![Page 1: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/1.jpg)
Cryptography
Peter Keevash
School of Mathematical Sciences, Queen Mary, University of London.
Peter Keevash (QMUL) Cryptography
![Page 2: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/2.jpg)
Introduction
Secure CommunicationHow can one send a secret message?
Steganography (hiding the message)
Modern methodsInvisible ink, hidden words, microdots, DNA, watermarks...
Peter Keevash (QMUL) Cryptography
![Page 3: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/3.jpg)
Introduction
Secure CommunicationHow can one send a secret message?
Steganography (hiding the message)
Modern methodsInvisible ink, hidden words, microdots, DNA, watermarks...
Peter Keevash (QMUL) Cryptography
![Page 4: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/4.jpg)
Introduction
Secure CommunicationHow can one send a secret message?
Steganography (hiding the message)
Modern methodsInvisible ink, hidden words, microdots, DNA, watermarks...
Peter Keevash (QMUL) Cryptography
![Page 5: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/5.jpg)
Cryptography
The model
Alice and Bob share a secret key, unknown to Eve "Eavesdropper"
Alice encrypts theplaintext messagewith the key, forminga ciphertext.
Bob decrypts the ciphertext with thekey, obtaining the original plaintext.
Eve also receives the ciphertext, but cannot understand it .
Peter Keevash (QMUL) Cryptography
![Page 6: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/6.jpg)
Ciphers
Encryption/decryption methodsSubstitutions, codebooks, permutations, pseudorandom generators...
Kerckhoffs’ PrincipleEve knows the system. Only the key is secret.
Efficiency goalKnowing the key makes it easy to communicate.Not knowing the key makes it hard to eavesdrop.
Peter Keevash (QMUL) Cryptography
![Page 7: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/7.jpg)
Ciphers
Encryption/decryption methodsSubstitutions, codebooks, permutations, pseudorandom generators...
Kerckhoffs’ PrincipleEve knows the system. Only the key is secret.
Efficiency goalKnowing the key makes it easy to communicate.Not knowing the key makes it hard to eavesdrop.
Peter Keevash (QMUL) Cryptography
![Page 8: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/8.jpg)
Ciphers
Encryption/decryption methodsSubstitutions, codebooks, permutations, pseudorandom generators...
Kerckhoffs’ PrincipleEve knows the system. Only the key is secret.
Efficiency goalKnowing the key makes it easy to communicate.Not knowing the key makes it hard to eavesdrop.
Peter Keevash (QMUL) Cryptography
![Page 9: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/9.jpg)
Substitution ciphers
Monoalphabetic substitutionEach letter is consistently replaced by another.
ExampleReversed alphabet: A→ Z, B→ Y, C→ X, . . . HELLO→ SVOOL.
PermutationsThe key is a permutation of the alphabet: a bijective map
σ : {A, . . . ,Z} → {A, . . . ,Z}.
Encryption: apply σ to each letter. Decryption: apply the inversepermutation σ−1 to each letter (σ(x) = y ↔ σ−1(y) = x).
Peter Keevash (QMUL) Cryptography
![Page 10: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/10.jpg)
Substitution ciphers
Monoalphabetic substitutionEach letter is consistently replaced by another.
ExampleReversed alphabet: A→ Z, B→ Y, C→ X, . . . HELLO→ SVOOL.
PermutationsThe key is a permutation of the alphabet: a bijective map
σ : {A, . . . ,Z} → {A, . . . ,Z}.
Encryption: apply σ to each letter. Decryption: apply the inversepermutation σ−1 to each letter (σ(x) = y ↔ σ−1(y) = x).
Peter Keevash (QMUL) Cryptography
![Page 11: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/11.jpg)
Substitution ciphers
Monoalphabetic substitutionEach letter is consistently replaced by another.
ExampleReversed alphabet: A→ Z, B→ Y, C→ X, . . . HELLO→ SVOOL.
PermutationsThe key is a permutation of the alphabet: a bijective map
σ : {A, . . . ,Z} → {A, . . . ,Z}.
