CENG413 - Lec04
CENG413 - Lec04
Information Security
Izmir Katip Celebi University
Fall 2024-2025
Lecture 04
H. Burak Akyol, Ph.D.
These slides are adapted from the lecture notes of D. Soper and the lecture notes of A. D. Brucker.
Motivation
• How can we turn an untrustworthy channel into a trustworthy one?
2
Explaining Notation: Cryptography
Cryptography
• The science and art of secret writing.
• Encryption – Decryption
3
Cryptography
5
Simple Encryption
• Simple encryption: Transforms plaintext into ciphertext
6
Key-Based Encryption
• Key-based encryption: Combines industry-vetted algorithms with keys
• Algorithms are created by experts
• Keys can be randomly generated
7
Mathematical Foundations
Encryption & Decryption
• We introduce:
• a finite set A, called the alphabet.
• the message space M ⊆ A* and m ∈ M is a plaintext (message)
• the ciphertext space C, whose alphabet may differ from M
• K denoting the key space of keys
• Moreover
• each e ∈ K determines a bijective function from M to C, denoted by Ee
• Ee is the encryption function
• for each d ∈ K, Dd denotes a bijection from C to M
• Dd is the decryption function
• Applying Ee (or Dd) is called encryption (or decryption)
8
Mathematical Foundations
Encryption (and Decryption) Schemes
An encryption scheme (or cipher) consists of a set {Ee | e ∈ K} and a corresponding
set {Dd | d ∈ K} such that for each e ∈ K there is a unique d ∈ K with Dd = Ee-1; i.e.,
Dd(Ee(m)) = m, for all m ∈ M
9
Example
• Let M = {m1, m2, m3} and C = {c1, c2, c3}
• There are 3! = 6 bijections from M to C
• The key space K = {E1, E2, E3, E4, E5, E6}
• on the right, specifies these transformations
10
A General Cryptographic Schema
11
Example
• Symmetric Encryption
• Asymmetric Encryption
12
Encryption – Symmetric vs Asymmetric
• Symmetric Encryption
• Strength: Faster – Lower CPU Cost
• Strength: Cipher text is same size as Plain text
• Weakness: Secret key must be shared – Less Secure
→ Ideal for bulk data
• Asymmetric Encryption
• Weakness: Slower – Requires much larger key sizes
• Weakness: Cipher text expansion
• Strength: Private Key is never shared – More Secure
→ Restricted to limited data
13
Symmetric Encryption (Private-Key Encryption)
• Relies on a single key for encryption and decryption of the message
• The key (pre-shared):
• needs to be kept secret
• and be available with both the sender and the receiver
• Strength of encryption depends on the key size being used
14
Mono-Alphabetic Substitution Ciphers
• Simplest kind of cipher (idea over 2,000 years old)
• Let K be the set of all permutations on the alphabet A.
For each e ∈ K, we define an encryption transformation Ee on strings
m = m1m2… mn ∈ M as
15
Examples of Mono-Alphabetic Substitution Cipher
• D(KHOOR ZRUOG) = HELLO WORLD
• Caesar cipher: each plaintext character is replaced by the character a specified
number to the right modulo 26.
(e.g., E(A) = D → third character)
16
Frequency Analysis for Substitution Ciphers
• Key spaces are typically huge. (26 letters → 26! possible keys)
• Trivial to crack using frequency analysis (letters, digrams, etc.)
• Frequencies for English based on data-mining books/articles
• Easy to apply, except for short, atypical texts
• More sophistication is required to mask statistical regularities
17
Frequency Analysis Example
UKBYBIPOUZBCUFEEBORUKBYBHOBBRFESPVKBWFOFERVNBCVBZPRUBOFERVNBCVBPCYYFVUFOFEI
KNWFRFIKJNUPWRFIPOUNVNIPUBRNCUKBEFWWFDNCHXCYBOHOPYXPUBNCUBOYNRVNIWNCPOJI
OFHOPZRVFZIXUBORJRUBZRBCHNCBBONCHRJZSFWNVRJRUBZRPCYZPUKBZPUNVPWPCYVFZIXUPU
NFCPWRVNBCVBRPYYNUNFCPWWJUKBYBIPOUZBCUIPOUNVNIPUBRNCHOPYXPUBNCUBOYNRVNIW
NCPOJIOFHOPZRNCRVNBCUNENVVFZIXUNCHPCYVFZIXUPUNFCPWZPUKBZPUNVR
B 36 →E NC 11 → IN UKB 6 → THE
N 34 →T PU 10 → AT RVN 6
U 33 →A UB 10 FZI 4
P 32 UN 9 trigrams
C 26 digrams
letters
18
Poly-Alphabetic Substitution Ciphers
• Idea (Leon Alberti):
conceal distribution using the family of mappings
19
Poly-Alphabetic Substitution Ciphers
Example: Vigenere Ciphers
• Key given by sequence of numbers e = e1, … , et where
pi(a) = (a + ei) mod n
defining a permutation on an alphabet of size n
20
Vigenere Cipher
k = C R Y P T O C R Y P T O C R Y P T
(+ mod 26)
m = W H A T A N I C E D A Y T O D A Y
c = Z Z Z J U C L U D T U N W G C Q S
suppose most common = “H” first letter of key = “H” – “E” = “C”
21
Rotor Machines
A K E N
B S K E
C T S K
. . T S
. . . T
X R . .
Y N R .
Z key E N R
22
Rotor Machines
• Example:
m = 010111
k = 110010
c = 100101
• Since every key sequence is equally likely, so is every plaintext!
• Unconditional (information theoretic) security, if key isn’t reused!
• Moscow–Washington communication previously secured this way
• Problem? Securely exchanging and synchronizing long keys
24
One-Time Pad (Vernam Cipher)
• Example
• Plain Text: HELLO
• ASCII
H → 72 (01001000) E → 69 (01000101) L → 76 (01001100)
O →79 (01001111)
25
One-Time Pad (Vernam Cipher)
• You are given a message (m) and ciphertext encrypted by a
Vernam Cipher. Can you compute the key?
Yes.
m⊕k=c
m⊕m⊕k=c⊕m
(m ⊕ m = 0)
(0 ⊕ k = k)
k=c⊕m
26
Transposition Cipher
• For block length t, let K be the set of permutations on {1, ... , t}. For each e ∈ K
and m ∈ M
Ee(m) = me(1)me(2) …me(t)
• The set of all such transformations is called a transposition cipher
• To decrypt c = c1c2. . . ct compute
Dd(c) = cd(1) cd(2) …cd(t)
• where d is inverse permutation
• Letters are unchanged:
• apply frequency analysis to reveal if ciphertext is a transposition
27
Transposition Cipher
Columnar Transposition Cipher
Plaintext = TRANSPOSITION
Ciphertext = NIXTPIASNROOSTX
28
Transposition Cipher
Rail Fence Cipher
Plaintext = TRANSPOSITION
Ciphertext = TSINRNPSTOAOI
29
Composite Ciphers (Product Ciphers)
• Ciphers based on either substitutions or transpositions are insecure in
most cases
• Ciphers can be combined. However, two substitutions are really only one
more complex substitution or two transpositions are really only one
transposition
• but a substitution followed by a transposition makes a new harder
cipher
30
Composite Ciphers
• DES (Data Encryption Standard)
31
Composite Ciphers
Security of DES
• DES: brute-force search with 256 operations
• Triple DES: use three stages of encryption
• no known practical attack
• meet-in-the-middle attack → brute-force search with 2112
operations
• DES should not be used for new applications
• “Successor” Advanced Encryption Standard (AES)
• Key: 128, 192, or 256 bits
32