CHAPTER 4 REDUCTION OF VARIABLE LENGTH KEY SEARCH TIME OF VIGENERE CIPHER USING FIREFLY ALGORITHM

Transcription

1 64 CHAPTER 4 REDUCTION OF VARIABLE LENGTH KEY SEARCH TIME OF VIGENERE CIPHER USING FIREFLY ALGORITHM 4.1 INTRODUCTION Any Cryptanalyst should focus on the two basic needs of cryptanalysis such as 1. To identify the encryption method employed. 2. To find the key/plaintext. In chapter 3, identification of encryption method employed was implemented using Neural Network. So the next task is cryptanalysis of a given cipher. Here, automatic cryptanalysis of Vigenere cipher was implemented. Hence with the available Vigenere cipher text, an attempt has been made to find the key employed without human intervention. The efficiency of a cryptanalyst depends upon two factors. 1. He/She should be able to find the Key/Plaintext with the least amount of Cipher text. 2. He/She should be able to find the key/plaintext with the least possible time.

2 65 Though, Vigenere encryption has already been crypt analyzed using various techniques by Sivagurunathan (2014), it is desired to crypt analyze using Meta heuristic algorithm and within the least possible time. Vigenere cipher text of 1 KB is taken into account and it was crypt analyzed to find out key employed. It was also tested to recover different keyword sizes from the available 1 KB Vigenere cipher text. Verma et al (2007) used GA and Tabu Search attacks on Mono- Alphabetic Substitution Cipher in Adhoc Networks. Horng Ming-Huwi (2012) implemented digital image compression using FA in least computation time. Banati & Bajaj (2011) used FA for feature selection and it was found better performance than other algorithms in time and optimality. Gandomi et al (2011) and Azad & Azad (2011) solved highly nonlinear and multimodal design problems using Firefly algorithm. Antenna design problems were also solved by Basu & Mahanti (2011). 4.2 THE VIGENERE CIPHER The main drawback of simple substitution cipher is that they are easily breakable using frequency analysis of each alphabet in the cipher text. Hence a technique was developed by Blaise de Vigenere in the year 1553 and so it was named as the Vigenere cipher. The Vigenere cipher is a basic form of substitution cipher and the type of substitution is polyalphabetic. In Vigenere cipher tabula recta is used for both encryption and decryption. This table consists of 26 alphabets written in 26 different rows, in which each and every alphabet is left shifted with reference to the last alphabet. 4.3 FIREFLY ALGORITHM Metaheuristic algorithm forms an essential element of modern global optimisation algorithms, computational intelligence and soft

3 66 computing. Generally these algorithms are nature-inspired with numerous interacting agents. A nature-inspired metaheuristic algorithm was widely used for more than a decade. A subset of metaheuristic are often referred to as swarm intelligence based algorithms which works on swarm intelligence characteristics of biological agents such as birds, fish, human and others. Hence for example, Swarm Optimisation was based on the swarming behaviour of birds and fish whereas the firefly algorithm was based on the flashing characteristics of Fireflies derived by Yang (2008). This algorithm deals with the blinking characteristics of the fireflies in nature. The blinking light from a firefly is considered as a signal system, in which each firefly is attracted by the neighbouring fireflies. According to the Firefly algorithm, initially each firefly is given a random position in the search space. All the fireflies have their own flashing light property and the attracting capability of each firefly depends upon its brightness. This will fix the present position in the search space depends upon the computed fitness value. The attractiveness of a firefly depends upon its brightness. Each firefly will be attracted by a nearby firefly which is having more brightness in the search space. Thus each firefly moves towards the brighter firefly and then its fitness function changes accordingly based on its current position. Thus the moving of fireflies towards brighter firefly results in a better position in the search space.the light intensity from a source at a distance r is based on the inverse square law. This law states that the intensity of the light I reduce as the distance r increases in terms of I 1 r 2 (4.1) In addition to this, air in the atmosphere absorbs the light and so the brightness of the light decreases as the distances increases. Hence it is observed that for the above reasons many of the fireflies visible only to a short distance.

