INFORMATION SECURITY

SENS-4533

Week 2
Classical Encryption

Dr Nauman Mazhar
University of Central Punjab
Outline
 Concepts of encryption
 Basic terminology
 Model of a Cryptosystem
 Encryption types
 Attacks on Cryptosystems
 Substitution cipher
 Caeser Cipher
 Mono-alphabetic substitutions
 Poly-alphabetic Ciphers
 OTP

2
Cryptography
 Cryptography
“methods of transforming data such that
it can be read & processed only by authorized persons”
(strongest control against many types of security threats)

 Cryptographic systems can be characterized by:

1. Types of encryption operations used:
 Substitution, Transposition, Mathematical functions

2. Number of keys used:

 single-key / Symmetric, two-key / Asymmetric / Public

3. Ways in which data is processed:

 Block cipher, Stream cipher
3
Basic Terminology
 Plaintext
◦ original data
 Ciphertext
◦ encrypted data
 Encryption (Encipher)
◦ process to transform data so that meaning is not obvious
 Decryption (Decipher)
◦ transform encrypted data back into original form
 Cryptosystem
◦ system that performs encryption/decryption
4
Basic Terminology
 Cipher
◦ algo to transform plaintext into ciphertext, & back
 Key
◦ secret info used to encrypt/decrypt; known only to sender/receiver
 Cryptography
◦ study of principles & methods of encryption/decryption
 Cryptanalysis
◦ study of methods to decipher without the key, or to find the key
 Cryptology
◦ field of study of both cryptography & cryptanalysis

5
Model of Crypto System
Key Key

Ciphertext

Plaintext Original
input Encryption Decryption Plaintext
algorithm algorithm

• ciphertext → a function of plaintext, algo, & key

• change in key, produces a different ciphertext for the same plaintext

6
Encryption Types
 Symmetric Encryption (Secret key encryption)

same key ‘K’ used for both encryption & decryption

C = E ( P, K ) & P = D ( C, K )

Key
Original
Plaintext Ciphertext Plaintext
Encryption Decryption

Symmetric Cryptosystem

7
Encryption Types
 Asymmetric Encryption (Public key encryption)
◦ encryption & decryption keys come in pairs (KE , KD)
◦ encrypt with KE C = E ( P, KE )
◦ decrypt with KD P = D ( C, KD )

Encryption Key Decryption Key

KE KD
Original
Plaintext Ciphertext Plaintext
Encryption Decryption

Asymmetric Cryptosystem
8
Attacks on Encryption
 Brute-Force Attack
◦ attacker tries all possible keys on ciphertext
 until an intelligible translation obtained
 assumption: either knows about plaintext, or recognises it
◦ on average, half of all possible keys tried

 Cryptanalysis
◦ attacker studies encryption algo characteristics, & tries to exploit
some weakness in algo
 may deduce plaintext and/or key
◦ needs encryption algo & sample plaintext-ciphertext pairs
◦ also, some knowledge of plaintext

9
 Average Time Required for
Exhaustive Key Search
Key Size Number of Avg time required Avg time required
(bits) Alternative Keys (1 decryption/µs) (106 decryptions/µs)

32 232 = 4.3  109 231 µs = 35.8 minutes 2.15 milliseconds

56 256 = 7.2  1016 255 µs = 1142 years 10.01 hours

128 2128 = 3.4  1038 2127 µs = 5.4  1024 years 5.4  1018 years

168 2168 = 3.7  1050 2167 µs = 5.9  1036 years 5.9  1030 years

26 characters 26! = 4  1026 2  1026 µs = 6.4  1012 years 6.4  106 years
(permutation)

10
Classical Encryption

11
Classical Encryption Techniques
 Classical encryption represents historical techniques
◦ simpler, easy to comprehend & implement

 Their study makes it easy to understand…

◦ basic approaches to encryption (symmetric)
◦ weaknesses in encryption mechanisms
◦ methods of cryptanalysis

 Basic building blocks of symmetric encryption techniques...

◦ Substitutions
◦ Transpositions

12
Substitution Ciphers

 Plaintext letters are replaced by some other letters or

numbers or symbols

 If plaintext is viewed as a sequence of bits...

