Classical Encryption Techniques

Lecture slides adapted from Lawrie Brown

1

Chapter 2 – Classical EncryptionTechniques

Many savages at the present day regard their names as vital parts of themselves, and therefore take great pains to conceal their real names, lest these should give to evil-disposed persons a handle by which to injure their owners. —The Golden Bough, Sir James George Frazer

2

Symmetric Encryption

• or conventional / private-key / single-key

• sender and recipient share a common key

• all classical encryption algorithms are private-key

• was only type prior to invention of public-key in 1970’s

3

Basic Terminology

• plaintext - the original message • ciphertext - the coded message • cipher - algorithm for transforming plaintext to ciphertext • key - info used in cipher known only to sender/receiver • encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering ciphertext from plaintext• cryptography - study of encryption principles/methods• cryptanalysis (codebreaking) - the study of principles/

methods of deciphering ciphertext without knowing key• cryptology - the field of both cryptography and

cryptanalysis

4

Symmetric Cipher Model

5

Requirements

• two requirements for secure use of symmetric encryption:– a strong encryption algorithm– a secret key known only to sender / receiver

Y = EK(X)

X = DK(Y)

• assume encryption algorithm is known

• implies a secure channel to distribute key

6

Figure 2-1  Encryption.

7

Figure 2-2  Encryption with Keys.

8

Cryptography

• can characterize by:– type of encryption operations used

• substitution / transposition / product

– number of keys used• single-key or private / two-key or public

– way in which plaintext is processed• block / stream

9

Types of Cryptanalytic Attacks• ciphertext only

– only know algorithm / ciphertext, statistical, can identify plaintext

• known plaintext – know/suspect plaintext & ciphertext to attack cipher

• chosen plaintext – select plaintext and obtain ciphertext to attack cipher

• chosen ciphertext – select ciphertext and obtain plaintext to attack cipher

• chosen text – select either plaintext or ciphertext to en/decrypt to

attack cipher10

Brute Force Search

• always possible to simply try every key

• most basic attack, proportional to key size

• assume either know / recognise plaintext

11

More Definitions

• unconditional security – no matter how much computer power is

available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext

• computational security – given limited computing resources (eg time

needed for calculations is greater than age of universe), the cipher cannot be broken

12

Classical Substitution Ciphers

• where letters of plaintext are replaced by other letters or by numbers or symbols

• or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns

13

Caesar Cipher

• earliest known substitution cipher

• by Julius Caesar

• first attested use in military affairs

• replaces each letter by 3rd letter on

• example:meet me after the toga party

PHHW PH DIWHU WKH WRJD SDUWB

14

Caesar Cipher

• can define transformation as:a b c d e f g h i j k l m n o p q r s t u v w x y zD E F G H I J K L M N O P Q R S T U V W X Y Z A B C

• mathematically give each letter a numbera b c d e f g h i j k l m0 1 2 3 4 5 6 7 8 9 10 11 12n o p q r s t u v w x y Z13 14 15 16 17 18 19 20 21 22 23 24 25

• then have Caesar cipher as:C = E(p) = (p + k) mod (26)p = D(C) = (C – k) mod (26)

15

Cryptanalysis of Caesar Cipher

• only have 26 possible ciphers – A maps to A,B,..Z

• could simply try each in turn

• a brute force search

• given ciphertext, just try all shifts of letters

• do need to recognize when have plaintext

• eg. break ciphertext "GCUA VQ DTGCM"

16

Monoalphabetic Cipher

• rather than just shifting the alphabet • could shuffle (jumble) the letters arbitrarily • each plaintext letter maps to a different random

ciphertext letter • hence key is 26 letters long

Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZNPlaintext: ifwewishtoreplacelettersCiphertext: WIRFRWAJUHYFTSDVFSFUUFYA

17

Sample of Compressed Text

˜+Wµ"— !–O)"4{#‡¸ ë~!%ràu·¯Í $¯Z-Ú%2Ò#

Åæ& oe«q7¸!n·®3N$Ú OEz’Y-ƒ#Í[±Û_ è!‚<NO¬±«.xã Åä£èü3Å

x}ö§kºÂ

_yÍ ˆ'É] ²¤ J/°iTê&ý( 'c<u!-

ÄD(G WÄC~y_ïõÄW PÔý«Î܆ç]‚¤¡.Ì^üÑ

)¢*¡L¡9OgflO¢&OE"(¬"(ØÔ§½: ¡OE!SGqèvoˆ úError!

