Cryptography I Exercises Luca Vigan` o Institut f ur - - PowerPoint PPT Presentation

cryptography i exercises
SMART_READER_LITE
LIVE PREVIEW

Cryptography I Exercises Luca Vigan` o Institut f ur - - PowerPoint PPT Presentation

Oct 15, 2023 806 likes •1.19k views

Cryptography I Exercises Luca Vigan` o Institut f ur Informatik Albert-Ludwigs-Universit at Freiburg IT-Security: Theory and Practice (WS02) Luca Vigan` o 1 Some definitions Cryptology: the study of secret writing.

slide-1
SLIDE 1

Cryptography I — Exercises —

Luca Vigan`

  • Institut f¨

ur Informatik Albert-Ludwigs-Universit¨ at Freiburg

IT-Security: Theory and Practice (WS02)

slide-2
SLIDE 2

Luca Vigan`

  • 1

Some definitions

  • Cryptology: the study of secret writing.
  • Cryptography: the science of secret writing.
  • Secret writing: codes and ciphers (more general).

– Code: a string of symbols stands for a complete message. Example: telegraph code “73” = “love and kisses”. – Cipher = cryptographic algorithm: transform plaintext P into ciphertext C (and vice versa).

  • Cryptanalysis: the science of recovering P (or keys and other secrets).

– Attack = attempted cryptanalysis. – Compromise = obtain secret by non-cryptanalytic means (theft, torture, ...). Also: steganography (hide secret messages in other messages).

IT-Security: Theory and Practice (WS02) 31.10.02

slide-3
SLIDE 3

Luca Vigan`

  • 2

Key-based cryptographic algorithms

  • General Schema: EKey1(P) = C, DKey2(C) = P

Encryption Decryption Plaintext Ciphertext Key1 Key2 Plain Text P C P

  • Security depends on secrecy of the key, not on the details of the algorithm

(which can be published and analyzed).

  • Symmetric algorithms: Key1 = Key2, or are easily derived from each other.

DKey2(C) = DKey2(EKey1(P)) = P .

  • Asymmetric or public key algorithms:

– Different keys, which cannot be derived from each other. – Public key can be published without compromising private key.

IT-Security: Theory and Practice (WS02) 31.10.02

slide-4
SLIDE 4

Luca Vigan`

  • 3

Goals of cryptography

Protection goals:

  • Confidentiality: prevention of unauthorized disclosure of information (only

selected principals should be able to access data/message).

  • Integrity: prevention of unauthorized modification of information (an intruder

should not be able to modify a message in transit).

  • Availability: prevention of unauthorized withholding of information or resources.
  • Authentication: an intruder should not be able to masquerade as someone else.
  • Nonrepudiation: a sender should not be able to falsely deny later that he sent a

message.

  • etc. (see, for instance, Gollmann’s book)

IT-Security: Theory and Practice (WS02) 31.10.02

slide-5
SLIDE 5

Luca Vigan`

  • 4

Historical perspective

  • Code: a string of symbols stands for a complete message.

– Example: ‘OCELOT’ is ciphertext for ‘TURN LEFT 90 DEGREES’ and ‘LOLLIPOP’ is ciphertext for ‘TURN RIGHT 90 DEGREES’. – But: if there is no entry for ‘ANTEATER’, then you can’t say it.

  • Cipher (cryptographic algorithm): one-to-one correspondence between symbols
  • f original message (plaintext P) and symbols of its equivalent in secret writing

(ciphertext C).

  • Classical ciphers: simple algorithms (military, ordinary citizens, ...).
  • Modern ciphers: computer cryptography.

– Yesterday: exclusive domain of the world’s militaries, governments, ... – Today: state-of-the-art cryptography accessible to ordinary citizens.

IT-Security: Theory and Practice (WS02) 31.10.02

slide-6
SLIDE 6

Luca Vigan`

  • 5

Transposition ciphers

Rearrange (order of) bits or characters in the plaintext.

