Cryptography I — Exercises —

Luca Vigan`o Institut f¨urInformatik Albert-Ludwigs-Universit¨at Freiburg

IT-Security: Theory and Practice (WS02) Luca Vigan`o 1 Some definitions

• Cryptology: the study of secret writing.

• Cryptography: the science of secret writing.

• Secret writing: codes and ciphers (more general). – Code: a string of symbols stands for a complete message. Example: telegraph code “73” = “love and kisses”. – Cipher = cryptographic algorithm: transform plaintext P into ciphertext C (and vice versa). • Cryptanalysis: the science of recovering P (or keys and other secrets). – Attack = attempted cryptanalysis. – Compromise = obtain secret by non-cryptanalytic means (theft, torture, ...). Also: steganography (hide secret messages in other messages).

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 2 Key-based cryptographic algorithms

• General Schema: EKey1(P) = C , DKey2(C ) = P

Key1 Key2 Ciphertext Plaintext Plain Text Encryption Decryption P C P

• Security depends on secrecy of the key, not on the details of the algorithm (which can be published and analyzed).

• Symmetric algorithms: Key1 = Key2, or are easily derived from each other.

DKey2(C ) = DKey2(EKey1(P)) = P .

• Asymmetric or public key algorithms: – Different keys, which cannot be derived from each other. – Public key can be published without compromising private key.

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 3 Goals of cryptography

Protection goals:

• Confidentiality: prevention of unauthorized disclosure of information (only selected principals should be able to access data/message).

• Integrity: prevention of unauthorized modification of information (an intruder should not be able to modify a message in transit).

• Availability: prevention of unauthorized withholding of information or resources.

• Authentication: an intruder should not be able to masquerade as someone else.

• Nonrepudiation: a sender should not be able to falsely deny later that he sent a message.

• etc. (see, for instance, Gollmann’s book)

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 4 Historical perspective

• Code: a string of symbols stands for a complete message. – Example: ‘OCELOT’ is ciphertext for ‘TURN LEFT 90 DEGREES’ and ‘LOLLIPOP’ is ciphertext for ‘TURN RIGHT 90 DEGREES’. – But: if there is no entry for ‘ANTEATER’, then you can’t say it.

• Cipher (cryptographic algorithm): one-to-one correspondence between symbols of original message (plaintext P) and symbols of its equivalent in secret writing (ciphertext C).

• Classical ciphers: simple algorithms (military, ordinary citizens, ...).

• Modern ciphers: computer cryptography. – Yesterday: exclusive domain of the world’s militaries, governments, ... – Today: state-of-the-art cryptography accessible to ordinary citizens.

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 5 Transposition ciphers Rearrange (order of) bits or characters in the plaintext.

• Keys are functions for transposition.

• More formally: – For block length t, let K be the set of permutations on {1,..., t}. For each e ∈ K and m ∈ M

Ee(m) = me(1)me(2) ··· me(t)

– The set of all such transformations is called a transposition cipher. – To decrypt c = c1c2 ··· ct compute Dd (c) = cd(1)cd(2) ··· cd(t).

• N.B.: cryptanalysis easy as frequencies (of letters) preserved.

• Examples: – Aduaenttlydhatoiekounletmtoihahvsekeeeleeyqonouv = ??? – EARN SAIS CNE = ???

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 6 Transposition ciphers (cont.) • P = And in the end the love you take is equal to the love you make A n d i n t h e e n d t h e l o v e y o u t a k e i s e q u a l t o t h e l o v e y o u m a k e C = Aduaenttlydhatoiekounletmtoihahvsekeeeleeyqonouv Key (in this case: the grid) is function for transposition. • Scytale: wrap belt spirally around baton and write plaintext lengthwise on it (ancient Greeks, who also used concealment ciphers).

• Fixed period: i = 1, 2, 3, 4 RENA ISSA NCE ⇒ Period 4 and f (i) = 2, 4, 1, 3 EARN SAIS CNE

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 7 Substitution ciphers

Replace parts of plaintext (bits, characters, blocks) with ciphertext.

