Classical Ciphers

1 / 39

Classical Ciphers - PowerPoint PPT Presentation

Classical Ciphers. CSCI 284/162 Spring 2009 GWU. Formal definition: cryptosystem. A cryptosystem consists of: P set of all plaintext C set of all ciphertext K set of all keys E set of encryption rules, e K : P  C D set of decryption rules d K : C  P d K e K (x) = x

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

PowerPoint Slideshow about ' Classical Ciphers' - jessica-farmer

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Classical Ciphers

CSCI 284/162

Spring 2009

GWU

Formal definition: cryptosystem

A cryptosystem consists of:

P set of all plaintext

C set of all ciphertext

K set of all keys

E set of encryption rules, eK: PC

D set of decryption rules dK : CP

dK eK(x) = x

dK eK invertible and inverses of each other

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Typical Scenario
• Alice and Bob choose a key, K  K when they are unobserved or communicating on a secure channel
• If Alice wants to send Bob a message,

x1x2x3x4…xn

She sends:

y1y2y3y4…yn

Where yi = eK(xi)

xi is a symbol from the alphabet

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Encryption is an invertible function

Inversion should be somewhat easier than a lookup table, because both Alice and Bob would need the entire lookup table. “Structure” in the encryption function enables encryption and decryption without a lookup table.

C

P

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Example of Encryption: 1Shift Cipher on English Alphabet

P = C = K = English Alphabet

Example: key = D

A B C D E F G H I J

D E F G H I J K L M

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Examples

Key = Y

Encrypt: math is cool

Key=C

Decrypt: uqctgdgpcpfawcp

Unknown key

Decrypt: vdvdqdsnkcsnrzxrn

Brute force: try every key; requires only 26 attempts

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Shift Cipher

P = C = K = Zm = {0, 1, ….. m-1} = set of remainders on division by m

m=26 for English, 0 corresponds to a

eK(x) = x + k mod m where “mod m” provides the remainder on dividing by m

dK(x) = x - kmod m

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Example of Encryption: 2Affine Cipher on English Alphabet

P = C = English Alphabet

Key = (a, b) (more mathematical details later)

eK(x) = ax + b mod m

dK(x) = ? (do next week)

Encryption example: key = (2, 3)

a b c d

D F H J

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Example of Encryption: 3Vigenère Cipher

Shift cipher with a different key for each letter:

a e i o u plaintext

f g y l o key

FKGZI

Key:cipher

Ciphertext: UIAA

Decrypts to: salt

(note that two different letters in plaintext go to the same letter in ciphertext)

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Definition: Vigenère Cipher

P = C = K = (Zm)n

For K = (k1, k2, k3, …kn)

eK(x1, x2, x3, …xn) = (x1+k1, x2+k2, x3+k3, …xn+kn)

Alphabet is Zm, encryption done in blocks of n symbols

dK(x1, x2, x3, …xn) = (x1-k1, x2-k2, x3-k3, …xn-kn)

(addition and subtraction understood to be mod m)

Number of keys=mn

Cryptanalysis: difficult; brute force requires trying each key

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Example of Encryption: 4 Permutation Cipher

Fill in:

Encrypt: whodesignedthiscourse

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Definition: Permutation Cipher

P = C = (Zm)n

K = { |  a permutation of {1, 2, ….n}}

e (x1, x2,…xn) = (x -1(1), x  -1(2),…x  -1(n))

d (x1, x2,…xn) = (x (1), x (2),…x (n))

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

classisboringtoday

C L A S S

I S B O R

I N G T O

D A Y α β

α β can be anything

Ciphertext: C I I D L S N A A B G Y S O T αS R O β

Such a permutation resulted from wrapping a belt around a baton, and writing the message across. When the belt is unwrapped, the ciphertext appears along it. The width of the baton is the key. Used by Greek soldiers to carry messages.

Special Permutation Cipherperhaps the oldest known cipher

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

How about a cipher with many, many possible keys?

How about using many, many keys?

ABCDEFGHIJKLMNOPQRSTUVWXYZ

cjmzuvywrdbunjoxaeslptfghi

Different key for each letter in the alphabet?

A letter goes to another one.

Each time a letter appears in the message it encrypts to the same letter in the ciphertext

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Example of Encryption: 5Substitution cipher

P = C = Zm

K = all permutations ofZm

e(x) = (x)

d(y) = -1(y)

The key is the table: 26! Keys for English alphabet

Brute force could be expensive

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Substitution cipher - cryptanalysis

lxr rwq zoazqgr sfuqb bqabq virw gxlkiz uqnb, vwqjq ir bIsgkn sqfab fggkniay rwq gjicfrq rjfabmojsfrioa mijbr fad rwqa rwq gxlkiz oaq. wq wfcq aorqd rwfr f sfeoj gjolkqs virw gjicfrq uqnb ib rwq bwqqj axslqj om uqnb f biaykq xbqj wfb ro brojq fad rjfzu. virw gxlkiz uqnb, oakn rvo uqnb fjq aqqdqd gqj xbqj: oaq gxlkiz fad oaq gjicfrq. Kqr xb bqq vwfr dimmejqazq rwib sfuqb ia rwq axslqj om uqnb aqqdqd.

