Transcript Document
Bridges To Computing
• • • General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College.
You are invited and encouraged to use this presentation to promote computer science education in the U.S. and around the world. For more information about the Bridges Program, please visit our website at: http://bridges.brooklyn.cuny.edu/ • • Disclaimers: IMAGES: All images in this presentation were created by our Bridges to Computing staff or were found online through open access media sites and are used under the Creative Commons Attribution-Share Alike 3.0 License. If you believe an image in this presentation is in fact copyrighted material, never intended for creative commons use, please contact us at http://bridges.brooklyn.cuny.edu/ so that we can remove it from this presentation. LINKS: This document may include links to sites and documents outside of the "Bridges to Computing" domain. The Bridges Program cannot be held responsible for the content of 3 rd party sources and sites.
Introduction to Cryptology I
Cryptography & Cryptanalysis M. Meyer Bridges To Computing 2010
• • • •
Table of Contents
Resources Defined History of Cryptography & Cryptanalysis Computers and Cryptography
• •
Resources
For detailed information: o o o An Overview of Cryptography - by Gary C. Kessler: http://www.garykessler.net/library/crypto.html
Wikipedia actually has a good entry for cryptography: http://en.wikipedia.org/wiki/Cryptography Free PGP software can be gotten from the GNU-PG: http://www.gnupg.org/ Limited but easier/fun resources: o o Build some secret coding devices: http://www.unmuseum.org/excoded.htm
Creating & breaking substitution ciphers: http://www.physicspost.com/articles.php?articleId=174
Definitions
• • Cryptography: (from the Greek kryptos, "hidden, secret"; and gráphō, "I write") the practice and study of hiding information.
Cryptanalysis: the study of methods for obtaining the meaning of encrypted information.
• Cryptology: ... basically, the study of both of the items above.
• • Code: An alternate expression of some unit of information, designed to condense and/or obfuscate that information.
Cipher: An algorithm used to encode information.
SPARTA!!!
• • • • One of the earliest encryption devices was the Spartan Scytale (c 500 B.C.) which consisted of a ribbon wrapped around a dowel of a particular diameter and length. The secret message was written on the ribbon while the ribbon was wrapped on the dowel. The ribbon was then removed and transported to the other field commander who had an identical dowel. If the ribbon was intercepted it look like jumble of letters. • Officially this kind of encryption would be called a "transposition" cipher.
THIS IS A SCYTALE!!!
Cryptanalysis - 1
• • Question 1: If you didn't have the dowel and intercepted the message, could you still break the code? How?
Question 2: What were (and are) the limitations of the Scytale cipher?
• • • More information on (and examples of) transposition ciphers can be found here: http://www.counton.org/explorer/codebreaking/transpositi on-ciphers.php
NOTE: A Russian spy ring, broken up in 2008 was sending messages embedded in letters (first letter of each row) using a form of transposition cipher (rail-fence).
Hail Caesar!!!
• • One of the simplest examples of a substitution cipher is the Caesar cipher, which is said to have been used by Julius Caesar.
Caesar decided that shifting each letter in a message would be his standard algorithm, and so he informed all of his generals of his decision, and was then able to send them secured messages.
Caesar Cipher
Using the Caesar Shift (3 to the right), the message, "RETURN TO ROME" would be encrypted as, "UHWXUA WR URPH" • • Technically the Caesar cipher is a shift cipher, since the cipher-text is derived from the plain-text alphabet by shifting each letter a certain number of spaces. Other substitution ciphers such as the St. Cyr Cipher are also substitution ciphers.
Cryptanalysis (2)
• • Question 1: If you don't have the "shift" and intercepted the message, could you still break the code? How?
Question 2: How could the Caesar cipher be made stronger?
Brute Force
• • • • The Caeser cipher was successful because it was used in a time when most people couldn’t read regular text, much less understand the concept of encoded text. Question: Given an message, how many different encodings are possible using the Caeser cipher (hint how many letters are in the alphabet).
Break this code if you can: FG EGJW LZSF LOWFLQ XANW LJAWK SJW FWUUWKSJQ http://www.secretcodebreaker.com/caesar cipher.html
Letter Frequency
• • • • • Heuristics refers to experience-based techniques for problem solving and discovery.
In most languages certain letters are used far more frequently than other letters. For English letters (most too least common): e t a o i n s r h l d c u m f p g w y b v k x j q z You can use letter frequency to help you crack a Caesar Ciphered message by counting the frequency of encrypted letters.
The most popular encrypted letter is likely to translate to 'e' 't' or 'a'.
