12/2/2023

Introduction to Cryptography
Dr. Khaled Tarmissi
[email protected]
Office: 1160 Lecture : #1

What is Cryptography?

1
 12/2/2023

1. Introduction and Overview

2. Traditional Symmetric Key Ciphers and Classical Cryptography

3. Mathematics of Cryptography

4. Introduction to Modern Symmetric-Key Ciphers

5. Stream cipher

Course 6. Block cipher

Outline 7. Asymmetric Key Cryptography (Public-key Cryptography)

8. RSA and other public key cryptography

9. Cryptographic Hash Functions

10. Digital Signature

11. Key management distribution

12. Secret Sharing

2
 12/2/2023

Reference Materials

• Cryptography And Network • Cryptography And

Security Network Security
• (7th Edition) by William Stallings • (3rd Edition) by Forouzan

Grading (Tentative)

✓Quizzes: ( 20%) lectures

(5 - 10) mins quizzes from lectures and practice problems
• Assignments: ( 20%) practice problems
• Midterm: (20%)
✓Final: (40%)
• No Makeup exam or Quiz.

3
 12/2/2023

Warnings

❑ Cheating will be punished severely.

❑ We will cover a lot of material: expect to
invest a lot of work in this course.
❑Please use your university e-mail, all other e-mails
(Yahoo, Hotmail, Gmail, …) will be ignored

Things that I will not do at the end of the course:

❑ Give you an incomplete because you think that your

grade was bad.
❑ Give you extra work so that you can try to improve
your grade.
❑ Bump your grade up because you feel you deserve it.
❑ Unless there is a grading error, do not come asking
for extra points.

4
 12/2/2023

Formal requirements
• Probability
• Algorithms and complexity
• Combinatorics
• Number theory
• …

Background • etc

necessary
for the For the purpose of this course,
course a brief overview of the needed
concepts will be given to refresh
your memory. However, a
minimum level of mathematical
maturity is assumed

1
0

Cryptology
Overview of
Cryptology
Cryptography Cryptanalysis
• Cryptology
• Greek: “krypto” = hide
• Cryptology –science of hiding
• Cryptology = cryptography +
cryptanalysis

10

5
 12/2/2023

Cryptology ⎯ The art and

science of making and
breaking “secret codes”

Cryptography ⎯ making
“secret codes”

Crypto
Cryptanalysis ⎯ breaking
“secret codes”

Crypto ⎯ all of the above

(and more)

11

11

Cryptography Did you use any

usage cryptography

• today?

• … over the last week?

• … over the summer

break?

12

6
 12/2/2023

• https invokes the Secure Socket Layer (SSL)

Cryptography communication security protocol to securely
transmit your credit card number to the

usage server.
• • SSL uses cryptography

13

Cryptography
usage Other uses of cryptography

ATM machines

On-line banking

Remote login and file transfer using SSH

•…
• etc.

14

14

7
 12/2/2023

Alice and Bob

Alice

Bob

Eve, Oscar, Carl

15

A Real-World Interaction (Protocol)

“Depositing a check at a bank”

1. Alice receives check from Bob

2. Alice hands over check to teller Tyra
3. Tyra sends check to Bob’s bank
4. Bob’s bank verifies Bob’s signature
5. Money transferred from Bob’s
account to Alice’s account

16

16

8
 12/2/2023

17

• What are the desired security properties ?

– Authentication : Bob must have written out the
check for Alice
– Integrity: The check has not been modified by
anyone other than Bob
– Non-repudiation: Bob cannot deny that he wrote
a check if in fact he did
– Authorization: Is Bob authorized to withdraw
$X in funds?
– Privacy: Bob’s bank should not share Bob’s
financial information with other companies
Questions ? • What can an adversary do to try to break
the protocol ?
– Forge check, steal an empty check, forge
signature, edit check
• What mechanisms are used to achieve
these properties ?
– Unforgivable signatures, uniqueness of
handwriting, indelible ink, tamper evident paper
(unauthenticated modification in body of check is
detectable)

