Cryptology - PowerPoint PPT Presentation

1 / 83
About This Presentation
Title:

Cryptology

Description:

Break the following ciphertext: slsna iocyv hqert eitre urlqn moibu vnftt ... Germany routed this telegraph by two sources to be sure it got to its destination ' ... – PowerPoint PPT presentation

Number of Views:212
Avg rating:3.0/5.0
Slides: 84
Provided by: muddy3
Category:

less

Transcript and Presenter's Notes

Title: Cryptology


1
Cryptology
Lecture Four
  • Dr. Richard Spillman
  • Pacific Lutheran University

2
Last Lecture
  • History
  • Polygraphic Ciphers
  • Playfair
  • Hill
  • Introduction to Transpositions
  • Permutation
  • Column Transposition

3
Review Transposition Cipher
  • Break the following ciphertext

slsna iocyv hqert eitre urlqn moibu vnftt qgnsp
eleby hoqao nocfs tsagq ltihd toeoe oqiup cncla
ietqc airfo iahis q
4
Outline
  • History
  • More Transpositions
  • Computer Based Encryption
  • Stream Ciphers

5
History of Ciphers
6
US in WWI
  • The story of the Zimmermann Telegram
  • At 1030 am on January 17, 1917 the Rev. William
    Montgomery, a cryptanalyst in ROOM 40, took what
    looked like an important cipher to Captain
    William Hall, directory of British Naval
    Intelligence and head of ROOM 40
  • It was only a partial solution dated Berlin,
    January 16 and addressed to the German ambassador
    in the US
  • When Hall saw it, he ordered all copies except
    for the original one and one solution burned

7
The Code
  • The Zimmermann telegram was written in the German
    diplomatic code known as 0075 which ROOM 40 had
    almost broken after six months of work
  • It was a two part code of 10,000 words and
    phrases numbered 0000 to 9999. It is a slow
    process to solve such a code
  • identify the code for stop or period - usually
    the groups that appear at the end of a telegram
  • understand that German sentences often end with a
    verb, so the codegroup immediately preceding a
    stop may be a verb
  • other clues come from the fact that diplomats use
    standard phrases such as I have the honor to
    report to Your Excellency . . .
  • When you have enough traffic in one code, you may
    begin to piece the clues together.

8
The Transmission
  • Germany routed this telegraph by two sources to
    be sure it got to its destination
  • Swedish Roundabout Sweden was neutral but in
    favor of Germany so they sent German cables to
    the US as part of their traffic
  • As part of US diplomatic traffic Col. Edward
    House made arrangements for German cables to go
    through him while remaining coded
  • From Washington it was sent on to Mexico

The English closely monitored both paths
9
The Content
  • As best ROOM 40 could make out, the telegram
    read

Most secret for your Excellencys personal
information and to be handed on to the Imperial
Minister in (?Mexico) with Telegram No. 1 (. . .)
by a safe route. We propose to begin on the 1st
February unrestricted submarine warfare. In
doing so, however, we shall endeavor to keep
America neutral. (?) If we should not (succeed in
doing so) we propose to (? Mexico) an alliance
upon the following basis joint conduct of the
war. joint conclusion of peace. (. . .) Your
Excellency should for the present inform the
President of Mexico secretly (? that we expect)
war with the U.S.A (possibly) (. . . ) (Japan)
and at the same time to negotiate between us and
Japan. (Please tell the President) that (. . .)
or submarines (. . .) will compel England to
peace in a few months. Acknowledge receipt.

Zimmermann
WHAT DOES THIS SUGGEST?
10
The Good News
  • From the moment he saw the telegram, Hall knew he
    had a problem
  • On the plus side, handing the telegram over to
    the US would almost certainly compel them to
    declare war on Germany
  • Was there a negative side? What could it be?

11
The Bad News
  • On the negative side there were three strong
    arguments against turning the letter over to the
    US

ROOM 40 was one of Englands biggest secrets, so
how could the message be made public without
Germany guessing that its codes had been broken?
Britain would have to admit that it had been
reading the telegrams of two neutral nations
The message was incomplete so arguments like . .
. perhaps you have failed to solve a word such
as not . . . would be advanced
12
The Solution
  • Hall conceived a plan that would solve all three
    problems
  • He reasoned that the version of the telegram sent
    from Washington to Mexico would be different from
    his Berlin to Washington version (date, serial
    number, preamble . . .)
  • If the Mexican version were released, the Germans
    may believe that the code had been betrayed in
    America
  • By the analysis of other traffic, Hall knew that
    the German mission in Mexico had never used code
    0075 and hence probably did not have it available
    so the telegram would have to be recoded in
    Washington perhaps into a code that ROOM 40 had
    completely broken

