Cryptography Cryptography The science and study of secret writings Cipher – Is a secret method of writing that transforms plaintext into ciphertext • Comes in two flavors: Symmetric and The transformation is determined by a key Asymmetric • Best for protection of “online” communications Cryptographic systems – One key • Good for archival data – Two key • So-so for electronic mail – Public key • Not good for active databases – Digital signatures Cryptography CS177 2013 Cryptography CS177 2013 1 2 Terminology Communication Security • To lock (encipher): transforms into unintelligible form based on independent Secure communication should provide: data element called a key • Privacy • To unlock (decipher): transforms back into • Authentication intelligible form, again using a key • Integrity • Locked data is called ciphertext or black Anna Bruno • Nonrepudiation • Unlocked data is called plaintext, cleartext, or red • Keys are themselves data and can be locked Carlo and unlocked Cryptography CS177 2013 Cryptography CS177 2013 3 4 Cryptography General Observations • Cryptography never solves a problem; it Enciphering transforms a security problem into a key Clear Cipher management problem • It takes a secret to keep a secret Text Text Deciphering Cryptography CS177 2013 Cryptography CS177 2013 5 6 1 Cryptographic System Crypto Systems Should (Cryptosystem) Guarantee Both – Secrecy • A plaintext message space M – Authenticity • A ciphertext message space C • A key space K Secrecy requirements • A family of enciphering transformations 1. Should be computationally infeasible to systematically Ek: M C determine Dk from c, even if corresponding m is known • A family of deciphering transformations 2. Should be computationally infeasible to determine m from Dk: C M intercepted c Cryptography CS177 2013 Cryptography CS177 2013 7 8 Crypto Systems Should Desirable Properties of Guarantee Both Crypto Systems – Secrecy – Authenticity • Enciphering and deciphering must be efficient for all keys Authenticity requirements 1. Should be computationally infeasible to systematically • System must be easy to use determine Ek from c, even if corresponding m is known • The security of the system should depend on 2. Should be computationally infeasible to find c' such that the secrecy of the keys and not on the Dk(c') is valid plaintext in the set M secrecy of the algorithms E or D Cryptography CS177 2013 Cryptography CS177 2013 9 10 Cryptanalysis Cryptanalysis (continued) • Cryptanalysis attempts to discover the key or the plaintext of an encrypted message – Assume analyst knows the algorithm but not the key • Types of attack (continued) • Types of attack: – Chosen plaintext – Ciphertext only • Given: M1, C1 = Ek(M1), M2, C2 = Ek(M2), ..., • Given: C1 = Ek(M1), C2 = Ek(M2), ..., Ci = Ek(Mi) Mi , Ci = Ek(Mi) where the attacker chooses M1, • Obtain: either M1,M2, ..., Mi or k M2 , ..., Mi – Known plaintext • Obtain: either k or an algorithm to obtain Mi+1, • Given: M1, C1 = Ek(M1), M2, C2 = Ek(M2), ..., Mi, from Ci+1 = Ek(Mi+1) Ci = Ek(Mi) • Obtain: either k or an algorithm to obtain Mi+1, from Ci+1 = Ek(Mi+1) Cryptography CS177 2013 Cryptography CS177 2013 11 12 2 Basis for Attacks Transposition Cipher • Mathematical attacks – Based on analysis of underlying mathematics Rearranges bits or characters in the data – Simple transposition • Statistical attacks – Rail-fence cipher – Make assumptions about the distribution of letters, pairs of letters (digrams), triplets of letters – Columnar transposition (trigrams), etc. • Called models of the language – Examine ciphertext, correlate properties with the assumptions. Cryptography CS177 2013 Cryptography CS177 2013 13 14 Simple Transposition Rail Fence • Ciphers simply break message into blocks and permute each block using some scheme • Transposition depends on a figure • Eg. Blocks of five with key (25413) • In this case the figure is a rail fence (or – Consider picket fence) CMPS IS FUN FOR ALL CMPS IS FU N FOR ALL_ becomes M SCP SUFI RONF A L L • Figure could be a scene, such as a landscape or city skyline Cryptography CS177 2013 Cryptography CS177 2013 15 16 Rail Fence Rail Fence C F A C I N A M S U R L M S S U F R L P I N O L P F O L S F If key is 2-4-3-1 If key is 1-2-3 MSURLSFPINOLCFA CINAMSSUFRLPFOL Cryptography CS177 2013 Cryptography CS177 2013 17 18 3 Mountain Scene Columnar Transposition • Uses a two dimensional array M P C S • Text is placed in rows • Columns are transposed • Columns are read out as ciphered text • Key is the transposition of the columns – e.g., for 4x4 matrix key could be 2-4-3-1 Cryptography CS177 2013 Cryptography CS177 2013 19 20 Columnar Transposition