Upload
others
View
10
Download
0
Embed Size (px)
Citation preview
Prof. Seong-je Cho
Spring 2020
Computer Security & Operating Systems Lab,
Dept. of Software Science, DKU
Introduction to Software Security
Crypto Basics
- 2 -
Sources / References
Information Security: Principles and Practice, 2nd edition by Mark Stamp, Wiley, 2011
Behrouz A. Forouzan, Cryptography and network security, MH 2008
M. T. Goodrich and R. Tamassia, Introduction to Computer Security, Pearson (Addison-Wesley)
Many photos in presentation licensed from google images or wikipedia
Please do not duplicate and distribute
Computer Security & OS Lab, DKU
- 3 -
Contents
Codebook cipher
World War I, II
Crypto history
Crypto
Basic concepts
Cryptography
Cryptanalysis
Substitution Cipher
Transposition Cipher
Hill cipher
One-Time Pad
Computer Security & OS Lab, DKU
- 4 -
Codebook & Cipher
A code is a method used to encrypt a message that operates at the level of meaning; that is, words or phrases are converted into something else.
Examples of a phrase: “the green car”, “on Monday morning”, …
A codebook is needed to encrypt, and decrypt the phrases or words.
a codebook is a document used for implementing a code.
Ciphers encrypt messages at the level of individual letters, or small groups of letters, or even, in modern ciphers, individual bits.
Messages can be transformed first by a code, and then by a cipher.
Cipher: 암호 ( ≒ code). 암・복호화알고리즘
Cryptography: 암호작성술, 암호방식, 암호기법
Cryptanalysis: 암호해독술 ( = code breaking)
Cryptology: 암호작성[해독]술, 암호학 ( = Cryptography + Cryptanalysis)
Computer Security & OS Lab, DKU
World War & Cryptography
Computer Security & OS Lab, DKU
- 6 -
Zimmermann Telegram in WW I
Zimmermann Telegram was a secret diplomatic communication issued from the German Foreign Office in January 1917 that proposed a military alliance between Germany and Mexico.
If the United States entered World War I against Germany, Mexico would recover Texas, Arizona, and New Mexico.
The telegram was intercepted and decoded by British intelligence.
Telegram content
The message came in the form of a coded telegram dispatched by Arthur Zimmermann, a Staatssekretär (a top-level civil servant) in the Foreign Office of the German Empire on 19 January 1917.
The message was sent to the German ambassador to Mexico, Heinrich von Eckardt
Computer Security & OS Lab, DKU
- 7 -
Codebook
Literally, a book filled with “codewords”
Zimmerman Telegram encrypted via codebookFebruar 13605
fest 13732
finanzielle 13850
folgender 13918
Frieden 17142
Friedenschluss 17149
: :
Modern block ciphers are codebooks!
Computer Security & OS Lab, DKU
- 8 -
Early 20th Century
WWI Zimmerman Telegram
WWII golden age of cryptanalysis
Japanese Purple (codename MAGIC)
German Enigma (codename ULTRA)
Enigma Machine
The enigma machine was used to secure communication of German military throughout the second world war ...
:
He works alone to design a machine to decipher Enigma messages.
Computer Security & OS Lab, DKU
Cryptography(Cryptosystem)
Computer Security & OS Lab, DKU
- 10 -
Encryption / Decryption
Plaintext (평문 = 원문) – original message
= Clear text
Ciphertext (암호문) – coded message
= Cypertogram
Encryption (암호화)
Decryption (복호화 = 역암호화)
Key (키) - info used in encryption/decryption
Encryption key
Decryption key
Computer Security & OS Lab, DKU
- 11 -
Cipher – Algorithm for transforming plaintext/ciphertext
Example of Encryption and Decryption Process
Computer Security & OS Lab, DKU
• Algorithms: Substitution/Transposition, DES, AES, SEED, RSA, ECC, …
Source: McAfee, Tokenization vs Encryption
- 12 -
Basic Terms
Cryptography (암호기법) – Making “secret codes”. Encryption methods
Cryptanalysis (code breaking, 암호해독) - methods of deciphering ciphertext without knowing key
Cryptology (암호학) – field of both cryptography and cryptanalysis
Encrypt (Encipher, 암호) - converting plaintext to ciphertext
Decrypt (Decipher, 복호) - recovering ciphertext from plaintext
Computer Security & OS Lab, DKU
Source: 정보통신기술용어해설, http://www.ktword.co.kr/abbr_view.php?m_temp1=1681
암호프로토콜: 네트워크상의암호관련규약
- 13 -
Cryptography (암호기법)
Cryptography, a word with Greek origins, means “secret writing.”
