Title: Classical and Modern Cryptology LFTSP 1999 COMMS 2.14
1Classical and Modern CryptologyLFTSP 1999 COMMS
2.14
- Major Greg Phillips
- Royal Military College of Canada
- Electrical and Computer Engineering
- greg.phillips_at_rmc.ca
- 01-613-541-6000 ext. 6190
2What the heck is Cryptology?
- cryptography the art of providing secure
communication over insecure channels - cryptanalysis the art of breaking into such
communications - cryptology the combined art of cryptography and
cryptanalysis
3Caesar Cipher
ABCDEFGHIJKLMNOPQRSTUVWXYZ
DEFGHIJKLMNOPQRSTUVWXYZABC
- Every letter is substituted with the third letter
alphabetically following belongs to a class of
ciphers called substitution ciphers - The plaintext gregphillips becomes the
ciphertext juhjskloolsv - This is called a restricted cryptosystem because
it relies on keeping the nature of the algorithm
secret
4Generalized Caesar Cipher
ABCDEFGHIJKLMNOPQRSTUVWXYZ
NOPQRSTUVWXYZABCDEFGHIJKLM
- Every letter is substituted with the nth letter
alphabetically following, where n is the secret
key - Here, n is 13 and gregphillips becomes
tertcuvyyvcf - Since there are only 25 interesting keys, a
cryptanalyst could easily search the entire key
space using a brute-force search
5More Generalized Caesar Cipher
ABCDEFGHIJKLMNOPQRSTUVWXYZ
SFBHIXZJLTYKGWUMRPVEDONACQ
- Every letter is substituted with another letter,
randomly chosen. The order of the substituted
letters becomes the the secret key - Here, the key is sfbhixzjltykgwumrpvedonacq and
gregphillips becomes zpizmjlkklmv - Since there are 26! (41026 or 288) keys,
brute-force search is impractical without
automated assistance
6Categories of Attacks
- Ciphertext only. The cryptanalyst has only a
number of intercepted ciphertexts. - Known plaintext. The cryptanalyst has a number of
ciphertexts with corresponding plaintexts. - Chosen plaintext. The cryptanalyst gets to choose
plaintext messages and is given the corresponding
ciphertext.
The goal of an attack is either to recover the
secret key, or to be able to decipher the next
message without the key.
7Information Theory Attacks
- Rely on the typical frequency distribution of
letters, digrams, trigrams and words in natural
languages. - For example, in English
- letters e (13.05), t (9.02), o (8.21), etc.
- digrams th (3.16), in (1.54), etc.
- trigrams the (4.72), ing (1.42), etc.
- words the (6.42), of (4.02), etc.
- Knowing the original language of the plaintext,
and with enough plaintext samples, it is
typically short work to break almost any
substitution cipher
8The One-time Pad
G R E G P H I L L I P S
10 5 7 22 17 2 2 19 4 12 1
6....
Q W L C G J K E P U Q Y
- A perfectly secure substitution cipher
- Letters are encoded as in the generalized Caesar
cipher but using a different key for each letter - This requires a key-string as long as the
original plaintext - If the key-string is reused the system becomes
prone to attack thus one-time pad
9Visual One-time Pad
http//www.cl.cam.ac.uk/fms27/vck/
10Transposition
- reorder the letters but do not disguise them the
new ordering is the key - e.g., with a key of 12 5 4 9 7 8 6 1 11 10 2 3,
gregphillips would become spglilhgpire - typically the key is shorter
- than the message, e.g.,
- with a key of 3 1 2 4,
- gregphillips becomes
- egrgiphlplis
- not particularly secure by itself, however it
obscures digrams, trigrams and words
11Being Digital
- Most electronic cryptosystems operate at the
level of bits rather than letters - The general principles of substitution and
transposition are still used - Additional operations
- circular shift
- exclusive or, normally written
1
12Data Encryption Standard (DES)
- Originally proposed by IBM revised by the
National Security Agency (NSA) and published as
FIPS 46 by the National Bureau of Standards
plaintext
DES encipher and decipher are the same operation,
which makes hardware implementation of DES
relatively simple.
