Post on 02-Feb-2016
description
Cryptography Kinder Garden
Number theory and Classical Cryptosystems
Dr. Monther AldwairiNew York Institute of
Technology- Amman Campus10/10/2010
INCS 741: Cryptography
10/4/2009 1Dr. Monther Aldwairi
Basic Number Theory
10/4/2009 2Dr. Monther Aldwairi
Divisibly
DefinitionLet a and b be integers with a≠0a divides b if there is an integer q such
that b=aqa divides b is denoted by a|b,
Proposition1.For every a≠0, a|0, a|a and 1|b2.If a|b and b|c, then a|c3.If a|b and a|c, then a|(sb+tc) for all
integers s, t.10/4/2009 3Dr. Monther Aldwairi
Prime Numbers
DefinitionA number a >1 is a prime number if it is only
divisible by 1 and itself.Examples: 2, 3, 5, 7, 11, 13―Numbers that are not prime are composites = (ab)
TheoremEvery positive integer can be expressed as a unique
multiplication of prime numbers raised to different powers
Example 504=23327
CorollaryAssuming p is prime, If p|abc…z then p must
divide one of the factors a, b, c, …, z 10/4/2009 4Dr. Monther Aldwairi
Greatest Common Divisor (GCD)
DefinitionThe greatest common divisor of a and b is the largest
positive integer dividing both a and b and is denoted by gcd(a,b)
Examples: gcd(12,15)=3, gcd(13,7)=1―a and b are relatively prime if the gcd(a,b) =1
Euclidean AlgorithmSuppose a>b a =q1b + r1
b =q2r1 + r2
r1=q3r2 + r3 ,until
rk-1=qk+1rk ,then
gcd(a,b)=rk10/4/2009 5Dr. Monther Aldwairi
Congruence
Modulo operation6 mod 4 = 2 or 6 ≡ 2 (mod 4)read 6 is congruent to 2 mod 4
DefinitionLet a, r, m ∈ Ζ (where Ζ is a set of all integers)
and m≠0. a ≡ r (mod m), if m|(a – r)m is called the modulus.r is called the remainder‒ In other words, a and r differ by multiple of
ma = q · m + r 0 ≤ r < m10/4/2009 6Dr. Monther Aldwairi
Congruence /cont.
Propositions1. a ≡ a (mod m)2. a ≡ 0 (mod m) if and only if m|a3. a ≡ r (mod m) if and only if r ≡ a (mod m) 4. If a ≡ r and r ≡ c (mod m), then a ≡ c (mod
m)
Examples12 ≡ 7 mod 5 9 ≡ 3 (mod 6) if and only if 3 ≡ 9 (mod 6) 14 ≡ 8 and 8 ≡ 2 (mod 6), then 14 ≡ 2 (mod
m)10/4/2009 7Dr. Monther Aldwairi
Modular Arithmetic
Work on the set of integers mod m, denoted as Zm ={0,1,2,…, m-1} and perform addition, subtraction and multiplication with congruencies
PropositionLet a,b,c,d,m ∈ Ζ with m≠0. and suppose a ≡ b (mod m), and c ≡ d (mod m), thena+c ≡ b+d (mod m), a ‒ c ≡ b ‒ d (mod m), ac ≡
bd (mod m)If the result of addition or multiplication is larger
than m ‒ 1 take the ModulaExample: m = 9 Ζ9 = {0, 1, 2, 3, 4, 5, 6, 7, 8}6 + 8 = 14 ≡ 5 mod 96 × 8 = 48 ≡ 3 mod 910/4/2009 8Dr. Monther Aldwairi
Modular Arithmetic Properties Zm
1. The additive identity is 0: a + 0 = a2. The additive inverse of a is -a = m – a
s.t. a + (-a) ≡ 0 mod m3. Addition is closed i.e if a, b ∈ Ζm then a + b ∈ Ζm
4. Addition is commutative a + b = b + a5. Addition is associative (a + b) + c = a + (b + c)6. Multiplicative identity is 1: a × 1 ≡ a mod m7. The multiplicative inverse of a exists if gcd(a, m) = 1
anddenoted as a-1 s.t. a-1 × a ≡ 1 mod m8. Multiplication is closed i.e if a, b ∈ Ζm then a × b ∈ Ζm
9. Multiplication is commutative a × b = b × a10. Multiplication is associative (a × b) × c = a × (b ×
c)
10/4/2009 9Dr. Monther Aldwairi
Division
If a and m are relatively prime we can divide both sides of the congruence by a.
