280 likes | 472 Vues
Cryptography Part 1: Classical Ciphers. Jerzy Wojdy ł o May 4, 2001. Overview. Classical Cryptography Simple Cryptosystems Cryptoanalysis of Simple Cryptosystems Shannon’s Theory of Secrecy Modern Encryption Systems DES, Rijndel RSA Signature Schemes. Cryptosystem.
E N D
CryptographyPart 1: Classical Ciphers Jerzy Wojdyło May 4, 2001
Overview • Classical Cryptography • Simple Cryptosystems • Cryptoanalysis of Simple Cryptosystems • Shannon’s Theory of Secrecy • Modern Encryption Systems • DES, Rijndel • RSA • Signature Schemes Cryptography, Jerzy Wojdylo, 5/4/01
Cryptosystem A cryptosystem is a five-tuple (P,C,K,E,D), where the following are satisfied: • P is a finite set of possible plaintexts • C isa finite set of possible ciphertexts • K, the keyspace, is a finite set of possible keys • KK, eKE (encryption rule), dKD (decryption rule). Each eK: PC and dK: CP are functions such that xP, dK(eK(x)) = x. Cryptography, Jerzy Wojdylo, 5/4/01
Notation • English alphabet • Lower case: a, b, c,…, z for plaintext • Upper case: A, B, C,…, Z for ciphertext • For encryption and decryption algorithms, we will substitute letters a, b, c,…, z with numbers 0, 1, 2,…, 25. Cryptography, Jerzy Wojdylo, 5/4/01
Classical Cryptography • Monoalphabetic CiphersOnce a key is chosen, each alphabetic character of a plaintext is mapped onto a uniquealphabetic character of a ciphertext. • The Shift Cipher (Caesar Cipher) • The Substitution Cipher • The Affine Cipher Cryptography, Jerzy Wojdylo, 5/4/01
Classical Cryptography • Polyalphabetic CiphersEach alphabetic character of a plaintext can be mapped onto malphabetic characters of a ciphertext. Usually m is related to the encryption key. • The Vigenère Cipher • The Hill Cipher • The Permutation Cipher Cryptography, Jerzy Wojdylo, 5/4/01
The Shift (Caesar) Cipher Let P = C = K = Z26. xP, yC, KK, define eK(x) = x + K (mod 26) and dK(y) = y - K (mod 26). Example on www. Cryptography, Jerzy Wojdylo, 5/4/01
The Substitution Cipher Let P = C = Z26, let K =S26 xP, yC, K, define e(x) = (x) and d(x) = -1(x). • Example on www. Cryptography, Jerzy Wojdylo, 5/4/01
The Affine Cipher Let P = C = Z26, let K ={(a, b) Z26 Z26|gcd(a, 26) = 1}. xP, yC, KK, define eK(x) = ax + b (mod 26) and dK(y) = a-1(y – b) (mod 26). • Example on www. Cryptography, Jerzy Wojdylo, 5/4/01
The Vigenère Cipher Let m Z+, let P = C = K = (Z26)m. For a key K = (k1, k2, ,…, km), we define eK (x1, x2, ,…, xm) = (x1+ k1, x2+ k2,…, xm + km) and dK (x1, x2, ,…, xm) = (x1–k1, x1 –k1,…, xm –km) where all operations are modulo 26. This is an example (www) of a block cipher. Cryptography, Jerzy Wojdylo, 5/4/01
The Hill Cipher Let m Z+, let P = C = (Z26)m, let K = {mm invertible matrices over Z26}. For a key K, we define eK(x) = Kx (mod 26) and dK(y) = K-1y (mod 26). • Example MATLAB. Cryptography, Jerzy Wojdylo, 5/4/01
The Permutation Cipher Let m Z+, let P = C = (Z26)m, let K =Sm. For a key (i.e. a permutation) π we define eπ(x1, x2, ,…, xm) = (xπ (1), xπ (2),…, xπ (m)) and dπ(y1, y2, ,…, ym)=(yπ-1(1), yπ -1 (2),…, yπ-1(m)) where π-1 is the inverse permutation to π. (The Hill Cipher, where K = a permutation matrix.) Cryptography, Jerzy Wojdylo, 5/4/01
Cryptoanalysis • Kerchkhoff’s Principle: cryptosystem (the algorithm) is NOT secret, the key is secret. • Common attacks to obtain the key • Ciphertext-only • Known plaintext • Chosen plaintext • Chosen ciphertext Cryptography, Jerzy Wojdylo, 5/4/01
Attack on a Shift Cipher • Ciphertext-only • Exhaustive search • 26 cases • Very insecure cipher Cryptography, Jerzy Wojdylo, 5/4/01
