ECE 646 - Lecture 6 Historical Ciphers Required Reading W tallings, Cryptography and Network ecurity, Chapter, Classical Encryption Techniques A Menezes et al, Handbook of Applied Cryptography, Chapter 73 Classical ciphers and historical development
Why (not) to study historical ciphers? AGAINT Not similar to modern ciphers Long abandoned FOR Basic components became a part of modern ciphers Under special circumstances modern ciphers can be reduced to historical ciphers Influence on world events The only ciphers you can break! ecret Writing teganography (hidden messages) Cryptography (encrypted messages) Codes (replace words) ubstitution Transformations ubstitution Ciphers (replace letters) Transposition Ciphers (change the order of letters)
elected world events affected by cryptology 586 - trial of Mary Queen of cots - substitution cipher 97 - Zimmermann telegram, America enters World War I 939-945 Battle of England, Battle of Atlantic, D-day - ENIGMA machine cipher 944 world s first computer, Colossus - German Lorenz machine cipher 95s operation Venona breaking ciphers of soviet spies stealing secrets of the U atomic bomb one-time pad Mary, Queen of cots cottish Queen, a cousin of Elisabeth I of England Forced to flee cotland by uprising against her and her husband Treated as a candidate to the throne of England by many British Catholics unhappy about a reign of Elisabeth I, a Protestant Imprisoned by Elisabeth for 9 years Involved in several plots to assassinate Elisabeth Put on trial for treason by a court of about 4 noblemen, including Catholics, after being implicated in the Babington Plot by her own letters sent from prison to her co-conspirators in the encrypted form 3
Mary, Queen of cots cont cipher used for encryption was broken by codebreakers of Elisabeth I it was so called nomenclator mixture of a code and a substitution cipher Mary was sentenced to death for treachery and executed in 587 at the age of 44 Zimmermann Telegram sent on January 6, 97 from the Foreign ecretary of the German Empire, Arthur Zimmermann, to the German ambassador in Washington instructed the ambassador to approach the Mexican government with a proposal for military alliance against the U offered Mexico generous material aid to be used to reclaim a part of territories lost during the Mexican-American War of 846-848, specifically Texas, New Mexico, and Arizona sent using a telegram cable that touched British soil encrypted with cipher 75, which British codebreakers had partly broken intercepted and decrypted 4
Zimmermann Telegram British foreign minister passed the ciphertext, the message in German, and the English translation to the American ecretary of tate, and he has shown it to the President Woodrow Wilson A version released to the press was that the decrypted message was stolen from the German embassy in Mexico After publishing in press, initially believed to be a forgery On February, Germany had resumed "unrestricted" submarine warfare, which caused many civilian deaths, including American passengers on British ships On March 3, 97 and later on March 9, 97, Arthur Zimmermann was quoted saying "I cannot deny it It is true On April, 97, President Wilson asked Congress to declare war on Germany On April 6, 97, Congress complied, bringing the United tates into World War I 5
