암호학 (Cryptology)
description
Transcript of 암호학 (Cryptology)
Prof. Jk LEE/security 1
암호학암호학 (Cryptology)(Cryptology)
Bob Alice
공격자
암호문평문 평문
Prof. Jk LEE/security 2
비자카드 번호 확인
0699 0043 1313 9642
1st16th
Select odd numbers0699 0043 1313 9642
Select even numbersAfter * 2, if 9 then -9
0699 0083 2323 9682
0+6+9+9+0+0+8+3+2+3+2+3+9+6+8+2= 70
*10*10
Prof. Jk LEE/security 3
암호학암호학 (Cryptology)(Cryptology) 이란이란 ??
암호화 기법과 암호분석기법에 관한 원리 , 수단 ,방법을 연구하는 학문
평문의 해독 불가하도록 하는 방법과 해독 불가능한 메시지를 해독 가능하도록 형태를 바꾸는 방법으로 구성
Prof. Jk LEE/security 4
Basic Encryption and Basic Encryption and DecryptionDecryption
S R sender message receiver
S T R sender transmission medium receiver
S R sender access receiver O interceptor/intruder
Prof. Jk LEE/security 5
S T R sender access receiver O interceptor/intruder
- block- intercept- modify- fabricate
Prof. Jk LEE/security 6
TerminologyTerminology
Encryption Decryption Cryptosystem: system for encryption and decryption
Plaintext Ciphertext
Prof. Jk LEE/security 7
Encryption AlgorithmsEncryption Algorithms
Encryption
encryption decryptionplaintext ciphertext
Originalplaintext
Prof. Jk LEE/security 8
encryption decryptionplaintext ciphertext
Originalplaintext
key key
Symmetric cryptosystem
encryption decryptionplaintext ciphertext
Originalplaintext
Encryption Key:KE
DecryptionKey:KD
Asymmetric cryptosystem
Prof. Jk LEE/security 9
CryptanalysisCryptanalysis
Cryptography: hidden writing cryptanalyst: studies
encryption,encryption message cryptology: research of encryption
and decryption
Prof. Jk LEE/security 10
- attempt to break a single message- attempt to recognize patterns in encrypted
message- attempt to find general weaknesses in an
encryption algorithm
Cryptanalyst’s chore:
break an encryption !
Prof. Jk LEE/security 11
암호시스템의 설계요건암호시스템의 설계요건
난이도가 클 것 키의 크기가 작을 것 암 . 복호화 여건의 간결성과 처리속도의 효율성 에러 전파율이 적을 것
Prof. Jk LEE/security 12
암호시스템의 분류암호시스템의 분류
시대별 분류 : 고전 암호시스템 :19 세기이전 근대 암호시스템 :1,2 차 대전 현대암호화 시스템 :1950 년이후
평문의 암호화 단위분류 : 블록 암호시스템 스트림 암호시스템
암호화 형식에 의한 분류 : 비밀키 ( 대칭형 ) 암호시스템 : 비밀키 공개키 ( 비대칭형 ) 암호시스템 : 공개키와 비공개키
Prof. Jk LEE/security 13
스트림 암호 : stream cipher
encryption decryptionplaintext ciphertext
Originalplaintext
키 생성 알고리즘비밀키 기밀성과 무결성이 보장되는 채널
암호화의 속도가 빠르다
오류의 영향이 적다
비트가 독립적인 관계로 각각의 비트를 암호의 개별적인 개체로 취급이 가능
암호키에 대한 엄격한 동기화 요구
Synchronization!
키 생성 알고리즘이 중요 !
