Classical Encryption Techniques

CSE 651: Introduction to Network Security

Classical encryption techniques
‡ As opposed to modern cryptography ‡ Goals:
± to introduce basic concepts & terminology of encryption ± to prepare us for studying modern cryptography


Basic terminology
‡ Plaintext: original message to be encrypted ‡ Ciphertext: the encrypted message ‡ Enciphering or encryption: the process of converting plaintext into ciphertext ‡ Encryption algorithm: performs encryption
± Two inputs: a plaintext and a secret key

Symmetric Cipher Model


‡ Deciphering or decryption: recovering plaintext from ciphertext ‡ Decryption algorithm: performs decryption
± Two inputs: ciphertext and secret key

‡ Secret key: same key used for encryption and decryption
± Also referred to as a symmetric key


‡ Cipher or cryptographic system : a scheme for encryption and decryption ‡ Cryptography: science of studying ciphers ‡ Cryptanalysis: science of studying attacks against cryptographic systems ‡ Cryptology: cryptography + cryptanalysis 6 .

Ciphers ‡ Symmetric cipher: same key used for encryption and decryption ± Block cipher: encrypts a block of plaintext at a time (typically 64 or 128 bits) ± Stream cipher: encrypts data one bit or one byte at a time ‡ Asymmetric cipher: different keys used for encryption and decryption 7 .

Symmetric Encryption ‡ or conventional / secret-key / single-key ‡ sender and recipient share a common key ‡ all classical encryption algorithms are symmetric ‡ The only type of ciphers prior to the invention of asymmetric-key ciphers in 1970¶s ‡ by far most widely used 8 .

Y) ‡ ‡ ‡ ‡ ‡ ‡ X = plaintext Y = ciphertext K = secret key E = encryption algorithm D = decryption algorithm Both E and D are known to public 9 . X) X = D(K.Symmetric Encryption ‡ Mathematically: Y = EK(X) X = DK(Y) or or Y = E(K.

to recover the secret key. ‡ Kerkhoff¶s principle: the adversary knows all details about a cryptosystem except the secret key. ‡ Two general approaches: ± brute-force attack ± non-brute-force attack (cryptanalytic attack) 10 .Cryptanalysis ‡ Objective: to recover the plaintext of a ciphertext or. more typically.

01 hours 5.3 v 109 256 = 7.9 v 1036 years Time required at 106 decryptions/µs 2.Brute-Force Attack ‡ Try every key to decipher the ciphertext.4 v 1038 2168 = 3.9 v 1030 years 6.7 v 1050 26! = 4 v 1026 231 µs 255 µs 2127 µs 2167 µs Time required at 1 decryption/µs = 35. need to try half of all possible keys ‡ Time needed proportional to size of key space Key Size (bits) 32 56 128 168 26 characters (permutation) Number of Alternative Keys 232 = 4.15 milliseconds 10.4 v 1018 years 5.2 v 1016 2128 = 3.4 v 106 years 2 v 1026 µs = 6.4 v 1012 years 11 . ‡ On average.8 minutes = 1142 years = 5.4 v 1024 years = 5.

Cryptanalytic Attacks ‡ May be classified by how much information needed by the attacker: ± Ciphertext-only attack ± Known-plaintext attack ± Chosen-plaintext attack ± Chosen-ciphertext attack 12 .

13 .Ciphertext-only attack ‡ Given: a ciphertext c ‡ Q: what is the plaintext m? ‡ An encryption scheme is completely insecure if it cannot resist ciphertext-only attacks.

Known-plaintext attack ‡ Given: (m1.c1). ‡ Q: what is the plaintext of c? ‡ Q: what is the secret key in use? 14 . «. (mk. ( and a new ciphertext c.c2).

(m2.c1). ( «.Chosen-plaintext attack ‡ Given: (m1. where m1. or what is the secret key? 15 . m2. «. ‡ Q: what is the plaintext of c. and a new ciphertext c.c2). mk are chosen by the adversary.

US Navy cryptanalysts discovered that Japan was planning an attack on ³AF´. 16 .Example: chosen-plaintext attack ‡ In 1942. ‡ This proved that ³AF´ is Midway. ‡ Pentagon didn¶t think so. ‡ US forces in Midway sent a plain message that their freshwater supplies were low. US intercepted a Japanese ciphertext saying that ³AF´ was low on water. ‡ They believed that ³AF´ means Midway island. ‡ Shortly.

c1).ck). and a new ciphertext c. where c1. «.c2). ‡ Q: what is the plaintext of c. (m2. (mk.Chosen-ciphertext attack ‡ Given: (m1. or what is the secret key? 17 . «. c2. ck are chosen by the adversary.

