Classical Ciphers

CSCI 284/162

Spring 2007

GWU

Classical Ciphers

04/19/23 CS284-162/Spring07/GWU/Vora/ Classical Ciphers

2

Formal definition: cryptosystem

A cryptosystem consists of: P set of all plaintext C set of all ciphertext K set of all keys

E set of encryption rules, eK: P C

D set of decryption rules dK : C P

dK eK(x) = x

dK eK invertible and inverses of each other


3

Typical Scenario

• Alice and Bob choose a key, K K when they are unobserved or communicating on a secure channel

• If Alice wants to send Bob a message,

x1x2x3x4…xn

She sends:

y1y2y3y4…yn

Where yi = eK(xi)

xi is a symbol from the alphabet


4

Encryption is an invertible functionInversion should be somewhat easier than a lookup table, because both Alice and Bob would need the entire lookup table. This is provided by some “structure” in the encryption function.

However, structure helps adversary decrypt


5

Example of EncryptionShift Cipher on English Alphabet

P = C = K = English Alphabet

Example: key = D

A B C D E F G H I J

D E F G H I J K L M

Encryption, decryption, cryptanalysis examples

To do this for different alphabets, need some math


6

Zm

Definition: a b (mod m) m divides a-b a and b have the same remainder when divided by m

We define a mod m to be the unique remainder of a when divided by m

Zm is the “ring” of integers modulo m: The set of all possible remainders on division with m: 0, 1, 2, …m-1 with normal addition and multiplication, performed

modulo m


7

Shift Cipher

P = C = K = Zm

eK(x) = x + k mod m

dK(x) = x - k mod m

Examples

Cryptanalysis


8

Need: Some group theory

What is a group? • A set of elements G with

• An additive operation such that– G is closed under the operation, i.e. if a, b G, so does a b– The operation is associative, i.e. (a b) c = a (b c)– An identity exists and is in G, i.e. e G, s.t. e g = g e = g Every element has an inverse in G, i.e.

g G g-1 G s.t g g-1 = e


9

Multiplicative and additive groups

• The group operation can be addition or multiplication• Consider Zn

• Is it a multiplicative group? Additive?

Fact: Zp* for prime p is cyclic, generated by a primitive

element {1, , 2, … p-1}

Examples of Zn - multiplicative and additive groups, prime and composite n, primitive elements


10

Shift Cipher: generalized further

P = C = K = G

eK(x) = x + g

dK(x) = x + g-1 = x-g

Examples

Cryptanalysis


11

Properties of Zm (definition of a ring)

• Closed under addition and multiplicationIf a, b Zm then a+b, ab Zm

• Addition and multiplication are commutative and associativeIf a, b Zm then

a+b = b+a

ab = ba

(a+b)+c = a +(b+c) and

(ab)c = a(bc)


12

Properties of Zm – contd.

• Additive and multiplicative identities in Zm

Additive identity is 0 mod m

Multiplicative identity is 1 mod m

• Distributive property holdsFor a,b,c Zm

(a+b)c = ac + bc and

a(b+c) = ab + ac


13

Properties of Zm – contd.

• Additive inverse?

A number y such that x + y = x for all x in Zm

Zm/ring contains additive inverse

• Multiplicative inverse?

A number y such that x*y = 1 for all x in Zm

Zm/ring need not contain multiplicative inverse


14

Affine Cipher

P = C = R (R is the ring)

K R R

eK(x) = ax + b

dK(x) = a-1 (x – b)

Examples

Cryptanalysis

When is a invertible? We do this next week.


15

Vigenère Cipher

Shift cipher with a different key for each letter:

aeiou plaintext

fgyloi key

ciphertext?

Decryption?

VPXZGIAXIVWPUBTTMJPWIZITWZT

Key:cipher


16

Definition: Vigenère Cipher

P = C = K = (Zm)n

For K = (k1, k2, k3, …kn)

eK(x1, x2, x3, …xn) = (x1+k1, x2+k2, x3+k3, …xn+kn)

Alphabet is Zm, encryption done in blocks of n symbols

dK(x1, x2, x3, …xn) = ?

Cryptanalysis: very difficult

Number of keys? Complexity of brute force?


