1 / 48

History and Background

History and Background. CSIS 5857: Encoding and Encryption. Why is History Important?. Most modern encryption algorithms based on concepts hundreds/thousands of years old Monoalphabetic substitution Polyalphabetic substitution Transposition Most attacks on encryption also very old

aneko
Download Presentation

History and Background

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. History and Background CSIS 5857: Encoding and Encryption

  2. Why is History Important? • Most modern encryption algorithms based on concepts hundreds/thousands of years old • Monoalphabetic substitution • Polyalphabetic substitution • Transposition • Most attacks on encryption also very old • Exhaustive search • Known/chosen plaintext • Cryptographic analysis

  3. Substitution Algorithms Mapping of plaintext to ciphertext • Can be single character mapping (historical)A  G • Can map entire blocks of plaintext (modern block ciphers)1001011001111100  0110101011100011

  4. Substitution Algorithms Mapping must be unique for decryption to work! Encryption: A  GB  G Decryption: G  A or B ? Side Point

  5. Substitution Algorithms • Mapping often involves translating characters to numeric values • Encryption/decryption functions in terms of mathematical functions Side Point

  6. Caesar Cipher • Key k: number between 1 and 25 • Example: k = 3, p = RUNAWAY • E(RUNAWAY) UXQDZDB • D(UXQDZDB) RUNAWAY

  7. Exhaustive Key Search Testing all possible keys Algorithm: • Given ciphertextc • For all keys ki • Compute pi= D(c, ki ) • If pi is recognizable plaintext, then ki is plausible Time proportional to number of possible keyski

  8. Defining “Secure” Encryption Computationally Secure • Cost of breaking cipher > value of encrypted information • Time required to break cipher > useful lifetime of encrypted information Cipher is “practically” unbreakable Generally only assurance we have

  9. Defining “Secure” Encryption Problem: impossible to permanently quantify! • Computers get faster every dayMoore’s law: speed doubles every 1.5 years • Example: DES cipher with 56 bit key • Computationally secure (1142 years) at 1 test/millisecond • Not secure (10 hours) at 1 million tests/millisecond

  10. Caesar Cipher and Exhaustive Search Only 26 possible keys to test! Ciphertext: UXQDZDB Key: Resulting Plaintext: 1 TWPCYCA 2 SVOBXBZ 3 RUNAWAY recognizable plaintext Clearly not computationally secure!

  11. Monoalphabetic Substitution • Each plaintext character has corresponding ciphertext character • No pattern (unlike Caesar cipher) Example: “runaway”  “HJGNPNS”

  12. Monoalphabetic Substitution • Key = substitution table itself • Number of possible keys = 26! 400,000,000,000,000,000,000,000,000 • Computationally secure to exhaustive search(at least without a computer)

  13. Known Plaintext Attack • Adversary has access to a number of: • plaintext messages • corresponding ciphertext messages • Searches for relationship between plaintext and ciphertext that might reveal key ciphertexts plaintexts

  14. Known Plaintext Example • Darth get gets data entry job at organization • Observes how encrypted database changes as new records entered E p c

  15. Known Plaintext Attack • Inevitable that adversary will acquire known plaintexts • Security defined in terms of number of known plaintexts needed to guess key • Single known plaintext sufficient to break simple substitution algorithm!

  16. Chosen Plaintext Attack • Adversary has hypothesis about key khypothesis • Adversary chooses plaintext p to test hypothesis • If resulting ciphertextcmatches what would be result of encryption with khypothesis, then khypothesis is correct hypothetical key E p compare E actual (unknown) key

  17. Chosen Plaintext Example World War II • Hypothesis:Japanese code for “Midway Island” = “AF” • Test:Plaintext message transmitted that “Midway Island running short of water” • Result:Increased message traffic containing “AF”-- Hypothesis confirmed!

  18. Cryptanalysis Attacks • Based on knowledge • Properties of the encryption algorithm • Properties of the likely plaintext • Often combined with exhaustive search • Knowledge eliminates most possible keys • Search now feasible for few remaining keys Eliminated by cryptanalysis All possible keys Remaining keys Search feasible

  19. Frequency-based Analysis Some letters much more common than others

  20. Frequency-based Analysis Example ciphertext: “PCRGFNICRAYJHVRYICJQNGRSRGIV” Letter frequencies: Hypothesis: “e”  “R”

  21. Frequency-based Analysis • Some combinations of letters much more common than othersExample: “e” often followed by “n” Example ciphertext (after “e” substituted for “R”): “PCeGFNICeAYJHVeYICJQNGeSeGIV” • “G” second most common letter • Follows “e” twice Hypothesis: “n”  “G” “PCenFNICeAYJHVeYICJQNneSenIV”

  22. Frequency-based Analysis • Knowing part of key in monoalphabetic substitution makes it easier to guess the rest of the key • Very bad property of an encryption algorithm! Side Point “I can only see part of the key, but it is easy to guess the rest!”

  23. Frequency-based Analysis • Success of frequency-based analysis increases with more text • Single long ciphertext • Multipleciphertexts encoded with same key • General property of cryptanalysis • Should change key as often as possible! Side Point ciphertexts

  24. Polyalphabetic Substitution • Single plaintext character may map to multiple possible ciphertext characters • Frequency analysis attacks much harder Example: Vigenére cipher • Key = some word or phrase of length n • ci = (pi + ki mod n) mod 26

  25. Vigenére cipher

  26. Vigenére cipher Example: • Key: “python” • Plaintext: “rabbitwithbigpointyteeth” Ciphertext:

  27. Polyalphabetic Substitution • Vigenére cipher still vulnerable to frequency-based cryptanalysis • Guess key size n • Treat like n different monoalphabetic substitutions • General principle:Larger n more secure (that is, number of characters before repetition)

  28. One-Time Pad • Idea: Make key as long as the message itself!(Joseph Mauborgne) • Unconditionally securesince inherently ambiguous for attacker

  29. One-Time Pad Example: • Ciphertext:NZAKBMK • Possible Vigenére keys:wtnkxmmandnlvwker Ciphertext: NZAKBMKNZAKBMK Possible keys: nlvwkerwtnkxmm Plaintext: goforit runaway • Which key is correct?We have no way of knowingsince both are plausible plaintext! ???

