Cryptoanalysis - PowerPoint PPT Presentation

About This Presentation
Title:

Cryptoanalysis

Description:

Cryptoanalysis It not very common to teach cryptoanalysis on a basic course on communications security. It is probably because cryptoanalysis is not very useful anymore. – PowerPoint PPT presentation

Number of Views:28
Avg rating:3.0/5.0
Slides: 20
Provided by: jormajo9
Category:

less

Transcript and Presenter's Notes

Title: Cryptoanalysis


1
Cryptoanalysis
  • It not very common to teach cryptoanalysis on a
    basic course on communications security. It is
    probably because cryptoanalysis is not very
    useful anymore.
  • Cryptoanalysis has a role in checking weaknesses
    in new algorithms and giving the theory how to
    design cryptoalgorithms.
  • It is only a myth that modern cryptoalgorithms
    are broken by top-bright mathematicians working
    with pen and paper and some supercomputers of
    course, provided that the algorithms are used as
    they should be.
  • In the second world war codes were indeed broken
    by mathematics but now they are usually too good.
  • In some years computers get faster and do the
    cracking with brute force but before that time
    the analysist should hope for errors in usage
    leading to a compromise. Errors are common.

2
Cryptoanalysis
  • Known cryptoanalytic methods were usually
    developed long time ago and are mostly of
    historical interest.
  • Older cryptoalgorithms are made by substitution
    and transposition of letters. (modern work with
    bits)
  • Monoalphabetic substitution uses one list of
    characters and letters are substituted according
    to it. No monoalphabetic substitution algorithm
    is safe as they can be easily cracked by
    statistical analysis of probability of letters.
  • Polyalphabetic substitution algorithms use
    several substitution lists.
  • Permutation algorithms change the order of
    letters. Pure permutation algorithms are simple
    to crack.
  • Basically, in order to crack these kind of
    algorithms you need to guess a word or 3-4
    letters, after which guessing gets easier.

3
Cryptoanalysis
  • Monoalphabetic
  • Replace the letter in the upper row with one in
    the lower row.
  • a b c d e f g h i j k ...
  • j m n g z y l t b u s ...
  • Polyalphabetic (example, VIGENERE)
  • t h i s i s a c l e a r t e x t w h i c h
    i w r o t e
  • k e y w o r d k e y w o r d k e y w o r d .....
  • Use the key letter for encrypting the letter in
    the clear text letter by e.g.
  • cipher_letter (clear_letter key_letter)
    modulo 26
  • Thus, every 7th letter is encypted by the same
    key and the ciphertext is a composition of 7
    monoalphabetic ciphers.

4
Cryptoanalysis
  • If there is enough cipher text, monoalphabetic
    cipher is easy to break since letters have
    different frequences.
  • Most common letters (every cryptoanalysis should
    memorize these, they are said to be easy to
    remember)
  • English etaoinshrdlu
  • French esarintulo
  • German enirstaduhl
  • Italian eiaorints
  • If there is not enough text, like there is only
    one cipher message, we still can look for likely
    words or letter combinations. If anything is
    repeated, it is a common sequence. In English
    there is a common ending /ation, common word the
    and so on.
  • This statistical cryptoanalysis works also with
    polyalphabetic substitution ciphers, simply take
    every Kth letter provided you get the key length
    K in some way.

5
Cryptoanalysis
  • Polyalphabetic substitution cipher can be much
    more difficult, like ENIGMA, but with a simple
    algorithm, like VIGENERE, we can use Kasiskis
    attack
  • look for repeated letter sequences in the cipher
    text and calculate their distance.
  • Some repetitions are pure chance, but some are
    caused by the same letters both in the clear text
    and in the key. Then the distance is a multiple
    of the key length.
  • Looking at all these repetitions we can deduce
    the likely key length.
  • When the key length K is known, take every Kth
    letter from the cipher text and decrypt it as a
    monoalphabetic substitution cipher.