DES encipher
56-bit key
ciphertext
DES decipher
plaintext
http//www.nist.gov/itl/div897/pubs/fip46-2.htm
13DES Overview
Input
Initial Permutation
Permuted Input
L0
R0
K0
f
L1 R0
K1
f
...
L2 R1
Pre-output
L16 R15
Inverse Permutation
Output
14Initial and Inverse Permutations
Initial Permutation 58 50 42
34 26 18 10 2 60 52 44 36
28 20 12 4 62 54 46 38 30 22
14 6 64 56 48 40 32 24 16
8 57 49 41 33 25 17 9 1 59
51 43 35 27 19 11 3 61 53
45 37 29 21 13 5 63 55 47
39 31 23 15 7
Inverse Permutation 40 8 48
16 56 24 64 32 39 7 47 15
55 23 63 31 38 6 46 14 54 22
62 30 37 5 45 13 53 21 61
29 36 4 44 12 52 20 60 28 35
3 43 11 51 19 59 27 34 2
42 10 50 18 58 26 33 1 41
9 49 17 57 25
15Key Schedule
Permuted Choice 1 57 49 41 33 25
17 9 1 58 50 42 34 26
18 10 2 59 51 43 35 27 19 11
3 60 52 44 36 63 55 47 39
31 23 15 7 62 54 46 38 30
22 14 6 61 53 45 37 29 21 13
5 28 20 12 4
Left Shifts 1 1 2 1 3 2
4 2 5 2 6 2 7 2 8
2 9 1 10 2 11 2 12
2 13 2 14 2 15 2 16 1
Permuted Choice 2 14 17 11 24 1
5 3 28 15 6 21 10 23 19
12 4 26 8 16 7 27 20 13
2 41 52 31 37 47 55 30 40 51
45 33 48 44 49 39 56 34 53 46
42 50 36 29 32
16The Function
f
E bit-selection table 32 1 2 3
4 5 4 5 6 7 8
9 8 9 10 11 12 13 12 13 14
15 16 17 16 17 18 19 20 21 20
21 22 23 24 25 24 25 26 27
28 29 28 29 30 31 32 1
Permutation P 16 7 20 21 29 12 28
17 1 15 23 26 5 18 31 10 2
8 24 14 32 27 3 9 19 13 30
6 22 11 4 25
17DES Modes
- Electronic Code Book (ECB)
- the message is broken into 64-bit blocks and each
is encrypted using the same secret key - least secure method
- Chain Block Cipher (CBC)
- Cipher Feedback (CFB), Output Feedback (OFB)
- message is broken into blocks of 1t64 bits
- uses 64-bit initial value in shift register
shifts t bits of previous ciphertext in for each
new plaintext value - difference is in way shift register is updated
18Chain Block Cipher
- uses secret key K plus 64-bit initial block c0
- message broken into 64-bit blocks, m0, m1, ...
m0
m1
c0
DES encrypt
DES encrypt
K
K
c1
c2
19How Secure Is DES?
- RSA Labs contest, July 1998, a special-purpose
computer built by the Electronic Frontier
Foundation cracked the contest message (secured
by 56-bit single DES) in 56 hours. In January
1999, the same task was accomplished in 22 hours. - It used a fast, brute-force attack, searching the
key space at about 88 billion keys/second (1998)
and 245 billion keys/second (1999, including
distributed.net help) - Time to exhaust 56-bit key space 9.4 days (2.4
days) - Time to exhaust 40-bit key space 12 s (4.5 s)
- Total system cost was 210,000 of which about
80,000 was RD - Complete plans are freely available on the
Internet
http//www.eff.org/pub/Privacy/Crypto_misc/DESCrac
ker/
20EFF DES Cracker
21What Can We Do?
- Use longer keys
- Use longer keys
- Use longer keys
- Use longer keys
- Use longer keys
- Use longer keys
- Use longer keys
- Use other algorithms
- Triple-DES
- CAST
- IDEA
- Advanced Encryption Standard (eventually)
22Classical and Modern CryptologyLFTSP 1998 COMMS
2.14
- Major Greg Phillips
- Royal Military College of Canada
- Electrical and Computer Engineering
- greg.phillips_at_rmc.ca
- 01-613-541-6000 ext. 6190