#### Transcript Cryptanalysis

Kyle Johnson Cryptology Comprised of both Cryptography and Cryptanalysis Cryptography - which is the practice and study of techniques for secure communication in the presence of third parties Cryptanalysis - which is the art of defeating cryptographic security systems, and gaining access to the contents of encrypted messages or obtaining the key itself. History • Fialka Cipher machine • Used by the Soviet in the cold war era. • Uses 10 rotors each with 30 contacts and also makes use of a punch card mechanism. http://en.wikipedia.org/wiki/File:FIALKA-rotors-in-machine.jpg Cryptanalysis Tools Scytale(rhymes with Italy) Ancient Greek device used to implement a cipher. Vigenere square used for the Vigenere Cipher. http://www.braingle.com/brainteasers/codes/images/scytale.gif http://en.wikipedia.org/wiki/File:Vigen%C3%A8re_square_shading.svg Classical Ciphers Term given by William Friedman in 1920 First recorded explanation in the 9th century by Al- Kindi A manuscript Blaise de Vigenere used a repeating key cipher Significance in History Mary, Queen of Scots World War I, Zimmerman Telegram World War II, German Enigma Machine Cryptanalysis Results (Breaks) Total Break Global deduction Instance (local) deduction Information Deduction Distinguishing algorithm Types of Attacks Ciphertext-only Known-plaintext Chosen-plaintext Chosen-Ciphertext Ciphertext-only Also known as the known-ciphertext attack Attacker only has a set of Ciphertexts Successful, plaintext or key obtained Used in Frequency Analysis Known-plaintext Attacker has both the plaintext and ciphertext. Goal: get the key WWII: German Enigma Machine Length, patterns, frequency Known-Plaintext Example Plaintext: “THIS IS AN EXAMPLE OF A CIPHER” Ciphertext: “XLMW MW ER IBEQTPI SJ E GMTLIV” Try Caesar Cipher: word length pattern noticed. Shift-1 Plaintext: “UIJT JT BO FYBNQMF PG B DJQIFS” Ciphertext: “XLMW MW ER IBEQTPI SJ E GMTLIV” Not the same. Repeat for all possible shifts(25 times) Shift -4 Plaintext: “XLMW MW ER IBEQTPI SJ E GMTLIV” Ciphertext: “XLMW MW ER IBEQTPI SJ E GMTLIV” Same! Caesar cipher: key is shift of 4. Chosen-Plaintext Choose Plaintext to get random ciphertext Goal: Weaken the security, get key Plaintext injections Types of chosen-plaintext Batch chosen-plaintext Adaptive chosen-plaintext Batch Chosen-plaintext Attack Chooses all of the plaintexts before they are encrypted This is the means of an unqualified use of this type of attack on encrypted data. Adaptive Chosen-plaintext Attack Attacker will make a series of interactive queries Choosing subsequent plaintexts based on the information from the previous encryptions Chosen Ciphertext Choose ciphertext, decrypt unknown key Enter multiple ciphertexts May be both adaptive and non-adaptive Types of chosen-ciphertext Lunchtime Attack Adaptive chosen ciphertext Lunchtime Attack Also known as the midnight or indifferent attack Attacker makes adaptive chosen-ciphertext queries up to a certain point Can attack computer while user at lunch. Adaptive chosen-ciphertext Attack in which ciphertexts may be chosen adaptively and after a challenge ciphertext is