Conventional Encryption/ Secret key cryptography

Conventional Cryptography
Symmetric encryption, also referred to as conventional encryption or single-key encryption, was the only
type of encryption in use prior to the development of public-key encryption in the 1970s.
An original message is known as the plaintext, while the coded message is called the ciphertext.
The process of converting from plaintext to cipher text is known as enciphering or encryption; restoring
the plaintext from the cipher text is deciphering or decryption.
Many schemes used for encryption constitute the area of study known as cryptography. Such a scheme is
known as a cryptographic system or a cipher.
The areas of cryptography and cryptanalysis together are called cryptology.
 Symmetric Cipher Model
A symmetric encryption scheme has five (5) ingredients.
– Plaintext: This is the original intelligible message or data that is fed into the algorithm as input.
– Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext.
– Secret key: The secret key is also input to the encryption algorithm. The key is a value independent of the plaintext
and of the algorithm. The algorithm will produce a different output depending on the specific key being used at the
time. The exact substitutions and transformations performed by the algorithm depend on the key.
– Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the secret key. For a
given message, two different keys will produce two different ciphertexts. The ciphertext is an apparently random
stream of data and, as it stands, is unintelligible.
– Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the ciphertext and the
secret key and produces the original plaintext.
 Secure Conventional Encryption
There are two requirements for secure use of conventional encryption:
1. We need a strong encryption algorithm.
• An opponent who knows the algorithm and one or more ciphertexts would be unable to
decipher the cipher text or figure out the key.
– 2. The key must be secure.
• Sender and receiver must obtain the secret key in a secure fashion and must keep the key
secure.
We assume that it is impractical to decrypt a message on the basis of the ciphertext plus
knowledge of the encryption/decryption algorithm
we do not need to keep the algorithm secret; we need to keep only the key secret. So, the
principal security problem is maintaining the secrecy of the key
 Symmetric Cryptosystem
A source produces a message in plaintext, X = [X1,X2,
… , XM].
• (The M elements of X are letters in some finite alphabets.)
For encryption, a key is generated i.e. K = [K1 ,K2,... ..., KJ].
• (This key may either be generated at the message source or a
third party could generate.)
With the message X and the encryption key K as input, the encryption
algorithm forms the ciphertext Y [Y1, Y2, … ..., YN ] represented by
eqn Y = E(K, X).
• The intended receiver, in possession of the key, is able to invert
the transformation X = D(K, Y).
• An opponent, observing Y but not having access to K or X , may
attempt to recover X or K or both X and K.
• If the opponent is interested in this particular message only, then
the focus of the effort is to recover X by generating a plaintext
estimate. However, the opponent is often interested in reading
future messages as well, in which case an attempt is made to
recover K by generating an estimate .
 Characterized along 3 independent dimensions: -
1. The type of operations/algorithms used for transforming plaintext to ciphertext.
• Substitution : each element in the plaintext (bit, letter, group of bits or letters) is mapped into another
element,
• Transposition : elements in the plaintext are rearranged.
• No information should be lost (that is, all operations are reversible).
2. The number of keys used.
• Single-key, secret-key, (symmetric or conventional encryption)
• Two-keys, or public-key, (asymmetric encryption)
3. The way the plaintext is processed.
• Block cipher : processes the input one block of elements at a time, producing an
output block for each input block
• Stream cipher : processes the input elements continuously, producing output one element at a time
 Approaches of Attack
The objective of attacking an encryption system is to recover the key in use rather than simply to
recover the plaintext of a single ciphertext
Two general approaches to attacking a conventional encryption scheme: -
Cryptanalysis:
exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the
key being used.
• some knowledge of the general characteristics of the plaintext or some sample plaintext–ciphertext
pairs are analysed.
Brute-Force Attack:
tries every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.
• On average, half of all possible keys must be tried to achieve a success.
 How secure is an algorithm?
Unconditionally secure
The ciphertext generated by the scheme does not contain enough information to determine
uniquely the corresponding plaintext, no matter how much ciphertext is available.
No matter how much time an opponent has, it is impossible to decrypt the ciphertext simply
because the required information is not there.
No encryption algorithm is unconditionally secure. Therefore, all that the users of an
encryption algorithm can strive for is an algorithm that meets one or both of the following
criteria:
The cost of breaking the cipher exceeds the value of the encrypted information.
The time required to break the cipher exceeds the useful lifetime of the information.
Computationally secure
 Cryptanalytic attacks: -
Cryptanalysis for symmetric encryption schemes are designed to exploit the fact that traces of
structure or pattern in the plaintext may survive encryption and be discernible in the ciphertext.
Brute-force attacks: -

