cs363
DESCRIPTION
Week 3 - Monday. CS363. Last time. What did we talk about last time? Secure encryption DES. Questions?. Assignment 1. Security Presentation. Yuki Gage. DES. DES internals. DES has 16 rounds The book calls them cycles - PowerPoint PPT PresentationTRANSCRIPT
CS363Week 3 - Wednesday
Last time
What did we talk about last time? Access control Cryptography basics
Questions?
Project 1
Encryption
Terminology remix Last week we gave the book’s terminology Rather than use letters, a system
popularized by Ron Rivest is to use Alice and Bob as the two parties communicating Carl or another “C” name can be used if three
people are involved Trent is a trusted third party Eve is used for an evil user who often
eavesdrops Mallory is used for a malicious user who is
usually trying to modify messages
Encryption algorithms The algorithms for encryption often rely on a
secret piece of information, called a key We can notate the use of a specific key in either
of the two following ways: C = EK(M) C = E(K, M)
In symmetric (or private key) encryption, the encryption key and the decryption key are the same
In asymmetric (or public key) encryption, the encryption key and the decryption key are different
Symmetric vs. asymmetric
Key K
Encryption Decryption
Symmetric Encryption
Plaintext M
Ciphertext C
Plaintext M
Encryption Key KE
Decryption Key KD
Encryption Decryption
Asymmetric Encryption
Plaintext M
Ciphertext C
Plaintext M
Cryptanalysts A cryptanalyst is someone who is trying to break
the cryptography and discover the plaintext or the key
A cryptanalyst could: Break a single message Find patterns in the encryption that allow future messages
to be decrypted Discover information in the messages without fully
decrypting them Discover the key Find weaknesses in the implementation of the encryption Find weaknesses in the encryption that may or may not be
able to lead to breaks in the future
Modular Arithmetic Overview
Review of Modular Arithmetic Modulo operator takes the remainder Two numbers are said to be congruent
modulo n if they have the same remainder when divided by n
For example,39 3 (mod 12)
Addition, subtraction, and multiplication: [(a mod n) + (b mod n)] mod n = (a + b) mod n [(a mod n) – (b mod n)] mod n = (a – b) mod n [(a mod n) x (b mod n)] mod n = (a x b) mod n
Divided and Conquered
We can’t actually divide Instead, we have to find the
multiplicative inverse The multiplicative inverse of x exists if
and only if x is relatively prime to n 13 ∙ 5 65 1 (mod 16) So, 13 and 5 are multiplicative inverses
mod 16 But, 0, 2, 4, 6, 8, 10, 12, and 14 do not
have multiplicative inverses mod 16
Shift Cipher
Definition
A shift cipher encrypts a message by shifting all of the letters down in the alphabet
Using the Latin alphabet, there are 26 (well, 25) possible shift ciphers
We can model a shift cipher by numbering the letters A, B, C, … Z as 0, 1, 2, … 25
Then, we let the key k be the shift For a given letter x:Ek(x) = (x + k) mod 26
Example: Caesar Cipher
E("KILL EDWARD") = "NLOO HGZDUG"
What is E("I DRINK YOUR MILKSHAKE")?
What is D("EUHDNLWGRZQ")? This code was actually used by Julius
Caesar who used it to send messages to his generals
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Example: ROT13 Cipher
E("MATH IS GREAT") = "ZNGU VF TERNG"
Note that encryption = decryption for this cipher
Used to hide spoilers in some online forums
How hard is it to crack shift ciphers?
