cryptography in world war ii jefferson institute for lifelong learning at uva
DESCRIPTION
Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa Spring 2006 David Evans. Class 1: Introduction and Cryptography before World War II. Bletchley Park, Summer 2004. http://www.cs.virginia.edu/jillcrypto. Overview. Introduction, Pre-WWII cryptology - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/1.jpg)
Cryptography in World War IIJefferson Institute for Lifelong Learning at UVa
Spring 2006 David Evans
Class 1:Introduction
and Cryptography
before World War II
http://www.cs.virginia.edu/jillcryptoBletchley Park, Summer 2004
![Page 2: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/2.jpg)
2JILL WWII Crypto Spring 2006 - Class 1: Introduction
Overview1. Introduction, Pre-WWII cryptology2. Lorenz Cipher (Fish)
– Used by Nazis for high command messages– First programmable electronic computer built
to break it3. Enigma Cipher
– Used by German Navy, Army, Air Force– Broken by team including Alan Turing
4. Post-WWII– Modern symmetric ciphers– Public-Key Cryptography
![Page 3: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/3.jpg)
3JILL WWII Crypto Spring 2006 - Class 1: Introduction
Menu• Introduction to Cryptology
– Terminology– Principles– Brief history of 4000 years of Cryptology
• Cryptology before World War II– A simple substitution cipher– [Break]– Breaking substitution cipher– Vigenère Cipher
![Page 4: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/4.jpg)
4JILL WWII Crypto Spring 2006 - Class 1: Introduction
Jefferson Wheel Cipher
![Page 5: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/5.jpg)
5JILL WWII Crypto Spring 2006 - Class 1: Introduction
What is cryptology?• Greek: “krypto” = hide• Cryptology – science of hiding
– Cryptography, Cryptanalysis – hide meaning of a message
– Steganography, Steganalysis – hide existence of a message
• Cryptography – secret writing• Cryptanalysis – analyzing (breaking) secrets
Cryptanalysis is what attacker doesDecipher or Decryption is what legitimate receiver does
![Page 6: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/6.jpg)
6JILL WWII Crypto Spring 2006 - Class 1: Introduction
Cryptology and SecurityCryptology is a branch of
mathematics.
Security is about people.
Attackers try find the weakest link. In most cases, this is not the mathematics.
![Page 7: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/7.jpg)
7JILL WWII Crypto Spring 2006 - Class 1: Introduction
Introductions
Encrypt DecryptPlaintext Ciphertext Plaintext
Alice BobEve(passive attacker)
Insecure Channel
![Page 8: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/8.jpg)
8JILL WWII Crypto Spring 2006 - Class 1: Introduction
Introductions
Encrypt DecryptPlaintext Ciphertext Plaintext
Alice BobMalice(active attacker)
Insecure Channel
![Page 9: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/9.jpg)
9JILL WWII Crypto Spring 2006 - Class 1: Introduction
CryptosystemCiphertext = E(Plaintext)
Plaintext = D(Ciphertext)Required property: E must be invertible
Desired properties: Without knowing D must be “hard” to invertE and D should be easy to computePossible to have lots of different E and D
![Page 10: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/10.jpg)
10JILL WWII Crypto Spring 2006 - Class 1: Introduction
“The enemy knows the system being used.”
Claude Shannon
![Page 11: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/11.jpg)
11JILL WWII Crypto Spring 2006 - Class 1: Introduction
Kerckhoff’s Principle• French handbook of military cryptography,
1883• Cryptography always involves:
– Transformation– Secret
• Security should depend only on the key• Don’t assume enemy won’t know algorithm
– Can capture machines, find patents, etc.– Too expensive to invent new algorithm if it might
have been compromised
Axis powers often forgot this
![Page 12: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/12.jpg)
12JILL WWII Crypto Spring 2006 - Class 1: Introduction
http://monticello.org/jefferson/wheelcipher/
![Page 13: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/13.jpg)
13JILL WWII Crypto Spring 2006 - Class 1: Introduction
Symmetric CryptosystemCiphertext = E (K, Message) Message = D (K, Ciphertext)
Desired properties: 1.Kerckhoff’s: secrecy depends only on K2.Without knowing K must be “hard” to invert3.Easy to compute E and D
All cryptosystems until 1970s were like this. Asymmetric cryptosystems allow encryption and
decryption keys to be different.
