CRYPTOGRAPHY

1
CRYPTOGRAPHY

• Lecture 7

2
The Radio

• 1894 Marconi experimented with electrical
  circuits and developed a wireless system the
  radio (up to 2.5km)
• 1896 he emigrated to Britain and filed his first
  patent
• He increased the range to 15km, then 53km
• This was an advantage over the telegraph because
  it was wireless, so there was no need for
  constructing telegraph wires, and you could send
  messages between two isolated locations.

3
The Radio

• Marconi transmitted messages in Morse code.
• It was a big breakthrough when he transmitted the
  letter S (dot-dot-dot) from Cornwall to
  Newfoundland, a distance of 3500km.
• This was very promising for the military, but now
  they needed reliable encryption because all the
  messages were in the air, ready to be
  intercepted.
• Many ciphers were tried, and broken.

4
The German ADFGVX cipher

• Was introduced in 1918, it was a combination of
  substitution and transposition.
• Draw up a 6x6 grid, and fill the grid with a
  random combination of the 26 letters of the
  alphabet and the 10 digits.
• The arrangement of the elements in the grid is
  part of the key.

5
The German ADFGVX cipher

• A D F G V X
• A 8 P 3 D 1 N
• D L T 4 O A H
• F 7 K B C 5 Z
• G J U 6 W G M
• V X S V I R 2
• X 9 E Y 0 F Q

6
The German ADFGVX cipher

• The first step is to take each letter of the
  plaintext, locate its position, and substitute it
  with the letters that label its row and column.
• A D F G V X For example, 8 becomes AA
• A 8 P 3 D 1 N P becomes AD, L is DA
• D L T 4 O A H
• F 7 K B C 5 Z
• G J U 6 W G M
• V X S V I R 2
• X 9 E Y 0 F Q

7
The German ADFGVX cipher

• So the message
• ATTACK AT 10 PM
• BECOMES
• DV DD DD DV FG FD DV DD AV XG AD GX

8
The German ADFGVX cipher

• This is a simple mono-alphabetic substitution
  cipher, which can be broken by frequency
  analysis. But now we add some transposition into
  the mix.
• For step 2, we need a keyword. In our example,
  we use the keyword MARK
• The keyword is the second piece of information we
  must share with the receiver.

9
The German ADFGVX cipher

• Now we transpose by arranging the message in
  columns and shifting the columns around according
  to the alphabetical order of the keyword
• MARK AKMR
• DVDD VDDD
• DDDV DVDD
• FGFD GDFF
• DVDD VDDD
• AVXG VGAX
• ADGX DXAG

10
The German ADFGVX cipher

• Now we read off the message column wise
• AKMR
• VDDD
• DVDD VDGVVDDVDDGXDDFDXG
• GDFF
• VDDD
• VGAX
• DXAG

11
The German ADFGVX cipher

• Why ADFGVX?
• These letters, when written in Morse code, are
  very different from each other.
• A French cryptanalyst called Georges Painvin
  spent much time deciphering it. Finally, he
  broke it and intercepted a message that led to
  the German army losing the element of surprise,
  and eventually the battle.

12
Back to the Vigenere cipher
Lets go back and figure out how the Vigenere
cipher was broken, in order to build a stronger
code. The weakness of the Vigenere cipher was in
the repeating of the keyword. What if instead of
a keyword we used a key phrase, that was as long
as the message itself. Then frequency analysis
does not apply.
13
Vigenere cipher with long key-phrase
Lets say we have a cipher text, how can we break
it? V H R M H E U Z N F Q D E Z R W X F I D K

