Historical Cryptography: From Ancient Ciphers to Modern Encryption Algorithms - Prof. Krzy, Study notes of Cryptography and System Security

Download Historical Cryptography: From Ancient Ciphers to Modern Encryption Algorithms - Prof. Krzy and more Study notes Cryptography and System Security in PDF only on Docsity! 1 Historical Ciphers ECE 646 - Lecture 6 2 Review of Lecture 5 • GCD and a mod p = c • The Ring
m • Properties of Rings • Euclid's Algorithm • Extended Euclidean Algorithm 3 Why (not) to study historical ciphers? AGAINST FOR Not similar to modern ciphers Long abandoned Basic components became a part of modern ciphers Under special circumstances modern ciphers reduce to historical ciphers Influence on world events The only ciphers you can break! 4 Secret Writing Steganography (hidden messages) Cryptography (encrypted messages) Substitution Transformations Transposition Ciphers (change the order of letters) Codes Substitution Ciphers(replace words) (replace letters) 5 Selected world events affected by cryptology 1 - trial of Mary Queen of Scots - substitution cipher 1 - Zimmermann telegram, America enters World War I 1939-1945 Battle of England, Battle of Atlantic, D-day - ENIGMA machine cipher 1944 – world’s first computer, Colossus - German Lorentz machine cipher 1950s – operation Venona – breaking ciphers of soviet spies stealing secrets of the U.S. atomic bomb – one-time pad 6 Ciphers used predominantly in the given period(1) Electromechanical machine ciphers (Complex polyalphabetic substitution ciphers) 1919 Vigenère cipher (Simple polyalphabetic substitution ciphers) Cryptography Cryptanalysis 1586 Invention of the Vigenère Cipher Monoalphabetic substitution cipher Homophonic ciphers Invention of rotor machines XVIII c. Black chambers 1863Kasiski’s method 1918Index of coincidence William Friedman Shift ciphers100 B.C. IX c. Frequency analysis al-Kindi, Baghdad 1926 Vernam cipher (one-time pad) 13 General Substitution Cipher (2) • #keys = 288 • Q: Is a brute-force attack possible? i.e., trying of all possible keys • Q: Which other attack is possible? 14 Most frequent single letters Average frequency in a long English text: E — 13% T, N, R, I, O, A, S — 6%-9% D, H, L — 3.5%-4.5% C, F, P, U, M, Y, G, W, V — 1.5%-3% B, X, K, Q, J, Z — < 1% = 0.038 = 3.8% Average frequency in a random string of letters: 1 26 15 Digrams: TH, HE, IN, ER, RE, AN, ON, EN, AT Trigrams: THE, ING, AND, HER, ERE, ENT, THA, NTH, WAS, ETH, FOR, DTH Most frequent digrams, and trigrams 16 0 2 4 6 8 10 12 14 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Relative frequency of letters in a long English text by Stallings 7.25 1.25 3.5 4.25 12.75 3 2 3.5 7.75 0.25 0.5 3.75 2.75 7.75 7.5 2.75 0.5 8.5 6 9.25 3 1.5 1.5 0.5 2.25 0.25 170 2 4 6 8 10 12 14 a b c d e f g h i j k l m n o p q r s t u v w x y z 0 2 4 6 8 10 12 14 a b c d e f g h i j k l m n o p q r s t u v w x y z Character frequency in a long English plaintext Character frequency in the corresponding ciphertext for a shift cipher 18 0 2 4 6 8 10 12 14 a b c d e f g h i j k l m n o p q r s t u v w x y z Character frequency in a long English plaintext Character frequency in the corresponding ciphertext for a general monoalphabetic substitution cipher 0 2 4 6 8 10 12 14 a b c d e f g h i j k l m n o p q r s t u v w x y z 19 0 2 4 6 8 10 12 14 a b c d e f g h i jk lm n o p q r s tu v w x y z 0 2 4 6 8 10 12 14 a b c d e f g h i jk lm n o p q r s tu v w x y z 0 2 4 6 8 10 12 14 a b c d e f g h I j k lm n o p q r s tu v w x y z 0 2 4 6 8 10 12 14 a b c d e f g h I j k l m n o p q r s t u v w x y z Long English text T Ciphertext of the long English text T Short English message M Ciphertext of the short English message M Frequency analysis attack: relevant frequencies 20 Ciphertext: FMXVE DKAPH FERBN DKRXR SREFM ORUDS DKDVS HVUFE DKAPR KDLYE VLRHH RH A B C D E F G H I J K L M N O P Q R S T U V W X Y Z R - 8 D - 7 E, H, K - 5 Frequency analysis attack (1) Step 1: Establishing the relative frequency of letters in the ciphertext 21 f(E) = R f(T) = D f(4) = 17 f(19) = 3 Frequency analysis attack (2) Step 2: Assuming the relative frequency