VIEWS: 12 PAGES: 32 POSTED ON: 8/15/2012
Information System Security Lecture 2 Classical Cryptography Outline Basic mathematical concepts Cipher systems Historical ciphers Transposition ciphers Substitution ciphers Product ciphers ISS/Faculty of IT/2005 2 Basic Mathematical Concepts A function (or transformation) is defined on 2 sets X and Y and a rule f which assigns to each element in X one element in Y. A function f is injective if each element in Y is the image of at most one element in X A function f is surjective if each element in Y is the image of at least one element in X A function f is bijective if it is injective and surjective ISS/Faculty of IT/2005 3 Basic Mathematical Concepts Inverse function: if f is bijective from X to Y, – The inverse function of f is g fromY to X : g(y)=x and f(x)=y – g(f(x)) = x – g is the denoted f 1 One-way function: a function f from X to Y where for each xX it’s easy to compute f(x) but it’s difficult (computationally infeasible) to compute xX such that y=f(x) A permutation p on S is a bijection from S to itself – S is finite set of elements – Since p is bijective then p has an inverse p 1 Involutions: a bijective function is called an involution if f f 1 ISS/Faculty of IT/2005 4 Cipher system Encryption domains and codomains – A denotes a finite set called alphabet of definition. Example: A= {o,1} – M denotes a set called message space. M consists of strings of symbols from an alphabet of definition An element of M is called a plaintext message (or a plaintext) Example: M may consist of binary strings, English text, etc. – C denotes a set called ciphertext space. C consists of strings of symbols from an alphabet definition C may differ from the alphabet of definition for M An element of M is called a ciphertext ISS/Faculty of IT/2005 5 Cipher system Encryption and decryption transformations – K denotes a set called the key space, an element of K is called a key – Each e K uniquely determines a bijection from M to C, denoted by Ee(called encryption function or encryption transformation) – Ee must be a bijection if the process to be reversed and a unique plaintext recovered from each distinct ciphertext – Each d K, Dd (decryption function or decryption transformation) denotes a bijection from C to M – The process of applying the transformation Ee to a plaintext m M, is referred to as the encryption of m – The process of applying the transformation Dd to a ciphertext c C, is referred to as decryption of c ISS/Faculty of IT/2005 6 Cipher system An encryption scheme consists of (in addition to M,C,K): – A set {Ee : e K } encryption transformations of – A correspondent set {Dd : d K } of decryption transformations with the property that for each e K there is 1 a unique key d K such that D E D ( E (m)) m d e d e – An encryption scheme is also referred to as a cipher – e and d are referred to as a key pair denoted by (e,d) – Encryption achieves Confidentiality ISS/Faculty of IT/2005 7 Example Trivial shift cipher: (M, C, K, E, D) – M = { sequences of letters } – C=M – K = { i | i is an integer and 0 ≤ i ≤ 25 } – E = { Ek | k K and for all letters m, Ek(m) = (m + k) mod 26} – D = { Dk | k K and for all letters c, Dk(c) = (26 + c – k) mod 26} Example ISS/Faculty of IT/2005 8 Example Let k = 9, m = “VELVET” (21 4 11 21 4 19) – Ek(m) = (m + k) mod 26 = (30 13 20 30 13 28) mod 26 = “4 13 20 4 13 2” = “ENUENC” – Dk(c) = (26 + c – k) mod 26 = (21 30 37 21 30 19) mod 26 = “21 4 11 21 4 19” = “VELVET” A B C D E F G H I J K L M 0 1 2 3 4 5 6 7 8 9 10 11 12 N O P Q R S T U V W X Y Z 13 14 15 16 17 18 19 20 21 22 23 24 25 ISS/Faculty of IT/2005 9 Historical Ciphers Please note that all the ciphers in this unit are: – Created prior to the 2nd half of the 20th century – Symmetric – Operate on alphabetic characters – Are not suitable for general modern use However, they allow us to: – Illustrate basic principles and common pitfalls Historical (classical) cryptography: – Two basic types Transposition ciphers Substitution ciphers – Product ciphers Combinations of the two basic types ISS/Faculty of IT/2005 10 Transposition Ciphers A simple transposition cipher with fixed period t: – Consists