평문 길이 최소 단위 : 한 개 단위의
비트나 문자
Prof. Jk LEE/security 14
블록 암호블록 암호 :Block cipher:Block cipher
encryption decryptionplaintext
Bolckciphertext
Originalplaintext
비밀키 기밀성과 무결성이 보장되는 채널
평문의 길이가 한개이상
DES,RSA 등
암호화 , 블럭화에 대한 처리 시간이 요구
오류시 다른 비트등에 영향
스트림 암호와 대칭성
Prof. Jk LEE/security 15
관용암호시스템 :conventional cryptosystem
대칭형암호시스템 :symmetric cryptosystem
Ex) DES
송수신자간에 대칭키 ( 비밀 키 ) 공유
or
암호화 ,복호화 키가
동일
Prof. Jk LEE/security 16
공개키암호시스템 :Public-key cryptosystem
비대칭형암호시스템 :Asymmetric cryptosystem
Ex) 디지털 서명 , 개인신분확인등에 활용
송신자 : 공개키 , 수신자 : 개인키
or
암호화 ,복호화 키가 다를 경우
Prof. Jk LEE/security 17
Representation of Representation of CharactersCharacters
Letter/code A 0 B 1 C 2 D 3 E 4 F 5 G 6 H 7 I 8 J 9
K 10 L11 M12 N13 O14 P15 Q16 R17 S18 T19
U20 V21 W22 X23 Y24 Z25
A + 3 =D or K -1 = J :modular arithmetic
Prof. Jk LEE/security 18
Monoalphabetic ciphersMonoalphabetic ciphers
The Caesar cipher:
Ci =E(pi) =pi +3
Plaintext: A B C D E F G H I J K L M N O P Q R S T U V W X Y ZCiphert.: D E F G H I J K L M N O P Q R s T U V W X Y Z A B CEx) TREATY IMPOSSIBLE WUHDWB LPSRVVLEOH
Prof. Jk LEE/security 19
ExampleExampleL FDPH L VDZ L FRQTXHUHG
I I+3I I+3
L I ??L I ??
I CAME I SAW I CONQUERED
Prof. Jk LEE/security 20
P: I DO NOT LIKE BRUTUS
C: L GR QRW OLNH BUXWXV
F(m) = (m+?) mod 26
Prof. Jk LEE/security 21
Advantage/disadvantage of Advantage/disadvantage of the Caesar cipherthe Caesar cipher
Quite simple cipher obvious pattern is major weakness
암호화 : C = Ek(m) = (m + k) mode 26
복호화 : m = Dk(c) = (c - k) mode 26
Prof. Jk LEE/security 22
Ex)
UZQSOVUOHXMOPVGPOPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWTMXUZUHSX
EPTEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
Frequency distributionsFrequency distributions
Prof. Jk LEE/security 23
Frequency distributionsFrequency distributions
Cipher’s frequency:
P 13.13 Z 11.67 S 8.33 U 8.33 O 7.50 M 6.67
H 5.83 D 5.00 E 5.00 V 4.17 X 4.17 F 3.33
W 3.33 Q 2.50 T 2.50 A 1.67 B 1.67 G 1.67
Y 1.67 I 0.83 J 0.83 C 0 K 0 L 0
N 0 R 0
Prof. Jk LEE/security 24
E 12.75 T 9.25 R 8.50 N 7.75 I 7.75 O 7.50 A 7.25S 6.00 D 4.25 L 3.75 H 3.50 C 3.50 F 3.00 U 3.00M 2.75 P 2.75 Y 2.25 G 2.00 W 1.50 V1.50 B 1.25K 0.50 X 0.50 Q 0.50 J 0.25 Z 0.25
Frequencies of English letters
Prof. Jk LEE/security 25
P:e, Z:t {S,U,O,M,H} {r,n,I,o,a,s} {A,B,G,Y,I,J} {w,v,b,k,x,q,j,z} digraph:2 문자 빈도 : “th” ZW 3times occurs: Z:t,W:h “ZWP” the : trigraph
Prof. Jk LEE/security 26
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAI
Z
t a e e t e a t h a t e e a a
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWTMXUZUHSX
e t t a t h a e e e a e t h t a
EPTEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
e e e t a t e t h e et
Prof. Jk LEE/security 27
“ it was disclosed yesterday that several informal but
direct contacts have been made with political
representatives of the viet cong in moscow”
Prof. Jk LEE/security 28
Other monoalphabetic substitutiOther monoalphabetic substitutionsons
Permutation: number of 1 to 10 1 = 1,3,5,7,9,10,8,6,4,2
2 = 10,9,8,7,6,5,4,3,2,1
ex) 1(3) = 5 or 2(7) = 4
Prof. Jk LEE/security 29
Let a1,a2,…,ak be a set of the plaintext alphabet, is a permutation of 1,2,..,k in a monoalphabetic su
bstitution each ci is a(pi).
