1. Classical Encryption Techniques.ppt
senpaixd0110
55 views
61 slides
Aug 16, 2024
Slide 1 of 61
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
About This Presentation
Cryptography ppt
Slide Content
Cryptography and Cryptography and
Network SecurityNetwork Security
Chapter 2Chapter 2
Fifth EditionFifth Edition
by William Stallingsby William Stallings
Lecture slides by Lawrie BrownLecture slides by Lawrie Brown
Edited by Sharada ValivetiEdited by Sharada Valiveti
Network SecurityNetwork Security
Chapter 2Chapter 2
Fifth EditionFifth Edition
by William Stallingsby William Stallings
Lecture slides by Lawrie BrownLecture slides by Lawrie Brown
Edited by Sharada ValivetiEdited by Sharada Valiveti
Chapter 2 – Chapter 2 – Classical EncryptionClassical Encryption
TechniquesTechniques
"I am fairly familiar with all the forms of secret "I am fairly familiar with all the forms of secret
writings, and am myself the author of a trifling writings, and am myself the author of a trifling
monograph upon the subject, in which I analyze monograph upon the subject, in which I analyze
one hundred and sixty separate ciphers," said one hundred and sixty separate ciphers," said
Holmes.Holmes.. .
——The Adventure of the Dancing MenThe Adventure of the Dancing Men, Sir Arthur , Sir Arthur
Conan DoyleConan Doyle
TechniquesTechniques
"I am fairly familiar with all the forms of secret "I am fairly familiar with all the forms of secret
writings, and am myself the author of a trifling writings, and am myself the author of a trifling
monograph upon the subject, in which I analyze monograph upon the subject, in which I analyze
one hundred and sixty separate ciphers," said one hundred and sixty separate ciphers," said
Holmes.Holmes.. .
——The Adventure of the Dancing MenThe Adventure of the Dancing Men, Sir Arthur , Sir Arthur
Conan DoyleConan Doyle
Symmetric EncryptionSymmetric Encryption
Or conventional / Or conventional / private-keyprivate-key / single-key / single-key
Sender and recipient share a common keySender and recipient share a common key
All classical encryption algorithms are All classical encryption algorithms are
private-keyprivate-key
Was only type prior to invention of public-Was only type prior to invention of public-
key in 1970’skey in 1970’s
And by far most widely used (still)And by far most widely used (still)
Is significantly faster than public-key Is significantly faster than public-key
cryptographycryptography
Or conventional / Or conventional / private-keyprivate-key / single-key / single-key
Sender and recipient share a common keySender and recipient share a common key
All classical encryption algorithms are All classical encryption algorithms are
private-keyprivate-key
Was only type prior to invention of public-Was only type prior to invention of public-
key in 1970’skey in 1970’s
And by far most widely used (still)And by far most widely used (still)
Is significantly faster than public-key Is significantly faster than public-key
cryptographycryptography
Some Basic TerminologySome Basic Terminology
plaintextplaintext - original message - original message
ciphertextciphertext - coded message - coded message
ciphercipher - algorithm for transforming plaintext to ciphertext - algorithm for transforming plaintext to ciphertext
keykey - info used in cipher known only to sender/receiver - info used in cipher known only to sender/receiver
encipher (encrypt)encipher (encrypt) - converting plaintext to ciphertext - converting plaintext to ciphertext
decipher (decrypt)decipher (decrypt) - recovering plaintext from ciphertext - recovering plaintext from ciphertext
cryptographycryptography - study of encryption principles/methods - study of encryption principles/methods
cryptanalysis (codebreaking)cryptanalysis (codebreaking) - study of principles/ - study of principles/
methods of deciphering ciphertext methods of deciphering ciphertext withoutwithout knowing key knowing key
cryptologycryptology - field of both cryptography and cryptanalysis - field of both cryptography and cryptanalysis
plaintextplaintext - original message - original message
ciphertextciphertext - coded message - coded message
ciphercipher - algorithm for transforming plaintext to ciphertext - algorithm for transforming plaintext to ciphertext
keykey - info used in cipher known only to sender/receiver - info used in cipher known only to sender/receiver
encipher (encrypt)encipher (encrypt) - converting plaintext to ciphertext - converting plaintext to ciphertext
decipher (decrypt)decipher (decrypt) - recovering plaintext from ciphertext - recovering plaintext from ciphertext
cryptographycryptography - study of encryption principles/methods - study of encryption principles/methods
cryptanalysis (codebreaking)cryptanalysis (codebreaking) - study of principles/ - study of principles/
methods of deciphering ciphertext methods of deciphering ciphertext withoutwithout knowing key knowing key
cryptologycryptology - field of both cryptography and cryptanalysis - field of both cryptography and cryptanalysis
Symmetric Cipher ModelSymmetric Cipher Model
RequirementsRequirements
Two requirements for secure use of symmetric Two requirements for secure use of symmetric
encryption:encryption:
A strong encryption algorithmA strong encryption algorithm
A secret key known only to sender / receiverA secret key known only to sender / receiver
Mathematically have:Mathematically have:
Y Y = e(k, = e(k, xx) = e) = e
kk(x) = {x}(x) = {x}
kk
X X = d(k, = d(k, yy) = d) = d
kk(y)(y)
Assume encryption algorithm is knownAssume encryption algorithm is known
Kerckhoff’s principleKerckhoff’s principle: security in secrecy of key alone, : security in secrecy of key alone,
not in obscurity of the encryption algorithmnot in obscurity of the encryption algorithm
Implies a secure channel to Implies a secure channel to distribute keydistribute key
Central problem in symmetric cryptographyCentral problem in symmetric cryptography
Two requirements for secure use of symmetric Two requirements for secure use of symmetric
encryption:encryption:
A strong encryption algorithmA strong encryption algorithm
A secret key known only to sender / receiverA secret key known only to sender / receiver
Mathematically have:Mathematically have:
Y Y = e(k, = e(k, xx) = e) = e
kk(x) = {x}(x) = {x}
kk
X X = d(k, = d(k, yy) = d) = d
kk(y)(y)
Assume encryption algorithm is knownAssume encryption algorithm is known
Kerckhoff’s principleKerckhoff’s principle: security in secrecy of key alone, : security in secrecy of key alone,
not in obscurity of the encryption algorithmnot in obscurity of the encryption algorithm
Implies a secure channel to Implies a secure channel to distribute keydistribute key
Central problem in symmetric cryptographyCentral problem in symmetric cryptography
CryptographyCryptography
Can characterize cryptographic system by:Can characterize cryptographic system by:
Type of encryption operations usedType of encryption operations used
•SubstitutionSubstitution
•TranspositionTransposition
•ProductProduct
Number of keys usedNumber of keys used
•Single-key or privateSingle-key or private
•Two-key or publicTwo-key or public
Way in which plaintext is processedWay in which plaintext is processed
•BlockBlock
•StreamStream
Can characterize cryptographic system by:Can characterize cryptographic system by:
Type of encryption operations usedType of encryption operations used
•SubstitutionSubstitution
•TranspositionTransposition
•ProductProduct
Number of keys usedNumber of keys used
•Single-key or privateSingle-key or private
•Two-key or publicTwo-key or public
Way in which plaintext is processedWay in which plaintext is processed
•BlockBlock
•StreamStream
CryptanalysisCryptanalysis
Objective to recover key not just messageObjective to recover key not just message
General approaches:General approaches:
Cryptanalytic attackCryptanalytic attack
Brute-force attackBrute-force attack
If either succeed all key use compromisedIf either succeed all key use compromised
Objective to recover key not just messageObjective to recover key not just message
