conventional encryption

7/29/2019 conventional encryption

1/15

Chapter 2

CONVENTIONAL ENCRYPTION:

CLASSICAL TECHNIQUES

Yeuan-Kuen LeeSeptember

Ch 2 Conventional Encryption: Classical Techniques 2

Outline

9Conventional Encryption Model

9 Steganography

9 Classical Encryption Techniques


2.1 Conventional Encryption Model

Figure 2.1 Simplified Model of Conventional Encryption



9 Plaintext9 Original intelligible message

9Ciphertext9 Apparently random nonsense message

9 Encryption process

9 An algorithm - produce a different output dependingon the specific key being used at the time.

9 A key a value independent of plaintext, shared bysender and recipient.


2/15



9 The ciphertext can be transformed back to the original

plaintext by using a decryption algorithm and the samekey that was used for encryption.

9 The security of conventional encryption depends on the

secrecy of the key, not the secrecy of the algorithm.

9 It is impractical to decrypt a message based on the

ciphertext plus knowledge of the encryption/decryption

algorithm.

9 The principal security problem is maintaining the secrecyof the key.



Encryption

Algorithm

Encryption

Algorithm

Decryption

Algorithm

Decryption

Algorithm

CryptanalystX

K

DestinationMessage

source

Key

source

Secure channel

X Y X

PlaintextX = [X1, X2, , XM]

KeyK = [K1, K2, , KJ]

K

CiphertextY = [Y1, Y2, , YN]

Encryption algorithm ( E )Y = EK(X)

Decryption algorithm ( D )

X = DK(Y)

Figure 2.2 Model of Conventional Cryptosystem



9 An opponent

9 Observing Y, but not having access to K and X, may

attempt to recover X or K, or both X and K.9 Assumed that the opponent knows E and D

9 If only the message is interested, then an estimated

plaintext is generated.

9 If future messages are interested, then an estimated

key is generated.

X

K



9 Cryptography - the art of secret writing.9 Classified along three independent dimensions:

1. The type of operations used for transforming

plaintext to ciphertext. Substitution

Transposition

2. The number of keys used. Symmetric, single-key, secret-key encryption

Asymmetric, two-key, public-key encryption

3. The way in which the plaintext is processed. Block cipher

Stream cipher


3/15



9 Cryptanalysis

9 The process of attempting to discover X or K or both.

9 Table 2.1 summarizes the various types ofcryptanalytic attacks based on the amount ofinformation known to the cryptanalyst.

9 Ciphertext only attack -

9 Known to cryptography

1. Encryption algorithm

2. Ciphertext to be decoded

9 Brute-force approach of trying all possible keys

9 Statistical tests: type of plaintext



9 Cryptanalysis (Conti.)

9 Known plaintext attack




3. One or more plaintext-ciphertext pairs formed with thesecret key

9 Probable-word attack may have little knowledge ofwhat is in the message

9 Accounting file: placement of certain key words

9 Copyright statement in some standardized position




9 Chosen-plaintext attack




3. Plaintext message chosen by cryptanalyst, together withits corresponding ciphertext generated with the secretkey

9 Example: password file

9 Differential cryptanalysis (explored Ch3)




9 Chosen-ciphertext attack




3. Purported ciphertext chosen by cryptanalyst, togetherwith its corresponding decrypted plaintext generatedwith the secret key

9 Chosen-text attack chosen-plaintext or chosen-ciphertext attack


4/15




9 Only relative weak algorithms fail to withstand aciphertext-only attack.

9 Generally, an encryption algorithm is designed towithstand a know-plaintext attack.



9 Unconditionally secure9 If the ciphertext generated by an encryption scheme does not

contain enough information to determine uniquely thecorresponding plaintext, no matter how much ciphertext isavailable and how much time an opponent has.