Ex) () = 25 - then A : z, B:y and Z: a
ABCDEFGHIJKLMNOPQRSTUVWXYZ ke y a bc d fg hi j l m no pq r s t u v wxz
Prof. Jk LEE/security 30
ABCDEFGHIJKLMNOPQRSTUVWXYZ sp ec t a u l r bd f g h i j kmn oq v wxyz :spectacular
ex) ABCDEFGHIJKLMNOPQRSTUVWXYZ a dg j
permutation: () = (3* ) mod 26 (K) = (3* 10) mod 26 =30-26=4=e
Prof. Jk LEE/security 31
Cryptanalysis of monoalphabetic Cryptanalysis of monoalphabetic ciphersciphers
Brute-force: 가능한 모든 키를 시도 Probable-word attack: 추정단어공격 ex) 계좌 화일의 전송 --> 파일 머릿부분에
키워드의 존재 원시코드 --> 표준화 된 위치에 키 문장 암호알고리즘의 특성 :
절대 안정성 계산상 안정성 : 정보가치초과 , 유효기간초과
Prof. Jk LEE/security 32
steganographysteganography
문자 마킹 (character marking) 보이지 않는 잉크 (invisible ink) 핀 구멍 (Pin punctures) 타자수정리본 (tpewriter correction ribbo
n)
Prof. Jk LEE/security 33
Polyalphabetic substitution ciphPolyalphabetic substitution ciphersers
If T --> a, or T --> b and X --> a or X --> b:
T:high frequency X:low frequencyE1(T) = a, E2(T) = b while E1 (X)= b and E2(X)= a
combine two distributions: odd positions even positions
Prof. Jk LEE/security 34
Two encryption algorithmsTwo encryption algorithms
Odd positions:A B C D E F G H I J K L M N O P Q Ra d g j m o s v y b e h k n q t w zS T U V W X Y Zc f i l o r u x: () = (3* ) mod 26
Prof. Jk LEE/security 35
Even positions:A B C D E F G H I J K L M N O P Q Rn s x c h m r w bg l q v a f k p u S T U V W X Y Zz e j o t y d i: () = ((5* )+ 13) mod 26
Prof. Jk LEE/security 36
exampleexample
TREATY IMPOSSIBLE
TREAT YIMPO SSIBL E encryption
fumnf dyvtv czysh h
Prof. Jk LEE/security 37
Vigenere tableauxVigenere tableaux
“but soft what light through yonder window breaks”
juliet : key words
julie tjuli etjul ietju lietj uliet julie tjuli BUTSO FTWHA TLIGH TTHRO UGHYO NDERW INDOW BREAK
En
KOEAS YCQSI …..
Prof. Jk LEE/security 38
Cryptanalysis of polyalphabetic Cryptanalysis of polyalphabetic substitutionsubstitution
Kasiski method for repeated patterns:use repetions in the ciphertext to give cluses to the dryptanalyst of the period
P : TOBEO RNOTT OBEK: NOWNO WNOWN OWNC: GCXRC NACPG CXR
Prof. Jk LEE/security 39
Index of coincidence(IC): introduced in 1920 by W. Friedman
measures the variation in the frequencies of the letters in a cipheretext
Prof. Jk LEE/security 40
exampleexample
Dcrypt using vigenere ciper: TSMVM MPPCW CZUGX HPECP RFAUE IOBQW PPIMS FXIPC TSQPK SZNUL OPACR DDPKT SLVFW ELTKR GHIZS FNIDF ARMUE NOSKR GDIPH WSGVL EDMCM SMWKP IYOJS TLVFA HPBJI RAQIW HLDGA IYOU
Prof. Jk LEE/security 41
Ic =0.04066 : (P(ai)) split the ciper text into 5 ection gettings:
a->6 g->5 I->6 q->3 v->4b->2 h->5 m->8 r->6 w->6c->6 I->10 n->3 s->10 x->2d->6 j->2 o->5 t->5 y->2e->5 k->5 p->l3 u->5 z->3f->6
Prof. Jk LEE/security 42
We split the cipher text into five sections getting:
TMCHRIPFTSODSEGFANGWESITHRHI from text positions 51, l = 0, I, ...,27. SPZPFOPXSZPDLLHNRODSDMYLPALY from text positions 51+1, l " 0,1,...,27. MPHEABIIQNAPVTIIMSIGMWOVBQDO from text positions 51+2, l = 0,1,...,27. VCGCUQMPPUCKFKZDUKPVCKJFJIGU from text positions 51+3, l = 0,1,..., 27. MWXPEWSCKLRTWRSFERHLMPSAIWA from text positions 51+4, l = 0,1,..., 27.