General approaches:General approaches:
Cryptanalytic attackCryptanalytic attack
Brute-force attackBrute-force attack
If either succeed all key use compromisedIf either succeed all key use compromised
Cryptanalytic AttacksCryptanalytic Attacks
Ciphertext onlyCiphertext only
Only know algorithm & ciphertext, is Only know algorithm & ciphertext, is
statistical, can identify plaintext statistical, can identify plaintext
Known plaintextKnown plaintext
Know/suspect plaintext & ciphertextKnow/suspect plaintext & ciphertext
Chosen plaintextChosen plaintext
Select plaintext and obtain ciphertextSelect plaintext and obtain ciphertext
Chosen ciphertextChosen ciphertext
Select ciphertext and obtain plaintextSelect ciphertext and obtain plaintext
Chosen textChosen text
Select plaintext or ciphertext to en/decryptSelect plaintext or ciphertext to en/decrypt
Ciphertext onlyCiphertext only
Only know algorithm & ciphertext, is Only know algorithm & ciphertext, is
statistical, can identify plaintext statistical, can identify plaintext
Known plaintextKnown plaintext
Know/suspect plaintext & ciphertextKnow/suspect plaintext & ciphertext
Chosen plaintextChosen plaintext
Select plaintext and obtain ciphertextSelect plaintext and obtain ciphertext
Chosen ciphertextChosen ciphertext
Select ciphertext and obtain plaintextSelect ciphertext and obtain plaintext
Chosen textChosen text
Select plaintext or ciphertext to en/decryptSelect plaintext or ciphertext to en/decrypt
Cipher StrengthCipher Strength
Unconditional securityUnconditional security
No matter how much computer power or time No matter how much computer power or time
is available, the cipher cannot be broken is available, the cipher cannot be broken
since the ciphertext provides insufficient since the ciphertext provides insufficient
information to uniquely determine the information to uniquely determine the
corresponding plaintext corresponding plaintext
Computational securityComputational security
Given limited computing resources (e.g. Time Given limited computing resources (e.g. Time
needed for calculations is greater than age of needed for calculations is greater than age of
universe), the cipher cannot be broken universe), the cipher cannot be broken
Unconditional securityUnconditional security
No matter how much computer power or time No matter how much computer power or time
is available, the cipher cannot be broken is available, the cipher cannot be broken
since the ciphertext provides insufficient since the ciphertext provides insufficient
information to uniquely determine the information to uniquely determine the
corresponding plaintext corresponding plaintext
Computational securityComputational security
Given limited computing resources (e.g. Time Given limited computing resources (e.g. Time
needed for calculations is greater than age of needed for calculations is greater than age of
universe), the cipher cannot be broken universe), the cipher cannot be broken
Encryption MappingsEncryption Mappings
A given key (k)A given key (k)
Maps any message Mi to Maps any message Mi to
some ciphertext E(k,Mi)some ciphertext E(k,Mi)
Ciphertext image of Mi is Ciphertext image of Mi is
unique to Mi under kunique to Mi under k
Plaintext pre-image of Ci is Plaintext pre-image of Ci is
unique to Ci under k unique to Ci under k
NotationNotation
key k and Mi in M, key k and Mi in M, ƎƎ! Cj ! Cj
in C such that E(k,Mi) = Cjin C such that E(k,Mi) = Cj
key k and ciphertext Ci key k and ciphertext Ci
in C, in C, !
Ǝ
!
Ǝ
Mj in M such that Mj in M such that
E(k,Mj) = Ci E(k,Mj) = Ci
EE
kk(.) is “one-to-one” (injective)(.) is “one-to-one” (injective)
If |M|=|C| it is also “onto” If |M|=|C| it is also “onto”
(surjective), and hence (surjective), and hence
bijective. bijective.
M1
M2
M3
Mi
Mn
C1
C2
C3
Ci
Cn
K
1
K
1
K
1
K1
K
1 K
1
A A
A A
M=set of all M=set of all
plaintexts plaintexts
C=set of all C=set of all
ciphertexts ciphertexts
A given key (k)A given key (k)
Maps any message Mi to Maps any message Mi to
some ciphertext E(k,Mi)some ciphertext E(k,Mi)
Ciphertext image of Mi is Ciphertext image of Mi is
unique to Mi under kunique to Mi under k
Plaintext pre-image of Ci is Plaintext pre-image of Ci is
unique to Ci under k unique to Ci under k
NotationNotation
key k and Mi in M, key k and Mi in M, ƎƎ! Cj ! Cj
in C such that E(k,Mi) = Cjin C such that E(k,Mi) = Cj
key k and ciphertext Ci key k and ciphertext Ci
in C, in C, !
Ǝ
!
Ǝ
Mj in M such that Mj in M such that
E(k,Mj) = Ci E(k,Mj) = Ci
EE
kk(.) is “one-to-one” (injective)(.) is “one-to-one” (injective)
If |M|=|C| it is also “onto” If |M|=|C| it is also “onto”
(surjective), and hence (surjective), and hence
bijective. bijective.
M1
M2
M3
Mi
Mn
C1
C2
C3
Ci
Cn
K
1
K
1
K
1
K1
K
1 K
1
A A
A A
M=set of all M=set of all
plaintexts plaintexts
C=set of all C=set of all
ciphertexts ciphertexts
Encryption Mappings (2)Encryption Mappings (2)
A given plaintext (Mi)A given plaintext (Mi)
Mi is mapped to Mi is mapped to somesome ciphertext ciphertext
E(K,Mi) by every key kE(K,Mi) by every key k
Different keys may map Mi to the Different keys may map Mi to the
same ciphertextsame ciphertext
There may be some ciphertexts to There may be some ciphertexts to
which Mi is never mapped by any which Mi is never mapped by any
keykey
NotationNotation
key k and Mi in M, key k and Mi in M, ƎƎ! !
ciphertext Cj in C such that ciphertext Cj in C such that
E(k,Mi) = CjE(k,Mi) = Cj
It is possible that there are keys k It is possible that there are keys k
and k’ such that E(k,Mi) = E(k’,Mi) and k’ such that E(k,Mi) = E(k’,Mi)
There may be some ciphertext Cj There may be some ciphertext Cj
for which for which ƎƎ key k such that key k such that
E(k,Mi) = Cj E(k,Mi) = Cj
M1
M2
M3
Mi
Mn
C1
C2
C3
Ci
Cn
K2,K89,...
Kj
K
1
,
K
7
5
7
,
.
.
.
K
3
,K
j’,...
K
m A A
A given plaintext (Mi)A given plaintext (Mi)
Mi is mapped to Mi is mapped to somesome ciphertext ciphertext
E(K,Mi) by every key kE(K,Mi) by every key k
Different keys may map Mi to the Different keys may map Mi to the
same ciphertextsame ciphertext
There may be some ciphertexts to There may be some ciphertexts to
which Mi is never mapped by any which Mi is never mapped by any
keykey
NotationNotation
key k and Mi in M, key k and Mi in M, ƎƎ! !
ciphertext Cj in C such that ciphertext Cj in C such that
E(k,Mi) = CjE(k,Mi) = Cj
It is possible that there are keys k It is possible that there are keys k
and k’ such that E(k,Mi) = E(k’,Mi) and k’ such that E(k,Mi) = E(k’,Mi)
There may be some ciphertext Cj There may be some ciphertext Cj
for which for which ƎƎ key k such that key k such that
E(k,Mi) = Cj E(k,Mi) = Cj
M1
M2
M3
Mi
Mn
C1
C2
C3
Ci
Cn
K2,K89,...
Kj
K
1
,
K
7
5
7
,
.
.
.
K
3
,K
j’,...
K
m A A
Encryption Mappings (3)Encryption Mappings (3)
A ciphertext (Ci)A ciphertext (Ci)
Has a unique plaintext pre-Has a unique plaintext pre-
image under each k image under each k
May have two keys that map May have two keys that map
the same plaintext to itthe same plaintext to it
There may be some plaintext There may be some plaintext
Mj such that no key maps Mj Mj such that no key maps Mj
to Cito Ci
NotationNotation
key k and ciphertext Ci key k and ciphertext Ci
in C, in C, !
Ǝ
!
Ǝ
Mj in M such that Mj in M such that
E(k,Mj) = Ci E(k,Mj) = Ci
There may exist keys k, k’ There may exist keys k, k’
and plaintext Mj such that and plaintext Mj such that
E(k,Mj) = E(k’,Mj) = CiE(k,Mj) = E(k’,Mj) = Ci
There may exist plaintext Mj There may exist plaintext Mj
such that such that ƎƎ key k such that key k such that
E(k,Mj) = CiE(k,Mj) = Ci
M1
M2
M3
Mi
Mn
C1
C2
C3
Ci
Cn
K
1
,
K
1
7
,
.
.
.
K2,K89,...
Kj
K
3,K
94,...
Km
.
.
.
.
.
.
.
.
.
.
.
.
...
... A A
A ciphertext (Ci)A ciphertext (Ci)
Has a unique plaintext pre-Has a unique plaintext pre-
image under each k image under each k
May have two keys that map May have two keys that map
the same plaintext to itthe same plaintext to it
There may be some plaintext There may be some plaintext
Mj such that no key maps Mj Mj such that no key maps Mj
to Cito Ci
NotationNotation
key k and ciphertext Ci key k and ciphertext Ci
in C, in C, !
