Post on 07-Jul-2018
8/19/2019 wireless comm systems2
1/23
Block 2: Simple Ciphers and Classical Ciphers
and a Complexity Measure for Security
Objectives
After studying this material you should:
• Understand the following concepts: additive cipher,
multiplicative cipher, modular arithmetic.
• Understand how a key can set the parameters of a
mathematical transformation.
• Understand in general terms how an adversary might
attack these ciphers.
• Be able to define the terms one-way function, one way
hash function and one way trapdoor function and statetheir relevance to cryptography.
• Be able to outline how the compleity of a problem or
algorithm is measured.
• !now what it means for a problem to be in compleity class ".
• Understand that in modern scalable cryptosystems
encryption and decryption are in " and cryptanalysis isnot.
1
8/19/2019 wireless comm systems2
2/23
Educational Software
The material in this block can seem a little abstract. Tovisualise the concepts an educational program calledCrypTool about cryptography and cryptanalysis isrecommended.
You can download Cryptool from
http://www.cryptool.com/
A Cipher System
Cipher
Key
Plaintext,Message
Ciphertext,Cryptogram
Security does not depend on keeping the encoding algorithmsecret it depends on keeping the key secret.
2
http://www.cryptool.com/http://www.cryptool.com/
8/19/2019 wireless comm systems2
3/23
Caesar Cipher
Plaintet: A!C"#$%&'()*+,-P/ST0123Y4Ciphertet: "#$%&'()*+,-P/ST0123Y4A!C
ranslation Ciphers
'f the input and output alphabets are the same then anencrypting transformation is 5ust a permutation of the inputalphabet. 'f we compose permutations6 that is apply themsuccessively6 then the result is also a permutation.
compose permutations:
apply g then apply f : g f .
write ,for ,for 32 f f f f f f f 7
superenciphering:
3Caesar : ()*+,-P/ST0123Y4A!C"#$%&'
4Caesar : +,-P/ST0123Y4A!C"#$%&'()*
17Caesar : 4A!C"#$%&'()*+,-P/ST0123Y
Additi!e Ciphers
3
8/19/2019 wireless comm systems2
4/23
A translation cipher can be computed purely by arithmetic by
mapping each letter of the alphabet to a number in the range
8 to 9.
'f we do the mapping as below6 then the translation cipher
becomes an additive cipher.
A !C " # $ % & ' ( ) * + , - P / S T 0 1 2 3 Y 4
8 ; 9 < = > ? @ ;8;;;9 ; ;?;@ ;98 9;99 9< 9= 9
The encryption procedure can be reduced to modular arithmetic
( )m xr mod=
means that r is the remainder when is divided by m.
Therefore6 for some arbitrary k,
r km x +=
and mr
8/19/2019 wireless comm systems2
5/23
The Caesar cipher is a mapping
26mod3+aa
sometimes written
326+aa
"ecode by subtracting < modulo 9> or adding B
!0T 26mod3− is 5ust
2623263262630 modmodmod =−=−
Thus the decrypting transformation is
2326+aa
Thus an additive cipher over an alphabet of sie m has mkeys. The encrypting transformation is
k aa m+ 6 for 8 D k D m
and the decrypting transformation is
k aa m− .
+odular arithmetic is used in /SA public key cryptography which is used in 2PA
'ther Monoalpha(etic Ciphers
Multiplicati!e ciphers
#ncrypt: k aa m× .
5
8/19/2019 wireless comm systems2
6/23
This is 5ust multiplication modulo m.
"ecrypt: 1−× k aa m 6
111 =×=× −−
k k k k mm
,-T#: 'nverses mod m do not always eist.
Possible ambiguity:
)ey k is 9 and > receivedTwo possible messages were sent E< and ;>F6 since
6216232626
=×=×
So this transformation is not in!erti(le.
To avoid the problem choose key that does not share any
di!isors with the modulus.
)eys are coprime or relatively prime to Ehave no commonfactors withF the modulus.
6
8/19/2019 wireless comm systems2
7/23
Suita(le )eys for a Multiplicati!e Cipher
0se a prime modulus6 then any nonGero key can be used:
Calculation of the inverse of a key k where k aa m× .
