Encryption - Securing Data PDF

Summary

This presentation explains encryption, covering its basics, key concepts, and various cryptographic techniques. It also details some common weaknesses in encryption. This is useful for understanding the core aspects.

Full Transcript

Securing data -
Encryption
What is encryption, how does it work? (at
a really, really basic level!)
Encryption – Basic Principles
 Encryption – what and why?

Read the
message
Alter the
‘Attacker’ message
Send a false
response back to
the sender
Fool the sender
into thinking the
message was
Sender received when it
Plaintext Plaintext Receiver wasn’t
message (pt)
Falsify the
Sender’s identity

System is insecure
 Encryption – what and why?

Encryption function translates
plaintext to ciphertext
c
Decryption function translates
ciphertext back to plaintext
‘Attacker’
p
E and D must be easy to
perform by sender and
receiver.
System is secure if:
The decryption process, D, is
Sender Encryptio
Decryptio
Plaintext n (E) Cipertext n Receiver not known by the ‘attacker’
(D)
message (pt) It is impossible to directly
calculate pt from ct without
knowing D.
Analysis of the ciphertext (and
encryption algorithm) cannot
be used to ‘guess’ the
plaintext without knowing D –
 Encryption keys
Usually, the
encryption/decryption
processes take a key as
an input parameter

‘Attacker’ Encryption function
translates plaintext to
ciphertext
Encryption Key, Decryption Key,
KE
c
KD
Decryption function
Sender Encryptio
Decryptio
translates ciphertext back
Plaintext n (E) Ciphertext n Receiver
(D) to plaintext p
message (pt)
Symmetric Encryption:
*

*Note that encryption will be still categorised as symmetric even if but can be Asymmetric Encryption:
computed easily from. I.e. and or
 Making the system secure

The decryption process, D, is not known by the ‘attacker’.

The decryption process, D, is an algorithm: it converts the ciphertext into the plaintext.
Usually does this piece-by-piece – letter at a time, or block of data at a time.

for( i = 0; i < length(ciphertext); i++ ) {
plaintext[i] = D( KD, ciphertext[i] );
}

The exact relationship between each piece of the ciphertext and plaintext depends on the decryption
function/algorithm, D, and the decryption key, KD.

At least one of D and KD must be secret.

Convention is that the algorithm (both D and E) is made public and open to scrutiny
Only needs to be one, secure algorithm
Different keys allow it to be reused by multiple users

The decryption key, KD, is kept secret and is different each time the algorithm is used
 Making the system secure

It is impossible to directly calculate pt from ct without
knowing D and KD.
This statement is never really true in practice.
There is always a finite number of possible KD, so just try them all – a brute-force attack
There must be enough possible keys so that someone is extremely unlikely to be able to guess the
correct key in a reasonable amount of time.
It is then impractical to directly calculate pt from ct without knowing KD
9.2 days
The key is usually just a number of a particular size, size usually quoted in bits. (1998)

For DES algorithm (developed in 70’s, previously used for https://):
56-bit key, number of possible keys = 256 = 72x1015 26 hours
(now)
Can now be cracked in 26 hours by trying 768,000,000,000 keys/second!

Cracking DES by brute-force
Source and more info: https://crack.sh
 Making the system secure

It is impossible to directly calculate pt from ct without
knowing D and KD.
AES (developed 2001, currently used for https://)
128, 192 or 256 bit key,
up to 2256 = ~116x1075 possible keys
Assuming same hardware/search rate it would take ~1.5x10 60 days
to check all keys

9.2 days
Clearly not practical to brute-force modern encryption algorithms using
available hardware, hence cryptanalysis
(1998)

Obviously evolving hardware could make encryption methods that are
currently secure, insecure 26 hours
See progress on previous slide (now)
Quantum computing?
Cracking DES by brute-force
Source and more info: https://crack.sh
 Making the system secure

