the secure hill cipher jeff overbey ma464-01 dr. jerzy wojdyło april 29, 2003 based on s. saeednia....

The Secure Hill CipherThe Secure Hill Cipher

Jeff OverbeyJeff OverbeyMA464-01 • Dr. Jerzy Wojdyło • April 29, 2003MA464-01 • Dr. Jerzy Wojdyło • April 29, 2003

Based onBased on

S. Saeednia. S. Saeednia. How to Make the Hill Cipher Secure.How to Make the Hill Cipher Secure.Cryptologia Cryptologia 2424 (2000) 353–360. (2000) 353–360.

HILL

The ScenarioThe Scenario


Alice


Bob


Oscar


Nosy Neighbor

Sender Recipient

Insecure Channel

Hill CipherHill Cipher

Beforehand…Beforehand… Alice and Bob privately Alice and Bob privately

share matrix share matrix KK, invertible , invertible over over ZZmm

To encrypt a matrix X over To encrypt a matrix X over ZZmm……

Compute Compute YY = = KXKX Send Send YY

To decrypt Y…To decrypt Y… Compute Compute XX = = KK–1–1YY

Why the Hill Cipher Isn’t SecureWhy the Hill Cipher Isn’t Secure

Nosy Neighbor

Sender Recipient

Insecure Channel


Nosy Neighbor

Sender Recipient

Insecure Channel“Hey Bob,wassup?”


Nosy Neighbor

Sender Recipient

Insecure Channel

7 1 22 18

4 14 0 20

24 1 18 15

X


Nosy Neighbor

Sender Recipient

Insecure Channel

11 23 10

16 19 24

20 4 23

K


Nosy Neighbor

Sender Recipient

Insecure ChannelY = KX


Nosy Neighbor

Sender Recipient

Insecure Channel

19 5 6 2

10 20 4 14

6 21 22 5

Y


Nosy Neighbor

Sender Recipient

Insecure Channel

19 5 6 2

10 20 4 14

6 21 22 5

HEYBOBWAS

Known Plaintext


Nosy Neighbor

Sender Recipient

Insecure Channel

19 5 6 2

10 20 4 14

6 21 22 5

HEYBOBWAS

11 23 10

16 19 24

20 4 23

K

Known Plaintext


Nosy Neighbor

Sender Recipient

Insecure Channel

19 5 6 2

10 20 4 14

6 21 22 5

HEY BOB,

WASSUP?

hahahaHAHAHAHA…

KNOWN

PLAINTEX

T

ATTACK

KNOWN

PLAINTEX

T

ATTACK







Secure Hill CipherSecure Hill Cipher




Choose a vector Choose a vector tt over over ZZmm

Form permutation matrix Form permutation matrix PPtt

Compute Compute KKtt = = PPtt–1–1KPKPtt

Compute Compute YY = = KKttXX and and uu = = KKtt

Send (Send (YY,,uu))

To decrypt (Y,To decrypt (Y,uu)…)… Compute Compute tt = = KK–1–1uu Compute Compute PPtt

Compute Compute KKtt–1–1 = = PPtt

–1–1KK–1–1PPtt

Compute X = Compute X = KKtt–1–1YY

Note that (KKtt))–1–1 = = (KK–1–1))tt

Permutation MatricesPermutation Matrices

11 00 00 00

00 11 00 00

00 00 11 00

00 00 00 11

I =


11 00 00 00

00 11 00 00

00 00 11 00

00 00 00 11

I =

11 00 00 00

00 00 11 00

00 11 00 00

00 00 00 11

P23 =


11 00 00 00

00 11 00 00

00 00 11 00

00 00 00 11

I =

11 00 00 00

00 00 11 00

00 11 00 00

00 00 00 11

P23 =

00 11 00 00

00 00 11 00

11 00 00 00

00 00 00 11

P12,23 =A permutation matrix is a matrix with exactly one 1 in each row and column and zeros elsewhere.


