session 1: introduction to cryptology. cryptology cryptology: criptos=secret + logos=science...

Session 1: Introduction to cryptology

Cryptology

Cryptology: criptos=secret + logos=science Cryptology = Cryptography + Cryptanalysis

• Opposite and complementary at the same time Cryptography: develops methods of

encipherment in order to protect information. Cryptanalysis: breaks these methods in

order to reconstruct the original information.

Cryptographic Procedure : The General Scheme

A

Plaintext

KEY

decipher

decrypt

Cryptanalysis

Ciphertextencipher

Plaintext

KEY

B

General classification :

Secret key cryptography (symmetric)• Shared key (secret), delivered to both parties in

advance via a secure channel.

Public key cryptography (asymmetric)• The key is reconstructed from the secret part and the

public part. The secure channel is not needed.

Secret key cryptography

Stream ciphers Block ciphers


Stream ciphersThe transformation is applied to every symbol of the original

message.

Example: to every bit of the message.

Block ciphersThe transformation is applied to a group of symbols of the

original message

Example : to groups of 64 bits (DES).


Stream ciphersProf. Simon John Shepherd:

“Every high-grade military cipher is a stream cipher”

http://www.simonshepherd.supanet.com/sjsacad.htm

Consequence: limitations introduced by governments.

Block ciphersSlower and less secure (in general), but there are no

implementation and export limitations. Because of that, they

are used a lot in practice.

Classical cipher systems

SubstitutionExample:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

P L O K N M J U I B V G Y T F C X D R E S Z W A Q H

Message T H I S I S A N E X A M P L E

Cryptogram E U I R I R P T N A P Y C G N


TranspositionExample:

Message C L A S S I C A L S Y S T E M S

Cryptogram S A L C A C I S S Y S L S M E T

Groups of 4 letters

Transposition: ( )1 2 3 4

4 3 2 1


Monoalphabetic substitution • Equal symbols of the plaintext are always

substituted with the same symbol.

Polialphabetic substitution• Equal symbols of the plaintext are substituted

with different symbols, depending on the key.


Caesar’s cipher (monoalphabetic)

(1st century B.C.)

Message V I N I V I D I V I N C I

Key D D D D D D D D D D D D D

Cryptogram Z M Q M Z M G M Z M Q F M

A B C D E F G H I K L M N O P Q R S T V X Y Z

D E F G H I K L M N O P Q R S T V X Y Z A B C

3,1,0

23mod

i

iii

ZBA

ZXY


Vigenère’s cipher (polialphabetic) (1586)

Key: Zi = L, O, U, P

Encipherment:

Decipherment:

Message P A R I S V A U T B I E N U N E M E S S E

Key L O U P L O U P L O U P L O U P L O U P L

Cryptogram A O L X D J U J E P C T Y I H T X S M H P

26modiii ZXY

26modiii ZYX


Blaise de Vigenère (1523-1596)

VIGENÈRE’S TABLE (1586)

P

L

P

152611

11110

26mod01115

11

15

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

Note that the modulus of a negative value is computed by repeatedly adding the base until a positive value is obtained.


B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E F G H I J K L M N O R Q R S T U V W X Y Z A B C D

F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z A B C D E F G H I J K L M N O P Q R S T U V W X Y


Beaufort’s cipher (polialphabetic) (1857)

Key: Zi = W, I, N, D

Encipherment:

Decipherment:

Message T H I S I S T H E S A M E O L D S T U F F

Key W I N D W I N D W I N D W I N D W I N D W

Cryptogram D B F L O Q U W S Q N R S U C A E P T Y R

26modiii XZY

26modiii YZX Sir Francis Beaufort (1774-1857)

Encipherment and decipherment are the same (involution)


B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E F G H I J K L M N O R Q R S T U V W X Y Z A B C D

F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Classical systems – electromechanical devices

The principal drawback of the systems that used tables was their inefficiency at enciphering/deciphering long texts.

At the same time, the need to process long texts increased.

In the beginning of the 20th century, technology advanced enough to enable design of electromechanical cryptographic devices.

Classical systems – ENIGMA

One of the most famous ones was the ENIGMA machine, used extensively by the Germans in the World War II.

The machine was patented in 1918 by Arthur Scherbius, a German engineer.

Essentially, this was a multiple Vigenère’s cipher that achieved a considerably higher number of possible combinations to search in the process of cryptanalysis than the older ciphers.

Classical systems - ENIGMA

M

Q

ENIGMA – principle of operation

ENIGMA – one of the rotors


All the machines of this kind consisted of wheels.

