--- tags: vaje, kirv, classical, algorithms hackmd: https://hackmd.io/epD0n8kwRFqWIqfKcOEk9A plugins: mathjax --- # Cryptography and computer security - Tutorial 13.10.2020 --- ## Cryptanalysis of classical ciphers Hill cipher: * <i>$\mathcal{P} = \mathcal{C} = \mathbb{Z}_{26}^t$</i> * <i>$\mathcal{K} = \lbrace M \in \mathbb{Z}_{26}^{t \times t} \mid M$</i> is invertible<i>$\rbrace$</i> * <i>$E_M(x) = Mx$</i> * <i>$D_M(y) = M^{-1} y$</i> Vigenère cipher: * <i>$\mathcal{P} = \mathcal{C} = \mathcal{K} = \mathbb{Z}_{26}^t$</i> * <i>$E_k(x) = (x + k) \bmod{26}$</i> * <i>$D_k(x) = (x - k) \bmod{26}$</i> --- ### Exercise 1 One reasonable idea for enhancing the security of a cryptosystem is to use double encryption. Is double encryption with the Hill cipher any safer than simple encryption? Justify your answer. * <i>$M, N \in \mathbb{Z}_{26}^{t \times t}$</i> invertible matrices * <i>$E_N(E_M(x)) = NMx = E_{NM}(x)$</i> * Suppose we have some algorithm which "breaks" the cryptosystem (in reasonable time) - known plaintext attack: given plaintexts $x_1, x_2, \dots$ and corresponding ciphertexts $y_1, y_2, \dots$, find the key - known ciphertext attack: given ciphertexts $y_1, y_2, \dots$, find the key * Use the same algorithm to "break" the double Hill encryption (in the same time) --- ### Exercise 2 Encrypt the message *LJUBLJANA* using the Vigenère cipher with the key *FRI*. Compute the [index of coincidence](https://en.wikipedia.org/wiki/Index_of_coincidence) of the obtained ciphertext. ``` 1 2 01234567890123456789012345 ABCDEFGHIJKLMNOPQRSTUVWXYZ ``` | L | J | U | B | L | J | A | N | A | | - | - | - | - | - | - | - | - | - | | 11 | 9 | 20 | 1 | 11 | 9 | 0 | 13 | 0 | | F | R | I | F | R | I | F | R | I | | 5 | 17 | 8 | 5 | 17 | 8 | 5 | 17 | 8 | | 16 | 0 | 2 | 6 | 2 | 17 | 5 | 4 | 8 | | Q | A | C | G | C | R | F | E | I | [Computation of the index of coincidence](https://nbviewer.jupyter.org/github/jaanos/kirv/blob/master/notebooks/VigenereCipher.ipynb#The-Vigen%C3%A8re-cipher) --- ### Exercise 3 The following ciphertext has been encrypted with the Vigenère cipher. Find the possible key lengths with the Kasiski test. Word divisions have not been preserved. ``` 1 2 3 4 01234 56789 01234 56789 01234 56789 01234 56789 012 NKASF BBYIY PWZCW TBIYK PFKUF KBJIA NKABY IYPWZ JMJ ``` Repetitions: * `NKA`: 0, 30, offset: 30 * `BYIYPWZ`: 6, 33, offset: 27 Key length candidates: divisors of <i>$\gcd(30, 27) = 3$</i> [Decrypting the ciphertext](https://nbviewer.jupyter.org/github/jaanos/kirv/blob/master/notebooks/VigenereCipher.ipynb#Sample-ciphertext) --- ## Algorithms with numbers <i>$a, b \in \mathbb{Z}_p$</i>, <i>$n$</i> digits long (in an $\alpha$-based system), <i>$n \approx \log_\alpha(a)$</i> * <i>$a + b$, $a - b$</i>: <i>$O(n)$</i> * <i>$a \cdot b$: $O(n^2)$</i> - <i>$a + a + a + \dots$: $O(bn)$</i> - <i>$b = \sum_{i=0}^{n-1} b_i 2^i$</i> (<i>$b_i \in \{0, 1\}$</i>), <i>$ab = \sum_{i=0}^{n-1} ab_i 2^i$</i> * <i>$c$</i> is <i>$m > n$</i> digits long, <i>$c/a$</i>: <i>$O((m-n)n)$</i> * <i>$a^b \bmod{p}$: $O(n^3)$</i> ### Exercise 4 Calculate <i>$3^6 \bmod{17}$</i> using the square-and-multiply algorithm. * <i>$6 = 4 + 2 = 1 \cdot 2^2 + 1 \cdot 2^1 + 0 \cdot 2^0 = 110_2$</i> | bit | square | multiply | | - | - | - | | 1 | <i>$3^0 = 1$</i> | <i>$3^1 = 3$</i> | | 1 | <i>$3^2 = 9$</i> | <i>$3^3 = 27 = 10$</i> | | 0 | <i>$3^6 = 100 = 15$</i> | <i>$3^6 = 15$</i> |