Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Classic Crypto
Overview
!
Classic Crypto
Transposition Ciphers
!
Classic Crypto
Scytale
! ! !
Write message across the rod T H E T I M E H A S C O M E T H E W A L R U S S A I D T O T A L K O F M A N Y T H I N G S ! When unwrapped, letters are scrambled TSATAHCLONEORTYTMUATIESLHMTS
Classic Crypto 4
Scytale
!
Suppose many different rod diameters are available to Alice and Bob
o How hard is it for Trudy to break a message? o Can Trudy attack messages automaticallywithout manually examining each putative decrypt?
Classic Crypto
Columnar Transposition
!
Put plaintext into rows of matrix then read ciphertext out of columns For example, suppose matrix is 3 x 4
o Plaintext: SEETHELIGHT
o Ciphertext: SHGEEHELTTIX
!
Classic Crypto
For example
o Plaintext: CRYPTOISFUN o Matrix 3 x 4 and keyword MATH
o Ciphertext: ROUPSXCTFYIN
! !
Classic Crypto
! ! ! !
Matrix is n x m for some n and m Since 45 letters, n!m = 45 How many cases to try? How will Trudy know when she is correct?
Classic Crypto 8
The ciphertext is
VOESA IVENE MRTNL EANGE WTNIM HTMLL ADLTR NISHO DWOEH
"
Classic Crypto 9
Cryptanalysis: Lesson I
!
If keyspace is too large, such an attack will not succeed in a reasonable time
o Or it will have a low probability of success
! !
A large keyspace is necessary for security But, large keyspace is not sufficient
10
Classic Crypto
Double Transposition
! Plaintext:
columns row 0 row 1 row 2 row 3 row 4 0 A A X X W 1 T C A D N
ATTACK AT DAWN
Permute rows and columns
2 T K T A X
0 X W A X A
2 T X T A K
1 A N T D C
! Ciphertext: ! Key?
XTAWXNATTXADAKC
Double Transposition
! ! !
How can Trudy attack double transposition? Spse Trudy sees 45-letter ciphertext Then how many keys?
o Size of matrix: 3 x 15, 15 x 3, 5 x 9, or 9 x 5 o A lot of possible permutations!
Classic Crypto
Double Transposition
! !
! ! ! !
Suppose Trudy guesses matrix is 9 x 5 Then Trudy has: Now what? Try all perms? 5! ! 9! > 225 Is there a better way?
column row 0 row 1 row 2 row 3 row 4 row 5 row 6 row 7 row 8 0 I E O A V E V S N 1 L A M N E R E T N 2 I H E N G W M T T 3 L R E D M E T A N 4 W E S D I H O O H
Classic Crypto
13
Double Transposition
! !
column row 0 row 1 row 2 row 3 row 4 row 5 row 6 row 7 row 8
Permute columns
Now what?
14
Classic Crypto
Cryptanalysis: Lesson II
!
! !
Requires careful analysis of algorithm We will see this again and again in the attacks discussed later Of course, cryptographers try to prevent divide and conquer attacks
15
Classic Crypto
Substitution Ciphers
!
Classic Crypto
16
Ceasars Cipher
! Plaintext:
FOURSCOREANDSEVENYEARSAGO ! Key:
Plaintext a b c d e f g h i j k l m n o p q r s t u v w x y z Ciphertext D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
! Ciphertext:
Ceasars Cipher
! Trudy
! Then
Classic Crypto
plaintext is SPONGEBOBSQUAREPANTS
18
Simple Substitution
! Caesars ! We
cipher is trivial if we adhere to Kerckhoffs Principle want a substitution cipher with lots of keys to do? of Caesars cipher
19
! What
! Generalization
Classic Crypto
Simple Substitution
! Key ! For
! Need
Plaintext a b c d e f g h i j k l m n o p q r s t u v w x y z Ciphertext J I C A X S E Y V D K W B Q T Z R H F M P N U L G O
! Then
! Thats
Classic Crypto
Trudy know a simple substitution is used Can she find the key given ciphertext:
PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVW LXTOXBTFXQWAXBVCXQWAXFQJVWLEQNTOZQGGQLFXQ WAKVWLXQWAEBIPBFXFQVXGTVJVWLBTPQWAEBFPBFH CVLXBQUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGF OTHFEFBQUFTDHZBQPOTHXTYFTODXQHFTDPTOGHFQP BQWAQJJTODXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHP BFIPBQWKFABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQ JHDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQWAUVWFL QHGFXVAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAI TIXPFHXAFQHEFZQWGFLVWPTOFFA
Classic Crypto 21
A B C D E
F G H I
J K
L M N O P Q R S T U V W X Y Z
Classic Crypto
22
Ciphertext:
A B C D E F G H I J K L MN O P Q R S T U VWX Y Z
21 26 6 10 12 51 10 25 10 9
Classic Crypto
Classic Crypto
Poly-Alphabetic Substitution
! Like
! Very
Affine Cipher
! Number ! Then
o A is 0, B is 1, C is 2, etc.
Classic Crypto
26
Affine Cipher
! Encryption: ! Decryption: ! Keyspace
size?
Classic Crypto
27
Vigenere Cipher
!
Encryption ci = pi + ki (mod n) (mod 26) ! Decryption pi = ci ki (mod n) (mod 26) ! Nothing tricky here!
! !
Classic Crypto
Vigenere Cipher
!
! ! !
