Lecture 2

* Key space Effective key space Classical cryptosystems Caesar Affine cipher Vigenre system One time pad (Vernam) Attacks: * Brute force attack * frequency analysis * dictionary attack

Key space
Key space = the set of all possible encryption keys In best encryption algorithms the most effective attack is the Brute Force attack, where the enemy performs a complete search through all possible keys of the key space to find the right one. In 2006 a secure size for a key space is considered to be > 80 bits The standard block cipher DES had only 64 ( effectively only 56). That is why DES is no more safe (if it ever has been that.) Even though the key size is 128 bits, the effective key space can be much less, if the encryption algorithm is not well planned ( = for a given cipher text, not all keys are equally probable). In less successful encryption algorithms, output of the algorithm is not random enough. ( f.e there are more ones than zeros, there can be runs of ones.)

Requirements of a good cipher

1. Kerckhoff s rule: The safety of an encryption method should be based only on the secrecy of the encryption key. This means that the algorithm itself can be published without loss of safety.
Auguste Kerckhoffs (1835 - 1903) was a Dutch linguist and cryptographer who was professor of languages at the School of Higher Commercial Studies in Paris in the late 19th century (source: Wikipedia)

2. The output bits of the algorithm should be random

Samuel W Golombs postulates of randomness of a bit sequence: 1. There should be about 50% ones and 50% zeros 2. The probability of having a run of length k = (1/2)k. 3. If you rotate the sequence and calculate the difference vector with the original, you should always get about same amount of ones and zeros in the difference vector.
S.W.Golomb is an emeritus professor in Western California University. He is a developer the theory of Linear Feedback Shift Registers and defined randomness.

Randomness cont
1001101011100100001011001010101001

P = 1 / 16 P = 1/ 4 P=1/8

P = 1/2

In addition to the randomness of the cipher bits a property of a good algorithm is that changing one of the message bits should cause lots of changes ( 50 %) in the output sequence.

There is an attack called differential cryptoanalysis, which tries to analyze how different bits affect the output. If only a few bits would be changed, then the algorithm could be vulnerable.

DES
DES block cipher was created by IBM in cooperation with NSA 1977 for purposes of US administration and business. It was the world standard from 1977 to 2001 (and is still used). Good in DES Its output sequence satisfies excellently the randomness postulates of Golomb => It can be used for creating hash values of passwords ( Unix passwd). It can also be used as a pseudorandom generator. Faults of DES: * too short key (effective key space 56 bits) * the leaking of the code made every cryptoanalyst in the world try breaking it

Calculation of effective key space

Network passwords

Exercise: Calculate the effective key space size A password is 8 characters long and it contains only English letters (26).

A password is 8 characters long and it contains English letters + numbers 0,1,9

Assuming that a password can contain English letters + numbers 0 -9, how long it must at least be to be safe ( safety limit is 80 bits)

Hackers use very often the dictionary attack, which is based on lists of most common passwords. Unfortunately the key space of a company network too often consists of the names of the family members or petty animals of the users.

Classical cryptosystems
1. 2. 3. 4. 5. Caesar cipher Caesar affine cipher Random substitution Vigenre cipher One Time Pad (the only unbreakable cipher, Vernam 1919)

1. Caesar cipher
Cipher is based on a rotation of alphabet by k , which is the key The Romans used for encryption a substitution table: alphabet in the first row and shifted alphabet on the second row substitution table for k = 7 a b c d e f g h i j k l m n o p q r s t u v w x y z h i j k l m nopq r s t u v w xy z a bc d e f g

The key space size is 25 Decryption algorithm is the same, but with key k = - 7

Modern computer version encodes first characters into numbers and performs rotation using modular arithmetic.