9 No encryption algorithm is unconditionally secure, except theone-time pad scheme

9 Conditionally secure1. The cost of breaking the cipher exceeds the value of the

encrypted information

2. The time required to break the cipher exceeds the usefullifetime of the information



Key Size (bits) Number ofalternative keys

Time required at1 encryption/us

Time required at106 encryption/us

32 232 = 4.3*109 231 us = 35.8 min 2.15 ms

56 256 = 7.2*1016 255 us = 1142 years 10.01 hrs

128 2128 = 3.4*1038 2127 us = 5.4*1024 years 5.4*1018 years

26 char perm. 26! = 4*1026 2*1026 us = 6.4*1012years 6.4*106 years

Table 2.2 Average Time Required for Exhaustive Key Search


2.2 Steganography

9 Cryptography9 crypto graphy : secret writing

9 Conceal the meaning of message

9 Steganography9 stegano graphy : covered writing

9 Conceal the existence of message


5/15


2.2 Steganography

9 Stegosaur (Roof Lizard)


2.2 Steganography

Dear George,

Greetings to all at Oxford. Many thanks for yourLetter and for the summer examination package.All Entry Forms and Fees Forms should be readyfor final despatch to the syndicate by Friday20th or at the very latest, Im told, by the 21st.

Admin has improved here, though theres roomfor improvement still; just give us all two or three

more years and well really show you! Pleasedont let these wretched 16 + proposals destroy

your basic O and A pattern. Certainly thissort of change, if implemented immediately,would bring chaos.

Sincerely yours,


2.2 Steganography

9 Historical steganographic techniques

9 Character marking

9Invisible ink

9 Pin punctures

9 Typewriter correction ribbon


2.2 Steganography

Conceal the existence of message

Steganography

CryptographyConceal the meaning of message


6/15


2.2 Steganography

9 General Steganographic Model

image,textaudio,video

CompressingCompressing

EncryptingEncrypting

EmbeddingEmbedding

Message

DecompressingDecompressing

DecryptingDecrypting

ExtractingExtracting

Message

Stego-media

Cover-media

Stego-key Stego-key

Warden

Sender

(Blindness)

Receiver


2.2 Steganography

9 Requirements of a Steganographic System

9 Imperceptible (image fidelity)

9 Undetectable (Steganalysis)

9 Security

9 Payload

9 Limited Robustness


2.2 Steganography

9 Steganalysis

9 The art of detecting any hidden message onthe communication channel.

9 If the existence of the hidden message isrevealed, the goal of steganography isdefeated.

9 Two types of steganalytic techniques

9 Visual attack

9 Statistical attack


2.2 Steganography

luminance-ordered palette in stego-image

palette in cover-image

Result of the Airfield image embedded in the8-bit Renoir with S-Tools. (the cover imagewas reduced from 248 to 32 unique colors)

9 Specific Pattern of S-Tools


7/15


2.3 Classical Encryption Techniques

9 Two basic building blocks

9 Substitution techniques - the letters of plaintextare replaced by other letters or by numbers of symbols

- Caeser cipher

- Monoalphabetic cipher

- Playfair cipher

- Hill cipher

9Transposition techniques - performing some sortof permutation on the plaintext letters

9 Rotor machines - multiple stages of encryption



9 Caesar cipher

9 Replacing each letter of the alphabet with the letterstanding three places further down the alphabet

9 Transformation

Cipher: P H H W P H D I W H U W K H W R J D S D U W B

Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z

Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Plain: m e e t m e a f t e r t h e t o g a p a r t y



9 Caesar cipher (Conti.)

9 If we assign a numerical equivalent to each letter(a=0, b=1, c=2etc), then for each plaintext letter p,

substitute the ciphertext letter C :C = E(p) = (p + 3) mod 26

9 General Caesar algorithm

C = E(p) = (p + k) mod 26

where 1 k 25

9 Decryption algorithm

p = D(C) = (C - k) mod 26



9 Caesar cipher (Conti.)9 Brute-force cryptanalysis

9 Why? Three important characteristics:

1. The encryption and decryption algorithms are known.

2. There are only 25 keys to try.

3. The language of the plaintext is known and easilyrecognizable.

< Fig.2.5 >Using ZIP algorithm to Compress the plaintext before encryption

Fig.2.4


8/15



9 Monoalphabetic cipher

9 An arbitrary substitution is used

9 26! ( 41026 ) possible keys:to eliminate brute-force attack (table 2.2)

9 If the cryptanalyst knows the nature of theplaintext (e.g., noncompressed English text), thenthe analyst can exploit the regularities of thelanguage.

