cipher techniques
TRANSCRIPT
April 12, 2023 1
Cipher Techniques
April 12, 2023 2
Road Map
Basic Terminology Cryptosystem Classical Cryptography Algorithm Types and Modes Data Encryption Standard Other Stream & Block Ciphers
April 12, 2023 3
Basic Terminology
plaintext - the original message ciphertext - the coded message cipher - algorithm for transforming plaintext to ciphertext key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext from plaintext cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - the study of principles/ methods
of deciphering ciphertext without knowing key cryptology - the field of both cryptography and cryptanalysis
April 12, 2023 4
Cryptosystem
A cryptosystem is a five-tuple (P,C,K,E,D), where the following are satisfied:
1. P is a finite set of possible plaintexts.2. C is a finite set of possible ciphertexts.3. K, the key space, is a finite set of possible
keys
4. KK, EKE (encryption rule), DKD (decryption rule). Each EK: PC and DK: CP are functions such that xP, DK(EK(x)) = x.
April 12, 2023 5
Cryptography
Cryptography Symmetric / private key / single key Asymmetric / public-key / two - key
April 12, 2023 6
Symmetric Cryptography
April 12, 2023 7
Asymmetric Cryptography
April 12, 2023 8
Requirements
Two requirements for secure use of symmetric encryption: a strong encryption algorithm a secret key known only to sender / receiver
Y = EK(X)
X = DK(Y)
assume encryption algorithm is known implies a secure channel to distribute key
April 12, 2023 9
Symmetric cryptography
Transposition Techniques Substitution techniques
Caesar Cipher Monoalphabetic Cipher Polyalphabethic Cipher Playfair Cipher
April 12, 2023 10
Types of Cryptanalytic Attacks ciphertext only
only know algorithm / ciphertext, statistical, can identify plaintext, or worse: the key
known plaintext know/suspect plaintext & ciphertext to attack cipher
chosen plaintext select plaintext and obtain ciphertext to attack cipher
chosen ciphertext select ciphertext and obtain plaintext to attack cipher
chosen text select either plaintext or ciphertext to en/decrypt to
attack cipher
adversary needs strongest attack
adversary’s attacks can be weaker
April 12, 2023 11
Brute Force Search
always possible to simply try every key most basic attack, proportional to size of key
space assume either know / recognise plaintext
April 12, 2023 12
Transposition Ciphers
Consider classical transposition or permutation ciphers
these hide the message by rearranging the letter order
without altering the actual letters used can recognise these since have the same
frequency distribution as the original text
April 12, 2023 13
Rail Fence cipher
write message letters out diagonally over a number of rows
then read off cipher row by row eg. write message out as:
m e m a t r h t g p r y
e t e f e t e o a a t
giving ciphertextMEMATRHTGPRYETEFETEOAAT
April 12, 2023 14
Row Transposition Ciphers
a more complex scheme write letters of message out in rows over a
specified number of columns then reorder the columns according to some
key before reading off the rowsKey: 4 3 1 2 5 6 7Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m x y zCiphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
April 12, 2023 15
Classical Substitution Ciphers
where letters of plaintext are replaced by other letters or by numbers or symbols
or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns
April 12, 2023 16
Caesar Cipher
earliest known substitution cipher by Julius Caesar first attested use in military affairs replaces each letter by 3rd letter after it example:meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
April 12, 2023 17
Caesar Cipher
can define transformation as:a b c d e f g h i j k l m n o p q r s t u v w x y zD E F G H I J K L M N O P Q R S T U V W X Y Z A B C
mathematically give each letter a numbera b c d e f g h i j k l m0 1 2 3 4 5 6 7 8 9 10 11 12n o p q r s t u v w x y Z13 14 15 16 17 18 19 20 21 22 23 24 25
then have Caesar cipher as:C = E(p) = (p + k) mod (26)p = D(C) = (C – k) mod (26)
April 12, 2023 18
Monoalphabetic Cipher
rather than just shifting the alphabet could shuffle (jumble) the letters arbitrarily each plaintext letter maps to a different random
ciphertext letter hence key is 26 letters long
Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZNPlaintext: ifwewishtoreplacelettersCiphertext: WIRFRWAJUHYFTSDVFSFUUFYA
April 12, 2023 19
Playfair Cipher
not even the large number of keys in a monoalphabetic cipher provides security
one approach to improving security was to encrypt multiple letters
the Playfair Cipher is an example invented by Charles Wheatstone in 1854, but
named after his friend Baron Playfair
April 12, 2023 20
Playfair Key Matrix
a 5X5 matrix of letters based on a keyword (I and J aren’t distinguished)
fill in letters of keyword (sans duplicates) fill rest of matrix with other letters eg. using the keyword MONARCHY
MONAR
CHYBD
EFGIK
LPQST
UVWXZ
April 12, 2023 21
Encrypting and Decrypting plaintext encrypted two letters at a time:
1. each letter is replaced by the one in its row in the column of the other letter of the pair, eg. “hs" encrypts to "BP", and “ea" to "IM" or "JM" (as desired). Except when that doesn’t work!