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

a 22

b 24

c 4

d 9

e 2

f 21

g 13

h

i 20

j 16

k 10

l 8

m 6

n 9

o 15

p

q 51

r 28

s 9

t

u 9

v 7

w 16

x 10

y 2

z 8

Substitution cipher – cryptanalysisfrequency table of letters in ciphertext

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

English (every 1000)

E 127

T 91

A 82

O 75

I 70

N 67

S 63

H 61

R 60

D 43

L 40

C 28

Ciphertext

q 51

r 28

b 24

a 22

f 21

i 20

j 16

w 16

o 15

g 13

x 10

k 10

d 9

From Stinson

Frequency of occurrence

u 9

n 9

s 9

l 8

z 8

v 7

m 6

c 4

e 2

y 2

h 0

t 0

p 0

U 28

M 24

W 23

F 22

G 20

Y 20

P 19

B 15

V 10

K 8

J 2

Q 1

X 1

Z 1

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

q = E

lxr rwE zoazEgr sfuEb bEabE virw gxlkiz uEnb, vwEjE ir bIsgkn sEfab fggkniay rwE gjicfrE rjfabmojsfrioa mijbr fad rwEa rwE gxlkiz oaE. vE wfcE aorEd rwfr f sfeoj gjolkEs virw gjicfrE uEnb ib rwE bwEEj axslEj om uEnb f biaykE xbEj wfb ro brojE fad rjfzu. virw gxlkiz uEnb oakn rvo uEnb fjE aEEdEd gEj xbEj: oaE gxlkiz fad oaE gjicfrE. kEr xb bEE vwfr dimmejEazE rwib sfuEb ia rwE axslEj om uEnb aEEdEd.

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Digrams

TH

HE

IN

ER

AN

RE

ED

ON

ES

ST

EN

AT

Trigrams

THE

ING

AND

HER

ERE

ENT

THA

NTH

WAS

ETH

FOR

DTH

From Stinson

Digrams/Trigrams in order of frequency of occurrence (letters following E in bold)

TO

NT

HA

ND

OU

EA

NG

AS

OR

TI

IS

ET

IT

AR

TE

SE

HI

OF

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

To count digrams/trigrams containing E in ciphertext

lxr rwE zoazEgr sfuEb bEabE virw gxlkiz uEnb vwEjE ir bIsgkn sEfab fggkniay rwE gjicfrE rjfabmojsfrioa mijbr fad rwEarwE gxlkiz oaE. vE wfcE aorEd rwfr f sfeoj gjolkEs virw gjicfrE uEnb ib rwE bwEEj axslEj om uEnb f biaykE xbEj wfb ro brojE fad rjfzu. Virw gxlkiz uEnb, oakn rvo uEnb fjE aEEdEd gEj xbEj: oaE gxlkiz fad oaE gjicfrE. kEr xb bEE vwfr dimmejEazE rwib sfuEb ia rwE axslEj om uEnb aEEdEd.

En 6 Ej 6 Ed 5 Ea 2 Eb 2 Er 1 Ef 1 Es 1 Eg 1

ER ED ES EN EA ET

uE 8 wE 8 aE 5 bE 5 rE 4 kE 3 jE 3 dE 2 zE 2 gE 1 vE 1 cE lE 1 sE 1

HE RE TE SE

TAOI NSHRD

r b af i j wogxkd

j=R; d = D; b or a = S; w = H;

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

q = E; j=R; w=H; d=D

lxr rHE zoazEgr sfuEb bEabE virH gxlkiz uEnb vHERE ir bIsgkn sEfab fggkniay rHE gRicfrE rRfabmoRsfrioa miRbr fad rHEarHE gxlkiz oaE. vE HfcE aorEd rHfr f sfeoR gRolkEs virH gjicfrE uEnb ib rHE bHEER axslER om uEnb f biaykE xbER Hfb ro broRE fad rRfzu. HirH gxlkiz uEnb, oakn rvo uEnb fRE aEEdEd gER xbER: oaE gxlkiz fad oaE gRicfrE. kEr xb bEE vHfr dimmeREazE rHib sfuEb ia rHE axslER om uEnb aEEdEd.

