History and Background Part 1: Basic Concepts and Monoalphabetic Substitution CSCI 5857: Encoding and Encryption

Outline Simple encryption with the Caesar cipher Exhausitive search and computational security Monoalphabetic substitution Frequency analysis and cryptanalysis attacks Known and chosen plaintext attacks

Why is History Important? Most modern encryption algorithms based on concepts hundreds/thousands of years old –Monoalphabetic substitution –Polyalphabetic substitution –Transposition Most attacks on encryption also very old –Exhaustive search –Cryptographic analysis –Known/chosen plaintext

4 Encryption Mathematical Notation: p – plaintext message (readable) c – ciphertext (not readable!) k – key (only known by authorized persons) E – encryption functionc = E(p, k) D – decryption functionp = D(c, k)

Substitution Algorithms Mapping of plaintext to ciphertext Can be single character mapping (historical) A  G Can map entire blocks of plaintext (modern block ciphers) 

Substitution Algorithms Mapping must be unique for decryption to work! Encryption: A  G B  G Decryption: G  A or B ? Side Point

Substitution Algorithms Mapping often involves translating characters to numeric values Encryption/decryption functions in terms of mathematical functions Side Point

Caesar Cipher Key k: number between 1 and 25 Example: k = 3, p = RUNAWAY E( RUNAWAY )  UXQDZDB D( UXQDZDB )  RUNAWAY

Exhaustive Key Search Testing all possible keys Algorithm: Given ciphertext c For all keys k i –Compute p i = D(c, k i ) –If p i is recognizable plaintext, then k i is plausible Time proportional to number of possible keys k i

Defining “Secure” Encryption Computationally Secure Cost of breaking cipher > value of encrypted information Time required to break cipher > useful lifetime of encrypted information Cipher is “practically” unbreakable Generally only assurance we have

Defining “Secure” Encryption Problem: impossible to permanently quantify! Computers get faster every day Moore’s law: speed doubles every 1.5 years Example: DES cipher with 56 bit key –Computationally secure (1142 years) at 1 test/microsecond –Not secure (10 hours) at 100,000 tests/microsecond

Caesar Cipher and Exhaustive Search Only 26 possible keys to test! Ciphertext: UXQDZDB Key:Resulting Plaintext: 1 TWPCYCA 2 SVOBXBZ 3 RUNAWAY  recognizable plaintext Clearly not computationally secure!

Monoalphabetic Substitution Each plaintext character has corresponding ciphertext character No pattern (unlike Caesar cipher) Example: “ runaway ”  “ HJGNPNS ”

Monoalphabetic Substitution Key = substitution table itself Number of possible keys = 26!  400,000,000,000,000,000,000,000,000 Computationally secure to exhaustive search (at least without a computer)

Cryptanalysis Attacks Based on knowledge –Properties of the encryption algorithm –Properties of the likely plaintext Often combined with exhaustive search –Knowledge eliminates most possible keys –Search now feasible for few remaining keys All possible keys Remaining keys Eliminated by cryptanalysis Search feasible

Frequency-based Analysis Some letters much more common than others

Frequency-based Analysis Example ciphertext: “ PCRZFNICRAYJHVRYICJQNZRSRZIV ” Letter frequencies: A1 B0 C3 D0 E0 F1 G0 H1 I3 J2 K0 L0 M0 N2 O0 P1 Q1 R5 S1 T0 U0 V2 W0 X0 Y2 Z3 Hypothesis: “e”  “R”

Frequency-based Analysis Some combinations of letters much more common than others Example: “e” often followed by “n” Example ciphertext (after “e” substituted for “R”): “ PCeZFNICeAYJHVeYICJQNZeSeZIV ” “Z” second most common letter Follows “e” twice Hypothesis: “n”  “Z” “ PCenFNICeAYJHVeYICJQNneSenIV ”

Frequency-based Analysis Knowing part of key in monoalphabetic substitution makes it easier to guess the rest of the key Very bad property of an encryption algorithm! Side Point “I can only see part of the key, but it is easy to guess the rest!”

Frequency-based Analysis Success of frequency-based analysis increases with more text –Single long ciphertext –Multiple ciphertexts encoded with same key General property of cryptanalysis Should change key as often as possible! Side Point ciphertexts

Known Plaintext Attack Adversary has access to a number of: –plaintext messages –corresponding ciphertext messages Searches for relationship between plaintext and ciphertext that might reveal key plaintexts ciphertexts

Known Plaintext Example Darth get gets data entry job at organization Observes how encrypted database changes as new records entered E pc

Known Plaintext Attack Inevitable that adversary will acquire known plaintexts Security defined in terms of number of known plaintexts needed to guess key Single known plaintext sufficient to break simple substitution algorithm!

Chosen Plaintext Attack Adversary has hypothesis about key k hypothesis Adversary chooses plaintext p to test hypothesis If resulting ciphertext c matches what would be result of encryption with k hypothesis, then k hypothesis is correct E p hypothetical key E compare actual (unknown) key

Chosen Plaintext Example World War II Hypothesis: Japanese code for “Midway Island” = “ AF ” Test: Plaintext message transmitted that “Midway Island running short of water” Result: Increased message traffic containing “ AF ” -- Hypothesis confirmed!

Defining Security Quality of encryption system defined by attacks it is vulnerable to –Types of attacks: exhaustive, cryptographic, etc. –Knowledge attacker has: known plaintext, chosen plaintext, etc. Key idea: Must always think like an attacker! –“What could I do to break the system?”