Lecturer in Mogadishu University and University of Somalia Information Security Principles course “Cryptology” Based of: “Cryptography and network Security” by William Stalling, 5th edition. Eng. Mohamed Adam Isak PH.D Researcher in CS Lecturer in Mogadishu University and University of Somalia Engmaisak@hotmail.com www.engmaisak.blogspot.com Tell:0615648915 September 2015 to February 2016

Chapter 2 Classical Encryption Techniques Lecture 1 Substitution Techniques A) Mono-alphabetic Ciphers

Outlines Cryptography in history Classification of cryptology. Classification of Cryptography Classical ciphers Substitution Technique Transposition Technique Substitution Technique Types Mono-alphabetic Ciphers Type Caesar Cipher Affine Cipher Abash/Atbash Cipher ROT13 Cipher

Cryptography - In history (1/2) If we hear the word cryptography our first associations might be e-mail encryption, secure website access, smart cards for banking applications or code breaking during World War II, such as the famous attack against the German Enigma encryption machine.

Cryptography - In history (2/2) Cryptography seems closely linked to modern electronic communication. How- ever, cryptography is a rather old business, with early examples dating back to about 2000 B.C., when non-standard “secret” hieroglyphics were used in ancient Egypt. Since Egyptian days cryptography has been used in one form or the other in many, if not most, cultures that developed written language. For instance, there are documented cases of secret writing in ancient Greece, namely the scytale of Sparta, or the famous Caesar cipher in ancient Rome, about which we will learn later in this chapter.

Classification of cryptology (1/2)

Classification of cryptology (2/2) Cryptography is the science of secret writing with the goal of hiding the meaning of a message. Cryptanalysis is the science and sometimes art of breaking cryptosystems. You might think that code breaking is for the intelligence community or perhaps organized crime, and should not be included in a serious classification of a scientific discipline. However, most cryptanalysis is done by respectable researchers in academia nowadays. Cryptanalysis is of central importance for modern cryptosystems: without people who try to break our crypto methods, we will never know whether they are really secure or not.

Symmetric Algorithms VS Asymmetric Algorithms (1/2) Symmetric Algorithms are what many people assume cryptography is about: two parties have an encryption and decryption method for which they share a secret key. All cryptography from ancient times until 1976 was exclusively based on symmetric methods. Symmetric ciphers are still in widespread use, especially for data encryption and integrity check of messages Asymmetric (or Public-Key) Algorithms In 1976 an entirely different type of cipher was introduced by Whitfield Diffie, Martin Hellman and Ralph Merkle. In public-key cryptography, a user possesses a secret key as in symmetric cryptography but also a public key. Asymmetric algorithms can be used for applications such as digital signatures and key establishment, and also for classical data encryption.

Symmetric Algorithms VS Asymmetric Algorithms (2/2) In the majority of cryptographic applications in practical systems, symmetric and asymmetric algorithms (and often also hash functions) are all used together. This is sometimes referred to as hybrid schemes. The reason for using both families of algorithms is that each has specific strengths and weaknesses

Cryptographic Protocols Cryptographic Protocols Roughly speaking, crypto protocols deal with the application of cryptographic algorithms. Symmetric and asymmetric algorithms can be viewed as building blocks with which applications such as secure Inter- net communication can be realized. The Transport Layer Security (TLS) scheme, which is used in every Web browser, is an example of a cryptographic protocol.

Symmetric Encryption Symmetric encryption also called as conventional / private- key or single-key encryption. Use the same (secret) key to encrypt and decrypt a message(Sender and receiver share a common key ) All classical encryption algorithms are private-key

Classical Ciphers The two basic building blocks of all encryption techniques are substitution and transposition 1. Substitution Technique: The letters of plaintext are replaced by other letters or by numbers or symbols. 2. Transposition Technique: The plaintext characters remain the same, but the order of letters/characters is shuffled around to add confusion. Both categories can be combined to form a product cipher for the sake of enhancing the security

Substitution Cipher Mono-alphabetic Substitution Cipher Each character of the plaintext is replaced with a corresponding character of Ciphertext Polyalphabetic Substitution Cipher Another way to improve on the simple mono-alphabetic technique is to use different mono-alphabetic substitutions as one proceeds through the plaintext message. The general name for this approach is polyalphabetic substitution cipher. PolyGram Substitution Cipher Blocks of characters are encrypted in groups. E.g. ABA  RTQ Homophonic Substitution Cipher Like a simple substitution, except a single character of plaintext can map to one of several characters of ciphertext. E.g. A 13, 25 or 56

Mono-alphabetic Substitution Abu-ya’kub Al-kandi, is the Muslim scientist who invented using Mono-alphabetic substitution cryptography, and he was also the first scientist who invented Cryptanalysis methods. Mono-alphabetic is one of the cryptography types that uses Substitution way Substitution way is: To add each one of the plain text characters to another character and the answer will create the cipher character.

