580 likes | 1.05k Views
Classical Cryptography. Definition A cryptosystem is a 5-tuple ( P , C , K , E , D ) , where the following conditions are satisfied: 1. P is a set of possible plaintext elements 2. C is a set of possible ciphertext elements
E N D
Classical Cryptography Definition A cryptosystem is a 5-tuple ( P, C , K , E , D ), where the following conditions are satisfied: 1.P is a set of possible plaintext elements 2. C is a set of possible ciphertext elements 3.K , the keyspace, is a finite set of possible keys 4. For each key K K, there is an encryption rule eK E and a decryptionrule dK D such that eK : PC , dK : CP and dK(eK(x)) = x for every x P.
The Affine Cipher In the Affine Cipher, where e(x) = (ax + b) mod 26 for chosen constants a and b, we are restricted to values of a that are relatively prime to 26. Since 26 = 213, the possible values for a are the odd integers less than 26, with the exception of 13. Namely: 1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25 Since there are 26 possible choices for b and 12 choices for a, there are 2612 = 312 possible affine functions. Definition. The Affine Cipher cryptosystem ( P, C , K , E , D ) is given by P=C = Z26and K = { (a,b) | a,b Z26 and gcd(a,26) = 1 }. For each key K = (a,b), the encryption function is eK(x) = (ax + b) mod 26 and the decryption function is dK(y) = a-1(y-b), where a-1 is the inverse of a in Z26.
The Affine Cipher Recall that the extended Euclidean algorithm can be used to compute inverses in Zn Given positive integers a and n, the algorithm calculates d, x, and y such that d = gcd(a,n) and d = ax + yn. When d = 1, you have ax = 1-yn and hence ax = 1 mod n. Thus x is a-1 mod n. In the case where n = 26, one can calculate inverses by hand. Inverses mod 26: 1-1 = 1 3-1 = 9 5-1 = 21 7-1 = 15 11-1 = 19 17-1 = 23 25-1 = 25
The Affine Cipher: Example Suppose K = (7,3). Recall that 7-1 = 15 mod 26. Then, with all operations performed in Z26: eK(x) = 7x + 3 and dK(y) = 15(y-3) = 15y – 19 Lets check that dK(eK(x)) = x: dK(eK(x)) = dK(7x+3) = 15(7x+3) -19 = x+45-19 = x+26 = x (mod 26). Now lets encrypt the plaintext hot . The numerical representations of the three letters are 7, 14 and 19. Now to encrypt: (77+3) mod 26 = 52 mod 26 = 0 A (714+3) mod 26 = 101 mod 26 = 23 X (719+3) mod 26 = 136 mod 26 = 6 G Thus eK(hot) = AXG
The Hill Cipher Invented in 1929 by Lester Hill, the Hill Cipher uses blocks of m characters for some integer m, and enciphers elements by means of linear combinations of the m elements. Let P = C= (Z26)m and let K be the set of invertible mm matrices over Z26. Given a matrix M K, and a integer plaintext element x = (x1,x2,…,xm), we define eM(x) = (x1,x2,…,xm)M, where the symbol denotes matrix multiplication. In the above, we have identified the letters of the alphabet with the corresponsing integers as before. We shall henceforth assume this correspondence and treat Z26 as if it were the alphabet. However, from time to time, we will elaborate to remind you of the real process.
Example: The Hill Cipher Encryption • Suppose we are using a Hill cipher with m = 2 and key K = • To encrypt the plaintext hello, we first break it up into two-element pairs, adding an arbitrary character at the end (in our case, the letter r) : • he ll or • Then convert the pairs to integer vectors: he (7 4), ll (11 11), or (14 17) • We then multiply each of these vectors by K and convert to characters: • (7 4) = (26 83 ) 26 (0 5) AF • (11 11) = (55 154 ) 26 (3 24) DY • (14 17) = (79 211 ) 26 (1 3) BD • Thus the corresponding ciphertext is AFDYBD
The Hill Cipher So how do we decrypt? We need to solve equations like y = xMfor a square matrix M over Z26 If we solving over the reals, we would check to see if det(M) 0. Then we would compute the matrix inverse and multiply both sides by the inverse Thus the decryption function would be given by dM(y) = yM-1 Recall that we require M to be an “invertible” matrix over Z26. We will have much more to say about inverting matrices over Z26 soon.
