Session 1: Introduction to cryptology

1
Session 1 Introduction to cryptology
2

Cryptology

• Cryptology criptossecret logosscience
• Cryptology Cryptography Cryptanalysis
• Opposite and complementary at the same time
• Cryptography develops methods of encipherment in
  order to protect information.
• Cryptanalysis breaks these methods in order to
  reconstruct the original information.

3

Cryptographic Procedure The General Scheme

4
General classification

• Secret key cryptography (symmetric)
• Shared key (secret), delivered to both parties in
  advance via a secure channel.
• Public key cryptography (asymmetric)
• The key is reconstructed from the secret part and
  the public part. The secure channel is not needed.

5

Secret key cryptography

• Stream ciphers
• The transformation is applied to every symbol of
  the original message.
• Example to every bit of the message.
• Block ciphers
• The transformation is applied to a group of
  symbols of the original message
• Example to groups of 64 bits (DES).

6

Secret key cryptography

• Stream ciphers
• Prof. Simon John Shepherd
• Every high-grade military cipher is a stream
  cipher
• http//www.simonshepherd.supanet.com/sjsacad.htm
• Consequence limitations introduced by
  governments.
• Block ciphers
• Slower and less secure (in general), but there
  are no implementation and export limitations.
  Because of that, they are used a lot in
  practice.

7

Classical cipher systems

• Substitution
• Example

8

Classical cipher systems

• Transposition
• Example

9
Classical cipher systems

• Monoalphabetic substitution
• Equal symbols of the plaintext are always
  substituted with the same symbol.
• Polialphabetic substitution
• Equal symbols of the plaintext are substituted
  with different symbols, depending on the key.

10

Classical cipher systems

• Caesars cipher (monoalphabetic)
• (1st century B.C.)

11

Classical cipher systems

• Vigenères cipher (polialphabetic) (1586)
• Key Zi L, O, U, P
• Encipherment
• Decipherment

12

Classical cipher systems

Blaise de Vigenère (1523-1596)
13
VIGENÈRES TABLE (1586)

A B C D E F G H I J K L M N O P Q R S T U V W
X Y Z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23 24 25
Note that the modulus of a negative value is
computed by repeatedly adding the base until a
positive value is obtained.
14
Vigenères table
15

Classical cipher systems

• Beauforts cipher (polialphabetic) (1857)
• Key Zi W, I, N, D
• Encipherment
• Decipherment

Sir Francis Beaufort (1774-1857)
Encipherment and decipherment are the same
(involution)
16
Beauforts table
17
Classical systems electromechanical devices

• The principal drawback of the systems that used
  tables was their inefficiency at
  enciphering/deciphering long texts.
• At the same time, the need to process long texts
  increased.
• In the beginning of the 20th century, technology
  advanced enough to enable design of
  electromechanical cryptographic devices.

18
Classical systems ENIGMA

• One of the most famous ones was the ENIGMA
  machine, used extensively by the Germans in the
  World War II.
• The machine was patented in 1918 by Arthur
  Scherbius, a German engineer.
• Essentially, this was a multiple Vigenères
  cipher that achieved a considerably higher number
  of possible combinations to search in the process
  of cryptanalysis than the older ciphers.

19

Classical systems - ENIGMA

ENIGMA principle of operation
ENIGMA one of the rotors
20
Classical systems - ENIGMA

• All the machines of this kind consisted of
  wheels.
• Some were fixed (stators) and some were mobile
  (rotors).
• ENIGMA consisted of two fixed wheels (the entry
  wheel and the reflector) and 3 or 4 rotors.
• Rotors could be selected out of a number of
  rotors (usually 3 out of five).

21
Classical systems - ENIGMA

• The choice of the rotors, as well as their
  ordering constituted a part of the key.
• All the rotors had contacts on both sides,
  through which current was flowing.
• Each contact corresponded to a letter of the
  alphabet and the contacts on both sides of a
  rotor were connected by a special wiring.
• Thus each rotor realized a monoalphabetic
  substitution cipher.

22
Classical systems - ENIGMA

• Due to a special kind of stepping motion of the
  wheels, not all the wheels rotated the same
  number of shifts at enciphering different
  letters.
• There was one wheel that moved with every single
  letter to be enciphered, and the other wheels
  moved more slowly.
• Current positions of the contacts on the wheels
  determined the substitution of the given (typed)
  letter on the machine.
• In such a way, long period of the output letter
  sequence was achieved.

23
Classical systems - ENIGMA

• Some variants of ENIGMA also included a
  permutation (plugboard) that was realized
  through wiring, and that permutation occasionally
  changed.
• The role of the plugboard was to change the
  letter that was actually typed to some other
  letter (depending on the permutation) before and
  after the current entered the wheels.

24
Classical systems - ENIGMA

• What distinguished the ENIGMA machine from the
  other electromechanical cryptographic machines
  was the use of the reflector - a special stator
  that was redirecting the flow of the current back
  through the rotors by a different route.
• The reflector ensures that the ENIGMA machine is
  self-reciprocal, i.e. the enciphering and the
  deciphering transformations are the same.

