shahram khazaei siavash ahmadi fall 2015
DESCRIPTION
Classical Cipher –Substitution –Transposition Examples: –Caesar –Vigenere square –Great –Morse Code –Pigpen –Columnar –Chinese cipher IntroductionTRANSCRIPT
OutlineIntroductionThe Hill CipherCryptanalysis of HillPreliminariesCOA on Hill using monogramsBrute-force attack on HillDivide-and-conquer attack on HillCRT based divide-and-conquer attack on HillExperimental ResultsMain ReferencesEnd
Classical Cipher– Substitution – Transposition
Examples:– Caesar– Vigenere square– Great– Morse Code– Pigpen– Columnar– Chinese cipher
Introduction
Introductionmost of them are broken not only with
Known Plaintext Attacks (KPA) but also with
Ciphertext Only Attacks (COA)(with existence of some redundancy in the messages)
Hill is one of the classical cipher which is not broken by COA.
The Hill CipherInvented by Lester S. Hill in 1929.Plaintext: – Let – Encryption:
over
Final Ciphertext: It completely hides letter frequencies.
Invertible
Cryptanalysis of HillKPA on Hill: very easy!
linearly independent blocks of plaintext
Cryptanalysis of HillKPA on Hill: very easy!
If : & Then:
linearly independent blocks of plaintext
Cryptanalysis of HillKPA on Hill: very easy!
If : & Then:
COA on Hill: It is generally accepted that COA on Hill does not work well.– Exhaustive search: matrix multiplication
linearly independent blocks of plaintext
PreliminariesEnglish Language Properties.
: Entropy of n-grams: Entropy of monograms
Preliminaries
:
For English
Preliminaries
For English
Preliminaries
:
For English
Preliminaries
Preliminaries
Preliminaries
COA on Hill using monogramsBrute-force attack on Hill using monograms only
A divide-and-conquer attack on Hill
A CRT based divide-and-conquer attack
They will find the key matrix up to anunknown permutation of its columns
Improve
Improve
COA on Hill using monogramsBrute-force attack on Hill using monograms only
A divide-and-conquer attack on Hill
A CRT based divide-and-conquer attack
They will find the key matrix up to anunknown permutation of its columns
The correct order of the columns can thenbe determined using diagram frequencies
Improve
Improve
Brute-force attack on Hill
matrices
Brute-force attack on Hill
matrices
Exhaustive all the matricesUnicity distance:
Hence, the computational complexity of the attack is:
Unicity distance
Divide-and-conquer attack on HillThe Key Observation:
Divide-and-conquer attack on HillThe Key Observation:
– The monogram frequencies are still observed– Guessing a single column of actually reveals all the
correct columns
Divide-and-conquer attack on HillThe best candidates for the probable columns are the columns of a representative key matrix (with IC or IML).Using Theorem 1, the enough number of decrypted letters for almost uniquely determining each column of the decryption matrix can be calculated as:
Therefore, the enough ciphertext length for obtaining the above amount of decrypted letters is equal to:
The computational complexity of the attack is It can be improved to by using pre-computations.
CRT based divide-and-conquer attack on Hill
The same procedure can be done in order to find the columns of the decryption key matrix modulo 2 and 13.Unicity distances:
Now, to find a representative key modulo 26, the attack can be devised in two different ways using the CRT.
CRT based divide-and-conquer attack on Hill
First strategy:
– Find representative key matrices modulo 2 and 13, and , respectively.
– combine each of the d columns of with all the d columns of to extract new columns modulo 26 using the CRT.
– The columns with largest index (IC or IML) can be considered as a the representative key over .
– The computational complexity is .
– The enough ciphertext length is .
Now, to find a representative key modulo 26, the attack can be devised in two different ways using the CRT.
CRT based divide-and-conquer attack on Hill
Second strategy:
– Find representative key matrices modulo 13, , only.
– For each column of do the following:
Consider the columns over and compute the corresponding columns over using the CRT.
Calculate the IML or IC for each one and choose the column with the largest index as a column of the representative key matrix over .
– The computational complexity is .
– The enough ciphertext length is
Experimental Results
is a coefficient which say how bigger ciphertext length is used for simulation from unicity distance.
Experimental Results
The Second Strategy
Experimental Results
The Second Strategy
Unicity distance:
But, the success probability for ciphertext length with and IML criteria is going to , which is equal to ciphertext length.
The reason is that here, the decrypted string for a wrong key is not random enough.
Experimental Results
Blue scenario:– Meaningful text
Red scenario:– Real text
Main References
1. C. Christensen. Polygraphic Substitution Ciphers: The Hill Cipher, II. http://www.nku.edu/~christensen/1402%20Hill%20cipher% 20part%20II.pdf, Accessed Summer 2015.
2. O. Grosek and P. Zajac. Automated cryptanalysis of classical ciphers. In Encyclopedia of Artificial Intelligence (3 Volumes), pages 186–191. 2009.
3. L. S. Hill. Cryptography in an algebraic alphabet. In American Mathematical Monthly, pages 306–312. 1929.
4. B. Hu. Introduction to Cryptology: Hill Cipher Remarks. http://www.cs.rochester.edu/~bh/csc290/hill.html, Accessed Summer 2015.
5. J. Overbey, W. Traves, and J. Wojdylo. On the keyspace of the hill cipher. Cryptologia, 29(1):59–72, 2005.
6. D. E. Robling Denning. Cryptography and data security. Addison-Wesley Longman Publishing Co., Inc., 1982.
End
Siavash [email protected]