Classic Cryptography Cryptography “art or science concerning the principles, means and methods for rendering plain information unintelligible and for restoring encrypted information to intelligible form.” -- National Information System Security Glossary (NSTISSC) MESSAGE plaintext MESSAGE plaintext encode/encipher decode/decipher ciphertext ZXYCTHI encryption algorithm decryption algorithm

The Caesar Cipher Encryption Algorithm Example Decryption Algorithm Each letter (Lp) is replaced by the letter from the following function: E(Lp) = (Lp + 3) mod 26 letters are numbered from zero (A≈0, B≈1, …Z≈25) Example HI MOM SEND DOLLARS plaintext KL PRP VHQG GROODUV ciphertext Decryption Algorithm Each letter (Lc) is replaced by the letter from the following function: D(Lc) = (Lc + 23) mod 26

Keys Simple Caesar Cipher Generalized Caesar Cipher Key E(Lp) = (Lp + 3) mod 26 Generalized Caesar Cipher Ek(Lp) = (Lp + k) mod 26 key Key “a sequence of random or pseudorandom bits used initially to set up and periodically change the operations performed in crypto-equipment for the purpose of encrypting or decrypting electronic signals...” -- National Information System Security Glossary (NSTISSC)

Two Types of Keyed Encryption Symmetric Encryption plaintext ciphertext encryption algorithm decryption algorithm Asymmetric Encryption plaintext ciphertext encryption algorithm decryption algorithm

Is the Caesar Cipher (keyed version) symmetric or asymmetric? Encipher Ek(Lp) = (Lp + k) mod 26 Decipher Dk(Lc) = (Lc + (26-k)) mod 26 Symmetric encryption is also known as private key encryption, because the key must be kept private from… code breaker

Common Cryptanalysis Attacks code breaker Cryptanalysis “operations performed in converting encrypted messages to plain text without initial knowledge of the crypto-algorithm and/or key employed in the encryption.” -- National Information System Security Glossary (NSTISSC) Common Cryptanalysis Attacks Attack Type Cryptanalysis Knowledge ciphertext only • encryption algorithm (less the key) • ciphertext to be deciphered known plaintext • encryption algorithm (less the key) • ciphertext to be deciphered • a segment of plaintext with corresponding ciphertext chosen plaintext • encryption algorithm (less the key) • ciphertext to be deciphered • a segment of plaintext selected by cryptanalyst with corresponding ciphertext How difficult is a ciphertext only attack on a keyed Caesar cipher?

Cipher Techniques substitute or transpose or product (both) A substitution cipher forms ciphertext from replacing plaintext bit patterns with other bit patterns. A transposition cipher forms ciphertext from rearranging plaintext bit sequences. stream or block A stream cipher transforms plaintext one small subsequence (bit, byte, letter) at a time. A block cipher transforms a larger units of plaintext (usually 64 or 128 bits). Keyed Caesar Cipher a mono-alphabetic substitution cipher

Cryptanalysis of Substitution brute force The Caesar Cipher has only 26 different possibilities. alphabetic frequency cryptanalysis (Cryptography and Data Security, Denning, 1982.) Suppose you know only that the cipher uses some tabular mono-alphabetic substitution. Digrams and trigrams can be analyzed in similar fashion.

Vignere Cipher Tableau (best known polyalphabetic substitution cipher) A B C D E F G H I J K L M N O P Q R S T U V W X Y Z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N . . . Z A B C D E F G H I J K L M N O P Q R S T U V W X Y a b c d e f g h i j k l m n o z plaintext index key index Use a string as key, repeatedly. The key letters serve as row indices for enciphering.

