Post on 02-Jan-2016
transcript
1
Chapter 2 Advanced Cryptography (Part A)
Overview History of cryptography Cryptanalysis
2
What is Cryptography? (review)
Cryptography is the process of converting plaintext into ciphertext to hide information from unauthorized users Plaintext: readable text (also called cleartext) Ciphertext: unreadable or encrypted text
Decryption is the process of converting ciphertext back to plaintext
3
Cryptosystems (review) Cryptosystems provide the following services:
Confidentiality: denies unauthorized parties access to information.
Authenticity: validates the source of the message, to ensure that the sender is properly identified.
Integrity: provides assurance that the message was not modified, accidentally or intentionally.
Nonrepudiation: establishes that a particular sender has sent the message so that they cannot deny having sent the message at a later date.
Different types of messages require higher or lower degrees of one or all of the services. For example …
4
Strength of Cryptosystem (review)
The strength of the algorithm and the secrecy of the key determine how secure the encrypted data is
E.g.: breaking a cryptosystem can be accomplished by a brute force attack
Trying every possible key value until the resulting plaintext is meaningful.
If a key can be broken with a Pentium processor in three hours, the cipher is not strong at all.
If the key can only be broken with the use of a thousand multiprocessing systems over 1.2 million years, then it is pretty strong. Security is relative
5
Chapter 2 Advanced Cryptography (Part A)
Overview History of cryptography Cryptanalysis
6
History of cryptography The first encryption methods date back to
4000 years ago. Some Egyptian hieroglyphics were encrypted
Atbash Cipher a Hebrew cryptographic method the alphabet to be flipped so that each letter in the
original alphabet was mapped to a different letter in the flipped, alphabet.
ABCDEFGHIJKLMNOPQRSTUVWXYZZYXWVUTSRQPONMLKJIHGFEDCBA
e.g.:Encypt “atbash” ?Decrpt “hvxfirgb” ?
7
Scytale Cipher (review)
Scytale cipher 400 B.C. the Spartans Write a message on a sheet of papyrus that was
wrapped around a staff; The papyrus was delivered and wrapped around
a different staff by the recipient; The message was only readable if it was
wrapped around the correct size staff, which would make the letters properly match up
8
Caesar Cipher (review)
Julius Caesar (100–44 B.C.) developed a simpleencryption method -- shifted the alphabet by
threepositions
Standard Alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZCryptographic Alphabet:DEFGHIJKLMNOPQRSTUVWXYZABC
Example:Encypt “caesar” ?Decrpt “vhfxulwb” ?
9
Substitution Cipher (review)
Both Atbash cipher and Caesar Cipher are substitution cipher, because each character is replaced with another character.
Monoalphabetic substitution cipher: uses only one alphabet,
Polyalphabetic substitution cipher: uses multiple alphabets
Q1. Can you formulate them use mathematically?Hint: integers 0 – 25 represent 26 characters;
m: message / plaintext, c: cipher text;encryption: c = E(m) = ?decryption: m = D(c) = ?
Q2. Is Scytale cipher a substitution cipher?
10
Transposition Cipher (review)
Transposition Cipher: rearrange letters in plaintext
to produce cipher text Scytale cipher is a transposition cipher Rail-Fence cipher is another transposition cipher
Plaintext is HELLO WORLD Encryption: c = E(m) HLOOL
ELWRD
HLOOLELWRD Describe decryption process: m = D(c) = ?
11
Vigenère Cipher The Vigenère cipher is a method of
encryption that uses a series of different Caesar ciphers based on the letters of a keyword.
Appears to be unbreakable.
The Vigenère cipher has been reinvented many times.
The method was originally described by Giovan Batista Belaso in his 1553 book La cifra del. Sig. Giovan Batista Belaso
However, the scheme was later misattributed to Blaise de Vigenère in the 19th century, and is now widely known as the "Vigenère cipher".
12
Terms in Vigènere Cipher
Vigènere table: a table used to encipher and decipher
Vigènere cipher has key letters on top, plaintext
letters on the left. There are 27 shift alphabets Vigènere cipher is a polyalphabetic substitution cipher.
In contrary, Caesar cipher is a monoalphabetic substitution cipher
Key is used with Vigènere table in encryption / decryption
13
The Vigènere Table
G I VA G I VB H J WE L M ZH N P CL R T GO U W JS Y A NT Z B OY E H T
A mini exampleEncryption:A key letter V, and a plaintext letter T follow V column down to T row “O”
Decryptioin:A key letter V, and aciphertext letter O “T”
14
Vigènere Cipher Example
If the message is longer than the key, the key repeats itself E.g. 1: Key: LEMON
Encrypt plaintext: ATTACKATDAWN
Key L E M O N L E M O N L E
m A T T A C K A T D A W N
c
E.g.2, Decrypt ciphertext: P R U U Z L
Q: How to represent Vigènere Cipher in formula?
