1 / 67

Classical Cryptography

Classical Cryptography. Prof. Heejin Park. Overview. Classical cryptosystems The Shift Cipher The Affine Cipher The Substitution Cipher The Vigenère Cipher The Hill Cipher The Permutation Cipher Stream Ciphers Cryptanalysis of some classical cryptosystems. The Shift Cipher.

phuc
Download Presentation

Classical Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Classical Cryptography Prof. Heejin Park

  2. Overview • Classical cryptosystems • The Shift Cipher • The Affine Cipher • The Substitution Cipher • The Vigenère Cipher • The Hill Cipher • The Permutation Cipher • Stream Ciphers • Cryptanalysis of some classical cryptosystems

  3. The Shift Cipher • Encryption of plaintext wewillmeet withK = 11 • Convert each character to an integer • Add 11 mod 26 to each value. • Convert the value to its corresponding character.

  4. The Shift Cipher • Decryption of ciphertext hphtwwxppe • Inverse of encryption • Cryptanalysis of shift cipher • Exhaustive key search • The key space is too small: only 26 possible keys JBCRCLQRWCRVNBJENBWRWN

  5. The Affine Cipher • Encryption • Encryption of hot using • Since h, o, t are the 7th, 14th, and 19th characters, • (7x7+3) mod 26 = 52 mod 26 = 0. • (7x14+3) mod 26 = 101 mod 26 = 23. • (7x19+3) mod 26 = 136 mod 26 = 6. • if a =1, it becomes a Shift Cipher.

  6. The Affine Cipher • Encryption • Decryption • a should be an integer such that a-1 exists. • a-1 exists if and only if a and 26 are relatively prime. • 12 integers: 1,3,5,7,9,11,15,17,19,21,23, 25

  7. The Affine Cipher • Cryptanalysis • The exhaustive key search: Count the number of keys • Number of a’s? • 12: 1,3,5,7,9,11,15,17,19,21,23, 25 • Number of b’s? • 26: becauseb can be any integer among 0,1,…, 25. • We have 12 X 26 = 312 number of keys.

  8. The Affine Cipher • Cryptanalysis • If the modulus is large, the exhaustive key search is infeasible. • However, the Affine Cipher can be easily cryptanalyzed by other methods.

  9. The Substitution Cipher • Encryption • Substitute each symbol in a plaintext using a permutation.

  10. The Substitution Cipher • Decryption • Substitute each symbol in a ciphertext using the inverse permutation. • Quiz • MGZVYZLGHCMHJMYXSSFMNHAHYCDLMHA ? • The Shift Cipher is a special case of the Substitution Cipher. • Is the Affine Cipher a special case of the Substitution Cipher?

  11. The Substitution Cipher • Cryptanalysis • An exhaustive key search is infeasible. • The number of possible permutation is 26! (> 4 x 1026). • However, the Substitution Cipher can be cryptanalyzed by other methods.

  12. The VigenèreCipher • Monoalphabetic cryptosystems • The Shift Cipher and the Substitution Cipher. • Each character is mapped to one character. • Polyalphabetic cryptosystems • The Vigenère Cipher • A character can be mapped to one of characters.

  13. The VigenèreCipher • Encryption • m = 6, K = (2,8,15,7,4,7) • Decryption • Inverse of encryption plaintext key ciphertext

  14. The VigenèreCipher • Formal Definition • Let m be a positive integer. Define P = C = K = (Z26)m. For a key K = (k0, k1, … , km-1), we define eK(x0, x1, … , xm-1) = ( x0+ k0 , x1 + k1, … , xm-1 + km-1) dK(y0, y1, … , ym-1) = ( y0- k0 , y1 - k1, … , ym-1 – km-1) Where all operations are performed inZ26

  15. The VigenèreCipher • Cryptanalysis • The number of possible keys • 26m • Exhaustive key search is infeasible if m is not too small. • However, the Vigenère cipher can be cryptanalyzed by other methods.

  16. The Hill Cipher • Encryption • key: m x m matrix

  17. The Hill Cipher • Encrypt the plaintext july with k = • We partition july into ju and ly. • ju: (9, 20) • ly:(11, 24)

  18. The Hill Cipher • Decryption • Use the inverse of key matrix

  19. The Permutation Cipher • Encryption • key: a permutation of size m • a permutation where m = 6 shesellsseashellsbytheseashore 012345

  20. The Permutation Cipher • Decryption • Use the inverse permutation of the key • The Permutation Cipher is a special case of the Hill Cipher.

