Presentation is loading. Please wait.

Presentation is loading. Please wait.

Substitution Transposition

Published byPhyllis Wheeler Modified over 7 years ago

Similar presentations

Presentation on theme: "Substitution Transposition"— Presentation transcript:

1 Substitution Transposition
Cryptography 2 Substitution Transposition

2 Secret Key Cryptosystem
Plaintext Ciphertext Plaintext Encryption Decryption Sender Recipient K C=E(K,M) M=D(K,C) K needs secure channel CSCE Farkas

3 Basic Encryption Techniques
Substitution (confusion) Permutation (diffusion) Combinations and iterations of these CSCE Farkas

4 Simple Alphabetic Substitution
Assign a new symbol to each plain text symbol randomly or by key, e.g., C k, A h, B  l M=CAB C =k h l Advantages: large key space 26! Disadvantages: trivially broken for known plaintext attack, repeated pattern, letter frequency distributions unchanged How about multiple substitutions? CSCE Farkas

5 Polyalphabetic Substitution
Frequency distribution: reflects the distribution of the underlying alphabet  cryptanalysts find substitutions E.g., English: e – 14 %, t – 9.85%, a – 7.49%, o- 7.37%, … Need: flatten the distribution E.g., combine high and low distributions: t  a (odd position), b (even position) x  a (even position) , b (odd position) CSCE Farkas

6 Vigenere Tableu Use the Vigenere Tableau to encrypt
Plain text: HOPE YOU ARE HAVING FUN With key: I think this cipher is hard to break CSCE Farkas

7 Cryptanalysis of Polyalphabetic Substitution
Determine the number of alphabets used Solve each piece as monoalphabetic substitution. Kasiski Method: Uses regularity of English: letters, letter groupings, full words e.g., endings: -th, -ing, -ed, -ion, -ation, -tion,… beginnings: im-, in-, re-, un-, ... patterns: -eek-, -oot-, -our-, … words: of, end, to, with, are, is, … CSCE Farkas

8 One-Time Pad Recommend a practical approach for generating a large key
Perfect Secrecy! Large, non-repeating set of keys Key is larger than the message Advantages: immune to most attacks Disadvantages: Need total synchronization Need very long, non-repeating key Key cannot be reused Key management: printing, storing, accounting for CSCE Farkas

9 Summary of Substitution
Advantages: Simple Easy to encrypt Disadvantages: Easy to break!!! CSCE Farkas CSCE Farkas 9

10 Transposition Letters of the message are rearranged
Break patterns, e.g., columnar transposition Plaintext: this is a test t h i s i s a t tiehssiatst! e s t ! Advantages: easy to implement Disadvantages: Trivially broken for known plaintext attack Easily broken for cipher only attack CSCE Farkas

11 Cryptanalysis Rearrange the letters Digrams, Trigrams, Patterns
Frequent digrams: -re-, -th-, -en-, -ed-, … Cryptanalysis: Compute letter frequencies  subst. or perm. Compare strings of ciphertext to find reasonable patterns (e.g., digrams) Find digram frequencies CSCE Farkas

12 Double Transposition Two columnar transposition with different number of columns First transposition: breaks up adjacent letters Second transposition.: breaks up short patterns CSCE Farkas

13 Product Ciphers One encryption applied to the result of the other En(En-1(…(E1(M)))), e.g., Double transposition Substitution followed by permutation, followed by substitution, followed by permutation… Broken for Chosen plaintext CSCE Farkas

14 Shannon’s Characteristics of “Good” Ciphers
The amount of secrecy needed should determine the amount of labor appropriate for the encryption and decryption The set of keys and the enciphering algorithm should be free from complexity The implementation of the process should be simple and possible CSCE Farkas

15 Shannon’s Characteristics of “Good” Ciphers (cont.)
Errors in ciphering should not propagate and cause corruption of further information in the message The size of the enciphered text should be no larger than the original message CSCE Farkas

16 Trustworthy Encryption Systems
Based on sound mathematics Has been analyzed by experts Has stood the test of time Examples: Data Encryption Standard (DES), Advanced Encryption Standard (AES), River-Shamir-Adelman (RSA) CSCE Farkas

17 Stream Ciphers Convert one symbol of plain text into a symbol of ciphertext based on the symbol (plain), key, and algorithm Advantages: Speed of transformation Low error propagation Disadvantages: Low diffusion Vulnerable to malicious insertion and modification CSCE Farkas

18 Block Ciphers Encrypt a group of plaintext as one block and produces a block of ciphertext Advantages: Diffusion Immunity to insertions Disadvantages: Slowness of encryption Error propagation CSCE Farkas

19 Secret Key Cryptosystem Vulnerabilities (1)
Passive Attacker (Eavesdropper) Obtain and/or guess key and cryptosystem use these to decrypt messages Capture text in transit and try a ciphertext-only attack to obtain plaintext. CSCE Farkas