4 67 The flashing characteristics of this firefly algorithm are clearly stated by Yang (2010) as three rules. 1. Irrespective of the sex of the fireflies each firefly is attracted by another one because they are all are unisex. 2. Due to the blinking nature of the fireflies, those fireflies which are having less brightness will be attracted by the fireflies which are having more brightness and so the Attractiveness is directly proportional to their brightness, and they both decreases as their distance increases. A firefly can move randomly, if no one is brighter than a particular firefly. 3. The brightness of a firefly is calculated by the visual features of the fitness function to be optimized. As a firefly's attractiveness is proportional to the light intensity seen by adjacent fireflies, the variation of attractiveness β with the distance r defined by Shadi et al (2011) is given in Equation (4.2). β = β 0 e γr 2 (4.2) where β 0 attractiveness at r = 0. r fixed light absorption coefficient The movement of a firefly i, attracted to another brighter firefly j, is determined by Equation (4.3), x i t+1 = x i t + β 0 e γr ij 2 x j x i + αε i (4.3)

5 68 where the second term is due to the attraction. The third term is a randomization with α being the randomization parameter, and ε i is a vector of random numbers drawn from a Gaussian distribution or uniform distribution at a time t.if β 0 =0, it becomes a simple random walk. The pseudo code can be briefly stated by Yang et al ( 2009). Begin The fitness function f (X), X = (x 1,.,x n ) T Population of fireflies are initialized as x i (i = 1,2,,m). Compute intensity of light I i at X i associated with f(x). Consider Light absorption coefficient While (t < Max Generation) For i =1:m (all n fireflies) For j=1:i (all n fireflies) if (I j > I i ),move firefly i towards j; end if Vary attractiveness with distance r via exp [- r]; Compute new solutions and the light intensity is updated ; end for j end for i Rank fireflies and find the current best; end while Post-processing the results and visualization; End

6 FINDING THE LENGTH OF THE KEY The first step in breaking Vigenere ciphers is to find the key length. Once the key length is known, the cryptanalysis is reduced to analyzing a number of Caesar ciphers, one for each character of a key. Vigenere masks the frequency with which a character appears in a language. One letter in the cipher text corresponds to multiple letters in the plaintext and thus it makes the use of frequency analysis more difficult. It can also be seen that any message encrypted by a Vigenere cipher is a collection of as many Caesar shift ciphers as there are letters in the key. There are different approaches to find the key length. One such method is devised by Kasiski Friedrich (1863) a retired Prussian Army Officer Kasiski Test In the field of Cryptanalysis, Kasiski Test is a technique of attacking the polyalphabetic substitution ciphers. In these substitution ciphers each cipher text was generated with the help of a keyword. Any cryptanalyst can find the length of the keyword using Kasiski Test and this test has the following main steps to find the length of the keyword. 1. Examine the plaintext with the keyword for repeated alignment of group of alphabets. 2. Locate the groups of same alphabets of minimum size 3 or more. 3. Compute the distance between the groups.

7 70 4. The GCD of those distances between the groups will results in the length of the keyword. For example, Plaintext = THEYWONTHEMATCH. Keyword = CRICKET. Table 4.1 Vigenere Encryption Plain text T H E Y W O N T H E M A T C H Keyword C R I C K E T C R I C K E T C Cipher Text V Y M X G S G V Y M O K X V J It can be seen from Table 4.1, the obtained Cipher text is VYMXGSGVYMOKXVJ. The distance between the repeated characters VYM is 7. Hence, the probable size of keyword is 7. If the distance between the repeated trigrams is say 16, the probable size of the keyword will then be 2, 4, 8 and 16. This is because in this combination both the keyword and the plaintext characters are same. Since the keyword is repeated throughout the message, the same plaintext characters with the same keyword characters will give the same cipher text characters. Hence, the distances between trigrams (if no trigram gets repeated, then the distance between dig rams can be used) will be an integral multiple of the keyword size.

8 Coincidence Test The Coincidence test provides a measure of how likely it would be to draw two matching letters if two letters are randomly selected from a given text. The ratio of probability of coincidences for a text to the probability of random coincidences in the English language, gives the index of coincidence. Since there are 26 letters in English alphabet, the probability of randomly having any given alphabet is 1/26 for all 26 alphabets. Similarly, the probability of having the same alphabet twice is 1/26 * 1/26 if one is using replacement and assuming independence. If P(x) is the probability of x occurring in any given plain text and from Kahn (1996) the probability of occurrence of English alphabets are, P(a) = 0 32/400; P(b) = 0 6/400; P(c) = 0 12/400; and P(z) =0 1/400 with respect to the English language. Thus, the probability of a followed immediately by a is, P(aa) =0.32/400 *0.32/400, P(cc) = 0.12/400 * 0.12/400 and P(zz) = 0.1/400 * 0.1/400. It has been shown by Dawson (1996) that the chance of drawing any identical pair of letters is the sum of the square of their probabilities.this

