CryptographyCryptography andand Chapter 2 – Classical Encryption NetworkNetwork SecuritySecurity Techniques ChapterChapter 22 • "I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph upon the subject, in which I analyze Fifth Edition one hundred and sixty separate ciphers," said by William Stallings Holmes. Lecture slides by Lawrie Brown —The Adventure of the Dancing Men , Sir Arthur (with edits by RHB) Conan Doyle Outline Symmetric Encryption • We will consider: • or conventional / private -key / single -key – classical cipher techniques and terminology • sender and recipient share a common key – monoalphabetic substitution ciphers • all classical encryption algorithms are – cryptanalysis using letter frequencies private -key – Playfair cipher – polyalphabetic ciphers • was only type prior to invention of public - – transposition ciphers key in 1970 ’s – product ciphers and rotor machines • and by far most widely used – steganography Some Basic Terminology Symmetric Cipher Model • plaintext - original message • ciphertext - coded message • cipher - algorithm for transforming plaintext to ciphertext • key - info used in cipher known only to sender/receiver • encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering ciphertext from plaintext • cryptography - study of encryption principles/methods • cryptanalysis ( codebreaking ) - study of principles/ methods of deciphering ciphertext without knowing key • cryptology - field of both cryptography and cryptanalysis Requirements • two requirements for secure use of symmetric encryption: – a strong encryption algorithm – a secret key known only to sender / receiver • mathematically have: Y = E(K,X) X = D(K,Y) • assume encryption algorithm is known • implies a secure channel to distribute key Cryptography Cryptanalysis • can characterize cryptographic system by: • objective to recover key not just message – type of encryption operations used – type of encryption operations used • general approaches: • substitution • transposition – cryptanalytic attack • product – brute -force attack – number of keys used • if either succeed all key use compromised • single -key or private • two -key or public – way in which plaintext is processed • block • stream Cryptanalytic Attacks More Definitions • ciphertext only • unconditional security – only know algorithm & ciphertext , is statistical, must – no matter how much computer power or time is know or be able to identify plaintext available, the cipher cannot be broken … since the • known plaintext ciphertext provides insufficient information to – attacker knows/suspects plaintext & ciphertext uniquely determine the corresponding plaintext • chosen plaintext • computational security – attacker selects plaintext and gets ciphertext • given limited computing resources ( eg . time • chosen ciphertext needed for calculations is greater than age of – attacker selects ciphertext and gets plaintext universe (usually defined via polynomial time • chosen text algorithms)), the cipher cannot be broken – attacker selects plaintext or ciphertext to en/decrypt Brute Force Search Classical Substitution Ciphers • always possible to simply try every key • letters of plaintext are replaced by other • most basic attack, proportional to key size letters or by numbers or symbols • assume able to know / recognise plaintext or Number of Time Required at 10 9 Time Required at • plaintext is viewed as a sequence of Key size (bits) Cipher Alternative Keys decryptions/s 10 13 decryptions/s 56 DES 256 ᱌ 7.2 x 10 16 255 ns = 1.125 years 1 hour bits, and substitution involves replacing 128 AES 2128 ᱌ 3.4 x 10 38 2127 ns = 5.3 x 10 21 years 5.3 x 10 17 years 168 Triple DES 2168 ᱌ 3.7 x 10 50 2167 ns = 5.8 x 10 33 years 5.8 x 10 29 years plaintext bit patterns with ciphertext bit 192 AES 2192 ᱌ 6.3 x 10 57 2191 ns = 9.8 x 10 40 years 9.8 x 10 36 years patterns 256 AES 2256 ᱌ 1.2 x 10 77 2255 ns = 1.8 x 10 60 years 1.8 x 10 56 years 26 characters Monoalphabetic 26! = 4 x 10 26 2 ᠯ 10 26 ns = 6.3 x 10 9 years 6.3 x 10 6 years (permutation) Caesar Cipher Caesar Cipher • earliest known substitution cipher • can define transformation as: • by Julius Caesar a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C • first attested use in military affairs • mathematically give each letter a number • replaces each letter by 3rd letter along a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 • example: • then have Caesar cipher as: meet me after the toga party c = E(k,p ) = (p + k) mod 26 PHHW PH DIWHU WKH WRJD SDUWB p = D(k,c ) = (c – k) mod 26 Cryptanalysis of Caesar Cipher • only have 25 possible ciphers … 25 keys – a maps to (A),B...Z (obviously