Cryptanalysis - Lecture Slides - Cryptography and Data Security | COMP 7120, Study notes of Computer Science

Material Type: Notes; Professor: Deng; Class: Cryptgrphy/Data Securty; Subject: COMP Computer Science; University: University of Memphis; Term: Unknown 1989;

Typology: Study notes

Pre 2010

Uploaded on 07/28/2009

koofers-user-08c
koofers-user-08c šŸ‡ŗšŸ‡ø

10 documents

1 / 30

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Cryptanalysis
īš„Assumption: (Kerckhoffs’ principle) the
cryptosystem used is known to the
opponent.
īš„designer should not assume what system
used can remain secret.
īš„attack models: kind of information
available to the adversary.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e

Partial preview of the text

Download Cryptanalysis - Lecture Slides - Cryptography and Data Security | COMP 7120 and more Study notes Computer Science in PDF only on Docsity!

Cryptanalysis^ Ā„^ Assumption: (Kerckhoffs’ principle) thecryptosystem used is known to theopponent.

Ā„^ designer should not assume what systemused can remain secret. Ā„^ attack models: kind of informationavailable to the adversary.

Attack models^ Ā„^

x=plaintext, y=ciphertext.

1.^

ciphertext only attack: only y is known.(weakest type of attack models)

2.^

known plaintext attack: some (x,y) wherexƆ

y is known.

3.^

chosen plaintext attack: temporary accessto e

(x)k^

[encryption machine]

4.^

chosen ciphertext attack: temporary accessto d

(y) [decryption machine]k

Table 1.1. Letter Frequency

Z

M

Y

L

X

K

W

J

V

I

U

H

T

G

S

F

R

E

Q

D

P

C

O

B

N

A

Z

U

X

C

Q

L

J

D

K

R

V

H

B

S

P

N

Y

I

G

O

F

A

W

T

M

E

Common Digram and Trigram^ Ā„^ Common Digrams:^ Ā„^ TH, HE, IN, ER, AN,RE, ED, ON, ES, ST,EN, AT, TO, NT, HA,ND, OU, EA, NG, AS,OR, TI, IS, ET, IT,AR, TE, SE, HI, OF

Ā„^ Common Trigram: Ā„^ THE, ING, AND,HER, ERE, ENT,THA, NTH, WAS,ETH, FOR, DTH

Table 1.1 vs. Table 1.

Z

U

X

C

Q

L

J

D

K

R

V

H

B

S

P

N

Y

I

G

O

F

A

W

T

M

E

Z

U

W

P

T

M

Q

L

J

A

I

S

G

V

C

F

Y

K

O

H

N

E

B

D

X

R

Cryptanalysis: affine cipher^ Ā„^ Encryption e

(x)= a x + b mod 26.k

Ā„^ ā€œaā€ and ā€œbā€ are unknown.

Ā„^ Matching Table 1.1 and Table 1.2 canreduce the number of ways to solve ā€œaā€and ā€œbā€.

(read e.g. 1.10, page 28-29).

Ā„^ NOTE: since the key space is small(how many ?), we can easily solve byan exhaustive search program.

Cryptanalysis: Vigenere cipher^ Ā„^ keyword of length m:

k = (k

, k 1

, …, k 2

)m

Ā„^ m=key word length.

Ā„^ y

= (y

, y 1

, …, y 2

) is observedn

Ā„^ n=(large) ciphertext length. assume m|n.

Ā„^ e

(xk

) = xi

+ ki

(mod 26), i=1,..,m is thei

ā€œpositionā€ in each block of size m. Ā„ Cryptanalysis: need to find m and

k.

Cryptanalysis: Vigenere cipher^ Ā„^ e.g. 1.12 (page 34) ciphertext:

Ā„^ CHREEVOAHMAERATBIAXXWTNXBE…

Ā„^ Q: how to find m and keyword

k^

Ā„^ A: Kasiski test. Ā„^ NOTE: CHR appeared five times atposition 1, 166, 236, 276, and 286.

Ā„^ ā€œdistancesā€ are multiple of 5. Hence m=5. Ā„^ Other systematic method?

Using I

( x c

) to find m

Ā„^ y

= (y

, y 1

, …, y 2

) be the ciphertext.n

Ā„^ Divide

y^

into m (guess) sub-strings as

Ā„^ y

= y 1

, y^1

m+

, y 2m+

Ā„^ y

= y 2

, y^2

m+

, y 2m+

Ā„^ … Ā„^ y

= ym

, ym

, y2m

, …3m

Ā„^ Compute I

(yc

), i=1, 2, .., m.i^

Ā„^ for correct m, the values of I

( y c^ i

)^ ā‰ˆ

Ā„^ for incorrect m, the values of I

( y c i

)^ ā‰ˆ

Block length m determination^ Ā„^ Recall I

( x c

Ī£^

[f^ (fi^

-1)]/[n(n-1)]i^

Ā„^ If

x^ is a regular English text, I

( x )c

2 pi

Ā„^ pi^

=the relative frequency in Table 1.1. (i=0,1,…,25)

Ā„^ Note: I

( x ) remains unchanged with permutation.c

Ā„^ If

x^ is a random text, I

( x )c

Ā„^ For m indices

Ic

(y^ ), i=1, 2, .., m.i

Ā„^ if m is correct,

y i^

is a sub-string of regular English

text, and the values of I

( y c i

)^ ā‰ˆ

Ā„^ if m is incorrect,

y i^

is a sub-string of random test,

and values of I

( y c i

)^ ā‰ˆ

Find key

k

Ā„^ Divide

y^

into m sub-strings as

Ā„^ y

= y 1

, y^1

m+

, y 2m+

Ā„^ y

= y 2

, y^2

m+

, y 2m+

Ā„^ … Ā„^ y

= ym

, ym

, y2m

, …3m

Ā„^ Note: Each letter in

y i^

has been shifted by the

same amount g=k

. We search for g such thati

Mg^

=^ Σ

pj^

Qj+g

2 pj

ā‰ˆ0.065. [why ?]

Ā„^ Q

is the relative letter frequency inj+g

y i.

Example 1.12. Find key

k

Ā„^ e.g. 1.12 (page 34) ciphertext:

Ā„^ CHREEVOAHMAERATBIAXXWTNXBE…

Ā„^ m=5. Divide the ciphertext into 5substrings.

y^1

,^ y

y^5

Ā„^ For each g=0,1,2,…,25 compute M

( y g^

)i

as shown in Table 1.4 (page 35) Ā„ The correct key index g are boxed.^ Ā„^ k

=(9,0,13,4,19)=JANET. (show!)

Hill cipher^ Ā„^ P=C=(Z

m

Ā„^ K=(Z

mxm

,^

key

K^

is a mxm matrix.

Ā„^ plaintext:

x = (x

, x 1

, …, x 2

)m

Ā„^ ciphertext :

y = (y

, y 1

, …, y 2

)m

Ā„^ e

( x k

x K

(mod 26),

Ā„^ d

( y k

)^

=^

y K

-1^ (mod 26).

Cryptanalysis: Hill cipher^ Ā„^ Can be hard to break with ciphertextonly.

Ā„^ statistical frequency analysis is not useful.why not?

Ā„^ However, it is quite simple to breakunder known plaintext attack.

Ā„^ collect at least m pairs of (

x ,^ i

y ) and solvei^

a mxm matrix equation. (how?)