17

Goals of Cryptography
❖ Cryptography is the science that enables Alice
and Bob to communicate securely in the
presence of Eve

❖ Goals
✓ Confidentiality : Protection from disclosure to unauthorized persons
✓ Data integrity : Maintaining data consistency
✓ Authentication: Entity authentication (Identification) and Message
authentication (Data origin authentication)
✓ corroborating the source of information
✓ Non-repudiation : Originator of communications can’t deny it later

❖ Solutions: Protocols between Alice and Bob

❖ At least one of Alice or Bob needs to know more (or can do

more) than Eve

18

18

9
 12/2/2023

Basic Terminology

• Plaintext : the original message

• Ciphertext : the coded message

• Cipher : algorithm for transforming plaintext to ciphertext

• Key : info used in cipher known only to sender/receiver

• Encipher (encrypt) : converting plaintext to ciphertext

• Decipher (decrypt) : recovering ciphertext from plaintext

19

• Symmetric cipher: same key used for

encryption and decryption

• Asymmetric cipher: different keys used

for encryption and decryption

20

10
 12/2/2023

Symmetric Key Cryptosystem

21

21

Single-key

Sender and recipient share a common

key

Symmetric All classical encryption algorithms are

symmetric
Encryption
The only type of ciphers prior to the
invention of asymmetric-key ciphers
in 1970’s

By far most widely used

22

22

11
 12/2/2023

23

Substitution cipher
Caesar Cipher

• Earliest known
substitution cipher
• Invented by Julius
Caesar
• Each letter is replaced
by the letter three
positions further
down the alphabet.

24

24

12
 12/2/2023

Ceasar’s Cipher Encryption

Plain: ab c d e f g h i j k l mn o p q r s t u v w x y z
Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

• Example: umm alqura →

XPP DOTXUD

25

Ceasar’s Cipher Decryption

❑ Suppose we know a Ceasar’s cipher is being used
❑ Ciphertext:
❑ Jhqlxv zlwkrxw hgxfdwlrq lv olnh vloyhu lq wkh plqh

Plaintext ab c d e f g h i j k l mn o p q r s t u v w x y z
Ciphertext D E F G H I J K L MN O P Q R S T U VWX Y Z A B C

Plaintext: Genius without education is like silver in the mine

26

26

13
 12/2/2023

Caesar Cipher

• Mathematically, map letters to numbers:

• Then the general Caesar cipher is:

c = EK(p) = (p + 3) mod 26
p = DK(c) = (c – 3) mod 26
• Can be generalized with any
alphabet.

27

27

❑ Defined over Z26as follows:

▪ Convert each letter in the

plaintext P to it's
corresponding number.
Shift ▪ Key K, 0 ≤ K ≤ 25.
▪ Ek(P) = (P + K) mod 26
Cipher ▪ Dk(C) = (C – K) mod 26

28

28

14
 12/2/2023

Shift Cipher

• Shift by n for some n 

{0,1,2,…,25}
• Then key is n
• Example: key = 7

29

Shift Cipher
Example

P = CRYPTOGRAPHY IS FUN
K = 19
Steps
C → 2; 2+19 mod 26 = 21 → V
R → 17; 17+19 mod 26 = 10 → K
…
…..
N → 13; 13+19 mod 26 = 6 → G

C = VKRIMHZKTIAR BL YNG

30

30

15
 12/2/2023

Shift Cipher: Cryptanalysis

• Ek(P) = (P + K) mod 26
• A simple substitution (shift by n) is
used
• But the key is unknown
• Can an attacker find K?
• key space is small (Only 26 possible
keys).
• try them all! exhaustive key search
• YES: (brute-force attack)
• Once K is found, very easy to decrypt
• Dk(C) = (C –K) mod 26

31

31

Shift Cipher: Cryptanalysis

Suppose you intercept a message, and you know the
sender is using a shift cipher, but do not know the shift
being used. The message begins EQZP. How hard would
it be to decrypt this message ?

32

16
 12/2/2023

Shift Cipher
Plain-text: S E N D R E I N F O R C E M E N T
Key: 2
Cipher-text: U G P F T F K P H Q T E G O G P V

Problem: only 26 possibilities for key – can be broken in short time.

