Encryption%20-%20I

1
Encryption - I
2
Definitions

• Plaintext easy to understand form(original
  message)
• Ciphertext difficult to understand form
• Encryption encoding (plaintext -gt ciphertext)
• Decryption decoding(ciphertext -gt plaintext)
• Cryptology study of encryption
• Cryptography use of encryption
• Cryptanalysis breaking encryption

3
Cryptanalysts Role

• Break single message
• Recognize patterns to create decryption method
• Find general weakness in encryption algorithm

4
Breakable Encryption

• Feasible given time and data
• Brute force usually impractical
• Estimates based on current technology
• Just because the underlying scheme is based on a
  'hard' problem doesn't mean that the cryptanalyst
  will attempt to solve it that way

5
Cryptanalysts tools

• Letter frequency data
• Prefix/suffix lists
• Letter pair/triple lists
• Common pattern lists

6
Encryption Algorithm

• Transformation
• CE(P)
• PD(C)
• PD(E(P))
• Keyed adds security even if algorithm is known
• Symmetric CE(k,P) PD(k,C)
• Asymmetric CE(k1,P) PD(k2,C)

7
Character Representation

• Enumeration cyclic
• Y3B (2431 with wrapping)
• Modulus Arithmetic
• 0 mod 26 0
• 1 mod 26 1
• 26 mod 26 0
• 27 mod 26 1

A B C D E X Y Z A B C
0 1 2 3 4 23 24 25 0 1 2
8
Caesar Cipher

• Julius Caesar Gallic Wars
• Shift of three characters
• P PROFESSIONAL COURTESYCSURIHVVLRQDO
  GRXUWHVB
• Easy to use in the field
• Pattern is easy to spot and break

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
9
Cryptanalysis of Caesar Cipher

• Obvious break between words
• Double letters easy to spot
• Repeating letter patterns
• Small words easy to peg
• CWKLV LV WRR HDVB

THIS IS TOO __S_ small words
THIS IS TOO EASY spot shift of 3
10
Keyed Monoalphabetic Ciphers

• Key Permutation (key has no repeating letters)
• Multiplicative Modulus (key is multiplier)
• f(i) (3i) mod 26
• f(K) 310 mod 26 4 E

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
K E Y A B C D F G H I J L M N O P Q R S T U V W X Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A D G J M P S V Y B E H K N Q T W Z C F I L O R U X
11
Monoalphabetic Ciphers

• Can be done by direct table lookup (easy in
  field)
• Time to encrypt/decrypt varies directly with
  length
• Betrayed by letter frequencies

12
Example

• CiphertextHQFUBSWLRQLVDPHDQVRIDWWDLWLWJVHFXUHFRP
  SXWDWLRQRYHULQVHFXUHFKDQQHOVEBXVLQJHQFUBSWLRQZHGLV
  XLVHWHKPHVVDJH
• PlaintextENCRYPTIONISAMEANSOFATTAINGSECURECOMPUT
  ATIONOVERINSECURECHANNELSBYUSINGENCRYPTIONWEDISGUI
  SETHEMESSAGE

13
Letter Frequencies

• English vowel frequencies
• Ciphertext frequencies (104 letters)

Vowel A E I O U
percent 7.49 14.0 6.67 7.37 3.0
Vowel A E I O U
percent 0 0.96 0.96 0.96 4.81
Letter H L V Q W
percent 13.5 11.5 9.62 9.62 8.65
14
Cryptoquote

• ZJ ZJZON CZYYZQP VKQVYK LDN D
  JQQYZLRORZPE, ZP ZL LOZYY D JQQYZLR ORZPE. --
  DPDOQYK JADPIK
• Sept 11, 2003 Pittsburgh Tribune-Review

15
Security of Monoalphabetic Ciphers

• Are they secure?
• 26! Possible ciphers
• Modern computers 10 years to brute force
• NO! In long message letter frequencies betray
  text

16
Meaningful Observations

1. An encryption based on a hard problem is not
   secure just because of the difficulty of the
   problem
2. An encryption algorithm must be regular-- this
   is its weakness
3. A security measure must be strong enough to keep
   out the attacker only for the life of the data

17
Polyalphabetic Ciphers

• Flatten frequency distributions
• Conceal letter pairs
• Conceal prefixes/suffixes
• Example (using multiplicative modulus)Odd
  positions use f(i)(3i) mod 26Even positions
  use f(i)((5i)13) mod 26

18
Vigenere Tableaux

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
19
Using Vigenere Tableaux

• One method
• Choose a key
• Break text into groups of five characters
• Write key in repeating fashion
• Use letter of key to establish column
• Use letter of plaintext to establish row
• Encrypt by using intercept of row and column
• Decrypt by finding row with ciphertext in column

