ECE 646 - Lecture 6 Required Reading • W. Stallings, Cryptography and Network Security, Chapter 2, Classical Encryption Techniques Historical Ciphers • A. Menezes et al., Handbook of Applied Cryptography, Chapter 7.3 Classical ciphers and historical development Why (not) to study historical ciphers? Secret Writing AGAINST FOR Steganography Cryptography (hidden messages) (encrypted messages) Not similar to Basic components became modern ciphers a part of modern ciphers Under special circumstances modern ciphers can be Substitution Transposition Long abandoned Ciphers reduced to historical ciphers Transformations (change the order Influence on world events of letters) Codes Substitution The only ciphers you Ciphers can break! (replace words) (replace letters) Selected world events affected by cryptology Mary, Queen of Scots 1586 - trial of Mary Queen of Scots - substitution cipher • Scottish Queen, a cousin of Elisabeth I of England • Forced to flee Scotland by uprising against 1917 - Zimmermann telegram, America enters World War I her and her husband • Treated as a candidate to the throne of England by many British Catholics unhappy about 1939-1945 Battle of England, Battle of Atlantic, D-day - a reign of Elisabeth I, a Protestant ENIGMA machine cipher • Imprisoned by Elisabeth for 19 years • Involved in several plots to assassinate Elisabeth 1944 – world’s first computer, Colossus - • Put on trial for treason by a court of about German Lorenz machine cipher 40 noblemen, including Catholics, after being implicated in the Babington Plot by her own 1950s – operation Venona – breaking ciphers of soviet spies letters sent from prison to her co-conspirators stealing secrets of the U.S. atomic bomb in the encrypted form – one-time pad 1 Mary, Queen of Scots – cont. Zimmermann Telegram • cipher used for encryption was broken by codebreakers of Elisabeth I • sent on January 16, 1917 from the Foreign Secretary • it was so called nomenclator – mixture of a code and a substitution of the German Empire, Arthur Zimmermann, to the German cipher ambassador in Washington • Mary was sentenced to death for treachery and executed in 1587 • instructed the ambassador to approach the Mexican government at the age of 44 with a proposal for military alliance against the U.S. • offered Mexico generous material aid to be used to reclaim a part of territories lost during the Mexican-American War of 1846-1848, specifically Texas, New Mexico, and Arizona • sent using a telegram cable that touched British soil • encrypted with cipher 0075, which British codebreakers had partly broken • intercepted and decrypted Zimmermann Telegram • British foreign minister passed the ciphertext, the message in German, and the English translation to the American Secretary of State, and he has shown it to the President Woodrow Wilson • A version released to the press was that the decrypted message was stolen from the German embassy in Mexico • After publishing in press, initially believed to be a forgery • On February 1, Germany had resumed "unrestricted" submarine warfare, which caused many civilian deaths, including American passengers on British ships • On March 3, 1917 and later on March 29, 1917, Arthur Zimmermann was quoted saying "I cannot deny it. It is true. • On April 2, 1917, President Wilson asked Congress to declare war on Germany. On April 6, 1917, Congress complied, bringing the United States into World War I. Ciphers used predominantly in the given period(1) Cryptography Cryptanalysis 100 B.C. Shift ciphers Frequency analysis al-Kindi, Baghdad IX c. Monoalphabetic substitution cipher 1586 Invention of the Vigenère Cipher Black chambers XVIII c. Homophonic ciphers Vigenère cipher Kasiskis method 1863 (Simple polyalphabetic substitution ciphers) 1919 Invention of rotor machines Index of coincidence 1918 William Friedman Electromechanical machine ciphers (Complex polyalphabetic substitution ciphers) 1926 Vernam cipher (one-time pad) 1996 (2nd ed) 1999 2 Ciphers used predominantly in the given period(2) Substitution Ciphers (1) Cryptography Cryptanalysis 