1 / 23

L1.1. An Introduction to Classical Cryptosystems

L1.1. An Introduction to Classical Cryptosystems. Rocky K. C. Chang, February 2013. This and the next set of slides. Outline. Components of a cryptosystem Some modular arithmetic Some classical ciphers Shift Cipher Substitution Cipher Affine Cipher Vigenère Cipher

gale
Download Presentation

L1.1. An Introduction to Classical Cryptosystems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. L1.1. An Introduction toClassical Cryptosystems Rocky K. C. Chang, February 2013

  2. This and the next set of slides

  3. Outline • Components of a cryptosystem • Some modular arithmetic • Some classical ciphers • Shift Cipher • Substitution Cipher • Affine Cipher • Vigenère Cipher • Permutation Cipher • Stream Ciphers • Attack models and cryptanalysis

  4. Elements of a secret-key cryptosystem

  5. The Cryptosystem

  6. A cryptosystem consists of • M: a finite set of possible plaintexts • C: a finite set of possible ciphertexts • K: the key space, a finite set of possible keys • E: A set of encryption rules • D: A set of decryption rules • For each KK, there is an EK() Eand a DK() D, such that • DK(EK(m)) = m for every m M.

  7. Requirements for a practical cryptosystem • Note that • EK() must be a 1-to-1 function. • If M = C, then EK() is a permutation. • Practically, • EK() and DK() should be efficiently computable. • An attacker, upon seeing a ciphertext, should be unable to determine the key or the plaintext. • The attack models • Cryptanalysis: attempt to compute K given some ciphertexts.

  8. Several classical ciphers

  9. First, “recall” some modular arithmetic • Suppose a and b are integers, and n is a positive integer (modulus). • a mod n = the remainder of a/n  {0, 1, …, n – 1}. • Congruence • a  b (mod n) iff a mod n = b mod n, i.e., same remainders. • “a is congruent to b modulo n.” • E.g., • 101 mod 7 = 714 + 3 = 3 • -101 mod 7 = 7(-15) + 4 = 4

  10. The Shift Cipher • Let M = C = K = {0, 1, 2, …, 25} • For 0 ≤ K ≤ 25, define • EK(m) = (m + K) mod 26 • DK(c) = (c – K) mod 26 • For example, K = 11 • m: 22 4 22 8 11 11 12 4 4 19 • c: 7 15 7 19 22 22 23 15 15 4 • For K = 3, the Shift Cipher is often called the Caesar Cipher. • Show that DK(EK(m)) = m for every mM.

  11. The Substitution Cipher • Let M = C = {0, 1, 2, …, 25} • K = {All possible permutations of the 26 numbers} • For each permutation K  K, define • EK(m) = K(m) = c • DK(c) = K-1(c), the inverse permutation • For example, one possible K is • a b c d e f g h i j k l m n o p q r s … • X N Y A H P O G Z Q W B T S F L R C V … • EK(a) = X and DK(X) = a • Is this cipher more secure?

  12. Affine Cipher • Let M = C = {0, 1, 2, …, 25} • K = (a, b), where a, b {0, 1, 2, …, 25}. • Encryption and decryption functions; • EK(m) = (am + b) mod 26 • DK(c) = a-1(c - b) mod 26 • EK(m) is not an one-to-one function for all a. • When a = 1, Affine Cipher is the same as a Shift Cipher. • Affine Cipher is still a special case of the Substitution Cipher.

  13. The Vigenère (vee zhun AIR) Cipher • Monoalphabetic (e.g., Shift and Substitution) vspolyalphabetic(e.g.,Vigenère) • M = C = K = (Z26)n, where n is a positive integer. • For a key K (keyword) = (k1, k2, …, kn), define • EK(m1, m2, …, mn) = (m1+k1, m2+k2, …, mn+kn) • DK(c1, c2, …, cn) = (c1 –k1, c2 –k2, …, cn–kn), where • the additions and subtractions are done in mod 26. • For example, n= 6 and K = (2, 8, 15, 7, 4, 17), • m: 19 7 8 18 2 17 24 15 19 14 18 24 • K: 2 8 15 7 4 17 2 8 15 7 4 17 • c: 21 15 23 25 6 8 0 23 8 21 22 15 • …

  14. The Permutation (or Transposition) Cipher • All the ciphers so far involve substitution: a plaintext symbol replaced by a differentsymbol. • A permutation cipher keeps the plaintext symbols unchanged but to alter their positions. • M = C = (Z26)n • K = {All permutations of 1, 2, …, n}. • For a key K (a given permutation), define • EK(m1, m2, …, mn) = (mK(1),mK(2),…, mK(n)) • DK(c1, c2, …, cn) =(cK-1(1),cK-1(2),…, cK-1(n)).

