history and background part 2: polyalphabetic substitution and transposition csci 5857: encoding and...
TRANSCRIPT
History and BackgroundPart 2: Polyalphabetic Substitution
and Transposition
CSCI 5857: Encoding and Encryption
Outline
• The Vigenére polyalpabetic cipher• Enigma• One-time pads• Transposition ciphers• Attacks on transposition ciphers• Effectiveness of using multiple keys• Avalanche effect as a goal of encryption• Kerckhoff’s Principle
Polyalphabetic Substitution
• Single plaintext character may map to multiple possible ciphertext characters
• Frequency analysis attacks much harder
Example: Vigenére cipher• Key = some word or phrase of length n• ci = (pi + ki mod n) mod 26
Vigenére cipher
Example:• Key: “python”• Plaintext: “rabbitwithbigpointyteeth”Ciphertext:
p y t h o n p y t h o n p y t h o n p y t h o n
G Y U I V G L G M Y M V V N H P B G N R P L H U
r a b b i t w i t h b i g p o i n t y t e e t h
Polyalphabetic Substitution
• Vigenére cipher still vulnerable to frequency-based cryptanalysis– Guess key size n– Treat like n different monoalphabetic substitutions
• General principle:Larger n more secure
(that is, number of characters before repetition)
Enigma
• Developed by Germany in WW2
• Arguably most complex pre-computer substitution cipher
Flash simulation at http://enigmaco.de/enigma/enigma.html
Enigma• Consists of 3 to 5 rotors
– Each rotor is a monoalphabetic mapping of a plaintext character to a ciphertext character
– Output of one rotor fed into input of next rotor so final output the result of 3 to 5 monoalphabetic substitutions
• Rotors turn after each character!– Fast rotor: every character– Middle rotor: every 26 characters– Slow rotor: every 26 x 26 = 676 characters
Enigma• 26 x 26 x 26 = 17,576 characters entered before
repetition• Essentially invulnerable to frequency-based
cryptanalysis (particularly if rotors changed at regular intervals)
• Required Alan Turing’s Bletchley Group to crack– Captured machines to understand patterns– Large numbers of known plaintexts– Exhaustive searches using primitive computers
One-Time Pad
• Idea: Make key as long as the message itself!(Joseph Mauborgne)
• Unconditionally securesince inherently ambiguous for attacker
One-Time PadExample ciphertext: NZAKBMK
• Ciphertext: NZAKBMK NZAKBMKPossible keys: nlvwker wtnkxmmPlaintext: goforit runaway
• Which key is correct?We have no way of knowing since both are plausible plaintext! ???
One-Time Pad
Only get to use a key for one message• Unlikely that different possible keys would still both result in
plausible plaintext for more than one message• Adversary could find correct key by process of elimination
Ciphertext: WMGKZX WMGKZX
Possible keys: nlvwke wtnkxm Plaintext: jblopt attack
• Would need to securely distribute a new key for each message!
“This is the one!”
Transposition Cipher
• Ciphertext = Permutation of plaintext• Simple example:runaway r n w y
u a a rnwyuaa
• Key = permutation order – Above example: 1357246
Column Transposition Ciphers
• Break plaintext into columns• Example plaintext: longlongagoinagalaxyfaraway
Key: 5241763 (size n of key = 7 columns)
5241763longlongagoinagalaxyfarawayx
Break plaintext into rows of size n of key
Insert extra chars to fill columns(padding)
Column Transposition Ciphers
• For column with label i:– Append contents of
column i to ciphertext
• Resulting ciphertext:goaw oaar nafx nglalgga onyy lixa
5 2 4 1 7 6 3l o n g l o ng a g o i n ag a l a x y fa r a w a y x
This column first
This column second, and so on
Column Transposition Ciphers• Decryption:
– Divide ciphertext into n strings– Arrange strings into columns, with order of
columns determined by key
goawoaarnafxnglalggaonyylixa
5 2 4 1 7 6 3l o n g l o ng a g o i n ag a l a x y fa r a w a y x
Attacks on Transposition Ciphers
• Brute force: Trying all possible permutations– Key of size n n! possible keys– Solution: Choose key such that n! tests is
computationally secure• Cryptographic attacks:
– Eliminate column pairs with unlikely adjacent letters l
i x a
n a f x
Attacks on Transposition Ciphers
• Can apply transposition multiple times with same key to defeat cryptographic attacks
• Ciphertext after first permutation:goawoaarnafxnglalggaonyylixa
• Ciphertext after second permutation:wfglonayagoaaalygrnlanaxoxgi
5 2 4 1 7 6 3g o a w o a ar n a f x n gl a l g g a on y y l i x a
Using Multiple Keys
• Important question:Does using multiple keys always make encryption more secure?– Brute force attacks– Cryptographic attacks
• Mathematically:C = E(E(p, k1), k2)
Is this more secure than C = E(p, k1)?
Using Multiple Keys• Example: Caesar cipher with 2 keys
K1 = 3 K2 = 8– Equivalent to single key K3 = 11– Still only 26 possible mappings from P to C
• Example: Transposition cipher with 2 keys K1 = 5241763 K2 = 7325641– Equivalent to single key K3 = 6357142– Still only 7! possible mappings from P to C
No more secure in either case!
Using Multiple KeysOnly if:• Using multiple keys greatly increases the number of
possible ciphertexts
• Applying multiple keys is not equivalent to applying a single keyNo k3 such that E(E(p, k1), k2) = E(p, k3)
Possible ciphertexts
Possible ciphertexts
After applying K1 and K2
After applying K1
Avalanche Effect
Small change in key Large change in ciphertext
• Desirable property of cipherKnowing some of key rest of key still hard to find
• Not a property of substitution ciphers• Property of transposition ciphers
(particularly if applied multiple times)
Avalanche Effect
Example: two similar keys applied twice• plaintext = longlongagoinagalaxyfaraway• k1 = 5241763
ciphertext = wfglonayagoaaalygrnlanaxoxgi
• k2 = 5421763ciphertext = wfglaalylaoaonrygaangoaxnxgi
• Already different in 14 of 28 characters
Substitution and Transposition
• Most modern block ciphers combine substitution and transposition– Substitution gives large number of possible keys to
defeat brute force attacks– Transposition gives avalanche effect to defeat
cryptographic attacks
Kerckhoff’s Principle
c = E(p, k)• If can’t hide k, can we hide the encryption algorithm E?
Assumption: Adversary knows algorithm we use• All encryption algorithms currently in use are well known!• Much easier to conceal/change key than entire algorithm