Analysis of the ciphertext (and encryption algorithm) cannot be used
to ‘guess’ the plaintext contents or KD
Cryptanalysis analyses patterns in ct, and/or weaknesses in the algorithm, to reduce the number of keys that
must be tried.
For a secure algorithm, there will be no quicker method than brute-force
Secure encryption algorithms applied incorrectly can still result in insecure ct (see later lecture)

Security of the RC4 stream cipher relies on generating a stream of
random numbers to be used during encryption. There were non-
Image encrypted using 128-bit AES. Despite AES
random patterns in this stream and as a result the ciphertext could
being a secure algorithm, the encrypted image is
be analysed to reveal information about they key. RC4 was used for
similar to the original.
the WEP secure wi-fi protocol:
 Cryptanalysis Methods

Ciphertext only
Patterns in the ciphertext indicate the contents of the plaintext or key. Frequency analysis is an example of a ciphertext only attack (see later).

Known-plaintext
An attacker knows some of the plaintext, and the corresponding ciphertext, and by analysing the relationship between them finds the unknown key.
This can occur if part of the plaintext is predictable (e.g. it always starts with the same greeting / header). Linear cryptanalysis is an example of a
known plaintext attack, see later.

Chosen-plaintext
An attacker has the ability to generate any plaintext, get it encrypted and analyse the resulting ciphertext. This analysis would then be used to
determine an unknown key. This is possible in asymmetric/public key encryption but efforts are made to secure symmetric encryption against these
attacks too. Differential cryptanalysis is an example of a chosen-plaintext attack.

Chosen-ciphertext
An attacker can generate some ciphertext and submit it for decryption. By analysis of the resulting plaintext, the unknown decryption key can be
determined.
Classical Symmetric Methods
Basic substitution ciphers
Introduction to modular arithmetic
The obvious example – Caesar’s Cipher

The most famous (and most simple) example of encryption.

p A B C D E F G H I J K L M N O P Q R S T U V WX Y Z
t
ct A B C D E F G H I J K L M N O P Q R S T U V WX Y Z

Each letter of the alphabet is shifted forward by a fixed amount
The shift “wraps around”

p A B C D E F G H I J K L MN O P Q R S T U V WX Y Z
t
ct F G H I J K L M N O P Q R S T U V WX Y Z A B C D E
 pt: the cat sat on the
Caesar’s Cipher mat
ct: ymj hfy xfy ts ymj
rfy
Each letter is encoded as a number in the range [0-25]
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

The encryption function is:
The decryption function is:

The keys are: ( = 5 in this example)
There are 26 possible keys [], ≈5 bit encryption

The encryption method is symmetric: if you know the algorithm and encryption key, you can also
easily decrypt the ciphertext.

The encryption method is mono-alphabetic: there is unique and static 1:1 mapping between each
possible unit/character of plaintext and ciphertext
 Modular Arithmetic

Mathematically:
52 53
The means that the expression should be evaluated modulo 26, where 26 is called the
modulus. 51 26 27
50 25 0 1 28
49 24 2 29
Mathematical way saying the result “wraps-around” when you reach 26, 26 is equivalent to
0 48 23 3
Effectively a circular number system
22 4 30
47 21
5 31
Eg, to evaluate the expression: 46 20
6 32
, where pt = 5, K = 23
E 45 19 11 7 33
44 18 8 34
Divide the answer by the modulus (=26)
43 17 9 35
16 10
42 15 11 36
12
The answer is the remainder 41 14 13 38 37
40 39

Modular arithmetic is trivial here but it forms the basis of public key encryption
Modular Arithmetic

Some further examples

And so on. The answer to any expression followed
by (mod n) is just the remainder when the answer
is divided by n.
 Modular Arithmetic - Examples

1. Evaluate the expression:

2. Using modular arithmetic, encrypt the character ‘e’ with Caesar’s cipher using n = 26 for both K E = 5 and KE
= 31

3. Find KD as a positive integer given that:

KE = 20 and n = 52

Final note: Modular Arithmetic only deals with integers – you can never have answers that are not whole
integers!
 Affine Cryptosystems

a and b are positive integers and together form the encryption key, KE. In theory 26*26 key combinations

Restrictions on the key (b):
b is again limited in practice to: [].
You could use , but this doesn’t increase the number of unique keys.