Ǝ
!
Ǝ
Mj in M such that Mj in M such that
E(k,Mj) = Ci E(k,Mj) = Ci
There may exist keys k, k’ There may exist keys k, k’
and plaintext Mj such that and plaintext Mj such that
E(k,Mj) = E(k’,Mj) = CiE(k,Mj) = E(k’,Mj) = Ci
There may exist plaintext Mj There may exist plaintext Mj
such that such that ƎƎ key k such that key k such that
E(k,Mj) = CiE(k,Mj) = Ci
M1
M2
M3
Mi
Mn
C1
C2
C3
Ci
Cn
K
1
,
K
1
7
,
.
.
.
K2,K89,...
Kj
K
3,K
94,...
Km
.
.
.
.
.
.
.
.
.
.
.
.
...
... A A
Encryption Mappings (4)Encryption Mappings (4)
Under what conditions will there always be Under what conditions will there always be
some key that maps some plaintext to a some key that maps some plaintext to a
given ciphertext? given ciphertext?
If for an intercepted ciphertext cIf for an intercepted ciphertext c
jj, there is , there is
some plaintext msome plaintext m
ii for which there does not for which there does not
exist any key k that maps mexist any key k that maps m
ii to c to c
jj, then the , then the
attacker has learned somethingattacker has learned something
If the attacker has ciphertext cIf the attacker has ciphertext c
jj and known and known
plaintext mplaintext m
ii, then many keys may be , then many keys may be
eliminatedeliminated
Under what conditions will there always be Under what conditions will there always be
some key that maps some plaintext to a some key that maps some plaintext to a
given ciphertext? given ciphertext?
If for an intercepted ciphertext cIf for an intercepted ciphertext c
jj, there is , there is
some plaintext msome plaintext m
ii for which there does not for which there does not
exist any key k that maps mexist any key k that maps m
ii to c to c
jj, then the , then the
attacker has learned somethingattacker has learned something
If the attacker has ciphertext cIf the attacker has ciphertext c
jj and known and known
plaintext mplaintext m
ii, then many keys may be , then many keys may be
eliminatedeliminated
Brute Force SearchBrute Force Search
Always possible to simply try every key Always possible to simply try every key
Most basic attack, exponential in key length Most basic attack, exponential in key length
Assume either know / recognise plaintextAssume either know / recognise plaintext
Key Size (bits)Number of Alternative
Keys
Time required at 1
decryption/µs
Time required at 10
6
decryptions/µs
32 2
32
= 4.3 10
9
2
31
µs = 35.8 minutes2.15 milliseconds
56 2
56
= 7.2 10
16
2
55
µs = 1142 years 10.01 hours
128 2
128
= 3.4 10
38
2
127
µs = 5.4 10
24
years5.4 10
18
years
168 2
168
= 3.7 10
50
2
167
µs = 5.9 10
36
years5.9 10
30
years
26 characters
(permutation)
26! = 4 10
26
2 10
26
µs= 6.4 10
12
years6.4 10
6
years
Always possible to simply try every key Always possible to simply try every key
Most basic attack, exponential in key length Most basic attack, exponential in key length
Assume either know / recognise plaintextAssume either know / recognise plaintext
Key Size (bits)Number of Alternative
Keys
Time required at 1
decryption/µs
Time required at 10
6
decryptions/µs
32 2
32
= 4.3 10
9
2
31
µs = 35.8 minutes2.15 milliseconds
56 2
56
= 7.2 10
16
2
55
µs = 1142 years 10.01 hours
128 2
128
= 3.4 10
38
2
127
µs = 5.4 10
24
years5.4 10
18
years
168 2
168
= 3.7 10
50
2
167
µs = 5.9 10
36
years5.9 10
30
years
26 characters
(permutation)
26! = 4 10
26
2 10
26
µs= 6.4 10
12
years6.4 10
6
years
Classical Substitution Classical Substitution
CiphersCiphers
Where Where letters of plaintext are replaced by letters of plaintext are replaced by
other letters or by numbers or symbolsother letters or by numbers or symbols
Or if plaintext is Or if plaintext is viewed as a sequence of viewed as a sequence of
bits, then substitution involves replacing bits, then substitution involves replacing
plaintext bit patterns with ciphertext bit plaintext bit patterns with ciphertext bit
patternspatterns
CiphersCiphers
Where Where letters of plaintext are replaced by letters of plaintext are replaced by
other letters or by numbers or symbolsother letters or by numbers or symbols
Or if plaintext is Or if plaintext is viewed as a sequence of viewed as a sequence of
bits, then substitution involves replacing bits, then substitution involves replacing
plaintext bit patterns with ciphertext bit plaintext bit patterns with ciphertext bit
patternspatterns
Caesar CipherCaesar Cipher
Earliest known substitution cipherEarliest known substitution cipher
By Julius Caesar By Julius Caesar
First attested use in military affairsFirst attested use in military affairs
Replaces each letter by 3rd letter onReplaces each letter by 3rd letter on
Example:Example:
Meet me after the toga partyMeet me after the toga party
Phhw ph diwhu wkh wrjd sduwbPhhw ph diwhu wkh wrjd sduwb
Earliest known substitution cipherEarliest known substitution cipher
By Julius Caesar By Julius Caesar
First attested use in military affairsFirst attested use in military affairs
Replaces each letter by 3rd letter onReplaces each letter by 3rd letter on
Example:Example:
Meet me after the toga partyMeet me after the toga party
Phhw ph diwhu wkh wrjd sduwbPhhw ph diwhu wkh wrjd sduwb
Caesar CipherCaesar Cipher
Can define transformation as:Can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z = a b c d e f g h i j k l m n o p q r s t u v w x y z =
ININ
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C = D E F G H I J K L M N O P Q R S T U V W X Y Z A B C =
OUTOUT
Mathematically give each letter a numberMathematically give each letter a number
a b c d e f g h i j k l m n o p q r s t u v w x y za b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 250 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Then have Caesar (rotation) cipher as:Then have Caesar (rotation) cipher as:
c c = E(k, = E(k, pp) = () = (p p + + kk) mod (26)) mod (26)
p p = D(k, c) = (c – = D(k, c) = (c – kk) mod (26)) mod (26)
Can define transformation as:Can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z = a b c d e f g h i j k l m n o p q r s t u v w x y z =
ININ
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C = D E F G H I J K L M N O P Q R S T U V W X Y Z A B C =
OUTOUT
Mathematically give each letter a numberMathematically give each letter a number
a b c d e f g h i j k l m n o p q r s t u v w x y za b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 250 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Then have Caesar (rotation) cipher as:Then have Caesar (rotation) cipher as:
c c = E(k, = E(k, pp) = () = (p p + + kk) mod (26)) mod (26)
p p = D(k, c) = (c – = D(k, c) = (c – kk) mod (26)) mod (26)
Cryptanalysis of Caesar Cryptanalysis of Caesar
Cipher Cipher
Only have 26 possible ciphers Only have 26 possible ciphers
A maps to A,B,..Z A maps to A,B,..Z
Could simply try each in turn Could simply try each in turn
A A brute force searchbrute force search
Given ciphertext, just try all shifts of lettersGiven ciphertext, just try all shifts of letters
Do need to recognize when have plaintextDo need to recognize when have plaintext
Eg. Break ciphertext "GCUA VQ DTGCM"Eg. Break ciphertext "GCUA VQ DTGCM"
Cipher Cipher
Only have 26 possible ciphers Only have 26 possible ciphers
A maps to A,B,..Z A maps to A,B,..Z
Could simply try each in turn Could simply try each in turn
A A brute force searchbrute force search
Given ciphertext, just try all shifts of lettersGiven ciphertext, just try all shifts of letters
Do need to recognize when have plaintextDo need to recognize when have plaintext
Eg. Break ciphertext "GCUA VQ DTGCM"Eg. Break ciphertext "GCUA VQ DTGCM"
Affine CipherAffine Cipher
Broaden to include multiplicationBroaden to include multiplication
Can define affine transformation as:Can define affine transformation as:
C C = e(k, = e(k, pp) = (a) = (ap p + + bb) mod (26)) mod (26)
P P = d(k, c) = (a= d(k, c) = (a
-1-1
(c – (c – b)b)) mod (26)) mod (26)
Key k=(a,b)Key k=(a,b)
A must be relatively prime to 26A must be relatively prime to 26
So there exists unique inverse So there exists unique inverse aa
-1-1
Broaden to include multiplicationBroaden to include multiplication
Can define affine transformation as:Can define affine transformation as:
C C = e(k, = e(k, pp) = (a) = (ap p + + bb) mod (26)) mod (26)
P P = d(k, c) = (a= d(k, c) = (a
-1-1
(c – (c – b)b)) mod (26)) mod (26)
Key k=(a,b)Key k=(a,b)
A must be relatively prime to 26A must be relatively prime to 26
So there exists unique inverse So there exists unique inverse aa
-1-1
Affine Cipher - ExampleAffine Cipher - Example
Example k=(17,3):Example k=(17,3):
a b c d e f g h i j k l m n o p q r s t u v w x y a b c d e f g h i j k l m n o p q r s t u v w x y
z = INz = IN
D U L C T K B S J A R I Z Q H Y P G X O F W N E V D U L C T K B S J A R I Z Q H Y P G X O F W N E V
M = OUTM = OUT
Example:Example:
meet me after the toga partymeet me after the toga party
ZTTO ZT DKOTG OST OHBD YDGOVZTTO ZT DKOTG OST OHBD YDGOV
Now how many keys are there?Now how many keys are there?
