DOCSLIB.ORG

Quantum Unicity Distance [8440-32]

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Quantum Unicity Distance [8440-32] Quantum Unicity Distance Chong Xiang and Li Yang* State Key Laboratory of Information Security, Institute of Information Engineering, CAS, Beijing 100195, China Graduate University of the Chinese Academy of Sciences, Beijing 100049, China ABSTRACT We attempt to develop Shannon’s concept of the unicity distance into the quantum context. Based on the defini- tion of information-theoretic security for quantum cryptography, we present a quantum probabilistic encryption algorithm with bounded information-theoretic security, and then work out its quantum unicity distances. The result shows that quantum unicity distance is much bigger than the unicity distance of classical cryptography. Keywords: unicity distance, quantum unicity distance, quantum private key encryption, quantum probabilistic encryption. 1. INTRODUCTION Shannon provided the concept of unicity distance in 19491 . He showed a way of calculating approximately how many ciphertexts were necessary to recovery the unique key for the classical encryption protocols, the length of ciphertexts needed was determined by the entropy of the key space and the redundance of the plaintext space. This parameter can be used to measure the number of times one key can be reused securely, while the length of ciphertexts encrypted by same key is not more than the unicity distance, this key can not be confirmed under the Known Ciphertext Attack(KCA). According to Deavours, the unicity distance of DES is worked out as 8.2 ASCII characters or 66 bits2, 3 . Mao and Wu4 used the unicity distance to analysis the security of hashing algorithms, Liu, Zhang and Li5 then develop it into multimedia hash scheme. The quantum key distribution has been proved to be unconditionally secure and applied in practice.6–10 Though it is seem that quantum one-time pad(which usually called private quantum channel11–13) can be achieved theoretically with the quantum key distribution, we still need to consider the repetition of key for the well- known low efficiency of the quantum key distribution. The quantum unicity distance represents the theoretical limitation of how many times a key can be reused in quantum context. The quantum unicity distance of a quantum cryptography protocol can be used to measure its efficiency and the security in practice. In the latter part of this paper we provide a definition of information-theoretic security for quantum cryp- tography based on the information-theoretic security of classical cryptography suggested by O. Goldrich. We present a quantum probabilistic encryption with bounded information-theoretic security, and then calculate its quantum unicity distance. This quantum unicity distance is proved to be much bigger than that of a classical encryption protocol introduced by Shannon. 2. PRELIMINARIES 2.1 Unicity distance Although Shannon has shown an expression of the unicity distance1 , people always use the following expression in order to express the unicity distance under multi-system (P, C, K, ε, D): H(K) n0 = . RL log2 |P | *Corresponding author. Email: [email protected] Quantum Optics II, edited by Thomas Durt, Victor N. Zadkov, Proc. of SPIE Vol. 8440, 84400T · © 2012 SPIE · CCC code: 0277-786X/12/$18 · doi: 10.1117/12.922555 Proc. of SPIE Vol. 8440 84400T-1 The unicity distance has great significance for one cryptography protocol as the amount of unicity distance reflects the security of the protocol in one aspect. It must be noticed that unicity distance is a average value, so people always need more ciphertexts to get the unique key. It can be seen that if the ciphertext that eavesdropper E owned is longer than the unicity distance, it can be decrypted into a meaningful plaintext only with the unique key, and be decrypted into meaningless message with any other bit-strings. We can get the following figure: Figure 1. While the length of the plaintext grows, the ciphertext sets encrypted from the same set of meaningful plaintexts with different keys must be almost mutually disjoint sets. Classical cryptography has a property that its decryption process is certain, which means every time we decrypt the same ciphertext with the same key will result the same plaintext; however, the quantum cryptography has a certain decryption result with the unique key but a uncertain decryption result with other bit-strings. It means that a quantum cryptography may not have unicity distance even if its ciphertext sets encrypted from the same set of meaningful plaintext with different keys are almost mutually disjoint sets. 2.2 Information-theoretic security In classical cryptography, the information-theoretic security is suggested by O. Goldreich14 as follows: Definition 2.1. An encryption is information-theoretically secure if for every circuit family {Cn}, every positive polynomial p(·), all sufficiently large n’s, and every x, y in plaintext space: n n 1 Pr[Cn(G(1 ),EG(1n)(x)) = 1] − Pr[Cn(G(1 ),EG(1n)(y)) = 1] < , (1) p(n) where G is a key generation algorithm. 