The art or science encompassing the principles and methods of transforming an intelligible message into one that is unintelligible, and then retransforming that message back to its original form. Intelligible message: (쉽게) 이해할수있는메시지
A mathematical science of controlling access to information.
However, we use the term to refer to the science and art of transforming messages to make them secure and immune to attacks.
Cryptography deals with methods for protecting privacy and integrity.
Computer Security & OS Lab, DKU
- 14 -
Cryptography
a cipher (or cypher) is an algorithm for performing encryption or decryption
—a series of well-defined steps that can be followed as a procedure.
Cryptanalysis (or code breaking)
The study of principles and methods of transforming an unintelligible message back into an intelligible message without knowledge of the key.
Cryptographers create ciphers - Cryptography
Cryptanalyst break ciphers – Cryptanalysis
Cryptology: Both cryptography and cryptanalysis
The history of cryptography is an arms race between cryptographers and cryptanalysts.
Computer Security & OS Lab, DKU
- 15 -
Basic Concepts
Plaintext (평문, 원문)
The original intelligible message
Cipher text (암호문)
The transformed message
Cipher (Cypher)
An algorithm for transforming an intelligible message into one that is unintelligible by transposition and/or substitution methods
Key
Some critical information used by the cipher, known only to the sender & receiver
Encipher (encode): 암호화 = encrypt
The process of converting plaintext to cipher text using a cipher and a key
Decipher (decode): 복호화 = decrypt
the process of converting cipher text back into plaintext using a cipher and a key
Computer Security & OS Lab, DKU
- 16 -
Crypto
Cryptology The art and science of making and breaking “secret codes”
Cryptographymaking “secret codes”
Cryptanalysis breaking “secret codes”
Cryptosystem Pair of algorithms that take a key and convert plaintext to ciphertext and back. (평문과암호문, 암호화알고리즘과복호화알고리즘, key)로구성됨
Crypto all of the above (and more)
Computer Security & OS Lab, DKU
Alice Bob
Eve
- 17 -
Cryptosystem
A cryptosystem is a 5-tuple consisting of
(E,D,M,K,C)
Where,
E is an encryption algorithm
D is an decryption algorithm
M (P) is the set of plaintexts
K is the set of keys
C is the set of ciphertexts
C = E (M, K) or E : M ×K → C
M = D(C, K) or D : C ×K → M
Algorithm is public, key is private
Computer Security & OS Lab, DKU
- 18 -
Encryption Algorithm
Algorithm used to make content unreadable by all but the intended receivers
E(key, plaintext) = ciphertext
D(key, ciphertext) = plaintext
Algorithm is public, key is private
Block vs. Stream Ciphers
Block: input is fixed blocks of same length
Stream: stream of input
Computer Security & OS Lab, DKU
- 19 -
How to Speak Crypto
A cipher is used to encrypt the plaintext
The result of encryption is ciphertext
We decrypt ciphertext to recover plaintext
Symmetric key cryptosystem vs. Asymmetric key cryptosystem Symmetric key cryptography vs. Asymmetric key cryptography
Computer Security & OS Lab, DKU
Source: IBM Knowledge Center
plaintext: 평문 (P, M)
ciphertext: 암호문(C)
- 20 -
What is a Key?
A key is an input to a cryptographic algorithm used to obtain confidentiality, integrity, authenticity or other property over some data. The security of the cryptosystem often depends on keeping the key secret to some set of parties.
The keyspace is the set of all possible keys
Entropy is a measure of the variance in keys
typically measured in bits
Keys are often stored in some secure place: passwords, on disk keyrings, ...
TPM, secure co-processor, smartcards, ...
... and sometimes not, e.g., certificates
Computer Security & OS Lab, DKU
- 21 -
Crypto as Black Box
Computer Security & OS Lab, DKU
The message M is called the plaintext.