![Page 14: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/14.jpg)
14JILL WWII Crypto Spring 2006 - Class 1: Introduction
Really Brief History First 4000 years
Cryptographers
Cryptanalysts
3000BC
monoalphabetics
900
al-Kindi - frequency analysis
Alberti – first polyalphabetic cipher
1460
Vigenère
1854
Babbage breaks Vigenère;Kasiski (1863) publishes
![Page 15: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/15.jpg)
15JILL WWII Crypto Spring 2006 - Class 1: Introduction
Really Brief History - last 100+ years
Cryptographers
Cryptanalysts
1854 1918
Mauborgne – one-time pad
Mechanical ciphers - Enigma
1939
Rejewski repeated message-key attack
Turing’s loop attacks, Colossus
Enigma adds rotors, stops repeated key
1945
Feistel block cipher, DES
Linear, Differential Cryptanalysis
?
1973
Public-Key
Quantum Crypto
1895 – Invention of Radio
1978
![Page 16: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/16.jpg)
16JILL WWII Crypto Spring 2006 - Class 1: Introduction
Themes• Arms race: cryptographers vs. cryptanalysts
– Often disconnect between two (e.g., Mary Queen of Scots uses monoalphabetic cipher long after known breakable)
• Motivated by war (more recently: commerce)• Driven by advances in technology,
mathematics– Linguists, classicists, mathematicians, computer
scientists, physicists• Secrecy often means advances rediscovered
and mis-credited
![Page 17: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/17.jpg)
17JILL WWII Crypto Spring 2006 - Class 1: Introduction
Types of Attacks• Ciphertext-only - How much Ciphertext?• Known Plaintext - often “Guessed Plaintext”• Chosen Plaintext (get ciphertext)
– Not as uncommon as it sounds!• Chosen Ciphertext (get plaintext)• Dumpster Diving• Social Engineering• “Rubber-hose cryptanalysis”
– Cryptanalyst uses threats, blackmail, torture, bribery to get the key
![Page 18: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/18.jpg)
18JILL WWII Crypto Spring 2006 - Class 1: Introduction
Security vs. Pragmatics• Trade-off between security and effort
– Time to encrypt, cost and size of equipment, key sizes, change frequency
– One-time pad (1918) offers theoretically “perfect” security, but unacceptable cost
• Compromises lead to insecurity (class 2)• Commerce
– Don’t spend $10M to protect $1M– Don’t protect $1B with encryption that can be
broken for $1M• Military
– Values (and attacker resources) much harder to measure
![Page 19: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/19.jpg)
19JILL WWII Crypto Spring 2006 - Class 1: Introduction
Simple Substitution Cipher• Substitute each letter based on
mapping• Key is alphabet mapping:
a J, b L, c B, d R, ..., z F• How secure is this cipher?
![Page 20: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/20.jpg)
20JILL WWII Crypto Spring 2006 - Class 1: Introduction
Key Space• Number of possible keys
26 (ways to choose what a maps to)* 25 (b can map to anything else)* 24 (c can map to anything else) … * 1 (only one choice left for z)= 26! = 403291461126605635584000000If every person on earth tried one per second, it would take 5B years to try them all.
