April 12, 2023 1

Cipher Techniques

April 12, 2023 2

Road Map

Basic Terminology Cryptosystem Classical Cryptography Algorithm Types and Modes Data Encryption Standard Other Stream & Block Ciphers

April 12, 2023 3

Basic Terminology

plaintext - the original message ciphertext - the coded message cipher - algorithm for transforming plaintext to ciphertext key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext from plaintext cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - the study of principles/ methods

of deciphering ciphertext without knowing key cryptology - the field of both cryptography and cryptanalysis

April 12, 2023 4

Cryptosystem

A cryptosystem is a five-tuple (P,C,K,E,D), where the following are satisfied:

1. P is a finite set of possible plaintexts.2. C is a finite set of possible ciphertexts.3. K, the key space, is a finite set of possible

keys

4. KK, EKE (encryption rule), DKD (decryption rule). Each EK: PC and DK: CP are functions such that xP, DK(EK(x)) = x.

April 12, 2023 5

Cryptography

Cryptography Symmetric / private key / single key Asymmetric / public-key / two - key

April 12, 2023 6

Symmetric Cryptography

April 12, 2023 7

Asymmetric Cryptography

April 12, 2023 8

Requirements

Two requirements for secure use of symmetric encryption: a strong encryption algorithm a secret key known only to sender / receiver

Y = EK(X)

X = DK(Y)

assume encryption algorithm is known implies a secure channel to distribute key

April 12, 2023 9

Symmetric cryptography

Transposition Techniques Substitution techniques

Caesar Cipher Monoalphabetic Cipher Polyalphabethic Cipher Playfair Cipher

April 12, 2023 10

Types of Cryptanalytic Attacks ciphertext only

only know algorithm / ciphertext, statistical, can identify plaintext, or worse: the key

known plaintext know/suspect plaintext & ciphertext to attack cipher

chosen plaintext select plaintext and obtain ciphertext to attack cipher

chosen ciphertext select ciphertext and obtain plaintext to attack cipher

chosen text select either plaintext or ciphertext to en/decrypt to

attack cipher

adversary needs strongest attack

adversary’s attacks can be weaker

April 12, 2023 11

Brute Force Search

always possible to simply try every key most basic attack, proportional to size of key

space assume either know / recognise plaintext

April 12, 2023 12

Transposition Ciphers

Consider classical transposition or permutation ciphers

these hide the message by rearranging the letter order

without altering the actual letters used can recognise these since have the same

frequency distribution as the original text

April 12, 2023 13

Rail Fence cipher

write message letters out diagonally over a number of rows

then read off cipher row by row eg. write message out as:

m e m a t r h t g p r y

e t e f e t e o a a t

giving ciphertextMEMATRHTGPRYETEFETEOAAT

April 12, 2023 14

Row Transposition Ciphers

a more complex scheme write letters of message out in rows over a

specified number of columns then reorder the columns according to some

key before reading off the rowsKey: 4 3 1 2 5 6 7Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m x y zCiphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

April 12, 2023 15

Classical Substitution Ciphers

where letters of plaintext are replaced by other letters or by numbers or symbols

or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns

April 12, 2023 16

Caesar Cipher

earliest known substitution cipher by Julius Caesar first attested use in military affairs replaces each letter by 3rd letter after it example:meet me after the toga party

PHHW PH DIWHU WKH WRJD SDUWB

April 12, 2023 17

Caesar Cipher

can define transformation as:a b c d e f g h i j k l m n o p q r s t u v w x y zD E F G H I J K L M N O P Q R S T U V W X Y Z A B C

mathematically give each letter a numbera b c d e f g h i j k l m0 1 2 3 4 5 6 7 8 9 10 11 12n o p q r s t u v w x y Z13 14 15 16 17 18 19 20 21 22 23 24 25

then have Caesar cipher as:C = E(p) = (p + k) mod (26)p = D(C) = (C – k) mod (26)

April 12, 2023 18

Monoalphabetic Cipher

rather than just shifting the alphabet could shuffle (jumble) the letters arbitrarily each plaintext letter maps to a different random

ciphertext letter hence key is 26 letters long

Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZNPlaintext: ifwewishtoreplacelettersCiphertext: WIRFRWAJUHYFTSDVFSFUUFYA

