Classical Cryptography

Classical Cryptography

Classical Cryptography CSC 482/582: Computer Security Topics 1. Modular Arithmetic Review 2. What is Cryptography? 3. Transposition Ciphers 4. Substitution Ciphers 1. Cæsar cipher 2. Vigènere cipher 5. Cryptanalysis: frequency analysis 6. Block Ciphers: AES and DES CSC 482/582: Computer Security Modular Arithmetic Congruence a = b (mod N) iff a = b + kN ex: 37=27 mod 10 b is the residue of a, modulo N Integers 0..N-1 are complete set of residues mod N CSC 482/582: Computer Security Laws of Modular Arithmetic (a + b) mod N = (a mod N + b mod N) mod N (a - b) mod N = (a mod N - b mod N) mod N ab mod N = (a mod N)(b mod N) mod N a(b+c) mod N = ((ab mod N) + (ac mod N)) mod N CSC 482/582: Computer Security What is Cryptography? Cryptography: The art and science of keeping messages secure. Cryptanalysis: the art and science of decrypting messages. Cryptology: cryptography + cryptanalysis CSC 482/582: Computer Security Terminology Plaintext: message P to be encrypted. Also called Plaintext cleartext. Encryption: altering a Encryption message to keep its Procedure contents secret. Ciphertext: encrypted message C. Ciphertext CSC 482/582: Computer Security Early Cryptography Egyptian hieroglyphics ~ 2000 B.C.E. Cryptic tomb inscriptions for regality. Spartan skytale cipher ~ 500 B.C.E. Wrapped thin sheet of papyrus around staff. Messages written down length of staff. Decrypted by wrapped around = diameter staff. Cæsar cipher ~ 50 B.C.E. Simple alphabetic substitution cipher. al-Kindi ~ 850 C.E. Cryptanalysis using letter frequencies. 7 A Transposition Cipher Rearrange letters in plaintext. Example: Rail-Fence Cipher Plaintext is HELLO WORLD Rearrange as H L O O L E L W R D Ciphertext is HLOOL ELWRD CSC 482/582: Computer Security Cryptosystem Formal Definition 5-tuple (E, D, M, K, C) M set of plaintexts K set of keys C set of ciphertexts E set of encryption functions e: M K C D set of decryption functions d: C K M CSC 482/582: Computer Security Cæsar cipher Letter shifting cipher (A=>D, B=>E, C=>F, … 5-tuple M = { all sequences of letters } K = { i | i is an integer and 0 ≤ i ≤ 25 } E = { Ek | k K and for all letters m, Ek(m) = (m + k) mod 26 } D = { Dk | k K and for all letters c, Dk(c) = (26 + c – k) mod 26 } C = M History: Cæsar’s key was 3. CSC 482/582: Computer Security Cæsar cipher Plaintext is HELLO WORLD Change each letter to the third letter following it (X goes to A, Y to B, Z to C) Key is 3, usually written as letter ‘D’ Ciphertext is KHOOR ZRUOG CSC 482/582: Computer Security ROT 13 Cæsar cipher with key of 13 13 chosen since encryption and decryption are same operation Used to hide spoilers, punchlines, and offensive material online. CSC 482/582: Computer Security Kerckhoff’s Principle Security of cryptosystem should only depend on 1. Quality of shared encryption algorithm E 2. Secrecy of key K Security through obscurity tends to fail ex: DVD Content Scrambling System CSC 482/582: Computer Security Cryptanalysis Goals 1. Decrypt a given message. 2. Recover encryption key. Threat models vary based on 1. Type of information available to adversary 2. Interaction with cryptosystem. CSC 482/582: Computer Security Cryptanalysis Threat Models ciphertext only: adversary has only ciphertext; goal is to find plaintext, possibly key. known plaintext: adversary has ciphertext, corresponding plaintext; goal is to find key. chosen plaintext: adversary may supply plaintexts and obtain corresponding ciphertext; goal is to find key. CSC 482/582: Computer Security Brute Force Attack Exhaustive search of keyspace by decrypting ciphertext C with all possible keys K. Must determine if DK(C) is a likely plaintext Requires some knowledge of format (language, doc type) For N possible keys, Worst case is N decryptions. Mean case is N/2 decryptions. Example: DES has 56-bit keys Average time to find key is 255 decryptions. CSC 482/582: Computer Security Is 128 bits enough? 128-bit keyspace permits 2128 keys 340,282,366,920,938,463,463,374,607,431,768,211,456 or 3.4 x 1038 keys Cracking 1 trillion (1012) keys per second requires 3.4 x 1026 seconds or 1.08 x 1019 years Cracking 1 trillion keys per second on 1 billion CPUs requires 1.08 x 1010 years = 10.8 billion years CSC 482/582: Computer Security Classical Cryptography Sender and receiver share common key Keys may be the same, or be trivial to derive from one another. Sometimes called symmetric cryptography. P encrypt C decrypt P K K CSC 482/582: Computer Security Substitution Ciphers Substitute plaintext chars for ciphered chars. Simple: Always use same substitution function. Polyalphabetic: Use different substitution functions based on position in message. CSC 482/582: Computer Security Cryptanalysis of Cæsar Cipher Brute force attack sufficient: Decryption key Candidate Since the keyspace is small (26-K) plaintext (26 possible keys), try all 0 exxegoexsrgi possible keys until you find 1 dwwdfndwrqfh the right one. 2 cvvcemcvqpeg 3 buubdlbupodf 4 attackatonce 5 zsszbjzsnmbd 6 yrryaiyrmlac ... 