996 ( nd ed) 999 Ciphers used predominantly in the given period() Cryptography Cryptanalysis BC hift ciphers Monoalphabetic substitution cipher 586 Invention of the Vigenère Cipher Homophonic ciphers Frequency analysis al-kindi, Baghdad Black chambers IX c XVIII c Vigenère cipher Kasiski s method (imple polyalphabetic substitution ciphers) 99 Invention of rotor machines Index of coincidence William Friedman Electromechanical machine ciphers (Complex polyalphabetic substitution ciphers) 96 Vernam cipher (one-time pad) 863 98 6
Ciphers used predominantly in the given period() Cryptography Cryptanalysis 949 hennon s theory of secret systems 977 Publication of DE one-time pad tream Ciphers -P networks DE Reconstructing ENIGMA Rejewski, Poland Polish cryptological bombs, and perforated sheets British cryptological bombs, Bletchley Park, UK Breaking Japanese Purple cipher 93 939 945 977 Triple DE AE DE crackers 99 ubstitution Ciphers () Monalphabetic (simple) substitution cipher M = m m m 3 m 4 m N C = f(m ) f(m ) f(m 3 ) f(m 4 ) f(m N ) Generally f is a random permutation, eg, f = a b c d e f g h i j k l m n o p q r s t u v w x y z s l t a v m c e r u b q p d f k h w y g x z j n i o Key = f Number of keys = 6!» 4 6 7
Monalphabetic substitution ciphers implifications () A Caesar Cipher B hift Cipher c i = f(m i ) = m i + 3 mod 6 m i = f - (c i ) = c i - 3 mod 6 No key c i = f(m i ) = m i + k mod 6 m i = f - (c i ) = c i - k mod 6 Key = k Number of keys = 6 Coding characters into numbers A Û B Û C Û D Û 3 E Û 4 F Û 5 G Û 6 H Û 7 I Û 8 J Û 9 K Û L Û M Û N Û 3 O Û 4 P Û 5 Q Û 6 R Û 7 Û 8 T Û 9 U Û V Û W Û X Û 3 Y Û 4 Z Û 5 8
Caesar Cipher: Example Plaintext: I C A M E I A W I C O N Q U E R E D 8 4 8 8 8 4 3 6 4 7 4 3 5 3 5 7 3 5 5 7 6 9 3 7 7 6 Ciphertext: L F D P H L V D Z L F R Q T X H U H G Monalphabetic substitution ciphers implifications () C Affine Cipher c i = f(m i ) = k m i + k mod 6 gcd (k, 6) = m i = f - (c i ) = k - (c i - k ) mod 6 Key = (k, k ) Number of keys = 6 = 3 9
Most frequent single letters Average frequency in a random string of letters: = 38 = 38% 6 Average frequency in a long English text: E 3% T, N, R, I, O, A, 6%-9% D, H, L 35%-45% C, F, P, U, M, Y, G, W, V 5%-3% B, X, K, Q, J, Z < % Most frequent digrams, and trigrams Digrams: TH, HE, IN, ER, RE, AN, ON, EN, AT Trigrams: THE, ING, AND, HER, ERE, ENT, THA, NTH, WA, ETH, FOR, DTH
Relative frequency of letters in a long English text by tallings 4 75 8 6 4 75 5 35 45 3 35 775 5 5 375 75 775 75 75 A B C D E F G H I J K L M N O P Q R T U V W X Y Z 5 85 6 95 3 5 5 5 5 5 4 8 6 4 4 8 6 4 a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z Character frequency in a long English plaintext Character frequency in the corresponding ciphertext for a shift cipher
4 8 6 4 Character frequency in a long English plaintext a b c d e f g h i j k l m n o p q r s t u v w x y z 4 8 6 4 Character frequency in the corresponding ciphertext for a general monoalphabetic substitution cipher a b c d e f g h i j k l m n o p q r s t u v w x y z Frequency analysis attack: relevant frequencies 4 8 6 4 a b c d e f g h i j k lm n o p q r s t u v w x y z Long English text T 4 8 6 4 a b c d e f g h I j k lm n o p q r s t u v w x y z hort English message M 4 8 6 4 a b c d e f g h i j k lm n o p q r s t u v w x y z Ciphertext of the long English text T 4 8 6 4 a b c d e f g h I j k lm n o p q r s t u v w x y z Ciphertext of the short English message M