17

Permutation Cipher

x 1 2 3 4 5

(x) 3 2 5 1 4

x 1 2 3 4 5

-1(x)

Encrypt: canwegohomenow


18

Definition: Permutation Cipher

P = C = (Zm)n

K = { | a permutation of {1, 2, ….n}}

e (x1, x2,…xn) = (x (1), x (2),…x (n))

d (x1, x2,…xn) = (x -1(1), x -1(2),…x -1(n))


19

Special Permutation Cipherperhaps the oldest known cipher

classisboringtoday

ciidlsnaabgysotrsrox

What was the permutation?

History

How about a cipher with many, many possible keys?


21

ABCDEFGHIJKLMNOPQRSTUVWXYZ

cjmzuvywrdbunjoxaeslptfghi

Different key for each letter in the alphabet?

A letter goes to another one.

Each time a letter appears in the message it encrypts to the same letter in the ciphertext

How about using many, many keys?


22

P = C = Zm

K = all permutations of Zm

e(x) = (x)

d(y) = -1(y)

The key is the table: 26! Keys

Brute force could be expensive

Substitution cipher


23

Substitution cipher - cryptanalysis

lxr rwq zoazqgr sfuqb bqabq virw gxlkiz uqnb, vwqjq ir bIsgkn sqfab fggkniay rwq gjicfrq rjfabmojsfrioa mijbr fad rwqa rwq gxlkiz oaq. wq wfcq aorqd rwfr f sfeoj gjolkqs virw gjicfrq uqnb ib rwq bwqqj axslqj om uqnb f biaykq xbqj wfb ro brojq fad rjfzu. virw gxlkiz uqnb, oakn rvo uqnb fjq aqqdqd gqj xbqj: oaq gxlkiz fad oaq gjicfrq. Kqr xb bqq vwfr dimmejqazq rwib sfuqb ia rwq axslqj om uqnb aqqdqd.


24


• a 22• b 24• c 4• d 9• e 2• f 21• g 13• h• i 20• j 16• k 10• l 8• m 6

• n 9• o 15• p• q 51• r 28• s 9• t• u 9• v 7• w 16• x 10• y 2• z 8


25

Frequency of occurence

• English (every 1000)

E 127

T 91

A 82

O 75

I 70

N 67

S 63

H 61

R 60

D 43

L 40

C 28

• Ciphertext

q 51r 28b 24a 22f 21i 20j 16w 16o 15g 13x 10k 10d 9

U 28M 24

W 23

F 22

G 20

Y 20

P 19

B 15

V 10

K 8J 2Q 1X 1Z 1

u 9

n 9

s 9

l 8z 8v 7m 6c 4e 2y 2h 0t 0p 0

From StinsonFrom Stinson


26

q = E

lxr rwE zoazEgr sfuEb bEabE virw gxlkiz uEnb, vwEjE ir bIsgkn sEfab fggkniay rwE gjicfrE rjfabmojsfrioa mijbr fad rwEa rwE gxlkiz oaE. vE wfcE aorEd rwfr f sfeoj gjolkEs virw gjicfrE uEnb ib rwE bwEEj axslEj om uEnb f biaykE xbEj wfb ro brojE fad rjfzu. virw gxlkiz uEnb oakn rvo uEnb fjE aEEdEd gEj xbEj: oaE gxlkiz fad oaE gjicfrE. kEr xb bEE vwfr dimmejEazE rwib sfuEb ia rwE axslEj om uEnb aEEdEd.


27

Digram/Trigram occurence• Digram

TH

HE

IN

ER

AN

RE

ED

ON

ES

ST

EN

AT

• TrigramTHEINGANDHEREREENTTHANTHWASETHFORDTH

TO

NT

HA

ND

OU

EA

NG

AS

OR

TI

IS

ET

IT

AR

TE

SE

HI

OF

From StinsonFrom Stinson


28

q = Elxr rwE zoazEgr sfuEb bEabE virw gxlkiz uEnb vwEjE ir bIsgkn sEfab

fggkniay rwE gjicfrE rjfabmojsfrioa mijbr fad rwEa rwE gxlkiz oaE. vE wfcE aorEd rwfr f sfeoj gjolkEs virw gjicfrE uEnb ib rwE bwEEj axslEj om uEnb f biaykE xbEj wfb ro brojE fad rjfzu. Virw gxlkiz uEnb, oakn rvo uEnb fjE aEEdEd gEj xbEj: oaE gxlkiz fad oaE gjicfrE. kEr xb bEE vwfr dimmejEazE rwib sfuEb ia rwE axslEj om uEnb aEEdEd.

