Encryption Algorithms (Part V) Polygram Substitution Ciphers Irvanizam Zamanhuri, M.Sc Computer Science Study Program [email protected] http://informatika.unsyiah.ac.id/irvanizam Vernam Cipher and One-Time Pads o If the key to a substitution cipher is a random sequence of characters and is not repeated, there is not enough information to break the cipher. o Such a cipher is called a one-time pad , as it is only used once. o The implementation of one-time pads in computer systems is based on an ingenious device designed by Gilbert Vernam in 1917. o An employee of American Telephone and Telegraph Company (A. T. & T.) Continue o Vernam designed a cryptographic device for telegraphic communications based on the 32 character Baudot code of the new teletypewriters developed at A. T. & T. o Each character is represented as a combination of five marks and spaces , corresponding to the bits 1 and 0 in digital computers. o A nonrepeating random sequence of key characters is punched on paper tape, and each plaintext bit is added modulo 2 to the next key bit. Vernam Cipher - Encryption o Letting M = m 1m2... denote a plaintext bit stream and K = k 1k2... a key bit stream, o the Vernam cipher generates a ciphertext bit stream C = E k(M) = c 1c2... where ci = (m i + k i) mod 2, i = 1,2,... q The cipher is thus like a Vigenere cipher over the binary alphabet (0, 1). o The Vernam cipher is efficiently implemented in microelectronics by taking the “exclusive-or” (XOR) of each plaintext/key pair ci = m i ⊕⊕⊕ ki Vernam Cipher - Decryption o Because ki ⊕⊕⊕ ki = 0 for ki = 0 or 1, deciphering is performed with the same operation: o ci = m i ⊕⊕⊕ ki o ci ⊕⊕⊕ ki = m i ⊕⊕⊕ ki ⊕⊕⊕ ki o ci ⊕⊕⊕ ki = m i o Hence, mi = ci ⊕⊕⊕ ki Example o If the plaintext character A (11000 in Baudot) is added to the key character D (10010 in Baudot), the ciphertext is below. M = 1 1 0 0 0 K = 1 0 0 1 0 Ek(M) = 0 1 0 1 0 = R . Exercise o What is the ciphertext from the plaintext TOBEORNOTTOBE using key HAM ? Use a running key when the key is repeated o If the key to a Vernam cipher is repeated , the cipher is equivalent to a running-key cipher with a text as key. o To see why, suppose two plaintext streams M and M’ are enciphered with a key stream K, generating ciphertext streams C and C’, respectively. Then ci = m i ⊕⊕⊕ ki, ci’ = m i’⊕⊕⊕ ki, o For i= 1,2,.... Let C” be a stream formed by taking the ⊕ of C and C’; then ci” = c i ⊕⊕⊕ ci’ = m i ⊕⊕⊕ ki ⊕⊕⊕ mi’ ⊕⊕⊕ ki = m i ⊕⊕⊕ mi’ , continue o For i= 1,2,.... The stream C” is thus equivalent to a stream generated by the encipherment of message M with message (key) M’ and is no longer unbreakable. o Note that this ciphertext is broken by finding the plaintext rather than the key. o Of course, once the plaintext is known, the key is easily computed (each ki = c i ⊕⊕⊕ mi). POLYGRAM SUBSTITUTION CIPHERS o Playfair Cipher o Hill Cipher Playfair Cipher o The Playfair cipher is a digram substitution cipher named after the English scientist Lyon Playfair ; o the cipher was actually invented in 1854 by Playfair’s friend, Charles Wheatstone , and was used by the British during World War I. o The key is given by a 5 X 5 matrix of 25 letters (J was not used), o Each pair of plaintext letters m1m2 is enciphered according to the following rules: Playfair’s Role (1/2) 1. If m 1 and m 2 are in the same row , then c 1 and c 2 are the two characters to the right of m 1 and m 2, respectively, where the first column is considered to be to the right of the last column . 2. If m 1 and m 2 are in the same column , then c 1 and c2, are the two characters below m1 and m 2, respectively, where the first row is considered to be below the last row . 3. If m 1 and m 2 are in different rows and columns , then c 1 and c 2 are the other two corners of the rectangle having m 1 and m 2 as corners, where c, is in m 1’s row and c 2 is in m 2‘s row. Playfair’s Role (2/2) 4. If m1 = m2, a null letter (e.g., X) is inserted into the plaintext between m 1 and m 2 to eliminate the double. 5. If the plaintext has an odd number of characters, a null letter is appended to the end of the plaintext. Example o What is the ciphertext of the plaintext RENAISSANCE, where the key is HARPSI ? o Answer: the matrix key is below Answer o To encipher the first two letters of RENAISSANCE, observe that R and E are two corners of the rectangle o They are thus enciphered as the other two corners, H and G. The entire plaintext is enciphered as: M = RE NA IS SA NC EX Ek(M) = HG WC BH HR WF GV . Exercise o What is the ciphertext of the plaintext GEOMETRICALFIGUREWASOFTEN , where the key is TEXAS and FRENCH ? Hill Cipher o The Hill cipher performs a linear transformation on d plaintext characters to get d ciphertext characters. o Suppose d = 2, and let M = m 1m2. o M is enciphered as C = E k(M) = c 1c2, where c1 = (k 11 m1 + k 12 m2) mod n c2 = (k 21 m2 + k 22 m2) mod n . o Expressing M and C as the column vectors M =(m 1,m 2) and C = (c 1,c 2), this can be written as C = E k(M) = KM mod n q where K is the matrix of coefficients: K = Encryption & Decryption o Deciphering is done using the inverse matrix K -1: -1 DK(C) = K C mod n = K -1 K M mod n = M, o where KK -1 mod n = I, and I is the 2 X 2 identity matrix. Example PRODUCT CIPHERS o A product cipher E is the composition of t functions (ciphers) F 1, . , F t, where each Fi may be a substitution or transposition. Rotor machines are product ciphers, where F i is implemented by rotor Ri (1 ≤ i ≤ t) . o Substitution-Permutation Ciphers o The Data Encryption Standard (DES).