Chapter 2 – Classical Encryption Techniques
description
Transcript of Chapter 2 – Classical Encryption Techniques
Chapter 2 – Classical EncryptionTechniques
Jen-Chang Liu, 2005
Adopted from lecture slides by Lawrie Brown
Many savages at the present day regard their names as vital parts of themselves, and therefore take great pains to conceal their real names, lest these should give to evil-disposed persons a handle by which to injure their owners. —The Golden Bough, Sir James George Frazer
Sir James George Frazer
《金枝》一書原名應作「 The Golden Bough 」,作者 Sir James Frazer (1854-1941) ,他是英國人類學家、民俗學家,和古典學者。《金枝 》 一書的主旨在於:人類思想方式的發展過程是由巫術、宗教發展為科 學。
一個小鎮每年到了 6 月 27 日都會舉行 一種儀式:全鎮居民集合然後抽籤,抽中的人必須讓其他居民用亂石打死,且 不得反抗;這是為了驅除災難,被打死的人是為全鎮犧牲的英雄
Review: Model for Network Security
12
3
3 roles to play in security system
Cryptography
Cryptographic systems can be characterized by: encryption operations used for
transforming plaintext to ciphertext substitution / transposition (permutation) /
product number of keys used
single-key or secret-key / two-key or public-key way in which plaintext is processed
block / stream
密碼學
What’s the secret information?
Outline
Symmetric cipher model Substitution technique Transposition technique Rotor machines Steganography
Symmetric Cipher Model
?
對稱式
Symmetric Encryption conventional / single-key / single-key
encryption sender and recipient share a common
key was the only type prior to invention of
public-key in 1970’s
Basic Terminology
plaintext - the original message ciphertext - the coded message cipher - algorithm for transforming plaintext to
ciphertext key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext from
plaintext cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - the study of
principles/ methods of deciphering ciphertext without knowing key
cryptology - the field of both cryptography and cryptanalysis
明文密文
Mathematical formulation
Y = EK(X)X = DK(Y)
Cryptosystem A cryptosystem is a five-tuple (P,C,K,E,D),
where the following conditions are satisfied:
1. P is a finite set of possible plaintexts2. C is a finite set of possible ciphertexts3. K ,the keyspace,is a finite set of possible
keys4. For each kK, there is an encryption rule ek E
and a corresponding decryption rule dk D. Each ek:PC and dk:CP are functions such that dk(ek(x))=x for each xP
Ref: Cryptography: theory andPractice, D. Stinson
Example: Caesar Cipher earliest known substitution cipher by
Julius Caesar first attested use in military affairs example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
mnop
replaces each letter by 3rd letter further down the alphabet
Example: Caesar Cipher (cont.)
Plaintext alphabets
zyxdcbaX ,,,...,,,,Assign a number to each alphabet:
25 ,24 ,23 ,...,3 ,2 ,1 ,0X Ciphertext alphabets
25 ,24 ,23 ,...,3 ,2 ,1 ,0Y Encryption algorithm
Y = EK(X)=(X+3) mod 26
Security Requirements two requirements for secure use of
symmetric encryption: a strong encryption algorithm
assume encryption algorithm is known, the opponent is unable to decipher the ciphertext (Kerckhoff’s principle)
a secret key known only to sender / receiver implies a secure channel to distribute key
Cryptanalysis of Caesar Cipher
Assume that the encryption is known as a Caesar cipher Try 25 possible keys – brute force
PHHW PH DIWHU WKH WRJD SDUWBk=0
OGGV OG CHUGT VJG VQIC RCTVAk=1
MEET ME AFTER THE TOGA PARTYk=3
…
k=25
…
Cryptanalysis of Caesar Cipher
Why brute force attack works? Encryption (decryption) algorithm is known 25 keys too small The language of plaintext is recognizable
Ex. A zipped file
Brute Force Search Given encryption algorithm, it’s always
possible to simply try every key On average, try half of all keys
assume either know / recognise plaintext
decryption
DES
AES
3DES
Degree of security for encryption schemes
unconditional security no matter how much computer power is
available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext
不論花多少時間也無法破解 computational security
given limited computing resources (eg time needed for calculations is greater than age of universe), the cipher cannot be broken
Types of Cryptanalytic Attacks
Mini break There will be a programming project
this semester Implementation of DES or AES
Outline Symmetric cipher model
Caesar cipher Substitution technique Transposition technique Rotor machines Steganography
Classical Substitution Ciphers
where letters of plaintext are replaced by other letters or by numbers or symbols
if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns
ABC..YZ
ABC..YZ
Caesar Cipher can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y zD E F G H I J K L M N O P Q R S T U V W X Y Z A B C
then have Caesar cipher as:C = E(p) = (p + k) mod (26)p = D(C) = (C – k) mod (26)
Caesar cipher can be cryptoanalyzed by brute-force attack=> Far from secure
Monoalphabetic Cipher rather than just shifting the alphabet each plaintext letter maps to a different
random ciphertext letter
ABC..YZ
ABC..YZ
26! Possible transforms
E(.)