Kerchoff’s Principle (1883): System should be secure even if algorithms

are known, as long as key is secret.

Can you get a better idea ???

33

33

Monoalphabetic (Substitution) Cipher

• Shuffle the letters and map each plaintext letter to a

different random ciphertext letter:

Plain letters: abcdefghijklmnopqrstuvwxyz

Cipher letters: DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
• What does a key look like???

34

34

17
 12/2/2023

Monoalphabetic (Substitution) Cipher

• Key is some permutation of letters
• Need not be a shift
• For example

Plaintext ab c d e f g h i j k l mn o p q r s t u v w x y z
Ciphertext J I C A X S E Y V D KWB QT Z R H F M P N U L GO

❑ How many possible keys do we have now?!

35

35

Monoalphabetic (Substitution) Cipher

Key: k = table mapping each letter to another letter
A B C Z
U R B E

Encryption and decryption: letter by letter according to table.

# of possible keys: 26! ( = 403,291,461,126,605,635,584,000,000 )

Now we have a total of 26!

With so many keys, it is secure against brute-force attacks.
However – substitution cipher is still insecure
not secure against some cryptanalytic attacks.!!!
The Problem is language characteristics.

Key observation: can recover plaintext using statistics on

letter frequencies.

36

36

18
 12/2/2023

Human languages are not random.

Letters are not equally frequently

used.

Language In English, E is by far the most

Statistics and common letter, followed by T, R, N, I,
O, A, S.
Cryptanalysis
Other letters like Z, J, K, Q, X are fairly
rare.

There are tables of single, double &

triple letter frequencies for various
languages
37

37

Frequency analysis

38

38

19
 12/2/2023

Example

HereUpOnLeGrandAroseWithAGraveAndStatelyAirAndBrought
Here
He e e r
ra a e h
ha a eea t t
tat a r
ra r ht
LIVITCSWPIYVEWHEVSRIQMXLEYVEOIEWHRXEXIPFEMVEWHKVSTYLX
MeTheBeetleFromAGlassCaseInWhichItWasEnclosedItWasABe
ethe eet e r a a e h h t a e e t a a e
ZIXLIKIIXPIJVSZEYPERRGERIMWQLMGLMXQERIWGPSRIHMXQEREKI
I – most common letter I=e L=h X=t
LI – most common pair V=r E=a Y=g
XLI – most common triple

39

39

40

40

20
 12/2/2023

41

41

42

42

21
 12/2/2023

43

43

Objective: to recover the

plaintext of a ciphertext or,
more typically, to recover
the secret key.

Kerkhoff’s principle: the

adversary knows all details
Cryptanalysis about a cryptosystem
except the secret key.

brute-force attack
Two general
non-brute-force attack
approaches:
(cryptanalytic attack)

44

44

22
 12/2/2023

Polyalphabetic Cryptosystems

If the same character at different locations in

plaintext is mapped into different characters in
ciphertext, called polyalphabetic cryptosystems.

Vigenere cipher is a kind of polyalphabetic cipher:

Encrypt m characters at a time,
Each key consists of m Devised by Blaise de Vigenere in
i.e., each plaintext element is
characters, called keyword. the sixteen century.
equivalent to m characters.

45

45

Vigenere Cipher
▪ Simplest polyalphabetic substitution
cipher
▪ Effectively multiple shift ciphers
▪ key is multiple letters long K = k1 k2 ... Kd
▪ The key is a vector of shifts … SO .. the key
and its length are unknown to Eve.
▪ ith letter specifies ith alphabet to use
▪ Use each alphabet in turn
▪ Repeat from start after d letters in
message
▪ Decryption simply works in reverse

46

46

23
 12/2/2023

1. Write the plaintext out

2. Write the keyword repeated
3. Use each key letter as a shift cipher key
4. Encrypt the corresponding plaintext letter

Vigenere Example :

keyword: deceptive , so k = ( 3,4,2,4,15,19,8,21,4 )

