or conventional / private-key / single-key sender and recipient share a common key all classical encryption algorithms are private-key was only type prior to invention of public- key in 1970’s and by far most widely used

(1)

Cryptography and

Network Security

Chapter 2

Fourth Edition

by William Stallings

(2)

Chapter 2 –

Classical Encryption

_{Classical Encryption}

Techniques

Many savages at the present day regard their Many savages at the present day regard their

names as vital parts of themselves, and names as vital parts of themselves, and

therefore take great pains to conceal their real therefore take great pains to conceal their real names, lest these should give to evil-disposed names, lest these should give to evil-disposed

persons a handle by which to injure their persons a handle by which to injure their

owners. owners.

—

(3)

Symmetric Encryption



or conventional /

_{or conventional /}

private-key

_private-key

/ single-key

_{/ single-key}



sender and recipient share a common key

_{sender and recipient share a common key}



all classical encryption algorithms are

_{all classical encryption algorithms are}

private-key



was only type prior to invention of public-

_{was only type prior to invention of}

public-key in 1970’s

key in 1970’s

(4)

Some Basic Terminology

 _plaintext_plaintext_{- original message}_{- original message}  _ciphertext_ciphertext_{- coded message}_{- coded message}

 _cipher_cipher_{- algorithm for transforming plaintext to ciphertext}_{- algorithm for transforming plaintext to ciphertext}  _key_key_{- info used in cipher known only to sender/receiver}_{- info used in cipher known only to sender/receiver}  _{encipher (encrypt)}_{encipher (encrypt)}_{- converting plaintext to ciphertext}_{- converting plaintext to ciphertext}  _{decipher (decrypt)}_{decipher (decrypt)}_{- recovering ciphertext from plaintext}_{- recovering ciphertext from plaintext}  _cryptography_cryptography_{- study of encryption principles/methods}_{- study of encryption principles/methods}  _{cryptanalysis (codebreaking)}_{cryptanalysis (codebreaking)}_{- study of principles/}_{- study of principles/}

methods of deciphering ciphertext

methods of deciphering ciphertext withoutwithout knowing key knowing key

(5)

Symmetric Cipher Model

(6)

Requirements



two requirements for secure use of

_{two requirements for secure use of}

symmetric encryption:

 a strong encryption algorithma strong encryption algorithm

 a secret key known only to sender / receivera secret key known only to sender / receiver



mathematically have:

_{mathematically have:}

Y

Y = E= E_K_K((XX))

X

X = D= D_K_K((YY))



assume encryption algorithm is known

_{assume encryption algorithm is known}

(7)

Cryptography



characterize cryptographic system by:

_{characterize cryptographic system by:}

 type of encryption operations usedtype of encryption operations used

• substitution / transposition / product_{substitution / transposition / product}

 number of keys usednumber of keys used

• single-key or private / two-key or public_{single-key or private / two-key or public}

 way in which plaintext is processedway in which plaintext is processed

(8)

Cryptanalysis



objective to recover key not just message

_{objective to recover key not just message}



general approaches:

_{general approaches:}

 cryptanalytic attackcryptanalytic attack

(9)

Cryptanalytic Attacks



ciphertext only

_{ciphertext only}

 only know algorithm & ciphertext, is statistical, only know algorithm & ciphertext, is statistical,

know or can identify plaintext know or can identify plaintext



known plaintext

_{known plaintext}

 know/suspect plaintext & ciphertextknow/suspect plaintext & ciphertext



chosen plaintext

_{chosen plaintext}

 select plaintext and obtain ciphertextselect plaintext and obtain ciphertext



chosen ciphertext

_{chosen ciphertext}

 select ciphertext and obtain plaintextselect ciphertext and obtain plaintext



chosen text

_{chosen text}

(10)

