560 likes | 737 Views
Encryption - I. Definitions. Plaintext: easy to understand form (original message) Ciphertext: difficult to understand form Encryption: encoding (plaintext -> ciphertext) Decryption: decoding (ciphertext -> plaintext) Cryptology: study of encryption Cryptography: use of encryption
E N D
Definitions • Plaintext: easy to understand form(original message) • Ciphertext: difficult to understand form • Encryption: encoding (plaintext -> ciphertext) • Decryption: decoding(ciphertext -> plaintext) • Cryptology: study of encryption • Cryptography: use of encryption • Cryptanalysis: breaking encryption
Cryptanalysts Role • Break single message • Recognize patterns to create decryption method • Find general weakness in encryption algorithm
Breakable Encryption • Feasible given time and data • Brute force usually impractical • Estimates based on current technology • Just because the underlying scheme is based on a 'hard' problem doesn't mean that the cryptanalyst will attempt to solve it that way
Cryptanalyst’s tools • Letter frequency data • Prefix/suffix lists • Letter pair/triple lists • Common pattern lists
Encryption Algorithm • Transformation: C=E(P) P=D(C) P=D(E(P)) • Keyed – adds security even if algorithm is known Symmetric: C=E(k,P) P=D(k,C) Asymmetric: C=E(k1,P) P=D(k2,C)
Character Representation • Enumeration – cyclic • Y+3=B (24+3=1 with wrapping) • Modulus Arithmetic • 0 mod 26 = 0 • 1 mod 26 = 1 • 26 mod 26 = 0 • 27 mod 26 = 1
Caesar Cipher • Julius Caesar – Gallic Wars • Shift of three characters • P= “PROFESSIONAL COURTESY”C=“SURIHVVLRQDO GRXUWHVB” • Easy to use in the field • Pattern is easy to spot and break
Cryptanalysis of Caesar Cipher • Obvious break between words • Double letters easy to spot • Repeating letter patterns • Small words easy to peg • C=“WKLV LV WRR HDVB” THIS IS TOO __S_ small words THIS IS TOO EASY spot shift of 3
Keyed Monoalphabetic Ciphers • Key Permutation (key has no repeating letters) • Multiplicative Modulus (key is multiplier) • f(i) = (3*i) mod 26 • f(‘K’) = 3*10 mod 26 = 4 = ‘E’
Monoalphabetic Ciphers • Can be done by direct table lookup (easy in field) • Time to encrypt/decrypt varies directly with length • Betrayed by letter frequencies
Example • Ciphertext:HQFUBSWLRQLVDPHDQVRIDWWDLWLWJVHFXUHFRPSXWDWLRQRYHULQVHFXUHFKDQQHOVEBXVLQJHQFUBSWLRQZHGLVXLVHWHKPHVVDJH • Plaintext:ENCRYPTIONISAMEANSOFATTAINGSECURECOMPUTATIONOVERINSECURECHANNELSBYUSINGENCRYPTIONWEDISGUISETHEMESSAGE
Letter Frequencies • English vowel frequencies • Ciphertext frequencies (104 letters)
Cryptoquote • ZJ ZJZON CZYYZQP VKQVYK LDN D JQQYZLRORZPE, ZP ZL LOZYY D JQQYZLR ORZPE. -- DPDOQYK JADPIK • Sept 11, 2003 Pittsburgh Tribune-Review
Security of Monoalphabetic Ciphers • Are they secure? • 26! Possible ciphers • Modern computers – 10 years to brute force • NO! In long message letter frequencies betray text
Meaningful Observations • An encryption based on a hard problem is not secure just because of the difficulty of the problem • An encryption algorithm must be regular-- this is its weakness • A security measure must be strong enough to keep out the attacker only for the life of the data
Polyalphabetic Ciphers • Flatten frequency distributions • Conceal letter pairs • Conceal prefixes/suffixes • Example: (using multiplicative modulus)Odd positions use: f(i)=(3*i) mod 26Even positions use: f(i)=((5*i)+13) mod 26
Using Vigenere Tableaux One method: • Choose a key • Break text into groups of five characters • Write key in repeating fashion • Use letter of key to establish column • Use letter of plaintext to establish row • Encrypt by using intercept of row and column • Decrypt by finding row with ciphertext in column
Vigenere Example • Enciphering “Tale of Two Cities” using Key of “DICKENS”
Cryptanalysis of Polyalphabetic Ciphers • Appears to be more secure • More complex, but not immune from breaking • Two tools: • Kasiski Method • Index of coincidence
Repeated Patterns • English has regularities (letters, letter groups, words) that repeat • Observations: • If code uses n alphabets in cyclic rotation, and if a particular letter sequence appears k times in the plaintext, it will be encoded approximately k/n times from the same alphabet • If letter sequence is encoded the same way twice, key must have gone through a whole number of rotations and be back at the same point • Distance between repeats is multiple of key length
Kasiski Method • Identify repeated patterns of three or more letters • Jot down starting position of each instance • Compute difference between starting points • Determine all factors of each difference • Key length is one of these factors
Example of Kasiski Method • Observe “itwasthe” is encrypted with the key “nsdicken” three times Start Distance Factors • --- --- • 63 (83-20) 3,7,9,21,63 • 21(104-83) 3,7,21 • length(“dickens”)=7
Index of Coincidence • Measure of variance between frequencies in distribution • Divide message into pieces enciphered with same alphabet • Measure variance of frequencies in distribution • If measure approximates English alphabet, guess of number of alphabets is supported
Perfect Cipher • Flatten distributions to 0.038 • Very large number of alphabets – one time pad • Large non-repeating keys on a pad • Each different, each used once and discarded • Problems: Printing, distribution, storage