. ‡ Product cipher: using multiple stages of substitutions and transpositions 18 . bits or characters) ‡ Substitution cipher: replacing each element of the plaintext with another element.Classical Ciphers ‡ Plaintext is viewed as a sequence of elements (e.g. ‡ Transposition (or permutation) cipher: rearranging the order of the elements of the plaintext.

Caesar Cipher ‡ Earliest known substitution cipher ‡ Invented by Julius Caesar ‡ Each letter is replaced by the letter three positions further down the alphabet. ‡ Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C ‡ Example: ohio state RKLR VWDWH 19 .

24. 1.. 20 . c. . 2.. b.. y.. 23. z 0. .Caesar Cipher ‡ Mathematically. x. map letters to numbers: a... 25 ‡ Then the general Caesar cipher is: c = EK(p) = (p + k) mod 26 p = DK(c) = (c ± k) mod 26 ‡ Can be generalized with any alphabet.

... . 25} ‡ Vulnerable to brute-force attacks. ‡ E..g. 1. break ciphertext "UNOU YZGZK³ ‡ Need to recognize it when have the plaintext ‡ What if the plaintext is written in Swahili? 21 .Cryptanalysis of Caesar Cipher ‡ Key space: {0.

Monoalphabetic Substitution Cipher ‡ Shuffle the letters and map each plaintext letter to a different random ciphertext letter: Plain letters: abcdefghijklmnopqrstuvwxyz Cipher letters: DKVQFIBJWPESCXHTMYAUOLRGZN Plaintext: ifwewishtoreplaceletters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA ‡ What does a key look like? 22 .

Monoalphabetic Cipher Security ‡ Now we have a total of 26! = 4 x 1026 keys. ‡ But not secure against some cryptanalytic attacks. 23 . ‡ Problem is language characteristics. ‡ With so many keys. it is secure against brute-force attacks.

Language Statistics and Cryptanalysis ‡ Human languages are not random. S. K. R. ‡ There are tables of single. N. J. ‡ Letters are not equally frequently used. Q. I. ‡ Other letters like Z. X are fairly rare. followed by T. A. ‡ In English. O. E is by far the most common letter. double & triple letter frequencies for various languages 24 .

English Letter Frequencies 25 .

Statistics for double & triple letters ‡ In decreasing order of frequency ‡ Double letters: th he an in er re es on. « 26 . « ‡ Triple letters: the and ent ion tio for nde.

we ± calculate letter frequencies for ciphertext ± compare this distribution against the known one 27 .Use in Cryptanalysis ‡ Key concept: monoalphabetic substitution does not change relative letter frequencies ‡ To attack.

ZW has highest frequency.Example Cryptanalysis ‡ Given ciphertext: UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ ‡ Count relative letter frequencies (see next page) ‡ Guess {P. Z} = {e. t} ‡ Of double letters. so guess ZW = th and hence ZWP = the ‡ Proceeding with trial and error finally get: it was disclosed yesterday that several informal but direct contacts have been made with political representatives of the viet cong in moscow 28 .

33 3.Letter frequencies in ciphertext P Z S U O M 13.17 F W Q T A 3.67 B G Y I J 1.50 2.00 0.33 11.83 5.67 1.00 4.17 4.00 0.67 H D E V X 5.83 0.33 2.00 0.67 1.83 C K L N R 0.67 8.67 0.33 7.50 6.00 0.50 1.00 5.00 29 .33 8.

What type of attack? ‡ Ciphertext-only attack ‡ Known-plaintext attack ‡ Chosen-plaintext attack ‡ Chosen-ciphertext attack 30 .

‡ Invented by Charles Wheatstone in 1854.Playfair Cipher ‡ Not even the large number of keys in a monoalphabetic cipher provides security. ‡ ‡ One approach to improving security is to encrypt multiple letters at a time. but named after his friend Baron Playfair. 31 . ‡ The Playfair Cipher is the best known such cipher.

Fill in letters of the key (w/o duplicates). Fill the rest of matrix with other letters. M C E L U O H F P V N Y G Q W A B I/J S X R D K T Z 32 . E.. key = MONARCHY.Playfair Key Matrix ‡ ‡ ‡ ‡ Use a 5 x 5 matrix.g.

Encrypting and Decrypting Plaintext is encrypted two letters at a time. If both letters fall in the same row. replace each with the letter to its right (circularly). If a pair is a repeated letter. each letter is replaced by the letter in the same row but in the column of the other letter of the pair. 1. insert filler like 'X¶. replace each with the the letter below it (circularly). If both letters fall in the same column. 4. 3. 2. Otherwise. 33 .

it can be broken. ‡ Actually. ‡ Security is much improved over the simple monoalphabetic cipher. by US & British military in WW1 and early WW2 ‡ Once thought to be unbreakable. because it still leaves some structure of plaintext intact. ‡ Was widely used for many decades ± eg. 34 .Security of Playfair Cipher ‡ Equivalent to a monoalphabetic cipher with an alphabet of 26 x 26 = 676 characters.

