Chapter

 2  
 
Classical  Encryp1on  
Techniques  
 Symmetric  Encryp1on  
§  or  conven1onal  /  private-­‐key    /  single-­‐key  
§  sender  and  recipient  share  a  common  key  
§  all  classical  encryp1on  algorithms  are  private-­‐
key  
§  was  only  type  prior  to  inven1on  of  public-­‐key  
in  1970’s  
§  and  by  far  most  widely  used  
 Some  Basic  Terminology  
§  plaintext  -­‐  original  message    
§  ciphertext  -­‐  coded  message    
§  cipher  -­‐  algorithm  for  transforming  plaintext  to  
ciphertext    
§  key  -­‐  info  used  in  cipher  known  only  to  sender/receiver    
§  encipher  (encrypt)  -­‐  conver1ng  plaintext  to  ciphertext    
§  decipher  (decrypt)  -­‐  recovering  plaintext  from  ciphertext  
§  cryptography  -­‐  study  of  encryp1on  principles/methods  
§  cryptanalysis  (codebreaking)  -­‐  study  of  principles/  
methods  of  deciphering  ciphertext  without  knowing  key  
§  cryptology  -­‐  field  of  both  cryptography  and  cryptanalysis  
Symmetric  Cipher  Model  
 Requirements  
§  two  requirements  for  secure  use  of  symmetric  
encryp1on:  
•  a  strong  encryp1on  algorithm.  An  opponent  who  knows  
the  algorithm  and  has  access  to  one  or  more  ciphertexts  
should  be  unable  to  decipher  the  ciphertext  or  figure  out  
the  key  
•  a  secret  key  known  only  to  sender  and  receiver  
§  mathema1cally  we  have:  
 Y  =  EK(X)  
 X  =  DK(Y)  
§  assume  encryp1on  algorithm  is  known  
§  implies  a  secure  channel  to  distribute  key  
 Cryptography  
§  characterize  cryptographic  system  by:  
•  type  of  encryp1on  opera1ons  used  
o subs1tu1on  /  transposi1on  /  product  
•  number  of  keys  used  
o single-­‐key  or  private  /  two-­‐key  or  public  
•  way  in  which  plaintext  is  processed  
o Block  /  Stream  
 Cryptanalysis  
§  objec1ve  to  recover  key  not  just  message  
§  general  approaches:  
•  cryptanalysis:  It  relies  on  the  nature  of  the  
algorithm  plus  some  knowledge  of  the  
characteris1cs  of  the  plaintext  or  some  sample  of  
plaintext-­‐ciphertext  pairs  
•  brute-­‐force  aUack:  on  average  half  of  the  keys  
must  be  tried  for  success  
 Cryptanaly1c  AUacks  
§  ciphertext  only  (difficult)  
« only  know  algorithm  &  ciphertext,  is  sta1s1cal  
§   known  plaintext    
« Know  1  or  more  plaintext-­‐ciphertext  pairs  
§  chosen  plaintext    
« select  plaintext  and  obtain  ciphertext  
§  chosen  ciphertext    
« select  ciphertext  and  obtain  plaintext  
§  chosen  text    
« select  plaintext  and  ciphertext  to  en/decrypt  
 More  Defini1ons  
§  uncondi8onal  security    
­ no  maUer  how  much  computer  power  or  1me  is  
available,  the  cipher  cannot  be  broken  since  the  
ciphertext  provides  insufficient  informa1on  to  
uniquely  determine  the  corresponding  plaintext  
(hard  to  achieve)  
§  computa8onal  security    
þ  given  limited  compu1ng  resources  (eg  1me  
needed  for  calcula1ons  is  greater  than  age  of  
universe),  the  cipher  cannot  be  broken    
 Brute  Force  Search  
§  always  possible  to  simply  try  every  key    
§  most  basic  aUack,  propor1onal  to  key  size    
§  assume  either  know  /  recognise  plaintext  
Key Size Number of Time required at 1 Time required at 106
(bits) Alternative Keys decryption/µs decryptions/µs
32 232 = 4.3 × 109 231 µs = 35.8 minutes 2.15 milliseconds
56 (DES) 256 = 7.2 × 1016 255 µs = 1142 years 10.01 hours
 128 (AES) 2128 = 3.4 × 1038 2127 µs=5.4 × 1024 years 5.4 × 1018 years

