Cryptography Part 1: Classical Ciphers Jerzy Wojdyło May 4, 2001
Cryptography, Jerzy Wojdylo, 5/4/01 Overview Classical Cryptography –Simple Cryptosystems –Cryptoanalysis of Simple Cryptosystems Shannon’s Theory of Secrecy Modern Encryption Systems –DES, Rijndel –RSA Signature Schemes
Cryptography, Jerzy Wojdylo, 5/4/01 Cryptosystem A cryptosystem is a five-tuple ( P, C, K, E, D ), where the following are satisfied: 1. P is a finite set of possible plaintexts 2. C is a finite set of possible ciphertexts 3. K, the keyspace, is a finite set of possible keys 4. K K, e K E (encryption rule), d K D (decryption rule). Each e K : P C and d K : C P are functions such that x P, d K (e K (x)) = x.
Cryptography, Jerzy Wojdylo, 5/4/01 Notation English alphabet Lower case: a, b, c,…, z for plaintext Upper case: A, B, C,…, Z for ciphertext For encryption and decryption algorithms, we will substitute letters a, b, c,…, z with numbers 0, 1, 2,…, 25.
Cryptography, Jerzy Wojdylo, 5/4/01 Classical Cryptography Monoalphabetic Ciphers Once a key is chosen, each alphabetic character of a plaintext is mapped onto a unique alphabetic character of a ciphertext. –The Shift Cipher (Caesar Cipher) –The Substitution Cipher –The Affine Cipher
Cryptography, Jerzy Wojdylo, 5/4/01 Classical Cryptography Polyalphabetic Ciphers Each alphabetic character of a plaintext can be mapped onto m alphabetic characters of a ciphertext. Usually m is related to the encryption key. –The Vigenère Cipher –The Hill Cipher –The Permutation Cipher
Cryptography, Jerzy Wojdylo, 5/4/01 The Shift (Caesar) Cipher Let P = C = K = Z 26. x P, y C, K K, define e K (x) = x + K (mod 26) and d K (y) = y - K (mod 26). Example on
Cryptography, Jerzy Wojdylo, 5/4/01 The Substitution Cipher Let P = C = Z 26, let K = S 26 x P, y C, K, define e (x) = (x) and d (x) = -1 (x). Example on
Cryptography, Jerzy Wojdylo, 5/4/01 The Affine Cipher Let P = C = Z 26, let K = {(a, b) Z 26 Z 26 | gcd(a, 26) = 1}. x P, y C, K K, define e K (x) = ax + b (mod 26) and d K (y) = a -1 (y – b) (mod 26). Example on www.
Cryptography, Jerzy Wojdylo, 5/4/01 The Vigenère Cipher Let m Z +, let P = C = K = (Z 26 ) m. For a key K = (k 1, k 2,,…, k m ), we define e K (x 1, x 2,,…, x m ) = (x 1 + k 1, x 2 + k 2,…, x m + k m ) and d K (x 1, x 2,,…, x m ) = (x 1 – k 1, x 1 – k 1,…, x m – k m ) where all operations are modulo 26. This is an example (www) of a block cipher.www
Cryptography, Jerzy Wojdylo, 5/4/01 The Hill Cipher Let m Z +, let P = C = (Z 26 ) m, let K = {m m invertible matrices over Z 26 }. For a key K, we define e K (x) = Kx (mod 26) and d K (y) = K -1 y (mod 26). Example MATLAB.
Cryptography, Jerzy Wojdylo, 5/4/01 The Permutation Cipher Let m Z +, let P = C = (Z 26 ) m, let K = S m. For a key (i.e. a permutation) π we define e π (x 1, x 2,,…, x m ) = (x π (1), x π (2),…, x π (m) ) and d π (y 1, y 2,,…, y m )=(y π -1 (1), y π -1 (2),…, y π -1 (m) ) where π -1 is the inverse permutation to π. (The Hill Cipher, where K = a permutation matrix.)