2. if a pair is a repeated letter, insert a filler like 'X', eg. "balloon" transformed to "ba lx lo on"
3. if both letters fall in the same row, replace each with letter to right (wrapping back to start from end), eg. “ar" encrypts as "RM"
4. if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom), eg. “mu" encrypts to "CM"
April 12, 2023 22
Polyalphabetic Ciphers
another approach to improving security is to use multiple cipher alphabets
called polyalphabetic substitution ciphers makes cryptanalysis harder with more alphabets to
guess and flatter frequency distribution use a key to select which alphabet is used for each
letter of the message use each alphabet in turn repeat from start after end of key is reached
April 12, 2023 23
Vigenère Cipher
simplest polyalphabetic substitution cipher is the Vigenère Cipher
effectively multiple caesar ciphers key is multiple letters long K = k1 k2 ... kd ith letter specifies ith alphabet to use use each alphabet in turn repeat from start after d letters in message decryption simply works in reverse
April 12, 2023 24
Example
write the plaintext out write the keyword repeated above it use each key letter as a caesar cipher key encrypt the corresponding plaintext letter eg using keyword deceptivekey: deceptivedeceptivedeceptiveplaintext: wearediscoveredsaveyourselfciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
April 12, 2023 25
Autokey Cipher
ideally want a key as long as the message Vigenère proposed the autokey cipher with keyword is prefixed to message as key knowing keyword can recover the first few letters use these in turn on the rest of the message but still have frequency characteristics to attack eg. given key deceptive
key: deceptivewearediscoveredsavplaintext: wearediscoveredsaveyourselfciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA
April 12, 2023 26
One-Time Pad
if a truly random key as long as the message is used, the cipher will be secure
called a One-Time pad is unbreakable since ciphertext bears no
statistical relationship to the plaintext since for any plaintext & any ciphertext
there exists a key mapping one to other unconditional security! why look any
further??
April 12, 2023 27
Product Ciphers
ciphers using substitutions or transpositions are not secure because of language characteristics
hence consider using several ciphers in succession to make harder (Shannon) two substitutions make a more complex substitution two transpositions make more complex transposition but a substitution followed by a transposition makes a new
much harder cipher
this is bridge from classical to modern ciphers
April 12, 2023 28
Rotor Machines
before modern ciphers, rotor machines were most common product cipher
were widely used in WW2 German Enigma, Allied Hagelin, Japanese Purple
implemented a very complex, varying substitution cipher
used a series of cylinders, each giving one substitution, which rotated and changed after each letter was encrypted
with 3 cylinders have 263=17576 alphabets 3! rearrangements of cylinders in Enigma
April 12, 2023 29
Steganography
an alternative to encryption hides existence of message
using only a subset of letters/words in a longer message marked in some way
using invisible ink hiding in LSB in graphic image or sound file
has drawbacks high overhead to hide relatively few info bits
April 12, 2023 30
Algorithm Types and Modes
An Algorithm type defines what size of plain text should be encrypted in each step of algorithm
An Algorithm mode defines the details of the cryptographic algorithm, once the type is decided.