18

Monoalphabetic Cipher Security

• now have a total of 26! = 4 x 1026 keys

• with so many keys, might think is secure

• but would be !!!WRONG!!!

• problem is language characteristics

19

Language Redundancy and Cryptanalysis

• human languages are redundant • eg "th lrd s m shphrd shll nt wnt" • letters are not equally commonly used • in English e is by far the most common letter • then T,R,N,I,O,A,S • other letters are fairly rare • cf. Z,J,K,Q,X • have tables of single, double & triple letter

frequencies

20

English Letter Frequencies

21

Use in Cryptanalysis• key concept - monoalphabetic substitution

ciphers do not change relative letter frequencies • discovered by Arabian scientists in 9th century• calculate letter frequencies for ciphertext• compare counts/plots against known values • if Caesar cipher look for common peaks/troughs

– peaks at: A-E-I triple, NO pair, RST triple– troughs at: JK, X-Z

• for monoalphabetic must identify each letter– tables of common double/triple letters help

22

Example Cryptanalysis

• given ciphertext:UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

• count relative letter frequencies (see text)• guess P & Z are e and t• guess ZW is th and hence ZWP is the• proceeding with trial and error fially get:

it was disclosed yesterday that several informal butdirect contacts have been made with politicalrepresentatives of the viet cong in moscow

23

Playfair Cipher

• not even the large number of keys in a monoalphabetic cipher provides security

• one approach to improving security was to encrypt multiple letters

• the Playfair Cipher is an example

• invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair

24

Playfair Key Matrix

• a 5X5 matrix of letters based on a keyword

• fill in letters of keyword (sans duplicates)

• fill rest of matrix with other letters

• eg. using the keyword MONARCHYMONAR

CHYBD

EFGIK

LPQST

UVWXZ25

Encrypting and Decrypting

• plaintext encrypted two letters at a time: 1. if a pair is a repeated letter, insert a filler like 'X',

eg. "balloon" encrypts as "ba lx lo on" 2. if both letters fall in the same row, replace each with

letter to right (wrapping back to start from end), eg. “ar" encrypts as "RM"

3. if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom), eg. “mu" encrypts to "CM"

4. otherwise each letter is replaced by the one in its row in the column of the other letter of the pair, eg. “hs" encrypts to "BP", and “ea" to "IM" or "JM" (as desired)

26

Security of the Playfair Cipher

• security much improved over monoalphabetic• since have 26 x 26 = 676 digrams • would need a 676 entry frequency table to

analyse (verses 26 for a monoalphabetic) • and correspondingly more ciphertext • was widely used for many years (eg. US &

British military in WW1) • it can be broken, given a few hundred letters • since still has much of plaintext structure

27

Polyalphabetic Ciphers

• another approach to improving security is to use multiple cipher alphabets

• called polyalphabetic substitution ciphers • makes cryptanalysis harder with more alphabets

to guess and flatter frequency distribution • use a key to select which alphabet is used for

each letter of the message • use each alphabet in turn • repeat from start after end of key is reached

28

Vigenère Cipher

• simplest polyalphabetic substitution cipher is the Vigenère Cipher

• effectively multiple caesar ciphers • key is multiple letters long K = k1 k2 ... kd • ith letter specifies ith alphabet to use • use each alphabet in turn • repeat from start after d letters in message• decryption simply works in reverse

29

Example

• write the plaintext out • write the keyword repeated above it• use each key letter as a caesar cipher key • encrypt the corresponding plaintext letter• eg using keyword deceptive

key: deceptivedeceptivedeceptive

plaintext: wearediscoveredsaveyourself

ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ

30

Aids

• simple aids can assist with en/decryption

• a Saint-Cyr Slide is a simple manual aid – a slide with repeated alphabet – line up plaintext 'A' with key letter, eg 'C' – then read off any mapping for key letter

• can bend round into a cipher disk

• or expand into a Vigenère Tableau (see text Table 2.3)

