Computer Security

By

Abdul Hadi M.Alaidi

Chapter 1 ............................................................................................. 1
1.1 Definitions ............................................................................ 1
1.2 Security Services .................................................................. 2
1.3 Security Mechanism ............................................................. 4
1.4 Terminology and Background .............................................. 4
1.5 Basic Cryptographic Algorithms.......................................... 5
1.5.1 Classical model of encryption .......................................... 6
Chapter 2 ............................................................................................. 9
2.1 Modular Arithmetic .............................................................. 9
2.2 Greatest Common Divisor(GCD)....................................... 10
2.3 Least Common Multiple (LCM). ....................................... 10
2.4 Multiplicative Inverse ........................................................ 11
2.5 Exercise .............................. Error! Bookmark not defined.
Chapter 3 ........................................................................................... 13
3.1 The forms of Encryption .................................................... 13
3.2 Keyless Transposition Ciphers: .......................................... 13
3.2.1 Keyless Transposition Ciphers: ...................................... 13
3.2.2 Columnar Transposition Ciphers. ................................... 13
3.3 Substitution cipher.............................................................. 14
3.3.1 Monoalphabetic Ciphers. ................................................ 14
3.3.2 Additive Cipher: ............................................................. 15
3.3.3 Caesar Cipher: - .............................................................. 16
Caesar Cipher ................................................................................ 16
Multiplicative Ciphers ................................................................... 18
3.3.4 Affine Ciphers ................................................................ 19
3.4 Polyalphabetic Ciphers ....................................................... 20
3.4.1 Autokey Cipher: - ........................................................... 20
3.4.2 Playfair Key Matrix ........................................................ 21
3.4.3 Hill Cipher ...................................................................... 23
3.4.4 One-Time Pad ................................................................. 30
Chapter 4 ........................................................................................... 33
4.1 Introduction ........................................................................ 33
4.2 Stream cipher...................................................................... 33
 4.3 Block ciphers ...................................................................... 34
4.4 Ciphers vs. Block ciphers ................................................... 34
4.5 Encryption and Decryption with Stream Ciphers .............. 35
4.6 Shift Register-Based Stream Ciphers ................................. 35
4.7 Linear Feedback Shift Registers (LFSR) ........................... 35
4.8 The Data Encryption Standard (DES) and Alternatives..... 37
4.9 Introduction to DES ........................................................... 37
4.10 Exercise .............................. Error! Bookmark not defined.
Chapter 5 ........................................................................................... 39
5.1 Introduction ........................ Error! Bookmark not defined.
5.2 Exercise .............................. Error! Bookmark not defined.
Chapter 6 ........................................... Error! Bookmark not defined.
6.1 Principle of mathematical inductionError! Bookmark not defined.
6.2 Exercise .............................. Error! Bookmark not defined.
 Chapter 1

1.1 Definitions

Computer Security - generic name for the collection of tools designed to protect data
and to thwart hackers.

Information systems security is the ability to provide the services required by the user
community while simultaneously preventing unauthorized use of system resources

Network Security - measures to protect data during their transmission

Internet Security - measures to protect data during their transmission over a collection
of interconnected networks

Aspects of Security: - 3 aspects of information security:

• security attack
• security service
• security mechanism

Security Attack

any action that compromises the security of information owned by an organization

information security is about how to prevent attacks, or failing that, to detect attacks on
information-based systems

often threat & attack used to mean same thing

have a wide range of attacks and can focus of generic types of attacks

• passive
• active

Passive Attacks

1
2 | Data Security Concepts

Active Attacks

1.2 Security Services

1.Confidentiality: - The concept of Confidentiality relate to the protection of

information and prevention of unauthorized access or disclosure. The ability to keep
data confidential, or secret, is critical to staying competitive in today’s business
environments.

Examples of Confidentiality
 |3

1. Student grade information is an asset whose confidentiality is considered to be

very high
a. The US FERPA Act: grades should only be available to students, their
parents, and their employers (when required for the job)
2. Student enrollment information: may have moderate confidentiality rating; less
damage if enclosed
3. Directory information: low confidentiality rating; often available publicly

2. Integrity: - Integrity deals with prevention of unauthorized modification of

intentional or accidental modification.

Data integrity: assures that information and programs are changed only in a specified
and authorized manner

System integrity: Assures that a system performs its operations in unimpaired manner

Examples of Integrity

• A hospital patient’s allergy information (high integrity data): a doctor should be

able to trust that the info is correct and current
• If a nurse deliberately falsifies the data, the database should be restored to a
trusted basis and the falsified information traced back to the person who did it
• An online newsgroup registration data: moderate level of integrity
• An example of low integrity requirement: anonymous online poll (inaccuracy is
well understood)

3. Availability: - assures that the resources that need to be accessed are accessible to
authorized parties in the ways they are needed. Availability is a natural result of the
other two concepts (confidentiality and integrity).