  21. Stream Ciphers • Block ciphers • Each plaintext element is encrypted using the same keyK. • Stream ciphers • Plaintext elements are encrypted using key stream .

  22. Stream Ciphers • Key stream construction • Synchronous stream ciphers • The key stream is constructed from the key. • Non-synchronous stream ciphers • The key stream is constructed from the key, the plaintext, or the ciphertext.

  23. Synchronous Ciphers • The Vigenère Cipher is a kind of stream cipher. • Encryption • The is a synchronous stream cipher whose keystream is z1z2… such that

  24. Synchronous Ciphers • A stream cipher is a periodic stream cipher with period d if for all i ≥ 0. • The Vigenère Cipher is a periodic stream cipher with period m. • Stream cipher are often described in terms of binary alphabets (P = C = K=Z2) • The encryption/decryption operations are just exclusive-or.

  25. Synchronous Ciphers • A method for generating binary key stream z0z1… • Initialize z0…zm-1 using a binary tuple (k0, …, km-1). • z0 = k0 , z1 = k1,…, zm-1 = km-1 • Generate zmzm+1… using a linear recurrence of degree m for all i ≥ 0, where are specified constant

  26. Synchronous Ciphers • Example • m = 4 and the keystream is generated using • If starting with (1, 0, 0, 0), the keystream is • 10001001… • If starting with (0, 0, 0, 0), the keystream is • 00000000… • So, zero vector should be avoided for the key. • If is chosen carefully, the period of the key stream can be 2m-1.

  27. K1 K2 K3 K4 Synchronous Ciphers • LFSR (Linear feedback shift register) • Use a shift register with m stages • The vector (k1, … , km) is used to initialize the shift register • At each time unit, the following operation is performed. • k1 becomes the next keystream bit • k2, … , km are shifted to the left • The “new” value of km becomes

  28. Non-synchronous stream cipher • Autokey Cipher • z0 = K , z1 = x0, z2 = x1,… zi = xi-1… • Encryption • Decryption

  29. Non-synchronous stream cipher • K = 8 and the plaintext is rendexvous • Convert the plaintext to integers • Keystream • Add corresponding elements modulo 26 • Ciphertext is VRQHDUJIM 17 4 13 3 4 25 21 14 20 18 8 17 4 13 3 4 25 21 14 20 25 21 7 16 7 3 20 9 8 12

  30. Non-synchronous stream cipher • Decryption 25 21 7 16 7 3 20 9 8 12

  31. Overview • Classical cryptosystems • The Shift Cipher • The Affine Cipher • The Substitution Cipher • The Vigenère Cipher • The Hill Cipher • The Permutation Cipher • Stream Ciphers • Cryptanalysis of some classical cryptosystems • The Affine Cipher • The Substitution Cipher • The Vigenère Cipher • The Hill Cipher • The LFSR Stream Ciphers

  32. Cryptanalysis • In general, it is assumed that the opponent knows the cryptosystem being used. • Cryptanalysis • Full cryptanalysis • Find the key, i.e., generate the ciphertext string for any plaintext string. • Partial cryptanalysis • Generate the ciphertext strings for some plaintext strings.

  33. Attacks • Ciphertext only attack • The opponent can see the ciphertext strings. • Known plaintext attack • The opponent can see some plaintext strings and their ciphertext strings. • Chosen plaintext attack • The opponent can temporary access to the encryption machinery. Hence he can choose some plaintext strings and construct their ciphertext strings. • Chosen ciphertext attack • The opponent can temporary access to the decryption machinery. Hence he can choose some ciphertext strings and construct their plaintext strings.

  34. English Text • The frequency of each character • E: about 12% • T, A, O, I, N, S, H, R: 6-9% • D, L : about 4% • C, U, M, W, F, G, Y, P, B: 1.5%-2.8% • V, K, J, X, Q, Z:< 1%

  35. English Text • It is also useful to consider sequences of two or three consecutive letters, called digrams and trigrams • The 30 most common digrams are • The twelve most common trigrams are TH, HE, IN, ER, AN, RE, ED, ON, ES, ST, EN, AT, TO, NT, HA, ND, OU, EA, NG, AS, OR, TI, IS, ET, IT, OF THE, ING, AND, HER, ERE, ENT, THA, NTH, WAS, ETH, FOR, DTH

  36. The Affine Cipher • Ciphertext only attack • Suppose opponent has intercepted the following ciphertext • Frequency of occurrence of the 26 ciphertext letters FMXVEDKAPHFERBNDKRXRSREFMORUDSDKDVSHVUFEDKAPRKDLYEVLRHHR

