CENG413
Information Security
Izmir Katip Celebi University
Fall 2024-2025
Lecture 04
H. Burak Akyol, Ph.D.
These slides are adapted from the lecture notes of D. Soper and the lecture notes of A. D. Brucker.
Motivation
• How can we turn an untrustworthy channel into a trustworthy one?
2
Explaining Notation: Cryptography
Cryptography
• The science and art of secret writing.
• Encryption – Decryption
• Central Topics of Cryptography
• Confidentiality, Integrity, Availability, https://en.wikipedia.org/w/index.php?title=Enig
ma_machine&oldid=764760662
Authentication, Non-Repudiation, Auditability
3
Cryptography
• Plaintext, is denoted by M, for message, or P, for plaintext, is referred to the data
before encryption or after decryption
• can be a stream of bits, a text file, a bitmap, a stream of digitized voice, a digital
video image ...(binary data)
• In any case, M the message to be encrypted.
• Encryption, is denoted by E, is the process of disguising a message in such a way
as to hide its substance
• Ciphertext, is denoted by C, is referred to the data while encrypted
• It is also binary data: sometimes the same size as M, sometimes larger
• Decryption, is denoted by D, is the process of turning ciphertext back into
plaintext
4
Encryption & Decryption
• The encryption function E, operates on M to produce C. Or, in
mathematical notation:
E(M)=C
• In the reverse process, the decryption function D operates on C to
produce M:
D(C)=M
• Since the whole point of encrypting and then decrypting a message is to
recover the original plaintext, the following identity must hold true:
D(E(M))=M
5
Simple Encryption
• Simple encryption: Transforms plaintext into ciphertext
• Does not scale
• Hard to do securely
• Cannot simply use a standard algorithm
6
Key-Based Encryption
• Key-based encryption: Combines industry-vetted algorithms with keys
• Algorithms are created by experts
• Keys can be randomly generated
7
Mathematical Foundations
Encryption & Decryption
• We introduce:
• a finite set A, called the alphabet.
• the message space M ⊆ A* and m ∈ M is a plaintext (message)
• the ciphertext space C, whose alphabet may differ from M
• K denoting the key space of keys
• Moreover
• each e ∈ K determines a bijective function from M to C, denoted by Ee
• Ee is the encryption function
• for each d ∈ K, Dd denotes a bijection from C to M
• Dd is the decryption function
• Applying Ee (or Dd) is called encryption (or decryption)
8
Mathematical Foundations
Encryption (and Decryption) Schemes
An encryption scheme (or cipher) consists of a set {Ee | e ∈ K} and a corresponding
set {Dd | d ∈ K} such that for each e ∈ K there is a unique d ∈ K with Dd = Ee-1; i.e.,
Dd(Ee(m)) = m, for all m ∈ M
• The keys e and d form a key pair, sometimes denoted by (e, d)
• They can be identical (i.e., the symmetric key) of a symmetric encryption scheme
• To construct an encryption scheme requires fixing a message space M, a
ciphertext space C, and a key space K, as well as encryption transformations {Ee |
e ∈ K} and corresponding decryption transformations {Dd | d ∈ K}.
9
Example
• Let M = {m1, m2, m3} and C = {c1, c2, c3}
• There are 3! = 6 bijections from M to C
• The key space K = {E1, E2, E3, E4, E5, E6}
• on the right, specifies these transformations
• Assume Alice and Bob agree on E1
• To encrypt m1, Alice computes E1(m1) = c3
• Bob decrypts c3 by reversing the arrows on the
diagram for E1 and observing that c3 points to m1
10
A General Cryptographic Schema
• Where EKey1(P) = C and DKey2(C) = P, hence DKey2(EKey1(P)) = P
• Symmetric encryption (private key encryption)
• Key1 = Key2 (or can be easily derived from each other)
• Asymmetric encryption (public key encryption)
• Key1 ≠ Key2 (cannot be easily derived from each other)
• The public key (Key1) can be published without compromising the private key (Key2)
• Encryption and decryption should be easy, if keys are known.
