Académique Documents
Professionnel Documents
Culture Documents
Classic Crypto
Overview
Classic Crypto
Transposition Ciphers
Classic Crypto
Scytale
Spartans, circa 500 BC Wind strip of leather around a rod Write message across the rod T H E T I M E H A S C O M E T H E W A L R U S S A I D T O T A L K O F M A N Y T H I N G S When unwrapped, letters are scrambled TSATAHCLONEORTYTMUATIESLHMTS
Classic Crypto 4
Scytale
Suppose many different rod diameters are available to Alice and Bob
manually examining each putative decrypt?
o What is the key? o How hard is it for Trudy to break without key?
o How hard is it for Trudy to break a message? o Can Trudy attack messages automaticallywithout
Classic Crypto
Columnar Transposition
Put plaintext into rows of matrix then read ciphertext out of columns For example, suppose matrix is 3 x 4
o Plaintext: SEETHELIGHT
o Ciphertext: SHGEEHELTTIX
Classic Crypto
For example
Classic Crypto
o Ciphertext: ROUPSXCTFYIN
Matrix is n x m for some n and m Since 45 letters, nm = 45 How many cases to try? How will Trudy know when she is correct?
Classic Crypto
The ciphertext is
VOESA IVENE MRTNL EANGE WTNIM HTMLL ADLTR NISHO DWOEH
Classic Crypto 9
Cryptanalysis: Lesson I
If keyspace is too large, such an attack will not succeed in a reasonable time
o Or it will have a low probability of success
A large keyspace is necessary for security But, large keyspace is not sufficient
Classic Crypto
10
Double Transposition
Plaintext:
columns row 0 row 1 row 2 row 3 row 4 0 A A X X W 1 T C A D N
ATTACK AT DAWN
Permute rows and columns
2 T K T A X
0 X W A X A
2 T X T A K
1 A N T D C
Ciphertext:
XTAWXNATTXADAKC
Key?
Classic Crypto
Double Transposition
How can Trudy attack double transposition? Spse Trudy sees 45-letter ciphertext Then how many keys?
Classic Crypto
12
Double Transposition
Suppose Trudy guesses matrix is 9 x 5 column 0 1 Then Trudy has: Now what? Try all perms? 5! 9! 225 Is there a better way?
row 0 row 1 row 2 row 3 row 4 row 5 row 6 row 7 row 8 I E O A V E V S N L A M N E R E T N
Classic Crypto
2 I H E N G W M T T
3 L R E D M E T A N
4 W E S D I H O O H
13
Double Transposition
Shortcut attack on double transposition? Trudy tries columns first strategy
column row 0 row 1 row 2 row 3 row 4 row 5 row 6 row 7 row 8 0 I E O A V E V S N 1 L A M N E R E T N 2 I H E N G W M T T 3 L R E D M E T A N 4 W E S D I H O O H column row 0 row 1 row 2 row 3 row 4 row 5 row 6 row 7 row 8 2 I H E N G W M T T 4 W E S D I H O O H 0 I E O A V E V S N 1 L A M N E R E T N 3 L R E D M E T A N
Permute columns
Now what?
14
Classic Crypto
Cryptanalysis: Lesson II
Requires careful analysis of algorithm We will see this again and again in the attacks discussed later Of course, cryptographers try to prevent divide and conquer attacks
Classic Crypto
15
Substitution Ciphers
Classic Crypto
16
Ceasars Cipher
Plaintext:
FOURSCOREANDSEVENYEARSAGO Key:
Plaintext a b c d e f g h i j k l m n o p q r s t u v w x y z Ciphertext D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Ciphertext:
Ceasars Cipher
Trudy
Then
plaintext is SPONGEBOBSQUAREPANTS
18
Classic Crypto
Simple Substitution
Caesars
cipher is trivial if we adhere to Kerckhoffs Principle We want a substitution cipher with lots of keys What to do? Generalization of Caesars cipher
Classic Crypto
19
Simple Substitution
Key
Then
PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWI PBVWLXTOXBTFXQWAXBVCXQWAXFQJVWLEQNT OZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJV WLBTPQWAEBFPBFHCVLXBQUFEVWLXGDPEQVP QGVPPBFTIXPFHXZHVFAGFOTHFEFBQUFTDHZBQ POTHXTYFTODXQHFTDPTOGHFQPBQWAQJJTODX QHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQ WKFABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQJ HDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQWAU VWFLQHGFXVAFXQHFUFHILTTAVWAFFAWTEVOIT DHFHFQAITIXPFHXAFQHEFZQWGFLVWPTOFFA
Classic Crypto 21
Classic Crypto
A B C D E F G H I
J K
L M N O P Q R S T U V W X Y Z
22
Ciphertext: PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXT OXBTFXQWAXBVCXQWAXFQJVWLEQNTOZQGGQLFXQWAK VWLXQWAEBIPBFXFQVXGTVJVWLBTPQWAEBFPBFHCVLXB QUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGFOTHFEFB QUFTDHZBQPOTHXTYFTODXQHFTDPTOGHFQPBQWAQJJT ODXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQWKF ABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQJHDXXQVAVXE BQPEFZBVFOJIWFFACFCCFHQWAUVWFLQHGFXVAFXQHFU FHILTTAVWAFFAWTEVOITDHFHFQAITIXPFHXAFQHEFZQWG FLVWPTOFFA Ciphertext frequency counts:
A B C D E F G H I J K L MN O P Q R S T U VWX Y Z
21 26 6 10 12 51 10 25 10 9
Classic Crypto
3 10 0
1 15 28 42 0
0 27 4 24 22 28 6 8
23
Ciphertext
analysis
Classic Crypto
24
Poly-Alphabetic Substitution
Like
Very
o Often, a new alphabet for each letter o Vigenere cipher is an example o Discuss Vigenere later in this section
Used
Classic Crypto
25
Affine Cipher
Number
Then
o A is 0, B is 1, C is 2, etc.
