Classical and Modern Cryptology LFTSP 2001 IS 7'1

1
Classical and Modern CryptologyLFTSP 2001 IS 7.1

• Presenter Dr Scott Knight
• Original Author Major Greg Phillips
• Royal Military College of Canada
• Electrical and Computer Engineering

2
What the heck is Cryptology?

• cryptography the art of providing secure
  communication over insecure channels
• cryptanalysis the art of breaking into such
  communications
• cryptology the combined art of cryptography and
  cryptanalysis

3
Caesar Cipher
ABCDEFGHIJKLMNOPQRSTUVWXYZ
DEFGHIJKLMNOPQRSTUVWXYZABC

• Every letter is substituted with the third letter
  alphabetically following belongs to a class of
  ciphers called substitution ciphers
• The plaintext gregphillips becomes the
  ciphertext juhjskloolsv
• This is called a restricted cryptosystem because
  it relies on keeping the nature of the algorithm
  secret

4
Generalized Caesar Cipher
ABCDEFGHIJKLMNOPQRSTUVWXYZ
NOPQRSTUVWXYZABCDEFGHIJKLM

• Every letter is substituted with the nth letter
  alphabetically following, where n is the secret
  key
• Here, n is 13 and gregphillips becomes
  tertcuvyyvcf
• Since there are only 25 interesting keys, a
  cryptanalyst could easily search the entire key
  space using a brute-force search

5
More Generalized Caesar Cipher
ABCDEFGHIJKLMNOPQRSTUVWXYZ
SFBHIXZJLTYKGWUMRPVEDONACQ

• Every letter is substituted with another letter,
  randomly chosen. The order of the substituted
  letters becomes the the secret key
• Here, the key is sfbhixzjltykgwumrpvedonacq and
  gregphillips becomes zpizmjlkklmv
• Since there are 26! (41026 or 288) keys,
  brute-force search is impractical without
  automated assistance

6
Categories of Attacks

• Ciphertext only. The cryptanalyst has only a
  number of intercepted ciphertexts.
• Known plaintext. The cryptanalyst has a number of
  ciphertexts with corresponding plaintexts.
• Chosen plaintext. The cryptanalyst gets to choose
  plaintext messages and is given the corresponding
  ciphertext.

The goal of an attack is either to recover the
secret key, or to be able to decipher the next
message without the key.
7
Information Theory Attacks

• Rely on the typical frequency distribution of
  letters, digrams, trigrams and words in natural
  languages.
• For example, in English
• letters e (13.05), t (9.02), o (8.21), etc.
• digrams th (3.16), in (1.54), etc.
• trigrams the (4.72), ing (1.42), etc.
• words the (6.42), of (4.02), etc.
• Knowing the original language of the plaintext,
  and with enough plaintext samples, it is
  typically short work to break almost any
  substitution cipher

8
The One-time Pad
G R E G P H I L L I P S
10 5 7 22 17 2 2 19 4 12 1
6....
Q W L C G J K E P U Q Y

• A perfectly secure substitution cipher
• Letters are encoded as in the generalized Caesar
  cipher but using a different key for each letter
• This requires a key-string as long as the
  original plaintext
• If the key-string is reused the system becomes
  prone to attack thus one-time pad

9
Visual One-time Pad
http//www.cl.cam.ac.uk/fms27/vck/
10
Transposition

• reorder the letters but do not disguise them the
  new ordering is the key
• e.g., with a key of 12 5 4 9 7 8 6 1 11 10 2 3,
  gregphillips would become spglilhgpire
• typically the key is shorter
• than the message, e.g.,
• with a key of 3 1 2 4,
• gregphillips becomes
• egrgiphlplis
• not particularly secure by itself, however it
  obscures digrams, trigrams and words

11
Being Digital

• Most electronic cryptosystems operate at the
  level of bits rather than letters
• The general principles of substitution and
  transposition are still used
• Additional operations
• circular shift
• exclusive or, normally written

1
12
Data Encryption Standard (DES)

