the secure hill cipher jeff overbey ma464-01 dr. jerzy wojdyło april 29, 2003 based on s. saeednia....
TRANSCRIPT
The Secure Hill CipherThe Secure Hill Cipher
Jeff OverbeyJeff OverbeyMA464-01 • Dr. Jerzy Wojdyło • April 29, 2003MA464-01 • Dr. Jerzy Wojdyło • April 29, 2003
Based onBased on
S. Saeednia. S. Saeednia. How to Make the Hill Cipher Secure.How to Make the Hill Cipher Secure.Cryptologia Cryptologia 2424 (2000) 353–360. (2000) 353–360.
HILL
Hill CipherHill Cipher
Beforehand…Beforehand… Alice and Bob privately Alice and Bob privately
share matrix share matrix KK, invertible , invertible over over ZZmm
To encrypt a matrix X over To encrypt a matrix X over ZZmm……
Compute Compute YY = = KXKX Send Send YY
To decrypt Y…To decrypt Y… Compute Compute XX = = KK–1–1YY
Why the Hill Cipher Isn’t SecureWhy the Hill Cipher Isn’t Secure
Nosy Neighbor
Sender Recipient
Insecure Channel
Why the Hill Cipher Isn’t SecureWhy the Hill Cipher Isn’t Secure
Nosy Neighbor
Sender Recipient
Insecure Channel“Hey Bob,wassup?”
Why the Hill Cipher Isn’t SecureWhy the Hill Cipher Isn’t Secure
Nosy Neighbor
Sender Recipient
Insecure Channel
7 1 22 18
4 14 0 20
24 1 18 15
X
Why the Hill Cipher Isn’t SecureWhy the Hill Cipher Isn’t Secure
Nosy Neighbor
Sender Recipient
Insecure Channel
11 23 10
16 19 24
20 4 23
K
Why the Hill Cipher Isn’t SecureWhy the Hill Cipher Isn’t Secure
Nosy Neighbor
Sender Recipient
Insecure ChannelY = KX
Why the Hill Cipher Isn’t SecureWhy the Hill Cipher Isn’t Secure
Nosy Neighbor
Sender Recipient
Insecure Channel
19 5 6 2
10 20 4 14
6 21 22 5
Y
Why the Hill Cipher Isn’t SecureWhy the Hill Cipher Isn’t Secure
Nosy Neighbor
Sender Recipient
Insecure Channel
19 5 6 2
10 20 4 14
6 21 22 5
HEYBOBWAS
Known Plaintext
Why the Hill Cipher Isn’t SecureWhy the Hill Cipher Isn’t Secure
Nosy Neighbor
Sender Recipient
Insecure Channel
19 5 6 2
10 20 4 14
6 21 22 5
HEYBOBWAS
11 23 10
16 19 24
20 4 23
K
Known Plaintext
Why the Hill Cipher Isn’t SecureWhy the Hill Cipher Isn’t Secure
Nosy Neighbor
Sender Recipient
Insecure Channel
19 5 6 2
10 20 4 14
6 21 22 5
HEY BOB,
WASSUP?
hahahaHAHAHAHA…
KNOWN
PLAINTEX
T
ATTACK
KNOWN
PLAINTEX
T
ATTACK
Hill CipherHill Cipher
Beforehand…Beforehand… Alice and Bob privately Alice and Bob privately
share matrix share matrix KK, invertible , invertible over over ZZmm
To encrypt a matrix X over To encrypt a matrix X over ZZmm……
Compute Compute YY = = KXKX Send Send YY
To decrypt Y…To decrypt Y… Compute Compute XX = = KK–1–1YY
Secure Hill CipherSecure Hill Cipher
Beforehand…Beforehand… Alice and Bob privately Alice and Bob privately
share matrix share matrix KK, invertible , invertible over over ZZmm
To encrypt a matrix X over To encrypt a matrix X over ZZmm……
Choose a vector Choose a vector tt over over ZZmm
Form permutation matrix Form permutation matrix PPtt
Compute Compute KKtt = = PPtt–1–1KPKPtt
Compute Compute YY = = KKttXX and and uu = = KKtt
Send (Send (YY,,uu))
To decrypt (Y,To decrypt (Y,uu)…)… Compute Compute tt = = KK–1–1uu Compute Compute PPtt
Compute Compute KKtt–1–1 = = PPtt
–1–1KK–1–1PPtt
Compute X = Compute X = KKtt–1–1YY
Note that (KKtt))–1–1 = = (KK–1–1))tt
Permutation MatricesPermutation Matrices
11 00 00 00
00 11 00 00
00 00 11 00
00 00 00 11
I =
11 00 00 00
00 00 11 00
00 11 00 00
00 00 00 11
P23 =
Permutation MatricesPermutation Matrices
11 00 00 00
00 11 00 00
00 00 11 00
00 00 00 11
I =
11 00 00 00
00 00 11 00
00 11 00 00
00 00 00 11
P23 =
00 11 00 00
00 00 11 00
11 00 00 00
00 00 00 11
P12,23 =A permutation matrix is a matrix with exactly one 1 in each row and column and zeros elsewhere.