9 < Fig.2.6 >Relative frequency of letters in English text



Fig. 2.6 Relative frequency of letters in English text



9 Monoalphabetic cipher (Conti.)9 Digram two-letter combination

9 Frequency of diagrams is a powerful regularity.

9 The most common digram is th. (ZW)

9 Trigram three-letter combination

9 The most frequent trigram is the. (ZWP)

9 Homophone

9 Provide multiple substitutes for a single letter

9 Multiple-letter patterns (e.g., digram frequencies)still survive in the ciphertext



9 Playfair cipher

9 The best-known multiple-letter encryption cipher

9Treat digrams in the plaintext as single units andtranslates these units into ciphertext digrams.

9 5*5 matrix of letters

constructed using a keyword.

MM RROO NN AA

CC DDHH YY BB

EE KKFF GG I/JI/J

LL TTPP QQ SS

UU ZZVV WW XX


9/15



9 Playfair cipher (Conti.)

9 Plaintext is encrypted two letters at a time, according tothe following rules:

1. Repeating plaintext letter that would fall in the same pairare separated with a filler letter (such as x)

[ balloon ] [ ba lx lo on ]

2. Plaintext letters that fall in thesame row of the matrix are

replaced by the letter to theright in a circular fashion

[ ar ] [ RM ]

MM RROO NN AA

CC DDHH YY BB

EE KKFF GG I/JI/J

LL TTPP QQ SS

UU ZZVV WW XX



9 Playfair cipher (Conti.)

3. Plaintext letters that fall in the same column of thematrix are replaced by the letter beneath, with the topelement of the column circularity following the last.

[ mu ] [ CM ]

4. Otherwise, each plaintext letteris replaced by the letter that liesin its own row and the columnoccupied by the other plaintext

letter.[ hs ] [ BP ],[ ea ] [ IM ] ( or [ JM ] )

MM RROO NN AA

CC DDHH YY BB

EE KKFF GG I/JI/J

LL TTPP QQ SS

UU ZZVV WW XX



9 Playfair cipher (Conti.)9 There are 26*26=676 digrams, so that identification of

individual digrams is more difficult.

9The relative frequencies of individual letters exhibit amuch greater range than that of diagrams, makingfrequency analysis much more difficult.

9 Standard field system by the British Army in WWI

9 Considerable use by the U.S. Army and other alliedforces during WWII.

9 However, it still leaves much of the structure of theplaintext language intact.



Fig.2.7 Relative Frequency of Occurrence of Letters.


10/15



9 Hill cipher

9 Lester Hill, 19299 Take m successive plaintext letters and substitutes for

them m ciphertext letters

9 The substitution is determined by m lineartransformation.

9 For m = 3,C1 = (k11p1+k12p2+k13p3) mod 26C

2

= (k21

p2

+k22

p2

+k23

p3

) mod 26C3 = (k31p3+k32p2+k33p3) mod 26



9 Hill cipher (Conti.)

9 Matrix-vector form

C = KPwhere C and P are column vectors of length 3,representing the plaintext and ciphertext, and K is a

3*3 matrix, representing the encryption key.Operation are performed mod 26.

