Crypto - Howard University

Download Report

Transcript Crypto - Howard University

Lecture 4: Crypto
SYCS 653 – Fall 2009
 Wayne Patterson

1
What is

Cryptography

Cryptography is the science, or art, of secret writing
The word itself is derived from the Greek, krupto, (kripto),
or hidden, and grafia, (grafia), or something which is
written.
i.e. cryptography is the making of codes

Cryptanalysis
the breaking of codes

Cryptology – the study combining both
Some History
2
How to Speak Crypto






A cipher or cryptosystem is used to encrypt the
plaintext
The result of encryption is ciphertext
We decrypt ciphertext to recover plaintext
A key is used to configure a cryptosystem
A symmetric key cryptosystem uses the same
key to encrypt as to decrypt
A public key cryptosystem uses a public key to
encrypt and a private key to decrypt (sign)
3
Crypto

Basic assumption



Also known as Kerckhoffs Principle


The system is completely known to the
attacker
Only the key is secret
Crypto algorithms are not secret
Why do we make this assumption?



Experience has shown that secret algorithms
are weak when exposed
Secret algorithms never remain secret
Better to find weaknesses beforehand
4
Crypto as Black Box
plaintext
key
key
encrypt
decrypt
plaintext
ciphertext
A generic use of crypto
5
Simple Substitution


Plaintext: fourscoreandsevenyearsago
Key:
Plaintext a b c d e f g h i j k l m n o p q r s t u v w x y z
Ciphertext D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Ciphertext:
IRXUVFRUHDAGVHYHABHDUVDIR
 Shift by 3 is “Caesar’s cipher”

6
Ceasar’s Cipher Decryption
 Suppose
we know a Ceasar’s cipher
is being used
 Ciphertext:
VSRQJHEREVTXDUHSDQWU
Plaintext a b c d e f g h i j k l m n o p q r s t u v w x y z
Ciphertext D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
 Plaintext:
spongebobsquarepants
7
Not-so-Simple Substitution



Shift by n for some n  {0,1,2,…,25}
Then key is n
Example: key = 7
Plaintext a b c d e f g h i j k l m n o p q r s t u v w x y z
Ciphertext H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
8
Cryptanalysis

Cryptography is a two-way street. For every
ingenious attempt to discover ways of hiding
information, usually equally ingenious solutions
are found to uncover this hidden information.
Indeed, usually the same scientists are concerned
both with devising cryptosystems and
cryptanalytic attacks.
9
Cryptanalysis I: Try Them All







A simple substitution (shift by n) is used
But the key is unknown
Given ciphertext: CSYEVIXIVQMREXIH
How to find the key?
Only 26 possible keys  try them all!
Exhaustive key search
Solution: key = 4
10
Did We Get the Right One?

One might ask the question, just because we
intercept some text, and through exhaustive
search, discover a message, how do we know
whether this is the proper decryption? In other
words, how do we know that we have computed
tk-1  tk(m) = m, rather than tk-1  tk(m) = m' ?
11
Exercise

Find two strings of the greatest length which
make sense in English and which are related by a
Caesar shift. (Example: t4(CAP) = GET. Thus,
t1(BZO) = CAP and t5(BZO) = GET. Ignore
blanks.)
12

The Caesar shift is not a very secure method of
message transmission. But it will serve to
illustrate some points and to define some terms.
13
General Form of a “Cryptosystem”

A “cryptosystem” consists of:

Messages, or cleartext, M

Ciphers, or ciphertext, C

A large set of invertible transformations from messages to
ciphers, k1,…,kn

Each transformation is called a “key”
“invertible” means there is a way of going backwards from
ciphers to messages.
14
The Model for a Cryptographic System

A general cryptographic system, or cryptosystem
can be defined as an ordered quadruple, or 4tuple,  = « K, M, C, T », where the elements of
the 4-tuple are defined as follows.
15