23

12,23

1 0 0 0 1 2 3 4 1 2 3 4

0 0 1 0 5 6 7 8 9 10 11 12

0 1 0 0 9 10 11 12 5 6 7 8

0 0 0 1 13 14 15 16 13 14 15 16

0 1 0 0 1 2 3 4 5 6 7 8

0 0 1 0 5 6 7 8 9 10 11 12

1 0 0 0 9 10 11 12 1 2 3 4

0 0 0 1 13 14 15 16 13 14 15 16

P M

P M

Vector RepresentationVector Representation

11 00 00 00

00 00 11 00

00 11 00 00

00 00 00 11

P23 =

00 11 00 00

00 00 11 00

11 00 00 00

00 00 00 11

P12,23 =

11

33

22

44

22

33

11

44







Secure Hill CipherSecure Hill Cipher




Choose a vector t over Zm

Form permutation matrix Form permutation matrix PPtt

Compute Compute KKtt = = PPtt–1–1KPKPtt

Compute Compute YY = = KKttXX and and uu = = KKtt

Send (Send (YY,,uu))

To decrypt (Y,To decrypt (Y,uu)…)… Compute Compute tt = = KK–1–1uu Compute Compute PPtt

Compute Compute KKtt–1–1 = = PPtt

–1–1KK–1–1PPtt

Compute X = Compute X = KKtt–1–1YY

The Easy Way to EncryptThe Easy Way to Encrypt

Require Require tt to be the vector representation to be the vector representation of a permutation matrixof a permutation matrix

N.B.:N.B.: This is for example only—it is not practical “in the field.” This is for example only—it is not practical “in the field.”

An ExampleAn Example

“Hey Bob, wassup?”

7 1 22 18

4 14 0 20

24 1 18 15

X

11 23 10

16 19 24

20 4 23

K


7 1 22 18

4 14 0 20

24 1 18 15

X

11 23 10

16 19 24

20 4 23

K

Choose a permutation vector:

3

1

2

t

Form permutation matrix Pt:

0 0 1

1 0 0

0 1 0

P

t

3 rows, since K is 3×3


7 1 22 18

4 14 0 20

24 1 18 15

X

11 23 10

16 19 24

20 4 23

K

3

1

2

t

0 0 1

1 0 0

0 1 0

P

t

Find Pt–1:

1

0 1 0

0 0 1

1 0 0

P

t

Compute Kt = Pt–1KPt :

0 1 0 11 23 10 0 0 1

0 0 1 16 19 24 1 0 0

1 0 0 20 4 23 0 1 0

K

t


7 1 22 18

4 14 0 20

24 1 18 15

X

11 23 10

16 19 24

20 4 23

K

3

1

2

t

0 0 1

1 0 0

0 1 0

P

t

Find Pt–1:

1

0 1 0

0 0 1

1 0 0

P

t

Compute Kt = Pt–1KPt :

19 24 16

4 23 20

23 10 11

K

t

Permutation of K


7 1 22 18

4 14 0 20

24 1 18 15

X

11 23 10

16 19 24

20 4 23

K

3

1

2

t

0 0 1

1 0 0

0 1 0

P

t

Compute Y = KtX:

19 24 16 7 1 22 18

4 23 20 4 14 0 20

23 10 11 24 1 18 15

Y

Compute u = Kt:

11 23 10 3

16 19 24 1

20 4 23 2

u

19 24 16

4 23 20

23 10 11

K

t


7 1 22 18

4 14 0 20

24 1 18 15

X

11 23 10

16 19 24

20 4 23

K

3

1

2

t

0 0 1

1 0 0

0 1 0

P

t

Compute Y = KtX:

15 7 4 22

2 8 6 0

23 18 2 25

Y

Compute u = Kt:

24

11

6

u

19 24 16

4 23 20

23 10 11

K

t


7 1 22 18

4 14 0 20

24 1 18 15

X

11 23 10

16 19 24

20 4 23

K

3

1

2

t

0 0 1

1 0 0

0 1 0

P

t

Send (Y,u) to Bob

15 7 4 22

2 8 6 0

23 18 2 25

Y

24

11

6

u

19 24 16

4 23 20

23 10 11

K

t


Nosy Neighbor

Sender Recipient

15 7 4 22

2 8 6 0

23 18 2 25

Y

24

11

6

u


11 23 10

16 19 24

20 4 23

K

Receive (Y,u):