If gcd(a,m) =1 then their exist a multiplicative inverse for a mod m denoted as a-1.
Example: What does the division 4/5 mod 7 mean?
4/5 mod 7 ≡ 4 × 5-1 mod 7Does 5-1 mod 7 exist ?It exists because gcd(5,7) = 1.5-1 mod 7 = 3therefore, 4/5 mod 7= 4 × 3 = 12 mod 7 ≡ 5
mod 710/4/2009 10Dr. Monther Aldwairi
Linear Equations
PropositionLet a,b,c,m ∈ Ζ with m≠0If ab ≡ ac (mod m), Then b ≡ c (mod m)
only if gcd(a,m)=1Example: Solve 2x+11 ≡ 5 (mod 15)2x ≡ ‒6 (mod 15)gcd(2,15)=1 then division is allowedx ≡ ‒ 3 ≡ 12(mod 15)
10/4/2009 11Dr. Monther Aldwairi
Exponentiation
PropositionThe modulo operation can be applied whenever we
want(a + b) mod m = [(a mod m) + (b mod m) ] mod m(a × b) mod m = [(a mod m) × (b mod m) ] mod m
Exponentiation ExampleExample: 38 mod 7 = ?38 mod 7 = 6561 mod 7 = 2 since 6561 = 937 × 7 +
2.Or38 = 34 × 34 = 32 × 32 × 32 × 32
38 mod 7 = [(32 mod 7)×(32 mod 7)×(32 mod 7)×(32
mod 7)] mod 738 mod 7 = 2 × 2 × 2 × 2 mod 7 = 16 mod 7 = 210/4/2009 12Dr. Monther Aldwairi
Substitution Ciphers Monoalphabetic Ciphers
Classical Crypto Systems
10/4/2009 13Dr. Monther Aldwairi
Conventions
plaintext in lowercase and CIPHERTEXT in caps
Letters of the alphabet and assigned number as follows
Spaces and punctuation are omittedMakes decryption easierGives information about the structure of the messageSpaces would dominate the leter fequency counts10/4/2009 14Dr. Monther Aldwairi
Shift Cipher
• Shift each letter by k places, k is the keyLet P = C = K= Ζ26 and x ∈ P, y ∈ C, k ∈ KEncryption: y=Ek(x) = x + k mod 26.Decryption: x=Dk(y) = x ‒ k mod 26.
• When k = 3 the shift cipher is called Caesar Cipher.
• ExampleLet the key k = 3Plaintext : x = A T T A C K = (0, 19, 19, 0, 2, 10).Ciphertext : y = (0+3 mod 26, 19+3 mod 26, …) y = (3, 22, 22, 3, 5, 13) = D W W D F N
10/4/2009 15Dr. Monther Aldwairi
Attacks on Shift Cipher
• Known plaintext, chosen plain text or ciphertext easily break the Shift Cipher
• Ciphertext only; Eve has two choice1.Exhaustive search, only 25 possible
keys2.Frequency count if the message is long
enough– In english e is by far the most common
letter, then T,A,R,N,I,O, S.10/4/2009 16Dr. Monther Aldwairi
Affine Cipher
• The key k = (α, β) and α, β ∈ Ζ26
– Assume gcd(α,26)=1 – α ∈ {1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25}
• Encryption: Ek(x) = y = α · x + β (mod 26).• Example: k = (α, β) = (3, 2) y = 3x +2
Plaintext : X = A T T A C K = (0, 19, 19, 0, 2, 10).Ciphertext : Y = (3×0 + 2 mod 26, 3×19+2 mod
26, …) Y = (2, 7, 7, 2, 8, 6) = C H H C I G
• Decryption: Dk(y) = x = α -1 ( y – β) (mod 26).