• Security depends on the secrecy of the key, not the encryption/decryption algorithms
11
Example
• Symmetric Encryption
• Asymmetric Encryption
12
Encryption – Symmetric vs Asymmetric
• Symmetric Encryption
• Strength: Faster – Lower CPU Cost
• Strength: Cipher text is same size as Plain text
• Weakness: Secret key must be shared – Less Secure
→ Ideal for bulk data
• Asymmetric Encryption
• Weakness: Slower – Requires much larger key sizes
• Weakness: Cipher text expansion
• Strength: Private Key is never shared – More Secure
→ Restricted to limited data
13
Symmetric Encryption (Private-Key Encryption)
• Relies on a single key for encryption and decryption of the message
• The key (pre-shared):
• needs to be kept secret
• and be available with both the sender and the receiver
• Strength of encryption depends on the key size being used
14
Mono-Alphabetic Substitution Ciphers
• Simplest kind of cipher (idea over 2,000 years old)
• Let K be the set of all permutations on the alphabet A.
For each e ∈ K, we define an encryption transformation Ee on strings
m = m1m2… mn ∈ M as
Ee(m) = e(m1) e(m2)…e(mn)=c1c2…cn = c
• To decrypt c, compute the inverse permutation d = e-1 and
Dd = d(c1) d(c2)… d(cn) = m
• Ee is a simple substitution cipher or a mono-alphabetic substitution cipher.
15
Examples of Mono-Alphabetic Substitution Cipher
• D(KHOOR ZRUOG) = HELLO WORLD
• Caesar cipher: each plaintext character is replaced by the character a specified
number to the right modulo 26.
(e.g., E(A) = D → third character)
• D(ZL ANZR VF NQNZ) = MY NAME IS ADAM
• ROT13: shift each letter by 13 places
• D(2-25-5 2-25-5) = BYE BYE
• Alphanumeric: substitute numbers for letters
16
Frequency Analysis for Substitution Ciphers
• Key spaces are typically huge. (26 letters → 26! possible keys)
• Trivial to crack using frequency analysis (letters, digrams, etc.)
• Frequencies for English based on data-mining books/articles
• Easy to apply, except for short, atypical texts
• More sophistication is required to mask statistical regularities
17
Frequency Analysis Example
UKBYBIPOUZBCUFEEBORUKBYBHOBBRFESPVKBWFOFERVNBCVBZPRUBOFERVNBCVBPCYYFVUFOFEI
KNWFRFIKJNUPWRFIPOUNVNIPUBRNCUKBEFWWFDNCHXCYBOHOPYXPUBNCUBOYNRVNIWNCPOJI
OFHOPZRVFZIXUBORJRUBZRBCHNCBBONCHRJZSFWNVRJRUBZRPCYZPUKBZPUNVPWPCYVFZIXUPU
NFCPWRVNBCVBRPYYNUNFCPWWJUKBYBIPOUZBCUIPOUNVNIPUBRNCHOPYXPUBNCUBOYNRVNIW
NCPOJIOFHOPZRNCRVNBCUNENVVFZIXUNCHPCYVFZIXUPUNFCPWZPUKBZPUNVR
B 36 →E NC 11 → IN UKB 6 → THE
N 34 →T PU 10 → AT RVN 6
U 33 →A UB 10 FZI 4
P 32 UN 9 trigrams
C 26 digrams
letters
18
Poly-Alphabetic Substitution Ciphers
• Idea (Leon Alberti):
conceal distribution using the family of mappings
• A poly-alphabetic substitution cipher is a block cipher with block length t over
alphabet A where
• the key space K consists of all ordered sets of t permutations over A, (p1, p2, ... , pt)
• Encryption of m = m1… mt under key e = (p1, … , pt) is
Ee(m) = p1(m1)… pt(mt)
• Decryption key for e is d = (p1-1, … ,pt-1)
19
Poly-Alphabetic Substitution Ciphers
Example: Vigenere Ciphers
• Key given by sequence of numbers e = e1, … , et where
pi(a) = (a + ei) mod n
defining a permutation on an alphabet of size n
• Example: English (n = 26), with k = 3, 7, 10
m = TIH SCI PHE RIS CER TAI NLY NOT SEC URE
then
Ee(m) = WOS VJS SOO UPC FLB WHS QSI QVD VLM XYO
20
Vigenere Cipher
k = C R Y P T O C R Y P T O C R Y P T
(+ mod 26)
m = W H A T A N I C E D A Y T O D A Y
c = Z Z Z J U C L U D T U N W G C Q S
suppose most common = “H” first letter of key = “H” – “E” = “C”
21
Rotor Machines
• Early Example: the Habern Machine (Single Rotor)
A K E N
B S K E
C T S K
. . T S
. . . T
X R . .
