Chapter 2 Cryptography

Classical cryptography o History of cryptography is over than 3,000 years o The object of the cryptography is characters o Encryption/Decryption is performed manually or by using mechanical principles o Applied commonly in military • A series of three rotors from an Enigma machine, used by Germany Military during World War II

Classical cryptography

o History of cryptography is over than 3,000 years

o The object of the cryptography is characters

o Encryption/Decryption is performed manually or by

using mechanical principles

o Applied commonly in military

• A series of three rotors from an

Enigma machine, used by Germany

Military during World War II

3

Modern cryptography (since 1970)

o Beginning with the development of Computer and

Information Technology

o Processing by Computer using bits

o Applying widely in many fields, especially in electronic

transactions

 Some examples of applied cryptography are:

Public key infrastructure (PKI)

Secure Hash Algorithm (SHA)

Secure Sockets Layer (SSL)

Pretty Good Privacy (PGP)

Secure Shell (SSH)

 Plaintext: This is the original intelligible message or data that is fed

into the algorithm as input

 Encryption algorithm: The encryption algorithm performs various

substitutions and transformations on the plaintext

 Secret key: The secret key is also input to the encryption algorithm

The key is a value independent of the plaintext and of the algorithm

 Ciphertext: This is the scrambled message produced as output It

depends on the plaintext and the secret key

 Decryption algorithm: This is essentially the encryption algorithm run

in reverse It takes the ciphertext and the secret key and produces the

original plaintext

10/09/2017 7

 There are two requirements for secure use of

o recoveres from the ciphertext to the plaintext using the same key

and a decryption algorithm

Ensuring simplicity (relatively speaking, of course)

Providing authenticity (legitimacy)

 Symmetric algorithms have their drawbacks:

Key management issues

Lack of nonrepudiation features

 Data Encryption Standard (DES) Originally adopted by the U.S government in

1977 DES is a 56-bit key algorithm => too short to be used today for any serious

security applications.

 Triple DES (3DES): an extension of the DES algorithm, w hich is three times more

pow erful than the DES algorithm Used a 168-bit key.

 Blow fish (by B.Schneier.): strong, fast, and simple in its design The algorithm uses

a 448-bit key and is optimized for use in today’s 32- and 64-bit processors

 International Data Encryption Algorithm (IDEA) (1990, Sw itzerland) It used to

protect the privacy of e-mail, data This algorithm is seen in applications such as the

Pretty Good Privacy (PGP) system

 MARS This AES finalist w as developed by IBM and supports key lengths of 128–256

bits.

 Advanced Encryption Standard (AES) The successor to DES and chosen to be

the new U.S encryption standard by NIST The algorithm is very compact and fast

and can use keys that are 128, 192, or 256 bits long.

 RC2,4,5,6

 Internet Protocol Security (IPSec):

o a set of protocols designed (to operate at the Netw ork layer of the OSI)

to protect the confidentiality and integrity of data as it flows over a

network

 Pretty Good Privacy (PGP):

o Using public key encryption, PGP is one of the most widely

recognized cryptosystems in the world

o PGP has been used to protect the privacy of e-mail, data

 Secure Sockets Layer (SSL).

o was developed by Netscape in the mid-1990s and rapidly became a

standard mechanism for exchanging data securely over insecure

channels such as the Internet

10/09/2017 15

10/09/2017 17

X = D(K,Y)

Brute-force attack

• Attacker tries every possible

key on a piece of ciphertext until

an intelligible translation into

plaintext is obtained

• On average, half of all possible

keys must be tried to achieve

success

Cryptanalysis

• Attack relies on the nature of the algorithm plus some knowledge of the general characteristics of the plaintext

• Attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used

There are two general approaches to

attacking a conventional encryption scheme

10/09/2017 19

 A strong algorithm that meets 1 or 2 of the following criteria:

o The cost of breaking the cipher exceeds the value of the encrypted

information (Low value)

o The time required to break the cipher exceeds the useful lifetime of

the information (large time)

 Average Time Required for Exhaustive Key Search

Plaintext (bit pattern)

are replaced by other

 Caesar Cipher: invented by Julius Caesar

o The earliest known,

o The simplest,

o use of a substitution cipher

 For each plaintext letter p , substitute the ciphertext letter

C, a shift parameter k is used as the key

 The encryption algorithm

C = E(k, p) = (p + k) mod 26

where k takes on a value in the range 1 to 25

 The decryption algorithm is simply

o simply try all the 25 possible keys

 3 important characteristics of cryptanalysis:

o The encryption and decryption algorithms are known

o There are only 25 keys to try

o The language of the plaintext is known and easily recognizable

(abbreviated or compressed)