12 x 26 = 31212 x 26 = 312
Still can be brute force attacked!Still can be brute force attacked!
Example k=(17,3):Example k=(17,3):
a b c d e f g h i j k l m n o p q r s t u v w x y a b c d e f g h i j k l m n o p q r s t u v w x y
z = INz = IN
D U L C T K B S J A R I Z Q H Y P G X O F W N E V D U L C T K B S J A R I Z Q H Y P G X O F W N E V
M = OUTM = OUT
Example:Example:
meet me after the toga partymeet me after the toga party
ZTTO ZT DKOTG OST OHBD YDGOVZTTO ZT DKOTG OST OHBD YDGOV
Now how many keys are there?Now how many keys are there?
12 x 26 = 31212 x 26 = 312
Still can be brute force attacked!Still can be brute force attacked!
Monoalphabetic CipherMonoalphabetic Cipher
Rather than just shifting the alphabet Rather than just shifting the alphabet
Could shuffle (permute) the letters arbitrarily Could shuffle (permute) the letters arbitrarily
Each plaintext letter maps to a different random Each plaintext letter maps to a different random
ciphertext letter ciphertext letter
Hence key is 26 letters long Hence key is 26 letters long
Plain: abcdefghijklmnopqrstuvwxyzPlain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZNCipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplacelettersPlaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYACiphertext: WIRFRWAJUHYFTSDVFSFUUFYA
Rather than just shifting the alphabet Rather than just shifting the alphabet
Could shuffle (permute) the letters arbitrarily Could shuffle (permute) the letters arbitrarily
Each plaintext letter maps to a different random Each plaintext letter maps to a different random
ciphertext letter ciphertext letter
Hence key is 26 letters long Hence key is 26 letters long
Plain: abcdefghijklmnopqrstuvwxyzPlain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZNCipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplacelettersPlaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYACiphertext: WIRFRWAJUHYFTSDVFSFUUFYA
Monoalphabetic Cipher Monoalphabetic Cipher
SecuritySecurity
Key size is now 25 characters…Key size is now 25 characters…
Now have a total of 26! = 4 x 10Now have a total of 26! = 4 x 10
2626
keys keys
With so many keys, might think is secure With so many keys, might think is secure
But would be But would be !!!WRONG!!!!!!WRONG!!!
Problem is language characteristicsProblem is language characteristics
SecuritySecurity
Key size is now 25 characters…Key size is now 25 characters…
Now have a total of 26! = 4 x 10Now have a total of 26! = 4 x 10
2626
keys keys
With so many keys, might think is secure With so many keys, might think is secure
But would be But would be !!!WRONG!!!!!!WRONG!!!
Problem is language characteristicsProblem is language characteristics
Language Redundancy and Language Redundancy and
CryptanalysisCryptanalysis
Human languages are Human languages are redundantredundant
E.G., "Th lrd s m shphrd shll nt wnt" E.G., "Th lrd s m shphrd shll nt wnt"
Letters are not equally commonly used Letters are not equally commonly used
In english E is by far the most common letter In english E is by far the most common letter
Followed by T,R,N,I,O,A,S Followed by T,R,N,I,O,A,S
Other letters like Z,J,K,Q,X are fairly rare Other letters like Z,J,K,Q,X are fairly rare
Have tables of single, double & triple letter Have tables of single, double & triple letter
frequencies for various languagesfrequencies for various languages
CryptanalysisCryptanalysis
Human languages are Human languages are redundantredundant
E.G., "Th lrd s m shphrd shll nt wnt" E.G., "Th lrd s m shphrd shll nt wnt"
Letters are not equally commonly used Letters are not equally commonly used
In english E is by far the most common letter In english E is by far the most common letter
Followed by T,R,N,I,O,A,S Followed by T,R,N,I,O,A,S
Other letters like Z,J,K,Q,X are fairly rare Other letters like Z,J,K,Q,X are fairly rare
Have tables of single, double & triple letter Have tables of single, double & triple letter
frequencies for various languagesfrequencies for various languages
English Letter FrequenciesEnglish Letter Frequencies
English Letter FrequenciesEnglish Letter Frequencies
Sorted Relative Frequencies
0.000
2.000
4.000
6.000
8.000
10.000
12.000
14.000
ETAOINSHRDLCUMWFGYPBVKJXQZ
Sorted Relative Frequencies
0.000
2.000
4.000
6.000
8.000
10.000
12.000
14.000
ETAOINSHRDLCUMWFGYPBVKJXQZ
English Letter Frequencies
0.000
2.000
4.000
6.000
8.000
10.000
12.000
14.000
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Frequences for Cipher-0
0.000
2.000
4.000
6.000
8.000
10.000
12.000
14.000
ABCDEFGHIJKLMNOPQRSTUVWXYZ
What kind of cipher is this?What kind of cipher is this?
0.000
2.000
4.000
6.000
8.000
10.000
12.000
14.000
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Frequences for Cipher-0
0.000
2.000
4.000
6.000
8.000
10.000
12.000
14.000
ABCDEFGHIJKLMNOPQRSTUVWXYZ
What kind of cipher is this?What kind of cipher is this?
English Letter Frequencies
0.000
2.000
4.000
6.000
8.000
10.000
12.000
14.000
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Frequencies for Cipher-1
0.000
2.000
4.000
6.000
8.000
10.000
12.000
14.000
ABCDEFGHIJKLMNOPQRSTUVWXYZ
What kind of cipher is this?What kind of cipher is this?
0.000
2.000
4.000
6.000
8.000
10.000
12.000
14.000
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Frequencies for Cipher-1
0.000
2.000
4.000
6.000
8.000
10.000
12.000
14.000
ABCDEFGHIJKLMNOPQRSTUVWXYZ
What kind of cipher is this?What kind of cipher is this?
Use in CryptanalysisUse in Cryptanalysis
Key concept - monoalphabetic substitution Key concept - monoalphabetic substitution
ciphers do not change relative letter frequencies ciphers do not change relative letter frequencies
Discovered by Arabian scientists in 9Discovered by Arabian scientists in 9
thth
century century
Calculate letter frequencies for CiphertextCalculate letter frequencies for Ciphertext
Compare counts/plots against known values Compare counts/plots against known values
If caesar cipher look for common peaks/troughs If caesar cipher look for common peaks/troughs
Peaks at: A-E-I triple, N-O pair, R-S-T triplePeaks at: A-E-I triple, N-O pair, R-S-T triple
Troughs at: J-K, U-V-W-X-Y-ZTroughs at: J-K, U-V-W-X-Y-Z
For For monoalphabetic must identify each lettermonoalphabetic must identify each letter
Tables of common double/triple letters helpTables of common double/triple letters help
(Digrams and trigrams)(Digrams and trigrams)
Amount of ciphertext is important – statistics!Amount of ciphertext is important – statistics!