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
Cryptanalysis of a Shift Cipher Cryptanalysis of a shift cipher is
incredibly easy You just have to try 26 possibilities to
be sure you have the right one A shift cipher is a simplified version
of a substitution cipher, which we will talk more about on Wednesday
Transposition Ciphers
Definition
In a transposition cipher, the letters are reordered but their values are not changed
Any transposition cipher is a permutation function of some kind
Example: Rail Fence Cipher In the rail fence cipher, a message is written vertically
along a fixed number of "rails," wrapping back to the top when the bottom is reached
To finish the encryption, the message is stored horizontally
This is also known as a columnar transposition Encryption of "WE ARE DISCOVERED, FLEE AT ONCE"
with three rails:
Ciphertext: WRIORFEOEEESVELANXADCEDETCJ
W R I O R F E O EE E S V E L A N XA D C E D E T C J
Variations There are many other ways to vary the
cipher It is possible to write the words going down
and then back up the fence Words can be read back off the grid in a
spiral or backwards Different rules can be used when the words
don't completely fill the grid After the grid has been made, columns can
be permuted by another function, perhaps based on a keyword
Cryptanalysis of Transposition Ciphers It is usually possible to detect a transposition
cipher because the frequencies of letters are unchanged
Practiced cryptographers look for patterns of anagrams in a given language, allowing them to find the rules for transposition
Transposition ciphers were used in practice as recently as World War II
Note that transposition ciphers require all the characters in the message before it can begin as well as linear space
Substitution Ciphers
Substitution ciphers Substitution ciphers cover a wide range of
possible ciphers, including the shift cipher In a substitution cipher, each element of the
plaintext is substituted for some corresponding element of the ciphertext
Monoalphabetic substitution ciphers always use the same substitutions for a letter (or given sequence of letters)
Polyalphabetic substitution ciphers use different substitutions throughout the encryption process
Example: Simple Monoalphabetic Substitution Cipher
We can map to a random permutation of letters
For example:
E(“MATH IS GREAT”) = “UIYP TQ ABZIY”
26! possible permutations Hard to check every one
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
I N O V Z H A P T R G E U F D W S B Q Y L K M J C X
Example continued
Using the same mapping, perform the following encryption:
E("HELP ME") =
Perform the following decryption:
D("VD CDL QZZ YPZ HFDBV") =
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
I N O V Z H A P T R G E U F D W S B Q Y L K M J C X
English language defeats us Some letters are used more
frequently than others:ETAOINSHRDLU
Longer texts willbehave more andmore consistently
Make a histogram, break the cipher
Frequency Attack
Cipher TextSPHB JLSP K ECGPCQFT GYBKYD, VFCMB C LSPGBYBG, VBKX KPG VBKYD,SOBY EKPD K RJKCPT KPG HJYCSJU OSMJEB SZ ZSYQSTTBP MSYB -VFCMB C PSGGBG, PBKYMD PKLLCPQ, UJGGBPMD TFBYB HKEB K TKLLCPQ,KU SZ USEB SPB QBPTMD YKLLCPQ, YKLLCPQ KT ED HFKEIBY GSSY."'TCU USEB OCUCTSY," C EJTTBYBG, "TKLLCPQ KT ED HFKEIBY GSSY - SPMD TFCU KPG PSTFCPQ ESYB."
KF, GCUTCPHTMD C YBEBEIBY CT VKU CP TFB IMBKX GBHBEIBY;KPG BKHF UBLKYKTB GDCPQ BEIBY VYSJQFT CTU QFSUT JLSP TFB ZMSSY.BKQBYMD C VCUFBG TFB ESYYSV; - OKCPMD C FKG USJQFT TS ISYYSVZYSE ED ISSXU UJYHBKUB SZ USYYSV - USYYSV ZSY TFB MSUT MBPSYB -ZSY TFB YKYB KPG YKGCKPT EKCGBP VFSE TFB KPQBMU PKEB MBPSYB - PKEBMBUU FBYB ZSY BOBYESYB.
KPG TFB UCMXBP, UKG, JPHBYTKCP YJUTMCPQ SZ BKHF LJYLMB HJYTKCPTFYCMMBG EB - ZCMMBG EB VCTF ZKPTKUTCH TBYYSYU PBOBY ZBMT IBZSYB;US TFKT PSV, TS UTCMM TFB IBKTCPQ SZ ED FBKYT, C UTSSG YBLBKTCPQ"'TCU USEB OCUCTBY BPTYBKTCPQ BPTYKPHB KT ED HFKEIBY GSSY -USEB MKTB OCUCTBY BPTYBKTCPQ BPTYKPHB KT ED HFKEIBY GSSY; - TFCU CT CU KPG PSTFCPQ ESYB."