Mono-alphabetic Substitution types Caesar Cipher Affine Cipher Abash/Atbash Cipher ROT13 Cipher

Caesar Cipher The earliest known use of a substitution cipher, and the simplest, was by Julius Caesar. The Caesar cipher involves replacing each letter of the alphabet with the letter standing three places further down the alphabet. Example: plain: meet me after the toga party. cipher: PHHW PH DIWHU WKH WRJD SDUWB

Caesar Cipher plain: a b c d e f g h i j k l m n o p q r s t u v w x y z cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C Let us assign a numerical equivalent to each letter: The famous shift of Caesar algorithm is “3” C = E(3, p) = (p + 3) mod 26 But a shift may be of any amount, so that the general Caesar algorithm is C = E(k, p) = (p + k) mod 26 where k takes on a value in the range 1 to 25.

Example of Caesar Cipher Use the shift cipher with key = 15 to encrypt the message “HELLO.” We encrypt one character at a time. Each character is shifted 15 characters down. Letter H is encrypted to W. Letter E is encrypted to T. The first L is encrypted to A. The second L is also encrypted to A. And O is encrypted to D. so the cipher text is: WTAAD.

Decryption of Caesar Cipher The decryption algorithm is simply p = D(k, C) = (C-k) mod 26 If it is known that a given Cipher text is a Caesar cipher, then a brute-force cryptanalysis is easily performed: Simply try all the 26possible keys.

Brute-Force Cryptanalysis: Caesar Cipher Only have 26 possible ciphers A maps to A,B,..Z Could simply try each in turn A Brute Force Search Given Cipher text, just try all shifts of letters Do need to recognize when plaintext is obtained Example: cipher: PHHW PH DIWHU WKH WRJD SDUWB  After using Brute force we see that the plain Text is: meet me after the toga party

Brute-Force Cryptanalysis: Caesar Cipher Three important characteristics of the previous problem enabled us to use a brute-force cryptanalysis: The encryption and decryption algorithms are known. There are only 25 keys to try. The language of the plaintext is known and easily recognizable. What generally makes brute-force cryptanalysis impractical is the use of an algorithm that employs a large number of keys. For example, the triple DES algorithm, has greater than 3.7 x 1050 possible keys.

Brute-Force Cryptanalysis: Caesar Cipher If the language of the plaintext is unknown, then plaintext output may not be recognizable. For example, this figure shows a portion of a text file compressed using an algorithm called ZIP. If this file is then encrypted with a simple substitution cipher (expanded to include more than just 26 alphabetic characters), then the plaintext may not be recognized when it is uncovered in the brute- force cryptanalysis.

FREQUENCY ANALYSIS Cryptanalysis: Caesar Cipher Human languages are redundant. E.g. “T SHWS THT TH SCRTY LVL S HGH" Letters are not equally commonly used In English the E alphabet is the most common letter then T,R,N,I,O,A,S The fairly rare letters are: Z, J, K, Q, X The following slide shows you tables of single, double (digraph) & triple (trigraph) letter with their frequencies. Examples: th, ed, ine, ion

FREQUENCY ANALYSIS Cryptanalysis: Caesar Cipher Frequencies of single letters Frequencies of Double/Digraph/ Digram and Triple/Trigraph/Triagram/ letters

FREQUENCY ANALYSIS Cryptanalysis: Caesar Cipher Example 1)UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ 2) Frequencies of the cipher Text letters: 3)Plain is: It was disclosed yesterday that several informal but direct contacts have been made with political representatives of the viet cong in moscow

Affine Cipher Combine addition and multiplication

Affine Cipher Example: Use an affine cipher to encrypt the message “hello” with the key pair (7, 2).

Abash/Atbash Cipher Abash Cipher is one of the easiest methods for cryptography and crypto-analysis. It was first used for the Jewish language but it can be used for the other languages. The way of cryptography is to make the last letter of the language to the first letter. The method of cryptography in English: Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ Cipher: ZYXWVUTSRQPONMLKJIHGFEDCBA Example: Plain Text: money Cipher Text: nlmvb

ROT13 Concept ROT13 is a cipher that stands for rotate 13, and it rotates each character in text by 13 places. Only those letters which occur in the English alphabet are affected; numbers, symbols, whitespace, and all other characters are left unchanged. Because there are 26 letters in the English alphabet and 26 = 2 × 13

ROT13 - Example Plain Text: Somalia locates in east Africa. Cipher Text will be: Fbznyvn ybpngrf va rnfg Nsevpn.

ROT13 - Cryptanalysis ROT13 is not intended to be used where secrecy is of any concern. The use of a constant shift means that the encryption effectively has no key, and decryption requires no more knowledge than the fact that ROT13 is in use. Even without this knowledge, the algorithm is easily broken through frequency analysis.

ASSIGNMENT #1: Programming Problems Create software that can encrypt and decrypt using the general Caesar cipher. Create software that can encrypt and decrypt using the affine cipher. Create software that can encrypt and decrypt using the ROT13 cipher. Do only one of those three requirements using C# or VB.NET

Recommended Web Sites Crypto Corner: Simon Singh’s Web site. Lots of good information, plus interactive tools for learning about cryptography. Programming website: https://stackoverflow.com

Thanks to everyone!! ?