Cryptography and Cryptography and
Network Security Network Security
Chapter 2 Chapter 2
Fifth Edition Fifth Edition by William Stallings by William Stallings Lecture slides by
Lecture slides by Lawrie Lawrie Brown Brown (with edits by RHB)
(with edits by RHB)
Chapter 2
Chapter 2 – – Classical Encryption Classical Encryption Techniques
Techniques
• • "I am fairly familiar with all the forms of secret "I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling writings, and am myself the author of a trifling monograph upon the subject, in which I analyze monograph upon the subject, in which I analyze one hundred and sixty separate ciphers," said one hundred and sixty separate ciphers," said Holmes.
Holmes.. .
— —The Adventure of the Dancing Men The Adventure of the Dancing Men, Sir Arthur , Sir Arthur Conan Doyle
Conan Doyle
Outline
•
• We will consider: We will consider:
– – classical cipher techniques and terminology classical cipher techniques and terminology –
– monoalphabetic monoalphabetic substitution ciphers substitution ciphers –
– cryptanalysis using letter frequencies cryptanalysis using letter frequencies – – Playfair Playfair cipher cipher
– – polyalphabetic polyalphabetic ciphers ciphers – – transposition ciphers transposition ciphers –
– product ciphers and rotor machines product ciphers and rotor machines – – steganography steganography
Symmetric Encryption Symmetric Encryption
• • or conventional / private or conventional / private- -key key / single- / single -key key
• • sender and recipient share a common key sender and recipient share a common key
• • all classical encryption algorithms are all classical encryption algorithms are private
private- -key key
• • was only type prior to invention of public- was only type prior to invention of public - key in 1970
key in 1970’ ’s s
• • and by far most widely used and by far most widely used
Some Basic Terminology Some Basic Terminology
•• plaintextplaintext--original message original message
•• ciphertextciphertext--coded message coded message
•• ciphercipher--algorithm for transforming plaintext to ciphertextalgorithm for transforming plaintext to ciphertext
•• keykey--info used in cipher known only to sender/receiver info used in cipher known only to sender/receiver
•• encipher (encrypt)encipher (encrypt)--converting plaintext to converting plaintext to ciphertextciphertext
•
• decipher (decrypt)decipher (decrypt)--recovering recovering ciphertextciphertextfrom plaintextfrom plaintext
•• cryptographycryptography--study of encryption principles/methodsstudy of encryption principles/methods
•• cryptanalysis (cryptanalysis (codebreakingcodebreaking))--study of principles/ study of principles/
methods of deciphering
methods of deciphering ciphertextciphertextwithoutwithoutknowing keyknowing key
•• cryptologycryptology--field of both cryptography and cryptanalysisfield of both cryptography and cryptanalysis
Symmetric Cipher Model Symmetric Cipher Model
Requirements Requirements
•
• two requirements for secure use of two requirements for secure use of symmetric encryption:
symmetric encryption:
– – a strong encryption algorithm a strong encryption algorithm –
– a secret key known only to sender / receiver a secret key known only to sender / receiver
• • mathematically have: mathematically have:
Y Y = = E(K,X) E(K,X) X X = = D(K,Y) D(K,Y)
• • assume encryption algorithm is known assume encryption algorithm is known
• • implies a secure channel to distribute key implies a secure channel to distribute key
Cryptography Cryptography
• • can characterize cryptographic system by: can characterize cryptographic system by:
–
– type of encryption operations used type of encryption operations used
•• substitutionsubstitution
•• transpositiontransposition
•• productproduct
–
– number of keys used number of keys used
•• single-single-key or privatekey or private
•• two-two-key or publickey or public
– – way in which plaintext is processed way in which plaintext is processed
•• blockblock
•• streamstream
Cryptanalysis Cryptanalysis
• • objective to recover key not just message objective to recover key not just message
•
• general approaches: general approaches:
–
– cryptanalytic attack cryptanalytic attack – – brute brute- -force attack force attack
• • if either succeed all key use compromised if either succeed all key use compromised
Cryptanalytic Attacks Cryptanalytic Attacks
• • ciphertext ciphertext only only
––only know algorithm & ciphertextonly know algorithm & ciphertext, is statistical, must , is statistical, must know or be able to identify plaintext
know or be able to identify plaintext
• • known plaintext known plaintext
––attacker knows/suspects plaintext & ciphertextattacker knows/suspects plaintext & ciphertext
• • chosen plaintext chosen plaintext
