYPTOGRAPHYISFUN Note that punctuation is often • K = 11 eliminated • C = NCJAVZRCLASJTDQFY • C → 2; 2+11 mod 26 = 13 → N • R → 17; 17+11 mod 26 = 2 → C • … • N → 13; 13+11 mod 26 = 24 → Y 4 Shift Cipher: Cryptanalysis • Can an attacker find K? – YES: exhaustive search, key space is small (<= 26 possible keys). – Once K is found, very easy to decrypt Exercise 1: decrypt the following ciphertext hphtwwxppelextoytrse Exercise 2: decrypt the following ciphertext jbcrclqrwcrvnbjenbwrwn VERY useful MATLAB functions can be found here: http://www2.math.umd.edu/~lcw/MatlabCode/ 5 General Mono-alphabetical Substitution Cipher • The key space: all possible permutations of Σ = {A, B, C, …, Z} • Encryption, given a key (permutation) π: – each letter X in the plaintext P is replaced with π(X) • Decryption, given a key π: – each letter Y in the ciphertext C is replaced with π-1(Y) • Example ABCDEFGHIJKLMNOPQRSTUVWXYZ πBADCZHWYGOQXSVTRNMSKJI PEFU • BECAUSE AZDBJSZ 6 Strength of the General Substitution Cipher • Exhaustive search is now infeasible – key space size is 26! ≈ 4*10 26 • Dominates the art of secret writing throughout the first millennium A.D.
  • Classic Crypto

    Classic Crypto

    Classic Crypto Classic Crypto 1 Overview We briefly consider the following classic (pen and paper) ciphers o Transposition ciphers o Substitution ciphers o One-time pad o Codebook These were all chosen for a reason o We see same principles in modern ciphers Classic Crypto 2 Transposition Ciphers In transposition ciphers, we transpose (scramble) the plaintext letters o The scrambled text is the ciphertext o The transposition is the key Corresponds to Shannon’s principle of diffusion (more about this later) o This idea is widely used in modern ciphers Classic Crypto 3 Scytale Spartans, circa 500 BC Wind strip of leather around a rod Write message across the rod T H E T I M E H A S C O M E T H E W A L R U S S A I D T O T A L K O F M A N Y T H I N G S When unwrapped, letters are scrambled TSATAHCLONEORTYTMUATIESLHMTS… Classic Crypto 4 Scytale Suppose Alice and Bob use Scytale to encrypt a message o What is the key? o How hard is it for Trudy to break without key? Suppose many different rod diameters are available to Alice and Bob… o How hard is it for Trudy to break a message? o Can Trudy attack messages automatically—without manually examining each putative decrypt? Classic Crypto 5 Columnar Transposition Put plaintext into rows of matrix then read ciphertext out of columns For example, suppose matrix is 3 x 4 o Plaintext: SEETHELIGHT o Ciphertext: SHGEEHELTTIX Same effect as Scytale o What is the key? Classic Crypto 6 Keyword Columnar Transposition For example o Plaintext: CRYPTOISFUN o Matrix 3 x 4 and keyword MATH o Ciphertext:
  • Decrypt Cryptotexts: GBLVMUB JOGPSNBUJLZ VMNIR RPNBMZ EBMFLP OFABKEFT Decrypt: VHFUHW GH GHXA VHFUHW GH GLHX, VHFUHW GH WURLV VH

    Decrypt Cryptotexts: GBLVMUB JOGPSNBUJLZ VMNIR RPNBMZ EBMFLP OFABKEFT Decrypt: VHFUHW GH GHXA VHFUHW GH GLHX, VHFUHW GH WURLV VH