3. DEFINITIONS 3.1 Structure of quantum encryption transformation Quantum encryption protocols can be divided into four different kinds: 1. both the plaintext and the key are classical bits; 2. the key is quantum state, and the plaintext is classical bit; 3. the plaintext is quantum state, and the key is classical bit; 4. both the plaintext and the key are quantum states. Meanwhile the ciphertext is always quantum state. Different kinds of protocols may lead to different definition of quantum unicity distance, here we just discuss the first type of them as the Figure 2. Proc. of SPIE Vol. 8440 84400T-2 Classical plaintext bit-string Quantum Orthogonal state qubit-string Coding with orthogonal qubits ciphertext Qubit-string Encrypt with quantum operation Figure 2. The plaintexts are classical bits. Firstly we encodes them with orthogonal quantum states, then we encrypt the quantum states with quantum operation which is determined by the classical key, at last the ciphertexts are also quantum states. 3.2 Quantum unicity distance There are many differences between the unicity distance for the classical cryptography and the quantum cryp- tography. Firstly we cannot measure one quantum state repeatedly, so while one classical ciphertext can be used to verify any bit-string to see if it is the key, one quantum ciphertext can only be used to verify one bit-string, the quantum unicity distance shall be much bigger than the classical one; secondly any bit-string may have nonzero probability to decrypt ciphertexts into meaningful plaintexts under quantum mechanical. If we define the quantum spurious key referring to Shannon’s unicity distance, we can get this result: the spurious key of a quantum ciphertext Y may be defined as the bit-strings with which decrypting Y can get a meaningful plaintext. But under quantum mechanical, if we decrypt Y with any bit-strings except the key, the result may also be a superposition state which has some meaningful components and others meaningless. So we need to give a new definition for quantum spurious. We define the spurious key as follow: Definition 3.1. The quantum spurious key of a ciphertext Y is the bit-string except the unique key with which decrypting Y may result a meaningful plaintext with probability more than 1 − δ. Let’s define set Z as the set of meaningful plaintexts, spurious key of Y can be represented as follow: K(Y )={k ∈ K|P (Ek(Y ) ∈ Z) > 1 − δ}. For a quantum encryption protocol, if there exists a N satisfying that while the length of ciphertext is bigger than N, the number of quantum spurious keys is 0, we will call N the quantum unicity distance of the quantum cryptography. Notice that a classical ciphertext can be used any times to verify any bit-string to see that if it is the unique key, but a quantum ciphertext can only be used once, so quantum unicity distance should contain two components: one is the length of ciphertext with which we can verify if a bit-string is a wrong key and the other is the size of the key space. This definition is suited for calculating the quantum unicity distance of a specific quantum cryptography, but it is difficult to calculate the quantum unicity distance of abstract model of quantum cryptography. Proc. of SPIE Vol. 8440 84400T-3 3.3 Information-theoretic security of quantum cryptography15 We suggest here a definition of information-theoretic security of quantum encryption as follows: Definition 3.2. A quantum encryption is information-theoretically secure if for every quantum circuit family {Cn}, every positive polynomial p(·),allsufficientlylargen, and every x, y in plaintext space: n n 1 Pr[Cn(G(1 ),EG(1n)(x)) = 1] − Pr[Cn(G(1 ),EG(1n)(y)) = 1] < , (2) p(n) where the encryption algorithm E is a quantum algorithm, and the ciphertext E(x),E(y) are quantum states. Then we give the sufficient condition of the information-theoretic security which has been proved in paper.15 Theorem 3.3. For every plaintexts x and y, let the density operators of cipher states G(1n)(x) and G(1n)(y) are ρx and ρy, respectively. A quantum encryption protocol is said to be information-theoretically secure if for every positive polynomial p(·) and every sufficiently large n, 1 D(ρx,ρy) < . (3) p(n) 4. QUANTUM PROBABILISTIC ENCRYPTION PROTOCOL 4.1 Probabilistic encryption Probabilistic encryption16 is also called randomized encryption. A process of probabilistic encryption E can be shown as follow: E : Vn × K × R → Vm, where Vn and Vm are plaintext space and ciphertext space with m>n, K is the key space and R is a set of random numbers. The probabilistic cryptography maps one plaintext into different ciphertexts with the same key, so it can resist the Chosen Plaintext Attack better, and increase the effective size of the plaintext space.
