Cryptography - University of Waikato
Download
Report
Transcript Cryptography - University of Waikato
Keeping your bits private!
Science of cryptography = Art of keeping secrets
Tony C Smith
Dept. Computer Science
University of Waikato
terminology
plaintext (the message)
terminology
plaintext
sender (cryptographer)
terminology
plaintext
sender
receiver
terminology
plaintext
ciphertext
encrypt
(transmission)
sender
receiver
terminology
plaintext
plaintext
ciphertext
encrypt
sender
decrypt
receiver
terminology
Transmission medium
is insecure!
terminology
cryptanalyst
plaintext
encrypt
sender
plaintext
decrypt
receiver
encryption process: transform plaintext into ciphertext
goal: deciphering the ciphertext is as
hard as just guessing the plaintext message.
plaintext and ciphertext are in 27 letter English:
26 letters of the alphabet, plus space
also, letters can be treated as numbers:
space is 0
A is 1
B is 2
C is 3
…
Z is 26
because we can treat letters as numbers,
we can do arithmetic with them:
B + C = E
2 + 3 = 5
if the sum of two numbers goes beyond 26 then
we wrap around back to the beginning of the alphabet
W + H = ?
23 + 8 = 31
… same as ...
Z + E = ?
26 + 5 = 31
five letters beyond the end = fifth from start
… so, W + H = E
cryptanalyst
plaintext
encrypt
sender
plaintext
decrypt
receiver
plaintext
knows the encryption scheme
encrypt
plaintext
decrypt
key
key
guessing the key is as hard as
guessing the message
Caesar Cipher
Used by Julius Caesar to communicate with his army.
Thought to be the first general use of encryption, 75 B.C..
replace each letter with the k-th letter after it in the alphabet
Caesar Cipher
E.g. k = 3
space + 3 =
A + 3 =
B + 3 =
…
W + 3 =
X + 3 =
Y + 3 =
Z + 3 =
C
D
E
Z
space
A
B
ATTACK AT DAWN
… becomes ...
ciphertext:
DWWDFNCDWCGDZQ
plaintext
knows the encryption scheme
encrypt
plaintext
decrypt
key
key
guessing the key is as hard as
guessing the message
Caesar Cipher
Easily attacked!
Simply try every possible value for k … from 1 to 26
Caesar Cipher
Easily attacked!
Simply try every possible value for k … from 1 to 26
ciphertext =
DWWDFNCDWCGDZQ
Caesar Cipher
Easily attacked!
Simply try every possible value for k … from 1 to 26
DWWDFNCDWCGDZQ
k=1?
CVVCEMBCVBFCYP
Caesar Cipher
Easily attacked!
Simply try every possible value for k … from 1 to 26
DWWDFNCDWCGDZQ
k=1?
CVVCEMBCVBFCYP
k=2?
BUUBDLABUAEBXO
Caesar Cipher
Easily attacked!
Simply try every possible value for k … from 1 to 26
DWWDFNCDWCGDZQ
k=1?
CVVCEMBCVBFCYP
k=2?
BUUBDLABUAEBXO
k=3?
ATTACK AT DAWN
Keyed Substitution
A more general substitution scheme.
Keyed Substitution
A more general substitution scheme.
Replaces each letter with another.
Keyed Substitution
A more general substitution scheme.
Replaces each letter with another.
Any letter can stand in for any other letter.
Keyed Substitution
A more general substitution scheme.
Replaces each letter with another.
Any letter can stand in for any other letter.
Each letter in ciphertext resolves to a unique letter in plaintext.
plaintext:
_ABCDEFGHIJKLMNOPQRSTUVWXYZ
Keyed Substitution
A more general substitution scheme.
Replaces each letter with another.
Any letter can stand in for any other letter.
Each letter in ciphertext resolves to a unique letter in plaintext.
plaintext:
_ABCDEFGHIJKLMNOPQRSTUVWXYZ
substitution: SJKEIOAHWDPMGRNVT_QLZBFYCXU
Keyed Substitution
A random substitution is hard to remember or validate.
Solution? Use a key phrase to set the substitution alphabet.
Write down each unique letter of the key phrase in order, then
append the rest of the unused letters of the alphabet.