Cipher plaintext: w e a r e d i s c o v e r e d s a v e y o u r s e l f
key: d e c e p t i v e d e ce p t i v e de c ep t i v e
k 3 4 2 4 15 19 8 21 4 ……….
ciphertext: z i c v t w q n g r z g v t w a v z h c q y g l m g j

47

47

Vigenere Cipher
• “Multi-Caesar Cipher” – A statefull cipher
Key: k = (k1,k2,…,km) list of m numbers between 0 and 25

Encryption: n1thstletter
letter
encoded
encoded
w/ key=k
as Caesar
(n modw/ i → I1+: ki(n→
m) :key=k I +m)k(mod
mod 1 (mod
26)
26)

2nd natural
Decryption: In the encoded as Caesar w/ key=k2 : i → I + k2 (mod 26)
letterway
…
Important Property: Can no longer break using letter frequencies alone.
mth letter encoded as Caesar w/ key=km : i → I + km (mod 26)
‘e’ will be mapped to ‘e’+k1,‘e’+k2,…,‘e’+km according to location.
m+1th letter encoded as Caesar w/ key=k1 : i → I + k1 (mod 26)
Considered “unbreakable” for 300 years (broken by Babbage, Kasiski 1850’s)

48

48

24
 12/2/2023

Vigenere Cipher

49

49

Vigenere Cipher security

Q: what is the key space? Suppose the keyword length is m.

There are total 26m possible keys.

Suppose m=5, then 265 = 1.1  107 , which is large enough to
preclude exhaustive key search by hand.
However, we will see that there will be a systemic method to
break Vigenere cipher.
We see that one character could be mapped into m different
characters when the character is in m different positions.

50

50

25
 12/2/2023

Vigenere Cipher security

• “Multi-Caesar Cipher” – A statefull cipher
Key: k = (k1,k2,…,km) list of m numbers between 0 and 25

Encryption: nth letter encoded w/ key=k(n mod m) : i → I + k(n mod m) (mod 26)
Decryption: In the natural way
Breaking Vigenere:
LIVITCSWPIYVEWHEVSRIQMXLEYVEOIEWHRXEXIPFEM VEWHKV

Step 1: Guess the length of the key m

Step 2: Group together positions {1, m+1, 2m+1, 3m+1,…}

{2, m+2, 2m+2, 3m+2,…}
…
{m-1, 2m+m-1, 3m+m-1,…}

51

51

Vigenere Cipher security

• “Multi-Caesar Cipher” – A statefull cipher
Key: k = (k1,k2,…,km) list of m numbers between 0 and 25

Encryption: nth letter encoded w/ key=k(n mod m) : i → i + k(n mod m) (mod 26)
Decryption: In the natural way
Breaking Vigenere:
LIVITC
SWPIYV
EWHEVS Step 1: Guess the length of the key m
RIQMXL
EYVEOI Step 2: Group together positions 1, m+1, 2m+1, 3m+1,…
EWHRXE
XIPFEM {2, m+2, 2m+2, 3m+2,…}
VEWHKV …
{m-1, 2m+m-1, 3m+m-1,…}

Step 3: Frequency-analyze each group independently.

52

52

26
 12/2/2023

Frequency analysis

53

53

Vigenere Cipher security

The ciphertext

The frequencies are as follows :

Note : There is no letter whose frequency is significant large. Why !!???

Can we decrypt the massage ???
How ??

54

54

27
 12/2/2023

Vigenère Cipher: Finding the Key Length

❑ Write the ciphertext on a long strip of paper, and again on another long strip.
❑ Put one strip above the other, but displaced by a certain number of places.
❑ Mark a * each time a letter and one below it are the same, and count the total
number of coincidences.

❑ If we do this for different displacements we obtain the following data :

❑ The most coincidences is for shift of 5.

