Title: Cryptology
1Cryptology
Lecture Four
- Dr. Richard Spillman
- Pacific Lutheran University
2Last Lecture
- History
- Polygraphic Ciphers
- Playfair
- Hill
- Introduction to Transpositions
- Permutation
- Column Transposition
3Review Transposition Cipher
- Break the following ciphertext
slsna iocyv hqert eitre urlqn moibu vnftt qgnsp
eleby hoqao nocfs tsagq ltihd toeoe oqiup cncla
ietqc airfo iahis q
4Outline
- History
- More Transpositions
- Computer Based Encryption
- Stream Ciphers
5History of Ciphers
6US in WWI
- The story of the Zimmermann Telegram
- At 1030 am on January 17, 1917 the Rev. William
Montgomery, a cryptanalyst in ROOM 40, took what
looked like an important cipher to Captain
William Hall, directory of British Naval
Intelligence and head of ROOM 40 - It was only a partial solution dated Berlin,
January 16 and addressed to the German ambassador
in the US - When Hall saw it, he ordered all copies except
for the original one and one solution burned
7The Code
- The Zimmermann telegram was written in the German
diplomatic code known as 0075 which ROOM 40 had
almost broken after six months of work - It was a two part code of 10,000 words and
phrases numbered 0000 to 9999. It is a slow
process to solve such a code - identify the code for stop or period - usually
the groups that appear at the end of a telegram - understand that German sentences often end with a
verb, so the codegroup immediately preceding a
stop may be a verb - other clues come from the fact that diplomats use
standard phrases such as I have the honor to
report to Your Excellency . . . - When you have enough traffic in one code, you may
begin to piece the clues together.
8The Transmission
- Germany routed this telegraph by two sources to
be sure it got to its destination - Swedish Roundabout Sweden was neutral but in
favor of Germany so they sent German cables to
the US as part of their traffic - As part of US diplomatic traffic Col. Edward
House made arrangements for German cables to go
through him while remaining coded - From Washington it was sent on to Mexico
The English closely monitored both paths
9The Content
- As best ROOM 40 could make out, the telegram
read
Most secret for your Excellencys personal
information and to be handed on to the Imperial
Minister in (?Mexico) with Telegram No. 1 (. . .)
by a safe route. We propose to begin on the 1st
February unrestricted submarine warfare. In
doing so, however, we shall endeavor to keep
America neutral. (?) If we should not (succeed in
doing so) we propose to (? Mexico) an alliance
upon the following basis joint conduct of the
war. joint conclusion of peace. (. . .) Your
Excellency should for the present inform the
President of Mexico secretly (? that we expect)
war with the U.S.A (possibly) (. . . ) (Japan)
and at the same time to negotiate between us and
Japan. (Please tell the President) that (. . .)
or submarines (. . .) will compel England to
peace in a few months. Acknowledge receipt.
Zimmermann
WHAT DOES THIS SUGGEST?
10The Good News
- From the moment he saw the telegram, Hall knew he
had a problem - On the plus side, handing the telegram over to
the US would almost certainly compel them to
declare war on Germany - Was there a negative side? What could it be?
11The Bad News
- On the negative side there were three strong
arguments against turning the letter over to the
US
ROOM 40 was one of Englands biggest secrets, so
how could the message be made public without
Germany guessing that its codes had been broken?
Britain would have to admit that it had been
reading the telegrams of two neutral nations
The message was incomplete so arguments like . .
. perhaps you have failed to solve a word such
as not . . . would be advanced
12The Solution
- Hall conceived a plan that would solve all three
problems - He reasoned that the version of the telegram sent
from Washington to Mexico would be different from
his Berlin to Washington version (date, serial
number, preamble . . .) - If the Mexican version were released, the Germans
may believe that the code had been betrayed in
America - By the analysis of other traffic, Hall knew that
the German mission in Mexico had never used code
0075 and hence probably did not have it available
so the telegram would have to be recoded in
Washington perhaps into a code that ROOM 40 had
completely broken
He was correct on all counts
13The Result
- On February 5th an English agent known only as T
obtained a copy of the Washington to Mexico
telegram in Mexico City - Hall was right - it was written in a simpler code
(13040) which ROOM 40 had completely broken - Still England decided to wait and hope that other
events would force the US into the war but
President Wilson would not move (the Midwest and
West coast were not interested in the war) - On February 22, 1917, England could wait no
longer so Hall gave the Mexican version of the
Zimmermann telegram to Edward Bell at the
American embassy
14US Timetable
- Feb 24th The American ambassador in England
sends the telegram to Washington and it is taken
immediately to President Wilson - Feb 27th President Wilson decided to wait until
