1 Chapter 2 Crypto Basics How to speak crypto Substitution Cipher Transposition Cipher One-Time Pad...
-
Upload
gary-french -
Category
Documents
-
view
288 -
download
0
Transcript of 1 Chapter 2 Crypto Basics How to speak crypto Substitution Cipher Transposition Cipher One-Time Pad...
1
Chapter 2 Crypto Basics
How to speak cryptoSubstitution Cipher
Transposition CipherOne-Time Pad
Codebook CipherCrypto history
Taxonomy
Chapter 2 Crypto Basics 2
Crypto
Cryptology The art and science of making and breaking “secret codes”
Cryptography making “secret codes”
Cryptanalysis breaking “secret codes”
Crypto all of the above (and more)
Chapter 2 Crypto Basics 3
How to Speak Crypto
A cipher or cryptosystem is used to encrypt the plaintext
The result of encryption is ciphertext We decrypt ciphertext to recover plaintext A key is used to configure a cryptosystem A symmetric key cryptosystem uses the
same key to encrypt as to decrypt A public key cryptosystem uses a public
key to encrypt and a private key to decrypt (sign)
Chapter 2 Crypto Basics 4
Crypto
Basis assumption The system is completely known to the attacker Only the key is secret
Also known as Kerckhoffs Principle Crypto algorithms are not secret
Why do we make this assumption? Experience has shown that secret algorithms are
weak when exposed Secret algorithms never remain secret Better to find weaknesses beforehand
Chapter 2 Crypto Basics 5
Crypto as Black Box
plaintext
keykey
plaintext
ciphertext
A generic use of crypto
encrypt decrypt
Chapter 2 Crypto Basics 6
Simple Substitution
Plaintext: fourscoreandsevenyearsago Key:
a b c d e f g h i j k l mn o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V WX Y Z A B C
Ciphertext: IRXUVFRUHDAGVHYHABHDUVDIR
Shift by 3 is “Caesar’s cipher”
Plaintext Ciphertext
Chapter 2 Crypto Basics 7
Ceasar’s Cipher Decryption
Plaintext: spongebobsquarepants
Suppose we know a Ceasar’s cipher is being used
Ciphertext: VSRQJHEREVTXDUHSDQWU
a b c d e f g h i j k l mn o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V WX Y Z A B C
Plaintext Ciphertext
Chapter 2 Crypto Basics 8
Not-so-Simple Substitution
Shift by n for some n {0,1,2,…,25}
Then key is n
Example: key = 7
a b c d e f g h i j k l mn o p q r s t u v w x y z
H I J K L M N O P Q R S T U V WX Y Z A B C D E F G
Plaintext Ciphertext
Chapter 2 Crypto Basics 9
Cryptanalysis I: Try Them All
Given A simple substitution (shift by n) is used But the key is unknown Given ciphertext:
meqefscerhcsyeviekmvp How to find the key? Exhaustive key search
Only 26 possible keys try them all! Solution: key = 4
IAMABOYANDYOUAREAGIRL
Chapter 2 Crypto Basics 10
Even-less-Simple Substitution
Key is some permutation of letters Need not be a shift For example
Then 26! > 288 possible keys! Dominates the art of secret writing
throughout the first millennium
a b c d e f g h i j k l mn o p q r s t u v w x y z
J I C A X S E Y V D K WB Q T Z R H F M P N U L G O
Plaintext Ciphertext
Chapter 2 Crypto Basics 11
Cryptanalysis II: Be Clever
We know that a simple substitution is used
But not necessarily a shift by n Can we find the key given ciphertext:
PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXTOXBTFXQWAXBVCXQWAXFQJVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJVWLBTPQWAEBFPBFHCVLXBQUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGFOTHFEFBQUFTDHZBQPOTHXTYFTODXQHFTDPTOGHFQPBQWAQJJTODXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQWKFABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQJHDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQWAUVWFLQHGFXVAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAITIXPFHXAFQHEFZQWGFLVWPTOFFA
Chapter 2 Crypto Basics 12
Cryptanalysis II
Can’t try all 288 simple substitution keys Can we be more clever?
0.00
0.02
0.04
0.06
0.08
0.10
0.12
0.14
A C E G I K M O Q S U W Y
English letter frequency counts…
Chapter 2 Crypto Basics 13
Cryptanalysis II
Ciphertext:
PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXTOXBTFXQWAXBVCXQWAXFQJVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJVWLBTPQWAEBFPBFHCVLXBQUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGFOTHFEFBQUFTDHZBQPOTHXTYFTODXQHFTDPTOGHFQPBQWAQJJTODXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQWKFABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQJHDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQWAUVWFLQHGFXVAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAITIXPFHXAFQHEFZQWGFLVWPTOFFA
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
21 26 6 10 12 51 10 25 10 9 3 10 0 1 15 28 42 0 0 27 4 24 22 28 6 8
Ciphertext frequency counts:
Decrypt this message using info below
Frequency analysis histrory
Discovered by the Arabs Earliest known description of frequency
analysis is in a book by the 9-century scientist al-Kindi
Rediscovered or introduced from the Arabs in Europe during the Renaissance
Frequency analysis made substitution cipher inscure.