  • Keys are functions for transposition.
  • More formally:

– For block length t, let K be the set of permutations on {1, . . . , t}. For each e ∈ K and m ∈ M Ee(m) = me(1)me(2) · · · me(t) – The set of all such transformations is called a transposition cipher. – To decrypt c = c1c2 · · · ct compute Dd(c) = cd(1)cd(2) · · · cd(t).

  • N.B.: cryptanalysis easy as frequencies (of letters) preserved.
  • Examples:

– Aduaenttlydhatoiekounletmtoihahvsekeeeleeyqonouv = ??? – EARN SAIS CNE = ???

IT-Security: Theory and Practice (WS02) 31.10.02

slide-7
SLIDE 7

Luca Vigan`

  • 6

Transposition ciphers (cont.)

  • P = And in the end the love you take is equal to the love you make

A n d i n t h e e n d t h e l

  • v

e y

  • u

t a k e i s e q u a l t

  • t

h e l

  • v

e y

  • u

m a k e

C = Aduaenttlydhatoiekounletmtoihahvsekeeeleeyqonouv Key (in this case: the grid) is function for transposition.

  • Scytale: wrap belt spirally around baton and write plaintext lengthwise on it

(ancient Greeks, who also used concealment ciphers).

  • Fixed period:

Period 4 and i = 1, 2, 3, 4 f (i) = 2, 4, 1, 3 ⇒ RENA ISSA NCE EARN SAIS CNE

IT-Security: Theory and Practice (WS02) 31.10.02

slide-8
SLIDE 8

Luca Vigan`

  • 7

Substitution ciphers

Replace parts of plaintext (bits, characters, blocks) with ciphertext.

  • Can be almost always easily broken.
  • Keys are functions for substitution.
  • Monoalphabetic or polyalphabetic (and other types).
  • Used in some modern commercial computer security products, in conjunction

with other methods.

IT-Security: Theory and Practice (WS02) 31.10.02

slide-9
SLIDE 9

Luca Vigan`

  • 8

Mono-alphabetic substitution ciphers

  • Let K be the set of all permutations on the alphabet A. Define for each e ∈ K

an encryption transformation Ee on strings m = m1m2 · · · mn ∈ M as Ee(m) = e(m1)e(m2) · · · e(mn) = c1c2 · · · cn = c

  • To decrypt c, compute the inverse permutation d = e−1 and

Dd(c) = d(c1)d(c2) · · · d(cn) = m

  • Ee is a simple substitution cipher or a mono-alphabetic substitution cipher.

IT-Security: Theory and Practice (WS02) 31.10.02

slide-10
SLIDE 10

Luca Vigan`

  • 9

Examples of substitution ciphers

  • Caesar cipher: each plaintext character is replaced by the character three to the

right modulo 26. – ‘A’ is replaced by ‘D’, ‘B’ by ‘E’, ..., ‘X’ by ‘A’, ... ⇒ KHOOR ZRUOG = HELLO WORLD

  • ROT13: rotate every letter by 13 places

– ‘A’ is replaced by ‘N’, ‘B’ by ‘O’, ..., ‘N’ by ‘A’, ..., ‘P’ by ‘C’, ... – P = ROT13(ROT13(P)) ⇒ Zl anzr vf Nqnz = My name is Adam

  • Alphanumeric (‘crossword puzzle’, ‘Kreuzwortr¨

atsel’): substitute numbers for letters. – Example: ‘A’ is replaced by ‘1’, ‘B’ by ‘2’, ... ⇒ 2-25-5 2-25-5 = BYE BYE

IT-Security: Theory and Practice (WS02) 31.10.02

slide-11
SLIDE 11

Luca Vigan`

  • 10

Advanced Caesar cipher

  • Caesar Cipher: each plaintext character is replaced by the character three to

the right modulo 26.

