1
Lecture #9
Traditional Cryptography
HAIT
Summer 2005
Shimrit Tzur

David
2
Notations
•
cryptography

the principles and methods of
transforming an intelligible message into one that is
unintelligible, and then retransforming that message
back to its original form.
•
plaintext

the original intelligible message
•
ciphertext

the transformed message
•
cipher

an algorithm for transforming an intelligible
message into one that is unintelligible by
transposition and/or substitution methods
•
key

some critical information used by the cipher,
known only to the sender & receiver
3
Notations
–
Cont.
•
encipher
(encode)

the process of converting
plaintext to ciphertext using a cipher and a key
•
decipher
(decode)

the process of converting
ciphertext back into plaintext using a cipher and a key
•
cryptanalysis

the study of principles and methods
of transforming an unintelligible message back into
an intelligible message
without
knowledge of the key.
Also called
code

breaking
•
cryptology

both cryptography and cryptanalysis
•
code

an algorithm for transforming an intelligible
message into an unintelligible one using a code

book
4
Notations
–
Cont.
•
C = E
K
(P)

the encryption of the plaintext P
using key K gives the ciphertext C.
•
P = D
K
(C)

the decryption of C to get the
plaintext
•
D
K
(E
K
(P)) = P
•
E and D are mathematical functions of two
parameters: the key and the message.
5
Introduction
•
There were 3 main constraints:
1.
The ability of the code clerk to perform the necessary
transformations, often on a battlefield with little
equipment.
2.
The difficulty in switching over quickly from one
cryptographic method to another one, since this entails
retraining a large number of people.
3.
The danger of a code clerk being captured by the
enemy has made it essential to be able to change the
cryptographic method instantly if need be.
6
The encryption model
–
for a symmetric

key cipher
7
The encryption model
–
Cont.
•
The plaintext is transformed by a function that is
parameterized by a key.
•
The ciphertext, is then transmitted.
•
The enemy hears and accurately copies down the ciphertext.
•
Unlike the intended recipient, he does not know what the
decryption key is and so cannot decrypt the ciphertext.
•
Passive intruder

the intruder can only listen to the
communication channel
•
Active intruder

the intruder can record messages and play
them back later, inject his own messages, or modify legitimate
messages before they get to the receiver.
8
Flexibility
•
The cryptanalyst knows how the encryption
method, E, and decryption, D work in detail.
•
The amount of effort necessary to invent, test,
and install a new algorithm every time the old
method is compromised (or thought to be
compromised) has always made it impractical
to keep the encryption algorithm secret.
•
There is a need to keep E and D secret without
changing the encryption algorithm.
9
Flexibility
–
Cont.
•
In contrast to the general method, which may only be
changed every few years, the key can be changed as
often as required.
•
The basic model is a stable and publicly

known.
•
The general method parameterized by a secret and
easily changed key.
•
Kerckhoff's principle
: All algorithms must be public;
only the keys are secret.
•
If many experts have tried to break the algorithm for
few years and no one has succeeded, it is probably
pretty solid
10
The Key Length
•
Consider a simple combination lock:
–
A key length of two digits means 100 possibilities.
–
A key length of three digits means 1000 possibilities
–
A key length of six digits means a million possibilities.
•
The work factor for breaking the system by exhaustive search
of the key space is exponential in the key length.
•
To prevent your kid from reading your e

mail, 64

bit keys will
do.
•
For routine commercial use, at least 128 bits should be used.
•
To keep major governments issues, keys of at least 256 bits,
preferably more, are needed.
11
The Cryptanalysis Problem
•
From the cryptanalyst's point of view, the
cryptanalysis problem has two principal
variations:
1.
Quantity of ciphertext and no plaintext

the
ciphertext

only problem.
2.
Matched ciphertext and plaintext

the known
plaintext problem
12
The Cryptanalysis Problem
–
Cont.
•
Novices assumption: if a cipher can withstand a
ciphertext

only attack, the crypto

algorithm is secure.
•
In many cases the cryptanalyst can make a good guess at
parts of the plaintext.
•
For example, the first thing many computers say when
you call them up is ‘login:’
•
Equipped with some matched plaintext

ciphertext pairs,
the cryptanalyst's job becomes much easier.
•
To achieve security, the cryptographer should make sure
that the system is unbreakable even if his opponent can
encrypt arbitrary amounts of chosen plaintext.
13
Encryption Methods
•
Encryption methods have been divided into
two categories:
–
substitution ciphers
–
transposition ciphers
14
Substitution Ciphers
•
In a substitution cipher each letter or group of letters
is replaced by another letter or group of letters.
•
One of the oldest known ciphers is the Caesar cipher.
•
In this method, a becomes D, b becomes E, c
becomes F, ... , and z becomes C.
•
For example, ‘attack’ becomes DWWDFN.
•
A slight generalization of the Caesar cipher allows
the ciphertext alphabet to be shifted by
k
letters,
instead of always 3.
•
In this case
k
becomes a key to the general method of
circularly shifted alphabets.
15
Monoalphabetic Substitution
(Symbol

