Transcript Chapter 2 – Classical Encryption Techniques Jen-Chang Liu, 2005 Adopted from lecture slides by Lawrie Brown.

Chapter 2 – Classical Encryption
Techniques
Jen-Chang Liu, 2005
Adopted from
lecture slides by Lawrie Brown
Many savages at the present day regard
their names as vital parts of themselves,
and therefore take great pains to conceal
their real names, lest these should give to
evil-disposed persons a handle by which
to injure their owners. —The Golden
Bough, Sir James George Frazer
Sir James George Frazer


《金枝》一書原名應作「The Golden
Bough」，作者Sir James Frazer (1854-1941)，
他是英國人類學家、民俗學家，和古典學者。
《金枝》 一書的主旨在於：人類思想方式的
發展過程是由巫術、宗教發展為科 學。
一個小鎮每年到了6月27日都會舉行 一種儀式：
全鎮居民集合然後抽籤，抽中的人必須讓其他
居民用亂石打死，且 不得反抗；這是為了驅
除災難，被打死的人是為全鎮犧牲的英雄
Review: Model for Network
Security
3
1
2
3 roles to play in security system
密碼學
Cryptography

Cryptographic systems can be characterized
by:

encryption operations used for transforming
plaintext to ciphertext


number of keys used


substitution / transposition (permutation) / product
single-key or secret-key / two-key or public-key
way in which plaintext is processed

block / stream
What’s the secret information?
Outline





Symmetric cipher model
Substitution technique
Transposition technique
Rotor machines
Steganography
Symmetric Cipher Model
?
對稱式
Symmetric Encryption



conventional / single-key / single-key
encryption
sender and recipient share a common key
was the only type prior to invention of publickey in 1970’s
Basic Terminology









plaintext - the original message 明文
ciphertext - the coded message 密文
cipher - algorithm for transforming plaintext to
ciphertext
key - info used in cipher known only to sender/receiver
encipher (encrypt) - converting plaintext to ciphertext
decipher (decrypt) - recovering ciphertext from
plaintext
cryptography - study of encryption principles/methods
cryptanalysis (codebreaking) - the study of
principles/ methods of deciphering ciphertext without
knowing key
cryptology - the field of both cryptography and
cryptanalysis
Mathematical formulation
Y = EK(X)
X = DK(Y)
Cryptosystem

1.
2.
3.
4.
Ref: Cryptography: theory and
Practice, D. Stinson
A cryptosystem is a five-tuple (P,C,K,E,D),
where the following conditions are satisfied:
P is a finite set of possible plaintexts
C is a finite set of possible ciphertexts
K ,the keyspace,is a finite set of possible keys
For each kK, there is an encryption rule ek E
and a corresponding decryption rule dk D.
Each ek:PC and dk:CP are functions such
that dk(ek(x))=x for each xP
Example: Caesar Cipher



earliest known substitution cipher by Julius
Caesar
first attested use in military affairs
example:
m
n
o
p
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
replaces each letter by 3rd letter further down the alphabet
Example: Caesar Cipher (cont.)
Plaintext alphabets

X  a, b, c, d ,..., x, y, z
Assign a number to each alphabet:
X  0, 1, 2, 3,..., 23, 24, 25


Ciphertext alphabets
Y  0, 1, 2, 3,..., 23, 24, 25
Encryption algorithm
Y = EK(X)=(X+3) mod 26
Security Requirements

two requirements for secure use of
symmetric encryption:

a strong encryption algorithm


assume encryption algorithm is known, the opponent
is unable to decipher the ciphertext (Kerckhoff’s
principle)
a secret key known only to sender / receiver

implies a secure channel to distribute key
Cryptanalysis of Caesar Cipher

Assume that the encryption is known as a
Caesar cipher

Try 25 possible keys – brute force
k=0
PHHW PH DIWHU WKH WRJD SDUWB
k=1
OGGV OG CHUGT VJG VQIC RCTVA
…
k=3
MEET ME AFTER THE TOGA PARTY
…
k=25
Cryptanalysis of Caesar Cipher

Why brute force attack works?