More Definitions



unconditional security

_{unconditional security}

 no matter how much computer power or time no matter how much computer power or time

is available, the cipher cannot be broken is available, the cipher cannot be broken since the ciphertext provides insufficient since the ciphertext provides insufficient

information to uniquely determine the information to uniquely determine the

corresponding plaintext corresponding plaintext



_{computational security}

 given limited computing resources (eg time given limited computing resources (eg time

needed for calculations is greater than age of needed for calculations is greater than age of

(11)

Brute Force Search

 always possible to simply try every key _{always possible to simply try every key}

 most basic attack, proportional to key size _{most basic attack, proportional to key size}  assume either know / recognise plaintext_{assume either know / recognise plaintext}

Key Size (bits) Number of Alternative

Keys Time required at 1 decryption/µs Time required at 10

6

decryptions/µs

32 232 = 4.3 _ 109 231 µs = 35.8 minutes 2.15 milliseconds 56 256 = 7.2 _ 1016 255 µs = 1142 years 10.01 hours 128 2128 = 3.4  1038 2127 µs = 5.4  1024 years 5.4  1018 years 168 2168 = 3.7 _ 1050 2167 µs = 5.9 _ 1036 years 5.9 _ 1030 years

26 characters

(permutation) 26! = 4  10

(12)

Classical Substitution

Ciphers



where

_where

letters of plaintext are replaced by

_{letters of plaintext are replaced by}

other letters or by numbers or symbols



or if plaintext is

_{or if plaintext is}

viewed as a sequence of

_{viewed as a sequence of}

bits, then substitution involves replacing

plaintext bit patterns with ciphertext bit

(13)

Caesar Cipher



earliest known substitution cipher

_{earliest known substitution cipher}



by Julius Caesar

_{by Julius Caesar}



first attested use in military affairs

_{first attested use in military affairs}



replaces each letter by 3rd letter on

_{replaces each letter by 3rd letter on}



example:

_example:

meet me after the toga party

PHHW PH DIWHU WKH WRJD SDUWB

(14)

Caesar Cipher



can define transformation as:

_{can define transformation as:}

a b c d e f g h i j k l m n o p q r s t u v w x y z

D E F G H I J K L M N O P Q R S T U V W X Y Z A B C



mathematically give each letter a number

_{mathematically give each letter a number}

a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25



_{then have Caesar cipher as:}

c

c = E(= E(pp) = () = (p p + + kk) mod (26)) mod (26)

p

(15)

Cryptanalysis of Caesar

Cipher



only have 26 possible ciphers

_{only have 26 possible ciphers}

 A maps to A,B,..Z A maps to A,B,..Z



could simply try each in turn

_{could simply try each in turn}



a

_a

brute force search

_{brute force search}



given ciphertext, just try all shifts of letters

_{given ciphertext, just try all shifts of letters}



do need to recognize when have plaintext

_{do need to recognize when have plaintext}

(16)

Monoalphabetic Cipher

 rather than just shifting the alphabet _{rather than just shifting the alphabet}

 could shuffle (jumble) the letters arbitrarily _{could shuffle (jumble) the letters arbitrarily}

 each plaintext letter maps to a different random _{each plaintext letter maps to a different random}

ciphertext letter ciphertext letter

 hence key is 26 letters long _{hence key is 26 letters long}

Plain: abcdefghijklmnopqrstuvwxyz

Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext: ifwewishtoreplaceletters

Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

(17)

Monoalphabetic Cipher

Security



now have a total of 26! = 4 x 1026 keys

_{now have a total of 26! = 4 x 1026 keys}



with so many keys, might think is secure

_{with so many keys, might think is secure}



but would be

_{but would be}

!!!WRONG!!!

_!!!WRONG!!!

