MESSAGE plaintext encode/encipherdecode/decipher ZXYCTHI MESSAGE plaintext ciphertext algorithm Cryptography “ art or science concerning the principles, means and methods for rendering plain information unintelligible and for restoring encrypted information to intelligible form. ” -- National Information System Security Glossary (NSTISSC)

-- a readable form for a message (e.g. English text) xaiettlnp tcxiepthre -- a scrambled version of some plaintext message intended to protect the message ’ s confidentiality and/or integrity dcnoee -- translate from plaintext to ciphertext dceoed -- translate from ciphertext back to plaintext pihcenre -- synonym for encode (technically, encodes a single symbol/character) pihcdere -- synonym for decode (technically, decodes a single symbol) ysterocmptsy -- a collection of algorithms for encryption and decryption niprnecyto -- the act of encoding niprdecyto -- the act of decoding ytapopcghyrr -- the study of cryptosystems (the science of secret writing) hpicer -- a particular cryptosystem

MESSAGE plaintext encode/encipherdecode/decipher ZXYCTHI MESSAGE plaintext ciphertext E( plaintext ) = ciphertext Inverse Function Function E -1 ( ciphertext ) = plaintext

Encryption Algorithm Each letter (L p ) is replaced by the letter from the following function: E(L p ) = (L p + 3) mod 26 letters are numbered from zero (A≈0, B≈1, …Z≈25) Example HI MOM SEND DOLLARS KL PRP VHQG GROODUV plaintext ciphertext Decryption Algorithm Each letter (L c ) is replaced by the letter from the following function: D(L c ) =

Simple Caesar Cipher E(L p ) = (L p + 3) mod 26 Generalized Caesar Cipher E Caesar (L p, k) = (L p + k) mod 26 Key “ a sequence of random or pseudorandom bits used initially to set up and periodically change the operations performed in crypto-equipment for the purpose of encrypting or decrypting electronic signals... ” -- National Information System Security Glossary (NSTISSC)

plaintextciphertext encryption algorithmdecryption algorithm plaintext ciphertext encryption algorithmdecryption algorithm plaintext Symmetric Encryption Asymmetric Encryption

Is the Caesar Cipher (keyed version) symmetric or asymmetric? Symmetric encryption is also known as ________ key encryption, because the key must be kept private from… Encode E Caesar (L p, k) = (L p + k) mod 26 Decode D Caesar (L c, k) = code breaker rot13(L p ) = E Caesar (L p, 13) Note that rot13 = rot13 -1 (i.e. rot13 decodes any message encoded with rot13) In general, what is D Caesar (L n, k) in terms of E Caesar (L n, k) ?

Cryptanalysis “ operations performed in converting encrypted messages to plain text without initial knowledge of the crypto-algorithm and/or key employed in the encryption. ” -- National Information System Security Glossary (NSTISSC) code breaker Common Cryptanalysis Attacks Attack TypeCryptanalysis Knowledge ciphertext only encryption algorithm (less the key) ciphertext to be deciphered known plaintext encryption algorithm (less the key) ciphertext to be deciphered a segment of plaintext with corresponding ciphertext chosen plaintext encryption algorithm (less the key) ciphertext to be deciphered a segment of plaintext selected by cryptanalyst with corresponding ciphertext How difficult is cryptanalysis on a keyed Caesar cipher?

T U R K E Y substitution A substitution cipher forms ciphertext from replacing plaintext bit patterns with other bit patterns. B C D E F G H I J K L M N O P Q R S T U V W X Y Z A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Example ( Caesar cipher with key = 1 ) D( ) E( ) T U R K E Y A B C D F G H I J L M N O P Q S V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Another Example Use a word as key. Encode using word followed by remaining alphabet. A simple (mono-alphabetic) substitution always maps the same bit pattern consistently. Cryptanalysis of this second example?

Non-alphabetic Computers have no need to use alphabets - bit strings are easier. Non-sequential There is nothing to suggest that alphabetic ordering be used at all. (Why not use every third letter in the alphabet?) There is a need to use a proper permutation. Why? C F I L O R U X A D G J M P S V Y B E H K N Q T W Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

brute force (for mono-alphabetic substitution) alphabetic frequency cryptanalysis (Cryptography and Data Security, Denning, 1982.) There are 26! simple substitution ciphers from the English alphabet. Suppose you know only that the cipher uses some tabular mono-alphabetic substitution. Digrams and trigrams can be analyzed in similar fashion.

