Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Examples
Pigpen cipher (early 1700s): Spartan cipher (ca 500 BC):
1 2
3 4
Classification of crypto systems Cryptanalysis attacks
5 6
7 8
Computational security Classical crypto systems: shift cipher
Substitute each element (letter) with the one k positions later in
Speed of computation increases rapidly (cf. “Moore’s law”)! the alphabet (modulo size of alphabet).
Ek (m) = (m + k) mod n,
Example: brute force average time required Dk (c) = (m − k) mod n where n is size of alphabet.
Key size 1 encr/µs 10M encr/µs
32 bits 36 min 2.15 ms Typically, interpret letters a, b, c, . . . , z as numbers 0, 1, 2, . . . , 25 =
56 bits 1142 years 10 hrs Z26 .
128 bits 5.4 · 1024 years 6.4 · 1018 years • Example: classical Cæsar cipher, k = 3:
meet me after the toga party
The DES algorithm (56 bit keys, standardised 1977) was broken PHHW PH DIWHU WKH WRJD SDUWB
• in 22 hrs 15 min in Jan 1999 (using $250 000 hardware + • Example: rot13, k = 13, used on Internet for possibly offensive
100 000 PC/workstations). jokes.
• in 6.4 days in March 2007 (using $10 000 hardware, 120 Exercise:
FPGAs) 1 check that this forms a crypto system
2 write a program for encryption/decryption
9 10
Instead of just shifting the alphabet, mix it: the key is the
How can we break a shift cipher? substitution, e.g.
abcdefghijklmnopqrstuvwxyz
Use brute force: try all keys. DXVRHQKLEWFJIATMZPYCGBNOSU
Feasible for simple shift cipher: and encrypting “brutus” yields “XPGCGY”.
• the algorithm is known
• there are few keys Now: 26! different keys (> 4 · 1026 )
• brute force not feasible (≈ 6 · 106 years at 106 tests/µs)
• it is (often) easy to recognize the plaintext
11 12
Breaking substitution ciphers Improving substitution ciphers
Easy if we know the language:
• analyse the relative frequencies of letters in the ciphertext
• compare and match with standard frequencies for the language
Multiliteral ciphers
14
• Playfair cipher: encrypt digrams to digrams
12.75 • considered “unbreakable”, used in WWI and WWII – easily
12
broken with a few hundred letters of ciphertext
10
9.25
• Hill cipher: encrypt n letters to n letters
8 7.75 7.75
8.5
• difficult with ciphertext-only attack, but easy with known
7.5
7.25
plaintext
6
6
4.25
4 3.5
3
3.5
3.75
3
Polyalphabetical ciphers
2.75 2.75
2
2
1.5 1.5
2.25
• use several different monoalphabetical substitutions
1.25
0.5 0.5 0.5
0.25 0.25
0
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
13 14
For m = m1 , . . . , mn and k = k1 , . . . , kd ,
c = Ek1 (m1 ), . . . , Ekd (md ), Ek1 (md+1 ), . . . , Ekd (m2d ), . . . The cipher can be broken because of the periodicity of the key:
• if two identical strings happen to be at the same place relative
Example: Vigenère cipher (ca 1553, “unbreakable” until 1850/60s) to the key, they are encrypted the same
• combine d normal shift ciphers: Eki (m) = (m + ki ) mod n • the distance between repetitions in the ciphertext is a clue to
m= renaissance the length of the key
• e.g. k= BANDBANDBAN • with the key length d , break d shift ciphers using frequency
c= SEADJSFDOCR analysis
15 16
Strengthen polyalphabetical ciphers Encrypting binary data
Vernam cipher:
ci = Ek (mi ) = mi ⊕ k
Lengthen the key, e.g. book ciphers: use a predefined part of a mi = Dk (ci ) = ci ⊕ k
book as key
where ⊕ is bitwise exclusive-or: 1 ⊕ 0 = 0 ⊕ 1 = 1, otherwise 0.
• more difficult to break
• still possible: the key has language structure Check: m = Dk (Ek (m))= (m ⊕ k) ⊕ k= m ⊕ (k ⊕ k)= m ⊕ 0 = m
Remove structure of key: one-time-pad Very useful for stream ciphers and one-time-pad.
• use a random key as long as the message
Very bad if you use same key twice
• use each key only once
• e.g. known plaintext attack (both m1 and c1 known):
• unconditionally secure: unbreakable! c1 ⊕ m1 = (m1 ⊕ k) ⊕ m1 = (m1 ⊕ m1 ) ⊕ k = k
and if k is reused, c2 ⊕ k = m2 .