E.g. key phrase = THE QUICK BROWN FOX JUMPED
plaintext:
_ABCDEFGHIJKLMNOPQRSTUVWXYZ
substitution: THE_QUICKBROWNFXJMPDAGLSVYZ
Keyed Substitution
Security?
Any letter can stand for any other letter. Thus there
are 27! possible different substitutions schema.
27 * 26 * 25 * … * 3 * 2 = 1029
At one permutation tested per second, it would take
a million, million, million centuries to test them all.
Seems pretty secure …….. but ...
ciphertext:
WSCZSDZHAKVSHQZAKZKE_ZDXXKZVHZ
KEXZBSHCQZSDZGSLXZOXZTXXKZEXAJ
ZSPJZLSVYXQZOXZXHKJXAKZWSCZCXD
XHCZSPJZDJXXZGAHCZ
ciphertext:
WSCZSDZHAKVSHQZAKZKE_ZDXXKZVHZ
KEXZBSHCQZSDZGSLXZOXZTXXKZEXAJ
ZSPJZLSVYXQZOXZXHKJXAKZWSCZCXD
XHCZSPJZDJXXZGAHCZ
letter frequency:
Z
23
ciphertext:
WSCZSDZHAKVSHQZAKZKE_ZDXXKZVHZ
KEXZBSHCQZSDZGSLXZOXZTXXKZEXAJ
ZSPJZLSVYXQZOXZXHKJXAKZWSCZCXD
XHCZSPJZDJXXZGAHCZ
letter frequency:
Z
23
probability in English:
space .20
ciphertext:
WSC SD HAKVSHQ AK KE_ DXXK VH
KEX BSHCQ SD GSLX OX TXXK EXAJ
SPJ LSVYXQ OX XHKJXAK WSC CXD
XHC SPJ DJXX GAHC
letter frequency:
Z
23
probability in English:
space .20
ciphertext:
WSC SD HAKVSHQ AK KE_ DXXK VH
KEX BSHCQ SD GSLX OX TXXK EXAJ
SPJ LSVYXQ OX XHKJXAK WSC CXD
XHC SPJ DJXX GAHC
letter frequency:
Z
23
X
16
probability in English:
space .20
ciphertext:
WSC SD HAKVSHQ AK KE_ DXXK VH
KEX BSHCQ SD GSLX OX TXXK EXAJ
SPJ LSVYXQ OX XHKJXAK WSC CXD
XHC SPJ DJXX GAHC
letter frequency:
Z
23
X
16
probability in English:
space .20
e
.15
ciphertext:
WSC SD HAKVSHQ AK KE_ DeeK VH
KEe BSHCQ SD GSLe Oe TeeK EeAJ
SPJ LSVYeQ Oe eHKJeAK WSC CeD
eHC SPJ DJee GAHC
letter frequency:
Z
23
X
16
probability in English:
space .20
e
.15
ciphertext:
WSC SD HAKVSHQ AK KE_ DeeK VH
KEe BSHCQ SD GSLe Oe TeeK EeAJ
SPJ LSVYeQ Oe eHKJeAK WSC CeD
eHC SPJ DJee GAHC
letter frequency:
Z
23
X
16
S
10
probability in English:
space .20
e
.15
ciphertext:
WSC SD HAKVSHQ AK KE_ DeeK VH
KEe BSHCQ SD GSLe Oe TeeK EeAJ
SPJ LSVYeQ Oe eHKJeAK WSC CeD
eHC SPJ DJee GAHC
letter frequency:
Z
23
X
16
S
10
probability in English:
space .20
e
.15
o
.09
ciphertext:
WoC oD HAKVoHQ AK KE_ DeeK VH
KEe BoHCQ oD GoLe Oe TeeK EeAJ
oPJ LoVYeQ Oe eHKJeAK WoC CeD
eHC oPJ DJee GAHC
letter frequency:
Z
23
X
16
S
10
probability in English:
space .20
e
.15
o
.09
ciphertext:
WoC oD HAKVoHQ AK KE_ DeeK VH
KEe BoHCQ oD GoLe Oe TeeK EeAJ
oPJ LoVYeQ Oe eHKJeAK WoC CeD
eHC oPJ DJee GAHC
letter frequency:
Z
23
X
16
S
10
K
8
probability in English:
space .20
e
.15
o
.09
ciphertext:
WoC oD HAKVoHQ AK KE_ DeeK VH
KEe BoHCQ oD GoLe Oe TeeK EeAJ
oPJ LoVYeQ Oe eHKJeAK WoC CeD
eHC oPJ DJee GAHC
letter frequency:
Z
23
X
16
S
10
K
8
probability in English:
space .20
e
.15
o
.09
t
.08
ciphertext:
WoC oD HAtVoHQ At tE_ Deet VH
tEe BoHCQ oD GoLe Oe Teet EeAJ