• Can be almost always easily broken.

• Keys are functions for substitution.

• Monoalphabetic or polyalphabetic (and other types).

• Used in some modern commercial computer security products, in conjunction with other methods.

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 8 Mono-alphabetic substitution ciphers

• Let K be the set of all permutations on the alphabet A. Define for each e ∈ K an encryption transformation Ee on strings m = m1m2 ··· mn ∈ M as

Ee(m) = e(m1)e(m2) ··· e(mn) = c1c2 ··· cn = c

• To decrypt c, compute the inverse permutation d = e−1 and

Dd (c) = d(c1)d(c2) ··· d(cn) = m

• Ee is a simple substitution cipher or a mono-alphabetic substitution cipher.

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 9 Examples of substitution ciphers • Caesar cipher: each plaintext character is replaced by the character three to the right modulo 26. – ‘A’ is replaced by ‘D’, ‘B’ by ‘E’, ..., ‘X’ by ‘A’, ...

⇒ KHOOR ZRUOG = HELLO WORLD

• ROT13: rotate every letter by 13 places – ‘A’ is replaced by ‘N’, ‘B’ by ‘O’, ..., ‘N’ by ‘A’, ..., ‘P’ by ‘C’, ... – P = ROT13(ROT13(P))

⇒ Zl anzr vf Nqnz = My name is Adam

• Alphanumeric (‘crossword puzzle’, ‘Kreuzwortr¨atsel’): substitute numbers for letters. – Example: ‘A’ is replaced by ‘1’, ‘B’ by ‘2’, ...

⇒ 2-25-5 2-25-5 = BYE BYE

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 10 Advanced Caesar cipher

• Caesar Cipher: each plaintext character is replaced by the character three to the right modulo 26.

• Advanced Caesar Cipher: key = number of characters of alphabet’s offset, e.g. with shift 19:

Plaintext: A B C D E F G H I J . . . U V W X Y Z Ciphertext: T U V W X Y Z A B C . . . N O P Q R S

• Shift n can be broken by hand! How?

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 10 Advanced Caesar cipher

• Caesar Cipher: each plaintext character is replaced by the character three to the right modulo 26.

• Advanced Caesar Cipher: key = number of characters of alphabet’s offset, e.g. with shift 19:

Plaintext: A B C D E F G H I J . . . U V W X Y Z Ciphertext: T U V W X Y Z A B C . . . N O P Q R S

• Shift n can be broken by hand! How?

• Unknown shift is one of possible 26... use computer to try them all out...

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 10 Advanced Caesar cipher

• Caesar Cipher: each plaintext character is replaced by the character three to the right modulo 26.

• Advanced Caesar Cipher: key = number of characters of alphabet’s offset, e.g. with shift 19:

Plaintext: A B C D E F G H I J . . . U V W X Y Z Ciphertext: T U V W X Y Z A B C . . . N O P Q R S

• Shift n can be broken by hand! How?

• Unknown shift is one of possible 26... use computer to try them all out...

• ...but can computer recognize “readable English (German, Japanese,...) texts”?

• A better approach is to use statistical data about letter frequencies...

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 11 Advanced Caesar Cipher — Exercise

Relative frequencies in an English text of 1000 letters:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 73 9 30 44 130 28 16 35 74 2 3 35 25 78 74 27 3 77 63 93 27 13 16 5 19 1 Use this information to decide the most likely shift used to obtain:

K DKVO DYVN LI KX SNSYD, PEVV YP CYEXN KXN PEBI, CSQXSPISXQ XYDRSXQ.

Don’t just use “brute force” but proceed strategically: tally the frequencies of letters in the ciphertext

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

and then try a shift so that there is a correspondence between the English Language Frequencies and the Enciphered Message Frequencies.

