wireless comm systems2

8/19/2019 wireless comm systems2

1/23

Block 2: Simple Ciphers and Classical Ciphers

and a Complexity Measure for Security

Objectives

After studying this material you should:

• Understand the following concepts: additive cipher,

multiplicative cipher, modular arithmetic.

• Understand how a key can set the parameters of a

mathematical transformation.

• Understand in general terms how an adversary might

attack these ciphers.

• Be able to define the terms one-way function, one way

hash function and one way trapdoor function and statetheir relevance to cryptography.

• Be able to outline how the compleity of a problem or

algorithm is measured.

• !now what it means for a problem to be in compleity class ".

• Understand that in modern scalable cryptosystems

encryption and decryption are in " and cryptanalysis isnot.

1


2/23

Educational Software

The material in this block can seem a little abstract. Tovisualise the concepts an educational program calledCrypTool about cryptography and cryptanalysis isrecommended.

You can download Cryptool from

http://www.cryptool.com/

A Cipher System

Cipher

Key

Plaintext,Message

Ciphertext,Cryptogram

Security does not depend on keeping the encoding algorithmsecret it depends on keeping the key secret.

2

http://www.cryptool.com/http://www.cryptool.com/


3/23

Caesar Cipher

Plaintet: A!C"#$%&'()*+,-P/ST0123Y4Ciphertet: "#$%&'()*+,-P/ST0123Y4A!C

ranslation Ciphers

'f the input and output alphabets are the same then anencrypting transformation is 5ust a permutation of the inputalphabet. 'f we compose permutations6 that is apply themsuccessively6 then the result is also a permutation.

compose permutations:

apply g then apply f : g f .

write ,for ,for 32 f f f f f f f 7

superenciphering:

3Caesar : ()*+,-P/ST0123Y4A!C"#$%&'

4Caesar : +,-P/ST0123Y4A!C"#$%&'()*

17Caesar : 4A!C"#$%&'()*+,-P/ST0123Y

Additi!e Ciphers

3


4/23

A translation cipher can be computed purely by arithmetic by

mapping each letter of the alphabet to a number in the range

8 to 9.

'f we do the mapping as below6 then the translation cipher

becomes an additive cipher.

A !C " # $ % & ' ( ) * + , - P / S T 0 1 2 3 Y 4

8 ; 9 < = > ? @ ;8;;;9 ; ;?;@ ;98 9;99 9< 9= 9

The encryption procedure can be reduced to modular arithmetic

( )m xr mod=

means that r is the remainder when is divided by m.

Therefore6 for some arbitrary k,

r km x +=

and mr


5/23

The Caesar cipher is a mapping

26mod3+aa

sometimes written

326+aa

"ecode by subtracting < modulo 9> or adding B

!0T 26mod3− is 5ust

2623263262630 modmodmod =−=−

Thus the decrypting transformation is

2326+aa

Thus an additive cipher over an alphabet of sie m has mkeys. The encrypting transformation is

k aa m+ 6 for 8 D k D m

and the decrypting transformation is

k aa m− .

+odular arithmetic is used in /SA public key cryptography which is used in 2PA

'ther Monoalpha(etic Ciphers

Multiplicati!e ciphers

#ncrypt: k aa m× .

5


6/23

This is 5ust multiplication modulo m.

"ecrypt: 1−× k aa m 6

111 =×=× −−

k k k k mm

,-T#: 'nverses mod m do not always eist.

Possible ambiguity:

)ey k is 9 and > receivedTwo possible messages were sent E< and ;>F6 since

6216232626

=×=×

So this transformation is not in!erti(le.

To avoid the problem choose key that does not share any

di!isors with the modulus.

)eys are coprime or relatively prime to Ehave no commonfactors withF the modulus.

6


7/23

Suita(le )eys for a Multiplicati!e Cipher

0se a prime modulus6 then any nonGero key can be used:

Calculation of the inverse of a key k where k aa m× .