*et ( )mφ H number of positive integers D m that are coprime
with mI if m is prime ( ) 1−= mmφ .
Then we use the fact that:
( ) .1m
mk ≡
φ E$#/+ATJS T-/#+F
( ) 11 mmkk ≡−φ
11)( −−φ ≡ k k mm
'f m is prime KEmF H m G; so
mk k m mod21 −− =
7
8/19/2019 wireless comm systems2
8/23
*or Example:
Suppose we want the multiplicative inverse of < mod
8/19/2019 wireless comm systems2
9/23
Cryptanalysis of Multiplicati!e Ciphers
Suppose the plaintet is a and the ciphertet is b thecryptanalyst must solve
bk a m=×
for some k . 'f m is prime
mbak mod1−
=
'f the modulus is nonGprime6 then the plaintet may have acommon factor with m. The cryptanalyst must solve
ps pr k pq mod)( =
which gives the eLuation
psr qk mod=
!y calculating
9
8/19/2019 wireless comm systems2
10/23
psrqk mod1−=
one possible value for the key is obtained. The others are
sk + 6 sk 2+ 6 sk 3+ 6 ...
10
8/19/2019 wireless comm systems2
11/23
Example
'f we know that plaintet ; produces ciphertet ;9 mod 9;
521mod6821mod174
21mod5421mod45
4,5,3
)mod(
21mod1215
1
==×=
×=⇔=
===⇒
=
=
−k k
r q p
ps pr pqk
k
Since 7= s the keys ;9 and ; are also possible so we needsome further plaintet G ciphertet pairs to determine a uniLuevalue for the key.
,evertheless6 a multiplicative cipher is not significantly harder
to break than an additive cipher.
11
8/19/2019 wireless comm systems2
12/23
A Complexity Measure for Security
echnolo&y is notoriously hard to predict:
#here a calculator on the $%&'( is e)uipped with *+,vacuum tubes and weighs tons, computers in the futuremay have only *, vacuum tubes and weigh only * tons.
EPopular +echanics6 +arch ;=F
'n this section we eamine the theory that can give someassurance that a cryptosystem will be secure in the future.
'ne+way *unctionsThe concept of a one-way function is fundamental to moderncryptography.
Such a function6 say )( x f 6 is a function that is easy to computebut which is etremely difficult to invert.
#ample .9G; /actorisation
The Luestion: M2hat is the product of 988
12
8/19/2019 wireless comm systems2
13/23
!0T the Luestion: M2hat are the prime factors of >>88NO ismuch harder.
-/
$actorise ;
8/19/2019 wireless comm systems2
14/23
&ndiv. "rocedures01ash021'-*
2rite down the hash of startingeampleGen
,ow go to:
/ile0Open
and -pen CrypToolGen and compute its hash using the S&AG;function.
2rite down the hash of CrypToolGen and compare it with thatof startingeampleGen.
2hat do you observeN
One-way hash function is designed so that )( x H y = is easyto compute but given y finding any x such that )( x H y = isetremely hard and finding any x; and x9 such that )()( 21 x H x H =
is etremely hard.
&ash functions are widely used in wireless systems to verifythe authenticity of messages
S&AG; is a oneGway hash function
rapdoor 'ne+way *unctions
A trap door oneGway function is a oneGway function together
14
8/19/2019 wireless comm systems2
15/23
with a certain piece of additional information Ethe MtrapdoorOF
that enables easy calculation of fG;.
$or eample: one of the factors of ;
8/19/2019 wireless comm systems2
16/23
Crypto&raphic Applications of 'ne+way *unctions
#assword #rotection
Stream Cipher:
A oneGway hash function could be used to create a securestream cipher as in the diagram below.
Since the input to the oneGway function cannot be determinedfrom its output6 the state of the counter cannot be determined.
Block Cipher AES
#u(lic )ey Crypto&raphy 0SA
Messa&e Authentication in a #u(lic )ey System
16
Output Stream
Counter
One WayHash Function
8/19/2019 wireless comm systems2
17/23
Asymptotic Complexity
A problem with compleity n 3 will be harder to solve than aproblem with compleity *n for all inputs of sie greaterthan ;86888.
hus we choose to i&nore constant factors to &et a de&ree of technolo&y independence1 since chan&es in
technolo&y only affect constant factors.