April 12, 2023 19

Playfair Cipher

not even the large number of keys in a monoalphabetic cipher provides security

one approach to improving security was to encrypt multiple letters

the Playfair Cipher is an example invented by Charles Wheatstone in 1854, but

named after his friend Baron Playfair

April 12, 2023 20

Playfair Key Matrix

a 5X5 matrix of letters based on a keyword (I and J aren’t distinguished)

fill in letters of keyword (sans duplicates) fill rest of matrix with other letters eg. using the keyword MONARCHY

MONAR

CHYBD

EFGIK

LPQST

UVWXZ

April 12, 2023 21

Encrypting and Decrypting plaintext encrypted two letters at a time:

1. each letter is replaced by the one in its row in the column of the other letter of the pair, eg. “hs" encrypts to "BP", and “ea" to "IM" or "JM" (as desired). Except when that doesn’t work!

2. if a pair is a repeated letter, insert a filler like 'X', eg. "balloon" transformed to "ba lx lo on"

3. if both letters fall in the same row, replace each with letter to right (wrapping back to start from end), eg. “ar" encrypts as "RM"

4. if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom), eg. “mu" encrypts to "CM"

April 12, 2023 22

Polyalphabetic Ciphers

another approach to improving security is to use multiple cipher alphabets

called polyalphabetic substitution ciphers makes cryptanalysis harder with more alphabets to

guess and flatter frequency distribution use a key to select which alphabet is used for each

letter of the message use each alphabet in turn repeat from start after end of key is reached

April 12, 2023 23

Vigenère Cipher

simplest polyalphabetic substitution cipher is the Vigenère Cipher

effectively multiple caesar ciphers key is multiple letters long K = k1 k2 ... kd ith letter specifies ith alphabet to use use each alphabet in turn repeat from start after d letters in message decryption simply works in reverse

April 12, 2023 24

Example

write the plaintext out write the keyword repeated above it use each key letter as a caesar cipher key encrypt the corresponding plaintext letter eg using keyword deceptivekey: deceptivedeceptivedeceptiveplaintext: wearediscoveredsaveyourselfciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ

April 12, 2023 25

Autokey Cipher

ideally want a key as long as the message Vigenère proposed the autokey cipher with keyword is prefixed to message as key knowing keyword can recover the first few letters use these in turn on the rest of the message but still have frequency characteristics to attack eg. given key deceptive

key: deceptivewearediscoveredsavplaintext: wearediscoveredsaveyourselfciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA

April 12, 2023 26

One-Time Pad

if a truly random key as long as the message is used, the cipher will be secure

called a One-Time pad is unbreakable since ciphertext bears no

statistical relationship to the plaintext since for any plaintext & any ciphertext

there exists a key mapping one to other unconditional security! why look any

further??

April 12, 2023 27

Product Ciphers

ciphers using substitutions or transpositions are not secure because of language characteristics

hence consider using several ciphers in succession to make harder (Shannon) two substitutions make a more complex substitution two transpositions make more complex transposition but a substitution followed by a transposition makes a new

much harder cipher

this is bridge from classical to modern ciphers

April 12, 2023 28

Rotor Machines

before modern ciphers, rotor machines were most common product cipher

were widely used in WW2 German Enigma, Allied Hagelin, Japanese Purple

implemented a very complex, varying substitution cipher

used a series of cylinders, each giving one substitution, which rotated and changed after each letter was encrypted

with 3 cylinders have 263=17576 alphabets 3! rearrangements of cylinders in Enigma

April 12, 2023 29

Steganography

an alternative to encryption hides existence of message

using only a subset of letters/words in a longer message marked in some way

using invisible ink hiding in LSB in graphic image or sound file

has drawbacks high overhead to hide relatively few info bits

April 12, 2023 30

Algorithm Types and Modes

An Algorithm type defines what size of plain text should be encrypted in each step of algorithm

An Algorithm mode defines the details of the cryptographic algorithm, once the type is decided.

