Conventional Encryption

Outline Chapter 2 CONVENTIONAL ENCRYPTION: CLASSICAL TECHNIQUES
Yeuan-Kuen Lee September

Ch 2 Conventional Encryption: Classical Techniques 2
Conventional Encryption Model Steganography Classical Encryption Techniques
2.1 Conventional Encryption Model

Plaintext
Original intelligible message
Ciphertext
Apparently random nonsense message
Encryption process
An algorithm - produce a different output depending on the specific key being used at the time. A key a value independent of plaintext, shared by sender and recipient.
3 Ch 2 Conventional Encryption: Classical Techniques 4
Figure 2.1 Simplified Model of Conventional Encryption

Ch 2 Conventional Encryption: Classical Techniques

The ciphertext can be transformed back to the original plaintext by using a decryption algorithm and the same key that was used for encryption. The security of conventional encryption depends on the secrecy of the key, not the secrecy of the algorithm. It is impractical to decrypt a message based on the ciphertext plus knowledge of the encryption/decryption algorithm. The principal security problem is maintaining the secrecy of the key.

Encryption algorithm ( E ) Y = EK(X)
Message source Cryptanalyst
X K
Decryption Decryption Algorithm Algorithm
Encryption Encryption Algorithm Algorithm
Plaintext X = [X1, X2, , XM]
Ciphertext Y = [Y1, Y2, , YN]

Secure channel
Destination
Key source
Key K = [K1, K2, , KJ]
Decryption algorithm ( D ) X = DK(Y)
Figure 2.2 Model of Conventional Cryptosystem


An opponent
Observing Y, but not having access to K and X, may attempt to recover X or K, or both X and K. Assumed that the opponent knows E and D If only the message is interested, then an estimated plaintext X is generated. If future messages are interested, then an estimated key K is generated.

Cryptography - the art of secret writing.
Classified along three independent dimensions:
1. The type of operations used for transforming plaintext to ciphertext.
Substitution Transposition
2. The number of keys used.

Symmetric, single-key, secret-key encryption Asymmetric, two-key, public-key encryption
3. The way in which the plaintext is processed.

Block cipher Stream cipher

Cryptanalysis
The process of attempting to discover X or K or both. Table 2.1 summarizes the various types of cryptanalytic attacks based on the amount of information known to the cryptanalyst. Ciphertext only attack Known to cryptography
1. Encryption algorithm 2. Ciphertext to be decoded

Cryptanalysis (Conti.)
Known plaintext attack
Known to cryptography
1. Encryption algorithm 2. Ciphertext to be decoded 3. One or more plaintext-ciphertext pairs formed with the secret key
Probable-word attack may have little knowledge of what is in the message

Accounting file: placement of certain key words Copyright statement in some standardized position
Brute-force approach of trying all possible keys Statistical tests: type of plaintext

Chosen-plaintext attack
1. Encryption algorithm 2. Ciphertext to be decoded 3. Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with the secret key

Chosen-ciphertext attack
1. Encryption algorithm 2. Ciphertext to be decoded 3. Purported ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key
Example: password file Differential cryptanalysis (explored Ch3)
Chosen-text attack chosen-plaintext or chosenciphertext attack
11
12

Only relative weak algorithms fail to withstand a ciphertext-only attack. Generally, an encryption algorithm is designed to withstand a know-plaintext attack.

Unconditionally secure
If the ciphertext generated by an encryption scheme does not contain enough information to determine uniquely the corresponding plaintext, no matter how much ciphertext is available and how much time an opponent has. No encryption algorithm is unconditionally secure, except the one-time pad scheme
Conditionally secure
1. The cost of breaking the cipher exceeds the value of the encrypted information 2. The time required to break the cipher exceeds the useful lifetime of the information
Ch 2 Conventional Encryption: Classical Techniques 13 Ch 2 Conventional Encryption: Classical Techniques 14