• Originally proposed by IBM revised by the
  National Security Agency (NSA) and published as
  FIPS 46 by the National Bureau of Standards

plaintext
DES encipher and decipher are the same operation,
which makes hardware implementation of DES
relatively simple.
DES encipher
56-bit key
ciphertext
DES decipher
plaintext
http//www.nist.gov/itl/div897/pubs/fip46-2.htm
13
DES Overview
Input
Initial Permutation
Permuted Input
L0
R0
K0
f
L1 R0
K1
f
...
L2 R1
Pre-output
L16 R15
Inverse Permutation
Output
14
Initial and Inverse Permutations
Initial Permutation 58 50 42
34 26 18 10 2 60 52 44 36
28 20 12 4 62 54 46 38 30 22
14 6 64 56 48 40 32 24 16
8 57 49 41 33 25 17 9 1 59
51 43 35 27 19 11 3 61 53
45 37 29 21 13 5 63 55 47
39 31 23 15 7
Inverse Permutation 40 8 48
16 56 24 64 32 39 7 47 15
55 23 63 31 38 6 46 14 54 22
62 30 37 5 45 13 53 21 61
29 36 4 44 12 52 20 60 28 35
3 43 11 51 19 59 27 34 2
42 10 50 18 58 26 33 1 41
9 49 17 57 25
15
Key Schedule
Permuted Choice 1 57 49 41 33 25
17 9 1 58 50 42 34 26
18 10 2 59 51 43 35 27 19 11
3 60 52 44 36 63 55 47 39
31 23 15 7 62 54 46 38 30
22 14 6 61 53 45 37 29 21 13
5 28 20 12 4
Left Shifts 1 1 2 1 3 2
4 2 5 2 6 2 7 2 8
2 9 1 10 2 11 2 12
2 13 2 14 2 15 2 16 1
Permuted Choice 2 14 17 11 24 1
5 3 28 15 6 21 10 23 19
12 4 26 8 16 7 27 20 13
2 41 52 31 37 47 55 30 40 51
45 33 48 44 49 39 56 34 53 46
42 50 36 29 32
16
The Function
f
E bit-selection table 32 1 2 3
4 5 4 5 6 7 8
9 8 9 10 11 12 13 12 13 14
15 16 17 16 17 18 19 20 21 20
21 22 23 24 25 24 25 26 27
28 29 28 29 30 31 32 1
Permutation P 16 7 20 21 29 12 28
17 1 15 23 26 5 18 31 10 2
8 24 14 32 27 3 9 19 13 30
6 22 11 4 25
17
DES Modes

• Electronic Code Book (ECB)
• the message is broken into 64-bit blocks and each
  is encrypted using the same secret key
• least secure method
• Chain Block Cipher (CBC)
• Cipher Feedback (CFB), Output Feedback (OFB)
• message is broken into blocks of 1t64 bits
• uses 64-bit initial value in shift register
  shifts t bits of previous ciphertext in for each
  new plaintext value
• difference is in way shift register is updated

18
Chain Block Cipher

• uses secret key K plus 64-bit initial block c0
• message broken into 64-bit blocks, m0, m1, ...

m0
m1
c0
DES encrypt
DES encrypt
K
K
c1
c2
19
How Secure Is DES?

• RSA Labs contest, July 1998, a special-purpose
  computer built by the Electronic Frontier
  Foundation cracked the contest message (secured
  by 56-bit single DES) in 56 hours. In January
  1999, the same task was accomplished in 22 hours.
• It used a fast, brute-force attack, searching the
  key space at about 88 billion keys/second (1998)
  and 245 billion keys/second (1999, including
  distributed.net help)
• Time to exhaust 56-bit key space 9.4 days (2.4
  days)
• Time to exhaust 40-bit key space 12 s (4.5 s)
• Total system cost was 210,000 of which about
  80,000 was RD
• Complete plans are freely available on the
  Internet

http//www.eff.org/pub/Privacy/Crypto_misc/DESCrac
ker/
20
EFF DES Cracker
21
What Can We Do?

• Use longer keys
• Use longer keys
• Use longer keys
• Use longer keys
• Use longer keys
• Use longer keys
• Use longer keys
• Use other algorithms
• Triple-DES
• CAST
• IDEA
• Advanced Encryption Standard (Rijndael)(Dutch)

22
Classical and Modern CryptologyLFTSP 2001 IS 7.1

• Presenter Dr Scott Knight
• Original Author Major Greg Phillips
• Royal Military College of Canada
• Electrical and Computer Engineering