Cryptography A Perspective Ursinus College September 25, 2008 Oskars J. Rieksts Computer Science...

CryptographyCryptographyA PerspectiveA Perspective

Ursinus CollegeUrsinus CollegeSeptember 25, 2008September 25, 2008

Oskars J. RiekstsOskars J. RiekstsComputer Science DepartmentComputer Science Department

Kutztown UniversityKutztown University

2008 Kutztown University 2

OverviewOverview Cryptography in historyCryptography in history Basic terms & conceptsBasic terms & concepts Early/Simple examplesEarly/Simple examples Current cryptosystemsCurrent cryptosystems Factoradic encryptionFactoradic encryption


Cryptography in HistoryCryptography in History Mary, Queen of ScotsMary, Queen of Scots World War IIWorld War II

Enigma machineEnigma machine Japanese JN-25 codeJapanese JN-25 code


Mary, Queen of ScotsMary, Queen of Scots In prison in LondonIn prison in London

Imprisoned by cousin Queen ElizabethImprisoned by cousin Queen Elizabeth 15861586

Supporters plotted to free herSupporters plotted to free her Depose ElizabethDepose ElizabethPlace her on thronePlace her on throne

Needed her imprimaturNeeded her imprimatur Smuggled encrypted messages in barrelSmuggled encrypted messages in barrel


Mary, Queen of ScotsMary, Queen of Scots Messages discoveredMessages discovered

Decoded by frequency analysisDecoded by frequency analysis AlteredAltered

Plot broken upPlot broken up Plotters executedPlotters executed Mary herself also executedMary herself also executed


Enigma MachineEnigma Machine Coding machineCoding machine

Invented by Albert ScherbiusInvented by Albert Scherbius 19181918

Sold to WehrmachtSold to Wehrmacht MeanwhileMeanwhile

Polish cryptographers stymiedPolish cryptographers stymied 3 Poznan University math grad students3 Poznan University math grad students

» Marian RejewskiMarian Rejewski» Henryk ZygalskiHenryk Zygalski» Jerzy RozyckiJerzy Rozycki

Uncovered algebraic basis to cipher textUncovered algebraic basis to cipher text Developed techniques for decryptionDeveloped techniques for decryption


Enigma MachineEnigma Machine Conference of cryptographersConference of cryptographers

Summer of 1939Summer of 1939 Polish, French & British cryptographersPolish, French & British cryptographers

Enigma info passed to French & BritishEnigma info passed to French & British Bletchley ParkBletchley Park

Code breaking activityCode breaking activity The BombeThe Bombe Alan TuringAlan Turing Traffic analysis to predict some textTraffic analysis to predict some text


Japanese JN-25 CodeJapanese JN-25 Code Japanese naval codeJapanese naval code

Broken by group led by Joseph RochefortBroken by group led by Joseph Rochefort Analysis of patternsAnalysis of patterns

News of impending attack on . .News of impending attack on . . Aleutian Islands, orAleutian Islands, or MidwayMidway

Location encoded as “AF”Location encoded as “AF” Dilemma – where to commit resources?Dilemma – where to commit resources?


Japanese JN-25 CodeJapanese JN-25 Code The PlanThe Plan

Send transmission from MidwaySend transmission from Midway Water distillation plant severely damagedWater distillation plant severely damaged ListenListen

Japanese transmissionJapanese transmission AF is short of waterAF is short of water Therefore AF = MidwayTherefore AF = Midway

Commit aircraft carrier fleet to intercept Commit aircraft carrier fleet to intercept attackattack


Basic Terms & ConceptsBasic Terms & Concepts CryptologyCryptology

CryptographyCryptography CryptanalysisCryptanalysis

Basic components of cryptosystemBasic components of cryptosystem Plain textPlain text Cipher textCipher text Key(s)Key(s)

Basic types of cryptosystemsBasic types of cryptosystems Symmetric/asymmetric keySymmetric/asymmetric key Public/private keyPublic/private key


Basic Terms & Concepts (cont.)Basic Terms & Concepts (cont.) MeasuresMeasures

KeyspaceKeyspace Cryptographic strengthCryptographic strength

Key principlesKey principles ConfusionConfusion DiffusionDiffusion


Early/Simple ExamplesEarly/Simple Examples SteganographySteganography Caesar cipherCaesar cipher Substitution cipherSubstitution cipher Transposition cipherTransposition cipher Vigenere cipherVigenere cipher Vernam cipherVernam cipher


SteganographySteganography Merriam-Webster: The art or practice of concealing a Merriam-Webster: The art or practice of concealing a

message, image, or file within another message, image, or message, image, or file within another message, image, or file file from Greekfrom Greek

» steganos = coveredsteganos = covered» grafo = writegrafo = write

Histiaeus – tyrant of MiletusHistiaeus – tyrant of Miletus shaved head of most trusted slaveshaved head of most trusted slave tattooed a messagetattooed a message hair grew back covering messagehair grew back covering message

Advantage – does not draw attention toAdvantage – does not draw attention to itselfitself messengermessenger recipientrecipient

Often combined with cryptographyOften combined with cryptography


Steganography ExampleSteganography ExampleYou may have seen the TV show – In Plain Sight –which is You may have seen the TV show – In Plain Sight –which is

based entirely on the federal witness protection program. based entirely on the federal witness protection program. The show is about people who have testified or will be The show is about people who have testified or will be testifying soon as witnesses in criminal cases but whose testifying soon as witnesses in criminal cases but whose lives are in danger as a result. For their protection they lives are in danger as a result. For their protection they are given new identities and are moved to a new are given new identities and are moved to a new community. Ergo they are all hidden “in plain sight”. community. Ergo they are all hidden “in plain sight”. And if you think this would not work, according to the And if you think this would not work, according to the U.S. Marshalls extant website, no program participant who U.S. Marshalls extant website, no program participant who follows security guidelines has ever been harmed while follows security guidelines has ever been harmed while under the active protection of the Marshals Service.under the active protection of the Marshals Service.


Caesar CipherCaesar Cipher Example of a shift cipherExample of a shift cipher

Encryption – forward shift by 3Encryption – forward shift by 3 Decryption – backward shift by 3Decryption – backward shift by 3

Shift ciphersShift ciphers Private keyPrivate key Symmetric keySymmetric key Key = shift amountKey = shift amount Keyspace = 25Keyspace = 25

Plain text – IHAVEASECRETPlain text – IHAVEASECRET Cipher text – LKDYHDVHFUHWCipher text – LKDYHDVHFUHW


Caesar Cipher – AnalysisCaesar Cipher – Analysis Cryptographic strength Cryptographic strength weak weak Numerous cluesNumerous clues

Letter frequencyLetter frequency Small keyspaceSmall keyspace N-grams (e.g. double letters)N-grams (e.g. double letters) Strong elimination coefficient (“qm” rarely Strong elimination coefficient (“qm” rarely

occurs)occurs) Easily decoded by handEasily decoded by hand


Caesar Cipher – ExampleCaesar Cipher – ExampleL KDYH D GUHDP WKDW RQH GDB WKLV QDWLRQ ZLOO ULVH XS DQG OLYH L KDYH D GUHDP WKDW RQH GDB WKLV QDWLRQ ZLOO ULVH XS DQG OLYH

RXW WKH WUXH PHDQLQJ RI LWV FUHHG: "ZH KROG WKHVH WUXWKV WR RXW WKH WUXH PHDQLQJ RI LWV FUHHG: "ZH KROG WKHVH WUXWKV WR EH VHOI-HYLGHQW: WKDW DOO PHQ DUH FUHDWHG HTXDO."EH VHOI-HYLGHQW: WKDW DOO PHQ DUH FUHDWHG HTXDO."

L KDYH D GUHDP WKDW RQH GDB RQ WKH UHG KLOOV RI JHRUJLD WKH VRQV L KDYH D GUHDP WKDW RQH GDB RQ WKH UHG KLOOV RI JHRUJLD WKH VRQV RI IRUPHU VODYHV DQG WKH VRQV RI IRUPHU VODYH RZQHUV ZLOO EH RI IRUPHU VODYHV DQG WKH VRQV RI IRUPHU VODYH RZQHUV ZLOO EH DEOH WR VLW GRZQ WRJHWKHU DW WKH WDEOH RI EURWKHUKRRG.DEOH WR VLW GRZQ WRJHWKHU DW WKH WDEOH RI EURWKHUKRRG.

L KDYH D GUHDP WKDW RQH GDB HYHQ WKH VWDWH RI PLVVLVVLSSL, D L KDYH D GUHDP WKDW RQH GDB HYHQ WKH VWDWH RI PLVVLVVLSSL, D VWDWH VZHOWHULQJ ZLWK WKH KHDW RI LQMXVWLFH, VZHOWHULQJ VWDWH VZHOWHULQJ ZLWK WKH KHDW RI LQMXVWLFH, VZHOWHULQJ ZLWK WKH KHDW RI RSSUHVVLRQ, ZLOO EH WUDQVIRUPHG LQWR DQ ZLWK WKH KHDW RI RSSUHVVLRQ, ZLOO EH WUDQVIRUPHG LQWR DQ RDVLV RI IUHHGRP DQG MXVWLFH.RDVLV RI IUHHGRP DQG MXVWLFH.

L KDYH D GUHDP WKDW PB IRXU OLWWOH FKLOGUHQ ZLOO RQH GDB OLYH LQ L KDYH D GUHDP WKDW PB IRXU OLWWOH FKLOGUHQ ZLOO RQH GDB OLYH LQ D QDWLRQ ZKHUH WKHB ZLOO QRW EH MXGJHG EB WKH FRORU RI WKHLU D QDWLRQ ZKHUH WKHB ZLOO QRW EH MXGJHG EB WKH FRORU RI WKHLU VNLQ EXW EB WKH FRQWHQW RI WKHLU FKDUDFWHU.VNLQ EXW EB WKH FRQWHQW RI WKHLU FKDUDFWHU.

L KDYH D GUHDP WRGDB.L KDYH D GUHDP WRGDB.