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 12 Advanced Caesar Cipher — Exercise solution Relative frequencies in an English text of 1000 letters:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 73 9 30 44 130 28 16 35 74 2 3 35 25 78 74 27 3 77 63 93 27 13 16 5 19 1

K DKVO DYVN LI KX SNSYD, PEVV YP CYEXN KXN PEBI, CSQXSPISXQ XYDRSXQ.

⇒ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 4 3 0 0 0 3 0 4 1 0 4 1 4 3 1 6 0 0 4 0 7 5 0

⇒

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 73 9 30 44 130 28 16 35 74 2 3 35 25 78 74 27 3 77 63 93 27 13 16 5 19 1 K L M N O P Q R S T U V W X Y Z A B C D E F G H I J 4 1 0 4 1 4 3 1 6 0 0 4 0 7 5 0 0 1 2 4 3 0 0 0 3 0 ⇒

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 13 Advanced Caesar Cipher — Exercise solution

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z K L M N O P Q R S T U V W X Y Z A B C D E F G H I J so that

K DKVO DYVN LI KX SNSYD, PEVV YP CYEXN KXN PEBI, CSQXSPISXQ XYDRSXQ.

is decrypted to

A TALE TOLD BY AN IDIOT, FULL OF SOUND AND FURY, SIGNIFYING NOTHING. which is an excerpt from

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 13 Advanced Caesar Cipher — Exercise solution

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z K L M N O P Q R S T U V W X Y Z A B C D E F G H I J so that

K DKVO DYVN LI KX SNSYD, PEVV YP CYEXN KXN PEBI, CSQXSPISXQ XYDRSXQ.

is decrypted to

A TALE TOLD BY AN IDIOT, FULL OF SOUND AND FURY, SIGNIFYING NOTHING. which is an excerpt from William Shakespeare’s Macbeth, Act V, Scene 5

To-morrow, and to-morrow, and to-morrow, Creeps in this petty pace from day to day, To the last syllable of recorded time; And all our yesterdays have lighted fools The way to dusty death. Out, out, brief candle! Life’s but a walking shadow; a poor player, That struts and frets his hour upon the stage, And then is heard no more: it is a tale Told by an idiot, full of sound and fury, Signifying nothing.

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 14 Advanced Caesar Cipher — Another Exercise

K DKVO DYVN LI KX SNSYD, PEVV YP CYEXN KXN PEBI, CSQXSPISXQ XYDRSXQ.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 73 9 30 44 130 28 16 35 74 2 3 35 25 78 74 27 3 77 63 93 27 13 16 5 19 1 K L M N O P Q R S T U V W X Y Z A B C D E F G H I J 4 1 0 4 1 4 3 1 6 0 0 4 0 7 5 0 0 1 2 4 3 0 0 0 3 0 ⇒

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

⇒

A TALE TOLD BY AN IDIOT, FULL OF SOUND AND FURY, SIGNIFYING NOTHING.

Question: why is this not a very good example for the use (and decryption) of an advanced Caesar cipher by frequency analysis? As a comparison, decrypt the following ciphertext and explain why it is better suited for frequency analysis

QBB JXU MEHBT YI Q IJQWU QDT QBB JXU CUD QDT MECUD CUHUBO FBQOUHI

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 15 Successfull Substitution Ciphers

To resist to frequency analysis, successfull substitution ciphers employ several advanced Caesar ciphers at once, e.g. by employing several cipher-disks

or a Vigen`erecipher. For example, try to decrypt the ciphertext KS ME HZ BBL KS ME MPOG AJ XSE JCSFLZSY

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 16 The Vigen`ere Cipher A polyalphabetic substitution cipher based on a tableau where each row is a Caesar Cipher with incremental shift (by Blaise de Vigen`erefrom the court of Henry III of France in the 16th century):

