Sei sulla pagina 1di 32

# Introduction to

## Cryptography and Security

Mechanisms

Dr Keith Martin
McCrea 349 01784 443099
keith.martin@rhul.ac.uk
Before we start…
Quiz 1
Which of the following activities can cryptography not be
used to provide in the electronic world?
A Ensuring that only an intended recipient can
obtain some information
B Ensuring that information cannot be altered
before it reaches an intended recipient
C Ensuring that a sender of some information
cannot later deny having sent the information
D Ensuring that some received information was sent
by the claimed sender

## Introduction to Cryptography and Security 3

Quiz 2
Which of the following attacks is the odd one out?
A Sending a forged message
B Deleting the opening phrase of a message
C Reading a message that was not intended for you
D Intercepting a message and destroying it before it
gets to the intended recipient

## Introduction to Cryptography and Security 4

Quiz 3
Under the worst-case conditions for a symmetric cipher
system, we assume that the attacker of a cipher system
A The encryption algorithm, the encryption key, all
ciphertexts
B All ciphertexts, some plaintext/ciphertext pairs,
the decryption key
C Some plaintext/ciphertext pairs, the encryption
algorithm, all previously used decryption keys
D The encryption algorithm, all ciphertexts, some
plaintext/ciphertext pairs

## Introduction to Cryptography and Security 5

Introduction to Cryptography and Security Mechanisms:

Unit 4

Historical algorithms
Dr Keith Martin
McCrea 349 01784 443099
keith.martin@rhul.ac.uk
Learning Outcomes
• Describe a number of simple historical cipher systems
• Relate a number of historical cipher system to the
basic model of a cipher system
• Appreciate the direction of historical advances in
cipher system design
• Illustrate the properties of these historical cipher
systems that make them unsuitable for modern use
• Formulate some essential basic design features for a
modern cipher system

## Introduction to Cryptography and Security 7

Sections

1. Monoalphabetic ciphers

## Introduction to Cryptography and Security 8

1. Monoalphabetic ciphers
Ciphers in this unit
Please note that all the ciphers in this unit are:
• Symmetric
• Operate on alphabetic characters
• Are not suitable for general modern use

## However, they allow us to:

• Illustrate the basic model of a cipher system
• Learn some basic design principles

## Introduction to Cryptography and Security 10

The Caesar Cipher

use!

## Identify at least three cryptographic

weaknesses that result in the Caesar
Cipher being regarded as insecure.

## Introduction to Cryptography and Security 11

The Simple Substitution Cipher

## The Simple Substitution Cipher is a considerable

improvement on the Caesar Cipher

## Introduction to Cryptography and Security 12

Keyspace of the Substitution Cipher

## The key space of the Simple Substitution Cipher is

approximately 4 x 1026, that is:
400 000 000 000 000 000 000 000 000
Just how big is that?

## There are an estimated 10 sextillion (that’s 1022) stars in our

universe. That means that the Simple Substitution Cipher has
about 40 000 times the number of keys than there are stars in
our universe.
The key space of DES is somewhere between 1016 and 1017.
That’s a much smaller number – it’s only about 100 000 times
the number of stars in our galaxy!

Wise words

## Having a large key space is necessary to prevent

an exhaustive key search, but it is not sufficient
to guarantee the security of a cipher system.

## A large key is not a guarantee of security but a

small key is a guarantee of insecurity.

## Introduction to Cryptography and Security 14

Letter frequency analysis

## The Substitution Cipher is broken very effectively by

letter frequency analysis

## You obviously need to know some

ciphertext to conduct this attack.
Identify at least two other pieces of
information that it would be useful to know
in order to conduct an effective letter
frequency analysis of the Simple
Substitution Cipher.

## Introduction to Cryptography and Security 15

Four lessons
The following four lessons can be learnt if you conduct
Exercises 2, 3, 4 and 5 for this unit.

## 1. The Simple Substitution Cipher leaks information

about the plaintext even before detailed letter
frequency analysis has been conducted.
2. Knowing the context of the plaintext can be
extremely important when conducting letter
frequency analysis.
3. Letter frequency analysis really works!
4. It is not necessary to determine the entire key
before being able to decrypt the ciphertext.