The Hill Cipher Example: if m = 2, we could write a plaintext element as x = (x1,x2) and a ciphertext element as y = (y1,y2). If the key is the following matrix: Then the encryption function for this matrix is given by Written as linear equations: y1 = 11x1 + 3x2 mod 26 y2 = 8x1 + 7x2 mod 26
The Hill Cipher The 22 identity matrix: The 33 identity matrix: Recall that the mm identity matrix is the matrix Im whose i,jth entry is 1 if i = j and is 0 if i j. Square matrices are said to be inverses of each other if their product, in either order, is the identity matrix. You may verify that
The Hill Cipher K = As noted above, K-1 = DE LW Example: encrypt the plaintext july using the Hill cipher with m = 2 and key The plaintext july consists of two elements: ju (9,20) and ly (11,24) Thus eK(july) = DELW
The Hill Cipher ly ju To decrypt the ciphertext message DELW, Bob would compute
Matrices over Z26 The invertibility of a square matrix depends on the value of its determinant. Definition Suppose A = (ai,j) is an mm matrix. Define Aij to be the matrix obtained from A by deleting the ith row and jth column, 1 i,j m. Then det A = a1,1 if m = 1 and for m > 1 is given by the following recursive formula: det A = , where i is any fixed integer between 1 and m The recursive formula in the definition is not an efficient way to compute the determinant of a matrix. For a 22 matrix, the formula is simple: det A = a1,1a2,2 – a1,2a2,1 A more efficient method for computing determinants uses “elementary row operations”.
Matrices over Z26 One key property of determinants is that det AB = (det A)(det B). If matrix K has an inverse, then 1 = det I = det(KK-1) = (det K)(det K-1) Thus if a matrix has an inverse, its determinant must be invertible as well. As it happens, the converse is also true. Thus a real matrix has an inverse if and only if its determinant is nonzero. For matrices over Zn, the condition is that the determinant must be relatively prime to n. Given a matrix K, define the adjoint matrix K* to have as its i,jth entry the value (-1)i+j det Kji. Theorem. Suppose K is an mm matrix over Zn whose determinant is relatively prime to n. Then K-1 = (det K)-1K*, where K* is the adjoint matrix of K.
Matrices over Z26 Suppose is a matrix with entries in Zn and that det K = k1,1k2,2-k1,2k2,1 is relatively prime to n. Then = 117-8 3 mod 26 = 77-24 mod 26 = 53 mod 26 = 1 Theorem. Suppose K is an mm matrix over Zn whose determinant is relatively prime to n. Then K-1 = (det K)-1K*, where K* is the adjoint matrix of K. Corollary Example ( n= 26): Now 1-1 = 1 mod 26, so the inverse matrix is
Permutations • A permutation on a set S is a one-to-one and onto function from S to S • If S is finite, the permutation could be given by a table • The tradition for permutations is to write the inputs on one line and the image of each input underneath it • This is especially true when the set S consists of the integers from 0 to n for some integer n • Thus a permutation of the set of elements of Z5 could be written aswhere {i0, i1, i2, i3, i4 } = {0, 1, 2, 3, 4} • Example: The permutation is the function that maps 0 to 4, 1 to 2, 2 to 1, 3 to 0 and 4 to 3.