ABCDEFGHIJKLMNOPQRSTUVWXYZ A ABCDEFGHIJKLMNOPQRSTUVWXYZ B BCDEFGHIJKLMNOPQRSTUVWXYZA C CDEFGHIJKLMNOPQRSTUVWXYZAB D DEFGHIJKLMNOPQRSTUVWXYZABC E EFGHIJKLMNOPQRSTUVWXYZABCD F FGHIJKLMNOPQRSTUVWXYZABCDE G GHIJKLMNOPQRSTUVWXYZABCDEF H HIJKLMNOPQRSTUVWXYZABCDEFG I IJKLMNOPQRSTUVWXYZABCDEFGH J JKLMNOPQRSTUVWXYZABCDEFGHI K KLMNOPQRSTUVWXYZABCDEFGHIJ L LMNOPQRSTUVWXYZABCDEFGHIJK M MNOPQRSTUVWXYZABCDEFGHIJKL N NOPQRSTUVWXYZABCDEFGHIJKLM O OPQRSTUVWXYZABCDEFGHIJKLMN P PQRSTUVWXYZABCDEFGHIJKLMNO Q QRSTUVWXYZABCDEFGHIJKLMNOP R RSTUVWXYZABCDEFGHIJKLMNOPQ S STUVWXYZABCDEFGHIJKLMNOPQR T TUVWXYZABCDEFGHIJKLMNOPQRS U UVWXYZABCDEFGHIJKLMNOPQRST V VWXYZABCDEFGHIJKLMNOPQRSTU W WXYZABCDEFGHIJKLMNOPQRSTUV X XYZABCDEFGHIJKLMNOPQRSTUVW Y YZABCDEFGHIJKLMNOPQRSTUVWX Z ZABCDEFGHIJKLMNOPQRSTUVWXY

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 17 The Vigen`ere Cipher — Encipherment • Use the table together with a keyword to encipher a message.

• If we use the keyword RELATIONS to encipher the plaintext message

TO BE OR NOT TO BE THAT IS THE QUESTION

then the ciphertext

Keyword: RE LA TI ONS RE LA TION SR ELA TIONSREL Plaintext: TO BE OR NOT TO BE THAT IS THE QUESTION Ciphertext: KS ME HZ BBL KS ME MPOG AJ XSE JCSFLZSY

follows by the intersection of the columns given by the plaintext letters and the rows given by the corresponding keyword letters

AB ··· T ··· A AB ········· B BC ········· ...... R RS ··· K ··· . . . ·········

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 18 The Vigen`ere Cipher — Decipherment

Encipherment: Keyword: RE LA TI ONS RE LA TION SR ELA TIONSREL Plaintext: TO BE OR NOT TO BE THAT IS THE QUESTION Ciphertext: KS ME HZ BBL KS ME MPOG AJ XSE JCSFLZSY Decipherment: Keyword: RE LA TI ONS RE LA TION SR ELA TIONSREL Ciphertext: KS ME HZ BBL KS ME MPOG AJ XSE JCSFLZSY Plaintext: TO BE OR NOT TO BE THAT IS THE QUESTION Use the keyword letter to pick a column of the table and then trace down the column to the row containing the ciphertext letter: the index of that row is the plaintext letter. AB ··· R ··· A AB ········· B BC ········· ...... T TU ··· K ··· . . . ·········

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 19 The Vigen`ere Cipher — Discussion

Keyword: RE LA TI ONS RE LA TION SR ELA TIONSREL Plaintext: TO BE OR NOT TO BE THAT IS THE QUESTION Ciphertext: KS ME HZ BBL KS ME MPOG AJ XSE JCSFLZSY

• This ciphertext illustrates the strength of the Vigen`ere cipher against frequency analysis.

• How?

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 19 The Vigen`ere Cipher — Discussion

Keyword: RE LA TI ONS RE LA TION SR ELA TIONSREL Plaintext: TO BE OR NOT TO BE THAT IS THE QUESTION Ciphertext: KS ME HZ BBL KS ME MPOG AJ XSE JCSFLZSY

• This ciphertext illustrates the strength of the Vigen`ere cipher against frequency analysis.

• How? Look, for example, at the 7 ‘T’s in the plaintext.