En 6 Ej 6 Ed 5 Ea 2 Eb 2 Er 1 Ef 1 Es 1 Eg 1 ER ED ES EN EA ETuE 8 wE 8 aE 5 bE 5 rE 4 kE 3 jE 3 dE 2 zE 2 gE 1 vE 1 cE lE 1 sE 1HE RE TE SE

TAOI NSHRD r b af i j wogxkdj=R; d = D; b or a = S; w = H;


29

q = E; j=R; w=H; d=D

lxr rHE zoazEgr sfuEb bEabE virH gxlkiz uEnb vHERE ir bIsgkn sEfab fggkniay rHE gRicfrE rRfabmoRsfrioa miRbr fad rHEa rHE gxlkiz oaE. vE HfcE aorEd rHfr f sfeoR gRolkEs virH gjicfrE uEnb ib rHE bHEER axslER om uEnb f biaykE xbER Hfb ro broRE fad rRfzu. HirH gxlkiz uEnb, oakn rvo uEnb fRE aEEdEd gER xbER: oaE gxlkiz fad oaE gRicfrE. kEr xb bEE vHfr dimmeREazE rHib sfuEb ia rHE axslER om uEnb aEEdEd.

TAOI NSr b af i ogr = T


30

q = E; j=R; w=H; r=T; d=D

lxT THE zONzEgr MAuES SENSE WITH gxlkIz uEnS WHERE IT SIMgkn MEANS AggknINy THE gRIcATE TRANSFORMATION FIRST AND THEN THE gxlkIz ONE. WE HAVE NOTED THAT A MAJOR PROlkEM WITH PRIVATE uEnS IS THE SHEER NxMlER OF uEnS A SIaykE xSER HAS TO STORE AND TRAzu. WITH gxlkIz uEnS, ONkn TWO uEnS ARE NEEDED gER xSER: ONE PxlkIz AND ONE PRIVATE. kET xS SEE WHAT DImmeRENzE THIS sAuESIN THE NxBlER OF uEnS NEEDED.

O NSb a ogv=W; i=I; f=A; b=S; o=O; m=F; a=N; s=M; c=V; g=P; e=J;


31


A B C D E F G H I J K L M N O P Q R S T U V W X Y Z f l z d q m y w i e u k s a o g t j b r x c v h n p

BUT THE CONCEPT MAKES SENSE WITH PUBLIC KEYS WHERE IT SIMPLY MEANS APPLYING THE PRIVATE TRANSFORMATION FIRST AND THEN THE PUBLIC ONE. WE HAVE NOTED THAT A MAJOR PROBLEM WITH PRIVATE KEYS IS THE SHEER NUMBER OF KEYS A SINGLE USER HAS TO STORE AND TRACK. WITH PUBLIC KEYS ONLY TWO KEYS ARE NEEDED PER USER ONE PUBLIC AND ONE PRIVATE. LET US SEE WHAT DIFFERENCE THIS MAKES IN THE NUMBER OF KEYS NEEDED.


32

Substitution cipher – cryptanalysis algorithm

• Look for “a”/”I”• Compute frequency of single letters; compare to that

of English• Compute frequency of digrams, compare to that of

English• Compute frequency of trigrams, compare to that of

English

• Etc.


33

Substitution cipher – strengths and weaknesses

• Strengths:– Not vulnerable to brute force attacks– Encryption and decryption requires low computational

overhead, though more than Shift cipher– Ciphertext not longer than plaintext

• Weaknesses:– Vulnerable to statistical attack if language/message has

statistical structure– Requires storage of key table


34

Substitution cipher – lessons learnt

• In spite of 26! possible keys, can break, because of structure of message

• Can we make message without statistical structure?

• Examples?

Images in well-compressed form. What about zip files?

Classical Ciphers

Documents

Transcript of Classical Ciphers