Alice will convert plaintext M to an encrypted form using an encryption algorithm E that outputs a ciphertext C for M.
encrypt decrypt
ciphertext
plaintext
sharedsecret
key
sharedsecret
key
CommunicationchannelSender Recipient
Attacker(eavesdropping)
plaintextplaintext
평문
Symmetric key cryptosystem
- 22 -
Crypto
Basis assumption The system is completely known to the attacker
Only the key is secret
Also known as Kerckhoffs’s Principle (케르크호프스의원칙)
Crypto algorithms are not secret (algorithms are open)
A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
Why do we make this assumption? Experience has shown that secret algorithms are weak when exposed
Secret algorithms never remain secret
Better to find weaknesses beforehand
Computer Security & OS Lab, DKU
- 23 -
Questions?
Is there the Nobel Prize in mathematics?
What is Field Medal?
Is there the Nobel Prize in Computer Science?
What is the Turing Award?
Who is the father of computer?
Charles Babbage
Who is the father of modern Computer Science?
Computer Security & OS Lab, DKU
- 24 -
Alan M. Turing
Father of Computer Science
Father of Modern Computer Science
Turing Award
Turing machines
are simple abstract computational devices intended to help investigate the extent and limitations of what can be computed.
Turing’s ‘automatic machines’, as he termed them in 1936, were specifically devised for the computing of real numbers. Today, they are considered to be one of the foundational models of computability and (theoretical) computer science.
Computer Security & OS Lab, DKU Source: Turing Machines, https://plato.stanford.edu/entries/turing-machine/
- 25 -
Alan M. Turing
mathematician, computer scientist, logician, cryptanalyst, philosopher, and theoretical biologist.
1912/06/23 ~ 1954/06/07
In 1950, Alan Turing introduced a test to check whether a machine can think like a human or not, this test is known as the Turing Test. In this test, Turing proposed that the computer can be said to be an intelligent if it can mimic human response under specific conditions.
Turing Test was introduced by Turing in his 1950 paper, "Computing Machinery and Intelligence," which considered the question, "Can Machine think?"
Computer Security & OS Lab, DKU
Source: Turing Test in AI
- 26 -
The Turing Test
The Turing test is a test of a machine's ability to exhibit intelligent behaviour equivalent to, or indistinguishable from, that of a human.
Turing proposed that a human evaluator would judge natural language conversations between a human and a machine designed to generate human-like responses.
The evaluator (C) would be aware that one of the two partners (A, B) in conversation is a machine, and all participants would be separated from one another.
The conversation would be limited to a text-only channel such as a computer keyboard and screen so the result would not depend on the machine's ability to render words as speech.
If the evaluator cannot reliably tell the machine from the human, the machine is said to have passed the test.
Computer Security & OS Lab, DKU
Turing test, in artificial intelligence, a test proposed (1950) by the English mathematician Alan M. Turing to determine whether a computer can “think.”
Source: Wikipedia, and Encyclopedia Britannica
- 27 -
The Imitation Game
Turing's original article describes a simple party game involving three players. Player A is a man, player B is a woman and player C (who plays the role of the interrogator) is of either sex.
In the imitation game, player C is unable to see either player A or player B, and can communicate with them only through written notes. By asking questions of player A and player B, player C tries to determine which of the two is the man and which is the woman. Player A's role is to trick the interrogator into making the wrong decision, while player B attempts to assist the interrogator in making the right one.
Turing then asks:
What will happen when a machine takes the part of A in this game? Will the interrogator decide wrongly as often when the game is played like this as he does when the game is played between a man and a woman? These questions replace our original, "Can machines think?”
The second version appeared later in Turing's 1950 paper. Similar to the original imitation game test, the role of player A is performed by a computer. However, the role of player B is performed by a man rather than a woman.
Computer Security & OS Lab, DKU
- 28 -
The Turing Test
“The Turing Test” is most properly used to refer to a proposal made by Turing (1950) as a way of dealing with the question whether machines can think. According to Turing, the question whether machines can think is
itself “too meaningless” to deserve discussion. However, if we consider the more precise—and somehow related—question whether a digital computer can do well in a certain kind of game that Turing describes (“The Imitation Game”), then—at least in Turing's eyes—we do have a question that admits of precise discussion.
Moreover, as we shall see, Turing himself thought that it would not be too long before we did have digital computers that could “do well” in the Imitation Game.
