TOPIC 3:

CRYPTOGRAPHY
Outline

History

Terms & Defnitions

Overview of Cryptor!p"y

#ymmetri$ %ey Cryptor!p"y

Pu&li$ %ey Cryptor!p"y

'ess!e interity !n( (iit!l

sin!tures
Intro(u$tion
3

Hidden writing

Increasingly used to protect

information

Can ensure confdentiality

Integrity and Authenticity too

Introduction

Cryptography Greek for hidden and writing is

a means of transforming data in a way that
renders it unreadale y anyone e!cept the
intended recipient"

#hat was originally used almost e!clusi$ely y

go$ernments for espionage has ecome a
powerful tool for personal pri$acy today"

%$ery modern computer system uses modern

cryptographic methods to secure passwords
stored and pro$ides the trusted ackone for
e&commerce
Introduction

Cryptography fts into the CIA triad &

used to ensure confdentiality and
integrity of a message" 'ome forms also
pro$ide for sender authenticity and proof
of deli$ery" (ut cryptography doesn)t
address a$ailaility as some other forms
of security do"

Although forgetting a password for your

user account can certainly lead to a
denial of ser$ice attack"

Cryptography is used in many access

control systems
6
IntroductionAttacks

*pponent whose goal is to reak

cryptosystem is the adversary

'tandard cryptographic practice+ Assume

ad$ersary knows algorithm used, ut not the
key

-hree types of attacks+

ciphertext only+ ad$ersary has only cipherte!t.

goal is to fnd plainte!t, possily key

known plaintext+ ad$ersary has cipherte!t,

corresponding plainte!t. goal is to fnd key

chosen plaintext+ ad$ersary may supply

plainte!ts and otain corresponding
cipherte!t. goal is to fnd key
7
Introduction (asis for
Attacks
'!t"em!ti$!l !tt!$)s

(ased on analysis of underlying

mathematics

#t!tisti$!l !tt!$)s

/ake assumptions aout the distriution

of letters, pairs of letters 0diagrams1,
triplets of letters 0trigrams1, etc.

Called models of the language

%"g" Caesar Cipher, letter %

%!amine cipherte!t, correlate properties

with the assumptions"
History
!* '!nu!l +r!

2ates ack to at least 3444 ("C"

5en and 5aper Cryptography

%!amples

'cytale

Atash

Caesar

6igen7re
History
&* 'e$"!ni$!l +r!

In$ention of cipher machines

%!amples

Confederate Army)s Cipher 2isk

8apanese 9ed and 5urple /achines

German %nigma
'o(ern +r!

Computers:
%!amples+ ;ucifer. 9i<ndael. 9'A. %lGamal

/odern computing ga$e cryptographers $ast

resources for impro$ing the comple!ity of
cryptosystems as well as for attacking them"

'pread of personal computing, electronic

commerce, and personal pri$acy concerns,
use of encryption has spread eyond its
traditional uses in military and go$ernment
applications"
Cryptosystem #ervi$es

Confdentiality *nly authori=ed entities are

allowed to $iew

Integrity %nsures the message was not altered

y unauthori=ed indi$iduals

Authenticity 6alidates the source of a message,

to ensure the sender is properly identifed

>onrepudiation %stalishes sender identity so

that the entity cannot deny ha$ing sent the
message

Access Control Access to an o<ect re?uires

access to the associated crypto keys in many
systems 0e"g" login1
#ome ,!si$ Terminoloy

pl!inte-t & original message

$ip"erte-t & coded message

$ip"er & algorithm for transforming plainte!t to cipherte!t

)ey & info used in cipher known only to sender@recei$er

en$ip"er .en$rypt* & con$erting plainte!t to cipherte!t

(e$ip"er .(e$rypt* & reco$ering plainte!t from cipherte!t

$ryptor!p"y & study of encryption principles@methods

$rypt!n!lysis .$o(e&re!)in* & study of principles@

methods of deciphering cipherte!t without knowing key

$ryptoloy & feld of oth cryptography and cryptanalysis

Cryptography
CSE2500 System Security and Privacy
13
plaintext (data file or messages)
encryption
ciphertext (stored or transmitted safely)
decryption
plaintext (original data or messages)
Cryptosystem
$omponents