  • Advanced Caesar Cipher: key = number of characters of alphabet’s offset,

e.g. with shift 19:

Plaintext: A B C D E F G H I J . . . U V W X Y Z Ciphertext: T U V W X Y Z A B C . . . N O P Q R S

  • Shift n can be broken by hand! How?

IT-Security: Theory and Practice (WS02) 31.10.02

slide-12
SLIDE 12

Luca Vigan`

  • 10

Advanced Caesar cipher

  • Caesar Cipher: each plaintext character is replaced by the character three to

the right modulo 26.

  • Advanced Caesar Cipher: key = number of characters of alphabet’s offset,

e.g. with shift 19:

Plaintext: A B C D E F G H I J . . . U V W X Y Z Ciphertext: T U V W X Y Z A B C . . . N O P Q R S

  • Shift n can be broken by hand! How?
  • Unknown shift is one of possible 26... use computer to try them all out...

IT-Security: Theory and Practice (WS02) 31.10.02

slide-13
SLIDE 13

Luca Vigan`

  • 10

Advanced Caesar cipher

  • Caesar Cipher: each plaintext character is replaced by the character three to

the right modulo 26.

  • Advanced Caesar Cipher: key = number of characters of alphabet’s offset,

e.g. with shift 19:

Plaintext: A B C D E F G H I J . . . U V W X Y Z Ciphertext: T U V W X Y Z A B C . . . N O P Q R S

  • Shift n can be broken by hand! How?
  • Unknown shift is one of possible 26... use computer to try them all out...
  • ...but can computer recognize “readable English (German, Japanese,...) texts”?
  • A better approach is to use statistical data about letter frequencies...

IT-Security: Theory and Practice (WS02) 31.10.02

slide-14
SLIDE 14

Luca Vigan`

  • 11

Advanced Caesar Cipher — Exercise

Relative frequencies in an English text of 1000 letters:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 73 9 30 44 130 28 16 35 74 2 3 35 25 78 74 27 3 77 63 93 27 13 16 5 19 1

Use this information to decide the most likely shift used to obtain:

K DKVO DYVN LI KX SNSYD, PEVV YP CYEXN KXN PEBI, CSQXSPISXQ XYDRSXQ.

Don’t just use “brute force” but proceed strategically: tally the frequencies of letters in the ciphertext

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

and then try a shift so that there is a correspondence between the English Language Frequencies and the Enciphered Message Frequencies.

IT-Security: Theory and Practice (WS02) 31.10.02

slide-15
SLIDE 15

Luca Vigan`

  • 12

Advanced Caesar Cipher — Exercise solution

Relative frequencies in an English text of 1000 letters:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 73 9 30 44 130 28 16 35 74 2 3 35 25 78 74 27 3 77 63 93 27 13 16 5 19 1

K DKVO DYVN LI KX SNSYD, PEVV YP CYEXN KXN PEBI, CSQXSPISXQ XYDRSXQ.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 4 3 3 4 1 4 1 4 3 1 6 4 7 5

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 73 9 30 44 130 28 16 35 74 2 3 35 25 78 74 27 3 77 63 93 27 13 16 5 19 1 K L M N O P Q R S T U V W X Y Z A B C D E F G H I J 4 1 4 1 4 3 1 6 4 7 5 1 2 4 3 3

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z K L M N O P Q R S T U V W X Y Z A B C D E F G H I J IT-Security: Theory and Practice (WS02) 31.10.02

slide-16
SLIDE 16

Luca Vigan`

  • 13

Advanced Caesar Cipher — Exercise solution

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

so that

K DKVO DYVN LI KX SNSYD, PEVV YP CYEXN KXN PEBI, CSQXSPISXQ XYDRSXQ.

is decrypted to

A TALE TOLD BY AN IDIOT, FULL OF SOUND AND FURY, SIGNIFYING NOTHING.