“The Turing Test” is sometimes used more generally to refer to some kinds of behavioural tests for the presence of mind, or thought, or intelligence in putatively minded entities. So, for example, it is sometimes suggested that The Turing Test is prefigured in Descartes' Discourse on the Method.
In the Discourse, Descartes says: …
Source: Stanford Encyclopedia of Philosophy, https://plato.stanford.edu/entries/turing-test/
Computer Security & OS Lab, DKU
- 29 -
Alan M. Turing
Computer Security & OS Lab, DKU
Cipher (Cypher)An algorithm for transforming an intelligible message into one that
is unintelligible by transposition and/or substitution methods.
A modern block cipher can be designed to act as a substitution cipher or a transposition cipher.
Computer Security & OS Lab, DKU
- 31 -
Substitution Ciphers
Substitutes one symbol for another (codebook)
Computer Security & OS Lab, DKU
Plaintext: BLUECiphertext: ANZO
Substitution: 대치, 치환, 대체
Source: Wikipedia
- 32 -
Transposition Ciphers (전치암호)
Scrambles the symbols to produce output
Computer Security & OS Lab, DKU
Plaintext: BLUECiphertext: UBLE
Columnar transposition• Plaintext: WE ARE DISCOVERED. FLEE AT ONCE• the keyword ZEBRAS is of length 6.
• The order of keyword: 6 3 2 4 1 5• Ciphertext: ?
Source: Wikipedia
Providing five nulls (QKJEU), these letters can be randomly selected as they just fill out the incomplete columns and are not part of the message.
• Ciphertext: EVLNE ACDTK ESEAQ ROFOJ DEECU WIREE
Substitution Cipher (치환암호 = 대치암호 = 환자암호)
Additive Cipher (덧셈암호)
Computer Security & OS Lab, DKU
- 34 -
Simple Substitution
Replace each letter with the one “three over” in the alphabet. Plain: meet me after the toga party
Key = ?
Computer Security & OS Lab, DKU
Cipher: PHHW PH DIWHU WKH WRJD SDUWB
Another example
Plaintext: fourscore and seven years ago
Ciphertext: IRXUVFRUH DQG VHYHQ BHDUV DJR
Shift by 3 is “Caesar cipher”
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Plaintext
Ciphertext
- 35 -
Caesar Cipher Decryption
Suppose we know a Caesar cipher is being used
Ciphertext: VSRQJH ERE VTXDUH SDQWV
Plaintext: sponge bob square pants
Computer Security & OS Lab, DKU
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Plaintext
Ciphertext
Caesar cipher = Shift cipher = Additive cipher
- 36 -
Shift cipher = Additive cipher
When the cipher is additive, the plaintext, ciphertext, and key are integers in Z26.
Caesar used a key of 3 for his communications.
Computer Security & OS Lab, DKU
- 37 -
Additive Cipher
An additive cipher with key = 15.
We apply the encryption algorithm to the plaintext, character by character:
Computer Security & OS Lab, DKU
We apply the decryption algorithm to the plaintext character by character:
- 38 -
Not-so-Simple Substitution
Shift by n for some n {0,1,2,…,25}
Then key is n
Example: key = 7
Computer Security & OS Lab, DKU
a b c d e f g h i j k l m n o p q r s t u v w x y z
H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
Plaintext Ciphertext
- 39 -
Cryptanalysis: Brute-force attack
Eve has intercepted the ciphertext “UVACLYFZLJBYL”. Show how she can use a brute-force attack to break the cipher.
Solution
Eve tries keys from 1 to 7. With a key of 7, the plaintext is “not very secure”, which makes sense.
Computer Security & OS Lab, DKU
- 40 -
Cryptanalysis I: Try Them All
Given A simple substitution (shift by n) is used
But the key is unknown
Given ciphertext: meqefscerhcsyeviekmvp
How to find the key?
Exhaustive key search Only 26 possible keys try them all!
