ECEN 5022 Cryptography Classical Ciphers Peter Mathys University - - PowerPoint PPT Presentation

ecen 5022 cryptography
SMART_READER_LITE
LIVE PREVIEW

ECEN 5022 Cryptography Classical Ciphers Peter Mathys University - - PowerPoint PPT Presentation

Jan 02, 2024 313 likes •524 views

Introduction ECEN 5022 Cryptography Classical Ciphers Peter Mathys University of Colorado Spring 2008 Peter Mathys ECEN 5022 Cryptography Introduction Classical Ciphers Classical Ciphers Most classical ciphers are either transposition

slide-1
SLIDE 1

Introduction

ECEN 5022 Cryptography

Classical Ciphers Peter Mathys

University of Colorado

Spring 2008

Peter Mathys ECEN 5022 Cryptography

slide-2
SLIDE 2

Introduction Classical Ciphers

Classical Ciphers

◮ Most classical ciphers are either transposition or substitution

ciphers.

◮ Transposition ciphers rearrange the order of letters in the

  • plaintext. Examples are rail fence ciphers, route ciphers,

columnar transpositions, and double transpositions.

◮ Substitution ciphers replace plaintext letters or groups of

plaintext letters with other letters or groups of plaintext

  • letters. Examples are Caesar cipher, simple substitution (with

mixed alphabet), homophonic substitution, polyalphabetic substitution (e.g., Vigen` ere cipher), polygraphic substitution (e.g., Hill cipher), rotor machines (mechanical implementations of polyalphabetic substitution, e.g., Enigma, SIGABA), one-time pad.

◮ A powerful technique is to combine substitution and

transposition ciphers.

Peter Mathys ECEN 5022 Cryptography

slide-3
SLIDE 3

Introduction Classical Ciphers

Transposition Example

◮ For a columnar transposition the plaintext is written out in

rows of fixed length and then read out columnwise, usually after permuting the column order. A keyword is typically used to specify the length of the rows and the permutation of the columns.

◮ Example: Keyword WIRED and plaintext WE ARE LOW IN

  • SUPPLIES. The length of the keyword is 5 and the

permutation of the columns is given by the alphabetical order

  • f the letters in the keyword: 53421. Therefore

5 3 4 2 1 W E A R E L O W I N S U P P L I E S

◮ The resulting ciphertext is ENLRI PEOUE AWPSW LSI

Peter Mathys ECEN 5022 Cryptography

slide-4
SLIDE 4

Introduction Classical Ciphers

Shift Cipher

◮ Encryption: c = E(K, m) = m + K (mod n). ◮ Decryption: m = D(K, c) = c − K (mod n). ◮ c, m, K ∈ {0, 1, 2, . . . , n − 1} for some integer n > 0. ◮ Keyspace (i.e., number of possible keys) is equal to n. ◮ For English alphabet use n = 26 and A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 ◮ Example: Addition and multiplication modulo n = 5. + 1 2 3 4 1 2 3 4 1 1 2 3 4 2 2 3 4 1 3 3 4 1 2 4 4 1 2 3 × 1 2 3 4 1 1 2 3 4 2 2 4 1 3 3 3 1 4 2 4 4 3 2 1

Peter Mathys ECEN 5022 Cryptography

slide-5
SLIDE 5

Introduction Classical Ciphers

Shift Cipher Example

◮ The Caesar cipher is a shift cipher, i.e., the letters of the

alphabet are shifted cyclically by a certain number K of

  • positions. Caesar always used K = 3.

◮ Example: K = 3, plaintext ATTACK AT DAWN plain: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C ◮ Thus, the ciphertext is DWWDF NDWGD ZQ ◮ An obvious problem here is the small keyspace, only

K ∈ {0, 1, . . . , 25} are possible. Thus, exhaustive keyspace search is possible.

