640 likes | 851 Vues
Chapter 2 – Classical Encryption Techniques. Jen-Chang Liu, 2004 Adopted from lecture slides by Lawrie Brown.
E N D
Chapter 2 –Classical EncryptionTechniques Jen-Chang Liu, 2004 Adopted from lecture slides by Lawrie Brown
Many savages at the present day regard their names as vital parts of themselves, and therefore take great pains to conceal their real names, lest these should give to evil-disposed persons a handle by which to injure their owners. —The Golden Bough, Sir James George Frazer
Sir James George Frazer • 《金枝》一書原名應作「The Golden Bough」,作者Sir James Frazer (1854-1941),他是英國人類學家、民俗學家,和古典學者。《金枝》 一書的主旨在於:人類思想方式的發展過程是由巫術、宗教發展為科 學。 • 一個小鎮每年到了6月27日都會舉行 一種儀式:全鎮居民集合然後抽籤,抽中的人必須讓其他居民用亂石打死,且 不得反抗;這是為了驅除災難,被打死的人是為全鎮犧牲的英雄
Review: Model for Network Security 3 1 2 3 roles to play in security system
密碼學 Cryptography • Cryptographic systems can be characterized by: • encryption operations used for transforming plaintext to ciphertext • substitution / transposition (permutation) / product • number of keys used • single-key or private / two-key or public • way in which plaintext is processed • block / stream
Outline • Symmetric cipher model • Substitution technique • Transposition technique • Rotor machines • Steganography
? Symmetric Cipher Model 對稱式
Symmetric Encryption • conventional / single-key encryption • sender and recipient share a common key • all classical encryption algorithms are private-key • was only type prior to invention of public-key in 1970’s
Basic Terminology • plaintext - the original message • ciphertext - the coded message • cipher - algorithm for transforming plaintext to ciphertext • key - info used in cipher known only to sender/receiver • encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering ciphertext from plaintext • cryptography - study of encryption principles/methods • cryptanalysis (codebreaking) - the study of principles/ methods of deciphering ciphertext without knowing key • cryptology - the field of both cryptography and cryptanalysis 明文 密文
Mathematical formulation Y = EK(X) X = DK(Y)
m n o p replaces each letter by 3rd letter further down the alphabet Example: Caesar Cipher • earliest known substitution cipher by Julius Caesar • first attested use in military affairs • example: meet me after the toga party PHHW PH DIWHU WKH WRJD SDUWB
Assign a number to each alphabet: Example: Caesar Cipher (cont.) • Plaintext alphabets • Ciphertext alphabets • Encryption algorithm Y = EK(X)=(X+3) mod 26
Security Requirements • two requirements for secure use of symmetric encryption: • a strong encryption algorithm • assume encryption algorithm is known, the opponent is unable to decipher the ciphertext • a secret key known only to sender / receiver • implies a secure channel to distribute key
Cryptanalysis of Caesar Cipher • Assume that the encryption is known as a Caesar cipher • Try 25 possible keys –brute force • See fig. 2.3 • Why brute force attack works? • Encryption (decryption) algorithm is known • 25 keys too small • The language of plaintext is recognizable • Ex. A zipped file
Brute Force Search • Given encryption algorithm, it’s always possible to simply try every key • On average, try half of all keys • assume either know / recognise plaintext decryption DES AES 3DES
Degree of security for encryption schemes • unconditional security • no matter how much computer power is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext • 不論花多少時間也無法破解 • computational security • given limited computing resources (eg time needed for calculations is greater than age of universe), the cipher cannot be broken
Mini break • There will be a programming project this semester • Implementation of DES or AES
Outline • Symmetric cipher model • Substitution technique • Transposition technique • Rotor machines • Steganography
Classical Substitution Ciphers • where letters of plaintext are replaced by other letters or by numbers or symbols • if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns A B C . . Y Z A B C . . Y Z 26! Possible transforms
Caesar Cipher • can define transformation as: a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C • then have Caesar cipher as: C = E(p) = (p + k) mod (26) p = D(C) = (C –k) mod (26) Caesar cipher can be cryptoanalyzed by brute-force attack => Far from secure
Monoalphabetic Cipher • rather than just shifting the alphabet • each plaintext letter maps to a different random ciphertext letter E(.) A B C . . Y Z A B C . . Y Z 26! Possible transforms . . .