10/4/2009 17Dr. Monther Aldwairi
Attacks on Affine Cipher• 12 choice of α and 26 choices for β 312 keys.• Ciphertext only: exhaustive search or frequency
analysis• Known plaintext: two letters in the plaintext and
corresponding ciphertext letters would suffice to find the key.Example : plaintext: IF=(8, 5) and ciphertext PQ=(15,
16)8 · α + β ≡ 15 mod 265 · α + β ≡ 16 mod 26 ⇒ α = 17 and β = 9
• Chosen plaintext ab y1 = α · 0 + β y2= α + β • Chosen ciphertext AB yields the decryption
function
10/4/2009 18Dr. Monther Aldwairi
Frequency Count Cryptanalysis
• key concept - monoalphabetic substitution ciphers do not change relative letter frequencies
• calculate letter frequencies for ciphertext compare counts/plots against known values
10/4/2009 19Dr. Monther Aldwairi
English Letters Frequencies
10/4/2009 20Dr. Monther Aldwairi
Ployalphabetic CiphersSubstitution Ciphers
Classical Crypto Systems
10/4/2009 21Dr. Monther Aldwairi
Ployalphabetic Ciphers
• Designed to flatten the frequency distribution by using multiple encryption functions
Example E1(x)= 3x (mod 26),
E2(x)=5x+13 (mod 26)
• Encrypt odd positioned letters using E1 and even positioned letters using E2
• Ultimately, have 26 different functions• Use a keyword to know what function to
use10/4/2009 22Dr. Monther Aldwairi
Vigenère Cipher• Multiple caesar ciphers• Use a key to select which alphabet is used for
each letter of the message– key is multiple letters long K = k1 k2 ... Kd
1.write the plaintext out2.write the keyword repeated above it with
numeral values3.use each key letter as a caesar cipher key4.encrypt the corresponding plaintext letter5.keyword deceptive (3,4,2,4,15,19,8,21,4)k: deceptivedeceptivedeceptivep: wearediscoveredsaveyourselfc: ZICVTWQNGRZGVTWAVZHCQYGLMGJ10/4/2009 23Dr. Monther Aldwairi
10/4/2009 Dr. Monther Aldwairi 24
Attacks on Vigenère Cipher
• Chosen plaintext will easily yield the key– Try aaaaaaa….–With enough known plaintext k=y-x
• Chosen ciphertext try AAAAA… results in key negative
• Known ciphertext only– Find the key length– Find the key
10/4/2009 25Dr. Monther Aldwairi
Finding The Key
• Write the ciphertext twice (under each other) with one shifted by the potential key length.
• Mark repeated letters (matching the letter below) and count the number of coincidences
• The shift with the most repeated coincidences is the best guess for the key length
• Now examine the frequencies for 1st , 10th , 19th … and 2nd, 11th,20th …
10/4/2009 26Dr. Monther Aldwairi
Shift
Shift of 4
ZICVTWQNGRZGVTWAVZHCQYGLMGJ
ZICVTWQNGRZGVTWAVZHCQYGLMGJ
2
Shift 9
ZICVTWQNGRZGVTWAVZHCQYGLMGJ
ZICVTWQNGRZGVTWAVZHCQYGLMGJ
310/4/2009 Dr. Monther Aldwairi 27
Letter Frequencies in Cryptanalysis
• Most common letters in English e, t, a, o, i, n, s, h, r
• Other letters are fairly rare: z, q, x, j, k, v• Guess the most common such as E and
use it to figure the key• Verify the key is correct by making sure
rare letters have low frequencies• Tables of common pairs/triple letters?!
10/4/2009 28Dr. Monther Aldwairi
Letter Pairs Tables
• Entry 12 in row WR column means that combination appears 12 times
• Entry 14 in N row and W column means NW appears 14 times
10/4/2009 29Dr. Monther Aldwairi
W B R S I V A P N W 3 4 12 2 4 10 14 3 1 B 4 4 0 11 5 5 2 4 20 R 5 5 0 1 1 5 0 3 0 S 1 0 5 0 1 3 5 2 0 I 1 8 10 1 0 2 3 0 0 V 8 10 0 0 2 2 0 3 1 A 7 3 4 2 5 4 0 1 0 P 0 8 6 0 1 1 4 0 0 N 14 3 0 1 1 1 0 7 0
Letter Pairs (Digrams)
• Most common was W, B, R, S, I W=e• The vowels a, i, o tend to avoid each other‒ S, I, P
• 80% of letters that precede n are vowels (WSIP)‒ R, A
• The letter h often appears before e and rarely after it‒ N=h
• Most common combination is th‒ B=t
• Continue the analysis10/4/2009 30Dr. Monther Aldwairi
Transportation Ciphers
• An encryption in which the letters of the plaintext are rearranged.