## Introduction to Cryptography and Security 16

Unicity distance
The unicity distance of a cipher system is the number
of ciphertext letters that you need before, given a
ciphertext of that length, you can expect there to be
only one meaningful plaintext and encryption key that
could have been used to obtain that ciphertext.
The unicity distance is a value that can be calculated
from the statistical properties of the underlying plaintext
language.
For a Simple Substitution Cipher applied to English
plaintexts, the unicity distance is usually regarded as
being around 28 ciphertext letters.

## Introduction to Cryptography and Security 17

Unicity distance
That’s the theory, so what about the practice?

## If you have 28 ciphertext characters from a

Simple Substitution Cipher then you can be
fairly sure that there is only one matching
plaintext out there.
Can you actually find it?

## Introduction to Cryptography and Security 18

Unicity distance
In theory Number of ciphertext In practice
letters

5

5 and 27

Around 28
= unicity distance

Between

200

## Bearing in mind the lessons of the previous

section, identify three types of cipher
system design improvement that would
make it harder to conduct single letter
frequency analysis?

## Introduction to Cryptography and Security 21

Playfair Cipher
The Playfair Cipher operates on pairs of letters (bigrams).
The key is a 5x5 square consisting of every letter except J.

## Before encrypting, the plaintext must be transformed:

• Replace all J’s with I’s
• Write the plaintext in pairs of letters…
• …separating any identical pairs by a Z
• If the number of letters is odd, add a Z to the end

## Introduction to Cryptography and Security 22

Playfair Cipher: Encryption
• If two plaintext letters lie in the same row then
replace each letter by the one on its “right” in
the key square
• If two plaintext letters lie in the same column
then replace each letter by the one “below” it
in the key square
• Else, replace:
– First letter by letter in row of first letter and column
of second letter in the key square
– Second letter by letter in column of first letter and
row of second letter in the key square

## Introduction to Cryptography and Security 23

Playfair Cipher: Example
GLOW WORM
S T A N D
E R C H B
K F G I L GL OW WO RM
M O P Q U
V W X Y Z
IK WT TW EO

Playfair Cipher

## In what way has the Playfair Cipher

defeated single letter frequency analysis?

## How might you try to decrypt a ciphertext

that was encrypted using a Playfair Cipher,
without knowing the key?

## Introduction to Cryptography and Security 25

English letter frequencies

## A 8.167 B 1.492 C 2.782

D 4.253 E 12.702 F 2.228
G 2.015 H 6.094 I 6.966
J 0.153 K 0.772 L 4.025
M2.406 N 6.749 O 7.507
P 1.929 Q 0.095 R 5.987
S 6.327 T 9.056 U 2.758
V 0.978 W 2.360 X 0.150
Y 1.974 Z 0.074

## Introduction to Cryptography and Security 26

Histogram of letter frequencies

## Introduction to Cryptography and Security 27

Homophonic Coding

## The idea is to replace some plaintext letters with

different ciphertext characters in order to confuse the
ciphertext character frequency statistics.

## Introduction to Cryptography and Security 28

Homophonic Coding
• A possible homophonic code is as follows:
• Use a character alphabet of 1000.
• Use our table of letter frequencies:
use 82 different characters to encode A
use 15 different characters to encode B
use 1 character to encode J, Q, Y and Z
etc.

## How well do you think such a code will hold out

against single letter frequency analysis?

## Do you think that such a code is suitable for adoption

in a practical environment?

Vigenère Cipher

## The Vigenère Cipher illustrates another

important technique for defeating letter
frequency analysis.

What is it?

Vigenère Cipher

## Make sure you understand how the Vigenère Cipher

works by conducting Exercises 6, 7, 8 and 9 for this
unit.

Vigenère Cipher?

## Introduction to Cryptography and Security 31

Summary
• A large key space alone does not guarantee security.
• It is possible to break a cipher system without first
determining the key.
• The ciphertext produced by a cipher system should
disguise the statistics of the plaintext alphabet.
• Effective techniques for disguising plaintext statistics
include:
– Increasing the size of the plaintext alphabet
– Replacing plaintext characters with more than one different
ciphertext character
– Introducing positional dependence
but these properties alone do not guarantee security.