Encryption: apply σ to each letter. Decryption: apply the inversepermutation σ−1 to each letter (σ(x) = y ↔ σ−1(y) = x).
Peter Keevash (QMUL) Cryptography
![Page 12: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/12.jpg)
Cryptanalysis
The security of a cipherHow easy/hard is it to break? (Understand message / obtain key).
Brute forceAny cipher can be broken by trying all possible keys.
How long will it take?Number of substitution cipher keys 26! = 26× 25× · · · × 1= 403291461126605635584000000 = age of universe innanoseconds!
Computational feasibilitySecurity is relative to our powers of computation.
Peter Keevash (QMUL) Cryptography
![Page 13: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/13.jpg)
Cryptanalysis
The security of a cipherHow easy/hard is it to break? (Understand message / obtain key).
Brute forceAny cipher can be broken by trying all possible keys.
How long will it take?Number of substitution cipher keys 26! = 26× 25× · · · × 1= 403291461126605635584000000 = age of universe innanoseconds!
Computational feasibilitySecurity is relative to our powers of computation.
Peter Keevash (QMUL) Cryptography
![Page 14: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/14.jpg)
Cryptanalysis
The security of a cipherHow easy/hard is it to break? (Understand message / obtain key).
Brute forceAny cipher can be broken by trying all possible keys.
How long will it take?Number of substitution cipher keys 26! = 26× 25× · · · × 1= 403291461126605635584000000 = age of universe innanoseconds!
Computational feasibilitySecurity is relative to our powers of computation.
Peter Keevash (QMUL) Cryptography
![Page 15: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/15.jpg)
Cryptanalysis
The security of a cipherHow easy/hard is it to break? (Understand message / obtain key).
Brute forceAny cipher can be broken by trying all possible keys.
How long will it take?Number of substitution cipher keys 26! = 26× 25× · · · × 1= 403291461126605635584000000 = age of universe innanoseconds!
Computational feasibilitySecurity is relative to our powers of computation.
Peter Keevash (QMUL) Cryptography
![Page 16: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/16.jpg)
Statistical analysis
Letter frequenciesSome letters are more common than others. The most common lettersin English writing are E, T, A, O, I/N, H/S/R, . . .
Frequency analysisCount letter frequencies in the ciphertext; replace the most commonones by E, T, A, etc.; try to guess the others.
zh grqw jhw shdu wduwv iurp shdfk wuhhvzE grqT jET sEAu TAuTv iurp sEAfk TuEEvzE grqT jET sEAR TARTS iRrp sEAfk TREESzE gOqT jET sEAR TARTS iROp sEAfk TREESWE DONT GET PEAR TARTS FROM PEACH TREES
Peter Keevash (QMUL) Cryptography
![Page 17: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/17.jpg)
Statistical analysis
Letter frequenciesSome letters are more common than others. The most common lettersin English writing are E, T, A, O, I/N, H/S/R, . . .
Frequency analysisCount letter frequencies in the ciphertext; replace the most commonones by E, T, A, etc.; try to guess the others.
zh grqw jhw shdu wduwv iurp shdfk wuhhvzE grqT jET sEAu TAuTv iurp sEAfk TuEEvzE grqT jET sEAR TARTS iRrp sEAfk TREESzE gOqT jET sEAR TARTS iROp sEAfk TREESWE DONT GET PEAR TARTS FROM PEACH TREES
Peter Keevash (QMUL) Cryptography
![Page 18: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/18.jpg)
Statistical analysis
Letter frequenciesSome letters are more common than others. The most common lettersin English writing are E, T, A, O, I/N, H/S/R, . . .