Table 2.2 Average Time Required for Exhaustive Key Search
Key Size (bits) 32 56 128 26 char perm. Number of alternative keys 232 = 4.3*109 256 = 7.2*1016 2128 = 3.4*1038 26! = 4*1026 Time required at 1 encryption/us 231 us = 35.8 min 255 us = 1142 years 2127 us = 5.4*1024 years 2*1026 us = 6.4*1012years Time required at 106 encryption/us 2.15 ms 10.01 hrs 5.4*1018 years 6.4*106 years
2.2 Steganography
Cryptography
crypto graphy : secret writing Conceal the meaning of message
Steganography
stegano graphy : covered writing Conceal the existence of message
15
16
2.2 Steganography
Stegosaur (Roof Lizard)
2.2 Steganography
Dear George, Greetings to all at Oxford. Many thanks for your Letter and for the summer examination package. All Entry Forms and Fees Forms should be ready for final despatch to the syndicate by Friday 20th or at the very latest, Im told, by the 21st. Admin has improved here, though theres room for improvement still; just give us all two or three more years and well really show you! Please dont let these wretched 16 + proposals destroy your basic O and A pattern. Certainly this sort of change, if implemented immediately, would bring chaos. Sincerely yours,
2.2 Steganography
Historical steganographic techniques
Character marking Invisible ink Pin punctures Typewriter correction ribbon
2.2 Steganography
Cryptography
Conceal the meaning of message
Conceal the existence of message
Steganography
20
19
2.2 Steganography
General Steganographic Model
Sender Message
Compressing Compressing Encrypting Encrypting
2.2 Steganography
Requirements of a Steganographic System
Imperceptible (image fidelity) Undetectable (Steganalysis) Security Payload
Stegomedia
Extracting Extracting
Message Receiver
Decompressing Decompressing Decrypting Decrypting
image, text audio, video Covermedia
Embedding Embedding
Limited Robustness
Stego-key Warden
Stego-key (Blindness)
2.2 Steganography
Steganalysis
The art of detecting any hidden message on the communication channel. If the existence of the hidden message is revealed, the goal of steganography is defeated. Two types of steganalytic techniques
Visual attack Statistical attack
2.2 Steganography
Specific Pattern of S-Tools palette in cover-image
Result of the Airfield image embedded in the 8-bit Renoir with S-Tools. (the cover image was reduced from 248 to 32 unique colors)
luminance-ordered palette in stego-image

2.3 Classical Encryption Techniques

Two basic building blocks
Substitution techniques - the letters of plaintext are replaced by other letters or by numbers of symbols
- Caeser cipher - Monoalphabetic cipher - Playfair cipher - Hill cipher Transposition techniques - performing some sort
of permutation on the plaintext letters

Caesar cipher
Replacing each letter of the alphabet with the letter standing three places further down the alphabet Transformation
Plain: Cipher: a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V WX Y Z A B C
<Example>
Plain: me e t Cipher: P H H W me P H a f t e r D I WH U t h e WK H t o g a WR J D p a r t y S D U WB
Rotor machines - multiple stages of encryption

26

Caesar cipher
(Conti.)

Caesar cipher
Fig.2.4
(Conti.)
If we assign a numerical equivalent to each letter (a=0, b=1, c=2etc), then for each plaintext letter p, substitute the ciphertext letter C : C = E(p) = (p + 3) mod 26 General Caesar algorithm C = E(p) = (p + k) mod 26 where 1 k 25 Decryption algorithm p = D(C) = (C - k) mod 26
Brute-force cryptanalysis Why? Three important characteristics:

1. The encryption and decryption algorithms are known. 2. There are only 25 keys to try. 3. The language of the plaintext is known and easily recognizable.
< Fig.2.5 > Using ZIP algorithm to Compress the plaintext before encryption

Monoalphabetic cipher
An arbitrary substitution is used 26! ( 41026 ) possible keys: to eliminate brute-force attack (table 2.2) If the cryptanalyst knows the nature of the plaintext (e.g., noncompressed English text), then the analyst can exploit the regularities of the language.
< Fig.2.6 > Relative frequency of letters in English text
Fig. 2.6 Relative frequency of letters in English text


Monoalphabetic cipher
(Conti.)

Playfair cipher
The best-known multiple-letter encryption cipher Treat digrams in the plaintext as single units and translates these units into ciphertext digrams. 5*5 matrix of letters constructed using a keyword.
M M C C E E L L U U
31 Ch 2 Conventional Encryption: Classical Techniques
Digram two-letter combination Frequency of diagrams is a powerful regularity.

The most common digram is th. (ZW)
Trigram three-letter combination

The most frequent trigram is the. (ZWP)
O O H H F F P P V V
N N Y Y G G Q Q W W
A A B B I/J I/J S S X X
R R D D K K T T Z Z
32
Homophone
Provide multiple substitutes for a single letter Multiple-letter patterns (e.g., digram frequencies) still survive in the ciphertext

Playfair cipher
(Conti.)