31

Security of Vigenère Ciphers

• have multiple ciphertext letters for each plaintext letter

• hence letter frequencies are obscured

• but not totally lost

• start with letter frequencies– see if look monoalphabetic or not

• if not, then need to determine number of alphabets, since then can attach each

32

Overview of the DES

• A block cipher:– encrypts blocks of 64 bits using a 64 bit key– outputs 64 bits of ciphertext

• A product cipher– basic unit is the bit– performs both substitution and transposition

(permutation) on the bits

• Cipher consists of 16 rounds (iterations) each with a round key generated from the user-supplied key

33

Generation of Round Keys

key

PC-1

C0 D0

LSH LSH

D1

PC-2 K1

K16LSH LSH

C1

PC-2

• Round keys are 48 bits each

34

Enciphermentinput

IP

L0 R0

f K1

L1 = R0 R1 = L0 f(R0, K1)

R16 = L15 ­ f (R15, K16) L16 = R15

IPĞ1

output

35

The f Function

RiĞ1 (32 bits)

E

RiĞ1 (48 bits)

Ki (48 bits)

S1 S2 S3 S4 S5 S6 S7 S8

6 bits into each

P

32 bits

4 bits out of each

36

DES Computations

• The cipher consists of 16 rounds or iterations• Each round uses a separate key of 48 bits

– These round keys are generated by dropping the parity bits (reducing the effective key size to 56 bits)

– Permuting the bits and extracting 48 bits (out of the 56 bits)

• A different set of 48 bits is extracted for each round of the 16 rounds

• The rounds are extracted sequentially– The input of one round is the output of the previous

round

37

DES Computations

• The right half of the input, and the round key, are run through a function f that produces 32 bits of output

• The 32 bits output are XORed into the left half, and the resulting left and right halves are swapped

• The function f provides the strength of the DES.• The right half of the input (32 bits) is expanded to

48 bits• These 48 bits are XORed with the round key (48

bits)

38

DES Computations

• The resulting 48 bits are split into eight sets of six bits each

• Each set is put through a substitution table called S-box.

• Each S-box produces four bits output.• They are catenated into a single 32-bit

quantity, which is permuted.• The resulting 32 bits constitute the output

of function f.39

40

Public Key Cryptography

• Two keys– Private key known only to individual– Public key available to anyone

• Public key, private key inverses

• Idea– Confidentiality: encipher using public key,

decipher using private key– Integrity/authentication: encipher using private

key, decipher using public one

41

Requirements

1. It must be computationally easy to encipher or decipher a message given the appropriate key

2. It must be computationally infeasible to derive the private key from the public key

3. It must be computationally infeasible to determine the private key from a chosen plaintext attack

42

RSA

• Exponentiation cipher

• Relies on the difficulty of determining the number of numbers relatively prime to a large integer n

43

Background

• Totient function (n)– Number of positive integers less than n and relatively

prime to n• Relatively prime means with no factors in common with n

• Example: (10) = 4– 1, 3, 7, 9 are relatively prime to 10

• Example: (21) = 12– 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20 are relatively

prime to 21

44

Algorithm

• Choose two large prime numbers p, q– Let n = pq; then (n) = (p–1)(q–1)– Choose e < n such that e is relatively prime to

(n).– Compute d such that ed mod (n) = 1

• Public key: (e, n); private key: d• Encipher: c = me mod n• Decipher: m = cd mod n

45

Example: Confidentiality

• Take p = 7, q = 11, so n = 77 and (n) = 60• Alice chooses e = 17, making d = 53• Bob wants to send Alice secret message HELLO

(07 04 11 11 14)– 0717 mod 77 = 28– 0417 mod 77 = 16– 1117 mod 77 = 44– 1117 mod 77 = 44– 1417 mod 77 = 42

• Bob sends 28 16 44 44 42

46

Example

• Alice receives 28 16 44 44 42• Alice uses private key, d = 53, to decrypt message:

– 2853 mod 77 = 07– 1653 mod 77 = 04– 4453 mod 77 = 11– 4453 mod 77 = 11– 4253 mod 77 = 14

• Alice translates message to letters to read HELLO– No one else could read it, as only Alice knows her

private key and that is needed for decryption

47

Example: Integrity/Authentication

• Take p = 7, q = 11, so n = 77 and (n) = 60• Alice chooses e = 17, making d = 53• Alice wants to send Bob message HELLO (07 04 11 11

