Lecture 2

Symmetric Encryption
or conventional / private-key / single-key sender and recipient share a common key all classical encryption algorithms are private-key was only type prior to invention of public-key in 19 !"s and by far most widely used

Some #asic $erminology

plaintext - original message ciphertext - coded message cipher - algorithm for transforming plainte%t to cipherte%t key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plainte%t to cipherte%t decipher (decrypt) - recovering cipherte%t from plainte%t cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - study of

Symmetric &ipher 'odel

(e)uirements
two re)uirements for secure use of symmetric encryption*
a strong encryption algorithm a secret key known only to sender / receiver

mathematically have*
Y + E,-. X/ X + 0,-. Y/

assume encryption algorithm is known implies a secure channel to distribute

&ryptography
can characteri1e cryptographic system by*
type of encryption operations used
substitution transposition

number of keys used

single-key or private two-key or public

way in which plainte%t is processed

block stream

&ryptanalysis
ob2ective to recover key not 2ust message general approaches*
cryptanalytic attack brute-force attack

if either succeed all key use compromised

&ryptanalytic 3ttacks
ciphertext only
only know algorithm 4 cipherte%t. is statistical. know or can identify plainte%t

known plaintext
know/suspect plainte%t 4 cipherte%t

chosen plaintext
select plainte%t and obtain cipherte%t

chosen ciphertext
select cipherte%t and obtain plainte%t

chosen text
select plainte%t or cipherte%t to

'ore 0efinitions
unconditional security
no matter how much computer power or time is available. the cipher cannot be broken since the cipherte%t provides insufficient information to uni)uely determine the corresponding plainte%t

computational security
given limited computing resources ,eg time needed for calculations is greater than age of universe/. the cipher cannot be broken

#rute 5orce Search

always possible to simply try every key most basic attack. proportional to key si1e assume either know / recognise plainte%t
Key Size (bits) 32 56 128 168 26 characters (permutation) Number of Alternative Keys 232 = 4.3 109 256 = 7.2 1016 2128 = 3.4 1038 2168 = 3.7 1050 26! = 4 1026 231 s 255 s 2127 s 2167 s Time required at 1 decryption/s = 35.8 minutes = 1142 years = 5.4 1024 years = 5.9 1036 years Time required at 106 decryptions/s 2.15 milliseconds 10.01 hours 5.4 1018 years 5.9 1030 years 6.4 106 years

2 1026 s = 6.4 1012 years

&lassical Substitution &iphers

where letters of plainte%t are replaced by other letters or by numbers or symbols or if plainte%t is viewed as a se)uence of bits. then substitution involves replacing plainte%t bit patterns with cipherte%t bit patterns

&aesar &ipher
earliest known substitution cipher by 6ulius &aesar first attested use in military affairs replaces each letter by 7rd letter on e%ample*
meet me after the toga party PHHW PH DIWHU WKH WRJD SDUWB

&aesar &ipher
can define transformation as*
a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

mathematically give each letter a number

a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

then have &aesar cipher as*

c + E,k. p/ + ,p 8 k/ mod ,29/ p + 0,k. c/ + ,c : k/ mod ,29/

'onoalphabetic &ipher
rather than 2ust shifting the alphabet could shuffle ,2umble/ the letters arbitrarily each plainte%t letter maps to a different random cipherte%t letter hence key is 29 letters long
Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN Plaintext: ifwewishtoreplaceletters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

'onoalphabetic &ipher Security

now have a total of 29; + < % 1!29 keys with so many keys. might think is secure but would be !!!WRONG!!! problem is language characteristics

Language (edundancy and &ryptanalysis

human languages are redundant letters are not e)ually commonly used in English E is by far the most common letter
followed by $.(.=.>.?.3.S

other letters like @.6.-.A.B are fairly rare have tables of single. double 4 triple letter fre)uencies for various languages

English Letter 5re)uencies

Cse in &ryptanalysis
key concept - monoalphabetic substitution ciphers do not change relative letter fre)uencies discovered by 3rabian scientists in 9th century calculate letter fre)uencies for cipherte%t compare counts/plots against known values

Dlayfair &ipher
not even the large number of keys in a monoalphabetic cipher provides security one approach to improving security was to encrypt multiple letters the Play air !ipher is an e%ample invented by &harles Eheatstone in 1FG<. but named after his friend #aron Dlayfair

