Alice Bob insecure hannel Ev ea esdropp er brPage 3br cryptosystem or cipher is pro cedure to render messages unin telligible except to the authorized or in tended recipien t Alice plain text Encrypt Bob Decrypt original text Ev ciphertext secure ha ID: 72883
Download Pdf The PPT/PDF document "Cryptograph and Cryptanalysis ery al Ala..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
CryptographyandCryptanalysisFery^alAlayontUniversityofArizonaDecember9,20031 Cryptography:derivedfromtheGreekwordskryptos,meaninghidden,andgraphos,meaningwriting.Cryptographyistheartof\secretwriting";itsintendistoprovidesecurecommunicationoverinsecurechannels.AliceBob-insecurechannel6Eve(eavesdropper)2 Acryptosystemorcipherisaproceduretorendermessagesunintelligibleexcepttotheauthorizedorintendedrecipient.Aliceplaintext-EncryptBob-Decrypt6-originaltextEveciphertext66securechannel(tosendthekey)3 Moreprecisely:Acryptosystemconsistsoftwosets,asetofpossibleplaintextsandasetofpossibleciphertexts,andaninvertiblefunctionek,wherekisthekey,fromthesetofplaintextstotheciphertexts.Theencryptionofaplaintextmistheciphertextek(m)andthedecryptionfunctionise 1k:e 1k(ciphertext)=e 1k(ek(m))=m=plaintext4 Example:TheCaesarcipher:Toencryptamessage,eachletterinthemessageismovedforwardby3.Wegetthefollowingmapforlettersubstitution:a!Db!Ec!Fx!Ay!Bz!CTheencryptionoftheplaintextattackontuesdayistheciphertextDWWDENRQWXHVGDB5 Cryptanalysisistheartofbreakingintosecurecommunications.Moreprecisely,acryptanalysttriestoobtaintheplaintextorthedecryptionfunctioninacryptosystembyeavesdroppingintotheinsecurechannel.Kerchkho'sprinciple:Theencryptionandthedecryptionprocedureshouldbeviewedaspublicknowledge,withtheonlysecretbeingthekey.6 Therearevariouslevelsofattacksonacryptosystem.Ciphertextonly:Thecryptanalysttriestodeterminetheplaintextorthedecryptionfunctionfromtheknowledgeofapieceofciphertext.Knownplaintext:Thecryptanalystpossessesboththeplaintextandtheciphertextandtriestodeterminethedecryptionfunction.Chosenplaintext:Thecryptanalystcanchosesomenumberofplaintextsandseethecorrespondingciphertexts.Acryptosystemshouldbeatleastresistanttociphertextonlyattacks.Andactuallythecurrentstandardisthatacryptosystemshouldberesistanttochosenplaintextattacks.7 Example:TryingtoimprovetheCaesarcipher:TheshiftcipherBothsidesagreeinadvanceuponakeyk,anumberfrom1to25tellinghowfartoshift.Toencryptamessage,eachletterismovedforwardktimes.Todecrypt,moveeachletterbackwardktimes.Anadversarywhohadinterceptedamessageencryptedbyashiftcipherwouldhavetoshiftthewholemessagebyallthepossiblekeys,25ofthem,tondtheactualkey.8 Asmarteradversaryontheotherhandwilldecryptonlyafour-veletterpieceofthewholemessagetoseewhichdecryptionmakessenseinEnglishandndthekeyusingthatpieceonly.Conclusion:Eventhoughthereare25possiblekeys,nomatterhowlongthemessageisitisveryeasytobreaktheshiftcipher.9 AbitofmodulararithmeticWeletxmodmdenotethepositiveremainderofthedivision-by-remainderofxbym.Forexample10mod7=34mod7=4 4mod7=34 8mod7=324mod7=11=4mod7=210 Usingmodulararithmeticwecandescribetheshiftcipherfunctioneasily.Toeachletterinthealphabet,assigntheircorrespondingplaceinthealphabet:a!0b!1z!25Thentheshiftcipherwithkeykcorrespondstothefunctionek(x)=x+kmod26Forexampleshiftingthelettery3timesgivesb.Numberwiseycorrespondsto24andtheencryptionmathematicallyexpressedis24+3=27=1mod26Sincebcorrespondsto1,theencryptionofyisb.11 Example:Trytoimprovetheshiftcipher:TheanecipherForapair(u;v)ofintegersfrom0to25,theaneciphere(u;v)isdenedase(u;v)(x)=ux+vmod26Theshiftcipheristhespecialcaseofanecipherwithu=1.Forexample,ifu=3andv=2,theletteraisencryptedase(3;2)(0)=30+2=2mod26whichcorrespondstocandtheletterbisencryptedase(3;2)(1)=31+2=5mod26whichcorrespondstof.12 