History and BackgroundPart 1: Basic Concepts and

Monoalphabetic Substitution

CSCI 5857: Encoding and Encryption

Outline

• Simple encryption with the Caesar cipher• Exhausitive search and computational security• Monoalphabetic substitution• Frequency analysis and cryptanalysis attacks• Known and chosen plaintext attacks

Why is History Important?

• Most modern encryption algorithms based on concepts hundreds/thousands of years old– Monoalphabetic substitution– Polyalphabetic substitution– Transposition

• Most attacks on encryption also very old– Exhaustive search– Cryptographic analysis– Known/chosen plaintext

4

Encryption

Mathematical Notation:p – plaintext message (readable)c – ciphertext (not readable!)k – key (only known by authorized persons)

E – encryption function c = E(p, k) D – decryption function p = D(c, k)

Substitution Algorithms

Mapping of plaintext to ciphertext

• Can be single character mapping (historical)A G

• Can map entire blocks of plaintext (modern block ciphers)1001011001111100 0110101011100011

Substitution Algorithms

Mapping must be unique for decryption to work!

Encryption: A G B G

Decryption: G A or B ?

Side Point

Substitution Algorithms• Mapping often involves translating

characters to numeric values• Encryption/decryption functions in

terms of mathematical functions

Side Point

Caesar Cipher

• Key k: number between 1 and 25• Example: k = 3, p = RUNAWAY• E(RUNAWAY) UXQDZDB• D(UXQDZDB) RUNAWAY

Exhaustive Key Search

Testing all possible keysAlgorithm:• Given ciphertext c• For all keys ki

– Compute pi = D(c, ki )– If pi is recognizable plaintext, then ki is plausible

Time proportional to number of possible keys ki

Defining “Secure” Encryption

Computationally Secure• Cost of breaking cipher >

value of encrypted information• Time required to break cipher >

useful lifetime of encrypted information

Cipher is “practically” unbreakableGenerally only assurance we have

Defining “Secure” EncryptionProblem: impossible to permanently quantify!• Computers get faster every day

Moore’s law: speed doubles every 1.5 years• Example: DES cipher with 56 bit key

– Computationally secure (1142 years) at 1 test/microsecond– Not secure (10 hours) at 100,000 tests/microsecond

Caesar Cipher and Exhaustive Search

Only 26 possible keys to test!Ciphertext: UXQDZDBKey: Resulting Plaintext:

1 TWPCYCA2 SVOBXBZ3 RUNAWAY recognizable plaintext

Clearly not computationally secure!

Monoalphabetic Substitution• Each plaintext character has corresponding

ciphertext character• No pattern (unlike Caesar cipher)

Example:

“runaway” “HJGNPNS”

Monoalphabetic Substitution

• Key = substitution table itself

• Number of possible keys = 26! 400,000,000,000,000,000,000,000,000

• Computationally secure to exhaustive search(at least without a computer)

Cryptanalysis Attacks• Based on knowledge

– Properties of the encryption algorithm– Properties of the likely plaintext

• Often combined with exhaustive search– Knowledge eliminates most possible keys– Search now feasible for few remaining keys

All possible keys

Remaining keys

Eliminated by cryptanalysis

Search feasible

Frequency-based AnalysisSome letters much more common than others

Frequency-based Analysis

Example ciphertext:“PCRZFNICRAYJHVRYICJQNZRSRZIV”

Letter frequencies:

A 1

B 0

C 3

D 0

E 0

F 1

G 0

H 1

I 3

J 2

K 0

L 0

M 0

N 2

O 0

P 1

Q 1

R 5

S 1

T 0

U 0

V 2

W 0

X 0

Y 2

Z 3

Hypothesis:

“e” “R”

Frequency-based Analysis• Some combinations of letters much more common

than othersExample: “e” often followed by “n”

Example ciphertext (after “e” substituted for “R”):“PCeZFNICeAYJHVeYICJQNZeSeZIV”• “Z” second most common letter• Follows “e” twiceHypothesis: “n” “Z” “PCenFNICeAYJHVeYICJQNneSenIV”

Frequency-based Analysis

• Knowing part of key in monoalphabetic substitution makes it easier to guess the rest of the key

• Very bad property of an encryption algorithm!

Side Point

“I can only see part of the key, but it is easy to guess the rest!”

Frequency-based Analysis

• Success of frequency-based analysis increases with more text– Single long ciphertext– Multiple ciphertexts encoded with same key

• General property of cryptanalysis• Should change key as often as possible!

Side Point

ciphertexts

Known Plaintext Attack• Adversary has access to a number of:

– plaintext messages– corresponding ciphertext messages

• Searches for relationship between plaintext and ciphertext that might reveal key

plaintexts ciphertexts

Known Plaintext Example

• Darth get gets data entry job at organization• Observes how encrypted database changes as new

records entered

Ep c

Known Plaintext Attack

• Inevitable that adversary will acquire known plaintexts

• Security defined in terms of number of known plaintexts needed to guess key

• Single known plaintext sufficient to break simple substitution algorithm!

Chosen Plaintext Attack

• Adversary has hypothesis about key khypothesis

• Adversary chooses plaintext p to test hypothesis • If resulting ciphertext c matches what would be result

of encryption with khypothesis, then khypothesis is correct

Ep

hypothetical key

Ecompare

actual (unknown) key

Chosen Plaintext ExampleWorld War II• Hypothesis:

Japanese code for “Midway Island” = “AF”

• Test:Plaintext message transmitted that “Midway Island running short of water”

• Result:Increased message traffic containing “AF”-- Hypothesis confirmed!

Defining Security

• Quality of encryption system defined by attacks it is vulnerable to– Types of attacks: exhaustive, cryptographic, etc.– Knowledge attacker has: known plaintext, chosen

plaintext, etc.

• Key idea: Must always think like an attacker!– “What could I do to break the system?”