6
Cryptoanalysis
  • Statistical analysis can be made stronger by
    having all frequences of two, three and four
    letter combinations in a language. A machine can
    be used to find the best match.
  • Statistical analysis using simple letter or
    letter combination frequences is too elementary.
  • A more advanced method is to calculate some
    invariants.
  • Let us look this way to proceed calculating
    invariants, such as Kappa, Chi and Phi.
  • There are statistical tests, such as Friedmans
    Kappa-test and Kullbacks Phi-test based on these
    invariants.
  • (These researchers helped Americans to break
    Japanese codes in the Second World War. )
  • Usually you would have a computer to do the
    testing.

7
Cryptoanalysis
  • Kappa and Chi
  • Let us consider two texts
  • Kappa is the coincidence of letters
  • Different languages have different typical values
    for Kappa
  • N Kullback(1976)
    Eyraud(1953)
  • English 26 6.61 6.75
  • German 26 7.62 8.20
  • French 26 7.78 8.00
  • Russian 32 5.29 4.70
  • Spanish 26 7.76 7.69
  • Kappa can thus identify the language for
    substitution cipher.

8
Cryptoanalysis
  • Chi is defined as follows. Consider the texts
  • Let and be the numbers letters and
    occur in T and U
  • Definition
  • where is the number of letters in the
    alphabet of the language.
  • Let us also define
  • Let designate a cyclic permutation of to
    the right (take the first letter and move it to
    be the last, repeat r times).
  • The Kappa-Chi Theorem states that

9
Cryptoanalysis
  • Let us define
  • Kappa-Phi Theorem states that
  • One can show that
  • Phi will not change in transpositions.
  • Phi will not change in monoalphabetic
    substitutions.
  • Chi (and Psi) of two texts with the same length
    created with the same cipher, will not change in
    monoalphabetic substitutions, nor in
    transpositions.

10
Cryptoanalysis
  • Renyis entropy concept
  • is called Renyis
    -entropy
  • Example, for a sample text of 280 characters in
    English one may measure e.g.

These characteristic numbers are typically
invariant and can find the language, maybe more,
maybe even identify the text.
11
Cryptoanalysis
  • In the Second World War time...
  • Japanese ambassy code was used in a way leading
    to a compromise using these kind of invariants.
  • Letters had formal structure so it was possible
    to guess many words, and formal beginnings or
    endings to letters.
  • Furthermore, when a letter was addressed to the
    USA, it was handed out in clear text in exactly
    the same form it was received in cryptotext, thus
    Americans got clear text, cipher text pairs.
  • Now it is rather easy to see that statistical
    invariants identifying a text may help a good way
    in deciphering.

12
Cryptoanalysis
  • A good attack against some polyalphabetic
    substitution algorithms is also missing match
    attack. We first must guess that somewhere in the
    clear text there is some known reasonably long
    word, like bombing.
  • Polyalphabetic substitution ciphers never encrypt
    any letter to the same letter.
  • We shift the known word to the right in the clear
    text and try to find a place where no letter
    matches with the known word and the cipher text.
  • This may be the cipher text for the word. Then
    some letters are quessed and deciphering gets
    easier.
  • If there are many matches, we need a computer to
    investigate all cases.
  • Naturally, we do not need to know the known word,
    but may try to guess what there could be.

13
Cryptoanalysis
  • A pure transposition cipher simply changes the
    order of letters.
  • Though there are not so many combinations (N!) in
    a cipher text of length N if N is small, there is
    one problem
  • We can go through all combinations but there may
    be several possible clear texts that could be the
    answers.
  • This is because a pure transposition is an
    anagram and anagrams do not have a unique answer.
  • Example Newton once wrote to Leibniz
  • It may mean data aequatione quodcumque fluentes
    quantitates involvente, fluxiones invenire et
    vice versa
  • but who knows, and besides, who knows what Newton
    meant with the phrase in Latin anyway.
  • Clearly, transposition may strengthen a
    cryptoalgorithm.

