Bishop, Chapter 9 Basic Cryptography - PowerPoint PPT Presentation

1 / 30
About This Presentation
Title:

Bishop, Chapter 9 Basic Cryptography

Description:

Brute force will often do it: just try many different matrices; you only have to ... because the key is a single number between 1 and 26, so we can use brute force ... – PowerPoint PPT presentation

Number of Views:44
Avg rating:3.0/5.0
Slides: 31
Provided by: Steve57
Category:

less

Transcript and Presenter's Notes

Title: Bishop, Chapter 9 Basic Cryptography


1
Bishop, Chapter 9 (Basic Cryptography)
  • First some terminology a cryptosystem
  • encypher function converts plaintext into
    cyphertext
  • decypher function converts cyphertext into
    plaintext
  • of course plaintext and cyphertext are in the eye
    of the beholder
  • Alternative terminology is encrypts and
    decrypts
  • some cultures find this offensive or at least
    creepy
  • most authors use these terms anyway, despite
    their best intentions
  • The book also introduces the concept of a key
  • enciphering function takes plaintext and a key as
    input, produces cyphertext
  • decyphering function takes a cyphertext and a key
    as input, produces plaintext

2
Keys and Algorithms
  • The notion of a key isnt really necessary to
    describe a cryptosystem
  • an encryption function simply translates
    plaintext to ciphertext (think of it as a black
    box)
  • a decryption function simply translates
    ciphertext to plaintext
  • There is a spectrum of transparency in
    cryptosystems
  • a black-box system where the encryption and
    decryption algorithms are totally secret
  • a totally transparent system where the algorithm
    is completely public (and you need something
    additional information like a key to prevent
    unwanted readers from decrypting your
    information)
  • the real question is what is secret and what is
    public
  • The form of a key isnt specified either just
    think of it as data of some sort (a string, some
    bits, ...) each algorithm will specify what the
    key is

3
Ways of Attacking a Cryptosystem
  • Attack means trying to
  • learn the plaintext of a single message, given
    some ciphertext
  • learn the general deciphering algorithm (or more
    specifically the key, if you know what sort of
    algorithm is being used)
  • Ciphertext-only attack
  • Attacker has the ciphertext of several messages,
    and knows they have been encrypted using the same
    algorithm. Goal is to recover the plaintext of
    as many messages as possible, or better still
    deduce the keys
  • Known-plaintext attack
  • Attacker has both the ciphertext and plaintext of
    several messages
  • Chosen-plaintext attack
  • Attacker can get the ciphertext for messages of
    his choosing
  • Adaptive chosen plaintext
  • Can make repeated requests for encryption based
    what he learns about the system from previous
    analysis
  • (Rubber-hose cryptanalysis)

4
What We Will Look At
  • Classical systems (pre-computer)
  • transposition
  • substitution
  • Symmetric-key block ciphers
  • DES
  • AES
  • Public-key ciphers
  • Diffie-Hellman
  • RSA

5
Classical Cryptosystems
  • Same key is used for both encryption and
    decryption
  • meaning that the key must be kept secret, because
    anybody who has the key has full knowledge about
    the system
  • Two main types transposition ciphers and
    substitution ciphers
  • transposition the cyphertext is a permutation
    of the plaintext (same letters, different order)
  • cyphertext is plaintext in reverse order
  • pairs of letters are reversed
  • substitution letter or letters in the
    cyphertext are substitutions for letter or
    letters in the plaintext
  • cyphertext replaces A with B, B with C, ... Z
    with A

6
Transposition Ciphers
  • The trick is to describe the permutation rule
    concisely
  • Often this is done via a graphical aid, using a
    rectangular grid

I
A
M
I AM VERY SECRET
V
E
R
Y
IA EYSCE MVR ERT
E
S
R
C
E
T
7
Transposition Ciphers (cont.)
  • To decrypt the ciphertext (knowing the grid size)
    is simple just fit the ciphertext onto the
    transposed grid, and read down the columns
  • To decrypt, all you need to know is the period,
    8