Frequency analysisCount letter frequencies in the ciphertext; replace the most commonones by E, T, A, etc.; try to guess the others.
zh grqw jhw shdu wduwv iurp shdfk wuhhv
zE grqT jET sEAu TAuTv iurp sEAfk TuEEvzE grqT jET sEAR TARTS iRrp sEAfk TREESzE gOqT jET sEAR TARTS iROp sEAfk TREESWE DONT GET PEAR TARTS FROM PEACH TREES
Peter Keevash (QMUL) Cryptography
![Page 19: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/19.jpg)
Statistical analysis
Letter frequenciesSome letters are more common than others. The most common lettersin English writing are E, T, A, O, I/N, H/S/R, . . .
Frequency analysisCount letter frequencies in the ciphertext; replace the most commonones by E, T, A, etc.; try to guess the others.
zh grqw jhw shdu wduwv iurp shdfk wuhhvzE grqT jET sEAu TAuTv iurp sEAfk TuEEv
zE grqT jET sEAR TARTS iRrp sEAfk TREESzE gOqT jET sEAR TARTS iROp sEAfk TREESWE DONT GET PEAR TARTS FROM PEACH TREES
Peter Keevash (QMUL) Cryptography
![Page 20: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/20.jpg)
Statistical analysis
Letter frequenciesSome letters are more common than others. The most common lettersin English writing are E, T, A, O, I/N, H/S/R, . . .
Frequency analysisCount letter frequencies in the ciphertext; replace the most commonones by E, T, A, etc.; try to guess the others.
zh grqw jhw shdu wduwv iurp shdfk wuhhvzE grqT jET sEAu TAuTv iurp sEAfk TuEEvzE grqT jET sEAR TARTS iRrp sEAfk TREES
zE gOqT jET sEAR TARTS iROp sEAfk TREESWE DONT GET PEAR TARTS FROM PEACH TREES
Peter Keevash (QMUL) Cryptography
![Page 21: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/21.jpg)
Statistical analysis
Letter frequenciesSome letters are more common than others. The most common lettersin English writing are E, T, A, O, I/N, H/S/R, . . .
Frequency analysisCount letter frequencies in the ciphertext; replace the most commonones by E, T, A, etc.; try to guess the others.
zh grqw jhw shdu wduwv iurp shdfk wuhhvzE grqT jET sEAu TAuTv iurp sEAfk TuEEvzE grqT jET sEAR TARTS iRrp sEAfk TREESzE gOqT jET sEAR TARTS iROp sEAfk TREES
WE DONT GET PEAR TARTS FROM PEACH TREES
Peter Keevash (QMUL) Cryptography
![Page 22: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/22.jpg)
Statistical analysis
Letter frequenciesSome letters are more common than others. The most common lettersin English writing are E, T, A, O, I/N, H/S/R, . . .
Frequency analysisCount letter frequencies in the ciphertext; replace the most commonones by E, T, A, etc.; try to guess the others.
zh grqw jhw shdu wduwv iurp shdfk wuhhvzE grqT jET sEAu TAuTv iurp sEAfk TuEEvzE grqT jET sEAR TARTS iRrp sEAfk TREESzE gOqT jET sEAR TARTS iROp sEAfk TREESWE DONT GET PEAR TARTS FROM PEACH TREES
Peter Keevash (QMUL) Cryptography
![Page 23: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/23.jpg)
Modular arithmetic
Caesar cipherPrevious example used shift by 3: A→ D, B→ E, C→ F, . . . , Z→ C.
A numerical interpretationIdentify A, . . . ,Z with 0, . . . ,25. Encode e(x) = x + 3 mod 26.Decode d(x) = x − 3 mod 26.
General shiftsSuppose we use an m-letter alphabet, identified with 0, . . . ,m − 1.Encode en(x) = x + n mod m. Decode dn(x) = x − n mod m.
Peter Keevash (QMUL) Cryptography
![Page 24: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/24.jpg)
Modular arithmetic
Caesar cipherPrevious example used shift by 3: A→ D, B→ E, C→ F, . . . , Z→ C.
A numerical interpretationIdentify A, . . . ,Z with 0, . . . ,25. Encode e(x) = x + 3 mod 26.Decode d(x) = x − 3 mod 26.