the Secretary of State Robert Lansing returns to
discuss the US response - Feb 28th The telegram is released to the AP
- March 1 Morning papers carry the story on page
1. The Senate stalls and asks for more proof.
There is an outcry from the Midwest - April 2nd President Wilson goes to Congress to
ask for war. He cites the Zimmermann telegram.
15Sidelight
- There were several theories in the press as to
the origin of the telegram - Four American soldiers found it on a German agent
trying to cross over into Mexico - The German ambassador had it in his baggage
- The British press attacked their secret service
as inferior to the Americans - these were planted by Capt. Hall
16More Transpositions
17Goal
- The goal of a transposition cipher is to
randomize the order of the letters in the
plaintext - Randomization may be increased by mixing them up
more than once using - Double Column Transposition
- Turning Grille
18Double Column Transposition
19Concept
- A double column transposition cipher works just
as the name implies. - The plaintext is enciphered using a column
transposition and then the resulting ciphertext
is enciphered again using a column transposition.
- The keyword may the same for transpositions or it
may be different. - The result is hopefully, a thorough mixing of the
positions of the plaintext letters.
20Example
- Encipher the phrase encryption algorithms twice
1st using the keyword next 2-1-4-3
2nd using the keyword image 4-5-1-3-2
21Using CAP
- CAP will implement a double column transposition
22Cryptanalysis of DT
- A weakness of the double column transposition
cipher lies in the use of the same pair of keys
on several plaintext messages all of the same
size. - For example, if the following 4 messages between
Bob and Alice were intercepted
etmai atecb bsbnq xivjb eecqu heikn oxlct sedwn
oowqq texda aqmue caeon ioox
panbt tjliu eeyhq xotbi dttqy dwbml bxooa oweal
hoaqp nexbh tqaut iekau wocx
monat rtwle bocoq xhofb aurqe oxino oxlir defar
uhoqe mexbn nqttn cgwoo rtox
awsbe lymtt ernrq xtnei olfqt lebne uxorb okorl
ocmqf iexru oqwhe oogao aacx
23Process
- Place all 4 messages in depth that is one on
top of the other - Treat is as a large anagramming problem
etmai atecb bsbnq xivjb eecqu heikn oxlct sedwn
oowqq texda aqmue caeon ioox panbt tjliu eeyhq
xotbi dttqy dwbml bxooa oweal hoaqp nexbh tqaut
iekau wocx monat rtwle bocoq xhofb aurqe oxino
oxlir defar uhoqe mexbn nqttn cgwoo rtox awsbe
lymtt ernrq xtnei olfqt lebne uxorb okorl ocmqf
iexru oqwhe oogao aacx
Columns of x should all go to the end
24Using CAP
- CAP provides a special anagramming tool for
Double Column Transpositions
25Turning Grilles
26Turning Grilles
- Turning Grilles rotate a window with slots across
the plaintext - Described by Jules Verne in the story Mathias
Sandorff - Used in the 18th century
- They come in the form of grilles with 2 positions
and grilles with 4 positions
27Construction
- Given n 4v2 characters in a message
- Create a square checkerboard with 2v rows and
columns - In one quadrant of the board place each number
from 1 to v - Rotate this quadrant to fill the remaining 3
quadrants - Select each number 1 to v from the four quadrants
- This defines the windows in the board
28Example
- Message This is a test of the method ok you are
done no - 36 characters so v 3
29Encipher
- Use the grille and its 4 rotations to create the
ciphertext
h
t
s
t
h
a
i
s
t
o
o
r
i
f
t
d
e
d
s
h
e
o
o
n
a
m
k
y
e
n
t
e
e
o
u
o
Write the message in the open slots
30Decipher
- Rotate the grille over the ciphertext and read
off the plaintext
31Using CAP
- Select Turning Grille under the cipher menu
32Computer Based Ciphers
33Impact of Technology
- The invention of the telegraph improved
communications (by a factor of 10) and increased
the importance of cryptography for protecting
information - The invention of radio improved communications
(by a factor of 100) and made cryptanalysis a