5lainte!t 0p1 original message

Cipherte!t 0c1 encrypted

message

Aey 0k1 pri$ate information

%ncryption algorithm c B %0p,k1

2ecryption algorithm p B 20c,k1

Cryptor!p"i$
#ystems
Cryptography

can characteri=e cryptographic system y+

type of encryption operations used

'ustitution & 9eplacing one letter with another

-ransposition & 9earranging or reordering the letters

product

numer of keys used

single&key or pri$ate & symmetric

two&key or pulic asymmetric

Hash functions+ no key

way in which plainte!t is processed

(lock& processes the input one lock of elements at a

time, producing an output lock for each input lock

'tream& processes the input elements continuously,

producing output one element at a time
'teganography

Hiding a message within another medium, such as

an image

>o key is re?uired 0old steganography1

%!ample

/odify color map of 85%G image

In$isile ink, hidden tattoos, and microdots are all

e!amples of steganography"

(y taking a color digital image and slightly altering

the color of each pi!el, you can hide a message in
the image without noticealy altering the
appearance" -he recei$er can then e!tract the
message if they ha$e the original, unaltered image"
%er$)"o/s0s Prin$iple

%er$)"o/s0s Prin$iple:

-he cipher method must not e re?uired to e

secret, and it must e ale to fall into the hands of
the enemy without incon$enience

#"!nnon0s m!-im+ C-he enemy knows the system"

*pen design. 'ecurity y oscurity doesn)t

work

'hould assume that the ad$ersary knows the

algorithm. the only secret the ad$ersary is
assumed to not know is the key

9e$erse engineering, careful re$iew of algorithm,

etc"
Confusion !n( Di/usion

In cryptography, $onfusion and (i/usion

are two properties of the operation of a
secure cipher which were identifed y
Claude 'hannon

confusion refers to making the

relationship etween the cipherte!t and
the symmetric key as comple! and
in$ol$ed as possile. difusion refers to
dissipating the statistical structure of
plainte!t o$er ulk of cipherte!t"
Confusion !n(
Di/usion1

Aim of $onfusion is to m!)e it very "!r( to

fn( t"e )ey even if one "!s ! l!re
num&er of pl!inte-t2$ip"erte-t p!irs
pro(u$e( wit" t"e s!me )ey" -herefore,
each it of the cipherte!t should depend on the
entire key, and in diDerent ways on diDerent
its of the key" In particular, changing one it of
the key should change the cipherte!t
completely"

simplest way to achie$e oth diDusion and confusion

is to use a sustitution&permutation network" In these
systems, the plainte!t and the key often ha$e a $ery
similar role in producing the output, hence the same
mechanism ensures oth diDusion and confusion"
Defnin #e$ure
+n$ryption

Ad$ersary should not e ale to

E" 9eco$er the key
3" Find the plainte!t corresponding to a
cipherte!t
G" Cannot determine any character of the
plainte!t
H" Can deri$e any meaningful information
aout the plainte!t
I" Can compute any function of the plainte!t
22
23
Cryptor!p"i$ 'et"o(s

Cryptographic Algorithms generally fall into one

of two diDerent categories, or are a comination
of oth"

Symmetric

'ame key for encryption and decryption

Aey distriution prolem

Asymmetric

/athematically related key pairs for encryption

and decryption

5ulic and pri$ate keys

E" 'ymmetric %ncryption

Con$entional @ pri$ate&key @ single&key

sender and recipient share a common

key

all classical encryption algorithms are

pri$ate&key

was only type prior to in$ention of pulic&

key in EJK4)s

and y far most widely used 0still1

is signifcantly faster than pulic&key

crypto
E" 'ymmetric Cipher /odel

CSE2500 System Security and Privacy
27
E
D
Message
(cleartext, plaintext)
Encrypted message
(ciphertext)
Encrypted message
(ciphertext)
Encryption Decryption
key
Alice
Bob
Private key cipher
Private key cipher
Message
(cleartext,plaintext)
E" 'ymmetric Algorithm