*et ( )mφ H number of positive integers D m that are coprime

with mI if m is prime ( ) 1−= mmφ .

Then we use the fact that:

( ) .1m

mk ≡

φ E$#/+ATJS T-/#+F

( ) 11 mmkk ≡−φ

11)( −−φ ≡ k k mm

'f m is prime KEmF H m G; so

mk k m mod21 −− =

7


8/23

*or Example:

Suppose we want the multiplicative inverse of < mod


9/23

Cryptanalysis of Multiplicati!e Ciphers

Suppose the plaintet is a and the ciphertet is b thecryptanalyst must solve

bk a m=×

for some k . 'f m is prime

mbak mod1−

=

'f the modulus is nonGprime6 then the plaintet may have acommon factor with m. The cryptanalyst must solve

ps pr k pq mod)( =

which gives the eLuation

psr qk mod=

!y calculating

9


10/23

psrqk mod1−=

one possible value for the key is obtained. The others are

sk + 6 sk 2+ 6 sk 3+ 6 ...

10


11/23

Example

'f we know that plaintet ; produces ciphertet ;9 mod 9;

521mod6821mod174

21mod5421mod45

4,5,3

)mod(

21mod1215

1

==×=

×=⇔=

===⇒

=

=

−k k

r q p

ps pr pqk

k

Since 7= s the keys ;9 and ; are also possible so we needsome further plaintet G ciphertet pairs to determine a uniLuevalue for the key.

,evertheless6 a multiplicative cipher is not significantly harder

to break than an additive cipher.

11


12/23

A Complexity Measure for Security

echnolo&y is notoriously hard to predict:

#here a calculator on the $%&'( is e)uipped with *+,vacuum tubes and weighs tons, computers in the futuremay have only *, vacuum tubes and weigh only * tons.

EPopular +echanics6 +arch ;=F

'n this section we eamine the theory that can give someassurance that a cryptosystem will be secure in the future.

'ne+way *unctionsThe concept of a one-way function is fundamental to moderncryptography.

Such a function6 say )( x f 6 is a function that is easy to computebut which is etremely difficult to invert.

#ample .9G; /actorisation

The Luestion: M2hat is the product of 988

12


13/23

!0T the Luestion: M2hat are the prime factors of >>88NO ismuch harder.

-/

$actorise ;


14/23

&ndiv. "rocedures01ash021'-*

2rite down the hash of startingeampleGen

,ow go to:

/ile0Open

and -pen CrypToolGen and compute its hash using the S&AG;function.

2rite down the hash of CrypToolGen and compare it with thatof startingeampleGen.

2hat do you observeN

One-way hash function is designed so that )( x H y = is easyto compute but given y finding any x such that )( x H y = isetremely hard and finding any x; and x9 such that )()( 21 x H x H =

is etremely hard.

&ash functions are widely used in wireless systems to verifythe authenticity of messages

S&AG; is a oneGway hash function

rapdoor 'ne+way *unctions

A trap door oneGway function is a oneGway function together

14


15/23

with a certain piece of additional information Ethe MtrapdoorOF

that enables easy calculation of fG;.

$or eample: one of the factors of ;


16/23

Crypto&raphic Applications of 'ne+way *unctions

#assword #rotection

Stream Cipher:

A oneGway hash function could be used to create a securestream cipher as in the diagram below.

Since the input to the oneGway function cannot be determinedfrom its output6 the state of the counter cannot be determined.

Block Cipher AES

#u(lic )ey Crypto&raphy 0SA

Messa&e Authentication in a #u(lic )ey System

16

Output Stream

Counter

One WayHash Function


17/23

Asymptotic Complexity

A problem with compleity n 3 will be harder to solve than aproblem with compleity *n for all inputs of sie greaterthan ;86888.

hus we choose to i&nore constant factors to &et a de&ree of technolo&y independence1 since chan&es in

technolo&y only affect constant factors.

The graph below shows how some functions vary with n.

l G En D

Hn FnCn Bn A 23

>>>)log()exp( .