Peter Mathys ECEN 5022 Cryptography

slide-6
SLIDE 6

Introduction Classical Ciphers

Affine Cipher

◮ Encryption: c = E(K, m) = a m + b (mod n), K = a, b. ◮ Decryption: m = D(K, c) = (c − b) a−1 (mod n), needs

gcd(a, n) = 1.

◮ Suppose gcd(a, n) = d > 1. Then a x (mod n) has ≥ 2

  • solutions. Two solutions are x1 = 0 and x2 = n/d. The

second one follows from a x2 = a (n/d) = (a/d) n = 0 (mod n).

◮ Thus c = a x1 + a m + b = a x2 + a m + b =

⇒ same cryptogram for m and m′ = m + n/d.

◮ Keyspace: a, b ∈ {0, 1, 2, . . . n − 1}, a such that gcd(a, n) = 1.

Peter Mathys ECEN 5022 Cryptography

slide-7
SLIDE 7

Introduction Classical Ciphers

Simple Substitution

◮ Simple or monoalphabetic substitution: (More or less)

arbitrary permutation of the alphabet, applied to each plaintext letter. There are 26! = 4.03 × 1026 permutations.

◮ Example: Plaintext SUCCESS TALES, substitution: plain: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z cipher: H G O F P I R C A T Q K W N J M U E L S B Y Z D X V ◮ Thus, the ciphertext is LBOOP LLSHK PL ◮ Quite easy to break since statistics of plaintext language

(single letter frequencies of English) are not hidden.

Peter Mathys ECEN 5022 Cryptography

slide-8
SLIDE 8

Introduction Classical Ciphers

Single Letter Frequencies of English

2 4 6 8 10 12 14 A 8.16 B 1.49 C 2.78 D 4.25 E 12.7 F 2.23 G 2.01 H 6.09 I 6.99 J 0.15 K 0.77 L 4.02 M 2.4 N 6.75 O 7.51 P 1.93 Q 0.1 R 5.99 S 6.33 T 9.05 U 2.76 V 0.98 W 2.36 X 0.15 Y 1.97 Z 0.07 Relative Frequency in % Relative Frequency of Letters in English Text

◮ Letter E is most frequent, followed by T,A,O,I,N,S,H,R. ◮ Letters Z,Q,J and X are most infrequent.

Peter Mathys ECEN 5022 Cryptography

slide-9
SLIDE 9

Introduction Classical Ciphers

Single Letter Statistics of Cryptograms

2 4 6 8 10 12 14 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Relative Frequency in % Red: Plaintext, Blue: Standard English Text: ATFIR STPHI LIPHA DBEEN TOOGR ATEFU LFORR OSESF 2 4 6 8 10 12 14 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Relative Frequency in % Red: Caesar Cipher, Blue: Standard English Text: DWILU VWSKL OLSKD GEHHQ WRRJU DWHIX OIRUU RVHVI 2 4 6 8 10 12 14 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Relative Frequency in % Red: Substitution, Blue: Standard English Text: HSIAE LSMCA KAMCH FGPPN SJJRE HSPIB KIJEE JLPLI 2 4 6 8 10 12 14 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Relative Frequency in % Red: Transposition, Blue: Standard English Text: ASEHS OIOEH LNGAB TTOSE LUNWE IDGIS IAFNE CYLGN

◮ Clockwise from top left: Plaintext, Caesar cipher, simple

substitution, transposition.

Peter Mathys ECEN 5022 Cryptography

slide-10
SLIDE 10

Introduction Classical Ciphers

Block Ciphers

◮ To hide the statistics of the plaintext better, the plaintext can

be encrypted in blocks of several letters.

◮ The Vigen`

ere cipher is a polyalphabetic substitution cipher that uses several shift ciphers periodically, usually based on a

  • keyword. If the keyword is SPY, for example, then the first

plaintext letter is encrypted using a shift of the alphabet that starts at S (i.e., add 18 mod 26), the second letter is encrypted using a shifted alphabet that starts at P (i.e., add 15 mod 26), the third letter whith shift Y (i.e., add 24 mod 26), the fourth letter again with shift S, etc.