'ecret algorithm+ additional hurdle

Hard to keep secret if used widely+

9e$erse engineering, social engineering

Commercial+ pulished

#ide re$iew, trust

/ilitary+ a$oid gi$ing enemy good ideas

E" 'ymmetric
L
Fast
L
*nly pro$ide confdentiality
L
>eed secure channel for key distriution
L
Aey management headaches from large numer
of key pairs to maintain >0>&E1@3
L
-hat)s o$er M"G million key pairs to let all GIIM
5urdue A@5 staD memers e!change encrypted
messages
L
-o do the same for all students would re?uire o$er
half a illion key pairs:
L
%!amples+ 2%', A%', (lowfsh, 9CH, 9CI
%!amples of 'ymmetric Algorithm

2%'

/odes+ %C(, C(C, CF(, *F(, C/

G2%'

A%'

I2%A

(lowfsh
%!amples of 'ymmetric Algorithm

9CH

9CI

CA'-

'AF%9

-wofsh
5ri$ate Aey %ncryption
5ri$ate Aey %ncryption can e used+

-ransmitting data o$er an insecure channel

'ecure stored data 0encrypt N store1

5ro$ide integrity check+

0Aey O /es"1 &P /AC 0message authentication

code1
Re3uirements of #ymmetri$
+n$ryption

-wo re?uirements for secure use of

symmetric encryption+

a strong encryption algorithm

a secret key known only to sender @ recei$er

/athematically ha$e+
Y B %0A, X1
X B 20A, Y1

Assume encryption algorithm is known

AerckhoD)s 5rinciple+ security in secrecy of key

alone, not in oscurity of the encryption
algorithm

Implies a secure channel to distriute key

Central prolem in symmetric cryptography

Desin of Priv!te %ey Cip"ers

A Cryptographic algorithm should e e4$ient for

good use

It should e fast and key length should e of the right

length e"g". not too short

Cryptographic algorithms are not impossile to

reak without a key

If we try all the cominations, we can get the original

message

-he security of a cryptographic algorithm depends

on how much work it takes for someone to reak it

%"g If it takes E4 mil" years to reak a cryptographic

algorithm Q using all the computers of a state, Q can e
thought of as a secure one reason+ cluster computers
and ?uantum computers are powerful enough to crack
many current cryptographic algorithms"
3" Asymmetri$5Pu&li$ %ey +n$ryption

Asymmetric %ncryption
L
;arge mathematical operations make it slower
than symmetric algorithms
L
>o need for out of and key distriution 0pulic
keys are pulic:1
L
'cales etter since only a single key pair needed
per indi$idual
L
Can pro$ide authentication and nonrepudiation
L
%!amples+ 9'A, %l Gamal, %CC, 2iRe&Hellman
Comple!ity Classes
Answer in polynomial space
may need e!hausti$e search
If yes, can guess and check in
polynomial time
Answer in polynomial time,
with high proaility
Answer in polynomial time
compute answer directly
P
BPP
NP
PSpace
easy
hard
Pu&li$ )ey &lueprint

-he keys used to encrypt and decrypt are diDerent"

Anyone who wants to e a recei$er needs to

pulish an encryption key, which is known as the
pulic key"

Anyone who wants to e a recei$er needs a uni?ue

decryption key, which is known as the pri$ate key"

It should not e possile to deduce the plainte!t from

knowledge of the cipherte!t and the pulic key"

