Introduction to Software Security Crypto Basicssecuresw.dankook.ac.kr/ISS20-1/ISS_15_2020_Crypto Basics... · 2020-05-19 · - 2 - Sources / References Information Security: Principles

Prof. Seong-je Cho

Spring 2020

Computer Security & Operating Systems Lab,

Dept. of Software Science, DKU

Introduction to Software Security

Crypto Basics

- 2 -

Sources / References

Information Security: Principles and Practice, 2nd edition by Mark Stamp, Wiley, 2011

Behrouz A. Forouzan, Cryptography and network security, MH 2008

M. T. Goodrich and R. Tamassia, Introduction to Computer Security, Pearson (Addison-Wesley)

Many photos in presentation licensed from google images or wikipedia

Please do not duplicate and distribute

Computer Security & OS Lab, DKU

- 3 -

Contents

Codebook cipher

World War I, II

Crypto history

Crypto

Basic concepts

Cryptography

Cryptanalysis

Substitution Cipher

Transposition Cipher

Hill cipher

One-Time Pad


- 4 -

Codebook & Cipher

A code is a method used to encrypt a message that operates at the level of meaning; that is, words or phrases are converted into something else.

Examples of a phrase: “the green car”, “on Monday morning”, …

A codebook is needed to encrypt, and decrypt the phrases or words.

a codebook is a document used for implementing a code.

Ciphers encrypt messages at the level of individual letters, or small groups of letters, or even, in modern ciphers, individual bits.

Messages can be transformed first by a code, and then by a cipher.

Cipher: 암호 ( ≒ code). 암･복호화알고리즘

Cryptography: 암호작성술, 암호방식, 암호기법

Cryptanalysis: 암호해독술 ( = code breaking)

Cryptology: 암호작성[해독]술, 암호학 ( = Cryptography + Cryptanalysis)


https://en.wikipedia.org/wiki/Message

https://en.wikipedia.org/wiki/Codebook

https://en.wikipedia.org/wiki/Code_(cryptography)

https://en.wikipedia.org/wiki/Ciphers

https://en.wikipedia.org/wiki/Bit

World War & Cryptography


- 6 -

Zimmermann Telegram in WW I

Zimmermann Telegram was a secret diplomatic communication issued from the German Foreign Office in January 1917 that proposed a military alliance between Germany and Mexico.

If the United States entered World War I against Germany, Mexico would recover Texas, Arizona, and New Mexico.

The telegram was intercepted and decoded by British intelligence.

Telegram content

The message came in the form of a coded telegram dispatched by Arthur Zimmermann, a Staatssekretär (a top-level civil servant) in the Foreign Office of the German Empire on 19 January 1917.

The message was sent to the German ambassador to Mexico, Heinrich von Eckardt


https://en.wikipedia.org/wiki/Federal_Foreign_Office

https://en.wikipedia.org/wiki/German_Empire

https://en.wikipedia.org/wiki/Mexico

https://en.wikipedia.org/wiki/United_States

https://en.wikipedia.org/wiki/World_War_I

https://en.wikipedia.org/wiki/Texas

https://en.wikipedia.org/wiki/Arizona

https://en.wikipedia.org/wiki/New_Mexico

https://en.wikipedia.org/wiki/Room_40

https://en.wikipedia.org/wiki/Code_(cryptography)

https://en.wikipedia.org/wiki/Arthur_Zimmermann

https://en.wikipedia.org/wiki/Secretary_of_state#Germany

https://en.wikipedia.org/wiki/Civil_servant

https://en.wikipedia.org/wiki/Heinrich_von_Eckardt

- 7 -

Codebook

Literally, a book filled with “codewords”

Zimmerman Telegram encrypted via codebookFebruar 13605

fest 13732

finanzielle 13850

folgender 13918

Frieden 17142

Friedenschluss 17149

: :

Modern block ciphers are codebooks!


- 8 -

Early 20th Century

WWI Zimmerman Telegram

WWII golden age of cryptanalysis

Japanese Purple (codename MAGIC)

German Enigma (codename ULTRA)

Enigma Machine

The enigma machine was used to secure communication of German military throughout the second world war ...