14
Vigenere cipher with long key-phrase
Assume that the word the will appear in the
plaintext. Try it in three positions and see
what that implies about the key phrase Key C A
N ? ? ? B S J ? ? ? ? ? Y P T ? ? ? ? Plaintext T
H E - - - T H E - - - - - T H E - - - - Cipher
text V H R M H E U Z N F Q D E Z R W X F I D K
BSJ does not make any sense, but CAN looks
promising, and YPT can be a part of a word, e.g.
APOCALYPTIC, CRYPT or EGYPT. So we try these
three.
15
Vigenere cipher with long key-phrase
Key C A N ? ? ? ? ? A P O C A L Y P T I C ?
? Plaintext T H E - - - - - N Q C B E O T H E X G
- - Cipher text V H R M H E U Z N F Q D E Z R W X
F I D K Key C A N ? ? ? ? ? ? ? ? ? E G Y P T ?
? ? ? Plaintext T H E - - - - - - - - - A T T H E
- - - - Cipher text V H R M H E U Z N F Q D E Z R
W X F I D K Key C A N ? ? ? B S J ? ? ? C R Y
P T ? ? ? ? Plaintext T H E - - - - - - - - - C I
T H E - - - - Cipher text V H R M H E U Z N F Q D
E Z R W X F I D K The word EGYPT is the only one
which makes sense.
16
Vigenere cipher with long key-phrase
Key C A N ? ? ? ? ? ? ? ? ? E G Y P T ? ? ?
? Plaintext T H E - - - - - - - - - A T T H E - -
- - Cipher text V H R M H E U Z N F Q D E Z R W X
F I D K Maybe the key is a list of countries?
Maybe CAN is part of CANADA? Key C A N A D A ?
? ? ? ? ? E G Y P T ? ? ? ? Plaintext T H E M E E
- - - - - - A T T H E - - - - Cipher text V H R M
H E U Z N F Q D E Z R W X F I D K Maybe this is
the beginning of the meeting?
17
Vigenere cipher with long key-phrase
Key C A N A D A B R A Z ? ? E G Y P T ? ? ?
? Plaintext T H E M E E T I N G - - A T T H E - -
- - Cipher text V H R M H E U Z N F Q D E Z R W X
F I D K Is BRAZ the beginning of Brazil? Key C
A N A D A B R A Z I L E G Y P T ? ? ?
? Plaintext T H E M E E T I N G I S A T T H E - -
- - Cipher text V H R M H E U Z N F Q D E Z R W X
F I D K Now we can try other countries to see if
they make sense.
18
Vigenere cipher with long key-phrase
CUBA seems to make sense . . . Key C A N A D A
B R A Z I L E G Y P T C U B A Plaintext T H E M E
E T I N G I S A T T H E D O C K Cipher text V H R
M H E U Z N F Q D E Z R W X F I D K Notice the
back-and-forth nature of the cryptanalysis
process.
19
One-time cipher pad
A key-phrase as long as the message does not
guarantee an unbreakable code. The weakness is
that the key phrase is made up of words that make
sense. What if the key has no inherent
structure? If we use a random key, and a
different one for each message, we come up with a
secure cipher. You could still try to test all
possible keys, but this is prohibitively
time-consuming. By the time that gives results
the message is no longer pertinent. Now security
is guaranteed.
20
One-time cipher pad
A key-phrase as long as the message does not
guarantee an unbreakable code. The weakness is
that the key phrase is made up of words that make
sense. What if the key has no inherent
structure? If we use a random key, and a
different one for each message, we come up with a
secure cipher. You could still try to test all
possible keys, but this is prohibitively
time-consuming. By the time that gives results
the message is no longer pertinent. Now security
is guaranteed.
21
One-time cipher pad

• Creating a random key takes a lot of time,
  effort and money.
• Distributing the cipher keys to everyone who
  needs them is prohibitive.
• Making sure that everyone is on the same page
  is difficult.
• If the system is widely used, there is a great
  danger that one set of pads will be stolen and
  the whole system compromised.
• Reusing a onetime key compromises the system.
• Can sometimes be used in diplomacy for a very
  secret message, but cannot be used in the heat of
  battle, or in daily business communication.

22
CIPHER DISKS

• In the fifteenth century, Leon Alberti invented
  the cipher disk.
• http//www.secretcodebreaker.com/ciphrdk.html

23
CIPHER DISKS
This type of encryption was used in the civil
war.
24
CIPHER DISKS
Thomas Jeffersons cipher wheel
25
CIPHER DISKS
Ovaltine cipher ring . . .
26
The Enigma machine
27
The enigma machinedescription from
http//en.wikipedia.org/wiki/Enigma_machineRotors

• The rotors (alternatively wheels or drums
  Walzen in German) form the heart of an Enigma
  machine. Approximately 10 cm in diameter, each
  rotor is a disk made of hard rubber or bakelite
  with a series of brass spring-loaded pins on one
  face arranged in a circle on the other side are
  a corresponding number of circular electrical
  contacts. The pins and contacts represent the
  alphabet typically the 26 letters AZ (this
  will be assumed for the rest of the description).
  When placed side-by-side, the pins of one rotor
  rest against the contacts of the neighbouring
  rotor, forming an electrical connection. Inside
  the body of the rotor, a set of 26 wires connects
  each pin on one side to a contact on the other in
  a complex pattern. The wiring differs for every
  rotor.

