程序代写代做代考 algorithm 17crypto_L04

17crypto_L04

Traditional Encryption
Algorithms (2)

Crpto & SecDev 2017 © Ron Poet: Lecture 4 1

Algorithms (2)

Polyalphabetic Substitutions

� Polyalphabet substitutions destroy single letter frequencies
by using several different substitutions one after the other.

� The actual substitution used for each letter is different and
depends on the letter position in the plain text as well as its

Crpto & SecDev 2017 © Ron Poet: Lecture 4 2

depends on the letter position in the plain text as well as its
value.

Vigenere/Beaufort Cipher

� This is a form of shift substitution, where the shift depends
on the position of the plain text letter.

� ci = (pi + ki) % n

� The series of keys k , k … repeat with a period d.

Crpto & SecDev 2017 © Ron Poet: Lecture 4 3

� The series of keys k0, k1 … repeat with a period d.

Example

� A simple example has a period of 3 (d=3).

�The first letter is shifted 3 (k0=3).

�The second letter is shifted 7 (k1=7).

�The third letter is shifted 5 (k =5).

Crpto & SecDev 2017 © Ron Poet: Lecture 4 4

�The third letter is shifted 5 (k2=5).

� The next block of 3 is treated similarly.
� sec uri tya ndc ryp tog rap hy

�becomes (s+3 → v, e+7 → l, c+5 → h)
� vlh xyn wff okh ufu wvl uhu kf.

Kasiski’s Method of Attacking Periodic
Ciphers

� The Beaufort cipher will repeat with a period that is not too
long.

� Look for identical plain text phrases (typically trigrams)
that are an exact multiple of the period apart.

Crpto & SecDev 2017 © Ron Poet: Lecture 4 5

that are an exact multiple of the period apart.

� Each phrase will be encoded to form the same cipher text.

� The previous message is not long enough to illustrate this.

�Short messages were relatively secure.

Rotor Machines

� A rotor machine uses several different substitutions, each
one implemented as a rotor.

� Each rotor has a circle of metal contacts on the left and
right faces, one contact for each letter in the alphabet.

� Each contact on the left face is connected to one on the

Crpto & SecDev 2017 © Ron Poet: Lecture 4 6

� Each contact on the left face is connected to one on the
right face by wiring.

� Several rotors are combined so that each contact on the left
face of one rotor press against a contact on the right face of
the next rotor.

� The input keyboard connects to the corresponding position
on the right face of the first rotor.

� The left face of the last rotor connects to the output.

Rotor Machines (2)

� The rotor positions are changed after each key is input.

� Sometimes all the rotors change positions each time.

� In other cases only one rotor moves each time, with the
others moving occasionally, similar to the way a car’s

Crpto & SecDev 2017 © Ron Poet: Lecture 4 7

others moving occasionally, similar to the way a car’s
mileage is recorded.

� The key is the starting position of each rotor.

� These machines only repeat after a very long period and
are not vulnerable to Kisiski’s attack.

� They have good confusion and diffusion.

The Enigma Machine

� This was a three or four rotor machine.

� There was also a reflector, a fixed rotor with only one face,
with letters connected in pairs.

� A plug board connected several pairs of letters with a wire.

Crpto & SecDev 2017 © Ron Poet: Lecture 4 8

� A plug board connected several pairs of letters with a wire.
It was a simple permutation.

� When a key was pressed, an electrical circuit was created,
connecting a plug board circuit, each rotor, the reflector,
each rotor again, and then an indicator light.

� The reflector meant that the same setup could be used for
encryption and decryption.

Enigma: Key

� The key was the choice of rotors and the order in which
they were inserted in the machine, together with the plug
board settings.

� There were a small number of networks (army, navy, air

Crpto & SecDev 2017 © Ron Poet: Lecture 4 9

� There were a small number of networks (army, navy, air
force etc), and each network used the same key, which
changed daily at midnight.

� It was highly likely that a large number of documents with
the same starting letters would be encrypted with the same
key, leading to the same cipher text.

� This was prevented by the use of an “indicator key”

Enigma: Indicator

� The indicator key was another set of three letters chosen at
random by the operator and different for each message.

� The operator first encrypted the indicator key using the
standard daily settings.standard daily settings.

� He then changed the rotor settings to the indicator key.

� Then he typed the rest of the message.

� Thus 2 identical plain text messages were unlikely to result
in identical cipher text messages.

Crpto & SecDev 2017 © Ron Poet: Lecture 4 10

Breaking the Enigma

� The Enigma was broken with a brute force attack using a
set of mechanical devices called Bombes.

� It was mainly a known plain text attack, testing a number
of standard phrases, called cribs.of standard phrases, called cribs.

� Many messages started with ANX. An is German for To,
and X was used for spaces.

� Ein, German for 1, appeared in 90% of messages.

� Many messages contained the German for “Nothing to
report”.

Crpto & SecDev 2017 © Ron Poet: Lecture 4 11

Breaking the Enigma (2)

� The reflector was a big weakness, because it meant that each cipher
text letter was different from the plaintext.

� If the cipher text started with ‘A’, then the plaintext could not be
‘ANX’.

�One code breaker noticed that a cipher text message did not �One code breaker noticed that a cipher text message did not
contain the letter L, and correctly deduced that the plaintext was
LLLLLL…

�This greatly restricted the number of keys that had to be tested.

� The bombes would stop if they found a key that produced the crib.