:

He works alone to design a machine to decipher Enigma messages.


http://en.wikipedia.org/wiki/Magic_(cryptography)

http://en.wikipedia.org/wiki/Enigma_machine

https://en.wikipedia.org/wiki/Bombe

Cryptography(Cryptosystem)


- 10 -

Encryption / Decryption

Plaintext (평문 = 원문) – original message

= Clear text

Ciphertext (암호문) – coded message

= Cypertogram

Encryption (암호화)

Decryption (복호화 = 역암호화)

Key (키) - info used in encryption/decryption

Encryption key

Decryption key


- 11 -

Cipher – Algorithm for transforming plaintext/ciphertext

Example of Encryption and Decryption Process


• Algorithms: Substitution/Transposition, DES, AES, SEED, RSA, ECC, …

Source: McAfee, Tokenization vs Encryption

- 12 -

Basic Terms

Cryptography (암호기법) – Making “secret codes”. Encryption methods

Cryptanalysis (code breaking, 암호해독) - methods of deciphering ciphertext without knowing key

Cryptology (암호학) – field of both cryptography and cryptanalysis

Encrypt (Encipher, 암호) - converting plaintext to ciphertext

Decrypt (Decipher, 복호) - recovering ciphertext from plaintext


Source: 정보통신기술용어해설, http://www.ktword.co.kr/abbr_view.php?m_temp1=1681

암호프로토콜: 네트워크상의암호관련규약

http://www.ktword.co.kr/abbr_view.php?m_temp1=1681

- 13 -

Cryptography (암호기법)

Cryptography, a word with Greek origins, means “secret writing.”

The art or science encompassing the principles and methods of transforming an intelligible message into one that is unintelligible, and then retransforming that message back to its original form. Intelligible message: (쉽게) 이해할수있는메시지

A mathematical science of controlling access to information.

However, we use the term to refer to the science and art of transforming messages to make them secure and immune to attacks.

Cryptography deals with methods for protecting privacy and integrity.


- 14 -

Cryptography

a cipher (or cypher) is an algorithm for performing encryption or decryption

—a series of well-defined steps that can be followed as a procedure.

Cryptanalysis (or code breaking)

The study of principles and methods of transforming an unintelligible message back into an intelligible message without knowledge of the key.

Cryptographers create ciphers - Cryptography

Cryptanalyst break ciphers – Cryptanalysis

Cryptology: Both cryptography and cryptanalysis

The history of cryptography is an arms race between cryptographers and cryptanalysts.


https://en.wikipedia.org/wiki/Algorithm

https://en.wikipedia.org/wiki/Encryption

https://en.wikipedia.org/wiki/Decryption

- 15 -

Basic Concepts

Plaintext (평문, 원문)

The original intelligible message

Cipher text (암호문)

The transformed message

Cipher (Cypher)

An algorithm for transforming an intelligible message into one that is unintelligible by transposition and/or substitution methods

Key

Some critical information used by the cipher, known only to the sender & receiver

Encipher (encode): 암호화 = encrypt

The process of converting plaintext to cipher text using a cipher and a key

Decipher (decode): 복호화 = decrypt

the process of converting cipher text back into plaintext using a cipher and a key


- 16 -

Crypto

Cryptology The art and science of making and breaking “secret codes”

Cryptographymaking “secret codes”

Cryptanalysis breaking “secret codes”

Cryptosystem Pair of algorithms that take a key and convert plaintext to ciphertext and back. (평문과암호문, 암호화알고리즘과복호화알고리즘, key)로구성됨

Crypto all of the above (and more)


Alice Bob

Eve

- 17 -

Cryptosystem

A cryptosystem is a 5-tuple consisting of

(E,D,M,K,C)

Where,

E is an encryption algorithm

D is an decryption algorithm

M (P) is the set of plaintexts

K is the set of keys

C is the set of ciphertexts

C = E (M, K) or E : M ×K → C

M = D(C, K) or D : C ×K → M

Algorithm is public, key is private


- 18 -

Encryption Algorithm

Algorithm used to make content unreadable by all but the intended receivers

E(key, plaintext) = ciphertext

D(key, ciphertext) = plaintext

Algorithm is public, key is private

Block vs. Stream Ciphers

Block: input is fixed blocks of same length

Stream: stream of input


- 19 -

How to Speak Crypto

A cipher is used to encrypt the plaintext

The result of encryption is ciphertext

We decrypt ciphertext to recover plaintext

Symmetric key cryptosystem vs. Asymmetric key cryptosystem Symmetric key cryptography vs. Asymmetric key cryptography


Source: IBM Knowledge Center

plaintext: 평문 (P, M)

ciphertext: 암호문(C)

- 20 -

What is a Key?