![Page 21: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/21.jpg)
21JILL WWII Crypto Spring 2006 - Class 1: Introduction
Really Secure?• Key space gives the upper bound
– Worst possible approach for the cryptanalyst is to try all possible keys
• Clever attacker may find better approach:– Eliminate lots of possible keys quickly– Find patters in ciphertext– Find way to test keys incrementally
![Page 22: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/22.jpg)
22JILL WWII Crypto Spring 2006 - Class 1: Introduction
Monoalphabetic Cipher
“XBW HGQW XS ACFPSUWG FWPGWXF CF AWWKZV CDQGJCDWA CD BHYJD DJXHGW; WUWD XBW ZWJFX PHGCSHF YCDA CF GSHFWA LV XBW KGSYCFW SI FBJGCDQ RDSOZWAQW OCXBBWZA IGSY SXBWGF.”
![Page 23: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/23.jpg)
23JILL WWII Crypto Spring 2006 - Class 1: Introduction
Frequency Analysis “XBW HGQW XS ACFPSUWG FWPGWXF CF AWWKZV CDQGJCDWA CD BHYJD DJXHGW; WUWD XBW ZWJFX PHGCSHF YCDA CF GSHFWA LV XBW KGSYCFW SI FBJGCDQ RDSOZWAQW OCXBBWZA IGSY SXBWGF.”
W: 20 “Normal” English:C: 11 e 12%F: 11t 9%G: 11 a 8%
![Page 24: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/24.jpg)
24JILL WWII Crypto Spring 2006 - Class 1: Introduction
Pattern Analysis “XBe HGQe XS ACFPSUeG FePGeXF CF AeeKZV CDQGJCDeA CD BHYJD DJXHGe; eUeD XBe ZeJFX PHGCSHF YCDA CF GSHFeA LV XBe KGSYCFe SI FBJGCDQ RDSOZeAQe OCXBBeZA IGSY SXBeGF.”
XBe = “the”Most common trigrams in English:
the = 6.4%and = 3.4%
![Page 25: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/25.jpg)
25JILL WWII Crypto Spring 2006 - Class 1: Introduction
Guessing “the HGQe tS ACFPSUeG FePGetF CF AeeKZV CDQGJCDeA CD hHYJD DJtHGe; eUeD the ZeJFt PHGCSHF YCDA CF GSHFeA LV the KGSYCFe SI FhJGCDQ RDSOZeAQe OCthheZA IGSY StheGF.”
S = “o”
![Page 26: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/26.jpg)
26JILL WWII Crypto Spring 2006 - Class 1: Introduction
Guessing “the HGQe to ACFPoUeG FePGetF CF AeeKZV CDQGJCDeA CD hHYJD DJtHGe; eUeD the ZeJFt PHGCoHF YCDA CF GoHFeA LV the KGoYCFe oI FhJGCDQ RDoOZeAQe OCthheZA IGoY otheGF.”
otheGF = “others”
![Page 27: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/27.jpg)
27JILL WWII Crypto Spring 2006 - Class 1: Introduction
Guessing “the HrQe to ACsPoUer sePrets Cs AeeKZV CDQrJCDeA CD hHYJD DJtHre; eUeD the ZeJst PHrCoHs YCDA Cs roHseA LV the KroYCse oI shJrCDQ RDoOZeAQe OCthheZA IroY others.”
“sePrets” = “secrets”
![Page 28: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/28.jpg)
28JILL WWII Crypto Spring 2006 - Class 1: Introduction
Guessing “the HrQe to ACscoUer secrets Cs AeeKZV CDQrJCDeA CD hHYJD DJtHre; eUeD the ZeJst cHrCoHs YCDA Cs roHseA LV the KroYCse oI shJrCDQ RDoOZeAQe OCthheZA IroY others.”
“ACscoUer” = “discover”
![Page 29: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/29.jpg)
29JILL WWII Crypto Spring 2006 - Class 1: Introduction
Guessing “the HrQe to discover secrets is deeKZV iDQrJiDed iD hHYJD DJtHre; eveD the ZeJst cHrioHs YiDd is roHsed LV the KroYise oI shJriDQ RDoOZedQe OithheZd IroY others.”