20
Vigenere Example

• Enciphering Tale of Two Cities using Key of
  DICKENS

M I T W A S T H E B E S T O F T I M E S
K D I C K E N S D I C K E N S D I C K E N
P I T W A S T H E B E S T O F T I M E S X
C L B Z K W G Z H J G C X B X W Q O O W K
21
Cryptanalysis of Polyalphabetic Ciphers

• Appears to be more secure
• More complex, but not immune from breaking
• Two tools
• Kasiski Method
• Index of coincidence

22
Repeated Patterns

• English has regularities (letters, letter groups,
  words) that repeat
• Observations
• If code uses n alphabets in cyclic rotation, and
  if a particular letter sequence appears k times
  in the plaintext, it will be encoded
  approximately k/n times from the same alphabet
• If letter sequence is encoded the same way twice,
  key must have gone through a whole number of
  rotations and be back at the same point
• Distance between repeats is multiple of key length

23
Kasiski Method

1. Identify repeated patterns of three or more
   letters
2. Jot down starting position of each instance
3. Compute difference between starting points
4. Determine all factors of each difference
5. Key length is one of these factors

24
Example for Kasiski Method
K d i c k e n s d i c k e n s d i c k e n
P I T W A S T H E B E S T O F T I M E S I
K s d i c k e n s d i c k e n s d i c k e
P T W A S T H E W O R S T O F T I M E S I
K n s d i c k e n s d i c k e n s d i c k
P T W A S T J E A G E O F W I S D O M I T
K e n s d i c k e n s d i c k e n s d i c
P W A S T H E A G E O F F O O L I S H N E
K k e n s d i c k e n s d i c k e n s d i
P S S I T W A S T H E E P O C H O F B E L
K c k e n s d i c k e n s d i c k e n s d
P I E F I T W A S T H E E P O C H O F I N
25
Example of Kasiski Method

• Observe itwasthe is encrypted with the key
  nsdicken three times
• Start Distance Factors
• --- ---
• 63 (83-20) 3,7,9,21,63
• 21(104-83) 3,7,21
• length(dickens)7

26
Index of Coincidence

• Measure of variance between frequencies in
  distribution
• Divide message into pieces enciphered with same
  alphabet
• Measure variance of frequencies in distribution
• If measure approximates English alphabet, guess
  of number of alphabets is supported

Alphabets 1 2 3 5 10 large
Measure .068 .052 .047 .043 .042 .038
27
Perfect Cipher

• Flatten distributions to 0.038
• Very large number of alphabets one time pad
• Large non-repeating keys on a pad
• Each different, each used once and discarded
• Problems Printing, distribution, storage

28
Vernam Cipher

• Use long nonrepeating sequence of numbers
  combined with plaintext
• Ciphertext does not give away key
• Method
• Use binary of P
• Xor binary of random number
• Produces binary cipher text

1 0 1 1 0 1 1 0 1 1 1 1 0 0 0 0 1 0
29
Cracking Random Numbers

• Computers use algorithms to create random
  numbers
• Multiplicative modulusri1 (arib) mod na,
  b, n carefully chosen ri is initially seed
• Advantage can reproduce series
• Disadvantage long enough series may reveal seed,
  a, b, n

30
Known-Text Attacks

• Messages dont have arbitrary content
• Memo, Subject, To, From, Date,
• Senders name, Receivers name
• Organizational terms
• May also have messages where entire text is known
• By comparing ciphertext with known plaintext, can
  find patterns in encryption

31
Transposition Ciphers

• Dont substitute characters, permute them
• Spartans used rods of fixed diameter and strips
  of parchment
• Write across the wrappings
• Read ciphertext along the wrappings
• (works great with 2 pencils)
• In modern terms, use a matrix

32
Columnar Transposition Ciphers

• Key is number of columns in matrix, order of
  columns
• Ciphertext TSHAI HAORT IGWTI SEARO ITCAN SOONW
  ASLSO MHUPR EOMOK SWNSS

T H I S I S A M E S
S A G E T O S H O W
H O W A C O L U M N
A R T R A N S P O S
I T I O N W O R K S
33
Analysis of Columnar Transposition

• Simple, but effective
• Work per character is constant, total
  proportional to message length
• Requires whole message in encryption buffer
• Letter frequency looks like monoalphabetic cipher
• Use digram and trigram frequency tables

34
Breaking Columnar Transposition
T I
S I T A
H G C S
A W A L E
I T N S O
H I S O M
A S O M O
O E O H K
R A N U S
T R W P W
O R N
S
S

• Problem Which columns areadjacent
• Break into strips and look for digrams trigrams

35
Double Transpositions

• Use two columnar transpositions one after the
  other, different numbers of columns
• First transposition breaks up doubled letters
• Second transposition breaks up short strings and
  reinforces first transposition
• Still monoalphabetic letter frequency
• More difficult to decrypt