Playfair cipher
(Conti.)
Plaintext is encrypted two letters at a time, according to the following rules: 1. Repeating plaintext letter that would fall in the same pair are separated with a filler letter (such as x)
3. Plaintext letters that fall in the same column of the matrix are replaced by the letter beneath, with the top element of the column circularity following the last.
[ mu ]
[ CM ]
M M C C E E L L U U O O H H F F P P V V N N Y Y G G Q Q W W A A B B I/J I/J S S X X R R D D K K T T Z Z
34
[ balloon ]
[ ba lx lo on ]
M M C C E E L L U U
O O H H F F P P V V
N N Y Y G G Q Q W W
A A B B I/J I/J S S X X
R R D D K K T T Z Z
33
2. Plaintext letters that fall in the same row of the matrix are replaced by the letter to the right in a circular fashion
4. Otherwise, each plaintext letter is replaced by the letter that lies in its own row and the column occupied by the other plaintext letter.
[ ar ]
[ RM ]
[ hs ] [ ea ]
[ BP ], [ IM ] ( or [ JM ] )

Playfair cipher
(Conti.)
There are 26*26=676 digrams, so that identification of individual digrams is more difficult. The relative frequencies of individual letters exhibit a much greater range than that of diagrams, making frequency analysis much more difficult. Standard field system by the British Army in WWI Considerable use by the U.S. Army and other allied forces during WWII. However, it still leaves much of the structure of the plaintext language intact.
Fig.2.7 Relative Frequency of Occurrence of Letters.

Hill cipher
Lester Hill, 1929 Take m successive plaintext letters and substitutes for them m ciphertext letters The substitution is determined by m linear transformation.

Hill cipher
(Conti.)
Matrix-vector form
c1 k11 k12 k13 p1 c = k 2 21 k22 k23 p2 c3 k31 k32 k33 p3
For m = 3, C1 = (k11p1+k12p2+k13p3) mod 26 C2 = (k21p2+k22p2+k23p3) mod 26 C3 = (k31p3+k32p2+k33p3) mod 26
C = KP where C and P are column vectors of length 3, representing the plaintext and ciphertext, and K is a 3*3 matrix, representing the encryption key. Operation are performed mod 26.

Hill cipher
Example:
Plaintext paymoremoney Key
17 17 5 K = 21 18 21 2 2 19

Hill cipher
(Conti.)
(Conti.)
Decryption requires using K-1 , the inverse of the matrix K,

4 9 15 K -1 = 15 17 6 24 0 17
KK-1 = K-1K=I General Expressions C = EK(P) = KP P = DK(C) = K-1C = K-1KP = P

39 40
The first three letters is pay = (15, 0, 24) t C = KP mod 26 = (375, 819, 486) t mod 26 = (11, 13, 18) t = LNS Ciphertext LNSHDLEWMTRW

Hill cipher
(Conti.)

Hill cipher
(Conti.)
As with Playfair, the strength of the Hill cipher is that it completely hides single-letter frequencies. A 3*3 Hill cipher hides not only single-letter but twoletter frequency information. Use a larger matrix hides more frequency information Strong against a ciphertext-only attack Easily broken with a known plaintext attack.
For an m*m Hill cipher, suppose we have m plaintext-ciphertext pairs, each of length m. Pj = ( p1j, p2j, p3j, p4j . . ., pmj ) Cj = ( c1j, c2j, c3j, c4j . . ., cmj ) Cj = KPj for 1 j m and for some unknown key matrix K. Define X = (pij) , Y = (cij). If X has an inverse, K =X-1Y Y = XK
41
42

Polyalphabetic ciphers
Use different monoalphabetic substitutions as one proceeds through the plaintext message 1. A set of related monoalphabetic substitution rules is used. 2. A key determines which particular rule is chosen for a given transformation.
Vigenere cipher
26 Caesar ciphers are used, with shifts of 0 through 25 Each cipher is denoted by a key letter (from a to z)
Table 2.4 The Modern Vigenere Tablean