Key concept - monoalphabetic substitution Key concept - monoalphabetic substitution
ciphers do not change relative letter frequencies ciphers do not change relative letter frequencies
Discovered by Arabian scientists in 9Discovered by Arabian scientists in 9
thth
century century
Calculate letter frequencies for CiphertextCalculate letter frequencies for Ciphertext
Compare counts/plots against known values Compare counts/plots against known values
If caesar cipher look for common peaks/troughs If caesar cipher look for common peaks/troughs
Peaks at: A-E-I triple, N-O pair, R-S-T triplePeaks at: A-E-I triple, N-O pair, R-S-T triple
Troughs at: J-K, U-V-W-X-Y-ZTroughs at: J-K, U-V-W-X-Y-Z
For For monoalphabetic must identify each lettermonoalphabetic must identify each letter
Tables of common double/triple letters helpTables of common double/triple letters help
(Digrams and trigrams)(Digrams and trigrams)
Amount of ciphertext is important – statistics!Amount of ciphertext is important – statistics!
Example CryptanalysisExample Cryptanalysis
Given ciphertext:Given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZUZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
Count relative letter frequencies (see text)Count relative letter frequencies (see text)
Given ciphertext:Given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZUZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
Count relative letter frequencies (see text)Count relative letter frequencies (see text)
Example CryptanalysisExample Cryptanalysis
given ciphertext:given ciphertext:
UUZZQSOVUOHXMOQSOVUOHXMOPPVGVGPPOOZPZPEVSGEVSGZZWSWSZZOOPPFFPPESXUDBMETSXAIESXUDBMETSXAIZZ
VUEVUEPPHHZZHMDHMDZZSHSHZZOWSFOWSFPPAAPPPPDTSVDTSVPPQUZWYMXUQUZWYMXUZZUHSXUHSX
EEPPYEYEPPOOPPDDZZSSZZUFUFPPOMBOMBZZWWPPFUFUPZPZHMDJUDTMOHMQHMDJUDTMOHMQ
guess P & Z are e and tguess P & Z are e and t
guess ZW is th and hence ZWP is “the”guess ZW is th and hence ZWP is “the”
proceeding with trial and error finally get:proceeding with trial and error finally get:
it was disclosed yesterday that several informal butit was disclosed yesterday that several informal but
direct contacts have been made with politicaldirect contacts have been made with political
representatives of the viet cong in moscowrepresentatives of the viet cong in moscow
given ciphertext:given ciphertext:
UUZZQSOVUOHXMOQSOVUOHXMOPPVGVGPPOOZPZPEVSGEVSGZZWSWSZZOOPPFFPPESXUDBMETSXAIESXUDBMETSXAIZZ
VUEVUEPPHHZZHMDHMDZZSHSHZZOWSFOWSFPPAAPPPPDTSVDTSVPPQUZWYMXUQUZWYMXUZZUHSXUHSX
EEPPYEYEPPOOPPDDZZSSZZUFUFPPOMBOMBZZWWPPFUFUPZPZHMDJUDTMOHMQHMDJUDTMOHMQ
guess P & Z are e and tguess P & Z are e and t
guess ZW is th and hence ZWP is “the”guess ZW is th and hence ZWP is “the”
proceeding with trial and error finally get:proceeding with trial and error finally get:
it was disclosed yesterday that several informal butit was disclosed yesterday that several informal but
direct contacts have been made with politicaldirect contacts have been made with political
representatives of the viet cong in moscowrepresentatives of the viet cong in moscow
Playfair CipherPlayfair Cipher
Not even the large number of keys in a Not even the large number of keys in a
monoalphabetic cipher provides security monoalphabetic cipher provides security
One approach to improving security was to One approach to improving security was to
encrypt multiple letters encrypt multiple letters
TheThe playfair cipher playfair cipher is an example is an example
Invented by Charles Wheatstone in 1854, Invented by Charles Wheatstone in 1854,
but named after his friend Baron Playfair but named after his friend Baron Playfair
Not even the large number of keys in a Not even the large number of keys in a
monoalphabetic cipher provides security monoalphabetic cipher provides security
One approach to improving security was to One approach to improving security was to
encrypt multiple letters encrypt multiple letters
TheThe playfair cipher playfair cipher is an example is an example
Invented by Charles Wheatstone in 1854, Invented by Charles Wheatstone in 1854,
but named after his friend Baron Playfair but named after his friend Baron Playfair
Playfair Key MatrixPlayfair Key Matrix
a 5X5 matrix of letters based on a keyword a 5X5 matrix of letters based on a keyword
fill in letters of keyword (sans duplicates) fill in letters of keyword (sans duplicates)
fill rest of matrix with other lettersfill rest of matrix with other letters
eg. using the keyword MONARCHYeg. using the keyword MONARCHY
MM OO NN AA RR
CC HH YY BB DD
EE FF GG I/JI/J KK
LL PP QQ SS TT
UU VV WW XX ZZ
a 5X5 matrix of letters based on a keyword a 5X5 matrix of letters based on a keyword
fill in letters of keyword (sans duplicates) fill in letters of keyword (sans duplicates)
fill rest of matrix with other lettersfill rest of matrix with other letters
eg. using the keyword MONARCHYeg. using the keyword MONARCHY
MM OO NN AA RR
CC HH YY BB DD
EE FF GG I/JI/J KK
LL PP QQ SS TT
UU VV WW XX ZZ
Encrypting and DecryptingEncrypting and Decrypting
Plaintext is encrypted two letters at a time Plaintext is encrypted two letters at a time
1.1.If a pair is a repeated letter, insert filler like 'X’If a pair is a repeated letter, insert filler like 'X’
2.2.If both letters fall in the same row, replace If both letters fall in the same row, replace
each with letter to right (wrapping back to start each with letter to right (wrapping back to start
from end) from end)
3.3.If both letters fall in the same column, replace If both letters fall in the same column, replace
each with the letter below it (wrapping to top each with the letter below it (wrapping to top
from bottom)from bottom)
4.4.Otherwise each letter is replaced by the letter Otherwise each letter is replaced by the letter
in the same row and in the column of the other in the same row and in the column of the other
letter of the pairletter of the pair
Plaintext is encrypted two letters at a time Plaintext is encrypted two letters at a time
1.1.If a pair is a repeated letter, insert filler like 'X’If a pair is a repeated letter, insert filler like 'X’
2.2.If both letters fall in the same row, replace If both letters fall in the same row, replace
each with letter to right (wrapping back to start each with letter to right (wrapping back to start
from end) from end)
3.3.If both letters fall in the same column, replace If both letters fall in the same column, replace
each with the letter below it (wrapping to top each with the letter below it (wrapping to top
from bottom)from bottom)
4.4.Otherwise each letter is replaced by the letter Otherwise each letter is replaced by the letter
in the same row and in the column of the other in the same row and in the column of the other
letter of the pairletter of the pair
Playfair ExamplePlayfair Example
Message = Move forwardMessage = Move forward
Plaintext = mo ve fo rw ar dx Plaintext = mo ve fo rw ar dx
Here x is just a filler, message is padded and segmentedHere x is just a filler, message is padded and segmented
Ciphertext = ON UF PH NZ RM BZCiphertext = ON UF PH NZ RM BZ
MM OO NN AA RR
CC HH YY BB DD
EE FF GG I/JI/J KK
LL PP QQ SS TT
UU VV WW XX ZZ
mo -> ON; mo -> ON; ve -> UF; ve -> UF; fo -> PH, etc.fo -> PH, etc.
Message = Move forwardMessage = Move forward
Plaintext = mo ve fo rw ar dx Plaintext = mo ve fo rw ar dx
Here x is just a filler, message is padded and segmentedHere x is just a filler, message is padded and segmented
Ciphertext = ON UF PH NZ RM BZCiphertext = ON UF PH NZ RM BZ
MM OO NN AA RR
CC HH YY BB DD
EE FF GG I/JI/J KK
LL PP QQ SS TT
UU VV WW XX ZZ
mo -> ON; mo -> ON; ve -> UF; ve -> UF; fo -> PH, etc.fo -> PH, etc.