General shiftsSuppose we use an m-letter alphabet, identified with 0, . . . ,m − 1.Encode en(x) = x + n mod m. Decode dn(x) = x − n mod m.
Peter Keevash (QMUL) Cryptography
![Page 25: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/25.jpg)
Modular arithmetic
Caesar cipherPrevious example used shift by 3: A→ D, B→ E, C→ F, . . . , Z→ C.
A numerical interpretationIdentify A, . . . ,Z with 0, . . . ,25. Encode e(x) = x + 3 mod 26.Decode d(x) = x − 3 mod 26.
General shiftsSuppose we use an m-letter alphabet, identified with 0, . . . ,m − 1.Encode en(x) = x + n mod m. Decode dn(x) = x − n mod m.
Peter Keevash (QMUL) Cryptography
![Page 26: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/26.jpg)
Caesar’s revenge
The one-time padKeep changing amount we shift by! Let’s use binary alphabet {0,1}.
The secret key is a random binary string, say k = 01100110.
Encryption, decryption both m 7→ m + k (bitwise addition mod 2): e.g.e(10101010) = 10101010 + 01100110 = 11001100,d(11001100) = 11001100 + 01100110 = 10101010.
Pro: Unbreakable! If k is random then so is m + k : it contains noinformation about m.Con: Inefficient! k is as long as m: it begs the question of howAlice and Bob managed to agree on k .More efficient: short k and long m, break m into blocks b1,b2, · · · ,encode as b1 + k ,b2 + k , . . . . (But this is breakable.)
Peter Keevash (QMUL) Cryptography
![Page 27: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/27.jpg)
Caesar’s revenge
The one-time padKeep changing amount we shift by! Let’s use binary alphabet {0,1}.
The secret key is a random binary string, say k = 01100110.
Encryption, decryption both m 7→ m + k (bitwise addition mod 2): e.g.e(10101010) = 10101010 + 01100110 = 11001100,d(11001100) = 11001100 + 01100110 = 10101010.
Pro: Unbreakable! If k is random then so is m + k : it contains noinformation about m.
Con: Inefficient! k is as long as m: it begs the question of howAlice and Bob managed to agree on k .More efficient: short k and long m, break m into blocks b1,b2, · · · ,encode as b1 + k ,b2 + k , . . . . (But this is breakable.)
Peter Keevash (QMUL) Cryptography
![Page 28: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/28.jpg)
Caesar’s revenge
The one-time padKeep changing amount we shift by! Let’s use binary alphabet {0,1}.
The secret key is a random binary string, say k = 01100110.
Encryption, decryption both m 7→ m + k (bitwise addition mod 2): e.g.e(10101010) = 10101010 + 01100110 = 11001100,d(11001100) = 11001100 + 01100110 = 10101010.
Pro: Unbreakable! If k is random then so is m + k : it contains noinformation about m.Con: Inefficient! k is as long as m: it begs the question of howAlice and Bob managed to agree on k .
More efficient: short k and long m, break m into blocks b1,b2, · · · ,encode as b1 + k ,b2 + k , . . . . (But this is breakable.)
Peter Keevash (QMUL) Cryptography
![Page 29: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/29.jpg)
Caesar’s revenge
The one-time padKeep changing amount we shift by! Let’s use binary alphabet {0,1}.
The secret key is a random binary string, say k = 01100110.
Encryption, decryption both m 7→ m + k (bitwise addition mod 2): e.g.e(10101010) = 10101010 + 01100110 = 11001100,d(11001100) = 11001100 + 01100110 = 10101010.
Pro: Unbreakable! If k is random then so is m + k : it contains noinformation about m.Con: Inefficient! k is as long as m: it begs the question of howAlice and Bob managed to agree on k .More efficient: short k and long m, break m into blocks b1,b2, · · · ,encode as b1 + k ,b2 + k , . . . . (But this is breakable.)
Peter Keevash (QMUL) Cryptography
![Page 30: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/30.jpg)
The Vigenere cipher
We don’t communicate in binary! Cipher easier to remember if weuse A..Z.