Encryption (decryption) algorithm is known
25 keys  too small
The language of plaintext is recognizable

Ex. A zipped file
Brute Force Search

Given encryption algorithm, it’s always possible to
simply try every key


On average, try half of all keys
assume either know / recognise plaintext
decryption
DES
AES
3DES
Degree of security for encryption
schemes

unconditional security



no matter how much computer power is available,
the cipher cannot be broken since the ciphertext
provides insufficient information to uniquely
determine the corresponding plaintext
不論花多少時間也無法破解
computational security

given limited computing resources (eg time
needed for calculations is greater than age of
universe), the cipher cannot be broken
Types of Cryptanalytic Attacks
Mini break

There will be a programming project this
semester

Implementation of DES or AES
Outline

Symmetric cipher model





Caesar cipher
Substitution technique
Transposition technique
Rotor machines
Steganography
Classical Substitution Ciphers


where letters of plaintext are replaced by
other letters or by numbers or symbols
if plaintext is viewed as a sequence of bits,
then substitution involves replacing plaintext
bit patterns with ciphertext bit patterns
A
B
C
.
.
Y
Z
A
B
C
.
.
Y
Z
Caesar Cipher

can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

then have Caesar cipher as:
C = E(p) = (p + k) mod (26)
p = D(C) = (C – k) mod (26)
Caesar cipher can be cryptoanalyzed by brute-force attack
=> Far from secure
Monoalphabetic Cipher


rather than just shifting the alphabet
each plaintext letter maps to a different
random ciphertext letter
A
B
C
.
.
Y
Z
E(.)
.
.
.
A
B
C
.
.
Y
Z
26! Possible transforms
Monoalphabetic Cipher
Security



now have a total of 26! = 4 x 1026 keys
Very secure !?
How to break?
Language Redundancy and
Cryptanalysis

human languages are redundant
Cryptanalysis of monoalphabetic
cipher
Given ciphertext:
Calculate its relative frequencies:
* Compare it with the previous table
Cryptanalysis (cont.)


One alphabet frequencies: guess P & Z are e and t
Digrams and trigrams: frequencies of compound
letters


guess ZW is th and hence ZWP is the
proceeding with trial and error
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
th t e e
t
e e te
t
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
e th
e t
t
t t h e ee
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
e e e t t e
t h e et
How to improve monoalphabetic
cipher?

Encrypt multiple letters of plaintext at the
same time



Playfair cipher
Hill cipher
Use multiple cipher alphabets

Polyalphabetic cipher
Playfair Cipher


Best-known multiple-letter encryption cipher
invented by Charles Wheatstone in 1854, but
named after his friend Baron Playfair
Example: digram mapping
x
y
26x26 diagrams
c
g
Playfair Key Matrix


a 5X5 matrix of letters based on a keyword
eg. using the keyword MONARCHY
M
C
E
L
U
O
H
F
P
V
N
Y
G
Q
W
A R
B D
I/J K
S T
X Z
fill in letters of keyword
fill rest of matrix with other letters in
alphabetic order

Playfair: Encrypting and
Decrypting

MONA
CHY B
E F G I/J
LPQ S
UVWX
plaintext encrypted two letters at a time:

if a pair is a repeated letter, insert a filler like 'X',
eg. "balloon" encrypts as "ba lx lo on"
 if both letters fall in the same row, replace each
with letter to right (wrapping back to start from
end), eg. “ar" encrypts as "RM"
 if both letters fall in the same column, replace
each with the letter below it (again wrapping to
top from bottom), eg. “mu" encrypts to "CM"