(18)

Language Redundancy and

Cryptanalysis

 human languages are _{human languages are}redundant_redundant  eg "th lrd s m shphrd shll nt wnt" _{eg "th lrd s m shphrd shll nt wnt"}

 _{letters are not equally commonly used}_{letters are not equally commonly used}

 _{in English E is by far the most common letter}_{in English E is by far the most common letter}

 followed by T,R,N,I,O,A,S followed by T,R,N,I,O,A,S

 other letters like Z,J,K,Q,X are fairly rare _{other letters like Z,J,K,Q,X are fairly rare}

 have tables of single, double & triple letter _{have tables of single, double & triple letter}

(19)

English Letter Frequencies

(20)

Use in Cryptanalysis

 _{key concept - monoalphabetic substitution}_{key concept - monoalphabetic substitution}

ciphers do not change relative letter frequencies ciphers do not change relative letter frequencies

 _{discovered by Arabian scientists in 9}_{discovered by Arabian scientists in 9}thth century_century

 _{calculate letter frequencies for ciphertext}_{calculate letter frequencies for ciphertext}

 compare counts/plots against known values _{compare counts/plots against known values}

 if caesar cipher look for common peaks/troughs _{if caesar cipher look for common peaks/troughs}

 peaks at: A-E-I triple, NO pair, RST triplepeaks at: A-E-I triple, NO pair, RST triple  troughs at: JK, X-Ztroughs at: JK, X-Z

 for _formonoalphabetic must identify each letter_{monoalphabetic must identify each letter}

(21)

Example Cryptanalysis

 given ciphertext:_{given ciphertext:}

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

 count relative letter frequencies (see text)_{count relative letter frequencies (see text)}  guess P & Z are e and t_{guess P & Z are e and t}

 guess ZW is th and hence ZWP is the_{guess ZW is th and hence ZWP is the}

 proceeding with trial and error finally get:_{proceeding with trial and error finally get:}

it was disclosed yesterday that several informal but

direct contacts have been made with political

representatives of the viet cong in moscow

(22)

Playfair Cipher



not even the large number of keys in a

_{not even the large number of keys in a}

monoalphabetic cipher provides security



one approach to improving security was to

_{one approach to improving security was to}

encrypt multiple letters



_the

_{Playfair Cipher}

_{is an example}



invented by Charles Wheatstone in 1854,

_{invented by Charles Wheatstone in 1854,}

(23)

Playfair Key Matrix



a 5X5 matrix of letters based on a keyword

_{a 5X5 matrix of letters based on a keyword}



fill in letters of keyword (sans duplicates)

_{fill in letters of keyword (sans duplicates)}



fill rest of matrix with other letters

_{fill rest of matrix with other letters}



eg. using the keyword MONARCHY

_{eg. using the keyword MONARCHY}

M

M OO NN AA RR

C

C HH YY BB DD

E

E FF GG I/JI/J KK

L

L PP QQ SS TT

U

(24)

Encrypting and Decrypting



_{plaintext is encrypted two letters at a time}

1.

1. if a pair is a repeated letter, insert filler like 'X’if a pair is a repeated letter, insert filler like 'X’

2.

2. if both letters fall in the same row, replace if both letters fall in the same row, replace

each with letter to right

each with letter to right (wrapping back to start (wrapping back to start from end)

from end)

3.

3. if both letters fall in the same column, replace if both letters fall in the same column, replace

each with the letter below it (again wrapping to each with the letter below it (again wrapping to

top from bottom) top from bottom)

4.

4. otherwise each letter is replaced by the letter otherwise each letter is replaced by the letter

in the same row and in the column of the other in the same row and in the column of the other

(25)

Security of Playfair Cipher

 security much improved over monoalphabetic_{security much improved over monoalphabetic}  since have 26 x 26 = 676 digrams _{since have 26 x 26 = 676 digrams}

 would need a 676 entry frequency table to _{would need a 676 entry frequency table to}

analyse (verses 26 for a monoalphabetic) analyse (verses 26 for a monoalphabetic)

 and correspondingly more ciphertext _{and correspondingly more ciphertext}  was widely used for many years_{was widely used for many years}

 eg. by US & British military in WW1eg. by US & British military in WW1

(26)

