Cryptography

Dr. Irfan Rafique

1
 Cryptography means "secret writing“

Cryptosystem Cryptography

Cryptanalysis
Cryptosystem Cryptography

Cryptanalysis

Cryptanalysis is the breaking of codes

Cryptosystem Cryptography

Cryptanalysis

Cryptanalysis is the breaking of codes

Cryptanalysis is of central importance because it is the only way

to assure that a cryptosystem is secure.
Terminology
Cryptology

Cryptography Cryptanalysis

• Cryptography is the science of secret writing

with the goal of hiding the meaning of a message.
• Cryptanalysis is the science of breaking
cryptography.
• Cryptology covers both cryptography and
cryptanalysis.
5
 Cryptosystem

• A cryptosystem is a 5-tuple (E, D, M, K, C), where:

• M is the set of plaintexts,
• K the set of keys,
• C is the set of cipher texts,
• E: M x K  C is the set of enciphering functions, and
• D: C x K  M is the set of deciphering functions.
• Encryption Function : E (mi, ki) = ci
• Decryption Function : D (ci, ki) = mi
Terminology
• Encryption: plaintext (cleartext) M is converted
into a ciphertext C under the control of a key k.
– We write C = E(M, k).
• Decryption with key k recovers the plaintext M
from the ciphertext C.
– We write M = D(C, k).
• Symmetric ciphers: the secret key is used for both
encryption and decryption.
• Asymmetric ciphers: Pair of private and public
keys where it is computationally infeasible to
derive the private decryption key from the
corresponding public encryption key.

7
 Taxonomy of cryptographic
functions Cryptographic Functions

“Cipher” is the term

for a “cryptographic Hash
Ciphers
algorithm” Functions

Symmetric S Asymmetric A
One secret key Public key used for
used for both encryption and private
encryption and decryption key used for decryption

Called “public-key
Block Stream
cryptography”
8
Block Cipher vs. Stream Cipher
Block cipher Stream cipher
Plaintext blocks Key
n bits

Key
stream
Key Block
generator
Cipher
Key stream

n bits ⊕
Plaintext stream Ciphertext stream
Ciphertext blocks
Note that the key stream repeats itself
and is not totally random, hence a
stream cipher is not a One-Time-Pad.
9
 Symmetric cryptography (secret key)
Alice Bob
Secret key Secret key

Message Message

Algorithm Algorithm
Ciphertext
encryption decryption
Plaintext Plaintext

• “Secret key” means that the key is shared “in secret”

between entities who are authorized to encrypt and decrypt

10
 Evolution of Ciphers
Classical Medieval Pre-WW2 WW2 Pre-2000 Post-2000
ciphers ciphers ciphers ciphers ciphers ciphers
Transposition Poly- One-time Complex DES AES
Scytale alphabetic pad mechanics Feistel Rijmen &
Substitution Enigma Daemen
+
Transposition Vernam
1916
Vigenère
Substution 1566 SP-networks Asymmetric
Caesar Info-theory crypto
cipher Post-
Shannon Diffie Quantum
Hellman Asymmetric
crypto

→ BC AD → 1799 1800 → 1939 1940 → 1975 1976 → 2000 2001 →

11
Scytale 7th century BC
 Cryptosystem - Caesar cipher

• Each letter is replaced by another letter

• Shift distance is called the offset
• Shift can right (A to B) or left (B to A)

How to encrypt using Caesar cipher?

Plain Alphabet ABCDEFGHIJKLMNOPQRSTUVWXYZ

Caesar Alphabet (+ 3) DEFGHIJKLMNOPQRSTUVWXYZABC
 Vigenère Cipher
• First described by Giovan Battista Bellaso in
1553
• In the 19th century, the scheme was
misattributed to Blaise de Vigenère (1523–1596)
• Each letter of the plaintext is encoded with a
different Caesar cipher, whose increment is
determined by the corresponding letter of
another text, the key
 Claude Shannon (1916 – 2001)
The Father of Information Theory – MIT / Bell Labs

• Information Theory
– Defined the "binary digit" (bit)
as information unit
– Defined information "entropy" to
measure amount of information
• Cryptography
– Model of secrecy systems
– Defined perfect secrecy
– Principle of S-P encryption (substitution
& permutation) to hide statistical regularities
– Any unbreakable system must have essentially the same
characteristics as the one-time pad: the key must be truly
random, as large as the plaintext, never reused in whole or
part, and kept secret 15
 Shannon’s S-P Network
Removes statistical regularities in ciphertext
plaintext
• “S-P Networks” (1949)
– Substitutions & Permutations S S .... S
– Substitute bits e.g. 0001 with 0110
P
– Permute parts e.g. part-1 to part-2
– Substitution provides “confusion”
i.e. complex relationship between
S S .... S

input and output D

...
– Permutation provide “diffusion”, E
i.e. a single input bit influences
many output bits S S .... S
– Iterated S-P functions a specific
number of times P
– Functions must be invertible
ciphertext