28
The enigma machine
The left side of an Enigma rotor, showing the
flat electrical contacts. A single turnover notch
is visible on the left edge of the rotor.
The right side of a rotor, showing the pin
electrical contacts. The Roman numeral V
identifies the wiring of the rotor.
Three Enigma rotors and the shaft on which they
are placed when in use.
29
The enigma machine
By itself, a rotor performs only a very simple
type of encryption a simple substitution cipher.
For example, the pin corresponding to the letter
E might be wired to the contact for letter T on
the opposite face. The complexity comes from the
use of several rotors in series usually three
or four and the regular movement of the rotors
this provides a much stronger type of encryption.
30
The enigma machine
When placed in the machine, a rotor can be set to
one of 26 positions. It can be turned by hand
using a grooved finger-wheel which protrudes from
the internal cover when closed. So that the
operator knows the position, each rotor has an
alphabet tyre (or letter ring) attached around
the outside of the disk, with 26 letters or
numbers one of these can be seen through a
window, indicating the position of the rotor to
the operator. In early Enigma models, the
alphabet ring is fixed a complication introduced
in later versions is the facility to adjust the
alphabet ring relative to the core wiring. The
position of the ring is known as the Ringstellung
("ring settings").
31
The enigma machine
To avoid merely implementing a simple
substitution cipher, some rotors turn with
consecutive presses of a key. This ensures that
the cryptographic transformation is different at
each position, producing a formidable
polyalphabetic substitution cipher.
32
The enigma machine
With the exception of the early models A and B,
the last rotor is followed by a reflector a
patented feature distinctive of the Enigma family
amongst the various rotor machines designed in
the period. The reflector connects outputs of the
last rotor up in pairs, redirecting current back
through the rotors by a different route. The
reflector ensures that Enigma is self-reciprocal
conveniently, encryption is the same as
decryption. However, the reflector also gives
Enigma the property that no letter can encrypt to
itself. This was a severe conceptual flaw and a
cryptological mistake subsequently exploited by
codebreakers.
33
The enigma machine
The plugboard (Steckerbrett in German) is a
variable wiring that could be reconfigured by the
operator (visible on the front panel of Figure 1
some of the patch cords can be seen in the lid).
It was introduced on German Army versions in 1930
and was soon adopted by the Navy as well. The
plugboard contributes a great deal to the
strength of the machine's encryption, more than
an extra rotor would. Enigma without a plugboard
"unsteckered" Enigma can be solved relatively
straightforwardly using hand methods these
techniques are generally defeated by the addition
of a plugboard, and codebreakers resorted to
special machines to solve it. A cable placed onto
the plugboard connects letters up in pairs, for
example, E and Q might be a steckered pair. The
effect is to swap those letters before and after
the main rotor scrambling unit. For example, when
an operator presses E, the signal is diverted to
Q before entering the rotors. Several such
steckered pairs, up to 13, might be used at one
time. Current flows from the keyboard through the
plugboard, and proceeds to the entry-rotor or
Eintrittswalze. Each letter on the plugboard has
two jacks. Inserting a plug will disconnect the
upper jack (from the keyboard) and the lower jack
(to the entry-rotor) of that letter. The plug at
the other end of the crosswired cable is inserted
into another letter's jacks, switching the
connections of the two letters.
34
The enigma machine
The plugboard (Steckerbrett in German) is a
variable wiring that could be reconfigured by the
operator. It was introduced on German Army
versions in 1930 and was soon adopted by the Navy
as well. The plugboard contributes a great deal
to the strength of the machine's encryption, more
than an extra rotor would. Enigma without a
plugboard "unsteckered" Enigma can be solved
relatively straightforwardly using hand methods
these techniques are generally defeated by the
addition of a plugboard, and codebreakers
resorted to special machines to solve it.
35
The beginning

• The British kept on deciphering German messages
  after the end of WWI, and in 1926 they started
  getting messages that baffled them completely.
• The Americans and French were baffled too.
• The Enigma gave the Germans the most secure means
  of communication then available.

36
The Polish cryptanalysts

• The allied cryptanalysts gave up trying. They had
  little to lose. Germany lost the war and was
  crippled by defeat.
• But Poland had continued threats to its
  sovereignty, from Russia and Germany.
• The Poles started a cipher bureau.
• Captain Maksymilian Ciezki was in charge of
  deciphering the German messages.

37
The Polish cryptanalysts

• Ciezki had access to a commercial version of the
  Enigma machine, so he understood the concept.
• But the military version was more sophisticated
  and Ciezki was baffled by the Enigma.
• Hans-Thilo Schmidt was a German who fought in
  WWI. In the hard times after the war, he was in
  financial difficulties, and jealous of his
  successful older brother, who got him a job at
  the Enigma command center.