Examples of Availability

1. A system that provides authentication: high availability requirement

(a) If customers cannot access resources, the loss of services could
result in financial loss
2. A public website for a university: a moderate availably requirement; not
critical but causes embarrassment
3. An online telephone directory lookup: a low availability requirement
because unavailability is mostly annoyance (there are alternative
sources)

4. Authentication is the process by which the information system assures that you are
who you say you are; how you prove your identity is authentic. Methods of performing
authentication are:

1. User ID and passwords. The system compares the given password with a
stored password. If the two passwords match then the user is authentic.
4 | Data Security Concepts

2. Swipe card, which has a magnetic strip embedded, which would already
contain your details, so that no physical data entry takes place or just a PIN is
entered.
3. Digital certificate, an encrypted piece of data which contains information
about its owner, creator, generation and expiration dates, and other data to
uniquely identify a user.
4. key fob, small electronic devices which generate a new random password
synchronized to the main computer
5. Biometrics - retinal scanners and fingerprint readers. Parts of the body are
considered unique enough to allow authentication to computer systems based
on their properties.

5.Accountability (Non-Repudiation): - The security goal that generates the

requirement for actions of an entity to be traced uniquely to that entity. This supports
nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and
after-action recovery and legal action.

1.3 Security Mechanism

• feature designed to detect, prevent, or recover from a security attack

• no single mechanism that will support all services required
• however, one particular element underlies many of the security mechanisms in
use:
cryptographic techniques
• hence our focus on this topic

1.4 Terminology and Background

Cryptography is the art or science of keeping messages secret.

 |5

Cryptanalysis is the art of breaking ciphers, i.e. retrieving the plaintext without
knowing the proper key.

People who do cryptography are cryptographers, and practitioners of cryptanalysis are

cryptanalysts.

Cryptography deals with all aspects of secure messaging, authentication, digital

signatures, electronic money, and other applications.

Cryptology is the branch of mathematics that studies the mathematical foundations of

cryptographic methods.

The various components of a basic cryptosystem are as follows: -

Plaintext. It is the data to be protected during transmission.

Encryption Algorithm. It is a mathematical process that produces a ciphertext for any

given plaintext and encryption key. It is a cryptographic algorithm that takes plaintext
and an encryption key as input and produces a ciphertext.

Ciphertext. It is the scrambled version of the plaintext produced by the encryption

algorithm using a specific the encryption key. The ciphertext is not guarded. It flows
on public channel. It can be intercepted or compromised by anyone who has access to
the communication channel.

Decryption Algorithm, It is a mathematical process, that produces a unique plaintext

for any given ciphertext and decryption key. It is a cryptographic algorithm that takes
a ciphertext and a decryption key as input, and outputs a plaintext. The decryption
algorithm essentially reverses the encryption algorithm and is thus closely related to it.

Encryption Key. It is a value that is known to the sender. The sender inputs the
encryption key into the encryption algorithm along with the plaintext in order to
compute the ciphertext.

Decryption Key. It is a value that is known to the receiver. The decryption key is
related to the encryption key, but is not always identical to it. The receiver inputs the
decryption key into the decryption algorithm along with the ciphertext in order to
compute the plaintext.

For a given cryptosystem, a collection of all possible decryption keys is called a key
space

1.5 Basic Cryptographic Algorithms

A cipher is the method of encryption and decryption.

Some cryptographic methods rely on the secrecy of the algorithms. Keyless Cipher is a
cipher that does not require the use of a key.
6 | Data Security Concepts

All modern algorithms use a key to control encryption and decryption; a message can
be decrypted only if the key matches the encryption key.

The key used for decryption can be different from the encryption key, but for most
algorithms they are the same.

1.5.1 Classical model of encryption

Basic classification of encryption key-based algorithms

1. Symmetric-key or (or secret-key) encryption algorithm.

• Symmetric algorithms use the same key for encryption and decryption (or the
decryption key is easily derived from the encryption key)
• two main types:
o stream ciphers – operate on individual characters of the plaintext
o block ciphers – process the plaintext in larger blocks of characters

2. Asymmetric (or public-key) encryption algorithms.

algorithms use a different key for encryption and decryption, and the decryption key
cannot be derived from the encryption key.

permit the encryption key to be public (it can even be published in a newspaper),
allowing anyone to encrypt with the key, whereas only the proper recipient (who knows
the decryption key) can decrypt the message. The encryption key is also called the
public key and the decryption key the private key or secret key.

symmetric algorithms are much faster to execute on a computer

 |7

Cryptanalysis and Attacks on Cryptosystems

There are many cryptanalytic techniques. Some of the more important ones for a system
implementer are

1) Ciphertext-only attack ( Only know algorithm / ciphertext, statistical, can identify

plaintext): This is the situation where the attacker does not know anything about the
contents of the message, and must work from ciphertext only. It is very hard.

2) Known-plaintext attack (know/suspect plaintext & ciphertext to attack cipher):

The attacker knows or can guess the plaintext for some parts of the ciphertext. The
task is to decrypt the rest of the ciphertext blocks using this information. This may
be done by determining the key used to encrypt the data, or via some shortcut.

3) Chosen-plaintext attack (selects plaintext and obtain ciphertext to attack cipher):

The attacker is able to have any text he likes encrypted with the unknown key. The
task is to determine the key used for encryption.
8 | Data Security Concepts

4) Chosen Ciphertext Attacks (select ciphertext and obtain plaintext to attack

cipher): Attacker obtains the decryption of any ciphertext of its choice (under the
key being attacked)
 Chapter 2

2.1 Modular Arithmetic

several important cryptosystems make use of modular arithmetic. This is when the
answer to a calculation is always in the range 0 – m where m is the modulus.

(a mod n) means the remainder when a is divided by n.

