 So check on the website. I'll post the answers after I mark them maybe on the weekend or early next week And I'll give you the answers to those the rest of those quiz questions Let's finish on this topic on classical ciphers. We have seen So you've seen some examples of very simple ciphers using first substitutions. We replace one character with another We saw the Caesar cipher mono-alphabetic Play fair vision air and finally the opt the the perfect cipher the one one-time pad perfect in terms of secrecy But not perfect in terms of practical usage keys are too large So Then we saw Then we saw Two examples of rearrangements of characters transposition ciphers the rail fence and the rose columns that we just did in the quiz Rotor of machines is just an example. It's an example of what was used in World War two And there's one example of one of the ciphers used that the armies used and it was eventually broken and that would play to an important part in In the war you can have a look in your own time. We're not going to go through how that works the road aside it's a it's It's a combination of multiple Vision air ciphers or Caesar ciphers The last one we're going to give an example of is steganography and this is not about encryption We're going to focus mainly on encryption, but this is something different and we won't talk about it in the rest of the course except here Steganography is about hiding messages Encrypting is about transforming a message Such that someone cannot find cannot get that message back even if they intercept here. We're about hiding One plain text message inside another message inside another plain text message Steganography We hide a real message Inside a fake message So we have two messages which make sense the idea here that is I I Want to communicate one message to a to the destination what I do is I take that message and somehow hide it Inside another message that makes sense But it's not important and send that other message With the idea of someone intercepts they see this other message They don't see it's encrypted. They see this boring message and they cannot find the real hidden message inside So that's the idea with steganography some examples Some old approaches You've got a document So a large document you send it to someone that document has some meaning You send it to someone But a selected letters in that are somehow marked Maybe with some invisible ink or with a print a pin prick in in the paper Such that the receiver can identify which of those selected letters are marked and from those selected message Letters they come together to form a secret message All right the old approaches nowadays with digital messages we for example when you have an image You can modify some bits in that image Say a JPEG image modify some bits Such that those bits form a secret message and Such that the image from the humans see from a human's perspective will not look any different Maybe some of the pixels differ But if you look at an image and just two or three pixels are different from the original one You will probably not notice so the idea is to take say a JPEG file an Image that you want to send to someone but modify some of the bits in that the binary form Such that those bits form a secret message send that modified JPEG to the receiver It simply looks like a normal picture But the receiver knows to look for selected bits inside that JPEG image to work out what the real message is similar can be done with video with images and video mainly because With a photo or a video Small changes are not perceptible to a human same with a video You're watching a video if some of the pixels are the wrong color They're not black, but they're gray just some of the pixels you probably won't notice I don't display for a fraction of a second They will not notice, but if you process that you may be able to get some text message out of that information That's the idea at least the the reason or one of the Important advantages of using steganography. It doesn't look like you're hiding anything and Therefore someone who's intercepting the message May not worry about your communications Okay, if you can send an image to someone Someone intercepts that image and sees a nice image of a flag or a boat or a flower They don't think it's a secret message so they don't care But in fact that image contains some secret message As opposed to using encryption Okay, you encrypt a message and send it to someone someone who intercepts sees the ciphertext They may not be able to get the message from decrypting But they at least know that you're communicating something secret if we use encryption The attacker knows that you're trying to hide something With steganography the attacker doesn't necessarily know you're trying to hide something that can be beneficial In some cases The problem is once the attacker knows the method that you're hiding that the real message They can easily find The hidden message everything's lost Can be an inefficient What is inefficient because to send say a short text message we may have to transmit a large picture so to get 10 bytes or a hundred bytes of Secret to one person we may have to send a hundred kilobytes of an image to the person so it's inefficient communications an example Here's an example Try and work out the message What's the secret in this one? Say you intercepted an email That contained this text All right, it doesn't look encrypted. There's no encryption here It looks like a normal email a message from one one professor to someone else What's the secret message here? Look at capital letters Doesn't make sense. So that may be one approach use the capital letters to make a secret message doesn't work Something else Can anyone pick it up again? Someone told you the answer Okay, your package ready Friday 21st room 3, please destroy this immediately Look at the last last word of each sentence of each line in fact Your package ready Friday 21st room 3, please