5i=0.04233 5i+1=0.06614 5i+2=0.05026
5I+3=0.06614 5I+4=0.04843
Prof. Jk LEE/security 43
The second section is:
SPZPFOPXSZPDLLHNRODSDMYLPALY
P-> E, Q-> F:
HEOEUDEMHOESAAWCGDSHSBNAEPAN
The fourth section is:
VCGCUQMPPUCKFKZDUKPVCKJFJIGU
U->A,V-> B:
BIMIAWSVVAIQLQFJAQVBIQPLFOMA
Prof. Jk LEE/security 44
C-> A or K-> A. Trying these gives respectively:
TAEASOKNNSAIDIXBSINTAIHDHGES
CGCEGCFFECAFAJDEAFFCADFDCGE
Of these two the first looks the most promising so we look at what we have for our five sections as rows:
………………………………………………...
HEOEUDEMHOESAAWCGDSHSBNAEPAN
………………………………………………...
TAEASOKNNSAIDIXBSINTAIHDHGES
………………………………………………...
Prof. Jk LEE/security 45
M -> E, N-> F,... in the third row giving:
TMCHRIPFTSODSEGFANGWES ITHRHIHEOEUDEMHOESAAWCGDSHSBNAEPANE H M WSTAAIFSHN L A AE K A YEOGN T IVGTAEASOKNNSAIDIXBS INTAIHDHGES
Hence we decide that the plaintext is:
THE TIME HAS COME THE WALRUS SAID TO SPEAK OFMANY THINGS OF SHOES AND SHIPS AND SEALING WAX OF CABBAGES AND KINGS AND WHY THE SEA IS BOLLING HOT AND WHETHER PIGS HAVE WINGS
Prof. Jk LEE/security 46
EXAMPLEEXAMPLE
“STAR WARS”
I KNOW ONLY THAT I KNOW NOTHING
H UINF NIAP OCSO H UINF INOCHIT
Prof. Jk LEE/security 47
VERNAM CIPHERVERNAM CIPHER
VERNAMCIPHER 21417130122 8157 417 76 48 16 82 44 03 58 II 60 05 48 8
Plaintext VERNAMCIPHE RNumeric Equivalent 21 4 17 13 0 12 2 8 15 7 4 17
+ Random Number 76 48 16 82 44 3 58 II 60 5 48 88
=Sum 97 52 33 95 44 15 60 19 75 12 52 105
= mod 26 19 0 7 17 18 15 8 19 23 12 0 1
Ciphertext : tahrsp itxma
Prof. Jk LEE/security 48
LONG SEQUENCE FROM LONG SEQUENCE FROM BOOKSBOOKS
“What of thinking? I am,Iexist,that is certain”
Machine cannot think
iamie xistt hatis cert MACHI NESCA NNOTT HINK
Prof. Jk LEE/security 49
USED BY VIGENERE TABLE:
Machines cannot think
uaopm kmkvt unhbl jmed
Prof. Jk LEE/security 50
High-frequency letters: A,E,O,T : 40% and N,I: 25%
a e I n o t
A a e I n o tE e l m r s xI I m r w x cN n r w b c hO o s x c d lT t x b g h m
Prof. Jk LEE/security 51
Ci : u a o p m k m k v t Po: ? AA ? E ? E ? ? A O I I T T T
Prof. Jk LEE/security 52
Dual message entagementDual message entagement
Key : disregardthismessage mess: thismessageiscrucial
wpajqejvdzlqkovvmulgp
Prof. Jk LEE/security 53
transpositiontransposition
plaintext --> rearrangement --> cipertext
ex) Cryptanalyst; 3 x4 matrix:column tr.