𝑎 𝑚𝑜𝑑 𝑛 = 𝑟
𝑎 𝑑𝑖𝑣 𝑛 = 𝑞
𝑎 = 𝑞𝑛 + 𝑟
𝑟 = 𝑎– 𝑞 ∗ 𝑛
Example :- if a=13 and n=5, find q and r.
𝑞 = 13 𝑑𝑖𝑣 5 = 2 𝑎𝑛𝑑 𝑟 = 13 − 2 ∗ 5 = 3 which is equivalent to
(13 𝑚𝑜𝑑 5 )
Example :- find (−13 𝑚𝑜𝑑 5).
This can be found by find the number (b) where 5 ∗ 𝑏 > 13 then let 𝑏 = 3 and
5 ∗ 3 = 15 which is less than 13 so
−13 𝑚𝑜𝑑 5 = 5 ∗ 3 − 13 = 2

Properties of Congruences.

Two numbers 𝑎 and 𝑏 are said to be “congruent modulo n” if

(𝑎 𝑚𝑜𝑑 𝑛) = (𝑏 𝑚𝑜𝑑 𝑛) → 𝑎 ≡ 𝑏(𝑚𝑜𝑑 𝑛)

The difference between 𝑎 and 𝑏 will be a multiple of 𝑛 So 𝑎 − 𝑏 = 𝑘𝑛 for some value

of 𝑘

Examples 4 ≡ 9 ≡ 14 ≡ 19 ≡ −1 ≡ −6 𝑚𝑜𝑑 5
73 ≡ 4(𝑚𝑜𝑑 23)

Properties of Modular Arithmetic.

1. [(𝑎 𝑚𝑜𝑑 𝑛) + (𝑏 𝑚𝑜𝑑 𝑛)] 𝑚𝑜𝑑 𝑛 = (𝑎 + 𝑏) 𝑚𝑜𝑑 𝑛

2. [(𝑎 𝑚𝑜𝑑 𝑛) − (𝑏 𝑚𝑜𝑑 𝑛)] 𝑚𝑜𝑑 𝑛 = (𝑎 − 𝑏) 𝑚𝑜𝑑 𝑛
3. [(𝑎 𝑚𝑜𝑑 𝑛) × (𝑏 𝑚𝑜𝑑 𝑛)] 𝑚𝑜𝑑 𝑛 = (𝑎 × 𝑏) 𝑚𝑜𝑑 𝑛

9
10 | M a t h e m a t i c

Examples
11 𝑚𝑜𝑑 8 = 3; 15 𝑚𝑜𝑑 8 = 7
[(11 𝑚𝑜𝑑 8 ) + (15 𝑚𝑜𝑑 8)] 𝑚𝑜𝑑 8 = 10 𝑚𝑜𝑑 8 = 2
(11 + 15) 𝑚𝑜𝑑 8 = 26 𝑚𝑜𝑑 8 = 2
[(11 𝑚𝑜𝑑 8 ) − (15 𝑚𝑜𝑑 8)] 𝑚𝑜𝑑 8 = −4 𝑚𝑜𝑑 8 = 4
(11 − 15) 𝑚𝑜𝑑 8 = −4 𝑚𝑜𝑑 8 = 4
[(11 𝑚𝑜𝑑 8 ) × (15 𝑚𝑜𝑑 8)] 𝑚𝑜𝑑 8 = 21 𝑚𝑜𝑑 8 = 5
(11 × 15) 𝑚𝑜𝑑 8 = 165 𝑚𝑜𝑑 8 = 5
Exponentiation is done by repeated multiplication, as in ordinary arithmetic.
Example
To find (117 𝑚𝑜𝑑 13)do the followings
112 = 121 ≡ 4(𝑚𝑜𝑑13)
(114 (112 ))2 = 42 ≡ 3(𝑚𝑜𝑑13)
117 = 11 × 4 × 3 ≡ 132 ≡ 2(𝑚𝑜𝑑13)

2.2 Greatest Common Divisor(GCD).

Let a and b be two non-zero integers. The greatest common divisor of a and b,
denoted gcd(a,b) is the largest of all common divisors of a and b.
When gcd(a,b) = 1, we say that a and b are relatively prime.
It can be calculated using the following equation: -
𝑮CD(a,b)=𝑮CD(b,a mod b)
Example :- find the GCD(72,48).
GCD(89,25)=GCD(25, 89 mod 25)= GCD(25, 14)
GCD(25, 14)=GCD(14, 25 mod 14)= GCD(14,11)
GCD(14,11)=GCD(11, 14 mod 11)= GCD(11,3)
GCD(11,3)=GCD(3, 11 mod 3)=GCD(3, 2)
GCD(3,2)=GCD(2, 3 mod 2)=GCD(2,1)
GCD(2,1)=GCD(1, 2 mod 1)=GCD(1,0) so the GCD(89,25)=1
Example 2: GCD (93, 36)
GCD (93, 36) = GCD (36, 93 mod 36 ) = GCD (36,21)
GCD (36, 21) = GCD (21, 36 mod 21 ) = GCD (21,15)
GCD (21, 15) = GCD (15, 21 mod 15 ) = GCD (15,6)
GCD (15, 6) = GCD (6, 15 mod 6 ) = GCD (6,3)
GCD (6, 3) = GCD (3, 6 mod 3 ) = GCD (3,0)

2.3 Least Common Multiple (LCM).

The least common multiple of the positive integers a and b is the smallest
positive integer that is divisible by both a and b.
The least common multiple of a and b is denoted by LCM(a, b).
•It can be calculated using the following equation: -
𝑳𝑪𝑴(a, b)=𝒂 ∗𝒃 / 𝑮CD(a, b)
Example :- find the LCM(354,144).
 | 11