SECRETMESSAGE EEVYQTFLESTNQ
S 18 +12 4 E
E C R E T M E S S A G E 4 2 17 4 19 12 4 18 18 0 6 4 0 19 7 12 0 19 7 12 0 19 7 12 4 21 24 16 19 5 11 4 18 19 13 16 (mod 26) E V Y Q T F L E S T N Q
29
Classic Crypto
Vigenere Cipher
! Vigenere ! Should
! But
! Index
Classic Crypto
Index of Coincidence
! Assume ! Let
n0 be number of As, n1 number of Bs, , n25 number of Zs in ciphertext n = n0 + n1 + + n25 index of coincidence
! Let
! Define
! What
Classic Crypto
Index of Coincidence
!
Gives the probability that 2 randomly selected letters are the same For plain English, prob. 2 letter are same:
o p02 + p12 + + p252 ! 0.065, where pi is probability of ith letter
! !
Then for simple substitution, I ! 0.065 For random letters, each pi = 1/26
o Then p02 + p12 + + p252 ! 0.03846
Classic Crypto
Index of Coincidence
!
How to use this to estimate length of keyword in Vigenere cipher? Suppose keyword is length k, message is length n
o Ciphertext in matrix with k columns, n/k rows
Classic Crypto
Index of Coincidence
! !
Suppose k columns and n/k rows Approximate number of matching pairs from same column, but 2 different rows:
Approximate number of matching pairs from 2 different columns, and any two rows:
Classic Crypto
34
Index of Coincidence
!
Classic Crypto
! Incidence
Classic Crypto
36
Hill Cipher
! !
Hill cipher is not related to small mountains Invented by Lester Hill in 1929
o A pre-modern block cipher
Idea is to create a substitution cipher with a large alphabet All else being equal (which it never is) cipher should be stronger than simple substitution
37
Classic Crypto
Hill Cipher
! !
! !
Classic Crypto
Let n = 2 and Plaintext MEETMEHERE = (12,4,4,19,12,4,7,4,17,4) Then And Ciphertext: (4,22,23,9,4,22,24,19,10,25) = EWXJEWYTKZ
39
Classic Crypto
Trudy suspects Alice and Bob are using Hill cipher, with n x n matrix A SupposeTrudy knows n plaintext blocks
o Plaintext blocks p0,p1,,pn-1 o Ciphertext blocks c0,c1,,cn-1
! ! !
Let P be matrix with columns p0,p1,,pn-1 Let C be matrix with columns c0,c1,,cn-1 Then AP = C and A = CP1 if P1 exists
40
Classic Crypto
Cryptanalysis: Lesson IV
! Linear ! Strong
o Since linear equations are easy to solve o Linear components are useful o But cipher cannot be entirely linear
! Cryptanalyst
Classic Crypto
One-time Pad
!A
! No
other cipher we discuss is provably secure not use one-time pad for everything?
o Impractical for most applications o But it does have its uses
! Why
Classic Crypto
42
Plaintext: 001 000 010 100 001 010 111 100 000 101 Key: 111 101 110 101 111 100 000 101 110 000 Ciphertext: 110 101 100 001 110 110 111 001 110 101
s
Classic Crypto
r
43
Ciphertext: 110 101 100 001 110 110 111 001 110 101 Key: 111 101 110 101 111 100 000 101 110 000 Plaintext: 001 000 010 100 001 010 111 100 000 101
h
Classic Crypto
r
44
One-time Pad
Double agent claims sender used key: s r l h s s t h s r
Ciphertext: 110 101 100 001 110 110 111 001 110 101 key: 101 111 000 101 111 100 000 101 110 000 Plaintext: 011 010 100 100 001 010 111 100 000 101
k
e=000 h=001
i
i=010
h
l=100
t
r=101
r
t=111
k=011
s=110
Classic Crypto
45
One-time Pad
Sender is captured and claims the key is: s r l h s s t h s r
Ciphertext: 110 101 100 001 110 110 111 001 110 101 Key: 111 101 000 011 101 110 001 011 101 101 Plaintext: 001 000 100 010 011 000 110 010 011 000
h
e=000 h=001
e
i=010
k
l=100
s
r=101
e
t=111
k=011
s=110
Classic Crypto
46
Classic Crypto
Project VENONA
o Soviet spy messages from U.S. in 1940s o Nuclear espionage, etc. o Thousands of messaged
! ! !
Spy carried one-time pad into U.S. Spy used pad to encrypt secret messages Repeats within the one-time pads made cryptanalysis possible
48
Classic Crypto
Ruth == Ruth Greenglass ! Liberal == Julius Rosenberg ! Enormous == the atomic bomb
!
Classic Crypto 49
Codebook Cipher
! Literally,
! Security
of cipher requires physical security for codebook widely used thru WWII
50
! Codebooks
Classic Crypto
Codebook Cipher
! !
Literally, a book filled with codewords Zimmerman Telegram encrypted via codebook
Februar fest finanzielle folgender Frieden Friedenschluss : 13605 13732 13850 13918 17142 17149 :
! !
Classic Crypto
Zimmerman Telegram
!
One of most famous codebook ciphers ever Led to US entry in WWI Ciphertext shown here
Classic Crypto 52
Codebook Cipher
! Codebooks
! Historically, ! To
Classic Crypto
Codebook Additive
! Codebook ! Sequence
additive is another book filled with random number of additive numbers added to codeword to yield ciphertext
lookup in codebook
plaintext
codeword
ciphertext
Classic Crypto
55
Codebook Additive
! Usually,
starting position in additive book selected at random by sender additive position usually sent in the clear with the ciphertext
o Part of the message indicator (MI) o Modern term: initialization vector (IV)
! Starting
! Why
Classic Crypto
Cryptanalysis: Summary
! Exhaustive
key search ! Divide and conquer ! Statistical analysis ! Exploit linearity ! Or any combination thereof (or anything else you can think of) ! Alls fair in love and war
o and cryptanalysis!
Classic Crypto 57