Caesar Cipher – ExampleCaesar Cipher – ExampleLKDYHDGUHDPLKDYHDGUHDPWKDWRQHGDBWKLVQDWLRQZLOOULVHXSDQGOLYHRXWWKHWKDWRQHGDBWKLVQDWLRQZLOOULVHXSDQGOLYHRXWWKH

WUXHPHDQLQJRILWVFUHHGZHKROGWKHVHWUXWKVWREHVHOIHYLGHQWUXHPHDQLQJRILWVFUHHGZHKROGWKHVHWUXWKVWREHVHOIHYLGHQWWKDWDOOPHQDUHFUHDWHGHTXDOWWKDWDOOPHQDUHFUHDWHGHTXDOLKDYHDGUHDPLKDYHDGUHDPWKDWRQHGDBRQWKWKDWRQHGDBRQWKHUHGKLOOVRIJHRUJLDWKHVRQVRIIRUPHUVODYHVDQGWKHVRQVRIIRUPHHUHGKLOOVRIJHRUJLDWKHVRQVRIIRUPHUVODYHVDQGWKHVRQVRIIRUPHUVODYHRZQHUVZLOOEHDEOHWRVLWGRZQWRJHWKHUDWWKHWDEOHRIEUVODYHRZQHUVZLOOEHDEOHWRVLWGRZQWRJHWKHUDWWKHWDEOHRIEURWKHUKRRGURWKHUKRRGLKDYHDGUHDPLKDYHDGUHDPWKDWRQHGDBHYHQWKHVWDWHRIPLVVLVVWKDWRQHGDBHYHQWKHVWDWHRIPLVVLVVLSSLDVWDWHVZHOWHULQJZLWKWKHKHDWRILQMXVWLFHVZHOWHULQJZLSSLDVWDWHVZHOWHULQJZLWKWKHKHDWRILQMXVWLFHVZHOWHULQJZLWKWKHKHDWRIRSSUHVVLRQZLOOEHWUDQVIRUPHGLQWRDQRDVLVRIIULWKWKHKHDWRIRSSUHVVLRQZLOOEHWUDQVIRUPHGLQWRDQRDVLVRIIUHHGRPDQGMXVWLFHHHGRPDQGMXVWLFHLKDYHDGUHDPLKDYHDGUHDPWKDWPBIRXUOLWWOHFKLOGUHQZLOWKDWPBIRXUOLWWOHFKLOGUHQZLOORQHGDBOLYHLQDQDWLRQZKHUHWKHBZLOOQRWEHMXGJHGEBWKHFRORORQHGDBOLYHLQDQDWLRQZKHUHWKHBZLOOQRWEHMXGJHGEBWKHFRORURIWKHLUVNLQEXWEBWKHFRQWHQWRIWKHLUFKDUDFWHUURIWKHLUVNLQEXWEBWKHFRQWHQWRIWKHLUFKDUDFWHULKDYHDGUHLKDYHDGUHDPDPWRGDBWRGDBLKDYHDGUHDPLKDYHDGUHDPWKDWRQHGDBGRZQLQDODEDPDZLWKLWVYLFLRWKDWRQHGDBGRZQLQDODEDPDZLWKLWVYLFLRXVUDFLVWVZLWKLWVJRYHUQRUKDYLQJKLVOLSVGULSSLQJZLWKWKHZRXVUDFLVWVZLWKLWVJRYHUQRUKDYLQJKLVOLSVGULSSLQJZLWKWKHZRUGVRILQWHUSRVLWLRQDQGQXOOLILFDWLRQRQHGDBULJKWWKHUHLQDOUGVRILQWHUSRVLWLRQDQGQXOOLILFDWLRQRQHGDBULJKWWKHUHLQDODEDPDOLWWOHEODFNERBVDQGEODFNJLUOVZLOOEHDEOHWRMRLQKDQGVDEDPDOLWWOHEODFNERBVDQGEODFNJLUOVZLOOEHDEOHWRMRLQKDQGVZLWKOLWWOHZKLWHERBVDQGZKLWHJLUOVDVVLVWHUVDQGEURWKHUVZLWKOLWWOHZKLWHERBVDQGZKLWHJLUOVDVVLVWHUVDQGEURWKHUVLKDYHDGUHDPLKDYHDGUHDPWRGDBWRGDB


Substitution CipherSubstitution Cipher Randomly generated substitutionRandomly generated substitution ExampleExample

A A F F B B K K C C D D D D J J etc.etc.

CharacteristicsCharacteristics Private & symmetric keyPrivate & symmetric key MonoalphabeticMonoalphabetic Key = alphabet of substitutionsKey = alphabet of substitutions Keyspace = 26!Keyspace = 26!


Substitution Cipher – AnalysisSubstitution Cipher – Analysis Keyspace = 26! = Keyspace = 26! =

403291461126605635584000000 = 4.03 403291461126605635584000000 = 4.03 xx 10102626

But other factors make it insecureBut other factors make it insecure Letter frequencyLetter frequencyN-gramsN-grams Strong elimination coefficientStrong elimination coefficient With patience, can be decoded by handWith patience, can be decoded by hand

Plain text – BOOKKEEPINGROCKSPlain text – BOOKKEEPINGROCKS Cipher text – JXXTTZZDOYBEXATUCipher text – JXXTTZZDOYBEXATU


Substitution Cipher – ExampleSubstitution Cipher – Example H PFAI FH PFAI F JZIFY TPFT UVI JFB TPHW VFTHUV GHXX ZHWI EM FVJ XHAI UET TPI TZEI JZIFY TPFT UVI JFB TPHW VFTHUV GHXX ZHWI EM FVJ XHAI UET TPI TZEI

YIFVHVN UC HTW DZIIJ: "GI PUXJ TPIWI TZETPW TU KI WIXC-IAHJIVT: TPFT FXX YIV FZI YIFVHVN UC HTW DZIIJ: "GI PUXJ TPIWI TZETPW TU KI WIXC-IAHJIVT: TPFT FXX YIV FZI DZIFTIJ IOEFX."DZIFTIJ IOEFX."

H PFAI FH PFAI F JZIFY TPFT UVI JFB UV TPI ZIJ PHXXW UC NIUZNHF TPI WUVW UC CUZYIZ JZIFY TPFT UVI JFB UV TPI ZIJ PHXXW UC NIUZNHF TPI WUVW UC CUZYIZ WXFAIW FVJ TPI WUVW UC CUZYIZ WXFAI UGVIZW GHXX KI FKXI TU WHT JUGV WXFAIW FVJ TPI WUVW UC CUZYIZ WXFAI UGVIZW GHXX KI FKXI TU WHT JUGV TUNITPIZ FT TPI TFKXI UC KZUTPIZPUUJ.TUNITPIZ FT TPI TFKXI UC KZUTPIZPUUJ.

H PFAI FH PFAI F JZIFY TPFT UVI JFB IAIV TPI WTFTI UC YHWWHWWHMMH, F WTFTI WGIXTIZHVN JZIFY TPFT UVI JFB IAIV TPI WTFTI UC YHWWHWWHMMH, F WTFTI WGIXTIZHVN GHTP TPI PIFT UC HVREWTHDI, WGIXTIZHVN GHTP TPI PIFT UC UMMZIWWHUV, GHXX KI GHTP TPI PIFT UC HVREWTHDI, WGIXTIZHVN GHTP TPI PIFT UC UMMZIWWHUV, GHXX KI TZFVWCUZYIJ HVTU FV UFWHW UC CZIIJUY FVJ REWTHDI.TZFVWCUZYIJ HVTU FV UFWHW UC CZIIJUY FVJ REWTHDI.

H PFAI FH PFAI F JZIFY TPFT YB CUEZ XHTTXI DPHXJZIV GHXX UVI JFB XHAI HV F VFTHUV GPIZI JZIFY TPFT YB CUEZ XHTTXI DPHXJZIV GHXX UVI JFB XHAI HV F VFTHUV GPIZI TPIB GHXX VUT KI REJNIJ KB TPI DUXUZ UC TPIHZ WSHV KET KB TPI DUVTIVT UC TPIHZ TPIB GHXX VUT KI REJNIJ KB TPI DUXUZ UC TPIHZ WSHV KET KB TPI DUVTIVT UC TPIHZ DPFZFDTIZ.DPFZFDTIZ.

H PFAI FH PFAI F JZIFY TUJFB. JZIFY TUJFB. H PFAI FH PFAI F JZIFY TPFT UVI JFB, JUGV HV FXFKFYF, GHTP HTW AHDHUEW ZFDHWTW, GHTP JZIFY TPFT UVI JFB, JUGV HV FXFKFYF, GHTP HTW AHDHUEW ZFDHWTW, GHTP

HTW NUAIZVUZ PFAHVN PHW XHMW JZHMMHVN GHTP TPI GUZJW UC HTW NUAIZVUZ PFAHVN PHW XHMW JZHMMHVN GHTP TPI GUZJW UC HVTIZMUWHTHUV FVJ VEXXHCHDFTHUV; UVI JFB ZHNPT TPIZI HV FXFKFYF, XHTTXI HVTIZMUWHTHUV FVJ VEXXHCHDFTHUV; UVI JFB ZHNPT TPIZI HV FXFKFYF, XHTTXI KXFDS KUBW FVJ KXFDS NHZXW GHXX KI FKXI TU RUHV PFVJW GHTP XHTTXI GPHTI KXFDS KUBW FVJ KXFDS NHZXW GHXX KI FKXI TU RUHV PFVJW GHTP XHTTXI GPHTI KUBW FVJ GPHTI NHZXW FW WHWTIZW FVJ KZUTPIZW. KUBW FVJ GPHTI NHZXW FW WHWTIZW FVJ KZUTPIZW.

H PFAI FH PFAI F JZIFY TUJFB. JZIFY TUJFB. H PFAI FH PFAI F JZIFY TPFT UVI JFB IAIZB AFXXIB WPFXX KI ILFXTIJ, IAIZB PHXX FVJ YUEVTFHV JZIFY TPFT UVI JFB IAIZB AFXXIB WPFXX KI ILFXTIJ, IAIZB PHXX FVJ YUEVTFHV

WPFXX KI YFJI XUG, TPI ZUENP MXFDIW GHXX KI YFJI MXFHV, FVJ TPI DZUUSIJ MXFDIW WPFXX KI YFJI XUG, TPI ZUENP MXFDIW GHXX KI YFJI MXFHV, FVJ TPI DZUUSIJ MXFDIW GHXX KI YFJI WTZFHNPT, FVJ TPI NXUZB UC TPI XUZJ WPFXX KI ZIAIFXIJ, FVJ FXX GHXX KI YFJI WTZFHNPT, FVJ TPI NXUZB UC TPI XUZJ WPFXX KI ZIAIFXIJ, FVJ FXX CXIWP WPFXX WII HT TUNITPIZ.CXIWP WPFXX WII HT TUNITPIZ.


Substitution Cipher – ExampleSubstitution Cipher – ExampleHPFAIFJZIFYHPFAIFJZIFYTPFTUVIJFBTPHWVFTHUVGHXXZHWIEMFVJXHAIUETTPITZTPFTUVIJFBTPHWVFTHUVGHXXZHWIEMFVJXHAIUETTPITZ