––attacker selects plaintext and gets ciphertextattacker selects plaintext and gets ciphertext
•
• chosen ciphertext chosen ciphertext
––attacker selects ciphertextattacker selects ciphertextand gets plaintextand gets plaintext
•
• chosen text chosen text
––attacker selects plaintext or ciphertextattacker selects plaintext or ciphertext to en/decryptto en/decrypt
More Definitions More Definitions
• • unconditional security unconditional security
– – no matter how much computer power or time no matter how much computer power or time is available, the cipher cannot be broken is available, the cipher cannot be broken … … since the
since the ciphertext ciphertext provides provides insufficient insufficient information
information to uniquely determine the to uniquely determine the corresponding plaintext
corresponding plaintext
• • computational security computational security
– – given limited computing resources ( given limited computing resources (eg eg. time . time needed for calculations is greater than age of needed for calculations is greater than age of universe), the cipher cannot be broken
universe), the cipher cannot be broken
Brute Force Search Brute Force Search
•
• always possible to simply try every key always possible to simply try every key
• • most basic attack, proportional to key size most basic attack, proportional to key size
• • assume able to know / recognise plaintext assume able to know / recognise plaintext
Key Size (bits) Number of Alternative Keys
Time required at 1 decryption/µs
Time required at 106 decryptions/µs 32 232 = 4.3 × 109 231µs = 35.8 minutes 2.15 milliseconds 56 256 = 7.2 × 1016 255µs = 1142 years 10.01 hours 128 2128= 3.4 × 1038 2127µs = 5.4 × 1024years 5.4 × 1018years
168 2168= 3.7 × 1050 2167µs = 5.9 × 1036years 5.9 × 1030years
26 characters (permutation)
26! = 4 × 1026 2 × 1026µs = 6.4 × 1012years 6.4 × 106years
Classical Substitution Ciphers Classical Substitution Ciphers
• • letters of plaintext are replaced by other letters of plaintext are replaced by other letters or by numbers or symbols
letters or by numbers or symbols or or
• • plaintext is viewed as a sequence of plaintext is viewed as a sequence of bits, and substitution involves replacing bits, and substitution involves replacing plaintext bit patterns with
plaintext bit patterns with ciphertext ciphertext bit bit patterns
patterns
Caesar Cipher Caesar Cipher
•
• earliest known substitution cipher earliest known substitution cipher
• • by Julius Caesar by Julius Caesar
• • first attested use in military affairs first attested use in military affairs
• • replaces each letter by 3rd letter on replaces each letter by 3rd letter on
• • example: example:
meet me after the toga party meet me after the toga party PHHW PH DIWHU WKH WRJD SDUWB PHHW PH DIWHU WKH WRJD SDUWB
Caesar Cipher Caesar Cipher
• • can define transformation as: can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
• • mathematically give each letter a number mathematically give each letter a number
a b c d e f g h i j k l m n o p q r s t u v w x y a b c d e f g h i j k l m n o p q r s t u v w x y zz 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 2525
• • then have Caesar cipher as: then have Caesar cipher as:
c c = = E(k,p) E(k,p ) = = (p (p + + k) k) mod mod 26 26
p p = = D(k,c) D(k,c ) = = (c (c – – k) k) mod mod 26 26
Cryptanalysis of Caesar Cipher Cryptanalysis of Caesar Cipher
• • only have 26 possible ciphers only have 26 possible ciphers
– – A A maps to A,B...Z maps to A,B...Z
• • could simply try each in turn could simply try each in turn
• • a a brute force search brute force search
• • given ciphertext given ciphertext, just try all shifts of letters , just try all shifts of letters
• • do need to recognize when have plaintext do need to recognize when have plaintext
• • eg. break ciphertext eg. break ciphertext "GCUA VQ DTGCM " GCUA VQ DTGCM" "
Monoalphabetic
Monoalphabetic Cipher Cipher
• • rather than just shifting the alphabet rather than just shifting the alphabet
• • could shuffle (jumble) the letters arbitrarily could shuffle (jumble) the letters arbitrarily
•
• each plaintext letter maps to a different random each plaintext letter maps to a different random ciphertext
ciphertext letter letter
• • hence key is 26 letters long hence key is 26 letters long
Plain:
Plain: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN Plaintext:
Plaintext: ifwewishtoreplacelettersifwewishtoreplaceletters Ciphertext
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA : WIRFRWAJUHYFTSDVFSFUUFYA
Monoalphabetic
Monoalphabetic Cipher Security Cipher Security
• • now have a total of 26! = 4 x 10 now have a total of 26! = 4 x 10
2626keys keys
• • with so many keys, might think is secure with so many keys, might think is secure
• • but would be but would be !!!WRONG!!! !!!WRONG!!!