=

3

2

1

333231

232221

131211

3

2

1

p

p

p

kkk

kkk

kkk

c

c

c



9 Hill cipher (Conti.)9 Example:

9 Plaintext paymoremoney

9 Key

9 The first three letters is pay = (15, 0, 24) t

9 C = KP mod 26 = (375, 819, 486) t mod 26= (11, 13, 18) t = LNS

9 Ciphertext LNSHDLEWMTRW

1922

211821

51717

K

=



9 Hill cipher (Conti.)9 Decryption requires using K-1, the inverse of the

matrix K,

9 KK-1 = K-1K=I

9 General Expressions

C = EK(P) = KP

P = DK(C) = K-1C = K-1KP = P

17024

61715

1594

K1-

=


11/15




9 As with Playfair, the strength of the Hill cipher is thatit completely hides single-letter frequencies.

9 A 3*3 Hill cipher hides not only single-letter but two-letter frequency information.

9 Use a larger matrix hides more frequency information

9 Strong against a ciphertext-only attack

9 Easily broken with a known plaintext attack.




9 For an m*m Hill cipher,suppose we have m plaintext-ciphertext pairs,each of length m.

9 Pj = ( p1j, p2j, p3j, p4j . . ., pmj )

9 Cj = ( c1j, c2j, c3j, c4j . . ., cmj )

9 Cj = KPj for 1 j m and for some unknown keymatrix K.

9 Define X = (pij) , Y = (cij). Y = XK

9 If X has an inverse, K =X-1Y



9 Polyalphabetic ciphers9 Use different monoalphabetic substitutions as one

proceeds through the plaintext message

1. A set of related monoalphabetic substitution rules isused.

2. A key determines which particular rule is chosen for agiven transformation.

9 Vigenere cipher9 26 Caesar ciphers are used, with shifts of 0 through 25

9 Each cipher is denoted by a key letter (from a to z)



Table 2.4 The Modern Vigenere Tablean


12/15



9 Vigenere cipher (Conti.)

9 Given a key letter xand a plaintext letter y, theciphertext letter is at the intersection of the rowlabeled xand the column labeled y

9 The strength is that there are multiple ciphertext

letters for each plaintext letter, one for each uniqueletter of the keyword.

key: d e c e p t i v e d e c e p t i v e d e c e p t i v e

plaintext: w e a r e d i s c o v e r e d s a v e y o u r s e l f

ciphertext: Z I C V T W Q N G R Z G V T W A V Z H C Q Y G L M G J




9 Not all knowledge of the plaintext structure is lost.Example: Fig. 2.7.

9 Attack:

1. Either monoalphabetic substitution or a Vigenerecipher?

If a monoalphabetic substitution is used, then thestatistical properties of the ciphertext should be thesame as that of the language of the plaintext.

Referring to Fig. 2.6



9 Vigenere cipher (Conti.)9 Attack (Conti.)

2. How to determine the keyword length?

9 If two identical sequences of plaintext letters occur ata distance that is an integer multiple of the keywordlength, they will generate identical ciphertext sequences

9 An analyst looking at only the ciphertext can detect therepeated sequences, e.g., VTW at a displacement of 9.Assume that the keyword either 3 or 9 in length

9 By looking for common factors in the displacements ofthe various sequences, the analyst will make a good guessof the keyword length.



9 Vigenere cipher (Conti.)9 Attack (Conti.)

3. If the keyword length is N, then the cipher consists

of N monoalphabetic substitution ciphers.9 The letters at positions 1, N+1, 2N+1, and so on will be

encrypted with the same monoalphabetic ciphers.

4. Each monoalphabetic ciphers can be attacked usingfrequency characteristics

9 Using a non-repeating keyword can eliminate theperiodic nature


13/15




9 Autokey system a keyword is concatenated with theplaintext itself to provide a running key

9 Statistical techniques can be applied to cryptanalysissince the key and the plaintext share the same

frequency distribution of lettersExample: e enciphered by e can be expeated to occurwith a frequency of (0.1275)2=0.0163