 A dramatic increase in the key space can be achieved by

allowing an arbitrary substitution

 That is a monoalphabetic substitution cipher:

o a single cipher alphabet is used per message

 Permutation

o Of a finite set of elements S is an ordered sequence of all the

elements of S, with each element appearing exactly once

 If the “cipher” line can be any permutation of the 26

alphabetic characters, then there are 26! possible keys

Easy to break by Brute Force because they reflect

the frequency data of the original alphabet:

o Single letter: One-letter: e

o Digram: two-letter combination Most common is th, an, ed

o Trigram: Three-letter combination Most frequent is the, ing, est

 the frequency data: (single): E,t,a,o,I,s,h,r….

 Ex: plaintext: P: 13, Z:11, Z:8…

it was disclosed yesterday that several informal but

direct contacts have been made with political

representatives of the viet cong in moscow

31

 Invented by British scientist Sir Charles Wheatstone

in 1854 (name of his friend - Baron Playfair)

 Best-known multiple-letter encryption cipher

 Treats digrams in the plaintext as single units and

translates these units into ciphertext digrams

o Ex: lo ve => dg tu

 Based on the use of a 5 x 5 matrix of letters constructed

using a keyword

 Used as the standard field system by the British Army in

World War I and the U.S Army and other Allied forces

during World War II

 Ex, using the keyword MONARCHY

 Process:

o Fill in letters of keyword from left to right and from top

to bottom, step another letter if a letter repeated

o Fill in the remainder of the matrix with the remaining

letters in alphabetic order

o Note: I & J: same cell

o If both letters fall in the same row, replace each with letter to

right (wrapping back to start from end)

o If both letters fall in the same column, replace each with the letter

below it (wrapping to top from bottom)

o Otherwise each letter is replaced by the letter in the same row

and in the column of the other letter of the pair

o ex

10/09/2017 35

 According to the letters positions in the grid :

o if the 2 letters are on the same line, replace them by the ones on

their left (loop to the right if the edge of the grid is reached),

Ex, DE is decrypted CD

o if the 2 letters are on the same column, replace them by the ones

just above (loop to the bottom if the top of the grid is reached),

Ex, FK is decrypted AF

o If the 2 letters are similar (same column, same line), replace it by

ones on their left and above.

o else,replace the letters by the ones forming a rectangle with the

original pair Beginning with the letter on the same line as the

first letter to crypt L1L2=> L1=(rowL1,colL2); L2= =(rowL2,colL1);

Ex, BF is decrypted AG; GA is decrypted FB

 Ex1: EC -> HA, BC -> AB, RU -> GR, XX->RR

 Security much improved over monoalphabetic

 Since have 26 x 26 = 676 digrams

 Would need a 676 entry frequency table to analyze

(versus 26 for a monoalphabetic)

 Correspondingly more ciphertext was widely used for for

many years eg by US & British military in WW1

 It can be broken, given a few hundred letters

 Since still has much of plaintext structure

 Best known and one of the simplest polyalphabetic

substitution ciphers

 In this scheme the set of related monoalphabetic

substitution rules consists of the 26 Caesar ciphers

with shifts of 0 through 25

 Each cipher is denoted by a key letter which is the

ciphertext letter that substitutes for the plaintext

letter

Key

plaintext

 To encrypt a message, a key is needed that is as long as the

message

 Usually, the key is a repeating keyword

For example, if the keyword is deceptive ,

 the message “ we are discovered save yourself ” is encrypted:

 One locates the first letter of the key in the left column,

and locates on the row the first letter of the ciphered

message Then go up in the column to read the first

letter, it is the corresponding plain letter.

 One continues with the next letters of the message and

the next letters of the key, when arrived at the end of the

key, go back the the first key of the key.

 Ex: K= KEY C= NGMNI.

o Locates the letter K on the first column, and on the row of it, find

the cell of the letter N, the name of its column is D, it is the first

letter of the plain message

o continues

o The original plain text is DCODE

 Rail fence technique: the simplest such cipher

o the plaintext is written down as a sequence of diagonals and

then read off as a sequence of rows

o For example, to encipher the message “meet me after the toga

party” with a rail fence of depth 2, we write the following:

 A more complex scheme:

o write the message in a rectangle,

o row by row, and read the message off,

o column by column, but permute the order of the columns

o The order of the columns then becomes the key to the algorithm

 The methods of steganography conceal the existenceof the

message

o (the methods of cryptography make the message unintelligible (don’t know )

to outsiders by various transformations of the text)