(Hint: encryption / decryption is done character by character)
15
Exercise
1) Encrypt a plaintext with the key “lucky”c o m p u t i n g g i v e s i n s i g h t
2) Decrypt a ciphertext with the key “vector”o l k l w j v r g q o d k p g h t k c i x b u v i i t x q z k l g
k
16
Chapter 2 Advanced Cryptography (Part A)
Overview History of cryptography Cryptanalysis
17
Cryptanalysis
Cryptanalysis is the science of studying and breaking the secrecy of encryption processes, compromising authentication schemes, and reverse-engineering protocols. All previously introduced ciphers have been
broken.
Basic methods: Statistical analysis Exhaustive search key space
18
Statistical analysis
Each character has a certain frequency. A.k.a. 1-gram model of English
a 0.080 h 0.060 n 0.070 t 0.090
b 0.015 i 0.065 o 0.080 u 0.030
c 0.030 j 0.005 p 0.020 v 0.010
d 0.040 k 0.005 q 0.002 w 0.015
e 0.130 l 0.035 r 0.065 x 0.005
f 0.020 m 0.030 s 0.060 y 0.020
g 0.015 z 0.002
19
Statistical Analysis (1)
f(c) frequency of character c in ciphertext
p(x) is frequency of character x in English
(i) correlation of frequency of letters in ciphertext with corresponding letters in English, assuming key is i
(i) = 0 ≤ c ≤ 25 f(c)p(c – i)
20
Statistical Attack (2)
E.g., a Caesar cipher : KHOOR ZRUOG
step 1: Compute frequency of each letter in ciphertext:
G 0.1 H 0.1 K 0.1 O 0.3
R 0.2 U 0.1 Z 0.1
Step 2: Compute correlation for key i
(i) = 0.1p(6 – i) + 0.1p(7 – i) + 0.1p(10 – i) + 0.3p(14 – i) + 0.2p(17 – i) + 0.1p(20 – i) + 0.1p(25 – i)
21
Correlation: (i) for 0 ≤ i ≤ 25
i (i) i (i) i (i) i (i)
0 0.0482 7 0.0442 13 0.0520 19 0.0315
1 0.0364 8 0.0202 14 0.0535 20 0.0302
2 0.0410 9 0.0267 15 0.0226 21 0.0517
3 0.0575 10 0.0635 16 0.0322 22 0.0380
4 0.0252 11 0.0262 17 0.0392 23 0.0370
5 0.0190 12 0.0325 18 0.0299 24 0.0316
6 0.0660 25 0.0430
22
The Result
Step 3: find the most probable keys, based on : i = 6, (i) = 0.0660
plaintext EBIIL TLOLA i = 10, (i) = 0.0635
plaintext AXEEH PHKEW i = 3, (i) = 0.0575
plaintext HELLO WORLD i = 14, (i) = 0.0535
plaintext WTAAD LDGAS
The only valid English phrase is for i = 3. That’s the key (3 or ‘D’)
23
Exhaustive search
Exhaustive search If the key space is small enough, try all possible
keys until you find the right one
Q 1: How large is the key space in Caesar cipher ?
Q2: If we use exhaustive search, what is the expected number of trials when breaking Caesar cipher?
Q3: How about the key space of Vigènere Cipher?
Q4: How to break Vigènere Cipher?
24
Attacking Vigènere Cipher
– Vigenere ciphers were regarded by many as practically unbreakable for 300 years.
– In 1863, a Prussian major named Kasiski proposed a method for breaking it.
– This method was not in fact invented by Kasiski but instead by Charles Babbage;
– Babbage's discovery was used to aid English military campaigns, and was not published until several years later; as a result credit for the development was instead given to Friedrich Kasiski
25
Statistical analysis of Vigènere Cipher
1. Establish period n (the length of key)
2. Break cipher into n parts, each part being enciphered using the same key letter
3. Solve each part leverage one part from another
We want to break this cipher:ADQYS MIUSB OXKKT MIBHK IZOOOEQOOG IFBAG KAUMF VVTAA CIDTWMOCIO EQOOG BMBFV ZGGWP CIEKQHSNEW VECNE DLAAV RWKXS VNSVPHCEUT QOIOF MEGJS WTPCH AJMOCHIUIX
26
Step 1. Establish Period n
Important observation: Repetitions in the ciphertext occur when characters of the key appear over the same characters in the plaintext
e.g.