for

symbol)
•
The next improvement is to have each of the symbols in
the plaintext map onto some other letters. For example:
–
plaintext: a b c d e f g h i j k l m n o p q r s t u v w x y z
–
ciphertext: Q W E R T Y U I O P A S D F G H J K L Z X C V
B N M
•
The key is the 26

letter string corresponding to the full
alphabet.
•
The plaintext ‘attack’ would be transformed into
QZZQEA.
•
Does it look safe?
16
Monoalphabetic Substitution
–
Cont.
•
At first glance this might appear to be a safe system.
•
There are 26! possible keys is in use. Trying all of them
is not a promising approach. A computer would take
~10
10
years to try all the keys.
•
Nevertheless, given a surprisingly small amount of
ciphertext, the cipher can be broken easily.
•
The basic attack takes advantage of the statistical
properties of natural languages. In English,
e
is the most
common letter, followed by
t, o, a, n, i,
etc. The most
common two

letter combinations are
th, in, er, re
, and
an
.
The most common three

letter combinations are the,
ing,
and
, and
ion
.
17
Transposition Ciphers
•
Substitution ciphers preserve the order of the plaintext symbols.
•
Transposition ciphers, in contrast, reorder the letters but do not
disguise them.
•
The columnar transposition:
18
The Columnar Transposition
•
The cipher is keyed by a word or phrase not
containing any repeated letters.
•
In the example, MEGABUCK is the key.
•
The purpose of the key is to number the columns,
column 1 being under the key letter closest to the start
of the alphabet, and so on.
•
The plaintext is written horizontally, in rows, padded
to fill the matrix if need be.
•
The ciphertext is read out by columns, starting with
the column whose key letter is the lowest.
19
Breaking Transposition Cipher
•
Step 1:
The cryptanalyst must be aware that he
is dealing with a transposition cipher.
–
By looking at the frequency of E, T, A, O, I, N,
etc., it is easy to see if they fit the normal pattern
for plaintext.
•
Step 2:
Make a guess at the number of
columns
–
the plaintext phrase milliondollars occurs
somewhere in the message
•
Step 3:
Order the columns
–
By frequency
20
One

Time Pads
•
Unbreakable cipher
–
Choose a random bit string as the key.
–
Convert the plaintext into a bit string
–
Compute the XOR of these two strings, bit by bit.
•
The resulting ciphertext cannot be broken.
•
The reason derives from information theory: there is
simply no information in the message because all
possible plaintexts of the given length are equally likely.
21
Cryptographic Principles
•
Redundancy
–
All encrypted messages must contain some
redundancy, that is, information not needed to
understand the message.
•
Freshness
–
Some measures must be taken to ensure that each
message received can be verified as being fresh,
that is, sent very recently.
22
Redundancy Motivation
•
Consider a mail

order company, The Couch Potato
(TCP), with 60,000 products.
•
Ordering messages consist of a 16

byte customer
name followed by a 3

byte data field.
•
The last 3 bytes are to be encrypted using a very long
key known only by the customer and TCP.
•
This might seem secure since passive intruders cannot
decrypt the messages.
•
Suppose that a recently

fired employee wants to
punish TCP.
23
Motivation
–
Cont.
•
Just before leaving, he takes the customer list with him.
•
He writes a program to generate fictitious orders using real
customer names.
•
Since he does not have the list of keys, he just puts random
numbers in the last 3 bytes, and sends hundreds of orders.
•
When these messages arrive, TCP's computer uses the
customer's name to locate the key and decrypt the message.
•
Unfortunately for TCP, almost every 3

byte message is valid,
so the computer begins printing out shipping instructions.
•
In this way an active intruder can cause a massive amount of
trouble, even though he cannot understand the messages his
computer is generating.
24
The Solution
•
This problem can be solved by the addition of
redundancy to all messages.
•
For example, if order messages are extended to 12
bytes, the first 9 of which must be zeros, then this
attack no longer works because the ex

employee can
no longer generate a large stream of valid messages.
•
All messages must contain considerable redundancy
so that active intruders cannot send random junk and
have it be interpreted as a valid message.
25
Freshness
•
This measure is needed to prevent active intruders
from playing back old messages.
•
If no such measures were taken, our ex

employee
could keep repeating previously sent valid messages.
•
Some method is needed to foil replay attacks
•
A solution is to include in every message a timestamp
valid only for, say, 10 seconds.
•
The receiver can then just keep messages around for
10 seconds. Messages older than 10 seconds can be
thrown out.
Σχόλια 0
Συνδεθείτε για να κοινοποιήσετε σχόλιο