EIYIFVHVNUCHTWDZIIJGIPUXJTPIWITZETPWTUKIWIXCIAHJIVTTPFTEIYIFVHVNUCHTWDZIIJGIPUXJTPIWITZETPWTUKIWIXCIAHJIVTTPFTFXXYIVFZIDZIFTIJIOEFXFXXYIVFZIDZIFTIJIOEFXHPFAIFJZIFYHPFAIFJZIFYTPFTUVIJFBUVTPIZIJPHXXWUCTPFTUVIJFBUVTPIZIJPHXXWUCNIUZNHFTPIWUVWUCCUZYIZWXFAIWFVJTPIWUVWUCCUZYIZWXFAINIUZNHFTPIWUVWUCCUZYIZWXFAIWFVJTPIWUVWUCCUZYIZWXFAIUGVIZWGHXXKIFKXITUWHTJUGVTUNITPIZFTTPITFKXIUCKZUTPIZPUGVIZWGHXXKIFKXITUWHTJUGVTUNITPIZFTTPITFKXIUCKZUTPIZPUUJUUJHPFAIFJZIFYHPFAIFJZIFYTPFTUVIJFBIAIVTPIWTFTIUCYHWWHWWHMMHFWTTPFTUVIJFBIAIVTPIWTFTIUCYHWWHWWHMMHFWTFTIWGIXTIZHVNGHTPTPIPIFTUCHVREWTHDIWGIXTIZHVNGHTPTPIPIFTIWGIXTIZHVNGHTPTPIPIFTUCHVREWTHDIWGIXTIZHVNGHTPTPIPIFTUCUMMZIWWHUVGHXXKITZFVWCUZYIJHVTUFVUFWHWUCCZIIJUFTUCUMMZIWWHUVGHXXKITZFVWCUZYIJHVTUFVUFWHWUCCZIIJUYFVJREWTHDIYFVJREWTHDIHPFAIFJZIFYHPFAIFJZIFYTPFTYBCUEZXHTTXIDPHXJZIVGHXXUVIJTPFTYBCUEZXHTTXIDPHXJZIVGHXXUVIJFBXHAIHVFVFTHUVGPIZITPIBGHXXVUTKIREJNIJKBTPIDUXUZUCTPIFBXHAIHVFVFTHUVGPIZITPIBGHXXVUTKIREJNIJKBTPIDUXUZUCTPIHZWSHVKETKBTPIDUVTIVTUCTPIHZDPFZFDTIZHZWSHVKETKBTPIDUVTIVTUCTPIHZDPFZFDTIZHPFAIFJZIFYHPFAIFJZIFYTUJFBTUJFBHPHPFAIFJZIFYFAIFJZIFYTPFTUVIJFBJUGVHVFXFKFYFGHTPHTWAHDHUEWZFDHWTTPFTUVIJFBJUGVHVFXFKFYFGHTPHTWAHDHUEWZFDHWTWGHTPHTWNUAIZVUZPFAHVNPHWXHMWJZHMMHVNGHTPTPIGUZJWGHTPHTWNUAIZVUZPFAHVNPHWXHMWJZHMMHVNGHTPTPIGUZJWUCHVTIZMUWHTHUVFVJVEXXHCHDFTHUVUVIJFBZHNPTTPIZIHVFWUCHVTIZMUWHTHUVFVJVEXXHCHDFTHUVUVIJFBZHNPTTPIZIHVFXFKFYFXHTTXIKXFDSKUBWFVJKXFDSNHZXWGHXXKIFKXITURUHVXFKFYFXHTTXIKXFDSKUBWFVJKXFDSNHZXWGHXXKIFKXITURUHVPFVJWGHTPXHTTXIGPHTIKUBWFVJGPHTINHZXWFWWHWTIZWFVJKPFVJWGHTPXHTTXIGPHTIKUBWFVJGPHTINHZXWFWWHWTIZWFVJKZUTPIZWZUTPIZWHPFAIFJZIFYHPFAIFJZIFYTUJFBHPFAIFJZIFYTPFTUTUJFBHPFAIFJZIFYTPFTU


Transposition CipherTransposition Cipher Generate permutation of n objectsGenerate permutation of n objects Transpose lettersTranspose letters Permutation of 0 through 7Permutation of 0 through 7

6 – 3 – 7 – 1 – 4 – 8 – 5 – 26 – 3 – 7 – 1 – 4 – 8 – 5 – 2 Yields value transpositionYields value transposition

1 1 6 6 2 2 3 3 3 3 7 7 4 4 1 1 5 5 4 4 6 6 8 8 7 7 5 5 8 8 2 2


Transposition Cipher – ExampleTransposition Cipher – Example Plain textPlain textSay not the Struggle Naught AvailethSay not the Struggle Naught Availeth

by Arthur Hugh Clough (1819 – 1861)by Arthur Hugh Clough (1819 – 1861)

Say not the struggle naught availeth,Say not the struggle naught availeth,The labour and the wounds are vain,The labour and the wounds are vain,The enemy faints not, nor faileth,The enemy faints not, nor faileth,And as things have been they remain.And as things have been they remain.

If hopes were dupes, fears may be liars;If hopes were dupes, fears may be liars;It may be, in yon smoke conceal'd,It may be, in yon smoke conceal'd,Your comrades chase e'en now the fliers,Your comrades chase e'en now the fliers,And, but for you, possess the field.And, but for you, possess the field.

For while the tired waves, vainly breaking,For while the tired waves, vainly breaking,Seem here no painful inch to gain,Seem here no painful inch to gain,Far back, through creeks and inlets making,Far back, through creeks and inlets making,Comes silent, flooding in, the main.Comes silent, flooding in, the main.

And not by eastern windows only,And not by eastern windows only,When daylight comes, comes in the light;When daylight comes, comes in the light;In front the sun climbs slow, how slowly!In front the sun climbs slow, how slowly!But westward, look, the land is bright! But westward, look, the land is bright!

[I remember sitting at home in Reading as a boy of 9 listening to the radio. It was 1941, a very bad time for England in the [I remember sitting at home in Reading as a boy of 9 listening to the radio. It was 1941, a very bad time for England in the Second World War. Winston Churchill was reading a poem, Say Not the Struggle Naught Availeth by Arthur Clough. Second World War. Winston Churchill was reading a poem, Say Not the Struggle Naught Availeth by Arthur Clough. - Cardinal Cormac Murphy-O’Connor]- Cardinal Cormac Murphy-O’Connor]


Transposition Cipher – ExampleTransposition Cipher – ExampleSay not the Struggle Naught AvailethSay not the Struggle Naught Availeth by Arthur Hugh Clough (1819 – 1861)by Arthur Hugh Clough (1819 – 1861)

Say not the struggle naught availeth,Say not the struggle naught availeth,The labour and the wounds are vain,The labour and the wounds are vain,The enemy faints not, nor faileth,The enemy faints not, nor faileth,And as things have been they remain.And as things have been they remain.

If hopes were dupes, fears may be liars;If hopes were dupes, fears may be liars;It may be, in yon smoke conceal'd,It may be, in yon smoke conceal'd,Your comrades chase e'en now the fliers,Your comrades chase e'en now the fliers,And, but for you, possess the field.And, but for you, possess the field.


Transposition Cipher – ExampleTransposition Cipher – Example Cipher textCipher text

TYTSNHOAGTGERLUSHATEUAGNTIHVLBEAURRYTHHAOHTYTSNHOAGTGERLUSHATEUAGNTIHVLBEAURRYTHHAOHUUCGLGOATHYTNSUSGHTGREGNHLATUEEATAIHLVBEOTUUCGLGOATHYTNSUSGHTGREGNHLATUEEATAIHLVBEOTLUAHHNERDWTAANRODESUHIEVNETAAMINYNFENNOTOLUAHHNERDWTAANRODESUHIEVNETAAMINYNFENNOTORTSTIHFLAEAHAINSNTDEHBGAEVSYTREHEENFIHMNOIARRTSTIHFLAEAHAINSNTDEHBGAEVSYTREHEENFIHMNOIARSEPWDEEEEAUSRFPEALSYIBMMSAAIYTROINBNSYEOKNMSEPWDEEEEAUSRFPEALSYIBMMSAAIYTROINBNSYEOKNMECCOOLUEDRYADMECRSAOEAECSNEHEWFNTLHONRDISBECCOOLUEDRYADMECRSAOEAECSNEHEWFNTLHONRDISBAEYFOUOURTSSSPSTEOLFDHIFEELWEOHTIRETDHIWREAEIAEYFOUOURTSSSPSTEOLFDHIFEELWEOHTIRETDHIWREAEIASNVVABKLRIEYMSHNEEEGANIRONPECLHFITNUFAAOIRNASNVVABKLRIEYMSHNEEEGANIRONPECLHFITNUFAAOIRNGHCRBKOTAEHEUCKRGNNLSDEIAIMNTAGKSSMICELSOOTGHCRBKOTAEHEUCKRGNNLSDEIAIMNTAGKSSMICELSOOTOEFDLNTGHIIENNNIDMNNAAABSOYTETNNDEWOIRYOWWOEFDLNTGHIIENNNIDMNNAAABSOYTETNNDEWOIRYOWWNHLSLDIEAGYNECSHOCMTNETOSHIMTIIEGNHLTOHFNETRNHLSLDIEAGYNECSHOCMTNETOSHIMTIIEGNHLTOHFNETRINMSCBLUHLOSOWWSYOBSWULLWEATSRTWTOHDOEKLSINMSCBLUHLOSOWWSYOBSWULLWEATSRTWTOHDOEKLSNBLDRIARHEITMIGSBIEETRMTNHTGOAIEIAMNDREAGBIANBLDRIARHEITMIGSBIEETRMTNHTGOAIEIAMNDREAGBIAOSNSFTYLEIOONTNGHTIOAIEDTIRESRWAYVAMDEBTFIALOSNSFTYLEIOONTNGHTIOAIEDTIRESRWAYVAMDEBTFIALEAONNGRENSDTEHIONRCDLWOIANDRSWWUNRTCCHOALEAONNGRENSDTEHIONRCDLWOIANDRSWWUNRTCCHOALSHLRWIGDAEIPNAYMNOSOAETHRTEUSTALUGEGNGIALHVSHLRWIGDAEIPNAYMNOSOAETHRTEUSTALUGEGNGIALHVEATRBTTYHAHUCGULHORNRACDLIACRMCMUAOCHORYNEATRBTTYHAHUCGULHORNRACDLIACRMCMUAOCHORYNOPCRONYNOOOPCRONYNOO


Vigenere CipherVigenere Cipher Polyalphabetic substitutionPolyalphabetic substitution Use n randomly generated substitutionsUse n randomly generated substitutions

11stst letter is encoded by 1 letter is encoded by 1stst substitution alphabet substitution alphabet 22ndnd letter is encoded by 2 letter is encoded by 2ndnd substitution alphabet substitution alphabet . . .. . . nnthth letter is encoded by n letter is encoded by nthth substitution alphabet substitution alphabet n+1n+1stst letter is encoded by 1 letter is encoded by 1stst substitution alphabet substitution alphabet etc.etc.


Vigenere – Simple ExampleVigenere – Simple Example

Key = 3752Key = 3752 Successive letters are shifted by 3, 7, 5, 2Successive letters are shifted by 3, 7, 5, 2 Plain text – BOOKKEEPINGROCKSPlain text – BOOKKEEPINGROCKS Cipher text – EVTMNLJRLULTRJPUCipher text – EVTMNLJRLULTRJPU Eliminates double lettersEliminates double letters Scatters N-gramsScatters N-grams


Vigenere CipherVigenere Cipher AdvantagesAdvantages

Creates confusionCreates confusion Same letter can be encoded n different waysSame letter can be encoded n different ways Pretty much eliminates n-gramsPretty much eliminates n-grams Keyspace > 26!Keyspace > 26!


Vigenere CipherVigenere Cipher le chiffre indéchiffrablele chiffre indéchiffrable Named for Blaise de Vigenère Named for Blaise de Vigenère Invented by Giovan Battista Bellaso Invented by Giovan Battista Bellaso

ca. 1550ca. 1550 Broken byBroken by

Charles Babbage in 1854 (unpublished)Charles Babbage in 1854 (unpublished) Major Friedrich Kasiski in 1863Major Friedrich Kasiski in 1863

» Prussian infantry officePrussian infantry office


Vigenere Cipher – ExampleVigenere Cipher – ExampleT KRCST KRCS L GILOX WYHH ZQV KOJ WYPG YDKPCY ZZSZ CLJL IA DEK ZTYV VIE WYL HCXV L GILOX WYHH ZQV KOJ WYPG YDKPCY ZZSZ CLJL IA DEK ZTYV VIE WYL HCXV

TSLQZUU ZI ZAG NUVLR: "HH YVZO WYLGP WIBHSV KV PP VVST-PYZKSYW: KOOE DCS TSLQZUU ZI ZAG NUVLR: "HH YVZO WYLGP WIBHSV KV PP VVST-PYZKSYW: KOOE DCS APQ RYS NUVHHPG VXILO."APQ RYS NUVHHPG VXILO."

