460 likes | 725 Views
More on Elementary Cryptology. The Multiliteral Cipher.
E N D
The Multiliteral Cipher Algorithm: for each letter P in the plaintext, find the cell in the table that containst it and substitute it for TWO letters in the ciphertext: the first letter corresponds to the row of the cell found and the the second to its column. Example: If key = “power”, then: E(“Xando is cool”) = rwppwwpepooeewpwwewewp.
Homophonic Substitution Cipher • Use a larger ciphertext alphabet. Then, to each plaintext letter, map a number of ciphertext symbols that is proportional to the relative frequency of the original letter in the language of the plaintext. • For instance: • (A): represented by 8 symbols • (B): represented by 2 symbols • (C): represented by 2 symbols • (D): represented by 4 symbols • (E): represented by 12 symbols • ... The goal is to create a cipher more resistant to frequency analysis by equalizing relative frequencies. Question: How does one break this cipher?
Hardening Text Ciphers Consider the occurrence of “space” in the plaintext. One can eliminate all occurrences of “space” compressing the plaintext before encipherment. The text can then be divided into fixed-length groups of letters (the use of “nulls” may be necessary). Another possibility is to treat “space” as just another symbol extending the plaintext and ciphertext alphabets. ORIGINAL PLAINTEXT: HERE BE DRAGONS MODIFIED PLAINTEXT: HEREB EDRAG ONSXX (X=null) ciphertext: KHUKE HGUDJ RQSAA ORIGINAL PLAINTEXT: HERE BE DRAGONS ciphertext: IFSFACFAESBHPOT
The Vigenère Tableau A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Polyalphabetic Substitution Ciphers:The Vigenère Cipher Key = king PLAINTEXT: HERE BE DRAGONS ciphertext: xwey rw qlqybhi Each character from the plaintext is enciphered using a different alphabet, which is determined by the corresponding character in the key. This is a polyalphabetic cipher. An interesting variation is autoencipherment or the autokey cipher. POSSIBLE KEY VALUES: ? WEAK KEYS: ?
Vigenère as a Stream Cipher practically since humans began writing, they have been writing in code, and ciphers have decided the fates of empires… Vigenère Tableau ciphertext …yllacitcarp …emkrwrasfgh plaintext Think of the plaintext as a stream of characters. Now, instead of repeatedly using the same key value, use a key stream, an array of characters as long as the plaintext. Encipher each character from the plaintext using the Vignere tableau with the corresponding character in the key stream. …wqtriwhgfd dfghwirtqwqqxcmloppgjlqerjimaqcxxnhlorxcqaghikplorrethudaloextgrtewcklpoasejdqqtyredkvythjeukdw… key stream
The Autokey Cipher practically since humans began writing, they have been writing in code, and ciphers have decided the fates of empires… Vigenère Tableau ciphertext …yllacitcarp …emkrwrasfgh plaintext …wqtriwhgfd Key stream:starts off with a sequence of letters, a key value used to prime the key stream. royal flags wave kings above practically since humans began writing, they have been writing in code, and ciphers have decided the fates of empires…
One Time Pads practically since humans began writing, they have been writing in code, and ciphers have decided the fates of empires… (p+k) % 26 ciphertext …yllacitcarp …emkrwrasfgh plaintext If each message is encrypted with a key stream built as a nonrepeating set of truly random letters that is used only once, we have a perfect encryption scheme. …wqtriwhgfd dfghwirtqwqqxcmloppgjlqerjimaqcxxnhlorxcqaghikplorrethudaloextgrtewcklpoasejdqqtyredkvythjeukdw… Question: If this is the perfect cryptosystem, why isn’t it used? key stream
Cryptanalysis The science of recovering the plaintext of a message without knowledge of the encryption key. Successful cryptanalysis may result in the recovery of a message or an encryption key. Definition:Compromise is the disclosure of a key without the use of any cryptanalysis. Definition: An attack on a cryptosystem is an attempt to recover plaintext or key from a collection of enciphered messages. Kerckhoffs’ Principle: Secrecy must rely solely on the encryption key (the attacker may have detailed information on the cryptographic algorithm).