168 (DES-3) 2168 = 3.7 × 1050 2167 µs=5.9 × 1036 years 5.9 × 1030 years

26 characters 26! = 4 × 1026 2 × 1026 µs ≅ 1012 years 6.4 × 106 years

(permutation)
 Classical  Subs1tu1on  Ciphers  
§  where  leUers  of  plaintext  are  replaced  by  
other  leUers  or  by  numbers  or  symbols  
§  or  if  plaintext  is  viewed  as  a  sequence  of  bits,  
then  subs1tu1on  involves  replacing  plaintext  
bit  paUerns  with  ciphertext  bit  paUerns  
 Caesar  Cipher  
§  earliest  known  subs1tu1on  cipher  
§  by  Julius  Caesar    
§  first  aUested  use  in  military  affairs  
§  replaces  each  leUer  by  3rd  leUer  on  
§  example:  
o meet  me  a^er  the  toga  party  
o PHHW  PH  DIWHU  WKH  WRJD  SDUWB  
 Caesar  Cipher  
§  can  define  transforma1on  as:  
•  a  b  c  d  e  f  g  h  i  j  k    l  m  n  o  p  q  r  s  t  u  v  w  x  y  z  
•  D  E    F  G  H    I    J    K  L  M  N  O  P  Q  R    S    T  U  V  W  X  Y    Z    A  B  C  
§  mathema1cally  give  each  leUer  a  number  
•  a  b  c  d  e  f  g  h  i  j  k    l    m    n    o    p    q    r    s    t    u    v    w    x    y    z  
•  0  1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16  17  18  19  20  21  22  23  24  25  

§  then  have  Caesar  cipher  as:  

•  c  =  E(p)  =  (p  +  k)  mod  (26)  
•  p  =  D(c)  =  (c  –  k)  mod  (26)  
 Cryptanalysis  of  Caesar  Cipher    
§  only  have  26  possible  ciphers    
•  A  maps  to  A,B,..Z    
§  could  simply  try  each  in  turn    
§  a  brute  force  search    
§  given  ciphertext,  just  try  all  shi^s  of  leUers  
§  do  need  to  recognize  when  have  plaintext  
§  eg.  break  ciphertext  "GCUA  VQ  DTGCM“  
§  Solu1on  (key  is  C):  “easy  to  break”  
 Mono-­‐Alphabe1c  Cipher  
§  rather  than  just  shi^ing  the  alphabet    
§  could  shuffle  (jumble)  the  leUers  arbitrarily    
§  each  plaintext  leUer  maps  to  a  different  
random  ciphertext  leUer    
§  hence  key  is  26  leUers  long    
•  Plain:      a  bcdefgh  i  j  k  lmnopqr  s  tuvwx  yz  
•  Cipher:  DKVQFIBJWPESCXHTMYAUOLRGZN  
•  Plaintext:    if  we  wish  to  replace  leUers  
•  Ciphertext:  WI  RF  RWAJ  UH  YFTSDVF  SFUUFYA    
 Monoalphabe1c  Cipher  Security  
§  now  have  a  total  of  26!  =  4  x  1026  keys    
§  with  so  many  keys,  might  think  is  secure    
§  but  would  be  !!!WRONG!!!    
§  problem  is  language  characteris1cs  
 Language  and  Cryptanalysis  
§  leUers  are  not  equally  commonly  used    
§  in  English  E  is  by  far  the  most  common  leUer    
•  followed  by  T,R,N,I,O,A,S    
§  other  leUers  like  Z,J,K,Q,X  are  fairly  rare    
§  have  tables  of  single,  double  (th)  &  triple  
leUer  (the)  frequencies  for  various  languages  
English  LeUer  Frequencies  
 Example  Cryptanalysis  
§  given  ciphertext:  
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ  
§  count  rela1ve  leUer  frequencies  (see  text)  
§  guess  P  &  Z  are  e  and  t  
§  guess  “ZW”  is  “th”  and  hence  “ZWP”  is  “the”  
§  proceeding  with  trial  and  error  finally  get:  
it was disclosed yesterday that several informal but
direct contacts have been made with political
representatives of the viet cong in moscow
 Playfair  Cipher  
§  not  even  the  large  number  of  keys  in  a  
monoalphabe1c  cipher  provides  security    
§  one  approach  to  improving  security  was  to  
encrypt  mul1ple  leUers    
§  the  Playfair  Cipher  is  an  example    
§  invented  by  Charles  Wheatstone  in  1854,  but  
named  a^er  his  friend  Baron  Playfair    
 Playfair  Key  Matrix  
§  a  5X5  matrix  of  leUers  based  on  a  keyword    
§  fill  in  leUers  of  keyword  (minus  duplicates)    
§  fill  rest  of  matrix  with  other  leUers  in  alphabe1cal  
order.  I  and  J  count  as  one  leUer.  
§  eg.  using  the  keyword  MONARCHY  