destroy this immediately Maybe chaos. Okay, so here we have one secret message hidden inside of one Real message fake. Sorry fake message. So no one would know unless they know these the scheme then Of course now that we know how it's hidden. It's easy to find the secret. That's the problem So steganography hide some message Insider another fake message or a message that also makes sense With the aim of hiding that you're communicating something secret if you encrypt People know that you're communicating something secret. Let's Let's move on to the next topic. Maybe after the break. I'll show you another example of steganography with an image Let's not do it yet because I don't have it ready So now we want to move on to real ciphers What we've covered so far is just very simple ciphers. You cannot use them in practice. They're insecure So we're going to move on to real ciphers and going through one example of a real cipher desk the data encryption standard But first before we get into desk We're going to try and demonstrate some concepts of what is a block cipher and some of the ways to design a block cipher So look at the principles of block ciphers in fact When we want to encrypt data there we classify two types of ciphers stream ciphers and block ciphers and They differ based upon how much How much input we process at a time we encrypt at a time normally we went where we want to encrypt a message the message is long Say a megabyte we want to encrypt a file then What we do is we do not encrypt it all at once we break it into parts and encrypt each part at a time into blocks normally or We take the sequence of bits and encrypt them one bit at a time or maybe even one byte at a time so that we operate on a large input message the way that we operate it is is Categorize as either a stream cipher or a block cipher a Stream cipher we take a stream of bits or bytes so one bit at a time or possibly one byte at a time and encrypt that so let's say I have a I Want to encrypt my voice when I'm talking on the phone so with a phone say Skype or some voice over IP application what I want to do is I talk and Some bits are generated to represent my voice as I talk bits are generated and then sent across the internet Well before I send them I want to encrypt those bits which represent my voice So a stream cipher may be applicable here because as I generate as I talk my computer generates bits and Then encrypts them either one bit at a time or one byte at a time and sends it and When I'm talking voice over IP it's important for the implementation to be fast That is that there's very little delay between when I talk and when the other person receives it So by encrypting one bit at a time as it's generated or one byte at a time our Encryption can be done in real time That is as the data is generated encrypt We will see the other approach block cipher Usually the encryption operates on a larger set of bits a block of 64 128 bits and Therefore it's slower as we generate the data We must wait for 64 bits to be generated before we can encrypt So stream cipher we take a bit or a byte at a time and encrypt it the general approach is that we use Some algorithm to generate a random stream of bits a random sequence of bits It's called here a cryptographic bit stream and as we have our input our plain text. We do it X or an exclusive or So we're operating on bits now if you X X or the bits will So X or some random sequence with our plain text. We'll get a random-looking cipher text send that cipher text To decrypt we do the X or operation again using the same random sequence and we'll get the plain text back The important point here is an X or implementation is usually very fast in hardware or software To X or exclusive or one sequence of bits or a bite against another bite is very fast operation So stream ciphers normally can be implemented Such that they're very fast To encrypt a piece of data doesn't take long We're going to come back and we'll see examples of string or one example of a stream cipher in a later topic We'll just introduce the general concept here a block cipher what we do is we take our a block of our plain text a typical size of 64 bits or 128 bits So I have a one megabyte file. I divide into blocks and I encrypt a block at a time So I take a block of plain text some input key an Encryption algorithm and I get a block of cipher texts the same size as the plain text as an output And I do that for the next block of plain text and so on The difference here is that the encryption algorithm usually to provide security Takes significant time compared to performing an X or an exclusive or so It can be slower and that's important when we have for example real-time applications that it's not so Efficient to use a block cipher compared to a stream cipher stream ciphers normally for Real-time applications or as data is generated. We want to encrypt straight away block ciphers for example encrypting a file The time to encrypt a file not so important. We don't need to do it in real-time so encrypting a file or an image or is Normally the domain of a block cipher stream cipher as we generate the data. We want to encrypt straight away We're going to focus on block ciphers in this topic and most of the other topics so the assumption we have is that we're going to have a piece of plain text of B bits in length we're going to apply some encryption algorithm and get B bits of ciphertext as output And we're going to use a key To provide security in this case Let's use an example to illustrate some concepts of block cipher and the concepts are listed on this slide What example do we have? Let's take a simple Example and I'll see if I can make notes so you can copy it on the screen Consider the mono-alphabetic cipher the mono-alphabetic cipher remember we take We take we have our letters from A to Z the letter a maps to one of the other or one of the 26 letters The letter B maps to one of the 25 remaining letters C to one of