'ome guarantee needs to e oDered of the

authenticity of a pulic key"
+-!mples of Asymmetri$
Alorit"ms

Diffie-Hellman -Provides means for secure key

ec!an"e over insecure c!annel

RSA -Stands for inventors names# $ivest# S!amir# and

Adleman% $elies on difficulty of findin" prime
factori&ation of lar"e numbers
'
El amal - Based on (iffie-)ellman met!od of
computin" discrete lo"arit!ms% Can also be used for
messa"e confidentiality and di"ital si"nature services

Elliptic !"rve !rypt#$raphy-$elies on computin"

discrete lo"arit!ms over elliptic curve "roup% (ue to
difficulty of problem# key si&es can be muc! smaller t!an
$SA and still retain stren"t!
Desin of ! pu&li$ )ey !lorit"m

In a pulic key system, if e$eryone

knows e$erything necessary+ the
encryption algorithm !n( the
encryption key to determine the
cipherte!t then how is it possile
that they cannot then work out what
the plainte!t 0decryption key1 is from
this informationS
#ymmetri$ vs Asymmetri$
+n$ryption
symmetric )ey
$rypto

re?uires
sender, recei$er
know shared
secret key

Fast encryption

5ro$ides low
security
%&
public key crypto"rap!y

sender# receiver do not

s!are secret key

public encryption key

kno*n to all

private decryption key

kno*n only to receiver

Slo*er encyption

Provides !i"!er
security
Pu&li$ )ey $ryptor!p"y
%1
plaintet
messa"e# m
cip!ertet
encryption
al"orit!m
decryption
al"orit!m
Bob+s public
key
plaintet
messa"e
, -m.
B
/
,
B
/
Bob+s private
key
,
B
-
m 0 , -, -m..
B
/
B
-
Pu&li$ )ey en$ryption
!lorit"ms
%2
need A and A such that
B
B
.
.
"iven public key , # it s!ould be impossible to
compute private key ,
B
B
$e1uirements2
1
2
$SA2 $ivest# S!amir# Adelson al"orit!m
/
-
, -, -m.. 0 m
B
B
-
/
/
-
36 Hy&ri( +n$ryption

Comines strengths of oth methods

comines the scalaility and key management

features of the asymmetric algorithms with the
speed of symmetric ones"

Asymmetric distriutes symmetric key

Also known as a session key

'ymmetric pro$ides ulk encryption

'ecure 'ockets ;ayer 0'';1 protocol negotiates

which asymmetric and symmetric algorithms to
use in a hyrid system to protect -C5
connections, such as an H--5 connection
etween a we rowser and we ser$er
Comining 5ulic@5ri$ate
Aey 'ystems
Public key encryption is more expensive than symmetric key encryption
For efficiency, combine the two approaches
(2) Use symmetric key for encrypting subsequent ata transmissions
-3.
-2.
A B
(!) Use public key encryption for authentication" once
authenticate, transfer a share secret symmetric key
7* H!s"in Alorit"ms

'D8

/2&I is ased on /2&H and was created to address

$ulnerailities found in /2&H" /2I generates E3T&
it hash $alues o$er IE3&it locks in H rounds of EM
steps each"

Computes E3T&it hash $alue

#idely used for fle integrity checking

#HA29

'HA&E also operates on IE3&it locks, ut produces

a EM4&it hash $alue in H rounds of 34 steps each

Computes EM4&it hash $alue

>I'- appro$ed message digest algorithm

Crypt!n!lysis

-he study of methods to reak cryptosystems

*ften targeted at otaining a key

*<ecti$e to reco$er key not <ust message

general approaches+

cryptanalytic attack&relies on the nature of the algorithm plus

perhaps some knowledge of the general characteristics of
the plainte!t or e$en some sample plainte!t& cipherte!t
pairs&e!ploits the characteristics of the algorithm to attempt
to deduce a specifc plainte!t or to deduce the key eing
used

rute&force attack&try e$ery possile key on a piece of

cipherte!t until an intelligile translation into plainte!t is
otained
Cryptanalysis