April 12, 2023 31
Algorithm Types Stream Ciphers Block Ciphers
Algorithm Modes Electronic Code Book Cipher Block Chaining Cipher FeedBack Output FeedBack
Work On Block Cipher
Work On Block Ciphers acting as Stream Cipher
April 12, 2023 32
Stream, Block Ciphers
E encipherment function Ek(b) encipherment of message b with key k In what follows, m = b1b2 …, each bi of fixed length
Block cipher Ek(m) = Ek(b1)Ek(b2) …
Stream cipher k = k1k2 … Ek(m) = Ek1(b1)Ek2(b2) … If k1k2 … repeats itself, cipher is periodic and the kength of
its period is one cycle of k1k2 …
April 12, 2023 33
Stream Ciphers
Often (try to) implement one-time pad by xor’ing each bit of key with one bit of message Example:
m = 00101
k = 10010
c = 10111 But how to generate a good key?
April 12, 2023 34
Synchronous Stream Ciphers
n-stage Linear Feedback Shift Register: consists of n bit register r = r0…rn–1
n bit tap sequence t = t0…tn–1
Use: Use rn–1 as key bit
Compute x = r0t0 … rn–1tn–1
Shift r one bit to right, dropping rn–1, x becomes r0
April 12, 2023 35
Operation
r0rn–1
… bi
…
…
ci
r0´ rn–1´… ri´ = ri–1,0 < i ≤ n
r0t0 + … + rn–1tn–1
April 12, 2023 36
Example
4-stage LFSR; t = 1001r ki new bit computation new r0010 0 01001001 = 0 00010001 1 01000011 = 1 10001000 0 11000001 = 1 11001100 0 11100001 = 1 11101110 0 11101001 = 1 11111111 1 11101011 = 0 01110111 1 11101011 = 1 1011 Key sequence has period of 15 (010001111010110)
April 12, 2023 37
NLFSR
n-stage Non-Linear Feedback Shift Register: consists of n bit register r = r0…rn–1
Use: Use rn–1 as key bit
Compute x = f(r0, …, rn–1); f is any function
Shift r one bit to right, dropping rn–1, x becomes r0
Note same operation as LFSR but more general bit replacement function
April 12, 2023 38
Example
4-stage NLFSR; f(r0, r1, r2, r3) = (r0 & r2) | r3
r ki new bit computation new r
1100 0 (1 & 0) | 0 = 0 0110
0110 0 (0 & 1) | 0 = 0 0011
0011 1 (0 & 1) | 1 = 1 1001
1001 1 (1 & 0) | 1 = 1 1100
1100 0 (1 & 0) | 0 = 0 0110
0110 0 (0 & 1) | 0 = 0 0011
0011 1 (0 & 1) | 1 = 1 1001 Key sequence has period of 4 (0011)
April 12, 2023 39
Self-Synchronous Stream Cipher
Take key from message itself (autokey) Example: Vigenère, key drawn from plaintext
key XTHEBOYHASTHEBA plaintext THEBOYHASTHEBAG ciphertext QALFPNFHSLALFCT
Problem: Statistical regularities in plaintext show in key Once you get any part of the message, you can
decipher more
April 12, 2023 40
Another Example
Take key from ciphertext (autokey) Example: Vigenère, key drawn from
ciphertext key XQXBCQOVVNGNRTT plaintext THEBOYHASTHEBAG ciphertext QXBCQOVVNGNRTTM
Problem: Attacker gets key along with ciphertext, so
deciphering is trivial
April 12, 2023 41
Block Cipher
Block Cipher – treat a
block of plaintext as a whole Feistel Cipher DES/3DES/AES
Stream coding – encrypt one
bit or byte at a time
April 12, 2023 42
Block Ciphers
Encipher, decipher multiple bits at once Each block enciphered independently Problem: identical plaintext blocks produce
identical ciphertext blocks Example: two database records
MEMBER: HOLLY INCOME $100,000 MEMBER: HEIDI INCOME $100,000
Encipherment: ABCQZRME GHQMRSIB CTXUVYSS RMGRPFQN ABCQZRME ORMPABRZ CTXUVYSS RMGRPFQN
April 12, 2023 43
Solutions
Insert information about block’s position into the plaintext block, then encipher
Cipher block chaining: Exclusive-or current plaintext block with previous
ciphertext block: c0 = Ek(m0 I)
ci = Ek(mi ci–1) for i > 0
where I is the initialization vector
April 12, 2023 44
Algorithm Modes
Electronic Code Book Cipher Block Chaining Cipher FeedBack Output FeedBack
Work On Block Cipher
Work On Block Ciphers acting as Stream Cipher
April 12, 2023 45
ECB (Electronic CodeBook) Mode
Encryption: for 1≤j≤t, cj <= EK(xj).
