Introduction CS 303 Algorithmic Number Theory and Cryptography September 4, 1997 Introduction CS 303 Algorithmic Number Theory and Cryptography Jeremy R. Johnson

KHOOR

HELLO

Introduction to Classical Cryptography September 4, 1997 Introduction to Classical Cryptography Objective: Introduction to Cryptography and Cryptanalysis Shift Cipher Substitution Cipher Attacks and adversaries Frequency analysis

Classical Cryptography Basic problem: Secure communication over an insecure channel Solution: private key encryption m  E(k,m) = c  D(k,c) = m Shannon provided a rigorous theory of perfect secrecy based on information theory Adversary has unlimited computational resources, but key must be as long as message

Communication Scenario Encryption key Decryption key ciphertext Alice Encrypt Decrypt Bob plaintext Eve

Shift Cipher hello all hail ceasar September 4, 1997 Shift Cipher hello all hail ceasar If he had anything confidential to say, he wrote it in cipher, that is, by so changing the order of the letters of the alphabet, that not a word could be made out. If anyone wishes to decipher these, and get at their meaning, he must substitute the fourth letter of the alphabet, namely D, for A, and so with the others. — Suetonius, Life of Julius Caesar 56

Shift Cipher m  E(k,m) = c = m+k mod 26 c  D(k,c) = c-k mod 26 KHOOR September 4, 1997 Shift Cipher KHOOR DOO KDLO FHDVDU a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C Key = 3 m  E(k,m) = c = m+k mod 26 c  D(k,c) = c-k mod 26

Possible Attacks Kerchoff’s Principle Ciphertext only Known plaintext Chosen plaintext Chosen ciphertext

Cryptanalysis of Shift Ciphers Number of keys = size of alphabet Ciphertext only Brute force Look for most frequently occurring symbol Known plaintext m + k = c (mod 26) Chosen plaintext 1 + k = c (mod 26) Chosen ciphertext m + k = 1 (mod 26)

September 4, 1997 Frequency Analysis en.wikipedia.org/wiki/Frequency_analysis_(cryptanalysis) scottbryce.com/cryptograms

War and Peace 3,223,402 Characters http://www.gutenberg.org/ebooks/2600

freq.pl infile = file(filename,'r') freq = {} count = 0 for c in string.ascii_lowercase: freq[c] = 0 for line in infile: for c in line.lower(): if c.isalpha(): freq[c] = freq[c] + 1 count = count + 1 keys = freq.keys() keys.sort() for c in keys: print "freq[" + c + "] = ",float(freq[c])/count

Substitution Cipher m  E(k,m) = c = (m) c  D(k,c) = -1(c) NYVVZ September 4, 1997 Substitution Cipher NYVVZ JVV NJSV RYJDJC a b c d e f g h i j k l m n o p q r s t u v w x y z J E R M Y O H N S T U V W X Z A B C D F G I K L P Q Key – bijection from {0..25}  {0..25}: i  (i) m  E(k,m) = c = (m) c  D(k,c) = -1(c)

Cryptanalysis of Substitution Ciphers Number of keys = n! where n is the size of the alphabet Ciphertext only Brute force (too expensive) Frequency analysis Known plaintext m  (m) = c, for known (m,c). Partial permutation Chosen plaintext m  (m) = c, m = 0..n-1 Chosen ciphertext -1(c)  m, c = 0..n-1

One Time Pad Pad = b1  bn  {0,1}* chosen randomly m = m1  mn E(Pad,m) = c = m  Pad D(Pad,c) = c  Pad = (m  Pad)  Pad = m m,c PrPad[E(Pad,m) = c] = 1/2n No information gained from seeing c However, E(Pad,m)  E(Pad,m’) = m  m’