![Page 30: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/30.jpg)
30JILL WWII Crypto Spring 2006 - Class 1: Introduction
Monoalphabetic Cipher“The urge to discover secrets is deeply
ingrained in human nature; even the least curious mind is roused by the promise of sharing knowledge withheld from others.”
- John Chadwick, The Decipherment of Linear B
![Page 31: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/31.jpg)
31JILL WWII Crypto Spring 2006 - Class 1: Introduction
Why was it so easy?• Doesn’t hide statistical properties of
plaintext• Doesn’t hide relationships in plaintext
(EE cannot match dg)• English (and all natural languages) is
very redundant: about 1.5 bits of information per letter (~68% f ltrs r redndnt)– Compress English with gzip – about 1:6
![Page 32: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/32.jpg)
32JILL WWII Crypto Spring 2006 - Class 1: Introduction
How to make it harder?• Cosmetic• Hide statistical properties:
– Encrypt “e” with 12 different symbols, “t” with 9 different symbols, etc.
– Add nulls, remove spaces• Polyalphbetic cipher
– Use different substitutions• Transposition
– Scramble order of letters
![Page 33: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/33.jpg)
33JILL WWII Crypto Spring 2006 - Class 1: Introduction
Ways to Convince• “I tried really hard to break my cipher, but couldn’t.
I’m a genius, so I’m sure no one else can break it either.”
• “Lots of really smart people tried to break it, and couldn’t.”
• Mathematical arguments – key size (dangerous!), statistical properties of ciphertext, depends on some provably (or believed) hard problem
• Invulnerability to known cryptanalysis techniques (but what about undiscovered techniques?)
![Page 34: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/34.jpg)
34JILL WWII Crypto Spring 2006 - Class 1: Introduction
Vigenère• Invented by Blaise de Vigenère,
~1550• Considered unbreakable for 300
years• Broken by Charles Babbage but kept
secret to help British in Crimean War• Attack discovered independently by
Friedrich Kasiski, 1863.
![Page 35: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/35.jpg)
35JILL WWII Crypto Spring 2006 - Class 1: Introduction
Vigenère EncryptionKey is a N-letter string.EK (P) = C where
Ci = (Pi + Ki mod N) mod Z (size of alphabet)
E“KEY” (“test”) = DIQDC0 = (‘t’ + ‘K’) mod 26 = ‘D’C1 = (‘e’ + ‘E’) mod 26 = ‘I’C2 = (‘s’ + ‘Y’) mod 26 = ‘Q’C3 = (‘t’ + ‘K’) mod 26 = ‘D’
![Page 36: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/36.jpg)
36JILL WWII Crypto Spring 2006 - Class 1: Introduction
12345678901234567890123456789012345678901234567890123456Plain: ThebiggerboysmadeciphersbutifIgotholdofafewwordsIusuallyKey: KEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKE Cipher: DLCLMEQIPLSWCQYNIASTFOVQLYRSJGQSRRSJNSDKJCGAMBHQSYQEEJVC
7890123456789012345678901234567890123456789012345678901234 Plain: foundoutthekeyTheconsequenceofthisingenuitywasoccasionally Key: YKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYCipher: DYYLNSSDXFOOCIXFOGMXWCAYCXGCYJRRMQSREORSSXWGEQYGAKWGYRYVPW
5678901234567890123456789012345678901234567890123456789 Plain: painfultheownersofthedetectedcipherssometimesthrashedme Key: KEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYK Cipher: ZEGXJSVXFOSUXIPCSDDLCNIROGROHASTFOVQCSKOXGWIQDLPKWFOHKO
012345678901234567890123456789012345 Plain: thoughthefaultlayintheirownstupidity Key: YKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKE Cipher: XFYYERXFOJYEPRVEWSRRRIGBSUXWRETGNMRI
Charles Babbage (quoted in Simon Singh, The Code Book)
![Page 37: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/37.jpg)
37JILL WWII Crypto Spring 2006 - Class 1: Introduction
Babbage’s Attack• Use repetition to guess key length:
Sequence XFO appears at 65, 71, 122, 176.Spacings = (71 – 65) = 6 = 3 * 2
(122 – 65) = 57 = 3 * 19 (176 – 122) = 54 = 3 * 18
Key is probably 3 letters long.