❑ The best guess for the lenth of the key is 5

55

55

Vigenère Cipher: Finding the Key (1)

❑ Look at the 1st , 6th ,11th , … …. letters and see which letter occurs most
frequently.
In our example we obtain :

The most frequent is G, though J,K,C are close behind

If J=e would mean a shift of 5, hence C = x !!!
Similarly if K = e would mean P = j , and Q = k !!!
And if C = e would mean V = x , !!!
Therefore we decide that G = e, So the first element of the key is 2 = C

56

56

28
 12/2/2023

Vigenère Cipher: Finding the Key (2)

❑ Look at the 2nd , 7th ,12th , ……. letters and see which letter occurs most frequently.
In our ex ample we obtain : G occururs 10 times and S occurs 12 times and the
other letters are far behind.
if G = e would mean S = q !!!
Therefore we deicide that S = e, So the second element of the key is 14 = O

❑ Look at the 3rd , 8th ,13th , ……. letters and see which letter occurs most frequently.

As in the first and second guess the third element of the key is 3 = d

The fourth and the final elements of the key are

your homework

57

57

THE AUTO-KEY Vigenère CIPHER

❑ Ideally want a key as long as the message
❑ Vigenère proposed the autokey cipher
❑ With keyword is prefixed to message as key
❑ Knowing keyword can recover the first few letters
❑ Use these in turn on the rest of the message
❑ But still have frequency characteristics to attack
❑ eg. given key deceptive

58

58

29
 12/2/2023

The Playfair Cipher

operates on pairs of
letters (bigrams).
Replace all (J)’s with
(I)’s
The key is a 5x5
square matrix
consisting of every
letter except J.
Playfair Before encrypting,
Write the plaintext in
pairs of letters…

Cipher the plaintext must be

transformed:
separating any identical
pairs by a ( Z )

If the number of letters is

odd, add a ( Z ) to the end

59

59

If two plaintext letters lie in the same

row then replace each letter by the
one on its “right” in the key square

Playfair If two plaintext letters lie in the same

Cipher: column then replace each letter by the
one “below” it in the key square
Encryption
Else, replace:
First letter by letter in row of first Second letter by letter in column
letter and column of second letter of first letter and row of second
in the key square. letter in the key square.

60

60

30
 12/2/2023

Playfair Cipher: Example

GLOW WORM
S T A N D
E R C H B
K F G I L GL OW WO RM
M O P Q U
V W X Y Z
IK WT TW EO

61

61

security much improved over monoalphabetic

since have 26 x 26 = 676 digrams

Security would need a 676 entry frequency table to

analyse (verses 26 for a monoalphabetic)

of and correspondingly more ciphertext

Playfair was widely used for many years

Cipher • eg. by US & British military in WW1

it can be broken, given a few hundred letters

since still has much of plaintext structure

62

31
 12/2/2023

Transposition Ciphers

❑ Now consider classical transposition or permutation ciphers.

❑ These hide the message by rearranging the letter order.
❑ Without altering the actual letters used.
❑ Can recognise these since have the same frequency distribution as the
original text.

63

63

Rail Fence cipher

❑ Write message letters out diagonally over a number of rows
❑ Then read off cipher row by row

❑ EX. :
Plaintext: Meet me after the toga party
NO. of rows 2
m e m a t r h t g p r y
e t e f e t e o a a t
❑ Giving Ciphertext

MEMATRHTGPRYETEFETEOAAT

64

64

32
 12/2/2023

Row Transposition Cipher

65

65

Double Transposition
Plaintext: attackxatxdawn

Permute rows
and columns


Ciphertext: xtawxnattxadakc
Key: matrix size and permutations (3,5,1,4,2)
and (1,3,2)

66

33
 12/2/2023

ADFGX ciphers
A D F G X • Why ADFGX?
– Morse code for these are very
different
A l k p b q – Combined cryptography with
error-correction
D m v r t z • Matrix 1:
– 25 letters (i and j merged
F e f o d g again) randomly placed
• Each plaintext letter
G x c i y n replaced by its row and
column labels
X h u w a s • hello there →
• XA FA AA AA FF DG XA FA DF FA

67

ADFGX ciphers (2)