    PROLOGUE - I. Decrypt cryptotexts: Part IV GBLVMUB JOGPSNBUJLZ Secret-key cryptosystems VMNIR RPNBMZ EBMFLP OFABKEFT prof. Jozef Gruska IV054 4. Secret-key cryptosystems 2/99 PROLOGUE - II. CHAPTER 4: SECRET-KEY (SYMMETRIC) CRYPTOGRAPHY Decrypt: In this chapter we deal with some of the very old, or quite old, classical (secret-key or symmetric) cryptosystems and their cryptanalysis that were primarily used in the pre-computer era. VHFUHW GH GHXA These cryptosystems are too weak nowadays, too easy to break, especially VHFUHW GH GLHX, with computers. However, these simple cryptosystems give a good illustration of several of the VHFUHW GH WURLV important ideas of the cryptography and cryptanalysis. Moreover, most of them can be very useful in combination with more modern VHFUHW GH WRXV. cryptosystem - to add a new level of security. prof. Jozef Gruska IV054 4. Secret-key cryptosystems 3/99 prof. Jozef Gruska IV054 4. Secret-key cryptosystems 4/99 BASICS CRYPTOLOGY - HISTORY + APPLICATIONS Cryptology (= cryptography + cryptanalysis) has more than four thousand years long history. Some historical observation People have always had fascination with keeping information away from others. Some people – rulers, diplomats, military people, businessmen – have always had needs to keep some information away from others. BASICS Importance of cryptography nowadays Applications: cryptography is the key tool to make modern information transmission secure, and to create secure information society. Foundations: cryptography gave rise to several new key concepts of the foundation of informatics: one-way functions, computationally perfect pseudorandom generators, zero-knowledge proofs, holographic proofs, program self-testing and self-correcting, . prof. Jozef Gruska IV054 4. Secret-key cryptosystems 5/99 prof.
  • Introduction

    Introduction

    CS 127: Cryptography / Boaz Barak Lecture 1 - Introduction Optional additional reading: Chapters 1 and 2 of Katz-Lindell book.1 Ever since people started to communicate, there were some messages that they wanted kept secret. Thus cryptography has an old though arguably undistin- guished history. For a long time cryptography shared similar features with Alchemy as a domain in which many otherwise smart people would be drawn into making fatal mistakes. d The definitive text on the history of cryptography is David Kahn’s “The Codebreakers”, whose title already hints at the ultimate fate of most cryptosystems.2 (See also “The Code Book” by Simon Singh.) We now recount just a few stories to get a feel for this field. But, before we do so, we should introduce the cast of characters. The basic setting of “encryption” or “secret writing” is the following: one person, whom we will call Alice, wishes to send another person, whom we will call Bob, a secret message. Since Alice and Bob are not in the same room (perhaps because Alice is imprisoned in a castle by her cousin the queen of England), they cannot communicate directly and need to send their message in writing. Alas, there is a third person, whom we will call Eve, that can see their message. Therefore Alice needs to find a way to encode or encrypt the message so that only Bob (and not Eve) will be able to understand it. In 1587, Mary the queen of Scots, and the heir to the throne of England, wanted to arrange the assasination of her cousin, queen Elisabeth I of England, so that she could ascend to the throne and finally escape the house arrest under which she has been for the last 18 years.
  • Cryptography

    Cryptography

    Cryptography Cryptography, or cryptology (from Ancient Greek: κρυπτός, romanized: kryptós "hidden, secret"; and γράφειν graphein, "to write", or -λογία -logia, "study", respectively[1]), is the practice and study of techniques for secure communication in the presence of third parties called adversaries.[2] More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages;[3] various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation[4] are central to modern cryptography. Modern cryptography exists at the intersection of the German Lorenz cipher machine, disciplines of mathematics, computer science, electrical engineering, used in World War II to encrypt very- communication science, and physics. Applications of cryptography high-level general staff messages include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications. Cryptography prior to the modern age was effectively synonymous with encryption, converting information from a readable state to unintelligible nonsense. The sender of an encrypted message shares the decoding technique only with intended recipients to preclude access from adversaries. The cryptography literature often uses the names Alice ("A") for the sender, Bob ("B") for the intended recipient, and Eve ("eavesdropper") for the adversary.[5] Since the development of rotor cipher machines in World War I and the advent of computers in World War II, cryptography methods have become increasingly complex and its applications more varied. Modern cryptography is heavily based on mathematical theory and computer science practice; cryptographic algorithms are designed around computational hardness assumptions, making such algorithms hard to break in actual practice by any adversary.