oPJ LoVYeQ Oe eHtJeAt WoC CeD
eHC oPJ DJee GAHC
letter frequency:
Z
23
X
16
S
10
K
8
probability in English:
space .20
e
.15
o
.09
t
.08
ciphertext:
WoC oD HAtVoHQ At tE_ Deet VH
tEe BoHCQ oD GoLe Oe Teet EeAJ
oPJ LoVYeQ Oe eHtJeAt WoC CeD
eHC oPJ DJee GAHC
letter frequency:
Z
23
X
16
S
10
K
8
H
7
probability in English:
space .20
e
.15
o
.09
t
.08
ciphertext:
WoC oD nAtVonQ At tE_ Deet Vn
tEe BonCQ oD GoLe Oe Teet EeAJ
oPJ LoVYeQ Oe entJeAt WoC CeD
enC oPJ DJee GAnC
letter frequency:
Z
23
X
16
S
10
K
8
H
7
probability in English:
space .20
e
.15
o
.09
t
.08
n
.07
ciphertext:
WoC oD nAtVonQ At tE_ Deet Vn
tEe BonCQ oD GoLe Oe Teet EeAJ
oPJ LoVYeQ Oe entJeAt WoC CeD
enC oPJ DJee GAnC
letter frequency:
Z
23
X
16
S
10
K
8
H
7
C
6
probability in English:
space .20
e
.15
o
.09
t
.08
n
.07
ciphertext:
Wod oD nAtVonQ At tE_ Deet Vn
tEe BondQ oD GoLe Oe Teet EeAJ
oPJ LoVYeQ Oe entJeAt Wod deD
end oPJ DJee GAnd
letter frequency:
Z
23
X
16
S
10
K
8
H
7
C
6
probability in English:
space .20
e
.15
o
.09
t
.08
n
.07
d
.06
ciphertext:
Wod oD nAtVonQ At tE_ Deet Vn
tEe BondQ oD GoLe Oe Teet EeAJ
oPJ LoVYeQ Oe entJeAt Wod deD
end oPJ DJee GAnd
ciphertext:
Wod oD nAtVonQ At tE_ Deet
Vn tEe BondQ oD GoLe Oe Teet
EeAJ oPJ LoVYeQ Oe entJeAt
Wod deDend oPJ DJee GAnd
ciphertext:
Wod oD nAtVonQ At tE_ Deet
Vn tEe BondQ oD GoLe Oe Teet
EeAJ oPJ LoVYeQ Oe entJeAt
Wod deDend oPJ DJee GAnd
ciphertext:
Wod of nAtVonQ At tE_ feet
Vn tEe BondQ of GoLe Oe Teet
EeAJ oPJ LoVYeQ Oe entJeAt
Wod defend oPJ fJee GAnd
ciphertext:
Wod of nAtVonQ At tE_ feet
Vn tEe BondQ of GoLe Oe Teet
EeAJ oPJ LoVYeQ Oe entJeAt
Wod defend oPJ fJee GAnd
ciphertext:
Wod of nAtVonQ At tE_ feet
Vn tEe BondQ of GoLe Oe Teet
EeAr oPr LoVYeQ Oe entreAt
Wod defend oPr free GAnd
ciphertext:
Wod of nAtVonQ At tE_ feet
Vn tEe BondQ of GoLe Oe Teet
EeAr oPr LoVYeQ Oe entreAt
Wod defend oPr free GAnd
ciphertext:
Wod of natVonQ at tE_ feet
Vn tEe BondQ of GoLe Oe Teet
Eear oPr LoVYeQ Oe entreat
Wod defend oPr free Gand
ciphertext:
Wod of natVonQ at tE_ feet
Vn tEe BondQ of GoLe Oe Teet
Eear oPr LoVYeQ Oe entreat
Wod defend oPr free Gand
ciphertext:
Wod of nations at th_ feet
in the Bonds of GoLe Oe Teet
hear oPr LoiYes Oe entreat
Wod defend oPr free Gand
ciphertext:
Wod of nations at th_ feet
in the Bonds of GoLe Oe Teet
hear oPr LoiYes Oe entreat
Wod defend oPr free Gand
ciphertext:
God of nations at th_ feet
in the bonds of love we meet
hear our voices we entreat
God defend our free land
plaintext:
God of nations at thy feet
in the bonds of love we meet
hear our voices we entreat
God defend our free land
Strangely enough, it wasn’t until around the time of
Queen Elizabeth I that general substitution codes were
found breakable (1580).