• XA FA AA AA FF DG XA FA
DF FA C R Y P T U
• Matrix 2: pick a random
keyword and write the X A F A A A
previous result under it in
scanline order. A A F F D G
• Shuffle the columns into
alphabetical order X A F A D F
• Then read down the
columns F A

68

34
 12/2/2023

ADFGX ciphers (3)

• XA FA AA AA DG FF XA
FA DF FA
• Matrix 2: pick a random
keyword and write the C P R T U Y
previous result under it
in scanline order. X A A A A F
• Shuffle the columns
into alphabetical order
• Then read down the
A F A D G F
columns to get
ciphertext: X A A D F F
• XAXFAFAAAAAADDAGF F A
FFF

69

Developed and patented (in 1918) by Arthur Scherbius

Many variations on basic design

Eventually adopted by Germany

Enigma For both military and diplomatic use Many variations used

Broken by Polish cryptanalysts, late 1930s

Exploited throughout WWII

By Poles, British, Americans

70

35
 12/2/2023

Enigma

• To encrypt
– Press plaintext
letter, ciphertext
lights up
• To decrypt
– Press ciphertext
letter, plaintext
lights up
• Electo-mechanical

71

Enigma Crypto
Features

• 3 rotors
– Set initial positions
• Moveable ring on rotor
– Odometer effect
• Stecker (plugboard)
– Connect pairs of
letters
• Reflector
– Static “rotor”

72

36
 12/2/2023

Enigma is a substitution
cipher

But not a simple substitution

• Perm changes with each letter typed

Substitution Another name for simple

substitution is mono-
Cipher alphabetic substitution

Enigma is an example of a
poly-alphabetic substitution

How are Enigma “alphabets”

generated?

73

Three rotors

http://enigmaco.de/enigma/enigma.swf

74

37
 12/2/2023

• Gilbert Sandford Vernam – inventor

➢ Also known as Vernam Cipher
➢ Invented ca. 1919
• Proven unbreakable by Claude Shannon
One-Time ➢ Communication Theory of Secrecy Systems
➢ 1949
Pad • Unbreakable if and only if
➢ Key is same length as plain text
➢ Key is never re-used

75

0 xor 0 = 0
Basic operation – bitwise
XOR
0 xor 1 = 1

XOR table

1 xor 0 = 1
One-Time Pad
Plain text is represented as
bit stream
1 xor 1 = 0
Key is random bit stream of
same length

Cipher text is produced via

bitwise XOR of plain bit
stream and key bit stream.

76

38
 12/2/2023

• Plain text :: Grade = A – Great!

• Plain text in ASCII
➢ 71 114 97 100 101 32 61 32 65 32 45
One-Time •
32 71 114 101 97 116 33
Plain text as bit stream
Pad – 01000111 01110010 01100001 01100100
01100101 00100000 00111101 00100000
Example 01000110 00100000 10010110 00100000
01010011 01101111 01110010 01110010
01111001 00100001

77

• Key as bit stream

11000001 01110000 11011110 10111001
01100001 10001000 01101100 11111010
00110011
01001110 01111001 00011110 00001000
One-Time 10010001 10100100 01000000 10000000
01000010
Pad – • Cipher text as bit stream
10000110 00000010 10111111 11011101
Example 00000100 10101000 01010001 11011010
01110010
01101110 01010100 00111110 01001111
11100011 11000001 00100001 11110100
01100011

78

39
 12/2/2023

• Try attack by exhaustive search

• Among possible keys
11000001 01110000 11011110 10111001
One-Time 01100001 10001000 01101100 11111010
00110100 01001110 01111001 00011110
Pad – Why 00011100 10001100 10110011 01010011
10001101 01000010
Unbreakable • Produces this recovered plain text:
• Grade = F – Sorry!