the 24 remaining letters and so on and then to encrypt we take our word for example Hello and just look up the mapping and we get our ciphertext Let's consider a mono-alphabetic cipher, but let's say we have instead of a through to Z for a simple example Let's say we have a through to C three letters very simple How many mappings do we have? How many if we have a mono-alphabetic cipher with three letters? How many mappings do we have for the? To ciphertext three factorial Which is? Six so we have six possible mappings. What are they write them down? Write them down Write down the mappings from ABC. I'll do it shortly, but you can do it first Take you one minute Write down the mappings if we use a mono-alphabetic cipher with just three letters ABC to any combination Record them see if I can get this to work and someone told me you need six So I'm I'm gonna have six and I've given you the first one Let's see what that So the first mapping is We map a to a B to B C to C. Okay? That's the first mapping another mapping is we have a different arrangement Let's say for example a to B B to a and to C and We just keep trying all the different mappings that we have available. So what have we got a to B? B to C C to a and What's another one? a to a B to C a to C a B Cba And that's all we have we have six possible mappings. Okay, so that's the in this case how many it's Because we have three letters. It's three factorial So six possible mappings What's the key in this cipher? Well, how many keys do we have? How many possible keys? Six a key tells us how we map from one to another So we have six possible keys What's the key in the first case? Well, how could we write down the key? in that first mapping The key we could write down as the sequence of letters in the the ciphertext that is This is the key in the first case This is a key For example, the key in the first case is simply a BC and Then the second case is B a C and the third third one is BC a and so on so in this case we have six keys and Each key is three letters in length Any questions on that? So all I've done is I've written down the six possible mappings or Transformations from plain text on the left to ciphertext on the right. So when I have the I want to encrypt the letter The two letters a B Then I need to know the key if the key is B a C this one if the key is B a C and the plain text is a B Then what's the ciphertext? B a that is using this key if this plain text is a B then a becomes a becomes B and B becomes a in this case so plain text is a B ciphertext is B a in this mapping so That's one way we can specify the key in this case we have six keys and Each key is three characters in length Now let's do the same thing, but let's do it with a binary input instead of letters, let's deal with let's deal with Binary and from now on most things will do is in binary Let me see if I can fix this Maybe I can work out my computer Let's try again, but let's say we have instead of three letters a b and c we have a four-bit number So the input is a four-bit number Do the same thing We write them all down so four bit number we start with if I can write Work this out slowly. I've lost it. You can list them all. I won't do them all take too long how many do we have 16 possible values and Net so our input is a four-bit number Then we can write down all the possible transformations or mappings so one possible mapping is that For example, the simplest one is that four zeros maps to four zeros and so on That's one mapping and another mapping is if for example four zeros maps to Something different So the first column in this picture is the plain text. The second column is one case of cipher text And the third column is a second case of cipher text a different mapping So the first one is that all right the input plain text becomes the same on that the cipher text The second one is we take this as plain text. This is what we get a cipher text How many possible mappings do we have? 16 factorial okay, because there are 16 input values There are 16 different arrange so there are 16 factorial Arrangements or permutations of those 16 values and the same before we had three input values a b and c The number of arrangements we can have is three factorial now We have 16 input values zero through to 15 or in binary as shown there So we have 16 factorial possible arrangements How big is our key? So we have 16 factorial arrangements or in other words keys How big is the key 16 watt remember in the the letters We had six keys a Key was specified by the arrangement of the cipher text for example in the first case The red one was a b and c and the second case. It was b a c. We had a three letter key Now how long is the key in this case? 64 bits it is this sequence of bits here this column and If you count it's 4 by 16 The key length is 64 bits in this case That's the key length and the number of keys is 16 factorial. So by moving to a binary plain text in this case we've got a 64 bit key and 64 bit in length key and 16 factorial possible keys in general With an n bit Block so this is our block of text here. We have a four bit block with an n bit block the number of keys is 2 to the power of n factorial Here we have a four bit block. It's 2 to the power of 4 factorial is the number of keys So n bit 2 to the power of n factorial and The key length if we encrypt like this is what n Multiplied by 2 to the power of n in this case. It's 4 1 2 3 4 multiplied by 16 and Multiplied by 2 to the power of n is the key length So that's one way we can implement a block cipher. We map From every possible input plain text to any arrangement in the cipher text in the slides, there's a an example an Example of one possible mapping here. So I'm on the picture. I tried to draw two possible mappings Here's a third one. Here's the all 16 values and Here's one arrangement of the cipher text They're of course 2 to the power of 4 is 16 factorial possible combinations like this one, but different