The secret key is a word; each letter represents the shift from A tothat letter; e.g. CAESAR↔ +2,+0,+4,+18,+0,+17.Example: ‘The rain in Spain falls mainly on the plain.’
Confusion is created since at different times (i) the same lettermay be encoded differently, and (ii) different letters may beencoded identically!
Peter Keevash (QMUL) Cryptography
![Page 31: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/31.jpg)
The Vigenere cipher
We don’t communicate in binary! Cipher easier to remember if weuse A..Z.The secret key is a word; each letter represents the shift from A tothat letter; e.g. CAESAR↔ +2,+0,+4,+18,+0,+17.
Example: ‘The rain in Spain falls mainly on the plain.’
Confusion is created since at different times (i) the same lettermay be encoded differently, and (ii) different letters may beencoded identically!
Peter Keevash (QMUL) Cryptography
![Page 32: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/32.jpg)
The Vigenere cipher
We don’t communicate in binary! Cipher easier to remember if weuse A..Z.The secret key is a word; each letter represents the shift from A tothat letter; e.g. CAESAR↔ +2,+0,+4,+18,+0,+17.Example: ‘The rain in Spain falls mainly on the plain.’
Confusion is created since at different times (i) the same lettermay be encoded differently, and (ii) different letters may beencoded identically!
Peter Keevash (QMUL) Cryptography
![Page 33: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/33.jpg)
The Vigenere cipher
We don’t communicate in binary! Cipher easier to remember if weuse A..Z.The secret key is a word; each letter represents the shift from A tothat letter; e.g. CAESAR↔ +2,+0,+4,+18,+0,+17.Example: ‘The rain in Spain falls mainly on the plain.’
Confusion is created since at different times (i) the same lettermay be encoded differently, and (ii) different letters may beencoded identically!
Peter Keevash (QMUL) Cryptography
![Page 34: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/34.jpg)
Breaking the Vigenere cipher
Much harder than a substitution, but it has weaknesses...
Suppose we know the key length, say it is 5. Just look at theletters in positions 5,10,15,... they are encoded by the same shift:can use frequency analysis! Repeat for other remainders mod 5.
How to get the key length? Could guess. Or use moresophisticated statistics...
Kasiski method: Look for repeated consecutive pairs (digrams) ortriples (trigrams). The key length probably divides the distancebetween them.
Peter Keevash (QMUL) Cryptography
![Page 35: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/35.jpg)
Breaking the Vigenere cipher
Much harder than a substitution, but it has weaknesses...
Suppose we know the key length, say it is 5. Just look at theletters in positions 5,10,15,... they are encoded by the same shift:can use frequency analysis! Repeat for other remainders mod 5.
How to get the key length? Could guess. Or use moresophisticated statistics...
Kasiski method: Look for repeated consecutive pairs (digrams) ortriples (trigrams). The key length probably divides the distancebetween them.
Peter Keevash (QMUL) Cryptography
![Page 36: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/36.jpg)
Breaking the Vigenere cipher
Much harder than a substitution, but it has weaknesses...
Suppose we know the key length, say it is 5. Just look at theletters in positions 5,10,15,... they are encoded by the same shift:can use frequency analysis! Repeat for other remainders mod 5.
How to get the key length? Could guess. Or use moresophisticated statistics...
Kasiski method: Look for repeated consecutive pairs (digrams) ortriples (trigrams). The key length probably divides the distancebetween them.
Peter Keevash (QMUL) Cryptography
![Page 37: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/37.jpg)
Breaking the Vigenere cipher
Much harder than a substitution, but it has weaknesses...
Suppose we know the key length, say it is 5. Just look at theletters in positions 5,10,15,... they are encoded by the same shift:can use frequency analysis! Repeat for other remainders mod 5.
How to get the key length? Could guess. Or use moresophisticated statistics...
Kasiski method: Look for repeated consecutive pairs (digrams) ortriples (trigrams). The key length probably divides the distancebetween them.