  37. The Affine Cipher • Suppose opponent has intercepted the following ciphertext • Frequency of occurrence of the 26 ciphertext letters FMXVEDKAPHFERBNDKRXRSREFMORUDSDKDVSHVUFEDKAPRKDLYEVLRHHR

  38. The Affine Cipher • The most frequent ciphertext characters are • R (8 occurrences) • D (7 occurrences) • E, H, K (5 occurrences each) • F, S, V (4 occurrences each) • First guess: eK(e)=R, eK(t)=D. • We have eK(4)=17 and eK(19)=3. • Recall that eK(x)=ax+b , where a and b are unknowns • This system has the unique solution a = 6, b = 19 (in Z26), but this is an illegal key, since gcd (a, 26) = 2 > 1

  39. The Affine Cipher • Guess: eK(e)=R and eK(t)=E. • Obtain a = 13, which is again illegal. • Guess: eK(e)=R and eK(t)=H. • This yields a = 8, again impossible. • Guess: eK(e)=R and eK(t)=K. • This produces a = 3, b = 5, which is at least a legal key. • K = (3, 5) • Perform decryption • The given ciphertext decrypts to yield algorithmsarequitegeneraldefinitionsofarithmeticprocesses

  40. The Substitution Cipher • Ciphertext only attack • Ciphertext obtained from a substitution cipher • The frequency analysis of this ciphertext YIFQFMZRWQFYVECFMDZPCVMRZWNMDZVEJBTXCDDUMJNDIFEFMDZCDMQZKCEYFCJMYRNCWJCSZREXCHZUNMXZNZUCDRJXYYSMRTMEYIFZWDYVZVYFZUMRZCRWNZDZJJ XZWGCHSMRNMDHNCMFQCHZJMXJZWIEJYUCFWDJNZDIR

  41. The Substitution Cipher • Z occurs significantly more often than others. • We might conjecture that eK(e)=Z. • C, D, F, J, M, R, Y Occur at least ten times. • We might expect that these letters are encryptions of t, a, o, i, n, s, h, r. • But, not vary enough what the correspondence might be.

  42. The Substitution Cipher • We might look at digrams, especially those of the form –Z or Z– • The most common digrams of this type • DZ and ZW (four times each) • NZ and ZU (three times each) • RZ, HZ, XZ, FZ, ZR, ZV, ZC, ZD and ZJ (twice each) • ZW occurs four times and WZ not at all • W occurs less often than many other characters, • The Common digrams e– : ER, ED, ES, EN, EA, ET • expect letter {t, a, o, i, n, s, h, r} • we might guess that dk(W) = d • DZ occurs four times and ZD occurs twice • The common digram –e : HE(EH not exist), RE, SE, TE

  43. The Substitution Cipher • If we proceed on the assumption that dk(Z) = e and dk(W) = d. • ZRW(e-d) and RZW(-ed) both occurring near the beginning of the ciphertext and RW(-d) occurs again later on. • Since R occurs frequently in the ciphertext and nd is a common digram, we might try dk(R) = n as the most likely possibility. ------end---------e----ned---e------------ YIFQFMZRWQFYVECFMDZPCVMRZWNMDZVEJBTXCDDUMJ --------e----e---------n—d---en----e----eNDIFEFMDZCDMQZKCEYFCJMYRNCWJCSZREXCHZUNMXZ -e---n------n------ed---e---e--ne-nd-e-e--NZUCDRJXYYSMRTMEYIFZWDYVZVYFZUMRZCRWNZDZJJ -ed----- n ------------e----ed-------d---e--n XZWGCHSMRNMDHNCMFQCHZJMXJZWIEJYUCFWDJNZDIR

  44. The Substitution Cipher • Next step might be to try dK(N) = h • NZ(he) is a common digram and ZN(eh) is not • A common digram –e : HE(EH not exist), RE, SE, TE • So, dK(N) = h • If this is correct, then the segment of plaintext ne – ndhe suggests that dK(C) = a • ZC(e-) is a common digram and CZ(-e) is not ------end-----a---e-a--nedh--e------a----- YIFQFMZRWQFYVECFMDZPCVMRZWNMDZVEJBTXCDDUMJ h-------ea---e-a---a---nhad-a-en--a-e-h--eNDIFEFMDZCDMQZKCEYFCJMYRNCWJCSZREXCHZUNMXZ he-a-n------n------ed---e---e--neandhe-e--NZUCDRJXYYSMRTMEYIFZWDYVZVYFZUMRZCRWNZDZJJ -ed-a--- nh---ha---a-e----ed-----a-d--he--n XZWGCHSMRNMDHNCMFQCHZJMXJZWIEJYUCFWDJNZDIR