Monoalphabetic Cipher Security • now have a total of 26! = 4 x 1026 keys • Very secure !? • How to break?
Language Redundancy and Cryptanalysis • human languages are redundant
Cryptanalysis of monoalphabetic cipher Given ciphertext: Calculate its relative frequencies: * Compare it with the previous table
h e t e t t e e t e t e e e e e t h t t t t h e e e e e t h t t e t Cryptanalysis (cont.) • One alphabet frequencies: guess P & Z are e and t • Digrams and trigrams: frequencies of compound letters • guess ZW is th and hence ZWP is the • proceeding with trial and error • UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ • VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX • EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
How to improve monoalphabetic cipher? • Encrypt multiple letters of plaintext at the same time • Playfair cipher • Hill cipher • Use multiple cipher alphabets • Polyalphabetic cipher
Playfair Cipher • Best-known multiple-letter encryption cipher • invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair Example: digram mapping c x g y 26x26 diagrams
Playfair Key Matrix • a 5X5 matrix of letters based on a keyword • eg. using the keyword MONARCHY M O N A R C H Y B D E F G I/J K L P Q S T U V W X Z • fill in letters of keyword • fill rest of matrix with other letters in alphabetic order
M O N A R • C H Y B D • E F G I/J K • L P Q S T • U V W X Z Playfair: Encrypting and Decrypting • plaintext encrypted two letters at a time: • if a pair is a repeated letter, insert a filler like 'X', eg. "balloon" encrypts as "ba lx lo on" • if both letters fall in the same row, replace each with letter to right (wrapping back to start from end), eg. “ar" encrypts as "RM" • if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom), eg. “mu" encrypts to "CM" • otherwise each letter is replaced by the one in its row in the column of the other letter of the pair, eg. “hs" encrypts to "BP", and “ea" to "IM" or "JM" (as desired)
Security of the Playfair Cipher • security much improved over monoalphabetic • 26 x 26 = 676 digrams • would need a 676 entry frequency table to analyse (verses 26 for a monoalphabetic) • was widely used for many years (eg. US & British military in WW1) • it can be broken, given a few hundred letters • since still has much of plaintext structure
Idea: Relative frequency of occurrence of letters in ciphertext * Make the freq. Distribution information concealed => flatter
Linear equations: C=KP mod 26 Key matrix Hill cipher • Mathematician Lester Hill in 1929 • Multi-letter cipher • Ex. 3-letter cipher p1 c1 p2 c2 ? p3 c3 Input: 263 Output: 263
Hill cipher (cont.) • Encryption: C = KP mod 26 • Decryption: P = K-1C mod 26 • Idea: hide single-letter frequencies • 2x2 key matrix: hide single-letter freq. • 3x3 key matrix: hide single-letter and digram freq. • … How to attack Hill cipher?