56-bit key : DES; 168-bit key : Triple DES; 128-bit key : AES ; 26 char : Substn codes
1 decryption/μs is the reasonable order of magnitude of today's computer.
106 decryption/μs can be achieved with the use of massively parallel processors.
Ceaser Cipher
The earliest known, and the
simplest, use of a substitution
cipher was by Julius Caesar
• Replaces each letter of the alphabet with the letter standing three places further down the alphabet
• define the transformation by listing all possibilities

• assign a numerical equivalent to each letter

the algorithm can be expressed as follows. For each plaintext letter p , substitute
the ciphertext letter C
C = E(3, p) = (p + 3) mod 26
A shift may be of any amount, so that the general Caesar algorithm is
C = E(k, p) = (p + k) mod 26
The decryption algorithm is
p = D(k, C) = (C - k) mod 26
Caesar Cipher: How to break?
A brute-force cryptanalysis is performed: try all the 25 possible keys.

Three important characteristics of this problem enabled us to use a brute-force

cryptanalysis:
1. The encryption and decryption algorithms are known.
2. There are only 25 keys to try.
3. The language of the plaintext is known and easily recognizable.
What generally makes brute-force cryptanalysis impractical is the use of an algorithm that employs a large
number of keys.
For example, the triple DES algorithm makes use of a 168-bit key, giving a key space of 2168 or greater than
3.7 * 1050 possible keys
 Monoalphabetic Ciphers
If, instead, the “cipher” line of Caesar Cipher can be any permutation of the 26 alphabetic characters,
then there are 26! or greater than 4*1026 possible keys. This is 10 orders of magnitude greater than the
key space for DES and would seem to eliminate brute-force techniques for cryptanalysis
Ciphertext: -