Case (1): Ciphertext only attack Given the ciphertext of several messages enciphered with the same algorithm, recover the plaintext of as many messages as possible, or yet recover the key(s) used.
Case (2): Chosen Plaintext Attack Given the ciphertext of several messages enciphered with the same algorithm, and their corresponding plaintexts, the cryptanalist can choose plaintexts that get encrypted.
Case (3): Frequency AnalysisA Simple Example If bash is invoked with the name sh, it tries to mimic the startup behavior of historical versions of sh as closely as possible, while conforming to the POSIX standard as well. When invoked as an interactive login shell, or a non-interactive shell with the --login option, it first attempts to read and execute commands from /etc/profile and ~/.profile, in that order. The --noprofile option may be used to inhibit this behavior. When invoked as an interactive shell with the name sh, bash looks for the variable ENV, expands its value if it is defined, and uses the expanded value as the name of a file to read and execute. Since a shell invoked as sh does not attempt to read and execute commands from any other startup files, the --rcfile option has no effect. A non-interactive shell invoked with the name sh does not attempt to read any other startup files. When invoked as sh, bash enters posix mode after the startup files are read. PLAINTEXT:
Case (3): Frequency AnalysisA Simple Example li edvk lv lqyrnhg zlwk wkh qdph vk, lw wulhv wr plplf wkh vwduwxs ehkdylru ri klvwrulfdo yhuvlrqv ri vk dv forvhob dv srvvleoh, zkloh frqiruplqj wr wkh srvla vwdqgdug dv zhoo. zkhq lqyrnhg dv dq lqwhudfwlyh orjlq vkhoo, ru d qrq-lqwhudfwlyh vkhoo zlwk wkh --orjlq rswlrq, lw iluvw dwwhpswv wr uhdg dqg hahfxwh frppdqgv iurp /hwf/suriloh dqg ~/.suriloh, lq wkdw rughu. wkh --qrsuriloh rswlrq pdb eh xvhg wr lqklelw wklv ehkdylru. zkhq lqyrnhg dv dq lqwhudfwlyh vkhoo zlwk wkh qdph vk, edvk orrnv iru wkh yduldeoh hqy, hasdqgv lwv ydoxh li lw lv ghilqhg, dqg xvhv wkh hasdqghg ydoxh dv wkh qdph ri d iloh wr uhdg dqg hahfxwh. vlqfh d vkhoo lqyrnhg dv vk grhv qrw dwwhpsw wr uhdg dqg hahfxwh frppdqgv iurp dqb rwkhu vwduwxs ilohv, wkh --ufiloh rswlrq kdv qr hiihfw. d qrq-lqwhudfwlyh vkhoo lqyrnhg zlwk wkh qdph vk grhv qrw dwwhpsw wr uhdg dqb rwkhu vwduwxs ilohv. zkhq lqyrnhg dv vk, edvk hqwhuv srvla prgh diwhu wkh vwduwxs ilohv duh uhdg. CIPHERTEXT: (Caesar SHIFT=3)