He was correct on all counts
13
The Result
  • On February 5th an English agent known only as T
    obtained a copy of the Washington to Mexico
    telegram in Mexico City
  • Hall was right - it was written in a simpler code
    (13040) which ROOM 40 had completely broken
  • Still England decided to wait and hope that other
    events would force the US into the war but
    President Wilson would not move (the Midwest and
    West coast were not interested in the war)
  • On February 22, 1917, England could wait no
    longer so Hall gave the Mexican version of the
    Zimmermann telegram to Edward Bell at the
    American embassy

14
US Timetable
  • Feb 24th The American ambassador in England
    sends the telegram to Washington and it is taken
    immediately to President Wilson
  • Feb 27th President Wilson decided to wait until
    the Secretary of State Robert Lansing returns to
    discuss the US response
  • Feb 28th The telegram is released to the AP
  • March 1 Morning papers carry the story on page
    1. The Senate stalls and asks for more proof.
    There is an outcry from the Midwest
  • April 2nd President Wilson goes to Congress to
    ask for war. He cites the Zimmermann telegram.

15
Sidelight
  • There were several theories in the press as to
    the origin of the telegram
  • Four American soldiers found it on a German agent
    trying to cross over into Mexico
  • The German ambassador had it in his baggage
  • The British press attacked their secret service
    as inferior to the Americans
  • these were planted by Capt. Hall

16
More Transpositions
17
Goal
  • The goal of a transposition cipher is to
    randomize the order of the letters in the
    plaintext
  • Randomization may be increased by mixing them up
    more than once using
  • Double Column Transposition
  • Turning Grille

18
Double Column Transposition
19
Concept
  • A double column transposition cipher works just
    as the name implies.
  • The plaintext is enciphered using a column
    transposition and then the resulting ciphertext
    is enciphered again using a column transposition.
  • The keyword may the same for transpositions or it
    may be different.
  • The result is hopefully, a thorough mixing of the
    positions of the plaintext letters.

20
Example
  • Encipher the phrase encryption algorithms twice

1st using the keyword next 2-1-4-3
2nd using the keyword image 4-5-1-3-2
21
Using CAP
  • CAP will implement a double column transposition

22
Cryptanalysis of DT
  • A weakness of the double column transposition
    cipher lies in the use of the same pair of keys
    on several plaintext messages all of the same
    size.
  • For example, if the following 4 messages between
    Bob and Alice were intercepted

etmai atecb bsbnq xivjb eecqu heikn oxlct sedwn
oowqq texda aqmue caeon ioox
panbt tjliu eeyhq xotbi dttqy dwbml bxooa oweal
hoaqp nexbh tqaut iekau wocx
monat rtwle bocoq xhofb aurqe oxino oxlir defar
uhoqe mexbn nqttn cgwoo rtox
awsbe lymtt ernrq xtnei olfqt lebne uxorb okorl
ocmqf iexru oqwhe oogao aacx
23
Process
  • Place all 4 messages in depth that is one on
    top of the other
  • Treat is as a large anagramming problem

etmai atecb bsbnq xivjb eecqu heikn oxlct sedwn
oowqq texda aqmue caeon ioox panbt tjliu eeyhq
xotbi dttqy dwbml bxooa oweal hoaqp nexbh tqaut
iekau wocx monat rtwle bocoq xhofb aurqe oxino
oxlir defar uhoqe mexbn nqttn cgwoo rtox awsbe
lymtt ernrq xtnei olfqt lebne uxorb okorl ocmqf
iexru oqwhe oogao aacx
Columns of x should all go to the end
24
Using CAP
  • CAP provides a special anagramming tool for
    Double Column Transpositions

25
Turning Grilles
26
Turning Grilles
  • Turning Grilles rotate a window with slots across
    the plaintext
  • Described by Jules Verne in the story Mathias
    Sandorff
  • Used in the 18th century
  • They come in the form of grilles with 2 positions
    and grilles with 4 positions

27
Construction
  • Given n 4v2 characters in a message
  • Create a square checkerboard with 2v rows and
    columns
  • In one quadrant of the board place each number
    from 1 to v
  • Rotate this quadrant to fill the remaining 3
    quadrants
  • Select each number 1 to v from the four quadrants
  • This defines the windows in the board