Ciphertext: Frequency analysis attack () tep : Establishing the relative frequency of letters in the ciphertext FMXVE DKAPH FERBN DKRXR REFM ORUD DKDV HVUFE DKAPR KDLYE VLRHH RH A B C D E F G H I J K L M N O P Q R T U V W X Y Z R - 8 D - 7 E, H, K - 5 Frequency analysis attack () tep : Assuming the relative frequency of letters in the corresponding message, and deriving the corresponding equations Assumption: Most frequent letters in the message: E and T Corresponding equations: E R T D 4 7 9 3 f(e) = R f(t) = D f(4) = 7 f(9) = 3 3
Frequency analysis attack (3) tep 3: Verifying the assumption for the case of affine cipher f(4) = 7 f(9) = 3 4 k + k º 7 (mod 6) 9 k + k º 3 (mod 6) 5 k º -4 (mod 6) 5 k º (mod 6) Breaking the affine cipher (4) tep 4: olving the equation of the form a x º b mod n for x = k gcd(5, 6) = Thus, one solution 5 k º (mod 6) k = (5 - ) mod 6 = 7 mod 6 = 6 However, gcd(k, 6) = Thus, our initial assumption incorrect 4
ubstitution Ciphers () Polyalphabetic substitution cipher M = m m m d m d+ m d+ m d m d+ m d+ m 3d C = f (m ) f (m ) f d (m d ) f (m d+ ) f (m d+ ) f d (m d ) f (m d+ ) f ( m d+ ) f d (m 3d ) d is a period of the cipher Key = d, f, f,, f d Number of keys for a given period d = (6!) d» (4 6 ) d 4 8 6 4 4 8 6 4 a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z Character frequency in a long English plaintext Character frequency in the corresponding ciphertext for a polyalphabetic substitution cipher %» 38 % 6 5
Polyalphabetic substitution ciphers implifications () A Vigenère cipher: polyalphabetic shift cipher Invented in 568 c i = f i mod d (m i ) = m i + k i mod d mod 6 m i = f - i mod d(c i ) = c i - k i mod d mod 6 Key = k, k,, k d- Number of keys for a given period d = (6) d plaintext: Key = nsa 3 Vigenère quare a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z b c d e f g h i j k l m n o p q r s t u v w x y z a c d e f g h i j k l m n o p q r s t u v w x y z a b d e f g h i j k l m n o p q r s t u v w x y z a b c e f g h i j k l m n o p q r s t u v w x y z a b c d f g h i j k l m n o p q r s t u v w x y z a b c d e g h i j k l m n o p q r s t u v w x y z a b c d e f h i j k l m n o p q r s t u v w x y z a b c d e f g i j k l m n o p q r s t u v w x y z a b c d e f g h j k l m n o p q r s t u v w x y z a b c d e f g h i k l m n o p q r s t u v w x y z a b c d e f g h i j l m n o p q r s t u v w x y z a b c d e f g h i j k m n o p q r s t u v w x y z a b c d e f g h i j k l n o p q r s t u v w x y z a b c d e f g h i j k l m o p q r s t u v w x y z a b c d e f g h i j k l m n p q r s t u v w x y z a b c d e f g h i j k l m n o q r s t u v w x y z a b c d e f g h i j k l m n o p r s t u v w x y z a b c d e f g h i j k l m n o p q s t u v w x y z a b c d e f g h i j k l m n o p q r t u v w x y z a b c d e f g h i j k l m n o p q r s u v w x y z a b c d e f g h i j k l m n o p q r s t v w x y z a b c d e f g h i j k l m n o p q r s t u w x y z a b c d e f g h i j k l m n o p q r s t u v x y z a b c d e f g h i j k l m n o p q r s t u v w y z a b c d e f g h i j k l m n o p q r s t u v w x z a b c d e f g h i j k l m n o p q r s t u v w x y 6
Vigenère Cipher - Example Plaintext: Key: Encryption: Ciphertext: TO BE OR NOT TO BE NA T O B E O R N O T T O B E G G B R G R A G T G G B R GGBRGRAGTGGBR Determining the period of the polyalphabetic cipher Kasiski s method Ciphertext: G G B R G R A G T G G B R Distance = 9 Period d is a divisor of the distance between identical blocks of the ciphertext In our example: d = 3 or 9 7