Z OOGH R KFPDD AVLW FUS ODP VB EKV YSO KZSZD RW NSZUXPO EKV ZCYV FM TZUDLF Z OOGH R KFPDD AVLW FUS ODP VB EKV YSO KZSZD RW NSZUXPO EKV ZCYV FM TZUDLF DORCSD DEK HSH JVBD RW MCCPVY GWDML CHQVYG HLCS PP DSSS ER JPH ORNU DORCSD DEK HSH JVBD RW MCCPVY GWDML CHQVYG HLCS PP DSSS ER JPH ORNU HZJVAVPU RA HSH KHPWH FM PCRKOSCKFVR.HZJVAVPU RA HSH KHPWH FM PCRKOSCKFVR.

T KRCST KRCS L GILOX WYHH ZQV KOJ HMLB EKV ZHLWV VT XLJZWDVZWDT, D JAOEH L GILOX WYHH ZQV KOJ HMLB EKV ZHLWV VT XLJZWDVZWDT, D JAOEH JDSWWVYWYJ NPHS WYL VPDK VT TQABGELTL, GHHCASCLEN KTWY AVP KVHH ZI JDSWWVYWYJ NPHS WYL VPDK VT TQABGELTL, GHHCASCLEN KTWY AVP KVHH ZI FWDCHJZWZQ, NPZW EV AFLQJMCCPVK WYWF HB ZDJPG ZI WYSPGFT OYG ABGELTL.FWDCHJZWZQ, NPZW EV AFLQJMCCPVK WYWF HB ZDJPG ZI WYSPGFT OYG ABGELTL.

W SDMLW SDML O OUVHA EKRA AJ IFBF WLKAZP FYPZOUVU KTOC VBP GRF ZTYV PB L QRAWZQ O OUVHA EKRA AJ IFBF WLKAZP FYPZOUVU KTOC VBP GRF ZTYV PB L QRAWZQ NOSCH KOSJ ZZSZ YRK IS UXUNSO EP AVP FFSCC RW AVPLI ZYTQ SBH MB KOS NOSCH KOSJ ZZSZ YRK IS UXUNSO EP AVP FFSCC RW AVPLI ZYTQ SBH MB KOS NREASYW FM HSHZY QSDIHQEHI.NREASYW FM HSHZY QSDIHQEHI.

P VLYV H RCHRT HZGRF.P VLYV H RCHRT HZGRF.W SDMLW SDML O OUVHA EKRA CYH UHM, ORNU WY DCHPLPR, DWEK ZAG GLTPCFV IHQTVKZ, O OUVHA EKRA CYH UHM, ORNU WY DCHPLPR, DWEK ZAG GLTPCFV IHQTVKZ,

KTWY PHD JFCSCQFY VLYZUU SLJ SWAV UYWASZUU HLKO HSH NVFOV FM KTWY PHD JFCSCQFY VLYZUU SLJ SWAV UYWASZUU HLKO HSH NVFOV FM WYWVYDZVZAWZQ RUR YXCSWQLTHHTRE; VBP GRF FTJYA HSHIL WY DCHPLPR, WYWVYDZVZAWZQ RUR YXCSWQLTHHTRE; VBP GRF FTJYA HSHIL WY DCHPLPR, SWEWCL PWDTR PZBJ HBO ECHQV JZYZD ZZSZ MH RIZP WF QCTQ YHBOV NPHS OZAHWH SWEWCL PWDTR PZBJ HBO ECHQV JZYZD ZZSZ MH RIZP WF QCTQ YHBOV NPHS OZAHWH NOWEH SVMD DEK KSLKL UTUCZ OD VZZHPUJ HBO EIVHSHIZ.NOWEH SVMD DEK KSLKL UTUCZ OD VZZHPUJ HBO EIVHSHIZ.

W SDMLW SDML O OUVHA ERUHM. O OUVHA ERUHM.T KRCST KRCS L GILOX WYHH ZQV KOJ HMLFJ YRSZPB JOOWO SL SIDCASO, HMLFJ KZSZ LQU L GILOX WYHH ZQV KOJ HMLFJ YRSZPB JOOWO SL SIDCASO, HMLFJ KZSZ LQU

TCFQKHWY VYHZW EV TOOH TCFQKHWY VYHZW EV TOOH


Vigenere Cipher – Example AnalysisVigenere Cipher – Example AnalysisTKRCSTKRCSLGILOXWYHHZQVKOJWYPGYDKPCYZZSZCLJLIADEKZTYVVILGILOXWYHHZQVKOJWYPGYDKPCYZZSZCLJLIADEKZTYVVIEWYLHCXVTSLQZUUZIZAGNUVLRHHYVZOWYLGPWIBHSVKVPPVVSTEWYLHCXVTSLQZUUZIZAGNUVLRHHYVZOWYLGPWIBHSVKVPPVVSTPYZKSYWKOOEDCSAPQRYSNUVHHPGVXILOZOOGHRKFPDDAVLWFUSPYZKSYWKOOEDCSAPQRYSNUVHHPGVXILOZOOGHRKFPDDAVLWFUSODPVBEKVYSOKZSZDRWNSZUXPOEKVZCYVFMTZUDLFDORCSDDEKHODPVBEKVYSOKZSZDRWNSZUXPOEKVZCYVFMTZUDLFDORCSDDEKHSHJVBDRWMCCPVYGWDMLCHQVYGHLCSPPDSSSERJPHORNUHZJVAVSHJVBDRWMCCPVYGWDMLCHQVYGHLCSPPDSSSERJPHORNUHZJVAVPURAHSHKHPWHFMPCRKOSCKFVRPURAHSHKHPWHFMPCRKOSCKFVRTKRCSTKRCSLGILOXWYHHZQVKOJHMLBLGILOXWYHHZQVKOJHMLBEKVZHLWVVTXLJZWDVZWDTDJAOEHJDSWWVYWYJNPHSWYLVPDKVTEKVZHLWVVTXLJZWDVZWDTDJAOEHJDSWWVYWYJNPHSWYLVPDKVTTQABGELTLGHHCASCLENKTWYAVPKVHHZIFWDCHJZWZQNPZWEVAFTQABGELTLGHHCASCLENKTWYAVPKVHHZIFWDCHJZWZQNPZWEVAFLQJMCCPVKWYWFHBZDJPGZIWYSPGFTOYGABGELTLLQJMCCPVKWYWFHBZDJPGZIWYSPGFTOYGABGELTLWSDMLWSDMLOOUVHAOOUVHAEKRAAJIFBFWLKAZPFYPZOUVUKTOCVBPGRFZTYVPBLQRAWZQNOSEKRAAJIFBFWLKAZPFYPZOUVUKTOCVBPGRFZTYVPBLQRAWZQNOSCHKOSJZZSZYRKISUXUNSOEPAVPFFSCCRWAVPLIZYTQSBHMBKOSCHKOSJZZSZYRKISUXUNSOEPAVPFFSCCRWAVPLIZYTQSBHMBKOSNREASYWFMHSHZYQSDIHQEHIPVLYVHRCHRTHZGRFNREASYWFMHSHZYQSDIHQEHIPVLYVHRCHRTHZGRFWSDMLWSDMLOOUVHAOOUVHAEKRACYHUHMORNUWYDCHPLPRDWEKZAGGLTPCFVIHQTVKZKTWYPHEKRACYHUHMORNUWYDCHPLPRDWEKZAGGLTPCFVIHQTVKZKTWYPHDJFCSCQFYVLYZUUSLJSWAVUYWASZUUHLKOHSHNVFOVFMWYWVYDDJFCSCQFYVLYZUUSLJSWAVUYWASZUUHLKOHSHNVFOVFMWYWVYDZVZAWZQRURYXCSWQLTHHTREVBPGRFFTJYAHSHILWYDCHPLPRSWZVZAWZQRURYXCSWQLTHHTREVBPGRFFTJYAHSHILWYDCHPLPRSWEWCLPWDTRPZBJHBOECHQVJZYZDZZSZMHRIZPWFQCTQYHBOVNPHEWCLPWDTRPZBJHBOECHQVJZYZDZZSZMHRIZPWFQCTQYHBOVNPHSOZAHWHNOWEHSVMDDEKKSLKLUTUCZODVZZHPUJHBOEIVHSHIZWSOZAHWHNOWEHSVMDDEKKSLKLUTUCZODVZZHPUJHBOEIVHSHIZWSDMLOOUVHAERUHMSDMLOOUVHAERUHMTKRCSTKRCSLGILOXWYHHZQVKOJHMLFJYRSZPBJOOLGILOXWYHHZQVKOJHMLFJYRSZPBJOOWOSLSIDCASOHMLFJKZSZLQUTCFQKHWYVYHZWEVTOOHCVKEKVYCWOSLSIDCASOHMLFJKZSZLQUTCFQKHWYVYHZWEVTOOHCVKEKVYCFJYWZLFVZKTOCISXDULDWDZUOYGKOSNUFVYPGGSONHJDWWOSLAFJYWZLFVZKTOCISXDULDWDZUOYGKOSNUFVYPGGSONHJDWWOSLALGVZHCDZNVEDEKHSHXSCCBFMHSHCVFOVYHZWEVYSGHRSSODEKOLGVZHCDZNVEDEKHSHXSCCBFMHSHCVFOVYHZWEVYSGHRSSODEKO


Vigenere Cipher – Example AnalysisVigenere Cipher – Example AnalysisTKRCSTKRCSLGILOLGILOXWYHHZQVKOXWYHHZQVKOJWYPGYDKPCJWYPGYDKPCYZZSZCLJLIYZZSZCLJLIADEKZTYVVIADEKZTYVVIEWYLHCXVTSEWYLHCXVTSLQZUUZIZAGLQZUUZIZAGNUVLRHHYVZNUVLRHHYVZOWYLGPWIBHOWYLGPWIBHSVKVPPVVSTSVKVPPVVSTPYZKSYWKOOPYZKSYWKOOEDCSAPQRYSEDCSAPQRYSNUVHHPGVXINUVHHPGVXILOZOOGHRKFLOZOOGHRKFPDDAVLWFUSPDDAVLWFUSODPVBEKVYSODPVBEKVYSOKZSZDRWNSOKZSZDRWNSZUXPOEKVZCZUXPOEKVZCYVFMTZUDLFYVFMTZUDLFDORCSDDEKHDORCSDDEKHSHJVBDRWMCSHJVBDRWMCCPVYGWDMLCCPVYGWDMLCHQVYGHLCSPHQVYGHLCSPPDSSSERJPHPDSSSERJPHORNUHZJVAVORNUHZJVAVPURAHSHKHPPURAHSHKHPWHFMPCRKOSWHFMPCRKOSCKFVRCKFVRTKRCSTKRCSLGILOXWYHHLGILOXWYHHZQVKOJHMLBZQVKOJHMLBEKVZHLWVVTEKVZHLWVVTXLJZWDVZWDXLJZWDVZWDTDJAOEHJDSTDJAOEHJDSWWVYWYJNPHWWVYWYJNPHSWYLVPDKVTSWYLVPDKVTTQABGELTLGTQABGELTLG