15 7 4 22

2 8 6 0

23 18 2 25

24

11

6

Y

u


15 7 4 22

2 8 6 0

23 18 2 25

Y

24

11

6

u

11 23 10

16 19 24

20 4 23

K

Compute K–1:

1

15 25 16

14 5 0

6 0 11

K

Compute t = K–1u and derive Pt:

15 25 16 24 3 0 0 1

14 5 0 11 1 1 0 0

6 0 11 6 2 0 1 0

P

tt


15 7 4 22

2 8 6 0

23 18 2 25

Y

24

11

6

u

11 23 10

16 19 24

20 4 23

K

Compute Kt–1 = Pt

–1K–1Pt:

1

5 0 14

0 11 6

25 16 15

K

t

Compute X = Kt–1Y:

5 0 14 15 7 4 22

0 11 6 2 8 6 0

25 16 15 23 18 2 25

X

3

1

2

t

0 0 1

1 0 0

0 1 0

P

t


15 7 4 22

2 8 6 0

23 18 2 25

Y

24

11

6

u

11 23 10

16 19 24

20 4 23

K

Compute Kt–1 = Pt

–1K–1Pt:

1

5 0 14

0 11 6

25 16 15

K

t

Compute X = Kt–1Y:

7 1 22 18

4 14 0 20

24 1 18 15

X

3

1

2

t

0 0 1

1 0 0

0 1 0

P

t

“Hey Bob, wassup?”


But that was just a regular Hill cipher with

a fancy key…KNOWN

PLAINTEX

T

ATTACK

KNOWN

PLAINTEX

T

ATTACK

The Actual Really Secure Hill CipherThe Actual Really Secure Hill Cipher

Jeff OverbeyJeff OverbeyMA464-01 • Dr. Jerzy Wojdyło • April 29, 2003MA464-01 • Dr. Jerzy Wojdyło • April 29, 2003

Based onBased on

S. Saeednia. S. Saeednia. How to Make the Hill Cipher Secure.How to Make the Hill Cipher Secure.Cryptologia Cryptologia 2424 (2000) 353–360. (2000) 353–360.

HILL

The Actual Really Secure Hill CipherThe Actual Really Secure Hill Cipher

oror

How to Secure the Secure Hill CipherHow to Secure the Secure Hill Cipher

HILL

Ensuring SecurityEnsuring Security

XX should have two columns should have two columns Why? Suppose Why? Suppose KK is is nn × × nn and and XX is is nn × × ss..

If If ss n…n… If 2 < If 2 < ss < < n…n… If If ss = 2… = 2…

PPtt should be different for each encryption should be different for each encryption Theoretically, this can be ensured by choosing Theoretically, this can be ensured by choosing

a different a different tt for each encryption for each encryption We did this by requiring We did this by requiring tt to be a vector to be a vector

representation of a permutation matrix, but this is representation of a permutation matrix, but this is not the best solution.not the best solution.

The The Function Function

Let Let nn denote the set of denote the set of nn × × nn permutation matrices. permutation matrices.

: : ZZmmnn nn

Ideally,Ideally, is ontois onto is 1-1is 1-1


Let Let nn denote the set of denote the set of nn × × nn permutation matrices. permutation matrices.

: : ZZmmnn nn

Is it possible?Is it possible? ZZmm

nn = = mmnn

nn = = nn!!

ZZmmnn nn

y = 26n

y = n!

An “ideal” function An “ideal” function DNE.DNE.


Ideas?Ideas?

Awkward silence…Awkward silence…

Apologies for the horrible background image pun.Apologies for the horrible background image pun.

the secure hill cipher jeff overbey ma464-01 dr. jerzy wojdyło april 29, 2003 based on s. saeednia....

Documents