Index of coincidence method () n i - number of occurances of the letter i in the ciphertext i = a z N - length of the ciphertext p i = probability that the letter of the ciphertext is equal to i p i = lim z å i= a N p i n i N = Index of coincidence method () Measure of roughness: z z M R = æ ö ç p - = å i p è 6ø å i= a i= a i - 6 MR 8 4 6 3 period 5 8
Index of coincidence method (3) Index of coincidence The approximation of Definition: Formula: å i= a z å i= a Probability that two random elements of the ciphertext are identical z z n i å (n i -) n i I C = = i=a N p i (N -) N Index of coincidence method (4) Measure of roughness MR = IC - = 6 z å i=a (n i -) n i (N -) N - 6 MR 8 4 6 3 period 5 9
Polyalphabetic substitution ciphers implifications () B Rotor machines used before and during the WWII Country Machine Period Germany: Enigma d=6 5 6 = 6,9 UA: M-35, Hagelin M-9 Japan: Purple UK: Typex d=6 (6-k) 6, k=5, 7, 9 Poland: Lacida d=4 3 35 = 6,4 Military Enigma
Functional diagram & dataflow Enigma Daily Keys
Order of rotors (Walzenlage) 6 combinations Positions of rings (Ringstellung) 6 3 combinations
Plugboard Connections (teckerverbindung) ~ 5 5 combinations Initial Positions of Rotors (Grundstellung) 6 3 combinations 3
Number of possible internal connections of Enigma 3 4 Estimated number of atoms in the universe 8 Total Number of Keys 36» 75 Larger number of keys than DE 4
Broken by Polish Cryptologists 93-94 Marian Rejewski (born 95) Jerzy Różycki (born 99) Henryk Zygalski (born 97) Enigma Timetable: 939 Jul 5-6, 939: A secret meeting takes place in the Kabackie Woods near the town Pyry (outh of Warsaw), where the Poles hand over to the French and British Intelligence ervice their complete solution to the German Enigma cipher, and two replicas of the Enigma machine 5
Improvements and new methods developed by British cryptologists 939-945 Alan Turing (born 9) Gordon Welchman (born 96) 6
Enigma Timetable: 939-94 939-94: Alan Turing develops an idea of the British cryptological Bombe based on the known-plaintext attack Gordon Welchman develops an improvement to the Turing s idea called diagonal board Harold Doc Keen, engineer at British Tabulating Machines (BTM) becomes responsible for implementing British Bombe 7
May, 94: First British cryptological bombe developed to reconstruct daily keys goes into operation Over Bombes are used in England throughout the war Each bombe weighed one ton, and was 65 feet high, 7 feet long, feet wide Machines were operated by members of the Women s Royal Naval ervice, Wrens Enigma Timetable: 943 Apr, 943: The production of the American Bombe starts in the National Cash Register Company (NCR) in Dayton, Ohio The engineering design of the bombe comes from Joseph Desch 8
ubstitution Ciphers (3) 3 Running-key cipher M = m m m 3 m 4 m N K = k k k 3 k 4 k N K is a fragment of a book C = c c c 3 c 4 c N c i = m i + k i mod 6 m i = c i - k i mod 6 Key: book (title, edition), position in the book (page, row) 4 8 6 4 4 8 6 4 a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z Character frequency in a long English plaintext Character frequency in the corresponding ciphertext for a running-key cipher %» 38 % 6 9
ubstitution Ciphers (4) 4 Polygram substitution cipher M = m m m d - M m d+ m d+ m d - M m d+ m d+ m 3d - M 3 C = c c c d - c d+ c d+ c d - C C c d+ c d+ c 3d - C 3 d is the length of a message block C i = f(m i ) M i = f - (C i ) Key = d, f Number of keys for a given block length d = (6 d )! Key: Playfair Cipher PLAYFAIR I A DIGRAM CIPHER 854 P L A Y F I R D G M C H E B K N O Q T U V W X Z Convention (tallings) message ciphertext P O L A N D A K A Y Q R Convention (Handbook) message ciphertext P O L A N D K A A Y R Q 3