1. Monalphabetic (simple) substitution cipher Reconstructing ENIGMA 1932 Rejewski, Poland M = m1 m2 m3 m4 . mN Polish cryptological bombs, and perforated sheets C = f(m1) f(m2) f(m3) f(m4) . f(mN) 1949 Shennons theory 1939 of secret systems one-time pad British cryptological Stream Ciphers bombs, Bletchley Park, UK 1945 S-P networks Breaking Japanese Generally f is a random permutation, e.g., Purple cipher 1977 Publication of DES 1977 DES a b c d e f g h i j k l m n o p q r s t u v w x y z f = Triple DES 1990 s l t a v m c e r u b q p d f k h w y g x z j n i o DES crackers 2001 2001 AES Key = f Number of keys = 26! » 4 × 1026 Monalphabetic substitution ciphers Coding characters into numbers Simplifications (1) A Û 0 N Û 13 A. Caesar Cipher B Û 1 O Û 14 C Û 2 P Û 15 c = f(m ) = m + 3 mod 26 i i i D Û 3 Q Û 16 -1 mi = f (ci) = ci - 3 mod 26 E Û 4 R Û 17 F Û 5 S Û 18 No key G Û 6 T Û 19 B. Shift Cipher H Û 7 U Û 20 ci = f(mi) = mi + k mod 26 I Û 8 V Û 21 J Û 9 W Û 22 m = f-1(c ) = c - k mod 26 i i i K Û 10 X Û 23 Key = k L Û 11 Y Û 24 Number of keys = 26 M Û 12 Z Û 25 Caesar Cipher: Example Monalphabetic substitution ciphers Simplifications (2) C. Affine Cipher Plaintext: I C A M E I S A W I C O N Q U E R E D 8 2 0 12 4 8 18 0 22 8 2 14 13 16 20 4 17 4 3 ci = f(mi) = k1 × mi + k2 mod 26 11 5 3 15 7 11 21 3 25 11 5 17 16 19 23 7 20 7 6 gcd (k1, 26) = 1 Ciphertext: L F D P H L V D Z L F R Q T X H U H G -1 -1 mi = f (ci) = k1 × (ci - k2) mod 26 Key = (k1, k2) Number of keys = 12×26 = 312 3 Most frequent single letters Most frequent digrams, and trigrams Average frequency in a random string of letters: 1 Digrams: = 0.038 = 3.8% 26 TH, HE, IN, ER, RE, AN, ON, EN, AT Average frequency in a long English text: Trigrams: E — 13% THE, ING, AND, HER, ERE, ENT, THA, NTH, T, N, R, I, O, A, S — 6%-9% WAS, ETH, FOR, DTH D, H, L — 3.5%-4.5% C, F, P, U, M, Y, G, W, V — 1.5%-3% B, X, K, Q, J, Z — < 1% Relative frequency of letters in a long English text 14 12 by Stallings 10 Character frequency 8 14 12.75 in a long English 6 plaintext 12 4 2 10 9.25 7.75 8.5 0 7.75 a b c d e f g h i j k l m n o p q r s t u v w x y z 7.25 7.5 8 14 6 6 12 4.25 3.75 10 Character frequency 3.5 3.5 4 3 2.75 2.75 3 8 in the corresponding 2 2.25 1.25 1.5 1.5 6 ciphertext 2 0.5 0.25 0.5 0.5 0.25 4 for a shift cipher 0 2 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 a b c d e f g h i j k l m n o p q r s t u v w x y z 14 Frequency analysis attack: relevant frequencies 12 14 14 10 Character frequency 12 12 8 in a long English 10 10 6 8 8 plaintext 6 6 4 4 4 2 2 2 0 0 0 a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h I j k l m n o p q r s t u v w x y z 14 Long English text T Short English message M 12 Character frequency 14 14 12 12 10 in the corresponding 10 10 8 ciphertext 8 8 6 for a general 6 6 4 4 4 monoalphabetic substitution cipher 2 2 0 0 2 a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h I j k l m n o p q r s t u v w x y z 0 Ciphertext of the long English text T Ciphertext of the short English message M a b c d e f g h i j k l m n o p q r s t u v w x y z 4 Frequency analysis attack (1) Frequency analysis attack (2) Step 1: Establishing the relative frequency of letters Step 2: Assuming the relative frequency of letters in the ciphertext in the corresponding message, and deriving the corresponding equations Ciphertext: Assumption: Most frequent letters in the message: E and T FMXVE DKAPH FERBN DKRXR SREFM ORUDS DKDVS HVUFE DKAPR KDLYE VLRHH RH Corresponding equations: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z E ® R f(E) = R T ® D f(T) = D R - 8 4 ® 17 f(4) = 17 D - 7 19 ® 3 f(19) = 3 E, H, K - 5 Frequency analysis attack (3) Frequency analysis attack (4) Step 3: Verifying the assumption for the case Step 4: Solving the equation of the form of affine cipher a × x º b mod n for x = k1 f(4) = 17 f(19) = 3 15 × k1 º 12 (mod 26) gcd(15, 26) = 1 4×k1 + k2 º 17 (mod 26) Thus, one solution 19×k1 + k2 º 3 (mod 26) -1 k1 = (15 ) × 12 mod 26 = 7 × 12 mod 26 = 6 15×k º -14 (mod 26) 1 However, gcd(k1, 26) = 2 ≠ 1 Thus, our initial assumption incorrect.