Computer &

Network Security

Lecture 2: Classical Cryptography

Lecture 2:
Classical Cryptography
 Terminology
 Classical Encryption Techniques
 Key Distribution
 Steganography

2
Definitions
Plaintext Ciphertext Enciphering/encry
ption
• An original • The coded
message message • The process of
converting from
plaintext to ciphertext

Deciphering/decry Cryptography Cryptographic

ption • The area of study of
system/cipher
• Restoring the plaintext the many schemes • A scheme
from the ciphertext used for encryption

Cryptanalysis Cryptology
• Techniques used for • The areas of
deciphering a message cryptography and
without any knowledge of cryptanalysis
the enciphering details
More Definitions

 Unconditional security
– no matter how much computer power or time is
available, the cipher cannot be broken since the
ciphertext provides insufficient information to
uniquely determine the corresponding plaintext

 Computational security
– given limited computing resources (eg time
needed for calculations is greater than age of
universe), the cipher cannot be broken
4
Cryptographic Systems
 Characterized along three independent
dimensions:
The type of
operations used for The way in which
The number of keys
transforming the plaintext is
used
plaintext to processed
ciphertext
Symmetric,
single-key,
Substitution secret-key, Block cipher
conventional
encryption

Asymmetric,
two-key, or
Transposition Stream cipher
public-key
encryption
Cryptanalysis

6
Cryptanalysis

 Objective to recover key not just

message

 General approaches:
– cryptanalytic attack
– brute-force attack

7
Cryptanalysis and Brute-Force
Attack

Cryptanalysis Brute-force attack

• Attack relies on the nature of • Attacker tries every possible
the algorithm plus some key on a piece of ciphertext
knowledge of the general until an intelligible
characteristics of the plaintext translation into plaintext is
• Attack exploits the obtained
characteristics of the • On average, half of all
algorithm to attempt to possible keys must be tried
deduce a specific plaintext or to achieve success
to deduce the key being used
 Cryptanalytic Attacks
difficult 破解
hig h
默以下加密算法是公开的

!
所有 都可以发现漏洞

9
low
人
 Brute Force Attack
 try every single key
 most basic attack, proportional to key size
 assume either know / recognise plaintext
Key Size (bits) Number of Alternative Time required at 1 Time required at 106
Keys decryption/µs decryptions/µs

32 232 = 4.3  109 231 µs = 35.8 minutes 2.15 milliseconds

56 256 = 7.2  1016 255 µs = 1142 years 10.01 hours

128 2128 = 3.4  1038 2127 µs = 5.4  1024 years 5.4  1018 years

168 2168 = 3.7  1050 2167 µs = 5.9  1036 years 5.9  1030 years

26 characters 26! = 4  1026 2  1026 µs = 6.4  1012 years 6.4  106 years
(permutation)

10
Model of Symmetric Encryption

11
Symmetric Encryption

 aka conventional / private-key / single-key

encryption

 All classical encryption algorithms are secret

key based
– classical means “prior to invention of public-key
encryption” in 1970’s
 and by far most widely used

12
Symmetric Cryptosystem
 A cryptosystem is pair of algorithms that take a key
and convert plaintext to ciphertext and back

 Symmetric cryptosystem
– sender and recipient share a common secret key

 Mathematically:
Y = EK(X)
X = DK(Y)

13
Symmetric Cryptosystem
⑥

 Two requirements:
– a strong encryption algorithm
– a冖secret key known only to sender and receiver

 One problem
– how to securely agree with the common key?
Need a secure channel to distribute the common
key

14
Encryption Algorithms
 Encryption algorithm is assumed to be known

– Security through obscurity : attempts to use secrecy of

design or implementation to provide security

– “Security through obscurity” is not a good tactics

– Kerckhoffs's principle (19th century):

• A cryptosystem should be secure even if everything
about the system, except the key, is known

– Security depends on the secrecy of the key, not the

secrecy of the algorithm

15
Lecture 2:
Classical Cryptography
 Terminology
 Classical Encryption Techniques
 Key Distribution
 Steganography

16
Classical ciphers
Converting plain text to cipher text

 Substitution
– Substitute letters of the plain text with other letters/symbol
– Mono/polyalphabetic ciphers
– One-time pad
 Transposition
– Rearrange plaintext