necessary part of government activities - The invention of the computer improved the
transfer, storage, and analysis of information
(by a factor of 109), eliminated personal
privacy, and made cryptography and cryptanalysis
essential to democracy
34Binary Numbers
- The characteristic of computers that produces a
different approach to cipher systems is their
method of representing information - data in computer systems is stored, processed,
and transmitted in binary form (as 0s and 1s) - hence numbers are represented in binary
35Characters
- Letters also need to be represented as binary
bits in a computer - There is no natural way to express this (as there
is with numbers) so computer manufactures have
developed a standard code called ASCII which
assigns a set of 8 bits to each letter
36ASCII Code
- Below is a list of the ASCII codes for upper and
lower case characters
37Bit Level Ciphers
- Using computers, ciphers are implemented at the
bit level - that is, we can now substitute or transpose 0s
and 1s - For example, an A is ASCII is 0100 0001, so if I
randomly change some 0s to 1s and some 1s to
0s the result might be 0010 1011 which is a - The problem is, how can I seem to randomly change
bits and yet still be able to recover the
plaintext? - to do this we will use a binary function called
the exclusive-OR (XOR)
38XOR Function
- The XOR is a two input, one output binary
function where the output is 1 if the inputs are
different and the output is 0 if the inputs are
the same - this can be expressed in a truth table which
lists all the inputs and outputs
39Bit Stream
- The pattern of inputs and outputs may look like
1
0
1
0
1 1 0 0 1 1 1 0 1 1 0 0 1 0 1
key 0 0 1 1 1 0 1 0 1 0 0 1 1 0 0 1 1 0
0 plaintext
1
0
0
1
0 1 1 0 0 1 1 1 0 1 0 1 0 0 1
Problem How do we recover the plaintext from
knowledge of the ciphertext and key?
40Stream Ciphers
41Simple Stream Cipher
- Set up a known pattern (sequence) of 1s and 0s
to use as a key - Apply the key to the plaintext bit stream using
an XOR function - Recover the plaintext using the same key pattern
on the ciphertext bit stream
42Problem
- A short sequence of key bits would be easy to
remember but not very secure - A long sequence of key bits would be secure but
hard to remember - PROBLEM How can we generate a long
random-appearing sequence of 0s and 1s in way
that will insure that everyone who should have
access to the plaintext are able to generate the
key when needed? - ANSWER Construct a Linear Feedback Shift
Register - LFSR
43Shift Register
- A shift register is a hardware device which
- saves bits
- shifts bits
- For example, a 4-bit shift register looks like
0
44Add Feedback
- Take some of the bits in the shift register,
combine them with an XOR, and feedback the result
as the input
45Random Bit Generators
- Random bit stream generators are very important
in cryptology - tests for randomness
- There are a wide range of other devices and
methods for producing random strings of 0s and
1s for use as Stream Cipher keys - Multiplexer Generator
- RC4
46Multiplexer
- A multiplexer is a digital circuit with several
inputs and one output - it is designed to pass one selected input on to
the output
Sample data on input
Address input 0
Address input 1
Address input 2
Address input 3
47MUX Generator 1
- The multiplexer generator uses two LFSRs and a
mux
LFSR 1 is used to select the bit from LFSR 2
48MUX Generator 2
- An alternative use of a MUX involves several
LFSRs
49Example Use
- Many satellite TV broadcasters use this key
generator to encrypt their TV signals - Each line of the signal is cut and rotated at a
point determined by the output of a multiplexer
generator
50One Time Pad
- The one-time pad (or Vernam Cipher) is a special
variant of the stream cipher. - The pseudorandom keystream is replaced with a
random (non-repeating) bit sequence, which is
only used once. - If used properly it is provably unbreakable
(Shannon, 1949). - Key management is hard!