Plaintext: -
 Breaking Monoalphabetic Ciphers
If the cryptanalyst knows the nature of the plaintext (e.g., noncompressed English text), then the analyst
can exploit the regularities of the language.
Relative frequency of the letters can be determined and compared to a standard frequency distribution for
English.
 Breaking Monoalphabetic Ciphers (contd.)
Comparing the two distributions, it seems likely: -
P and Z <=> plain letters e and t
S, U, O, M, H <=> {a, h, i, n, o, r, s}.
(A, B, G, Y, I, J) <=> {b, j, k, q, v, x, z}
Make some tentative assignments and fill in the
plaintext to see if it looks like a “skeleton”
of a message.
•A powerful tool is to look at the frequency of two-letter combinations, called digrams.
•The most common digram pair is th <=> ZW
•we can equate P with e, and thus ZWP apprears to be “the”.
 Playfair Cipher: Multiple-letter Encryption Cipher
Letters in the plaintext are treated as single units and translates these units into ciphertext digrams
.The Playfair algorithm is based on the use of a 5 × 5 matrix of letters constructed using a keyword – monarchy, for instance.
The matrix is filled in, from left to right and from top to bottom, with the the keyword first, and then with the remaining
letters in alphabetic order. “I” and “J” are counted as one letter.
Plaintext is encrypted two letters at a time, according to the following rules:
1. Repeating plaintext letters that are in the same pair are separated with a filler letter or did not take the letter again in matrix
box.
2. Two plaintext letters that fall in the same row of the matrix are each replaced by the letter to the right, with the first element
of the row circularly following the last. For example, ar is encrypted as RM.
3. Two plaintext letters that fall in the same column are each replaced by the letter beneath, with the top element of the
column circularly following the last. For example, mu is encrypted as CM.
4. Otherwise, each plaintext letter in a pair is replaced by the letter that
lies in its own row and the column occupied by the other plaintext letter.
Thus, hs becomes BP and ea becomes IM (or JM, as the encipherer wishes).
The Playfair cipher is a great advance over simple monoalphabetic ciphers.
For one thing, whereas there are only 26 letters, there are 26 × 26 = 676
digrams
It was used as the standard field system by the British Army in World War I and still enjoyed considerable use by the U.S.
Army and other Allied forces during World War II.
Breaking Playfair Cipher
Playfair cipher is relatively easy to break, because it still leaves much of the structure of the plaintext
language intact.
A few hundred letters of ciphertext are generally sufficient.
The effectiveness of different encryption scheme depends upon the Frequency distribution of different
Cipher, as shown by the graph.
 Polyalphabetic Cipher
Uses different monoalphabetic substitutions as one proceeds through the plaintext message
Also called polyalphabetic substitution cipher
• A set of related monoalphabetic substitution rules is used.
• A key determines which particular rule is chosen for a given transformation.
Examples: -
• Vigenère Ciphere
• One-Time Pad
Vigenère Cipher
• The best known, and one of the simplest ciphers.
• The set of related monoalphabetic substitution rules consists of the 26 Caesar ciphers with shifts
of 0 through 25.
• Each cipher is denoted by a key letter, which is the ciphertext letter that substitutes for the
plaintext letter a. Thus, a Caesar cipher with a shift of 3 is denoted by the key value d.
• Assume a sequence of plaintext letters P = p0 , p1 , p2 , … , pn-1 and a key consisting of the
sequence of letters K = k0, k1, k2, … , km-1. The sequence of ciphertext letters C = C0, C1, C2 ,
… , Cn-1 is calculated as follows:
C = C0, C1, C2, …. Cn-1
A general equation of the encryption process is
Ci = (p + k) mod 26
• Similarly, decryption is given by
pi = (C - k) mod 26
 Vigenère Cipher: Illustration

Expressed numerically, we have the following

There are multiple ciphertext letters for each plaintext letter, one for each unique letter of the keyword.
An improvement is achieved over the Playfair cipher, but considerable frequency information remains.
 Breaking Vigenère Cipher
• Depends on determining the length of the keyword
• If two identical sequences of plaintext letters occur at a distance that is an integer multiple
of the keyword length, they will generate identical ciphertext sequences e.g.
» two instances of the sequence “red” are separated by nine (9) character positions
» in both cases, the ciphertext sequence is VTW
» An analyst looking at only the ciphertext would detect the repeated sequences VTW at a
displacement of 9 and make the assumption that the keyword is either three or nine letters in
length
» By looking for common factors in the displacements of the various sequences, the analyst
should be able to make a good guess of the keyword length.
One-Time Pad

An Army Signal Corp officer, Joseph Mauborgne, proposed an improvement to the Vernam cipher.
Mauborgne suggested using a random key that is as long as the message, so that the key need not be
repeated.
In addition, the key is to be used to encrypt and decrypt a single message, and then is discarded.
Each new message requires a new key of the same length as the new message, and hence called one-time
pad.
It produces random output that bears no statistical relationship to the plaintext.
Considered “Unbreakable” - As the ciphertext contains no information whatsoever about the plaintext,
there is simply no way to break the code.
The security of the one-time pad is entirely due to the randomness of the key.
If the stream of characters that constitute the key is truly random, then the stream of characters that
constitute the ciphertext will be truly random. Thus, there are no patterns or regularities that a
cryptanalyst can use to attack the ciphertext The one-time pad offers complete security but, in practice,
has two fundamental difficulties:
1. There is the practical problem of making large quantities of random keys. Any heavily used system
might require millions of random characters on a regular basis. Supplying truly random characters in this
volume is a significant task.
2. Even more daunting is the problem of key distribution and protection. For every message to be sent, a
key of equal length is needed by both sender and receiver. Thus, a mammoth key distribution problem
exists. Because of these difficulties, the one-time pad is of limited utility and is useful primarily for
low-bandwidth channels requiring very high security. The one-time pad is the only cryptosystem that
exhibits what is referred to as perfect secrecy.