 Combo of both transposition and substitution

17
Substitution
 letters of plaintext are replaced by other letters or by
numbers or symbols
 monoalphabetic unique mapping of plaintext
alphabet to ciphertext alphabet
– e.g. Caesar, Hill, Playfair
 polyalphabetic plaintext mapped to ciphertext
based on key to select alphabet
– e.g. Vigenere, enigma
 stream keystream is generated and used to map
plaintext to ciphertext
– e.g. one-time pad
18
Transposition
 re-arrange characters (permute)
 plain text letters re-arranged, arrays or rail-fence

mematrht g p r y
e t efet eoa a t

MEMATRHTGPRYETEFETEOAAT

19
Others
乘积密码
 Product cipher: combining two or more simple
transposition or substitution operations, hoping to
result a more secure encryption
超级加密
 Super-encryption: an encryption operation for
which the plaintext input to be transformed is the
ciphertext output of a previous encryption operation
– encrypting encrypted information

20
Caesar Cipher

 Earliest known substitution cipher

 by Julius Caesar
– (13 July 100 BC – 15 March 44 BC)
 first attested use in military affairs
 replaces each letter by 3rd letter on
– or key = 3
 example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB 21
Caesar Cipher Algorithm
 Can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
 Mathematically give each letter a number
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
 Algorithm can be expressed as:
c = E(3, p) = (p + 3) mod (26) 转换成密
↓
peyik 取余
– A shift may be of any amount, so that the general Caesar
algorithm is:


θ
C = E(k , p ) = (p + k ) mod 26
Where k takes on a value in the range 1 to 25; the decryption
1

algorithm is simply:
p = D(k , C ) = (C - k ) mod 26
文
Cryptanalysis of Caesar Cipher

 Only have 26 possible ciphers

– A maps to A,
– A maps to B, …
– A maps to Z
 Could simply try each in turn (a brute force
search)
– given ciphertext, just try all shifts of letters
– do need to recognize when have plaintext
– eg. break ciphertext "GCUA VQ DTGCM"
23
 Brute-Force
Cryptanalysis
of
Caesar Cipher
Caesar Cipher Decoder Ring

25
Online Tool
 E.g.
 [Link]
science/cryptography/crypt/p/caesar-cipher-
exploration


[Link]
[Link]

 Can you break the Caesar code "GCUA VQ

DTGCM“? 26
Sage Python Exercise
 How can we implement Caesar Ciper using
Sage?

 Here are the helper functions.

27
Sage – Caesar Cipher

28
Monoalphabetic Cipher
 Rather than just shifting the alphabet
 Could shuffle (jumble) the letters arbitrarily
 Each plaintext letter maps to a different
random ciphertext letter
 Hence key is 26 letters long

Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: IfwewIshtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

29
Monoalphabetic Cipher Security

 Now have a total of 26!  4 x 1026 keys

 With so many keys, might think is
secure

 But would be !!!WRONG!!!

 Cryptanalysis can exploit the language
characteristics in redundancy
30
Language Redundancy and
Cryptanalysis
 Human languages are redundant
 Letters are not equally distributed
 in English E is by far the most common letter
• followed by T, A, O, …
 Other letters like Z, J, K, Q, X are fairly rare
 There are tables of single, double & triple
letter frequencies for various languages
 e.g. [Link]
2004/cryptography/subs/[Link]

31
English Letter Frequencies

32
English Letter Frequencies
 Common Bigrams: th, he, in, er, an, re, nd, on, …

 Common Trigrams: the, and, ing, her, hat, his, tha, ere, for, ent

 Common Quadgrams: that, ther, with, tion, here, ould, ight,

have, hich

 Reference: [Link]

 Online tool: [Link]

characterisation/monogram-bigram-and-trigram-frequency-
counts/

33
Use in Cryptanalysis
 Key concept - monoalphabetic substitution ciphers do
not change relative letter frequencies
 Discovered by Arabian scientists in the 9th century
 Calculate letter frequencies for ciphertext
 Compare counts/plots against known values
 Cryptanalysis of monoalphabetic ciphers: must
identify each letter
– tables of letter frequencies, and common double/triple letters
help

34
Example Cryptanalysis
 Given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
 Count relative letter frequencies
 Guess P & Z are e and t respectively
 Guess ZW is th and hence ZWP is the
 Proceeding with trial and error finally get:
it was disclosed yesterday that several informal but
direct contacts have been made with political
representatives of the viet cong in moscow
35
Java Code Reference
 [Link]
863/monoalphabetic-cipher-in-java-with-gui