Cryptography, Jerzy Wojdylo, 5/4/01 Cryptoanalysis Kerchkhoff’s Principle: cryptosystem (the algorithm) is NOT secret, the key is secret. Common attacks to obtain the key –Ciphertext-only –Known plaintext –Chosen plaintext –Chosen ciphertext
Cryptography, Jerzy Wojdylo, 5/4/01 Attack on a Shift Cipher Ciphertext-only Exhaustive search 26 cases Very insecure cipher
Cryptography, Jerzy Wojdylo, 5/4/01 Cryptoanalysis of a Monoalphabetic Cipher Ciphertext-only attack Letter frequencies the English language
Cryptography, Jerzy Wojdylo, 5/4/01 Attack on a Substitution Cipher Insecure cipher, even though the number of possible keys is 26! = (approximately ·10 26 ) Letter frequencies calculator www www
Cryptography, Jerzy Wojdylo, 5/4/01 Attack on the Vigenère Cipher Kasiski test (m, length of the key) –Fredrich Wilhelm Kasiski (1863) –Charles Babbage (1854, result remained secret) Two identical segments of plaintext will be encrypted to the same ciphertext if their occurrence in the plaintext is x position apart, where x is a multiple of m.
Cryptography, Jerzy Wojdylo, 5/4/01 Attack on the Vigenère Cipher CHREEVOAHMAERATBIAXXWTNXBEEOP HBSBQMQEQERBWRVXUOAKXAOSXXWE AHBWGJMMQMNKGRFVGXWTRZXWIAKL XFPSKAUTEMNDCMGTSXMXBTUIADNGM GPSRELXNJELXVRVPRTULHDNQWTWDTY GBPHXTFALJHASVBFXNGLLCHRZBWELE KMSJIKNBHWRJGNMGJSGLXFEYPHAGNR BIEQJTAMRVLCRREMNDGLXRRIMGNSNR WCHRQHAEYEVTAQEBBIPEEWEVKAKOE WADREMXMTBHHCHRTKDNVRZCHRCLQ OHPWQAIIWXNRMGWOIIFKEE
Cryptography, Jerzy Wojdylo, 5/4/01 Attack on the Vigenère Cipher Positions of CHR: 1, 166, 236, 276, 286. Differences of positions: 166 – 1 = – 1 = – 1 = – 1 = 285 The gcd of these differences is 5, so the key is most likely of length m = 5.
Cryptography, Jerzy Wojdylo, 5/4/01 Attack on the Vigenère Cipher Divide the ciphertext into 5 subsrtings (positions 5k, 5k+1, 5k+2, 5k+3, 5k+4) Analize each substring as a monoalphabetic cipher. Continue on Also an insecure cipher
Cryptography, Jerzy Wojdylo, 5/4/01 Cryptonalysis of the Hill Cipher Number of keys k = number of invertible m m matrices with coefficients from Z 26. Does anyone know the formula? If p is prime, the alphabet is Z p then If p = 29 and m34510 k1.4· · · ·10 146
Cryptography, Jerzy Wojdylo, 5/4/01 Cryptonalysis of the Hill Cipher Easily broken with known plaintext attack. Permutation Cipher = Hill Cipher, where the key is a permutation matrix. Both ciphers are insecure.
Cryptography, Jerzy Wojdylo, 5/4/01 Perfect Secrecy A cryptosystem is computationally secure if the best algorithm for breaking it requires at least N operations, where N is some specified, very large number. Problems… A cryptosystem is unconditionally secure if it cannot be broken with infinite computational resources.
Cryptography, Jerzy Wojdylo, 5/4/01 Perfect Secrecy None of the classical cryptosystems is even computationally secure. However the Shift Cipher, the Substitution Cipher, and the Vigènere Cipher are unconditionally secure if only one element of plaintext is encrypted with a given key! REALLY???
Cryptography, Jerzy Wojdylo, 5/4/01 Perfect Secrecy Claude Shannon “Communication Theory of Secrecy Systems”, Bell Systems Technical Journal, (1949). A cryptosystem has perfect secrecy if p P (x|y) = p P (x) for any x P and y C. That is the a posteriori probability that the plaintext is x, given that the ciphertext is y, is identical to the a priori probability that the plaintext is x.
Cryptography, Jerzy Wojdylo, 5/4/01 Perfect Secrecy Theorem (Shannon). Suppose the 26 keys in the Shift Cipher are used with equal probability 1/26. Then for any plaintext probability distribution, the Shift Cipher has perfect secrecy. Consequences: One-time Pad Cryptosystem (Gilbert Vernam, 1917). Key, plaintext, and ciphertext have the same length. Problems with keys: very long, distribution. Each key can be used only ONCE!
The End Cryptography, Part 1: Classical Ciphers Cryptography Part 2: Modern Cryptosystems Stay Tuned…