Cryptography

• Cryptography is the technique of secret writing.

• A cipher is a method of secret writing.

• The purpose is to convert an intelligible message, referred to as plaintext, into apparently random nonsense text, referred to as ciphertext.

• The encryption process consists of an algorithm and a key.

• The algorithm will produce a different output depending on the specific key being used at the time.

Message:

FIRE MISSILE

K={2,1,3}

Ciphertext:

IMSEFESLRII

F I R

E M I

S S I

L E

Example

Message: If you do not pay attention, probably, you will fail the course.

Key=1234567890

Ciphertext (produced by using AES):

-----BEGIN PGP MESSAGE-----

Version: PGP 8.1 - not licensed for commercial use: www.pgp.com

qANQR1DDDQQJAwLQSwllvgfi62DScAFQk+fIKa04Fxfuy7ROMNJTZ+iT1fVQTe3Z

7QVs/YxtZqfGEQev9OtSrPgK/FCGzBMut2PFZ7ChE0hhInETL2mZO7w0NN4aZRJo

aPtraLPOwjCNMTLdYxcYzyAVx9cqlagAbTxbH2DIHNjZ+cs9WVI=

=pN/e

-----END PGP MESSAGE-----

Example

Basic Definitions

• Plaintext: This is the original message or data that is fed into the algorithm as input

• Encryption Algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext.

• Secret Key: The secret key is also an input to the algorithm. The exact substitutions and transformations performed by the algorithm depend on the key.

• Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and on the secret key. For a given message, two different keys will produce two different ciphertexts.

Basic DefinitionsDecryption algorithm: This is essentially the encryption

algorithm run in reverse. It takes the ciphertext and the secret key and produces the origin plaintext.

Ciphertext = cryptogram

Cleartext = plaintext = message

Ciphering= encryption

Deciphering = decryption

Basic Terms• plaintext - the original message • ciphertext - the coded message • cipher - algorithm for transforming plaintext to ciphertext • key - info used in cipher known only to sender/receiver • encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering ciphertext from plaintext• cryptography - study of encryption principles/methods• cryptanalysis (codebreaking) - the study of principles/

methods of deciphering ciphertext without knowing key• cryptology - the field of both cryptography and cryptanalysis

7

• There are two requirements for secure use of conventional encryption:

1. The opponent should be unable to decrypt a cryptogram or discover the key even if he or she is in possession of a number of cryptograms together with the plaintext that produced each cryptogram.

2. Sender a receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure.

• It is important to note that the security of conventional encryption depends on the secrecy of the key, not the secrecy of the algorithm

• The algorithm is supposed to be public.

Classification of Cryptographic systems

By the numbers of keys used

1. If both sender and receiver use the same key, the system is referred to as symmetric (or single key, secret-key, conventional) cryptosystem

1. If the sender and receiver each uses a different key, the system is referred to as asymmetric or two-key or public-key cryptosystem.

By the way in which the plaintext is processed

A block cipher processes the input one block of elements at a time, producing an output block for each input block.

By the way in which the plaintext is processed

A stream cipher processes the input elements continuously, producing output one element at a time, as it goes along.

Vernam’s Cipher

+ 0 1

0 0 1

1 1 0

http://www.pro-technix.com/information/crypto/pages/vernam_base.html

Cryptanalysis• The process of attempting to discover the plaintext or key

is known as cryptanalysis.

• The strategy used by the cryptanalyst depends on the nature of the encryption scheme and the information available to the cryptanalyst.

• A cipher is breakable if is possible to determine systematically the key (or the plaintext) from pairs plaintext, ciphertext given.

Types of Cryptanalytic Attacks

• ciphertext only

– only know algorithm / ciphertext, can identify plaintext

• known plaintext

– know/suspect plaintext & ciphertext to attack cipher

• chosen plaintext

– select plaintext and obtain ciphertext to attack cipher

• chosen ciphertext

– select ciphertext and obtain plaintext to attack cipher

• chosen text

– select either plaintext or ciphertext to en/decrypt to attack cipher

• An encryption scheme is computationally secure if the ciphertext generated by the scheme meets one or both of the following criteria:

1. The cost of breaking the cipher exceeds the value of the encrypted information.

2. The time required to break the cipher exceeds the useful lifetime of the information.

• It is very difficult to estimate the amount of effort required to cryptanalize ciphertext successfully. However, assuming there are no inherent mathematical weaknesses in the algorithm, then a brute-force approach is indicated, and here we can make some reasonable estimates about costs and time

Brute Force Attack• A brute-force approach involves trying every possible key

until an intelligible translation of the ciphertext into plaintext is obtained.

• most basic attack, proportional to key size • assume either know / recognise plaintext

17

Assuming 1E12Decryptions / sec

• An encryption scheme is unconditionally secure if the ciphertext generated by the scheme does not contain enough information to determine uniquely the corresponding plaintext, no matter how much ciphertext is available. That is, no matter how much computational power an opponent has, it is impossible for him or her to decrypt the cyphertext, simply because the required information is not there.

• With the exception of a scheme known as the one-time pad, there is no encryption algorithm that is unconditionally secure.

Ci= Mi Ki

Mi= Ci Ki• K1K2……. is a random key as long as the message. The

key cannot be repeated.

• This scheme produces a random output (ciphertext) that does not have statistical relation with the plaintext.

• The practical difficulty with this method is that the sender and receiver must be in possession of, and protect, the random key.