This is true regardless of the values of the constants AG'.

17


18/23

n

$igure: /elative rate of %rowth of common functions

18

0

50

100

150

200

250

300

350

400

0 5 10 15 20 25 30

Aexp(Bn)

Cn Dlog(En) Fn3G

Hn2I n

f4n5


19/23

Comparin& the asymptotic ma&nitude of twofunctions

's nn ba > for large enough n and for all values of a E;F and bN

'f we take logs of both sides we obtain the eLuivalentcondition

2

log

log

log

log

loglog

>

⇔>

⇔>

a

bn

a

b

n

n

bnan

So there will be a member of the set of natural numbers

n 6 7, *, 3, 89 to satisfy this condition for any a E;F and b6so na is always greater than nb .

2e ignore terms that are insignificant for very large n. Thusfor eample we shall not distinguish between n andn;*n;3


20/23

otation for Asymptotic Complexity

=omain n 6 7, *, 3, 89.

U""$> BOU%=))(()( n g On f ∈ ? f4n5 grows no more )uickly than g4n5@.

AO#$> BOU%=))(()( n g n f Ω∈ ?f4n5 grows at least as )uickly as g4n5@.

&C1 BOU%=))(()( n g On f ∈ and ))(()( n g n f Ω∈ write ))(()( n g n f Θ∈

Example(onsider the function n10

his is )1(Ω , )( 5nΩ , )( log nnΩ , )105( n×Ω and )10( lognn n+Ω .

/ecall for n105× we ignore constant factors like ×5 and fornn

nlog

+10 we ignore nnlog because it grows more slowly thann

10 .

&t is also )10( nO , ( )nO 510 , )105( nO × and )10( log nn nO + .,ote the in n510 is not a constant factor.1ence in addition )105( n×Θ and )10( log nn n+Θ .

20


21/23

Measurin& the Complexity of a #ro(lem

#rimiti!e 'perations

Problem solution time is measured by the number of steps6 orprimiti!e operations that must be performed. 0sually6

•

They can be computed in a time that is independent of theirarguments.

• They have a finite domain G they accept as input only a

fied number of distinct values.

• They can be implemented by fied sie logic circuits.

+ore formally6 the EtimeF compleity of a problem is generallystated as the number of primitive steps reLuired by somemodel of computation.

21


22/23

Classifyin& 3ecision #ro(lems #

Class P: functions whose compleity is no greater than )( ano

for some constant a.

Problems in P are regarded as easy or feasible6 andproblems that are not are regarded as hard or infeasible orintractable.

A problem has at least eponential time compleity if itscompleity is )( naΩ and such problems are provably intractablefor large n.

Example A polynomial function and an exponentialfunction

Compare operations reLuired for n*

and *.*n

, n* *.*n

9 1024210 = 21.11.1 2 =

;8883010 101000 = 411000 1047.21.1

×=

22


23/23

Scala(le cryptosystems

A cryptosystem is scalable if it allows us to set the

cryptanalyst a harder task whenever the time spent onencryption and decryption is increased6 by using a longer key.

To achieve scalability6 it must be arranged that as thecryptosystem is scaled up6 the time reLuired for cryptanalysisincreases much faster than the time spent on encryption and

decryption.

A modern scalable cryptosystem is designed so thatencryption and decryption are computationally feasible butidentification of the key by a cryptanalyst is infeasible.

• A problem is considered feasible if it is in class P and

infeasible if it is not.

• 't follows that cryptosystems are designed so that

encryption and decryption are in P and cryptanalysis isnot.

!y choosing a sufficiently large key the cryptographer canensure that the cryptanalyst cannot afford sufficient computerpower to attack it.

A user of A#S can implement it as a scalable cryptosystem byincreasing its key lengthI A#S supports key sies of ;9@6 ;96and 9> bits. '### @89.;;i recommends the use of A#S.

wireless comm systems2

Documents

Transcript of wireless comm systems2