Classic Crypto
26
Affine Cipher
Encryption:
Classic Crypto
27
Vigenere Cipher
Encryption ci = pi + ki (mod n) (mod 26) Decryption pi = ci ki (mod n) (mod 26) Nothing tricky here! Just a repeating sequence of (shift by n) simple substitutions
Classic Crypto 28
Vigenere Cipher
Vigenere Cipher
Vigenere
is just a series of k simple substitution ciphers Should be able to do k simple substitution attacks
But
30
Index of Coincidence
Assume
ciphertext is English letters Let n0 be number of As, n1 number of Bs, , n25 number of Zs in ciphertext Let n = n0 + n1 + + n25 Define index of coincidence
What
Classic Crypto
Index of Coincidence
Gives the probability that 2 randomly selected letters are the same For plain English, prob. 2 letter are same:
Then for simple substitution, I 0.065 For random letters, each pi = 1/26
Classic Crypto
32
Index of Coincidence
How to use this to estimate length of keyword in Vigenere cipher? Suppose keyword is length k, message is length n
Classic Crypto
33
Index of Coincidence
Suppose k columns and n/k rows Approximate number of matching pairs from same column, but 2 different rows:
Approximate number of matching pairs from 2 different columns, and any two rows:
Classic Crypto
34
Index of Coincidence
Classic Crypto
against classical and WWIIera ciphers Incidence of coincidence is a wellknown statistical test
o Many other statistical tests exists
Classic Crypto
36
Hill Cipher
Hill cipher is not related to small mountains Invented by Lester Hill in 1929
Idea is to create a substitution cipher with a large alphabet All else being equal (which it never is) cipher should be stronger than simple substitution
Classic Crypto
37
Hill Cipher
Plaintext, p0, p1, p2, Each pi is block of n consecutive letters
o As a column vector
Classic Crypto
38
And
Ciphertext: (4,22,23,9,4,22,24,19,10,25) = EWXJEWYTKZ
Classic Crypto
39
Let P be matrix with columns p0,p1,,pn-1 Let C be matrix with columns c0,c1,,cn-1 Then AP = C and A = CP1 if P1 exists
Classic Crypto
40
Cryptanalysis: Lesson IV
Linear
Strong
Cryptanalyst
Classic Crypto
41
One-time Pad
A
provably secure cipher No other cipher we discuss is provably secure Why not use one-time pad for everything?
Classic Crypto
42
Plaintext: 001 000 010 100 001 010 111 100 000 101 Key: 111 101 110 101 111 100 000 101 110 000
Ciphertext: 110 101 100 001 110 110 111 001 110 101
s
Classic Crypto
r
43
Ciphertext: 110 101 100 001 110 110 111 001 110 101 Key: 111 101 110 101 111 100 000 101 110 000
Plaintext: 001 000 010 100 001 010 111 100 000 101
h
Classic Crypto
r
44
One-time Pad
Double agent claims sender used key:
Ciphertext: 110 101 100 001 110 110 111 001 110 101 key: 101 111 000 101 111 100 000 101 110 000 Plaintext: 011 010 100 100 001 010 111 100 000 101
Classic Crypto
45
One-time Pad
Sender is captured and claims the key is:
Ciphertext: 110 101 100 001 110 110 111 001 110 101 Key: 111 101 000 011 101 110 001 011 101 101 Plaintext: 001 000 100 010 011 000 110 010 011 000
Classic Crypto
46
Ciphertext provides no info about plaintext All plaintexts are equally likely Pad must be random, used only once Pad is known only by sender and receiver Pad is same size as message No assurance of message integrity
Classic Crypto
Project VENONA
Spy carried one-time pad into U.S. Spy used pad to encrypt secret messages Repeats within the one-time pads made cryptanalysis possible
o Soviet spy messages from U.S. in 1940s o Nuclear espionage, etc. o Thousands of messaged
Classic Crypto
48
Ruth == Ruth Greenglass Liberal == Julius Rosenberg Enormous == the atomic bomb
49
Classic Crypto
Codebook Cipher
Literally,
Key
is the codebook itself Security of cipher requires physical security for codebook Codebooks widely used thru WWII
Classic Crypto
50
Codebook Cipher
Literally, a book filled with codewords Zimmerman Telegram encrypted via codebook
Februar fest finanzielle folgender Frieden Friedenschluss : 13605 13732 13850 13918 17142 17149 :
Classic Crypto
51
Zimmerman Telegram
One of most famous codebook ciphers ever Led to US entry in WWI Ciphertext shown here
Classic Crypto
52
Classic Crypto
53
Codebook Cipher
Codebooks
Historically,
codebooks very popular To extend useful life of a codebook, an additive was usually used
o Like simple substitution cipher, but lots of data required to attack a codebook
Classic Crypto
54
Codebook Additive
Codebook
additive is another book filled with random number Sequence of additive numbers added to codeword to yield ciphertext
lookup in codebook add the additive
plaintext
codeword
ciphertext
Classic Crypto
55
Codebook Additive
Usually,
starting position in additive book selected at random by sender Starting additive position usually sent in the clear with the ciphertext
Why
o Part of the Message Indicator (MI) o Modern term: Initialization Vector (IV)
Classic Crypto
Cryptanalysis: Summary
Exhaustive
key search Divide and conquer Statistical analysis Exploit linearity Or any combination thereof (or anything else you can think of) Alls fair in love and war
o and cryptanalysis!
Classic Crypto
57