• • problem is language characteristics problem is language characteristics
Language Redundancy and Language Redundancy and
Cryptanalysis Cryptanalysis
•
• human languages are human languages are redundant redundant
• • eg " eg "th th lrd lrd s s m m shphrd shphrd shll shll nt nt wnt" wnt "
• • letters are not equally commonly used letters are not equally commonly used
• • in English in English E E is by far the most common letter is by far the most common letter
––followed by T,R,N,I,O,A,Sfollowed by T,R,N,I,O,A,S
• • other letters like other letters like Z,J,K,Q,X Z,J,K,Q,X are fairly rare are fairly rare
•
• have tables of single, double and triple letter have tables of single, double and triple letter frequencies for various languages
frequencies for various languages
English Letter Frequencies English Letter Frequencies
Use in Cryptanalysis Use in Cryptanalysis
• • key concept key concept - - monoalphabetic monoalphabetic substitution substitution
ciphers do not change relative letter frequencies ciphers do not change relative letter frequencies
• • discovered by Arabian scientists in 9 discovered by Arabian scientists in 9
ththcentury century
• • calculate letter frequencies for calculate letter frequencies for ciphertext ciphertext
• • compare counts/plots against known values compare counts/plots against known values
•
• if if caesar caesar cipher look for common peaks/troughs cipher look for common peaks/troughs
––peaks at: Apeaks at: A--EE--II triple, triple, NONOpair, RSTpair, RSTtripletriple ––troughs at: JKtroughs at: JK, X, X--ZZ
•
• for for monoalphabetic monoalphabetic must identify each letter must identify each letter
––tables of common double/triple letters helptables of common double/triple letters help
Example Cryptanalysis Example Cryptanalysis
• • given ciphertext given ciphertext: :
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
• • count relative letter frequencies (see text) count relative letter frequencies (see text)
• • guess P guess P and and Z Z are are e e and and t t
• • guess ZW guess ZW is is th th and hence and hence ZWP ZWP is the is the
• • proceeding with trial and error finally get: proceeding with trial and error finally get:
it was disclosed yesterday that several informal but it was disclosed yesterday that several informal but direct contacts have been made with political
direct contacts have been made with political representatives of the
representatives of the vietviet cong in moscowcong in moscow
Playfair
Playfair Cipher Cipher
• • not even the large number of keys in a not even the large number of keys in a monoalphabetic
monoalphabetic cipher provides security cipher provides security
• • one approach to improving security was to one approach to improving security was to encrypt multiple letters
encrypt multiple letters
• • the the Playfair Playfair Cipher Cipher is an example is an example
• • invented by Charles Wheatstone in 1854, invented by Charles Wheatstone in 1854, but named after his friend Baron
but named after his friend Baron Playfair Playfair
Playfair
Playfair Key Matrix Key Matrix
• • a 5X5 matrix of letters based on a keyword a 5X5 matrix of letters based on a keyword
•
• fill in letters of keyword (no duplicates) fill in letters of keyword (no duplicates)
• • fill rest of matrix with other letters fill rest of matrix with other letters
• • eg. using the keyword MONARCHY eg. using the keyword MONARCHY
MM OO NN AA RR C
C HH YY BB DD EE FF GG I/JI/J KK L
L PP QQ SS TT UU VV WW XX ZZ
Encrypting and Decrypting Encrypting and Decrypting
• • plaintext is encrypted two letters at a time plaintext is encrypted two letters at a time
1.