which is an excerpt from

IT-Security: Theory and Practice (WS02) 31.10.02

slide-17
SLIDE 17

Luca Vigan`

  • 13

Advanced Caesar Cipher — Exercise solution

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

so that

K DKVO DYVN LI KX SNSYD, PEVV YP CYEXN KXN PEBI, CSQXSPISXQ XYDRSXQ.

is decrypted to

A TALE TOLD BY AN IDIOT, FULL OF SOUND AND FURY, SIGNIFYING NOTHING.

which is an excerpt from William Shakespeare’s Macbeth, Act V, Scene 5

To-morrow, and to-morrow, and to-morrow, Creeps in this petty pace from day to day, To the last syllable of recorded time; And all our yesterdays have lighted fools The way to dusty death. Out, out, brief candle! Life’s but a walking shadow; a poor player, That struts and frets his hour upon the stage, And then is heard no more: it is a tale Told by an idiot, full of sound and fury, Signifying nothing. IT-Security: Theory and Practice (WS02) 31.10.02

slide-18
SLIDE 18

Luca Vigan`

  • 14

Advanced Caesar Cipher — Another Exercise

K DKVO DYVN LI KX SNSYD, PEVV YP CYEXN KXN PEBI, CSQXSPISXQ XYDRSXQ.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 73 9 30 44 130 28 16 35 74 2 3 35 25 78 74 27 3 77 63 93 27 13 16 5 19 1 K L M N O P Q R S T U V W X Y Z A B C D E F G H I J 4 1 4 1 4 3 1 6 4 7 5 1 2 4 3 3

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

A TALE TOLD BY AN IDIOT, FULL OF SOUND AND FURY, SIGNIFYING NOTHING.

Question: why is this not a very good example for the use (and decryption) of an advanced Caesar cipher by frequency analysis? As a comparison, decrypt the following ciphertext and explain why it is better suited for frequency analysis

QBB JXU MEHBT YI Q IJQWU QDT QBB JXU CUD QDT MECUD CUHUBO FBQOUHI

IT-Security: Theory and Practice (WS02) 31.10.02

slide-19
SLIDE 19

Luca Vigan`

  • 15

Successfull Substitution Ciphers

To resist to frequency analysis, successfull substitution ciphers employ several advanced Caesar ciphers at once, e.g. by employing several cipher-disks

  • r a Vigen`

ere cipher. For example, try to decrypt the ciphertext

KS ME HZ BBL KS ME MPOG AJ XSE JCSFLZSY

IT-Security: Theory and Practice (WS02) 31.10.02

slide-20
SLIDE 20

Luca Vigan`

  • 16

The Vigen` ere Cipher

A polyalphabetic substitution cipher based on a tableau where each row is a Caesar Cipher with incremental shift (by Blaise de Vigen` ere from the court of Henry III of France in the 16th century):

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y IT-Security: Theory and Practice (WS02) 31.10.02

slide-21
SLIDE 21

Luca Vigan`

  • 17

The Vigen` ere Cipher — Encipherment

  • Use the table together with a keyword to encipher a message.
  • If we use the keyword RELATIONS to encipher the plaintext message

TO BE OR NOT TO BE THAT IS THE QUESTION

then the ciphertext

Keyword: RE LA TI ONS RE LA TION SR ELA TIONSREL Plaintext: TO BE OR NOT TO BE THAT IS THE QUESTION Ciphertext: KS ME HZ BBL KS ME MPOG AJ XSE JCSFLZSY

follows by the intersection of the columns given by the plaintext letters and the rows given by the corresponding keyword letters

A B · · · T · · · A A B · · · · · · · · · B B C · · · · · · · · · . . . . . . . . . . . . . . . . . . R R S · · · K · · · . . . . . . . . . · · · · · · · · ·

IT-Security: Theory and Practice (WS02) 31.10.02

slide-22
SLIDE 22

Luca Vigan`

  • 18

The Vigen` ere Cipher — Decipherment

Encipherment:

Keyword: RE LA TI ONS RE LA TION SR ELA TIONSREL Plaintext: TO BE OR NOT TO BE THAT IS THE QUESTION Ciphertext: KS ME HZ BBL KS ME MPOG AJ XSE JCSFLZSY

Decipherment:

Keyword: RE LA TI ONS RE LA TION SR ELA TIONSREL Ciphertext: KS ME HZ BBL KS ME MPOG AJ XSE JCSFLZSY Plaintext: TO BE OR NOT TO BE THAT IS THE QUESTION

Use the keyword letter to pick a column of the table and then trace down the column to the row containing the ciphertext letter: the index of that row is the plaintext letter.

A B · · · R · · · A A B · · · · · · · · · B B C · · · · · · · · · . . . . . . . . . . . . . . . . . . T T U · · · K · · · . . . . . . . . . · · · · · · · · ·

IT-Security: Theory and Practice (WS02) 31.10.02

slide-23
SLIDE 23

Luca Vigan`

  • 19

The Vigen` ere Cipher — Discussion

Keyword: RE LA TI ONS RE LA TION SR ELA TIONSREL Plaintext: TO BE OR NOT TO BE THAT IS THE QUESTION Ciphertext: KS ME HZ BBL KS ME MPOG AJ XSE JCSFLZSY

  • This ciphertext illustrates the strength of the Vigen`

ere cipher against frequency analysis.

  • How?

IT-Security: Theory and Practice (WS02) 31.10.02

slide-24
SLIDE 24

Luca Vigan`

  • 19

The Vigen` ere Cipher — Discussion

Keyword: RE LA TI ONS RE LA TION SR ELA TIONSREL Plaintext: TO BE OR NOT TO BE THAT IS THE QUESTION Ciphertext: KS ME HZ BBL KS ME MPOG AJ XSE JCSFLZSY

  • This ciphertext illustrates the strength of the Vigen`

ere cipher against frequency analysis.

  • How? Look, for example, at the 7 ‘T’s in the plaintext.

IT-Security: Theory and Practice (WS02) 31.10.02

slide-25
SLIDE 25

Luca Vigan`

  • 19

The Vigen` ere Cipher — Discussion

Keyword: RE LA TI ONS RE LA TION SR ELA TIONSREL Plaintext: TO BE OR NOT TO BE THAT IS THE QUESTION Ciphertext: KS ME HZ BBL KS ME MPOG AJ XSE JCSFLZSY

  • This ciphertext illustrates the strength of the Vigen`

ere cipher against frequency analysis.

  • How? Look, for example, at the 7 ‘T’s in the plaintext.
  • They have been encrypted by ‘H’, ‘L’, ‘K’, ‘M’, ‘G’, ‘X’, ’L’.
  • This successfully masks the frequency characteristics of the English ‘T.’
  • In a nutshell: each letter of the keyword RELATIONS picks out 1 of the 26

possible substitution alphabets given in the Vigen` ere tableau.

  • Thus, any message encrypted by a Vigen`

ere cipher is a collection of as many simple substitution ciphers as there are letters in the keyword.

IT-Security: Theory and Practice (WS02) 31.10.02

slide-26
SLIDE 26

Luca Vigan`

  • 20

The Vigen` ere Cipher — Attacks and Variations

  • The Vigen`

ere Cipher can be broken with the Kasiski/Kerckhoff Method (1863): find the length of the keyword and then divide the message into that many simple substitution cryptograms that can be attacked by frequency analysis.

  • The Gronsfeld Cipher is a modern variant of the Vigen`

ere Cipher in which a key number is used instead of a keyword, e.g. 14965.

  • Other ciphers in the next exercises and in the bibliography, including the

Polybius Cipher, the Playfair Cipher, the ADFGVX Cipher, and the Enigma Machine.