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 19 The Vigen`ere Cipher — Discussion

Keyword: RE LA TI ONS RE LA TION SR ELA TIONSREL Plaintext: TO BE OR NOT TO BE THAT IS THE QUESTION Ciphertext: KS ME HZ BBL KS ME MPOG AJ XSE JCSFLZSY

• This ciphertext illustrates the strength of the Vigen`ere cipher against frequency analysis.

• How? Look, for example, at the 7 ‘T’s in the plaintext.

• They have been encrypted by ‘H’, ‘L’, ‘K’, ‘M’, ‘G’, ‘X’, ’L’.

• This successfully masks the frequency characteristics of the English ‘T.’

• In a nutshell: each letter of the keyword RELATIONS picks out 1 of the 26 possible substitution alphabets given in the Vigen`ere tableau.

• Thus, any message encrypted by a Vigen`erecipher is a collection of as many simple substitution ciphers as there are letters in the keyword.

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 20 The Vigen`ere Cipher — Attacks and Variations

• The Vigen`ere Cipher can be broken with the Kasiski/Kerckhoff Method (1863): find the length of the keyword and then divide the message into that many simple substitution cryptograms that can be attacked by frequency analysis.

• The Gronsfeld Cipher is a modern variant of the Vigen`ereCipher in which a key number is used instead of a keyword, e.g. 14965.

• Other ciphers in the next exercises and in the bibliography, including the Polybius Cipher, the Playfair Cipher, the ADFGVX Cipher, and the Enigma Machine.

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 21 A modern cipher: XOR

0 ⊕ 0 = 0 0 ⊕ 1 = 1 1 ⊕ 0 = 1 1 ⊕ 1 = 0 where a ⊕ a = 0 a ⊕ b ⊕ b = a

XOR can be used as polyalphabetic cipher:

P ⊕ K = C C ⊕ K = P but it can be trivially broken!

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 22 One-time pads (Vernam cipher)

• Perfect encryption scheme!

• Invented in 1917, still used today for ultra-secure low-bandwidth channels.

• Large nonrepeating set of truly random key letters, written on sheets of paper, and glued together in a pad.

• New message ⇒ new key letters.

• Can be extended to binary data, using XOR.

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 23 One-time pads

• A one-time pad is a stream cipher defined on A = {0, 1}. Message m1 ··· mn is encrypted by a binary key string k1 ··· kn.

Ek1···kn (m1 ··· mn) = (m1 ⊕ k1) ··· (mn ⊕ kn)

Dk1···kn (c1 ··· cn) = (c1 ⊕ k1) ··· (cn ⊕ kn)

• Example: m = 010111, k = 110010, and c = 100101

• Since every key sequence is equally likely, so is every plaintext! Perfect (information theoretical) security, if key isn’t reused.

• Until recently, communication between Moscow and Washington was secured this way. Keys transported by trusted courier. Problematic to securely exchange and synchronize long keys.

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 24 One-time pads (cont.)

1. Sender uses each key letter on the pad to encrypt exactly one plaintext character.

2. Encryption: add (modulo 26) the plaintext character and the one-time pad key character.

3. Each key letter is used exactly once, for only one message.

4. Sender encrypts message and then destroys the pad.

5. Receiver has an identical pad and uses each key on the pad, in turn, to decrypt each letter of the cyphertext, and then destroys the pad.

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 25 One-time pads (cont.)

• Example: – If message is ONETIMEPAD and the key sequence from the pad is TBFRGFARFM, then the ciphertext is IPKLPSFHGQ. O + T mod 26 = I, N + B mod 26 = P ... – Since every key sequence is equally likely, an attacker has no chance! – Key sequence could be POYYAEAAZX ⇒ SALMONEGGS BXFGBMTMXM ⇒ GREENFLUID ABCDEFGHIJ ⇒ ...

• Caveats: – Key letters have to be generated randomly. – No reuse of key sequence. – Length of key sequence must be equal to the length of the message. – Synchronization sender-receiver is needed.