Peter Mathys ECEN 5022 Cryptography

slide-11
SLIDE 11

Introduction Classical Ciphers

Polyalphabetic Substitution Example

◮ Example: Vigen`

ere, key SPY, message RABBITS EAT CARROTS.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

  • -> P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

  • -> S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

  • -> Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

◮ Ciphertext: JPZTX RKTYL RYJGM LH

Peter Mathys ECEN 5022 Cryptography

slide-12
SLIDE 12

Introduction Classical Ciphers

Hill Cipher

◮ Another (rather insecure) system, the Hill cipher, uses

c = m A (mod n) , to implement a polygraphic substitution (i.e., a simultaneous substitution of several plaintext letters). If N letters are encrypted per block then A is a (invertible modulo n) N × N

  • matrix. The reason for the insecurity of the Hill cipher is that

it is linear.

◮ Note the computation modulo n. Most modern

cryptosystems use computations in some finite group, ring, or field.

Peter Mathys ECEN 5022 Cryptography

slide-13
SLIDE 13

Introduction Classical Ciphers

Addition Modulo n

+ Key K ci ≡ mi + Ki (mod n) m c

◮ Here (a block of) plaintext and (a block of) ciphertext are

added modulo n. For a Vigen` ere cipher the key K is used over and over again for each block.

Peter Mathys ECEN 5022 Cryptography

slide-14
SLIDE 14

Introduction Classical Ciphers

Stream Ciphers

+ Keystream Generator ci ≡ mi + Ki (mod n) Ki mi ci ◮ Stream cipher: Generate a random keystream Ki and combine

it with the plaintext stream Mi to obtain the ciphertext stream Ci.

◮ The combination function is in most cases addition (or

subtraction) modulo n, with either n = 2 or n = 26.

◮ The rotor machines that were used during WW II were

mechanical devices that (in essence) performed the keystream generation and the addition modulo n.

Peter Mathys ECEN 5022 Cryptography

slide-15
SLIDE 15

Introduction Classical Ciphers

Wehrmacht Enigma

Peter Mathys ECEN 5022 Cryptography

slide-16
SLIDE 16

Introduction Classical Ciphers

Enigma Rotor

Peter Mathys ECEN 5022 Cryptography

slide-17
SLIDE 17

Introduction Classical Ciphers

Enigma Wiring

Peter Mathys ECEN 5022 Cryptography

slide-18
SLIDE 18

Introduction Classical Ciphers

Vernam Cipher

◮ In 1919 Gilbert Vernam patented a cipher system that XORed

together two teletype papertapes (using the 5-bit Baudot code), one containing the message stream and one containing the keystream.

◮ If the keystream in a Vernam cipher is statistically

independent of the plaintext and generates statistically independent and uniformly distributed key symbols, then the Vernam cipher is unconditionally secure.

◮ Note that for unconditional security the same amount of

(truly) randomly generated key is needed as the amount of

  • plaintext. Also, the keystream can be used once and only once

= ⇒ one-time pad is another name for such a cryptosystem.

Peter Mathys ECEN 5022 Cryptography

slide-19
SLIDE 19

Introduction Classical Ciphers

Security of a Cryptosystem

◮ Two basic aproaches to discussing security: Computational

and unconditional security.

◮ Computational Security. A cryptosystem can be considered

computationally secure if the best known method to break it requires an unreasonably large amount of computer time. Modern cryptography relies on a complexity-theoretic model. In this case security is conditional on various assumptions that certain problems are intractable (i.e., no efficient algorithms for solution are known).

◮ Unconditional Security. A cryptosystem is defined to be

unconditionally secure if it cannot be broken, even with infinte computational resources. Essentially, this requires the information-theoretic notion that I(M; C) = 0 (mutual information between plaintext and ciphertext is zero if key is unknown).

Peter Mathys ECEN 5022 Cryptography