79

• Exhaustive search will produce every possible

combination of 18 characters.
• And there is no way to distinguish between
them
One-Time • Among the possible recovered texts:
➢ Tickle me Elmo now
Pad – Why ➢ Jabberwocky Rocks!
Unbreakable ➢ Attack tomorrow am
➢ Attack tomorrow pm
➢ Grade = C++ & Java

80

40
 12/2/2023

• Every sender/recipient must have same

Key pad
distribution • N sender recipient pairs require O(N2)
pads
problem • Pad distribution is security risk

Key
• Sheets on pad must match exactly
coordination • Messages must arrive in order sent
problem
One-Time Pad– Why
Look Elsewhere?
Key
• High quality random numbers hard to
generation generate
problem

Bottom line
– has some
limited use

81

Easy to •Encryption and decryption are the same

operation
compute •Bitwise XOR is very cheap to compute

Advantages of One-Time
Pad

•Given a ciphertext, all plaintexts are equally likely,

regardless of attacker’s computational resources
As secure as •…if and only if the key sequence is truly random
•True randomness is expensive to obtain in large
theoretically quantities
•…if and only if each key is as long as the plaintext
possible •But how do the sender and the receiver
communicate the key to each other? Where do
they store the key?

slide
82

82

41
 12/2/2023

Key must • Impractical in most realistic

be as long scenarios
as the • Still used for diplomatic and
intelligence traffic
plaintext

• One-time pad only

Does not guarantees confidentiality
Problems with One-Time
Pad
guarantee • Attacker cannot recover
plaintext, but can easily
integrity change it to something else

Insecure
• Attacker can obtain XOR of
if keys are plaintexts
reused
slide
83

83

slide 84

• What to do when it is infeasible to pre-share

huge random keys?
• Use special cryptographic primitives:

Reducing block ciphers, stream ciphers

– Single key can be re-used (with some
Key Size restrictions)
– Not as theoretically secure as one-time
pad

84

42
 12/2/2023

Cryptanalytic Attacks
May be classified by how much information needed by the attacker:
– Ciphertext-only attack
– Known-plaintext attack
– Chosen-plaintext attack
– Chosen-ciphertext attack

Cryptanalysis

Non-brute-force brute-force

Ciphertext-only Known-plaintext Chosen-plaintext Chosen-

attack attack attack ciphertext attack

85

85

Ciphertext-only attack

• Given: a ciphertext c
• Q: what is the plaintext m?
• An encryption scheme is completely insecure if
it cannot resist ciphertext-only attacks.

86

43
 12/2/2023

Known-plaintext attack

• Given: (m1,c1), (m2,c2), …, (mk,ck) and a new

ciphertext c.
• Q: what is the plaintext of c?
• Q: what is the secret key in use?

87

Chosen-plaintext attack
• Given: (m1,c1), (m2,c2), …, (mk,ck), where m1, m2, …, mk are chosen
by the adversary; and a new ciphertext c.
• Q: what is the plaintext of c, or what is the secret key?

88

44
 12/2/2023

In 1942, US Navy cryptanalysts discovered

that Japan was planning an attack on “AF”.

They believed that “AF” means Midway

island.

Example:
Pentagon didn’t think so.
chosen-
plaintext US forces in Midway sent a plain message
that their freshwater supplies were low.

attack Shortly, US intercepted a Japanese ciphertext

saying that “AF” was low on water.

This proved that “AF” is Midway island .

89

89

Chosen-ciphertext attack
• Given: (m1,c1), (m2,c2), …, (mk,ck), where c1, c2, …, ck are chosen by
the adversary; and a new ciphertext c.
• Q: what is the plaintext of c, or what is the secret key?

90

45
 12/2/2023

Attack: any action that

compromises the
security of
information

Security Many different types

of attacks

Attack Can be generally

Passive attacks

classified as

Active attacks

91

91

Passive Attacks
• Reading contents of messages
• Also called eavesdropping
• Difficult to detect passive attacks
• Defense: to prevent their success

92

92

46
 12/2/2023

Active Attacks
• Modification or creation of messages
(by attackers)
• Four categories: modification of
messages, replay, masquerade, denial
of service
• Easy to detect but difficult to prevent
• Defense: detect attacks and recover
from damages

93

93

Active Attacks

94

94

47
 12/2/2023

Active Attacks

95

95

Active Attacks

96

96

48
 12/2/2023

Symmetric Key Cryptosystem

97

97

Frequency analysis

98

98

49