510 likes | 652 Views
History and Background. CSIS 5857: Encoding and Encryption. Why is History Important?. Most modern encryption algorithms based on concepts hundreds/thousands of years old Monoalphabetic substitution Polyalphabetic substitution Transposition Most attacks on encryption also very old
E N D
History and Background CSIS 5857: Encoding and Encryption
Why is History Important? • Most modern encryption algorithms based on concepts hundreds/thousands of years old • Monoalphabetic substitution • Polyalphabetic substitution • Transposition • Most attacks on encryption also very old • Exhaustive search • Cryptographic analysis
Substitution Algorithms Mapping of plaintext to ciphertext • Can be single character mapping (historical)A G • Can map entire blocks of plaintext (modern block ciphers)1001011001111100 0110101011100011
Substitution Algorithms Mapping must be unique for decryption to work! Encryption: A GB G Decryption: G A or B ? Side Point
Substitution Algorithms • Mapping often involves translating characters to numeric values • Encryption/decryption functions in terms of mathematical functions Side Point
Caesar Cipher • Key k: number between 1 and 25 • Example: k = 3, p = RUNAWAYE(RUNAWAY) UXQDZDBD(UXQDZDB) RUNAWAY
Exhaustive Key Search Testing all possible keys Algorithm: • Given ciphertext c • For all keys ki • Compute pi= D(c, ki ) • If pi is recognizable plaintext, then ki is correct Time proportional to number of possible keyski
Defining “Secure” Encryption Computationally Secure • Cost of breaking cipher > value of encrypted information • Time required to break cipher > useful lifetime of encrypted information Cipher is “practically” unbreakable
Defining “Secure” Encryption Problem: impossible to perfectly quantify! • Computers get faster every dayMoore’s law: speed doubles every 1.5 years • Example: DES cipher with 56 bit key • Computationally secure (1142 years) at 1 test/millisecond • Not secure (10 hours) at 1 million tests/millisecond
Caesar Cipher and Exhaustive Search Only 26 possible keys to test! Ciphertext: UXQDZDB Key: Resulting Plaintext: 1 TWPCYCA2 SVOBXBZ3 RUNAWAY recognizable plaintext4 QTMZVZX Clearly not computationally secure!
Side Point This requires plaintext to be recognizable! Ciphertext: NMIXE Key: Resulting Plaintext: 1 ONJYF2 POKZG3 QPLAH plaintext in Klingon! Examples: • Navajo “windtalkers” (WW2) • Compressed text • Text in form of image… Can still defeat with chosen plaintext attack • Encrypt known plaintext
Monoalphabetic Substitution • Each plaintext character has corresponding ciphertext character • No pattern (unlike Caesar cipher) Example: “runaway” “HJGNPNS”
Monoalphabetic Substitution • Key = substitution table itself • Number of possible keys = 26! 400,000,000,000,000,000,000,000,000 • Computationally secure to exhaustive search(at least without a computer)
Known Plaintext Attack • Adversary has access to a number of: • plaintext messages • corresponding ciphertext messages • Searches for relationship between plaintext and ciphertext that might reveal key • Security defined in terms of number of known plaintexts needed to guess key ciphertexts plaintexts
Known Plaintext Example • Darth get gets data entry job at organization • Observes how encrypted database changes as new records entered • Single known plaintext sufficient to break simple substitution algorithm! E p c
Chosen Plaintext Attack • Adversary has hypothesis about key khypothesis • Adversary chooses plaintext p to test hypothesis • If resulting ciphertext cmatches what would be result of encryption with khypothesis, then khypothesis is correct hypothetical key E p compare E actual (unknown) key
Chosen Plaintext Example World War II • Hypothesis:Japanese code for “Midway Island” = “AF” • Test:Plaintext message transmitted that “Midway Island running short of water” • Result:Increased message traffic containing “AF”-- Hypothesis confirmed!
Cryptanalysis Attacks • Based on knowledge • Properties of the encryption algorithm • Properties of the likely plaintext • Often combined with exhaustive search • Knowledge eliminates most possible keys • Search now feasible for few remaining keys Eliminated by cryptanalysis All possible keys Remaining keys Search feasible
Frequency-based Analysis Some letters much more common than others
Frequency-based Analysis Example ciphertext: “PCRGFNICRAYJHVRYICJQNGRSRGIV” Letter frequencies: Hypothesis: “e” “R”
Frequency-based Analysis • Some combinations of letters much more common than othersExample: “e” often followed by “n” Example ciphertext (after “e” substituted for “R”): “PCeGFNICeAYJHVeYICJQNGeSeGIV” • “G” second most common letter • Follows “e” twice Hypothesis: “n” “G” “PCenFNICeAYJHVeYICJQNneSenIV”
Frequency-based Analysis • Knowing part of key in monoalphabetic substitution makes it easier to guess the rest of the key • Very bad property of an encryption algorithm! Side Point “I can only see part of the key, but it is easy to guess the rest!”