Decryption: for 1≤j≤t, xj <= DK(cj). Identical plaintext (under the same key) result in
identical ciphertext blocks are enciphered independently of other
blocks bit errors in a single ciphertext affect
decipherment of that block only
April 12, 2023 46
E E-1key
key
n
n
cjx’j = xj
xj
encipherment
decipherment
ECB Mode (Cont’d)
April 12, 2023 47
CBC (Cipher-Block Chaining) Mode
C0=IV C j
C j-1
E
⊕
C j-1
E-1
⊕
xj
n
C j
key
X’j = xjn
key
<Encipherment><Decipherment>
April 12, 2023 48
Encryption: c0 IV, cj EK(cj−1 xj)
Decryption: c0 IV, xj cj−1 E−1K(cj)
chaining causes ciphertext cj to depend on all preceding
plaintext a single bit error in cj affects decipherment of blocks cj and
cj+1
self-synchronizing: error cj (not cj+1, cj+2) is correctly decrypted to xj+2.
CBC Mode (Cont’d)
April 12, 2023 49
CFB-r(Cipher FeedBack) Mode
r-bit Shift
I1=IV
E
Oj
xj ci
leftmost r bits
key
Encipherment
r-bit Shift
ci xj
leftmost r bits
key
Decipherment
E
Oj
April 12, 2023 50
OFB(Output FeedBack) Mode with full(or r-bit) feedback
r-bit Shift
I1=IV
Oj
xj cj
Leftmost r-bits
key
Encipherment
r-bit Shift
cj xj
Leftmost r-bits
key
Deciphering
E
Oj
E
IjIj
April 12, 2023 51
Data Encryption Standard
The Data Encryption Standard (DES) specifies a FIPS approved cryptographic algorithm as required by FIPS 140-1.(Federal Information Processing Standards 140-1)
April 12, 2023 52
April 12, 2023 53
Enciphering
The 64 bits of the input block to be enciphered are first subjected to the following initial permutation IP:
April 12, 2023 54
IP 58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7
April 12, 2023 55
The permuted input block is then the input to a complex key-dependent computation.
The output of that computation (preoutput) is then subjected to the next permutation which is the inverse of the initial permutation.
April 12, 2023 56
IP-1 40 8 48 16 56 24 64 32
39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28
35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26
33 1 41 9 49 17 57 25
April 12, 2023 57
Let K be a block of 48 bits chosen from the 64-bit (how? explained next). Then the output L'R' of an iteration with input LR is defined by:
L' = R
R' = L (+) f (R,K) L'R' is the output of the 16th iteration then
R'L' is the preoutput block.