38
Schmidt sells the instructions

• Schmidt allowed a French agent to photograph 2
  documents which were the instructions for use of
  the Enigma machines, and gave insight into the
  wirings inside each scrambler.
• Now the allies has an accurate model of the
  machine, but they still could not decipher the
  messages. The strength of the cipher was in
  keeping the initial configuration of the wheels
  secret. The Germans even assumed that the
  machine could be available to their enemies.

39
Having the Enigma does not mean you can break the
code.

• Schmidt allowed a French agent to photograph 2
  documents which were the instructions for use of
  the Enigma machines, and gave insight into the
  wirings inside each scrambler.
• Now the allies has an accurate model of the
  machine, but they still could not decipher the
  messages. The strength of the cipher was in
  keeping the initial configuration of the wheels
  secret. The Germans even assumed that the
  machine could be available to their enemies.

40
Having the Enigma does not mean you can break the
code.

• Schmidt allowed a French agent to photograph 2
  documents which were the instructions for use of
  the Enigma machines, and gave insight into the
  wirings inside each scrambler.
• Now the allies has an accurate model of the
  machine, but they still could not decipher the
  messages. The strength of the cipher was in
  keeping the initial configuration of the wheels
  secret. The Germans even assumed that the
  machine could be available to their enemies.

41
Enigma key

• Remember that there are several pieces of
  information which go into encipherment using the
  Enigma.

42
Enigma key

• Each month, Enigma operators got a new codebook
  which specified the key
• Plugboard settings (which letters were wired to
  which)
• Scrambler arrangement (what order to put the
  disks in). Each disk is different, so it matters
  what order they are put in.
• Scrambler orientation (which letter each disk
  should show.

43
Enigma key example

• Plugboard settings A/L-P/R-T/D-B/W-K/F-O/Y swap
  the letters A and L by connecting them by a lead
  on the plugboard. Similarly, swap P and R, T and
  D etc.

44
Enigma key example

• Scambler arrangement 2-3-1 place the 2nd
  scrambler in the first slot, the 3rd scrambler in
  the second slot and the 1st scramble in the third
  slot