Crypto Analysis Example (4x4 matrix and key = 2-4-3-1) • Can detect transposition cipher by checking the character frequencies against the norm CMPS ISFU NFOR a 0.080 h 0.060 n 0.070 t 0.090 ALLb b 0.015 i 0.065 o 0.080 u 0.030 becomes c 0.030 j 0.005 p 0.020 v 0.010 d 0.040 k 0.005 q 0.002 w 0.015 MSFLSURbPFOLCINA e 0.130 l 0.035 r 0.065 x 0.005 What about (key = 1-2-3-4)? f 0.020 m 0.030 s 0.060 y 0.020 g 0.015 z 0.002 Cryptography CS177 2013 Cryptography CS177 2013 21 22 Crypto Analysis Substitution Ciphers • Brute force by trying possible permutations and looking for readable text in the result • Simple substitution • Anagramming • Polyalphabetic – If 1-gram frequencies match English frequencies, • Running key but other n-gram frequencies do not, probably • Vernam transposition – Rearrange letters to form n-grams with highest frequencies Cryptography CS177 2013 Cryptography CS177 2013 23 24 4 Alphabet Simple Substitution 0 – A 7 – H 14 – O 21 – V • Caesar cipher is most common example of 1 – B 8 – I 15 – P 22 – W simple substitution – Julius used shift of 4 2 – C 9 – J 16 – Q 23 – X – Augustus used key of 3 3 – D 10 – K 17 – R 24 – Y • (letter value + key) mod 26 4 – E 11 – L 18 – S 25 – Z • Example (key = 3) 5 – F 12 – M 19 – T CMPS IS FUN FOR ALL 6 – G 13 – N 20 – U becomes FPSV LV IXQ IRU DOO Cryptography CS177 2013 Cryptography CS177 2013 25 26 Attacking the Cipher Statistical Attack • Exhaustive search • Compute frequency of each character in the – If the key space is small enough, try all possible ciphertext: keys until you find the right one D .067 F .067 I .133 L .067 – Caesar cipher has 26 possible keys O .133 P .067 Q .067 R .067 S .067 U .067 V .133 X .067 • Statistical analysis – Compare to 1-gram model of English • Apply 1-gram model of English – Frequency of characters (1-grams) in English is on next slide Cryptography CS177 2013 Cryptography CS177 2013 27 28 Character Frequencies Statistical Analysis a 0.080 h 0.060 n 0.070 t 0.090 • f(c) frequency of character c in ciphertext b 0.015 i 0.065 o 0.080 u 0.030 • (i) correlation of frequency of letters in ciphertext with corresponding letters in c 0.030 j 0.005 p 0.020 v 0.010 English, assuming key is i d 0.040 k 0.005 q 0.002 w 0.015 – (i) = 0 ≤ c ≤ 25 f(c)p(c – i) e 0.130 l 0.035 r 0.065 x 0.005 f 0.020 m 0.030 s 0.060 y 0.020 p(x) is frequency of character x in English g 0.015 z 0.002 Cryptography CS177 2013 Cryptography CS177 2013 29 30 5 Example Analysis from Text Statistical Analysis • Caesar cipher (i) correlation of frequency of letters in – Plaintext is HELLO WORLD ciphertext with corresponding letters in English, assuming key is i – Key is 3 – (i) = f(c)p(c – i) so here, – Ciphertext is KHOOR ZRUOG 0 ≤ c ≤ 25 (i) = 0.1p(6 – i) + 0.1p(7 – i) + 0.1p(10 – i) + 0.3p(14 – i) + 0.2p(17 – i) + 0.1p(20 – i) + 0.1p(25 • Frequency of each letter in ciphertext: – i) G 0.1 H 0.1 K 0.1 O 0.3 • f(x) is frequency of character c in ciphertext R 0.2 U 0.1 Z 0.1 • p(x) is frequency of character x in English Cryptography CS177 2013 Cryptography CS177 2013 31 32 Correlation: (i) for 0 ≤ i ≤ 25 The Result i (i) i (i) i (i) i (i) • Most probable keys, based on : 0 0.0482 7 0.0442 13 0.0520 19 0.0315 – i = 6, (i) = 0.0660 • plaintext EBIIL TLOLA 1 0.0364 8 0.0202 14 0.0535 20 0.0302 – i = 10, (i) = 0.0635 2 0.0410 9 0.0267 15 0.0226 21 0.0517 • plaintext AXEEH PHKEW – i = 3, (i) = 0.0575 3 0.0575 10 0.0635 16 0.0322 22 0.0380 • plaintext HELLO WORLD 4 0.0252 11 0.0262 17 0.0392 23 0.0370 – i = 14, (i) = 0.0535 5 0.0190 12 0.0325 18 0.0299 24 0.0316 • plaintext WTAAD LDGAS • Only English phrase is for i = 3 6 0.0660 25 0.0430 – That’s the key (3 or ‘D’) Cryptography CS177 2013 Cryptography CS177 2013 33 34 Caesar’s Problem Polyalphabetic Ciphers • Key is too short • Use multiple substitutions – Can be found by exhaustive search – Statistical frequencies not concealed well • Most are periodic • They look too much like regular English letters – These are essentially multiple Caesar ciphers • So make it longer • Instead of adding the same key each time, – Multiple letters in key each successive letter gets a different key – Idea is to smooth the statistical frequencies to added, but the keys repeat themselves make cryptanalysis harder • When period is 1, this is equivalent to simple substitution Cryptography CS177 2013 Cryptography CS177 2013 35 36 6 Polyalphabetic Ciphers Attacking the Cipher • Approach Example (key = SECUR) – Establish period; call it n CMPS IS FUN FOR ALL – Break message into n parts, each part being enciphered using the same key letter SECU RS ECU RSE CUR – Solve each part becomes • You can leverage one part from another UQRN ZK ….