The catalyst was a plot by Queen Mary of Scotland and
her loyal friends to depose Elizabeth and seize the
English throne. Mary was using a very clever substitution
code which included “nulls” … irrelevant symbols
introduced to alter the statistics of English.
The idea that language exhibited conspicuous statistical
regularities was just beginning to be exploited.
The Vigenere Cipher (1600)
One way to alter the statistics of the ciphertext is to
change the substitution code often during encryption.
Instead of using a key phrase to create one substitution,
use it to create many substitutions and rotate through them
as each letter of the plaintext is encrypted.
The Vigenere Cipher
key: ABC
plaintext: ATTACK AT DAWN
The Vigenere Cipher
key: ABC
ABCABCABCABCAB
plaintext: ATTACK AT DAWN
The Vigenere Cipher
key: ABC
ABCABCABCABCAB
plaintext: ATTACK AT DAWN
ciphertext: BVWBENACWAFDXP
+
The Vigenere Cipher
key: ABC
ABCABCABCABCAB
plaintext: ATTACK AT DAWN
ciphertext: BVWBENACWAFDXP
Notice that the same letter can encode differently.
The Vigenere Cipher
key: ABC
ABCABCABCABCAB
plaintext: ATTACK AT DAWN
ciphertext: BVWBENACWAFDXP
While A occurs four times and T three times in the
message, nothing occurs more than twice in the cipher.
Attacking the Vigenere Cipher
ciphertext:
HQGAQIAPDUKROUCBVCUJAAHHFVCJPC
UJHADROFVAQIANRWGCXGCNGHUBKFCU
AQXSBYPKFFUCXGCFPWSGDUBJPFCEGI
FPGAQXSBISGHANDOF
Attacking the Vigenere Cipher
ciphertext:
HQGAQIAPDUKROUCBVCUJAAHHFVCJPC
UJHADROFVAQIANRWGCXGCNGHUBKFCU
AQXSBYPKFFUCXGCFPWSGDUBJPFCEGI
FPGAQXSBISGHANDOF
Guess the length of key phrase and apply a statistical
test to letters separated by that distance.
Attacking the Vigenere Cipher
ciphertext:
HQGAQIAPDUKROUCBVCUJAAHHFVCJPC
UJHADROFVAQIANRWGCXGCNGHUBKFCU
AQXSBYPKFFUCXGCFPWSGDUBJPFCEGI
FPGAQXSBISGHANDOF
Guess the length of key phrase and apply a statistical
test to letters separated by that distance.
k=3?
Attacking the Vigenere Cipher
ciphertext:
HQGAQIAPDUKROUCBVCUJAAHHFVCJPC
UJHADROFVAQIANRWGCXGCNGHUBKFCU
AQXSBYPKFFUCXGCFPWSGDUBJPFCEGI
FPGAQXSBISGHANDOF
Guess the length of key phrase and apply a statistical
test to letters separated by that distance.
k=3?
A occurs 9 times
Attacking the Vigenere Cipher
ciphertext:
HQG QI PDUKROUCBVCUJA HHFVCJPC
UJH DROFV QI NRWGCXGCNGHUBKFCU
QXSBYPKFFUCXGCFPWSGDUBJPFCEGI
FPG QXSBISGH NDOF
Guess the length of key phrase and apply a statistical
test to letters separated by that distance.
k=3?
A occurs 9 times = space?
Attacking the Vigenere Cipher
ciphertext:
HQG QI PDUKROUCBVCUJA HHFVCJPC
UJH DROFV QI NRWGCXGCNGHUBKFCU
QXSBYPKFFUCXGCFPWSGDUBJPFCEGI
FPG QXSBISGH NDOF
Guess the length of key phrase and apply a statistical
test to letters separated by that distance.
k=3?