45
Enigma key example

• Scambler orientation which letters face upwards

46
Enigma key
One way of encrypting the message would be to
send all the days messages according to the day
key. This would mean that for a whole day, all
Enigma operators would set the scramblers and
plugs in the specified way before each method.
This process is weakened by the repeated use of
the same key to transmit many messages. Another
way is to use the day-settings to transmit a new
message key for each message. The message key
would have the same plugboard and scrambler
arrangement as the day key, but the scrambler
orientations would be different. The scambler
orientation for the message key was sent in the
beginning of the message, enciphered by the day
key.
47
Enigma key
Using the day key only to encrypt the message key
limited the number of messages sent in one
key. This seems hard to break. Enter Marian
Rejewski, a 23 year old math student. He used
the fact that repetition is the key to breaking
codes. The Germans enciphered the message key
twice at the beginning of each message, to avoid
the mistakes by radio interference
48
Enigma message key
So if the message key was to be ULJ, when sent
enciphered twice we would obtain, for example
PEFNWZ (remember that the Enigma rotors change
position, so that we get a poly-alphabetic
cipher). So Rejewski would focus on the first 6
letters of each message, which were the message
key letters.
49
Enigma message key
1st 2nd 3rd 4th 5th 6th 1st message L O K R G M
2nd message M V T X Z E 3rd message J K T M P E 4t
h message D V Y P Z X This gives some constraint
as to the initial setup of the machine. Given
enough messages, a series of such relationships
could be built up for each letter of the
alphabet. Does this give us information about
the settings? It allows us to find a chain, and
the length of this chain represents only the
scrambler settings.
50
Enigma message key
ABCDEFGHIJKLMNOPQRSTUVWXYZ 1st letter FQHPLWOGBMVR
XUYCZITNJEASDK 4th letter This forms chains,
e.g A ? F ? W ? A 3 links B ? Q ? Z ? K ?
V ? E ? L ? R ? I ? B 9 links Even if the
plugboard settings interchange letters, the
length of the chains is only dependent on the
original scrambler settings.
51
Enigma message key
There are 6 scrambler arrangements (3!) And
17,576 (262626) scrambler orientations So the
total number of scrambler settings is 6x17576
105,456 This is a lot less than the number of day
keys (10,000,000,000,000,000) So now the question
is what are the chain lengths generated by each
one of the 105,456 scrambler settings. Rejewski
catalogued the lengh of chains generated by each
one of the scrambler settings.
52
Rejewskis technique
Now each day, he would look at the relationships
in the 1st ? 4th , 2nd ? 5th, and 3rd ? 6th
letters and use this information to build the
table of relationships Once he had the table of
relationships set up, he used that to trace the
chains, and establish the length of all the
different chains. Now he would go to his catalog
and see what scrambler arrangements could give
rise to the chain-lengths he had. This gave him
the scrambler arrangement for the day.
53
Rejewskis technique
But the plugboard settings were unknown. To find
these, Rejewski set his Enigma machine with the
scrambler settings he found out, took out the
plugs, and set to work typing in the received
messages. Now most of them were gibberish, since
the plugs were not put in, but once in a while
obvious exchanged could be made that would result
in a message that makes sense. For example, the
message ALLIVEINBELRIN strongly suggested the R
and L were swapped on the plugboard. Now that the
scrambler and plugboard settings were discovered,
all the days mail could be read.
54
Rejewskis Bombe
Even when the Germans made some alteration to the
way they transmitted messages, Rejewski was able
to handle it by making a mechanized version of
his cataloguing system. He had 6 machines
working, one for each of the scrambler settings.
Each one of these machines checked all the
different scrambler orientations. All this time
that Rejewski and the Polish cryptographers were
working on breaking the Enigma codes, their chief
had the Enigma day keys tucked in his drawer,
obtained by the French from Schmidt.
55
In 1938, the Germans changed the way the Enigma
was run. 2 new rotors were introduced. Now each
day key represented 3 rotors chosen from a
possible 5. The number of arrangements was now
60. Now the task became prohibitive. Rejewski
would have to figure out the internal wiring of
the 2 new rotors, and then to set up 60 bombes
would be too expensive. It got worse the next
month when the Germans started using 20 plugs to
swap letters, instead of 12. The Enigma could
still be broken using these techniques, but the
mechanized power to do so was not there. In
April 1939, Germany withdrew from its
nonagression pact with Poland. Fearing a German
invasion, it was decided to share the progress
with the Allied forces. The information was
given to the French and British. On August 16th,
one of the Enigma machines was smuggled to
Britain. Two weeks later, on September 1, 1939,
Hitler invaded Poland.
56
The British and French has assumed the Enigma
could not be broken now they saw they were
wrong. The Enigma was not a perfect cipher, it
could be broken. The experience of the Polish
codebreakers showed that mathematicians and
mathematical techniques are a good way of
breaking this code. In Britain Room 40 was
dominated by classicists and linguists, now an
effort was made to staff it with mathematicians
and scientists. The new recruits were brought to
Bletchley Park, the home of the newly formed
Government Code and Cipher School. In the Fall
of 1939, Bletchley park cryptanalysts were
learning the workings of the Enigma.
57
Once the Bletchley park people mastered the
techniques developed by the Poles, they started
to develop their own techniques and
shortcuts. They noticed that sometimes the
German operators used obvious message keys e.g.
QWE or BNM (consecutive type-writer keys) or
repeatedly used the same key (e.g. initials of
their girlfriends) instead of random keys. These
were not weaknesses of the machine, but rather of
how it was used.
58
Also, there were regulations that the arrangement
of rotors could not be the same any 2 days in a
row. E.g. if the arrangement was 134 on one day,
then the next day rotor 1 could not be in
position 1, 3 could not be in position 2, and 4
could not be in position 3. This was meant to
induce more random behavior, but in fact reduced
the number of possibilites. Similarly, there was
a rule that the plugboard settings could never
swap a letter for one next to it in the alphabet.
59
One of the greatest mathematicians in Bletchley
was Alan Turing. (see www.turing.org.uk) He
noticed that many of the messages conformed to a
certain rigid pattern. For example, a weather
report was send shortly after 6am each day.
These invariably contained the word WETTER
(German for weather). He knew to look for this
in the first 6 letters of a message. This served
as a crib. Now they could try to see which
scrambler and plugboard combinations give the
right encryption.
60
Except that there are too many combinations to
test. Turing created a prototype bombe that
would test these possibilites. the first
computer that could test all this possibilities.
61
Enigma simulator

• http//www.codesandciphers.org.uk/enigma/emachines
  /enigmad.htm

62
Lorenz Cipher

• This was a similar machine to the enigma, but
  much more complicated.
• The first programmable computer was built to
  handle this Colossus
• It was secret, though (like everything else at
  Bletchley) so it did not become known as the
  first computer.

63
HW8

• Use enigma simulators to encipher and decipher
  messages.

64
The enigma machine
http//mckoss.com/Crypto/Enigma.htm for a paper
enigma machine http//users.telenet.be/d.rijmenan
ts/index.htm for a description of the
enigma http//users.telenet.be/d.rijmenants/en/en
igmasim.htm for an enigma simulator.