Let S be a finite set of symbols, to be called an
alphabet. For example, one might use { A, B, ...,
Z }, or { a, b, g, d, ..., w }, or { 0, 1 }. S* is the
set of all strings over the alphabet S. We will say
that a space is some subset S  S*.
16
Key Space and Ciphertext Space




K, the key space of a cryptosystem, is a space over some
alphabet S.
M, the message space, is a space over another alphabet,
S'.
C, the ciphertext space, is a space over a third alphabet,
S''.
Finally, T is a transformation T : K  M  C, such that each
restriction, tk : M  C, defined by tk(m) = T(k,m), is
invertible (that is, there exists a transformation tk-1 : C  M
such that tk-1  tk(m) = m,  m  M, and tk  tk-1 (c) = c, 
c  C).
17
Same Alphabets

Of course, in the above definition, it is possible
that the alphabets may be the same (S = S'= S''
); indeed that the message space and the
ciphertext space may be the same (M=C).
In the case of the Caesar shift, the 4-tuple is
Caesar = « K26, MRoman, MRoman, T26 »
18
Caesar Cipher Key Space

The key space, K26 = { 0, 1, 2, … , 25 },
represents the number of increments to the
message before coding; the message space and
ciphertext space consist of arbitrary strings over
the Roman alphabet (or strings of length 5 if
each block is considered a single message).
Finally, the transformation ti is defined as
ti(m) = ( (-1(m) + i ) mod 26 )
19
Working Assumption

Part of the assumption about a cryptosystem is
that the sender of a message, the receiver of a
message, and a potential interceptor of a
message as well, know what system is being
used. In addition, after the sender encrypts a
message (i.e. chooses a value k  K and applies
tk to the message m) and sends it; the receiver
must know how to compute the inverse tk-1, and
apply it to tk(m) to recover m = tk-1  tk(m).
20
A Basic Principle

FOR A CRYPTOSYSTEM TO BE SUCCESSFUL,
THE KEY SPACE MUST HAVE CARDINALITY
LARGE ENOUGH FOR AN EXHAUSTIVE KEY
SEARCH ATTACK TO BE COMPUTATIONALLY
INFEASIBLE.
21
Transposition Cryptosystems
22

A general transposition cryptosystem,
trans = « K, MRoman, MRoman, T »
is based on the following. Let N be a set of n
objects, perhaps the first n natural numbers. Let
K be the set of all permutations, , on N;
therefore a key value will be some permutation of
the first n numbers.
23
Position not Symbol

The encryption will map blocks of n letters to
blocks of n letters. The ith character of the
message text will be written to the (i)-th
position in the cipher text, where   . As an
example, if n=6, and the permutation (1 2 3 4 5
6) = (5 3 2 4 6 1), then the message “HOWARD"
is encrypted as “DWOAHR".
24
Will This Beat Exhaustive Search?

In this case, the size of the key space is n!, the
number of permutations of n things. n does not
have to be very large for n! searches to be
infeasible, even with the fastest computers and
the highest degree of parallelism.
25
Exercise:

Suppose that we can perform one search every
microsecond,of a key space based on the
permutations of 100 objects. How many minutes
of computing time will an exhaustive search
take?
26
Columnar Transposition

one method known as columnar transposition essentially
used a permutation generated by matrix transposition
followed by column permutation. If the key is the
permutation (1 2 3 4) = (4 1 3 2), then 16-character
blocks are written, in row-major order, into a 4-by-4
matrix:
PLAY IT AGAIN, SAMMY
P L A Y
I T A G

A I N S
A M M Y
27
Columnar Transposition

and then sent, using column-major order, with
the permutation of columns, to give ciphertext:

YGSY PIAA AANM LTIM
Consequently, a cryptanalyst, knowing that
this method was being used, would not have to
search through the 16!  2 x 1013 permutations
of 16 letters, but rather the 4! = 24 permutations
of four things (columns).
28
Substitution Cryptosystems