Example: Encrypt rovaniemi with Caesar if the key is 7

a 0 b 1 c 2 d 3 e 4 f 5 g 6 h 7 i 8 j 9 k 10 l 11 m 12 n 13 o 14 p 15 q 16 r 17 s 18 t 19 u 20 v 21 w 22 x 23 y 24 z 25

message

rovaniemi

17 14 21 0 13 8 4 12 8

+ 7 mod 26

24 21 2 7 20 15 11 19 15

cipher

yvchupltp

2. Affine Caesar cipher

Encryption: 1. Map the plaintext characters to numbers : a = 0, , z = 25 2. Encrypt the message (sequence of numbers m) using c = a*m + b mod 26 where a and b are the encryption keys. 3. Map the numbers back to characters to obtain the cipher

Decryption: 1. Map the cipher characters to numbers : a = 0, , z = 25 2. Decrypt the number sequence c using m = a-1*c +a-1*b mod 26 where a-1 is the multiplicative inverse of a mod 26 3. Map the numbers back to characters

Example: Encrypt rovaniemi with affine system ( a = 7, b = 3)

a 0 b 1 c 2 d 3 e 4 f 5 g 6 h 7 i 8 j 9 k 10 l 11 m 12 n 13 o 14 p 15 q 16 r 17 s 18 t 19 u 20 v 21 w 22 x 23 y 24 z 25

message

rovaniemi

17 14 21 0 13 8 4 12 8 c = 7 m + 3 mod 26 0 23 20 3 16 7 5 9 7
Example: encryption of letter o O encodes to 14 7*14 + 3 mod 26 = 101 mod 26 = 23 which decodes to x

cipher

axudqhf jh

Decryption: axudqhf jh 0 23 20 3 16 7 5 9 7 m = a c - ab = 7*c 7*3 mod 26

where 7 is the inverse of 7 mod 26 = 15

17 14 21 0 13 8 4 12 8 Example: rovaniemi Decryption formula: m = 15 c 45 mod 26 = 15 c + 7

So c = 16 maps to 15*16 + 7 mod 26 = 247 mod 26 = 13

How to find the inverse of a ?

Method 1. Use multiplication table
Out[12]= 87, 14, 21, 2, 9, 16, 23, 4, 11, 18, 25, 6, 13, 20, 1, 8, 15, 22, 3, 10, 17, 24, 5, 12, 19 < In[12]:= Table@ Mod@7 x, 26D,

8x, 1, 25<D

When x has value 15, we have 7*x = 1 => number 15 is the inverse.

Method 2. Using Extended Eucleides algorithm

Out[15]= 81, 83, 11 << In[15]:= ExtendedGCD@26, 7D Linear combination for GCD is: 1 = 3*26 11*7 =>

Inverse of 7 is -11 mod 26 = 15

Method 3. Using Eulers theorem aj(n) = 1 mod n => a-1 =a j(n)-1

In[16]:= = EulerPhi@26D Out[16]= 12

In[17]:= Mod@711 , 26D Out[17]= 15

Key space of affine cipher

Key b can have all values 0 25 Key a must have an inverse mod 26 => only the coprimes with 26 will do : the number is j(26) = 12 => key space is 26*12 = 312 (easy for brute force attack and also for frequency analysis)
Key space size = n * j(n), where n is the size of alphabet

3. Random substitution
We can use also a random permutation of alphabet for encryption. Decryption is made with the same table using the inverse permutation
Out[28]//MatrixForm=

a b c d e f g h i j k l m n o p q r s t u v w x y z N y g k n c q o u x z l r a f t m e p i s b w d h j v

Now the key space is n ! , where n is the size of the alphabet. F.E if n = 26, the key space is 4 *1026, which is bigger than 80 bits.

However each character always maps into the same image character, and the cipher is easy to break with frequency analysis.

4. Vigenre cipher
Blaise de Vigenre (April 5, 1523 - 1596) was a French diplomat and cryptographer.

Vigenre Algorithm (modern version to be used with computers): 1. Encode the message into a number sequence (of numbers 0 25) 2. Repeat the keyword to produce a string of length of the message. Encode the string into a number sequence 3. Add sequences using vector addition mod 26. 4. Decode the sum vector into characters to obtain the cipher

Decryption is done similarly. Only difference is that in decryption the key sequence is subtracted from the cipher.

