Post on 24-Dec-2015
transcript
History and BackgroundPart 1: Basic Concepts and
Monoalphabetic Substitution
CSCI 5857: Encoding and Encryption
Outline
• Simple encryption with the Caesar cipher• Exhausitive search and computational security• Monoalphabetic substitution• Frequency analysis and cryptanalysis attacks• Known and chosen plaintext attacks
Why is History Important?
• Most modern encryption algorithms based on concepts hundreds/thousands of years old– Monoalphabetic substitution– Polyalphabetic substitution– Transposition
• Most attacks on encryption also very old– Exhaustive search– Cryptographic analysis– Known/chosen plaintext
4
Encryption
Mathematical Notation:p – plaintext message (readable)c – ciphertext (not readable!)k – key (only known by authorized persons)
E – encryption function c = E(p, k) D – decryption function p = D(c, k)
Substitution Algorithms
Mapping of plaintext to ciphertext
• Can be single character mapping (historical)A G
• Can map entire blocks of plaintext (modern block ciphers)1001011001111100 0110101011100011
Substitution Algorithms
Mapping must be unique for decryption to work!
Encryption: A G B G
Decryption: G A or B ?
Side Point
Substitution Algorithms• Mapping often involves translating
characters to numeric values• Encryption/decryption functions in
terms of mathematical functions
Side Point
Caesar Cipher
• Key k: number between 1 and 25• Example: k = 3, p = RUNAWAY• E(RUNAWAY) UXQDZDB• D(UXQDZDB) RUNAWAY
Exhaustive Key Search
Testing all possible keysAlgorithm:• Given ciphertext c• For all keys ki
– Compute pi = D(c, ki )– If pi is recognizable plaintext, then ki is plausible
Time proportional to number of possible keys ki
Defining “Secure” Encryption
Computationally Secure• Cost of breaking cipher >
value of encrypted information• Time required to break cipher >
useful lifetime of encrypted information
Cipher is “practically” unbreakableGenerally only assurance we have
Defining “Secure” EncryptionProblem: impossible to permanently quantify!• Computers get faster every day
Moore’s law: speed doubles every 1.5 years• Example: DES cipher with 56 bit key
– Computationally secure (1142 years) at 1 test/microsecond– Not secure (10 hours) at 100,000 tests/microsecond
Caesar Cipher and Exhaustive Search
Only 26 possible keys to test!Ciphertext: UXQDZDBKey: Resulting Plaintext:
1 TWPCYCA2 SVOBXBZ3 RUNAWAY recognizable plaintext
Clearly not computationally secure!
Monoalphabetic Substitution• Each plaintext character has corresponding
ciphertext character• No pattern (unlike Caesar cipher)
Example:
“runaway” “HJGNPNS”
Monoalphabetic Substitution
• Key = substitution table itself
• Number of possible keys = 26! 400,000,000,000,000,000,000,000,000
• Computationally secure to exhaustive search(at least without a computer)
Cryptanalysis Attacks• Based on knowledge
– Properties of the encryption algorithm– Properties of the likely plaintext
• Often combined with exhaustive search– Knowledge eliminates most possible keys– Search now feasible for few remaining keys
All possible keys
Remaining keys
Eliminated by cryptanalysis
Search feasible
Frequency-based AnalysisSome letters much more common than others
Frequency-based Analysis
Example ciphertext:“PCRZFNICRAYJHVRYICJQNZRSRZIV”
Letter frequencies:
A 1
B 0
C 3
D 0
E 0
F 1
G 0
H 1
I 3
J 2
K 0
L 0
M 0
N 2
O 0
P 1
Q 1
R 5
S 1
T 0
U 0
V 2
W 0
X 0
Y 2
Z 3
Hypothesis:
“e” “R”
Frequency-based Analysis• Some combinations of letters much more common
than othersExample: “e” often followed by “n”
Example ciphertext (after “e” substituted for “R”):“PCeZFNICeAYJHVeYICJQNZeSeZIV”• “Z” second most common letter• Follows “e” twiceHypothesis: “n” “Z” “PCenFNICeAYJHVeYICJQNneSenIV”
Frequency-based Analysis
• Knowing part of key in monoalphabetic substitution makes it easier to guess the rest of the key
• Very bad property of an encryption algorithm!
Side Point
“I can only see part of the key, but it is easy to guess the rest!”
Frequency-based Analysis
• Success of frequency-based analysis increases with more text– Single long ciphertext– Multiple ciphertexts encoded with same key
• General property of cryptanalysis• Should change key as often as possible!
Side Point
ciphertexts
Known Plaintext Attack• Adversary has access to a number of:
– plaintext messages– corresponding ciphertext messages
• Searches for relationship between plaintext and ciphertext that might reveal key
plaintexts ciphertexts
Known Plaintext Example
• Darth get gets data entry job at organization• Observes how encrypted database changes as new
records entered
Ep c
Known Plaintext Attack
• Inevitable that adversary will acquire known plaintexts
• Security defined in terms of number of known plaintexts needed to guess key
• Single known plaintext sufficient to break simple substitution algorithm!
Chosen Plaintext Attack
• Adversary has hypothesis about key khypothesis
• Adversary chooses plaintext p to test hypothesis • If resulting ciphertext c matches what would be result
of encryption with khypothesis, then khypothesis is correct
Ep
hypothetical key
Ecompare
actual (unknown) key
Chosen Plaintext ExampleWorld War II• Hypothesis:
Japanese code for “Midway Island” = “AF”
• Test:Plaintext message transmitted that “Midway Island running short of water”
• Result:Increased message traffic containing “AF”-- Hypothesis confirmed!
Defining Security
• Quality of encryption system defined by attacks it is vulnerable to– Types of attacks: exhaustive, cryptographic, etc.– Knowledge attacker has: known plaintext, chosen
plaintext, etc.
• Key idea: Must always think like an attacker!– “What could I do to break the system?”