Load more

Recommended publications
  • 4 Information Theory
    Jay Daigle Occidental College Math 400: Cryptology 4 Information Theory Definition 4.1. A (symmetric) encryption system is composed of: • A set of possible messages M • A set of possible keys K • A set of possible ciphertexts C • An encryption function e : K × M ! C • A decryption function d : K × C ! M such that the decryption function is a partial inverse to the encryption function: that is d(k; e(k; m)) = m e(k; d(k; c)) = c: −1 We often write ek(m) = e(k; m) and dk(c) = d(k; c). Thus for each k 2 K, dk = ek . This implies that each ek is one-to-one. Of course, some encryption systems are terrible. To be good, we'd like our cryptosystem to have the following properties: 1. Given any k 2 K; m 2 M, it's easy to compute e(k; m). 2. Given any k 2 K; c 2 C, it's easy to compute d(k; c). 3. Given a set of ciphertexts ci 2 C, it's difficult to compute dk(ci) without knowing k. 4. Given a collection of pairs (mi; ci), it's difficult to decrypt a ciphertext whose plaintext is not already known. (\known-plaintext attack"). The first two principles make a cryptosystem practically usable; the third and fourth make it secure. The fourth property is by far the most difficult to achieve. You'll notice that all of the cryptosystems we've studied so far satisfy the first two properties, and several of them do at least okay on the third, none of them achieve the fourth at all.
    [Show full text]
  • Amy Bell Abilene, TX December 2005
    Compositional Cryptology Thesis Presented to the Honors Committee of McMurry University In partial fulfillment of the requirements for Undergraduate Honors in Math By Amy Bell Abilene, TX December 2005 i ii Acknowledgements I could not have completed this thesis without all the support of my professors, family, and friends. Dr. McCoun especially deserves many thanks for helping me to develop the idea of compositional cryptology and for all the countless hours spent discussing new ideas and ways to expand my thesis. Because of his persistence and dedication, I was able to learn and go deeper into the subject matter than I ever expected. My committee members, Dr. Rittenhouse and Dr. Thornburg were also extremely helpful in giving me great advice for presenting my thesis. I also want to thank my family for always supporting me through everything. Without their love and encouragement I would never have been able to complete my thesis. Thanks also should go to my wonderful roommates who helped to keep me motivated during the final stressful months of my thesis. I especially want to thank my fiancé, Gian Falco, who has always believed in me and given me so much love and support throughout my college career. There are many more professors, coaches, and friends that I want to thank not only for encouraging me with my thesis, but also for helping me through all my pursuits at school. Thank you to all of my McMurry family! iii Preface The goal of this research was to gain a deeper understanding of some existing cryptosystems, to implement these cryptosystems in a computer programming language of my choice, and to discover whether the composition of cryptosystems leads to greater security.