Thekeyspacewiththeanecipheris311(not252sincesomeofthepairsareunusable).Soweexpecttheaneciphertobestrongeragainstattacks,yetobviouslynotverystrongsinceitwouldnottakemuchtimetotryallpossiblekeysbyacomputerprogram.13 TheweaknessoftheanecipherisnotthatithasarelativelysmallkeyspacebutthatitdoesnothidethecharacteristicsoftheEnglishlanguage.Sinceeachletterisencryptedinthesamewayregardlessoftheirpositioninthemessage,wecanguesswhichletteristheencryptionofwhichletterbyusingthedistributionoflettersintheEnglishlanguage.14 LetterProbabilityLetterProbabilityE0.127T0.091A0.082O0.075I0.070N0.067............15 GivenciphertextJOHEMOOHwecounttheappearancesofeachletterandseethatOisthemostfrequentandHisthesecond.GuessingthatOmaybetheencryptionofE,themostcommonletterinEnglish,andHistheencryptionofT,thesecondcommonletter,wegettheequationsu4+v=14mod26u19+v=7mod2616 Solvingtheseequationsmod26givesu=3v=2Check:34+2=14mod26319+2=59=7mod26Thedecryptionofthemessageisletsmeet17 Conclusion:Eventhoughithasaconsiderablylargerkeyspacethentheshiftcipher,theanecipherisstillnotsecuresinceitdoesnothidethecharacteristicsofthelanguage.18 Example:CryptogramsThealphabetismixed-upusingaparticularformulaandmessagesareencryptedusingthisparticularformulaforeachletter.Thekeyspaceishuge:wecanhave26!=403,291,461,126,605,635,584,000,000ofpossiblepermutationsofthealphabet.However,sinceeachletterisencryptedthesameway,wecanagaindecryptthemessageusingthestatisticalfeaturesofEnglish.19 Example:Aperfectlysecurecipher:One-timepad(Vernamcipher)textm=(m1;m2;:::;mn)Chooseakeyconsistingofnrandomcharacters:k=(k1;k2;:::;kn)Thentheencryptionfunctionisek(m)=(m1+k1mod26;m2+k2mod26;:::;mn+knmod26)20 Sincethekeyconsistsofrandomcharacters,someoneinterceptingtheciphertextwillnotbeabletoobtainanyinformationabouttheplaintextm.Soone-timepadisaperfectlysecurecryptosystem,aslongaseachkeyisusedonce.Butitisdiculttodistributeonekeyperencryption.21 Example:TheVigenerecipherDividethemessageintosmallpiecesonwhichone-timepadisapplied.Ifthekeyisk=(k1;:::;kn)andthemessageism=(m1;:::;mN)wherethenumberofcharactersinthemessageisrtimesthenumberofcharactersinthekey,theencryptionfunctionisek(m)=m+rtimes(k;:::;k)mod2622 TobreaktheVigenerecipherwerstguessthekey,eitherbythemethodofKasiskiortheFriedmanattack.Ifthekeyischosenfromadictionary,thentheVigenereciphermaybebrokenbybrute-forcebytryingallthewordsfromthedictionaryasthepossiblekeyofagivenlength.Ifthekeyischosentobenotspecial,theVigenerecipherseemstobesomewhatsecure.However,theFriedmanattackguessesthekeybytakingtheslicesoftheciphertextwhichareencryptedbyshiftingthesameamount.23 Shannon'sConfusionanddiusionprincipleAciphershouldhidelocalpartsinalanguagefromtheattacker.Aciphershouldmixaroundthedierentpartsoftheplaintextsothatnothingisleftinitsoriginalplace.24 Example:DES(DataEncryptionStandard)andtripleDESADESencryptionusesa56-bitkey(plus8morebitsforerrorchecking)andconsistsof16rounds(repetitions)ofapplyingasimplerprocess(calledFeistelnetworks)tothemessageinhalves.Itiscomputationallysecure,meaningittakesalongtimetocrackthecipher.Withtheadvanceoftechnology,nowthestandardistripleDESwhichisathreetimesapplicationofDES.Itseemstobesecureforthemoment.25 References:Brassard,ModernCryptology,LectureNotesinComputerScience,No.325,1988.PaulB.Garrett,CryptologyandNumberTheory,Coursenotes,1999.S.Stinton,Cryptography:TheoryandPractice,2002.D.R.Hankerson,et.al,CodingTheoryandCryptography:TheEssentials,2000.26