36
Combination Ciphers

• Mix substitution and permutation ciphers
• Substitution for confusion of information
• Permutation for diffusion of information
• Done right, each supports the other
• All modern ciphers are combinations

37
Answer to Cryptoquote

• IF FIFTY MILLIONPEOPLE SAY A FOOLISHTHING, IT
  IS STILL A FOOLISH THING.-- ANATOLE FRANZE

38
Automated Ciphers

• Stream Ciphers encrypt data as it comes
• fast
• low error propagation
• information not diffused
• susceptible to modification and insertion
• Block Ciphers encrypt data in fixed-size blocks
• Slower
• Larger error propagation
• Information may be diffused
• harder to modify or insert into blocks

39
Data Encryption Standards

• 1972 NBS issues call for proposals
• 1974 IBM responds with lucifer (DEA)
• 1976 DES adopted
• 1986 DES re-certification denied
• 1997 NIST issues call for AES proposals
• 1999 5 submissions selected as finalists
• 2001 Rijndahl algorithm selected

40
DES Overview

• Combination cipher
• 16 rounds of combined substitution and
  transposition
• Plaintext encrypted in 64-bit blocks
• Keys are 56 bits long (plus 8 error bits)
• Uses only arithmetic and logical operations on
  64-bit numbers

41
DES Modes

• All modes same key and algorithm encrypts and
  decrypts
• ECB Electronic code book / Native mode
• CBC Cipher-block chaining
• OFB Output feedback
• CFB Cipher feedback

42
DES Algorithms

• Crypting algorithm method of encryption or
  decryption
• Key scheduling algorithm method of generating
  pieces of key needed for each round of crypting
  algorithm
• Parts
• Permutation boxes (p-boxes)
• Substitution boxes (s-boxes)
• exclusive OR (x-or)

43
Permutation Boxes

• Used as invertible initial and final disguise of
  information
• Fixed permutations at binary level

44
Substitution Boxes

• Confusion and non-linearity
• Interpret bits as numbers, pull replacement from
  table
• 6-bit input, 4-bit output
• first and last bit pick row of table
• middle four bits pick column of table
• elements of table are 4-bit numbers
• Not invertible
• Rationale for values is still secret

45
S-Box Values
Column Number Column Number Column Number Column Number Column Number Column Number Column Number Column Number Column Number Column Number Column Number Column Number Column Number Column Number Column Number Column Number
RowNo. 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
1 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8
2 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
3 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13
46
DES Cycle

• Crypting algorithm feeds 32 bits to cycle
• Subject block to Permutation Expansion,
  converting 32 bits to 48 bits
• XOR expanded block with 48 bits from key to make
  pre-S block
• Apply S box
• Break pre-S block into 8 six-bit chunks
• Process each chunk through s-box in parallel
• Result is 32-bit post-S block
• post-S fed into final permutation to produce
  32-bit cycle result

47
Crypting Algorithm

1. Input 64 bits of plaintext
2. Rearrange by initial permutation p-box
3. Split block
4. two 32-bit halves (left and right)
5. save copy of right half as R0
6. leave left half alone
7. Feed right to DES Cycle
8. XOR left with cycle result to be new right
9. R0 becomes new left
10. Repeat 3-6 sixteen times
11. Submit final block to inverse of initial
    permutation

48
Key Scheduling Algorithm

• Combination of shifts and permutation
• Shifts are determined from table
• Permutation selects 48 of 56 bits
• Produces 16 different slices from key
• Slices are normally computed before crypting

49
DES Weaknesses

• Brute force attacks somewhat practical
• Error affects entire block
• Must use feedback modes or each block encrypted
  in same way
• Weak key produces trivial breaking

50
Alternatives to DES

• Triple DES
• Third party encryption (Blowfish, IDEA)
• AES

51
Advanced Encryption Standard

• Public competition, public royalty-free
  algorithms
• Five finalists all considered equally strong
• Rijndahl won because of efficiency and
  flexibility
• 128 bit block size
• Keys can be any multiple of 64 bits (128, 192 and
  256 are standard)

52
AES Round

• State represent 128 bits as a 4x4 matrix of
  bytes
• Substitution replace bytes via a substitution
  table (defined by high-level algebra)
• Shift row of state
• Mix column of state
• Add round key

53
AES Structure

• Apply round n times, where n depends on key size
  9 for 128, 11 for 192, 13 for 256
• Longer key sizes can be accommodated by
  increasing n.
• Each operation is very fast (add is actually an
  xor/shift) so algorithm is very efficient

54
AES Cryptanalysis

• No significant holes
• Algorithm is very regular (both good and bad)
• Algorithm is better than usual at diffusion
• Underlying algebra may make hidden shortcuts
  unlikely