Security of Playfair CipherSecurity of Playfair Cipher
Security much improved over monoalphabeticSecurity much improved over monoalphabetic
Since have 26 x 26 = 676 digrams Since have 26 x 26 = 676 digrams
Would need a 676 entry frequency table to Would need a 676 entry frequency table to
analyse (versus 26 for a monoalphabetic) analyse (versus 26 for a monoalphabetic)
And correspondingly more ciphertext And correspondingly more ciphertext
Was widely used for many yearsWas widely used for many years
Eg. By US & British military in WW1Eg. By US & British military in WW1
It It cancan be broken, given a few hundred letters be broken, given a few hundred letters
Since still has much of plaintext structure Since still has much of plaintext structure
Security much improved over monoalphabeticSecurity much improved over monoalphabetic
Since have 26 x 26 = 676 digrams Since have 26 x 26 = 676 digrams
Would need a 676 entry frequency table to Would need a 676 entry frequency table to
analyse (versus 26 for a monoalphabetic) analyse (versus 26 for a monoalphabetic)
And correspondingly more ciphertext And correspondingly more ciphertext
Was widely used for many yearsWas widely used for many years
Eg. By US & British military in WW1Eg. By US & British military in WW1
It It cancan be broken, given a few hundred letters be broken, given a few hundred letters
Since still has much of plaintext structure Since still has much of plaintext structure
Polyalphabetic CiphersPolyalphabetic Ciphers
Polyalphabetic substitution ciphersPolyalphabetic substitution ciphers
Improve security using multiple cipher alphabets Improve security using multiple cipher alphabets
Make cryptanalysis harder with more alphabets to Make cryptanalysis harder with more alphabets to
guess and flatter frequency distribution guess and flatter frequency distribution
Use a key to select which alphabet is used for each Use a key to select which alphabet is used for each
letter of the message letter of the message
Use each alphabet in turn Use each alphabet in turn
Repeat from start after end of key is reached Repeat from start after end of key is reached
Polyalphabetic substitution ciphersPolyalphabetic substitution ciphers
Improve security using multiple cipher alphabets Improve security using multiple cipher alphabets
Make cryptanalysis harder with more alphabets to Make cryptanalysis harder with more alphabets to
guess and flatter frequency distribution guess and flatter frequency distribution
Use a key to select which alphabet is used for each Use a key to select which alphabet is used for each
letter of the message letter of the message
Use each alphabet in turn Use each alphabet in turn
Repeat from start after end of key is reached Repeat from start after end of key is reached
Vigenère CipherVigenère Cipher
Simplest polyalphabetic substitution cipherSimplest polyalphabetic substitution cipher
Effectively multiple caesar ciphers Effectively multiple caesar ciphers
Key is multiple letters long K = kKey is multiple letters long K = k
11 k k
22 ... k ... k
dd
II
thth
letter specifies i letter specifies i
thth
alphabet to use alphabet to use
Use each alphabet in turn Use each alphabet in turn
Repeat from start after d letters in Repeat from start after d letters in
messagemessage
Decryption simply works in reverse Decryption simply works in reverse
Simplest polyalphabetic substitution cipherSimplest polyalphabetic substitution cipher
Effectively multiple caesar ciphers Effectively multiple caesar ciphers
Key is multiple letters long K = kKey is multiple letters long K = k
11 k k
22 ... k ... k
dd
II
thth
letter specifies i letter specifies i
thth
alphabet to use alphabet to use
Use each alphabet in turn Use each alphabet in turn
Repeat from start after d letters in Repeat from start after d letters in
messagemessage
Decryption simply works in reverse Decryption simply works in reverse
Example of Example of Vigenère CipherVigenère Cipher
Write the plaintext out Write the plaintext out
Write the keyword repeated above itWrite the keyword repeated above it
Use each key letter as a Caesar cipher key Use each key letter as a Caesar cipher key
Encrypt the corresponding plaintext letterEncrypt the corresponding plaintext letter
Eg using keyword Eg using keyword deceptivedeceptive
Key: deceptivedeceptivedeceptiveKey: deceptivedeceptivedeceptive
Plaintext: wearediscoveredsaveyourselfPlaintext: wearediscoveredsaveyourself
Ciphertext:zicvtwqngrzgvtwavzhcqyglmgjCiphertext:zicvtwqngrzgvtwavzhcqyglmgj
Write the plaintext out Write the plaintext out
Write the keyword repeated above itWrite the keyword repeated above it
Use each key letter as a Caesar cipher key Use each key letter as a Caesar cipher key
Encrypt the corresponding plaintext letterEncrypt the corresponding plaintext letter
Eg using keyword Eg using keyword deceptivedeceptive
Key: deceptivedeceptivedeceptiveKey: deceptivedeceptivedeceptive
Plaintext: wearediscoveredsaveyourselfPlaintext: wearediscoveredsaveyourself
Ciphertext:zicvtwqngrzgvtwavzhcqyglmgjCiphertext:zicvtwqngrzgvtwavzhcqyglmgj
AidsAids
Simple aids can assist with en/decryption Simple aids can assist with en/decryption
A A saint-cyr slidesaint-cyr slide is a simple manual aid is a simple manual aid
A slide with repeated alphabet A slide with repeated alphabet
Line up plaintext 'A' with key letter, eg 'C' Line up plaintext 'A' with key letter, eg 'C'
Then read off any mapping for key letter Then read off any mapping for key letter
Can bend round into a Can bend round into a cipher diskcipher disk
Or expand into a Or expand into a vigenère tableauvigenère tableau
Simple aids can assist with en/decryption Simple aids can assist with en/decryption
A A saint-cyr slidesaint-cyr slide is a simple manual aid is a simple manual aid
A slide with repeated alphabet A slide with repeated alphabet
Line up plaintext 'A' with key letter, eg 'C' Line up plaintext 'A' with key letter, eg 'C'
Then read off any mapping for key letter Then read off any mapping for key letter
Can bend round into a Can bend round into a cipher diskcipher disk
Or expand into a Or expand into a vigenère tableauvigenère tableau
Security of Security of Vigenère CiphersVigenère Ciphers
Have multiple ciphertext letters for each Have multiple ciphertext letters for each
plaintext letterplaintext letter
Hence letter frequencies are obscuredHence letter frequencies are obscured
But not totally lostBut not totally lost
Start with letter frequenciesStart with letter frequencies
See if it looks monoalphabetic or notSee if it looks monoalphabetic or not
If not, then need to determine number of If not, then need to determine number of
alphabets, since then can attack eachalphabets, since then can attack each
Have multiple ciphertext letters for each Have multiple ciphertext letters for each
plaintext letterplaintext letter
Hence letter frequencies are obscuredHence letter frequencies are obscured
But not totally lostBut not totally lost
Start with letter frequenciesStart with letter frequencies
See if it looks monoalphabetic or notSee if it looks monoalphabetic or not
If not, then need to determine number of If not, then need to determine number of
alphabets, since then can attack eachalphabets, since then can attack each
Frequencies After Polyalphabetic Frequencies After Polyalphabetic
EncryptionEncryption
Letter Relative Frequency
0.000
2.000
4.000
6.000
8.000
10.000
12.000
14.000
equiprobable
unencrypted
two keys
four keys
eight keys
EncryptionEncryption
Letter Relative Frequency
0.000
2.000
4.000
6.000
8.000
10.000
12.000
14.000
equiprobable
unencrypted
two keys
four keys
eight keys
Frequencies After Polyalphabetic Frequencies After Polyalphabetic
EncryptionEncryption
Sorted relative frequencies
0
2
4
6
8
10
12
14
147101316192225
Equiprobible
Unencrypted/1 key
two keys
four keys
eight keys
EncryptionEncryption
Sorted relative frequencies
0
2
4
6
8
10
12
14
147101316192225
Equiprobible
Unencrypted/1 key
two keys
four keys
eight keys
Kasiski MethodKasiski Method
Method developed by babbage / kasiski Method developed by babbage / kasiski
Repetitions in ciphertext give clues to period Repetitions in ciphertext give clues to period
So find same plaintext a multiple of key length So find same plaintext a multiple of key length
apart apart
Which results in the same ciphertext Which results in the same ciphertext
Of course, could also be random flukeOf course, could also be random fluke
E.G. Repeated “VTW” in previous exampleE.G. Repeated “VTW” in previous example
Distance of 9 suggests key size of 3 or 9Distance of 9 suggests key size of 3 or 9
Then attack each monoalphabetic cipher Then attack each monoalphabetic cipher
individually using same techniques as beforeindividually using same techniques as before
Method developed by babbage / kasiski Method developed by babbage / kasiski
Repetitions in ciphertext give clues to period Repetitions in ciphertext give clues to period
So find same plaintext a multiple of key length So find same plaintext a multiple of key length
apart apart
Which results in the same ciphertext Which results in the same ciphertext
Of course, could also be random flukeOf course, could also be random fluke