April 12, 2023 58
One round of DES
April 12, 2023 59
April 12, 2023 60
PC-1 (Key Permutation) 57 49 41 33 25 17 9 1 58 50 42 34 26 18 10 2 59 51 43 35 27
19 11 3 60 52 44 36
63 55 47 39 31 23 15 7 62 54 46 38 30 22 14 6 61 53 45 37 29 21 13 5 28 20 12 4
April 12, 2023 61
Iteration corresponds to left shifts:
1 2 3 4 5 6 7 8
1 1 2 2 2 2 2 2
9 10 11 12 13 14 15 16
1 2 2 2 2 2 2 1
April 12, 2023 62
PC-2 (Compression Permutation)
14 17 11 24 1 5
3 28 15 6 21 10
23 19 12 4 26 8
16 7 27 20 13 2
41 52 31 37 47 55
30 40 51 45 33 48
44 49 39 56 34 53
46 42 50 36 29 32
April 12, 2023 63
One round of DES
April 12, 2023 64
The Cipher Function f : A sketch of the calculation of f (R, K) is given by
April 12, 2023 65
Expansion Permutation
1 2 3 4 5 6 7 8 9 10 11 12
1 2 3 4 5 6 7 8 9 10 111213 14 15 16
April 12, 2023 66
E bit-selection table
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1
April 12, 2023 67
One round of DES
April 12, 2023 68
S1
14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
O 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8
4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
15 12 8 2 4 9 1 7 5 11 3 14 10 O 6 13
S2
15 1 8 14 6 11 3 4 9 7 2 13 12 O 5 10
3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5
0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15
13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9
April 12, 2023 69
S3 10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8
13 7 O 9 3 4 6 10 2 8 5 14 12 11 15 1
13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7
1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12
S4 7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15
13 8 11 5 6 15 O 3 4 7 2 12 1 10 14 9
10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4
3 15 O 6 10 1 13 8 9 4 5 11 12 7 2 14
April 12, 2023 70
S5 2 12 4 1 7 10 11 6 8 5 3 15 13 O 14 9
14 11 2 12 4 7 13 1 5 0 15 10 3 9 8 6
4 2 1 11 10 13 7 8 15 9 12 5 6 3 O 14
11 8 12 7 1 14 2 13 6 15 O 9 10 4 5 3
S6 12 1 10 15 9 2 6 8 O 13 3 4 14 7 5 11
10 15 4 2 7 12 9 5 6 1 13 14 O 11 3 8
9 14 15 5 2 8 12 3 7 0 4 10 1 13 11 6
4 3 2 12 9 5 15 10 11 14 1 7 6 0 8 13
April 12, 2023 71
S7 4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1
13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6
1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2
6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12
S8 13 2 8 4 6 15 11 1 10 9 3 14 5 0 12 7
1 15 13 8 10 3 7 4 12 5 6 11 0 14 9 2
7 11 4 1 9 12 14 2 0 6 10 13 15 3 5 8
2 1 14 7 4 10 8 13 15 12 9 0 3 5 6 11
April 12, 2023 72
S1
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
1 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8
2 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
3 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13
For example, for input 011011 the row is 01, that is row 1, and the column is determined by 1101, that is column 13. In row 1 column 13 appears 5 so that the output is 0101.
April 12, 2023 73
One round of DES
April 12, 2023 74
The permutation function P yields a 32-bit output from a 32-bit input by permuting the bits of the input block
P 16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3 9 19 13 30 6
22 11 4 25
April 12, 2023 75
The choice of the primitive functions KS,
S1, ..., S8 and P is critical to the strength of an
encipherment resulting from the algorithm
The recommended set of functions are
described as S1, ..., S8 and P in the
algorithm.
Primitive functions for the data encryption algorithm
April 12, 2023 76
Deciphering
The permutation IP-1 applied to the
preoutput block is the inverse of the
initial permutation IP applied to the
input.
R = L'
L = R' (+) f (L', K)
April 12, 2023 77
Other Stream Ciphers RC4
Variable key size stream cipher Proprietary for 7 years (1987 - 1994) In 1994 source code was posted to mailing list Works in OFB Encryption is 10 times faster than DES
SEAL (Software-optimized Encryption ALgorithm) length-increasing pseudorandom function which maps a 32-bit sequence
number n to an L-bit keystream under control of a 160-bit secret key a In the preprocessing stage, the key is stretched into larger tables using the
table-generation function Ga (based on SHA-1) Subsequent to this preprocessing, keystream generation requires about 5
machine instructions per byte order of magnitude faster than DES
April 12, 2023 78
Other Block Ciphers
FEAL Fast N-round block cipher Suffers a lot of attacks, and hence introduce new attacks
on block ciphers Japan standard
IDEA 64-64-128-8 James Massey Using algebraic functions (mult mod 2n+1, add mod 2n)
SAFER, RC-5, AES