Restrictions on the key (a):
a and 26 must be relatively prime or co-prime
This means they must have no common factors other than 1.
We’ll look at what this means and why on the following slides.

Note: As with modular arithmetic, prime numbers and the concept of co-primality are
important in public-key encryption.
Again, that’s why we are looking at these examples.
 Affine Cryptosystems - Decryption

Rearrange for pt…
Encryption: 1
𝑝𝑡 = ( 𝑐𝑡 − 𝑏 )
Decryption: 𝑎

Where:
NOTE: ! (unless

must be solved to find x where x is the modular multiplicative inverse (MMI) of a.

The (or “congruent with”) sign is just like a equals sign in a regular equation.
The solution to this equation is where the both sides of the give the same remainder when divided by 26.
Obviously 1/26 is always going to give a remainder of 1, so also need to find a value of x where xa/26 also gives a
remainder of 1

There is no guarantee that a solution exists for any given a and n
If a MMI does not exist, a valid decryption key does not exist.
 Finding MMI

Take the expression:

x, a and n are all positive integers
a and n are known
x is unknown – we must find a value that satisfies the equation

This means that there must be a value of x such that:

or
or
or
or … (i.e. xa gives a remainder of 1 when divided by n)

So there must be an integer value for x that satisfies the equation:
here 0 ≤ m < ∞)
If you can find a combination of x and m that satisfy this equation, then you’ve found the MMI –
MMI Example
- find x for all possible values of a.

,…
Need an integer x to satisfy:

a X Impossible to satisfy
0 - (1/26 = 0r1)
1 1
Impossible to satisfy
2 -
(27/26 = 1r1)
3 9
4 - Impossible to satisfy
5 21 (105/26 = 4r1)
6 -
Impossible to satisfy
7 15
8 - (105/26 = 4r1)
Impossible to satisfy
 MMI Example

a x a x a x
- find x for all possible values of a. 0 - 9 3 18 -
1 1 10 - 19 11

,…
Need an integer x to satisfy: 2 - 11 19 20 -
3 9 12 - 21 5
4 - 13 - 22 -
5 21 14 - 23 17
6 - 15 7 24 -
7 15 16 - 25 25
If you want to check calculations try the calculator at: 8 - 17 23 26 -
https://planetcalc.com/3311/
Modular Multiplicative Inverse – Does it
exist?
Does it exist?
A pattern can be observed in the examples on the previous slide

A MMI (x) exists only if a and n are co-prime

Another way of saying a and n are co-prime is that their greatest
common factor is 1 ( gcf(a,n) = 1 )
They have no common factors other than 1

The gcf is the largest number that you can divide both a and n by and
still get an integer result.

