Cryptology

1
Cryptology
Lecture Four

• Dr. Richard Spillman
• Pacific Lutheran University

2
Last Lecture

• History
• Polygraphic Ciphers
• Playfair
• Hill
• Introduction to Transpositions
• Permutation
• Column Transposition

3
Review Transposition Cipher

• Break the following ciphertext

slsna iocyv hqert eitre urlqn moibu vnftt qgnsp
eleby hoqao nocfs tsagq ltihd toeoe oqiup cncla
ietqc airfo iahis q
4
Outline

• History
• More Transpositions
• Computer Based Encryption
• Stream Ciphers

5
History of Ciphers
6
US in WWI

• The story of the Zimmermann Telegram
• At 1030 am on January 17, 1917 the Rev. William
  Montgomery, a cryptanalyst in ROOM 40, took what
  looked like an important cipher to Captain
  William Hall, directory of British Naval
  Intelligence and head of ROOM 40
• It was only a partial solution dated Berlin,
  January 16 and addressed to the German ambassador
  in the US
• When Hall saw it, he ordered all copies except
  for the original one and one solution burned

7
The Code

• The Zimmermann telegram was written in the German
  diplomatic code known as 0075 which ROOM 40 had
  almost broken after six months of work
• It was a two part code of 10,000 words and
  phrases numbered 0000 to 9999. It is a slow
  process to solve such a code
• identify the code for stop or period - usually
  the groups that appear at the end of a telegram
• understand that German sentences often end with a
  verb, so the codegroup immediately preceding a
  stop may be a verb
• other clues come from the fact that diplomats use
  standard phrases such as I have the honor to
  report to Your Excellency . . .
• When you have enough traffic in one code, you may
  begin to piece the clues together.

8
The Transmission

• Germany routed this telegraph by two sources to
  be sure it got to its destination
• Swedish Roundabout Sweden was neutral but in
  favor of Germany so they sent German cables to
  the US as part of their traffic
• As part of US diplomatic traffic Col. Edward
  House made arrangements for German cables to go
  through him while remaining coded
• From Washington it was sent on to Mexico

The English closely monitored both paths
9
The Content

• As best ROOM 40 could make out, the telegram
  read

Most secret for your Excellencys personal
information and to be handed on to the Imperial
Minister in (?Mexico) with Telegram No. 1 (. . .)
by a safe route. We propose to begin on the 1st
February unrestricted submarine warfare. In
doing so, however, we shall endeavor to keep
America neutral. (?) If we should not (succeed in
doing so) we propose to (? Mexico) an alliance
upon the following basis joint conduct of the
war. joint conclusion of peace. (. . .) Your
Excellency should for the present inform the
President of Mexico secretly (? that we expect)
war with the U.S.A (possibly) (. . . ) (Japan)
and at the same time to negotiate between us and
Japan. (Please tell the President) that (. . .)
or submarines (. . .) will compel England to
peace in a few months. Acknowledge receipt.

Zimmermann
WHAT DOES THIS SUGGEST?
10
The Good News

• From the moment he saw the telegram, Hall knew he
  had a problem
• On the plus side, handing the telegram over to
  the US would almost certainly compel them to
  declare war on Germany
• Was there a negative side? What could it be?

11
The Bad News

• On the negative side there were three strong
  arguments against turning the letter over to the
  US

ROOM 40 was one of Englands biggest secrets, so
how could the message be made public without
Germany guessing that its codes had been broken?
Britain would have to admit that it had been
reading the telegrams of two neutral nations
The message was incomplete so arguments like . .
. perhaps you have failed to solve a word such
as not . . . would be advanced
12
The Solution

• Hall conceived a plan that would solve all three
  problems
• He reasoned that the version of the telegram sent
  from Washington to Mexico would be different from
  his Berlin to Washington version (date, serial
  number, preamble . . .)
• If the Mexican version were released, the Germans
  may believe that the code had been betrayed in
  America
• By the analysis of other traffic, Hall knew that
  the German mission in Mexico had never used code
  0075 and hence probably did not have it available
  so the telegram would have to be recoded in
  Washington perhaps into a code that ROOM 40 had
  completely broken