given to the attacker Ciphertext can’t be used itself Stronger attack than lunchtime but few practical attacks are of this form Tests and Analysis Frequency Analysis Index of Coincidence Kasiski Test Frequency Analysis Frequency of letters Used to solve classical ciphers Substitution Caesar Natural Langauge properties and patterns Example of Frequency Analysis Consider this ciphertext : “XZJZ WI RN ZDCQLSZ MO R OJZKGZNYB RNRSBIWI” Example of Frequency Analysis “XZJZ WI RN ZDCQLSZ MO R OJZKGZNYB RNRSBIWI” A: 0 B: 2 C: 1 So on down the alphabet… Example of Frequency Analysis “XZJZ WI RN ZDCQLSZ MO R OJZKGZNYB RNRSBIWI” Frequency 8 6 4 2 0 Freq. A B C D E F G H I J K L MNO P Q R S T U VWX Y Z Example of Frequency Analysis “XZJZ WI RN ZDCQLSZ MO R OJZKGZNYB RNRSBIWI” Frequency 8 6 4 2 0 Freq. A B C D E F G H I J K L MN O P Q R S T U VWX Y Z Example of Frequency Analysis “XEJE WI RN EDCQLSE MO R OJEKGENYB RNRSBIWI” Frequency 8 6 4 2 0 Freq. A B C D E F G H I J K L MN O P Q R S T U VWX Y Z Example of Frequency Analysis Encrypted: “XZJZ WI RN ZDCQLSZ MO R OJZKGZNYB RNRSBIWI” Decrypted: “HERE IS AN EXAMPLE OF A FREQUENCY ANALYSIS” Frequency 8 6 4 2 0 Freq. A B C D E F G H I J K L MNO P Q R S T U VWX Y Z Kasiski Test Method of attacking polyalphabetic substitution ciphers Deduce length of Keyword ‘m’ number of rows Identical Segments of Ciphertext, length >= 3 Kasiski Test Consider the following text: KCCPKBGUFDPHQTYAVINRRTMVGRKDNBVFDETDGILTXRGUDDK OTFMBPVGEGLTGCKQRACQCWDNAWCRXIZAKFTLEWRPTYCQKY VXCHKFTPONCQQRHJVAJUWETMCMSPKQDYHJVDAHCTRLSVSK CGCZQQDZXGSFRLSWCWSJTBHAFSIASPRJAHKJRJUMVGKMITZHF PDISPZLVLGWTFPLKKEBDPGCEBSHCTJRWXBAFSPEZQNRWXCVY CGAONWDDKACKAWBBIKFTIOVKCGGHJVLNHIFFSQESVYCLACN VRWBBIREPBBVFEXOSCDYGZWPFDTKFQIYCWHJVLNHIQIBTKHJ VNPIST Kasiski Test KCCPKBGUFDPHQTYAVINRRTMVGRKDNBVFDETDGILTXRGUDDK OTFMBPVGEGLTGCKQRACQCWDNAWCRXIZAKFTLEWRPTYCQKY VXCHKFTPONCQQRHJVAJUWETMCMSPKQDYHJVDAHCTRLSVSK CGCZQQDZXGSFRLSWCWSJTBHAFSIASPRJAHKJRJUMVGKMITZHF PDISPZLVLGWTFPLKKEBDPGCEBSHCTJRWXBAFSPEZQNRWXCVY CGAONWDDKACKAWBBIKFTIOVKCGGHJVLNHIFFSQESVYCLACN VRWBBIREPBBVFEXOSCDYGZWPFDTKFQIYCWHJVLNHIQIBTKHJ VNPIST Trigram HJV Kasiski Test KCCPKBGUFDPHQTYAVINRRTMVGRKDNBVFDETDGILTXRGUDDK OTFMBPVGEGLTGCKQRACQCWDNAWCRXIZAKFTLEWRPTYCQKY VXCHKFTPONCQQRHJVAJUWETMCMSPKQDYHJVDAHCTRLSVSK CGCZQQDZXGSFRLSWCWSJTBHAFSIASPRJAHKJRJUMVGKMITZHF PDISPZLVLGWTFPLKKEBDPGCEBSHCTJRWXBAFSPEZQNRWXCVY CGAONWDDKACKAWBBIKFTIOVKCGGHJVLNHIFFSQESVYCLACN VRWBBIREPBBVFEXOSCDYGZWPFDTKFQIYCWHJVLNHIQIBTKHJ VNPIST Trigram HJV : differences (δ) = 18, 138, 54, 12 Kasiski Test KCCPKBGUFDPHQTYAVINRRTMVGRKDNBVFDETDGILTXRGUDDK OTFMBPVGEGLTGCKQRACQCWDNAWCRXIZAKFTLEWRPTYCQKY VXCHKFTPONCQQRHJVAJUWETMCMSPKQDYHJVDAHCTRLSVSK CGCZQQDZXGSFRLSWCWSJTBHAFSIASPRJAHKJRJUMVGKMITZHF PDISPZLVLGWTFPLKKEBDPGCEBSHCTJRWXBAFSPEZQNRWXCVY CGAONWDDKACKAWBBIKFTIOVKCGGHJVLNHIFFSQESVYCLACN VRWBBIREPBBVFEXOSCDYGZWPFDTKFQIYCWHJVLNHIQIBTKHJ VNPIST Trigram HJV : differences (δ) = 18, 138, 54, 12 Greatest common denominator: m = 6 , length of the keyword is 6. Index of Coincidence Comparing 2 partials of same ciphertext Ciphertext coincidences same in Plain Text Used to help solve Vigenere cipher. Check