E.G. Repeated “VTW” in previous exampleE.G. Repeated “VTW” in previous example
Distance of 9 suggests key size of 3 or 9Distance of 9 suggests key size of 3 or 9
Then attack each monoalphabetic cipher Then attack each monoalphabetic cipher
individually using same techniques as beforeindividually using same techniques as before
Example of Example of Kasiski AttackKasiski Attack
Find repeated ciphertext trigrams (e.g., VTW)Find repeated ciphertext trigrams (e.g., VTW)
May be result of same key sequence and same May be result of same key sequence and same
plaintext sequence (or not)plaintext sequence (or not)
Find distance(s)Find distance(s)
Common factors are likely key lengthsCommon factors are likely key lengths
key: deckey: decepteptivedecivedecepteptivedeceptiveivedeceptive
plaintext: weaplaintext: wearedrediscoveiscoveredredsaveyourselfsaveyourself
ciphertext:ZICciphertext:ZICVTWVTWQNGRZGQNGRZGVTWVTWAVZHCQYGLMGJAVZHCQYGLMGJ
Find repeated ciphertext trigrams (e.g., VTW)Find repeated ciphertext trigrams (e.g., VTW)
May be result of same key sequence and same May be result of same key sequence and same
plaintext sequence (or not)plaintext sequence (or not)
Find distance(s)Find distance(s)
Common factors are likely key lengthsCommon factors are likely key lengths
key: deckey: decepteptivedecivedecepteptivedeceptiveivedeceptive
plaintext: weaplaintext: wearedrediscoveiscoveredredsaveyourselfsaveyourself
ciphertext:ZICciphertext:ZICVTWVTWQNGRZGQNGRZGVTWVTWAVZHCQYGLMGJAVZHCQYGLMGJ
Autokey CipherAutokey Cipher
Ideally want a key as long as the messageIdeally want a key as long as the message
Vigenère proposed the Vigenère proposed the autokeyautokey cipher cipher
With keyword is prefixed to message as keyWith keyword is prefixed to message as key
Knowing keyword can recover the first few Knowing keyword can recover the first few
letters letters
Use these in turn on the rest of the messageUse these in turn on the rest of the message
But still have frequency characteristics to attack But still have frequency characteristics to attack
Eg. Given key Eg. Given key deceptivedeceptive
key: deceptivewearediscoveredsavkey: deceptivewearediscoveredsav
plaintext: wearediscoveredsaveyourselfplaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLAciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA
Ideally want a key as long as the messageIdeally want a key as long as the message
Vigenère proposed the Vigenère proposed the autokeyautokey cipher cipher
With keyword is prefixed to message as keyWith keyword is prefixed to message as key
Knowing keyword can recover the first few Knowing keyword can recover the first few
letters letters
Use these in turn on the rest of the messageUse these in turn on the rest of the message
But still have frequency characteristics to attack But still have frequency characteristics to attack
Eg. Given key Eg. Given key deceptivedeceptive
key: deceptivewearediscoveredsavkey: deceptivewearediscoveredsav
plaintext: wearediscoveredsaveyourselfplaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLAciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA
Homophone CipherHomophone Cipher
Rather than combine multiple monoalphabetic Rather than combine multiple monoalphabetic
ciphers, can assign multiple ciphertext ciphers, can assign multiple ciphertext
characters to same plaintext charactercharacters to same plaintext character
Assign number of homophones according to Assign number of homophones according to
frequency of plaintext character frequency of plaintext character
Gauss believed he made unbreakable cipher Gauss believed he made unbreakable cipher
using homophonesusing homophones
But still have digram/trigram frequency But still have digram/trigram frequency
characteristics to attack characteristics to attack
E.g., have 58 ciphertext characters, with each E.g., have 58 ciphertext characters, with each
plaintext character assigned to ceil(freq/2) plaintext character assigned to ceil(freq/2)
ciphertext characters – so e has 7 homophones, ciphertext characters – so e has 7 homophones,
t has 5, a has 4, j has 1, q has 1, etc.t has 5, a has 4, j has 1, q has 1, etc.
Rather than combine multiple monoalphabetic Rather than combine multiple monoalphabetic
ciphers, can assign multiple ciphertext ciphers, can assign multiple ciphertext
characters to same plaintext charactercharacters to same plaintext character
Assign number of homophones according to Assign number of homophones according to
frequency of plaintext character frequency of plaintext character
Gauss believed he made unbreakable cipher Gauss believed he made unbreakable cipher
using homophonesusing homophones
But still have digram/trigram frequency But still have digram/trigram frequency
characteristics to attack characteristics to attack
E.g., have 58 ciphertext characters, with each E.g., have 58 ciphertext characters, with each
plaintext character assigned to ceil(freq/2) plaintext character assigned to ceil(freq/2)
ciphertext characters – so e has 7 homophones, ciphertext characters – so e has 7 homophones,
t has 5, a has 4, j has 1, q has 1, etc.t has 5, a has 4, j has 1, q has 1, etc.
Vernam CipherVernam Cipher
Ultimate defense is to use a key as long as the Ultimate defense is to use a key as long as the
plaintextplaintext
With no statistical relationship to itWith no statistical relationship to it
Invented by AT&T engineer Gilbert Vernam in Invented by AT&T engineer Gilbert Vernam in
19181918
Specified in Specified in U.S. Patent 1,310,719, issued July , issued July
22, 191922, 1919
Originally proposed using a very long but Originally proposed using a very long but
eventually repeating keyeventually repeating key
Used electromechanical relaysUsed electromechanical relays
Ultimate defense is to use a key as long as the Ultimate defense is to use a key as long as the
plaintextplaintext
With no statistical relationship to itWith no statistical relationship to it
Invented by AT&T engineer Gilbert Vernam in Invented by AT&T engineer Gilbert Vernam in
19181918
Specified in Specified in U.S. Patent 1,310,719, issued July , issued July
22, 191922, 1919
Originally proposed using a very long but Originally proposed using a very long but
eventually repeating keyeventually repeating key
Used electromechanical relaysUsed electromechanical relays
One-Time PadOne-Time Pad
If a truly random key as long as the message is If a truly random key as long as the message is
used, the cipher will be secure used, the cipher will be secure
Called a one-time pad (OTP)Called a one-time pad (OTP)
Is unbreakable since ciphertext bears no Is unbreakable since ciphertext bears no
statistical relationship to the plaintextstatistical relationship to the plaintext
Since for Since for any plaintextany plaintext & & any ciphertextany ciphertext there there
exists a key mapping one to otherexists a key mapping one to other
Can only use the key Can only use the key onceonce though though
Problems in generation & safe distribution of keyProblems in generation & safe distribution of key
If a truly random key as long as the message is If a truly random key as long as the message is
used, the cipher will be secure used, the cipher will be secure
Called a one-time pad (OTP)Called a one-time pad (OTP)
Is unbreakable since ciphertext bears no Is unbreakable since ciphertext bears no
statistical relationship to the plaintextstatistical relationship to the plaintext
Since for Since for any plaintextany plaintext & & any ciphertextany ciphertext there there
exists a key mapping one to otherexists a key mapping one to other
Can only use the key Can only use the key onceonce though though
Problems in generation & safe distribution of keyProblems in generation & safe distribution of key
Transposition CiphersTransposition Ciphers
Now consider classical Now consider classical transpositiontransposition or or
permutationpermutation ciphers ciphers
These hide the message by rearranging These hide the message by rearranging
the letter order the letter order
Without altering the actual letters usedWithout altering the actual letters used
Can recognise these since have the same Can recognise these since have the same
frequency distribution as the original text frequency distribution as the original text
Now consider classical Now consider classical transpositiontransposition or or
permutationpermutation ciphers ciphers
These hide the message by rearranging These hide the message by rearranging
the letter order the letter order
Without altering the actual letters usedWithout altering the actual letters used
Can recognise these since have the same Can recognise these since have the same
frequency distribution as the original text frequency distribution as the original text
Rail Fence cipherRail Fence cipher
Write message letters out diagonally over a Write message letters out diagonally over a
number of rows number of rows
Then read off cipher row by rowThen read off cipher row by row
Eg. Write message out as:Eg. Write message out as:
m e m a t r h t g p r ym e m a t r h t g p r y
e t e f e t e o a a te t e f e t e o a a t
Giving ciphertextGiving ciphertext
MEMATRHTGPRYETEFETEOAATMEMATRHTGPRYETEFETEOAAT