Moving Toward Plain TextSNPE YMSN A LIDNIUHO DTEATF, WHICE I MSNDETED, WEAK AND WEATF,SVET LANF A XYAINO AND PYTISYR VSCYLE SG GSTUSOOEN CSTE -WHICE I NSDDED, NEATCF NAMMINU, RYDDENCF OHETE PALE A OAMMINU,AR SG RSLE SNE UENOCF TAMMINU, TAMMINU AO LF PHALBET DSST."'OIR RSLE VIRIOST," I LYOOETED, "OAMMINU AO LF PHALBET DSST - SNCF OHIR AND NSOHINU LSTE."
AH, DIROINPOCF I TELELBET IO WAR IN OHE BCEAK DEPELBET;AND EAPH REMATAOE DFINU ELBET WTSYUHO IOR UHSRO YMSN OHE GCSST.EAUETCF I WIRHED OHE LSTTSW; - VAINCF I HAD RSYUHO OS BSTTSWGTSL LF BSSKR RYTPEARE SG RSTTSW - RSTTSW GST OHE CSRO CENSTE -GST OHE TATE AND TADIANO LAIDEN WHSL OHE ANUECR NALE CENSTE - NALECERR HETE GST EVETLSTE.
AND OHE RICKEN, RAD, YNPETOAIN TYROCINU SG EAPH MYTMCE PYTOAINOHTICCED LE - GICCED LE WIOH GANOAROIP OETTSTR NEVET GECO BEGSTE;RS OHAO NSW, OS ROICC OHE BEAOINU SG LF HEATO, I ROSSD TEMEAOINU"'OIR RSLE VIRIOET ENOTEAOINU ENOTANPE AO LF PHALBET DSST -RSLE CAOE VIRIOET ENOTEAOINU ENOTANPE AO LF PHALBET DSST; - OHIR IO IR AND NSOHINU LSTE."
Real Plain TextONCE UPON A MIDNIGHT DREARY, WHILE I PONDERED, WEAK AND WEARY,OVER MANY A QUAINT AND CURIOUS VOLUME OF FORGOTTEN LORE -WHILE I NODDED, NEARLY NAPPING, SUDDENLY THERE CAME A TAPPING,AS OF SOME ONE GENTLY RAPPING, RAPPING AT MY CHAMBER DOOR."'TIS SOME VISITOR," I MUTTERED, "TAPPING AT MY CHAMBER DOOR - ONLY THIS AND NOTHING MORE."
AH, DISTINCTLY I REMEMBER IT WAS IN THE BLEAK DECEMBER;AND EACH SEPARATE DYING EMBER WROUGHT ITS GHOST UPON THE FLOOR.EAGERLY I WISHED THE MORROW; - VAINLY I HAD SOUGHT TO BORROWFROM MY BOOKS SURCEASE OF SORROW - SORROW FOR THE LOST LENORE -FOR THE RARE AND RADIANT MAIDEN WHOM THE ANGELS NAME LENORE - NAMELESS HERE FOR EVERMORE.
AND THE SILKEN, SAD, UNCERTAIN RUSTLING OF EACH PURPLE CURTAINTHRILLED ME - FILLED ME WITH FANTASTIC TERRORS NEVER FELT BEFORE;SO THAT NOW, TO STILL THE BEATING OF MY HEART, I STOOD REPEATING"'TIS SOME VISITER ENTREATING ENTRANCE AT MY CHAMBER DOOR -SOME LATE VISITER ENTREATING ENTRANCE AT MY CHAMBER DOOR; - THIS IT IS AND NOTHING MORE."