Some were fixed (stators) and some were mobile (rotors).

ENIGMA consisted of two fixed wheels (the entry wheel and the reflector) and 3 or 4 rotors.

Rotors could be selected out of a number of rotors (usually 3 out of five).


The choice of the rotors, as well as their ordering constituted a part of the key.

All the rotors had contacts on both sides, through which current was flowing.

Each contact corresponded to a letter of the alphabet and the contacts on both sides of a rotor were connected by a special wiring.

Thus each rotor realized a monoalphabetic substitution cipher.


Due to a special kind of stepping motion of the wheels, not all the wheels rotated the same number of shifts at enciphering different letters.

There was one wheel that moved with every single letter to be enciphered, and the other wheels moved more slowly.

Current positions of the contacts on the wheels determined the substitution of the given (typed) letter on the machine.

In such a way, long period of the output letter sequence was achieved.


Some variants of ENIGMA also included a permutation (’plugboard’) that was realized through wiring, and that permutation occasionally changed.

The role of the plugboard was to change the letter that was actually typed to some other letter (depending on the permutation) before and after the current entered the wheels.


What distinguished the ENIGMA machine from the other electromechanical cryptographic machines was the use of the reflector - a special stator that was redirecting the flow of the current back through the rotors by a different route.

The reflector ensures that the ENIGMA machine is self-reciprocal, i.e. the enciphering and the deciphering transformations are the same.


However, by introducing the reflector, substituting the given letter with itself was disabled.

That introduced a small bias in the statistics of the letter sequence produced by the machine that enabled the cryptanalysis.

Classical systems (Enigma)

Source: http://en.wikipedia.org/wiki/Enigma_machine

Classical systems

Electromechanical cryptographic devices of the ENIGMA type had an additional drawback - the machine itself constituted (a part of) the key.

Replacing compromised machines, especially during the war, was a very difficult and often impossible task.

Classical systems

The goal of the next generation of cryptographic machines was to implement a system whose security lied only in the key that was used, not on the enciphering transformation.

The Vernam cipher, patented in 1917 in the U.S.A., was such a cipher.

This concept was also proved to be the best from the theoretical point of view in 1949 by C. Shannon.

Classical systems

The Vernam cipher (1917) (One-time pad)

Key: Binary random sequence used only once.

Encipherment:

Decipherment:

Message: COME SOON (Encoding ITA-2)

Message 01110 11000 11100 00001 00100 00101 11000 11000 01100

Key 11011 00101 01011 00110 01111 10110 10101 01100 10010

Cryptogram 10101 11101 10111 00111 01011 10011 01101 10100 11110

iii ZXY

iii ZYX

0 1

0 0 1

1 1 0

Classical systems

The Vernam cipher was a cipher intended to be used on teletype writers.

Because of that, the key storage medium was a paper tape of the same type as the tape that was used for storing the messages.

The message had to be encoded first, and the teletype writer itself performed this transformation.

Every teletype writer implemented some encoding and the most widespread one was International Telegraph Alphabet No 2 (ITA-2).

Classical systems – ITA 2

Binary Decimal LETTERS NUMBERS Binary Decimal LETTERS NUMBERS

----------------------------------------------------- ---------------------------------------------------- 00000 0 BLANK BLANK 10000 16 T 5 00001 1 E 3 10001 17 Z " 00010 2 LF LF 10010 18 L ) 00011 3 A - 10011 19 W 2 00100 4 SP SP 10100 20 H # 00101 5 S BELL 10101 21 Y 6 00110 6 I 8 10110 22 P 0 00111 7 U 7 10111 23 Q 1 01000 8 CR CR 11000 24 O 9 01001 9 D $ 11001 25 B ? 01010 10 R 4 11010 26 G & 01011 11 J ‘ 11011 27 FIGS FIGS 01100 12 N , 11100 28 M . 01101 13 F ! 11101 29 X / 01110 14 C : 11110 30 V ; 01111 15 K ( 11111 31 LTRS LTRS

Unconditional security (THEORETICAL) (Perfect secrecy – Shannon) – the system is secure against an attacker with unlimited time and computational resources.

Example: The Vernam cipher (One-time pad).

Computational security (PRACTICAL) – the system is secure against an attacker with limited time and computational resources.

Example: The RSA cryptosystem.

Cryptographic Security

Perfect secrecy conditions (Shannon)

Application conditions:• The key is used only once

• The cryptanalyst has access only to the cryptogram.