16
S-P Network
 AES - Advanced Encryption Standard
• DES (Data Encryption Standard) from 1977 had a
56-bit key and a 64-bit block. In the mid-1990s
DES could be cracked with exhaustive key search.
• In 1997, NIST announced an open competition for
a new block cipher to replace DES.
• The best proposal called “Rijndael” was nominated
as AES (Advanced Encryption Standard) in 2001.
• AES has key sizes of 128, 192 or 256
bit and block size of 128 bit.
AES is designed by
Vincent Rijmen and
Joan Daemen from
Belgium
14
Cryptosystem Example
 Cryptosystem - Caesar cipher

• Each letter is replaced by another letter

• Shift distance is called the offset
• Shift can right (A to B) or left (B to A)

How to encrypt using Caesar cipher?

Plain Alphabet ABCDEFGHIJKLMNOPQRSTUVWXYZ

Caesar Alphabet (+ 3) DEFGHIJKLMNOPQRSTUVWXYZABC
 Caesar Cipher

• Another way to crypt, more mathematical

Plain text cipher text is HELLO Then Cypher

Text is ?
 Caesar Cipher

• plain: hello

• Let assign numerical equivalent to each Alphabet

C = E(k, p) = (p + k) mod 26

C = E(3, p) = (p + 3) mod 26
 Caesar Cipher
• plain: hello

• Offset 3

• cipher: khoor

C = E(k, p) = (p + k) mod 26

C = E(3, p) = (p + 3) mod 26
 Cryptosystem

• An adversary wishes to break a Cryptosystem.

• Standard cryptographic practice is to assume that

adversary knows:

– the algorithm used to encipher the plaintext

– but not the specific cryptographic key

 Cryptanalysis Attacks

Ciphertext

Known Plain Text

Chosen Plain Text

 Cipher text only

• Adversary has only the ciphertext.

• Plaintext?

• If possible, adversary may try to find the key, too.

• Cipher Text: A Se YgafY lg SllSUc S UahZWj.

• Plain Text: ?
 Known plaintext attack

• Adversary has:

– Ciphertext and
Cipher Text: A Se YgafY lg SllSUc S UahZWj.
– Plaintext
Plain Text: I am going to attack a cipher.

• Key?
 Chosen Plaintext Attack

• Adversary may ask that specific plaintexts be enciphered.

• Given the corresponding cipher text.

• Goal is to find the key.

 Classical Cryptosystem

Transposition Substitution Product

Cipher Cipher Cipher (T+S)
Transposition Cipher
 Transposition Cipher

• Rearrange letters in plaintext to produce ciphertext

• Example (2-Columnar transposition or Rail-Fence Cipher )

• Plaintext is HELLO WORLD

HE
LL
OW
OR
LD

• Ciphertext is HLOOL ELWRD

 Transposition Cipher

• Generalize to n-columnar transpositions

• Example 3-columnar
• Plain text is : HELLO WORLD
– HEL

– LOW

– ORL

– DXX

– Cipher text: HLOD EORX LWLX

Substitution Cipher
 Substitution Cipher
• Change characters in plaintext to produce ciphertext

• Example (Cæsar cipher)

– Plaintext is HELLO WORLD

– Change each letter to the third letter following it

– (X goes to A, Y to B, Z to C)

Key is 3, usually written as letter ‘D’

– Ciphertext is KHOOR ZRUOG

 Attacking the Cipher

• Exhaustive / Brute force search

– If the key space is small enough, try all possible keys until you find the

right one

– Cæsar cipher has 26 possible keys

– Cipher Text - Wklv lv Gdwd VhfxulwB Fodvv

Caesar / Rot13 - CrypTool Portal

 Attacking the Cipher

• Statistical analysis

– Compare to 1-gram model of English

 Exhaustive / Brute force search

plain: meet me after the toga party

cipher: PHHW PH DIWHU WKH WRJD SDUWB

• An adversary wishes to break a Cryptosystem.

• Standard cryptographic practice is to assume that adversary knows:

• Encryption Algo

• but not the specific cryptographic key.

 Exhaustive / Brute force search
Cipher text
 Exhaustive / Brute force search
Cipher text

• Simply try all

the 25
possible keys.
 Exhaustive / Brute force search
Cipher text

Key or Offset ?
 Exhaustive / Brute force search
Cipher text

• simply try all

the 25
possible keys.
 Exhaustive / Brute force search
Cipher text

• simply try all

the 25
possible keys.