The gcf(a,n) can be calculated using the Euclidean Algorithm for larger
numbers
 Affine Cryptosystems - Decryption
a x
Anyway, back to where this discussion started… 0 -
1 1
Encryption: 2 -
3 9
4 -
Decryption: 5 21
6 -
7 15
Where: 8 -
And now you are able solve for x in the decryption key if you know the value of a chosen in the encryption key
Num unique ct
characters
b
a pt: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
1 1 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 0 26
What does the 2 1 1 3 5 7 9 11 13 15 17 19 21 23 25 1 3 5 7 9 11 13 15 17 19 21 23 25 13
3 1 1 4 7 10 13 16 19 22 25 2 5 8 11 14 17 20 23 0 3 6 9 12 15 18 21 24 26
ciphertext look like for 4 1 1 5 9 13 17 21 25 3 7 11 15 19 23 1 5 9 13 17 21 25 3 7 11 15 19 23 13
different values of a? (b 5 1 1 6 11 16 21 0 5 10 15 20 25 4 9 14 19 24 3 8 13 18 23 2 7 12 17 22 26
6 1 1 7 13 19 25 5 11 17 23 3 9 15 21 1 7 13 19 25 5 11 17 23 3 9 15 21 13
is fixed at 1): 7 1 1 8 15 22 3 10 17 24 5 12 19 0 7 14 21 2 9 16 23 4 11 18 25 6 13 20 26
8 1 1 9 17 25 7 15 23 5 13 21 3 11 19 1 9 17 25 7 15 23 5 13 21 3 11 19 13
9 1 1 10 19 2 11 20 3 12 21 4 13 22 5 14 23 6 15 24 7 16 25 8 17 0 9 18 26
10 1 1 11 21 5 15 25 9 19 3 13 23 7 17 1 11 21 5 15 25 9 19 3 13 23 7 17 13
11 1 1 12 23 8 19 4 15 0 11 22 7 18 3 14 25 10 21 6 17 2 13 24 9 20 5 16 26
12 1 1 13 25 11 23 9 21 7 19 5 17 3 15 1 13 25 11 23 9 21 7 19 5 17 3 15 13
Affine Cryptosystems - Decryption
a x
Anyway, back to where this discussion started… 0 -
1 1
Encryption: 2 -
3 9
4 -
Decryption: 5 21
6 -
Where: 7 15
8 -

If x does not exist, the encryption results in fewer than 26 unique characters in ct, the duplicated characters show why Num unique ct
decryption is impossible characters
b
a pt: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
1 1 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 0 26
2 1 1 3 5 7 9 11 13 15 17 19 21 23 25 1 3 5 7 9 11 13 15 17 19 21 23 25 13
3 1 1 4 7 10 13 16 19 22 25 2 5 8 11 14 17 20 23 0 3 6 9 12 15 18 21 24 26
4 1 1 5 9 13 17 21 25 3 7 11 15 19 23 1 5 9 13 17 21 25 3 7 11 15 19 23 13
5 1 1 6 11 16 21 0 5 10 15 20 25 4 9 14 19 24 3 8 13 18 23 2 7 12 17 22 26
6 1 1 7 13 19 25 5 11 17 23 3 9 15 21 1 7 13 19 25 5 11 17 23 3 9 15 21 13
7 1 1 8 15 22 3 10 17 24 5 12 19 0 7 14 21 2 9 16 23 4 11 18 25 6 13 20 26
8 1 1 9 17 25 7 15 23 5 13 21 3 11 19 1 9 17 25 7 15 23 5 13 21 3 11 19 13
9 1 1 10 19 2 11 20 3 12 21 4 13 22 5 14 23 6 15 24 7 16 25 8 17 0 9 18 26
10 1 1 11 21 5 15 25 9 19 3 13 23 7 17 1 11 21 5 15 25 9 19 3 13 23 7 17 13
11 1 1 12 23 8 19 4 15 0 11 22 7 18 3 14 25 10 21 6 17 2 13 24 9 20 5 16 26
12 1 1 13 25 11 23 9 21 7 19 5 17 3 15 1 13 25 11 23 9 21 7 19 5 17 3 15 13
 Modular Multiplicative Inverse – Final
examples:

Does a solution exist to each of the following
equations? If so, find it.
Encryption -
Weaknesses
Why might encryption not achieve the intended
outcome?