𝐺𝐶𝐷(354,144) = 𝐺𝐶𝐷(144,354 𝑚𝑜𝑑 144) = 𝐺𝐶𝐷(144,66)

𝐺𝐶𝐷(144,66) = 𝐺𝐶𝐷(66, 144 𝑚𝑜𝑑 66) = 𝐺𝐶𝐷(66,12)
𝐺𝐶𝐷(66,12) = 𝐺𝐶𝐷(12, 66 𝑚𝑜𝑑 12) = 𝐺𝐶𝐷(12,6)
𝐺𝐶𝐷(12,6) = 𝐺𝐶𝐷(6, 127 𝑚𝑜𝑑 6) = 𝐺𝐶𝐷(6,0) = 6
𝐿𝐶𝑀(354,143) = (354 ∗ 144)/6 = 8496

2.4 Multiplicative Inverse

In Zn, two numbers a and b are the multiplicative inverse of each other if The extended
Euclidean algorithm finds the multiplicative inverses of b in Zn when n and b are given
and gcd (n, b) = 1 as shown in this figure:

Example: - Find the multiplicative inverse of 11 in Z26.

The GCD(26,11)must be 1 in order to find the inverse. By using the extended Euclidean
algorithm, we can use this table the inverse of 11 is -7 mod 26=19.

•Or we can find the inverse based on using the equation 𝑛=𝑞𝑛+𝑟
12 | M a t h e m a t i c

Example: - Find the multiplicative inverse of 11 in Z26.

26=11*2+4
11=4*2+3
4=3*1+1
3=3*1+0

We are now in reverse compensation starting from one as shown

1=4-(3*1)
1=4-(11-(4*2))
1=4-11+4*2
1=3*4-11
1=3*(26-11*2)-11
1=3*26-6*11-11= 3*26-7*11 so the multiplicative inverse of 11 is -7

Example :- Find the multiplicative inverse of 23 in Z100.

100=23*4+8
23=8*2+7
8=7*1+1
7=1*7+0

Now in revers way

1=8-(7*1)
1=8-(23-8*2)
1=8-23+8*2
1=3*8-23
1=3*(100-23*4)-23=3*100-12*23-23=3*100-13*23

So the multiplicative inverse of 23 in Z100 is -23 or 87(-23 mod 100).

 Chapter 3

3.1 The forms of Encryption

Transposition (or permutation) cipher: Transposition cipher keeps the letters the same,
but rearranges their order according to a specific algorithm.

Substitution cipher: replacing each element of the plaintext with another element.

Product cipher: using multiple stages of substitutions and transpositions

Transposition cipher

3.2 Keyless Transposition Ciphers:

3.2.1 Keyless Transposition Ciphers:

Simple transposition ciphers, which were used in the past, are keyless. A good example
of a keyless cipher using the first method is the rail fence cipher. The ciphertext is
created reading the pattern row by row. For example, to send the message (Meet me at
the park) to Bob, Alice writes

She then creates the ciphertext (MEMATEAKETETHPR).

3.2.2 Columnar Transposition Ciphers.

• Write the message in rows of a fixed length, and then read out again column
by column.
• The columns are chosen in some scrambled order.
• Both the length of the rows and the permutation of the columns are usually
defined by a key.

13
14 | C l a s s i c a l S y m m e t r i c C i p h e r

Example: Let the plaintext is (WE ARE DISCOVERED FLEE AT ONCE) the key
word be: ZEBRA.

The ciphertext:

EODAE ASREN EIELO RCEEC WDVFT

Double Columnar Transposition.

3.3 Substitution cipher

3.3.1 Monoalphabetic Ciphers.

• It is simple substitution
• involves replacing each letter in the message with another letter of the alphabet.
 | 15

• In monoalphabetic substitution, the relationship between a symbol in the

plaintext to a symbol in the ciphertext is always one-to-one.

3.3.2 Additive Cipher:

Additive Cipher is the simplest monoalphabetic cipher. It is sometimes called a shift

cipher and sometimes a Caesar cipher, but the term additive cipher better reveals its
mathematical nature. When the cipher is additive, the plaintext, ciphertext, and key are
integers in Z26.

Plaintext and ciphertext in Z26

Additive Cipher

Example

Use the additive cipher with key = 15 to encrypt the plain text (hello).

We apply the encryption algorithm to the plaintext, character by character:

Plaintext h e l l o

7 4 11 11 14

Encryption

(7 + 15)𝑚𝑜𝑑 26 = 22 → 𝑊, (4 + 15)𝑚𝑜𝑑 26 = 19 → 𝑇, (11 + 15)𝑚𝑜𝑑 26 = 0

→ 𝐴,

(11 + 15) 𝑚𝑜𝑑 26 = 0 → 𝐴, (14 + 15) 𝑚𝑜𝑑 26 = 3 → 𝐷

Ciphertext WTAAD

We apply the decryption algorithm to the plaintext character by character:

 16 | C l a s s i c a l S y m m e t r i c C i p h e r

Ciphertext W T A A D

22 19 0 0 3

Decryption

(22 − 15)𝑚𝑜𝑑 26 = 7 → ℎ, (19 − 15)𝑚𝑜𝑑 26 = 4 → 𝑒, (0 − 15)𝑚𝑜𝑑 26 = 11

→ 𝑙,

(0 − 15)𝑚𝑜𝑑 26 = 11 → 𝑙, (3 − 15)𝑚𝑜𝑑 26 = 14 → 0

Ciphertext h e l l o

3.3.3 Caesar Cipher: -

Caesar Cipher Named for Julious Caesar. Caesar used a key of 3 for his
communications.