Write message letters out diagonally over a Write message letters out diagonally over a
number of rows number of rows
Then read off cipher row by rowThen read off cipher row by row
Eg. Write message out as:Eg. Write message out as:
m e m a t r h t g p r ym e m a t r h t g p r y
e t e f e t e o a a te t e f e t e o a a t
Giving ciphertextGiving ciphertext
MEMATRHTGPRYETEFETEOAATMEMATRHTGPRYETEFETEOAAT
Row Transposition CiphersRow Transposition Ciphers
Is a more complex transpositionIs a more complex transposition
Write letters of message out in rows over a Write letters of message out in rows over a
specified number of columnsspecified number of columns
Then reorder the columns according to Then reorder the columns according to
some key before reading off the rowssome key before reading off the rows
Key: Key: 43125674312567
Column Out 4 3 1 2 5 6 7Column Out 4 3 1 2 5 6 7
Plaintext: a t t a c k pPlaintext: a t t a c k p
o s t p o n eo s t p o n e
d u n t i l td u n t i l t
w o a m x y zw o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZCiphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
Is a more complex transpositionIs a more complex transposition
Write letters of message out in rows over a Write letters of message out in rows over a
specified number of columnsspecified number of columns
Then reorder the columns according to Then reorder the columns according to
some key before reading off the rowssome key before reading off the rows
Key: Key: 43125674312567
Column Out 4 3 1 2 5 6 7Column Out 4 3 1 2 5 6 7
Plaintext: a t t a c k pPlaintext: a t t a c k p
o s t p o n eo s t p o n e
d u n t i l td u n t i l t
w o a m x y zw o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZCiphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
Block Transposition CiphersBlock Transposition Ciphers
Arbitrary block transposition may be usedArbitrary block transposition may be used
Specify permutation on blockSpecify permutation on block
Repeat for each block of plaintextRepeat for each block of plaintext
Key: Key: 49312856074931285607
Plaintext: attackpost poneduntil twoamxyzabPlaintext: attackpost poneduntil twoamxyzab
Ciphertext: CTATTSKPAO DLEONIDUPT MBAWOAXYTZCiphertext: CTATTSKPAO DLEONIDUPT MBAWOAXYTZ
Arbitrary block transposition may be usedArbitrary block transposition may be used
Specify permutation on blockSpecify permutation on block
Repeat for each block of plaintextRepeat for each block of plaintext
Key: Key: 49312856074931285607
Plaintext: attackpost poneduntil twoamxyzabPlaintext: attackpost poneduntil twoamxyzab
Ciphertext: CTATTSKPAO DLEONIDUPT MBAWOAXYTZCiphertext: CTATTSKPAO DLEONIDUPT MBAWOAXYTZ
Product CiphersProduct Ciphers
Ciphers using substitutions or transpositions are Ciphers using substitutions or transpositions are
not secure because of language characteristicsnot secure because of language characteristics
Hence consider using several ciphers in Hence consider using several ciphers in
succession to make harder, but: succession to make harder, but:
Two substitutions make a more complex substitution Two substitutions make a more complex substitution
Two transpositions make more complex transposition Two transpositions make more complex transposition
But a substitution followed by a transposition makes a But a substitution followed by a transposition makes a
new much harder cipher new much harder cipher
This is bridge from classical to modern ciphersThis is bridge from classical to modern ciphers
Ciphers using substitutions or transpositions are Ciphers using substitutions or transpositions are
not secure because of language characteristicsnot secure because of language characteristics
Hence consider using several ciphers in Hence consider using several ciphers in
succession to make harder, but: succession to make harder, but:
Two substitutions make a more complex substitution Two substitutions make a more complex substitution
Two transpositions make more complex transposition Two transpositions make more complex transposition
But a substitution followed by a transposition makes a But a substitution followed by a transposition makes a
new much harder cipher new much harder cipher
This is bridge from classical to modern ciphersThis is bridge from classical to modern ciphers
Rotor MachinesRotor Machines
Before modern ciphers, rotor machines were Before modern ciphers, rotor machines were
most common complex ciphers in usemost common complex ciphers in use
Widely used in WW2Widely used in WW2
German Enigma, Allied Hagelin, Japanese PurpleGerman Enigma, Allied Hagelin, Japanese Purple
Implemented a very complex, varying Implemented a very complex, varying
substitution ciphersubstitution cipher
Used a series of cylinders, each giving one Used a series of cylinders, each giving one
substitution, which rotated and changed after substitution, which rotated and changed after
each letter was encryptedeach letter was encrypted
With 3 cylinders have 26With 3 cylinders have 26
33
=17576 alphabets=17576 alphabets
Before modern ciphers, rotor machines were Before modern ciphers, rotor machines were
most common complex ciphers in usemost common complex ciphers in use
Widely used in WW2Widely used in WW2
German Enigma, Allied Hagelin, Japanese PurpleGerman Enigma, Allied Hagelin, Japanese Purple
Implemented a very complex, varying Implemented a very complex, varying
substitution ciphersubstitution cipher
Used a series of cylinders, each giving one Used a series of cylinders, each giving one
substitution, which rotated and changed after substitution, which rotated and changed after
each letter was encryptedeach letter was encrypted
With 3 cylinders have 26With 3 cylinders have 26
33
=17576 alphabets=17576 alphabets
Hagelin Rotor MachineHagelin Rotor Machine
Rotor Machine PrinciplesRotor Machine Principles
Rotor CiphersRotor Ciphers
Each rotor implements some permutation Each rotor implements some permutation
between its input and output contactsbetween its input and output contacts
Rotors turn like an odometer on each key Rotors turn like an odometer on each key
stroke (rotating input and output contacts)stroke (rotating input and output contacts)
Key is the sequence of rotors and their Key is the sequence of rotors and their
initial positionsinitial positions
Each rotor implements some permutation Each rotor implements some permutation
between its input and output contactsbetween its input and output contacts
Rotors turn like an odometer on each key Rotors turn like an odometer on each key
stroke (rotating input and output contacts)stroke (rotating input and output contacts)
Key is the sequence of rotors and their Key is the sequence of rotors and their
initial positionsinitial positions
SteganographySteganography
An alternative to encryptionAn alternative to encryption
Hides existence of messageHides existence of message
Using only a subset of letters/words in a longer Using only a subset of letters/words in a longer
message marked in some waymessage marked in some way
Using invisible inkUsing invisible ink
Hiding in LSB in graphic image or sound fileHiding in LSB in graphic image or sound file
Hide in “noise”Hide in “noise”
Has drawbacksHas drawbacks
High overhead to hide relatively few info bitsHigh overhead to hide relatively few info bits
Advantage is can obscure encryption useAdvantage is can obscure encryption use
An alternative to encryptionAn alternative to encryption
Hides existence of messageHides existence of message
Using only a subset of letters/words in a longer Using only a subset of letters/words in a longer
message marked in some waymessage marked in some way
Using invisible inkUsing invisible ink
Hiding in LSB in graphic image or sound fileHiding in LSB in graphic image or sound file
Hide in “noise”Hide in “noise”
Has drawbacksHas drawbacks
High overhead to hide relatively few info bitsHigh overhead to hide relatively few info bits
Advantage is can obscure encryption useAdvantage is can obscure encryption use
SummarySummary
Have considered:Have considered:
Classical cipher techniques and terminologyClassical cipher techniques and terminology
Monoalphabetic substitution ciphersMonoalphabetic substitution ciphers
Cryptanalysis using letter frequenciesCryptanalysis using letter frequencies
Playfair cipherPlayfair cipher
Polyalphabetic ciphersPolyalphabetic ciphers
Transposition ciphersTransposition ciphers
Product ciphers and rotor machinesProduct ciphers and rotor machines
SteganographySteganography
Have considered:Have considered:
Classical cipher techniques and terminologyClassical cipher techniques and terminology
Monoalphabetic substitution ciphersMonoalphabetic substitution ciphers
Cryptanalysis using letter frequenciesCryptanalysis using letter frequencies
Playfair cipherPlayfair cipher
Polyalphabetic ciphersPolyalphabetic ciphers
Transposition ciphersTransposition ciphers
Product ciphers and rotor machinesProduct ciphers and rotor machines
SteganographySteganography
Thank you!!!
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 55
- Slides 61
- Age 473 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
33 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
27 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
29 views