Chapter 2 Crypto Basics 14
Chapter 2 Crypto Basics 15
Cryptanalysis: Terminology
Cryptosystem is secure if best known attack is to try all keys
Cryptosystem is insecure if any shortcut attack is known
By this definition, an insecure system might be harder to break than a secure system!
Chapter 2 Crypto Basics 16
Double Transposition
Plaintext: attackxatxdawn
Permute rowsand columns
Ciphertext: xtawxnattxadakc Key: matrix size and permutations
(3,5,1,4,2) and (1,3,2)
Chapter 2 Crypto Basics 17
One-time Pad Encryption
e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111
Encryption: Plaintext Key = Ciphertext
Ph e i l h i t l e r
001 000 010 100 001 010 111 100 000 101
K 111 101 110 101 111 100 000 101 110 000
C110 101 100 001 110 110 111 001 110 101
s r l h s s t h s r
Chapter 2 Crypto Basics 18
One-time Pad Decryption
e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111
Decryption: Ciphertext Key = Plaintext
Cs r l h s s t h s r
110 101 100 001 110 110 111 001 110 101
K 111 101 110 101 111 100 000 101 110 000
P001 000 010 100 001 010 111 100 000 101
h e i l h i t l e r
Chapter 2 Crypto Basics 19
One-time Pad
Double agent claims sender used “key”:
e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111
Cs r l h s s t h s r
110 101 100 001 110 110 111 001 110 101
K 101 111 000 101 111 100 000 101 110 000
P011 010 100 100 001 010 111 100 000 101
k i l l h i t l e r
Chapter 2 Crypto Basics 20
One-time Pad
Sender is captured and claims the key is:C
s r l h s s t h s r
110 101 100 001 110 110 111 001 110 101
K 111 101 000 011 101 110 001 011 101 101
P001 000 100 010 011 000 110 010 011 000
h e l i k e s i k e
e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111
Chapter 2 Crypto Basics 21
One-time Pad Summary
Provably secure, when used correctly Ciphertext provides no info about plaintext All plaintexts are equally likely Pad must be random, used only once Pad is known only by sender and receiver Pad is same size as message No assurance of message integrity
Why not distribute message(plaintext) the same way as the pad(key)?
Chapter 2 Crypto Basics 22
Real-world One-time Pad
Project VENONA Soviet spy messages from U.S. in 1940’s Nuclear espionage, etc. Thousands of messaged
Spy carried one-time pad into U.S. Spy used pad to encrypt secret messages Repeats within the “one-time” pads made
cryptanalysis possible
Chapter 2 Crypto Basics 23
VENONA Decrypt (1944)
[C% Ruth] learned that her husband [v] was called up by the army but he was not sent to the front. He is a mechanical engineer and is now working at the ENORMOUS [ENORMOZ] [vi] plant in SANTA FE, New Mexico. [45 groups unrecoverable]detain VOLOK [vii] who is working in a plant on ENORMOUS. He is a FELLOWCOUNTRYMAN [ZEMLYaK] [viii]. Yesterday he learned that they had dismissed him from his work. His active work in progressive organizations in the past was cause of his dismissal. In the FELLOWCOUNTRYMAN line LIBERAL is in touch with CHESTER [ix]. They meet once a month for the payment of dues. CHESTER is interested in whether we are satisfied with the collaboration and whether there are not any misunderstandings. He does not inquire about specific items of work [KONKRETNAYa RABOTA]. In as much as CHESTER knows about the role of LIBERAL's group we beg consent to ask C. through LIBERAL about leads from among people who are working on ENOURMOUS and in other technical fields.
“Ruth” == Ruth Greenglass “Liberal” == Julius Rosenberg
“Enormous” == the atomic bomb
Chapter 2 Crypto Basics 24
Codebook
Literally, a book filled with “codewords” Zimmerman Telegram encrypted via
codebookFebruar 13605fest 13732finanzielle 13850folgender 13918Frieden 17142Friedenschluss 17149
: :
Modern block ciphers are codebooks! More on this later…
Chapter 2 Crypto Basics 25
ZimmermanTelegram One of most
famous codebook ciphers ever
Led to US entry in WWI
Ciphertext shown here…
Chapter 2 Crypto Basics 26
ZimmermanTelegramDecrypted British had
recovered partial codebook
Able to fill in missing parts
Chapter 2 Crypto Basics 27
A Few Historical Items
Crypto timeline Answers.com Wikipedia Transposition cipher Spartan Scytale[saiteil]
Substitution cipher Caesar’s cipher Poe’s The Gold Bug: See here
Election of 1876
Chapter 2 Crypto Basics 28
Election of 1876
“Rutherfraud” Hayes vs “Swindling” Tilden: Popular vote was virtual tie
Electoral college delegations for 4 states (including Florida) in dispute
Commission: All 4 states to Hayes Tilden accused Hayes of bribery Was it true?