20 Secret Key Cryptosystem Vulnerabilities (2)
Active Attacker Break communication channel (denial of service) Obtain and/or guess key and cryptosystem and use these to send fake messages No third party authentication CSCE Farkas

21 Inherent Weaknesses of Symmetric Cryptography
Key distribution must be done secretly (difficult when parties are geographically distant, or don't know each other) Need a key for each pair of users n users need n*(n-1)/2 keys If the secret key (and cryptosystem) is compromised, the adversary will be able to decrypt all traffic and produce fake messages CSCE Farkas

22 Data Encryption Standards
DES CSCE Farkas

23 Background and History
Developed by the U.S. government Intended for general public 1970s: NBS (National Bureau of Standards) — now named NIST (National Institute of Standards and Technology) — need for standard for encrypting unclassified, sensitive information 1974: IBM’s candidate: Lucifer November 1976 : DES was approved as a federal standard in CSCE Farkas

24 DES Versions Jan. 15, 1977: DES was published as FIPS PUB 46 (Federal Information Processing Standard), authorized for use on all unclassified data 1988 (revised as FIPS-46-1) and 1993 (FIPS-46-2): DES is reaffirmed Jan. 1999: DES key is broken in 22 hours and 15 minutes 1999 (FIPS-46-3): DES, containing Triple DES, is reaffirmed Nov. 26, 2001: The Advanced Encryption Standard (AES) is published in FIPS 197 May 26, 2002: The AES standard becomes effective May 19, 2005: FIPS 46-3 was officially withdrawn but Triple DES is approved by NIST until 2030 for sensitive government information CSCE Farkas

25 Data Encryption Standard
Mathematics to design strong product ciphers is classified Breakable by exhaustive search on 56-bit key size for known plaintext, chosen plaintext and chosen ciphertext attacks Security: computational complexity of computing the key under the above scenarios (22 hours) CSCE Farkas

26 Data Encryption Standard
DES is a product cipher 56 bit key size 64 bit block size for plaintext and cipher text Developed by IBM and adopted by NIST with NSA approval Encryption and decryption algorithms are public but the design principles are classified CSCE Farkas

27 DES Controversies Key size 56 bits – threshold of allowing exhaustive-search known plaintext attack Built in trapdoor – allegations The US Senate Select Committee of Intelligence exonerated NSA from tampering with the design of DES in any way CSCE Farkas

28 DES Multiple Encryption
1992: proven that DES is not a group: multiple encryptions by DES are not equivalent to a single encryption CSCE Farkas

29 DES Multiple Encryption Double DES
EK1(P) EK2[EK1(P)] Intermediate Ciphertext Ciphertext Plaintext Encryption Encryption K1 K2 Known-plaintext: meet-in-the-middle attack Effective key size: 57 bit -- Why not 112? CSCE Farkas

30 DES Multiple Encryption Triple DES
EK1(P) DK2[EK1(P)] EK1[DK2[EK1(P)]] E D E K1 K2 K1 Tuchman: avoid meet-in-the-middle attack If K1=K2: single encryption CSCE Farkas

31 Triple DES Tuchman’s technique is part of NIST standard
Can be broken in 2^56 operations if one has 2^56 chosen plaintext blocks (Merkle, Hellman 1981) Could use distinct K1,K2,K3 to avoid this attack -- 2^112 bit key CSCE Farkas

32 DES Algorithm (review)
64 bit plaintext 56 bit key Initial permutation Permuted choice K1 Iteration 1 Permuted choice 1 Left circular shift K2 Iteration 2 Permuted choice 2 Left circular shift K16 Iteration 16 Permuted choice 16 Left circular shift 32 bit swap Inverse initial permutation 64 bit ciphertext CSCE Farkas

33 DES Cycle (review) R i-1 L i-1(= R i-2) L i R i + Permuted key +
32 bits 32 bits R i-1 L i-1(= R i-2) Expansion permutation 48 bits 48 bits + Permuted key 48 bits S-box 32 bits Permutation 32 bits + L i R i CSCE Farkas

34 Modes of DES (review) ECB – Electronic Code Book
CBC – Cipher Block Chaining CFB – Cipher FeedBack OFB – Output FeedBack Part of NIST standard CSCE Farkas

35 ECB Mode (review) E D 64 bit data 56 bit key 56 bit key 64 bit data
Good for small messages Identical data block will be identically encrypted CSCE Farkas

36 CBC Mode (review) E D Cn=Ek[Cn-1  Pn] 64 bit data 64 bit data
64 bit previous Ciphertext block + 56 bit key 56 bit key E D 64 bit previous Ciphertext block + Cn=Ek[Cn-1  Pn] 64 bit data + XOR Need initiation vector CSCE Farkas

37 CFB Mode (review) E D + + Needs initialization vector
Adv: can encipher one character at a time Error propagation: current transf. + next 8 characters 8, 8 bit blocks 8, 8 bit blocks Left shift 56 bit key 56 bit key E D Left shift + + 8 bit cipher text 8 bit plain text 8 bit plain text CSCE Farkas