A key is an input to a cryptographic algorithm used to obtain confidentiality, integrity, authenticity or other property over some data. The security of the cryptosystem often depends on keeping the key secret to some set of parties.

The keyspace is the set of all possible keys

Entropy is a measure of the variance in keys

typically measured in bits

Keys are often stored in some secure place: passwords, on disk keyrings, ...

TPM, secure co-processor, smartcards, ...

... and sometimes not, e.g., certificates


- 21 -

Crypto as Black Box


The message M is called the plaintext.

Alice will convert plaintext M to an encrypted form using an encryption algorithm E that outputs a ciphertext C for M.

encrypt decrypt

ciphertext

plaintext

sharedsecret

key

sharedsecret

key

CommunicationchannelSender Recipient

Attacker(eavesdropping)

plaintextplaintext

평문

Symmetric key cryptosystem

- 22 -

Crypto

Basis assumption The system is completely known to the attacker

Only the key is secret

Also known as Kerckhoffs’s Principle (케르크호프스의원칙)

Crypto algorithms are not secret (algorithms are open)

A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

Why do we make this assumption? Experience has shown that secret algorithms are weak when exposed

Secret algorithms never remain secret

Better to find weaknesses beforehand


https://en.wikipedia.org/wiki/Cryptosystem

https://en.wikipedia.org/wiki/Cryptographic_key

- 23 -

Questions?

Is there the Nobel Prize in mathematics?

What is Field Medal?

Is there the Nobel Prize in Computer Science?

What is the Turing Award?

Who is the father of computer?

Charles Babbage

Who is the father of modern Computer Science?


- 24 -

Alan M. Turing

Father of Computer Science

Father of Modern Computer Science

Turing Award

Turing machines

are simple abstract computational devices intended to help investigate the extent and limitations of what can be computed.

Turing’s ‘automatic machines’, as he termed them in 1936, were specifically devised for the computing of real numbers. Today, they are considered to be one of the foundational models of computability and (theoretical) computer science.

Computer Security & OS Lab, DKU Source: Turing Machines, https://plato.stanford.edu/entries/turing-machine/

https://plato.stanford.edu/entries/turing-machine/

- 25 -

Alan M. Turing

mathematician, computer scientist, logician, cryptanalyst, philosopher, and theoretical biologist.

1912/06/23 ~ 1954/06/07

In 1950, Alan Turing introduced a test to check whether a machine can think like a human or not, this test is known as the Turing Test. In this test, Turing proposed that the computer can be said to be an intelligent if it can mimic human response under specific conditions.

Turing Test was introduced by Turing in his 1950 paper, "Computing Machinery and Intelligence," which considered the question, "Can Machine think?"


Source: Turing Test in AI

https://en.wikipedia.org/wiki/Computer_scientist

https://en.wikipedia.org/wiki/Logic

https://en.wikipedia.org/wiki/Cryptanalysis

https://en.wikipedia.org/wiki/Mathematical_and_theoretical_biology

- 26 -

The Turing Test

The Turing test is a test of a machine's ability to exhibit intelligent behaviour equivalent to, or indistinguishable from, that of a human.

Turing proposed that a human evaluator would judge natural language conversations between a human and a machine designed to generate human-like responses.

The evaluator (C) would be aware that one of the two partners (A, B) in conversation is a machine, and all participants would be separated from one another.

The conversation would be limited to a text-only channel such as a computer keyboard and screen so the result would not depend on the machine's ability to render words as speech.

If the evaluator cannot reliably tell the machine from the human, the machine is said to have passed the test.


Turing test, in artificial intelligence, a test proposed (1950) by the English mathematician Alan M. Turing to determine whether a computer can “think.”

Source: Wikipedia, and Encyclopedia Britannica

https://en.wikipedia.org/wiki/Artificial_intelligence

https://www.britannica.com/technology/artificial-intelligence

https://www.britannica.com/biography/Alan-Turing

https://www.britannica.com/technology/computer

- 27 -

The Imitation Game

Turing's original article describes a simple party game involving three players. Player A is a man, player B is a woman and player C (who plays the role of the interrogator) is of either sex.