of letters in the corresponding message, and deriving the corresponding equations Assumption: Most frequent letters in the message: E and T Corresponding equations: E → R T → D 4 → 17 19 → 3 28 Determining the period of the polyalphabetic cipher Kasiski’s method Ciphertext: G G B R G R A G T G G B R Distance = 9 Period d is a divisor of the distance between identical blocks of the ciphertext In our example: d = 3 or 9 29 Index of coincidence method (1) ni - number of occurances of the letter i in the ciphertext N - length of the ciphertext pi = frequency of the letter i for a long ciphertext i = a .. z pi = lim ni N N→ ∞  i=a z pi=1 30 Measure of roughness: Index of coincidence method (2) M .R .= i=a z  p i 126  2 = i=a z p i 2 1 26 M.R. 0.028 0.014 0.006 0.003 period 1 2 5 10 31 Index of coincidence method (3) Index of coincidence The approximation of Definition: Probability that two random elements of the ciphertext are identical Formula:  i=a z p i 2 I .C .= i=a z ni 2 N 2 = z ∑ i=a (ni -1) ⋅ ni (N -1) ⋅ N 32 Index of coincidence method (4) Measure of roughness M.R. = I.C. - = 1 26 z ∑ i=a (ni -1) ⋅ ni (N -1) ⋅ N - 1 26 M.R. 0.028 0.014 0.006 0.003 period 1 2 5 10 33 Polyalphabetic substitution ciphers Simplifications (2) B. Rotor machines used before and during the WWII Germany: Enigma d=26⋅25⋅26 = 16,900 U.S.A.: M-325, Hagelin M-209 Japan: “Purple” UK: Typex d=26⋅(26-k)⋅26, k=5, 7, 9 Poland: Lacida d=24⋅31⋅35 = 26,040 PeriodCountry Machine 34 Substitution Ciphers (3) 3. Running-key cipher M = m1 m2 m3 m4 . . . . mN K = k1 k2 k3 k4 . . . . kN C = c1 c2 c3 c4 . . . . cN K is a fragment of a book ci = mi + ki mod 26 mi = ci - ki mod 26 Key: book (title, edition), position in the book (page, row) 35 0 2 4 6 8 10 12 14 a b c d e f g h i j k l m n o p q r s t u v w x y z Character frequency in a long English plaintext Character frequency in the corresponding ciphertext for a running-key cipher 1 26 ⋅ 100% ≈ 3.8 % 0 2 4 6 8 10 12 14 a b c d e f g h i j k l m n o p q r s t u v w x y z 36 Substitution Ciphers (4) 4. Polygram substitution cipher M = m1 m2 … md - M1 Key = d, f Number of keys for a given block length d = (26d)! md+1 md+2 … m2d - M2 m2d+1 m2d+2 … m3d - M3 ….. C = c1 c2 … cd - C1 d is the length of a message block cd+1 cd+2 … c2d - C2 c2d+1 c2d+2 … c3d - C3 ….. Ci = f(Mi) Mi = f-1(Ci) 43 Transposition ciphers M = m1 m2 m3 m4 . . . . mN C = mf(1) mf(2) mf(3) mf(4) . . . . mf(N) Letters of the plaintext are rearranged without changing them 44 0 2 4 6 8 10 12 14 a b c d e f g h i j k l m n o p q r s t u v w x y z Character frequency in a long English plaintext Character frequency in the corresponding ciphertext for a transposition cipher 0 2 4 6 8 10 12 14 a b c d e f g h i j k l m n o p q r s t u v w x y z 45 Transposition cipher Example Plaintext: CRYPTANALYST Key: KRIS Encryption: K R I S C R Y P T A N A L Y S T 2 3 1 4 Ciphertext: YNSCTLRAYPAT 46 One-time Pad Vernam Cipher Gilbert Vernam, AT&T Major Joseph Mauborgne 1926 ci = mi ⊕ ki mi ki ci 01110110101001010110101 11011101110110101110110 10101011011111111000011 All bits of the key must be chosen at random and never reused 47 One-time Pad Equivalent version ci = mi + ki mod 26 mi ki ci TO BE OR NOT TO BE AX TC VI URD WM OF TL UG JZ HFW PK PJ All letters of the key must be chosen at random and never reused 48 Perfect Cipher Claude Shannon Communication Theory of Secrecy Systems, 1948 ∀ m ∈ M c ∈ C P(M=m | C=c) = P(M = m) The cryptanalyst can guess a message with the same probability without knowing a ciphertext as with the knowledge of the ciphertext 49 Is substitution cipher a perfect cipher? C = XRZ P(M=ADD | C=XRZ) = 0 P(M=ADD) ≠ 0 50 Is one-time pad a perfect cipher? C = XRZ P(M=ADD | C=XRZ) ≠ 0 P(M=ADD) ≠ 0 M might be equal to CAT, PET, SET, ADD, BBC, AAA, HOT, HIS, HER, BET, WAS, NOW, etc. 51 Key Sizes • How many key bits are needed assuming that brute-force attacks are the only possible attacks. key length security estimation 56 – 64 bits short term (a few hours or days) 112 – 128 bits long term (several decades w/o quantum computers) 256 bits long term (several decades even w/ quantum computers)