M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
 Encryp1ng  and  Decryp1ng  
§  plaintext  is  encrypted  two  leUers  at  a  1me    
1.  if  a  pair  is  a  repeated  leUer,  insert  filler  like  'X’.  For  
example:  balloon  is  treated  as  ba  lx  lo  on  
2.  if  both  leUers  fall  in  the  same  row,  replace  each  
with  leUer  to  right  (wrapping  back  to  start  from  
end).  For  example:  ar  is  encrypted  as  RM.  
 Encryp1ng  and  Decryp1ng  
3.  if  both  leUers  fall  in  the  same  column,  replace  
each  with  the  leUer  below  it  (again  wrapping  to  
top  from  boUom).  For  example:  mu  is  encrypted  
as  CM.  
4.  otherwise  each  leUer  is  replaced  by  the  leUer  in  
the  same  row  and  in  the  column  of  the  other  
leUer  of  the  pair.  For  example:  hs  is  encrypted  
as  BP  and  ea  is  encrypted  as  IM  or  JM  (as  you  
wish).  
 Security  of  Playfair  Cipher  
§  security  much  improved  over  monoalphabe1c  
§  since  have  26  x  26  =  676  digrams    
§  would  need  a  676  entry  frequency  table  to  analyse  
(versus  26  for  a  monoalphabe1c)    
§  and  correspondingly  more  ciphertext    
§  was  widely  used  for  many  years  
•  eg.  by  US  &  Bri1sh  military  in  WW1  
§  it  can  be  broken,  given  a  few  hundred  leUers    
§  since  s1ll  has  much  of  plaintext  structure    
Rela1ve  Frequency  of  Occurrence  of  LeUers  
 Hill  Cipher  
§  The  subs1tu1on  is  determined  by  m  linear  equa1ons.  
For  example  for  m=3:  
⎡C1 ⎤ ⎡ K11 K12 K13 ⎤ ⎡ P1 ⎤
⎢C ⎥ = ⎢ K K K ⎥ ⎢ P ⎥ mod 26
C = KP mod 26
⎢ 2 ⎥ ⎢ 21 22 23 ⎥ ⎢ 2 ⎥
⎢⎣C3 ⎥⎦ ⎢⎣ K31 K32 K33 ⎥⎦ ⎢⎣ P3 ⎥⎦ P = K-1C mod 26
§  For  example,  consider  the  palintext  “paymoremoney”  and  the  
encryp1on  key  
⎡17 17 5 ⎤ ⎡15 ⎤ ⎡375⎤ ⎡11⎤
K = ⎢⎢21 18 21⎥⎥ K ⎢⎢0 ⎥⎥ = ⎢⎢819 ⎥⎥ mod 26 = ⎢⎢13⎥⎥
⎢⎣2 2 19 ⎥⎦ ⎢⎣24⎥⎦ ⎢⎣486⎥⎦ ⎢⎣18⎥⎦