Why can encryption methods be “weak”. (Again, at a
very simple level)

Cryptanalysis

How do you make encryption methods less susceptible
to cryptanalysis
Weaknesses & Cryptanalysis
The weakness of Mono-Alphabetic
Cryptosystems
Mono-alphabetic cryptosystems are substitution ciphers
Static 1:1 mapping
Both examples so far (Caesar and Affine) fall into this category

They encrypt the characters/data, but don’t encrypt patterns in the data.
pt: the cat sat on the mat
ct1: xhq wcx acx mp xhq scx
ct2: sub xts dts vg sub rts

There are patterns in this sentence that will not be hidden by mono-
alphabetic encryption:
Because of the static 1:1 mapping, all ‘t’ characters in pt map to the same character in ct,
etc
Some letters, e.g. ‘t’ appear more frequently than others, this can be used to guess the
mapping for these letters
The words cat, sat and mat are very similar in both pt and ct, could be used to guess
mappings
 Patterns in the English Language
Letter Frequency: gafsf bdz qx hrf rsfdj hq gaf msffwfs qxs yhy
% % gafp aduf jxqfp gx tx gx gaf zgxsf
E 12.21 P 2.27

Ciphertext and its statistics
T 9.51 F 2.26 Letter Frequency First Letter Frequency First Letter Pair
1 g 5 29.41 Frequency
A 7.98 M 2.23
Statistics of English Language

f 20.31 ga 3 17.64
O 7.87 W 2.03 3 h 2 11.76
N 7.13 Y 1.67 g 7 10.93 q 2 11.76 gx 2 11.76
I 7.12 B 1.61 x 7 10.93 qx 2 11.76
S 6.54 G 1.60 s 6 9.37
R 5.98 V 0.92 a 5 7.81
H 5.10 K 0.52 q 4 6.25 Not a particularly long ct so statistical analysis
L 4.00 Q 0.20 d 3 4.68 isn’t overly reliable, but some patterns still
D 3.82 X 0.20 h 3 4.68 emerge:
C 3.17 J 0.10 p 3 4.68
U 3.07 Z 0.09 j 2 3.12 Most frequently occurring first letter: g, most
r 2 3.12
frequent first letter paring: ga. So likely that g
First letter of a y 2 3.12
= T, a = H
z 2 3.12
word:
T A O S H I W
Most frequently occurring letter: f, so is
First pair of letters of a word: possible that f = E

T H A IN E R E
H E N R E S Source of frequency data: H.F. Gaines, Cryptanalysis, Dover Publications, New York, 1939. – PDF can be
Letter frequency and most common found online if interested
letters in English Language pt generated using random sentence generator: https://randomwordgenerator.com/sentence.php
Linear Cryptanalysis
We now know some patterns in pt and corresponding patterns in ct – how
can you use this to decrypt the entire message DK?

Linear cryptanalysis represents the decryption process as a linear
mathematical function:

The available data is then used to work out the coefficients α, β that give
the best fit.

For an affine cryptosystem, which is a linear process, this approach can
reveal the exact DK.

For more complex cryptosystems which are not linear, a similar process
can approximate (part of) the decryption process. This is an ongoing area
of research and has been used to break modern cryptosystems such as AES
under certain, limited conditions.
Example: Linear Cryptanalysis

Inserting the guessed mappings determined earlier:

(mod 26)

If a-z have been encoded as 0-25:

A B C D E F G H I J K L M N O P Q R S T U V WX Y Z
0 1 2 3 4 5 6 7 8 9 101112131415161718 1 202122232425
9
 α α*6

Example:
1
0
6
Linear Cryptanalysis
0

2 12
3 18
4 24
5 30
This happens to be easy to solve as it is obvious that = m
7. m*26+12
6 36
0 12
7 42
1 38
8 48
2 64
9 or54 for m = 0, 1, 2, …
3 90
10 60
4 116
You are not required to be able to solve th
11
There 66
is a solution to this when α = 15 and m = 3 because: simultaneous equations on this slide, just
understand the principle of linear
12 72 cryptanalysis

13 78
so:14 84
15 90
at first glance it appears that there is also a solution where α = 2 but this value of α does not have a MMI modulo 26 (because gcf(2,26) ≠ 1)
which means the computed decryption function wouldn’t give a unique pt ct mapping
 Example: Linear Cryptanalysis

Results in the translation table:

A B C D E F GH I J K L MNO P Q R S T U VWX Y Z
h w l a p e t i xmb q f u j y n c r g v k p o d s

The final prediction resulting from the frequency analysis also appears to be correct.