9 72 is equal to and it shows that, there will be 3 or 4 coincidences for every 100 pairs of letters in a random text given by the Equation (4.4). (1/26)(1/26) + (1/26)(1/26) + (1/26)(1/26) (1/26)(1/26) = for a for b for c for z (4.4) Similarly considering the plaintext, the sum of the squares will be (32/400)(32/400) + (6/400)(6/400) + (12/400)(12/400) (1/400)(1/400) = for a for b for c for z (4.5) Hence, the sum of the square of the probabilities of each alphabet gives the value of for plaintexts and for random texts and is denoted by K r and K p (for random and plaintext). This gives the coincidence count and these values can be used effectively to identify when two texts are likely to contain meaningful information in the same language using the same alphabet, to discover periods for repeating keys and to uncover many other kinds of non-random phenomena within or among cipher texts. The purpose of Kappa test is to determine whether two or more cipher texts have been identically encrypted. If in fact they have been encrypted in the same fashion, their index of coincidence will then be approximately equal to 6.83 whereas if not, it should more closely be equal to 3.85.The same idea can be applied to a single text, where the sample is in effect compared with itself. In this case that a single polyalphabetic cipher like Vigenere was used to encipher a sequence of plaintexts, and it was pointed by Kahn (1996) that it is often the case of finding the offset needed to correctly align the texts. By doing a Kappa test at each offset, the key length can be easily found as described below. The given cipher text is split into

10 73 several texts based on the keyword size. If the keyword size is five, then five cipher texts are formed, in which 1,6,11.. will form one cipher text and 2,7,12. will form another cipher text. The IC for a given letter-frequency distribution is given mathematically by Equation (4.6). IC = c i=1 n i n i 1 N N 1 /C (4.6) where, N n 1 through n c n(n-1) N (N-1) is the length of the text frequencies (as integers) of the c letters (26) of the alphabets count the number of combinations of n elements taken two at a time total letter pairs in the entire text 1 / c probability of a match for each pair, assuming a uniform random distribution of the characters. Each of the n i occurrences of the i th letter matches each of the remaining n i -1 occurrences of the same letter. Thus, this formula gives the ratio of the total number of coincidences observed to the total number of coincidences that one would expect. The expected average value for the IC can be computed from the relative letter frequencies f i of the source language and is given by the Equation (4.7). IC expected = c f i i c i=1 (4.7)

11 74 If all c letters of an alphabet were equally distributed, the expected index would be for plaintext. Hence, this value can be calculated for every keyword length. The keyword length to which the given cipher text gives a coincidence value around 0.06 corresponds to the original keyword length. For example, if the keyword length is 8, then keyword lengths of 8,16,24,..will have IC count of 0.06 and the maximum length can be safely assumed to be the keyword length. The screenshot of finding index of coincidence for a keyword of eight is given in Figure 4.1. Figure 4.1 Output Showing Coincidence Values for a Keyword of Size Eight The keyword employed was GODBLESS. It can be seen that for keyword size of 8, 16, 24 and 32 the index of coincidence is higher. Assuming that the user might not have given a keyword of size 30, it can be assumed that the keyword size to be 24. With the available ciphertext of 1KB, it is possible to find the keyword of size 24. The screenshot showing the keyword found with 1KB of ciphertext is given in Figure 4.2.

12 75 Figure 4.2 Keyword of Size Sixteen It can be seen that the keyword GODBLESS occurs two times and hence the keyword employed is GODBLESS. This is the effect of assuming a larger keyword size and is shown in Figure 4.3. Sometimes, the keyword may be repeated, but few characters in any one of keyword may not be correct. However, most of the repeated keywords were found to be correct.

13 76 Figure 4.3 Effect of assuming a larger keyword size 4.5 METHODOLOGY EMPLOYED Plaintexts of various sizes up to 1KB were taken for this experiment and these texts were taken from different textbooks. Keywords of varying lengths up to twenty were used and the plain texts were converted into cipher texts using Vigenere Encryption Method. To crypt analyze these cipher texts the keyword length is to be found first and is done using Coincidence test defined by Friedman (1992). Ganesan & Sherman ( 1994) utilized the Coincidence test to find the keyword length. Once the keyword length is known, then the next step is to find each character in the keyword.