Cryptoanalysis of a Monoalphabetic Cipher • Ciphertext-only attack • Letter frequencies the English language Cryptography, Jerzy Wojdylo, 5/4/01
Attack on a Substitution Cipher • Insecure cipher, even though the number of possible keys is 26! = 403291461126605635584000000(approximately 4.0329·1026) • Letter frequencies calculator • www Cryptography, Jerzy Wojdylo, 5/4/01
Attack on the Vigenère Cipher • Kasiski test (m, length of the key) • Fredrich Wilhelm Kasiski (1863) • Charles Babbage (1854, result remained secret) • Two identical segments of plaintext will be encrypted to the same ciphertext if their occurrence in the plaintext is x position apart, where x is a multiple of m. Cryptography, Jerzy Wojdylo, 5/4/01
Attack on the Vigenère Cipher CHREEVOAHMAERATBIAXXWTNXBEEOPHBSBQMQEQERBWRVXUOAKXAOSXXWEAHBWGJMMQMNKGRFVGXWTRZXWIAKLXFPSKAUTEMNDCMGTSXMXBTUIADNGMGPSRELXNJELXVRVPRTULHDNQWTWDTYGBPHXTFALJHASVBFXNGLLCHRZBWELEKMSJIKNBHWRJGNMGJSGLXFEYPHAGNRBIEQJTAMRVLCRREMNDGLXRRIMGNSNRWCHRQHAEYEVTAQEBBIPEEWEVKAKOEWADREMXMTBHHCHRTKDNVRZCHRCLQOHPWQAIIWXNRMGWOIIFKEE Cryptography, Jerzy Wojdylo, 5/4/01
Attack on the Vigenère Cipher • Positions of CHR: 1, 166, 236, 276, 286. • Differences of positions: 166 – 1 = 165 236 – 1 = 235276 – 1 = 235 286 – 1 = 285 • The gcd of these differences is 5, so the key is most likely of length m = 5. Cryptography, Jerzy Wojdylo, 5/4/01
Attack on the Vigenère Cipher • Divide the ciphertext into 5 subsrtings (positions 5k, 5k+1, 5k+2, 5k+3, 5k+4) • Analize each substring as a monoalphabetic cipher. • Continue on http://math.ucsd.edu/~crypto/java/EARLYCIPHERS/Vigenere.html • Also an insecure cipher Cryptography, Jerzy Wojdylo, 5/4/01
Cryptonalysis of the Hill Cipher • Number of keys k = number of invertible mm matrices with coefficients from Z26.Does anyone know the formula? • If p is prime, the alphabet is Zp then • If p = 29 and Cryptography, Jerzy Wojdylo, 5/4/01
Cryptonalysis of the Hill Cipher • Easily broken with known plaintext attack. • Permutation Cipher = Hill Cipher, where the key is a permutation matrix. • Both ciphers are insecure. Cryptography, Jerzy Wojdylo, 5/4/01
Perfect Secrecy • A cryptosystem is computationally secure if the best algorithm for breaking it requires at least N operations, where N is some specified , very large number.Problems… • A cryptosystem is unconditionally secure if it cannot be broken with infinite computational resources. Cryptography, Jerzy Wojdylo, 5/4/01
Perfect Secrecy • None of the classical cryptosystems is even computationally secure. • However the Shift Cipher, the Substitution Cipher, and the Vigènere Cipher are unconditionally secure if only one element of plaintext is encrypted with a given key!REALLY??? Cryptography, Jerzy Wojdylo, 5/4/01
Perfect Secrecy • Claude Shannon “Communication Theory of Secrecy Systems”, Bell Systems Technical Journal, (1949) . • A cryptosystem has perfect secrecy if pP(x|y) = pP(x) for any xP and yC. That is the a posteriori probability that the plaintext is x, given that the ciphertext is y, is identical to the a priori probability that the plaintext is x. Cryptography, Jerzy Wojdylo, 5/4/01
Perfect Secrecy • Theorem (Shannon). Suppose the 26 keys in the Shift Cipher are used with equal probability 1/26. Then for any plaintext probability distribution, the Shift Cipher has perfect secrecy. • Consequences: One-time Pad Cryptosystem (Gilbert Vernam, 1917). Key, plaintext, and ciphertext have the same length. Problems with keys: very long, distribution. Each key can be used only ONCE! Cryptography, Jerzy Wojdylo, 5/4/01
The EndCryptography, Part 1: Classical Ciphers Cryptography Part 2: Modern Cryptosystems Stay Tuned…