Information

Security
Cryptography basics, Classical
Encryption Techniques

By
Dr. Mudassar Raza
Professor
Department of Computer Science
Namal University Mianwali https://techgirls.ece.vt.edu/slides/introduction_to_cybersecurity.html#39

By: Dr. Mudassar Raza

By: Dr. Mudassar Raza
What is Cryptography?

By: Dr. Mudassar Raza

What is Cryptography?

“The study of mathematical techniques for

securing digital information, systems and
distributed computation against adversarial
attacks.” -- Intro to Modern Cryptography

By: Dr. Mudassar Raza

What Cryptography is About?
• Constructing and analyzing protocols which enables parties to achieve
objectives, overcoming the influence of attackers.
• a protocol (or a scheme) is a suite of algorithms that tell each party what to
do

• How to devise and analyze protocols

• understand the threats posed by the attackers

CS 555 Topic 1 5
By: Dr. Mudassar Raza
Goals of Cryptography
• The most fundamental problem cryptography
addresses: ensure security of communication over
insecure medium
• What does secure communication mean?
• confidentiality (privacy, secrecy)
• only the intended recipient can see the communication
• integrity (authenticity)
• the communication is generated by the alleged sender
• What does insecure medium mean?
• Two possibilities:
• Passive attacker: the adversary can eavesdrop
• Active attacker: the adversary has full control over the
communication channel

CS 555 Topic 1 6
By: Dr. Mudassar Raza
Approaches to Secure Communication
• Steganography
• “covered writing”
• hides the existence of a message
• depends on secrecy of method

• Cryptography
• “hidden writing”
• hide the meaning of a message
• depends on secrecy of a short key, not method

CS 555 Topic 1 7
By: Dr. Mudassar Raza
 Terms: Cryptography,
cryptanalysis, and cryptology
• Cryptography,
• Traditionally, designing algorithms/protocols
• Nowadays, often synonym with cryptology

• Cryptanalysis
• Breaking algorithms/protocols

• Cryptology: both cryptography & cryptanalysis

• Becoming less common

CS 555 Topic 1 8
By: Dr. Mudassar Raza
History of Cryptography
• 2500+ years
• An ongoing battle between codemakers and
codebreakers
• Driven by communication & computation technology
• paper and ink (until end of 19th century)
• cryptographic engine & telegram, radio
• Enigma machine, Purple machine used in WWII
• computers & digital communication

CS 555 Topic 1 9
By: Dr. Mudassar Raza
Major Events in History of
Cryptography
• Mono-alphabetical ciphers (Before 1000 AD)
• Frequency analysis (Before 1000 AD)
• Cipher machines (early 1900’s)
• Shannon developed theory of perfect secrecy and information theoretical
security (around 1950)
• US adopts Data Encryption Standard in 1977
• Notion of public key cryptography and digital signatures introduced
(1970~1976)
• The study of cryptography becomes mainstream in the research community
(1976)
• Development of computational security and other theoretical foundation of
modern cryptography (1980’s)

CS 555 Topic 1 10
By: Dr. Mudassar Raza
 Classical Encryption
Techniques
• Symmetric encryption
• Secret key encryption
• Shared key encryption

By: Dr. Mudassar Raza

Symmetric Encryption
• or conventional / secret-key / single-key
• sender and recipient share a common key
• was the only type of cryptography, prior to invention of public-key in
1970’s

By: Dr. Mudassar Raza

Basic Terminology
• plaintext - the original message
• ciphertext - the coded message
• cipher - algorithm for transforming plaintext to ciphertext
• key - info used in cipher known only to sender/receiver
• encipher (encrypt) - converting plaintext to ciphertext
• decipher (decrypt) - recovering ciphertext from plaintext
• cryptography - study of encryption principles/methods
• cryptanalysis (codebreaking) - the study of principles/
methods of deciphering ciphertext without knowing key
• cryptology - the field of both cryptography and cryptanalysis

By: Dr. Mudassar Raza

Symmetric Cipher Model

By: Dr. Mudassar Raza

Requirements
• Two requirements for secure use of symmetric encryption:
• a strong encryption algorithm
• a secret key known only to sender / receiver
Y = EK(X)
X = DK(Y)
• assume encryption algorithm is known
• implies a secure channel to distribute key

By: Dr. Mudassar Raza

Cryptography
• can be characterized by:
• type of encryption operations used
• substitution / transposition / product
• number of keys used
• single-key or secret-key vs two-key or public-key
• way in which plaintext is processed
• block / stream