Perfect secrecy :

“The plaintext X is statistically independent on the cryptogram Y

for all the possible plaintexts and all the possible cryptograms”

P(X = x | Y = y) = P(X = x)

Entropy

Entropy is a measure of uncertainty. It is a function of probability distribution of a

random variable. Shannon’s entropy of the (discrete) random

variable X:

x

xpxpXH 2log

Entropy

Example 1:

H(X) reaches its maximum for p=0.5.

tail,head pp

pp

1tail

head

ppppXH 1log1log 22

Entropy

Entropy

Example 2: n-sided fair die. n outcomes, each with probability 1/n.

nnnnn

XH 222 log1

log11

log1

Entropy

For two random variables, X and Y, the joint entropy H(X,Y) is defined as

Conditional entropy

Theorem (chain rule)

x y

yxpyxpYXHY

,log,, 2

x y

xypyxpXYH 2log,

XYHXHYXH ,

Entropy

Theorem• where the equality holds iff all

elements of are equally likely.

•

• where the equality holds iff X and Y are independent.

2logXH

YHXHYXH ,

YHXYH

XHYXH

Entropy

Thus, the fact that X and Y are independent random variables causes the same uncertainty of the plaintext regardless of the knowledge of the cryptogram.

Is perfect secrecy practically achievable?

• The cipher with X, Y, Z {0,1,…,L-1}K

• The key is selected at random

• The ciphering transformation:

The number of keys/plaintexts/ciphertexts is LK.

With a fixed plaintext, since the key is selected

at random, a unique cryptogram corresponds to

every possible value of the key.

KiLzxy iii ,,1,mod

Then, any of the LK possible cryptograms corresponds to any plaintext with equal probability. ThenP(X = x | Y = y) = P(X = x) .

L=2, the Vernam cipher.

Security of classical systems

Monoalphabetic ciphers

• The statistical properties of the plaintext are reflected

exactly in the ciphertext.

• The statistical methods of cryptanalysis use the

statistical properties of the language in which the

message has been written.

Letter statistics - English

E 12.31%

T 9.59%

A 8.05%

O 7.94%

N 7.19%

I 7.18%

S 6.59%

R 6.03%

H 5.14%

L 4.03%

D 3.65%

C 3.20%

U 3.10%

P 2.29%

Letter statistics - English

F 2.28%

M 2.25%

W 2.03%

Y 1.88%

B 1.62%

G 1.61%

V 0.93%

K 0.52%

Q 0.20%

X 0.20%

J 0.10%

Z 0.09%

Letter statistics - Norwegian

E 17%

N, R 9%

T 8%

S 7%

I, L 6%

A, D, K 5%

G, O 4%

M 3%

F, P, U, V 2%

B, H, J, Y, Æ, Ø, Å 1%

C, Q, W, X, Z <1%Source: Kryptografi – Ben Johnsen, Tapir Akademisk Forlag, Trondheim, 2005.


The Vigenère cipher (polialphabetic)

• The Kasiski Cryptanalysis (The incidence of the

coincidences) (1863)

• The repetition of certain group of letters in the cryptogram

originating from the same group of letters in the plaintext

takes place at a distance equal to a multiple of the length of

the key word (30=6*5).

PETER LEGRAND IS A GOOD FRIEND OF NAPOLEON LEGRAND

EDGAR EDGARED GA R EDGA REDGAR ED GAREDGAR EDGARED

THZEI PHMRRRG OS R KRUD WVLKNU SI TAGSOKOE PHMRRRG


The Vigenère cipher (polialphabetic)• By studying these repetitions, it is possible to determine the

length K of the key word.

• Then the original cryptogram can be decomposed into simple

cryptograms.


The Vernam cipher

• Meets the conditions of perfect secrecy.

• One key bit for every plaintext bit.

Unicity distance Given a ciphertext, if we try all the possible keys, how

many keys will decrypt it to something meaningful? The unicity distance n0 is the length of ciphertext at

which one expects that there is a unique meaningful plaintext.

If the text is long enough, there will be a unique key and a unique corresponding plaintext.

R is redundancy of the text (0.75 for English), K is the key space and L is the alphabet.

LR

Kn

2

20 log

log

Unicity distance

H is the entropy of the language. Example: One-time pad for a message of

length N. There are 26N possible keys.

We need more letters than the entire ciphertext for a unique decryption.

L

HR

2log1

NnN

33.126log75.0

26log

2

20

Mathematical fundamentals

Mathematical disciplines, whose results are used in cryptography:• Algebra

• Number theory

• Combinatorics

• Probability theory and statistics

• Computational complexity theory

• Etc.