Hill Cipher 99 Ciphering: C [xd] = M [xd] K [dxd] (c, c,, c d ) = (m, m,, m d ) k, k,, k d k d, k d,, k dd ciphertext block = message block key matrix Deciphering: Hill Cipher M [xd] = C [xd] K - [dxd] message block = ciphertext block inverse key matrix where K [dxd] K - [dxd] =,,,,,,,,,,,,,,,, key matrix inverse key matrix = identity matrix 3
Hill Cipher - Known Plaintext Attack () Known: C = (c, c,, c d ) M = (m, m,, m d ) C = (c, c,, c d ) M = (m, m,, m d ) C d = (c d, c d,, c dd ) M d = (m d, m d,, m dd ) We know that: (c, c,, c d ) = (m, m,, m d ) K [dxd] (c, c,, c d ) = (m, m,, m d ) K [dxd] (c d, c d,, c dd ) = (m d, m d,, m dd ) K [dxd] Hill Cipher - Known Plaintext Attack () c, c,, c d m, m,, m d k, k,, k d c, c,, c d c d, c d,, c dd = m, m,, m d m d, m d,, m dd k, k,, k d k d, k d,, k dd C [dxd] = M [dxd] K [dxd] K [dxd] = M - [dxd] C [dxd] 3
ubstitution Ciphers (5) 4 Homophonic substitution cipher M = { A, B, C,, Z } C = {,,, 3,, 99 } c i = f(m i, random number) m i = f - (c i ) f: E 7, 9, 7, 48, 64 A 8,, 5, 49 U 45, 68, 9 X 33 Transposition ciphers M = m m m 3 m 4 m N C = m f() m f() m f(3) m f(4) m f(n) Letters of the plaintext are rearranged without changing them 33
4 8 6 4 4 8 6 4 a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z Character frequency in a long English plaintext Character frequency in the corresponding ciphertext for a transposition cipher Transposition cipher Example Plaintext: CRYPTANALYT Key: Encryption: KRI 3 4 K R I C R Y P T A N A L Y T Ciphertext: YNCTLRAYPAT 34
One-time Pad Vernam Cipher Gilbert Vernam, AT&T Major Joseph Mauborgne 96 c i = m i Å k i m i k i c i All bits of the key must be chosen at random and never reused One-time Pad Equivalent version c i = m i + k i mod 6 m i k i c i TO BE OR NOT TO BE AX TC VI URD WM OF TL UG JZ HFW PK PJ All letters of the key must be chosen at random and never reused 35
Perfect Cipher Claude hannon Communication Theory of ecrecy ystems, 948 " m Î M c Î C P(M=m C=c) = P(M = m) The cryptanalyst can guess a message with the same probability without knowing a ciphertext as with the knowledge of the ciphertext Is substitution cipher a perfect cipher? C = XRZ P(M=ADD C=XRZ) = P(M=ADD) ¹ 36
Is one-time pad a perfect cipher? C = XRZ P(M=ADD C=XRZ) ¹ P(M=ADD) ¹ M might be equal to CAT, PET, ET, ADD, BBC, AAA, HOT, HI, HER, BET, WA, NOW, etc -P Networks P P 37
Basic operations of -P networks ubstitution Permutation -box P-box P Avalanche effect m m c c m m 3 m 4 m 5 m 6 m 7 m 8 m 9 m m m m 6 m 6 m 63 m 64 P c c c 3 c 4 c 5 c 5 c 6 c 7 c 7 c 8 c 8 c 9 c c c c c 6 c 6 c 6 c 63 c 64 c 64 38
hannon Product Ciphers Computationally secure ciphers based on the idea of diffusion and confusion Confusion relationship between plaintext and ciphertext is obscured, eg through the use of substitutions Diffusion spreading influence of one plaintext letter to many ciphertext letters, eg through the use of permutations LUCIFER Horst Feistel, Walt Tuchman IBM k, k, k,6 m m m 3 m 4 m 5 m 6 m 7 m 8 m 9 m m m m 5 m 6 m 7 m 8 k, k 3, k 3, P k, K 3, k 3, P K,6 k 3,6 k 3,6 c c c 3 c 4 c 5 c 6 c 7 c 8 c 9 c c c c 5 c 6 c 7 c 8 6 rounds 39
LUCIFER- external look plaintext block 8 bits LUCIFER key 5 bits 8 bits ciphertext block 4