By: Dr. Mudassar Raza

Types of Cryptanalytic
Attacks
• ciphertext only
• only know algorithm / ciphertext, statistical, can identify
plaintext
• known plaintext
• know/suspect plaintext & ciphertext to attack cipher
• chosen plaintext
• select plaintext and obtain ciphertext to attack cipher
• chosen ciphertext
• select ciphertext and obtain plaintext to attack cipher
• chosen text
• select either plaintext or ciphertext to en/decrypt to attack
cipher
By: Dr. Mudassar Raza
Brute Force Search
• always possible to simply try every key
• most basic attack, proportional to key size
• assume either know / recognise plaintext

By: Dr. Mudassar Raza

More Definitions
• unconditional security
• no matter how much computer power is available, the cipher cannot be
broken since the ciphertext provides insufficient information to uniquely
determine the corresponding plaintext
• computational security
• given limited computing resources (e.g., time needed for calculations is
greater than age of universe), the cipher cannot be broken

By: Dr. Mudassar Raza

Types of Classical Ciphers

• Substitution ciphers
• Permutation (or transposition) ciphers
• Product ciphers

By: Dr. Mudassar Raza

Classical Substitution
Ciphers
• where letters of plaintext are replaced by other letters
or by numbers or symbols
• or if plaintext is viewed as a sequence of bits, then
substitution involves replacing plaintext bit patterns
with ciphertext bit patterns

By: Dr. Mudassar Raza

Caesar Cipher
• earliest known substitution cipher
• by Julius Caesar (?)
• first attested use in military affairs
• replaces each letter by 3rd letter on
• example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
• What’s the key?

By: Dr. Mudassar Raza

Caesar Cipher
• can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

• mathematically give each letter a number

a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y Z
13 14 15 16 17 18 19 20 21 22 23 24 25

• then have Caesar cipher as:

C = E(p) = (p + k) mod (26)
p = D(C) = (C – k) mod (26)

By: Dr. Mudassar Raza

Cryptanalysis of Caesar Cipher
• only have 26 possible ciphers
• A maps to A,B,..Z
• could simply try each in turn
• a brute force search
• given ciphertext, just try all shifts of letters
• e.g., break ciphertext "GCUA VQ DTGCM"

By: Dr. Mudassar Raza

Polyalphabetic Ciphers
• another approach to improving security is to use multiple cipher
alphabets
• called polyalphabetic substitution ciphers
• makes cryptanalysis harder with more alphabets to guess and flatter
frequency distribution
• use a key to select which alphabet is used for each letter of the
message
• use each alphabet in turn
• repeat from start after end of key is reached

By: Dr. Mudassar Raza

Vigenère Cipher
• simplest polyalphabetic substitution cipher is the Vigenère Cipher
• effectively multiple caesar ciphers
• key is multiple letters long K = k1 k2 ... kd
• ith letter specifies ith alphabet to use
• use each alphabet in turn
• repeat from start after d letters in message
• decryption simply works in reverse

By: Dr. Mudassar Raza

Example
• write the plaintext out
• write the keyword repeated above it
• use each key letter as a caesar cipher key
• encrypt the corresponding plaintext letter
• eg using keyword deceptive
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ

By: Dr. Mudassar Raza

Example

By: Dr. Mudassar Raza

Security of Vigenère Ciphers
• have multiple ciphertext letters for each plaintext
letter
• hence letter frequencies are obscured
• but not totally lost
• start with letter frequencies
• see if look monoalphabetic or not
• if not, then need to determine the ‘number of
alphabets’ in the key string (aka. the period of the
key), since then can attach each

By: Dr. Mudassar Raza

Kasiski Method
• method developed by Babbage / Kasiski
• repetitions in ciphertext give clues to period
• so find same plaintext an exact period apart
• which results in the same ciphertext

• e.g., repeated “VTW” in previous example

• suggests size of 3 or 9
• then attack each monoalphabetic cipher individually using same
techniques as before
By: Dr. Mudassar Raza
Transposition Ciphers
• now consider classical transposition or permutation ciphers
• these hide the message by rearranging the letter order
• without altering the actual letters used
• can recognise these since have the same frequency distribution as the
original text

By: Dr. Mudassar Raza

Rail Fence cipher
• write message letters out diagonally over a number of rows
• then read off cipher row by row
• eg. write message out as:
m e m a t r h t g p r y
e t e f e t e o a a t
• giving ciphertext
MEMATRHTGPRYETEFETEOAAT

By: Dr. Mudassar Raza

Rail Fence cipher

By: Dr. Mudassar Raza

Product Ciphers
• ciphers using substitutions or transpositions are not secure because
of language characteristics
• hence consider using several ciphers in succession to make harder,
but:
• two substitutions make a more complex substitution
• two transpositions make more complex transposition
• but a substitution followed by a transposition makes a new much harder
cipher
• this is bridge from classical to modern ciphers

By: Dr. Mudassar Raza

Thank You

By: Dr. Mudassar Raza