TAOI NS

r b af i og

r = T

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

q = E; j=R; w=H; r=T; d=D

lxT THE zONzEgr MAuES SENSE WITH gxlkIz uEnS WHERE IT SIMgkn MEANS AggknINy THE gRIcATE TRANSFORMATION FIRST AND THEN THE gxlkIz ONE. WE HAVE NOTED THAT A MAJOR PROlkEM WITH PRIVATE uEnS IS THE SHEER NxMlER OF uEnS A SIaykE xSER HAS TOSTORE AND TRAzu. WITH gxlkIz uEnS, ONkn TWO uEnS ARE NEEDED gER xSER: ONE PxlkIz AND ONE PRIVATE. kET xS SEE WHAT DImmeRENzE THIS sAuESIN THE NxBlER OF uEnS NEEDED.

O NS

b a og

v=W; i=I; f=A; b=S; o=O; m=F; a=N; s=M; c=V; g=P; e=J;

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Substitution cipher - cryptanalysis

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

f l z d q m y w i e u k s a o g t j b r x c v h n p

BUT THE CONCEPT MAKES SENSE WITH PUBLIC KEYS WHERE IT SIMPLY MEANS APPLYING THE PRIVATE TRANSFORMATION FIRST AND THEN THE PUBLIC ONE. WE HAVE NOTED THAT A MAJOR PROBLEM WITH PRIVATE KEYS IS THE SHEER NUMBER OF KEYS A SINGLE USER HAS TO STORE AND TRACK. WITH PUBLIC KEYS ONLY TWO KEYS ARE NEEDED PER USER ONE PUBLIC AND ONE PRIVATE. LET US SEE WHAT DIFFERENCE THIS MAKES IN THE NUMBER OF KEYS NEEDED.

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Substitution cipher – cryptanalysis algorithm
• Look for “a”/”I”
• Compute frequency of single letters; compare to that of English
• Compute frequency of digrams, compare to that of English
• Compute frequency of trigrams, compare to that of English
• Etc.

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Substitution cipher – strengths and weaknesses
• Strengths:
• Not vulnerable to brute force attacks
• Encryption and decryption requires low computational overhead, though more than Shift cipher
• Ciphertext not longer than plaintext
• Weaknesses:
• Vulnerable to statistical attack if language/message has statistical structure
• Requires storage of key table

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Substitution cipher – lessons learnt
• In spite of 26! possible keys, can break, because of structure of message
• Can we make message without statistical structure?
• Yes:
• Well-compressed images/sound/video
• Zip files

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Mathematical formulation

Zm

Definition: ab (mod m) m divides a-b  a and b have the same remainder when divided by m

We define a mod m to be the unique remainder of a when divided by m

Zm is the “ring” of integers modulo m:

The set of all possible remainders on division with m:

0, 1, 2, …m-1

with normal addition and multiplication, performed modulo m

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Need: Some group theory

What is a group?

• A set of elements G with
• An additive operation  such that
• G is closed under the operation, i.e. if a, b G, so does a b
• The operation is associative, i.e. (a  b)  c = a (b  c)
• An identity exists and is in G, i.e.
• e  G, s.t. e  g = g  e = g
• Every element has an inverse in G, i.e.

 g  G  g-1  G s.t g  g-1 = e

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

The group operation can be addition or multiplication

• Example 1: Zn: An additive group for all n (n=4)

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Multiplicative Group

Zp \ {0} = {1, 2, … n-1} is a multiplicative group for n prime

Example: n=5

Students work out group properties

x(?) = 1 (mod 5)

?=x-1

Students find all inverses by trial and error

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Not a multiplicative group

Zn \ {0} = {1, 2, … n-1} is not a multiplicative group for n composite

Example n=6

Students find elements without inverses

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Shift Cipher: generalized further

P = C = K = G

eK(x) = x  g = x + g mod m (for G = Zm)

dK(x) = x  g-1 = x – g mod m

Need two operations for affine cipher: addition and multiplication. Need to define a ring.

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Properties of Zm (definition of a ring)
• Closed under addition () and multiplication ()

If a, b  Zmthen a  b, a  b  Zm

• Addition and multiplication are commutative and associative

If a, b  Zmthen

a  b = b  a

a  b = b  a

(a  b)  c = a (b  c) and

(a  b)  c = a (b  c)

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Properties of Zm – contd.
• Additive and multiplicative identities in Zm

Additive identity is 0 mod m

Multiplicative identity is 1 mod m

• Distributive property holds

For a,b,c  Zm

(a  b)  c = (a  c)  (b  c) and

a (b  c) = (a  b)  (a  c)

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Properties of Zm – contd.

A number y such that x  y = 0 for all x in Zm

• Multiplicative inverse?

A number y such that x  y = 1 for all x in Zm

Zm/ring need not contain multiplicative inverse

CS284-162/Spring09/GWU/Vora/ Classical Ciphers

Affine Cipher

P = C = R (R is the ring)

K R  R

eK(x) = ax + b

dK(x) = a-1 (x – b)

When is a invertible? We do this next week.

Inverse wrt 

Inverse wrt 

CS284-162/Spring09/GWU/Vora/ Classical Ciphers