Peter Keevash (QMUL) Cryptography
![Page 38: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/38.jpg)
Key exchange
A one-time pad attempt:p m k
m m
=
+
1
1
p +
2 = km1
m m += k3 2m2
m3 m m += k34
A
B
A
B
Alice
Eve
Bob = p
Problem! m1 + m2 + m3 = p.
Peter Keevash (QMUL) Cryptography
![Page 39: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/39.jpg)
Public key cryptography
Diffie-Hellman idea: method where key is public knowledge?! Howcould this possibly work?
One-way function e: computing e(x) easy; computingd(y) = e−1(y) hard.
RSA cryptosystem: power map e(x) = x` mod n; `,n public.
Inverse problem ‘given y , find x with x` = y mod n’ believed hard.
Trapdoor function: n = pq with p,q large primes, secret key k withk` = 1 mod (p − 1)(q − 1), d(y) = yk mod n.
Peter Keevash (QMUL) Cryptography
![Page 40: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/40.jpg)
Public key cryptography
Diffie-Hellman idea: method where key is public knowledge?! Howcould this possibly work?
One-way function e: computing e(x) easy; computingd(y) = e−1(y) hard.
RSA cryptosystem: power map e(x) = x` mod n; `,n public.
Inverse problem ‘given y , find x with x` = y mod n’ believed hard.
Trapdoor function: n = pq with p,q large primes, secret key k withk` = 1 mod (p − 1)(q − 1), d(y) = yk mod n.
Peter Keevash (QMUL) Cryptography
![Page 41: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/41.jpg)
Public key cryptography
Diffie-Hellman idea: method where key is public knowledge?! Howcould this possibly work?
One-way function e: computing e(x) easy; computingd(y) = e−1(y) hard.
RSA cryptosystem: power map e(x) = x` mod n; `,n public.
Inverse problem ‘given y , find x with x` = y mod n’ believed hard.
Trapdoor function: n = pq with p,q large primes, secret key k withk` = 1 mod (p − 1)(q − 1), d(y) = yk mod n.
Peter Keevash (QMUL) Cryptography
![Page 42: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/42.jpg)
Public key cryptography
Diffie-Hellman idea: method where key is public knowledge?! Howcould this possibly work?
One-way function e: computing e(x) easy; computingd(y) = e−1(y) hard.
RSA cryptosystem: power map e(x) = x` mod n; `,n public.
Inverse problem ‘given y , find x with x` = y mod n’ believed hard.
Trapdoor function: n = pq with p,q large primes, secret key k withk` = 1 mod (p − 1)(q − 1), d(y) = yk mod n.
Peter Keevash (QMUL) Cryptography
![Page 43: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/43.jpg)
Public key cryptography
Diffie-Hellman idea: method where key is public knowledge?! Howcould this possibly work?
One-way function e: computing e(x) easy; computingd(y) = e−1(y) hard.
RSA cryptosystem: power map e(x) = x` mod n; `,n public.
Inverse problem ‘given y , find x with x` = y mod n’ believed hard.
Trapdoor function: n = pq with p,q large primes, secret key k withk` = 1 mod (p − 1)(q − 1), d(y) = yk mod n.
Peter Keevash (QMUL) Cryptography
![Page 44: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/44.jpg)
Issues in modern cryptography
Message Integrity: Can Eve crucially change the meaning of amessage she cannot entirely read (e.g. the amount in a banktransaction)?
Digital Signatures: Eve sees some signed messages, can sheforge a signature?
Communication protocols: Zero-knowledge proof, Multipartysecrets, Elections, Digital cash...
Peter Keevash (QMUL) Cryptography
![Page 45: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/45.jpg)
Issues in modern cryptography
Message Integrity: Can Eve crucially change the meaning of amessage she cannot entirely read (e.g. the amount in a banktransaction)?
Digital Signatures: Eve sees some signed messages, can sheforge a signature?
Communication protocols: Zero-knowledge proof, Multipartysecrets, Elections, Digital cash...