R
D
K
T
Z
otherwise each letter is replaced by the one in its
row in the column of the other letter of the pair,
eg. “hs" encrypts to "BP", and “ea" to "IM" or "JM"
(as desired)
Security of the Playfair Cipher


security much improved over monoalphabetic
26 x 26 = 676 digrams



would need a 676 entry frequency table to analyse
(verses 26 for a monoalphabetic)
was widely used for many years (eg. US & British
military in WW1)
it can be broken, given a few hundred letters

since still has much of plaintext structure
Idea: Relative frequency of
occurrence of letters in ciphertext
* Make the freq. Distribution information concealed => flatter
Hill cipher


Mathematician Lester Hill in 1929
p1
Multi-letter cipher

Ex. 3-letter cipher
p2
p3
?
Input: 263
c1
c2
c3
Output: 263
Linear equations: C=KP mod 26
 c1   k11
  
 c2    k 21
c  k
 3   31
k12
k 22
k32
k13  p1 
 
k 23  p2  mod 26
k33  p3 
Key matrix
Hill cipher (cont.)



Encryption: C = KP mod 26
Decryption: P = K-1C mod 26
Idea: hide single-letter frequencies



2x2 key matrix: hide single-letter freq.
3x3 key matrix: hide single-letter and digram
freq.
…
How to attack Hill cipher?
Cryptanalysis on Hill cipher


Known ciphertext X
Known plaintext-ciphertext pairs
Ex. 2x2 key matrix, given “friday” => “PQCFKU”
=>
P

Q
15

16
C
f
  K 
F
r
i

d
2
 5 8
  K 
 mod 26
5
17 3 
=> 解出K !!!
How to improve monoalphabetic
cipher?

Encrypt multiple letters of plaintext at the
same time



Playfair cipher
Hill cipher
Use multiple cipher alphabets

Polyalphabetic cipher
Monoalph. Cipher:
a
Polyalph. Cipher:
Rule 1
a
Rule 2
k
k
J
Polyalphabetic Ciphers

Polyalphabetic substitution ciphers


A set of related monoalphabetic substitution rules
is used
use a key to select which alphabet is used for
each letter of the message
Vigenère Cipher

simplest polyalphabetic substitution cipher is
the Vigenère Cipher



26 Caesar ciphers
Each Caesar cipher is labelled by a key letter
See Table 2.3
key
plaintext
Example: Vigenère Cipher


Encryption: need a key and the plaintext
Eg. using keyword deceptive
key:
deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ

Decryption: the table and the key are known
• advantage: multiple ciphertext letters for each plaintext letter
=> hide letter frequency
=> See Fig. 2.6
Cryptanalysis on Substitution
Cipher

Calculate the statistical properties of the
ciphertext
Match language letter freq.
Yes  Monoalphabetic cipher
No  Polyalphabetic cipher (Vigenère Cipher)

Find the length of keyword
key:
deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Guess key length
 Attack each monoalphabetic cipher

Improve over Vigenère Cipher (1)

Avoid repetition of key

Autokey system
key:
deceptivewearediscoveredsav
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA
Improve over Vigenère Cipher (2)

Avoid repetition of key


Gilbert Vernam, 1918
Use of a running loop of tape that eventually
repeat the key

A very long but repeating keyword
One-Time Pad



Unconditional security !!!
Improve on Vigenère Cipher, by Jeseph
Mauborgne
Use a random key that was truly as long as
the message, no repetitions
Example: one-time pad