We end up with the ciphertext: LNSHDLEWMTRW

 Matrix  Inversion  

§  However, we do not divide by |A|, instead we multiply

by the inverse of |A| mod 26. For now, we find the
inverse by trial and error.
§  Example: if |A| = 9, then we find its inverse to be 3
since 3x9 mod 26 = 27 mod 26 = 1
§  Next, we multiply by 3 instead of dividing by 9.
Matrix  Inversion  
 Polyalphabe1c  Ciphers  
§  polyalphabe8c  subs8tu8on  ciphers    
§  improve  security  using  mul1ple  cipher  alphabets    
§  make  cryptanalysis  harder  with  more  alphabets  to  
guess  and  flaUer  frequency  distribu1on    
§  use  a  key  to  select  which  alphabet  is  used  for  each  
leUer  of  the  message    
§  use  each  alphabet  in  turn    
§  repeat  from  start  a^er  end  of  key  is  reached    
 Vigenère  Cipher  
§  simplest  polyalphabe1c  subs1tu1on  cipher  
§  effec1vely  mul1ple  caesar  ciphers    
§  key  is  mul1ple  leUers  long:  K  =  k1  k2  ...  kd    
§  ith  leUer  specifies  ith  alphabet  to  use    
§  use  each  alphabet  in  turn    
§  repeat  from  start  a^er  d  leUers  in  message  
§  decryp1on  simply  works  in  reverse    
 Example  of  Vigenère  Cipher  
§  write  the  plaintext  out    
§  write  the  keyword  repeated  above  it  
§  use  each  key  leUer  as  a  caesar  cipher  key    
§  encrypt  the  corresponding  plaintext  leUer  
§  eg  using  keyword  decep1ve  
•  key:              decep1vedecep1vedecep1ve  
•  plaintext:  wearediscoveredsaveyourself  
•  ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ  
Vigenère Tableau
 Security  of  Vigenère  Ciphers  
§  have  mul1ple  ciphertext  leUers  for  each  
plaintext  leUer  
§  hence  leUer  frequencies  are  obscured  
§  but  not  totally  lost  
§  start  with  leUer  frequencies  
•  see  if  it  looks  monoalphabe1c  or  not  
§  if  not,  then  you  need  to  determine  number  of  
alphabets  (length  of  keyword),  since  then  you  
can  aUack  each  
 Kasiski  Method  
§  method  developed  by  Babbage  /  Kasiski    
§  repe11ons  in  ciphertext  give  clues  to  period    
§  so  find  same  plaintext  an  exact  period  apart    
§  which  results  in  the  same  ciphertext    
§  of  course,  could  also  be  random  fluke  
§  eg  repeated  “VTW”  in  previous  example  
§  suggests  size  of  3  or  9  
§  then  aUack  each  monoalphabe1c  cipher  individually  
using  same  techniques  as  before  
 Autokey  Cipher  
§  ideally  want  a  key  as  long  as  the  message  
§  Vigenère  proposed  the  autokey  cipher  with  the  keyword  
prefixed  to  the  message  as  a  key  
§  e.g.  given  key  decep1ve  
•  key:              decep1vewearediscoveredsav  
•  plaintext:  wearediscoveredsaveyourself  
•  ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA  
§  This  cipher  is  s1ll  vulnerable  because  we  can  s1ll  use  
frequency  characteris1cs  of  leUers  to  aUack  it  
 Vernam  Cipher  
§  ul1mate  defense  is  to  use  a  key  as  long  as  the  
plaintext  
§  with  no  sta1s1cal  rela1onship  to  it  
§  invented  by  AT&T  engineer  Gilbert  Vernam  in  
1918  
§  originally  proposed  using  a  very  long  but  
eventually  repea1ng  key  
 One-­‐Time  Pad  
§  if  a  truly  random  key  as  long  as  the  message  is  used,  
the  cipher  will  be  secure    
§  called  a  One-­‐Time  pad  
§  is  unbreakable  since  ciphertext  bears  no  sta1s1cal  
rela1onship  to  the  plaintext  
§  since  for  any  plaintext  and  any  ciphertext  there  
exists  a  key  mapping  of  one  to  the  other  
§  can  only  use  the  key  once  though  
§  problems  in  genera1on  &  safe  distribu1on  of  key  
 Transposi1on  Ciphers  
§  now  consider  classical  transposi8on  or  
permuta8on  ciphers    
§  these  hide  the  message  by  rearranging  the  
leUer  order  without  altering  the  actual  leUers  
used  
 Rail  Fence  cipher  
§  write  message  leUers  out  diagonally  over  a  number  
of  rows  then  read  off  cipher  row  by  row  
§  e.g.  write  message  out  with  a  depth  of  2  as:  
m e m a t r h t g p r y
e t e f e t e o a a t
§  giving  ciphertext  
MEMATRHTGPRYETEFETEOAAT
 