23 haahjrhavujl 24 gzzgiqgzutik 25 fyyfhpfytshj CSC 482/582: Computer Security General Simple Substitution Cipher Key Space: All permutations of alphabet (26! keys) Encryption: Replace each plaintext letter x with K(x) Decryption: Replace each ciphertext letter y with K-1(y) Example: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z K= F U B A R D H G J I L K N M P O S Q Z W X Y V T C E CRYPTO BQCOWP CSC 482/582: Computer Security General Simple Substitution Cryptanalysis Exhaustive search impossible Key space size is 26! =~ 4 x 1026 Historically thought to be unbreakable. However, languages have different frequencies of letters digraphs (groups of 2 letters) trigraphs (groups of 3 letters) etc. Simple substitution ciphers preserve letter frequencies. CSC 482/582: Computer Security English Letter Frequencies Additional Frequency Features Digraph frequencies Common digraphs: EN, RE, ER, NT Trigraph frequencies Common trigraphs: THE, AND, ING Digraph and trigraph tables can be found at http://www.sttmedia.com/syllablefrequency- english The letter Q is followed only by U. Countering Frequency Analysis Nulls Insert additional symbols (numbers) which have no meaning in random places. Idiosyncratic spellings n0rM4L s34rCh Hacker speak: www.google.com/webhp?hl=xx-hacker Homophonic substitution Each letter has multiple substitutions. Techniques increase difficulty but don’t make impossible. CSC 482/582: Computer Security Countering Frequency Analysis Primary weakness of simple substitution: Each ciphertext letter corresponds to only one letter of plaintext. Solution: polyalphabetic substitution Use multiple cipher alphabets. Switch between cipher alphabets from character to character in the plaintext. CSC 482/582: Computer Security Letter Frequency Distributions CSC 482/582: Computer Security Vigènere Cipher Use phrase instead of letter as key. Example Message THE BOY HAS THE BALL Key VIG Encipher using Cæsar cipher for each letter: key VIGVIGVIGVIGVIGV plain THEBOYHASTHEBALL cipher OPKWWECIYOPKWIRG Reproduction of CSA Cipher Disk CSC 482/582: Computer Security Relevant Parts of Tableau G I V Tableau shown only has A G I V relevant rows and columns. B H J W E L M Z Example encipherments: H N P C key V, letter T: follow V L R T G column down to T row O U W J (giving “O”) S Y A N Key I, letter H: follow I T Z B O column down to H row Y E H T (giving “P”) CSC 482/582: Computer Security Useful Terms period: length of key In earlier example, period is 3 tableau: table used to encipher and decipher Vigènere cipher has key letters on top, plaintext letters on the left. CSC 482/582: Computer Security Vigènere Cryptanalysis 1. Find key length (period), which we will call n. 2. Break message into n parts, each part being enciphered using the same key letter. 3. Use frequency analysis to solve resulting n simple substitution ciphers. key VIGVIGVIGVIGVIGV plain THEBOYHASTHEBALL cipher OPKWWECIYOPKWIRG CSC 482/582: Computer Security Kasiski Test Conjunction of key repetition with repeated portion of plaintext produces repeated ciphertext. Example: key VIGVIGVIGVIGVIGV plain THEBOYHASTHEBALL cipher OPKWWECIYOPKWIRG Key and plaintext line up over the repetitions. Distance between repetitions is 9 Repeated phrase “OPK” at 1st and 10th positions. Period is a multiple of 9 (1, 3 or 9.) CSC 482/582: Computer Security Example Vigènere Ciphertext ADQYS MIUSB OXKKT MIBHK IZOOO EQOOG IFBAG KAUMF VVTAA CIDTW MOCIO EQOOG BMBFV ZGGWP CIEKQ HSNEW VECNE DLAAV RWKXS VNSVP HCEUT QOIOF MEGJS WTPCH AJMOC HIUIX CSC 482/582: Computer Security Repetitions in Example Letters Start End Distance Factors MI 5 15 10 2, 5 OO 22 27 5 5 OEQOOG 24 54 30 2, 3, 5 FV 39 63 24 2, 2, 2, 3 AA 43 87 44 2, 2, 11 MOC 50 122 72 2, 2, 2, 3, 3 QO 56 105 49 7, 7 PC 69 117 48 2, 2, 2, 2, 3 NE 77 83 6 2, 3 SV 94 97 3 3 CH 118 124 6 2, 3 CSC 482/582: Computer Security Estimate of Period OEQOOG is probably not a coincidence Two character repetitions may be chance. Period may be 1, 2, 3, 5, 6, 10, 15, or 30 Most others (7/10) have 2 in their factors Almost as many (6/10) have 3 in their factors. Begin with period of 2 3 = 6. CSC 482/582: Computer Security Letter Coincidence Coincidence: Picking two letters at random from a message that are identical.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    76 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us