April 12, 2023 31

Algorithm Types Stream Ciphers Block Ciphers

Algorithm Modes Electronic Code Book Cipher Block Chaining Cipher FeedBack Output FeedBack

Work On Block Cipher

Work On Block Ciphers acting as Stream Cipher

April 12, 2023 32

Stream, Block Ciphers

E encipherment function Ek(b) encipherment of message b with key k In what follows, m = b1b2 …, each bi of fixed length

Block cipher Ek(m) = Ek(b1)Ek(b2) …

Stream cipher k = k1k2 … Ek(m) = Ek1(b1)Ek2(b2) … If k1k2 … repeats itself, cipher is periodic and the kength of

its period is one cycle of k1k2 …

April 12, 2023 33

Stream Ciphers

Often (try to) implement one-time pad by xor’ing each bit of key with one bit of message Example:

m = 00101

k = 10010

c = 10111 But how to generate a good key?

April 12, 2023 34

Synchronous Stream Ciphers

n-stage Linear Feedback Shift Register: consists of n bit register r = r0…rn–1

n bit tap sequence t = t0…tn–1

Use: Use rn–1 as key bit

Compute x = r0t0 … rn–1tn–1

Shift r one bit to right, dropping rn–1, x becomes r0

April 12, 2023 35

Operation

r0rn–1

… bi

…

…

ci

r0´ rn–1´… ri´ = ri–1,0 < i ≤ n

r0t0 + … + rn–1tn–1

April 12, 2023 36

Example

4-stage LFSR; t = 1001r ki new bit computation new r0010 0 01001001 = 0 00010001 1 01000011 = 1 10001000 0 11000001 = 1 11001100 0 11100001 = 1 11101110 0 11101001 = 1 11111111 1 11101011 = 0 01110111 1 11101011 = 1 1011 Key sequence has period of 15 (010001111010110)

April 12, 2023 37

NLFSR

n-stage Non-Linear Feedback Shift Register: consists of n bit register r = r0…rn–1

Use: Use rn–1 as key bit

Compute x = f(r0, …, rn–1); f is any function

Shift r one bit to right, dropping rn–1, x becomes r0

Note same operation as LFSR but more general bit replacement function

April 12, 2023 38

Example

4-stage NLFSR; f(r0, r1, r2, r3) = (r0 & r2) | r3

r ki new bit computation new r

1100 0 (1 & 0) | 0 = 0 0110

0110 0 (0 & 1) | 0 = 0 0011

0011 1 (0 & 1) | 1 = 1 1001

1001 1 (1 & 0) | 1 = 1 1100

1100 0 (1 & 0) | 0 = 0 0110

0110 0 (0 & 1) | 0 = 0 0011

0011 1 (0 & 1) | 1 = 1 1001 Key sequence has period of 4 (0011)

April 12, 2023 39

Self-Synchronous Stream Cipher

Take key from message itself (autokey) Example: Vigenère, key drawn from plaintext

key XTHEBOYHASTHEBA plaintext THEBOYHASTHEBAG ciphertext QALFPNFHSLALFCT

Problem: Statistical regularities in plaintext show in key Once you get any part of the message, you can

decipher more

April 12, 2023 40

Another Example

Take key from ciphertext (autokey) Example: Vigenère, key drawn from

ciphertext key XQXBCQOVVNGNRTT plaintext THEBOYHASTHEBAG ciphertext QXBCQOVVNGNRTTM

Problem: Attacker gets key along with ciphertext, so

deciphering is trivial

April 12, 2023 41

Block Cipher

Block Cipher – treat a

block of plaintext as a whole Feistel Cipher DES/3DES/AES

Stream coding – encrypt one

bit or byte at a time

April 12, 2023 42

Block Ciphers

Encipher, decipher multiple bits at once Each block enciphered independently Problem: identical plaintext blocks produce

identical ciphertext blocks Example: two database records

MEMBER: HOLLY INCOME $100,000 MEMBER: HEIDI INCOME $100,000

Encipherment: ABCQZRME GHQMRSIB CTXUVYSS RMGRPFQN ABCQZRME ORMPABRZ CTXUVYSS RMGRPFQN

April 12, 2023 43

Solutions

Insert information about block’s position into the plaintext block, then encipher

Cipher block chaining: Exclusive-or current plaintext block with previous

ciphertext block: c0 = Ek(m0 I)

ci = Ek(mi ci–1) for i > 0

where I is the initialization vector

April 12, 2023 44

Algorithm Modes

Electronic Code Book Cipher Block Chaining Cipher FeedBack Output FeedBack

Work On Block Cipher

Work On Block Ciphers acting as Stream Cipher

April 12, 2023 45

ECB (Electronic CodeBook) Mode

Encryption: for 1≤j≤t, cj <= EK(xj).