 Row  Transposi1on  Ciphers  
§  a  more  complex  transposi1on  
§  write  leUers  of  message  out  in  rows  over  a  specified  number  
of  columns  
§  then  reorder  the  columns  according  to  some  key  before  
reading  off  the  columns  
•  Key:                          4  3  1  2  5  6  7  
•  Plaintext:      A  T  T  A  C  K  P  
                                               O  S  T  P  O  N  E  
                                               D  U  N  T  I    L  T  
                                             W  O  A  M  X  Y  Z  
•  Ciphertext:  TTNAAPTMTSUOAODWCOIXKNLYPETZ  
 Product  Ciphers  
§  ciphers  using  subs1tu1ons  or  transposi1ons  are  not  
secure  because  of  language  characteris1cs  
§  hence  consider  using  several  ciphers  in  succession  to  
make  it  harder,  but:    
•  two  subs1tu1ons  make  a  more  complex  subs1tu1on    
•  two  transposi1ons  make  more  complex  transposi1on    
•  but  a  subs1tu1on  followed  by  a  transposi1on  makes  a  new  
much  harder  cipher    
§  this  is  a  bridge  from  classical  to  modern  ciphers  
 Rotor  Machines  
§  before  modern  ciphers,  rotor  machines  were  most  
common  complex  ciphers  in  use  
§  widely  used  in  WW2  
•  German  Enigma,  Allied  Hagelin,  Japanese  Purple  
§  implemented  as  a  very  complex,  varying  subs1tu1on  
cipher  
§  use  a  series  of  cylinders,  each  giving  one  
subs1tu1on,  which  rotated  and  changed  a^er  each  
leUer  was  encrypted  
§  with  3  cylinders  have  263=17576  alphabets  
Hagelin  Rotor  Machine  
 Steganography  
§  an  alterna1ve  to  encryp1on  
§  hides  existence  of  message  
•  using  only  a  subset  of  leUers/words  in  a  longer  
message  marked  in  some  way  
•  using  invisible  ink  
•  hiding  in  LSB  in  graphic  image  or  sound  file  
§  has  drawbacks  
•  high  overhead  to  hide  rela1vely  few  info  bits  
 Summary  
§  have  considered:  
•  classical  cipher  techniques  and  terminology  
•  monoalphabe1c  subs1tu1on  ciphers  
•  cryptanalysis  using  leUer  frequencies  
•  Playfair  cipher  
•  polyalphabe1c  ciphers  
•  transposi1on  ciphers  
•  product  ciphers  and  rotor  machines  
•  steganography