In the imitation game, player C is unable to see either player A or player B, and can communicate with them only through written notes. By asking questions of player A and player B, player C tries to determine which of the two is the man and which is the woman. Player A's role is to trick the interrogator into making the wrong decision, while player B attempts to assist the interrogator in making the right one.

Turing then asks:

What will happen when a machine takes the part of A in this game? Will the interrogator decide wrongly as often when the game is played like this as he does when the game is played between a man and a woman? These questions replace our original, "Can machines think?”

The second version appeared later in Turing's 1950 paper. Similar to the original imitation game test, the role of player A is performed by a computer. However, the role of player B is performed by a man rather than a woman.


- 28 -

The Turing Test

“The Turing Test” is most properly used to refer to a proposal made by Turing (1950) as a way of dealing with the question whether machines can think. According to Turing, the question whether machines can think is

itself “too meaningless” to deserve discussion. However, if we consider the more precise—and somehow related—question whether a digital computer can do well in a certain kind of game that Turing describes (“The Imitation Game”), then—at least in Turing's eyes—we do have a question that admits of precise discussion.

Moreover, as we shall see, Turing himself thought that it would not be too long before we did have digital computers that could “do well” in the Imitation Game.

“The Turing Test” is sometimes used more generally to refer to some kinds of behavioural tests for the presence of mind, or thought, or intelligence in putatively minded entities. So, for example, it is sometimes suggested that The Turing Test is prefigured in Descartes' Discourse on the Method.

In the Discourse, Descartes says: …

Source: Stanford Encyclopedia of Philosophy, https://plato.stanford.edu/entries/turing-test/


https://plato.stanford.edu/entries/turing-test/

- 29 -

Alan M. Turing


Cipher (Cypher)An algorithm for transforming an intelligible message into one that

is unintelligible by transposition and/or substitution methods.

A modern block cipher can be designed to act as a substitution cipher or a transposition cipher.


- 31 -

Substitution Ciphers

Substitutes one symbol for another (codebook)


Plaintext: BLUECiphertext: ANZO

Substitution: 대치, 치환, 대체

Source: Wikipedia

- 32 -

Transposition Ciphers (전치암호)

Scrambles the symbols to produce output


Plaintext: BLUECiphertext: UBLE

Columnar transposition• Plaintext: WE ARE DISCOVERED. FLEE AT ONCE• the keyword ZEBRAS is of length 6.

• The order of keyword: 6 3 2 4 1 5• Ciphertext: ?

Source: Wikipedia

Providing five nulls (QKJEU), these letters can be randomly selected as they just fill out the incomplete columns and are not part of the message.

• Ciphertext: EVLNE ACDTK ESEAQ ROFOJ DEECU WIREE

Substitution Cipher (치환암호 = 대치암호 = 환자암호)

Additive Cipher (덧셈암호)


- 34 -

Simple Substitution

Replace each letter with the one “three over” in the alphabet. Plain: meet me after the toga party

Key = ?


Cipher: PHHW PH DIWHU WKH WRJD SDUWB

Another example

Plaintext: fourscore and seven years ago

Ciphertext: IRXUVFRUH DQG VHYHQ BHDUV DJR

Shift by 3 is “Caesar cipher”

a b c d e f g h i j k l m n o p q r s t u v w x y z

D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Plaintext

Ciphertext

- 35 -

Caesar Cipher Decryption

Suppose we know a Caesar cipher is being used

Ciphertext: VSRQJH ERE VTXDUH SDQWV

Plaintext: sponge bob square pants



D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Plaintext

Ciphertext

Caesar cipher = Shift cipher = Additive cipher

- 36 -

Shift cipher = Additive cipher

When the cipher is additive, the plaintext, ciphertext, and key are integers in Z26.

Caesar used a key of 3 for his communications.


- 37 -

Additive Cipher

An additive cipher with key = 15.

We apply the encryption algorithm to the plaintext, character by character:


We apply the decryption algorithm to the plaintext character by character:

- 38 -

Not-so-Simple Substitution

Shift by n for some n {0,1,2,…,25}

Then key is n

Example: key = 7



H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

Plaintext Ciphertext

- 39 -

Cryptanalysis: Brute-force attack

Eve has intercepted the ciphertext “UVACLYFZLJBYL”. Show how she can use a brute-force attack to break the cipher.

