Cryptography I — Exercises — Luca Vigan`o Institut f¨urInformatik Albert-Ludwigs-Universit¨at Freiburg IT-Security: Theory and Practice (WS02) Luca Vigan`o 1 Some definitions • Cryptology: the study of secret writing. • Cryptography: the science of secret writing. • Secret writing: codes and ciphers (more general). – Code: a string of symbols stands for a complete message. Example: telegraph code “73” = “love and kisses”. – Cipher = cryptographic algorithm: transform plaintext P into ciphertext C (and vice versa). • Cryptanalysis: the science of recovering P (or keys and other secrets). – Attack = attempted cryptanalysis. – Compromise = obtain secret by non-cryptanalytic means (theft, torture, ...). Also: steganography (hide secret messages in other messages). IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 2 Key-based cryptographic algorithms • General Schema: EKey1(P) = C , DKey2(C ) = P Key1 Key2 Ciphertext Plaintext Plain Text Encryption Decryption P C P • Security depends on secrecy of the key, not on the details of the algorithm (which can be published and analyzed). • Symmetric algorithms: Key1 = Key2, or are easily derived from each other. DKey2(C ) = DKey2(EKey1(P)) = P . • Asymmetric or public key algorithms: – Different keys, which cannot be derived from each other. – Public key can be published without compromising private key. IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 3 Goals of cryptography Protection goals: • Confidentiality: prevention of unauthorized disclosure of information (only selected principals should be able to access data/message). • Integrity: prevention of unauthorized modification of information (an intruder should not be able to modify a message in transit). • Availability: prevention of unauthorized withholding of information or resources. • Authentication: an intruder should not be able to masquerade as someone else. • Nonrepudiation: a sender should not be able to falsely deny later that he sent a message. • etc. (see, for instance, Gollmann’s book) IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 4 Historical perspective • Code: a string of symbols stands for a complete message. – Example: ‘OCELOT’ is ciphertext for ‘TURN LEFT 90 DEGREES’ and ‘LOLLIPOP’ is ciphertext for ‘TURN RIGHT 90 DEGREES’. – But: if there is no entry for ‘ANTEATER’, then you can’t say it. • Cipher (cryptographic algorithm): one-to-one correspondence between symbols of original message (plaintext P) and symbols of its equivalent in secret writing (ciphertext C). • Classical ciphers: simple algorithms (military, ordinary citizens, ...). • Modern ciphers: computer cryptography. – Yesterday: exclusive domain of the world’s militaries, governments, ... – Today: state-of-the-art cryptography accessible to ordinary citizens. IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 5 Transposition ciphers Rearrange (order of) bits or characters in the plaintext. • Keys are functions for transposition. • More formally: – For block length t, let K be the set of permutations on {1,..., t}. For each e ∈ K and m ∈ M Ee(m) = me(1)me(2) ··· me(t) – The set of all such transformations is called a transposition cipher. – To decrypt c = c1c2 ··· ct compute Dd (c) = cd(1)cd(2) ··· cd(t). • N.B.: cryptanalysis easy as frequencies (of letters) preserved. • Examples: – Aduaenttlydhatoiekounletmtoihahvsekeeeleeyqonouv = ??? – EARN SAIS CNE = ??? IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 6 Transposition ciphers (cont.) • P = And in the end the love you take is equal to the love you make A n d i n t h e e n d t h e l o v e y o u t a k e i s e q u a l t o t h e l o v e y o u m a k e C = Aduaenttlydhatoiekounletmtoihahvsekeeeleeyqonouv Key (in this case: the grid) is function for transposition. • Scytale: wrap belt spirally around baton and write plaintext lengthwise on it (ancient Greeks, who also used concealment ciphers). • Fixed period: i = 1, 2, 3, 4 RENA ISSA NCE ⇒ Period 4 and f (i) = 2, 4, 1, 3 EARN SAIS CNE IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 7 Substitution ciphers Replace parts of plaintext (bits, characters, blocks) with ciphertext. • Can be almost always easily broken. • Keys are functions for substitution. • Monoalphabetic or polyalphabetic (and other types). • Used in some modern commercial computer security products, in conjunction with other