Decryption: for 1≤j≤t, xj <= DK(cj). Identical plaintext (under the same key) result in

identical ciphertext blocks are enciphered independently of other

blocks bit errors in a single ciphertext affect

decipherment of that block only

April 12, 2023 46

E E-1key

key

n

n

cjx’j = xj

xj

encipherment

decipherment

ECB Mode (Cont’d)

April 12, 2023 47

CBC (Cipher-Block Chaining) Mode

C0=IV C j

C j-1

E

⊕

C j-1

E-1

⊕

xj

n

C j

key

X’j = xjn

key

<Encipherment><Decipherment>

April 12, 2023 48

Encryption: c0 IV, cj EK(cj−1 xj)

Decryption: c0 IV, xj cj−1 E−1K(cj)

chaining causes ciphertext cj to depend on all preceding

plaintext a single bit error in cj affects decipherment of blocks cj and

cj+1

self-synchronizing: error cj (not cj+1, cj+2) is correctly decrypted to xj+2.

CBC Mode (Cont’d)

April 12, 2023 49

CFB-r(Cipher FeedBack) Mode

r-bit Shift

I1=IV

E

Oj

xj ci

leftmost r bits

key

Encipherment

r-bit Shift

ci xj

leftmost r bits

key

Decipherment

E

Oj

April 12, 2023 50

OFB(Output FeedBack) Mode with full(or r-bit) feedback

r-bit Shift

I1=IV

Oj

xj cj

Leftmost r-bits

key

Encipherment

r-bit Shift

cj xj

Leftmost r-bits

key

Deciphering

E

Oj

E

IjIj

April 12, 2023 51

Data Encryption Standard

The Data Encryption Standard (DES) specifies a FIPS approved cryptographic algorithm as required by FIPS 140-1.(Federal Information Processing Standards 140-1)

April 12, 2023 52

April 12, 2023 53

Enciphering

The 64 bits of the input block to be enciphered are first subjected to the following initial permutation IP:

April 12, 2023 54

IP 58 50 42 34 26 18 10 2

60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7

April 12, 2023 55

The permuted input block is then the input to a complex key-dependent computation.

The output of that computation (preoutput) is then subjected to the next permutation which is the inverse of the initial permutation.

April 12, 2023 56

IP-1 40 8 48 16 56 24 64 32

39 7 47 15 55 23 63 31

38 6 46 14 54 22 62 30

37 5 45 13 53 21 61 29

36 4 44 12 52 20 60 28

35 3 43 11 51 19 59 27

34 2 42 10 50 18 58 26

33 1 41 9 49 17 57 25

April 12, 2023 57

Let K be a block of 48 bits chosen from the 64-bit (how? explained next). Then the output L'R' of an iteration with input LR is defined by:

L' = R

R' = L (+) f (R,K) L'R' is the output of the 16th iteration then

R'L' is the preoutput block.

April 12, 2023 58

One round of DES

April 12, 2023 59

April 12, 2023 60

PC-1 (Key Permutation) 57 49 41 33 25 17 9 1 58 50 42 34 26 18 10 2 59 51 43 35 27

19 11 3 60 52 44 36

63 55 47 39 31 23 15 7 62 54 46 38 30 22 14 6 61 53 45 37 29 21 13 5 28 20 12 4

April 12, 2023 61

Iteration corresponds to left shifts:

1 2 3 4 5 6 7 8

1 1 2 2 2 2 2 2

9 10 11 12 13 14 15 16

1 2 2 2 2 2 2 1

April 12, 2023 62

PC-2 (Compression Permutation)

