Real scripts backgrounder 3 - Polyalphabetic encipherment - XOR as a cipher - RSA algorithm David Morgan
XOR as a cipher
Bit element encipherment elements are 0 and 1 use modulo-2 arithmetic Example: 1 0 0 0 1 1 0 1 1 1 0 0 1 1 1 0 0 1 1 0 1 1 1 0 message stream key stream 0 1 1 0 1 0 1 1 0 0 1 0 resulting ciphertext
XOR - frequent appearances http://en.wikipedia.org/wiki/xor_cipher XOR is often the operation when the data is binary
Binary XOR operation XORing a bit with 1 inverts it XORing a bit with 0 leaves it alone XORing with 1: 1 XOR 1 is 0 0 XOR 1 is 1 XORing with 0: 1 XOR 0 is 1 0 XOR 0 is 0
XOR is mod2 addition XORing with 1: 1 XOR 1 is 0 0 XOR 1 is 1 XORing with 0: 1 XOR 0 is 1 0 XOR 0 is 0 same thing adding 1 mod2: 1 + 1 = 10 0 0 + 1 = 1 adding 0 mod2: 1 + 0 = 1 0 + 0 = 0
XOR twice with same bit leaves input as is by inverting twice (if XORing with 1) changes it, changes it back, or by inverting never (if XORing with 0) XORing twice with 1: 1 XOR 1 is 0 0 XOR 1 is 1 0 XOR 1 is 1 1 XOR 1 is 0 XORing twice with 0: 1 XOR 0 is 1 1 XOR 0 is 1 0 XOR 0 is 0 0 XOR 0 is 0 or: ( A XOR B ) XOR B = A
double XOR = alteration & restoration input: 11000000 10101000 00000100 00000001 XOR with: 10111110 01001010 10111001 00001101 result: 01111110 11100010 10111101 00001100 above result: 01111110 11100010 10111101 00001100 again with: 10111110 01001010 10111001 00001101 above input: 11000000 10101000 00000100 00000001
XOR becomes a symmetric stream cipher plaintext: 11000000 10101000 00000100 00000001 key: 10111110 01001010 10111001 00001101 ciphertext: 01111110 11100010 10111101 00001100 ciphertext: 01111110 11100010 10111101 00001100 same key: 10111110 01001010 10111001 00001101 plaintext: 11000000 10101000 00000100 00000001
XOR operation XORing key with plaintext yields ciphertext (that s called encryption) XORing key with ciphertext yields plaintext (that s called decryption) and also XORing plaintext and ciphertext yields key
If key is random, so is ciphertext plaintexta: 11000000 10101000 00000100 00000001 keya: 10111110 01001010 10111001 00001101 ciphertext: 01111110 11100010 10111101 00001100 plaintextb: 01010110 11101010 00100001 01101001 keyb: 00101000 00001000 10011100 01100101 ciphertext: 01111110 11100010 10111101 00001100 The (single) ciphertext shown is representative of both plaintexts, given the corresponding key. A key can be constructed to convert any plaintext to this same ciphertext. Attacker must ask which key was actually used, to arrive at the actual plaintext. If key is produced randomly, he has no basis to choose any particular key therefore none to choose the actual one.
For unbreakability keystream must be as long as the plaintext keystream elements must be random same keystream must never be re-used possession of 2 ciphertexts from same keystream facilitates recovering it same keystream must be shared by encryptor and decryptor
One-time pad this technique is called one-time pad (sometimes one-time tape or one-time key) random keystreams were written on paper pads each sheet to be used, torn off, and destroyed paper tapes were used later it is the only unbreakable cipher unless misued Soviet codes broken due to pad/keystream re-use (Venona project) http://users.telenet.be/d.rijmenants/en/onetimepad.htm
XOR based one-time pad XOR needs a random stream producer rc4 is (nearly) that
rc4 a stream cipher rc4 serves as a keystream machine, an endless font of utility data "RC4 generates a pseudorandom stream of bits (a keystream). As with any stream cipher, these can be used for encryption by combining it with the plaintext" http://en.wikipedia.org/wiki/rc4"
How to achieve keystream sharing physically secure hand delivery rc4 keystream reproducible on demand with a given key don t share the keystream, share the key that produces it shifts (and reduces) the keystream distribution problem to a key distribution problem
Polyaphabetic encipherment
Demo trying to thwart frequency analysis plain text exhibits letter frequency patterns monoalphabetic substitution preserves patterns polyalphabetic substitution destroys them
Occurrence of English letters
Occurrence of letters: Gettysburg address http://www.mtholyoke.edu/courses/quenell/s2002/crypto/js/count.html
Occurrence of letters: Gettysburg address thru Caesar cipher (monoalphabetic) Letters changed but statistical pattern preserved
Occurrence of letters: Gettysburg address thru differently sequenced* monoalphabetic cipher *the substitution mapping, unlike that of Caesar cipher, doesn t preserve the letters in the same sequence as that of the alphabet. They re all there, but in reassigned positions. This mapping was: bdfhjlnprtvxzacegikmoqsuwy e became j, t became m, etc (seen in both the mapping and the chart)