Frequency-based Analysis • Success of frequency-based analysis increases with more text • Single long ciphertext • Multiple ciphertexts encoded with same key • General property of cryptanalysis • Should change key as often as possible! Side Point ciphertexts
Polyalphabetic Substitution • Single plaintext character may map to multiple possible ciphertext characters • Frequency analysis attacks much harder Example: Vigenére cipher • Key = some word or phrase of length n • ci = (pi + ki mod n) mod 26
Vigenére cipher Example: • Key: “python” • Plaintext: “rabbitwithbigpointyteeth” Ciphertext:
Polyalphabetic Substitution • Vigenére cipher still vulnerable to frequency-based cryptanalysis • Guess key size n • Treat like n different monoalphabetic substitutions • General principle:Larger n more secure (that is, number of characters before repetition)
Enigma • Developed by Germany in WW2 • Arguably most complex pre-computer substitution cipher Flash simulation at http://enigmaco.de/enigma/enigma.html
Enigma • Consists of 3 to 5 rotors • Each rotor is a monoalphabetic mapping of a plaintext character to a ciphertext character • Output of one rotor fed into input of next rotor so final output the result of 3 to 5 monoalphabetic substitutions • Rotors turn after each character! • Fast rotor: every character • Middle rotor: every 26 characters • Slow rotor: every 26 x 26 = 676 characters
Enigma • “C” typed as first character: • “C” connected to 26 on fast rotor • 26 connected to 7 on middle rotor • 7 connected to 20 on slow rotor • 20 connected to “E” (then reflected back through) • “C” typed as second character (after fast rotator turns one character): • “C” connected to 25 on fast rotor • 25 connected to 23 on middle rotor • 23 connected to 9 on slow rotor • 9 connected to “O” (then reflected back through)
Enigma • 26 x 26 x 26 = 17,576 characters entered before repetition • Essentially invulnerable to frequency-based cryptanalysis (particularly if rotors changed at regular intervals) • Required Alan Turing’s Bletchley Group to crack • Captured machines to understand patterns • Large numbers of known plaintexts • Exhaustive searches using primitive computers
One-Time Pad • Idea: Make key as long as the message itself!(Joseph Mauborgne) • Unconditionally securesince inherently ambiguous for attacker
One-Time Pad Example: • Ciphertext:NZAKBMK • Possible Vigenére keys:wtnkxmmandnlvwkerCiphertext: NZAKBMKNZAKBMKPossible keys: nlvwkerwtnkxmmPlaintext: goforit runaway • Which key is correct?We have no way of knowingsince both are plausible plaintext! ???
One-Time Pad Only get to use a key for one message • Unlikely that different possible keys would still both result in plausible plaintext for more than one message • Adversary could find correct key by process of elimination Ciphertext:WMGKZX WMGKZX Possible keys:nlvwke wtnkxm Plaintext:jblopt attack • Would need to securely distributea new key for each message! “This is the one!”
Transposition Cipher • Ciphertext = Permutation of plaintext • Simple example:runaway r n w y u a a rnwyuaa • Key = permutation order Above example: 1357246
Column Transposition Ciphers • Common approach: columns • Example:Plaintext: longlongagoinagalaxyfarawayKey: 5241763 (size n of key = 7 columns)5241763longlongagoinagalaxyfarawayx Break plaintext into rows of size n of key Insert extra chars to fill columns
Column Transposition Ciphers 5 2 4 1 7 6 3l o n g l o ng a g o i n ag a l a x y fa r a w a y x • For column with label i: • Append contents of column i to ciphertext • Resulting ciphertext:goawoaarnafxnglalggaonyylixa This column first This column second, and so on
Column Transposition Ciphers • Decryption: • Divide ciphertext into n strings • Arrange strings into columns, with order of columns determined by key goawoaarnafxnglalggaonyylixa 5 2 4 1 7 6 3l o n g l o ng a g o i n ag a l a x y fa r a w a y x
Attacks on Transposition Ciphers • Brute force: Trying all possible permutations • Key of size n n! possible keys • Solution: Choose key such that n! tests is computationally secure • Cryptographic attacks: • Eliminate column pairs with unlikely adjacent letters l i x a n a f x
Attacks on Transposition Ciphers • Can apply transposition multiple times with same key to defeat cryptographic attacks • Example:Ciphertext after first permutation:goawoaarnafxnglalggaonyylixaCiphertext after second permutation:wfglonayagoaaalygrnlanaxoxgi 5 2 4 1 7 6 3g o a w o a a r n a f x n g l a l g g a o n y y l i x a
Using Multiple Keys • Important question:Does using multiple keys always make encryption more secure? • Brute force attacks • Cryptographic attacks • Mathematically:C = E(E(p, k1), k2)Is this more secure than C = E(p, k1)?
Using Multiple Keys Only if: • Using multiple keys greatly increases the number of possible ciphertexts • Applying multiple keys is not equivalent to applying a single keyNo k3 such that E(E(p, k1), k2) = E(p, k3) After applying K1 and K2 Possible ciphertexts Possible ciphertexts After applying K1
Using Multiple Keys • Example: Caesar cipher with 2 keysK1 = 3K2 = 8 • Equivalent to single key K3 = 11 • Still only 26 possible mappings from P to C • Example: Transposition cipher with 2 keys K1 = 5241763K2 = 7325641 • Equivalent to single key K3 = 6357142 • Still only 7! possible mappings from P to C No more secure in either case!
Avalanche Effect Small change in key Large change in ciphertext • Desirable property of cipherKnowing some of key rest of key still hard to find • Not a property of substitution ciphers • Property of transposition ciphers(particularly if applied multiple times)
Avalanche Effect Example: two similar keys applied twice • plaintext = longlongagoinagalaxyfaraway • k1 = 5241763ciphertext = wfglonayagoaaalygrnlanaxoxgi • k2 = 5421763ciphertext = wfglaalylaoaonrygaangoaxnxgi • Already different in 14 of 28 characters
Substitution and Transposition • Most modern ciphers combine substitution and transposition • Substitution gives large number of possible keys to defeat brute force attacks • Transposition gives avalanche effect to defeat cryptographic attacks