14 17 11 24 1 5

3 28 15 6 21 10

23 19 12 4 26 8

16 7 27 20 13 2

41 52 31 37 47 55

30 40 51 45 33 48

44 49 39 56 34 53

46 42 50 36 29 32

April 12, 2023 63

One round of DES

April 12, 2023 64

The Cipher Function f : A sketch of the calculation of f (R, K) is given by

April 12, 2023 65

Expansion Permutation

1 2 3 4 5 6 7 8 9 10 11 12

1 2 3 4 5 6 7 8 9 10 111213 14 15 16

April 12, 2023 66

E bit-selection table

32 1 2 3 4 5

4 5 6 7 8 9

8 9 10 11 12 13

12 13 14 15 16 17

16 17 18 19 20 21

20 21 22 23 24 25

24 25 26 27 28 29

28 29 30 31 32 1

April 12, 2023 67

One round of DES

April 12, 2023 68

S1

14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7

O 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8

4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0

15 12 8 2 4 9 1 7 5 11 3 14 10 O 6 13

S2

15 1 8 14 6 11 3 4 9 7 2 13 12 O 5 10

3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5

0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15

13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9

April 12, 2023 69

S3 10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8

13 7 O 9 3 4 6 10 2 8 5 14 12 11 15 1

13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7

1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12

S4 7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15

13 8 11 5 6 15 O 3 4 7 2 12 1 10 14 9

10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4

3 15 O 6 10 1 13 8 9 4 5 11 12 7 2 14

April 12, 2023 70

S5 2 12 4 1 7 10 11 6 8 5 3 15 13 O 14 9

14 11 2 12 4 7 13 1 5 0 15 10 3 9 8 6

4 2 1 11 10 13 7 8 15 9 12 5 6 3 O 14

11 8 12 7 1 14 2 13 6 15 O 9 10 4 5 3

S6 12 1 10 15 9 2 6 8 O 13 3 4 14 7 5 11

10 15 4 2 7 12 9 5 6 1 13 14 O 11 3 8

9 14 15 5 2 8 12 3 7 0 4 10 1 13 11 6

4 3 2 12 9 5 15 10 11 14 1 7 6 0 8 13

April 12, 2023 71

S7 4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1

13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6

1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2

6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12

S8 13 2 8 4 6 15 11 1 10 9 3 14 5 0 12 7

1 15 13 8 10 3 7 4 12 5 6 11 0 14 9 2

7 11 4 1 9 12 14 2 0 6 10 13 15 3 5 8

2 1 14 7 4 10 8 13 15 12 9 0 3 5 6 11

April 12, 2023 72

S1

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

0 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7

1 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8

2 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0

3 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13

For example, for input 011011 the row is 01, that is row 1, and the column is determined by 1101, that is column 13. In row 1 column 13 appears 5 so that the output is 0101.

April 12, 2023 73

One round of DES

April 12, 2023 74

The permutation function P yields a 32-bit output from a 32-bit input by permuting the bits of the input block

P 16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3 9 19 13 30 6

22 11 4 25

April 12, 2023 75

The choice of the primitive functions KS,

S1, ..., S8 and P is critical to the strength of an

encipherment resulting from the algorithm

The recommended set of functions are

described as S1, ..., S8 and P in the

algorithm.

Primitive functions for the data encryption algorithm

April 12, 2023 76

Deciphering

The permutation IP-1 applied to the

preoutput block is the inverse of the

initial permutation IP applied to the

input.

R = L'

L = R' (+) f (L', K)

April 12, 2023 77

Other Stream Ciphers RC4

Variable key size stream cipher Proprietary for 7 years (1987 - 1994) In 1994 source code was posted to mailing list Works in OFB Encryption is 10 times faster than DES

SEAL (Software-optimized Encryption ALgorithm) length-increasing pseudorandom function which maps a 32-bit sequence

number n to an L-bit keystream under control of a 160-bit secret key a In the preprocessing stage, the key is stretched into larger tables using the

table-generation function Ga (based on SHA-1) Subsequent to this preprocessing, keystream generation requires about 5

machine instructions per byte order of magnitude faster than DES

April 12, 2023 78

Other Block Ciphers

FEAL Fast N-round block cipher Suffers a lot of attacks, and hence introduce new attacks

on block ciphers Japan standard

IDEA 64-64-128-8 James Massey Using algebraic functions (mult mod 2n+1, add mod 2n)

SAFER, RC-5, AES

April 12, 2023 79

Thank You

reachable atnaasir_k@donboscoit.ac.i

n