methods. IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 8 Mono-alphabetic substitution ciphers • Let K be the set of all permutations on the alphabet A. Define for each e ∈ K an encryption transformation Ee on strings m = m1m2 ··· mn ∈ M as Ee(m) = e(m1)e(m2) ··· e(mn) = c1c2 ··· cn = c • To decrypt c, compute the inverse permutation d = e−1 and Dd (c) = d(c1)d(c2) ··· d(cn) = m • Ee is a simple substitution cipher or a mono-alphabetic substitution cipher. IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 9 Examples of substitution ciphers • Caesar cipher: each plaintext character is replaced by the character three to the right modulo 26. – ‘A’ is replaced by ‘D’, ‘B’ by ‘E’, ..., ‘X’ by ‘A’, ... ⇒ KHOOR ZRUOG = HELLO WORLD • ROT13: rotate every letter by 13 places – ‘A’ is replaced by ‘N’, ‘B’ by ‘O’, ..., ‘N’ by ‘A’, ..., ‘P’ by ‘C’, ... – P = ROT13(ROT13(P)) ⇒ Zl anzr vf Nqnz = My name is Adam • Alphanumeric (‘crossword puzzle’, ‘Kreuzwortr¨atsel’): substitute numbers for letters. – Example: ‘A’ is replaced by ‘1’, ‘B’ by ‘2’, ... ⇒ 2-25-5 2-25-5 = BYE BYE IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 10 Advanced Caesar cipher • Caesar Cipher: each plaintext character is replaced by the character three to the right modulo 26. • Advanced Caesar Cipher: key = number of characters of alphabet’s offset, e.g. with shift 19: Plaintext: A B C D E F G H I J . U V W X Y Z Ciphertext: T U V W X Y Z A B C . N O P Q R S • Shift n can be broken by hand! How? IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 10 Advanced Caesar cipher • Caesar Cipher: each plaintext character is replaced by the character three to the right modulo 26. • Advanced Caesar Cipher: key = number of characters of alphabet’s offset, e.g. with shift 19: Plaintext: A B C D E F G H I J . U V W X Y Z Ciphertext: T U V W X Y Z A B C . N O P Q R S • Shift n can be broken by hand! How? • Unknown shift is one of possible 26... use computer to try them all out... IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 10 Advanced Caesar cipher • Caesar Cipher: each plaintext character is replaced by the character three to the right modulo 26. • Advanced Caesar Cipher: key = number of characters of alphabet’s offset, e.g. with shift 19: Plaintext: A B C D E F G H I J . U V W X Y Z Ciphertext: T U V W X Y Z A B C . N O P Q R S • Shift n can be broken by hand! How? • Unknown shift is one of possible 26... use computer to try them all out... • ...but can computer recognize “readable English (German, Japanese,...) texts”? • A better approach is to use statistical data about letter frequencies... IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 11 Advanced Caesar Cipher — Exercise Relative frequencies in an English text of 1000 letters: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 73 9 30 44 130 28 16 35 74 2 3 35 25 78 74 27 3 77 63 93 27 13 16 5 19 1 Use this information to decide the most likely shift used to obtain: K DKVO DYVN LI KX SNSYD, PEVV YP CYEXN KXN PEBI, CSQXSPISXQ XYDRSXQ. Don’t just use “brute force” but proceed strategically: tally the frequencies of letters in the ciphertext A B C D E F G H I J K L M N O P Q R S T U V W X Y Z and then try a shift so that there is a correspondence between the English Language Frequencies and the Enciphered Message Frequencies. IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 12 Advanced Caesar Cipher — Exercise solution Relative frequencies in an English text of 1000 letters: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 73 9 30 44 130 28 16 35 74 2 3 35 25 78 74 27 3 77 63 93 27 13 16 5 19 1 K DKVO DYVN LI KX SNSYD, PEVV YP CYEXN KXN PEBI, CSQXSPISXQ XYDRSXQ. ⇒ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 4 3 0 0 0 3 0 4 1 0 4 1 4 3 1 6 0 0 4 0 7 5 0 ⇒ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 73 9 30 44 130 28 16 35 74 2 3 35 25 78 74 27 3 77 63 93 27 13 16 5 19 1 K L M N O P Q R S T U V W X Y Z A B C D E F G H I J 4 1 0 4 1 4 3 1 6 0 0 4 0 7 5 0 0 1 2 4 3 0 0 0 3 0 ⇒ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z K L M N O P Q R S T U V W X Y Z A B C D E F G H I J IT-Security: Theory and Practice (WS02) 31.10.02 Luca Vigan`o 13 Advanced Caesar Cipher — Exercise solution A B C D E F G H I J K L M N O P Q R S T U V W X Y Z K L M N O P Q R S T U V W X Y Z A B C D E F G H I J so that K DKVO DYVN LI KX SNSYD, PEVV YP CYEXN KXN PEBI, CSQXSPISXQ XYDRSXQ.