Vigenere Cipher – Example AnalysisVigenere Cipher – Example AnalysisHHCASCLENKHHCASCLENKTWYAVPKVHHTWYAVPKVHHZIFWDCHJZWZIFWDCHJZWZQNPZWEVAFZQNPZWEVAFLQJMCCPVKWLQJMCCPVKWYWFHBZDJPGYWFHBZDJPGZIWYSPGFTOZIWYSPGFTOYGABGELTLWYGABGELTLWSDMLSDMLOOUVHAOOUVHAEKRAAJIFBFEKRAAJIFBFWLKAZPFYPZWLKAZPFYPZOUVUKTOCVBOUVUKTOCVBPGRFZTYVPBPGRFZTYVPBLQRAWZQNOSLQRAWZQNOSCHKOSJZZSZCHKOSJZZSZYRKISUXUNSYRKISUXUNSOEPAVPFFSCOEPAVPFFSCCRWAVPLIZYCRWAVPLIZYTQSBHMBKOSTQSBHMBKOSNREASYWFMHNREASYWFMHSHZYQSDIHQSHZYQSDIHQEHIPVLYVHREHIPVLYVHRCHRTHZGRFWCHRTHZGRFWSDMLSDMLOOUVHAOOUVHA


Compare to SubstitutionCompare to SubstitutionHPFAIFJZIFHPFAIFJZIFYYTPFTUVIJFTPFTUVIJFBTPHWVFTHUBTPHWVFTHUVGHXXZHWIEVGHXXZHWIEMFVJXHAIUEMFVJXHAIUETTPITZEIYITTPITZEIYIFVHVNUCHTWFVHVNUCHTWDZIIJGIPUXDZIIJGIPUXJTPIWITZETJTPIWITZETPWTUKIWIXCPWTUKIWIXCIAHJIVTTPFIAHJIVTTPFTFXXYIVFZITFXXYIVFZIDZIFTIJIOEDZIFTIJIOEFXFXHPFAIFJZHPFAIFJZ


Compare to SubstitutionCompare to SubstitutionIFYIFYTPFTUVITPFTUVIJFBUVTPIZIJFBUVTPIZIJPHXXWUCNIJPHXXWUCNIUZNHFTPIWUUZNHFTPIWUVWUCCUZYIZVWUCCUZYIZWXFAIWFVJTWXFAIWFVJTPIWUVWUCCUPIWUVWUCCUZYIZWXFAIUZYIZWXFAIUGVIZWGHXXKGVIZWGHXXKIFKXITUWHTIFKXITUWHTJUGVTUNITPJUGVTUNITPIZFTTPITFKIZFTTPITFKXIUCKZUTPIXIUCKZUTPIZPUUJZPUUJHPFAIHPFAIFJZIFYFJZIFYTPFTTPFTUVIJFBIAIVUVIJFBIAIV


Compare to SubstitutionCompare to SubstitutionTPIWTFTIUCTPIWTFTIUCYHWWHWWHMMYHWWHWWHMMHFWTFTIWGIHFWTFTIWGIXTIZHVNGHTXTIZHVNGHTPTPIPIFTUCPTPIPIFTUCHVREWTHDIWHVREWTHDIWGIXTIZHVNGGIXTIZHVNGHTPTPIPIFTHTPTPIPIFTUCUMMZIWWHUCUMMZIWWHUVGHXXKITZUVGHXXKITZFVWCUZYIJHFVWCUZYIJHVTUFVUFWHWVTUFVUFWHWUCCZIIJUYFUCCZIIJUYFVJREWTHDIVJREWTHDIHHPFAIFJZIFYPFAIFJZIFYTPFTYBCUEZTPFTYBCUEZ


Compare to SubstitutionCompare to SubstitutionXHTTXIDPHXXHTTXIDPHXJZIVGHXXUVJZIVGHXXUVIJFBXHAIHVIJFBXHAIHVFVFTHUVGPIFVFTHUVGPIZITPIBGHXXZITPIBGHXXVUTKIREJNIVUTKIREJNIJKBTPIDUXUJKBTPIDUXUZUCTPIHZWSZUCTPIHZWSHVKETKBTPIHVKETKBTPIDUVTIVTUCTDUVTIVTUCTPIHZDPFZFDPIHZDPFZFDTIZTIZHPFAIFJHPFAIFJZIFYZIFYTUJFBTUJFBHHPFAIFJZIFYPFAIFJZIFYTPFTUVIJFBTPFTUVIJFBJUGVHVFXFKJUGVHVFXFKFYFGHTPHTWFYFGHTPHTW


Compare to SubstitutionCompare to SubstitutionAHDHUEWZFDAHDHUEWZFDHWTWGHTPHTHWTWGHTPHTWNUAIZVUZPWNUAIZVUZPFAHVNPHWXHFAHVNPHWXHMWJZHMMHVNMWJZHMMHVNGHTPTPIGUZGHTPTPIGUZJWUCHVTIZMJWUCHVTIZMUWHTHUVFVJUWHTHUVFVJVEXXHCHDFTVEXXHCHDFTHUVUVIJFBZHUVUVIJFBZHNPTTPIZIHHNPTTPIZIHVFXFKFYFXHVFXFKFYFXHTTXIKXFDSKTTXIKXFDSKUBWFVJKXFDUBWFVJKXFDSNHZXWGHXXSNHZXWGHXXKIFKXITURUKIFKXITURUHVPFVJWGHTHVPFVJWGHTPXHTTXIGPHPXHTTXIGPHTIKUBWFVJGTIKUBWFVJGPHTINHZXWFPHTINHZXWFWWHWTIZWFVWWHWTIZWFVJKZUTPIZWJKZUTPIZWHHPFAIFJZIFYPFAIFJZIFYTUJFBHPFAITUJFBHPFAIFJZIFYTPFTUFJZIFYTPFTU


Deciphering VigenereDeciphering Vigenere Determine the number of alphabetsDetermine the number of alphabets

Compute distances between matching sequencesCompute distances between matching sequences Compute GCD of distancesCompute GCD of distances

Treat cipher text as n separate textsTreat cipher text as n separate texts For each separate text & each of 25 possible shiftsFor each separate text & each of 25 possible shifts

Compute Index of CoincidenceCompute Index of Coincidence based on frequencies found in cipher textbased on frequencies found in cipher text using table of frequencies of letters in Englishusing table of frequencies of letters in English

Index of Coincidence formulaIndex of Coincidence formula fee = fee = {relFreqTab(k, ciphLet) * {relFreqTab(k, ciphLet) *

charFreq(ciphLet)}charFreq(ciphLet)}


Frequency Table – EnglishFrequency Table – English

A 0.08; B 0.015; C 0.03; D 0.04; E 0.13; A 0.08; B 0.015; C 0.03; D 0.04; E 0.13;

F 0.02; G 0.015; H 0.06; I 0.065; J 0.005F 0.02; G 0.015; H 0.06; I 0.065; J 0.005

K 0.005; L 0.035; M 0.03; N 0.07; O 0.08K 0.005; L 0.035; M 0.03; N 0.07; O 0.08

P 0.02; Q 0.002; R 0.065; S 0.06; T 0.09P 0.02; Q 0.002; R 0.065; S 0.06; T 0.09

U 0.03; V 0.01; W 0.015; X 0.005; Y 0.02U 0.03; V 0.01; W 0.015; X 0.005; Y 0.02

Z 0.002Z 0.002


Deciphering AlgorithmDeciphering Algorithm Using the key length and the file Using the key length and the file

charFreqEng.txtcharFreqEng.txt Generate tables of letter frequency and Generate tables of letter frequency and

relative frequency (within the text)relative frequency (within the text) Generate the Fee TableGenerate the Fee Table Sort the Fee Table to produce a ranked Sort the Fee Table to produce a ranked

orderorder


Code to Produce Fee TableCode to Produce Fee TablePublic Sub genFeeTable(ByVal keyLen As Integer)Public Sub genFeeTable(ByVal keyLen As Integer)Dim k, shift, ciphLet As IntegerDim k, shift, ciphLet As IntegerDim fee As DoubleDim fee As Double For k = 1 To keyLenFor k = 1 To keyLen For shift = 0 To 25For shift = 0 To 25 fee = 0fee = 0 For ciphLet = 0 To 25For ciphLet = 0 To 25 fee = fee + relFreqTab(k, ciphLet) * fee = fee + relFreqTab(k, ciphLet) *

charFreq((ciphLet + 26 - shift)Mod 26)charFreq((ciphLet + 26 - shift)Mod 26) Next ciphLetNext ciphLet feeTab(k, shift) = feefeeTab(k, shift) = fee Next shiftNext shift Next kNext kEnd SubEnd Sub


Vigenere – Final StepVigenere – Final Step Produce possible plain textsProduce possible plain texts

using combination ofusing combination of highest ranking fee table valueshighest ranking fee table values

Choose best plain textChoose best plain text This step can be automatedThis step can be automated

Rate each possible plain textRate each possible plain text using n-gram informationusing n-gram information or list of 5 letter words in Englishor list of 5 letter words in English


Vernam CipherVernam Cipher Gilbert Sandford Vernam – inventorGilbert Sandford Vernam – inventor

Also known as one-time padAlso known as one-time pad Invented ca. 1919Invented ca. 1919

Proven unbreakable by Claude ShannonProven unbreakable by Claude Shannon Communication Theory of Secrecy SystemsCommunication Theory of Secrecy Systems 19491949

Unbreakable if and only ifUnbreakable if and only if Key is same length as plain textKey is same length as plain text Key is never re-usedKey is never re-used


Vernam CipherVernam Cipher Basic operation – bitwise XORBasic operation – bitwise XOR XOR tableXOR table

0 xor 0 = 00 xor 0 = 0 0 xor 1 = 10 xor 1 = 1 1 xor 0 = 11 xor 0 = 1 1 xor 1 = 01 xor 1 = 0

Plain text is represented as bit streamPlain text is represented as bit stream Key is random bit stream of same lengthKey is random bit stream of same length Cipher text is produced via bitwise XOR of Cipher text is produced via bitwise XOR of

plain bit stream and key bit stream.plain bit stream and key bit stream.


Vernam Cipher – ExampleVernam Cipher – Example Plain text :: Grade = A – Great!Plain text :: Grade = A – Great! Plain text in ASCIIPlain text in ASCII

71 114 97 100 101 32 61 32 65 32 45 32 71 114 97 100 101 32 61 32 65 32 45 32 71 114 101 97 116 3371 114 101 97 116 33

Plain text as bit streamPlain text as bit stream 01000111 01110010 01100001 01100100 01000111 01110010 01100001 01100100

01100101 00100000 00111101 00100000 01100101 00100000 00111101 00100000 01000110 00100000 10010110 00100000 01000110 00100000 10010110 00100000 01010011 01101111 01110010 01110010 01010011 01101111 01110010 01110010 01111001 0010000101111001 00100001


Vernam Cipher – ExampleVernam Cipher – Example Key as bit streamKey as bit stream

11000001 01110000 11011110 10111001 01100001 11000001 01110000 11011110 10111001 01100001 10001000 01101100 11111010 00110011 10001000 01101100 11111010 00110011

01001110 01111001 00011110 00001000 10010001 01001110 01111001 00011110 00001000 10010001 10100100 01000000 10000000 0100001010100100 01000000 10000000 01000010

Cipher text as bit streamCipher text as bit stream 10000110 00000010 10111111 11011101 00000100 10000110 00000010 10111111 11011101 00000100

10101000 01010001 11011010 01110010 10101000 01010001 11011010 01110010

01101110 01010100 00111110 01001111 11100011 01101110 01010100 00111110 01001111 11100011 11000001 00100001 11110100 0110001111000001 00100001 11110100 01100011


Vernam Cipher – Why UnbreakableVernam Cipher – Why Unbreakable Try attack by exhaustive searchTry attack by exhaustive search Among possible keysAmong possible keys

11000001 01110000 11011110 10111001 11000001 01110000 11011110 10111001 01100001 10001000 01101100 11111010 01100001 10001000 01101100 11111010 00110100 01001110 01111001 00011110 00110100 01001110 01111001 00011110 00011100 10001100 10110011 01010011 00011100 10001100 10110011 01010011 10001101 0100001010001101 01000010

Produces this recovered plain text:Produces this recovered plain text: Grade = F – Sorry!Grade = F – Sorry!