� This was usually a false stop because several possible keys could
produce the crib (see unicity distance).

Crpto & SecDev 2017 © Ron Poet: Lecture 4 12

Running Key Encryption

� The key is English text, the same length as the plain text.

� The encryption and decryption is then very simple.

ci = (pi + ki) mod n

p = (c – k ) mod n

Crpto & SecDev 2017 © Ron Poet: Lecture 4 13

pi = (ci – ki) mod n

� This seems to destroy letter frequency analysis and is not
periodic, but it can be broken if the key is not chosen well.

Literature Based Key

� The key might be based on a book that is available to both
the coder and decoder.

�Macbeth, Act 2 Scene 3, line 4, say.

�That is the starting point for the letters.

Crpto & SecDev 2017 © Ron Poet: Lecture 4 14

�That is the starting point for the letters.

� This is vulnerable to Friedman’s attack because both the
key and plaintext are English and have redundancy.

Friedman’s Attack

� Friedman’s approach assumes initially that all cipher text
characters are caused by high frequency letters in both the
plain text and the key text.

� This means that there will only be a few possibilities for

Crpto & SecDev 2017 © Ron Poet: Lecture 4 15

� This means that there will only be a few possibilities for
each plain text and key text letters. They must both add up
to produce the given cipher text letter.

Friedman’s Attack (2)

� Digram and trigram frequencies are then used to guess the
actual letters used.

� A significant proportion of the plain text and cipher text
can be guessed by this approach

Crpto & SecDev 2017 © Ron Poet: Lecture 4 16

can be guessed by this approach

� The rest can be filled in using natural language
redundancy.

Example

� Plain text
�thetreasureisburied . . .

� Key
�thesecondcipheris . . .

Crpto & SecDev 2017 © Ron Poet: Lecture 4 17

�thesecondcipheris . . .

� Ciphertext
�moilvgofxtmzflz . . .

Example (2)

� Assume that there are only high frequency letters
(aehinorst) in the key and plaintext.

� Then looking at the 1st 3 letters in the cipher text (trigram)
�Letter m can be caused by: ei, ie, tt.

Crpto & SecDev 2017 © Ron Poet: Lecture 4 18

�Letter m can be caused by: ei, ie, tt.
�Letter o can be caused by: ao, oa, hh
�Letter i can be caused by: ai, ia, ee, rr

� There are 36 possible combination (rather than 17576 for
all letters), with plaintext and key combinations:

� (eaa,ioi); (eai,ioa); … (the,the) … (thr,thr)
� Most are impossible in English, limiting the choices.

Vernam Cipher

� A variant of the running key cipher converts the characters
of the key and plain text to binary form first before
combining them.

� This was first used with the 5 bit Baudot telegraph code,

Crpto & SecDev 2017 © Ron Poet: Lecture 4 19

� This was first used with the 5 bit Baudot telegraph code,
but will also work with modern ASCII.

Vernam Cipher (2)

� The bits are combined using the exclusive-or operation.
ci = pi ⊕ ki
pi = ci ⊕ ki

� Properties of Exclusive Or

Crpto & SecDev 2017 © Ron Poet: Lecture 4 20

� Properties of Exclusive Or

2 bits the same → 0, different → 1

a ⊕ a = 0
a ⊕ 0 = a

� p’ = c ⊕ k = p ⊕ k ⊕ k = p ⊕ 0 = p
� Exclusive or with the same key twice cancels out.
� This makes exclusive or good for cryptography.

One Time Pad

� If the key is a random series of letters, then this encryption
algorithm cannot be broken.

� The key however is very long and cannot be used more
than once.

Crpto & SecDev 2017 © Ron Poet: Lecture 4 21

than once.

Pseudo-Random Number Running Key
Cipher

� One apparent way of generating a large number of key
values from a small actual key is to use a pseudo-random
number generator.

� Just provide the initial value for the generator, the actual

Crpto & SecDev 2017 © Ron Poet: Lecture 4 22

� Just provide the initial value for the generator, the actual
key

� Then use pseudo-random numbers, which appear to be
random, in the running key algorithm.

Pseudo-Random Number Running Key
Cipher (2)

� This does not work in general, and there are standard
techniques for breaking such ciphers

�Which are surprisingly common among amateur
cryptographers.

Crpto & SecDev 2017 © Ron Poet: Lecture 4 23

cryptographers.

� The apparently random values do in fact have a structure
which can be exploited.

� This technique will work if a cryptographically secure
pseudo-random number generator is used.

Lorenz Cipher

� This was a Vernam cipher with a running key provided by
a pseudo-random number generator.

� The pseudo-random number was a mechanical device (12
gear wheels) that produced a series of 5-bit values.

Crpto & SecDev 2017 © Ron Poet: Lecture 4 24

gear wheels) that produced a series of 5-bit values.

� It was used to encrypt quite long documents.

� The weakness in the random number generator was
exploited by differential cryptanalysis.

�Two cipher text letters are combined using xor.

� It was broken by Colossus, the first large scale electronic
computer, which became operational in December 1943.

Polygram Substitution Ciphers

� Frequency attacks are weakened by encrypting blocks of
characters at a time rather than single letters.

� There is a smaller chance that two blocks will be the same.

� This is too complicated to do with a mechanical device, but

Crpto & SecDev 2017 © Ron Poet: Lecture 4 25

� This is too complicated to do with a mechanical device, but
electronic computers make it possible.

� This brings us into the block ciphers of the modern era.