51Randomness Tests 1
- There are some standardized test of randomness
that are used to evaluate any proposed random bit
generator - FIPS 140-1 statistical tests
- INPUT 20,000 consecutive bits from the random
bit generator - Monobit Test
- If the number of 1s in the 20,000 bit stream is
greater than 9,654 and less than 10,346 then it
passes the test - 95 of truly random streams will pass this test
52Randomness Tests 2
- Poker Test
- Divide the 20,000 bit stream into 5,000
contiguous 4-bit segments - Count the number of occurrences of each of the 16
possible 4-bit values - The number of occurrences of value i is ni where
i is between 0 and 15 - Evaluate
The test is passed if 1.03 lt X lt 57.4
53Randomness Tests 3
- Runs Test
- A run is a maximal sequence of consecutive 1s or
0s - Example 0 1 1 0 1 1 1 1 0 1 0 0 0 1
The test is passed if the number of occurrences
ofblocks and gaps of respective lengths are
eachwithin the following intervals
54Using CAP
- CAP will run some of the randomness tests
55Stream Ciphers in CAP
- CAP will implement a LFSR stream cipher
- First convert the plaintext to binary
- Second, run the stream cipher option
56The LFSR
- CAP allows you to watch the LFSR in action
57Breaking a Stream Cipher
- Surprise, a stream cipher can be compromised
- The most common ways are using an insertion
attack or a probable word search - Insertion Attack
- Intercept the ciphertext
- Insert a known bit somewhere in the plaintext and
get the modified plaintext encrypted with the
same keystream - Knowledge of the single bit will compromise the
plaintext
58Insertion Attack
- Assume that the following ciphertext stream is
intercepted
p1 p2 p3 p4 p5 . . . k1 k2 k3 k4 k5 . . . c1 c2
c3 c4 c5 . . .
Now insert a bit p after p1 and observe the new
ciphertext
p1 p p2 p3 p4 p5 . . . k1 k2 k3 k4 k5 k6 . .
. c1 c c3 c4 c5 c6 . . .
The key and plaintext stream are given by
k2 c XOR p so p2 c2 XOR k2 k3 c3
XOR p2 so p3 c3 XOR k3 k4 c4 XOR p3
so p4 c4 XOR k4
59Example
- Given the following plaintext, key, and
ciphertext
All we know is the ciphertext
Plaintext 0 1 1 1 0 1 Key 1 1 0 0 0
0 Ciphertext 1 0 1 1 0 1
Insert a 1 after the firstbit and retransmit
usingthe same key stream
NOW
k2 0 XOR 1 1
Plaintext 0 1 1 1 1 0 1 Key 1 1 0 0 0 0
1 Ciphertext 1 0 1 1 1 0 0
p2 0 XOR 1 1
k3 1 XOR 1 0
p3 1 XOR 0 1
60Probable Word Attack
- To illustrate a probable word attack, first
assume that the LFSR has only 2 feedback links,
the first bit and some unknown bit. - The goal of this attack is to discover the
unknown link, the size of the LFSR and the key
stream - This will be done using the ciphertext stream and
a probable word
61Procedure 1
- The process will be illustrated using an
example. - The LFSR has 6 bits with feedback on the first
and fourth bits as shown
Keystream
1 0 1 0 1 1 0 0 1 0 0 0 1 1 . . .