Solution: key = 4
I AM A BOY AND YOU ARE A GIRL
Computer Security & OS Lab, DKU
- 41 -
Cryptanalysis I: Try Them All
Brute-force cryptanalysis of Caesar cipher
Computer Security & OS Lab, DKU
- 42 -
Simple Substitution with a keyword
If the keyword "zebras" is given:
One-to-One mapping
Plaintext alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphertext alphabet: ZEBRASCDFGHIJKLMNOPQTUVWXY
Plaintext: flee at once we are discovered
Ciphertext: SIAA ZQ LKBA VA ZOA RFPBLUAOAR
Computer Security & OS Lab, DKU
Source: Wikipedia
- 43 -
Even-less-Simple Substitution
Key is some permutation of letters
Need not be a shift (just one-to-one mapping)
Not sequential
For example
Then 26! > 288 possible keys! Dominates the art of secret writing throughout the first millennium
Computer Security & OS Lab, DKU
a b c d e f g h i j k l m n o p q r s t u v w x y z
J I C A X S E Y V D K W B Q T Z R H F M P N U L G O
Plaintext Ciphertext
- 44 -
Cryptanalysis II: Be Clever
We know that a simple substitution is used
But not necessarily a shift by n
Can we find the key given ciphertext:
PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXTOXBTFXQWAXBVCXQWAXFQJVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJVWLBTPQWAEBFPBFHCVLXBQUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGFOTHFEFBQUFTDHZBQPOTHXTYFTODXQHFTDPTOGHFQPBQWAQJJTODXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQWKFABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQJHDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQWAUVWFLQHGFXVAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAITIXPFHXAFQHEFZQWGFLVWPTOFFA
Computer Security & OS Lab, DKU
- 45 -
Cryptanalysis II
Can’t try all 288 simple substitution keys
Can we be more clever?
English letter frequency counts…
Computer Security & OS Lab, DKU
0.00
0.02
0.04
0.06
0.08
0.10
0.12
0.14
A C E G I K M O Q S U W Y
Substitution ciphers are vulnerable to frequency analysis attacks.
- 46 -
Cryptanalysis II
Ciphertext
PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXTOXBTFXQWAXBVCXQWAXFQJVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJVWLBTPQWAEBFPBFHCVLXBQUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGFOTHFEFBQUFTDHZBQPOTHXTYFTODXQHFTDPTOGHFQPBQWAQJJTODXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQWKFABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQJHDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQWAUVWFLQHGFXVAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAITIXPFHXAFQHEFZQWGFLVWPTOFFA
Decrypt this message using info below
Computer Security & OS Lab, DKU
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
21 26 6 10 12 51 10 25 10 9 3 10 0 1 15 28 42 0 0 27 4 24 22 28 6 8
Ciphertext frequency counts:
- 47 -
Frequency analysis history
Discovered by the Arabs
Earliest known description of frequency analysis is in a book by the 9-century scientist al-Kindi
Rediscovered or introduced from the Arabs in Europe during the Renaissance
Frequency analysis made substitution cipher inscure.
Frequency Statistics of Language
In addition to the frequency info of single letters, the frequency info of two-letter (digram) or three-letter (trigram) combinations can be used for the cryptanalysis
Most frequent digrams TH, HE, IN, ER, RE, AN, ON, EN, AT
Most frequent trigrams THE, ING, AND, HER, ERE, ENT, THA, NTH, WAS, ETH, FOR, DTH
Computer Security & OS Lab, DKU
- 48 -
Monoalphabetic Substitution Ciphers
Further generalization of the Caesar cipher,
is obtained by allowing any permutation of 26 characters for the cipher
Key size = 26 Key space = 26! 4x1026
Unique mapping of plaintext alphabet to ciphertext alphabet Monoalphabetic (단일문자치환암호)
but easily breakable by frequency analysis attack
Computer Security & OS Lab. DKU
- 49 -
Vigenere Cipher (비즈네르암호)
We can encrypt the message “She is listening” using the 6-character
A=00, B=01, C=02, D=03, …
keyword “PASCAL”.
Computer Security & OS Lab, DKU
(Plaintext + Key ) mod 26 = Ciphertext
Blaise de Vigenère (5 April 1523 – 19 February 1596) (French pronunciation: [viʒnɛːʁ]) was a French diplomat,
cryptographer, translator and alchemist.