Digram analysis These kinds of attacks can
be further refined by analyzing digrams and trigrams (two letter and three letter sequences)
Digram analysis is also an approach that can be used against transposition ciphers, since you can gain clues about which letters should be next to which others
Digrams TrigramsEN ENTRE IONER ANDNT INGTH IVEON TIOIN FORTF OURAN THIOR ONE
Vigenère Cipher
Vigenère cipher
The Vigenère cipher is a form of polyalphabetic substitution cipher
In this cipher, we take a key word and repeat it, over and over, until it is as long as the message
Then, we add the repetitions of keywords to our message mod 26
Vigenère example
Key: BENCH Plaintext: A LIMERICK PACKS LAUGHS
ANATOMICALB E N C H B E N C H B E N C H B E N C H B E N C H B E N C H
A L I M E R I C K P A C K S L A U G H S A N A T O M I C A LB P V O L S MP M WB G X U S B Y T J Z B R N V V N MP C S
Example continued
Encrypt the following: Plaintext: GENTLEMEN DINE AFTER
SEVEN Key: WILDE
Decrypt the following: Ciphertext: EOJKINOCQGEOJKI Key: BOWIE
Cryptanalysis of Vigenère The index of coincidence measures
the differences in the frequencies in the ciphertext
It is the probability that two randomly chosen letters from the ciphertext are the same
IC =
25
0)1()1(
1i
ii FFNN
Period 1 2 3 4 5 10 LargeExpected IC
0.066 0.052 0.047 0.045 0.044 0.041 0.038
Normalized index of coincidence Some systems look at a
“normalized” index of coincidence, which is found by multiplying the formula given on the previous page by the number of letters in the language 26 for English When reading the literature, both
normalized and unnormalized versions can be called index of coincidence
Here are index of coincidence values for a few common languages
Language Index
English 1.73
French 2.02
German 2.05
Italian 1.94Portugues
e 1.94
Russian 1.76
Spanish 1.94
Friedman test The Friedman test is a way to estimate the
length of the key uses the following equation: Length = = 0.067 (the probability that any two randomly
chosen letters are the same in monocase English)
= 0.0385 = 1/26 (the probability of a coincidence from a uniform distribution of letters)
= (the observed coincidence rate)
Kasiski method If the IC indicates that a period of more than
1 is being used, look for repeated sequences Look at the gaps between long sequences Try to find the GCD of gaps between long
sequences If you have a reasonable guess for the length
of the key, break the ciphertext into groups based on the corresponding letter of the key
If the IC is high (in the range of a single letter), then you have probably found the key length
After the length is known… The rest is easy Try various shifts for each letter of
the key so that high frequency letters (E, T, A) occur with high frequency and low frequency letters (Q, X, Z) occur with low frequency
Guess and check
One-Time Pad
One-Time Pad
A One-Time Pad is similar to the Vigenère cipher, except that the key is as long as the message
What will this do to the index of coincidence?
Any given ciphertext could be decrypted into any plaintext, provided that you have the right key
One-Time Pad example
Key: THISISTHESECRETPASSWORD Plaintext: SOMEBODY SHOUTED
MCINTYRE
Now, use the key IFYOUDISSDRDRE to encrypt MELODY AND RHYME
S O ME B O D Y S H O U T E D MC I N T Y R E
T H I S I S T H E S E C R E T P A S S WO R DL V U WJ G WF WZ S WK I W B C A F P MI H
One-Time Pad example continued Plaintext: SOMEBODY SHOUTED
MCINTYRE
Find a key (never done that before, have we?) that will encrypt the plaintext to YOUCOULDFINDTHEABSTRACT
Perfect secrecy
A One-Time Pad has the property of perfect secrecy or Shannon secrecy
Perfect secrecy means that P(M) = P(M|C) Remember that it is possible to find a
key that would decrypt a ciphertext to any plaintext
Thus, learning the ciphertext tells you nothing about the plaintext
One-Time Pad weaknesses You can only use it one time
Otherwise, recovering the key is trivial Completely vulnerable to known plaintext
attack The key is as long as the message If you have a way of sending a key that
long securely, why not send the message the same way?
Generating keys with appropriate levels of randomness presents a problem
Secure Encryption Algorithms
How do you define good? Claude Shannon is the guy that invented Shannon secrecy
and is considered the father of information theory He proposed 5 characteristics for a good cipher:1. The amount of secrecy needed should determine the
amount of labor appropriate for encryption and decryption2. The set of keys and the enciphering algorithm should be
free from complexity3. The implementation of the process should be as simple as
possible4. Errors in ciphering should not propagate and cause
corruption of further information in the message5. The size of the enciphered text should be no larger than
the text of the original message
A more modern view
Shannon was focused on hand encryption
Modern commercial users of cryptography want the following characteristics for their cryptosystems: Based on sound mathematics Analyzed by competent experts and
found to be sound Stood the test of time
Upcoming
Next time…
Stream and block ciphers DES Start AES Matthew Sternbergh presents
Reminders
Read Sections 2.3 and 12.2 Work on Project 1
Due next Friday Finish Assignment 1
Due this Friday There's also a field trip to Cargas
Systems in Lancaster this Friday