Cryptograph and Cryptanalysis ery al Ala on University - PDF document

CryptographyandCryptanalysisFery^alAlayontUniversityofArizonaDecember9,20031 Cryptography:derivedfromtheGreekwordskryptos,meaninghidden,andgraphos,meaningwriting.Cryptographyistheartof\secretwriting";itsintendistoprovidesecurecommunicationoverinsecurechannels.AliceBob-insecurechannel6Eve(eavesdropper)2 Acryptosystemorcipherisaproceduretorendermessagesunintelligibleexcepttotheauthorizedorintendedrecipient.Aliceplaintext-EncryptBob-Decrypt6-originaltextEveciphertext66securechannel(tosendthekey)3 Moreprecisely:Acryptosystemconsistsoftwosets,asetofpossibleplaintextsandasetofpossibleciphertexts,andaninvertiblefunctionek,wherekisthekey,fromthesetofplaintextstotheciphertexts.Theencryptionofaplaintextmistheciphertextek(m)andthedecryptionfunctionise1k:e1k(ciphertext)=e1k(ek(m))=m=plaintext4 Example:TheCaesarcipher:Toencryptamessage,eachletterinthemessageismovedforwardby3.Wegetthefollowingmapforlettersubstitution:a!Db!Ec!F


x!Ay!Bz!CTheencryptionoftheplaintextattackontuesdayistheciphertextDWWDENRQWXHVGDB5 Cryptanalysisistheartofbreakingintosecurecommunications.Moreprecisely,acryptanalysttriestoobtaintheplaintextorthedecryptionfunctioninacryptosystembyeavesdroppingintotheinsecurechannel.Kerchkho'sprinciple:Theencryptionandthedecryptionprocedureshouldbeviewedaspublicknowledge,withtheonlysecretbeingthekey.6 Therearevariouslevelsofattacksonacryptosystem.Ciphertextonly:Thecryptanalysttriestodeterminetheplaintextorthedecryptionfunctionfromtheknowledgeofapieceofciphertext.Knownplaintext:Thecryptanalystpossessesboththeplaintextandtheciphertextandtriestodeterminethedecryptionfunction.Chosenplaintext:Thecryptanalystcanchosesomenumberofplaintextsandseethecorrespondingciphertexts.Acryptosystemshouldbeatleastresistanttociphertextonlyattacks.Andactuallythecurrentstandardisthatacryptosystemshouldberesistanttochosenplaintextattacks.7 Example:TryingtoimprovetheCaesarcipher:TheshiftcipherBothsidesagreeinadvanceuponakeyk,anumberfrom1to25tellinghowfartoshift.Toencryptamessage,eachletterismovedforwardktimes.Todecrypt,moveeachletterbackwardktimes.Anadversarywhohadinterceptedamessageencryptedbyashiftcipherwouldhavetoshiftthewholemessagebyallthepossiblekeys,25ofthem,tondtheactualkey.8 Asmarteradversaryontheotherhandwilldecryptonlyafour-veletterpieceofthewholemessagetoseewhichdecryptionmakessenseinEnglishandndthekeyusingthatpieceonly.Conclusion:Eventhoughthereare25possiblekeys,nomatterhowlongthemessageisitisveryeasytobreaktheshiftcipher.9 AbitofmodulararithmeticWeletxmodmdenotethepositiveremainderofthedivision-by-remainderofxbym.Forexample10mod7=34mod7=44mod7=348mod7=32
4mod7=11=4mod7=210 Usingmodulararithmeticwecandescribetheshiftcipherfunctioneasily.Toeachletterinthealphabet,assigntheircorrespondingplaceinthealphabet:a!0b!1