    [Show full text]
  • Analysis of Stream Ciphers Based on Theoretic Approach
    International Journal of Science and Research (IJSR) ISSN (Online): 2319-7064 Impact Factor (2012): 3.358 Analysis of Stream Ciphers Based on Theoretic Approach Shisif Pokhrel1, Ahmed Abdul Kadhim Basheer2 1Jawaharlal Nehru Technological University Hyderabad, Andhra Pradesh, Hyderabad, Kukatpally - 500085 2Jawaharlal Nehru Technological University Hyderabad, Andhra Pradesh, Hyderabad, Kukatpally - 500085 Abstract: This paper is intended to determine the strength of modern security systems by theoretic approach. The design of existing security system is based on complexity of algorithm and secrecy of key. Besides, several parameters exists that may be useful to determine the strength of cryptosystem. Spurious keys gives text like text as decrypted output to a cryptogram and leads to confusion in proceeding towards unique solution during cryptanalysis. A system rich in spurious keys can be considered as more secured system. This paper presents analysis on stream ciphers and provides a construct model with rich spurious keys. The paper also shows the effect of implementation of Natural Language Model in security system Keywords: Cryptosystem, Cryptogram, Spurious Keys, Code-Points, Unicity Distance 1. Introduction Cryptography is a major tool concerned with security of information. The core of cryptography deals with key establishment and secured communication. The secret key is implemented for encryption and decryption. A basic convention exists in cryptography that the algorithm is public, cant be kept hidden to the attacker and the secrecy of the system solely depend on the secrecy of key and complexity of algorithm. However, there are different parameters defined in information theory of secrecy system like Entropy, Redundancy, Unicity Distance, Equivocation, which describe the strength of cryptosystem.
    [Show full text]
  • Decrypt Cryptotexts: GBLVMUB JOGPSNBUJLZ VMNIR RPNBMZ EBMFLP OFABKEFT Decrypt: VHFUHW GH GHXA VHFUHW GH GLHX, VHFUHW GH WURLV VH
    PROLOGUE - I. Decrypt cryptotexts: Part IV GBLVMUB JOGPSNBUJLZ Secret-key cryptosystems VMNIR RPNBMZ EBMFLP OFABKEFT prof. Jozef Gruska IV054 4. Secret-key cryptosystems 2/99 PROLOGUE - II. CHAPTER 4: SECRET-KEY (SYMMETRIC) CRYPTOGRAPHY Decrypt: In this chapter we deal with some of the very old, or quite old, classical (secret-key or symmetric) cryptosystems and their cryptanalysis that were primarily used in the pre-computer era. VHFUHW GH GHXA These cryptosystems are too weak nowadays, too easy to break, especially VHFUHW GH GLHX, with computers. However, these simple cryptosystems give a good illustration of several of the VHFUHW GH WURLV important ideas of the cryptography and cryptanalysis. Moreover, most of them can be very useful in combination with more modern VHFUHW GH WRXV. cryptosystem - to add a new level of security. prof. Jozef Gruska IV054 4. Secret-key cryptosystems 3/99 prof. Jozef Gruska IV054 4. Secret-key cryptosystems 4/99 BASICS CRYPTOLOGY - HISTORY + APPLICATIONS Cryptology (= cryptography + cryptanalysis) has more than four thousand years long history. Some historical observation People have always had fascination with keeping information away from others. Some people – rulers, diplomats, military people, businessmen – have always had needs to keep some information away from others. BASICS Importance of cryptography nowadays Applications: cryptography is the key tool to make modern information transmission secure, and to create secure information society. Foundations: cryptography gave rise to several new key concepts of the foundation of informatics: one-way functions, computationally perfect pseudorandom generators, zero-knowledge proofs, holographic proofs, program self-testing and self-correcting, . prof. Jozef Gruska IV054 4. Secret-key cryptosystems 5/99 prof.