When Brute
force becomes
impractical?
 Exhaustive / Brute force search

Brute force cryptanalysis become impractical

when
Language is unknown.
 Exhaustive / Brute force search

Brute force cryptanalysis become impractical

when
Language is unknown.

plaintext output may not be recognizable

 Exhaustive / Brute force search

Brute force cryptanalysis become impractical

when
Algorithm is Unknown.
 Exhaustive / Brute force search

Brute force cryptanalysis become impractical

when
Input is abbreviated or compressed.
 Attacking the Cipher

• Exhaustive / Brute force search

– If the key space is small enough, try all possible keys until you find

the right one

– Cæsar cipher has 26 possible keys

• Statistical analysis

– Compare to 1-gram model of English

 Attacking the Cipher

• Statistical analysis

– Compare to 1-gram model of English

 Attacking the Cipher

Cipher text

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUD
BMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZ
WYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHM
DJUDTMOHMQ
 Attacking the Cipher

Relative Frequency of Letters in English Text

 Attacking the Cipher

Cipher text

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUD
BMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZ
WYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHM
DJUDTMOHMQ
 Attacking the Cipher
Cipher text

Relative Frequency = RF

RF(Character) = f(Character)/ Total Character * 100

Relative Frequency of Character P

P Appears = 16

RF(p) = 16/120 * 100

= 13.33
 Attacking the Cipher

relative frequencies of the letters in the ciphertext (in percentages)

P 13.33 H 5.83 F 3.33 B 1.67 C 0.00

Z 11.67 D 5.00 W 3.33 G 1.67 K 0.00

S 8.33 E 5.00 Q 2.50 Y 1.67 L 0.00

U 8.33 V 4.17 T 2.50 I 0.83 N 0.00

O 7.50 X 4.17 A 1.67 J 0.83 R 0.00

M 6.67
 Attacking the Cipher
P 13.33 H 5.83 F 3.33 B 1.67 C 0.00

Z 11.67 D 5.00 W 3.33 G 1.67 K 0.00

S 8.33 E 5.00 Q 2.50 Y 1.67 L 0.00

U 8.33 V 4.17 T 2.50 I 0.83 N 0.00

O 7.50 X 4.17 A 1.67 J 0.83 R 0.00

M 6.67

P Z
 Attacking the Cipher
P 13.33 H 5.83 F 3.33 B 1.67 C 0.00

Z 11.67 D 5.00 W 3.33 G 1.67 K 0.00 S, U, O, M, and H are all of relatively high
frequency and probably correspond to plain
S 8.33 E 5.00 Q 2.50 Y 1.67 L 0.00
letters from the set {a, h, i, n, o, r, s}.
U 8.33 V 4.17 T 2.50 I 0.83 N 0.00

O 7.50 X 4.17 A 1.67 J 0.83 R 0.00

M 6.67

P Z
 Attacking the Cipher
P 13.33 H 5.83 F 3.33 B 1.67 C 0.00

Z 11.67 D 5.00 W 3.33 G 1.67 K 0.00 S, U, O, M, and H are all of relatively high
frequency and probably correspond to plain
S 8.33 E 5.00 Q 2.50 Y 1.67 L 0.00
letters from the set {a, h, i, n, o, r, s}.
U 8.33 V 4.17 T 2.50 I 0.83 N 0.00

O 7.50 X 4.17 A 1.67 J 0.83 R 0.00

M 6.67

P Z

S
 Attacking the Cipher

P Z

S
Most common 2 gram and 3gram
Frequencies

54
 Attacking the Cipher
• A powerful tool is to look at the frequency of two-letter combinations, known as 2 gram or

digram.

• A table similar could be drawn up showing the relative frequency of 2-gram.

• The most common such digram is th.

• In our ciphertext, the most common digram is ZW, which appears three times.
 Attacking the Cipher
• Now notice the sequence ZWSZ in the first line.
• We do not know that these four letters form a complete word TH_T.
• If S  A then it will become THAT
 Attacking the Cipher

The complete plaintext, with spaces added between words

it was disclosed yesterday that several informal

but direct contacts have been made with political
representatives of the viet cong in moscow
 Cæsar’s Problem