Vernam Cipher – Why UnbreakableVernam Cipher – Why Unbreakable Exhaustive search will produce every Exhaustive search will produce every

possible combination of 18 characters.possible combination of 18 characters. And there is no way to distinguish between And there is no way to distinguish between

themthem Among the possible recovered texts:Among the possible recovered texts:

Tickle me Elmo nowTickle me Elmo now Jabberwocky Rocks!Jabberwocky Rocks! Attack tomorrow amAttack tomorrow am Attack tomorrow pmAttack tomorrow pm Grade = C++ & JavaGrade = C++ & Java


Vernam Cipher – Why Look Vernam Cipher – Why Look Elsewhere?Elsewhere?

Key distribution problemKey distribution problem Every sender/recipient must have same padEvery sender/recipient must have same pad N sender recipient pairs require N sender recipient pairs require OO(N(N22) pads) pads Pad distribution is security riskPad distribution is security risk

Key coordination problemKey coordination problem Sheets on pad must match exactlySheets on pad must match exactly Messages must arrive in order sentMessages must arrive in order sent

Key generation problemKey generation problem High quality random numbers hard to generateHigh quality random numbers hard to generate

Bottom line – has some limited useBottom line – has some limited use


Current CryptosystemsCurrent Cryptosystems RSA CryptosystemRSA Cryptosystem Advanced Encryption StandardAdvanced Encryption Standard

AESAES RijndaelRijndael


RSA CryptosystemRSA Cryptosystem Theory of asymmetric keyTheory of asymmetric key

Whitfield DiffieWhitfield Diffie Martin HellmanMartin Hellman

RSA algorithm – a 1-way functionRSA algorithm – a 1-way function Ronald RivestRonald Rivest Adi ShamirAdi Shamir Leonard AdlemanLeonard Adleman 19771977

British secret serviceBritish secret service James EllisJames Ellis Clifford CocksClifford Cocks 19731973


RSA CryptosystemRSA Cryptosystem ““One way function” based on . .One way function” based on . .

difficulty of factoring large integersdifficulty of factoring large integers theorem of number theorytheorem of number theory

AsymmetricAsymmetric Public key systemPublic key system

Public key to encodePublic key to encode Private key to decodePrivate key to decode


Public Key CryptographyPublic Key Cryptography Alice wishes to send Bob a private messageAlice wishes to send Bob a private message

Bob gives Alice his public key, EBob gives Alice his public key, EBB

Alice encodes message, MAlice encodes message, M EEBB (M) = C, cipher text (M) = C, cipher text

Bob receives, then decodes C with private key, DBob receives, then decodes C with private key, DBB

DDBB (C) = M (C) = M

If Bob wishes to send Alice a messageIf Bob wishes to send Alice a message He uses Alice’s public key, EHe uses Alice’s public key, EAA

She decodes the message with her private key, DShe decodes the message with her private key, DAA

If Alice and Bob publish their public keys then If Alice and Bob publish their public keys then anyone can communicate with them privately.anyone can communicate with them privately.


Mathematical BasisMathematical Basis Modulo arithmeticModulo arithmetic

Remainder upon divisionRemainder upon division 17/5 = 3 with remainder 217/5 = 3 with remainder 2 17 mod 5 = 217 mod 5 = 2 18 mod 5 = 318 mod 5 = 3 9*2 mod 5 = 39*2 mod 5 = 3

Thus, we can construct a modulo arithmetic Thus, we can construct a modulo arithmetic multiplication tablemultiplication table


Mathematical BasisMathematical Basis Multiplicaton table modulo 8Multiplicaton table modulo 8mod 8 mod 8 1 2 3 4 5 6 71 2 3 4 5 6 7 1 | 1 2 3 4 5 6 71 | 1 2 3 4 5 6 7 2 | 2 4 6 0 2 4 6 2 | 2 4 6 0 2 4 6 3 | 3 6 1 4 7 2 53 | 3 6 1 4 7 2 5 4 | 4 0 4 0 4 0 4 4 | 4 0 4 0 4 0 4 5 | 5 2 7 4 1 6 35 | 5 2 7 4 1 6 3 6 | 6 4 2 0 6 4 26 | 6 4 2 0 6 4 2 7 | 7 6 5 4 3 2 1 7 | 7 6 5 4 3 2 1


Multiplicative InverseMultiplicative Inverse

13*37 mod 60 = 113*37 mod 60 = 1 So we say13 is the multiplicative inverse of So we say13 is the multiplicative inverse of

37 modulo 6037 modulo 60


Euler’s Euler’s Function Function If p and q are two prime numbers then If p and q are two prime numbers then

(p*q) = (p-1)*(q-1)(p*q) = (p-1)*(q-1) For exampleFor example

Let n = 7*11Let n = 7*11 Then Then (n) = 6*10 = 60(n) = 6*10 = 60

This leads to the theorem that is used to This leads to the theorem that is used to construct both the public and private keys construct both the public and private keys of the RSA.of the RSA.


The Basic TheoremThe Basic Theorem Let n = p*q, p & q both primeLet n = p*q, p & q both prime Let e and d be relatively prime mod Let e and d be relatively prime mod (n)(n) I.e., e*d mod I.e., e*d mod (n) = 1(n) = 1 The theorem:The theorem:

If mIf mee mod n = c mod n = c Then cThen cdd mod n = m mod n = m


ExampleExample Let n = 7*11 = 77Let n = 7*11 = 77 Then Then (n) = 60(n) = 60 Recall – 13*37 mod 60 = 1Recall – 13*37 mod 60 = 1 LetLet

e = 13e = 13 d = 37d = 37

Example:Example: 35351313 mod 77 = 63 mod 77 = 63 And 63And 633737 mod 77 = 35 mod 77 = 35


RSA CryptosystemRSA Cryptosystem To encode one needs e & nTo encode one needs e & n

So public key = [e, n]So public key = [e, n] In our example = [13, 77]In our example = [13, 77]

To decode one needs d & nTo decode one needs d & n So private key = [d, n]So private key = [d, n] In our example = [37, 77]In our example = [37, 77]

Point of attackPoint of attack Recall – n = p*qRecall – n = p*q If one could factor n into p & qIf one could factor n into p & q Then they can calculate d, the private keyThen they can calculate d, the private key


RSA CryptosystemRSA Cryptosystem The strength of RSA lies in the difficulty of The strength of RSA lies in the difficulty of

factoring large integersfactoring large integers Example:Example:

Let p = 2Let p = 24423 4423 – 1– 1 Let q = 2Let q = 29689 9689 – 1– 1 Then n = 2Then n = 21411214112 – 2 – 244234423 – 2 – 296899689 + 1 + 1 Let e = 2Let e = 29941 9941 – 1– 1

Note thatNote that n is a 4248 digit numbern is a 4248 digit number and without further knowledge is difficult to factor into and without further knowledge is difficult to factor into

p & qp & q


RSA CryptosystemRSA Cryptosystem Before encodingBefore encoding

Convert plain text into series of integersConvert plain text into series of integers Can use underlying bit stringCan use underlying bit string

If n is 4248 digit numberIf n is 4248 digit number Can encode 1764 character blockCan encode 1764 character block Eliminates repetition cluesEliminates repetition clues

Any bit-based file can be encodedAny bit-based file can be encoded PicturesPictures AudioAudio VideoVideo


RSA CryptosystemRSA Cryptosystem

DrawbackDrawback Computationally intensiveComputationally intensive Relatively slowRelatively slow

Often used for session key exchangeOften used for session key exchange


RSA CryptosystemRSA Cryptosystem Can also be used forCan also be used for

Digital signatureDigital signature AuthenticationAuthentication Non-repudiationNon-repudiation

. . but other algorithms may be preferred. . but other algorithms may be preferred


Personal NotePersonal Note Already know n = p*qAlready know n = p*q Do not need to factor every compositeDo not need to factor every composite All primes (except 2 & 3) areAll primes (except 2 & 3) are

6a + 16a + 1 6b – 16b – 1 73 = 6*12 + 173 = 6*12 + 1 41 = 6*7 – 141 = 6*7 – 1

Therefore n is one of:Therefore n is one of: 36ab + 6(a+b) + 136ab + 6(a+b) + 1 36ab + 6(a – b) – 136ab + 6(a – b) – 1 36ab + 6(b – a) – 136ab + 6(b – a) – 1 36ab – 6(a+b) + 136ab – 6(a+b) + 1

Can be used to factor n, though slow for large nCan be used to factor n, though slow for large n


AES CryptosystemAES Cryptosystem Advanced Encryption StandardAdvanced Encryption Standard Developers – Belgian cryptographersDevelopers – Belgian cryptographers

Joan Daemen Joan Daemen Vincent RijmenVincent Rijmen

NISTNIST National Institute of Standards and TechnologyNational Institute of Standards and Technology formerly National Bureau of Standardsformerly National Bureau of Standards Adopted as standard on May 26, 2002Adopted as standard on May 26, 2002


AES Selection ProcessAES Selection Process NIST announcedNIST announced

January 2, 1997January 2, 1997 Seeking successor to DESSeeking successor to DES

Sought algorithmSought algorithm UnclassifiedUnclassified Publicly disclosed Publicly disclosed Able to protect sensitive government infoAble to protect sensitive government info Well into next centuryWell into next century

Call for new algorithmsCall for new algorithms September 12, 1997September 12, 1997 128 bit blocks128 bit blocks 128, 192 or 256 bit keys128, 192 or 256 bit keys


AES Selection ProcessAES Selection Process 15 designs submitted15 designs submitted

Intense scrutiny, debateIntense scrutiny, debate Two international conferenceTwo international conference CriteriaCriteria

» SecuritySecurity» Perform in various settingsPerform in various settings» Work in limited environmentsWork in limited environments

Five finalists – August 1999Five finalists – August 1999 MARSMARS RC6RC6 RijndaelRijndael SerpentSerpent TwofishTwofish

33rdrd AES conference – April 2000 AES conference – April 2000 Rijndael selected – October 2, 2000Rijndael selected – October 2, 2000


AES EncryptionAES Encryption Generate 128 bit keyGenerate 128 bit key Either hard code or generate S-BoxEither hard code or generate S-Box Create key schedule from 128 bit keyCreate key schedule from 128 bit key

Arrange key into 4 x 4 matrix of bytesArrange key into 4 x 4 matrix of bytes Generate 44-column key schedule fromGenerate 44-column key schedule from

» KeyKey» S-BoxS-Box» Round constantsRound constants

Convert plain text to bit streamConvert plain text to bit stream Arrange every 128 bits into 4 x 4 matrix of bytesArrange every 128 bits into 4 x 4 matrix of bytes Perform encryptionPerform encryption