• Columnar Transportation as an example• The plaintext are arranged into n rows
• The resulting ciphertext is formed by traversing the columns x1 x4 x7 x2 x1…
• Use key to rearrange columns10/4/2009 31Dr. Monther Aldwairi
Block Ciphers
• In Stream ciphers every letter plaintext corresponds to a letter in CIPHERTEXT such as shift and Affine
• Block ciphers encrypt a block of letters to overcome this problem.– DES operates on 64 bit and AES on 128 bit
blocks• Electronic Codebook (ECB) mode converts
a block of plaintext to a block of CIPHERTEXT independently and at onetime.
• Cipher Block Chaining (CBC) and Cipher Feedback (CFB) modes use feedback from cipher block to encrypt subsequent blocks.
10/4/2009 32Dr. Monther Aldwairi
Playfair Cipher /Key
• The key is a word with repeated letters removed– Schoolbus Scholbu
• A 5 × 5 matrix based on the key is constructed with the remaining alphabets with( i and j) treated as one letter.
10/4/2009 33Dr. Monther Aldwairi
s c h o l b u a d e f g i k m n p q r t v w x y z
Playfair Cipher/Ek(x)
• Remove spaces and divide plaintext into groups of two letters.– If double letters insert x and regroup– Add extra x to complete the last group?!– dinner is ready di nx ne ri sr ea dy
1. If both letters fall in the same row, replace each with letter to right – “ea" becomes“BD“
2. If both letters fall in the same column, replace each with the letter below it – “dy" encrypts as “KO“
3.Otherwise each letter is replaced by the one in its row in the column of the other letter of the pair– “di" encrypts as “AK“10/4/2009 34Dr. Monther Aldwairi
Playfair Cipher Security
• Susceptible to frequency count attacks– Count common digrams! 26 × 26 = 676
digrams table– Corresponds to the English most common
digrams such as: th, he, an , in, re, es
• Each letter has only 5 possible corresponding ciphertext letters (4 in row and one below)
• Common pairs XY and YX giveup corners of rectangles with er and re (most common digrams)
10/4/2009 35Dr. Monther Aldwairi
Hill Cipher/Ek(x)
Example: Let n=3 and the key is an n × n matrix whose entries are integers in Ζ26.
and the plaintext be ABC = (0, 1, 2) then the encryption operation is a vector-matrix multiplication
AXW
10/4/2009 36Dr. Monther Aldwairi
Hill Cipher/Dk(y)
In order to decrypt we need the inverse of key matrix M, which is
Multiple the encrypted text by the inverse N
ABC
10/4/2009 37Dr. Monther Aldwairi
Matrix Inverse in mod m
For a matrix M to have in Inverse mod m.
gdc(Determinant(M), m) = 1
?
10/4/2009 38Dr. Monther Aldwairi
Hill Cipher Security
• CIPHERTEXT only is difficult!– Changing one letter in plaintext changes n
letters in CIPHERTEXT making frequency count less effective.
• Known plaintext attack can easily find M given n
• Chosen plaintext of baa.., abaa...,…, aa…b– i.e. chosentext = I– CIPHERTEXT=M
• Chosen CIPHERTEXT of BAA.., ABAA…,…, AA…B– i.e. CIPHERTEXT = I– plaintext=N
10/4/2009 39Dr. Monther Aldwairi
Shannon Properties of a Good Cryptosystem
• Diffusion– Changing one character in plaintext
results in several ciphertext changing and visa versa.
–Hill Cipher has that property• Confusion– The key doesn’t relate in a simple way to
ciphertext. Each character of the ciphertext should depend on several parts of the key.
– In Hill Cipher one character in ciphertext depends on a key matrix column10/4/2009 40Dr. Monther Aldwairi
One-Time Pads
• Unbreakable cryptosystem!• Represent the message as binary (ASCII)– Ek(x)=K+x mod 2– Ek(x)=K x– Decryption uses the same key Dk(y)=K y– Key is used once and discarded
• Unbreakable for a ciphertext only attack.• Known plain and cipher texts reveal the
one time key only. Which is never used again
10/4/2009 41Dr. Monther Aldwairi
One-Time Pad Issues
• Keys generation and exchange– Long and expensive to transmit– Pseudo random number generators are
not secure
• One way functions such as DES and SHA– xj=f(s+j) for j =1,2,3…
– bj is the least significant bit of xj.
10/4/2009 42Dr. Monther Aldwairi
One-Time Pad Issues
• Keys generation and exchange– Long and expensive to transmit– Pseudo random number generators are
not secure
• One way functions such as DES and SHA– xj=f(s+j) for j =1,2,3…
– bj is the least significant bit of xj.
10/4/2009 43Dr. Monther Aldwairi