- 50 -
Vigenere Cipher
A method of encrypting alphabetic text by using a series of different Caesar ciphers based on the letters of a keyword
Choose a keyword
Repeat the keyword to match character count to plaintext
Assign keyword character to plaintext characters
Replace plaintext with shifted letter from character’s Vigenere Table row
Computer Security & OS Lab. DKU
- 51 -
Polyalphabetic System with Vigenere Table
1st i Z
2nd i T
Computer Security & OS Lab. DKU
Plaintext: This is a sample messageKeyword: Darkly
column T by row D = W
column h by row a = H
column i by row r = Z
…
- 52 -
Vigenère cipher
• Best-known polyalphabetic ciphers
• Each key letter determines one of 26 Caesar (shift) ciphers
ci = Eki(pi) = pi + ki mod(key length)
• Example:
• Keyword is repeated to make a key as long as the plaintext
• Given a sufficient amount of ciphertext, common sequences are repeated, exposing the period (keyword length) Target of the cryptanalysis
Computer Security & OS Lab. DKU
Keyword: deceptivedeceptivedeceptive
Plaintext: wearediscoveredsaveyourself
Cipheretxt: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
- 53 -
Computer Security & OS Lab. DKU
Key: deceptivedeceptivedeceptive
Plaintext: wearediscoveredsaveyourself
Cipheretxt: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
- 54 -
Vigenère cipher
If the keyword length is N, then Vigenère cipher, in effect, consists of N mono-alphabetic substitution ciphers
Improvement over the Playfair cipher, but language structure and frequency information still remain
Vigenère autokey system: after key is exhausted, use plaintext for running key (to eliminate the periodic nature)
Key and plaintext share the same frequency distribution of letters a statistical technique can be used for the cryptanalysis, (e.g., e enciphered with e would occur with a frequency of (0.1275)2 0.0163, t enciphered with t would occur with a frequency of (0.0925)2 0.0086, etc.)
Computer Security & OS Lab. DKU
Key: deceptivewearediscoveredsav
Plaintext: wearediscoveredsaveyourself
Cipheretxt: ZICVTWQNGKZEIIGASXSTSLVVWLA
- 55 -
Substitution Boxes
Vigenère cipher can be visualized using a two-dimensional table
1st letter in a pair would specify a row
2nd letter in a pair would specify a column
Each entry would be the unique two-letter substitution to use for the pair
This substitution can also be done on binary numbers.
Such substitutions are usually described by substitution boxes, or S-boxes.
Computer Security & OS Lab. DKU
- 56 -
Substitution cipher
monoalphabetic cipher uses fixed substitution over the entire message,
polyalphabetic cipher uses a number of substitutions at different positions in the message, where a unit from the plaintext is mapped to one of several possibilities in the ciphertext and vice versa.
Shift ciphers are easy to break using brute force attacks, they have small key space.
Substitution ciphers vulnerable to frequency analysis attacks.
Vowels, which constitute 40 % of plaintext, are often separated by consonants.
EN is the most common two-letter combination, followed by RE, ER, and NT.
The letter Q is followed only by U
In the next lecture
The Hill Cipher
The One-time pad
Computer Security & OS Lab, DKU
The Hill cipher
(Polygraphic substitution ciphers)
Computer Security & OS Lab. DKU
Source: (1) The Hill Cipher: A Cryptosystem Using Linear Algebra, Robyn N. Taylor(2) Crypto Corner, Hill Cipher https://crypto.interactive-maths.com/hill-cipher.html(3) Wikipedia
- 58 -
Polygraphic substitution cipher
Basic shortcoming of such a simple letter-for-letter substitution
The same plaintext letters always get replaced by the same ciphertext letters (until the key is changed),
and that’s what makes the statistical analysis of letter frequencies applicable.
Polygraphic substitution cipher
The plaintext is divided into groups of adjacent letters of the same fixed length n, and then each such group is transformed into a different group of n letters.
Blocks of plaintext characters are replaced by blocks of ciphertext characters.
Group plaintext letters into blocks (size of 2, 3, 4, …)
Encipher blocks as other equal length blocks
If n is not too small, then such a polygraphic substitution can render letter frequency analysis useless.
» In case of n = 2
Computer Security & OS Lab, DKU
- 59 -
Polygraphic substitution cipher
Playfair cipher uses digraphs (two letters per group)
Playfair cipher worked in two letter blocks
= Hill 2-cipher
Restrict alphabet to capital letters
Y = Ax mod 26
Y is a 2 x 1 matrix of ciphertext numerical equivalents
A is a 2 x 2 matrix (cipher key)
x is a 2 x 1 matrix of plaintext numerical equivalents.
