710 likes | 864 Vues
Session 1. Classical Cryptography. Basic concepts. Cryptology kryptos =secret + logos =(word, language, meaning, science) Cryptology = Cryptography + Cryptanalysis Opposite and complementary at the same time. Basic concepts. Cryptography
E N D
Session 1 Classical Cryptography
Basic concepts • Cryptology • kryptos=secret + logos=(word, language, meaning, science) • Cryptology = Cryptography + Cryptanalysis • Opposite and complementary at the same time
Basic concepts • Cryptography • develops methods of encipherment in order to protect information. • Cryptanalysis • breaks these methods in order to reconstruct the original information.
KEY KEY encipher Ciphertext decipher Plaintext Plaintext A B Cryptanalysis decrypt The general cryptographic procedure
Classification of cryptosystems • Secret key cryptography (symmetric) • Shared key (secret), delivered to both parties in advance via a secure channel. • Classification of symmetric ciphers • Stream ciphers • Block ciphers
Classification of cryptosystems • Public key cryptography (asymmetric) • The key is reconstructed from the secret part and the public part. • The secure channel is not needed.
Symmetric cryptography • Stream ciphers • The transformation is applied to every symbol of the original message (e.g. to every bit of the message). • Block ciphers • The transformation is applied to a group of symbols of the original message (e.g. to groups of 128 bits).
Symmetric cryptography • Stream ciphers • Can be very fast • Used mainly in government applications (military, police etc.) • Civilian applications, too (e.g. in Web browsers) • Export limitations often make good stream ciphers unsuitable for public use.
Symmetric cryptography • Block ciphers • Slower and less secure than stream ciphers (in general) • No implementation and export limitations • It is possible to build a stream cipher starting from a block cipher • There exists a “standard” block cipher - AES • Used a lot in practice.
Classical cipher systems • Transposition • A fixed permutation of n letters of the plaintext • The plaintext is divided into groups (blocks!) of length n • The permutation is applied to each group • This is a primitive block cipher • The permutation is fixed – the permutation is the key • Statistics of the plaintext are preserved on output - bad!
Classical cipher systems • Transposition - example
Classical cipher systems • Substitution • Monoalphabetic • Each occurrence of the same symbol of the plaintext is substituted with the same symbol. • Polyalphabetic • Each occurrence of the same symbol of the plaintext is substituted with a different symbol that depends on the key.
Classical cipher systems • Substitution – example • This is a monoalphabetic substitution • Example: an “A” is always substituted with a “P”.
Classical cipher systems • Caesar’s cipher (monoalphabetic) (1st century B.C.) • The substitution is obtained by a cyclic shift of the original Roman alphabet (23 letters) by 3 to the left. Gaius Julius Caesar, 100-44 B.C.
Classical cipher systems • Caesar’s cipher • Mathematical representation: • Example:
Classical cipher systems • Vigenère’s cipher (polyalphabetic) (1586) • Mathematical representation (26 letters alphabet): • Encipherment: • Decipherment: • Example: key Z=(L,O,U,P)
Classical cipher systems • Vigenère’s cipher - manual enciphering • Letter encoding: Enciphering: Deciphering: Note that the modulus of a negative value is computed by repeatedly adding the base until a positive value is obtained.
Classical cipher systems • Vigenère’s cipher Blaise de Vigenère (1523-1596)
Classical cipher systems • Beaufort’s cipher (polyalphabetic) (1857) • Mathematical representation (26 letters alphabet): • Encipherment: • Decipherment: • Example: key Z=(W,I,N,D) Sir Francis Beaufort (1774-1857) Encipherment and decipherment are the same(involution)
Classical cipher systems • Beaufort’s cipher - manual enciphering • Letter encoding: Enciphering: Deciphering:
Classical cipher systems • Electromechanical devices • The principal drawback of the systems that used tables was their inefficiency at enciphering/deciphering long texts. • At the same time, the need to process long texts increased. • In the beginning of the 20th century, technology advanced enough to enable design of electromechanical cryptographic devices.
Classical cipher systems • The ENIGMA machine • Patented in 1918 by Arthur Scherbius, a German engineer. • Used extensively by the Germans in the World War II. • Essentially, this was a multiple substitution cipher that achieved a considerably higher number of possible combinations to search in the process of cryptanalysis than the older ciphers.
M Q Classical cipher systems • The ENIGMA machine • All the machines of this kind consisted of wheels. Rotor machines – principle of operation
Classical cipher systems • The ENIGMA machine • Some wheels were fixed (stators) and some were mobile (rotors). • ENIGMA consisted of two fixed wheels (the entry wheel and the reflector) and 3 or 4 rotors. • Rotors could be selected out of a number of rotors (usually 3 out of 5).
Classical cipher systems • The ENIGMA machine • The choice of the rotors, as well as their ordering constituted a part of the key. • All the rotors had contacts on both sides, through which current was flowing. • Each contact corresponded to a letter of the alphabet and the contacts on both sides of a rotor were connected by a special wiring – monoalphabetic substitution.
Classical cipher systems • The ENIGMA machine • Due to a special kind of stepping motion of the wheels, not all the wheels rotated the same number of shifts at enciphering different letters. • There was one wheel that moved with every single letter to be enciphered, and the other wheels moved more slowly and irregularly.
Classical cipher systems • The ENIGMA machine • Current positions of the contacts on the wheels determined the substitution of the given (typed) letter – long period of the output sequence.
Classical cipher systems • The ENIGMA machine • Some variants of ENIGMA also included a permutation (plugboard) that was realized through wiring, and that permutation occasionally changed. • The role of the plugboard was to change the letter that was actually typed to some other letter (depending on the permutation) before and after the electric current entered the wheels.