    [Show full text]
  • Introduction to Cryptography with Open-Source Software
    DISCRETE MATHEMATICS AND ITS APPLICATIONS Series Editor KENNETH H. ROSEN INTRODUCTION TO CRYPTOGRAPHY WITH OPEN-SOURCE SOFTWARE Alasdair McAndrew Victoria University Melbourne, Victoria, Australia CRC Press Taylor &. Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Group, an informa business A CHAPMAN & HALL BOOK Contents Preface xv 1 Introduction to cryptography 1 1.1 Hiding information: Confidentiality 1 1.2 Some basic definitions 3 1.3 Attacks on a cryptosystem 5 1.4 Some cryptographic problems 7 1.5 Cryptographic protocols 8 1.6 Some simple ciphers 12 1.7 Cryptography and computer security 18 1.8 Glossary 19 Exercises 20 2 Basic number theory 23 2.1 Introduction 23 2.2 Some basic definitions 23 2.3 Some number theoretic calculations 27 2.4 Primality testing 44 2.5 Glossary 47 Exercises 48 3 Classical cryptosystems 55 3.1 Introduction 55 3.2 The Caesar cipher 56 3.3 Translation ciphers 57 3.4 Transposition ciphers 58 3.5 The Vigenere cipher 61 3.6 The one-time pad 65 3.7 Permutation ciphers 65 3.8 Matrix ciphers 66 3.9 Glossary 71 Exercises 71 4 Introduction to information theory 79 4.1 Entropy and uncertainty 79 ix X 4.2 Perfect secrecy 82 4.3 Estimating the entropy of English 84 4.4 Unicity distance 88 4.5 Glossary • 89 Exercises 89 5 Public-key cryptosystems based on factoring 93 5.1 Introduction 93 93 5.2 The RSA cryptosystem . 5.3 Attacks against RSA 99 5.4 RSA in Sage 101 5.5 Rabin's cryptosystem 104 5.6 Rabin's cryptosystem in Sage 109 5.7 Some notes on security HI 5.8 Factoring H2 5.9
    [Show full text]
  • Solving Substitution Ciphers
    Solving Substitution Ciphers Sam Hasinoff Department of Computer Science, University of Toronto [email protected] Abstract We present QUIPSTER, an experimental system for the automatic solu- tion of short substitution ciphers (Cryptoquotes). The system operates using an -gram model of English characters and stochastic local search over the space of ¡£¢¥¤§¦©¨ possible keys. Experimental results show a median of 94% cipher letters correctly decoded, which is typi- cally good enough for an unskilled human to finish decoding the cipher with minimal additional effort. Extensions incorporating a dictionary with word frequencies and a database of word patterns are also discussed. 1 Introduction In Arthur Conan Doyle’s short story “The Adventure of the Dancing Men” (1903), the pro- tagonist Sherlock Holmes solves a murder mystery by realizing that a series of unusual stick figure drawings (Figure 1) are actually messages encoded using a substitution cipher [5]. The substitution cipher is a well-known classical cipher in which every plaintext character in all its occurrences in a message is replaced by a unique ciphertext character. Figure 1: Dancing men ciphertext from “The Adventure of the Dancing Men” (1903). Thus, each permutation of the 26 letters of the English alphabet (there are ¡¢¤¦¨ in total) gives a unique key for encrypting a message. If a particular permutation is used to encrypt a message, then the inverse of that permutation can be used to decrypt it. A worked out example of a substitution cipher is given in Figure 2. Decoding substitution ciphers is a popular activity among amateur cryptographers and peo- ple who enjoy word puzzles.
    [Show full text]
  • Introduction to Symmetric Cryptography
    Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to Symmetric Cryptography What is cryptography? Cryptography is communication in the presence of an adversary Ron Rivest. Coding theory Detection and correction of random errors Cryptography Detection and protection of hostile \errors" L.R. Knudsen Introduction to Symmetric Cryptography What is cryptography about? Secrecy (confidentiality) Keeping things secret (data, communication, entity, etc.) Authentication Assurance about authenticity (of data, origin, entity, etc.) L.R. Knudsen Introduction to Symmetric Cryptography Symmetric encryption Classical encryption Secure channel %AC&@9^( Message Encryption Decryption Message L.R. Knudsen Introduction to Symmetric Cryptography Public-key encryption L.R. Knudsen Introduction to Symmetric Cryptography Public-key versus symmetric cryptosystems Advantages Disadvantages Symmetric fast systems secure key-exchange Public-key slow systems no secure key-exchange Hybrid encryption L.R. Knudsen Introduction to Symmetric Cryptography Introduction to symmetric cryptosystems Cryptosystem( P; C; K; E; D) P : set of plaintexts C : set of ciphertexts K : set of keys E : for k 2 K : ek (x) encryption rule D : for k 2 K : dk (x) decryption rule For every k 2 K : it holds for all m that dk (ek (m)) = m L.R. Knudsen Introduction to Symmetric Cryptography Symmetric encryption Kerckhoffs’ principle Everything is known to an attacker except for the value of the secret key. Attack scenarios Ciphertext only Known plaintext Chosen plaintext/ciphertext Adaptive chosen plaintext/ciphertext (black-box) Typical goal High security even under black-box attack L.R. Knudsen Introduction to Symmetric Cryptography Claude E. Shannon, 1916-2001 Communication Theory of Secrecy Systems, published in 1949.