Polyalphabetic Ciphers

 polyalphabetic substitution ciphers_{polyalphabetic substitution ciphers}

 improve security using multiple cipher alphabets _{improve security using multiple cipher alphabets}  _{make cryptanalysis harder with more alphabets}_{make cryptanalysis harder with more alphabets}

to guess and flatter frequency distribution to guess and flatter frequency distribution

 _{use a key to select which alphabet is used for}_{use a key to select which alphabet is used for}

each letter of the message each letter of the message

 use each alphabet in turn _{use each alphabet in turn}

(27)

Vigenère Cipher



simplest polyalphabetic substitution cipher

_{simplest polyalphabetic substitution cipher}



effectively multiple caesar ciphers

_{effectively multiple caesar ciphers}



key is multiple letters long K = k

₁₁

k

₂₂

... k

_d_d



i

_i

thth

letter specifies i

_{letter specifies i}

thth

alphabet to use

_{alphabet to use}



use each alphabet in turn

_{use each alphabet in turn}



repeat from start after d letters in message

_{repeat from start after d letters in message}

(28)

Example of

Vigenère Cipher

_{Vigenère Cipher}

 write the plaintext out _{write the plaintext out}

 write the keyword repeated above it_{write the keyword repeated above it}

 _{use each key letter as a caesar cipher key}_{use each key letter as a caesar cipher key}

 _{encrypt the corresponding plaintext letter}_{encrypt the corresponding plaintext letter}

 eg using keyword _{eg using keyword}deceptive_deceptive

(29)

Aids



simple aids can assist with en/decryption

_{simple aids can assist with en/decryption}



a

_a

Saint-Cyr Slide

_{Saint-Cyr Slide}

is a simple manual aid

_{is a simple manual aid}

 a slide with repeated alphabet a slide with repeated alphabet

 line up plaintext 'A' with key letter, eg 'C' line up plaintext 'A' with key letter, eg 'C'

 then read off any mapping for key letter then read off any mapping for key letter



_{can bend round into a}

_{cipher disk}

(30)

Security of

Vigenère Ciphers

_{Vigenère Ciphers}



have multiple ciphertext letters for each

_{have multiple ciphertext letters for each}

plaintext letter



hence letter frequencies are obscured

_{hence letter frequencies are obscured}



but not totally lost

_{but not totally lost}



start with letter frequencies

_{start with letter frequencies}

 see if look monoalphabetic or notsee if look monoalphabetic or not



if not, then need to determine number of

_{if not, then need to determine number of}

(31)

Kasiski Method

 method developed by Babbage / Kasiski _{method developed by Babbage / Kasiski}

 repetitions in ciphertext give clues to period _{repetitions in ciphertext give clues to period}  so find same plaintext an exact period apart _{so find same plaintext an exact period apart}  which results in the same ciphertext _{which results in the same ciphertext}

 of course, could also be random fluke_{of course, could also be random fluke}  eg repeated “VTW” in previous example_{eg repeated “VTW” in previous example}  suggests size of 3 or 9_{suggests size of 3 or 9}

 then attack each monoalphabetic cipher _{then attack each monoalphabetic cipher}

(32)

Autokey Cipher

 _{ideally want a key as long as the message}_{ideally want a key as long as the message}

 _{Vigenère proposed the}_{Vigenère proposed the}_autokey_autokey_cipher_cipher

 with keyword is prefixed to message as key_{with keyword is prefixed to message as key}

 _{knowing keyword can recover the first few letters}_{knowing keyword can recover the first few letters}

 _{use these in turn on the rest of the message}_{use these in turn on the rest of the message}

 _{but still have frequency characteristics to attack}_{but still have frequency characteristics to attack}

 eg. given key _{eg. given key}deceptive_deceptive

key: deceptivewearediscoveredsav

plaintext: wearediscoveredsaveyourself

ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA

(33)