14 77 Frequency analysis Friedman (1980) is a useful tool which gives the average number of each alphabet usually present in an English text. Fitness function based on the frequency of the occurrence of each alphabet was designed by using monogram and bigram statistics of English alphabets. Code was written using MATLAB V 12 and was run on dual core personal computer. 4.6 FITNESS FUNCTION The fitness function based on monogram and bigram is given by Equation (4.13).Here,the letters A Z are referenced by the indices 1 26.The objective is to minimize the error in the objective function which is the difference of the expected frequency count with the observed frequency count of the decrypted cipher text. Hence the Error function is cost = i=1 a sf i df i + i=1 j =1 b sdf i, j ddf(i, j) (4.8) sf(i) standard frequency of character i in English df(i) measured frequency of the character i in English. sdf(i) standard bigram frequency ddf(i) decoded bigram frequency a weightage for monogram frequency difference b weightage for bigram frequency difference To implement this fitness function, the frequency of each character in the decrypted text is calculated. This frequency is normalized by dividing it by the total number of characters in the file. This normalized frequency is

15 78 then subtracted from the expected frequency of the character in normal English text and the absolute value of this difference is taken. The differences for all the characters are added together. The normalization takes care that this value always lies between 0 and 1. Table 4.2 Monogram Values of English Alphabets for Plaintext Size of 100 Sno Character Monogram value 1 E T A O I N S H R D L C U M W F G Y P B V K X J Q Z 0.07 The Table 4.2 gives monogram value of all the alphabets when the size of the plaintext is 100.

16 79 The bigram is an expansion of unigram to two characters. Now, rather than manipulating the frequency of the individual character, the frequency of pairs of letters is calculated. For example, a pair an will always appear more frequently than pair bt. Again statistics for the frequencies of these pairs are also available. These statistics are compared with the statistics obtained from the decrypted text. To execute this fitness function, the frequency of each pair of letters in the decrypted text is calculated. This frequency is normalized by dividing it by the total number of pairs in the file. This normalized frequency is then subtracted from the expected frequency of the pair in normal English text. The absolute value of this difference is taken. The differences for all the pairs are added together. The bigram statistics of the alphabets in English is given in Table 4.3. Table 4.3 Bigram Statistics of English Alphabets A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

17 80 If the experimental key is closer to the key employed, this difference will then be less. If this difference is large, the experimental key is then not closer to the key employed. Now this problem has been reduced to an optimization problem where it is required to reduce the error or the difference in the fitness function to yield a minimum value. 4.7 APPLICATION OF FIREFLY ALGORITHM The objective is to minimize the error in the objective function which is the difference of the expected frequency count with the observed frequency count of the decrypted cipher text. Since statistical values are dealt with, it is possible to get the exact keyword only if the cipher texts are large enough (say > 50 KB). With cipher texts which are less than 1KB it is difficult to get the exact keyword or to put in other words, there may be multiple candidates satisfying the minimum fitness value. Hence, it is possible to have several alternate solutions. Mathematically, there is a multimodal function which has several valleys. Firefly algorithm is capable of solving multimodal functions. Swarm size is selected as 30 and the number of iterations is limited to 25.Each character in the keyword is 26 dimensional since the character may be any alphabet from A-Z and the parameters of the optimization function are given below. Number of flies = 30 α = 20 β = 10 γ =

18 RESULTS AND DISCUSSIONS Plain texts up to 1 KB were converted to cipher text with varying keyword lengths from 5 to 20 in Vigenere cipher. These cipher texts were given to PSO and the time taken for finding the key was noted. Firefly algorithm was also applied to these cipher texts and the keyword used for encryption was found and the time taken to find the keyword was noted. It was seen that with the firefly algorithm the search time was very less when compared with PSO algorithm. Three sets of password (key) lengths from 5 to 20 were tested and the corresponding time taken to find the exact key was tabulated in Table 4.4 and Table 4.5. It is observed clearly that the time required for finding the key using FA is very less when compared with PSO. Table 4.4 Elapsed time to find the different lengths Keyword using PSO Password ( key ) Password Elapsed Time in seconds 5 SAIRA 160 MUSIC 185 RAJEN SAIRAM 183 SAVICH 200 CIPHER EDRFTGY 206 CHANNEL 257 BCDAXYZ AFEQMOST 247 STRENGTH 280 ELEPHANT RAJENDRAN 251 PRESIDENT 302 RSPOQNYCD 271 PSO Average Time in seconds