He was correct on all counts
13
The Result

• On February 5th an English agent known only as T
  obtained a copy of the Washington to Mexico
  telegram in Mexico City
• Hall was right - it was written in a simpler code
  (13040) which ROOM 40 had completely broken
• Still England decided to wait and hope that other
  events would force the US into the war but
  President Wilson would not move (the Midwest and
  West coast were not interested in the war)
• On February 22, 1917, England could wait no
  longer so Hall gave the Mexican version of the
  Zimmermann telegram to Edward Bell at the
  American embassy

14
US Timetable

• Feb 24th The American ambassador in England
  sends the telegram to Washington and it is taken
  immediately to President Wilson
• Feb 27th President Wilson decided to wait until
  the Secretary of State Robert Lansing returns to
  discuss the US response
• Feb 28th The telegram is released to the AP
• March 1 Morning papers carry the story on page
  1. The Senate stalls and asks for more proof.
  There is an outcry from the Midwest
• April 2nd President Wilson goes to Congress to
  ask for war. He cites the Zimmermann telegram.

15
Sidelight

• There were several theories in the press as to
  the origin of the telegram
• Four American soldiers found it on a German agent
  trying to cross over into Mexico
• The German ambassador had it in his baggage
• The British press attacked their secret service
  as inferior to the Americans
• these were planted by Capt. Hall

16
More Transpositions
17
Goal

• The goal of a transposition cipher is to
  randomize the order of the letters in the
  plaintext
• Randomization may be increased by mixing them up
  more than once using
• Double Column Transposition
• Turning Grille

18
Double Column Transposition
19
Concept

• A double column transposition cipher works just
  as the name implies.
• The plaintext is enciphered using a column
  transposition and then the resulting ciphertext
  is enciphered again using a column transposition.
  
• The keyword may the same for transpositions or it
  may be different.
• The result is hopefully, a thorough mixing of the
  positions of the plaintext letters.

20
Example

• Encipher the phrase encryption algorithms twice

1st using the keyword next 2-1-4-3
2nd using the keyword image 4-5-1-3-2
21
Using CAP

• CAP will implement a double column transposition

22
Cryptanalysis of DT

• A weakness of the double column transposition
  cipher lies in the use of the same pair of keys
  on several plaintext messages all of the same
  size.
• For example, if the following 4 messages between
  Bob and Alice were intercepted

etmai atecb bsbnq xivjb eecqu heikn oxlct sedwn
oowqq texda aqmue caeon ioox
panbt tjliu eeyhq xotbi dttqy dwbml bxooa oweal
hoaqp nexbh tqaut iekau wocx
monat rtwle bocoq xhofb aurqe oxino oxlir defar
uhoqe mexbn nqttn cgwoo rtox
awsbe lymtt ernrq xtnei olfqt lebne uxorb okorl
ocmqf iexru oqwhe oogao aacx
23
Process

• Place all 4 messages in depth that is one on
  top of the other
• Treat is as a large anagramming problem

etmai atecb bsbnq xivjb eecqu heikn oxlct sedwn
oowqq texda aqmue caeon ioox panbt tjliu eeyhq
xotbi dttqy dwbml bxooa oweal hoaqp nexbh tqaut
iekau wocx monat rtwle bocoq xhofb aurqe oxino
oxlir defar uhoqe mexbn nqttn cgwoo rtox awsbe
lymtt ernrq xtnei olfqt lebne uxorb okorl ocmqf
iexru oqwhe oogao aacx
Columns of x should all go to the end
24
Using CAP

• CAP provides a special anagramming tool for
  Double Column Transpositions

25
Turning Grilles
26
Turning Grilles

• Turning Grilles rotate a window with slots across
  the plaintext
• Described by Jules Verne in the story Mathias
  Sandorff
• Used in the 18th century
• They come in the form of grilles with 2 positions
  and grilles with 4 positions

27
Construction

• Given n 4v2 characters in a message
• Create a square checkerboard with 2v rows and
  columns
• In one quadrant of the board place each number
  from 1 to v
• Rotate this quadrant to fill the remaining 3
  quadrants
• Select each number 1 to v from the four quadrants
• This defines the windows in the board

28
Example

• Message This is a test of the method ok you are
  done no
• 36 characters so v 3

29
Encipher

• Use the grille and its 4 rotations to create the
  ciphertext

h
t
s
t
h
a
i
s
t
o
o
r
i
f
t
d
e
d
s
h
e
o
o
n
a
m
k
y
e
n
t
e
e
o
u
o
Write the message in the open slots
30
Decipher