14
Cryptoanalysis
  • Viasiras attack against encryption of Bazeries
    is yet another example how some polyalphabetic
    substitution ciphers can be broken.
  • The encrytion is made using 20 tables (or wheels)
    and on each wheel there are 20 letters. A table
    may contain several times the same letter and
    thus cannot contain all letters.
  • The tables are moved to some starting point
    determined by the key. Encyption starts at some
    table and moves to the next table for the next
    letter.
  • In Viasiras attack you try to find such a
    starting place for the tables that all letters in
    the cipher text could have been produced the
    encyption devise. There will not be so many such
    places. This attack is simple, but illustrates
    how the encyption devises specific structure
    influences cryptoanalysis.

15
Cryptoanalysis
  • Linear cryptoanalysis
  • Uses densities of letter combinations and a
    linear transform in order to get the key.
  • Example
  • FDYSW IJXNZ NSNRE NHUWA WMIEJ EXWASX
  • ISIGO JNTBD BWDPU ....
  • Convert letters to numbers and group them by
    three
  • 5 2 24 18 22 8 9 23 13 25 13 18 13 17 4
    13 7 20
  • 22 0 22 12 8 4 8 4 23 4 18 8 13 19 1 3
    1 22 3 15 20
  • ...

16
Cryptoanalysis
  • Let us assume that we notice that some
    combinations appear often, like 13 17 4, 22 0 22
    and 6 16 9. If this is English,German or French,
    the ending /ation is the most common. Thus we may
    suppose that these combinations are /ati, /tio
    and /ion.
  • These combinations in numbers are 0 19 8, 19 8 14
    and 8 14 13. Let us try to find a linear
    transform X so that
  • Thus we get

Clearly, we found the key Ministry o(f). In
practice this is harder.
17
Cryptoanalysis
  • There are much more classical cryptoanalytic
    methods.
  • Most of the classical methods do not work with
    modern ciphers.
  • Two methods are currently used with symmetric
    algorithms linear cryptoanalysis and
    differential cryptoanalysis.
  • Linear cryptoanalysis is a variant of the method
    decribed before with letter-based ciphers.
  • Differential cryptoanalysis studies the
    differences in cipher text if the clear text is
    changed very little, or vice versa.
  • Both methods have been shown to work with DES,
    but they reduce attacks on DES from brute force
    attack of
  • trials only to and respectively.
  • The way DES is broken in practice is by brute
    force.

18
Cryptoanalysis
  • Brute force is thus a way to crack symmetric
    cryptoalgorithms with too short keys, and it can
    be made e.g. with thousands of computers in the
    Internet.
  • With public key cryptosystems the question is
    more involved. There is no known lower boundary
    of complexity for breaking a public key
    cryptosystem.
  • They are though to be based on hard mathematical
    problems, but mathematicians solve hard long
    lasting problems every now and then.
  • Cryptoanalysis is no longer very useful for
    cracking good cryptoalgorithms, fortunately they
    are sometimes used incorrectly. An unlucky case
    of incorrect usage may cause the algorithm to be
    compromised.

19
Cryptoanalysis
  • One such case was with ENIGMA, the same text was
    encrypted twice and the double encipherment
    created flaws that cryptoanalysists could take
    advantage of.
  • Present situation in cryptoanalysis, apart from
    some lucky errors leading into compromises, is
    that good algorithms cannot be cracked before the
    key sizes become too small.
  • Key sizes are chosen small, maybe for better
    performance but some claim keysize is chosen
    small enough so that the intelligence of some
    countries can open them.
  • Accoring to one article in Signal magazine,
    Americans have not been able to decrypt Soviet
    ciphers after they were modernized.
  • Secret information has been obtained all the
    time, but by theft, bribery or blackmail.
  • This lecture was based on Friedrich L. Bauer
    Decrypted Secrets, 3rd edition, Springer, 2002.
Write a Comment
User Comments (0)
About PowerShow.com