The other type of cryptosystem, the substitution
cryptosystem is based on permutations of the
underlying alphabet of M. The Caesar shift is
essentially a simple version of this approach.
29
Even-less-Simple Substitution
Key is some permutation of letters
 Need not be a shift
 For example

Plaintext a b c d e f g h i j k l m n o p q r s t u v w x y z
Ciphertext J I C A X S E Y V D K W B Q T Z R H F M P N U L G O

Then 26! > 288 possible keys!
30
Cryptanalysis II: Be Clever



We know that a simple substitution is used
But not necessarily a shift by n
Can we find the key given ciphertext:
PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXTOXBTFXQWAXB
VCXQWAXFQJVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJ
VWLBTPQWAEBFPBFHCVLXBQUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVF
AGFOTHFEFBQUFTDHZBQPOTHXTYFTODXQHFTDPTOGHFQPBQWAQJJTO
DXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQWKFABVYYDZBOTHP
BQPQJTQOTOGHFQAPBFEQJHDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQ
WAUVWFLQHGFXVAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAITIXPFH
XAFQHEFZQWGFLVWPTOFFA
31
Cryptanalysis II

Can’t try all 288 simple substitution keys

Can we be more clever?

English letter frequency counts…
0.14
0.12
0.10
0.08
0.06
0.04
0.02
0.00
A
C
E
G
I
K
M
O
Q
S
U
W
Y
32

The keyword mixed alphabet cryptosystem uses as the
key space Kkeyword, the set of all words, with duplicate
letters removed, in the English language. Indeed, the
requirement for words to be English words (in addition to
being Xenophobic) is imposed only because the distribution
of the keyword is made simpler if it is a word rather than
an arbitrary character string.
The messenger, having ridden from Lexington to Valley
Forge in half a day, was exhausted, out of breath, and
indeed near death as he approached General Washington to
tell him the secret key for the cipher system:
"XRUTGDKWQFP", he panted, then expired. Did he say
"XRUTGDKWQFP" or "XRUTGDKWQFT" ? puzzled General
Washington.
33
Keyword Mixed Alphabet

The method itself uses the keyword to define a
mapping or permutation of the message space
alphabet, S. The alphabet is written in normal
order; and under it is written a permuted
alphabet: the letters of the keyword followed by
the remaining letters of the alphabet.
Keyword: FACETIOUSLY
34
Keyword Mixed Alphabet

ABCDE FGHIJ KLMNO PQRST UVWXY Z
Permuted Alphabet:
FACET IOUSL YBDGH JKMNP QRVWX Z
The encryption maps each letter of the
message text to a letter of cipher text according
to the permutation defined above. Thus, "MAY
THE FORCE BE WITH YOU" becomes "DFX PUT
IHMCT AT VSPU XHQ", or more likely, "DFXPU
TIHMC TATVS PUXHQ".
35
Vigenère Cipher

The Vigenère cipher was a widely-used
cryptosystem dating back to the 16th century,
using a keyword combined with a Caesar shift. If
the keyword is "FACETIOUSLY", as before, the
encryption will use 11 different Caesar shifts
periodically. (Each letter determines a Caesar
shift, or modular addition. Suppose that 0  A, 1
 B, … , 25  Z, as usual. Then, the first letter
to be encoded uses the shift corresponding to F,
the second to A, the third to C, and so on until
the cycle repeats:
36
Vigenère Cipher

Choose a key word, perhaps:
“FACETIOUSLY”
Clear text:
“IT’S A LONG WAY TO TIPPERARY …”
Key:
“FAC E TIOU SLY FA CETIOUSLY”
Cipher text:
“OUV F FXCB PMX ZP WNIYTMTDX”
37
Cryptanalysis II

Ciphertext:
PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXTOXBTFXQWAXBVCXQWAXF
QJVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJVWLBTPQWAEBFPBFH
CVLXBQUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGFOTHFEFBQUFTDHZBQPOTHX
TYFTODXQHFTDPTOGHFQPBQWAQJJTODXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHP
BFIPBQWKFABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQJHDXXQVAVXEBQPEFZBVFO
JIWFFACFCCFHQWAUVWFLQHGFXVAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAITI
XPFHXAFQHEFZQWGFLVWPTOFFA