![Page 38: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/38.jpg)
38JILL WWII Crypto Spring 2006 - Class 1: Introduction
Key length - Frequency• Once you know key length, can slice
ciphertext and use frequencies:L0: DLQLCNSOLSQRNKGBSEVYNDOIOXAXYRSOSGYKY VZXVOXCDNOOSOCOWDKOOYROEVSRBXENI
Frequencies: O: 12, S: 7, Guess O = e Ci = (Pi + Ki mod N) mod Z
‘O’ = (‘e’ + K0) mod 26
14 = 5 + 9 => K0 = ‘K’
![Page 39: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/39.jpg)
39JILL WWII Crypto Spring 2006 - Class 1: Introduction
Sometimes, not so lucky...L1: LMISQITVYJSSSJAHYECYSXOXGWYGJMRRXEGWRPEJXSI
SLIGHTVSXILWHXYXJPERISWTMS: 9, X: 7; I: 6 guess S = ‘e’‘S’ = (‘e’ + K1) mod 26
19 = 5 + 14 => K1 = ‘N’
‘X’ = (‘e’ + K1) mod 26
24 = 5 + 19 => K1 = ‘M’
‘I’ = (‘e’ + K1) mod 26
10 = 5 + 5 => K1 = ‘E’
![Page 40: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/40.jpg)
40JILL WWII Crypto Spring 2006 - Class 1: Introduction
Vigenère Simplification• Use binary alphabet {0, 1}:
Ci = (Pi + Ki mod N) mod 2
Ci = Pi Ki mod N
• Use a key as long as P:Ci = Pi Ki
• One-time pad – perfect cipher!
![Page 41: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/41.jpg)
41JILL WWII Crypto Spring 2006 - Class 1: Introduction
Perfectly Secure Cipher: One-Time Pad
• Mauborgne/Vernam [1917]• XOR ():
0 0 = 0 1 0 = 10 1 = 1 1 1 = 0
a a = 0a 0 = aa b b = a
• E(P, K) = P KD(C, K) = C K = (P K) K = P
![Page 42: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/42.jpg)
42JILL WWII Crypto Spring 2006 - Class 1: Introduction
Why perfectly secure?For any given ciphertext, all plaintexts are equally possible.Ciphertext: 01001Key1: 01001Plaintext1: 00000Key2: 10110Plaintext2: 11111
![Page 43: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/43.jpg)
43JILL WWII Crypto Spring 2006 - Class 1: Introduction
Perfect Security Solved?• Cannot reuse K
– What if receiver hasC1 = P1 K and C2 = P2 K
C1 C2 = P1 K P2 K = P1 P2
• Need to generate truly random bit sequence as long as all messages
• Need to securely distribute key
![Page 44: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/44.jpg)
44JILL WWII Crypto Spring 2006 - Class 1: Introduction
Next week:“One-Time” Pads in
Practice• Lorenz Machine• Nazi high command
in WWII– Operator errors:
reused key• Pad generated by 12
rotors– Not really random
![Page 45: Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa](https://reader035.vdocument.in/reader035/viewer/2022081520/568156f5550346895dc49ac5/html5/thumbnails/45.jpg)
45JILL WWII Crypto Spring 2006 - Class 1: Introduction
Public Lecture Tonight• David Goldschmidt,
“Communications Security: A Case History”– Director of Center for Communications
Research, Princeton– Enigma and how it was broken
• 7:30pm Tonight• UVa Physics Building, Room 203We will cover some of the same
material in the third class.