AerckhoD)s 5rinciple

-he only secrecy in$ol$ed with a

cryptosystem should e the key

Cryptosystem 'trength

How hard is it to determine the secret

associated with the systemS
Types of $rypt!n!lysis

2epending on what a cryptanalyst has to

work with, attacks can e classifed into

cipherte!t only attack

known plainte!t attack

chosen plainte!t attack

chosen cipherte!t attack 0most se$ere1

!* Crypt!n!lyti$ Att!$)s

$ip"erte-t only

only know algorithm N cipherte!t, is

statistical, can identify plainte!t & the only
data a$ailale is a target cipherte!t

)nown pl!inte-t

know@suspect plainte!t N cipherte!t&a target

cipherte!t. pairs of other cipherte!t and
plainte!t 0say, pre$iously roken or guessing1

$"osen pl!inte-t

select plainte!t and otain cipherte!t. can

feed encryption algorithm with plainte!ts and
otain the matching cipherte!ts
a1 Cryptanalytic Attacks

$"osen $ip"erte-t

select cipherte!t and otain

plainte!t

can feed decryption algorithm with

cipherte!ts and otain the
matching plainte!ts

$"osen te-t

select plainte!t or cipherte!t to

en@decrypt
4all# 2005 CPSC566 7nformation Security 8ana"ement
Chosen&5lainte!t Attack
Crook UE changes
his 5I> to a numer
of his choice
cipher0key,5I>1
5I> is encrypted and
transmitted to ank
Crook U3 ea$esdrops
on the wire and learns
cipherte!t corresponding
to chosen plainte!t 5I>
repeat for any 5I> $alue
a1 Cryptanalytic Attacks

9!e most difficult problem to be break is presented

*!en all t!at is available is t!e cip!ertet only%

7n some cases# not even t!e encryption al"orit!m

is kno*n# but o*n-plaintin "eneral *e can assume
t!at t!e opponent does kno* t!e al"orit!m used
for encryption%

9!en *it! increasin" information !ave t!e ot!er

attacks%

:enerally# an encryption al"orit!m is desi"ned to

*it!stand cryptanalytic attack%
Cip"er #trent"

:n$on(ition!l se$urity& if t!e cip!ertet

"enerated by t!e sc!eme does not contain enou"!
information to determine uni1uely t!e correspondin"
plaintet# no matter !o* muc! cip!ertet is available -
#ne-time pad%

!#mp"tati#nally sec"re- if eit!er t!e cost of breakin"

t!e cip!er eceeds t!e value of t!e encrypted
information# or t!e time re1uired to break t!e cip!er
eceeds t!e useful lifetime of t!e information%

4or all reasonable encryption al"orit!ms# *e !ave to

assume computational security *!ere it eit!er takes too
lon"# or is too epensive# to bot!er breakin" t!e cip!er%
&* ,rute ;or$e #e!r$"

In$ol$es trying e$ery possile key until an intelligile translation of

the cipherte!t into plainte!t is otained

*n a$erage, half of all possile keys must e tried to achie$e

success

-ime re?uired to conduct a rute&force attack, for $arious common

key si=es 02%' is IM, A%' is E3T, -riple&2%' is EMT
Key Size (bits) Number of Alternative Keys Time required at 1 decryption/s Time required at 10
6

decryptions/s
32 2
32
= 4.3 10
9
2
31
s = 35.8 minutes 2.15 milliseconds
56 2
56
= 7.2 10
16
2
55
s = 1142 years 10.01 hours
128 2
128
= 3.4 10
38
2
127
s = 5.4 10
24
years 5.4 10
18
years
168 2
168
= 3.7 10
50
2
167
s = 5.9 10
36
years 5.9 10
30
years
26 characters
(permutation)
26! = 4 10
26
2 10
26
s = 6.4 10
12
years 6.4 10
6
years
Cl!ssi$!l #ymmetri$
Cip"er