Decrypted message:
gafsf bdz qx hrf rsfdj hq gaf msffwfs qxs yhy gafp aduf jxqfp gx tx gx gaf zgxsf
there was no ice cream in the freezer nor did they have money to go to the store
(it was generated randomly!)

Linear cryptanalysis (on its own) is an example of a known-plaintext attack
You know some pt and the corresponding ct and from these work out DK

 Summary

Mono-alphabetic / Affine Ciphers
Example of substitution based encryption process
Linear or similar mathematical relationship between ct and pt, with the key giving the
coefficients in this relationship
Patterns in plaintext result in patterns in ciphertext – major weakness
Susceptible to frequency/pattern analysis of ct
Also susceptible to linear cryptanalysis

Linear Cryptanalysis
By comparing pt and ct a linear transformation can be developed that approximates the
decryption process, DK.
For affine cryptosystems (not secure), this transformation can be an exact replica of the
actual decryption process
For more advanced cryptosystems it will only be an approximation to (all or part of) the
decryption process – see block ciphers later.
Making encryption more secure
Longer keys, blocks and randomness
Polyalphabetic ciphers
 Reminder – the problem

There is a 1:1 mapping between pt and ct
Each ‘a’ in pt always maps to that same character in ct
Each ‘b’ in pt always maps to that same character in ct
Each ‘c’ in pt always maps to that same character in ct
…
pt: the cat sat on the
This mapping never changes mat
ct: xli gex wex sr xli
qex
This means that patterns in pt appear in ct

These patterns can reveal characteristics of pt

These characteristics can be used to guess what pt is
 Increased key length means the message
is effectively encrypted in blocks (of 3 in
A simple solution this case)

Increased key length also means more
difficult to guess key (more combinations)
Increase the key length – a polyalphabetic cipher

Caesar’s Cipher with KE =
This particular variant is also sometimes called a Vigenere Cipher
4 or ‘e’
pt: the cat sat on the
Use Caesar’s Cipher as example mat
key: eee eee eee ee eee
eee
Easier to represent the key(shift) as a letter:
ct: xli gex wex sr xli

qex
E.g. KE = 0 → a, KE = 1 → b, KE = 2 → c, …

Previously the key was just single value, e.g KE = 4 or ‘e’
Caesar’s Cipher with KE =
10,4,24 or ‘key’
What if KE = ‘key’ or 10,4,24?
pt: the cat sat on the mat
key: key key key ke yke yke
The increased key length eliminates some patterns but not all:
ct: dlc mer cer yr rri kkx
Because the key still repeats, just at lower frequency
Still a chance that the repeating key aligns with patterns in pt
The longer the key, the less repetition, the less chance of this happening.
 Pseudorandom key sequence ciphers

Could you use a random key the same length as the message?
Yes, but sender and receiver would both need a copy of the key.
To be effective a new key is needed for each message (otherwise you are using the same key repetitively, leading to same problems
as before)
If you were going to use the encryption system frequently, sender and receiver would need a huge amount of (identical) key data.
Old “one-time pad” encryption systems used large code books of random data. Both sender and receiver would hold identical copies of
this data.

Solution: Pseudorandom key sequence generators
A “long key generating machine”
The machine must first be initialised to set its internal state
Generates a sequence of apparently random key characters – the key sequence or keystream
The sequence looks like it is random, but if you have an identical machine which is initialised in the same way you can generate an
identical keystream.