Product of Permutations • We will use the awkward notation of the text for the image b of an element a under a permutation : b =a • The product of two permutations on the same set is defined as the composition of the two functions • Thus for any a in the set, a = (a) • The set of permutations on a set has an identity element for the product operation: the identity permutation that sends every element to itself. • Since a permutation is a bijection, it clearly has an inverse relative to function composition, which is what we defined the product to be. • It is easy to find the inverse of a permutation: reverse the two rows and sort the columns based on the top row. • Example: find the inverse of = • Reverse the rows: • Then sort the columns based on the top row: =
Permutations Form a Group • Since composition of functions is associative, we see that the set of permutations on a set under function composition forms a group.
Elementary Mathematics of Permutations Suppose we are considering permutations on the integers mod m for some m. Then, given a sequence i1, i2, …, in of n elements of Zm, we define a permutation denoted (i1 i2 … in ) by i1 i2 , i2 i3 , . . . ,in-1in ,ini1 and j j for all other elements j of Zm. Such a permutation is called an n-cycle. Note that (i1 i2 … in ) = (i2 i3 … in i1) , etc. Cycles (i1 i2 … ir ) and (j1 j2 … js ) are said to be disjoint if {i1, i2, …, ir} {j1, j2, …, js} = Examples: (0 5 9 7) (1 8 3) (2 4 6) The above cycles are pairwise disjoint
Products of Cycles (0 5 9 7) (1 8 3) (2 4 6) (0 5 9 7) (1 8 3) (2 4 6) Note that disjoint cycles commute – that is, the order of multiplication does not matter (0 5 9 7) (1 8 3) (2 4 6) = (2 4 6) (0 5 9 7) (1 8 3) In general, permutation product is not commutative.
Theorem Every permutation is a product of disjoint cycles.
The Substitution Cipher In use for hundreds of years Puzzle “cryptograms” in newspapers are examples of Substitution Ciphers P = C = Z26 and K consists of all possible permutation of the 26 symbols 0,1,…,25. If is a permutation on set S and x S, the image of x under is denoted x For each permutation K, define e(x) = xand d(y) = xs where s is the inverse permutation to ( that is, s = -1 ). In the case of the Shift Cipher, we needed to identify letters of the alphabet with Integers between 0 and 25 to use modular arithmetic. For the Substitution Cipher, we might as well take P and C as the 26 letters of the alphabet, since no arithmetic is involved. Thus we will think of encryption and decryption as permutations of alphabetic characters
Example Thus e(a) = X, e(b) = N, . . . The inverse permutation is obtained by swapping rows and sorting on the top row. -1 Hence d(A) = d, d(B) = l, … In particular d(e(a)) = d(X) = a (inverse!)
Example -1 Message received: MGZVYZLGHCMHJMYXSSFMNHAHYCDLMHA Decoded message: thisciphertextcannotbedecrypted
The Viginère Cipher Let m be a positive integer. Define P=C = K = (Z26)m. For a key K = (k1, k2, . . . , km), we define eK(x1, x2, . . . , xm) = (x1+ k1, x2+ k2, . . . , xm+ km) and dK(y1, y2, . . . , ym) = (y1- k1, y2- k2, . . . , ym- km) where all operations are performed in Z26. The Shift and Substitution Ciphers are mono-alphabetic: once a key K is chosen, each alphabetic character is mapped to a unique alphabetic character. One of the earliest poly-alphabetic ciphers was invented by Blaise de Viginère in the 16th century. Using the correspondence between integers and characters ( A0, B1, … we associate each key K with a alphabetic string of length m, called a keyword. The Viginère Cipher encrypts m alphabetic characters at a time: each plaintext element is equivalent to m alphabetic characters.