Peter Keevash (QMUL) Cryptography
![Page 46: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/46.jpg)
Issues in modern cryptography
Message Integrity: Can Eve crucially change the meaning of amessage she cannot entirely read (e.g. the amount in a banktransaction)?
Digital Signatures: Eve sees some signed messages, can sheforge a signature?
Communication protocols: Zero-knowledge proof, Multipartysecrets, Elections, Digital cash...
Peter Keevash (QMUL) Cryptography
![Page 47: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/47.jpg)
Conclusion
Cryptography concerns secure communication. Unlikesteganography (making the message obscure), the assumption(Kerckhoffs’ Principle) is ‘Eve knows the system; only the key issecret’.
Ciphers are various methods of using the secret key toencrypt/decrypt a message, e.g. Substitution, Vigenere,Permutation, . . .
Security is always relative to computational power, and in fear ofan ingenious unforseen attack.
Public Key Cryptography provides great flexibility, but its securityis only empirical.
Modern cryptography has evolved into a diverse field of theoreticaland practical research.
Peter Keevash (QMUL) Cryptography
![Page 48: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/48.jpg)
Conclusion
Cryptography concerns secure communication. Unlikesteganography (making the message obscure), the assumption(Kerckhoffs’ Principle) is ‘Eve knows the system; only the key issecret’.
Ciphers are various methods of using the secret key toencrypt/decrypt a message, e.g. Substitution, Vigenere,Permutation, . . .
Security is always relative to computational power, and in fear ofan ingenious unforseen attack.
Public Key Cryptography provides great flexibility, but its securityis only empirical.
Modern cryptography has evolved into a diverse field of theoreticaland practical research.
Peter Keevash (QMUL) Cryptography
![Page 49: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/49.jpg)
Conclusion
Cryptography concerns secure communication. Unlikesteganography (making the message obscure), the assumption(Kerckhoffs’ Principle) is ‘Eve knows the system; only the key issecret’.
Ciphers are various methods of using the secret key toencrypt/decrypt a message, e.g. Substitution, Vigenere,Permutation, . . .
Security is always relative to computational power, and in fear ofan ingenious unforseen attack.
Public Key Cryptography provides great flexibility, but its securityis only empirical.
Modern cryptography has evolved into a diverse field of theoreticaland practical research.
Peter Keevash (QMUL) Cryptography
![Page 50: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/50.jpg)
Conclusion
Cryptography concerns secure communication. Unlikesteganography (making the message obscure), the assumption(Kerckhoffs’ Principle) is ‘Eve knows the system; only the key issecret’.
Ciphers are various methods of using the secret key toencrypt/decrypt a message, e.g. Substitution, Vigenere,Permutation, . . .
Security is always relative to computational power, and in fear ofan ingenious unforseen attack.
Public Key Cryptography provides great flexibility, but its securityis only empirical.
Modern cryptography has evolved into a diverse field of theoreticaland practical research.
Peter Keevash (QMUL) Cryptography
![Page 51: Cryptography - QMUL Mathsfjw/goldsmiths/2008/PK/cryptography.pdf · Cryptography Peter Keevash School of Mathematical Sciences, Queen Mary, University of London. p.keevash@qmul.ac.uk](https://reader035.vdocuments.net/reader035/viewer/2022063012/5fc7820c3d061d495d78d3bc/html5/thumbnails/51.jpg)
Conclusion
Cryptography concerns secure communication. Unlikesteganography (making the message obscure), the assumption(Kerckhoffs’ Principle) is ‘Eve knows the system; only the key issecret’.
Ciphers are various methods of using the secret key toencrypt/decrypt a message, e.g. Substitution, Vigenere,Permutation, . . .
Security is always relative to computational power, and in fear ofan ingenious unforseen attack.
Public Key Cryptography provides great flexibility, but its securityis only empirical.
Modern cryptography has evolved into a diverse field of theoreticaland practical research.
Peter Keevash (QMUL) Cryptography