• Rotate the grille over the ciphertext and read
  off the plaintext

31
Using CAP

• Select Turning Grille under the cipher menu

32
Computer Based Ciphers
33
Impact of Technology

• The invention of the telegraph improved
  communications (by a factor of 10) and increased
  the importance of cryptography for protecting
  information
• The invention of radio improved communications
  (by a factor of 100) and made cryptanalysis a
  necessary part of government activities
• The invention of the computer improved the
  transfer, storage, and analysis of information
  (by a factor of 109), eliminated personal
  privacy, and made cryptography and cryptanalysis
  essential to democracy

34
Binary Numbers

• The characteristic of computers that produces a
  different approach to cipher systems is their
  method of representing information
• data in computer systems is stored, processed,
  and transmitted in binary form (as 0s and 1s)
• hence numbers are represented in binary

35
Characters

• Letters also need to be represented as binary
  bits in a computer
• There is no natural way to express this (as there
  is with numbers) so computer manufactures have
  developed a standard code called ASCII which
  assigns a set of 8 bits to each letter

36
ASCII Code

• Below is a list of the ASCII codes for upper and
  lower case characters

37
Bit Level Ciphers

• Using computers, ciphers are implemented at the
  bit level
• that is, we can now substitute or transpose 0s
  and 1s
• For example, an A is ASCII is 0100 0001, so if I
  randomly change some 0s to 1s and some 1s to
  0s the result might be 0010 1011 which is a
• The problem is, how can I seem to randomly change
  bits and yet still be able to recover the
  plaintext?
• to do this we will use a binary function called
  the exclusive-OR (XOR)

38
XOR Function

• The XOR is a two input, one output binary
  function where the output is 1 if the inputs are
  different and the output is 0 if the inputs are
  the same
• this can be expressed in a truth table which
  lists all the inputs and outputs

39
Bit Stream

• The pattern of inputs and outputs may look like

1
0
1
0
1 1 0 0 1 1 1 0 1 1 0 0 1 0 1
key 0 0 1 1 1 0 1 0 1 0 0 1 1 0 0 1 1 0
0 plaintext
1
0
0
1
0 1 1 0 0 1 1 1 0 1 0 1 0 0 1
Problem How do we recover the plaintext from
knowledge of the ciphertext and key?
40
Stream Ciphers
41
Simple Stream Cipher

• Set up a known pattern (sequence) of 1s and 0s
  to use as a key
• Apply the key to the plaintext bit stream using
  an XOR function
• Recover the plaintext using the same key pattern
  on the ciphertext bit stream

42
Problem

• A short sequence of key bits would be easy to
  remember but not very secure
• A long sequence of key bits would be secure but
  hard to remember
• PROBLEM How can we generate a long
  random-appearing sequence of 0s and 1s in way
  that will insure that everyone who should have
  access to the plaintext are able to generate the
  key when needed?
• ANSWER Construct a Linear Feedback Shift
  Register - LFSR

43
Shift Register

• A shift register is a hardware device which
• saves bits
• shifts bits
• For example, a 4-bit shift register looks like

0
44
Add Feedback

• Take some of the bits in the shift register,
  combine them with an XOR, and feedback the result
  as the input

45
Random Bit Generators

• Random bit stream generators are very important
  in cryptology
• tests for randomness
• There are a wide range of other devices and
  methods for producing random strings of 0s and
  1s for use as Stream Cipher keys
• Multiplexer Generator
• RC4

46
Multiplexer

• A multiplexer is a digital circuit with several
  inputs and one output
• it is designed to pass one selected input on to
  the output

Sample data on input
Address input 0
Address input 1
Address input 2
Address input 3
47
MUX Generator 1

• The multiplexer generator uses two LFSRs and a
  mux

LFSR 1 is used to select the bit from LFSR 2
48
MUX Generator 2

• An alternative use of a MUX involves several
  LFSRs

49
Example Use

• Many satellite TV broadcasters use this key
  generator to encrypt their TV signals
• Each line of the signal is cut and rotated at a
  point determined by the output of a multiplexer
  generator

50
One Time Pad

• The one-time pad (or Vernam Cipher) is a special
  variant of the stream cipher.
• The pseudorandom keystream is replaced with a
  random (non-repeating) bit sequence, which is
  only used once.
• If used properly it is provably unbreakable
  (Shannon, 1949).
• Key management is hard!

