Cryptography and Network Security | 6th Edition | by. William Stallings
Chapter 2 – Classical Encryption Techniques
- Present an overview of the main concepts of symmetric cryptography.
- Explain the difference between cryptanalysis and brute-force attack.
- Understand the operation of a monoalphabetic substitution cipher.
- Understand the operation of a polyalphabetic cipher.
- Present an overview of the Hill cipher.
- Describe the operation of a rotor machine.
The Symmetric Cipher Model uses the same key for encryption/decryption. The encryption/decryption are public but the key is secret. An important note: Key distribution is expensive to create a secure channel. The Asymmetric Cipher Model uses two different keys for decryption/encryption. Ciphertext: A scrambled message produced as output. This depends of the plaintext and the secret key. Ciphertext is apparently random stream of data and, as it stands, is intelligible.
- The opponent should be unable to decrypt the ciphertext or discover the key even if he/she gets a few plaintext/ciphertext.
- Sender and Receiver must have obtained copies of the secret key in a secure manner. Problem: Maintain the secret key.
Cryptographic systems are characterized along three independent dimensions:
- The most important aspect is to make sure no information is lost. Product systems, involve multiple stages of substitution and transposition.
Substitution: Each element of the plaintext is mapped into another element.(bits, letter, symbols or numbers)
Transposition: Elements are rearranged.
- The number of keys used. If both parties use the same key then that means the encryption/decryption is symmetric. If both parties used different keys for encryption/decryption then the system is referred to as asymmetric.
- The way the plaintext is processed.
Block cipher: processes the input block one block of elements at a time, producing an output block for each input block.
Stream cipher: processes the input elements continuously, producing output one element at a time, as it going along.
Cryptanalysis and Brute-Force Attack
The objective of a hacker on an encrypted system is to recover the key. There are two approaches to attacking a conventional encryption system.
- Cryptanalysis: This relies on the algorithm plus perhaps some knowledge of the general characteristics of the plaintext or even some sample plaintext-ciphertext pairs.
- Brute-Force: Looks for all possible keys. If in binary with size of 4 then there would be a possibility of 16 keys.(2^4=16) There is a high probability of searching just half the total keys that right key would show up. (X/2) X = number of keys. So by just looking at 8 keys there is a high probability that i will find the correct key.
- Unconditionally Secure: There is no way to decrypt the ciphertext. With the exception of the “one-time pad”, there is no encryption algorithm that is unconditionally secure. The one-time pad is considered perfect secrecy but has two fundamental difficulties. First, creating a large of amount of random keys. A heavily used system could require millions of random characters on a daily basis. Second, Distributing and protecting the keys. For every message to be sent, a key of equal length is needed by both sender and receiver. Thus, a mammoth key distribution problem exists.
- Computationally Secure: The time required to break the cipher is too great. The cost exceeds the value of the encrypted information.
In the ancient Roman times, Caesar used a Shift Cipher for sending out his secret messages. He had great success with keeping his messages secret back then. Caesar would use substitution to replace each letter of the alphabet with the letter standing 3 places further down the alphabet.(e.g. A=D, B=E,…) Now days we know the weakness in using the Caesar Cipher. With only 25 keys, Caesar’s encryption is vulnerable to Brute-Force attack.
- P=Each plaintext letter
- C=each ciphertext letter
- 1 <= K <= 25 (# of keys)
- Encryption Algorithm – C=E(3,P) = P + 3 mod (26)
- Decryption Algorithm – P=D(K,C) = (C – K) mod 26
With a Monoalphabetic Cipher there is a bit more security. There is a possibility of 26! or 4×10^26 possible keys. This particular cipher uses a fixed substitution over the entire message. You would want to find out what maps to what, if you find some that match then you can figure out the rest. An analyst can exploit the regularities of a language to decrypt such a message. Another powerful tool is to look at two-letter combinations called digrams (th,ph,ch, etc..)
The best-known multiple-letter encryption cipher is the Playfair, which treats digrams in the plaintext as single units and translates these units into ciphertext digrams. It uses a 5×5 matrix where a keyword is put into the 5×5 matrix and the rest of the spaces are filled with random none repeating letters.
- Repeating plaintext letters in the same pair are separated by a filler letter. e.g. Ba ll on -> Ba lx lo on.
- Two plaintext letters that fill in the same column are replaced by the letter beneath. With the top element circularly following the last. e.g. mu -> cm
- Two plaintext letters that fall in the same row are each replaced by the letter to the right. ar -> rm
- Otherwise each plaintext in a pair is replaced by the letter in its own row and column occupant by the other letter. e.g. hs -> bp
Uses different monoalphabetic substitutions as one proceeds. The key is the same size as the plaintext. There is a set of monoalphabetic substitutions are used. A key then determines which particular rule is chosen for a given transformation.
How the cipher works:
For example: Horinzontal abc… = Key // Vertical abc… = plaintext
- Key = D
- Plaintext = W
- Then the ciphertext = Z
- The Vernum Cipher works with binary.(1′s and 0′s)
- Encryption Algorithm: Ci = Pi (EXCLUSIVE OR) Ki
- Ci = ith bit of ciphertext
- Pi = ith bit of plaintext
- Ki = ith bit of the key
- Decryption Algorithm: Pi = Ci (EXCLUSIVE OR) Ki
Problem: Plaintext = 0010 | Key = 1101 | Solution: Ciphertext = 1111
*REMEMBER! Exclusive OR is only true when both A&B are not the same. e.g. 1 & 1 = 0
0 & 1 = 1 | 1 & 0 = 1 |
A running loop of repeated keys completely removes any statistical relationship between plaintext and ciphertext. Might be broken with sufficient ciphertext.
Row Transposition Cipher
- No substitutions, we rearrange the key.
- Plaintext: attackpostponeduntiltwoamxyz
- Key = 4 3 1 2 5 6 7
- a t t a c k p
- o s t p o n e
- d u n t i l t
- w o a m x y z
- Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
- How we did it - First start with the number 1 and write down the first four letters under it. 1 = TTNA. Then you would go to 2 and write the next four letters under it. 2 = APTM. Continue doing the same until there are no more numbers.
Chapter 3 – Block Ciphers AND The Data Encryption Standard
- Understand the distinction between stream ciphers and block ciphers.
- Present an overview of the Feistel cipher and explain how decryption is the inverse of encryption.
- Present an overview of Data Encryption Standard (DES)
- Explain the concept of the avalanche effect.
- Discuss the cryptographic strength of DES.
- Summarize the principle block cipher design principles.
Plaintext is treated as a whole. Ciphertext is the same size as plaintext.
- 64-128 bits are used
- Symmetric encryption key