Y N R .
Z key E N R
22
Rotor Machines
• Most Famous: the Enigma (3-5 Rotors)
# keys = 264 = 218
23
One-Time Pad (Vernam Cipher)
• A one-time pad is a cipher defined over {0, 1}
• A Message m1…mn is encrypted by a binary key string k1. . .kn:
• Example:
m = 010111
k = 110010
c = 100101
• Since every key sequence is equally likely, so is every plaintext!
• Unconditional (information theoretic) security, if key isn’t reused!
• Moscow–Washington communication previously secured this way
• Problem? Securely exchanging and synchronizing long keys
24
One-Time Pad (Vernam Cipher)
• Example
• Plain Text: HELLO
• ASCII
H → 72 (01001000) E → 69 (01000101) L → 76 (01001100)
O →79 (01001111)
HELLO → 01001000 01000101 01001100 01001100 01001111
Key → 11010101 11100010 10101100 10011010 01001001
XOR → 10011101 10100111 11100000 11010110 00000110
25
One-Time Pad (Vernam Cipher)
• You are given a message (m) and ciphertext encrypted by a
Vernam Cipher. Can you compute the key?
Yes.
m⊕k=c
m⊕m⊕k=c⊕m
(m ⊕ m = 0)
(0 ⊕ k = k)
k=c⊕m
26
Transposition Cipher
• For block length t, let K be the set of permutations on {1, ... , t}. For each e ∈ K
and m ∈ M
Ee(m) = me(1)me(2) …me(t)
• The set of all such transformations is called a transposition cipher
• To decrypt c = c1c2. . . ct compute
Dd(c) = cd(1) cd(2) …cd(t)
• where d is inverse permutation
• Letters are unchanged:
• apply frequency analysis to reveal if ciphertext is a transposition
27
Transposition Cipher
Columnar Transposition Cipher
Plaintext = TRANSPOSITION
(Key)word = MONEY 24315 (alphabetic order)
Ciphertext = NIXTPIASNROOSTX
28
Transposition Cipher
Rail Fence Cipher
Plaintext = TRANSPOSITION
Key = 3 (number of lines)
Ciphertext = TSINRNPSTOAOI
29
Composite Ciphers (Product Ciphers)
• Ciphers based on either substitutions or transpositions are insecure in
most cases
• Ciphers can be combined. However, two substitutions are really only one
more complex substitution or two transpositions are really only one
transposition
• but a substitution followed by a transposition makes a new harder
cipher
• Product ciphers chain combinations of substitutions and transpositions
30
Composite Ciphers
• DES (Data Encryption Standard)
• Block cipher, encrypting 64-bit blocks. Uses 56
bit keys
• Expressed as 64 bit numbers (8 bits parity
checking)
• Heavily used in banking applications.
• Extensions like triple-DES used to overcome
short key-length.
• Mode: EDE
• C=EK3(DK2(EK1(P))) then P=DK3(EK2(DK1(C)))
31
Composite Ciphers
Security of DES
• DES: brute-force search with 256 operations
• Triple DES: use three stages of encryption
• no known practical attack
• meet-in-the-middle attack → brute-force search with 2112
operations
• DES should not be used for new applications
• “Successor” Advanced Encryption Standard (AES)
• Key: 128, 192, or 256 bits
32