Case (3): Frequency AnalysisA Simple Example zi fcys zy zdlwmxk rzus usx dcgx ys, zu uhzxy uw gzgzt usx yuchupo fxsclzwh wi szyuwhztcn lxhyzwdy wi ys cy tnwyxnb cy owyyzfnx, rsznx twdiwhgzda uw usx owyzv yucdkchk cy rxnn. rsxd zdlwmxk cy cd zduxhctuzlx nwazd ysxnn, wh c dwd-zduxhctuzlx ysxnn rzus usx --nwazd wouzwd, zu izhyu cuuxgouy uw hxck cdk xvxtpux twggcdky ihwg /xut/ohwiznx cdk ~/.ohwiznx, zd uscu whkxh. usx –dwohwiznx wouzwd gcb fx pyxk uw zdszfzu uszy fxsclzwh. rsxd zdlwmxk cy cd zduxhctuzlx ysxnn rzus usx dcgx ys, fcys nwwmy iwh usx lchzcfnx xdl, xvocdky zuy lcnpx zi zu zy kxizdxk, cdk pyxy usx xvocdkxk lcnpx cy usx dcgx wi c iznx uw hxck cdk xvxtpux. yzdtx c ysxnn zdlwmxk cy ys kwxy dwu cuuxgou uw hxck cdk xvxtpux twggcdky ihwg cdb wusxh yuchupo iznxy, usx --htiznx wouzwd scy dw xiixtu. c dwd-zduxhctuzlx ysxnn zdlwmxk rzus usx dcgx ys kwxy dwu cuuxgou uw hxck cdb wusxh yuchupo iznxy. rsxd zdlwmxk cy ys, fcys xduxhy owyzv gwkx ciuxh usx yuchupo iznxy chx hxck. CIPHERTEXT: (Monoalphabetic Key= random permutation of [a..z])
Case (3): Frequency AnalysisA Simple Example it oolk wm jgovotr smkv yha bmmr vv, vh muwyt mh tmbwy xys xtwffuc esuoolcl py apwicnmtoq vafeibqg bt lk om dehziam ww gcxsepxe, jkwys vrbzpkfprv hk xys uoowj sgdbqokg om xxes. awsj mejtkar ms nq wahxuowubol pduer jvjlh, cd a arb-vbmhfudmbci hvapc kntd hte --yruvb hshcpg, ba jxfox rhyeidfs gr frow dbx fqxjyis ysdafnzg rrbp /sgq/iuczjex hrs ~/.dnswwqe, eb fhnw cerxu. hbf --ghwvdtepv cutecz mnb pr ilhr np bgomqwp xywx bavmvvrf. jvxq whwhdlh pg wr zbyenootvys fvxoz qjma alt bwqv gm, bwgt lbryf thu hbf otympphi vba, etdmnqv wgg odzof by px xg ziwwsez, ozd hvsf hah srqtgkis jwpls fs pvq nnps bt t iwff mh yipr wru sceyife. flbps t vvyme buzdyah rg xh zcqs arh nhmhaju mh yipr wru sceyife prazoggg zshf hrn cplvf xtwffuc iwysl, wvy --svyppt clxzcs hwg zo ritrqm. d bio-bgaigoyxzjj sdsxl vqjbyxg kcua moi coii jv ioag zog dhgsfsh np kxhh pbu skvjr ohmrgxd swehg. qixg prkcgiu ox sd, pmsu hbgskv ditbq tsss wjksw tds etnuhhd ylzyt tkl vtoz. CIPHERTEXT: (Vigènere Key=donotdoubtthepowerofawoman)
Case (4): Rubber hose cryptanalysis - Sometimes, it may be much easier to obtain encryption keys by means of threats, torture, blackmail, espionage, etc. Since the human element may be considered the weakest link in the chain that security is built on, it may be the easiest to break.