Vigenere cipher (Conti.)
Given a key letter x and a plaintext letter y, the ciphertext letter is at the intersection of the row labeled x and the column labeled y
key: d e c e p t i v e d e c e p t i v e d e c e p t i v e plaintext: w e a r e d i s c o v e r e d s a v e y o u r s e l f ciphertext: Z I C V T W Q N G R Z G V T W A V Z H C Q Y G L M G J

Vigenere cipher
Attack:
1. Either monoalphabetic substitution or a Vigenere cipher? If a monoalphabetic substitution is used, then the statistical properties of the ciphertext should be the same as that of the language of the plaintext. Referring to Fig. 2.6
(Conti.)
Not all knowledge of the plaintext structure is lost. Example: Fig. 2.7.
The strength is that there are multiple ciphertext letters for each plaintext letter, one for each unique letter of the keyword.
46

Vigenere cipher
Attack (Conti.)
2. How to determine the keyword length?
If two identical sequences of plaintext letters occur at a distance that is an integer multiple of the keyword length, they will generate identical ciphertext sequences An analyst looking at only the ciphertext can detect the repeated sequences, e.g., VTW at a displacement of 9. Assume that the keyword either 3 or 9 in length By looking for common factors in the displacements of the various sequences, the analyst will make a good guess of the keyword length.

Vigenere cipher
Attack (Conti.)
3. If the keyword length is N, then the cipher consists of N monoalphabetic substitution ciphers.
The letters at positions 1, N+1, 2N+1, and so on will be encrypted with the same monoalphabetic ciphers. (Conti.)
(Conti.)
4. Each monoalphabetic ciphers can be attacked using frequency characteristics
Using a non-repeating keyword can eliminate the periodic nature
48

Vigenere cipher
(Conti.)

Vigenere cipher
(Conti.)
Autokey system a keyword is concatenated with the plaintext itself to provide a running key
key: plaintext: d e w e c e p t a r e i v e w e a r e s c o v e r e I d i d s s c o v e r e d s s e a v l f d i a v e y o u r
Ultimate defense - To choose a keyword that is as long as the plaintext and has no statistical relationship to it Vernam cipher: 1918, AT&T engineer, Gilbert Vernam
binary data C i = p i ki pi = ith binary digit of plaintext ki = ith binary digit of key Ci = ith binary digit of ciphertext = exclusive-or (XOR) operation pi = Ci ki
ciphertext: Z I
C V T W Q N G K Z E I
G A S X S T S L V V W L A
Statistical techniques can be applied to cryptanalysis since the key and the plaintext share the same frequency distribution of letters Example: e enciphered by e can be expeated to occur with a frequency of (0.1275)2=0.0163

Vigenere cipher
(Conti.)

Vigenere cipher
One-time pad
Army Signal Corp officer, Joseph Mauborgne Using a random key that was truly as long as the message (Conti.)
Vernam cipher (Conti.)

The essence of this technique is the mean of construction of the key. Use a running loop of tape as keyword : a very long but repeating keyword Can be broken with sufficient ciphertext, the use of known or probable plaintext sequences, or both.
Unbreakable Produce random output that bears no statistical relationship to the plaintext The practical difficult sender and receiver must be in possession of, and protect, the random key.
51
52

Transposition Techniques
Performs some sort of permutation on the plaintext letters Rail fence technique
The plaintext is written down as a sequence of diagonals and then read off as a sequence of rows Plaintext meet me after the toga party m e e t m e a f t e r t h e t o g a p a r t y

A more complex scheme
to write the message in a rectangle, row by row, and read the message off, column by column, but permute the order of the columns. The order of the columns then becomes the key. Plaintext attack postponed until two am xyz Key: 4 3 1 2 5 6 7 plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m x y z Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
(Conti.)
Ciphertext MEMATRHTGPRYETEFETEOAAT

(Conti.)

The original sequence of letters is After the first transposition:
(Conti.)
Perform more than one stage of transposition

Key: 4 3 1 2 5 6 7 plaintext: t t n a a p t m t s u o a o d w c o i x k n l y p e t z Ciphertext: NSCYAUOPTTWLTMDNAOIEPAXTTOKZ
Perform more than one stage of transposition (Conti.)

01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 03 10 17 24 04 11 18 25 02 09 16 23 01 08 15 22 05 12 19 26 06 13 20 27 07 14 21 28 17 09 05 27 24 16 12 07 10 02 22 20 03 25 15 13 04 23 19 14 11 01 26 21 18 08 06 28
After the second transposition:
This is a much less structured permutation and is much more difficult to cryptanalysis.