1) The amount of required secrecy should determine the amount of encrypting/decrypting work. In 1949 Shannon proposed the following characteristics of a good cipher: 2) The choice of keys and the enciphering algorithm should be free from complexity. 3) The implementation of the process should be as simple as possible. 4) Errors in ciphering should not propagate, corrupting other message parts. 5) The size of the ciphertext should be no larger than its corresponding plaintext. Today ’ s priorities: 1) The encryption/decryption algorithm must be proven to be mathematically sound. 2) The algorithm must have been analyzed by experts for its vulnerability. 3) The algorithm must have stood the “ test of time ”. 4) Time to encode/decode must still be acceptable.

Tableau (basis for well-known polyalphabetic substitution ciphers) Use a string as key, repeatedly. The key letters serve as row indices for enciphering. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N... Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z abcdefghijklmno zabcdefghijklmno z

Example A B C D E F G H I J K L M N O P Q R S T U V W X Y Z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N... Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z abcdefghijklmno zabcdefghijklmno z HI MOM SEND DOLLARS plaintext ciphertext TQ XYY APXP LZVXICCmi lkm ilkm ilkmilk key = milk Cryptanalysis of such a cipher?

Encryption Algorithm Designed by British scientist Sit Charles Wheatstone (1854) and promoted by Baron Playfair of St. Andrews. a dual-alphabetic substitution cipher uses a key consisting of a string of unique characters (e.g. SECURITY) 1) Build 5 by 5 table beginning with key followed by remaining alphabet (combine I/J). S E C U R I/J T Y A B D F G H K L M N O P Q V W X Z 3) Each pair of letters (L left, L right ) from modified plaintext is replaced as follows: a) If L left in same row as L right, then replace each with letter in next column to its right. (e.g. for pair “FK” substitute “GD” ) 2) Insert X between repeated letters in plaintext. (e.g. “BALLOON” becomes “BALXLOXON” b) If L left in same column as L right, then replace each with letter in row beneath. (e.g. for pair “VT” substitute “EF” ) c) If L left and L right in different rows and colums, then replace each with the table letter from its own row and the other letter ’ s column. (e.g. for pair “UN” substitute “CO” )

Example HI MOM SEND DOLLARS plaintext S E C U R I/J T Y A B D F G H K L M N O P Q V W X Z HI MO MS EN DX DO LX LA RS ciphertext DA NP LE CM HQ HL OQ TB SE Still vulnerable to digram and single-character frequency attacks.

the invention of an Army Signal Corp officer, Joseph Mauborgne. provably unbreakable! algorithm: a Vignère cipher using a random key of infinite length. The standard Vignère cipher can be broken by analyzing the period of the repeating key. One-Time Pad What ’ s the catch?

It is possible to use a book cipher - a pad of key that are used then discarded. Created by Gilbert Vernam (Bell Labs) Vernam cipher Use paper tape (teletype) to deliver an arbitrarily-long non-repeating sequence of keys. Another alternative is to use a table (e.g. of sine values) or a book. Encode/decode by numeric function rather than Vignère table. Example 1: use XOR to encode and decode.SymbolDecimal Bit String Plaintext ‘R’‘R’‘R’‘R’ Key E Vernam ( ‘ R ’,15) Example 2: Encode with addition mod 256. E Vernam ( ‘ R ’,15) What is D Vernam (X,K)? =  = = ( ) mod 256 =

substitute or transpose or product A substitution cipher forms ciphertext from replacing plaintext bit patterns with other bit patterns. A transposition cipher forms ciphertext from rearranging plaintext bit sequences. stream or block A stream cipher transforms plaintext one small subsequence (bit, byte, letter) at a time. A block cipher transforms a larger units of plaintext (usually 64 or 128 bits). A product cipher uses both substitution and transposition.

Encipher by arranging plaintext in two rows, as illustrated below. Rail Fence Transposition Arrange plaintext row by row in 2D grid and select cipher text from columns. Use a key to determine column order. Tabular Transposition HMMEDOLR IOSNDLAS plaintext (in diagonal rows) ciphertext HMMEDOLRIOSNDLAS A rail fence cypher is trivial to cryptanalyze, much like an Caesar cipher. HIMOM SENDD OLLAR S plaintext (in 5-letter rows) key ciphertext MDRMNLHSOSODRIEL

The prior tabular transposition is still extremely vulnerable to attack by digram frequency analysis. A repeated transposition improves the cipher. HIMOM SENDD OLLAR S plaintext (in 5-letter rows) key ciphertext NSERSRMLOLMOIDHDMDRMN LHSOS ODRIE L after first transposition Cryptanalysis of such a cipher?