• One-time pads have applications in today’s world, primarily for ultra-secure low-bandwith channels.

• unconditional security – no matter how much computer power is

available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext

• computational security – given limited computing resources (eg time

needed for calculations is greater than age of universe), the cipher cannot be broken

Classical Substitution Ciphers

• where letters of plaintext are replaced by other letters or by numbers or symbols

• or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns

Caesar Cipher

• A substitution cipher is one in which the letters of plaintext are replaced by other letters or by numbers or symbols.

• The Caesar cipher involves replacing each letter of the alphabet with the letter standing three places further down the alphabet. For example:

• Rule (algorithm)

a b c d e f g h i j k l m n o p q r s t u v w x y z

d e f g h i j k l m n o p q r s t u v w x y z a b c

Message: meet me after the toga party

Ciphertext: phhw ph diwhu wkh wrjd sduwb

Caesar Cipher• If we assign a numerical equivalent to each letter (a=0,

b=1,.., z=25), then the algorithm can be expressed as follows:

C= E(P)= (p+3) modulo 26,

Where p is a letter (i.e. a number between 0 and 25) and C=E(P) is the corresponding ciphertext.

The decryption algorithm is as follows:

P=D(C)=(C-3) modulo 26.

The “key space” has 25 elements, i.e. There are 25 possible keys.

Caesar Cipher

• can define transformation as:a b c d e f g h i j k l m n o p q r s t u v w x y zD E F G H I J K L M N O P Q R S T U V W X Y Z A B C

• mathematically give each letter a numbera b c d e f g h i j k l m0 1 2 3 4 5 6 7 8 9 10 11 12n o p q r s t u v w x y Z13 14 15 16 17 18 19 20 21 22 23 24 25

• then have Caesar cipher as:C = E(P) = (P + k) mod (26)p = D(C) = (C – k) mod (26)

Cryptanalysis of Caesar Cipher

• only have 26 possible keys!

• a brute force attack

• given ciphertext, just try all shifts of letters

• do need to recognize when have plaintext

• eg. break ciphertext "GCUA VQ DTGCM"

Monoalphabetic Cipher

• rather than just shifting the alphabet • could shuffle the letters arbitrarily • each plaintext letter maps to a different random

ciphertext letter • The “cipher” line can be any permutation of the 26

alphabetic characters.

A T

B H

C E

D I

E L

F S

G A

H R

I V

J B

K C

L D

M F

N G

O J

P K

Q M

R N

S O

T P

U Q

V U

W W

X X

Y Y

Z Z

Keyphrase “THE HILLS ARE ALIVE”

Monoalphabetic Cipher Security

• Now have a total of

26! = 403291461126605635584000000 keys

=4 x E26 Keys

with so many keys, might think is secure !• !WRONG!• The problem is language characteristics

Language Redundancy and Cryptanalysis

• letters are not equally commonly used • in English e is by far the most common letter • then T,R,N,I,O,A,S • other letters are fairly rare • cf. Z,J,K,Q,X • have tables of single, double & triple letter

frequencies

English Letter Frequencies

Use in Cryptanalysis

• key concept - monoalphabetic substitution ciphers do not change relative letter frequencies

• calculate letter frequencies for ciphertext

• compare frequencies against known values

• tables of common double/triple letters help

Example Cryptanalysis

• given ciphertext:UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

• count relative letter frequencies

P 13.33 H 5.83 F 3.33 B 1.67 C 0.00

Z 11.67 D 5.00 W 3.33 G 1.67 K 0.00

S 8.33 E 5.00 Q 2.50 Y 1.67 L 0.00

U 8.33 V 4.17 T 2.50 I 0.83 N 0.00

O 7.50 X 4.17 A 1.67 J 0.83 R 0.00

M 6.67

Example Cryptanalysis

• guess P and Z are e and t• guess ZW is th and hence ZWP is the• proceeding with trial and error finally get:

it was disclosed yesterday that several informal but

direct contacts have been made with politicalrepresentatives of the vietcong in moscow

• Monoalphabetic ciphers are easy to break because they reflect the frequency data of the original alphabet.

Polyalphabetic Ciphers

• another approach to improving security is to use multiple cipher alphabets

• makes cryptanalysis harder with more alphabets to guess and flatter frequency distribution

• use a key to select which alphabet is used for each letter of the message

• use each alphabet in turn • repeat from start after end of key is reached • Vigenère Cipher

Example

• write the plaintext out • write the keyword repeated above it• use each key letter as a caesar cipher key • encrypt the corresponding plaintext letter• eg using keyword deceptive

key: deceptivedeceptivedeceptive

plaintext: wearediscoveredsaveyourself

ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ

Security of Vigenère Ciphers

• The key must be used several times for encrypting long messages. So the key becomes a periodic sequence.

• By determining the size of the key, the cryptanalysis is reduced to the case of several Caesar ciphers.

One-Time Pad• If a truly random key ( with no petitions) as long as the

message is used, the cipher will be secure. • This scheme is know as One-Time pad• Because the ciphertext contains no information

whatsoever about the plaintext, there is simply no way to break the code.

• There is the practical problem of making large quantities of random keys. Any heavily used system might require millions of random characters on a regular basis. Supplying truly random characters is a significant task.

• The key cannot be reused.• The safe distribution of keys is a big problem. • The one-time pad is used primarily for low-bandwidth

channels requiring very high security.