Polyalphabetic* * ciphering Vigenere table, mod26 arithmetic helper encrypt - take plaintext letter in the column header, key letter in row header. Ciphertext letter at intersection. decrypt - take key letter in the row header, find ciphertext letter in that row. Plaintext letter at that column's header. *use many alphabets-- different ones for determining what to substitute for each letter in the plaintext. Without resequencing letters, there are 25 other alphabets readily available. How many alphabets exist, altogether, if we do allow resequencing? 26*25*24* = 26! = 4.03 x 10 26 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
Occurrence of letters: Gettysburg address thru polyalphabetic ciphers Each time you remap a letter: shift mapping alphabet fwd 1 letter, or shift mapping alphabet back 1 letter, or randomly generate a whole new one Letters changed and statistical pattern destroyed
RSA
Several algorithms with public-key properties RSA ElGamal DSA Rivest, Shamir, Adelman; MIT Taher ElGamal, Netscape NSA, NIST
RSA key generation steps 1. choose 2 primes call them p, q 2. multiply them call product n 3. multiply their predecessors (p-1,q-1) call product φ 4. pick some integer call it e between 1 and φ (exclusive) sharing no prime factor with φ 5. find the integer (there s only one) that call it d times e divided by φ leaves 1 then your keys are: public: e together with n (e is for encryption ) private: d together with n (d is for decryption )
Encrypting with public key {e,n} ( c = m e mod n ) 1. choose a cleartext message call it m in the form of a number less than n 2. raise it to power e 3. divide that by n call remainder c then your ciphertext result is c
Decrypting with private key {d,n} ( m = c d mod n ) 1. take ciphertext c 2. raise it to power d 3. divide that by n call remainder r then your recovered result is r r is identically the original cleartext message m
How will we do keygen step 4? 1. choose 2 primes easy 2. multiply them easy 3. multiply their predecessors (p-1,q-1) easy 4. pick some integer e not easy between 1 and φ (exclusive) sharing no prime factor with φ 5. find the integer d (there s only one) that not easy times e divided by φ leaves 1 then your keys are: public: e together with n (e is for encryption ) private: d together with n (d is for decryption )
Numbers sans common prime factor numbers whose gcd * is 1 will do find x such that gcd(x, φ)=1 how do we find gcd of 2 numbers Euclid s algorithm * greatest common divisor
How will we do keygen step 5? 1. choose 2 primes easy 2. multiply them easy 3. multiply their predecessors (p-1,q-1) easy 4. pick some integer e not easy between 1 and φ (exclusive) sharing no prime factor with φ 5. find the integer d (there s only one) that not easy times e divided by φ leaves 1 then your keys are: public: e together with n (e is for encryption ) private: d together with n (d is for decryption )
Successively test candidates multiply each integer, from 1, by e divide by φ check if remainder is 1 keep going till you find the one that is
RSA key generation example 1. choose 2 primes p=5 q=11 2. multiply them n=55 3. multiply their predecessors (p-1,q-1) φ=40 4. pick some integer e=3 between 1 and φ (exclusive) sharing no prime factor with φ 5. find the integer (there s only one) that d=27 times e divided by φ leaves 1 then your keys are: public: e together with n 3, 55 private: d together with n 27, 55
Encrypting with public key {e,n} ( c = m e mod n ) e = 3 n = 55 1. choose a cleartext message m=7 in the form of a number less than n 2. raise it to power e 7 3 =343 3. divide that by n 343 = 55x6+13 then your ciphertext result is c c=13
Decrypting with private key {d,n} ( m = c d mod n ) d = 27 n = 55 1. take ciphertext c 13 2. raise it to power d 13 27 =1192533292512492016559195008117 3. divide that by n 1192533292512492016559195008117 = 55 x 2497646399408352339319763167 + 7 then your recovered result is r r=7 r is identically the original cleartext message m
How to encrypt messages? RSA doesn t encrypt messages only individual numbers but all digital data is numeric so split arbitrary data into small-enough bit blocks, then treat them individually how? any way it can be done, doesn t matter in theory up to you
Blocking data - possibility 1 RED APPLE = 826968326580807669 use 3-decimal-digit blocks separately encrypt: 826 968 326 580 807 669 be prepared for maximum ~ 999 minimum φ 1000, eg p=31 q=37
Blocking data - possibility 2 ABC = 01000001 01000010 01000011 use 12-bit blocksize separately encrypt: 010000010100 001001000011 be prepared for maximum 4096 minimum φ 4097, eg p=67 q=71
Some considerations RSA key size refers to n p and q should be about equal length but not extremely close (eg avoid successive primes) larger key, slower operation double n pubkey ops 2x slower, privkey 4x e can stay fixed while n rises, but d up proportionately practical keylengths, 1024 or 2048 bits RSA and DES per-keylength security comparisons apples and oranges http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/how-large-a-key-should-be-used.htm
Info sources - RSA RSA and A Miniature RSA Example http://www.informit.com/articles/article.aspx?p=102212&seqnum=4 Exploring RSA Encryption, Linux Journal http://www.linuxjournal.com/article/6695