of grouping the plaintext into blocks of t characters, and applying to each block a single permutation e on the numbers 1 through t. – Decryption consists of the permutation d which inverts e simple transposition cipher rearrange letters in plaintext to produce ciphertext Example: – m = CAESAR, t=6 – e = (6 4 1 3 5 2) => c = RSCEAA – d = (3 6 4 2 5 1) Compound transposition is a sequential composition of 2 or more simple transpositions with respective periods t1, …,ti <=> simple transposition IT/2005period t = lcm(t1,…,ti)11 ISS/Faculty of of Transposition Ciphers A simple transposition cipher with fixed period t, – ( M , C , K , Ee , Dd ) : – K is the set of all permutations on {1,2, …,t} – For each e K, the encryption function Ee is defined as follows: – Ee (m) (me (1) ,..., me (t ) ) // m=(m1, …,mt) M, the message space – The decryption key d e 1 // the inverse permutation of e – To decrypt the message c=(c1,...,c2), compute m Dd (c) (cd (1) ,..., cd (t ) ) ISS/Faculty of IT/2005 12 Attacks Ciphertext only: – adversary has only c; – goal is to find plaintext, possibly key Known plaintext: – adversary has m, c; – goal is to find k Chosen plaintext: – adversary may gets a specific plaintext enciphered; – goal is to find key ISS/Faculty of IT/2005 13 Basis for Cryptanalysis Cryptanalysis of classical ciphers relies on redundancy in the source language (plaintext) – E appears far more frequently than Z – Q is followed by U – TH is a common digram – Repeated letters in pattern words (e.g., three, soon, etc.) It’s called statistical attacks, i.e., based on language statistics Brute force (exhaustive search): Tries all possible keys on a piece of ciphertext – If the number of keys is small, then it’s easy to break the encryptionISS/Faculty of IT/2005 14 English letter frequency (%) Letter frequency Letter frequency Letter frequency A 8.04 B 1.54 C 3.06 D 3.99 E 12.51 F 2.30 G 1.96 H 5.49 I 7.26 J 0.16 K 0.67 L 4.14 M 2.53 N 7.09 O 7.60 P 2.00 Q 0.11 R 6.12 S 6.54 T 9.25 U 2.71 V 0.99 W 1.92 X 0.19 Y 1.73 Z 0.09 ISS/Faculty of IT/2005 15 Frequency of digrams in English text (%) di-gram frequency di-gram frequency AN 1.81 ON 1.83 AT 1.51 OR 1.28 ED 1.32 RE 1.90 EN 1.53 ST 1.22 ER 2.31 TE 1.30 ES 1.36 TH 3.21 HE 3.05 TI 1.28 IN 2.30 ISS/Faculty of IT/2005 16 Attacking Transposition Ciphers Simple transposition cipher alter dependencies between consecutive characters, but Preserves the frequency distribution of each letter Anagramming – If 1-gram frequencies match English frequencies, but other n-gram frequencies do not, probably transposition – Rearrange letters to form n-grams (1st digram then trigram) with highest frequencies ISS/Faculty of IT/2005 17 Attacking Transposition Ciphers Example: – Plaintext is “HELLO WORLD” – Encryption key is e=(1 3 5 7 4 2 9 6 8 10) – Ciphertext is HLOOL ELWRD Frequencies of 2-grams beginning with H – HE 0.0305 – HO 0.0043 – HL, HW, HR, HD < 0.0010 Frequencies of 2-grams ending in H – WH 0.0026 – EH, LH, OH, RH, DH ≤ 0.0002 Implies E follows H ISS/Faculty of IT/2005 18 Substitution Ciphers Simple substitution cipher ( M , C , K , Ee , Dd ): – A plaintext and ciphertext character sets – K is the set of all permutations on A – M = {m = m1,m2, ...} – For each e K, the encryption function Ee is defined as follows: – Ee (m) e(m1 ), e(m2 ) – ci e(mi ) // the character to which mi is mapped by e – The decryption key d e 1 // the inverse permutation of e – To decrypt the message c=(c1,...,c2), compute Dd (c) d (c1 ), d (c2 ) ISS/Faculty of IT/2005 19 Substitution Ciphers Simple substitution cipher changes letters in plaintext to produce ciphertext Simple substitution cipher is called also mono-alphabetic substitution Example - Cæsar cipher (Trivial shift cipher with k =3) – Plaintext is HELLO WORLD; – Key is 3, usually written as letter ‘D’ – Ciphertext is KHOOR ZRUOG ISS/Faculty of IT/2005 20 Attacking simple substitution ciphers Brute Force: Exhaustive search – If the key space is small enough, try all possible keys until you find the right one – The key space of simple substitution on English alphabet (26 letters) is: 26! ≈ 4 x 10^26 (400 000 000 000 000 000 000 000 000) – Cæsar