Plaintext A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Ciphertext d e f g h i j k l m n o p q r s t u v w x y z a b c

Cryptanalysis of the Caesar cipher: -

Example: - decrypt the following ciphertext:-

wklv phvvdjh lv qrw wrr kdug wr euhdn

By using the above table, replace the characters as show

ciphertext = wklv phvvdjh lv qrw wrr kdug wr euhdn

plaintext = THIS MESSAGE IS NOT TOO HARD TO BREAK

Example: Eve has intercepted the ciphertext (UVACLYFZLJBYL). Show how she can
use a brute-force attack to break the cipher.

Eve tries keys from 1 to 7. With a key of 7, the plaintext is (not very secure),

which makes sense

 | 17

Ciphertest :uva clyf zljbyl

Key 1 →vwb dmzg amkczm

Key 2 →wxc enah bnldan

Key 3 →xyd fobi comebo

Key 4 →yze gpcj dpnfcp

Key 5 →zaf hqdk eqogdq

Key 6 →abg irel frpher

Key 7 →not very secure

Table of Frequency of characters in English

18 | C l a s s i c a l S y m m e t r i c C i p h e r

Frequency distributions of Plaintext:-

• E
• T
• A, O, R, N , I
• H , C , D , L, M
• .
• .
• X , J ,Z , Q

Example : - Eve has intercepted the following ciphertext. Using a statistical attack,
find the plaintext.

When Eve tabulates the frequency of letters in this ciphertext, she gets:

h=26, v=17 and so on.

So we will replace each character with the corresponding high frequency in plaintext
as shown: -

Plaintext = ENCRYPTION IS A MEANS OF ATTAINING SECURE

COMMUNICATION

Which means that the key is =3 ? How?

Multiplicative Ciphers: - In a multiplicative cipher, the plaintext and ciphertext are

integers in Z26; the key is an integer in Z26*.
 | 19

Multiplicative cipher

The key domain for any multiplicative cipher which must be in Z26*, is the set

that has only 12 members: 1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25.(why)

Example: - We use a multiplicative cipher to encrypt the message “hello” with

a key of 7. The ciphertext is “XCZZU”.

Cryptanalyses of the multiplicative cipher based on finding the multiplication

inverse of the key (where the multiplication inverse of 7 is 15 ) as shown

Ciphertext X → 23 Decryption: (23 * 15) mod 26 plaintext= 7→h

Ciphertext C → 2 Decryption: (2 * 15) mod 26 plaintext= 4→e

Ciphertext Z → 25 Decryption: (25 * 15) mod 26 plaintext=11→l

Ciphertext Z → 25 Decryption: (25 * 15) mod 26 plaintext=11→l

Ciphertext U → 20 Decryption: (20 * 15) mod 26 plaintext=14→o

3.3.4 Affine Ciphers

• The affine cipher uses a pair of keys in which the first key is from Z26* and the
second is from Z26. The size of the key domain is 26 × 12 = 312.
• The additive cipher is a special case of an affine cipher in which k1 = 1. The
multiplicative cipher is a special case of affine cipher in which k2 = 0.
20 | C l a s s i c a l S y m m e t r i c C i p h e r

Example: - Use an affine cipher to encrypt the message “hello” with the key pair (7, 2).

To decrypt the message “ZEBBW” with the key pair (7, 2) in modulus 26. where where
the multiplication inverse of 7 is 15

3.4 Polyalphabetic Ciphers

In polyalphabetic substitution, each occurrence of a character may have a different

substitute.

The relationship between a character in the plaintext to a character in the ciphertext is

one-to-many.

3.4.1 Autokey Cipher: -

Assume that Alice and Bob agreed to use an autokey cipher with initial key value
k1 = 12. Now Alice wants to send Bob the message “Attack is today”. Enciphering is
done character by character as shown :-
 | 21

3.4.2 Playfair Key Matrix

• a 5X5 matrix of letters based on a keyword

• fill in letters of keyword (minus duplicates)
• fill rest of matrix with other letters in alphabetical order
• eg. using the keyword MONARCHY

M O N A R
C H Y B D

E F G I/J K

L P Q S T

U V W X Z
Encrypting and Decrypting

• plaintext is encrypted two letters at a time

• if a pair is a repeated letter, insert filler like 'X’
o e.g balloon is treated as ba lx lo on
• if both letters fall in the same row, replace each with letter to right (wrapping
back to start from end)
o e.g ar is encrypted as RM
• if both letters fall in the same column, replace each with the letter below it (again
wrapping to top from bottom)
o e.g mu is encrypted as CM
• otherwise each letter is replaced by the letter in the same row and in the column
of the other letter of the pair
o e.g hs is encrytped as BP, ea is encrypted as IM(or JM)

Example if the key is PROBLEMS use Playfair to encipher the message

SHE WENT TO THE STORE

Solution:

When we pair up the letters they get grouped as follows:

22 | C l a s s i c a l S y m m e t r i c C i p h e r

SH EW EN TT OT HE ST OR E

But, we are not allowed to encipher any double letters. So, in this case, we will insert
an Q into the plaintext. (If Q is a double letter, then insert another infrequent letter, say
X.)