#u&stitution Cip"er

Tr!nsposition Cip"er
9 #u&stitution Cip"ers

;etters of plainte!t are replaced y other

letters or y numers or symols

5lainte!t is $iewed as a se?uence of its,

then sustitution in$ol$es replacing
plainte!t it patterns with cipherte!t it
patterns
a1 Caesar Cipher

%arliest known sustitution cipher y 8ulius

Caesar

First attested use in military aDairs

9eplaces each letter y Grd letter@yte with

another

%!ample+
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB

'till call any cipher using a simple letter shift

a caesar cipher, not <ust those with shift G"
Caesar Cipher

can defne transformation as+

a b c d e f g h i j k l m n o p q r s t u v w x y z =
IN
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C =
OUT

mathematically gi$e each letter a

numer
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Cryptanalysis of Caesar
Cipher

*nly ha$e 3I possile ciphers

A maps to (,""V 0mapping A to A etc doesnWt

really oscure the message1

Gi$en cipherte!t, <ust try all shifts of letters

2o need to recogni=e when ha$e plainte!t

%"g", reak cipherte!t CGCXA 6Y 2-GC/

when roken gi$es Ceasy to reakC, with a
shift of 3 0key C1"
&* 'ono!lp"!&eti$ Cip"er

9ather than <ust shifting the alphaet

Could shuZe 0<umle1 the letters aritrarily

%ach plainte!t letter maps to a diDerent

random cipherte!t letter

Aey is 3M letters long

Plain: abcdefghijklmnopqrstuvwxyz
Cipher: D!"#$%&'P()C*+,-./0123456
Plaintext: ifwewishtoreplaceletters
Ciphertext: '$3#3'/&0+.#,)D!#)#00#./
'ono!lp"!&eti$ Cip"er #e$urity

>ow ha$e a total of 3M: keys

Is that secureS

5rolem is language characteristics

Human languages are re(un(!nt

;etters are not e?ually commonly

used
<!nu!e Re(un(!n$y !n(
Crypt!n!lysis

#e donWt actually need all the letters in order

to understand written %nglish te!t

Human languages are re(un(!nt

e"g", Cth lrd s m shphrd shll nt wntC

;etters are not e?ually commonly used

In %nglish % is y far the most common letter

followed y -,9,>,I,*,A,'

*ther letters like V,8,A,Y,Q are fairly rare

Ha$e tales of single, doule N triple letter

fre?uencies for $arious languages
+nlis" <etter
;re3uen$ies
+nlis" <etter
;re3uen$ies
;!at kind of cip!er is t!is<
;!at kind of cip!er is t!is<
;!at kind of cip!er is t!is<
;!at kind of cip!er is t!is<
Xse in Cryptanalysis

Aey concept & monoalphaetic sustitution

ciphers do not change relati$e letter
fre?uencies

2isco$ered y Araian scientists in J

th
century

-hese ciphers are easy to reak ecause they

re[ect the fre?uency data of the original
alphaet"

Calculate letter fre?uencies for cipherte!t

Compare counts@plots against known $alues

If caesar cipher look for common peaks@troughs

peaks at+ A&%&I triple, >&* pair, 9&'&- triple

troughs at+ 8&A, X&6&#&Q&\&V

Amount of cipherte!t is important statistics:

%!ample Cryptanalysis

gi$en cipherte!t+
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPPESXUDBME!SX"IZ
VUEPHZHMDZSHZOWSP"PPD!SVPQUZW#MXUZUHSX
EP#EPOPDZSZUPOMBZWPUPZHMDJUD!MOHMQ

guess 5 N V are e and t

guess V# is th and hence V#5 is the

proceeding with trial and error fnally get+

$t %a& '$&()o&e' ye&ter'ay that &e*era)
$+forma) ,-t
'$re(t (o+ta(t& ha*e ,ee+ ma'e %$th po)$t$(a)
repre&e+tat$*e& of the *$et (o+g $+ mo&(o%
$* Pl!yf!ir Cip"er