Rotor machines
Rotors are 75a-e.

Rotor machines
(Conti.)
Consists of a set of independently rotating cylinders A single cylinder defines a monoalphabetic substitution After each input key is depressed, the cylinder rotates one position, so that the internal connections are shifted accordingly. Thus, a different monoalphabetic substitution cipher is defined.
Edward Heberns Electric Code Machine, 1921 U.S. Patent 1683072.
A polyalphabetic substitution algorithm with a period of 26.
58

Rotor machines
Multiple cylinders
The output pins of one cylinder are connected to the input pins of the next The cylinder farthest from the operator input rotates one pin position with each keystroke For every complete rotation of the outer cylinder, the middle cylinder rotates one pin position For every complete rotation of the middle cylinder, the inner cylinder rotates one pin position 26*26*26=17576 different substitution algorithms Point to the way to DES
(Conti.)
Fig. 2.8 Three-Rotor Machine with wiring represented by numbered contacts.


Conventional Encryption

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Conventional Encryption

Enviado por

Direitos autorais:

Formatos disponíveis

Outline Chapter 2 CONVENTIONAL ENCRYPTION: CLASSICAL TECHNIQUES

Yeuan-Kuen Lee September

Conventional Encryption Model Steganography Classical Encryption Techniques

2.1 Conventional Encryption Model

2.1 Conventional Encryption Model

Figure 2.1 Simplified Model of Conventional Encryption

2.1 Conventional Encryption Model

2.1 Conventional Encryption Model

Encryption Encryption Algorithm Algorithm

Plaintext X = [X1, X2, , XM]

Ciphertext Y = [Y1, Y2, , YN]

Key K = [K1, K2, , KJ]

Decryption algorithm ( D ) X = DK(Y)

Figure 2.2 Model of Conventional Cryptosystem

2.1 Conventional Encryption Model

2.1 Conventional Encryption Model

2. The number of keys used.

3. The way in which the plaintext is processed.

Ch 2 Conventional Encryption: Classical Techniques

2.1 Conventional Encryption Model

2.1 Conventional Encryption Model

Probable-word attack may have little knowledge of what is in the message

2.1 Conventional Encryption Model

2.1 Conventional Encryption Model

Example: password file Differential cryptanalysis (explored Ch3)

Chosen-text attack chosen-plaintext or chosenciphertext attack

Ch 2 Conventional Encryption: Classical Techniques

Ch 2 Conventional Encryption: Classical Techniques

2.1 Conventional Encryption Model

2.1 Conventional Encryption Model

2.1 Conventional Encryption Model

Ch 2 Conventional Encryption: Classical Techniques

Ch 2 Conventional Encryption: Classical Techniques

Ch 2 Conventional Encryption: Classical Techniques

Conceal the existence of message

Ch 2 Conventional Encryption: Classical Techniques

Ch 2 Conventional Encryption: Classical Techniques

image, text audio, video Covermedia

luminance-ordered palette in stego-image

2.3 Classical Encryption Techniques

2.3 Classical Encryption Techniques

Rotor machines - multiple stages of encryption

Ch 2 Conventional Encryption: Classical Techniques

2.3 Classical Encryption Techniques

2.3 Classical Encryption Techniques

Brute-force cryptanalysis Why? Three important characteristics:

2.3 Classical Encryption Techniques

2.3 Classical Encryption Techniques

Fig. 2.6 Relative frequency of letters in English text

2.3 Classical Encryption Techniques

2.3 Classical Encryption Techniques

Digram two-letter combination Frequency of diagrams is a powerful regularity.

Trigram three-letter combination

2.3 Classical Encryption Techniques

2.3 Classical Encryption Techniques

Ch 2 Conventional Encryption: Classical Techniques

Ch 2 Conventional Encryption: Classical Techniques

2.3 Classical Encryption Techniques

2.3 Classical Encryption Techniques

2.3 Classical Encryption Techniques

2.3 Classical Encryption Techniques

For m = 3, C1 = (k11p1+k12p2+k13p3) mod 26 C2 = (k21p2+k22p2+k23p3) mod 26 C3 = (k31p3+k32p2+k33p3) mod 26

Ch 2 Conventional Encryption: Classical Techniques