SH EW EN TQ TO TH ES TO RE

P R O B L
E M S A C
D F G H I/J
K N Q T U
V W X Y Z
To encipher pairs of letters, adhere to the following rules:

1.If the two letters are on the same row of the chart, like "ES", then replace each letter
by the letter to the right. (If necessary, wrap around to the left end of the row. So "ES"
encrypts to "MA".

2. If the two letters are on the same column of the chart, like, "TH", then replace each
letter by the letter below it. (If necessary, wrap around to the top end of the column.)
So "TH" encrypts to "YT".

3. If two letters are on a different row and column, like, "SH", then replace each letter
by another letter on its same row, but in the column of the other letter. So "SH" encrypts
to "AG".

Using these rules, here is the encryption of the plaintext above:

Plaintext : SH EW EN TQ TO TH ES TO RE

Ciphertext: AG MV MK UT QB YT MA QB PM

To decipher, ignore rule 1. In rules 2 and 3 shift up and left instead of down and right.
Rule 4 remains the same. Once you are done, drop any extra Xs that don't make sense
in the final message and locate any missing Qs or any Is that should be Js.

Vigenere Cipher

We can encrypt the message “She is listening” using the 6-character keyword
“PASCAL” (15, 0, 18, 2, 0, 11).
 | 23

Vigenere cipher can be seen as combinations of m additive ciphers.

3.4.3 Hill Cipher

The Hill Cipher uses matrix multiplication to encrypt a message.

• First, you need to assign two numbers to each letter in the alphabet and also
assign numbers to space, . , and ? or !.
• The key space is the set of all invertible matrices over Z26. 26 was chosen
because there are 26 characters, which solves some problems later on.

The key matrix in the Hill cipher needs to have a multiplicative inverse.
24 | C l a s s i c a l S y m m e t r i c C i p h e r

For example, the plaintext “code is ready” can make a 3 × 4 matrix when adding extra
bogus character “z” to the last block and removing the spaces. The ciphertext is
“OHKNIHGKLISS”.

𝒂 𝒃 −𝟏 𝟏 𝒅 −𝒃 𝟏 𝒅 −𝒃
𝑴−𝟏 = [ ] = [ ]= [ ]
𝒄 𝒅 𝒅𝒆𝒕(𝑴) −𝒄 𝒂 𝒂𝒅 − 𝒃𝒄 −𝒄 𝒂

Message to encrypt = HELLO WORLD

 | 25

HELLO WORLD has been encrypted to SLHZY ATGZT

A 1 2 5 7 9 11 15 17 19 21 23 25
-1
A 1 9 21 15 3 19 7 23 11 5 17 25
26 | C l a s s i c a l S y m m e t r i c C i p h e r

Message to encrypt = SLHZYATGZT

SLHZYATGZT has been decrypted to

HELLO WORLD
 | 27

Encryption: Cipher Tet = (Plain Tet x Key) Mod 26

Decryption: Plain Tet = (Cipher Tet x Key-1) Mod 26

Example: Message ATTACK IS TONIGHT

3 10 20
𝐾𝑒𝑦 = [20 9 17]
9 4 17
Encryption

Message: ATTACK IS TONIGHT

Assign: A-Z 0-25

𝐴 𝑇 𝑇 0 19 19
𝐴 𝐶 𝐾 0 2 10
𝐼 𝑆 𝑇 = 8 18 19
𝑂 𝑁 𝐼 14 13 8
[𝐺 𝐻 𝑇 ] [ 6 7 19]
Encryption

Cipher Tet = (Plain Tet x Key) Mod 26

0 19 19
0 2 10 3 10 20
8 18 19 × [20 9 17] 𝑚𝑜𝑑 26
14 13 8 9 4 17
[6 7 19]
551 247 646 5 13 22
130 58 204 0 6 22
555 318 789 𝑚𝑜𝑑 26 = 9 6 9
374 289 638 10 3 13
[329 199 562] [17 17 16]

𝐴 𝑇 𝑇 𝐹 𝑁 𝑊
𝐴 𝐶 𝐾 𝐴 𝐺 𝑊
𝐼 𝑆 𝑇 ==> 𝐽 𝐺 𝐽
𝑂 𝑁 𝐼 𝐾 𝐷 𝑁
[𝐺 𝐻 𝑇 ] [𝑅 𝑅 𝑄]

Decryption Plain Tet = (Cipher Tet x Key-1) Mod 26

You need to find: key-1

key-1 =[Det (Key)]-1 X Adj(Key)

Step 1: Find Determinant of Key

Adj (key)
28 | C l a s s i c a l S y m m e t r i c C i p h e r

Step 2: Transpose Key Matrix

Step 3: Find Minor

Step 4: Find Co-Factor

Decryption

3 10 20
𝐾𝑒𝑦 = [20 9 17]
9 4 17
Step 1: Find Determinant of Key

Step 2: Transpose Key Matrix

 | 29

Step 3: Find Minor

Step 4: Find Co-Factor

30 | C l a s s i c a l S y m m e t r i c C i p h e r

Exercise
3.4.4 One-Time Pad

The one-time pad, which is a provably secure cryptosystem, was developed by Gilbert
Vernam in 1918.The message is represented as a binary string (a sequence of 0’s and
1’s using a coding mechanism such as ASCII coding.