Known plaintext-ciphertext pairs Ex. 2x2 key matrix, given “friday” => “PQCFKU” => => 解出K !!! Cryptanalysis on Hill cipher • Known ciphertext X
How to improve monoalphabetic cipher? • Encrypt multiple letters of plaintext at the same time • Playfair cipher • Hill cipher • Use multiple cipher alphabets • Polyalphabetic cipher Monoalph. Cipher: a k Polyalph. Cipher: Rule 1 a k Rule 2 J
Polyalphabetic Ciphers • Polyalphabetic substitution ciphers • A set of related monoalphabetic substitution rules is used • use a key to select which alphabet is used for each letter of the message
Vigenère Cipher • simplest polyalphabetic substitution cipher is the Vigenère Cipher • 26 Caesar ciphers • Each Caesar cipher is labelled by a key letter • See Table 2.3
key plaintext
Example: Vigenère Cipher • Encryption: need a key and the plaintext • Eg. using keyword deceptive key: deceptivedeceptivedeceptive plaintext: wearediscoveredsaveyourself ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ • Decryption: the table and the key are known • advantage: multiple ciphertext letters for each plaintext letter • => hide letter frequency • => See Fig. 2.6
Cryptanalysis on Substitution Cipher • Calculate the statistical properties of the ciphertext • Match language letter freq. • Monoalphabetic cipher • Polyalphabetic cipher (Vigenère Cipher) • Find the length of keyword • Attack each monoalphabetic cipher Yes No key: deceptivedeceptivedeceptive plaintext: wearediscoveredsaveyourself ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ Guess key length
Improve over Vigenère Cipher • Avoid repetition of key • Autokey system • weakness: the key and plaintext share the same frequency key: deceptivewearediscoveredsav plaintext: wearediscoveredsaveyourself ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA
Improve over Vigenère Cipher (cont.) • Avoid repetition of key • Gilbert Vernam, 1918 • Use of a running loop of tape that eventually repeat the key • A very long but repeating keyword • Encryption: bitwise operation i-th bit ciphertext i-th bit key i-th bit plaintext
One-Time Pad • Unconditional security !!! • Improve on Vigenère Cipher, by Jeseph Mauborgne • Use a random key that was truly as long as the message, no repetitions
Example: one-time pad • Known Vigenère Cipher with one-time key • Given ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS Decrypt by hacker 1: Ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS Key: pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyih Plaintext: mr mustard with the candlestick in the hall Decrypt by hacker 2: Ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS Key: pftgpmiydgaxgoufhklllmhsqdqogtewbqfgyovuhwt Plaintext: miss scarlet with the knife in the library Which one?
a b c d e f g h i j k l m n o p q r s t u v w x y z ? A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ? B C D E F G H I J K L M N O P Q R S T U V W X Y Z ?A C D E F G H I J K L M N O P Q R S T U V W X Y Z ?A B D E F G H I J K L M N O P Q R S T U V W X Y Z ?A B C E F G H I J K L M N O P Q R S T U V W X Y Z ?A B C D F G H I J K L M N O P Q R S T U V W X Y Z ?A B C D E G H I J K L M N O P Q R S T U V W X Y Z ?A B C D E F H I J K L M N O P Q R S T U V W X Y Z ?A B C D E F G I J K L M N O P Q R S T U V W X Y Z ?A B C D E F G H J K L M N O P Q R S T U V W X Y Z ?A B C D E F G H I K L M N O P Q R S T U V W X Y Z ?A B C D E F G H I J L M N O P Q R S T U V W X Y Z ?A B C D E F G H I J K M N O P Q R S T U V W X Y Z ?A B C D E F G H I J K L N O P Q R S T U V W X Y Z ?A B C D E F G H I J K L M O P Q R S T U V W X Y Z ?A B C D E F G H I J K L M N P Q R S T U V W X Y Z ?A B C D E F G H I J K L M N O Q R S T U V W X Y Z ?A B C D E F G H I J K L M N O P R S T U V W X Y Z ?A B C D E F G H I J K L M N O P Q S T U V W X Y Z ?A B C D E F G H I J K L M N O P Q R T U V W X Y Z ?A B C D E F G H I J K L M N O P Q R S U V W X Y Z ?A B C D E F G H I J K L M N O P Q R S T V W X Y Z ?A B C D E F G H I J K L M N O P Q R S T U W X Y Z ?A B C D E F G H I J K L M N O P Q R S T U V X Y Z ?A B C D E F G H I J K L M N O P Q R S T U V W Y Z ?A B C D E F G H I J K L M N O P Q R S T U V W X Z ?A B C D E F G H I J K L M N O P Q R S T U V W X Y ?A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z ?
Problem with one-time pad • Truly random key with arbitrary length? • Distribution and protection of long keys • The key has the same length as the plaintext!
Summary • Caesar cipher • Monoalphabetic cipher • Encrypt multiple letters of plaintext at the same time • Playfair cipher • Hill cipher • Use multiple cipher alphabets • Polyalphabetic cipher • Vernam cipher • One-time Pad
Outline • Symmetric cipher model • Substitution technique • Transposition technique • Rotor machines • Steganography