avoid a A) • could simply try each in turn • a brute force search • given ciphertext , just try all shifts of letters • do need to recognize when have plaintext • eg. break ciphertext "GCUA VQ DTGCM " Monoalphabetic Cipher Monoalphabetic Cipher Security • rather than just shifting the alphabet • now have a total of 26! = 4 x 10 26 keys • could shuffle (jumble) the letters arbitrarily • with so many keys, might think is secure • each plaintext letter maps to a different random ciphertext letter • but would be !!!WRONG!!! • hence key is 26 letters long • problem is language characteristics Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN Plaintext: ifwewishtoreplaceletters Ciphertext : WIRFRWAJUHYFTSDVFSFUUFYA Language Redundancy and English Letter Frequencies Cryptanalysis • human languages are redundant • eg " th lrd s m shphrd shll nt wnt " • letters are not equally commonly used • in English E is by far the most common letter – followed by T,R,N,I,O,A,S • other letters like Z,J,K,Q,X are fairly rare • have tables of single, double and triple letter frequencies for various languages Use in Cryptanalysis Example Cryptanalysis • key concept - monoalphabetic substitution • given ciphertext : ciphers do not change relative letter frequencies UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ • discovered by Arabian scientists in 9 th century VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ • calculate letter frequencies for ciphertext • count relative letter frequencies (see text) • compare counts/plots against known values • guess P and Z are e and t • if caesar cipher look for common peaks/troughs • guess ZW is th and hence ZWP is the – peaks at: A-E-I triple, NO pair, RST triple • proceeding with trial and error finally get: – troughs at: JK , X-Z it was disclosed yesterday that several informal but direct contacts have been made with political • for monoalphabetic must identify each letter representatives of the viet cong in moscow – tables of common double/triple letters help Playfair Cipher Playfair Key Matrix • not even the large number of keys in a • a 5X5 matrix of letters based on a keyword monoalphabetic cipher provides security • fill in letters of keyword (no duplicates) • one approach to improving security was to • fill rest of matrix with other letters encrypt multiple letters • eg. using the keyword MONARCHY • the Playfair Cipher is an example • invented by Charles Wheatstone in 1854, M O N A R C H Y B D but named after his friend Baron Playfair E F G I/J K L P Q S T U V W X Z Encrypting and Decrypting Security of Playfair Cipher • plaintext is encrypted two letters at a time • security much improved over monoalphabetic 1. if a pair is a repeated letter, insert filler like ''X’ • since have 26 x 26 = 676 digrams 2. if both letters fall in the same row, replace • would need a 676 entry frequency table to each with letter to right (wrapping back to start analyse (verses 26 for a monoalphabetic ) from end) from end) • and correspondingly more ciphertext 3. if both letters fall in the same column, replace each with the letter below it (wrapping to top • was widely used for many years from bottom) – eg. by US & British military in WW1 4. otherwise each letter is replaced by the letter • it can be broken, given a few hundred letters in the same row and in the column of the other • since still has much of plaintext structure letter of the pair Polyalphabetic Ciphers Vigen ère Cipher • polyalphabetic substitution ciphers • simplest polyalphabetic substitution cipher • improve security using multiple cipher alphabets • effectively multiple caesar ciphers • make cryptanalysis harder with more alphabets • key is many letters long K = k k ... k to guess and flatter frequency distribution 1 2 d • ith letter specifies ith alphabet to use • use a key to select which alphabet is used for each letter of the message • use each alphabet in turn • use each alphabet in turn • repeat from start after d letters in message • repeat from start after end of key is reached • decryption simply works in reverse Example of Vigen ère Cipher Aids to Vigen ère Encryption • write the plaintext out • simple aids can assist with en/decryption • write the keyword repeated above it • a Saint -Cyr Slide is a simple manual aid • use each key letter as a caesar cipher key – a slide with repeated alphabet • encrypt the corresponding plaintext letter – line up plaintext ' A'' withwith keykey letter,letter, egeg '' C'' deceptive • eg . using keyword deceptive – then read off any mapping for key letter key: deceptivedeceptivedeceptive • can bend round into a cipher disk plaintext: wearediscoveredsaveyourself • can bend