if two texts are in the same language, dialect Index of Coincidence Consider the text from the Kasiski Test: KCCPKBGUFDPHQTYAVINRRTMVGRKDNBVFDETDGILTXRGUDDKOTFMBPVGEGLT GCKQRACQCWDNAWCRXIZAKFTLEWRPTYCQKYVXCHKFTPONCQQRHJVAJUWET MCMSPKQDYHJVDAHCTRLSVSKCGCZQQDZXGSFRLSWCWSJTBHAFSIASPRJAHKJRJ UMVGKMITZHFPDISPZLVLGWTFPLKKEBDPGCEBSHCTJRWXBAFSPEZQNRWXCVYC GAONWDDKACKAWBBIKFTIOVKCGGHJVLNHIFFSQESVYCLACNVRWBBIREPBBVFE XOSCDYGZWPFDTKFQIYCWHJVLNHIQIBTKHJVNPIST And the length of the keyword m = 6 Index of Coincidence KCCPKBGUFDPHQTYAVINRRTMVGRKDNBVFDETDGILTXRGUDDKOTFMBPVGEGLT GCKQRACQCWDNAWCRXIZAKFTLEWRPTYCQKYVXCHKFTPONCQQRHJVAJUWET MCMSPKQDYHJVDAHCTRLSVSKCGCZQQDZXGSFRLSWCWSJTBHAFSIASPRJAHKJRJ UMVGKMITZHFPDISPZLVLGWTFPLKKEBDPGCEBSHCTJRWXBAFSPEZQNRWXCVYC GAONWDDKACKAWBBIKFTIOVKCGGHJVLNHIFFSQESVYCLACNVRWBBIREPBBVFE XOSCDYGZWPFDTKFQIYCWHJVLNHIQIBTKHJVNPIST And the length of the keyword m = 6 Index of coincidence requires one to break the ciphertext up into the m number of rows. Each with as similar number of letters as possible. Index of Coincidence Index of coincidence requires one to break the ciphertext up into the length (m) number of rows. Each with as similar number of letters as possible. y1= KGQNGVGGTGCQWAWQHNJEPJTKQFWAP… y2= CUTRRFIUFEKCCKRKKCVTKVRCDRSFR… y3= CFYRKDLDMGQWRFPYFQAMQDLGZLJSJ… y4= PDATDETDBLRDXTTVTQJCDASCXSTIA… Y5= KPVMNTXKPTANILYXPRUMYHVZGWBAH… Y6= BHIVBDROVGCAZECCOHWSHCSQSCHSK… It comes out to look something like this (not full rows) The index of coincidence is denoted as 𝐼𝐶 𝑥 = 26 𝑖=1 𝑛 2 𝑓𝑖 2 = #𝑃𝑎𝑖𝑟𝑠 𝑜𝑓 𝑖𝑑𝑒𝑛𝑡𝑖𝑐𝑎𝑙 𝑒𝑙𝑒𝑚𝑒𝑛𝑡𝑠 # 𝑡𝑜𝑡𝑎𝑙 𝑝𝑎𝑖𝑟𝑠 Smaller example: IoC Consider x = “abaaabcda” So as you can see there are 5:a, 2:b, 1:c, 1:d, 9 in total 𝐼𝐶 𝑥 = 26 𝑖=1 𝑛 2 𝑓𝑖 2 = #𝑃𝑎𝑖𝑟𝑠 𝑜𝑓 𝑖𝑑𝑒𝑛𝑡𝑖𝑐𝑎𝑙 𝑒𝑙𝑒𝑚𝑒𝑛𝑡𝑠 # 𝑡𝑜𝑡𝑎𝑙 𝑝𝑎𝑖𝑟𝑠 Smaller example: IoC Consider x = “abaaabcda” So as you can see there are 5:a, 2:b, 1:c, 1:d, 9 in total 𝐼𝐶 𝑥 = 26 𝑖=1 𝑛 2 𝑓𝑖 2 = #𝑃𝑎𝑖𝑟𝑠 𝑜𝑓 𝑖𝑑𝑒𝑛𝑡𝑖𝑐𝑎𝑙 𝑒𝑙𝑒𝑚𝑒𝑛𝑡𝑠 # 𝑡𝑜𝑡𝑎𝑙 𝑝𝑎𝑖𝑟𝑠 Using the above equation we find that 𝐼𝐶 𝑥 = 2 5 + 2 2 9 2 = 10+1 36 = 11 36 Index of Coincidence For English text the index of coincidences is approximately .o66 The index of coincidence for the previous example: m = 1: 0.041 m = 2: 0.038, 0.047 m = 3: 0.056, 0.048, 0.048 m = 4: 0.037, 0.042, 0.037, 0.050 m = 5: 0.043, 0.043, 0.031, 0.035, 0.043 m = 6: 0.063, 0.084, 0.049, 0.065, 0.042, 0.071 m = 7: 0.031, 0.044, 0.043, 0.038, 0.044, 0.044, 0.041 Since the values are closest to .066 where m = 6 it is the appropriate choice for the keyword length. Other attacks Brute-Force Attack Boomerang Attack Linear cryptanalysis Brute-Force Attack Boomerang Attack Linear cryptanalysis Attack runtimes Brute-Force with 256 permutations per second 28 bits takes < 1 nanosecond 264 bits takes ~4.25 minutes 2128 bits takes ~150 trillion years 2256 bits takes ~51 × 1051 years Today’s Cryptanalysis The NSA has developed, due to an enormous breakthrough, the ability to cryptanalyze unfathomably complex encryption systems This includes those developed by other governments but as well as average computer users in the US The NSA is known for its mathematical breakthroughs in cryptanalysis especially differential cryptanalysis Questions?