Decrypt this message using info below
Ciphertext frequency counts:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
21 26 6 10 12 51 10 25 10 9
3 10 0
1 15 28 42 0
0 27 4 24 22 28 6
38
8
Cryptanalysis: Terminology

Cryptosystem is secure if best know attack is
to try all keys

Cryptosystem is insecure if any shortcut attack
is known

By this definition, an insecure system might be
harder to break than a secure system!
39
Double Transposition

Plaintext: attackxatxdawn
Permute rows
and columns

Ciphertext: xtawxnattxadakc
 Key: matrix size and permutations
(3,5,1,4,2) and (1,3,2)

40
One-time Pad Encryption
e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111
Encryption: Plaintext  Key = Ciphertext
h
e
i
l
h
i
t
l
e
r
Plaintext:
001
000
010
100
001
010
111
100
000
101
Key:
111
101
110
101
111
100
000
101
110
000
Ciphertext:
110
101
100
001
110
110
111
001
110
101
s
r
l
h
s
s
t
h
s
r
41
One-time Pad Decryption
e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111
Decryption: Ciphertext  Key = Plaintext
s
r
l
h
s
s
t
h
s
r
Ciphertext:
110
101
100
001
110
110
111
001
110
101
Key:
111
101
110
101
111
100
000
101
110
000
Plaintext:
001
000
010
100
001
010
111
100
000
101
h
e
i
l
h
i
t
l
e
r
42
One-time Pad
Double agent claims sender used “key”:
s
r
l
h
s
s
t
h
s
r
Ciphertext:
110
101
100
001
110
110
111
001
110
101
“key”:
101
111
000
101
111
100
000
101
110
000
“Plaintext”:
011
010
100
100
001
010
111
100
000
101
k
i
l
l
h
i
t
l
e
r
e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111
43
One-time Pad
Sender is captured and claims the key is:
s
r
l
h
s
s
t
h
s
r
Ciphertext:
110
101
100
001
110
110
111
001
110
101
“Key”:
111
101
000
011
101
110
001
011
101
101
“Plaintext”:
001
000
100
010
011
000
110
010
011
000
h
e
l
i
k
e
s
i
k
e
e=000 h=001 i=010 k=011 l=100 r=101 s=110 t=111
44
One-time Pad Summary

Provably secure, when used correctly







Ciphertext provides no info about plaintext
All plaintexts are equally likely
Pad must be random, used only once
Pad is known only by sender and receiver
Pad is same size as message
No assurance of message integrity
Why not distribute message the same
way as the pad?
45
Real-world One-time Pad

Project VENONA






Soviet spy messages from U.S. in 1940’s
Nuclear espionage, etc.
Thousands of messaged
Spy carried one-time pad into U.S.
Spy used pad to encrypt secret messages
Repeats within the “one-time” pads made
cryptanalysis possible
46
VENONA Decrypt (1944)
[C% Ruth] learned that her husband [v] was called up by the army but he was
not sent to the front. He is a mechanical engineer and is now working at the
ENORMOUS [ENORMOZ] [vi] plant in SANTA FE, New Mexico. [45 groups
unrecoverable]
detain VOLOK [vii] who is working in a plant on ENORMOUS. He is a
FELLOWCOUNTRYMAN [ZEMLYaK] [viii]. Yesterday he learned that they
had dismissed him from his work. His active work in progressive organizations
in the past was cause of his dismissal. In the FELLOWCOUNTRYMAN line
LIBERAL is in touch with CHESTER [ix]. They meet once a month for the
payment of dues. CHESTER is interested in whether we are satisfied with the
collaboration and whether there are not any misunderstandings. He does not
inquire about specific items of work [KONKRETNAYa RABOTA]. In as much
as CHESTER knows about the role of LIBERAL's group we beg consent to ask
C. through LIBERAL about leads from among people who are working on
ENOURMOUS and in other technical fields.