Groups

A group G is a non empty set with a binary operation , which satisfies the axioms of the group:• Closure:

• Associativity:

• Existence of the identity (neutral) element:

• Existence of the inverse elements (inverses):

GGG :*

GYXGYX *, zyxzyxGzyx ****,,

xxeexGxGe **

exxxxGxGx ** 111

Groups

Multiplicative group: the operation * is the multiplication.• The operation is

• The identity element is 1.

• The inverse element is x-1.

Additive group: the operation * is the sum.• The operation is +


• The inverse element is –x.

Groups

Examples of additive groups:• Z, Q, R, C

• , , where the operation is the sum modulo n.

Examples of multiplicative groups:•

•

where the operation is the multiplication modulo n.

1,,2,1,0 nZNn n

0\Q 0\R 1,gcd:1 nxnxZNn n

Groups

Example: Verify that Zn is a group.

• Closure: yes, because the operation is the sum modulo n.


• Associativity: obvious.

• The inverse element:

nxny

nyx

mod

0mod

Groups

If in the group G the operation * fulfils the commutative property, i.e.

then G is a commutative or Abelian group. If G is a finite group, the number of

elements in G is called order of G and is represented by #G.

xyyxyx **,

Groups

An element gG is a generator of G if every element of G can be written as a power of g. G is then a cyclic group.

The cyclic group:

Example: the generators of Z12 are 1, 5, 7 and 11.

,,,,, 3210 ngggggegG

Groups

112mod585

8535

312mod5555*5*55

10555*55

55

05

11,0

5

4

3

2

1

0

12

e

Z

7525

212mod595

9545

412mod5115

11565

6515

11

10

9

8

7

6

Groups

A nonempty subset H of G is called subgroup of G if it is closed for the multiplication and the inversion, i.e.

The Lagrange theorem:• If G is a finite group and H is its subgroup, then #H

divides #G.

HxHyxHyx 1,*,

GH ##

Groups

Examples:• A group of order 8 can have subgroups of

order 2 and 4, but not of order 3 or 6.

• A finite group, whose order is a prime number cannot have its own subgroups.

Groups

The order of an element gG of a finite group is the least positive integer k such that gk=e.

If k is the order of gG, then {e, g, g2, …, gk-1} is a subgroup of G.

Corollary of the Lagrange theorem:• In a finite group, the order of each element

divides the order of the group.

Groups Example: a subgroup of Z8:

GkGH

Hk

e

g

e

Z

#,##

6,4,2,04

08mod262

62222

4222

22

2

0

7,6,5,4,3,2,1,0

4

3

2

1

8

Groups

The symmetric group Sn:

• Contains all the permutations of the elements {1,…,n}.

• The operation of the group is the composition of functions .

• #Sn=n!

• It is not Abelian for n3.

Groups

Example: S3

• Elements:

1 2 3

1 3 2

2 1 3

2 3 1

3 1 2

3 2 1

213

321

312

321

231

321

gf

g

f

xgfxgxf

Finite fields

A field is a set K together with two operations, + and , sum and product, which satisfy the following properties:• (K,+) is a commutative group – the additive group of

the field.

• (K*=K\{0}, ) is a commutative group – the multiplicative group of the field.

• The product has the distributive property with respect to the sum.

zxyxzyx

Finite fields

Example: • If p is a prime number, then Zp is a field

• Zp is an additive commutative group.

• (Zp) is a multiplicative commutative group.

the Euler function.

• The product obviously has the distributive property with respect to the sum.

1 ppZ p

p

Finite fields

Theorem:• (i) The number of elements of a finite field K

must be equal to the power of a prime number, i.e. #K=pm.• p is the characteristic of the field.

• The field is represented by GF(pm) (Galois Field).

Finite fields

Theorem (cont.):• (ii) There is only one finite field of pm elements. If we

fix an irreducible polynomial F(x) of degree m with coefficients in Zp, the elements of GF(pm) are represented as polynomials with coefficients in Zp of degree <m and the product of elements of GF(pm) is realised as the product of polynomials modulo F(x).

pmm

mm Zxxxp

1210

11

2210 ,,,,;GF

Finite fields

Example: p=2, m=3• is irreducible. 31 xxxF

22223 1,,1,,1,,1,02 xxxxxxxxGF

xxxxx

xxxxxx

xxxxxx

1mod

1mod

1mod

324

32334

322

session 1: introduction to cryptology. cryptology cryptology: criptos=secret + logos=science...

Documents

cryptology slide

plaintext key b slide

s s i c

c i s sy s

p y c g n slide

stream cipher http

s cryptograms

ls y s t e