The Viginère Cipher convert to characters add in Z26 convert to integers mod 26 groups of 6 Suppose m = 6 and the keyword is CIPHER. This corresponds to the numerical equivalent K = (2, 8, 15, 7, 4, 17). Suppose the plaintext is the string t h i s c r y p t o s y s t e m i s n o t s e c u r e t h i s c r y p t o s y s t e m i s n o t s e c u r e 19 7 8 18 2 17 24 1519141824 18 19 4 12 8 18 13 14 19 18 4 2 20 17 4 replicate key 2 8 15 7 4 17 2 815 7 4 17 2 815 7 4 17 2 8 15 7 417 2 815 21 15 23 25 6 8 023 8 21 22 15 20 1 19191218 15 22 8 25 81922 25 19 V P X G I A X I V W P U B T T M J P W I Z I T W Z T
Permutation Ciphers Let m be a positive integer. Define P=C = (Z26)m and let K be the set of m-permutations. For a key and m-tuples x and y, we define • Another polyalphabetic cipher system is the Permutation Cipher • To use a permutation cipher, we break up the plaintext into groups of m characters, then apply the permutation to each of the groups. • Since no arithmetic is involved here, we view the plaintext and ciphertext elements as m-tuples of characters, rather than integers mod 26. • Suppose m = 6 and the permutation is (146)(25)(3), and we want to encypher the string “itisnevercoldinflorida”. First we break it up into groups of 6: itisnevercol dinfloridaxx • Now (itisne) = snieti, because the 1st element (i) is mapped to the 4th element (s), the 2nd element (t) is mapped to the 5th element (n), etc. • The final encrypted message is SNIETI CORLEV FLNOID AXDXIR
Poly-alphabetic Ciphers Another way to design a poly-alphabetic cipher is to interleave ciphers. For example, one could use the affine cipher y = 5x+7 mod 26 for the odd numbered letters and y = 3x+4 mod 26 for the even numbered letters. See the text for a use of this poly-alphabetic cipher. Poly-alphabetic ciphers are in general harder to break.
Permutation Ciphers are Hill Ciphers Given a permutation of the set {1,2,…,m}, we can define an associated mm permutation matrix K = (ki,j) by setting ki,j = 1 if i = jand equal to 0 otherwise. Example: suppose m = 3 and = (12)(3), that is, 1 and 2 are interchanged and 3 maps to itself. Then the associated permutation matrix is With a little thought, it should be apparent that the permutation cipher given by the above permutation is the same as the Hill cipher given by the associated matrix.
The Playfair Cipher The Playfair Cipher was invented around 1854 by Sir Charles Wheatstone. It was used by the British in WWI and in the Boer War. It makes use of a 55 matrix containing the letters of the alphabet, with i and j treated as one character. You start with a keyword, remove repeated letters and write them into the matrix by filling the first row from left to right, then continuing on to the next row, etc. Now you fill in the rest of the entries with the remaining letters of the alphabet. Example Keyword playfair playfir
The Playfair Cipher Keyword playfair playfir We may use other patterns in filling the matrix in a Playfair Cipher. The pattern we used in our example may be expressed by a diagram: Denotes the start Denotes the end
The Playfair Cipher Here is the fill pattern for Exercise 2, page 77 of the text:
The Playfair Cipher Encryption is now done in two-letter blocks as follows: First remove spaces and divide into two letter groups; if a group contains repeated letters, insert an x between them and regroup, adding an x at the end if needed. • If the two letters are in different rows and in different columns of the matrix, replace each letter by the letter that is in its row and the other letter’s column. • If the two letters are in the same row, replace each letter with the letter immediately to its right, wrapping around if needed. • If the two letters are in the same column, replace each letter with the letter immediately below it, wrapping around if needed. meet at the school house me et at th es ch ox ol ho us ex m and e are in the same row, so mE, eG e and t are separated, so e M, t N o and l are in the same column, so oV, lr Encrypted message: EG MN FQ QM KN BK SV VR GQ XN KU
The Playfair Cipher meet at the school house me et at th es ch ox ol ho us ex m and e are in the same row, so m E, eG me EG me et at th es ch ox ol ho us ex e and t are separated, so e M, t N et MN me et at th es ch ox olho us ex o and l are in the same column, so o V, lR oi VR Encrypted message: EG MN FQ QM KN BK SV VR GQ XN KU