AES Encryption ComponentsAES Encryption Components BS – ByteSub TransformationBS – ByteSub Transformation

Non-linear layerNon-linear layer Resist differential & linear attacksResist differential & linear attacks

SR – Shift Row TransformationSR – Shift Row Transformation Linear mixing stepLinear mixing step Diffusion of bits over multiple roundsDiffusion of bits over multiple rounds

MC – MixColumn TransformationMC – MixColumn Transformation Similar in purpose to SRSimilar in purpose to SR

ARK - AddRoundKeyARK - AddRoundKey Round key XORed with result of above layerRound key XORed with result of above layer


AES Encryption StepsAES Encryption Steps

1 – ARK using 01 – ARK using 0thth round key round key

2 – Nine rounds of2 – Nine rounds of BS, SR, MC, ARKBS, SR, MC, ARK Using round keys 1 to 9Using round keys 1 to 9

3 – A final round3 – A final round BS, SR, ARKBS, SR, ARK Using 10Using 10thth round key round key


AES Decryption StepsAES Decryption Steps

1 – ARK using 101 – ARK using 10thth round key round key

2 – Nine rounds of2 – Nine rounds of IBS, ISR, IMC, IARKIBS, ISR, IMC, IARK Using round keys 9 to 1Using round keys 9 to 1

3 – A final round3 – A final round IBS, ISR, ARKIBS, ISR, ARK Using 0Using 0thth round key round key

Note: “I” denotes an inverse operationNote: “I” denotes an inverse operation


AES OperationsAES Operations Bit level operationsBit level operations

AdditionAddition Matrix multiplicationMatrix multiplication

Carried outCarried out in finite field GF(2in finite field GF(288)) Using irreducible polynomialUsing irreducible polynomial XX88 + X + X44 + X + X33 + X + 1 + X + 1

Easy, quick in hardwareEasy, quick in hardware XORsXORs ShiftsShifts


AES – Program Development StepsAES – Program Development StepsConvert plaintext to 8-bit plain bits & testConvert plaintext to 8-bit plain bits & testSuccessively store 8-bit units in 4 x 4 array & testSuccessively store 8-bit units in 4 x 4 array & testCreate S-Box array & test its contentsCreate S-Box array & test its contentsGenerate or hard-code round constants & test its Generate or hard-code round constants & test its

contentscontentsPrepare MC-matrix & test its contentsPrepare MC-matrix & test its contentsCreate 128-bit key and generate 10-round key Create 128-bit key and generate 10-round key

schedulescheduleWrite & test addition-in-GF(28) routineWrite & test addition-in-GF(28) routineWrite & test multiplication-in-GF(28) routineWrite & test multiplication-in-GF(28) routineWrite & test matrix-multiplication-in-GF(28) routineWrite & test matrix-multiplication-in-GF(28) routineWrite & test matrix xor routineWrite & test matrix xor routine


AES – Program Development StepsAES – Program Development StepsWrite & test code for ByteSub TransformationWrite & test code for ByteSub TransformationWrite & test code for ShiftRow TransformationWrite & test code for ShiftRow TransformationWrite & test code for MixColumn TransformationWrite & test code for MixColumn TransformationWrite & test code for RoundKey Addition TransformationWrite & test code for RoundKey Addition TransformationWrite main routine to execute AES AlgorithmWrite main routine to execute AES AlgorithmTest program on one 16 character (128-bit) plaintextTest program on one 16 character (128-bit) plaintextWrite & test code for InvByteSub TransformationWrite & test code for InvByteSub TransformationWrite & test code for InvShiftRow TransformationWrite & test code for InvShiftRow TransformationWrite main routine to execute AES Decryption AlgorithmWrite main routine to execute AES Decryption AlgorithmTest decryption on one 128-bit ciphertextTest decryption on one 128-bit ciphertextTest program by encrypting & decrypting specified plaintextTest program by encrypting & decrypting specified plaintext


AES Encryption : S-BoxAES Encryption : S-Box99 124 119 123 242 107 111 19799 124 119 123 242 107 111 197 48 1 103 43 254 215 171 11848 1 103 43 254 215 171 118202 130 201 125 250 89 71 240202 130 201 125 250 89 71 240173 212 162 175 156 164 114 192173 212 162 175 156 164 114 192183 253 147 38 54 63 247 204183 253 147 38 54 63 247 204 52 165 229 241 113 216 49 2152 165 229 241 113 216 49 21 4 199 35 195 24 150 5 1544 199 35 195 24 150 5 154 7 18 128 226 235 39 178 1177 18 128 226 235 39 178 117 9 131 44 26 27 110 90 1609 131 44 26 27 110 90 160 82 59 214 179 41 227 47 13282 59 214 179 41 227 47 132 83 209 0 237 32 252 177 9183 209 0 237 32 252 177 91106 203 190 57 74 76 88 207106 203 190 57 74 76 88 207208 239 170 251 67 77 51 133208 239 170 251 67 77 51 133 69 249 2 127 80 60 159 16869 249 2 127 80 60 159 168 81 163 64 143 146 157 56 24581 163 64 143 146 157 56 245188 182 218 33 16 255 243 210188 182 218 33 16 255 243 210205 12 19 236 95 151 68 23205 12 19 236 95 151 68 23196 167 126 61 100 93 25 115196 167 126 61 100 93 25 115 96 129 79 220 34 42 144 13696 129 79 220 34 42 144 136 70 238 184 20 222 94 11 21970 238 184 20 222 94 11 219224 50 58 10 73 6 36 92224 50 58 10 73 6 36 92194 211 172 98 145 149 228 121194 211 172 98 145 149 228 121231 200 55 109 141 213 78 169231 200 55 109 141 213 78 169108 86 244 234 101 122 174 8108 86 244 234 101 122 174 8186 120 37 46 28 166 180 198186 120 37 46 28 166 180 198232 221 116 31 75 189 139 138232 221 116 31 75 189 139 138112 62 181 102 72 3 246 14112 62 181 102 72 3 246 14 97 53 87 185 134 193 29 15897 53 87 185 134 193 29 158225 248 152 17 105 217 142 148225 248 152 17 105 217 142 148155 30 135 233 206 85 40 223155 30 135 233 206 85 40 223140 161 137 13 191 230 66 104140 161 137 13 191 230 66 104 65 153 45 15 176 84 187 2265 153 45 15 176 84 187 22


Security of AESSecurity of AES Concerns due to clean algebraic structureConcerns due to clean algebraic structure Murphy and RobshawMurphy and Robshaw

Developed BESDeveloped BES Showed AES as special case of BESShowed AES as special case of BES Outlined theoretical line of attackOutlined theoretical line of attack

Their researchTheir research Essential Algebraic Structure Within the AESEssential Algebraic Structure Within the AESComputational and Algebraic Aspects of the Computational and Algebraic Aspects of the

Advanced Encryption StandardAdvanced Encryption Standard


Security – Pro & ConSecurity – Pro & Con Murphy & Robshaw:Murphy & Robshaw: ““We now demonstrate that recovering an We now demonstrate that recovering an

AES key is equivalent to solving particular AES key is equivalent to solving particular systems of extremely sparse multivariate systems of extremely sparse multivariate quadratic equations by expressing a BES quadratic equations by expressing a BES (and hence an AES) encryption as such a (and hence an AES) encryption as such a system.”system.”

On the other hand . .On the other hand . .


On the Other HandOn the Other Hand No attack yet successfulNo attack yet successful Order of magnitudeOrder of magnitude

5248 equations, 3840 quadratic5248 equations, 3840 quadratic 7808 terms7808 terms 2560 state variables2560 state variables

Other considerationsOther considerations Accuracy of XSL* estimates questionableAccuracy of XSL* estimates questionable Based on heuristic argumentsBased on heuristic arguments

* XSL = extended sparse linearization* XSL = extended sparse linearization


Active Area of ResearchActive Area of Research Murphy & Robshaw:Murphy & Robshaw:

“ “One promising approach is to exploit the One promising approach is to exploit the large, though surprisingly simple, system of large, though surprisingly simple, system of multivariate quadratic equations over the finite multivariate quadratic equations over the finite field Ffield F2^82^8 derived from the BES cipher. . . derived from the BES cipher. . .

“ “While the problem of solving such systems is While the problem of solving such systems is known to be hard, it is not entirely unlikely that known to be hard, it is not entirely unlikely that a technique can be developed which exploits a technique can be developed which exploits the particular algebraic structure of the AES the particular algebraic structure of the AES and BES systems.”and BES systems.”

No attack yet successfulNo attack yet successful


Factoradic EncryptionFactoradic Encryption

What is a factoradic?What is a factoradic? How can it be used in encryption?How can it be used in encryption? Semi-dynamic keysSemi-dynamic keys


What Is a Factoradic?What Is a Factoradic? A number system with a factorial baseA number system with a factorial base

PositionalPositional Values of positionsValues of positions

multiplied by factorialmultiplied by factorial vary in rangevary in range


DetailsDetailsMixed radixMixed radixNumber Base = factorialNumber Base = factorialN digits, where N is its orderN digits, where N is its orderMax digit value is pMax digit value is p

– where p is its positionwhere p is its positionValue: digit * p!Value: digit * p!


ExampleExample

[3 1 1 0][3 1 1 0]= 3*3! + 1*2! + 1 *1! + 0*0!= 3*3! + 1*2! + 1 *1! + 0*0!= 18+2+1+0 = 21= 18+2+1+0 = 21


Another ExampleAnother Example

[3 2 1 0] is max fadic of order 4[3 2 1 0] is max fadic of order 4[3 2 1 0] = 23 = 4! - 1[3 2 1 0] = 23 = 4! - 1


AdditionAddition Proceeds mod p+1Proceeds mod p+1 Resulting in sum mod n! Resulting in sum mod n!

– where n is maxorder(fwhere n is maxorder(f11,f,f22))

5 4 3 2 15 4 3 2 1

[2 3 1 1 0] [2 3 1 1 0] = 69= 69

+ [3 1 2 0 0] + [3 1 2 0 0] = 82= 82

= [ ? ? ? ? = [ ? ? ? ? 00 ] ]


AdditionAddition Proceeds mod p+1Proceeds mod p+1 Resulting in sum mod n! Resulting in sum mod n!