Solution

Eve tries keys from 1 to 7. With a key of 7, the plaintext is “not very secure”, which makes sense.


- 40 -

Cryptanalysis I: Try Them All

Given A simple substitution (shift by n) is used

But the key is unknown

Given ciphertext: meqefscerhcsyeviekmvp

How to find the key?

Exhaustive key search Only 26 possible keys try them all!

Solution: key = 4

I AM A BOY AND YOU ARE A GIRL


- 41 -

Cryptanalysis I: Try Them All

Brute-force cryptanalysis of Caesar cipher


- 42 -

Simple Substitution with a keyword

If the keyword "zebras" is given:

One-to-One mapping

Plaintext alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ

Ciphertext alphabet: ZEBRASCDFGHIJKLMNOPQTUVWXY

Plaintext: flee at once we are discovered

Ciphertext: SIAA ZQ LKBA VA ZOA RFPBLUAOAR


Source: Wikipedia

- 43 -

Even-less-Simple Substitution

Key is some permutation of letters

Need not be a shift (just one-to-one mapping)

Not sequential

For example

Then 26! > 288 possible keys! Dominates the art of secret writing throughout the first millennium



J I C A X S E Y V D K W B Q T Z R H F M P N U L G O

Plaintext Ciphertext

- 44 -

Cryptanalysis II: Be Clever

We know that a simple substitution is used

But not necessarily a shift by n

Can we find the key given ciphertext:

PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXTOXBTFXQWAXBVCXQWAXFQJVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJVWLBTPQWAEBFPBFHCVLXBQUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGFOTHFEFBQUFTDHZBQPOTHXTYFTODXQHFTDPTOGHFQPBQWAQJJTODXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQWKFABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQJHDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQWAUVWFLQHGFXVAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAITIXPFHXAFQHEFZQWGFLVWPTOFFA


- 45 -

Cryptanalysis II

Can’t try all 288 simple substitution keys

Can we be more clever?

English letter frequency counts…


0.00

0.02

0.04

0.06

0.08

0.10

0.12

0.14

A C E G I K M O Q S U W Y

Substitution ciphers are vulnerable to frequency analysis attacks.

- 46 -

Cryptanalysis II

Ciphertext

PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXTOXBTFXQWAXBVCXQWAXFQJVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJVWLBTPQWAEBFPBFHCVLXBQUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGFOTHFEFBQUFTDHZBQPOTHXTYFTODXQHFTDPTOGHFQPBQWAQJJTODXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQWKFABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQJHDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQWAUVWFLQHGFXVAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAITIXPFHXAFQHEFZQWGFLVWPTOFFA

Decrypt this message using info below


A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

21 26 6 10 12 51 10 25 10 9 3 10 0 1 15 28 42 0 0 27 4 24 22 28 6 8

Ciphertext frequency counts:

- 47 -

Frequency analysis history

Discovered by the Arabs

Earliest known description of frequency analysis is in a book by the 9-century scientist al-Kindi

Rediscovered or introduced from the Arabs in Europe during the Renaissance

Frequency analysis made substitution cipher inscure.

Frequency Statistics of Language

In addition to the frequency info of single letters, the frequency info of two-letter (digram) or three-letter (trigram) combinations can be used for the cryptanalysis

Most frequent digrams TH, HE, IN, ER, RE, AN, ON, EN, AT

Most frequent trigrams THE, ING, AND, HER, ERE, ENT, THA, NTH, WAS, ETH, FOR, DTH


- 48 -

Monoalphabetic Substitution Ciphers

Further generalization of the Caesar cipher,

is obtained by allowing any permutation of 26 characters for the cipher

Key size = 26 Key space = 26! 4x1026

Unique mapping of plaintext alphabet to ciphertext alphabet Monoalphabetic (단일문자치환암호)

but easily breakable by frequency analysis attack

Computer Security & OS Lab. DKU

- 49 -

Vigenere Cipher (비즈네르암호)

We can encrypt the message “She is listening” using the 6-character

A=00, B=01, C=02, D=03, …

keyword “PASCAL”.


(Plaintext + Key ) mod 26 = Ciphertext

Blaise de Vigenère (5 April 1523 – 19 February 1596) (French pronunciation: [viʒnɛːʁ]) was a French diplomat,

cryptographer, translator and alchemist.