25
Classical systems - ENIGMA

• However, by introducing the reflector,
  substituting the given letter with itself was
  disabled.
• That introduced a small bias in the statistics of
  the letter sequence produced by the machine that
  enabled the cryptanalysis.

26

Classical systems (Enigma)

Source http//en.wikipedia.org/wiki/Enigma_machin
e
27
Classical systems

• Electromechanical cryptographic devices of the
  ENIGMA type had an additional drawback - the
  machine itself constituted (a part of) the key.
• Replacing compromised machines, especially during
  the war, was a very difficult and often
  impossible task.

28
Classical systems

• The goal of the next generation of cryptographic
  machines was to implement a system whose security
  lied only in the key that was used, not on the
  enciphering transformation.
• The Vernam cipher, patented in 1917 in the
  U.S.A., was such a cipher.
• This concept was also proved to be the best from
  the theoretical point of view in 1949 by C.
  Shannon.

29

Classical systems

• The Vernam cipher (1917) (One-time pad)
• Key Binary random sequence used only once.
• Encipherment
• Decipherment
• Message COME SOON (Encoding ITA-2)

30
Classical systems

• The Vernam cipher was a cipher intended to be
  used on teletype writers.
• Because of that, the key storage medium was a
  paper tape of the same type as the tape that was
  used for storing the messages.
• The message had to be encoded first, and the
  teletype writer itself performed this
  transformation.
• Every teletype writer implemented some encoding
  and the most widespread one was International
  Telegraph Alphabet No 2 (ITA-2).

31

Classical systems ITA 2

Binary Decimal  LETTERS NUMBERS Binary
Decimal  LETTERS NUMBERS -----------------------
------------------------------ ------------------
---------------------------------- 00000    0 
BLANK BLANK 10000       16  T     5
00001        1  E     3 10001       17 
Z     " 00010        2  LF   
LF 10010       18  L     ) 00011        3 
A     - 10011       19  W     2
00100        4  SP    SP 10100       20 
H     00101        5  S    
BELL 10101       21  Y     6 00110       
6  I     8 10110       22  P     0
00111        7  U     7 10111       23 
Q     1 01000        8  CR   
CR 11000       24  O     9 01001        9 
D     11001       25  B     ?
01010      10  R     4 11010       26  G    
01011      11  J     11011       27 
FIGS  FIGS 01100      12  N    
, 11100       28  M     . 01101      13 
F     ! 11101       29  X     /
01110      14  C     11110       30  V    
01111      15  K     ( 11111       31 
LTRS  LTRS
32


Cryptographic Security

• Unconditional security (THEORETICAL) (Perfect
  secrecy Shannon) the system is secure against
  an attacker with unlimited time and
  computational resources.
• Example The Vernam cipher (One-time pad).
• Computational security (PRACTICAL) the system
  is secure against an attacker with limited time
  and computational resources.
• Example The RSA cryptosystem.

33

Perfect secrecy conditions (Shannon)

• Application conditions
• The key is used only once
• The cryptanalyst has access only to the
  cryptogram.
• Perfect secrecy
• The plaintext X is statistically independent on
  the cryptogram Y for all the possible plaintexts
  and all the possible cryptograms
• P(X x Y y) P(X x)

34
Entropy

• Entropy is a measure of uncertainty.
• It is a function of probability distribution of a
  random variable.
• Shannons entropy of the (discrete) random
  variable X

35
Entropy

• Example 1
• H(X) reaches its maximum for p0.5.

36
Entropy
37
Entropy

• Example 2 n-sided fair die. n outcomes, each
  with probability 1/n.

38
Entropy

• For two random variables, X and Y, the joint
  entropy H(X,Y) is defined as
• Conditional entropy
• Theorem (chain rule)

39
Entropy

• Theorem
• where the equality
  holds iff all elements of are equally
  likely.
• where the
  equality holds iff X and Y are independent.

40
Entropy

• Thus, the fact that X and Y are independent
  random variables causes the same uncertainty of
  the plaintext regardless of the knowledge of the
  cryptogram.

41

• Is perfect secrecy practically achievable?
• The cipher with X, Y, Z 0,1,,L-1K
• The key is selected at random
• The ciphering transformation
• The number of keys/plaintexts/ciphertexts is LK.
• With a fixed plaintext, since the key is selected
  at random, a unique cryptogram corresponds to
  every possible value of the key.

42

• Then, any of the LK possible cryptograms
  corresponds to any plaintext with equal
  probability. Then
• P(X x Y y) P(X x) .
• L2, the Vernam cipher.

43


Security of classical systems

• Monoalphabetic ciphers
• The statistical properties of the plaintext are
  reflected exactly in the ciphertext.
• The statistical methods of cryptanalysis use the
  statistical properties of the language in which
  the message has been written.