Computer Security & OS Lab, DKU
- 60 -
Polygraphic substitution cipher
Hill cipher uses three letters per group
Hill worked in three letter blocks
Y = Ax mod 26
Y is a 3 x 1 matrix of ciphertext numerical equivalents
A is a 3 x 3 matrix (cipher key)
x is a 3 x 1 matrix of plaintext numerical equivalents.
Y and x can be 3 x 4 matrix
» 12 letters can be encrypted or decrypted at once
Computer Security & OS Lab, DKU
- 61 -
The Hill Cipher
Use of linear algebra
To encrypt a message, each block of n letters (considered as an n-component vector) is multiplied by an invertible n× n matrix, again modulus 26.
The matrix used for encryption is the cipher key
The encryption key (or GYB NQK URP in letters) →
To decrypt the message, each block is multiplied by the inverse of the matrix used for encryption.
the inverse matrix of the key matrix (IFK VIV VMI in letters) decryption key
Computer Security & OS Lab. DKU
Source: http://en.wikipedia.org/wiki/Hill_cipher
- 62 -
The Hill Cipher
Encryption Key: GYB NQK URP in letters
Plaintext: ACT (A:0, C:2, T:19)
or Plaintext: CAT
Ciphertext of ‘ACT’ is (‘POH’),
Ciphertext of ‘CAT’ is (‘FIN’)
Decryption key
Computer Security & OS Lab. DKU
- 63 -
The Hill Cipher
Key matrix A = 3 x 3 matrix
Plaintext is the 10-letter message: WANT_HELP.
we are displaying a blank space in text as an underscore.
WAN T_H ELP …
22 0 13 19 28 7 4 11 15 26 26 26
Computer Security & OS Lab, DKU
output: 25 23 21 23 14 1 17 4 14 19 11 12 ciphertext: ZXV XOB REO TLM
One-time Pad
Computer Security & OS Lab, DKU
- 65 -
The one-time pad (OTP)
Assume you have a secret bit string s of length n known only to two parties, Alice and Bob Alice sends a message m of length of n to bob
Alice uses the following encryption function to generate ciphertext c
forall i=1 to n : ci = mi si
E.g., XOR the data with the secret bit string
An adversary Mallory cannot retrieve any part of the data
Computer Security & OS Lab, DKU
- 66 -
One-time Pad Encryption
Assume that the (right) key was given to Alice
Computer Security & OS Lab, DKU
e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111
Encryption: Plaintext Key = Ciphertext
Ph e i l h i t l e r
001 000 010 100 001 010 111 100 000 101
K 111 101 110 101 111 100 000 101 110 000
C110 101 100 001 110 110 111 001 110 101
s r l h s s t h s r
- 67 -
One-time Pad Decryption
Assume that the (right) key was given to Bob
Computer Security & OS Lab, DKU
e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111
Decryption: Ciphertext Key = Plaintext
Cs r l h s s t h s r
110 101 100 001 110 110 111 001 110 101
K 111 101 110 101 111 100 000 101 110 000
P001 000 010 100 001 010 111 100 000 101
h e i l h i t l e r
- 68 -
One-time Pad (1st threat scenario)
Double agent, Charlie, claims that the key was 101 111 000 … (wrong key.)
Bob cannot understand the decrypted message, and contact to Alice.
Computer Security & OS Lab, DKU
Double agent claims sender used “key”:
e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111
Cs r l h s s t h s r
110 101 100 001 110 110 111 001 110 101
K 101 111 000 101 111 100 000 101 110 000
P011 010 100 100 001 010 111 100 000 101
k i l l h i t l e r
- 69 -
One-time Pad (2nd threat scenario)
Assume that Alice is captured, but she is double agent and told the adversary the (wrong) key
The adversary didn’t know the fact and can release her.
Computer Security & OS Lab, DKU
Sender (Alice) is captured and claims the key is:
Cs r l h s s t h s r
110 101 100 001 110 110 111 001 110 101
K 111 101 000 011 101 110 001 011 101 101
P001 000 100 010 011 000 110 010 011 000
h e l i k e s i k e
e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111
- 70 -
One-time Pad Summary
Provably secure … , when used correctly Ciphertext provides no info about plaintext
All plaintexts are equally likely
… but, only when be used correctly
Pad must be random, used only once
Pad is known only by sender and receiver
Pad is same size as message
So, why not distribute msg instead of pad?