- 50 -

Vigenere Cipher

A method of encrypting alphabetic text by using a series of different Caesar ciphers based on the letters of a keyword

Choose a keyword

Repeat the keyword to match character count to plaintext

Assign keyword character to plaintext characters

Replace plaintext with shifted letter from character’s Vigenere Table row



https://en.wikipedia.org/wiki/Alphabet

https://en.wikipedia.org/wiki/Caesar_cipher

- 51 -

Polyalphabetic System with Vigenere Table

1st i Z

2nd i T


Plaintext: This is a sample messageKeyword: Darkly

column T by row D = W

column h by row a = H

column i by row r = Z

…

- 52 -

Vigenère cipher

• Best-known polyalphabetic ciphers

• Each key letter determines one of 26 Caesar (shift) ciphers

ci = Eki(pi) = pi + ki mod(key length)

• Example:

• Keyword is repeated to make a key as long as the plaintext

• Given a sufficient amount of ciphertext, common sequences are repeated, exposing the period (keyword length) Target of the cryptanalysis


Keyword: deceptivedeceptivedeceptive

Plaintext: wearediscoveredsaveyourself

Cipheretxt: ZICVTWQNGRZGVTWAVZHCQYGLMGJ

- 53 -


Key: deceptivedeceptivedeceptive


Cipheretxt: ZICVTWQNGRZGVTWAVZHCQYGLMGJ

- 54 -

Vigenère cipher

If the keyword length is N, then Vigenère cipher, in effect, consists of N mono-alphabetic substitution ciphers

Improvement over the Playfair cipher, but language structure and frequency information still remain

Vigenère autokey system: after key is exhausted, use plaintext for running key (to eliminate the periodic nature)

Key and plaintext share the same frequency distribution of letters a statistical technique can be used for the cryptanalysis, (e.g., e enciphered with e would occur with a frequency of (0.1275)2 0.0163, t enciphered with t would occur with a frequency of (0.0925)2 0.0086, etc.)


Key: deceptivewearediscoveredsav


Cipheretxt: ZICVTWQNGKZEIIGASXSTSLVVWLA

- 55 -

Substitution Boxes

Vigenère cipher can be visualized using a two-dimensional table

1st letter in a pair would specify a row

2nd letter in a pair would specify a column

Each entry would be the unique two-letter substitution to use for the pair

This substitution can also be done on binary numbers.

Such substitutions are usually described by substitution boxes, or S-boxes.


- 56 -

Substitution cipher

monoalphabetic cipher uses fixed substitution over the entire message,

polyalphabetic cipher uses a number of substitutions at different positions in the message, where a unit from the plaintext is mapped to one of several possibilities in the ciphertext and vice versa.

Shift ciphers are easy to break using brute force attacks, they have small key space.

Substitution ciphers vulnerable to frequency analysis attacks.

Vowels, which constitute 40 % of plaintext, are often separated by consonants.

EN is the most common two-letter combination, followed by RE, ER, and NT.

The letter Q is followed only by U

In the next lecture

The Hill Cipher

The One-time pad


The Hill cipher

(Polygraphic substitution ciphers)


Source: (1) The Hill Cipher: A Cryptosystem Using Linear Algebra, Robyn N. Taylor(2) Crypto Corner, Hill Cipher https://crypto.interactive-maths.com/hill-cipher.html(3) Wikipedia

https://crypto.interactive-maths.com/hill-cipher.html

- 58 -

Polygraphic substitution cipher

Basic shortcoming of such a simple letter-for-letter substitution

The same plaintext letters always get replaced by the same ciphertext letters (until the key is changed),

and that’s what makes the statistical analysis of letter frequencies applicable.


The plaintext is divided into groups of adjacent letters of the same fixed length n, and then

each such group is transformed into a different group of n letters.

Blocks of plaintext characters are replaced by blocks of ciphertext characters.

Group plaintext letters into blocks (size of 2, 3, 4, …)

Encipher blocks as other equal length blocks

If n is not too small, then such a polygraphic substitution can render letter frequency analysis useless.

