The University of Babylon
Department of Software
LECTURE NOTES ON Cryptographic Primitives &
Requirements of Cryptosystems
By
Dr. Samaher Hussein Ali
College of Information Technology, University of Babylon, Iraq
Samaher_hussein@yahoo.com
10/24/2012
Cryptographic Primitives
There are a number of basic cryptographic tools (primitives) used to provide information security.
Examples of primitives include encryption schemes, hash functions, and digital signature schemes. The
figure in below provides a schematic listing of the primitives considered and how they relate.
10/24/2012
Dr. Samaher Hussein Ali
Notes of Lecture 5
Cryptographic Primitives
These primitives should be evaluated with respect to various criteria such as:
1.
Level of Security. This is usually difficult to quantify. Often it is given in terms of the number of
operations required (using the best methods currently known) to defeat the intended objective.
Typically the level of security is defined by an upper bound on the amount of work necessary to
defeat the objective. This is sometimes called the work factor.
2. Functionality. Primitives will need to be combined to meet various information security objectives.
Which primitives are most effective for a given objective will be determined by the basic properties
of the primitives.
3. Methods of Operation. Primitives, when applied in various ways and with various inputs, will
typically exhibit different characteristics; thus, one primitive could provide very different functionality
depending on its mode of operation or usage.
4. Performance. This refers to the efficiency of a primitive in a particular mode of operation. (For
example, an encryption algorithm may be rated by the number of bits per second which it can
encrypt.)
5. Ease of implementation. This refers to the difficulty of realizing the primitive in a practical
instantiation. This might include the complexity of implementing the primitive in either a software or
hardware environment.
10/24/2012
Dr. Samaher Hussein Ali
Notes of Lecture 5
Requirements of Cryptosystems
1.
The encryption and decryption transformation must be efficient for all keys.
2.
The system must be easy to use
3.
The security of the system must depend only on the secrecy of the key and not on the secrecy of the
algorithm “encryption /decryption)
4.
It should be computationally infeasible1 for a cryptanalyst to determine the deciphering transformation
from intercepted ciphertext , even if the corresponding plaintext is known.
5.
It should be computationally infeasible for a cryptanalysis to determine the plaintext from interpreted
cipher text
6.
In addition to providing confidentiality, cryptography is often asked to do other jobs.
7.
Authentication: it should be possible for the receiver of a message to ascertain its origin.
8.
Integrity: it should be possible for the receiver of a message to verify that it has not been modified in
transmits.
9.
No repudiation: a sender should not be able to falsely deny later that he/she sent a message.
10/24/2012
Dr. Samaher Hussein Ali
Notes of Lecture 5
Methods of Cryptanalysis
Cryptanalysis is the study of mathematical techniques for attempting to defeat cryptographic techniques. Cryptanalysis is the
science of analyzing and breaking secure communication. Classical cryptanalysis involves an interesting combination of
analytical reasoning, application of mathematical tools, pattern finding, patience, determination, and luck. Cryptanalysts are
also called attackers.
History of Cryptanalysis
Cryptanalysis has coevolved together with cryptography, and the contest can be traced through the history of cryptography—
new ciphers being designed to replace old broken designs, and new cryptanalytic techniques invented to crack the improved
schemes . In practice, they are viewed as two sides of the same coin: in order to create secure cryptography, you have to
design against possible cryptanalysis.
Although the actual word "cryptanalysis" is relatively recent (it was coined by William Friedman in 1920), methods for breaking
codes and ciphers are much older. The first known recorded explanation of cryptanalysis was given by 9th-century Arabian
polymath, Al-Kindi (also known as "Alkindus" in Europe), in A Manuscript on Deciphering Cryptographic Messages.
10/24/2012
Dr. Samaher Hussein Ali
Notes of Lecture 5
Classical Cryptanalysis
Frequency analysis is the basic tool for breaking most classical ciphers. In natural languages, certain letters of the alphabet
appear more frequently than others; in English, "E" is likely to be the most common letter in any sample of plaintext.
Similarly, the digraph "TH" is the most likely pair of letters in English, and so on. Frequency analysis relies on a cipher failing
to hide these statistics. For example, in a simple substitution cipher (where each letter is simply replaced with another),
the most frequent letter in the ciphertext would be a likely candidate for "E".
Beker and Piper partition the 26 letters into five groups as follows:
1.
E, having probability about 0.120
2.
T, A, O, I, N, S, H, R, each having probabilities between 0.06 and 0.09.
3.
D, L, each having probabilities around 0.04.
4.
C, U, M, W, F, G, Y, P, B, each having probabilities between 0.015 and 0.028.
5.
V, K, J, X, Q, Z, each having probabilities less than 0.01.
Steps in Cryptanalysis
The solution of nearly every cryptogram involves four basic steps:
1. Determination of the language used.
2. Determination of the general system used.
3. Reconstruction of the specific keys to the system.
4. Reconstruction of the plaintext.
10/24/2012
Dr. Samaher Hussein Ali
Notes of Lecture 5
Types of Cryptanalytic Attack
The objective of the following attacks is to systematically recover plaintext from ciphertext, or even more drastically, to
deduce the decryption key.
1. A ciphertext-only attack is one where the adversary (or cryptanalyst) tries to deduce the decryption key or plaintext by
only observing ciphertext. Any encryption scheme vulnerable to this type of attack is considered to be completely
insecure.
2. A known-plaintext attack is one where the adversary has a quantity of plaintext and corresponding ciphertext. This
type of attack is typically only marginally more difficult to mount.
3. A chosen-plaintext attack is one where the adversary chooses plaintext and is then given corresponding ciphertext.
Subsequently, the adversary uses any information deduced in order to recover plaintext corresponding to previously
unseen ciphertext.
4. An adaptive chosen-plaintext attack is a chosen-plaintext attack where in the choice of plaintext may depend on the
ciphertext received from previous requests.
5. A chosen-ciphertext attack is one where the adversary selects the ciphertext and is then given the corresponding
plaintext. One way to mount such an attack is for the adversary to gain access to the equipment used for decryption
(but not the decryption key, which may be securely embedded in the equipment). The objective is then to be able,
without access to such equipment, to deduce the plaintext from (different) ciphertext.
6. An adaptive chosen-ciphertext attack is a chosen-ciphertext attack where the choice of ciphertext may depend on the
plaintext received from previous requests.
10/24/2012
Dr. Samaher Hussein Ali
Notes of Lecture 5
Attacks on the Simple Substitution Cipher
The general strategy with the two substitution ciphers is to substitute symbols from the plaintext
alphabet with different symbols from the ciphertext alphabet(s). The weakness with this strategy is that
character frequency distributions are not significantly altered by the encryption process. Thus, most
attacks on substitution ciphers attempt to match the character frequency statistics of the encrypted
message with those of some known language (for example, English). Character frequency statistics (or ngrams) indicate the frequency distribution of all possible instances of n adjacent characters (for example,
THE is a very common 3-gram (or trigram) in the English language).
The attack on the simple substitution cipher is particularly simple since the frequency of any n-gram in
the plaintext (or unencrypted) message will correspond exactly to the frequency of the corresponding
encrypted version in the ciphertext.
A major factor influencing the success of an attack on the simple substitution cipher (or any cipher where
the attack is based on n-gram statistics of the language) is the length of the intercepted cipher text
message which is being cryptanalysed. The amount of cipher text required in order to recover the entire
key (with a high degree of certainty) varies depending on the type of cipher.
10/24/2012
Dr. Samaher Hussein Ali
Notes of Lecture 5