This is just one example Ignore the second table for now One way we can describe such a cipher what we do to encrypt If I have input text for example 10000 I Have some input one zero zero zero. I look it up here one zero zero zero and Find the corresponding cipher text zero zero one one and that's the output very simple It's just a look up of this table That is described in a different form in it As a picture in here where we take our four-bit input Our four bits of plain text That maps to one of here one of 16 possible values Zero to the 15 in decimal in binary. It's zero zero zero zero through to one one one one to simplify this diagram shown as in decimal from zero to six to fifteen and So the input then maps to some output In our example What do we have? For example the input what do we have one zero zero zero which is eight Maps to zero zero one one which is three and I think let's hope it's true in this case Eight if the input is eight in decimal then the output is three in binary. That's all There's nothing although it looks complex there. It's just a direct mapping from one input to one output That's a way to implement a block cipher So and what we'll call is the ideal block cipher we take our input plain text a sequence of n bits and We have some mapping that tells us the the arrangement of those Two to the power of n possible inputs to the two to the power of n possible outputs and the key tells us The arrangement so this arrangement is Caused by one key a different key would see a different arrangement here And we know the number of keys that we have So we can flick through Between the picture and different slides. Let's record what we know so far With an n-bit block of plain text We've got two to the power of n factorial keys which are possible It's what we've calculated with the n-bit in our case when we have a four-bit block We had 16 factorial possible keys possible transformations the key length was n times two to the power of n That's the key length n by two to the power of n-bit key and of course We get an n-bit block of ciphertext as the output So just provide a mapping from one of the possible inputs to one of the other possible ciphertext outputs This is one way to implement a block cipher The problem with it is that there's some it's very inefficient in terms of length of the key That's why we're trying to illustrate through example the length of the key will see it doesn't work so well So it's described here. I think an ideal block cipher We take an n-bit input It maps to two to the power of n possible input states That's like here n-bit input maps to two to the power of n in this case 16 possible inputs and Then we do a substitution We replace one input Or we replace the input with one of the other values We substitute Which is what we're doing here. We replace one zero zero zero with zero zero one one That's the substitution operation and we get an output of n-bit ciphertext It looks complex on some of these slides and maybe the the general description is complex, but it's Conceptually much quite easy. We just take our input and choose one of the possible outputs the key tells us which possible output This is what's called an ideal block cipher. It allows the maximum number of possible encryption mappings So we've got all possible keys All possible combinations We cannot do any better We would we can possibly in Implement a cipher using this approach, but there are two practical problems And it's to do with the block size If we have a small block size We'll see and I'll show with some example or an example that It's very easy to break using the the statistical characteristics of the input. I'll come back to that one with explain why the other approach that so Assuming we cannot have a small block size Have a large block size make n large But the problem with it large block size is the key must be very large Let's easily demonstrate that Let's for example set the key to be At the block To say 64 bits and is 64 How big is our key if we if n is 64 so the block we encrypt 64 bits at a time the block size is 64 Which is large? in the context of the ciphers how big is the key is 64 multiplied by 2 to the power of 64 Anyone got a calculator can calculate that so the key length and remember the key Okay Something by 10 to the power of 21 About 10 to the power of 21 That's the key length bits, which is about Convert the bytes There's about 150 million Terabytes that's the size of our key Remember with the key. What do we use it for the person who wants to encrypt encrypts with that key gets the ciphertext and sends the ciphertext to the other side We assume that somehow Prior to that I delivered the key that I chose to the other person So the way to deliver this key is to take a hundred and fifty million hard drives and pass them to the other person It's not possible. The key length is too large here That's the the case of if we if we have a large block size 64 is large enough The key is too big and we cannot exchange the key with anyone so it's very impractical from that perspective What about if we have therefore let's make n smaller a smaller box size if n is smaller than Our key is going to be much smaller In our example how big was it? 4 bits and our key was 64 bits so Let's try that. What's the disadvantage of that approach? Record what we had Now we're going with time So n was for The block size was 4 bits like we had in our example then the key length is 64 bits that's fine. I encrypt something and Somehow I passed you a 64 bit key I write down eight bytes and give them to you on a piece of paper or in some other secure mechanism That's easy to distribute the 64 bit key But what's the problem the problem is that? We can when we have a long plain text We will get many repetitions of each block and Therefore will have repetitions in the output ciphertext And when you have repetitions in the output ciphertext Then an attacker can use that to look at the statistical