2. Cryptology  Terminology  plaintext - text that is not encrypted.  ciphertext - the output of the encryption process.  key - the information required to convert between plaintext and ciphertext.  cryptanalysis - the art of breaking ciphers.  cryptography - the art of designing ciphers.  cryptology - the field of cryptanalysis and cryptography.

3. Substitution Ciphers  Caesar cipher  Each letter is alphabetically shifted by k letters  Very easy to break (just 26 different codes)  Monoalphabetic substitution  Each plaintext letter is assigned a different ciphertext letter.  26! different codes are possible.  Still easy to break

4. Defeating Monoalphabetic Ciphers  Distribution of letters in English text  ETAONRISHLGCMUFYPWBVKXJQZ  Build a histogram  Distribution of digrams  two letter combinations  th, in, er, re, an  Distribution of trigrams  the, ing, and, ion  Detecting probable words or phrases

5. Transposition Ciphers  Reorder the letters rather than change them  Use a key to determine number and order of columns

6. Defeating Transposition Ciphers  These ciphers are also easily defeated  See if the letters have the expected distribution  Guess words that are probably in the message and see what pairs of letters appear in the message. Use this information to guess the number of columns  For a cipher with key length k, try all pairs of columns and see if the digram distribution matches the expected distribution.

7. One-time Pads  An unbreakable cipher  Each side has the same long text or random bit string. This is the pad.  The “pad” is combined with the ciphertext to decode the message.  Example 1 - The “Beale Treasure” - Bedford County Numbers identify the first letter of words in the declaration of independence. When in the course of human events it becomes necessary 10, 2, 4, 7 is “nice”

8. Another way to use a one-time pad  Example 2:  Add the ith letter of this slide to the ith letter of your message, then divide by the size of your alphabet and record the remainder. my message one-time pad (‘m’+’o’) mod 127, (‘y’+’n’) mod 127, (‘ ‘+ ‘e’) mod 127

9. One-time Pad with Bit Strings (the xor trick) Temp = a; a = b; b = Temp; a = b xor a // encrypt a using b (and b using a) b = a xor b // decrypt a using b a = a xor b // decrypt b using a

10. One-time Pad with Bit Strings  Exclusive Or the ASCII plaintext with corresponding bits in the random bit string 01001010 (plaintext) 10000110 (ciphertext) 11001100 (random) 10000110 (ciphertext) 01001010 (plaintext)

11. Problems with One-Time Pads  The pad must be long  It will eventually run out  The pad must be random  Otherwise it might be guessed  The pad must be distributed  It can be captured  It is sensitive to lost characters  Losing a single character makes the ciphertext unreadable

12. Secret-Key Algorithms  Transpositions and substitutions  Product ciphers

13. DES Encryption Standard  Based on IBM “Lucifer” encryption technique  Plaintext is encrypted in blocks of 64 bits  56-bit key, 19 distinct stages  Decryption/encryption use the same key

15. Problems with DES  The original “Lucifer” code used 128 bit keys, rather than 56-bit keys.  Exhaustive search of 2 56 (approx 7x10 17 ) keys can be done with powerful computer systems  Chinese Lottery idea (Quisquater and Girault)  1.2 billion chips in TV’s and Radios  Chinese government broadcasts the ciphertext and each appliance checks its part of the search space.  Solution found in about 60 seconds  Appliance with the matching key announces that the owner has won the Chinese lottery.

16. Public Key Algorithms  1976, Diffie and Hellman  Make the encryption key and algorithm public  Anyone can encrypt messages, but only you can decrypt them  Trapdoor (one-way) functions  Requirements  D(E(P)) = P  It is exceedingly difficult to deduce D from E  E cannot be broken by a chosen plaintext attack

17. RSA Algorithm  Rivest, Shamir, Adleman (RSA)  Based on the difficulty of factoring large numbers (200-digits and larger)  Factoring a 200-digit number requires 4 billion years of computer time at 1 usec/instruction.

18. Problems with Public Key Encryption  It is slow  The keys are large  Public keys are often used to exchange keys for other encoding schemes