Dlayfair -ey 'atri%

a GBG matri% of letters based on a keyword fill in letters of keyword ,sans duplicates/ fill rest of matri% with other letters M O N A R egH using the C H keyword Y B '?=3(&IJ D
E L U F P V G Q W I/J S X K T Z

Encrypting and 0ecrypting

plainte%t is encrypted two letters at a time
1H if a pair is a repeated letter. insert filler like KB" 2H if both letters fall in the same row. replace each with letter to right ,wrapping back to start from end/ 7H if both letters fall in the same column. replace each with the letter below it ,wrapping to top from bottom/ <H otherwise each letter is replaced by the letter in the same row and in the column of the other letter of the pair

Security of Dlayfair &ipher

security much improved over monoalphabetic since have 29 % 29 + 9 9 digrams would need a 9 9 entry fre)uency table to analyse ,verses 29 for a monoalphabetic/ and correspondingly more cipherte%t was widely used for many years
egH by CS 4 #ritish military in EE1

it can be broken. given a few hundred letters since still has much of plainte%t structure

Dolyalphabetic &iphers
polyalphabetic substitution ciphers improve security using multiple cipher alphabets make cryptanalysis harder with more alphabets to guess and flatter fre)uency distribution use a key to select which alphabet is used for each letter of the message use each alphabet in turn repeat from start after end of key is reached

LigenMre &ipher
simplest polyalphabetic substitution cipher effectively multiple caesar ciphers key is multiple letters long - + k1 k2 HHH kd ith letter specifies ith alphabet to use use each alphabet in turn repeat from start after d letters in message

E%ample of LigenMre &ipher

write the plainte%t out write the keyword repeated above it use each key letter as a caesar cipher key encrypt the corresponding plainte%t letter eg using keyword deceptive
key: deceptivedeceptivedeceptive plaintext: wearediscoveredsaveyourself ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ

Security of LigenMre &iphers

have multiple cipherte%t letters for each plainte%t letter hence letter fre)uencies are obscured but not totally lost start with letter fre)uencies
see if look monoalphabetic or not

if not. then need to determine number of alphabets. since then can

Lernam &ipher
ultimate defense is to use a key as long as the plainte%t with no statistical relationship to it invented by 3$4$ engineer Nilbert Lernam in 191F originally proposed using a very long but eventually repeating key

?ne-$ime Dad
if a truly random key as long as the message is used. the cipher will be secure called a ?ne-$ime pad is unbreakable since cipherte%t bears no statistical relationship to the plainte%t since for any plaintext 4 any ciphertext there e%ists a key mapping one to other can only use the key once though problems in generation 4 safe distribution of key

Iill &ipher
& + D- mod ,29/ D + &--1 mod ,29/

$ransposition &iphers
now consider classical transposition or permutation ciphers these hide the message by rearranging the letter order without altering the actual letters used can recognise these since have the same fre)uency distribution as the original te%t

(ail 5ence cipher

write message letters out diagonally over a number of rows then read off cipher row by row egH write message out as*
m e m a t r h t g p r y e t e f e t e o a a t

giving cipherte%t
MEMATRHTGPRYETEFETEOAAT

(ow $ransposition &iphers

is a more comple% transposition write letters of message out in rows over a specified number of columns then reorder the columns according to some key before reading off the rows
Key: <712G9 Column Out 3 4 2 1 5 6 7 Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m x y z Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

Droduct &iphers
ciphers using substitutions or transpositions are not secure because of language characteristics hence consider using several ciphers in succession to make harder. but*
two substitutions make a more comple% substitution two transpositions make more comple% transposition but a substitution followed by a transposition makes a new much harder cipher

this is bridge from classical to modern ciphers

(otor 'achines
before modern ciphers. rotor machines were most common comple% ciphers in use widely used in EE2
Nerman Enigma. 3llied Iagelin. 6apanese Durple

implemented a very comple%. varying substitution cipher used a series of cylinders. each giving one substitution. which rotated and changed after each letter was encrypted

Iagelin (otor 'achine

Summary
have considered*
classical cipher techni)ues and terminology monoalphabetic substitution ciphers cryptanalysis using letter fre)uencies Dlayfair cipher polyalphabetic ciphers transposition ciphers stegnography