“Ruth” == Ruth Greenglass
“Liberal” == Julius Rosenberg
“Enormous” == the atomic bomb
47
Codebook
Literally, a book filled with “codewords”
 Zimmerman Telegram encrypted via
codebook

Februar
fest
finanzielle
folgender
Frieden
Friedenschluss
:
13605
13732
13850
13918
17142
17149
:
Modern block ciphers are codebooks!
 More on this later…

48
Zimmerman
Telegram



One of most
famous codebook
ciphers ever
Led to US entry in
WWI
Ciphertext shown
here…
49
Zimmerman
Telegram
Decrypted


British had
recovered partial
codebook
Able to fill in
missing parts
50
A Few Historical Items
Crypto timeline
 Spartan Scytale  transposition cipher
 Caesar’s cipher
 Poe’s The Gold Bug
 Election of 1876

51
Election of 1876

“Rutherfraud” Hayes vs “Swindling”
Tilden

Popular vote was virtual tie

Electoral college delegations for 4 states
(including Florida) in dispute

Commission: All 4 states to Hayes

Tilden accused Hayes of bribery

Was it true?
52
Election of 1876



Encrypted messages by Tilden supporters later
emerged
Cipher: Partial codebook, plus transposition
Codebook substitution for important words
ciphertext
plaintext
Copenhagen
Greece
Rochester
Russia
Warsaw
:
Greenbacks
Hayes
votes
Tilden
telegram
:
53
Election of 1876
Apply codebook to original message
 Pad message to multiple of 5 words
(total length, 10,15,20,25 or 30 words)
 For each length, a fixed permutation
applied to resulting message
 Permutations found by comparing many
messages of same length
 Note that the same key is applied to all
messages of a given length

54
Election of 1876






Ciphertext: Warsaw they read all unchanged
last are idiots can’t situation
Codebook: Warsaw  telegram
Transposition: 9,3,6,1,10,5,2,7,4,8
Plaintext: Can’t read last telegram.
Situation unchanged. They are all idiots.
A weak cipher made worse by reuse of key
Lesson: Don’t reuse/overuse keys!
55
Early 20th Century
WWI  Zimmerman Telegram
 “Gentlemen do not read each other’s
mail”  Henry L. Stimson, Secretary of
State, 1929
 WWII  golden age of cryptanalysis




Midway/Coral Sea
Japanese Purple (codename MAGIC)
German Enigma (codename ULTRA)
56
Digrams: Playfair Square





Build a 5 × 5 table of the
letters of the alphabet
(I=J), starting with the key
“automation” (don’t repeat
letters), and continuing
with other letters
Encrypt pairs or digrams:
LENOIR becomes LE NO IR
LE -> VL (same column)
NO -> CU (square)
IR -> CL (square)
A
U
T
O
M
I
N
B
C
D
E
F
G
H
K
L
P
Q
R
S
V
W
X
Y
Z
57
Rotor Machines
Early in the 20th century, machine production of
ciphers became possible
 To mechanize the production of ciphertext, various
devices were invented to speed the process. One
important family of such devices were the rotor
machines, invented in the 1920's, to implement
Vigenère -type ciphers with very long periods.

58
Rotor Machines

A rotor machine has a keyboard, and a series of rotors.
A rotor is a rotating wheel with 26 positions. Each
position completes an electric contact, and depending
on the position, determines a different Caesar shift.
When a key on the keyboard is depressed, a letter is
generated dependent upon the position of the rotors.
59
World War II and the Enigma
Machine



A US patent was
issued in 1923 to
Arthur Scherbius
Basis for the German
Enigma machine
British success at
“Breaking the Code”
at Bletchley Park was
a major factor in the
war effort
60
World War II and the Enigma
Machine



Alan Turing, pictured
at right, led the
Bletchley Park effort
Considered by many
the father of computer
science
Died tragically in 1954
at age 41
61
The Results

These would be???
62