51
Randomness Tests 1

• There are some standardized test of randomness
  that are used to evaluate any proposed random bit
  generator
• FIPS 140-1 statistical tests
• INPUT 20,000 consecutive bits from the random
  bit generator
• Monobit Test
• If the number of 1s in the 20,000 bit stream is
  greater than 9,654 and less than 10,346 then it
  passes the test
• 95 of truly random streams will pass this test

52
Randomness Tests 2

• Poker Test
• Divide the 20,000 bit stream into 5,000
  contiguous 4-bit segments
• Count the number of occurrences of each of the 16
  possible 4-bit values
• The number of occurrences of value i is ni where
  i is between 0 and 15
• Evaluate

The test is passed if 1.03 lt X lt 57.4
53
Randomness Tests 3

• Runs Test
• A run is a maximal sequence of consecutive 1s or
  0s
• Example 0 1 1 0 1 1 1 1 0 1 0 0 0 1

The test is passed if the number of occurrences
ofblocks and gaps of respective lengths are
eachwithin the following intervals
54
Using CAP

• CAP will run some of the randomness tests

55
Stream Ciphers in CAP

• CAP will implement a LFSR stream cipher
• First convert the plaintext to binary
• Second, run the stream cipher option

56
The LFSR

• CAP allows you to watch the LFSR in action

57
Breaking a Stream Cipher

• Surprise, a stream cipher can be compromised
• The most common ways are using an insertion
  attack or a probable word search
• Insertion Attack
• Intercept the ciphertext
• Insert a known bit somewhere in the plaintext and
  get the modified plaintext encrypted with the
  same keystream
• Knowledge of the single bit will compromise the
  plaintext

58
Insertion Attack

• Assume that the following ciphertext stream is
  intercepted

p1 p2 p3 p4 p5 . . . k1 k2 k3 k4 k5 . . . c1 c2
c3 c4 c5 . . .
Now insert a bit p after p1 and observe the new
ciphertext
p1 p p2 p3 p4 p5 . . . k1 k2 k3 k4 k5 k6 . .
. c1 c c3 c4 c5 c6 . . .
The key and plaintext stream are given by
k2 c XOR p so p2 c2 XOR k2 k3 c3
XOR p2 so p3 c3 XOR k3 k4 c4 XOR p3
so p4 c4 XOR k4
59
Example

• Given the following plaintext, key, and
  ciphertext

All we know is the ciphertext
Plaintext 0 1 1 1 0 1 Key 1 1 0 0 0
0 Ciphertext 1 0 1 1 0 1
Insert a 1 after the firstbit and retransmit
usingthe same key stream
NOW
k2 0 XOR 1 1
Plaintext 0 1 1 1 1 0 1 Key 1 1 0 0 0 0
1 Ciphertext 1 0 1 1 1 0 0
p2 0 XOR 1 1
k3 1 XOR 1 0
p3 1 XOR 0 1
60
Probable Word Attack

• To illustrate a probable word attack, first
  assume that the LFSR has only 2 feedback links,
  the first bit and some unknown bit.
• The goal of this attack is to discover the
  unknown link, the size of the LFSR and the key
  stream
• This will be done using the ciphertext stream and
  a probable word

61
Procedure 1

• The process will be illustrated using an
  example.
• The LFSR has 6 bits with feedback on the first
  and fourth bits as shown

Keystream
1 0 1 0 1 1 0 0 1 0 0 0 1 1 . . .
But of course we do not know this
62
Procedure 2

• What we do know is the ciphertext stream

NOTE This matches the keystream from the prior
slide
T 01010100
h 01101000
e 01100101
111000011111100110001110010001101011100000100011
101101011001000111101011
11011110101100100011110
To recreate the keystream XOR the 1st and 4th bits
- Guess the first word is The
- Use this information to find the keystream

• Goal find the rest of the keystream, start by
  XOR pairs of bits in the known
  keystream

• Look for a long repeating string in the top and
  bottom

63
Procedure 3

• Generate the rest of the key stream

Ciphertext
111000011111100110001110010001101011100000100011
Key Stream
1
101101011001000111101011
0
000111101011001000111
0
Plaintext
010101000110100001100101011001010110111001100100
T h e e n
d
64
Advanced Probable Word Attack

• To break a general LFSR-based stream cipher using
  a known-plaintext attack requires
• a plaintext bit string
• its corresponding ciphertext string
• knowledge of the size of the LFSR (if the LFSR
  size is unknown, try several reasonable values)
  