One-Time Pad

 if a truly random key as long as the message is _{if a truly random key as long as the message is}

used, the cipher will be secure used, the cipher will be secure

 called a One-Time pad_{called a One-Time pad}

 is unbreakable since ciphertext bears no _{is unbreakable since ciphertext bears no}

statistical relationship to the plaintext statistical relationship to the plaintext

 since for _{since for}any plaintext_{any plaintext} & _&any ciphertext_{any ciphertext} there _there

exists a key mapping one to other exists a key mapping one to other

 can only use the key _{can only use the key}once_once though_though

(34)

Transposition Ciphers



now consider classical

_{now consider classical}

transposition

_{transposition}

or

_or

permutation

ciphers



these hide the message by rearranging

_{these hide the message by rearranging}

the letter order



_{without altering the actual letters used}



can recognise these since have the same

_{can recognise these since have the same}

(35)

Rail Fence cipher

 write message letters out diagonally over a _{write message letters out diagonally over a}

number of rows number of rows

 then read off cipher row by row_{then read off cipher row by row}  eg. write message out as:_{eg. write message out as:}

m e m a t r h t g p r y

e t e f e t e o a a t

 giving ciphertext_{giving ciphertext}

MEMATRHTGPRYETEFETEOAAT

(36)

Row Transposition Ciphers



_{a more complex transposition}



write letters of message out in rows over a

_{write letters of message out in rows over a}

specified number of columns



then reorder the columns according to

_{then reorder the columns according to}

some key before reading off the rows

Key: 3 4 2 1 5 6 7

Key: 3 4 2 1 5 6 7 Plaintext: a t t a c k p Plaintext: a t t a c k p

o s t p o n eo s t p o n e

d u n t i l td u n t i l t

w o a m x y zw o a m x y z

(37)

Product Ciphers

 ciphers using substitutions or transpositions are _{ciphers using substitutions or transpositions are}

not secure because of language characteristics not secure because of language characteristics

 hence consider using several ciphers in _{hence consider using several ciphers in}

succession to make harder, but: succession to make harder, but:

 two substitutions make a more complex substitution two substitutions make a more complex substitution  two transpositions make more complex transposition two transpositions make more complex transposition  but a substitution followed by a transposition makes a but a substitution followed by a transposition makes a

new much harder cipher

(38)

Rotor Machines

 before modern ciphers, rotor machines were _{before modern ciphers, rotor machines were}

most common complex ciphers in use most common complex ciphers in use

 widely used in WW2_{widely used in WW2}

 German Enigma, Allied Hagelin, Japanese PurpleGerman Enigma, Allied Hagelin, Japanese Purple

 implemented a very complex, varying _{implemented a very complex, varying}

substitution cipher substitution cipher

 used a series of cylinders, each giving one _{used a series of cylinders, each giving one}

substitution, which rotated and changed after substitution, which rotated and changed after

each letter was encrypted each letter was encrypted

(39)

Hagelin Rotor Machine

(40)

Steganography



an alternative to encryption

_{an alternative to encryption}



hides existence of message

_{hides existence of message}

 using only a subset of letters/words in a using only a subset of letters/words in a

longer message marked in some way longer message marked in some way

 using invisible inkusing invisible ink

 hiding in LSB in graphic image or sound filehiding in LSB in graphic image or sound file



has drawbacks

_{has drawbacks}

(41)

Summary



have considered:

_{have considered:}

 classical cipher techniques and terminologyclassical cipher techniques and terminology

 monoalphabetic substitution ciphersmonoalphabetic substitution ciphers

 cryptanalysis using letter frequenciescryptanalysis using letter frequencies

 Playfair cipherPlayfair cipher

 polyalphabetic cipherspolyalphabetic ciphers

 transposition cipherstransposition ciphers

 product ciphers and rotor machinesproduct ciphers and rotor machines