28
Example
  • Message This is a test of the method ok you are
    done no
  • 36 characters so v 3

29
Encipher
  • Use the grille and its 4 rotations to create the
    ciphertext

h
t
s
t
h
a
i
s
t
o
o
r
i
f
t
d
e
d
s
h
e
o
o
n
a
m
k
y
e
n
t
e
e
o
u
o
Write the message in the open slots
30
Decipher
  • Rotate the grille over the ciphertext and read
    off the plaintext

31
Using CAP
  • Select Turning Grille under the cipher menu

32
Computer Based Ciphers
33
Impact of Technology
  • The invention of the telegraph improved
    communications (by a factor of 10) and increased
    the importance of cryptography for protecting
    information
  • The invention of radio improved communications
    (by a factor of 100) and made cryptanalysis a
    necessary part of government activities
  • The invention of the computer improved the
    transfer, storage, and analysis of information
    (by a factor of 109), eliminated personal
    privacy, and made cryptography and cryptanalysis
    essential to democracy

34
Binary Numbers
  • The characteristic of computers that produces a
    different approach to cipher systems is their
    method of representing information
  • data in computer systems is stored, processed,
    and transmitted in binary form (as 0s and 1s)
  • hence numbers are represented in binary

35
Characters
  • Letters also need to be represented as binary
    bits in a computer
  • There is no natural way to express this (as there
    is with numbers) so computer manufactures have
    developed a standard code called ASCII which
    assigns a set of 8 bits to each letter

36
ASCII Code
  • Below is a list of the ASCII codes for upper and
    lower case characters

37
Bit Level Ciphers
  • Using computers, ciphers are implemented at the
    bit level
  • that is, we can now substitute or transpose 0s
    and 1s
  • For example, an A is ASCII is 0100 0001, so if I
    randomly change some 0s to 1s and some 1s to
    0s the result might be 0010 1011 which is a
  • The problem is, how can I seem to randomly change
    bits and yet still be able to recover the
    plaintext?
  • to do this we will use a binary function called
    the exclusive-OR (XOR)

38
XOR Function
  • The XOR is a two input, one output binary
    function where the output is 1 if the inputs are
    different and the output is 0 if the inputs are
    the same
  • this can be expressed in a truth table which
    lists all the inputs and outputs

39
Bit Stream
  • The pattern of inputs and outputs may look like

1
0
1
0
1 1 0 0 1 1 1 0 1 1 0 0 1 0 1
key 0 0 1 1 1 0 1 0 1 0 0 1 1 0 0 1 1 0
0 plaintext
1
0
0
1
0 1 1 0 0 1 1 1 0 1 0 1 0 0 1
Problem How do we recover the plaintext from
knowledge of the ciphertext and key?
40
Stream Ciphers
41
Simple Stream Cipher
  • Set up a known pattern (sequence) of 1s and 0s
    to use as a key
  • Apply the key to the plaintext bit stream using
    an XOR function
  • Recover the plaintext using the same key pattern
    on the ciphertext bit stream

42
Problem
  • A short sequence of key bits would be easy to
    remember but not very secure
  • A long sequence of key bits would be secure but
    hard to remember
  • PROBLEM How can we generate a long
    random-appearing sequence of 0s and 1s in way
    that will insure that everyone who should have
    access to the plaintext are able to generate the
    key when needed?
  • ANSWER Construct a Linear Feedback Shift
    Register - LFSR

43
Shift Register
  • A shift register is a hardware device which
  • saves bits
  • shifts bits
  • For example, a 4-bit shift register looks like

0
44
Add Feedback
  • Take some of the bits in the shift register,
    combine them with an XOR, and feedback the result
    as the input

45
Random Bit Generators
  • Random bit stream generators are very important
    in cryptology
  • tests for randomness
  • There are a wide range of other devices and
    methods for producing random strings of 0s and
    1s for use as Stream Cipher keys
  • Multiplexer Generator
  • RC4

46
Multiplexer
  • A multiplexer is a digital circuit with several
    inputs and one output
  • it is designed to pass one selected input on to
    the output

Sample data on input
Address input 0
Address input 1
Address input 2
Address input 3
47
MUX Generator 1
  • The multiplexer generator uses two LFSRs and a
    mux

LFSR 1 is used to select the bit from LFSR 2
48
MUX Generator 2
  • An alternative use of a MUX involves several
    LFSRs

49
Example Use
  • Many satellite TV broadcasters use this key
    generator to encrypt their TV signals
  • Each line of the signal is cut and rotated at a
    point determined by the output of a multiplexer
    generator

50
One Time Pad
  • The one-time pad (or Vernam Cipher) is a special
    variant of the stream cipher.
  • The pseudorandom keystream is replaced with a
    random (non-repeating) bit sequence, which is
    only used once.
  • If used properly it is provably unbreakable
    (Shannon, 1949).
  • Key management is hard!