The key is a truly random sequence of 0’s and 1’s of the same length as the message.

The encryption is done by adding the key to the message modulo 2, bit by bit. This
process is often called exclusive or, and is denoted by XOR. The symbol  is used
 | 31

a b c=ab
0 0 0

0 1 1

1 0 1

1 1 0

message =‘IF’

then its ASCII code =(1001001 1000110)

key = (1010110 0110001)

Encryption:

1001001 1000110 plaintext

1010110 0110001 key

0011111 1110110 ciphertext

Decryption:

0011111 1110110 ciphertext

1010110 0110001 key

1001001 1000110 plaintext

Why OTP is provably secure?

• The security depends on the randomness of the key.

• It is hard to define randomness.
• In cryptographic context, we seek two fundamental properties in a binary
random key sequence:
1. Unpredictability:
2. Balanced (Equal Distribution):

Unpredictability:

Independent of the number of the bits of a sequence observed, the probability of

guessing the next bit is not better than ½. Therefore, the probability of a certain bit
being 1 or 0 is exactly equal to ½.
32 | C l a s s i c a l S y m m e t r i c C i p h e r

Balanced (Equal Distribution):

The number of 1’s and 0’s should be equal.

 Chapter 4

4.1 Introduction

Symmetric cryptography is split into block ciphers and stream ciphers, which are easy
to distinguish.

Cryptography

Symmetric Asymmetric
Protocols
Ciphers Ciphers

Stream
Block Cipher
Ciphers

Fig. 4.1 Main areas within cryptography

4.2 Stream cipher

A stream cipher processes the input elements continuously, producing output one
element at a time, as it goes along. Although block ciphers are far more common, there
are certain applications in which a stream cipher is more appropriate.

Stream ciphers encrypt bits individually. This is achieved by adding a bit from a key
stream to a plaintext bit. There are synchronous stream ciphers where the key stream
depends only on the key, and asynchronous ones where the key stream also depends on
the ciphertext. If the dotted line in Fig. 4.2 is present, the stream cipher is an

33
34 | M o d e r n S y m m e t r i c C i p h e r s

asynchronous one. Most practical stream ciphers are synchronous ones. An example of
an asynchronous stream cipher is the cipher feedback (CFB) mode introduced in

Fig. 4.2 Synchronous and asynchronous stream ciphers

4.3 Block ciphers

Block ciphers encrypt an entire block of plaintext bits at a time with the same key. This
means that the encryption of any plaintext bit in a given block depends on every other
plaintext bit in the same block. In practice, the vast majority of block ciphers either
have a block length of 128 bits (16 bytes) such as the advanced encryption standard
(AES), or a block length of 64 bits (8 bytes) such as the data encryption standard (DES)
or triple DES (3DES) algorithm. All of these ciphers are introduced in later chapters.

4.4 Ciphers vs. Block ciphers

1- In practice, in particular for encrypting computer communication on the

Internet, block ciphers are used more often than stream ciphers.
2- Because stream ciphers tend to be small and fast, they are particularly relevant
for applications with little computational resources, e.g., for cell phones or other
small embedded devices. A prominent example for a stream cipher is the A5/1
cipher, which is part of the GSM mobile phone standard and is used for voice
encryption. However, stream ciphers are sometimes also used for encrypting
Internet traffic, especially the stream cipher RC4.
3- Traditionally, it was assumed that stream ciphers tended to encrypt more
efficiently than block ciphers. Efficient for software-optimized stream ciphers
means that they need fewer processor instructions (or processor cycles) to
encrypt one bit of plaintext. For hardware-optimized stream ciphers, efficient
 | 35

means they need fewer gates (or smaller chip area) than a block cipher for
encrypting at the same data rate. However, modern block ciphers such as AES
are also very efficient in software. Moreover, for hardware, there are also highly
efficient block ciphers, such as PRESENT, which are as efficient as very
compact stream ciphers.

4.5 Encryption and Decryption with Stream Ciphers

As mentioned above, stream ciphers encrypt plaintext bits individually. The question
now is: How does encryption of an individual bit work? The answer is surprisingly
simple: Each bit xi is encrypted by adding a secret key stream bit 𝑠𝑖 modulo 2.

The plaintext, the ciphertext and the key stream consist of individual
bits, 𝑖. 𝑒. , 𝑥𝑖 , 𝑦𝑖 , 𝑠𝑖 ∈ {0,1}.

𝐸𝑛𝑐𝑟𝑦𝑝𝑡𝑖𝑜𝑛: 𝑦𝑖 = 𝑒𝑠𝑖 (𝑥𝑖 ) ≡ 𝑥𝑖 + 𝑠𝑖 𝑚𝑜𝑑 2.

𝐷𝑒𝑐𝑟𝑦𝑝𝑡𝑖𝑜𝑛: 𝑥𝑖 = 𝑑𝑠𝑖 (𝑦𝑖 ) ≡ 𝑦𝑖 + 𝑠𝑖 𝑚𝑜𝑑 2.

Note Modulo 2 addition is equivalent to the XOR operation

4.6 Shift Register-Based Stream Ciphers

As we have learned so far, practical stream ciphers use a stream of key bits s1, s2, . . that
are generated by the key stream generator, which should have certain properties. An
elegant way of realizing long pseudorandom sequences is to use linear feedback shift
registers (LFSRs). LFSRs are easily implemented in hardware and many, but certainly
not all, stream ciphers make use of LFSRs. A prominent example is the A5/1 cipher,
which is standardized for voice encryption in GSM. As we will see, even though a plain
LFSR produces a sequence with good statistical properties, it is cryptographically
weak. However, combinations of LFSRs, such as A5/1 or the cipher Trivium, can make
secure stream ciphers. It should be stressed that there are many ways for constructing
stream ciphers. This section only introduces one of several popular approaches.