• • •
Word Frequency
Just as certain letters are more popular then other letters in a given language, certain words are more likely to appear than other words. For example the top 20 most common words in the English Language are: The of and a to in is you that it he was for on are as with his they I If a coded message still has spaces in it word frequency is especially easy to use!!
Example: VLR XKA F HKLT QEB PBZOBQ.
•
Note: Another “frequency heuristic” is repeated letter frequency: KWW TWW TGGC ZGGC
Organized Cryptanalysis
• • • In the 9th century a Muslim scholar named Al-Kindi wrote his "Manuscript for the Deciphering of Cryptographic Messages", Among his many contributions was the observation that the frequency of the letters in languages, make most substitution ciphers a very weak form of encryption.
In his book he also described a wide variety of cryptanalysis techniques, including some that could be used for polyalphabetic ciphers.
Polyalphabetic ciphers
• • • • From the 9th century on, most serious cryptography attempts moved into the realm of polyalphabetic ciphers.
A polyalphabetic cipher is any cipher based on substitution, using multiple substitution alphabets.
Polyalphabetic ciphers were used as far back as the 8 th century and were in widespread use well into the 1960’s. The Enigma machine a famous cryptographic device used by the Nazi’s in WWII was a very complex machine but still fundamentally at its core it used a polyalphabetic substitution cipher.
Vigenère cipher
• • • The Vigenère cipher is probably the best-known example of a polyalphabetic cipher, though it is a simplified special case.
Just like a Caesar cipher I am going to shift letters. But for each letter, I might use a different shift. Example: Vigenere cipher with shift keys (1,2,3) DOG becomes: EQJ Rather than using numbers (like 1,2,3) Vigener ciphers often used a “key phrase” that is a word or phrase that was used to make the shift, letter by letter.
Vigenère Table
Vigenère Example S E C R E T M E S S A G E
K E Y P H R A S E K E Y P
C I A G L K M W W C E E T
• • • • First line is the original message.
Second line is the cipher key phrase.
Third line is encrypted message.
Online Resource: http://sharkysoft.com/misc/vigenere/
Cryptanalysis (3)
• • • • For many years the Vigenère Cipher was considered unbreakable! It was finally cracked by the British cryptographer Charles Babbage in 1854.
You may remember Babbage from the lecture on the History of Computer Science.
Babbage identified a series of steps that could be taken to break a message encoded using a Vigenère cipher, provided that: 1. The key use was shorter than the message enciphered!
2. The message itself is long enough that the key is used repeatedly (even better would be multiple message encoded with they key)!
Babbage's Method
1. Search for sequences of letters that appear more than once in the encoded text. o The most likely reason for such repetitions is that the same sequence of letters in the plaintext has been enciphered using the same part of the keyword.
2. Graph all of the repeated letter sequence by how many letter separate the repetition. 3. Try and find the least common denominators (factors) used by the repeated sequences.
4. Find the most common factor among all repeated sequences.
5. This is most likely the length of the key used to encode the message!!!
Babbage's Method (2)
Babbage's Method (3)
• • • • With the key length in hand the message can be broken up into columns the width of the key.
Letter frequency analysis can then be applied to each column!
With a little bit of work the message can be translated and then the key itself can be derived for future use. Resource Link: http://www.simonsingh.net/The_Black_Chamber/cr acking_example.html
Babbage's Method (4)
• • • •
One Time Pass
But what about Vigenère Ciphers that don't repeat their keys (where key is as long as the message)? Believe it or not, such ciphers, (provided that the key is random, the same length as the message, and never used again) ARE unbreakable. The one time key, or one time pass, cipher is unbreakable because you can, with time, find a key for such a message that will generate any phrase that you wish.
Example: The coded text-> optsqkles Could mean -> surrender Or -> attacknow
Enigma
• • During WWII Alan Turing helped create a electromechanical machine (computer) to help break Enigma codes.
The computer age completely changed our approach to cryptology.
"Nazis. I hate these guys." - Indiana Jones
Computer Cryptography
• • • • "The development of digital computers and electronics after WWII made possible much more complex ciphers.
In a standard alphabetic cipher each letter can be transformed into one of 25 possible other characters, while a computer can represent 109,000 characters using Unicode. Furthermore, computers allow for the encryption of any data representable in binary format, unlike classical ciphers which only encrypted written language texts." Computer use has thus supplanted linguistic cryptography for cipher design.
• • •
Computer Cryptanalysis
Modern cryptanalysis is also computer driven. Computers can test billions of possible cipher solutions (brute force attack) in a matter of minutes.
Online tools exists for breaking Caesar and Vigenere ciphers: • • http://www.secretcodebreaker.com/caesar-cipher.html
http://sharkysoft.com/misc/vigenere/