I
A
E
Y
E
S
C
IA EYSCE MVR ERT
E
M
V
R
R
T
8
Breaking a Transposition Cypher
  • Plaintext attacks arent even worth mentioning
    if you have a plaintext/ciphertext pair, you have
    the key
  • Ciphertext-only attacks are also easy, given
    naive implementations of the technique
  • Brute force will often do it just try many
    different matrices you only have to look at the
    first few characters of the resulting plaintext
  • There are other serious regularities left in the
    ciphertext that an attacker can exploit
  • the first letter in the ciphertext is also the
    first letter in the plaintext
  • based on probabilities of two-character sequences
    in the English language, you can guess the second
    letter I followed by a space is common, so
    the period is probably either 2, 8, or 12
  • To strengthen the cipher, run it through the
    transposition twice (with two different matrix
    sizes)

9
Substitution Ciphers
  • The key in a substitution cipher is a mapping
    from characters in the plaintext to characters in
    the ciphertext
  • (A, Q), (B, A), (C, X), (D, R), ... (this
    should be a 11 mapping)
  • this is equivalent to (1, 15), (2, 1), (3, 24),
    (4, 13), ...
  • an even more concise key is a number N which
    stands for the set (1, N1), (2, N2), (i,
    (Ni) mod 26)
  • several famous examples
  • the Caesar cipher (N3) (A, D), (B, E), ... (W,
    Z), (X, A), (Y, B), (Z, C)
  • ROT13 (N13)

10
Simple Substitution Cyphers
  • In these simple index-based schemes, the key is
    simply the number N, and to decipher you use the
    same enciphering method only use the key (26-N)
  • to encipher a message with the Caesar cipher,
    apply the substitution with N3 to decipher use
    N23
  • The main weakness of ciphers based on
    single-letter substitutions is the powerful
    regularity of letter frequencies in the English
    language
  • In regular English text, 13 out of 100 letters is
    an E, but only 2 out of 100 letters is a Q or a
    Z. Therefore if you see a letter being used
    frequently, you can make a strong guess as to its
    identity
  • In computer languages the regularities are even
    stronger, since keywords make up a significant
    fraction of the text, and people tend to use
    English words as variables.
  • Of course this does not crack the code by itself,
    but it allows you to cut down the number of
    guesses, and its remarkably accurate

11
How easy is it to break a simple substitution?
  • Compute the letter frequency for each letter in
    the cyphertext
  • For each offset (1..25) compute the deviation
    between the actual frequency for each letter
    after applying the offset and the predicted
    frequency for that letter. Choose the offset
    with the lowest deviation.
  • Even quicker choose a letter in the ciphertext
    and compute its frequency. Find the letter whose
    frequency is closest. That gives you a guess for
    the offset apply the inverse to the plaintext
    and check.

12
Polyalphabetic Substitutions
  • There is an obvious relationship between the
    strength of a cipher and the key length simple
    substitution is so easy to break because the key
    is a single number between 1 and 26, so we can
    use brute force
  • The Vigenere Cipher uses a sequence of keys, each
    between 0 and 25
  • if the key is (9,13,0)
  • shift the first plaintext character by 9
  • shift the second plaintext character by 13
  • shift the third plaintext character by 0 (not at
    all)
  • shift the fourth plaintext character by 9
  • etc
  • the book uses an equivalent alphabetic key (IMA
    for our example), but notice in Figure 9-3 that
    this is simply describing 26 shift indexes

13
A Quick Example
  • This is the result of a quick Perl implementation
  • Plaintext
  • THISISASHORTBUTSWEETPIECEOFSECRETPLAINTEXT
  • Key
  • LUCY
  • Cyphertext
  • EBKQTMCQSITRMOVQHYGRACGAPIHQPWTCEJNYTHVCIN