z!25Thentheshiftcipherwithkeykcorrespondstothefunctionek(x)=x+kmod26Forexampleshiftingthelettery3timesgivesb.Numberwiseycorrespondsto24andtheencryptionmathematicallyexpressedis24+3=27=1mod26Sincebcorrespondsto1,theencryptionofyisb.11 Example:Trytoimprovetheshiftcipher:TheanecipherForapair(u;v)ofintegersfrom0to25,theaneciphere(u;v)isdenedase(u;v)(x)=u
x+vmod26Theshiftcipheristhespecialcaseofanecipherwithu=1.Forexample,ifu=3andv=2,theletteraisencryptedase(3;2)(0)=3
0+2=2mod26whichcorrespondstocandtheletterbisencryptedase(3;2)(1)=3
1+2=5mod26whichcorrespondstof.12 Thekeyspacewiththeanecipheris311(not252sincesomeofthepairsareunusable).Soweexpecttheaneciphertobestrongeragainstattacks,yetobviouslynotverystrongsinceitwouldnottakemuchtimetotryallpossiblekeysbyacomputerprogram.13 TheweaknessoftheanecipherisnotthatithasarelativelysmallkeyspacebutthatitdoesnothidethecharacteristicsoftheEnglishlanguage.Sinceeachletterisencryptedinthesamewayregardlessoftheirpositioninthemessage,wecanguesswhichletteristheencryptionofwhichletterbyusingthedistributionoflettersintheEnglishlanguage.14 LetterProbabilityLetterProbabilityE0.127T0.091A0.082O0.075I0.070N0.067............15 GivenciphertextJOHEMOOHwecounttheappearancesofeachletterandseethatOisthemostfrequentandHisthesecond.GuessingthatOmaybetheencryptionofE,themostcommonletterinEnglish,andHistheencryptionofT,thesecondcommonletter,wegettheequationsu
4+v=14mod26u
19+v=7mod2616 Solvingtheseequationsmod26givesu=3v=2Check:3
4+2=14mod263
19+2=59=7mod26Thedecryptionofthemessageisletsmeet17 Conclusion:Eventhoughithasaconsiderablylargerkeyspacethentheshiftcipher,theanecipherisstillnotsecuresinceitdoesnothidethecharacteristicsofthelanguage.18 Example:CryptogramsThealphabetismixed-upusingaparticularformulaandmessagesareencryptedusingthisparticularformulaforeachletter.Thekeyspaceishuge:wecanhave26!=403,291,461,126,605,635,584,000,000ofpossiblepermutationsofthealphabet.However,sinceeachletterisencryptedthesameway,wecanagaindecryptthemessageusingthestatisticalfeaturesofEnglish.19 Example:Aperfectlysecurecipher:One-timepad(Vernamcipher)textm=(m1;m2;:::;mn)Chooseakeyconsistingofnrandomcharacters:k=(k1;k2;:::;kn)Thentheencryptionfunctionisek(m)=(m1+k1mod26;m2+k2mod26;:::;mn+knmod26)20 Sincethekeyconsistsofrandomcharacters,someoneinterceptingtheciphertextwillnotbeabletoobtainanyinformationabouttheplaintextm.Soone-timepadisaperfectlysecurecryptosystem,aslongaseachkeyisusedonce.Butitisdiculttodistributeonekeyperencryption.21 Example:TheVigenerecipherDividethemessageintosmallpiecesonwhichone-timepadisapplied.Ifthekeyisk=(k1;:::;kn)andthemessageism=(m1;:::;mN)wherethenumberofcharactersinthemessageisrtimesthenumberofcharactersinthekey,theencryptionfunctionisek(m)=m+rtimes(k;:::;k)mod2622 TobreaktheVigenerecipherwerstguessthekey,eitherbythemethodofKasiskiortheFriedmanattack.Ifthekeyischosenfromadictionary,thentheVigenereciphermaybebrokenbybrute-forcebytryingallthewordsfromthedictionaryasthepossiblekeyofagivenlength.Ifthekeyischosentobenotspecial,theVigenerecipherseemstobesomewhatsecure.However,theFriedmanattackguessesthekeybytakingtheslicesoftheciphertextwhichareencryptedbyshiftingthesameamount.23 Shannon'sConfusionanddiusionprincipleAciphershouldhidelocalpartsinalanguagefromtheattacker.Aciphershouldmixaroundthedierentpartsoftheplaintextsothatnothingisleftinitsoriginalplace.24 Example:DES(DataEncryptionStandard)andtripleDESADESencryptionusesa56-bitkey(plus8morebitsforerrorchecking)andconsistsof16rounds(repetitions)ofapplyingasimplerprocess(calledFeistelnetworks)tothemessageinhalves.Itiscomputationallysecure,meaningittakesalongtimetocrackthecipher.Withtheadvanceoftechnology,nowthestandardistripleDESwhichisathreetimesapplicationofDES.Itseemstobesecureforthemoment.25 References:Brassard,ModernCryptology,LectureNotesinComputerScience,No.325,1988.PaulB.Garrett,CryptologyandNumberTheory,Coursenotes,1999.S.Stinton,Cryptography:TheoryandPractice,2002.D.R.Hankerson,et.al,CodingTheoryandCryptography:TheEssentials,2000.26