IT-Security: Theory and Practice (WS02) 31.10.02

slide-27
SLIDE 27

Luca Vigan`

  • 21

A modern cipher: XOR

0 ⊕ 0 = 0 ⊕ 1 = 1 1 ⊕ 0 = 1 1 ⊕ 1 = where a ⊕ a = a ⊕ b ⊕ b = a XOR can be used as polyalphabetic cipher: P ⊕ K = C C ⊕ K = P but it can be trivially broken!

IT-Security: Theory and Practice (WS02) 31.10.02

slide-28
SLIDE 28

Luca Vigan`

  • 22

One-time pads (Vernam cipher)

  • Perfect encryption scheme!
  • Invented in 1917, still used today for ultra-secure low-bandwidth channels.
  • Large nonrepeating set of truly random key letters, written on sheets of paper,

and glued together in a pad.

  • New message ⇒ new key letters.
  • Can be extended to binary data, using XOR.

IT-Security: Theory and Practice (WS02) 31.10.02

slide-29
SLIDE 29

Luca Vigan`

  • 23

One-time pads

  • A one-time pad is a stream cipher defined on A = {0, 1}. Message m1 · · · mn is

encrypted by a binary key string k1 · · · kn. Ek1···kn(m1 · · · mn) = (m1 ⊕ k1) · · · (mn ⊕ kn) Dk1···kn(c1 · · · cn) = (c1 ⊕ k1) · · · (cn ⊕ kn)

  • Example: m = 010111, k = 110010, and c = 100101
  • Since every key sequence is equally likely, so is every plaintext!

Perfect (information theoretical) security, if key isn’t reused.

  • Until recently, communication between Moscow and Washington was secured

this way. Keys transported by trusted courier. Problematic to securely exchange and synchronize long keys.

IT-Security: Theory and Practice (WS02) 31.10.02

slide-30
SLIDE 30

Luca Vigan`

  • 24

One-time pads (cont.)

  • 1. Sender uses each key letter on the pad to encrypt exactly one plaintext

character.

  • 2. Encryption: add (modulo 26) the plaintext character and the one-time pad key

character.

  • 3. Each key letter is used exactly once, for only one message.
  • 4. Sender encrypts message and then destroys the pad.
  • 5. Receiver has an identical pad and uses each key on the pad, in turn, to decrypt

each letter of the cyphertext, and then destroys the pad.

IT-Security: Theory and Practice (WS02) 31.10.02

slide-31
SLIDE 31

Luca Vigan`

  • 25

One-time pads (cont.)

  • Example:

– If message is ONETIMEPAD and the key sequence from the pad is TBFRGFARFM, then the ciphertext is IPKLPSFHGQ. O + T mod 26 = I, N + B mod 26 = P ... – Since every key sequence is equally likely, an attacker has no chance! – Key sequence could be POYYAEAAZX ⇒ SALMONEGGS BXFGBMTMXM ⇒ GREENFLUID ABCDEFGHIJ ⇒ ...

  • Caveats:

– Key letters have to be generated randomly. – No reuse of key sequence. – Length of key sequence must be equal to the length of the message. – Synchronization sender-receiver is needed.

IT-Security: Theory and Practice (WS02) 31.10.02

slide-32
SLIDE 32

Luca Vigan`

  • 26

One-time pads (cont.)

Ciphertexts encrypted according to a one-time pad cipher are unbreakable. However, this relies on each one-time pad being used once and only once. If a spy intercepts two distinct ciphertexts which have been encrypted with the same one-time pad, he could (quite easily) decipher them. Question: which strategy could he adopt to decipher them? As a concrete example, decipher the two following texts, which were encrypted with the same one-time pad (mod 26):

  • UJHANTAMAWMUZVGKTERRYKUB
  • BPGXMKYMBBPYXMOGOEHDEFGH

Which is the one-time pad that was used?

IT-Security: Theory and Practice (WS02) 31.10.02

slide-33
SLIDE 33

Luca Vigan`

  • 27

Composite ciphers

  • Ciphers based on just substitutions or transpositions are not secure
  • Ciphers can be combined. However . . .