  15. The Permutation Cipher (cont’d) • For example, n = 6 • i: 1 2 3 4 5 6 • K(i): 3 6 1 5 2 4 • m : s h e s e l l s s e a s • c : eeslshsalses

  16. The Stream Cipher • The cryptosystems considered so far are known as blockciphers. • The plaintexts are encrypted using the same key. • An alternative is to generate a key stream y1y2y3, …. • c = Ey1(m1)Ey2(m2)Ey3(m3) …. • M, C, and K are the same as before. • g, the keystream generator, takes a key K to generate y1y2y3, …, where yiL. • For each y in the keystream, there is an encryption rule Ey() and a corresponding decryption rule Dy(), such that • Dy(Ey(m)) = m for every mM.

  17. The Vigenère Cipher and the Stream Cipher • Define Vigenère Cipher as a Stream Cipher: • M = C = L = Z26 (note the difference here) • K = (Z26)n • For each y  L, • Ey(m) = (m + y) mod 26 • Dy(m) = (c  y) mod 26 • The keystream: yi= kiif 1 ≤ i ≤ n; yi= ki-n, else.

  18. Block cipher vs stream cipher • Stream ciphers are typically faster than block. • Block ciphers typically require more memoryas their operations are based on blocks. • Stream ciphers are more difficult to implement correctly. • Block ciphers are more susceptible to noise in transmission. • Stream ciphers do not provide integrity protection or authentication, whereas some block ciphers could provide them.

  19. Attack models • What kind of information available to the attacker? • Kerckhoff’s principle: a cryptosystem should be secure even if everything about the system, except the key, is public knowledge. • The attack’s objective is to determine the key in use. • Different attack models: • Ciphertext-only attack: Eve possesses ciphertexts. • Known-plaintext attack: Eve possesses plaintexts and the corresponding ciphertexts. • Chosen-plaintext attack: Eve can temporarily choose a plaintext and construct the corresponding ciphertext. • Chosen-ciphertext attack: Eve can temporarily choose a ciphertext and construct the corresponding plaintext.

  20. Cryptanalysis • The Shift, Substitution, and Vigenère Ciphers are vulnerable to ciphertext-only attacks. • The Permutation and Stream Ciphers are vulnerable to known-plaintext attacks. • Most of the cryptanalysis are based on statistical properties of the English language. • E has the highest occurrence rate (0.12) • T, A, O, I, N, S, H, R (0.06-0.09) • … • V, K, J, X, Q, Z (< 0.01) • Popular digrams: TH, HE, IN, ER, … • Popular trigrams: THE, ING, AND, HER, …

  21. Cryptanalysis of the Vigenère Cipher • The first step is to determine n, the keyword length using Kasiski test. • The method is based on • 2 identical segments of plaintext will be encrypted to the same ciphertextif they are d positions apart, where d  0 (mod n). • If 2 identical segments of ciphertext found and each length ≥ 3, it is “likely” that they correspond to identical segments of plaintext. • The test: • Search the ciphertext for pairs of identical segments of length ≥ 3. • If exists, record the distance between them, say d1, d2, …. • n must divide the greatest common divisor of d1, d2, ….

  22. Conclusions • Classical ciphers can be classified as • Substitution vs permutation • Monoalphabeticvspolyalphabetic • Stream ciphers (e.g., JK Flip-Flop, A5, SEAL, RC4) vs block ciphers (e.g., DES, IDEA, AES, RC2) • Various stream ciphers: http://en.wikipedia.org/wiki/Stream_cipher#Usage • Ciphers’ security • The size of the key space • Vulnerability under cryptanalysis

  23. Acknowledgments • This set of slides is prepared mainly based on • D. Stinson, Cryptography: Theory and Practice, Chapman & Hall/CRC, Second Edition, 2002. • Some of the book’s materials can be found at http://www.maths.uwa.edu.au/~praeger/teaching/3CC/WWW/chapter2.html • The slide on block cipher vs stream cipher is based on http://security.stackexchange.com/questions/334/advantages-and-disadvantages-of-stream-versus-block-ciphers • Cryptoolportal: http://www.cryptool.org/en/

More Related