You are on page 1of 8

Department of Software

The University of Babylon

LECTURE NOTES ON Cryptographic Primitives & Requirements of Cryptosystems


By Dr. Samaher Hussein Ali
College of Information Technology, University of Babylon, Iraq Samaher_hussein@yahoo.com

10/24/2012

Cryptographic Primitives
There are a number of basic cryptographic tools (primitives) used to provide information security. Examples of primitives include encryption schemes, hash functions, and digital signature schemes. The figure in below provides a schematic listing of the primitives considered and how they relate.

10/24/2012

Dr. Samaher Hussein Ali

Notes of Lecture 5

Cryptographic Primitives
These primitives should be evaluated with respect to various criteria such as: 1. Level of Security. This is usually difficult to quantify. Often it is given in terms of the number of operations required (using the best methods currently known) to defeat the intended objective. Typically the level of security is defined by an upper bound on the amount of work necessary to defeat the objective. This is sometimes called the work factor. 2. Functionality. Primitives will need to be combined to meet various information security objectives. Which primitives are most effective for a given objective will be determined by the basic properties of the primitives. 3. Methods of Operation. Primitives, when applied in various ways and with various inputs, will typically exhibit different characteristics; thus, one primitive could provide very different functionality depending on its mode of operation or usage. 4. Performance. This refers to the efficiency of a primitive in a particular mode of operation. (For example, an encryption algorithm may be rated by the number of bits per second which it can encrypt.) 5. Ease of implementation. This refers to the difficulty of realizing the primitive in a practical instantiation. This might include the complexity of implementing the primitive in either a software or hardware environment.
10/24/2012

Dr. Samaher Hussein Ali

Notes of Lecture 5

Requirements of Cryptosystems
1. 2. 3. 4. 5. 6. 7. 8. 9. The encryption and decryption transformation must be efficient for all keys. The system must be easy to use The security of the system must depend only on the secrecy of the key and not on the secrecy of the algorithm encryption /decryption) It should be computationally infeasible1 for a cryptanalyst to determine the deciphering transformation from intercepted ciphertext , even if the corresponding plaintext is known. It should be computationally infeasible for a cryptanalysis to determine the plaintext from interpreted cipher text In addition to providing confidentiality, cryptography is often asked to do other jobs. Authentication: it should be possible for the receiver of a message to ascertain its origin. Integrity: it should be possible for the receiver of a message to verify that it has not been modified in transmits. No repudiation: a sender should not be able to falsely deny later that he/she sent a message.

10/24/2012

Dr. Samaher Hussein Ali

Notes of Lecture 5

Methods of Cryptanalysis
Cryptanalysis is the study of mathematical techniques for attempting to defeat cryptographic techniques. Cryptanalysis is the science of analyzing and breaking secure communication. Classical cryptanalysis involves an interesting combination of analytical reasoning, application of mathematical tools, pattern finding, patience, determination, and luck. Cryptanalysts are also called attackers. History of Cryptanalysis Cryptanalysis has coevolved together with cryptography, and the contest can be traced through the history of cryptography new ciphers being designed to replace old broken designs, and new cryptanalytic techniques invented to crack the improved schemes . In practice, they are viewed as two sides of the same coin: in order to create secure cryptography, you have to design against possible cryptanalysis. Although the actual word "cryptanalysis" is relatively recent (it was coined by William Friedman in 1920), methods for breaking codes and ciphers are much older. The first known recorded explanation of cryptanalysis was given by 9th-century Arabian polymath, Al-Kindi (also known as "Alkindus" in Europe), in A Manuscript on Deciphering Cryptographic Messages.

10/24/2012

Dr. Samaher Hussein Ali

Notes of Lecture 5

Classical Cryptanalysis
Frequency analysis is the basic tool for breaking most classical ciphers. In natural languages, certain letters of the alphabet appear more frequently than others; in English, "E" is likely to be the most common letter in any sample of plaintext. Similarly, the digraph "TH" is the most likely pair of letters in English, and so on. Frequency analysis relies on a cipher failing to hide these statistics. For example, in a simple substitution cipher (where each letter is simply replaced with another), the most frequent letter in the ciphertext would be a likely candidate for "E". Beker and Piper partition the 26 letters into five groups as follows: 1. 2. 3. 4. 5. E, having probability about 0.120 T, A, O, I, N, S, H, R, each having probabilities between 0.06 and 0.09. D, L, each having probabilities around 0.04. C, U, M, W, F, G, Y, P, B, each having probabilities between 0.015 and 0.028. V, K, J, X, Q, Z, each having probabilities less than 0.01.

Steps in Cryptanalysis The solution of nearly every cryptogram involves four basic steps: 1. Determination of the language used. 2. Determination of the general system used. 3. Reconstruction of the specific keys to the system. 4. Reconstruction of the plaintext.

10/24/2012

Dr. Samaher Hussein Ali

Notes of Lecture 5

Types of Cryptanalytic Attack


The objective of the following attacks is to systematically recover plaintext from ciphertext, or even more drastically, to deduce the decryption key. 1. A ciphertext-only attack is one where the adversary (or cryptanalyst) tries to deduce the decryption key or plaintext by only observing ciphertext. Any encryption scheme vulnerable to this type of attack is considered to be completely insecure. 2. A known-plaintext attack is one where the adversary has a quantity of plaintext and corresponding ciphertext. This type of attack is typically only marginally more difficult to mount. 3. A chosen-plaintext attack is one where the adversary chooses plaintext and is then given corresponding ciphertext. Subsequently, the adversary uses any information deduced in order to recover plaintext corresponding to previously unseen ciphertext. 4. An adaptive chosen-plaintext attack is a chosen-plaintext attack where in the choice of plaintext may depend on the ciphertext received from previous requests. 5. A chosen-ciphertext attack is one where the adversary selects the ciphertext and is then given the corresponding plaintext. One way to mount such an attack is for the adversary to gain access to the equipment used for decryption (but not the decryption key, which may be securely embedded in the equipment). The objective is then to be able, without access to such equipment, to deduce the plaintext from (different) ciphertext. 6. An adaptive chosen-ciphertext attack is a chosen-ciphertext attack where the choice of ciphertext may depend on the plaintext received from previous requests.

10/24/2012

Dr. Samaher Hussein Ali

Notes of Lecture 5

Attacks on the Simple Substitution Cipher


The general strategy with the two substitution ciphers is to substitute symbols from the plaintext alphabet with different symbols from the ciphertext alphabet(s). The weakness with this strategy is that character frequency distributions are not significantly altered by the encryption process. Thus, most attacks on substitution ciphers attempt to match the character frequency statistics of the encrypted message with those of some known language (for example, English). Character frequency statistics (or ngrams) indicate the frequency distribution of all possible instances of n adjacent characters (for example, THE is a very common 3-gram (or trigram) in the English language). The attack on the simple substitution cipher is particularly simple since the frequency of any n-gram in the plaintext (or unencrypted) message will correspond exactly to the frequency of the corresponding encrypted version in the ciphertext. A major factor influencing the success of an attack on the simple substitution cipher (or any cipher where the attack is based on n-gram statistics of the language) is the length of the intercepted cipher text message which is being cryptanalysed. The amount of cipher text required in order to recover the entire key (with a high degree of certainty) varies depending on the type of cipher.

10/24/2012

Dr. Samaher Hussein Ali

Notes of Lecture 5