– two substitutions are really only one more complex substitution, – two transpositions are really only one transposition, – but a substitution followed by a transposition makes a new harder cipher.

  • Product ciphers chain

substitution-transposition combinations.

  • Difficult to do by hand

❀ invention of cipher machines.

IT-Security: Theory and Practice (WS02) 31.10.02

slide-34
SLIDE 34

Luca Vigan`

  • 28

Another Non-Trivial Classical Cipher

Exercise: the Churchyard cipher (simplified)

  • History:

– This ciphertext appeared engraved on a tombstone in Trinity Churchyard (New York) in 1794. – First published solution: 1896.

  • Questions:

– What kind of cipher is it? – Why is it so difficult to break? (Especially without the hint!) – What is the plaintext message? – What is the key?

  • HINT: TIC TAC TOE =

:

  • Similar cipher: the Pigpen Cipher.

IT-Security: Theory and Practice (WS02) 31.10.02

slide-35
SLIDE 35

Luca Vigan`

  • 29

Bibliography

  • Bruce Schneier. Applied Cryptography. John Wiley & Sons, New York, 1996.
  • Dieter Gollmann. Computer Security. Wiley, 2000.
  • Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone. Handbook of

Applied Cryptography. CRC Press, 1996. Available online at http://cacr.math.uwaterloo.ca/hac/

  • Arthur E. Hutt, Seymour Bosworth, Douglas B. Hoyt. Computer Security
  • Handbook. John Wiley & Sons, 1995.
  • John Clark and Jeremy Jacob: A survey of authentication protocol literature,
  • 1997. http://www.cs.york.ac.uk/~jac/

See the class webpage

http://www.informatik.uni-freiburg.de/~softech/teaching/ws02/itsec/

and check out the “Security Logics links” there.

IT-Security: Theory and Practice (WS02) 31.10.02

slide-36
SLIDE 36

Luca Vigan`

  • 30

Bibliography: URLs on Cryptography and Ciphers

Some of these webpages let you also experiment with Java versions of the ciphers.

  • Cryptography and ciphers:

http://www.trincoll.edu/depts/cpsc/cryptography/index.html

  • The Code Breakers: http://www.math.arizona.edu/~dsl/talk.htm
  • The Enigma Machine: http://www.swimmer.org/morton/enigma.html
  • Secret Code Breaker Online: http://codebreaker.dids.com/
  • Beginners’ Guide to Cryptography: http://www.ftech.net/ monark/crypto/index.htm
  • Introduction to Cryptosystems: http://www.math.nmsu.edu/~crypto/Fundamentals.html
  • Magic Decoder Game:

http://raphael.math.uic.edu/ jeremy/crypt/cgi-bin/magic-gateway.cgi

  • Storia della crittografia (in italian):

http://www.provincia.venezia.it/mfosc/studenti/crittografia/critto/storia.htm

  • Making the Enigma ciphers for the film ”Enigma”:

http://www.qufaro.demon.co.uk/enigmafilm/

  • An online bibliography: http://www.ce.chalmers.se/~stefanp/Security/sec bib.html
  • The Cipher IEEE newsletter: http://www.ieee-security.org/cipher.html

IT-Security: Theory and Practice (WS02) 31.10.02

slide-37
SLIDE 37

Luca Vigan`

  • 31

Selected Filmography

  • Math in the Movies: http://world.std.com/~reinhold/dir/mathmovies.html
  • Cybercinema: http://www.english.uiuc.edu/cybercinema
  • Hollywood and computers: http://www.cbi.umn.edu/resources/hollywood.html

Many cowboy and indian movie with smoke signals; many James Bond or spy movies; Ulysses; Wargames; Con air; Mercury rising; Mission Impossible; Sneakers; Pi; The 13th floor; Swordfish; Windtalkers; Enigma...

IT-Security: Theory and Practice (WS02) 31.10.02