.. M2.Polyalphabetic Substitution Ciphers ‡ A sequence of monoalphabetic ciphers (M1. 35 . ‡ A key determines which sequence of ciphers to use. ‡ Each plaintext letter has multiple corresponding ciphertext letters... M3. Mk) is used in turn to encrypt letters. ‡ This makes cryptanalysis harder since the letter frequency distribution will be flatter.

‡ Decryption simply works in reverse. Cr. .g.. Cc. 36 . Cu. security ‡ Encrypt each letter using Cs. Cz } ‡ Key: e.. Cy in turn. ‡ Repeat from start after Cy. Cc.Vigenère Cipher ‡ Simplest polyalphabetic substitution cipher ‡ Consider the set of all Caesar ciphers: { Ca. Cb. Ce.. Ct. Ci.

Example of Vigenère Cipher ‡ Keyword: deceptive key: deceptivedeceptivedeceptive plaintext: wearediscoveredsaveyourself ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ 37 .

Plaintext letters at positions k. If key length is N. letter frequencies are obscured but not totally lost. are encoded by the same cipher. How? 2.Security of Vigenère Ciphers ‡ There are multiple (how many?) ciphertext letters corresponding to each plaintext letter. 2N+k. ‡ So. 3N+k. ‡ To break Vigenere cipher: 1.. 38 . etc. 3. Try to guess the key length. Attack each individual cipher as before. the cipher consists of N Caesar ciphers. N+k.

Guessing the Key Length ‡ Main idea: Plaintext words separated by multiples of the key length are encoded in the same way. if plaintext = ³«thexxxxxxthe«´ then ³the´ will be encrypted to the same ciphertext words. 39 .g. ‡ In our example. ‡ So look at the ciphertext for repeated patterns. the repetition could be a random fluke. repeated ³VTW´ in the previous example suggests a key length of 3 or 9: ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ ‡ Of course. ‡ E.

K = 265 =12 x 106. ‡ Widely used in WW2.576. rotor machines were most common complex ciphers in use. ‡ With 5 cylinders. ‡ Used a series of rotating cylinders. K = 263 =17.Rotor Cipher Machines ‡ Before modern ciphers. ‡ With 3 cylinders. ‡ Implemented a polyalphabetic substitution cipher of period K. ‡ What is a key? ± If the adversary has a machine ± If the adversary doesn¶t have a machine 40 .

41 .

German secret setting sheets Date Which rotors to use (there were 10 rotors) Ring setting Plugboard setting 42 .

The Rotors 43 .

Enigma Rotor Machine 44 .

Enigma Rotor Machine 45 .

‡ Example: Row Transposition Ciphers 46 . ‡ Shuffle the plaintext. without altering the actual letters used.Transposition Ciphers ‡ Also called permutation ciphers.

Key: 3 4 2 1 5 6 7 Plaintext: a t t a c k p o s t p o n e d u n t i l t wo a mx y z Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ 47 .Row Transposition Ciphers ‡ Plaintext is written row by row in a rectangle. ‡ Ciphertext: write out the columns in an order specified by a key.

48 .Product Ciphers ‡ Uses a sequence of substitutions and transpositions ± Harder to break than just substitutions or transpositions ‡ This is a bridge from classical to modern ciphers.

Unconditional & Computational Security ‡ A cipher is unconditionally secure if it is secure no matter how much resources (time.. ‡ All the ciphers we have examined are not unconditionally secure. space) the attacker has. 1000 years) that practically the cryptosystem is secure.g. 49 . ‡ A cipher is computationally secure if the best algorithm for breaking it will require so much resources (e.

used one-time only) y Plaintext = m1m2m3m4  y Ciphertext = c1c2c3c4  where ci ! mi ‡ ki y Can be proved to be unconditionally secure.An unconditionally Secure Cipher Vernam¶s one-time pad cipher y Key = k1k2k3k4  (random. 50 .

.g.Steganography ‡ Hide a message in another message. hide your plaintext in a graphic image ± Each pixel has 3 bytes specifying the RGB color ± The least significant bits of pixels can be changed w/o greatly affecting the image quality ± So can hide messages in these LSBs ‡ Advantage: hiding existence of messages ‡ Drawback: high overhead 51 . ‡ E.

52 . can hide 115.7200) pixel image. ‡ Using only 1 LSB.200 characters ‡ Using 4 LSBs.‡ Take a 640x480 (=30. can hide 460.800 characters.

53 .

Summary ‡ Have considered: ± classical cipher techniques and terminology ± monoalphabetic substitution ciphers ± cryptanalysis using letter frequencies ± Playfair cipher ± polyalphabetic ciphers ± transposition ciphers ± product ciphers and rotor machines ± stenography 54 .

Sign up to vote on this title
UsefulNot useful