Introduction to cryptography

Basic concepts Classical techniqes Modern conventional techniques

Conventional encryption model

Cyptography Basic concepts

?

Conventional cryptosystem model

? ? ?

Cryptography - the art or science encompassing the principles and methods of transforming an intelligible message into one tha t is unintelligible, and then retransforming that message back to its original form Plaintext - the original intelligible message Ciphertext - the transformed message Cipher - an algorithm for transforming an intelligible message into one that is unintelligible by transposition and/or substitution methods Key - some critical information used by the cipher, known only to the sender & receiver Encipher (encode) - the process of converting plaintext to ciphertext using a cipher and a key Decipher (decode) - the process of converting ciphertext back into plaintext using a cipher and a key Cryptanalysis - the study of principles and methods of transforming an unintelligible message back into an intelligible message without knowledge of the key. Also called codebreaking

Conventional encryption model

?

Conventional encryption model

?

Plaintext X=[X 1,X2,...,XM], length M

?

M elements are letters in a finite alphabet

Security of conventional encryption depends on several factors

?

? ? ?

Secret key K=[K1,K2,...,Kj], length J Ciphertext Y=[Y1,Y2,...,Yn], length N With message X and encryption key K the encryption algorithm forms the ciphertext
?

Y=EK(X) X=DK(Y)
?

Note: the algorithm is public, which makes it feasible for widespead use
?

it must be impractical to decrypt a message on the basis of the cyphertext and knowledge of the encryption/decryption algorithm (Kerckhoffs principle) secrecy of the key

The receiver can invert the transformation

?

The principal security problem is maintaining the secrecy of the key

manufactures can develope low-cost chip implementations of the algorithm

Cryptography classification
? 1.

Cryptanalytic attacks
?

Cryptographic systems are classified along three dimensions The type of operations used for transforming plaintext to cyphertext
-

Ciphertext only
? ?

Known plaintext
? ?

only acces to some enciphered messages use statistical attacks only know some plaintext-ciphertext pairs use this knowledge in attackin the cipher can select plaintext and obtain corresponding ciphertext use knowledge of algorithm structure in the attack can select plaintext and obtain corresponding ciphertext, or vice versa allows further knowledge on algorithm structure to be used

substitution transposition
?

2.

The number of keys used

-

Chosen plaintext
? ?

3.

The way in which plaintext is processed

block cipher stream cipher

single key, symmetric, secret key, conventional two key, asymmetric, public key
?

Chosen plaintext-ciphertext
? ?

Cryptanalysis
? ? ?

Security models
? ?

Cryptanalysis = the process of trying to discover X or K or both Brute force analysis of the ciphertext
? ?

Ad-hoc secure Computationally secure

? ? ?

intuitive feeling of security the cost of breaking the cipher exceeds the value of the encrypted information the time required the the cipher exceeds the useful lifetime of the information the breaking is provably as difficult as some known difficult problem, i.e. factorization the ciphertext does not contain enough information to determine uniquely the corresponding plaintext, no matter how much ciphertext is available

statistical tests traces of structure and pattern of plaintext may survive the encryption process and be discernible in the ciphertext

Provably secure
?

? ?

Differential and linear cryptanalysis Table 2.2.

Unconditionally secure
?

Exhaustive key search

Classical cryptographic techniques

? ? ? ?

Two basic components of classical ciphers: substitution and transposition In substitution ciphers letters are replaced by other letters In transposition ciphers the letters are arranged in a different order These ciphers may be:
? ?

monoalphabetic - only one substitution/ transposition is used, or polyalphabetic - where several substitutions/ transpositions are used

several such ciphers may be concatentated together to form a product cipher

Substitution example
? ?

Cryptanalysis of improved Caesar

? ?

Caesar cipher Reputedly used by Julius Caesar

? ? ? ? ? ?

the earliest known use of substitution cipher replace each letter with the letter standing three places further down in the alphabet C=E(P)=(p+k) mod (26)
p is a plaintext letter, C a ciphertext letter, k is the shift

? ?

p=D(C)=(C-k) mod (26) villes notation Breaking trivial, brute force requires 26 trials (fig. 2.4.)