Example mi lkm ilkm ilkmilk key = milk HI MOM SEND DOLLARS plaintext A B C D E F G H I J K L M N O P Q R S T U V W X Y Z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N . . . Z A B C D E F G H I J K L M N O P Q R S T U V W X Y a b c d e f g h i j k l m n o z mi lkm ilkm ilkmilk key = milk HI MOM SEND DOLLARS plaintext ciphertext TQ XYY APXP LZVXICC

What makes a "Good" cipher? In 1949 Shannon proposed the following characteristics of a good cipher: 1) The amount of required secrecy should determine the amount of encrypting/decrypting work. 2) The choice of keys and the enciphering algorithm should be free from complexity. 3) The implementation of the process should be as simple as possible. 4) Errors in ciphering should not propagate, corrupting other message parts. 5) The size of the ciphertext should be no larger than its corresponding palintext. Today’s priorities: 1) The encryption/decryption algorithm must be proven to be mathematically sound. 2) The algorithm must have been analyzed by experts for its vulnerability. 3) The algorithm must have stood the “test of time”.

An Unbreakable Cipher One-Time Pad What’s the catch? The standard Vignère cipher can be broken by analyzing the period of the repeating key. One-Time Pad • the invention of an Army Signal Corp officer, Joseph Mauborgne. • provably unbreakable! • algorithm: a Vignère cipher using a random key of infinite length. What’s the catch? 1) It is difficult to create such large keys that are truly random. 2) Delivery of such sizable keys is often overwhelming.

Example include blank () in tableau fgzmiajjdnchkbghaz key A B C D E F G H I J K L M N O P Q R S T U V W X Y Z  B C D E F G H I J K L M N O P Q R S T U V W X Y Z  A C D E F G H I J K L M N O P Q R S T U V W X Y Z  A B D E F G H I J K L M N O P Q R S T U V W X Y Z  A B C E F G H I J K L M N O P Q R S T U V W X Y Z  A B C D F G H I J K L M N O P Q R S T U V W X Y Z  A B C D E G H I J K L M N O P Q R S T U V W X Y Z  A B C D E F H I J K L M N O P Q R S T U V W X Y Z  A B C D E F G I J K L M N O P Q R S T U V W X Y Z  A B C D E F G H J K L M N O P Q R S T U V W X Y Z  A B C D E F G H I K L M N O P Q R S T U V W X Y Z  A B C D E F G H I J L M N O P Q R S T U V W X Y Z  A B C D E F G H I J K M N O P Q R S T U V W X Y Z  A B C D E F G H I J K L N O P Q R S T U V W X Y Z  A B C D E F G H I J K L M . . . Z  A B C D E F G H I J K L M N O P Q R S T U V W X Y  A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n z  include blank () in tableau fgzmiajjdnchkbghaz key HI MOM SEND DOLLARS plaintext ciphertext MOYYWMIAHFGCYMRHRQ

Playfair Cipher Encryption Algorithm • Designed by British scientist Sit Charles Wheatstone (1854) and promoted by Baron Playfair of St. Andrews. • a dual-alphabetic substitution cipher • uses a key consisting of a string of unique characters (e.g. SECURITY) Encryption Algorithm S E C U R I/J T Y A B D F G H K L M N O P Q V W X Z 1) Build 5 by 5 table beginning with key followed by remaining alphabet (combine I/J). 2) Insert X between repeated letters in plaintext. (e.g. “BALLOON” becomes “BALXLOXON” 3) Each pair of letters (Lleft, Lright) from modified plaintext is replaced as follows: a) If Lleft in same row as Lright, then replace each with letter in next column to its right. (e.g. for pair “FK” substitute “GD”) b) If Lleft in same column as Lright, then replace each with letter in row beneath. (e.g. for pair “VT” substitute “EF”) c) If Lleft and Lright in different rows and colums, then replace each with the table letter from its own row and the other letter’s column. (e.g. for pair “UN” substitute “CO”)

Example HI MOM SEND DOLLARS plaintext HI MO MS EN DX DO LX LA RS S E C U R I/J T Y A B D F G H K L M N O P Q V W X Z HI MOM SEND DOLLARS plaintext HI MO MS EN DX DO LX LA RS ciphertext DA NP LE CM HQ HL OQ TB SE Still vulnerable to digram and single-character frequency attacks.