    [Show full text]
  • 2. Classic Cryptography Methods 2.1. Spartan Scytale. One of the Oldest Known Examples Is the Spartan Scytale (Scytale /Skɪtəl
    2. Classic Cryptography Methods 2.1. Spartan scytale. One of the oldest known examples is the Spartan scytale (scytale /skɪtəli/, rhymes with Italy, a baton). From indirect evidence, the scytale was first mentioned by the Greek poet Archilochus who lived in the 7th century B.C. (over 2500 years ago). The ancient Greeks, and the Spartans in particular, are said to have used this cipher to communicate during military campaigns.Sender and recipient each had a cylinder (called a scytale) of exactly the same radius. The sender wound a narrow ribbon of parchment around his cylinder, then wrote on it lengthwise. After the ribbon is unwound, the writing could be read only by a person who had a cylinder of exactly the same circumference. The following table illustrate the idea. Imagine that each column wraps around the dowel one time, that is that the bottom of one column is followed by the top of the next column. Original message: Kill king tomorrow midnight Wrapped message: k i l l k i n g t o m o r r o w m i d n i g h t Encoded message: ktm ioi lmd lon kri irg noh gwt The key parameter in using the scytale encryption is the number of letters that can be recorded on one wrap ribbon around the dowel. Above the maximum was 3, since there are 3 rows in the wrapped meassage. The last row was padded with blank spaces before the message was encoded. We'll call this the wrap parameter. If you don't know the wrap parameter you cannot decode a message.
    [Show full text]
  • Theoretical Security
    Theoretical Security Klaus Pommerening Fachbereich Mathematik der Johannes-Gutenberg-Universit¨at Saarstraße 21 D-55099 Mainz February 6, 2000|English version July 30, 2014|last change January 19, 2021 The theory of this section goes back to Claude Shannon[15] (with later simplifications by Hellman[8]). In his paper Shannon developed the first general mathematical model of cryptology as well as the analysis of cryp- tosystems by information theoretical methods. The basic question this the- ory asks is: How much information about the plaintext is preserved in the ciphertext? (no matter how difficult or expensive the extraction of this information is.) If this information doesn't suffice to determine the plaintext, then the cipher is secure. Shannon's ideas are based on the information theory that he had de- veloped before [14]. The practical value of Shannon's theory is limited. But besides it there are almost no sufficient criteria for the security of cryptographic methods that are mathematically proved. In contrast there are lots of necessary cri- teria derived from cryptanalytic procedures. Lacking better ideas one tries to optimize the cryptographic procedures for these necessary conditions. We saw and shall see many instances of this in these lecture notes. 1 K. Pommerening, Theoretical Security 2 1 A Priori and A Posteriori Probabilities Model Scenario Consider • a finite set M0 ⊆ M of possible plaintexts|for example all plaintexts of length r or of length ≤ r, • a finite set K of keys, ∗ • a cipher F = (fk)k2K with fk : M −! Σ . The restriction to a finite set M0 allows us to handle probabilities in the naive way.
    [Show full text]
  • Caesar Cipher Caesar Cipher the Action of a Caesar Cipher Is to Replace Each Plaintext Letter with One Fixed Number of Places Do
    Caesar cipher Caesar cipher The action of a Caesar cipher is to replace each plaintext letter with one fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the cipher text. Detail Structure substitution cipher Best public cryptanalysis Susceptible to frequency analysis and brute force attacks. In cryptography, a Caesar cipher, also known as a Caesar's cipher, the shift cipher, Caesar's code or Caesar shift, is one of the simplest and most widely known encryption techniques. It is a type of substitution cipher in which each letter in the plain text is replaced by a letter some fixed number of positions down the alphabet. For example, with a shift of 3, A would be replaced by D, B would become E, and so on. The method is named after Julius Caesar, who used it to communicate with his generals. The encryption step performed by a Caesar cipher is often incorporated as part of more complex schemes, such as the Vigenère cipher, and still has modern application in the ROT13 system. As with all single alphabet substitution ciphers, the Caesar cipher is easily broken and in modern practice offers essentially no communication security. Example The transformation can be represented by aligning two alphabets; the cipher alphabet is the plain alphabet rotated left or right by some number of positions. For instance, here is a Caesar cipher using a left rotation of three places (the shift parameter, here 3, is used as the key): Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC When encrypting, a person looks up each letter of the message in the "plain" line and writes down the corresponding letter in the "cipher" line.