14
Breaking the Cypher
  • The key insight is that if you know the length of
    the key (four in our case), you can split the
    full text into four separate single-character
    substitution cyphers, and use the
    letter-frequency trick to infer each letter
  • LUCY
  • EBKQ
  • TMCQ
  • SITR
  • MOVQ
  • HYGR
  • ACGA
  • PIHQ
  • PWTC
  • EJNY
  • THVC
  • IN

15
Finding the Key Length The Index of Coincidence
  • The relative frequencies of English-language
    letters has the following interesting effect
  • Suppose you took a piece of English-language text
    offset a copy of the text by a certain amount,
    and counted the number of places the same letter
    co-occurred
  • THISISASHORTBUTSWEETPIECEOFSECRETPLAINTEXT
  • RETPLAINTEXTTHISISASHORTBUTSWEETPIECEOFSEC
  • X X X
  • There are three duplicates per 42 letters, or
    7.1
  • This is slightly above the statistical average of
    6
  • Now suppose instead we took randomly generated
    letters and offset it the same amount
  • LQDLUNKUJWRSNRBHJWZMYLWGFERHPGFFBCXGAWYQRH
  • FBCXGAWYQRRLQDLUNKUJWRSNRBHJWZMYLWGFERHPGF
  • X
  • There is one duplicate per 42 letters, or 2.3
  • This is slightly below the statistical average of
    3.8

16
Index of Coincidence (cont.)
  • The point is
  • duplicates are much more likely in a plaintext
    string than in a random text string, due to
    letter-frequency regularities
  • and the same applies to single-character
    substitutions, because the letter frequencies are
    the same as in plaintext
  • in other words, the index of coincidence in a
    piece of text encrypted using a single-character
    substitution would be exactly the same as the
    plaintext (same number of coincidences, but
    different letters would match)
  • What's the significance to the Vigenere cypher?

17
IC and the Vigenere Cypher
  • If we line up the text at the correct period (the
    key length), we are essentially counting four
    single-character substitutions, and the IC will
    be high
  • Alternatively, if we line up the text at the
    incorrect period, we are essentially counting a
    piece of random text
  • So IC values at the key length or multiples of
    the key length will tend to have large values
    other values will tend to be small

18
IC Values for the Example
This is 1 EBKQTMCQSITRMOVQHYGRACGAPIHQPWTCEJNYTHVC
IN NEBKQTMCQSITRMOVQHYGRACGAPIHQPWTCEJNYTHVCI Thi
s is 2 EBKQTMCQSITRMOVQHYGRACGAPIHQPWTCEJNYTHVCIN
INEBKQTMCQSITRMOVQHYGRACGAPIHQPWTCEJNYTHVC This
is 4 EBKQTMCQSITRMOVQHYGRACGAPIHQPWTCEJNYTHVCIN VC
INEBKQTMCQSITRMOVQHYGRACGAPIHQPWTCEJNYTH x
x x This is 7 EBKQTMCQSITRMOVQHY
GRACGAPIHQPWTCEJNYTHVCIN YTHVCINEBKQTMCQSITRMOVQHY
GRACGAPIHQPWTCEJN x
x This is 8 EBKQTMCQSITRMOVQHYGRACGAPIHQ
PWTCEJNYTHVCIN NYTHVCINEBKQTMCQSITRMOVQHYGRACGAPIH
QPWTCEJ x x x
19
Using the (Suspected) Key Length
  • Now we can work on four different
    single-character cyphers.
  • If we were correct about the key length, each of
    these came from a single-character substitution.
    So what do we do next?

1 gt ETSMHAPPETI 2 gt BMIOYCIWJHN 3 gt
KCTVGGHTNV 4 gt QQRQRAQCYC
20
Using the (Suspected) Key Length
  • Here is output for the minimum-variance
    calculation applied to the first column
  • This isn't quite right what's the right answer?
    Are we close? What went wrong?