Transposition Ciphers Rail Fence Transposition Encipher by arranging plaintext in two rows, as illustrated below. HMMEDOLR IOSNDLAS plaintext (in diagonal rows) ciphertext HMMEDOLRIOSNDLAS A rail fence cypher is trivial to cryptanalyze, much like an Caesar cipher. Tabular Transposition Arrange plaintext row by row in 2D grid and select cipher text from columns. Use a key to determine column order. 35241 key HIMOM SENDD OLLAR S plaintext (in 5-letter rows) ciphertext MDRMNLHSOSODRIEL

The prior tabular transposition is still extremely vulnerable to attack by digram frequency analysis. A repeated transposition improves the cipher. 35241 key HIMOM SENDD OLLAR S plaintext (in 5-letter rows) MDRMN LHSOS ODRIE L after first transposition ciphertext NSERSRMLOLMOIDHD

Feistel Ciphers Round 1 Round 2 Round N HI Mom S block of plaintext Key • Horst Feistel (IBM) invented the basic algorithm in 1973. subkey1 subkey2 subkeyN • Round 1 Round 2 Round N XYWJLRAM block of ciphertext • f + • Feistel ciphers use symmetric block encryption relying upon product transformations. f + • Encryption & decryption use the same algorithm. f some function + exclusive OR (bitwise)

DES DES Subkeys f function Data Encryption Standard - an algorithm selected by the National Institute of Standards Technology for the encryption of non-classified data. The current DES algorithm was adopted by the U.S. Nat. Bureau of Standards in 1977. Block size: 64 bits Key size: 56 bits + 8-bit parity 16-round Feistel encryption (preceded by one permutation and followed by the permutation’s inverse) Subkeys The key (56-bits) is split in two and each half is rotated left by 1 or 2 bits. The resulting two 28-bit values index into a table to produce a 48-bit subkey. The rotated values are also forwarded to compute the next subkey. f function 1) input to f is expanded from 32 to 48 bits via table lookup 2) 48-bit value from (1) is XORed with subkey 3) 48-bit value from (2) is partitioned into eight 6-bit values 4) 6-bit values from (3) are separated into outside 2 bits and center 4 bits (outside bits select row and inside bits select column from S-box table) 5) eight S-box lookup values (each 4 bits long) are concatenated

DES Crytanalysis Brute Force Time to Produce All Possible Encodings Key Size (in bits) Number of Keys (1 encrypt./s) (106 encrypt./s) 32 232 ≈ 4.3 X 109 36 min. 2 msec. 56 256 ≈ 7.2 X 1016 1142 years 10 hr. 128 2128 ≈ 3.4 X 1038 5.4 X 1024 years 5.4 X 1018 years 26-char permutation 26! ≈ 4 X 1026 6.4 X 1012 years 6.4 X 106 years • 1977 - brute force attacks might be possible in the future [Diffie & Hellman IEEE Computer, June] • 1997 - a distributed collection of 3500 research computers discover DES key in 4 months • 1998 - Electronic Frontier Foundation builds $250K “DES cracker” requiring about 10 hrs.

Other Symmetric Ciphers 3DES - 1979 • also called triple DES • use two keys and three DES encryptions cipher = Ekey1( Dkey2( Ekey1( plaintext ) ) ) • 3DES has an effective key size of 112 bits. IDEA - 1991 • International Data Encryption Algorithm • developers from Swiss Federal Institute of Technology • 128-bit key, but differs from DES in round function and subkey generation. Blowfish - 1993 • developed by Bruce Schneier • compact, efficient, algorithm w/ key of 128 bits RC5 - 1994 • developed by Ron Rivest • efficient algorithm with variable length keys AES - 1999 • Advanced Encryption Standard • selected algorithm: Rijndael • a product cipher using key sizes of 128, 192 and 256 bits (128-bit block size).