Example: Encrypt rovaniemi with Vigenere. Key = kemi

a 0 b 1 c 2 d 3 e 4 f 5 g 6 h 7 i 8 j 9 k 10 l 11 m 12 n 13 o 14 p 15 q 16 r 17 s 18 t 19 u 20 v 21 w 22 x 23 y 24 z 25

message

rovaniemi

key

oulu

17 14 21 0 13 8 4 12 8 14 20 11 20 14 20 11 20 14 Addition mod 26 5 8 6 20 1 2 15 6 22

14 20 11 20

cipher

figubcpgw Example: 21 + 11 mod 26 = 32 mod 26 = 6

The security of Vigenres cipher

Nominal key space assuming that the key word is of length 4 18: 264 + 265 + . +2618 = about 1025 ( > 80 bits )

Vigenres cipher was considered unbreakable until 1863, when a Prussian officer Friedrich Kasiski found a test, which helped to determine the length of the key word.
Kasiski test needs a lot of ciphertexts encrypted with the same password.

If in the ciphertexts appears the same character or the same group of characters in several positions with distances D, it is very likely that D is a multiple of the key word length. ( see Wikipedia: Vigenere, Kasiski )

If we manage to find the key word length n, then it is not very difficult to break the cipher, because the cryptoanalysis is then equivalent with the cryptoanalysis of n Caesar ciphers. Breaking can be done with frequency analysis.

One Time Pad

Vigenre cipher can be also used with binary alphabet : 0 and 1. Let m = binary message and k = binary key of the same length Encryption algorithm c= m+k mod 2 ( c = mk )

Decryption algorithm is the same

m = c + k mod 2

( m = ck )

This is because k + k = 0 for all binary numbers k ( and binary vectors)

If the key k is a completely random bit string of the same length as the message, and each key is used only once, we have a provably 100% secure encryption system. This system is called One Time Pad. It was used between Moscow and Washington during the cold war.

The security of One Time Pad is obvious, because For any binary cipher text c and every possible binary message m there is a binary key string k with property c=mk

* Searching all possible key strings we obtain the set of all possible meaningful and meaningless messages and there is no way of determining which one is right. But if we use same key twice, the Brute Force attack works and the key can be revealed.

message one time pad key

1 1 0

0 0 0

0 1 1

1 1 0

1 0 1

0 1 1

1 0 1

0 0 0

0 0 0

0 1 1

1 0 1

1 1 0

0 1 1

1 0 1

1 1 0

0 0 0

cipher

10

Examples of cryptoanalysis: Break Caesar cipher

Brute force attack against Caesar cipher

yvchupltp

Method: Try all possible keys 1 25 . The key that gives a meaningful message is right.
In[40]:=

Table@FromCharacterCode@Mod@ToCharacterCode@"yvchupltp"D 97 k, 26D + 97D, 8k, 1, 25<D

8xubgtokso , wtafsnjrn , vszermiqm , urydqlhpl , tqxcpkgok qnuzmhdlh , pmtylgckg , olsxkfbjf , nkrwjeaie , mjqvidzhd khotgbxfb , jgnsfawea , ifmrezvdz , helqdyucy , gdkpcxtbx ebinavrzv , dahmzuqyu , czglytpxt , byfkxsows , axejwrnvr

Out[40]=

, spwbojfnj , lipuhcygc , fcjobwsaw , zwdivqmuq

, rovaniemi , , , <

The string number 7 - rovaniemi - is the only sensible word => The message is rovaniemi and key = 7.

Examples of cryptoanalysis:

Frequency analysis against Caesar cipher

Break affine cipher yfxmpcespzcjtdfdpqfwqzcpyntaspctyrxpddlrpd "

7 6 5 4 3 2 1 acdefjlmnpqrstwxyz
Frequencies of characters in the cipher

Hypothesis: Character e maps to p => The key k = 11 Trial of decryption of the ciphertext with key 11 gives:

Number theory is useful for enciphering messages

Frequencies of letters in English text

which was obviously the message

11

Computer exercises
1. Implement with Mathematica a) Caesar encryption and decryption b) Affine encryption and decryption c) Vigenere encryption and decryption algorithm d) One Time Pad with binary messages

2. Find the inverse of number 11 (mod 26)

3. Use frequency analysis to break the following Caesar cipher:

lbokusxqmvkccsmkvoxmbizdsyxcicdowcsc wybookcidrkdlbokusxqwynobxmszrobc

Suggested seminar presentation:

* Kasiski method of breaking Vigenere system. * Possible implementation with Mathematica

12