38 OFB Mode (review) E D + + Needs initialization vector
Adv: can encipher one character at a time Error propagation: current transfer only 8, 8 bit blocks 8, 8 bit blocks Left shift 56 bit key 56 bit key E D Left shift + + 8 bit cipher text 8 bit plain text 8 bit plain text CSCE Farkas

39 Advanced Encryption Standard (AES)
Federal Information Processing Standard (FIPS) to be used by U.S. Government organizations Effective since May 26, 2002 Replaces DES (triple DES remains) Rijndael ([Rhine Dhal]) algorithm (Joan Daemen and Vincent Rijmen) CSCE Farkas

40 AES Origin Started in 1997 and lasted for several years
Requirements specified by NIST: Algorithm unclassified and publicly available Available royalty free world wide Symmetric key Operates on data blocks of 128 bits Key sizes of 128, 192, and 256 bits Fast, secure, and portable Active life of years Provides full specifications CSCE Farkas

41 AES Finalists 1999: Algorithm name Complexity Speed Security margin
MARS (IBM- USA) Complex Fast High Serpent (Anserson, Biham, & Knudsen - U.K.) Simple - clean Slow Rijndael (Joan Daemen/V. Rijmen – Belgium) Simple -clean Good RC6 (RSA Data Security, Ins. - USA) Very simple Very fast Low Twofish (Bruse Schneier and others - USA) CSCE Farkas

42 Rijndael Algorithm Chosen for: security, performance, efficiency, ease of implementation, and flexibility Block cipher (variable block and key length) Federal Information Processing Standard (FIPS) CSCE Farkas

43 Rijndael Symmetric, block cipher Key size: 128, 192, or 256 bits
Block size: 128 Processed as 4 groups of 4 bytes (state) Operates on the entire block in every round Number of rounds depending on key size: Key=128  9 rounds Key=192  11 rounds Key=256  13 rounds CSCE Farkas

44 Rijndael – Basic Steps (review)
Byte Substitution: Non-linear function for confusion S-box used on every byte (table look-up) Shift Rows: Linear mixing function for diffusion Permutes bytes between columns Different for different block sizes (128, 192 same, 256 different) Mix columns: Transformation -- diffusion Shifting left and XOR bits Effect: matrix multiplication Add Round Key: incorporates key and creates confusion XOR state with unique key All operations can be combined into XOR and table look-ups  Very fast and efficient CSCE Farkas

45 Strength of Algorithm New – little experimental results
Cryptanalysis results Few theoretical weakness No real problem No relation to government agency  no allegations of tampering with code Has sound mathematical foundation CSCE Farkas

46 AES Decryption Non-identical to encryption Steps done in reverse
Different key schedule CSCE Farkas

47 Key Distribution Secret key methods

48 Conventional Encryption
Decryption Plaintext M Ciphertext C Sender Recipient K K Secure channel R knows that: Message was sent by S Message hasn’t been altered Key source CSCE Farkas

49 Summary: Secret-Key Encryption
Single, secret key Key distribution problem of secret key systems Establish key before communication Need n(n-1)/2 keys with n different parties Do NOT provide electronic signatures (no third party authentication) Faster than public-key encryption CSCE Farkas

50 Symmetric-Key Distribution without Server
Change encryption key E(Knew,K), where Knew is the session key, K is the master key New key Ciphertext C New key Encryption Decryption Sender Recipient K CSCE Farkas

51 Symmetric-Key Distribution with Server
Knows KO and KR Server Originator (O,R,IO) E([(IO,R,KOR,E((KOR,O), KR)], KO) E((KOR,O), KR) Recipient Decrypts with KR Knows KOR Decrypts with KO Knows KOR Does not know E((KOR,O), KR) CSCE Farkas

52 Next class Public Key Encryption CSCE Farkas

Download ppt "Substitution Transposition"

Similar presentations

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Making “Good” Encryption Algorithms

Making “Good” Encryption Algorithms
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 4 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 4 Wenbing Zhao Department of Electrical and Computer Engineering.
Cryptography and Network Security

Cryptography and Network Security
EEC 688/788 Secure and Dependable Computing Lecture 4 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 4 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
AES clear a replacement for DES was needed

AES clear a replacement for DES was needed
EEC 688/788 Secure and Dependable Computing Lecture 4 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 4 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.

Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard It seems very simple. It is very simple. But if you don't know.

Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.
Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
CS 682 - Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.

CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.
Chapter 2 Basic Encryption and Decryption (part B)

Chapter 2 Basic Encryption and Decryption (part B)
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Encryption Schemes Second Pass Brice Toth 21 November 2001.

Encryption Schemes Second Pass Brice Toth 21 November 2001.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Cryptography Week-6.

Cryptography Week-6.
Lecture 2 Overview.

Lecture 2 Overview.

Similar presentations

Ads by Google