4.7 Linear Feedback Shift Registers (LFSR)

An LFSR consists of clocked storage elements (flip-flops) and a feedback path. The
number of storage elements gives us the degree of the LFSR. In other words, an LFSR
with 𝑚 𝑓𝑙𝑖𝑝 − 𝑓𝑙𝑜𝑝𝑠 is said to be of degree m. The feedback network computes the
input for the last flip-flop as XOR-sum of certain flip-flops in the shift register. Example
1. Simple LFSR We consider an LFSR of degree m = 3 with flip-flops 𝐹𝐹2 , 𝐹𝐹1 , 𝐹𝐹0 ,
and a feedback path as shown in Fig. 4.3. The internal state bits are denoted by 𝑠𝑖 and
are shifted by one to the right with each clock tick. The rightmost state bit is also the
current output bit. The leftmost state bit is computed in the feedback path, which is the
XOR sum of some of the flip-flop values in the previous clock period. Since the XOR
36 | M o d e r n S y m m e t r i c C i p h e r s

is a linear operation, such circuits are called linear feedback shift registers. If we assume
an initial state of (𝑠2 = 1, 𝑠1 = 0, 𝑠0 = 0),

Fig. 4.3 Linear feedback shift register of degree 3 with initial values 𝑠2 , 𝑠1 , 𝑠0

Table 4.1 gives the complete sequence of states of the LFSR.

clk 𝐹𝐹2 𝐹𝐹1 𝐹𝐹0 = 𝑠𝑖

0 1 0 0
1 0 1 0
2 1 0 1
3 1 1 0
4 1 1 1
5 0 1 1
6 0 0 1
7 1 0 0
8 0 1 0
Note that the rightmost column is the output of the LFSR. One can see from this
example that the LFSR starts to repeat after clock cycle 6. This means the LFSR output
has period of length 7 and has the form:

0010111 0010111 0010111…

There is a simple formula which determines the functioning of this LFSR. Let’s

look at how the output bits 𝑠𝑖 are computed, assuming the initial state bits s0, s1, s2:

𝑠3 ≡ 𝑠1 + 𝑠0 𝑚𝑜𝑑 2

𝑠4 ≡ 𝑠2 + 𝑠1 𝑚𝑜𝑑 2

𝑠5 ≡ 𝑠3 + 𝑠2 𝑚𝑜𝑑 2

In general, the output bit is computed as:

𝑠𝑖 + 3 ≡ 𝑠𝑖 + 1 + 𝑠𝑖 𝑚𝑜𝑑 2
 | 37

where i = 0,1,2, . . .

We will now look at general LFSRs

Fig. 4.4 General LFSR with feedback

The maximum sequence length generated by an LFSR of degree m is 2𝑚 − 1.

4.8 The Data Encryption Standard (DES) and Alternatives

The Data Encryption Standard (DES) has been by far the most popular block cipher for
most of the last 30 years. Even though it is nowadays not considered secure against a
determined attacker because the DES key space is too small, it is still used in legacy
applications. Furthermore, encrypting data three times in a row with DES — a process
referred to as 3DES or triple DES — yields a very secure cipher which is still widely
used today (Section 3.5 deals with 3DES.) Perhaps what is more important, since DES
is by far the best-studied symmetric algorithm, its design principles have inspired many
current ciphers. Hence, studying DES helps us to understand many other symmetric
algorithms.

4.9 Introduction to DES

In 1972 a mildly revolutionary act was performed by the US National Bureau of

Standards (NBS), which is now called National Institute of Standards and Technology
(NIST): the NBS initiated a request for proposals for a standardized cipher in the USA.
The idea was to find a single secure cryptographic algorithm which could be used for a
variety of applications. Up to this point in time governments had always considered
cryptography, and in particular cryptanalysis, so crucial for national security that it had
to be kept secret. However, by the early 1970s the demand for encryption for
commercial applications such as banking had become so pressing that it could not be
38 | M o d e r n S y m m e t r i c C i p h e r s

ignored without economic consequences. The NBS received the most promising
candidate in 1974 from a team of cryptographers working at IBM. The algorithm IBM
submitted was based on the cipher Lucifer. Lucifer was a family of ciphers developed
by Horst Feistel in the late 1960s, and was one of the first instances of block ciphers
operating on digital data. Lucifer is a Feistel cipher which encrypts blocks of 64 bits
using a key size of 128 bits.

In order to investigate the security of the submitted ciphers, the NBS requested the help
of the National Security Agency (NSA), which did not even admit its existence at that
point in time. It seems certain that the NSA influenced changes to the cipher, which
was rechristened DES. One of the changes that occurred was that DES is specifically
designed to withstand differential cryptanalysis, an attack not known to the public until
1990. It is not clear whether the IBM team developed the knowledge about differential
cryptanalysis by themselves or whether they were guided by the NSA. Allegedly, the
NSA also convinced IBM to reduce the Lucifer key length of 128 bit to 56 bit, which
made the cipher much more vulnerable to brute-force attacks.
39