 Various other techniques have been used historically, ex:

o Character marking: a subset of letters/w ords are overw ritten in pencil

• high overhead to hide relatively few info bits

 Advantage is can obscure (secret) encryption use

Stegosaurus: a covered lizard (but not a type of cryptography) Greek Words:

STEGANOS – “Covered”

GRAPHIE – “Writing”

 Steganography is the art and science of writing hidden

messages in such a way that no one apart from the

intended recipient knows of the existence of the message

 This can be achieve by concealing the existence of

information within seemingly harmless carriers or

cover

Masking and Filtering: Is where information is hidden inside of a image using

digital watermarks that include information such as copyright, ownership, or

licenses The purpose is different from traditional steganography since it is

adding an attribute to the cover image thus extending the amount of

information presented

Algorithms and Transformations : This technique hides data in mathematical

functions that are often used in compression algorithms The idea of this

method is to hide the secret message in the data bits in the least significant

coefficients

Least Significant Bit Insertion: The most common and popular method of

modern day steganography is to make use of the LSB of apicture’s pixel

information Thus the overall image distortion is kept to a minimum while

the message is spaced out over the pixels in the images This technique

works best when the image file is larger then the message file and if the

image is grayscale

fE: steganographic function "embedding"

fE-1: steganographic function "extracting"

cover: cover data in which emb will be hidden

emb: message to be hidden

key: parameter of fE

stego: cover data with the hidden message

 Security of the hidden communication

 size of the payload

 Robustness against malicious and unintentional attacks

10/09/2017 54

 Block Cipher vs Stream Cipher

 Block Cipher Principles

o Stream Ciphers and Block Ciphers

o Motivation for the Feistel Cipher Structure

o The Feistel Cipher

 The Data Encryption Standard

o DES Encryption

o DES Decryption

 A block cipher is one in which a block of plaintext is

treated as a whole and used to produce a ciphertext

block of equal length

• Typically, a block size of 64 or 128 bits is used

 A stream cipher is one that encrypts a digital data

stream one bit or one byte at a time

Block CipherStream

Cipher

10/09/2017 58

 Encryption:

o plaintext one byte at a time, although a

stream cipher may be designed to

operate on one bit at a time or on units

larger than a byte at a time

 Key:

o is input to a bit fake generator - produce

a random 8-bit line => generate an

output key stream,

o It combines one byte at a time with the

plaintext using exclusive-OR operation

(XOR) operation

 Most symmetric block ciphers are based on a Feistel

Cipher Structure

 Needed since must be able to decrypt ciphertext to

recover messages efficiently

 Block ciphers look like an extremely large substitution

 Would need table of 264 entries for a 64-bit block

 Instead create from smaller building blocks

 Using idea of a product cipher

 Plaintext M = M1,M2…, encrypted with the same key.

 Feistel cipher is a block cipher operates on a

plaintext block of n bits to produce a ciphertext

block of n bits

o Ex: for DES a big letter is a 64-bit block and number of different

letters is 264

 S-P Network (proposed by Claude Shannon) formed

the basic of block cryptography

 S-P Network based on 2 transformations:

o Substitution & Permutation

1 0 1

1 1 0 0 1 1

10/09/2017 64

 A 4-bit input produces one of 16 (=24) possible input states,

which is mapped by the substitution cipher into a unique one

of 16 possible output states, each of which is represented by

4 ciphertext bits.

 This is the most general form of block cipher and can be used

to define any reversible mapping between plaintext and

ciphertext.

 Feistel refers to this as the ideal block cipher, because it

allows for the maximum number of possible encryption

mappings from the plaintext block

F +

10/09/2017 68

block size: larger – more secure

key size: longer - more secure

number of rounds: more - more secure

subkey generation algorithm: more complex – difficult

to break

round function: more complex – difficult to break

fast software en/decryption

ease of analysis

 Modern block ciphers include:

o DES, AES, Blowfish, IDEA, LOKi, RC5, etc

 DES: Data Encryption Standard

o is based on the Data Encryption Standard (DES)

o adopted in 1977 by the National Bureau of Standards

o is referred to as the Data Encryption Algorithm (DEA).

o data are encrypted in 64-bit blocks using a 56-bit key.

 DEA: Data Encryption Algorithm

o has the exact structure of Feistel Cipher but w ithout Initial Permutation (IP)

and Inverse Initial Permutation

o transforms 64-bit input in a series of steps into a 64-bit output.

o The same steps, w ith the same key, are used to reverse the

encryption

DES Encryption Algorithm

 The process of encrypting a 64-bit block with DES:

oInitial permutation - IP

o16 complex calculation loops using key

oPermutation end (be the inverse of IP)