Key VIGVIGVIGVIGVIGVplain THEBOYHASTHEBALL
cipher OPKWWECIYOPKWIRG
27
Repetitions in this example cipher
Letters Start End Distance
Factors
MI 5 15 10 2, 5
OO 22 27 5 5
OEQOOG 24 54 30 2, 3, 5
FV 39 63 24 2, 2, 2, 3
AA 43 87 44 2, 2, 11
MOC 50 122 72 2, 2, 2, 3, 3
QO 56 105 49 7, 7
PC 69 117 48 2, 2, 2, 2, 3
NE 77 83 6 2, 3
SV 94 97 3 3
CH 118 124 6 2, 3
28
Estimate of Period n
A long repetition “OEQOOG” and “MOC” are probably not coincidence
Their distances are 30 and 72. The greatest common divisor of 30 and 72 is 6.
many other shorter repetitions have 2 and 3 in their factors
Thus the estimate period n = 6 Verify Period n by Friedman test (we skip this part)
29
Step 2: Break cipher into n parts
Key-1: AIKHOIATTOBGEEERNEOSAIKey-2: DUKKEFUAWEMGKWDWSUFWJUKey-3: QSTIQBMAMQBWQVLKVTMTMIKey-4: YBMZOAFCOOFPHEAXPQEPOXKey-5: SOIOOGVICOVCSVASHOGCCKey-6: MXBOGKVDIGZINNVVCIJHH
30
Statistical Analysis each part
Counting characters in each partABCDEFGHIJKLMNOPQRSTUVWXYZ
1. 310040113010013001120000002. 100222100130100000104040003. 120000002011400040130210004. 211022010000104310000002115. 105000212000005000300200006. 01110022311012100000030101
Compare with unshifted alphabet frequencies in English:
HMMMHMMHHMMMMHHMLHHHMLLLLL
31
Solve each part (2)
First part: matches characteristics of unshifted alphabet A A
Third part : I A Sixth part : V A
Substitute into ciphertext:ADIYS RIUKB OCKKL MIGHK AZOTO EIOOL IFTAG PAUEF VATAS CIITW EOCNO EIOOL BMTFV EGGOP CNEKIHSSEW NECSE DDAAA RWCXS ANSNP HHEUL QONOF EEGOS WLPCM AJEOC MIUAX
32
Solve each part (3) further analysis
AJE in last line suggests “ARE”, meaning second alphabet maps A into S:
ALIYS RICKB OCKSL MIGHS AZOTO
MIOOL INTAG PACEF VATIS CIITE
EOCNO MIOOL BUTFV EGOOP CNESI
HSSEE NECSE LDAAA RECXS ANANP
HHECL QONON EEGOS ELPCM AREOC
MICAX
33
Solve each part (4) further analysis
MICAX in last line suggests “mical” (a common ending for an adjective), meaning fourth alphabet maps O into A:
QI means that U maps into I, as Q is always followed by U:
ALIMS RICKP OCKSL AIGHS ANOTO MICOL INTOG PACET VATIS QIITE ECCNO MICOL BUTTV EGOOD CNESI VSSEE NSCSE LDOAA RECLS ANAND HHECL EONON ESGOS ELDCM ARECC MICAL
34
Got It!
ALIME RICKP ACKSL AUGHS ANATO MICAL INTOS PACET HATIS QUITE ECONO MICAL BUTTH EGOOD ONESI VESEE NSOSE LDOMA RECLE ANAND THECL EANON ESSOS ELDOM ARECO MICAL
Note that: Vigenere cipher is easy to break by hand. However, the principle of cryptanalysis hold for more complex ciphers that can be implemented only by computer.
35
The War Machines: The Purple Machine
The Purple Machine is developed and used by the Japanese during World War II
Employed techniques discovered by Herbert O. Yardley The code was broken by William Frederick Friedman
Known as the “Father of U.S. Cryptanalysis”
36
The War Machines: Enigma
Enigma is developed by Arthur Scherbius
Used by the Germans during World War II
Enigma substituted each letter typed by an operator
Substitutions were computed using a key and a set of switches or rotors
The code was broken first by a group of Polish cryptographers
The machine for breaking the code was called the “Bombe”
37
Design of Enigma Machine
An electrical voltage applied to the Q terminal on the toprow will appear at the L terminal on the bottom row.
38
How to use the Enigma machine?
1. The originator configures the Enigma machine to its initial settings;
1. Type in the first letter of the message, and the machine would substitute the letter with a different letter;
The encryption was done by moving the rotors a predefined number of times
2. Advance the rotors and enter the next letter.
Each time a new letter was to be encrypted, the operator would advance the rotors to a new setting.
39
Mechanism of the Enigma Machine
The chosen substitution for each letter was dependent upon the rotor setting
Assumption: the operators at each end needed to know the key - the initial setting, which is the crucial
and secret part of this process And how to advanced the rotors when
encrypting and decrypting a message