36
Playfair Cipher

 Large number of keys in a monoalphabetic

cipher cannot provide security
 How to improve?
 One approach is to substitute multiple letters
0 0

 Playfair Cipher is an example

波雷费密码
 invented by Charles Wheatstone in 1854, but
named after his friend Baron Playfair

37
Playfair Key Matrix
 26 letters are filled into a 5x5 matrix of letters
starting with a keyword
• letters I and J count as one letter
• fill in letters of keyword (ignore duplicates)
• fill rest of matrix with other letters
 eg. using the keyword MONARCHY
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
38
Encryption
 Plaintext:
• MEET PRIME MINISTER AFTER DINNER
 Step 1: Prepare the plaintext
• rewrite the plaintext message in pairs
• ME ET PR IM EM IN IS TE RA FT ER DI NN ER
• all J are replaced with I
• double letters occurring in a pair must be divided by an X or a Z
• e.g. NN becomes NXN
• ME ET PR IM EM IN IS TE RA FT ER DI NX NE R
• if there are an odd number of letters in the plaintext, an extra
letter chosen by the person writing the cipher is added to the
end
• ME ET PR IM EM IN IS TE RA FT ER DI NX NE RX

39
Encryption
 Prepared plaintext:
• ME ET PR IM EM IN IS TE RA FT ER DI NX NE RX
 Step 2: choose a key, e.g. MONARCHY and create
the key matrix:

M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z

40
Encrypting
 Step 3: plaintext is encrypted two letters at a
time
a. if both letters fall in the same row in the key matrix,
replace each with letter to right (wrapping back to
start from end)
b. if both letters fall in the same column in the key
matrix, replace each with the letter below it (again
wrapping to top from bottom)
c. if the letters are not on the same row or column,
replace them with the letters on the same row
respectively but at the other pair of corners of the
rectangle defined by the original pair. (The order is
important – the first letter of the encrypted pair is the
one that lies on the same row as the first letter of the
plaintext pair).

41
Encryption
 Step 3: encrypt
• ME ET PR IM EM IN IS TE RA FT ER DI NX NE RX
• ME  same column  CL (rule b)
• ET  form a rectangle  KL (rule c)
• …
• RA  same row  MR (rule a)

M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
42
Encrypting
 Step 3: eventually the result becomes
CL KL TO EA LC GA SX LK MR KP KM BK AW MG
AZ

 Online tool that can help:

• [Link]

• Example video:
[Link]

43
Decryption
 Step 1: Break the ciphertext into pairs of letters

 Step 2: Create the key matrix

 Step 3: Transform the pairs of letters in the opposite

direction from that used for encryption

 Exercise: decrypt CL KL TO EA LC GA SX LK MR
KP KM BK AW MG AZ using the key MONARCHY

44
Security of Playfair Cipher
 Security is much improved over monoalphabetic
since there are 26 x 26 = 676 diagrams
 Would need a 676 entry frequency table to
analyse (verses 26 for monoalphabetic)

 Was widely used for many years

• eg. by US & British military in WW1
 It can be broken, given a few hundred letters
since it still has much of plaintext structure

45
Playfair Cipher in Java
 [Link]

46
Polyalphabetic Substitution Ciphers

 Improve security using multiple cipher alphabets

• make cryptanalysis harder with more alphabets to guess and
flatter frequency distribution

 Write the key across the top of the plaintext,

repeating it as many times as necessary

 Use the key alphabet to determine which alphabet is

used to substitute for each letter of the message

48
Vigenère Cipher
 Simplest polyalphabetic substitution cipher
– effectively multiple Caesar ciphers

 Key is multiple letters long K = k1 k2 ... kd

– Write the key across the top of the plaintext, repeating it as
many times as necessary

 ith letter in the key specifies the plaintext letter should

be substituted with the corresponding ith Caesar letter

 Decryption simply works in reverse

49
Example of Vigenère Cipher
 Write down the plaintext
 Write the keyword repeatedly above the plaintext
 Use each key letter as a caesar cipher key
 Encrypt the corresponding plaintext letter
 eg using keyword deceptive odupicate the key
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
 Online tool: [Link]
[Link]
50
Slide rule ciphers
St Cyr 1880
key: position