  45. The Substitution Cipher • We might consider M, the second most common ciphertext character • The ciphertext segment RNM, which we believe decrypts to nh- • Suggest that h- begins a word, so M probably represent a vowel • We have already accounted for a and e • expect letter {t, a, o, i, n, s, h, r} • So, we expect that dK(M) = i or o • Since ai is a much more likely digram than ao, so dK(M) = i first -----iend-----a-i-e-a-inedhi-e------a---i- YIFQFMZRWQFYVECFMDZPCVMRZWNMDZVEJBTXCDDUMJ h-----i-ea-i-e-a---a-i-nhad-a-en--a-e-hi-eNDIFEFMDZCDMQZKCEYFCJMYRNCWJCSZREXCHZUNMXZ he-a-n-----in-i----ed---e---e-ineandhe-e--NZUCDRJXYYSMRTMEYIFZWDYVZVYFZUMRZCRWNZDZJJ -ed-a---inhi--hai--a-e-i--ed-----a-d--he--n XZWGCHSMRNMDHNCMFQCHZJMXJZWIEJYUCFWDJNZDIR

  46. The Substitution Cipher • Next, We might try to determine which letter is encrypted to o • Since o is a common letter, we guess one of D, F, J, Y • At least ten times characters : C, D, F, J, M, R, Y • Y seem to be the possibility • We would get long strings of vowels, namely aoi form CFM or CJM • Hence, let’s suppose dK(Y) = o • The three most frequent remaining ciphertext letters are D, F, J, which we conjecture could decrypt to r, s, t in some order • Two occurrences of the trigram NMD(hi-) suggest that dK(D) = s, giving the trigram his in the plaintext • The segment HNCMF could be an encryption of chair, which would give dK(F) = r (and dK(H) = c) • So we would then have dK(J) = t • Process of elimination

  47. The Substitution Cipher • Now, we have • The complete decryption is o-r-riend-ro--arise-a-inedhise--t---ass-it YIFQFMZRWQFYVECFMDZPCVMRZWNMDZVEJBTXCDDUMJ hs-r-riseasi-e-a-orationhadta-en--ace-hi-eNDIFEFMDZCDMQZKCEYFCJMYRNCWJCSZREXCHZUNMXZ he-asnt-oo-in-i-o-redso-e-ore-ineandhesettNZUCDRJXYYSMRTMEYIFZWDYVZVYFZUMRZCRWNZDZJJ -ed-ac--inhischair-aceti-ted--to-ardsthes-n XZWGCHSMRNMDHNCMFQCHZJMXJZWIEJYUCFWDJNZDIR Our friend from Paris examined his empty glass with surprise, asif evaporation had taken place while he wasn’t looking. I poured somemore wine and he settled back in his chair, face tilted up towards the sun

  48. The VigenèreCipher • Encryption • m = 6, K = (2,8,15,7,4,7) • We first compute m and then compute K. • Techniques used • Kasiski test • The index of coincidence plaintext key ciphertext

  49. The Vigenère Cipher • Observation: Two identical segments of plaintext will be encrypted to the same ciphertext whenever their occurrence in the plaintext is δ positions apart, where . • Kasiski test • Search the ciphertext for pair of identical segments of length at least three. • Record the distance between the starting positions of the two segments • If we obtain several such distances, sayδ1,δ2, … , • Then we would conjecture that m divides all of the δi’s • Hence m divides the greatest common divisor of theδi’s

  50. The Vigenère Cipher • The distances from the first occurrence to other four occurrences are 165, 235, 275, 285. • The greatest common divisor of these four integers is 5. (very likely keyword length) CHREEVOAHMAERATBIAXXWTNXBEEOPHBSQMQEQERBW RVXUOAKXAOSXXWEAHBWGJMMQMNKGRFVGXWTRZXWIAK LXFPSKAUTEMNDCMGTSXMXBTUIADNGMGPSRELXNJELX VRVPRTULHDNQWTWDTYGBPHXTFALJHASVBFXNGLLCHR ZBWELEKMSJIKNBHWRJGNMGJSGLXFEYPHAGNRBIEQJT AMRVLCRREMNDGLXRRIMGNSNRWCHRQHAEYEVTAQEBBI PEEWEVKAKOEWADREMXMTBHHCHRTKDNVRZCHRCLQOHP WQAIIWXNRMGWOIIFKEE

More Related