The other line of attack know the nature of plaintext 1) there is lots of statistical information in message 2) can solve the problem piece by piece Use frequency counts to guess letter by letter Also have frequencies for digraphs & trigraphs

Caesar cipher cont...

?

Three factors made brute force work

1. 2. 3.

the encryption and decrypition algorthms are known there are only 25 keys to try the lanquage of the plaintext is known and recognizable

Lets improve the Caesar cipher!

Improved Caesar
? ?

Vigenere cipher
? ? ? ? ?

Allow arbritary substitution Each plaintext letter is given a different random ciphertext letter, hence key is 26 letters long
Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN Plaintext: IFWEWISHTOREPLACELETTERS Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

A polyalphabetic substitution cipher A short key is reused several times Key is multiple letters long K = k_(1) k_(2) ... k_(d) The letters in the key specify the substitution alphabet to use Basically multiple Caesar ciphers
?

Vigenere alphabet table

A B C D E F G H I J K ABCDEFGHIJKLMNOPQRSTUVWXYZ ABCDEFGHIJKLMNOPQRSTUVWXYZ BCDEFGHIJKLMNOPQRSTUVWXYZA CDEFGHIJKLMNOPQRSTUVWXYZAB DEFGHIJKLMNOPQRSTUVWXYZABC EFGHIJKLMNOPQRSTUVWXYZABCD FGHIJKLMNOPQRSTUVWXYZABCDE GHIJKLMNOPQRSTUVWXYZABCDEF HIJKLMNOPQRSTUVWXYZABCDEFG IJKLMNOPQRSTUVWXYZABCDEFGH JKLMNOPQRSTUVWXYZABCDEFGHI KLMNOPQRSTUVWXYZABCDEFGHIJ

Now have a total of 26! or more than 4*10 26 keys (10 orders of magnitude greater than DES) With so many keys, might think this is secure?

... etc

Breaks easily

Plaintext THISPROCESSCANALSOBEEXPRESSED Keyword CIPHERCIPHERCIPHERCIPHERCIPHE Plaintext VPXZTIQKTZWTCVPSWFDMTETIGAHLH

Substitution ciphers cont...

?

Rotor machines
?

Playfair cipher
? ?

multiple letter-encryption stream cipher that ciphers digrams, i.e. 2-letter blocks
hide the une letter statistics breaks with digram statistics

Hill cipher
? ?

multiple letter cipher that encrypts m-letter blocks to m-letter cipherblocks linear system
strong against ciphertext-only attack easily broken with a known plaintext attack

Multiple stages of encryption can produce an algorithm that is significantly more difficult to cryptanalyse Applies for both substitution- and transposition ciphers Most famous is the German Enigma in WW II
?

polyalphapetic substitution with a period of 26 n, where n is the number of rotors.

Vernams one-time-pad
? ? ? ?

? ? ?

The only cipher that has been proved to be unconditionally secure Invented by. G. Vernam in 1917 Key is a random bit-stream of same length as the message Encryption simple just XOR the message with the key A key must not be reused Not very practical Used on the Moscow -Washington hot line

Transposition ciphers
?

Shannons principles
?

? ?

Transposition or permutation ciphers hide the message contents by rearranging the order of the letters Operate on blocks of length M. The key is the permutation of numbers 1,...,M. Cryptanalysis of Row Transposition ciphers
? ? ?

Diffusion
? ? ?

a frequency count will show a normal language profile hence know have letters rearranged basic idea is to guess period, then look at all possible permutations in period, and search for common patterns (eg t command in krypto) use lists of common pairs & triples & other features

the statistical structure of the plaintext is dissipated into long-range statistics of the ciphertext achieved by having each plaintext digit affecting several ciphertext digits makes the statistical relationship between the plaintext and ciphertext complex in order to thwart the attempts to deduce the key makes the statistical relationship between the ciphertext and the key complex in order to thwart the attempts to deduce the key achieved by using a complex substitution algorithm

Confusion
?