>ot e$en the large numer of keys in a

monoalphaetic cipher pro$ides security

*ne approach to impro$ing security was to

encrypt multiple letters & the Pl!yf!ir Cip"er
is an e!ample

In$ented y Charles #heatstone in ETIH, ut

named after his friend (aron 5layfair

9educes the CspikynessC of natural language

te!t, since if <ust map one letter always to
another, the fre?uency distriution is <ust
shuZed
5layfair Aey /atri!

a IQI matri! of letters ased on a

keyword

fll in letters of keyword 0sans duplicates1

fll rest of matri! with other letters

eg" using the keyword /*>A9CH\

8 8 = = N N A A $ $
C C ) ) > > B B ( (
E E 4 4 : : 7?@ 7?@ , ,
A A P P B B S S 9 9
C C D D ; ; E E F F
5layfair Aey /atri!

9!e best-kno*n multiple-letter encryption

cip!er is t!e Playfair# *!ic! treats di"rams in
t!e plaintet as sin"le units and translates
t!ese units into cip!ertet di"rams

9!e rules for fillin" in t!is 55 matri are2 A to

$# top to bottom# first *it! key*ord after
duplicate letters !ave been removed# and t!en
*it! t!e remain letters# *it! 7?@ used as a
sin"le letter
'ecurity of 5layfair Cipher

security much impro$ed o$er monoalphaetic

since ha$e 3M ! 3M B MKM digrams

would need a MKM entry fre?uency tale to

analyse 0$ersus 3M for a monoalphaetic1

and correspondingly more cipherte!t

was widely used for many years

eg" y X' N (ritish military in ##E

it $!n e roken, gi$en a few hundred letters

since still has much of plainte!t structure

%ncrypting and 2ecrypting

plainte!t is encrypted two letters at a time

E" if a pair is a repeated letter, insert fller like
WQ)
3" if oth letters fall in the same row, replace
each with letter to right 0wrapping ack to
start from end1
G" if oth letters fall in the same column,
replace each with the letter elow it
0wrapping to top from ottom1
H" otherwise each letter is replaced y the letter
in the same row and in the column of the
other letter of the pair
5layfair %!ample

/essage B /o$e forward

5lainte!t B mo $e fo rw ar d!

Here ! is <ust a fller, message is padded and

segmented

Cipherte!t B *> XF 5H >V 9/ (V

8 8 = = N N A A $ $
C C ) ) > > B B ( (
E E 4 4 : : 7?@ 7?@ , ,
A A P P B B S S 9 9
C C D D ; ; E E F F

mo -G =NH
mo -G =NH
ve -G C4H
ve -G C4H
fo -G P)# etc%
fo -G P)# etc%
(* One2Time P!( .OTP*

Xses a random key that was truly as long as

the message, with no repetitions, which thus
totally oscures the original message

If a truly random key as long as the message

is used, is unreakale since cipherte!t ears
no statistical relationship to the plainte!t

It produces random output that ears no

statistical relationship to the plainte!t

Cipherte!t contains no information whatsoe$er

aout the plainte!t
(* One2Time P!( .OTP*1

'ince for !ny pl!inte-t N !ny

$ip"erte-t there e!ists a key mapping
one to other

Can only use the key once

Challenges&prolem of making large

?uantities of random keys. prolem of safe
key distriution and protection"

useful primarily for lo*-band*idt! c!annels re1uirin"

very !i"! security% 9!e one-time pad is t!e only
cryptosystem t!at e!ibits *!at is referred to as
perfect secrecy.
4all# 2005 CPSC566 7nformation Security 8ana"ement
'imple Idea+ *ne&-ime 5ad
B E4EEEE4E
&&&&&
&&&&&
&&&&&
B 44EE44E4
E444EEEE