.
.
.
Monoalphabetic Cipher Security
now have a total of 26! = 4 x 1026 keys Very secure !? How to break?
Language Redundancy and Cryptanalysis
human languages are redundant
Cryptanalysis of monoalphabetic cipher
Given ciphertext:
Calculate its relative frequencies:
* Compare it with the previous table
Cryptanalysis (cont.) One alphabet frequencies: guess P & Z are e and
t Digrams and trigrams: frequencies of compound
letters guess ZW is th and hence ZWP is the
proceeding with trial and error
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
t t t t t
t t t t
ttt t
t
e e e e e
eeeee
e e e e e e
h
h
h
h
How to improve monoalphabetic cipher?
Encrypt multiple letters of plaintext at the same time Playfair cipher Hill cipher
Use multiple cipher alphabets Polyalphabetic cipher
Playfair Cipher Best-known multiple-letter encryption
cipher invented by Charles Wheatstone in
1854, but named after his friend Baron Playfair
Example: digram mapping
xy
cg
26x26 diagrams
Playfair Key Matrix a 5X5 matrix of letters based on a
keyword eg. using the keyword MONARCHY
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
fill in letters of keywordfill rest of matrix with other letters in alphabetic order
Playfair: Encrypting and Decrypting
plaintext encrypted two letters at a time: if a pair is a repeated letter, insert a filler like
'X', eg. "balloon" encrypts as "ba lx lo on"
if both letters fall in the same row, replace each with letter to right (wrapping back to start from end), eg. “ar" encrypts as "RM" if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom), eg. “mu" encrypts to "CM" otherwise each letter is replaced by the one in its row in the column of the other letter of the pair, eg. “hs" encrypts to "BP", and “ea" to "IM" or "JM" (as desired)
M O N A RC H Y B DE F G I/J KL P Q S TU V W X Z
Security of the Playfair Cipher
security much improved over monoalphabetic 26 x 26 = 676 digrams
would need a 676 entry frequency table to analyse (verses 26 for a monoalphabetic)
was widely used for many years (eg. US & British military in WW1)
it can be broken, given a few hundred letters since still has much of plaintext structure
Idea: Relative frequency of occurrence of letters in ciphertext
* Make the freq. Distribution information concealed => flatter
Hill cipher Mathematician Lester Hill in 1929 Multi-letter cipher
Ex. 3-letter cipher
p1
p2
p3
c1
c2
c3
?
Input: 263 Output: 263
26 mod
3
2
1
333231
232221
131211
3
2
1
p
p
p
kkk
kkk
kkk
c
c
c
Key matrix
Linear equations: C=KP mod 26
Hill cipher (cont.) Encryption: C = KP mod 26 Decryption: P = K-1C mod 26 Idea: hide single-letter frequencies
2x2 key matrix: hide single-letter freq. 3x3 key matrix: hide single-letter and
digram freq. …
How to attack Hill cipher?
Cryptanalysis on Hill cipher
Known ciphertext X
Ex. 2x2 key matrix, given “friday” => “PQCFKU”
dr
ifK
FQ
CP
26 mod 317
85
516
215
K=>
=> 解出 K !!!
Known plaintext-ciphertext pairs
How to improve monoalphabetic cipher?
Encrypt multiple letters of plaintext at the same time Playfair cipher Hill cipher
Use multiple cipher alphabets Polyalphabetic cipher Monoalph. Cipher:
a k
Polyalph. Cipher:a k
J
Rule 1
Rule 2
Polyalphabetic Ciphers Polyalphabetic substitution ciphers
A set of related monoalphabetic substitution rules is used
use a key to select which alphabet is used for each letter of the message
Vigenère Cipher simplest polyalphabetic substitution
cipher is the Vigenère Cipher 26 Caesar ciphers Each Caesar cipher is labelled by a key
letter See Table 2.3
key plaintext
Example: Vigenère Cipher Encryption: need a key and the plaintext Eg. using keyword deceptive
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Decryption: the table and the key are known
• advantage: multiple ciphertext letters for each plaintext letter => hide letter frequency => See Fig. 2.6
Cryptanalysis on Substitution Cipher
Calculate the statistical properties of the ciphertext Match language letter freq. Monoalphabetic cipher Polyalphabetic cipher (Vigenère Cipher)
Find the length of keyword
Attack each monoalphabetic cipher
Yes
No
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJGuess key length
Improve over Vigenère Cipher (1)
Avoid repetition of key Autokey system
key: deceptivewearediscoveredsavplaintext: wearediscoveredsaveyourselfciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA
Improve over Vigenère Cipher (2)
Avoid repetition of key Gilbert Vernam, 1918 Use of a running loop of tape that
eventually repeat the key A very long but repeating keyword
One-Time Pad Unconditional security !!! Improve on Vigenère Cipher, by Jeseph
Mauborgne Use a random key that was truly as
long as the message, no repetitions
Example: one-time pad Known Vigenère Cipher with one-time
key Given ciphertext:
ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
Decrypt by hacker 1:
Ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTSKey: pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyihPlaintext: mr mustard with the candlestick in the hall
Decrypt by hacker 2:
Ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTSKey: pftgpmiydgaxgoufhklllmhsqdqogtewbqfgyovuhwtPlaintext: miss scarlet with the knife in the library
Which one?