Chapter 2 Crypto Basics 29
Election of 1876
Encrypted messages by Tilden supporters later emerged
Cipher: Partial codebook, plus transposition
Codebook substitution for important wordsciphertext plaintext
Copenhagen GreenbacksGreece HayesRochester votesRussia TildenWarsaw telegram
: :
Chapter 2 Crypto Basics 30
Election of 1876
Apply codebook to original message Pad message to multiple of 5 words (total
length, 10,15,20,25 or 30 words) For each length, a fixed permutation
applied to resulting message Permutations found by comparing many
messages of same length Note that the same key is applied to all
messages of a given length
Chapter 2 Crypto Basics 31
Election of 1876
Ciphertext: Warsaw they read all unchanged last are idiots can’t situation
Codebook: Warsaw telegram Transposition: 9,3,6,1,10,5,2,7,4,8 Plaintext: Can’t read last telegram.
Situation unchanged. They are all idiots.
A weak cipher made worse by reuse of key Lesson: Don’t reuse/overuse keys!
Chapter 2 Crypto Basics 32
Early 20th Century
WWI Zimmerman Telegram “Gentlemen do not read each
other’s mail” Henry L. Stimson, Secretary of State, 1929
WWII golden age of cryptanalysis Japanese Purple (codename MAGIC) German Enigma (codename ULTRA)
Enigma Machine
Chapter 2 Crypto Basics 33
• Encryption machine used by Germans in the WWII, relies on electricity
• Plug board: allowed for pairs of letters to be remapped before the encryption process started and after it ended.
• Light board• Keyboard• Set of rotors: user must select three
rotors from a set of rotors to be used in the machine. A rotor contains one-to-one mappings of all the letters.
• Reflector (half rotor).
How does it work?
Current passes through:― the plug board,― the three rotors,― the reflector which reverses the current,― back through the three rotors,― back through the plug board― then the encrypted letter is lit on the display.
For each letter, the rotors rotate. The rotors rotate such as the right most rotor must complete one revolution before the middle rotor rotated one position and so on.
Chapter 2 Crypto Basics 34
Letters Remapped
The whole encryption process for a single letter contains a minimum of 7 remappings (the current passes through the rotors twice) and a maximum of 9 remappings (if the letter has a connection in the plug board).― Plug board performs the first remapping, if the letter
has a connection in the plug board.― Rotors remap letters. Each rotor contains one-to-one
mappings of letters but since the rotors rotate on each key press, the mappings of the rotors change on every key press.
― The reflector does one more remapping, the one-to-one mappings are always the same.
Chapter 2 Crypto Basics 35
Decryption
Need the encrypted message, and know which rotors were used, the connections on the plug board and the initial settings of the rotors.
Without the knowledge of the state of the machine when the original message was typed in, it is extremely difficult to decode a message.
Chapter 2 Crypto Basics 36
Japanese Purple Machine
Chapter 2 Crypto Basics 37
Electromechanical stepping switch machinemodeled after Enigma.
Used telephone steppingswitches instead of rotorsPearl Harbor attack
preparations encoded inPurple, decoded hoursbefore attack.
Chapter 2 Crypto Basics 38
Post-WWII History
Claude Shannon father of the science of information theory
Computer revolution lots of data Data Encryption Standard (DES), 70’s Public Key cryptography, 70’s CRYPTO conferences, 80’s Advanced Encryption Standard (AES), 90’s Crypto moved out of classified world
Chapter 2 Crypto Basics 39
Claude Shannon
The founder of Information Theory 1949 paper:
Comm. Thy. of Secrecy Systems http://netlab.cs.ucla.edu/wiki/files/shannon1949.pdf
Confusion and diffusion Confusion obscure relationship between
plaintext and ciphertext Diffusion spread plaintext statistics through
the ciphertext One-time pad only uses confusion, while double
transposition only uses diffusion Proved that one-time pad is secure
Chapter 2 Crypto Basics 40
Taxonomy of Cryptography
Symmetric Key Same key for encryption as for decryption Stream ciphers Block ciphers
Public Key Two keys, one for encryption (public), and one
for decryption (private) Digital signatures nothing comparable in
symmetric key crypto Hash algorithms
Chapter 2 Crypto Basics 41
Taxonomy of Cryptanalysis
Ciphertext only Algorithm and ciphertext only
Known plaintext Some of plaintext and corresponding
ciphertext Chosen plaintext
Limited access to cryptosystem “Lunchtime attack” Protocols might encrypt chosen text
Chapter 2 Crypto Basics 42
Taxonomy of Cryptanalysis
Adaptively chosen plaintext Choose the plaintext, View the resulting
ciphertext,And choose the plaintext based the observed ciphertext
Related key Forward search
(public key crypto only) The case: plaintext is “yes” or “no”
Etc., etc.