characteristics of the input Match them to what they see in the output ciphertext and then try and work out okay Which ciphertext maps to which plain text the same way that we? Can break the the mono alphabetic cipher We know that for example there are 12 percent ease the letter e in English So in the plain text there should be 12 percent ease So if they're 12 percent of the letter g in the ciphertext that suggests G in the ciphertext maps to e in the plain text similar here Let's give an example we have our four bits of input plain text and Let's say the letter e is Our message is in English, but we map it using ASCII to To binary the letter e is I I've looked it up is 101, which is if we represent as a 8-bit number 0 1 1 0 0 1 0 1 So every time we have a letter e Let's say we have a long message. We want to encrypt a long document 1 megabyte many ease in there We expect 12 12 percent of the letters will be e Then what we do is we take the ASCII representation. I've made a 8-bit Value to make it easy and we encrypt that But our block size is four bits. So what we do is we encrypt This four bits and then we get some ciphertext and then we encrypt these four bits and we get some ciphertext What would we get if we used our cipher? Let's look it up Using for example this mapping we get if we encrypt 0 1 1 0 0 1 1 0 is the first four bits we get 1 0 1 1 if we encrypt 0 If we encrypt the the plain text 0 1 1 0 we get 1 0 1 1 and then We encrypt 0 1 0 1 0 1 0 1 gives us from this mapping 1 1 1 1 So every time we have the letter e in our input plain text We're going to get these four bits on input and we'll get these four bits on output Because we have many ease in the input plain text about 12 percent of the letters will be the letter e then 12 percent of the output ciphertext will be this sequence of 8 bits So we'll be able to recognize that repetition and that makes it easier for an attacker to work out that the mapping From 0 1 1 1 most likely maps or the mapping of 1 0 1 1 1 1 1 Most likely maps to this input plain text because we would see this sequence of 8 bits Approximately 12 percent of the time in the ciphertext and Therefore we'd make the guess that these 8 bits correspond to these 8 bits of plain text So with a small block we'll get many repetitions And then we can take advantage of the statistical repetition or the city statistical characteristics If we increase the block size to be say 64 bits then the letter e is These 8 bits but with 64 bits We have another 56 bits along at the end and we encrypt all 64 bits at once and Get some ciphertexts as output. So in fact with 64 bits. We have eight different letters So every time we have a combination of eight letters in the same we'll get the same output ciphertext But it's very unlikely That you're going to have Many repetitions of the eight same letters in a row So it's much more unlikely that you'll see structure in the output if you use a larger block So the end point is use a large block user use a large block to Avoid repetitions in the output and it makes it harder for the attacker to do statistical analysis But use a small block to get the key length small Well, neither of them work in practice if we want a small key length Will be insecure But if we have to have a large block to be secure will get a large key length That's why this approach is not used in practice It's the ideal block cipher, but it's not very practical One more thing that we missed here. So that's the problems with the ideal block cipher before we finish for a break Another thing that is required for our block ciphers is that our mappings must be reversible a Reversible mapper mapping from plain text to cipher text is One such that when you have the cipher text you can uniquely get the the same plain text back This is reversible in that if I encrypt 0 1 I'll get 1 0 and When I have the cipher text 1 0 to decrypt I will get 0 1 again 100 percent This is irreversible I Encrypt 1 0 I Get 0 1 a cipher text. I decrypt Cipher text 0 1. What's the plain text? Either of these two we don't know you see that's irreversible We must have a one-to-one mapping between plain text and cipher text. That's the a key requirement of our ciphers If we don't then we cannot decrypt correctly because I don't know which plain text is the real one So we need a reversible mapping or a one-to-one mapping between plain text and cipher text So an ideal block cipher we've gone through the basic structure of it, but the problem is The block size small block size Insecure because we can do frequency analysis large block size key is too big impractical So what do we do a guy named Feistel come up with a different approach which is common in many ciphers What it does instead of having this this direct mapping it takes much smaller simpler ciphers smaller block cipher block sizes But it Applies them in sequence. So it doesn't just do one transformation. It does one and then another and another Such that the result is Secure we say cryptographically strong And in fact what it does is it alternates substitutions with transpositions We went through transposition and substitution ciphers in the classical ciphers the Feistel structure just uses those same concepts and it does a substitution and Then rearranges and then it does it again Substitution rearrange and it does it what in what's called rounds one round after another on different phases such that the result is Secure that is it's not subject to a frequency analysis attacks and the key length is small and In fact, we have an n-bit block and a k-bit key As opposed to an n-bit block and an n times n Two to the power of n-bit key with the Feistel structure. We just have a k-bit key usually 64 bits or larger and applies concepts of diffusion and confusion and I suspect Confusion is where most of you are at so let's stop there and after the break what we'll do is Describe the Feistel structure what these concepts are and look at a real example implementation