• Discovery of the feedback bits is all that is
  needed to reconstruct the key generator

65
Method

• The attack begins with the known m-bit plaintext
  string pi (i 0 to m-1) and its corresponding
  m-bit ciphertext string ci (i 0 to m-1).
• Using these two strings the keystring ki is given
  by
• ki pi XOR ci
• In general the keystring bits for a LFSR are
  given by

66
Method (continued)

• If the n, the number of bits in the known
  plaintext stream, is equal to or larger than 2m
  (m is the size of the LFSR) then the ais can be
  found by solving a system of m linear equations
  given in matrix form by

67
Example

• Given the following known plaintext-ciphertext
  stream

Plaintext
Ciphertext
Key Stream
Assuming an 8-bit LFSR construct the matrix of
key elements
68
Example (continued)

• Find the inverse of the matrix

69
Example (continued)

• The ais are found by multiplying the inverse key
  matrix times the final set of key bits

X
70
Using CAP

• CAP will do most of the work for this attack

71
Cellular Automata
72
Introduction to CAs

• A cellular automata, CA, is just an array (either
  1 dimensional or 2 dimensional) of simple cells.
  
• The cells in a binary CA may be in one of two
  states they contain either a 0 or a 1.
• On each tick of a clock, a cell will change its
  state based on the states of the cells in some
  local neighborhood.
• These structures were first introduced by John
  von Neumann in the 1940s.
• Interest in CAs grew in the early 70s when John
  Conway invented the Game of Life based on a CA.
• Since then they have been used in a large number
  of applications one of which is the generation of
  random bits

73
Example

• A 7 cell 1-dimensional CA is shown below

0
0
0
0
1
0
0
Each cell is initialized to 0 or 1
The cell values change based on a rule such as
74
RULES

• CA rules are numbered by converting the next
  state to a decimal number
• For example

23
Rule 90 is 01011010
75
Random Bits

• A CA can be used to generate random bits by
  selecting one of the cells as an output
• For example, select cell 5 below

1
11
011
1011
Initialize the CA
Select a Rule (say Rule 30)
Run the CA
Stop when enough random bits have been generated
76
Using CAP

• CAP offers a small 1-d CA system for testing the
  use of this method to generate random bit strings
• It also uses the bit string as key in a stream
  cipher

77
A 2-d Cellular Automata

• A 2 dimensional CA offers a more powerful random
  number generator at the expense of additional
  complexity.
• A 2-d CA is just an array of 1-d CAs As with a
  1-d CA
• a cells value is updated by some function of its
  current value and the values in its neighbors.
• In this case there are two different definitions
  of a neighborhood.
• the von Neumann Neighborhood consists of the
  cells above, below, to the right, and to the left
  of the target cell.
• The Moore Neighborhood consists of all 8 cells
  that surround the target cell.

78
Example

• Defining the neighborhoods in a 2-d CA

79
2-d Rules

• The rules for a 2-d CA are much like the 1-d CA
  rules. They define how a cell is updated based
  on the values in its neighborhood.
• Using a von Neumann neighborhood a general rule
  structure can be defined as

si,j (t 1) X xor (C si,j (t)) xor (N
si-1,j (t)) xor (W si,j-1(t))
xor (S si1,j(t)) xor (E
si,j1(t ))
where X,C,N,W,S,E are binary (0,1) variables
and C,N,W,S, and E are the center, north, south,
west, and east cells.
80
Rule ID

• The values of X,C,N,W,S, and E are used to
  identify a specific rule
• For example, if (X,C,N,S,W,E) (001110) then it
  is rule 14 since (001110) is binary 14
• As a result there are 64 possible rules
• Studies have found that rules 31, 47 and 63 tend
  to produce good random bits in an 8 x 8 CA.

81
Random Generation

• A random stream is generated by assigning a rule
  to each cell, initializing the CA to a random
  state, and running the CA using a center cell to
  produce the bit stream.
• For example, below is a 3x3 CA where each cell is
  assigned rule 14.

82
Using CAP

• CAP provides a 2-d Cellular Automata both for
  random bit generation and for use as a key in a
  stream cipher

83
Summary

• History
• More Transpositions
• Double Column Transposition
• Turning Grille
• Computer Based Encryption
• Stream Ciphers
• LFSR
• One Time Pad
• Cellular Automata