14) so Bob knows it is what Alice sent (no changes in transit, and authenticated)– 0753 mod 77 = 35– 0453 mod 77 = 09– 1153 mod 77 = 44– 1153 mod 77 = 44– 1453 mod 77 = 49

• Alice sends 35 09 44 44 49

48

Example

• Bob receives 35 09 44 44 49• Bob uses Alice’s public key, e = 17, n = 77, to decrypt message:

– 3517 mod 77 = 07

– 0917 mod 77 = 04

– 4417 mod 77 = 11

– 4417 mod 77 = 11

– 4917 mod 77 = 14

• Bob translates message to letters to read HELLO– Alice sent it as only she knows her private key, so no one else could

have enciphered it

– If (enciphered) message’s blocks (letters) altered in transit, would not decrypt properly

49

Example: Both

• Alice wants to send Bob message HELLO both enciphered and authenticated (integrity-checked)– Alice’s keys: public (17, 77); private: 53– Bob’s keys: public: (37, 77); private: 13

• Alice enciphers HELLO (07 04 11 11 14):– (0753 mod 77)37 mod 77 = 07– (0453 mod 77)37 mod 77 = 37– (1153 mod 77)37 mod 77 = 44– (1153 mod 77)37 mod 77 = 44– (1453 mod 77)37 mod 77 = 14

• Alice sends 07 37 44 44 14

50

Security Services

• Confidentiality– Only the owner of the private key knows it, so

text enciphered with public key cannot be read by anyone except the owner of the private key

• Authentication– Only the owner of the private key knows it, so

text enciphered with private key must have been generated by the owner

51

More Security Services

• Integrity– Enciphered letters cannot be changed

undetectably without knowing private key

• Non-Repudiation– Message enciphered with private key came

from someone who knew it

52

Warnings

• Encipher message in blocks considerably larger than the examples here– If 1 character per block, RSA can be broken

using statistical attacks (just like classical cryptosystems)

– Attacker cannot alter letters, but can rearrange them and alter message meaning

• Example: reverse enciphered message of text ON to get NO

Encryption Applications

1. Cryptographic Hash Functions (Checksums)

2. Key Exchange

3. Digital Signatures

4. Certificates

53

Cryptographic Hash Functions

• Also called checksums or message digests• Encryption is most commonly used for

secrecy– The message content –and sometimes its

existence- is not known

• Sometimes other things are more important– Integrity: In a document retrieval system

containing legal records, it may be important to know that the copy retrieved is exactly what was stored.

54

Cryptographic Checksums

• Elements or components of the file are not bound together.– This means changing one value affects the integrity

of the file, but that one change can easily go undetected.

• We need to put a seal or a shield around the file do that we can detect when the seal has been broken and thus know that something has been changed.

• One way for providing the seal is to compute a cryptographic function– One-way functions (Have no inverse functions)

55

56

Cryptographic Checksums

• Mathematical function to generate a set of k bits from a set of n bits (where k ≤ n).– k is smaller then n except in unusual

circumstances

• Example: ASCII parity bit– ASCII has 7 bits; 8th bit is “parity”– Even parity: even number of 1 bits– Odd parity: odd number of 1 bits

57

Example Use

• Bob receives “10111101” as bits.– Sender is using even parity; 6 1 bits, so

character was received correctly– Sender is using odd parity; even number of 1

bits, so character was not received correctly

Cryptographic Checksums

• The function must depend on all bits of the file being sealed– Any change to even a single bit will alter the

checksum result

• The checksum value is stored with the file• Each time the file is accessed or used, the

checksum is recomputed• If the computed checksum matches the

stored value, it is likely that the file has not been changed

58

Cryptographic Checksums

• In block encryption:– Chaining: means linking each block to the

previous block’s value (and therefore to all previous blocks)

• For example, by using an XOR to combine the encrypted previous block with the encryption of the current one

• A file’s cryptographic checksum could be the last block of the chained encryption of a file since that block will depend on all other blocks

59

Cryptographic Checksums

• Most widely used cryptographic hash functions:– MD4– MD5 (MD stands for Message Digest)– SHA/SHS (Secure Hash Algorithm or

Standard)– SHA-1

60