cipher has 26 possible keys Statistical analysis – Simple substitution cipher alter the frequency of the individual plaintext characters, but – Doesn’t alter the frequency distribution of the overall character set – Thus, letter frequency analysis helps breaking the cipher ISS/Faculty of IT/2005 21 Attacking simple substitution ciphers Ciphertext: KHOOR ZRUOG (KHOOR ZRUOG) Compute frequency of each letter in ciphertext: G 0.1 H 0.1 K 0.1 O 0.3 R 0.2 U 0.1 Z 0.1 Apply 1-gram model of English Conclusion – Simple substitution ciphers are easy to recognize and analyze – How to improve simple substitution ciphers? In other words, how to defeat letter frequency analysis? Polygram ciphers: Playfair cipher Polyalphabetic substitution ciphers: Vigenere cipher ISS/Faculty of IT/2005 22 Polygram substitution ciphers Simple substitution cipher substitutes one character by other character Polygram substitution cipher substitutes groups of characters by other groups of characters Examples – Sequences of 2 plaintext characters (digrams) may be replaced by other digrams – Sequences of 3 plaintext characters (trigrams) may be replaced by other trigrams Playfair cipher is an example of polygram substitution ciphers ISS/Faculty of IT/2005 23 Playfair cipher The Playfair Cipher operates on digrams (pairs of letters) The key is a 5x5 square consisting of every letter except J. Before encrypting, the plaintext must be transformed: – Replace all J’s with I’s – Write the plaintext in pairs of letters… – …separating any identical pairs by Z – If the number of letters is odd, add a Z to the end ISS/Faculty of IT/2005 24 Playfair cipher If two plaintext letters lie in the same row then replace each letter by the one on its “right” in the key square If two plaintext letters lie in the same column then replace each letter by the one “below” it in the key square Else, replace: – First letter by letter in row of first letter and column of second letter in the key square – Second letter by letter in column of first letter and row of second letter in the key square ISS/Faculty of IT/2005 25 Playfair cipher: Example GLOW WORM S T A N D E R C H B K F G I L GL OW WO RM M O P Q U V W X Y Z IK WT TW EO ISS/Faculty of IT/2005 26 Attacking Playfair cipher Playfiar cipher alters the frequency of the individual plaintext characters and alters the frequency distribution of the overall character set because each letter may be replaced by other. However, digram frequency analysis helps breaking the cipher ISS/Faculty of IT/2005 27 Polyalphabetic substitution cipher Polyalphabetic substitution cipher is a block cipher with block length t over an alphabet A: – The key space consists of all ordered sets of t permutation (p1, ..,pt), where each pi is defined on the set A – Encryption the message m=(m1,…,mt) under the key e=(p1,…,pt) is given by Ee (m) e( p1 (m1 ), , pt (mt )) 1 1 – The decryption key associated with e is d e( p1 , , p1 ) Example: Vigenère cipher ISS/Faculty of IT/2005 28 Vigenère cipher A={A,…,Z} t=3 e=(p1,p2,p3) encryption key – p1: maps each letter to the letter 3 positions to its right in A – P2: maps each letter to the letter 7 positions to its right in A – P3: maps each letter to the letter 10 positions to its right in A – This means that e= CHK = THI SCI PHE RIS CER RAI NLY NOT SEC URE m Ee (m)=c= WOS VJS SOO UPC FLB WHS QSI QVD VLM XYO ISS/Faculty of IT/2005 29 Attacking Vigenère cipher Doesn’t preserve symbol frequencies – In the example: E is encrypted to O and L However, it’s not significantly more difficult to cryptanalyze The approach – determine the period t (i.e., key length) – Ciphertext can be divided into t groups (group i consists of those ciphertext letters derived using permutation pi ) – Letter frequency analysis to be done on each group ISS/Faculty of IT/2005 30 Product ciphers Simple transposition and substitution don’t provide a very high level of security product cipher is a combination of many transformations (transposition and substitution ) product ciphers are a way to obtain strong ciphers We’ll call a round a composition of a substitution and a transposition. ISS/Faculty of IT/2005 31 ISS/Faculty of IT/2005 32