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 26 One-time pads (cont.)

Ciphertexts encrypted according to a one-time pad cipher are unbreakable.

However, this relies on each one-time pad being used once and only once.

If a spy intercepts two distinct ciphertexts which have been encrypted with the same one-time pad, he could (quite easily) decipher them.

Question: which strategy could he adopt to decipher them?

As a concrete example, decipher the two following texts, which were encrypted with the same one-time pad (mod 26):

• UJHANTAMAWMUZVGKTERRYKUB

• BPGXMKYMBBPYXMOGOEHDEFGH

Which is the one-time pad that was used?

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 27 Composite ciphers

• Ciphers based on just substitutions or transpositions are not secure

• Ciphers can be combined. However . . . – two substitutions are really only one more complex substitution, – two transpositions are really only one transposition, – but a substitution followed by a transposition makes a new harder cipher.

• Product ciphers chain substitution-transposition combinations.

• Difficult to do by hand ; invention of cipher machines.

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 28 Another Non-Trivial Classical Cipher Exercise: the Churchyard cipher (simplified)

• History: – This ciphertext appeared engraved on a tombstone in Trinity Churchyard (New York) in 1794. – First published solution: 1896.

• Questions: – What kind of cipher is it? – Why is it so difficult to break? (Especially without the hint!) – What is the plaintext message? – What is the key?

• HINT: TIC TAC TOE = :

• Similar cipher: the Pigpen Cipher.

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 29 Bibliography

• Bruce Schneier. Applied Cryptography. John Wiley & Sons, New York, 1996.

• Dieter Gollmann. Computer Security. Wiley, 2000.

• Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996. Available online at http://cacr.math.uwaterloo.ca/hac/

• Arthur E. Hutt, Seymour Bosworth, Douglas B. Hoyt. Computer Security Handbook. John Wiley & Sons, 1995.

• John Clark and Jeremy Jacob: A survey of authentication protocol literature, 1997. http://www.cs.york.ac.uk/~jac/

See the class webpage

http://www.informatik.uni-freiburg.de/~softech/teaching/ws02/itsec/ and check out the “Security Logics links” there.

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 30 Bibliography: URLs on Cryptography and Ciphers

Some of these webpages let you also experiment with Java versions of the ciphers.

• Cryptography and ciphers: http://www.trincoll.edu/depts/cpsc/cryptography/index.html • The Code Breakers: http://www.math.arizona.edu/~dsl/talk.htm • The Enigma Machine: http://www.swimmer.org/morton/enigma.html • Secret Code Breaker Online: http://codebreaker.dids.com/ • Beginners’ Guide to Cryptography: http://www.ftech.net/ monark/crypto/index.htm • Introduction to Cryptosystems: http://www.math.nmsu.edu/~crypto/Fundamentals.html • Magic Decoder Game: http://raphael.math.uic.edu/ jeremy/crypt/cgi-bin/magic-gateway.cgi • Storia della crittografia (in italian): http://www.provincia.venezia.it/mfosc/studenti/crittografia/critto/storia.htm • Making the Enigma ciphers for the film ”Enigma”: http://www.qufaro.demon.co.uk/enigmafilm/ • An online bibliography: http://www.ce.chalmers.se/~stefanp/Security/sec bib.html • The Cipher IEEE newsletter: http://www.ieee-security.org/cipher.html

IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 31 Selected Filmography

• Math in the Movies: http://world.std.com/~reinhold/dir/mathmovies.html

• Cybercinema: http://www.english.uiuc.edu/cybercinema

• Hollywood and computers: http://www.cbi.umn.edu/resources/hollywood.html

Many cowboy and indian movie with smoke signals; many James Bond or spy movies; Ulysses; Wargames; Con air; Mercury rising; Mission Impossible; Sneakers; Pi; The 13th floor; Swordfish; Windtalkers; Enigma...

IT-Security: Theory and Practice (WS02) 31.10.02