The graph below shows how some functions vary with n.
l G En D
Hn FnCn Bn A 23
>>>)log()exp( .
This is true regardless of the values of the constants AG'.
17
8/19/2019 wireless comm systems2
18/23
n
$igure: /elative rate of %rowth of common functions
18
0
50
100
150
200
250
300
350
400
0 5 10 15 20 25 30
Aexp(Bn)
Cn Dlog(En) Fn3G
Hn2I n
f4n5
8/19/2019 wireless comm systems2
19/23
Comparin& the asymptotic ma&nitude of twofunctions
's nn ba > for large enough n and for all values of a E;F and bN
'f we take logs of both sides we obtain the eLuivalentcondition
2
log
log
log
log
loglog
>
⇔>
⇔>
a
bn
a
b
n
n
bnan
So there will be a member of the set of natural numbers
n 6 7, *, 3, 89 to satisfy this condition for any a E;F and b6so na is always greater than nb .
2e ignore terms that are insignificant for very large n. Thusfor eample we shall not distinguish between n andn;*n;3
8/19/2019 wireless comm systems2
20/23
otation for Asymptotic Complexity
=omain n 6 7, *, 3, 89.
U""$> BOU%=))(()( n g On f ∈ ? f4n5 grows no more )uickly than g4n5@.
AO#$> BOU%=))(()( n g n f Ω∈ ?f4n5 grows at least as )uickly as g4n5@.
&C1 BOU%=))(()( n g On f ∈ and ))(()( n g n f Ω∈ write ))(()( n g n f Θ∈
Example(onsider the function n10
his is )1(Ω , )( 5nΩ , )( log nnΩ , )105( n×Ω and )10( lognn n+Ω .
/ecall for n105× we ignore constant factors like ×5 and fornn
nlog
+10 we ignore nnlog because it grows more slowly thann
10 .
&t is also )10( nO , ( )nO 510 , )105( nO × and )10( log nn nO + .,ote the in n510 is not a constant factor.1ence in addition )105( n×Θ and )10( log nn n+Θ .
20
8/19/2019 wireless comm systems2
21/23
Measurin& the Complexity of a #ro(lem
#rimiti!e 'perations
Problem solution time is measured by the number of steps6 orprimiti!e operations that must be performed. 0sually6
•
They can be computed in a time that is independent of theirarguments.
• They have a finite domain G they accept as input only a
fied number of distinct values.
• They can be implemented by fied sie logic circuits.
+ore formally6 the EtimeF compleity of a problem is generallystated as the number of primitive steps reLuired by somemodel of computation.
21
8/19/2019 wireless comm systems2
22/23
Classifyin& 3ecision #ro(lems #
Class P: functions whose compleity is no greater than )( ano
for some constant a.
Problems in P are regarded as easy or feasible6 andproblems that are not are regarded as hard or infeasible orintractable.
A problem has at least eponential time compleity if itscompleity is )( naΩ and such problems are provably intractablefor large n.
Example A polynomial function and an exponentialfunction
Compare operations reLuired for n*
and *.*n
, n* *.*n
9 1024210 = 21.11.1 2 =
;8883010 101000 = 411000 1047.21.1
×=
22
8/19/2019 wireless comm systems2
23/23
Scala(le cryptosystems
A cryptosystem is scalable if it allows us to set the
cryptanalyst a harder task whenever the time spent onencryption and decryption is increased6 by using a longer key.
To achieve scalability6 it must be arranged that as thecryptosystem is scaled up6 the time reLuired for cryptanalysisincreases much faster than the time spent on encryption and
decryption.
A modern scalable cryptosystem is designed so thatencryption and decryption are computationally feasible butidentification of the key by a cryptanalyst is infeasible.
• A problem is considered feasible if it is in class P and
infeasible if it is not.
• 't follows that cryptosystems are designed so that
encryption and decryption are in P and cryptanalysis isnot.
!y choosing a sufficiently large key the cryptographer canensure that the cryptanalyst cannot afford sufficient computerpower to attack it.
A user of A#S can implement it as a scalable cryptosystem byincreasing its key lengthI A#S supports key sies of ;9@6 ;96and 9> bits. '### @89.;;i recommends the use of A#S.