“plaintext bit patterns are replaced
with some other ciphertext bit patterns”

13
Caesar Cipher
 Earliest known substitution cipher
◦ by Julius Caesar, first attested use in military affairs

 Transformation defined as:

“replace each letter by 3rd letter of alphabet”
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Plaintext: meet me after the toga party

Ciphertext: PHHW PH DIWHU WKH WRJD SDUWB

14
Computer Implementation
 Represent plaintext letters numerically…
A B C D E F G H I J K L M
0 1 2 3 4 5 6 7 8 9 10 11 12

N O P Q R S T U V W X Y Z
13 14 15 16 17 18 19 20 21 22 23 24 25

 Perform numeric operation on letters with (mod 26) arithmetic

ci = E( pi ) = ( pi + 3 ) mod 26
A+3=D H+3=K Y+3=B

Generalized C = E(p) = (p + k) mod (26)

cipher with any
shift ‘k’ p = D(C) = (C – k) mod (26)
15
Caesar Cipher
 Let us try to encrypt the message with k = 3

Attack at Dawn

 Assignment…
◦ Each student will exchange a secret message with his/her
closest neighbor, and neighbor will decipher it
Breaking Caesar Cipher
 Use Brute Force search...
◦ Encryption/decryption algo is known – letter shift
◦ only 25 possible shifts; A maps to B,C,D,.. or Z
◦ try all 25 keys

 Brute force is possible, because...

◦ computationally feasible
◦ can recognize plaintext (English text) when recovered

17
Brute-Force on
Caesar Cipher

Do need to recognize
when we have the
plaintext…!!!

18
Compressed Plaintext
 Input may be compressed (or an exe file)
◦ Encryption may be simple
◦ Decryption not simple… plaintext is not recognizable

19
Monoalphabetic cipher

20
Monoalphabetic Cipher
 Shifting of alphabet produces less number of keys
 We can substantially increase size of key space...
“shuffle 26 letters of alphabet arbitrarily, & use any permutation”
gives total of 26! = 4 x 1026 keys (or alphabets)

 Example:
◦ set S = {a,b,c} has 3! = 6 permutations...
abc, acb, bac, bca, cab, cba

permutation:
ordered sequence of all elements, where each element
appears only once

21
Monoalphabetic Cipher
 Monoalphabetic Cipher - single alphabet used to encrypt
one message

 Each plaintext letter maps to a different ciphertext letter

randomly

22
Monoalphabetic Cipher : Example

Plaintext: ifwewishtoreplaceletters

Ciphertext: DMLVLDOFIRJVYWKPVWVIIVJO

23
Monoalphabetic Cipher : Security
 Total number of keys: 26! = 4 x 1026 keys
◦ No Brute Force due to large number of keys
◦ Cryptanalysis is possible...!!!
 Problem is language characteristics
◦ each English letter is used with a specific, known frequency
◦ letter frequencies are consistent, for texts of fairly large sizes

“Monoalphabetic substitution ciphers do not change

relative letter frequencies; each plaintext letter always maps to
same ciphertext letter”
 If nature of plaintext known, e.g, English text
◦ letter frequencies can be exploited

24
Language Characteristics & Cryptanalysis

 In English, E is the most common single letter used

◦ then T,A,O,I,N,S,H,R
◦ other letters are fairly rare; like Z,Q,X,J,K

 Also, tables of double & triple letter frequencies exist...

◦ two letter pair is Digram
 most common digram - TH

◦ three letter tripple is Trigram

 most common trigram - THE

25
English Letter Frequencies

26
English Letter Frequencies

Sorted Relative Frequencies

14.000
12.000
10.000
8.000
6.000
4.000
2.000
0.000
E T A O I N S H R D L C U MW F G Y P B V K J X Q Z

27
Language Characteristics & Cryptanalysis

 General Procedure...
◦ calculate letter frequencies in ciphertext
◦ compare counts/plots against known values
◦ Caesar cipher : look for common peaks/troughs
◦ Monoalphabetic : must identify each letter separately
tables of digrams/trigrams help
◦ Amount of ciphertext is important – statistics...!

28
What kind of Cipher is this?
English Letter Frequencies

14.000
12.000
10.000
8.000
6.000
4.000
2.000
0.000
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Frequences for Cipher-0

14.000
12.000
10.000
8.000
6.000
4.000
2.000
0.000
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

29
What kind of Cipher is this?
English Letter Frequencies

14.000
12.000
10.000
8.000
6.000
4.000
2.000
0.000
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Frequencies for Cipher-1

14.000
12.000
10.000
8.000
6.000
4.000
2.000
0.000
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

30
Improvement over Monoalphabetic Cipher

 Monoalphabetic ciphers easy to break...