» In case of n = 2 (Plaintext: MISSISSIPPI MI SS IS SI PP IK)

» In case of n = 3 (Plaintext: MISSISSIPPI MIS SIS SIP PIK)


- 59 -


Playfair cipher uses digraphs (two letters per group)

Playfair cipher worked in two letter blocks

= Hill 2-cipher

Restrict alphabet to capital letters

Y = Ax mod 26

Y is a 2 x 1 matrix of ciphertext numerical equivalents

A is a 2 x 2 matrix (cipher key)

x is a 2 x 1 matrix of plaintext numerical equivalents.


Plaintext: ATKey: CDDG

Ciphertext: FK

- 60 -


Playfair cipher uses digraphs (two letters per group)

Y = Ax mod 26





- 61 -


Hill cipher uses three letters per group

Hill worked in three letter blocks

Y = Ax mod 26




Y and x can be 3 x 4 matrix

» 12 letters can be encrypted or decrypted at once


- 62 -

The Hill Cipher

Use of linear algebra

To encrypt a message, each block of n letters (considered as an n-component vector) is multiplied by an invertible n× n matrix, again modulus 26.

The matrix used for encryption is the cipher key

The encryption key (or GYB NQK URP in letters) →

To decrypt the message, each block is multiplied by the inverse of the matrix used for encryption.

the inverse matrix of the key matrix (IFK VIV VMI in letters) decryption key


Source: http://en.wikipedia.org/wiki/Hill_cipher

http://en.wikipedia.org/wiki/Vector_space

http://en.wikipedia.org/wiki/Matrix_(mathematics)

http://en.wikipedia.org/wiki/Modular_arithmetic

- 63 -

The Hill Cipher

Encryption Key: GYB NQK URP in letters

Plaintext: ACT (A:0, C:2, T:19)

or Plaintext: CAT

Ciphertext of ‘ACT’ is (‘POH’),

Ciphertext of ‘CAT’ is (‘FIN’)

Decryption key


- 64 -

The Hill Cipher

Key matrix A = 3 x 3 matrix

Plaintext is the 10-letter message: WANT_HELP.

we are displaying a blank space in text as an underscore.

WAN T_H ELP …

22 0 13 19 28 7 4 11 15 26 26 26


output: 25 23 21 23 14 1 17 4 14 19 11 12 ciphertext: ZXV XOB REO TLM

The One-time Pad


- 66 -

The one-time pad (OTP)

OTP an encryption technique that cannot be cracked, but

requires the use of a one-time pre-shared key the same size as, or longer than, the message being sent.

Assume you have a secret bit string s of length n known only to two parties, Alice and Bob Alice sends a message m of length of n to bob

Alice uses the following encryption function to generate ciphertext c

forall i=1 to n : ci = mi si

E.g., XOR the data with the secret bit string

An adversary Mallory cannot retrieve any part of the data



https://en.wikipedia.org/wiki/Cryptanalysis

https://en.wikipedia.org/wiki/Pre-shared_key

- 67 -

One-time Pad Encryption

Assume that the (right) key was given to Alice


e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111

Encryption: Plaintext Key = Ciphertext

Ph e i l h i t l e r

001 000 010 100 001 010 111 100 000 101

K 111 101 110 101 111 100 000 101 110 000

C110 101 100 001 110 110 111 001 110 101

s r l h s s t h s r

- 68 -

One-time Pad Decryption

Assume that the (right) key was given to Bob


e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111

Decryption: Ciphertext Key = Plaintext

Cs r l h s s t h s r

110 101 100 001 110 110 111 001 110 101

K 111 101 110 101 111 100 000 101 110 000

P001 000 010 100 001 010 111 100 000 101

h e i l h i t l e r

- 69 -

One-time Pad (1st threat scenario)

Double agent, Charlie, claims that the key was 101 111 000 … (wrong key.)

Bob cannot understand the decrypted message, and may contact to Alice.


Double agent claims sender used following “key”:

e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111


110 101 100 001 110 110 111 001 110 101

K 101 111 000 101 111 100 000 101 110 000

P011 010 100 100 001 010 111 100 000 101

k i l l h i t l e r

- 70 -

One-time Pad (2nd threat scenario)

Assume that Alice is captured, but she is double agent and told the adversary the (wrong) key

The adversary didn’t know the fact and can release her.