  30. One-Time Pad Only get to use a key for one message • Unlikely that different possible keys would still both result in plausible plaintext for more than one message • Adversary could find correct key by process of elimination Ciphertext:WMGKZX WMGKZX Possible keys:nlvwkewtnkxm Plaintext:jblopt attack • Would need to securely distributea new key for each message! “This is the one!”

  31. Transposition Cipher • Ciphertext = Permutation of plaintext • Simple example:runaway  r n w y u a a  rnwyuaa • Key = permutation order Above example: 1357246

  32. Column Transposition Ciphers • Common approach: columns • Example:Plaintext: longlongagoinagalaxyfarawayKey: 5241763 (size n of key = 7 columns) 5241763longlongagoinagalaxyfarawayx Break plaintext into rows of size n of key Insert extra chars to fill columns

  33. Column Transposition Ciphers 5 2 4 1 7 6 3l o n g l o ng a g o i n ag a l a x y fa r a w a y x • For column with label i: • Append contents of column i to ciphertext • Resulting ciphertext:goawoaarnafxnglalggaonyylixa This column first This column second, and so on

  34. Column Transposition Ciphers • Decryption: • Divide ciphertext into n strings • Arrange strings into columns, with order of columns determined by key goawoaarnafxnglalggaonyylixa 5 2 4 1 7 6 3l o n g l o ng a g o i n ag a l a x y fa r a w a y x

  35. Attacks on Transposition Ciphers • Brute force: Trying all possible permutations • Key of size n n! possible keys • Solution: Choose key such that n! tests is computationally secure • Cryptographic attacks: • Eliminate column pairs with unlikely adjacent letters l i x a n a f x

  36. Attacks on Transposition Ciphers • Can apply transposition multiple times with same key to defeat cryptographic attacks • Example:Ciphertext after first permutation:goawoaarnafxnglalggaonyylixa • Ciphertext after second permutation:wfglonayagoaaalygrnlanaxoxgi 5 2 4 1 7 6 3g o a w o a a r n a f x n g l a l g g a o n y y l i x a

  37. Using Multiple Keys • Important question:Does using multiple keys always make encryption more secure? • Brute force attacks • Cryptographic attacks • Mathematically:C = E(E(p, k1), k2) Is this more secure than C = E(p, k1)?

  38. Using Multiple Keys Only if: • Using multiple keys greatly increases the number of possible ciphertexts • Applying multiple keys is not equivalent to applying a single keyNo k3 such that E(E(p, k1), k2) = E(p, k3) After applying K1 and K2 Possible ciphertexts Possible ciphertexts After applying K1

  39. Using Multiple Keys • Example: Caesar cipher with 2 keysK1 = 3K2 = 8 • Equivalent to single key K3 = 11 • Still only 26 possible mappings from P to C • Example: Transposition cipher with 2 keys K1 = 5241763K2 = 7325641 • Equivalent to single key K3 = 6357142 • Still only 7! possible mappings from P to C No more secure in either case!

  40. Avalanche Effect Small change in key Large change in ciphertext • Desirable property of cipherKnowing some of key  rest of key still hard to find • Not a property of substitution ciphers • Property of transposition ciphers(particularly if applied multiple times)

  41. Avalanche Effect Example: two similar keys applied twice • plaintext = longlongagoinagalaxyfaraway • k1 = 5241763ciphertext = wfglonayagoaaalygrnlanaxoxgi • k2 = 5421763ciphertext = wfglaalylaoaonrygaangoaxnxgi • Already different in 14 of 28 characters

  42. Substitution and Transposition • Most modern ciphers combine substitution and transposition • Substitution gives large number of possible keys to defeat brute force attacks • Transposition gives avalanche effect to defeat cryptographic attacks

  43. Enigma • Developed by Germany in WW2 • Arguably most complex pre-computer substitution cipher Flash simulation at http://enigmaco.de/enigma/enigma.html

  44. Enigma

  45. Enigma • Consists of 3 to 5 rotors • Each rotor is a monoalphabetic mapping of a plaintext character to a ciphertext character • Output of one rotor fed into input of next rotor so final output the result of 3 to 5monoalphabetic substitutions • Rotors turn after each character! • Fast rotor: every character • Middle rotor: every 26 characters • Slow rotor: every 26 x 26 = 676 characters

  46. Enigma

  47. Enigma • “C” typed as first character: • “C” connected to 26 on fast rotor  • 26 connected to 7 on middle rotor  • 7 connected to 20 on slow rotor  • 20 connected to “E” (then reflected back through) • “C” typed as second character (after fast rotator turns one character): • “C” connected to 25 on fast rotor  • 25 connected to 23 on middle rotor  • 23 connected to 9 on slow rotor  • 9 connected to “O” (then reflected back through)

  48. Enigma • 26 x 26 x 26 = 17,576 characters entered before repetition • Essentially invulnerable to frequency-based cryptanalysis (particularly if rotors changed at regular intervals) • Required Alan Turing’s Bletchley Group to crack • Captured machines to understand patterns • Large numbers of known plaintexts • Exhaustive searches using primitive computers

More Related