 Two approaches to improve security is to perform
encryption using:
◦ multiple cipher alphabets
◦ multiple letters of plaintext
 Goal:
◦ flatten the frequency distribution of letters in ciphertext
“lessen the extent to which structure of plaintext
survives in ciphertext”

31
Polyalphabetic cipher

32
Polyalphabetic Ciphers
 An approach to improve security is to use
multiple cipher alphabets
“different monoalphabetic substitutions for the same plaintext”
 Procedure:
◦ select a set of related monoalphabetic substitutions
◦ use a key to determine which alphabet to use for each letter of the
message

 Makes cryptanalysis harder...

◦ flattens frequency distribution
◦ more alphabets to guess

33
Vigenère Cipher
 Simplest Polyalphabetic substitution cipher...
 Vigenère Cipher
◦ Effectively multiple Caesar ciphers... multiple alphabets
◦ Select a Key multiple letters long; K = k1 k2 k3 ... ... km
 each letter of key specifies the alphabet to use
◦ Encrypt using each alphabet in turn
 use a look up table... Vigenère Tableau
 after m letters in message, repeat the key from start

◦ Decryption simply works in reverse

34
 Modern Vigenère Tableau
plaintext
key

35
Example
 Write the plaintext
 Write the keyword repeated above it
 Use each key letter as a Caesar cipher key
 From table get the corresponding ciphertext letter
 e.g, using keyword deceptive

key: deceptivedeceptivedeceptive
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ

36
 Modern Vigenère Tableau
plaintext
key

37
Security of Vigenère Ciphers
 Letter frequency distribution improved under Vigenere cipher
◦ multiple ciphertext letters for each plaintext letter

38
Cryptanalysis of Vigenère Cipher

 Letter frequencies obscured under Vigenère Cipher

◦ but not totally lost

 Start with letter frequencies

 Check if monoalphabetic, or not
◦ i.e, ciphertext letter freq matches plaintext letter freq…?

 If not, check for polyalphabetic

◦ need to determine number of alphabets used – length of key word
◦ then attack each alphabet
◦ Kasiski Method

39
Kasiski Method
 Determine length of keyword
 Repetitions in ciphertext give clues to key length
◦ if two identical sequences of plaintext letters occur at distance
that is integer multiple of key length
◦ they generate identical ciphertext sequences

 So, find same ciphertext an exact distance apart

◦ it resulted from same plaintext
◦ key will be an integer multiple of this distance

40
Kasiski Method

key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ

 Repeated “red” and “VTW” in above example

 Suggests key size of 3 or 9
◦ cipher consists of 3 or 9 monoalphabetic ciphers
 Attack each monoalphabetic cipher individually using
techniques as before

41
Autokey Cipher
 Periodicity of key can be eliminated
◦ use non-repeating keyword, as long as the message
 Vigenère proposed the Autokey cipher
◦ keyword prefixed to message, to provide a runing key

key: deceptivewearediscoveredsav
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA

42
One-Time Pad
 One-Time pad uses a random key as long as message
 key letters random; not conforming to letter freq
 key as long as message, no repetition
 key used once (encrypt/decrypt), then discarded
 new message requires new key

 Cipher unbreakable…
 produces random output – ciphertext
 no statistical relationship to plaintext

 Security lies in randomness of key

 problem of key generation & secure distribution

43
Strength of Encryption Algo
 Unconditional Security
◦ no matter how much computing power or time is available, cipher
can’t be broken, since it provides insufficient info to uniquely
determine corresponding plaintext

 Encryption algo considered breakable, when given enough time &

data – cryptanalysis can be successful
◦ but a possibly breakable algo, may be infeasible to break

 Computational Security
◦ time needed to break the cipher exceeds useful lifetime of
encrypted info
◦ cost of breaking the cipher exceeds value of encrypted info

44
 Summary
 Concepts of encryption
 Conventional encryption algorithms
 Substitution cipher
 Caeser Cipher
 Mono-alphabetic substitutions
 Poly-alphabetic Ciphers
 OTP

45