Vernam Cipher • Use long nonrepeating sequence of numbers combined with plaintext • Ciphertext does not give away key • Method • Use binary of P • Xor binary of random number • Produces binary cipher text 1 0 1 1 0 1 1 0 1 1 1 1 0 0 0 0 1 0
Cracking Random Numbers • Computers use algorithms to create ‘random’ numbers • Multiplicative modulusri+1 = (a*ri+b) mod na, b, n carefully chosen; ri is initially seed • Advantage: can reproduce series • Disadvantage: long enough series may reveal seed, a, b, n
Known-Text Attacks • Messages don’t have arbitrary content • Memo, Subject, To, From, Date, • Sender’s name, Receiver’s name • Organizational terms • May also have messages where entire text is known • By comparing ciphertext with known plaintext, can find patterns in encryption
Transposition Ciphers • Don’t substitute characters, permute them • Spartans used rods of fixed diameter and strips of parchment • Write across the wrappings • Read ciphertext along the wrappings • (works great with #2 pencils) • In modern terms, use a matrix
Columnar Transposition Ciphers • Key is number of columns in matrix, order of columns • Ciphertext: TSHAI HAORT IGWTI SEARO ITCAN SOONW ASLSO MHUPR EOMOK SWNSS
Analysis of Columnar Transposition • Simple, but effective • Work per character is constant, total proportional to message length • Requires whole message in encryption buffer • Letter frequency looks like monoalphabetic cipher • Use digram and trigram frequency tables
Breaking Columnar Transposition • Problem: Which columns areadjacent • Break into strips and look for digrams & trigrams
Double Transpositions • Use two columnar transpositions – one after the other, different numbers of columns • First transposition breaks up doubled letters • Second transposition breaks up short strings and reinforces first transposition • Still monoalphabetic letter frequency • More difficult to decrypt
Combination Ciphers • Mix substitution and permutation ciphers • Substitution for confusion of information • Permutation for diffusion of information • Done right, each supports the other • All modern ciphers are combinations
Answer to Cryptoquote • IF FIFTY MILLIONPEOPLE SAY A FOOLISHTHING, IT IS STILL A FOOLISH THING.-- ANATOLE FRANZE
Automated Ciphers • Stream Ciphers: encrypt data as it comes • fast • low error propagation • information not diffused • susceptible to modification and insertion • Block Ciphers: encrypt data in fixed-size blocks • Slower • Larger error propagation • Information may be diffused • harder to modify or insert into blocks
Data Encryption Standards • 1972 – NBS issues call for proposals • 1974 – IBM responds with “lucifer” (DEA) • 1976 – DES adopted • 1986 – DES re-certification denied • 1997 – NIST issues call for AES proposals • 1999 – 5 submissions selected as finalists • 2001 – Rijndahl algorithm selected
DES Overview • Combination cipher • 16 rounds of combined substitution and transposition • Plaintext encrypted in 64-bit blocks • Keys are 56 bits long (plus 8 error bits) • Uses only arithmetic and logical operations on 64-bit numbers
DES Modes All modes: same key and algorithm encrypts and decrypts • ECB – Electronic code book / Native mode • CBC – Cipher-block chaining • OFB – Output feedback • CFB – Cipher feedback
DES Algorithms • Crypting algorithm – method of encryption or decryption • Key scheduling algorithm – method of generating pieces of key needed for each round of crypting algorithm • Parts: • Permutation boxes (p-boxes) • Substitution boxes (s-boxes) • exclusive OR (x-or)
Permutation Boxes • Used as invertible initial and final disguise of information • Fixed permutations at binary level
Substitution Boxes • Confusion and non-linearity • Interpret bits as numbers, pull replacement from table • 6-bit input, 4-bit output • first and last bit pick row of table • middle four bits pick column of table • elements of table are 4-bit numbers • Not invertible • Rationale for values is still secret
DES Cycle • Crypting algorithm feeds 32 bits to cycle • Subject block to Permutation Expansion, converting 32 bits to 48 bits • XOR expanded block with 48 bits from key to make pre-S block • Apply S box • Break pre-S block into 8 six-bit chunks • Process each chunk through s-box in parallel • Result is 32-bit post-S block • post-S fed into final permutation to produce 32-bit cycle result
Crypting Algorithm • Input 64 bits of plaintext • Rearrange by initial permutation p-box • Split block • two 32-bit halves (left and right) • save copy of right half as R0 • leave left half alone • Feed right to DES Cycle • XOR left with cycle result to be new right • R0 becomes new left • Repeat 3-6 sixteen times • Submit final block to inverse of initial permutation
Key Scheduling Algorithm • Combination of shifts and permutation • Shifts are determined from table • Permutation selects 48 of 56 bits • Produces 16 different slices from key • Slices are normally computed before crypting
DES Weaknesses • Brute force attacks somewhat practical • Error affects entire block • Must use feedback modes or each block encrypted in same way • Weak key produces trivial breaking
DES DES-1 DES k1 k2 k1 Alternatives to DES • Triple DES • Third party encryption (Blowfish, IDEA) • AES