– where n is maxorder(fwhere n is maxorder(f11,f,f22))

[2 3 1 1 0] [2 3 1 1 0] = 69= 69

+ [3 1 2 0 0] + [3 1 2 0 0] = 82= 82

= [1 1 0 1 0] = [1 1 0 1 0] = 31 = (69+82) mod 120= 31 = (69+82) mod 120


CompletenessCompleteness

1-1 correspondence with integers1-1 correspondence with integersEvery fadic Every fadic unique integer unique integer

– Saw::Saw:: fadic fadic integer conversion integer conversion

Every integer Every integer unique fadic unique fadic– integer integer fadic conversion fadic conversion


Integer Integer Factoradic Factoradic 400 400 [ ? ? . . ?] [ ? ? . . ?] 11stst n such that n! > 400 n such that n! > 400 order = 6 order = 6 400 div 5! = 3400 div 5! = 3 400-360 = 40400-360 = 40 40 div 4! = 140 div 4! = 1 40-24 = 1640-24 = 16 16 div 3! = 216 div 3! = 2 16-12 = 416-12 = 4 4 div 2! = 24 div 2! = 2 4-4=04-4=0

[3 1 2 2 0 0] = 400[3 1 2 2 0 0] = 400


Factoradics and PermutationsFactoradics and Permutations 1-1 correspondence1-1 correspondence

– fadic order k fadic order k permutation of k objects permutation of k objects

Lexicographic order of permsLexicographic order of perms012012021021102102120120201201210210

nnthth factoradic factoradic n nthth permutation permutation


Fadic-Perm ExampleFadic-Perm Examplexx fadic(x)fadic(x) perm(x)perm(x)

00 [0 0 0][0 0 0] {0 1 2}{0 1 2}11 [0 1 0][0 1 0] {0 2 1}{0 2 1}22 [1 0 0][1 0 0] {1 0 2}{1 0 2}33 [1 1 0][1 1 0] {1 2 0}{1 2 0}44 [2 0 0][2 0 0] {2 0 1}{2 0 1}55 [2 1 0][2 1 0] {2 1 0}{2 1 0}


Fadic Fadic Permutation Permutation Sample Code:Sample Code:For i = 0 To n – 1 :: fadic_plus(i) = fadic(i) + 1 perm(n - 1) = 1 For j = n - 2 To 0 Step -1 nextEntry = fadic_plus(j) perm(j) = nextEntry For i = j + 1 To n – 1

If perm(i) >= nextEntry Then perm(i) = perm(i) + 1 For i = 0 To n - 1 perm(i) = perm(i) - 1 Next i


Dynamic Key GenerationDynamic Key GenerationFadic Fadic Perm Perm Key KeyFadic + Fadic Fadic + Fadic Fadic mod n! Fadic mod n!Use base fadic to generate fadicUse base fadic to generate fadicUse new fadic to generate keyUse new fadic to generate keyRepeatRepeat


DKG ExampleDKG Example Base = Base = [ 2 2 1 0 ][ 2 2 1 0 ] [ 0 0 0 0 ] + [ 0 0 0 0 ] + [ 2 2 1 0 ][ 2 2 1 0 ] = = [ 2 2 1 0 ] [ 2 2 1 0 ] {2 3 1 0}{2 3 1 0} [ 2 2 1 0 ] + [ 2 2 1 0 ] + [ 2 2 1 0 ][ 2 2 1 0 ] = = [ 1 2 0 0 ] [ 1 2 0 0 ] {1 3 0 2}{1 3 0 2} [ 1 2 0 0 ] + [ 1 2 0 0 ] + [ 2 2 1 0 ][ 2 2 1 0 ] = = [ 0 1 1 0 ] [ 0 1 1 0 ] {0 2 3 1}{0 2 3 1} [ 0 1 1 0 ] + [ 0 1 1 0 ] + [ 2 2 1 0 ][ 2 2 1 0 ] = = [ 3 1 0 0 ] [ 3 1 0 0 ] {3 1 0 2}{3 1 0 2} [ 3 1 0 0 ] + [ 3 1 0 0 ] + [ 2 2 1 0 ][ 2 2 1 0 ] = = [ 2 0 1 0 ] [ 2 0 1 0 ] {2 0 3 1}{2 0 3 1} [ 2 0 1 0 ] + [ 2 0 1 0 ] + [ 2 2 1 0 ][ 2 2 1 0 ] = = [ 1 0 0 0 ] [ 1 0 0 0 ] {1 0 2 3}{1 0 2 3} [ 1 0 0 0 ] + [ 1 0 0 0 ] + [ 2 2 1 0 ][ 2 2 1 0 ] = = [ 3 2 1 0 ] [ 3 2 1 0 ] {3 2 1 0}{3 2 1 0}


Encryption SummaryEncryption Summary

•Factoradics provide a way of generating permutationsFactoradics provide a way of generating permutations

Generate Factoradic

Obtain permutation

from factoradic

Use permutation to rearrange

bits


3 1 0 2

Original Binary Data:Original Binary Data:

Use Permutation to swap bitsUse Permutation to swap bitsObtained Permutation:Obtained Permutation:

1 0 1 01 0 1 0

Encrypted Bit Array Data:Encrypted Bit Array Data:

00 11 22 33


3 1 0 2



1 0 1 01 0 1 0


11

00 11 22 33


3 1 0 2



1 0 1 01 0 1 0


1100

00 11 22 33


3 1 0 2



1 0 1 01 0 1 0


110011

00 11 22 33


3 1 0 2



1 0 1 01 0 1 0


110011 00

00 11 22 33


Transposition of ValuesTransposition of Values Consider 3 bits of plain textConsider 3 bits of plain text Generate a permutation of 0 through 7Generate a permutation of 0 through 7

5 – 2 – 6 – 0 – 3 – 7 – 4 – 15 – 2 – 6 – 0 – 3 – 7 – 4 – 1 Yields value transpositionYields value transposition

0 0 5 5 1 1 2 2 2 2 6 6 3 3 0 0 4 4 3 3 5 5 7 7 6 6 4 4 7 7 1 1


Bit Level TranspositionBit Level Transposition Applying transformation at bit level . .Applying transformation at bit level . . Yields bit level transpositionYields bit level transposition

000 000 101 101 001 001 010 010 010 010 110 110 011 011 000 000 100 100 011 011 101 101 111 111 110 110 100 100 111 111 001 001


Iterative TranspositionIterative Transposition Iteration through transpositionIteration through transposition Causes scattering of uniform plain textCauses scattering of uniform plain text Plain textPlain text

000 000 000 000 000 000 000 000000 000 000 000 000 000 000 000 BecomesBecomes

101 010 110 000 011 111 100 001101 010 110 000 011 111 100 001


Basic AlgorithmBasic Algorithm11stst round of encryption round of encryptionIntermediate bit shufflingIntermediate bit shuffling22ndnd round of encryption round of encryption


11stst Encryption Round Encryption RoundPrimary keyPrimary keyIteration count keyIteration count keyPrimary jump keyPrimary jump keyIC shuffle keyIC shuffle keyPJ shuffle keyPJ shuffle key


11stst Encryption Round Encryption RoundPrimary keyPrimary key

– encodes 8 bits of plaintextencodes 8 bits of plaintextIteration count keyIteration count key

–how long a primary key usedhow long a primary key usedPrimary jump keyPrimary jump key

–computes fadic/primary keycomputes fadic/primary key


11stst Encryption Round Encryption RoundIC shuffle keyIC shuffle key

– computes next iteration count keycomputes next iteration count keyPJ shuffle keyPJ shuffle key

– computes next primary jump keycomputes next primary jump key


Intermediate ShufflingIntermediate Shuffling Transposition keyTransposition key

– transposes m bits of cipher text from transposes m bits of cipher text from 11stst round round

Transposition jump keyTransposition jump key– computes next transposition keycomputes next transposition key

TJ shuffle keyTJ shuffle key– computes next transposition jump keycomputes next transposition jump key


22ndnd Encryption Round Encryption RoundRe-encrypts intermediate bitsRe-encrypts intermediate bitsSame algorithm as 1Same algorithm as 1stst round roundHas own set of keysHas own set of keys


Preliminary ResultsPreliminary Results

11stst Test – highly repetitious plain Test – highly repetitious plain texttext

65,536 bits – all zeros65,536 bits – all zerosLook for recurrence of bit Look for recurrence of bit

patternspatterns


Preliminary ResultsPreliminary Results65K bits65K bits

Occurrences of arbitrary bit sequencesOccurrences of arbitrary bit sequences12-bit sequences: 15-18 times12-bit sequences: 15-18 times14-bit sequences: 5-7 times14-bit sequences: 5-7 times16-bit sequences: 1-3 times16-bit sequences: 1-3 times18- & 20-bit sequences: 1 time18- & 20-bit sequences: 1 time


Distance TestDistance Test

Probability of distances between Probability of distances between occurrences of bit stringsoccurrences of bit strings

Example: 3-bit sequencesExample: 3-bit sequences P(bP(b1 1 bb22bb3 3 bb1 1 bb22bb33) = 1/8 = .125) = 1/8 = .125

P(bP(b1 1 bb22bb3 3 bb1 1 xx1 1 xx2 2 xx33bb11bb22bb33) = 7/8 * 1/8 = .10935) = 7/8 * 1/8 = .10935

P(bP(b1 1 bb22bb3 3 bb11[x[x1 1 xx2 2 xx33]]nnbb11bb22bb33) = (7/8)) = (7/8)nn * 1/8 * 1/8


Distance Test Results: 134MDistance Test Results: 134M** bits bits Occurrences of 111Occurrences of 111 1 699049 .1249618 .1251 699049 .1249618 .125 2 612243 .1094444 .1093752 612243 .1094444 .109375 3 536716 .0959432 .09570313 536716 .0959432 .0957031 4 468716 .0837875 .08374024 468716 .0837875 .0837402 5 409291 .0731647 .07327275 409291 .0731647 .0732727 6 357330 .0638762 .06411366 357330 .0638762 .0641136 7 313349 .0560142 .05609947 313349 .0560142 .0560994 8 274349 .0490426 .0490878 274349 .0490426 .049087 9 240059 .0429129 .04295119 240059 .0429129 .0429511 10 210642 .0376543 .037582210 210642 .0376543 .0375822 11 183825 .0328605 .032884411 183825 .0328605 .0328844 12 161219 .0288195 .028773912 161219 .0288195 .0287739 13 141077 .0252189 .025177213 141077 .0252189 .0251772 14 123695 .0221117 .0220314 123695 .0221117 .02203 15 107988 .0193039 .019276315 107988 .0193039 .0192763 16 94514 .0168953 .016866716 94514 .0168953 .0168667 17 82668 .0147777 .014758417 82668 .0147777 .0147584 18 72374 .0129376 .012913618 72374 .0129376 .0129136 19 63362 .0113266 .011299419 63362 .0113266 .0112994 20 55279 .0098817 .00988720 55279 .0098817 .009887

**134,217,728 = 2134,217,728 = 22727


Distance Test Results: 134MDistance Test Results: 134M** bits bits Occurrences of 111Occurrences of 111

1 699049 .1249618 .1251 699049 .1249618 .125

2 612243 .1094444 .1093752 612243 .1094444 .109375

3 536716 .0959432 .09570313 536716 .0959432 .0957031

4 468716 .0837875 .08374024 468716 .0837875 .0837402

5 409291 .0731647 .07327275 409291 .0731647 .0732727**134,217,728 = 2134,217,728 = 22727


Occurrence Test Results: 134M bitsOccurrence Test Results: 134M bits Number of occurrences:Number of occurrences:000 is 5591658 000 is 5591658 001 is 5590568 001 is 5590568 010 is 5592818 010 is 5592818 011 is 5592478 011 is 5592478 100 is 5589295 100 is 5589295 101 is 5592467 101 is 5592467 110 is 5595849 110 is 5595849 111 is 5594101 111 is 5594101


EpilogueEpilogue Information security crisisInformation security crisis Undecidability resultsUndecidability results

No program can recognize all malwareNo program can recognize all malware Multi key securityMulti key security

Lock with N keysLock with N keys Keys given to N personsKeys given to N persons All must be present to open lockAll must be present to open lock

Hardware/user participationHardware/user participation Critical/noncritical separated by hardwareCritical/noncritical separated by hardware Operations in critical area require direct user Operations in critical area require direct user

participationparticipation

Cryptography A Perspective Ursinus College September 25, 2008 Oskars J. Rieksts Computer Science...

Documents

Transcript of Cryptography A Perspective Ursinus College September 25, 2008 Oskars J. Rieksts Computer Science...