19 82 10 GODISLOVEE 278 ACDINTOPLV 323 DQMEFABNOU ACEGIKMOQSU 311 FOUNDATIONS 345 MOSHIPRSTVY INTOXICATING 334 NEUROSCIENCE 367 VSTMPBCDAHNI SURIYAPRAVINK 354 INTERNATIONAL 388 OQSRTLUVWYZEG NOTESAVINXZYPO 380 UNDERPREVILEGE 416 CRUVFQLMNACDWI BOXIAYGCFMNSHEW 404 VIRTUALINTERACT 423 ADHCOPEGHZXYUVN AISYOPQRTYZXGHMU 426 ENTREPRENEURSHIP 436 EACDHNROVUISXYLB CSKBNRDHOIYFLQTAV 454 THERMALPOWERPLANT 462 POMNSHQRSTUVACDBL ACDEMFGOSTNXUVREGY 491 AABBCCDDEEFFGGHHII 478 RDHASKOPNIQRSTUVWX SHEMALEMECALUOVPZQS 495 ASDFGHJKLOIUYTREWQZ 502 IMCBADHNGFEOSTRVUNZ IVEYQRTSMNOPCABDFEZY 520 QWERTYUIOPLKJHGFDSAZ 522 NPRSTUVWABNDHCTWYLMG

20 83 Table 4.5 Elapsed time to find the different lengths Keyword using FA Password ( key ) Password 5 SAIRA MUSIC RAJEN SAIRAM SAVICH CIPHER EDRFTGY CHANNEL BCDAXYZ AFEQMOST STRENGTH ELEPHANT RAJENDRAN PRESIDENT RSPOQNYCD GODISLOVEE ACDINTOPLV DQMEFABNOU ACEGIKMOQSU FOUNDATIONS MOSHIPRSTVY INTOXICATING NEUROSCIENCE VSTMPBCDAHNI SURIYAPRAVINK INTERNATIONAL OQSRTLUVWYZEG NOTESAVINXZYPO UNDERPREVILEGE CRUVFQLMNACDWI Firefly Algorithm(FA) Elapsed Average Time in Time in seconds seconds

21 84 15 BOXIAYGCFMNSHEW VIRTUALINTERACT ADHCOPEGHZXYUVN AISYOPQRTYZXGHMU ENTREPRENEURSHIP EACDHNROVUISXYLB CSKBNRDHOIYFLQTAV THERMALPOWERPLANT POMNSHQRSTUVACDBL ACDEMFGOSTNXUVREGY AABBCCDDEEFFGGHHII RDHASKOPNIQRSTUVWX SHEMALEMECALUOVPZQS ASDFGHJKLOIUYTREWQZ IMCBADHNGFEOSTRVUNZ IVEYQRTSMNOPCABDFEZY QWERTYUIOPLKJHGFDSAZ NPRSTUVWABNDHCTWYLMG Figure 4.4 Comparison of PSO and FA

22 85 As stated by Yang (2013), FA is swarm-intelligence based, so it has the similar advantages like other swarm-intelligence based algorithms. However, FA has two main merits over other algorithms namely 1. Automatic subdivision 2. Ability of dealing with multimodality. In automatic subdivision, FA is based only on the parameter attractiveness and this attractiveness decreases with the distance. This result in the automatic subdivision of whole population into subgroups and each group can swarm around each mode or local optimum. From the total number of modes the best global solution can be easily found. Fireflies can easily found the optimum value parallel with the help of subdivision process, if the population size is sufficiently larger than the number of modes. Therefore, a whole population can subdivide into subgroups with a given, average distance. In the severe case when r = 0, the whole population will not subdivide. So this ability of automatic subdivision makes this FA particularly suitable for highly nonlinear and any multimodal optimization problems. Hence, from Table 4.3 and Table 4.4,it is clearly observed that the key can be found in less time using FA than PSO and it is shown in Figure 4.4