Or sender (Alice) is captured and claims the key is:


110 101 100 001 110 110 111 001 110 101

K 111 101 000 011 101 110 001 011 101 101

P001 000 100 010 011 000 110 010 011 000

h e l i k e s i k e

e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111

- 71 -

One-time Pad Summary

Provably secure … Ciphertext provides no info about plaintext

All plaintexts are equally likely

… but, only when be used correctly

Pad must be random, used only once

Pad is known only by sender and receiver

Note: Pad is same size as message It is necessary to share a pad of the same length as the message to be shared.

This pad must be shared in a completely secure method in order to protect the secrecy of the message.

So, why not distribute msg instead of pad? Why not distribute message(plaintext) the same way as the pad(key)?


Transposition cipher (전치암호),


- 73 -

Transposition Cipher

method of encryption by which the positions held by units of plaintext (which are commonly characters or groups of characters) are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext.

Hide the message by rearranging the letter order without altering the actual letters used

Examples Columnar transposition Simple Columnar TranspositionNumerically-Keyed Columnar Transposition

Route Transposition The rail-fence cipher The triangular pattern…


- 74 -

Columnar Transposition

Simple Columnar Transposition It enters the plaintext into a rectangle of a predetermined width and extracts ciphertext by columns from left to

right.

For example, a simple columnar transposition with a width of seven is shown below.

Plaintext:

ENEMY TANKS APPROACHING HILL EIGHT SIX THREE STOP

Ciphertext

ENOHHR NKAITE ESCLSE MAHLIS YPIEXT TPNITO ARGGHP

ENOHH RNKAI TEESC LSEMA HLISY PIEXT TPNIT OARGG HPXXX


- 75 -

Columnar Transposition

Numerically-Keyed Columnar Transposition Message is written in rectangle, row by row, but read off column by column;

The order of columns read off is the key

Example 1:

Example 2:Ciphertext is

EATI TNIH MEXN ETMG MEDT


Key: 4 3 1 2 5 6 7

Plaintext: a t t a c k p

o s t p o n e

d u n t i l t

w o a m x y z

Ciphertext:TTNA APTM TSUO AODW COIX KNLY PETZ

- 76 -

Double Transposition


Plaintext: attackxatxdawnx

Permute rowsand columns

Key: matrix size and permutations (3,5,1,4,2) and (1,3,2)

Ciphertext: xwaxa txtak antdc (read off column by column)

xta wxn att xad akc (read off raw by raw)

Generalization: multiple transpositions

- 77 -

Route Transposition Cipher

Rail-Fence Cipher Write message on alternate rows, and read off cipher row by row

Example (Two rails): Meet me after the toga party

Example (Three rails) : 'WE ARE DISCOVERED. FLEE AT ONCE’


M e m a t r h t g p r y

e t e f e t e o a a tMEMATRHTGPRYETEFETEOAAT

W E C R L T E

E R D S O E E F E A O C

A I V D E N

WECRL TEERD SOEEF EAOCA IVDEN

- 78 -

Route Transposition Cipher

Rail-Fence Cipher Example (Four rails) : ‘REINFORCEMENTS ARRIVING NOW’

Triangular Pattern It is inscribed by rows and extracted by columns


CipherText: NMRGI FEEAR NNEOC NSIIO RRTVW

CipherText: RMIFE VEONI RIRTN NCSGE ANROW

- 79 -

Transposition Ciphers & P-boxes

Three Types of P-Boxes in a Modern Block Cipher

A P-box (permutation box) parallels the traditional transposition cipher for characters.

It transposes bits.


- 80 -

Transposition Ciphers & P-boxes

A straight P-box : all 6 possible mappings of a 3 × 3 P-box.

3 x 3 P-box = Input 3-bits and Output 3-bits


Example of a 64 x 64 permutation table for a straight P-box.

64 (6 bits) = 4 x 16

Substitution + Transposition


- 82 -

AES

AES (Advanced Encryption Standard)

Rijndael

Block cipher (Block size = 128 bits)


- 83 -

Summary

Substitution ciphers Mono-alphabetic : Caesar’s cipher

Poly-alphabetic : Vigenère cipher

Statistical analysis of letter frequencies & patterns

Polygraphic ciphers

The Hill cipher (Block cipher)

One-time pad

Transposition ciphers Columnar transposition

Route transposition


Documents

Introduction to Software Security Crypto Basicssecuresw.dankook.ac.kr/ISS20-1/ISS_15_2020_Crypto Basics... · 2020-05-19 · - 2 - Sources / References Information Security: Principles