Prof. Wenguo Wang Network Information Security Prof. Wenguo Wang Tel College of Computer Science QUFU NORMAL UNIVERSITY
Chapter 2 Classical Encryption Techniques
Classical Encryption 1. conventional --- was the only type prior to 1970’s 2. symmetric --- sender and receiver share a common private key 3. single-key --- only one key exists in the system
Some Basic Terminology 1. plaintext - original message 2. ciphertext - coded message 3. cipher - an algorithm for transforming plaintext into ciphertext 4. key - info used in a cipher known only to sender/receiver 5. encipher (encrypt) - converting plaintext to ciphertext 6. decipher (decrypt) - recovering plaintext from ciphertext 7. cryptography - study of encryption methods 8. cryptanalysis - study of decryption methods 9. Cryptology = cryptography + cryptanalysis
Symmetric Cipher Model
Classification Types of ciphers: encryption operations used substitution / transposition / product number of keys used single-key / two-key way in which plaintext is processed block / stream
Cryptanalysis 1. objective to recover key (not just message) 2. general approaches: cryptanalytic attack brute-force attack
Brute Force Search 1. always possible to simply try every key 2. most basic attack 3. cost proportional to key size 4. assume you recognise plaintext
More Definitions 1. unconditional security no matter how much computer power is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext 2. computational security given limited computing resources, the cipher cannot be broken
Classical Substitution Ciphers 1. where letters of plaintext are replaced by other letters or numbers or symbols 2. if plaintext is viewed as a sequence of bits, then substitution is about replacing plaintext bit patterns with new ciphertext bit patterns
Caesar Cipher 1. earliest known substitution cipher 2. invented by Julius Caesar 3. first attested use in military affairs 4. replaces each letter by 3rd letter on Example: meet me after the toga party PHHW PH DIWHU WKH WRJD SDUWB
Caesar Cipher 1. now mathematically give each letter a number: A=0, B=1, C=2, D=3, … Y=24, Z=25 2. then write Caesar cipher as: c = E(p) = (p + k) mod (26) p = D(c) = (c – k) mod (26)
Cryptanalysis of Caesar Cipher 1. only have 26 possible ciphers where A maps to A, B, …, Y, Z respectively 2. could simply try each in turn to decipher ---- a typical brute force search e.g. To break ciphertext "GCUA VQ DTGCM" ---- Homework No.1 for today!
Monoalphabetic Cipher rather than just shifting the alphabet, we could shuffle (jumble) the letters arbitrarily each letter in plaintext maps to a different random letter in ciphertext hence key is always 26 letters long e.g. Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN Given Plaintext: if we wish to replace letters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
Monoalphabetic Cipher Security 1. now have a total of 26! = 4 x 1026 keys 2. with so many keys, you might think it be secure? 3. but !!!WRONG!!! problem is language characteristics
Language Redundancy and Cryptanalysis Human languages are redundant ! e.g. in "th lrd s m shphrd shll nt wnt" Letters appear not with same frequencies 1. in English E is by far the most common letter, followed by T, R, N, I, O, A, S 2. other letters like Z,J,K,Q,X are fairly rare 3. we have tables of single, double & triple letter frequencies for various languages
English Letter Frequencies
Use in Cryptanalysis 1. key note - monoalphabetic substitution ciphers do not change relative letter frequencies 2. calculate letter frequencies for ciphertext 3. compare counts/plots against known values in Caesar cipher and guess 4. tables of common double/triple letters may help
Example Cryptanalysis 1. given ciphertext: UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ 2. count relative letter frequencies (see text) 3. guess P & Z are e and t 4. guess ZW is “th” and hence ZWP is “the” 5. proceeding with trial and error finally get: it was disclosed yesterday that several informal but direct contacts have been made with political representatives of the viet cong in moscow
Polyalphabetic Ciphers 1. polyalphabetic substitution ciphers can improve security by using multiple cipher alphabets 2. make cryptanalysis harder with more alphabets to guess and flatter frequency distribution 3. use a key to select which alphabet is used for each letter of the message 4. use each alphabet in turn and repeat from start after end of key is reached
Vigenère Cipher 1. simplest polyalphabetic substitution cipher 2. effectively multiple Caesar ciphers 3. key is multiple letters long K = k 1 k 2... k d 4. i th letter specifies i th alphabet to use 5. use each alphabet in turn and repeat from start after d letters in message 6. decryption simply works in reverse
Example of Vigenère Cipher 1. write the plaintext out 2. write the keyword repeatedly above it 3. use each key letter as a Caesar cipher key 4. encrypt the corresponding plaintext letter e.g. using the keyword deceptive key: deceptivedeceptivedeceptive plaintext: wearediscoveredsaveyourself ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Security of Vigenère Ciphers 1. have multiple ciphertext letters for each plaintext letter 2. hence letter frequencies are obscured but not totally lost 3. how to decipher ? Start with checking letter frequencies to see if the pattern is monoalphabetic or not 4. if not, then need to determine number of alphabets, the length of the key
One-Time Pad 1. use a truly random key as long as the message, the cipher will be secure a One-Time pad 2. is unbreakable since ciphertext bears no statistical relationship to the plaintext 3. since for any plaintext & any ciphertext there exists a key mapping one to other 4. can only use the key once though 5. Problem: generation & distribution of the key
Transposition Ciphers 1. now consider classical transposition or permutation ciphers 2. these hide the message by rearranging the letter order 3. without altering the actual letters used 4. same frequency distribution as in the original text
Product Ciphers 1. ciphers using substitutions or transpositions are not secure because of language characteristics 2. hence consider using several ciphers in succession to make it safer, but: two substitutions make more complex substitution two transpositions make more complex transposition but a substitution followed by a transposition makes a new much harder cipher 3. bridge from classical to modern ciphers
Rotor Machines 1. before modern ciphers, rotor machines were most complex ciphers in use 2. widely used in WW2 German Enigma, Allied Hagelin, Japanese Purple 3. implemented a very complex, varying substitution cipher 4. used a series of cylinders, each giving one substitution, which rotated and changed after each letter was encrypted 5. with 3 cylinders have 26 3 =17576 alphabets
Hagelin Rotor Machine
Steganography ( ) Steganography ( 隐写术 ) 1. an alternative to encryption 2. hides existence of message using only a subset of letters/words in a longer message marked in some way using invisible ink hiding in LSB in graphic image or sound file 3. has drawbacks high overhead to hide relatively few info bits
Summary have considered: classical cipher techniques and terminology monoalphabetic substitution ciphers cryptanalysis using letter frequencies polyalphabetic ciphers transposition ciphers product ciphers and rotor machines steganography