51
Security of Vigenère Ciphers

 Have multiple ciphertext letters for each

plaintext letter
 Hence letter frequencies are obscured
 But not totally lost
 Start with letter frequencies
– see if look monoalphabetic or not
 If not, then need to determine number of
alphabets in the key first

52
Rotor Machines
 Before modern ciphers, rotor machines were
most common complex ciphers in use
 Widely used in WW2
– German Enigma, Allied Hagelin, Japanese Purple
 Implemented a very complex, varying
substitution cipher
 Used a series of cylinders, each giving one
substitution, which rotated and changed after
each letter was encrypted
 With 3 cylinders have 263=17576 alphabets
53
German Enigma Encryption
Machine

54
 Movie – Alan Turning
In 1939, newly created British
intelligence agency MI6 recruits
Cambridge mathematics alumnus
Alan Turing (Benedict
Cumberbatch) to crack Nazi codes,
including Enigma -- which
cryptanalysts had thought
unbreakable.

Turing's team, including Joan

Clarke (Keira Knightley), analyze
Enigma messages while he builds a
machine to decipher them. Turing
and team finally succeed and
become heroes.

55
Movie - Alan Turning

56
Hagelin Rotor Machine

57
Soviet cipher machine - Fialka (M-
125) 前苏联

Cipher machines

58
German Lorenz cipher
 German Lorenz cipher machine, used in World War
II to encrypt Army Commands messages

59
ACM Turing Award

60
Vernam Cipher
 One-Time Pad (OTP) 般 于 常机密
信息的加密
 Improvement to Vernam cipher proposed by an Army
Signal Corp officer, Joseph Mauborgne
 Use a random key that is as long as the message so that
the key need not be repeated
 Key is used to encrypt and decrypt a single message and
then is discarded
 Each new message requires a new key of the same length
as the new message
 Scheme is unbreakable
– Produces random output that bears no statistical relationship
to the plaintext
– Because the ciphertext contains no information whatsoever
about the plaintext, there is simply no way to break the code

理论上安全
传输密铜
一
用
非
Difficulties
 The one-time pad offers complete security but, in practice, has
two fundamental difficulties:
– There is the practical problem of making large quantities of random
keys
• Any heavily used system might require millions of random characters on a
regular basis
– Mammoth key distribution problem
• For every message to be sent, a key of equal length is needed by both
sender and receiver
 Because of these difficulties, the one-time pad is of limited utility
– Useful primarily for low-bandwidth channels requiring very high
security
 The one-time pad is the only cryptosystem that exhibits perfect
secrecy
theoretically
Transposition Ciphers

 now consider classical transposition or

permutation ciphers
 these hide the message by rearranging
the letter order
 without altering the actual letters used
 can recognise these since have the
same frequency distribution as the
original text
64
Rail Fence cipher
 write message letters out diagonally over a
number of rows
 then read off cipher row by row

 write message in two rails:

m e m a t r h t g p r y
e t e f e t e o a a t

 giving ciphertext
MEMATRHTGPRYETEFETEOAAT
65
Row Transposition Ciphers
 A more complex transposition
 Write letters of message out in rows over a
specified number of columns
 Then reorder the columns according to some
key before reading off the rows
Key: 4 3 1 2 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z

Ciphertext: TTNA APTM TSUO AODW COIX KNLY

PETZ
66
Lecture 2:
Classical Cryptography
 Terminology
 Classical Encryption Techniques
 Key Distribution
 Steganography

68
Key Distribution
 Session key (short-term keys): 会话密铜
end
– at the conclusion of a session, the key is
destroyed
– if compromised  not affecting the long-
term security of the system
静态密铜 Security
 Static key (long-term keys): Keepit as shortas
possible
– keys that are to be in use for a long time
period
– if compromised  a major problem
69
 世
Q1
0

Key Distribution k
T kz
k3

o
0 O

 How many keys are needed for pairwise

secure communication among N parties
…
using symmetric encryption?
– require N (N-1)/2 secret keys

– Exercise: Prove the above statement

= iN
:
i
Ʃ = [
-
N 1)+ 1]
( N-
1
) Xi ( N -1 D

70
Key Distribution

 When the nth user is added to the system, he

needs to share a new key with EACH of the
previous (n -1) users

71
Key Distribution

 Key distribution is problematic for symmetric

key cryptosystem
– both parties must exchange the key prior to
using any encryption
– what-if when these two parties cannot
meet?