51
Randomness Tests 1
  • There are some standardized test of randomness
    that are used to evaluate any proposed random bit
    generator
  • FIPS 140-1 statistical tests
  • INPUT 20,000 consecutive bits from the random
    bit generator
  • Monobit Test
  • If the number of 1s in the 20,000 bit stream is
    greater than 9,654 and less than 10,346 then it
    passes the test
  • 95 of truly random streams will pass this test

52
Randomness Tests 2
  • Poker Test
  • Divide the 20,000 bit stream into 5,000
    contiguous 4-bit segments
  • Count the number of occurrences of each of the 16
    possible 4-bit values
  • The number of occurrences of value i is ni where
    i is between 0 and 15
  • Evaluate

The test is passed if 1.03 lt X lt 57.4
53
Randomness Tests 3
  • Runs Test
  • A run is a maximal sequence of consecutive 1s or
    0s
  • Example 0 1 1 0 1 1 1 1 0 1 0 0 0 1

The test is passed if the number of occurrences
ofblocks and gaps of respective lengths are
eachwithin the following intervals
54
Using CAP
  • CAP will run some of the randomness tests

55
Stream Ciphers in CAP
  • CAP will implement a LFSR stream cipher
  • First convert the plaintext to binary
  • Second, run the stream cipher option

56
The LFSR
  • CAP allows you to watch the LFSR in action

57
Breaking a Stream Cipher
  • Surprise, a stream cipher can be compromised
  • The most common ways are using an insertion
    attack or a probable word search
  • Insertion Attack
  • Intercept the ciphertext
  • Insert a known bit somewhere in the plaintext and
    get the modified plaintext encrypted with the
    same keystream
  • Knowledge of the single bit will compromise the
    plaintext

58
Insertion Attack
  • Assume that the following ciphertext stream is
    intercepted

p1 p2 p3 p4 p5 . . . k1 k2 k3 k4 k5 . . . c1 c2
c3 c4 c5 . . .
Now insert a bit p after p1 and observe the new
ciphertext
p1 p p2 p3 p4 p5 . . . k1 k2 k3 k4 k5 k6 . .
. c1 c c3 c4 c5 c6 . . .
The key and plaintext stream are given by
k2 c XOR p so p2 c2 XOR k2 k3 c3
XOR p2 so p3 c3 XOR k3 k4 c4 XOR p3
so p4 c4 XOR k4
59
Example
  • Given the following plaintext, key, and
    ciphertext

All we know is the ciphertext
Plaintext 0 1 1 1 0 1 Key 1 1 0 0 0
0 Ciphertext 1 0 1 1 0 1
Insert a 1 after the firstbit and retransmit
usingthe same key stream
NOW
k2 0 XOR 1 1
Plaintext 0 1 1 1 1 0 1 Key 1 1 0 0 0 0
1 Ciphertext 1 0 1 1 1 0 0
p2 0 XOR 1 1
k3 1 XOR 1 0
p3 1 XOR 0 1
60
Probable Word Attack
  • To illustrate a probable word attack, first
    assume that the LFSR has only 2 feedback links,
    the first bit and some unknown bit.
  • The goal of this attack is to discover the
    unknown link, the size of the LFSR and the key
    stream
  • This will be done using the ciphertext stream and
    a probable word

61
Procedure 1
  • The process will be illustrated using an
    example.
  • The LFSR has 6 bits with feedback on the first
    and fourth bits as shown

Keystream
1 0 1 0 1 1 0 0 1 0 0 0 1 1 . . .
But of course we do not know this
62
Procedure 2
  • What we do know is the ciphertext stream

NOTE This matches the keystream from the prior
slide
T 01010100
h 01101000
e 01100101
111000011111100110001110010001101011100000100011
101101011001000111101011
11011110101100100011110
To recreate the keystream XOR the 1st and 4th bits
- Guess the first word is The
- Use this information to find the keystream
  • Goal find the rest of the keystream, start by
    XOR pairs of bits in the known
    keystream
  • Look for a long repeating string in the top and
    bottom

63
Procedure 3
  • Generate the rest of the key stream

Ciphertext
111000011111100110001110010001101011100000100011
Key Stream
1
101101011001000111101011
0
000111101011001000111
0
Plaintext
010101000110100001100101011001010110111001100100
T h e e n
d
64
Advanced Probable Word Attack
  • To break a general LFSR-based stream cipher using
    a known-plaintext attack requires
  • a plaintext bit string
  • its corresponding ciphertext string
  • knowledge of the size of the LFSR (if the LFSR
    size is unknown, try several reasonable values)
  • Discovery of the feedback bits is all that is
    needed to reconstruct the key generator