Ke Key Keystream:
y asnvhiepcnancpiancdbegiyak;dfsakps
Generator …

A short key is used to set the initial machine state
Both sender and receiver must use identical initial settings (keys) for their keystream generators
 Pseudorandom key sequency ciphers
Ke Key Key Ke
y y
Generator Generator

Keystream: Keystream:
asnvhiepcnancpiancdbegiya asnvhiepcnancpiancdbegiya
kdfsa… kdfsa…

pt Encryption ct Decryption pt

If the Key Generator generates a perfect pseudorandom keystream:
Even if you knew all of the previous values in the keystream, and you knew how the machine
was constructed,
but didn’t know the machine’s precise internal state or starting key,
you wouldn’t be able to predict the next value in the keystream any more accurately than is
possible with a complete guess.
 Pseudorandom key sequency ciphers
Ke Key Key Ke
y y
Generator Generator

Keystream: Keystream:
asnvhiepcnancpiancdbegiya asnvhiepcnancpiancdbegiya
kdfsa… kdfsa…

pt Encryption ct Decryption pt

Actual encryption can be very simple (e.g. character substitution), but…
Security depends on the ‘randomness’ of keystream:
If you knew something about the plaintext e.g. every message starts with “hello”
You may be able to use this knowledge to reveal the first 5 keystream characters (linear
cryptanalysis)
If the key sequence is random enough, this won’t tell you anything about the rest of the keystream
But if these keystream characters reveal anything about the original key, the machine’s internal
state, or allow you to predict other characters in the keystream, the cryptosystem will be insecure.
 Example: Enigma

WW2 era German Enigma machine

A substitution cipher where the substitution is
determined by the precise position of a
number of components in a machine – the
machine’s state.
Electrical connection between a-z keys and a-z lights set
by moving rotors and wires on plugboard

The machine is initialised in the same way by
By TedColes sender and receiver
https://upload.wikimedia.org/wikipedia/co
Rotor position, plugboard wires
mmons/d/d8/Enigma_rotors_and_spindle_
showing_contacts_rachet_and_notch.jpg These initialisation settings are effectively the key

After each substitution the machine state
changes according to some predefined
sequence.
Rotors move to change internal wiring
This changes the pt:ct mapping for the next character
By Karsten Sperling, http://spiff.de/photo,
https://commons.wikimedia.org/wiki/File:EnigmaMachi
neLabeled.jpg
 Example: Enigma

The machine is generating a pseudorandom key-sequence
The receiving machine is able to compute the next value in the key sequence as it knows
the sending machine’s internal state.
To everyone else, the key sequence would appear to be random.

The encryption itself is just a basic letter substitution the same as Caesar.
At each step each input (pt) a-z character maps to a single output (ct) a-z character
This is the similar to a Caesar/affine cipher but with a constantly changing key

The substitution step itself is not secure, security is a result of the pseudorandom
key-sequence.
Modern stream ciphers work in this way.

Enigma was beaten with cryptanalysis to reduce the number of possible initial
machine states (keys), and a known-plaintext, brute force attack to find the exact
 Summary – Polyalphabetic ciphers

Mono-alphabetic ciphers use the same key to repetitively encrypt units (character / byte/ bytes) of plaintext which results in patterns appearing in
the plaintext, also appearing in the ciphertext.

This makes cryptanalysis easy (simple analysis of ct results in key)

Polyalphabetic ciphers use a key that changes with each unit of plaintext to avoid this. The problem is that when you reach the end of the key, you
have to repeat using the same key sequence.

Polyalphabetic ciphers reduce the frequency with which patterns appear in ct but don’t eliminate them (as the key still repeats, just at a lower
frequency).

Longer keys improve the performance – a random key the same length as the message (known as a one-time pad system) should mean that all
patterns in pt are prevented from appearing in ct, but this is impractical in practice.

A variation on polyalphabetic ciphers is to use a pseudorandom key sequence– an infinitely long and apparently (but not actually) random key

The key sequence is generated by two key generating machines – one at either end of the communication channel

The machines must be initialised exactly the same so that they both generate the same sequence

The key sequence must appear random to an observer who doesn’t know the machine configuration

If not, the encryption is weak – if an attacker knows the plaintext for part of the message and can use this to obtain the corresponding part of the
key, they can use the non-randomness to reveal all of the key