Conventional encryption Modern techniques

?

The encryption algorithm is IP -1 fK1 SW fK 2 IP The decryption is the reverse of the encryption Key generation algorithm forms sub-keys from the original

These usually consider the message as a sequence of bits Stream ciphers

? ?

Vernam RC4, SEAL DES, IDEA, Bowfish Simplified DES (only for illustration of the principles)

Block ciphers our focus

? ?

SubstitutionPermutation Ciphers
?

S-DES key generation

-Uses a 10-bit key -Form two 8-bit subkeys 1. Apply P10 permutation 2. Left-shift circularily (LS-1 ) separately on the five first and fife second bits 3. Apply P8 to pick the eight bits of key K1 4. Perform LS-2 (2-bit left shift) on the product of phase 2 5. Apply P8 to pick the eight bits of key K2 P10 3 5 2 7 4 10 1 9 8 6 P8 6 3 7 4 8 5 10 9

? ?

Shannon introduced the idea of substitution-permutation (S-P) networks, which now form the basis of modern block ciphers An S-P network is the modern form of a substitutiontransposition product cipher S-P networks are based on the two primitive cryptographic operation, substitution and permutation
?

mixing transformations

Shannons mixing transformations are a special form of product ciphers where

? ?

S-Boxes provide confusion of input bits P-Boxes provide diffusion across S-box inputs

? ?

Avalanche effect Completeness effect

S-DES encryption

Simplified DES (S-DES)

? ?

-Initial and final permutations are reverses of each other -SW is a simple switch between the 4 leftmost bits and 4 rightmost bits - The function f k is the interesting part

An educational rather than secure algorithm Has a general structure of adjacent a permutation (diffusion) and substitution (confusion) Encryption infolves five functions
?

an initial permutation, fK involving both substitution and permutation depending on the key, simple permutation SW, fK again and last an inverse of the initia permutation

IP 26314857 IP-1 41357286

Key generation algorithm

The function fk
-consist of a combination permutation and substitution -Let L and R be the left- a n d rightmost bits of 8-bit input to f k and F be a mapping from 4-bits to 4-bits, S K be the subkey F(L,R) = (L ? F(R,SK),R) The mapping F is a substitution as follows: - the input is a 4-bit number (n 1 n 2 n 3 n 4 ). First apply an expansion/permutation operation E/P E/P 41232341

You get

n4 n1 n2 n3 n2 n3 n4 n1

The 8-bit key is added using exclusive OR n 4 +k 1 n 1 +k 2 n 2 +k 3 n 3 +k 4 n 2 +k 1 n 3 +k 6 n 4 +k 7 n 1 +k 8 The first row is fed to S-box S0 to produce first 2 bits of output, the second row is fed to S-box S1 to prosuce the 2 last bits of output. The fisrt and last bit ow a row specify the column and the second and third bit the row of the S-box. S-box S0 1032 3210 0213 3132 S-box S1 0123 2013 3010 2103

The function fk continues...

The mapping F is a substitution as follows: - the input is a 4-bit number (n 1 n 2 n 3 n 4 ). First apply an expansion/permutation operation E/P E/P 41232341

You get

n4 n1 n2 n3 n2 n3 n4 n1

The 8-bit key is added using exclusive OR n 4 +k 1 n 1 +k 2 n 2 +k 3 n 3 +k 4 n 2 +k 1 n 3 +k 6 n 4 +k 7 n 1 +k 8 The first row is fed to S-box S0 to produce first 2 bits of output, the second row is fed to S-box S1 to prosuce the 2 last bits of output. The fisrt and last bit ow a row specify the column and the second and third bit the row of the S-box. The entry at the specified location is the 2-bit output. Last the 4 bits produced by S0 and S1 undergo permutation P4. The output of P4 is the output of F.

S-box S0 1032 3210 0213 3132

S-box S1 0123 2013 3010 2103

P4 2431