ETSMHAPPETI Variance for 0 is 0.00251999141767324
Variance for 11 is 0.00311439701207883 Variance
for 15 is 0.00314936204704387
21
Cracking the Cypher (cont.)
  • Here are the other three

Cyphertext is BMIOYCIWJHN Variance for 6 is
0.00166811602034329 Variance for 5 is
0.00250727685950413 Variance for 21 is
0.00285692720915448
Cyphertext is KCTVGGHTNV Variance for 24 is
0.00276665384615385 Variance for 11 is
0.00422819230769231 Variance for 20 is
0.00438203846153846
Cyphertext is QQRQRAQCYC Variance for 2 is
0.00645896153846154 Variance for 14 is
0.00735126923076923 Variance for 17 is
0.00765126923076923
22
And finally
  • Of course a little human nature doesn't hurt....
    substituting our best guesses yields the
    following plaintext
  • EHIS TS A SSORT MUT SHEETAIECP OF SPCREE
    PLATNTEIT
  • Or alternatively, our current candidate for a key
    is AUCY
  • Put these two pieces of information together, you
    see that the first character is probably wrong,
    and if you know your victim .....

23
Final Notes on Polyalphabetic Ciphers
  • Two factors are crucial to making the cipher
    difficult to break
  • length of the key (longer is better, 1 is very
    easy)
  • lack of predictability in the key
  • infrequent use (so not vulnerable to a
    known-plaintext or chosen-plaintext attack)
  • Carrying these factors to the extreme we get the
    "one-time pad"
  • key is at least as long as the plaintext, so
    there are no cycles
  • key is chosen truly randomly
  • key is used only once

24
Symmetric-Key Block Ciphers
  • Symmetric key same key is used both for
    encryption and decryption
  • Block cipher encrypts fixed-sized blocks
    (typically 128 bits or 16 bytes)
  • efficiency and hardware implementations are the
    main reasons for this
  • In effect the block cipher just permutes its
    input bits (with the key describing the
    permutation). The two goals are confusion and
    diffusion
  • displace original positions of the input bits
  • distribute the input bits onto the output bits
    uniformly
  • this is called an oblique cipher
  • Most block ciphers consist of multiple rounds of
    a weak cipher

25
Basic Structure of DES
  • Initial shuffle of the plaintext (not significant
    cryptographically, but in the standard)
  • Sixteen rounds (64-bit to 64-bit transformation)
  • Each round (i)
  • Select 48 bits from the 56 bit key (Ki)
  • Split the input into two halves (L, R)
  • Transform R using Ki (more on this later)
  • XOR R back with L
  • feed this into the next round
  • Final inverse shuffle of the ciphertext

26
DES Single-Round Diagram
R i-1
L i-1
F i
K i
32 bits
Expand
S i
Shuffle
48 bits
32 bits
L i
R i
27
Interesting Properties of the Algorithm
  • Implementation aspects
  • code and S tables implemented in hardware, even
    in the 70s (need for fixed block and key length)
  • same basic algorithm for decryption (run the same
    algorithm, but reverse the round keys)
  • Functions of the various pieces
  • splitting L and R (Feistel structure) diffuses
    the input bits
  • XOR ensures that the key is mixed with the data
  • S-boxes provide nonlinearity (no mathematical
    regularity to the transformation)
  • S-box, expand, and shuffle mean that small
    changes in the input bits can still cause a big
    difference in the output
  • Main complaint at this point key length is too
    small
  • triple DES run the algorithm three times (is
    that enough??)

28
AES (nee Rijndael)
  • Adopted by NIST as the new encryption standard in
    2001
  • The development / selection process was
    completely different than that for DES
  • NIST asked for proposals from the community
  • Of the 15 proposals, 5 were selected as finalists
  • Competition based on criteria including
  • formal adequacy
  • speed of encryption / decryption
  • unsuccessful attacks

29
Single AES Round
K
K
K
K
K
K
K
K
S
S
S
S
S
S
S
S
30
Similarities and differences
  • Variable key size (128 bits to 256 bits)
  • Number of rounds (10 14) can depend on the key
    size
  • Not as easily inverted
  • No splitting of the input into L and R halves
  • Same basic idea of mixing, swapping, XOR with
    key, and S boxes
Write a Comment
User Comments (0)
About PowerShow.com