Ciphertext-Only Attack by Frequency Analysis English Language (Sources: “Moby Dick”, by Herman Melville and “The Picture of Dorian Gray”, by Oscar Wilde)
Ciphertext-Only Attack by Frequency Analysis English Language Caesar Cipher
Ciphertext-Only Attack by Frequency Analysis English Language Multiplicative Cipher k=11
Ciphertext-Only Attack by Frequency Analysis English Language Affine Cipher k=(m=11,a=5)
Ciphertext-Only Attack by Frequency Analysis Multiplicative Cipher k=11 Affine Cipher k=(m=11,a=5)
Additional Statistics(Sources: “Moby Dick”, by Herman Melville and “The Picture of Dorian Gray”, by Oscar Wilde) ING 14442 THE 9619 HAT 7309 THA 6487 HER 6063 ERE 5911 TER 4821 THI 4308 VER 4214 ENT 4174 ITH 3918 WIT 3663 GHT 3254 WHA 3173 HIN 3118 ION 2993 OME 2984 EVE 2947 EAR 2907 AIN 2891 INT 2834 AVE 2823 OUL 2811 HOU 2800 ESS 2756 IGH 2756 NCE 2755 TED 2728 HEN 2690 ULD 2578 THER 4412 OULD 2578 IGHT 2383 HERE 2332 THIN 2192 TION 2114 HING 2084 OUGH 1910 WHAL 1712 EVER 1629 HALE 1596 TING 1499 RING 1340 THOU 1298 ERED 1257 WOUL 1239 LING 1226 NING 1225 OUND 1185 OTHE 1175 KING 1067 ANCE 1060 SELF 1031 ERIN 1022 MENT 1016 DING 998 EATH 992 ATHE 986 ATIO 984 NDER 977 Repeated LettersTextbook: SS, EE, TT, LL, MM, OOTotal letters in text: 1764911A 10B 517C 612D 741E 7506F 1876G 452H 5I 52K 3L 10374M 908N 1085O 5514P 1607R 2040S 4766T 2801U 1X 21Z 66 TH 52563 HE 44727 ER 29017 IN 28537 AN 27957 RE 23086 HA 21373 ND 21089 ED 19388 OU 19306 NG 17848 HI 17183 AT 16986 EN 16622 ON 15453 ST 14235 AR 14030 TE 13669 LE 13419 ES 13348 OR 13327 SE 12663 IS 12375 EA 12333 AL 11941 VE 11308 AS 10470 LL 10374 NE 10348 NT 10292 Most repeated letters digrams trigrams 4-grams
Limitations of Frequency Analysis Mr. Zoliparia laffs. Whare did u get yoor litl pal? he askz. She crold out thi woodwurk, I sez, n he laffs agen an Im evin moar embrasd n getting qwite swety now. Dat dahn ant! Makin a full ov me. N makin mah fais awl beeg an bloted in dat bust shees wukin on now n stew not going bak in hir box Ither. This is a slightly modified passage from Feersum Endjinn, by Iain M. Banks Is it possible to write mangled but understandable English (or any other language) and purposefully alter the relative frequencies of individual characters and perhaps even of digrams, trigrams, etc? Is it possible to write large chunks of text avoiding one specific letter? Ultimately, what we are asking ourselves is: can we create plaintext that distorts the language signature so much that it makes ciphertext frequency analysis hard? Does frequency analysis work on short texts? How large do texts need to be for it to work well?
Breaking VigenèreFrequency Analysis Ideally, a cipher would completely flatten the single letter frequencies bars. The Vigenère cipher doesn’t quite meet this goal, but it does a better job than other ciphers we’ve seen. Now, what?
Breaking Vigenère Assume that the ciphertext has n symbols. We can now define an Index of Coincidence, a metric that tells us the probability that two letters randomly chosen from a text are identical:
Breaking Vigenère The Friedman Test For a monoalphabetic cipher: IC = 0.066. Given a ciphertext, compute its IC. If it is near 0.066, the cipher is probably monoalphabetic. If it is much smaller than 0.066, the cipher is probably polyalphabetic. From the IC, you can also determine the length of the key word. Another helpful tool in this test is the Kasiski test.
Breaking Vigenère The Kasiski Test • Find groups of symbols that appear repeatedly in the ciphertext. • Count the number of symbols between the repetitions (you’re computing the distance between repetitions). • Find the prime factors of the numbers discovered above. • The most common factor is likely to be the length of the keyword.
Polyalphabetic Substitution Ciphers:The Nihilist Cipher Take plaintext and convert it to numbers using the square: “stop that” 44 45 41 15 45 32 13 45 key2 plaintext ciphertext Encipherment: Polybius Square key1=example Decipherment: Look up the number in the Polybius square to recover each plaintext symbol. Choose a second key: key2=next 35 11 12 45 Note that the key2 is converted to numbers using the square.