    [Show full text]
  • Cryptography — Introduction Version: 2012/02/06 16:06:05
    CSc 466/566 Computer Security 4 : Cryptography — Introduction Version: 2012/02/06 16:06:05 Department of Computer Science University of Arizona [email protected] Copyright c 2012 Christian Collberg Christian Collberg 1/51 Outline 1 Introduction 2 Attacks 3 Substitution Ciphers 4 Transposition Ciphers 5 Substitution and Permutation Boxes 6 One-Time Pads 7 Summary Introduction 2/51 Introduction In this section we introduce some classical symmetric ciphers. We also discuss various attacks against ciphers. Introduction 3/51 Outline 1 Introduction 2 Attacks 3 Substitution Ciphers 4 Transposition Ciphers 5 Substitution and Permutation Boxes 6 One-Time Pads 7 Summary Attacks 4/51 Attacks Against Cryptosystems Definition (cryptanalysis) The science of attacking cryptosystems. A cryptanalyst attacks cryptosystems. We assume the cryptanalyst knows the algorithms involved. He wants to discover plaintext or keys. Attacks 5/51 Ciphertext-only attack plaintext encrypt ciphertext decrypt plaintext K K We have: the ciphertext of several messages that have been encrypted with the same key, K. We recover: the plaintexts, or K. Ciphertext-only attack plaintext encrypt ciphertext decrypt plaintext K K Eve We have: the ciphertext of several messages that have been encrypted with the same key, K. We recover: the plaintexts, or K. Ciphertext-only attack plaintext encrypt ciphertext decrypt plaintext K K Eve K plaintext We have: the ciphertext of several messages that have been encrypted with the same key, K. We recover: the plaintexts, or K. Attacks 6/51 Known-plaintext attack plaintext encrypt ciphertext decrypt plaintext K K We have: the ciphertexts and corresponding plaintexts of several messages, all encrypted with the same key K.
    [Show full text]
  • Cryptography and Computer Security
    Outline Secret Messages Symmetric Crypto Caesar Classical Appendix Polyalphabetic Cryptanalysis References CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 3 September 6, 2017 (appendix added 10/27/17) CPSC 467, Lecture 3 1/72 Outline Secret Messages Symmetric Crypto Caesar Classical Appendix Polyalphabetic Cryptanalysis References Secret Message Transmission Symmetric Cryptography Caesar cipher Some other classical ciphers Generalized shift ciphers Polyalphabetic ciphers Polygraphic Ciphers Appendix Polyalphabetic Substitution Ciphers Classical polyalphabetic ciphers Rotor machines One-time pad Cryptanalysis Breaking the Caesar cipher Brute force attack CPSC 467, Lecture 3 2/72 Outline Secret Messages Symmetric Crypto Caesar Classical Appendix Polyalphabetic Cryptanalysis References Letter frequencies Key length Manual attacks References CPSC 467, Lecture 3 3/72 Outline Secret Messages Symmetric Crypto Caesar Classical Appendix Polyalphabetic Cryptanalysis References Reading assignment Read Chapter 1 of Christof Paar and Jan Pelzl,Understanding Cryptography [PP10]. CPSC 467, Lecture 3 4/72 Outline Secret Messages Symmetric Crypto Caesar Classical Appendix Polyalphabetic Cryptanalysis References Secret Message Transmission CPSC 467, Lecture 3 5/72 Outline Secret Messages Symmetric Crypto Caesar Classical Appendix Polyalphabetic Cryptanalysis References Secret message transmission problem Alice wants to send Bob a private message m over the internet. Eve is an eavesdropper who listens in and wants to learn m. Alice
    [Show full text]