1. if a pair is a repeated letter, insert filler like 'X if a pair is a repeated letter, insert filler like ' X’ ’ 2. 2. if both letters fall in the same row, replace if both letters fall in the same row, replace
each with letter to right (wrapping back to start each with letter to right (wrapping back to start from end)
from end)
3. 3. if both letters fall in the same column, replace if both letters fall in the same column, replace each with the letter below it (wrapping to top each with the letter below it (wrapping to top from bottom)
from bottom)
4. 4. otherwise each letter is replaced by the letter otherwise each letter is replaced by the letter in the same row and in the column of the other in the same row and in the column of the other letter of the pair
letter of the pair
Security of
Security of Playfair Playfair Cipher Cipher
• • security much improved over monoalphabetic security much improved over monoalphabetic
• • since have 26 x 26 = 676 digrams since have 26 x 26 = 676 digrams
•
• would need a 676 entry frequency table to would need a 676 entry frequency table to analyse (verses 26 for a
analyse (verses 26 for a monoalphabetic monoalphabetic) )
• • and correspondingly more ciphertext and correspondingly more ciphertext
• • was widely used for many years was widely used for many years
–
– eg. by US & British military in WW1eg. by US & British military in WW1
• • it can it can be broken, given a few hundred letters be broken, given a few hundred letters
• • since still has much of plaintext structure since still has much of plaintext structure
Polyalphabetic
Polyalphabetic Ciphers Ciphers
•
• polyalphabetic polyalphabetic substitution ciphers substitution ciphers
• • improve security using multiple cipher alphabets improve security using multiple cipher alphabets
• • make cryptanalysis harder with more alphabets make cryptanalysis harder with more alphabets to guess and flatter frequency distribution
to guess and flatter frequency distribution
•
• use a key to select which alphabet is used for use a key to select which alphabet is used for each letter of the message
each letter of the message
• • use each alphabet in turn use each alphabet in turn
• • repeat from start after end of key is reached repeat from start after end of key is reached
Vigen
Vigenè ère re Cipher Cipher
• • simplest polyalphabetic simplest polyalphabetic substitution cipher substitution cipher
•
• effectively multiple caesar effectively multiple caesar ciphers ciphers
• • key is many letters long K key is many letters long K = = k k
11k k
22...k ... k
dd• • i i
ththletter specifies letter specifies i i
ththalphabet to use alphabet to use
• • use each alphabet in turn use each alphabet in turn
• • repeat from start after d repeat from start after d letters in message letters in message
• • decryption simply works in reverse decryption simply works in reverse
Example of
Example of Vigenè Vigen ère re Cipher Cipher
• • write the plaintext out write the plaintext out
• • write the keyword repeated above it write the keyword repeated above it
•
• use each key letter as a use each key letter as a caesar caesar cipher key cipher key
• • encrypt the corresponding plaintext letter encrypt the corresponding plaintext letter
• • eg eg. using keyword . using keyword deceptive deceptive
key:
key: deceptivedeceptivedeceptivedeceptivedeceptivedeceptive plaintext:
plaintext: wearediscoveredsaveyourselfwearediscoveredsaveyourself ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Aids to
Aids to Vigen Vigen ère è re Encryption Encryption
• • simple aids can assist with en/decryption simple aids can assist with en/decryption
• • a a Saint- Saint -Cyr Slide Cyr Slide is a simple manual aid is a simple manual aid
– – a slide with repeated alphabet a slide with repeated alphabet
– – line up plaintext ' line up plaintext 'A A ' with key letter, eg 'C ' with key letter, eg ' C ' ' – – then read off any mapping for key letter then read off any mapping for key letter
• • can bend round into a can bend round into a cipher disk cipher disk
• • or expand into a or expand into a Vigenè Vigen ère re Tableau Tableau
Security of
Security of Vigen Vigenè ère re Ciphers Ciphers
• • have multiple have multiple ciphertext ciphertext letters for each letters for each plaintext letter
plaintext letter
• • hence letter frequencies are obscured hence letter frequencies are obscured
• • but not totally lost but not totally lost
Attacking Vigen Vigen ère è re Ciphers Ciphers
• • start with letter frequencies start with letter frequencies
– – see if they look see if they look monoalphabetic monoalphabetic or not or not
• • if not, then need to determine number of if not, then need to determine number of alphabets
alphabets
• • then can attack each in turn then can attack each in turn
Kasiski
Kasiski Method Method
• • method developed by Babbage / Kasiski method developed by Babbage / Kasiski
•
• repetitions in ciphertext repetitions in ciphertext give clues to period give clues to period
• • so find same plaintext an exact period apart so find same plaintext an exact period apart
• • which results in the same which results in the same ciphertext ciphertext
• • of course, could also be random fluke of course, could also be random fluke
• • eg eg repeated repeated “ “VTW VTW” ” in previous example in previous example
key:
key: deceptivedeceptivedeceptivedeceptivedeceptivedeceptive plaintext:
plaintext: wearediscoveredsaveyourselfwearediscoveredsaveyourself ciphertext:ZIC
ciphertext:ZICVTWVTWQNGRZGQNGRZGVTWVTWAVZHCQYGLMGJAVZHCQYGLMGJ
• • suggests size of 3 or 9 suggests size of 3 or 9
• • then attack each monoalphabetic then attack each monoalphabetic cipher cipher individually using same techniques as before individually using same techniques as before
Autokey
Autokey Cipher Cipher
• • ideally want a key as long as the message ideally want a key as long as the message
• • Vigenè Vigen ère re proposed the proposed the autokey autokey cipher cipher
•
• with keyword is prefixed to message as key with keyword is prefixed to message as key
• • knowing keyword can recover the first few letters knowing keyword can recover the first few letters
• • use these in turn on the rest of the message use these in turn on the rest of the message
• • eg. given key eg . given key deceptive deceptive
key:
key: deceptivewearediscoveredsavdeceptivewearediscoveredsav plaintext:
plaintext: wearediscoveredsaveyourselfwearediscoveredsaveyourself ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA
• • but can still attack frequency characteristics … but can still attack frequency characteristics …
Vernam
Vernam Cipher Cipher
• • ultimate defense is to use a key as long as ultimate defense is to use a key as long as the plaintext
the plaintext
• • with no statistical relationship to it with no statistical relationship to it
• • invented by AT&T engineer Gilbert invented by AT&T engineer Gilbert Vernam
Vernam in 1918 in 1918
• • originally proposed using a very long but originally proposed using a very long but eventually repeating key
eventually repeating key
One- One -Time Pad Time Pad
•
• if a truly random key equally as long as the if a truly random key equally as long as the message is used, the cipher will be secure message is used, the cipher will be secure
• • called a One called a One- -Time pad Time pad
• • is unbreakable since is unbreakable since ciphertext ciphertext bears no bears no statistical relationship to the plaintext statistical relationship to the plaintext
• • since for since for any plaintext any plaintext and and any any ciphertext ciphertext there exists a key mapping one to other there exists a key mapping one to other
• • can only use the key can only use the key once once though though
•
• problems in generation & safe distribution of key problems in generation & safe distribution of key
Transposition Ciphers Transposition Ciphers
• • now consider classical now consider classical transposition transposition or or permutation
permutation ciphers ciphers
• • these hide the message by rearranging these hide the message by rearranging the letter order
the letter order
• • without altering the actual letters used without altering the actual letters used
• • can recognise these since have the same can recognise these since have the same frequency distribution as the original text frequency distribution as the original text
Rail Fence cipher Rail Fence cipher
• • write message letters out diagonally over a write message letters out diagonally over a number of rows
number of rows
• • then read off cipher row by row then read off cipher row by row
• • eg eg. message: . message: meetmeafterthetogaparty meetmeafterthetogaparty
• • then write message out as: then write message out as:
m e m a t r h t g p r y m e m a t r h t g p r y e t e f e t e o a a t e t e f e t e o a a t
• • giving giving ciphertext ciphertext
MEMATRHTGPRYETEFETEOAAT MEMATRHTGPRYETEFETEOAAT
Row Transposition Ciphers Row Transposition Ciphers
• • a more complex transposition a more complex transposition
• • write letters of message out in rows over a write letters of message out in rows over a specified number of columns
specified number of columns
• • then reorder the columns according to then reorder the columns according to some key before reading off the cols some key before reading off the cols
Key...plaintext column readout order:
Key...plaintext column readout order: 34215673421567 Plaintext: a t t a c k p
Plaintext: a t t a c k p o s t p o n e o s t p o n e d u n t i l t d u n t i l t w o a m x y z w o a m x y z Ciphertext
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ: TTNAAPTMTSUOAODWCOIXKNLYPETZ
Product Ciphers Product Ciphers
•
• ciphers using substitutions or transpositions are ciphers using substitutions or transpositions are not secure because of language characteristics not secure because of language characteristics
• • hence consider using several ciphers in hence consider using several ciphers in succession to make harder, but:
succession to make harder, but:
–
– two substitutions make a more complex substitution two substitutions make a more complex substitution –
– two transpositions make more complex transposition two transpositions make more complex transposition ––but a substitution followed by a transposition makes a but a substitution followed by a transposition makes a
new much harder cipher new much harder cipher
• • this is bridge from classical to modern ciphers this is bridge from classical to modern ciphers
Rotor Machines Rotor Machines
•
• before modern ciphers, rotor machines were before modern ciphers, rotor machines were most common complex ciphers in use
most common complex ciphers in use
• • widely used in WW2 widely used in WW2
–
– German Enigma, Allied German Enigma, Allied HagelinHagelin, Japanese Purple, Japanese Purple