1 2 3 4 c r y p row 2,4,1,3 t a n a RAYPATCTLYNS
l y s t
Prof. Jk LEE/security 54
exampleexample
Suppose d =4, f=(2 3 4 1): Ptx: cryp togr aphy
Cxt: pcry rtog yaph how identity? How to decipher?
Prof. Jk LEE/security 55
General monoalphbetic cipersGeneral monoalphbetic cipers
“starw wars” --> starw STARW BCDEF GHIJK LMNOP QUVXY Z
Prof. Jk LEE/security 56
ABCDEFGHIJKLMNOPQRSTUVWXYZ
SBGLQZTCHMUADINVREJOXWFKPY
Prof. Jk LEE/security 57
EXAMPLE(report)EXAMPLE(report)
DE : BASED ON FREQUENCY
BRYH DRL R ITEEIA IRBS TEF CIAAXA NFR NDTEA RF FGKN RGL
AOAYJNDAYA EDRE BRYH NAGE EDA IRBS NRF FMYA EK ZK TE CKIIKNAL DAY EK FXDKKI KGA LRH NDTXD NRF RZRTGFE EDA YMIAF
Prof. Jk LEE/security 58
“Mary had a little lamb its fleece was white as snow and everywhere that mary went the lamb was sure to go it followed her to school one day which was against the rules.”
Prof. Jk LEE/security 59
ExampleExample
Columnar transpositionst hisi samessaget oshowhowacolumnartransposI tion : tssoh oaniw haaso lrsto imghwworks utpir seeoa mrook istwc nasns
c1 c2 c3 c4 c5 c6 c7 c8 c9 c10c11 c12 etc.
Prof. Jk LEE/security 60
Most common Diagrams and Trigrams
diagrams trigramsen entre ioner andnt ingth iveon tioin fortf ouran thior one
Prof. Jk LEE/security 61
Cryptanalysis by Diagram AnalysisCryptanalysis by Diagram Analysis
Two different strings of letters from a transposition ciphertext can represent pai
rs of adjacent letters from the plaintext.
Problems: to find where in the cipertext a pair of adjacent olumns lies where the ends of the columns are
Prof. Jk LEE/security 62
c1 to c8, c2 to c9, …..c7 to c14. The windows of comparison shift: c1 to c9, c2 to c10….
Prof. Jk LEE/security 63
Prof. Jk LEE/security 64
Tssoh oaniw haaso lrsto (I(m(g(h(w (u (t (p (I (r s)e)e)o))a m)r)o)o)k istwc nasns
50ch. -> single column 10 * 5 matrix or second column -> 8*7 matrix
Prof. Jk LEE/security 65
Double Transposition AlgorithmDouble Transposition Algorithm
Involves two columnar transpositions:
Prof. Jk LEE/security 66
Result from the second column:
tno (m(I m)tssi l(g(rr)w xswr(h s)o) cxo hs(we)o) nxhat (ue)k)ax oao(to) isxas (I(p
a)sn x
Prof. Jk LEE/security 67
Stream ciphers: convert one symbol of plaintext immediat
ely into a symbol of ciphertext - speed of transformation- low error propagation* low diffusion* susceptibility to malicious and
modifications
Prof. Jk LEE/security 68
Y
Key(optional)
ISSOPMI
Plaintext
WDHUW……
Ciphertext
Encryption
Stream Encryption
Example: Monoalphabetic,Polyalphabetic Ciphers
Prof. Jk LEE/security 69
Block ciphersBlock ciphers
Encrypt a group of plaintext symbols as one block
key plaintext po
xn ba oi encryption qc tp kb
Prof. Jk LEE/security 70
Diffusion immunity to insertion slowness of encryption error propagation
Example: columnar transposition
Prof. Jk LEE/security 71
GOOD ciphers?GOOD ciphers?
The amount of secrecy needed should determine the amount of labor appropriate for the encryption and decryption
The set of keys and enciphering algorithm should be free from complexity
The implementation of the process should be as simple as possible
Shannon Characteristics:
Prof. Jk LEE/security 72
Errors in ciphering should not propagate and cause corrupton of further information in the message
The size of the enciphered text should be no larger than the text of the original message