Permutation MatricesPermutation Matrices
23
12,23
1 0 0 0 1 2 3 4 1 2 3 4
0 0 1 0 5 6 7 8 9 10 11 12
0 1 0 0 9 10 11 12 5 6 7 8
0 0 0 1 13 14 15 16 13 14 15 16
0 1 0 0 1 2 3 4 5 6 7 8
0 0 1 0 5 6 7 8 9 10 11 12
1 0 0 0 9 10 11 12 1 2 3 4
0 0 0 1 13 14 15 16 13 14 15 16
P M
P M
Vector RepresentationVector Representation
11 00 00 00
00 00 11 00
00 11 00 00
00 00 00 11
P23 =
00 11 00 00
00 00 11 00
11 00 00 00
00 00 00 11
P12,23 =
11
33
22
44
22
33
11
44
Hill CipherHill Cipher
Beforehand…Beforehand… Alice and Bob privately Alice and Bob privately
share matrix share matrix KK, invertible , invertible over over ZZmm
To encrypt a matrix X over To encrypt a matrix X over ZZmm……
Compute Compute YY = = KXKX Send Send YY
To decrypt Y…To decrypt Y… Compute Compute XX = = KK–1–1YY
Secure Hill CipherSecure Hill Cipher
Beforehand…Beforehand… Alice and Bob privately Alice and Bob privately
share matrix share matrix KK, invertible , invertible over over ZZmm
To encrypt a matrix X over To encrypt a matrix X over ZZmm……
Choose a vector t over Zm
Form permutation matrix Form permutation matrix PPtt
Compute Compute KKtt = = PPtt–1–1KPKPtt
Compute Compute YY = = KKttXX and and uu = = KKtt
Send (Send (YY,,uu))
To decrypt (Y,To decrypt (Y,uu)…)… Compute Compute tt = = KK–1–1uu Compute Compute PPtt
Compute Compute KKtt–1–1 = = PPtt
–1–1KK–1–1PPtt
Compute X = Compute X = KKtt–1–1YY
The Easy Way to EncryptThe Easy Way to Encrypt
Require Require tt to be the vector representation to be the vector representation of a permutation matrixof a permutation matrix
N.B.:N.B.: This is for example only—it is not practical “in the field.” This is for example only—it is not practical “in the field.”
An ExampleAn Example
“Hey Bob, wassup?”
7 1 22 18
4 14 0 20
24 1 18 15
X
11 23 10
16 19 24
20 4 23
K
An ExampleAn Example
7 1 22 18
4 14 0 20
24 1 18 15
X
11 23 10
16 19 24
20 4 23
K
Choose a permutation vector:
3
1
2
t
Form permutation matrix Pt:
0 0 1
1 0 0
0 1 0
P
t
3 rows, since K is 3×3
An ExampleAn Example
7 1 22 18
4 14 0 20
24 1 18 15
X
11 23 10
16 19 24
20 4 23
K
3
1
2
t
0 0 1
1 0 0
0 1 0
P
t
Find Pt–1:
1
0 1 0
0 0 1
1 0 0
P
t
Compute Kt = Pt–1KPt :
0 1 0 11 23 10 0 0 1
0 0 1 16 19 24 1 0 0
1 0 0 20 4 23 0 1 0
K
t
An ExampleAn Example
7 1 22 18
4 14 0 20
24 1 18 15
X
11 23 10
16 19 24
20 4 23
K
3
1
2
t
0 0 1
1 0 0
0 1 0
P
t
Find Pt–1:
1
0 1 0
0 0 1
1 0 0
P
t
Compute Kt = Pt–1KPt :
19 24 16
4 23 20
23 10 11
K
t
Permutation of K
An ExampleAn Example
7 1 22 18
4 14 0 20
24 1 18 15
X
11 23 10
16 19 24
20 4 23
K
3
1
2
t
0 0 1
1 0 0
0 1 0
P
t
Compute Y = KtX:
19 24 16 7 1 22 18
4 23 20 4 14 0 20
23 10 11 24 1 18 15
Y
Compute u = Kt:
11 23 10 3
16 19 24 1
20 4 23 2
u
19 24 16
4 23 20
23 10 11
K
t
An ExampleAn Example
7 1 22 18
4 14 0 20
24 1 18 15
X
11 23 10
16 19 24
20 4 23
K
3
1
2
t
0 0 1
1 0 0
0 1 0
P
t
Compute Y = KtX:
15 7 4 22
2 8 6 0
23 18 2 25
Y
Compute u = Kt:
24
11
6
u
19 24 16
4 23 20
23 10 11
K
t
An ExampleAn Example
7 1 22 18
4 14 0 20
24 1 18 15
X
11 23 10
16 19 24
20 4 23
K
3
1
2
t
0 0 1
1 0 0
0 1 0
P
t
Send (Y,u) to Bob
15 7 4 22
2 8 6 0
23 18 2 25
Y
24
11
6
u
19 24 16
4 23 20
23 10 11
K
t
An ExampleAn Example
11 23 10
16 19 24
20 4 23
K
Receive (Y,u):
15 7 4 22
2 8 6 0
23 18 2 25
24
11
6
Y
u
An ExampleAn Example
15 7 4 22
2 8 6 0
23 18 2 25
Y
24
11
6
u
11 23 10
16 19 24
20 4 23
K
Compute K–1:
1
15 25 16
14 5 0
6 0 11
K
Compute t = K–1u and derive Pt:
15 25 16 24 3 0 0 1
14 5 0 11 1 1 0 0
6 0 11 6 2 0 1 0
P
tt
An ExampleAn Example
15 7 4 22
2 8 6 0
23 18 2 25
Y
24
11
6
u
11 23 10
16 19 24
20 4 23
K
Compute Kt–1 = Pt
–1K–1Pt:
1
5 0 14
0 11 6
25 16 15
K
t
Compute X = Kt–1Y:
5 0 14 15 7 4 22
0 11 6 2 8 6 0
25 16 15 23 18 2 25
X
3
1
2
t
0 0 1
1 0 0
0 1 0
P
t
An ExampleAn Example
15 7 4 22
2 8 6 0
23 18 2 25
Y
24
11
6
u
11 23 10
16 19 24
20 4 23
K
Compute Kt–1 = Pt
–1K–1Pt:
1
5 0 14
0 11 6
25 16 15
K
t
Compute X = Kt–1Y:
7 1 22 18
4 14 0 20
24 1 18 15
X
3
1
2
t
0 0 1
1 0 0
0 1 0
P
t
“Hey Bob, wassup?”
An ExampleAn Example
But that was just a regular Hill cipher with
a fancy key…KNOWN
PLAINTEX
T
ATTACK
KNOWN
PLAINTEX
T
ATTACK
The Actual Really Secure Hill CipherThe Actual Really Secure Hill Cipher
Jeff OverbeyJeff OverbeyMA464-01 • Dr. Jerzy Wojdyło • April 29, 2003MA464-01 • Dr. Jerzy Wojdyło • April 29, 2003
Based onBased on
S. Saeednia. S. Saeednia. How to Make the Hill Cipher Secure.How to Make the Hill Cipher Secure.Cryptologia Cryptologia 2424 (2000) 353–360. (2000) 353–360.
HILL
The Actual Really Secure Hill CipherThe Actual Really Secure Hill Cipher
oror
How to Secure the Secure Hill CipherHow to Secure the Secure Hill Cipher
HILL
Ensuring SecurityEnsuring Security
XX should have two columns should have two columns Why? Suppose Why? Suppose KK is is nn × × nn and and XX is is nn × × ss..
If If ss n…n… If 2 < If 2 < ss < < n…n… If If ss = 2… = 2…
PPtt should be different for each encryption should be different for each encryption Theoretically, this can be ensured by choosing Theoretically, this can be ensured by choosing
a different a different tt for each encryption for each encryption We did this by requiring We did this by requiring tt to be a vector to be a vector
representation of a permutation matrix, but this is representation of a permutation matrix, but this is not the best solution.not the best solution.
The The Function Function
Let Let nn denote the set of denote the set of nn × × nn permutation matrices. permutation matrices.
: : ZZmmnn nn
Ideally,Ideally, is ontois onto is 1-1is 1-1
The The Function Function
Let Let nn denote the set of denote the set of nn × × nn permutation matrices. permutation matrices.
: : ZZmmnn nn
Is it possible?Is it possible? ZZmm
nn = = mmnn
nn = = nn!!
ZZmmnn nn
y = 26n
y = n!
An “ideal” function An “ideal” function DNE.DNE.