44
Letter statistics - English
45
Letter statistics - English
46
Letter statistics - Norwegian
Source Kryptografi Ben Johnsen, Tapir
Akademisk Forlag, Trondheim, 2005.
47

Security of classical systems

• The Vigenère cipher (polialphabetic)
• The Kasiski Cryptanalysis (The incidence of the
  coincidences) (1863)
• The repetition of certain group of letters in the
  cryptogram originating from the same group of
  letters in the plaintext takes place at a
  distance equal to a multiple of the length of the
  key word (3065).

48

Security of classical systems

• The Vigenère cipher (polialphabetic)
• By studying these repetitions, it is possible to
  determine the length K of the key word.
• Then the original cryptogram can be decomposed
  into simple cryptograms.

49
Security of classical systems

• The Vernam cipher
• Meets the conditions of perfect secrecy.
• One key bit for every plaintext bit.

50
Unicity distance

• Given a ciphertext, if we try all the possible
  keys, how many keys will decrypt it to something
  meaningful?
• The unicity distance n0 is the length of
  ciphertext at which one expects that there is a
  unique meaningful plaintext.
• If the text is long enough, there will be a
  unique key and a unique corresponding plaintext.
• R is redundancy of the text (?0.75 for English),
  K is the key space and L is the alphabet.

51
Unicity distance

• H is the entropy of the language.
• Example One-time pad for a message of length N.
  There are 26N possible keys.
• We need more letters than the entire ciphertext
  for a unique decryption.

52
Mathematical fundamentals

• Mathematical disciplines, whose results are used
  in cryptography
• Algebra
• Number theory
• Combinatorics
• Probability theory and statistics
• Computational complexity theory
• Etc.

53
Groups

• A group G is a non empty set with a binary
  operation , which satisfies the axioms of
  the group
• Closure
• Associativity
• Existence of the identity (neutral) element
• Existence of the inverse elements (inverses)

54
Groups

• Multiplicative group the operation is the
  multiplication.
• The operation is ?
• The identity element is 1.
• The inverse element is x-1.
• Additive group the operation is the sum.
• The operation is
• The identity element is 0.
• The inverse element is x.

55
Groups

• Examples of additive groups
• Z, Q, R, C
• 
  , where the operation is the sum modulo n.
• Examples of multiplicative groups
• where the operation is the multiplication modulo
  n.

56
Groups

• Example Verify that Zn is a group.
• Closure yes, because the operation is the sum
  modulo n.
• The identity element is 0.
• Associativity obvious.
• The inverse element

57
Groups

• If in the group G the operation fulfils the
  commutative property, i.e.
• then G is a commutative or Abelian group.
• If G is a finite group, the number of elements in
  G is called order of G and is represented by G.

58
Groups

• An element g?G is a generator of G if every
  element of G can be written as a power of g. G is
  then a cyclic group.
• The cyclic group
• Example the generators of Z12 are 1, 5, 7 and
  11.

59
Groups
60
Groups

• A nonempty subset H of G is called subgroup of G
  if it is closed for the multiplication and the
  inversion, i.e.
• The Lagrange theorem
• If G is a finite group and H is its subgroup,
  then H divides G.

61
Groups

• Examples
• A group of order 8 can have subgroups of order 2
  and 4, but not of order 3 or 6.
• A finite group, whose order is a prime number
  cannot have its own subgroups.

62
Groups

• The order of an element g?G of a finite group is
  the least positive integer k such that gke.
• If k is the order of g?G, then
  e, g, g2, , gk-1 is a subgroup of G.
• Corollary of the Lagrange theorem
• In a finite group, the order of each element
  divides the order of the group.

63
Groups

• Example a subgroup of Z8

64
Groups

• The symmetric group Sn
• Contains all the permutations of the elements
  1,,n.
• The operation of the group is the composition of
  functions ?.
• Snn!
• It is not Abelian for n?3.

65
Groups

• Example S3
• Elements
• 1 2 3
• 1 3 2
• 2 1 3
• 2 3 1
• 3 1 2
• 3 2 1

66
Finite fields

• A field is a set K together with two operations,
  and ?, sum and product, which satisfy the
  following properties
• (K,) is a commutative group the additive group
  of the field.
• (KK\0, ?) is a commutative group the
  multiplicative group of the field.
• The product has the distributive property with
  respect to the sum.

67
Finite fields

• Example
• If p is a prime number, then Zp is a field
• Zp is an additive commutative group.
• (Zp)? is a multiplicative commutative group.
• the Euler function.
• The product obviously has the distributive
  property with respect to the sum.

68
Finite fields

• Theorem
• (i) The number of elements of a finite field K
  must be equal to the power of a prime number,
  i.e. Kpm.
• p is the characteristic of the field.
• The field is represented by GF(pm) (Galois Field).

69
Finite fields

• Theorem (cont.)
• (ii) There is only one finite field of pm
  elements. If we fix an irreducible polynomial
  F(x) of degree m with coefficients in Zp, the
  elements of GF(pm) are represented as polynomials
  with coefficients in Zp of degree ltm and the
  product of elements of GF(pm) is realised as the
  product of polynomials modulo F(x).

70
Finite fields

• Example p2, m3
• is irreducible.