A occurs 9 times = space?
offset of every third letter is 1?
Attacking the Vigenere Cipher
ciphertext:
gQG QI PDtKRnUCaVCtJA HHeVCiPC
tJH DRnFV QI NRvGCwGCmGHtBKeCU
QXrBYoKFeUCwGCePWrGDtBJoFCdGI
ePG QXrBIrGH NDnF
Guess the length of key phrase and apply a statistical
test to letters separated by that distance.
k=3?
A occurs 9 times = space?
offset of every third letter is 1?
Vernam Cipher (1917)
Solution? make the keyphrase as long as the message!
message:
ATTACK AT DAWN
Vernam Cipher
Solution? make the keyphrase as long as the message!
key:
message:
ABCDEFGHIJKLMN
ATTACK AT DAWN
Vernam Cipher
Solution? make the keyphrase as long as the message!
key:
message:
ciphertext:
ABCDEFGHIJKLMN
ATTACK AT DAWN
BVWEHQGIBJOMIA
Vernam Cipher
Solution? make the keyphrase as long as the message!
key:
message:
ciphertext:
ABCDEFGHIJKLMN
ATTACK AT DAWN
BVWEHQGIBJOMIA
Now any letter can encode as any other letter at
any point in the message.
Vernam Cipher
Solution? make the keyphrase as long as the message!
key:
message:
ciphertext:
ABCDEFGHIJKLMN
ATTACK AT DAWN
BVWEHQGIBJOMIA
Now any letter can encode as any other letter at
any point in the message.
Solving a letter doesn’t help solve any others.
Vernam Cipher
Solution? make the keyphrase as long as the message!
key:
message:
ciphertext:
ABCDEFGHIJKLMN
ATTACK AT DAWN
BVWEHQGIBJOMIA
Now any letter can encode as any other letter at
any point in the message.
Solving a letter doesn’t help solve any others.
Only provably secure encryption scheme!
Vernam Cipher
Two major problems:
Vernam Cipher
Two major problems:
1. Can’t re-use keys, so how do we make them?
(one-time pad)
Vernam Cipher
Two major problems:
1. Can’t re-use keys, so how do we make them?
(one-time pad)
2. How do we distribute them?
Digital Vernam Cipher
Solution: generate keys
message
encoder
random
generator
encoded message
Digital Vernam Cipher
message = ‘V’ = 86 = 01010110
random number = 223 = 11100101
XOR = 10110011 = cipher
random number = 223 = 11100101
XOR = 01010110 = ‘V’
Digital Vernam Cipher
Solution: generate keys
message
encoder
encoded message
random
generator
Problem: distribute generator for decoding
Public Key encryption
Solution: publish the encryption key
RSA:
1. generate 3 large prime numbers
s=97 x=47 y=79
which give N = x * y, or N=3713
2. find a unique value, p, satisfying
(p*s) mod (x-1)*(y-1) = 1
which, in this case, gives p = 37
Public Key encryption
RSA:
3. Encrypt a message segment, m, using
mp mod N
e.g. for m = 0120
012037 mod 3713 = 1404
4. decrypt the coded segment, c, using
cs mod N
e.g.
140497 mod 3713 = 0120
Public Key encryption
RSA: publish some of the values
(p, N)
Anyone wanting to send us a message can use
our public key to encrypt it.
We decrypt the message with our secret key, (s, N)
Cracking our code is as hard as deriving s from (p, N)
Public Key encryption
RSA: how secure is it
Anyone can crack our coded messages by
mathematically deriving s from (p, N), which is
possible ….. but …
If N is very large, then finding its factors
(i.e. x and y, from which we get p) takes a very
long time … too long to make it worth while.
Public Key encryption
RSA: one way to crack it
Quantum computers can simultaneously test
all possible factors …but …
So far, only 5-qubit quantum machines have
been achieved … and …
We can use quantum computers to make new
encryption schemes.
Steganography
Instead of encoding the information …
… hide it!
Bury our bits in image files in a way that no
one can see them, or in audio files in a
way no one can hear them.
Demo in the S Block foyer on state-of-the-art
steganography research, by Kathryn
Hempstalk