a b c d e f g h i j k l m n o p q r s t u v w x y z ?A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ?B C D E F G H I J K L M N O P Q R S T U V W X Y Z ? AC D E F G H I J K L M N O P Q R S T U V W X Y Z ? A BD E F G H I J K L M N O P Q R S T U V W X Y Z ? A B CE F G H I J K L M N O P Q R S T U V W X Y Z ? A B C DF G H I J K L M N O P Q R S T U V W X Y Z ? A B C D EG H I J K L M N O P Q R S T U V W X Y Z ? A B C D E FH I J K L M N O P Q R S T U V W X Y Z ? A B C D E F GI J K L M N O P Q R S T U V W X Y Z ? A B C D E F G HJ K L M N O P Q R S T U V W X Y Z ? A B C D E F G H IK L M N O P Q R S T U V W X Y Z ? A B C D E F G H I JL M N O P Q R S T U V W X Y Z ? A B C D E F G H I J KM N O P Q R S T U V W X Y Z ? A B C D E F G H I J K LN O P Q R S T U V W X Y Z ? A B C D E F G H I J K L MO P Q R S T U V W X Y Z ? A B C D E F G H I J K L M NP Q R S T U V W X Y Z ? A B C D E F G H I J K L M N OQ R S T U V W X Y Z ? A B C D E F G H I J K L M N O PR S T U V W X Y Z ? A B C D E F G H I J K L M N O P QS T U V W X Y Z ? A B C D E F G H I J K L M N O P Q RT U V W X Y Z ? A B C D E F G H I J K L M N O P Q R SU V W X Y Z ? A B C D E F G H I J K L M N O P Q R S TV W X Y Z ? A B C D E F G H I J K L M N O P Q R S T UW X Y Z ? A B C D E F G H I J K L M N O P Q R S T U VX Y Z ? A B C D E F G H I J K L M N O P Q R S T U V WY Z ? A B C D E F G H I J K L M N O P Q R S T U V W XZ ? A B C D E F G H I J K L M N O P Q R S T U V W X Y? A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
abcdefghijklmnopqrstuvwxyz?
Problem with one-time pad Truly random key with arbitrary length? Distribution and protection of long keys
The key has the same length as the plaintext!
Summary Caesar cipher Monoalphabetic cipher Encrypt multiple letters of plaintext at
the same time Playfair cipher Hill cipher
Use multiple cipher alphabets Polyalphabetic cipher Vernam cipher One-time Pad
Outline Symmetric cipher model Substitution technique Transposition technique Rotor machines Steganography
Transposition Ciphers Transposition cipher: permutation on
the plaintext letters these hide the message by rearranging the
letter order without altering the actual letters used Feature: have the same frequency
distribution as the original text
排列
Rail Fence cipher write message letters out diagonally
over a number of rows eg. Plaintext: “meet me after the toga
party”m e m a t r h t g p r y
e t e f e t e o a a t
then read off cipher row by rowMEMATRHTGPRYETEFETEOAAT
Row Transposition Ciphers Improve on Rain Fence cipher write letters of message out in rows
over a specified number of columnsKey: 4 3 1 2 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
reorder the columns according to some key before reading off the rows
Row Transposition Ciphers (cont.)
Improve on Row Transposition Ciphers Re-encrypt again!
Why more secure? Observe the change of plaintext position
Initial plaintext: 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
1st permutation: 03 10 17 24 04 11 18 25 02 09 16 23 01 08 15 22 05 12 19 26 06 13 20 27 07 14 21 28
2nd permutation: 17 09 05 27 24 16 12 07 10 02 22 20 03 25 15 13 04 23 19 14 11 01 26 21 18 08 06 28
Product Ciphers ciphers using substitutions or transpositions are
not secure because of language characteristics hence consider using several ciphers in
succession to make harder, but: two substitutions make a more complex substitution two transpositions make more complex transposition but a substitution followed by a transposition makes a
new much harder cipher this is bridge from classical to modern ciphers
Outline Symmetric cipher model Substitution technique Transposition technique Rotor machines Steganography
Rotor Machines apply multiple stages of encryption were widely used in WW2
German Enigma, Allied Hagelin, Japanese Purple
with 3 cylinders have 263=17576 alphabets
Each cylinder is a monoalphabetic substitution
Three-rotor machine
Rotate after an input
Steganography Encryption
Steganography: hides existence of message
偽裝
plaintext ciphertextencryption(un-recognizable)
plaintext another plaintextsteganography
Summary have considered:
classical cipher techniques and terminology monoalphabetic substitution ciphers cryptanalysis using letter frequencies Playfair ciphers polyalphabetic ciphers transposition ciphers product ciphers and rotor machines stenography