65
Method
  • The attack begins with the known m-bit plaintext
    string pi (i 0 to m-1) and its corresponding
    m-bit ciphertext string ci (i 0 to m-1).
  • Using these two strings the keystring ki is given
    by
  • ki pi XOR ci
  • In general the keystring bits for a LFSR are
    given by

66
Method (continued)
  • If the n, the number of bits in the known
    plaintext stream, is equal to or larger than 2m
    (m is the size of the LFSR) then the ais can be
    found by solving a system of m linear equations
    given in matrix form by

67
Example
  • Given the following known plaintext-ciphertext
    stream

Plaintext
Ciphertext
Key Stream
Assuming an 8-bit LFSR construct the matrix of
key elements
68
Example (continued)
  • Find the inverse of the matrix


69
Example (continued)
  • The ais are found by multiplying the inverse key
    matrix times the final set of key bits

X
70
Using CAP
  • CAP will do most of the work for this attack

71
Cellular Automata
72
Introduction to CAs
  • A cellular automata, CA, is just an array (either
    1 dimensional or 2 dimensional) of simple cells.
  • The cells in a binary CA may be in one of two
    states they contain either a 0 or a 1.
  • On each tick of a clock, a cell will change its
    state based on the states of the cells in some
    local neighborhood.
  • These structures were first introduced by John
    von Neumann in the 1940s.
  • Interest in CAs grew in the early 70s when John
    Conway invented the Game of Life based on a CA.
  • Since then they have been used in a large number
    of applications one of which is the generation of
    random bits

73
Example
  • A 7 cell 1-dimensional CA is shown below

0
0
0
0
1
0
0
Each cell is initialized to 0 or 1
The cell values change based on a rule such as
74
RULES
  • CA rules are numbered by converting the next
    state to a decimal number
  • For example

23
Rule 90 is 01011010
75
Random Bits
  • A CA can be used to generate random bits by
    selecting one of the cells as an output
  • For example, select cell 5 below

1
11
011
1011
Initialize the CA
Select a Rule (say Rule 30)
Run the CA
Stop when enough random bits have been generated
76
Using CAP
  • CAP offers a small 1-d CA system for testing the
    use of this method to generate random bit strings
  • It also uses the bit string as key in a stream
    cipher

77
A 2-d Cellular Automata
  • A 2 dimensional CA offers a more powerful random
    number generator at the expense of additional
    complexity.
  • A 2-d CA is just an array of 1-d CAs As with a
    1-d CA
  • a cells value is updated by some function of its
    current value and the values in its neighbors.
  • In this case there are two different definitions
    of a neighborhood.
  • the von Neumann Neighborhood consists of the
    cells above, below, to the right, and to the left
    of the target cell.
  • The Moore Neighborhood consists of all 8 cells
    that surround the target cell.

78
Example
  • Defining the neighborhoods in a 2-d CA

79
2-d Rules
  • The rules for a 2-d CA are much like the 1-d CA
    rules. They define how a cell is updated based
    on the values in its neighborhood.
  • Using a von Neumann neighborhood a general rule
    structure can be defined as

si,j (t 1) X xor (C si,j (t)) xor (N
si-1,j (t)) xor (W si,j-1(t))
xor (S si1,j(t)) xor (E
si,j1(t ))
where X,C,N,W,S,E are binary (0,1) variables
and C,N,W,S, and E are the center, north, south,
west, and east cells.
80
Rule ID
  • The values of X,C,N,W,S, and E are used to
    identify a specific rule
  • For example, if (X,C,N,S,W,E) (001110) then it
    is rule 14 since (001110) is binary 14
  • As a result there are 64 possible rules
  • Studies have found that rules 31, 47 and 63 tend
    to produce good random bits in an 8 x 8 CA.

81
Random Generation
  • A random stream is generated by assigning a rule
    to each cell, initializing the CA to a random
    state, and running the CA using a center cell to
    produce the bit stream.
  • For example, below is a 3x3 CA where each cell is
    assigned rule 14.

82
Using CAP
  • CAP provides a 2-d Cellular Automata both for
    random bit generation and for use as a key in a
    stream cipher

83
Summary
  • History
  • More Transpositions
  • Double Column Transposition
  • Turning Grille
  • Computer Based Encryption
  • Stream Ciphers
  • LFSR
  • One Time Pad
  • Cellular Automata
Write a Comment
User Comments (0)
About PowerShow.com