Classical cipher systems • The ENIGMA machine • What distinguished the ENIGMA machine from the other electromechanical cryptographic machines was the use of the reflector - a special stator that was redirecting the flow of the current back through the rotors by a different route. • The reflector ensures that the ENIGMA machine is self-reciprocal, i.e. the enciphering and the deciphering transformations are the same.
Classical cipher systems • The ENIGMA machine • However, by introducing the reflector, substituting the given letter with itself was disabled. • That introduced a small bias in the statistics of the letter sequence produced by the machine that enabled the cryptanalysis.
The ENIGMA machine Source: http://en.wikipedia.org/wiki/Enigma_machine
Classical cipher systems • The Vernam cipher (1917) (One-time pad) • Key: binary random sequence used only once. • Mathematical representation: • Encipherment: • Decipherment: • Example - plaintext: come soon (Encoding ITA-2)
Classical cipher systems • The Vernam cipher was a cipher intended to be used on teletype writers. • Because of that, the key storage medium was a paper tape of the same type as the tape that was used for storing the messages.
Classical cipher systems • The message had to be encoded first, and the teletype writer itself performed this transformation. • Every teletype writer implemented some encoding and the most widespread one was International Telegraph Alphabet No 2 (ITA-2).
Classical cipher systems • ITA-2 Binary DecimalLETTERSNUMBERSBinary DecimalLETTERSNUMBERS----------------------------------------------------- ---------------------------------------------------- 00000 0 BLANK BLANK 10000 16 T 5 00001 1 E 3 10001 17 Z " 00010 2 LF LF 10010 18 L ) 00011 3 A - 10011 19 W 2 00100 4 SP SP 10100 20 H # 00101 5 S BELL 10101 21 Y 6 00110 6 I 8 10110 22 P 0 00111 7 U 7 10111 23 Q 1 01000 8 CR CR 11000 24 O 9 01001 9 D $ 11001 25 B ? 01010 10 R 4 11010 26 G & 01011 11 J ‘ 11011 27 FIGS FIGS 01100 12 N , 11100 28 M . 01101 13 F ! 11101 29 X / 01110 14 C : 11110 30 V ; 01111 15 K ( 11111 31 LTRS LTRS
Cryptographic security • How much security a cipher system offers? • This question implies that there is a measure of security. • It is not easy to define such a measure. • A desirable property of a cipher system would be that a cryptanalyst should not be able to decrypt the plaintext by trying all the possible keys. • But this does not necessarily provide high level of security.
Cryptographic security • Example: any monoalphabetic cipher • 26 letters alphabet • Each key (a permutation of the alphabet) equally likely • Relatively long plaintext (>25 letters for English)
Cryptographic security • Example (cont.): • 1 ns (10-9s) to check one out of 26! possible keys • Then we need 1.281010 years to try all the keys. • Is the system secure? No! • We can break it by statistical means, without trying any key.
Cryptographic security • Suppose that the cryptanalyst does actually have resources (i.e. time) to try all the keys. • Can he/she determine the plaintext? • Not necessarily! • It is possible (this depends on the cipher system) that the cryptanalyst cannot decide which plaintext was sent even after trying all the possible keys.
Cryptographic security • Theoretical security (perfect secrecy) • The system is secure against an attacker with unlimited time and computational resources. • Example: The Vernam cipher (One-time pad). • Practical security • The system is secure against an attacker with limited time and computational resources. • Example: The RSA cryptosystem.
Cryptographic security • Perfect secrecy (Shannon, 1949) • A cryptosystem is perfectly secret if: • The plaintext X is statistically independent on the cryptogram Y for all the possible plaintexts and all the possible cryptograms, i.e. P(X = x | Y = y) = P(X = x) • This is achieved if: • There is exactly 1 key transforming each plaintext to each cryptogram. • All the keys are equally likely.
Cryptographic security • Is perfect secrecy practically achievable? • Example: • A cipher with X, Y, Z{0,1,…,L-1}n • All the keys are equally likely • The enciphering transformation: • The number of keys/plaintexts/ciphertexts is Ln.
Cryptographic security • Example (cont.) • Then there is exactly one key transforming each plaintext to each cryptogram. • Even if the cryptanalyst can try all the possible keys, there is no way of telling whether the obtained plaintext is the right one or not, since all the plaintexts obtained by trying the keys will belong to the set X.
Cryptographic security • Example: L=4, n=1 • If we receive the cryptogram y1 and try all the possible keys, we get all the plaintexts (x1,…,x4). • Then we still do not know which plaintext is the right one. • The same happens if the other possible cryptograms (y2,…,y4) are received. • Thus this cipher system is perfectly secret.
Cryptographic security • What happens if n grows? • The number of keys/plaintexts/ciphertexts is Ln. • But meaningful texts usually represent only an infinitesimal part of the set X with Ln elements. • This means that after trying all the possible keys, the cryptanalyst will get a (relatively) small number of meaningful plaintexts. • The longer the n, the smaller the number of meaningful plaintexts obtained in this process.
Cryptographic security • What is the minimum length n0 of the cryptogram needed for the cryptanalyst to get only 1 meaningful plaintext after trying all the possible keys? • n0 is called unicitydistance. • n0 depends on the properties of the language. To quantify them (and compute n0) we need the concept of entropy.
Cryptographic security • Shannon’s entropy • The cryptanalyst has to make a decision • He/she is faced with a set of possible events. • Each of these events has an associated probability. • The only logical choice is to accept the event with the highest probability. • If the event with the highest probability is not unique, the choice is made at random among the events that have equal this highest probability.
Cryptographic security • Shannon’s entropy • The confidence with which the cryptanalyst makes the decision depends on how much the probability of the chosen event exceeds the probabilities of other events. • A quantitative measure of this confidence is called entropy – the measure of uncertainty of the system – the higher the confidence, the less the uncertainty.