key: d e c e p t i v e w e a r e d i s c o v e r e d s a v

plaintext: w e a r e d i s c o v e r e d s a v e y o u r s e l f

ciphertext: Z I C V T W Q N G K Z E I I G A S X S T S L V V W L A




9 Ultimate defense - To choose a keyword that is aslong as the plaintext and has no statisticalrelationship to it

9 Vernam cipher: 1918, AT&T engineer, Gilbert Vernam9 binary data

9 Ci = pi kipi = ith binary digit of plaintext

ki = ith binary digit of key

Ci = ith binary digit of ciphertext = exclusive-or (XOR) operation

9 pi = Ci ki



9 Vigenere cipher (Conti.)9 Vernam cipher (Conti.)

9 The essence of this technique is the mean of

construction of the key.9 Use a running loop of tape as keyword : a very long but

repeating keyword

9 Can be broken with sufficient ciphertext, the use ofknown or probable plaintext sequences, or both.



9 Vigenere cipher (Conti.)9 One-time pad

9 Army Signal Corp officer, Joseph Mauborgne

9 Using a random key that was truly as long as the message9 Unbreakable

9 Produce random output that bears no statisticalrelationship to the plaintext

9 The practical difficult sender and receiver must bein possession of, and protect, the random key.


14/15



9 Transposition Techniques

9 Performs some sort of permutation on the plaintextletters

9 Rail fence technique

9 The plaintext is written down as a sequence of diagonalsand then read off as a sequence of rows

9 Plaintext meet me after the toga party

9 m e m a t r h t g p r y

e t e f e t e o a a t9 Ciphertext MEMATRHTGPRYETEFETEOAAT



9 Transposition Techniques (Conti.)

9 A more complex scheme9 to write the message in a rectangle, row by row, and

read the message off, column by column, but permutethe order of the columns.

9 The order of the columns then becomes the key.

9 Plaintext attack postponed until two am xyz

Key: 4 3 1 2 5 6 7plaintext: a t t a c k p

o s t p o n ed u n t i l tw o a m x y z

Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ



9 Transposition Techniques (Conti.)9 Perform more than one stage of transposition

9 Key: 4 3 1 2 5 6 7

plaintext: t t n a a p tm t s u o a od w c o i x kn l y p e t z

Ciphertext: NSCYAUOPTTWLTMDNAOIEPAXTTOKZ



9 Transposition Techniques (Conti.)9 Perform more than one stage of transposition (Conti.)

9 The original sequence of letters is01 02 03 04 05 06 07 08 09 10 11 12 13 14

15 16 17 18 19 20 21 22 23 24 25 26 27 28

9 After the first transposition:03 10 17 24 04 11 18 25 02 09 16 23 01 0815 22 05 12 19 26 06 13 20 27 07 14 21 28

9 After the second transposition:17 09 05 27 24 16 12 07 10 02 22 20 03 2515 13 04 23 19 14 11 01 26 21 18 08 06 28

9 This is a much less structured permutation and is muchmore difficult to cryptanalysis.


15/15



9 Rotor machines

Edward Heberns Electric Code Machine, 1921U.S. Patent 1683072.

Rotors are 75a-e.



9 Rotor machines (Conti.)

9 Consists of a set of independently rotating cylinders

9 A single cylinder defines a monoalphabeticsubstitution

9 After each input key is depressed, the cylinder rotatesone position, so that the internal connections areshifted accordingly. Thus, a different monoalphabeticsubstitution cipher is defined.

9A polyalphabetic substitution algorithm with a periodof 26.



9 Rotor machines (Conti.)9 Multiple cylinders

9 The output pins of one cylinder are connected to theinput pins of the next

9 The cylinder farthest from the operator inputrotates one pin position with each keystroke

9 For every complete rotation of the outer cylinder, themiddle cylinder rotates one pin position

9 For every complete rotation of the middle cylinder,the inner cylinder rotates one pin position

9 26*26*26=17576 different substitution algorithms

9 Point to the way to DES



Fig. 2.8 Three-Rotor Machine with wiring represented by numbered contacts.

conventional encryption

Documents