44EE44E4

E4EEEE4E
Aey is a ne$er&repeating it
se?uence as long as plainte!t
%ncrypt y itwise Q*9 of
plainte!t and key+
cipherte!t B plainte!t key
2ecrypt y itwise Q*9 of
cipherte!t and key+
cipherte!t key B
0plainte!t key1 key B
plainte!t 0key key1 B
plainte!t
Cipher achie$es perfect secrecy if and only if
there are as many possile keys as possile plainte!ts, and
e$ery key is e?ually likely 0Claude 'hannon)s result1
4all# 2005 CPSC566 7nformation Security 8ana"ement
Ad$antages of *ne&
-ime 5ad

%asy to compute

%ncryption and decryption are the same operation

(itwise Q*9 is $ery cheap to compute

As secure as possile

Gi$en a cipherte!t, all plainte!ts are e?ually likely,

regardless of attacker)s computational resources

as long as the key se?uence is truly random

-rue randomness is e!pensi$e to otain in large

?uantities

as long as each key is same length as plainte!t

(ut how does the sender communicate the key to

recei$erS
4all# 2005 CPSC566 7nformation Security 8ana"ement
5rolems with *ne&
-ime 5ad

Aey must e as long as plainte!t

Impractical in most realistic scenarios

'till used for diplomatic and intelligence

traRc

2oes not guarantee integrity

*ne&time pad only guarantees confdentiality

Attacker cannot reco$er plainte!t, ut can

easily change it to something else

Insecure if keys are reused

Attacker can otain Q*9 of plainte!ts

=*
Tr!nsposition5Permut!tion
Cip"ers

)ides t!e messa"e by rearran"in" t!e letter

order *it!out alterin" t!e actual letters used

4orms t!e second basic buildin" block of

cip!ers

9!e core idea is to rearran"e t!e order of

basic units -letters?bytes?bits. *it!out
alterin" t!eir actual values%

4all# 2005 CPSC566 7nformation Security 8ana"ement
9ow -ransposition Ciphers

a more comple! scheme

write letters of message out in rows o$er

a specifed numer of columns

then reorder the columns according to

some key efore reading oD the rows
ey: 7 8 9 : ; < =
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: ,,6//P,-,)01/1D'C1$*62.P(,5

!* R!il ;en$e $ip"er

5lainte!t is written down as a se?uence of

diagonals and then read oD as a se?uence
of rows"

#rite message letters out diagonally o$er

a numer of rows then read oD cipher row
y row

eg" write message out as+

m e m a t r h t g p r y
e t e f e t e o a a t

gi$ing cipherte!t
MEM"!RH!GPR#E!EE!EO""!
&* Route $ip"er

In a route cipher, the plainte!t is frst

written out in a grid of gi$en
dimensions, then read oD in a pattern
gi$en in the key
$* Column!r tr!nsposition

-he message is written out in rows of a f!ed length,

and then read out again column y column, and the
columns are chosen in some scramled order"

(oth the width of the rows and the permutation of the

columns are usually defned y a keyword

For e!ample, the word V%(9A' is of length M 0so the

rows are of length M1, and the permutation is defned
y the alphaetical order of the letters in the keyword"
In this case, the order would e CM G 3 H E IC"

-he keyword V%(9A' and the message #% A9%

2I'C*6%9%2" F;%% A- *>C%"

5ro$iding f$e nulls 0YA8%X1 at the end"

Pro(u$t Cip"ers
5roduct Ciphers

Ciphers using sustitutions or transpositions are

not secure ecause of language characteristics

Hence consider using se$eral ciphers in

succession to make harder, ut+

-wo sustitutions make a more comple!

sustitution

-wo transpositions make more comple!

transposition

(ut a sustitution followed y a transposition

makes a new much harder cipher

-his is ridge from classical to modern ciphers

;imitations of cryptography

'ost se$urity pro&lems !re not $rypto pro&lems

-his is good

Cryptography works:

-his is ad

5eople make other mistakes. crypto doesn)t sol$e

them

/isuse of cryptography is fatal for security

#%5 ineDecti$e, highly emarrassing for industry

*ccasional une!pected attacks on systems

su<ected to serious re$iew
,<OC% CIPH+R vs #TR+A'
CIPH+R