But of course we do not know this
62Procedure 2
- What we do know is the ciphertext stream
NOTE This matches the keystream from the prior
slide
T 01010100
h 01101000
e 01100101
111000011111100110001110010001101011100000100011
101101011001000111101011
11011110101100100011110
To recreate the keystream XOR the 1st and 4th bits
- Guess the first word is The
- Use this information to find the keystream
- Goal find the rest of the keystream, start by
XOR pairs of bits in the known
keystream
- Look for a long repeating string in the top and
bottom
63Procedure 3
- Generate the rest of the key stream
Ciphertext
111000011111100110001110010001101011100000100011
Key Stream
1
101101011001000111101011
0
000111101011001000111
0
Plaintext
010101000110100001100101011001010110111001100100
T h e e n
d
64Advanced Probable Word Attack
- To break a general LFSR-based stream cipher using
a known-plaintext attack requires - a plaintext bit string
- its corresponding ciphertext string
- knowledge of the size of the LFSR (if the LFSR
size is unknown, try several reasonable values)
- Discovery of the feedback bits is all that is
needed to reconstruct the key generator
65Method
- The attack begins with the known m-bit plaintext
string pi (i 0 to m-1) and its corresponding
m-bit ciphertext string ci (i 0 to m-1). - Using these two strings the keystring ki is given
by - ki pi XOR ci
- In general the keystring bits for a LFSR are
given by
66Method (continued)
- If the n, the number of bits in the known
plaintext stream, is equal to or larger than 2m
(m is the size of the LFSR) then the ais can be
found by solving a system of m linear equations
given in matrix form by
67Example
- Given the following known plaintext-ciphertext
stream
Plaintext
Ciphertext
Key Stream
Assuming an 8-bit LFSR construct the matrix of
key elements
68Example (continued)
- Find the inverse of the matrix
69Example (continued)
- The ais are found by multiplying the inverse key
matrix times the final set of key bits
X
70Using CAP
- CAP will do most of the work for this attack
71Cellular Automata
72Introduction to CAs
- A cellular automata, CA, is just an array (either
1 dimensional or 2 dimensional) of simple cells.
- The cells in a binary CA may be in one of two
states they contain either a 0 or a 1. - On each tick of a clock, a cell will change its
state based on the states of the cells in some
local neighborhood. - These structures were first introduced by John
von Neumann in the 1940s. - Interest in CAs grew in the early 70s when John
Conway invented the Game of Life based on a CA. - Since then they have been used in a large number
of applications one of which is the generation of
random bits
73Example
- A 7 cell 1-dimensional CA is shown below
0
0
0
0
1
0
0
Each cell is initialized to 0 or 1
The cell values change based on a rule such as
74RULES
- CA rules are numbered by converting the next
state to a decimal number - For example
23
Rule 90 is 01011010
75Random Bits
- A CA can be used to generate random bits by
selecting one of the cells as an output - For example, select cell 5 below
1
11
011
1011
Initialize the CA
Select a Rule (say Rule 30)
Run the CA
Stop when enough random bits have been generated
76Using CAP
- CAP offers a small 1-d CA system for testing the
use of this method to generate random bit strings - It also uses the bit string as key in a stream
cipher
77A 2-d Cellular Automata
- A 2 dimensional CA offers a more powerful random
number generator at the expense of additional
complexity. - A 2-d CA is just an array of 1-d CAs As with a
1-d CA - a cells value is updated by some function of its
current value and the values in its neighbors. - In this case there are two different definitions
of a neighborhood. - the von Neumann Neighborhood consists of the
cells above, below, to the right, and to the left
of the target cell. - The Moore Neighborhood consists of all 8 cells
that surround the target cell. -
78Example
- Defining the neighborhoods in a 2-d CA
792-d Rules
- The rules for a 2-d CA are much like the 1-d CA
rules. They define how a cell is updated based
on the values in its neighborhood. - Using a von Neumann neighborhood a general rule
structure can be defined as
si,j (t 1) X xor (C si,j (t)) xor (N
si-1,j (t)) xor (W si,j-1(t))
xor (S si1,j(t)) xor (E
si,j1(t ))
where X,C,N,W,S,E are binary (0,1) variables
and C,N,W,S, and E are the center, north, south,
west, and east cells.
80Rule ID
- The values of X,C,N,W,S, and E are used to
identify a specific rule - For example, if (X,C,N,S,W,E) (001110) then it
is rule 14 since (001110) is binary 14 - As a result there are 64 possible rules
- Studies have found that rules 31, 47 and 63 tend
to produce good random bits in an 8 x 8 CA.
81Random Generation
- A random stream is generated by assigning a rule
to each cell, initializing the CA to a random
state, and running the CA using a center cell to
produce the bit stream. - For example, below is a 3x3 CA where each cell is
assigned rule 14.
82Using CAP
- CAP provides a 2-d Cellular Automata both for
random bit generation and for use as a key in a
stream cipher
83Summary
- History
- More Transpositions
- Double Column Transposition
- Turning Grille
- Computer Based Encryption
- Stream Ciphers
- LFSR
- One Time Pad
- Cellular Automata