I n f o r m a t i o n T r a n s m i s s i o n - PowerPoint PPT Presentation

I n f o r m a t i o n T r a n s m i s s i o n C h a p t e r 6 C r y p t o l o g y OVE EDFORS Electrical and information technology

L e a r n i n g o u t c o m e s ● A f t e r t h i s l e c t u r e t h e s t u d e n t s h o u l d – u n d e r t a n d w h a t c r y p t o l o g y i s a n d h o w i t i s u s e d , – b e f a m i l i a r w i t h t h e c r y p t o m o d e l s o f s y s t e m s f o r s e c r e c y a n d a u t h e n t i c a t i o n , – u n d e r s t a n d w h a t m a k e s a c r y p t o s y s t e m s e c u r e , – b e a b l e t o p e r f o r m e n c r y p t i o n , d e c r y p t i o n a n d c r y p t a n a l y s i s o n s i m p l e c i p h e r s , – u n d e r s t a n d h o w C e s a r , V i g i n e r e a n d V e r n a m c i p h e r s w o r k , a n d – u n d e r s t a n d t h e p r i n c i p l e o f p e r f e c t s e c u r i t y . O v e E d f o r s E I T A 3 0 - C h a p t e r 6 ( P a r t 1 ) 2

Wh e r e a r e w e i n t h e B I G P I C T U R E ? Cryptology Lecture relates to pages 211-200 in textbook. (Pages 220-228, self study.) O v e E d f o r s E I T A 3 0 - C h a p t e r 6 ( P a r t 1 ) 3

C r y p t o l o g y “The science concerned with data communication and storage in secure and usually secret form” – Encyclopaedia Britannica Legitimate users obtain security by using a secret key that is known only to them. The area is often subdivided into the two disciplines: • Cryptography • Cryptanalysis O v e E d f o r s E I T A 3 0 - C h a p t e r 6 ( P a r t 1 ) 4

Mo d e l o f a c r y p t o s y s t e m f o r s e c r e c y O v e E d f o r s E I T A 3 0 - C h a p t e r 6 ( P a r t 1 ) 5

S e c u r i t y o f t h e c i p h e r • The security of the cipher should reside entirely in the secret key. • The designer of a cryptosystem should always assume that the enemy ``by hook or by crook'' can get hold of a detailed description of the cryptosystem; the only thing that is hidden from the cryptanalyst is the actual value of the key. • Although this is an old principle formulated by Auguste Kerckhoffs already in 1883, it is still valid O v e E d f o r s E I T A 3 0 - C h a p t e r 6 ( P a r t 1 ) 6

Mo d e l o f a c r y p t o s y s t e m f o r a u t h e n t i c a t i o n O v e E d f o r s E I T A 3 0 - C h a p t e r 6 ( P a r t 1 ) 7

I m p e r s o n a t i o n a n d s u b s t i t u t i o n The impersonation attack is successful if the receiver accepts the ciphertext C* that is chosen by the intruder without knowledge about the genuine ciphertext C In the substitution attack the intruder first observes the genuine ciphertext C , then he chooses a ciphertext C* that he hopes will be accepted by the receiver. O v e E d f o r s E I T A 3 0 - C h a p t e r 6 ( P a r t 1 ) 8

P r o b a b i l i t y o f a s u c c e s s f u l i m p e r s o n a t i o n a t t a c k Simmons showed a combinatorial lower bound on the probability of a successful impersonation attack, namely, where and are the numbers of plaintexts and ciphertexts, respectively. O v e E d f o r s E I T A 3 0 - C h a p t e r 6 ( P a r t 1 ) 9

C a e s a r a n d V i g e n è r e c i p h e r s Caesar shifted the cipher alphabet three steps such that A is encrypted as D B is encrypted as E C is encrypted as F As an example we have plaintext ciphertext CAESAR FDHVDU Caesar used always a shift of three steps, but nowadays a cipher obtained by any shift is called a Caesar cipher . The number of steps in the shift is the key; that is, the classical Caesar cipher has key K =3. O v e E d f o r s E I T A 3 0 - C h a p t e r 6 ( P a r t 1 ) 1 0

C e s a r c i p h e r c r y p t a n a l y s i s What we heard DIAJMHVODJI Doesn't make sense. Replace each letter with the next! when eaves- EJBKNIWPEKJ Doesn't make sense. Replace each letter with the next! dropping FKCLOJXQFLK Doesn't make sense. Replace each letter with the next! GLDMPKYRGML Doesn't make sense. Replace each letter with the next! HMENQLZSHNM Doesn't make sense. Replace each letter with the next! INFORMATION INFORMATION YES! This makes sense! JOGPSNBUJPO . … and there are 20 more nonsensical letter . combinations, before we come back to . the original “DIAJMHVODJI”. BGYHKTMBHG CHZILUNCIH O v e E d f o r s E I T A 3 0 - C h a p t e r 6 ( P a r t 1 ) 1 1

Mo n o - a l p h a b e t i c s u b s t i t u t i o n c i p h e r s The Caesar cipher is a special case of a mono-alphabetic substitution cipher: An arbitrary permutation of the English alphabet is used as the key for a substitution done letter by letter. For example, the mapping Plaintext alphabet ABCDEFGHIJKLMNOPQRSTUVWXYZ Cipher alphabet XGUACDTBFHRSLMQVYZWIEJOKNP is a key that enciphers the plaintext WOODSTOCK as the ciphertext OQQAWIQUR. O v e E d f o r s E I T A 3 0 - C h a p t e r 6 ( P a r t 1 ) 1 2

Tie V i g e n è r e c i p h e r To make a cipher less vulnerable to statistical attacks we can try to conceal the varying relative frequencies for the plaintext letters by using more than one substitution alphabet. A popular example of a so called polyalphabetic substitution cipher is the Vigenère cipher named after the French cryptographer Blaisede Vigenère (1523--1596). For a couple of centuries his cipher was known as le chiffre indéchiffrable , the ”unbreakable cipher''. O v e E d f o r s E I T A 3 0 - C h a p t e r 6 ( P a r t 1 ) 1 3

V i g i n è r e t a b l e O v e E d f o r s E I T A 3 0 - C h a p t e r 6 ( P a r t 1 ) 1 4

Tie V i g e n è r e c i p h e r The key consists of a word that is repeated periodically. For example, if the key is THOMPSON and the plaintext is FOR WOODSTOCK MY FRIEND OF FRIENDS, then we obtain the ciphertext as follows: O v e E d f o r s E I T A 3 0 - C h a p t e r 6 ( P a r t 1 ) 1 5

B r e a k i n g t h e V i g e n è r e c i p h e r The cryptanalyst looks for such repetitions in the ciphertext. In our example we find the repeated string TEBLBP: O v e E d f o r s E I T A 3 0 - C h a p t e r 6 ( P a r t 1 ) 1 6

Tie V e r n a m c i p h e r O v e E d f o r s E I T A 3 0 - C h a p t e r 6 ( P a r t 1 ) 1 7

P e r f e c t s e c r e c y Shannon defined a cryptosystem to provide perfect secrecy if the plaintext and the ciphertext are independent random variables. For such systems we will obtain no information at all about the plaintext by observing only the ciphertext. We might do as well just by guessing the plaintext without observing the ciphertext and by doing so trust our luck! O v e E d f o r s E I T A 3 0 - C h a p t e r 6 ( P a r t 1 ) 1 8

B e c a r e f u l w h e n t r u s t i n g e n c r y p t i o n O v e E d f o r s E I T A 3 0 - C h a p t e r 6 ( P a r t 1 ) 1 9