Key is too short

• Can be found by exhaustive search

• Statistical frequencies not concealed well

They look too much like regular English letters

Improve the substitution permutation

• Increase number of mapping options from 26

Vigènere Cipher
 Vigènere Cipher

Like Cæsar cipher, but use a phrase as key

Example
• Message: THE BOY HAS THE BALL
• Key : VIG
• Encipher using Cæsar cipher for each letter:

key VIGVIGVIGVIGVIGV
plain THEBOYHASTHEBALL
Cipher OPKWWECIYOPKWIRG
 Key

Plain Text

Key : VIGVIGVIGVIGVIGV
Plain : THEBOYHASTHEBALL
Cipher : OPKWWECIYOPKWIRG
 Useful Terms

Period: length of key

• In earlier example, period is 3

tableau: table used to encipher and decipher

• Vigènere cipher has key letters on top, plaintext letters on the left

polyalphabetic:

• the key has several different letter

• Cæsar cipher is monoalphabetic

62
 Attacking the Cipher

Approach

• Establish period; call it n

• Break message into n parts, each part being enciphered using the same

key letter

• Solve each part

 Establish Period
Repetitions in the ciphertext occur when characters of the key appear over the
same characters in the plaintext
Example:

key VIGVIGVIGVIGVIGV
plain THEBOYHASTHEBALL
Cipher OPKWWECIYOPKWIRG

Note the key and plaintext line up over the repetitions (underlined).
As distance between repetitions is 9, the period is a factor of 9
(that is, 1, 3, or 9)
 One-Time Pad

It is a Vigenère cipher with following features:

• Having a random key that is as long as the message, so that the

key need not be repeated.

• key is to be used to encrypt and decrypt a single message, and

then is discarded.

• Each new message requires a new key of the same length as the

new message.

39
 One-Time Pad

The one-time pad offers complete security but, in practice, has two
fundamental difficulties:

• Key Generation

• Key Distribution

39
 One-Time Pad

• Key Generation

– There is the practical problem of making large quantities of random keys.

– Any heavily used system might require millions of random characters on

a regular basis.

– Supplying truly random characters in this volume is a significant task.

• Key Distribution

– Even more daunting is the problem of key distribution and protection.

– For every message to be sent, a key of equal length is needed by both
sender and receiver

39
 One-Time Pad

• A Vigenère scheme with 27 characters

We now show two different decryptions using two different keys:

ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
key: pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyih
plaintext: mr mustard with the candlestick in the hall

ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
key: pftgpmiydgaxgoufhklllmhsqdqogtewbqfgyovuhwt
plaintext: miss scarlet with the knife in the librar

39
Book Cipher
 Book Cipher
• Approximate one-time pad with book text

– Sender and receiver agree on text to pull key from

– Bible, Koran, Phone Book

• Each letter is given by a row, column pair as it is found in an agreed upon text.

• So the cipher would read:row,column,row,column, row,column,…..

• Note all such ciphers would have an even number of numbers in them, which

might be a hint that one is facing a book cipher.

• Here is the above text as a book

cipher:1,1,3,10,5,6,1,16,2,5,2,6,1,14,4,7,1,10,3,7,2,4,3,5
 Book Cipher

• May be some counting problem

• Plain text may not found in the Book

• Book and its edition should be same

Enigma - Rotor Machines
 Enigma - Rotor Machines

• Another approximation of one-time pad

• Substitution cipher

– Each rotor is a substitution

– Changes in rotor position change how substitutions are stacked

– Key press passes through all rotors and back through a reflector rotor

– Rotors advance after each key press changing the substitution.

• Key is initial position of the rotors

• More details

– http://www.codesandciphers.org.uk/enigma/
 Enigma - Rotor Machines
• 26 * 26 * 26 = 17,576 different substitution alphabets
used before the system repeats
• The addition of fourth and fifth rotors results in periods
of 456,976 and 11,881,376 letters, respectively
• A formidable cryptanalytic challenge
• A letter frequency analysis approach, the analyst is
faced with the equivalent of over 11 million
monoalphabetic ciphers.
• The analyst would need to be in possession of a
ciphertext with a length of over half a billion letters.
 Online Crypto Tools
• https://www.cryptool.org/en/cto/caesar

• https://www.boxentriq.com/code-breaking/cipher-identifier

• Online Cryptography Tools

• Frequency Analysis: Breaking the Code - Crypto Corner (interactive-

maths.com)
• Online Cryptography Tools
• Perfect Solution – Frequency Analysis
– Frequency Analysis | 101 Computing

75
 Summary
Data States
Data at Rest
Attacks & Controls
Data in Motion
Attacks & Controls
Data in Use
Attacks & Controls

• Cryptography
• Main Terms
• Evolution of Ciphers
• Caesar Cipher
• Vigenère Cipher
• Transposition and Substitution Ciphers
• One Time Pad
• Book Cipher
• Rotor Machine
End of Lecture 3

77