 Will re-visit the problem in later lectures

– Exercise: can you propose a solution?
72
Lecture 2:
Classical Cryptography
 Terminology
 Classical Encryption Techniques
 Key Distribution
 Steganography

73
 metnod to

Steganography hide tne

meyyage
将少量信息隐藏在 量信息中
 hides existence of message
– using only a subset of letters/words in a longer
message marked in some way
– using invisible ink
– hiding in LSB in graphic image or sound file

 has drawbacks
– high overhead to hide relatively few info bits

 encryption vs. steganography

– Encryption: you might be forced to surrender your key
– Steganography: protection against detection

隐藏在像素中 74
大
Example
Bob Smith, my assistant programmer, can always be found
hard at work in his cubicle. Bob works independently, without
wasting company time talking to colleagues. Bob never
thinks twice about assisting fellow employees, and he always
finishes given assignments on time. Often Bob takes extended
measures to complete his work, sometimes skipping coffee
breaks. Bob is a dedicated individual who has absolutely no
vanity in spite of his high accomplishments and profound
knowledge in his field. I firmly believe that Bob can be
classed as a high-caliber employee, the type which cannot be
dispensed with. Consequently, I duly recommend that Bob be
promoted to executive management, and a proposal will be
sent away as soon as possible.
Sd/-
Project Leader

75
Example

 A memo was soon sent following the

letter:

That stupid idiot was reading over my

shoulder when I wrote the report sent
to you earlier today. Kindly read every
second line (i.e. 1, 3, 5, 7, 9, ..) for my
true assessment of him.
76
Example
Bob Smith, my assistant programmer, can always be found
hard at work in his cubicle. Bob works independently, without
wasting company time talking to colleagues. Bob never
thinks twice about assisting fellow employees, and he always
finishes given assignments on time. Often Bob takes extended
measures to complete his work, sometimes skipping coffee
breaks. Bob is a dedicated individual who has absolutely no
vanity in spite of his high accomplishments and profound
knowledge in his field. I firmly believe that Bob can be
classed as a high-caliber employee, the type which cannot be
dispensed with. Consequently, I duly recommend that Bob be
promoted to executive management, and a proposal will be
sent away as soon as possible.

Sd/-
Project Leader

77
 Another Example
News Eight Weather: Tonight increasing snow. Unexpected
precipitation smothers eastern towns. Be extremely cautious and use
snowtires especially heading east. The highway is not knowingly
slippery. Highway evacuation is suspected. Police report emergency
situations in downtown ending near Tuesday.

First letter of each word yields:

Newt is upset because he thinks he is President.

From WWII German spy (Kahn):

Apparently neutral's protest is thoroughly discounted
and ignored. Isman hard hit. Blockade issue affects
pretext for embargo on, by ejecting suets and
vegetable oils.

Second letter of each word yields:

Pershing sails from NY June 1.

78
Digital Techniques
 Hide messages (including encrypted message)
in images or videos
 Hide data on disk
 Hide data/services on Internet
– hackers use non-standard ports for "telnet“
– shell over ICMP (the ping protocol)
– hide bits in network packet headers
– …
 Font alterations, word/line shifts
 Embed in email headers, pdf file, html doc, etc

79
Steganalysis

 Detect/prove stegomessage
 Read stegomessage
 Remove/jam the stegomessage
 Develop a better statistical model of the
cover than the sender

80
Steganography drawbacks and advantages

 Drawback  Advantage
– It requires a lot of – It can be employed by
overhead to hide a parties who have
relatively few bits of something to lose
information should the fact of their
– Once the system is secret communication
discovered, it becomes (not necessarily the
virtually worthless content) be discovered
– Encryption flags traffic
as important or secret
or may identify the
sender or receiver as
someone with
something to hide
Lecture 2: What you have learnt?
 Symmetric Cipher Model
– Cryptography
– Cryptanalysis and Brute-Force Attack
 Transposition techniques
 Rotor machines
 Substitution techniques
– Caesar cipher
– Monoalphabetic ciphers
– Playfair cipher
– Polyalphabetic ciphers
– One-time pad
 Steganography

82
Assignment 2
cryptography-and-network-security_-principles-and-
[Link]

Review Questions-> 3.5, 3.7

Problems-> 3.10, 3.11, 3.12(a), 3.20

Named after A2_xxxxxxxx.pdf, only e-version accepted.

83