Known Vigenère Cipher with one-time key
Given ciphertext:
ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
Decrypt by hacker 1:
Ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
Key:
pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyih
Plaintext: mr mustard with the candlestick in the hall
Decrypt by hacker 2:
Ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
Key:
pftgpmiydgaxgoufhklllmhsqdqogtewbqfgyovuhwt
Plaintext: miss scarlet with the knife in the library
Which one?
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
?
a
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
?
b
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
?
A
c
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
?
A
B
d
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
?
A
B
C
e
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
?
A
B
C
D
f
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
?
A
B
C
D
E
g
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
?
A
B
C
D
E
F
h
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
?
A
B
C
D
E
F
G
i
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
?
A
B
C
D
E
F
G
H
j
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
?
A
B
C
D
E
F
G
H
I
k
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
?
A
B
C
D
E
F
G
H
I
J
l
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
?
A
B
C
D
E
F
G
H
I
J
K
m
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
?
A
B
C
D
E
F
G
H
I
J
K
L
n
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
?
A
B
C
D
E
F
G
H
I
J
K
L
M
o
O
P
Q
R
S
T
U
V
W
X
Y
Z
?
A
B
C
D
E
F
G
H
I
J
K
L
M
N
p
P
Q
R
S
T
U
V
W
X
Y
Z
?
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
q
Q
R
S
T
U
V
W
X
Y
Z
?
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
r
R
S
T
U
V
W
X
Y
Z
?
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
s
S
T
U
V
W
X
Y
Z
?
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
t
T
U
V
W
X
Y
Z
?
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
u
U
V
W
X
Y
Z
?
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
v
V
W
X
Y
Z
?
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
w
W
X
Y
Z
?
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
x
X
Y
Z
?
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
y
Y
Z
?
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
z
Z
?
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
?
?
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Problem with one-time pad


Truly random key with arbitrary length?
Distribution and protection of long keys

The key has the same length as the plaintext!
Summary



Caesar cipher
Monoalphabetic cipher
Encrypt multiple letters of plaintext at the
same time



Playfair cipher
Hill cipher
Use multiple cipher alphabets



Polyalphabetic cipher
Vernam cipher
One-time Pad
Outline





Symmetric cipher model
Substitution technique
Transposition technique
Rotor machines
Steganography
Transposition Ciphers

Transposition cipher: permutation on the
排列
plaintext letters



these hide the message by rearranging the letter
order
without altering the actual letters used
Feature: have the same frequency distribution as
the original text
Rail Fence cipher


write message letters out diagonally over a
number of rows
eg. Plaintext: “meet me after the toga party”
m e m a t r h t g p r y
e t e f e t e o a a t

then read off cipher row by row
MEMATRHTGPRYETEFETEOAAT
Row Transposition Ciphers


Improve on Rain Fence cipher
write letters of message out in rows over a
specified number of columns
Key:
4 3 1 2 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
 reorder the columns according to some key
before reading off the rows
Row Transposition Ciphers (cont.)

Improve on Row Transposition Ciphers


Re-encrypt again!
Why more secure? Observe the change of
plaintext position
Initial plaintext: 01 02 03 04 05 06 07 08 09 10 11 12 13 14
15 16 17 18 19 20 21 22 23 24 25 26 27 28
1st permutation: 03 10 17 24 04 11 18 25 02 09 16 23 01 08
15 22 05 12 19 26 06 13 20 27 07 14 21 28
2nd permutation: 17 09 05 27 24 16 12 07 10 02 22 20 03 25
15 13 04 23 19 14 11 01 26 21 18 08 06 28
Product Ciphers


ciphers using substitutions or transpositions are not
secure because of language characteristics
hence consider using several ciphers in succession
to make harder, but:




two substitutions make a more complex substitution
two transpositions make more complex transposition
but a substitution followed by a transposition makes a
new much harder cipher
this is bridge from classical to modern ciphers
Outline





Symmetric cipher model
Substitution technique
Transposition technique
Rotor machines
Steganography
Rotor Machines


apply multiple stages of encryption
were widely used in WW2



German Enigma, Allied Hagelin, Japanese Purple
with 3 cylinders have 263=17576 alphabets
Each cylinder is a monoalphabetic
substitution
Three-rotor machine
Rotate after
an input
Steganography

Encryption
plaintext

偽裝
encryption
ciphertext
(un-recognizable)
Steganography: hides existence of message
plaintext
steganography
another plaintext
Summary

have considered:








classical cipher techniques and terminology
monoalphabetic substitution ciphers
cryptanalysis using letter frequencies
Playfair ciphers
polyalphabetic ciphers
transposition ciphers
product ciphers and rotor machines
stenography