Polygraphic Substitution Ciphers:The Playfair Cipher First step: Condition the text by replacing all occurrences of “j” with “i”. Second step: Divide the plaintext into pairs. Where there are double letters, separate them with an “x”. Add a “z” to the final text if the last group has a single letter. Example: “LORD GRANVILLE” becomes “ lo rd gr an vi lx le sl et te rz.” Third step: Encipher the plaintext one pair at a time. If the two letters are in the same row or column, replace them by the succeeding letters (“AM” becomes “le”). If the two letters stand at the corners of a rectangle in the table, replace them with the letters at the other two corners (“LO” becomes “mt”). Sir Charles Wheatstone, 1854 Key = palmerston
Polygraphic Substitution Ciphers:The Hill Cipher Works on a block of m plaintext symbols to produce a block of m ciphertext symbols. Say we choose m=3. Encipherment: Decipherment: This only works if the key matrix K has an inverse K-1.
Secret Writing Codes Steganography Ciphers Public Key Symmetric Key Unkeyed Classical Stream Block Caesar Transposition Substitution Monoalphabetic Polyalphabetic Rotor Nihilist Vigenère Autokey Polygraphic Additive Multiplicative Affine Random Multiliteral Homophonic Hill Playfair
A Simple Transposition Cipher • The “key” information for enciphering and deciphering is: • number of rows • number of columns • write in order • take off order take off (rows) write in (columns)
A Simple Transposition Cipher PLAINTEXT:…EVENTHOSETHATAREBORNINENGLANDBECOME… ciphertext: …esrndveeebetbnenhogctarlohtnamoaine… • Questions: • Can frequency analysis help one break a transposition cipher? • What is the effect of transposition on the encipherment?
Transposition as a Block Cipher(The Permutation Cipher) plaintext cipher text practica llysince humansbe ganwriti ngtheyha vebeenwr itinginc odeandci phershav edecided thefates ofempire s… patcrcia lyiclsne hmnbuase gnrtawii ntehghya vbeweenr itinginc oencdadi pesahrhv eeiedcdd teaehfts oeprfmie s… permutation 8-letter blocks 8-letter blocks Question: Is there anyone good with anagrams in this class?
A Simple Transposition Cipher • The “key” information for enciphering and deciphering is: • number of rows • number of columns • write in order • take off order take off (rows) write in (columns)
The Column Permutation Cipher PLAINTEXT:…EVENTHOSETHATAREBORNINENGLANDBECOME… 7 rows ciphertext: …esrndveeebetbnenhogctarlohtnamoaine… 5 rows • Questions: • Can frequency analysis help one break a transposition cipher? • What is the effect of transposition on the encipherment?
Breaking Column Permutation The length of ciphertext must be equal to the product of the number of rows and the number of columns. If the plaintext was shorter, it must have been “padded”. How can we factor the length of the ciphertext? This will give you RxC or CxR rectangles. Each line in the correct rectangle must look like understandable plaintext. Any line of English must have about 40% vowels.
What Makes a “Good” Cipher?(Claude Shannon 1946) • The level of secrecy justifies the effort that should used for encipherment and decipherment. • The key length should be only as large as necessary be, but not larger. • Encipherment and decipherment should be as simple as possible for the sake of performance (time) and accuracy. • Error propagation should be minimized. • Expansion of the message size should be avoided.
A Little Experiment Any one of the ciphers we’ve seen alone is well understood and easy to break (except for the one-time pad, of course). Do you think that you could create a stronger cipher by combining different simple ciphers? • What would be the key space for your cipher? What, if any, would be weak key values? • How would it affect the frequencies of single letters, digrams, trigrams, etc? What kind of evidence would you present to show the strength of your cipher to frequency analysis? • Would the concept of multiple rounds help strengthen your cipher? How would you generate keys for each round from one single key?
References • Cryptological Mathematics, Robert E. Lewand. The Mathematical Association of America, 2000. • Cryptanalysis, Helen Fouché Gaines. Dover Publications, Inc., 1939. • The Code Book, Simon Singh. Anchor Books, 1999. • Classical and Contemporary Cryptology, Richard J. Spillman. Prentice Hall, 2005.