No assurance of message integrity
Why not distribute message(plaintext) the same way as the pad(key)?
Computer Security & OS Lab, DKU
Transposition cipher (전치암호),
Computer Security & OS Lab. DKU
- 72 -
Transposition Cipher
method of encryption by which the positions held by units of plaintext (which are commonly characters or groups of characters) are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext.
Hide the message by rearranging the letter order without altering the actual letters used
Examples Columnar transposition
Simple Columnar Transposition Numerically-Keyed Columnar Transposition
Route Transposition The rail-fence cipher The triangular pattern …
Computer Security & OS Lab. DKU
- 73 -
Columnar Transposition
Simple Columnar Transposition It enters the plaintext into a rectangle of a predetermined width and extracts ciphertext by columns from left to
right.
For example, a simple columnar transposition with a width of seven is shown below.
Plaintext:
ENEMY TANKS APPROACHING HILL EIGHT SIX THREE STOP
Ciphertext
ENOHHR NKAITE ESCLSE MAHLIS YPIEXT TPNITO ARGGHP
ENOHH RNKAI TEESC LSEMA HLISY PIEXT TPNIT OARGG HPXXX
Computer Security & OS Lab, DKU
- 74 -
Columnar Transposition
Numerically-Keyed Columnar Transposition Message is written in rectangle, row by row, but read off column by column;
The order of columns read off is the key
Example 1:
Example 2:Ciphertext is
EATI TNIH MEXN ETMG MEDT
Computer Security & OS Lab. DKU
Key: 4 3 1 2 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext:TTNA APTM TSUO AODW COIX KNLY PETZ
- 75 -
Double Transposition
Computer Security & OS Lab. DKU
Plaintext: attackxatxdawn
Permute rowsand columns
Key: matrix size and permutations (3,5,1,4,2) and (1,3,2)
Ciphertext: xwaxa txtak antdc (read off column by column)
xta wxn att xad akc (read off raw by raw)
Generalization: multiple transpositions
- 76 -
Route Transposition Cipher
Rail-Fence Cipher Write message on alternate rows, and read off cipher row by row
Example (Two rails): Meet me after the toga party
Example (Three rails) : 'WE ARE DISCOVERED. FLEE AT ONCE’
Computer Security & OS Lab. DKU
M e m a t r h t g p r y
e t e f e t e o a a tMEMATRHTGPRYETEFETEOAAT
W E C R L T E
E R D S O E E F E A O C
A I V D E N
WECRL TEERD SOEEF EAOCA IVDEN
- 77 -
Route Transposition Cipher
Rail-Fence Cipher Example (Four rails) : ‘REINFORCEMENTS ARRIVING NOW’
Triangular Pattern It is inscribed by rows and extracted by columns
Computer Security & OS Lab. DKU
CipherText: NMRGI FEEAR NNEOC NSIIO RRTVW
CipherText: RMIFE VEONI RIRTN NCSGE ANROW
- 78 -
Transposition Ciphers & P-boxes
Three Types of P-Boxes in a Modern Block Cipher
A P-box (permutation box) parallels the traditional transposition cipher for characters.
It transposes bits.
Computer Security & OS Lab, DKU
- 79 -
Transposition Ciphers & P-boxes
A straight P-box : all 6 possible mappings of a 3 × 3 P-box.
3 x 3 P-box = Input 3-bits and Output 3-bits
Computer Security & OS Lab, DKU
Example of a 64 x 64 permutation table for a straight P-box.
4 x 16 = 64
Substitution + Transposition
Computer Security & OS Lab, DKU
- 81 -
AES
AES (Advanced Encryption Standard)
Rijndael
Block cipher (Block size = 128 bits)
Computer Security & OS Lab, DKU
- 82 -
Summary
Substitution ciphers Mono-alphabetic : Caesar’s cipher
Poly-alphabetic : Vigenère cipher
Statistical analysis of letter frequencies & patterns
Polygraphic ciphers
The Hill cipher
One-time pad
Transposition ciphers
Computer Security & OS Lab, DKU