COMPUTER SECURITY AND CRYPTOGRAPHY ALAN G. KONHEIM

Transcription

1

2 COMPUTER SECURITY AND CRYPTOGRAPHY ALAN G. KONHEIM

3

4 COMPUTER SECURITY AND CRYPTOGRAPHY

5

6 COMPUTER SECURITY AND CRYPTOGRAPHY ALAN G. KONHEIM

7 About the Cover: The term cipher alphabet is used when referring to a monoalphabetic substitution. When text is written using the letters A, B,...,Z, a cipher alphabet is a permutation or rearrangement of the 26 letters. In the fifteenth century, cryptography became more sophisticated and cryptographers proposed using multiple cipher alphabets, a process referred to as polyalphabetic substitution. Blaise de Vigenère s book A Treatise on Secret Writing published in the sixteenth century contains the basic Vigenère tableux, specifying the ciphertext in polyalphabetic substitution. Rotor machines introduced in the 20th-century provided mechanical means for implementing and speeding up polyalphabetic substitution. The cover is a modified set of 17 cipher alphabets; the black background color is symbolic of the U.S. State Department s Black Chamber in which American cryptanalysis originated in the early part of the 20th-century. It is technically defective in several aspects (i) fewer than 26 letters in each row are displayed and (ii) repeated letters occur in the rows containing the word CRYPTOGRAPHY and my name. Nevertheless, the cover hopefully projects the message to read Computer Security and Cryptography. Copyright # 2007 by John Wiley & Sons, Inc. All rights reserved Published by John Wiley & Sons, Inc., Hoboken, New Jersey Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) , fax (978) , or on the web at Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) , fax (201) , or online at Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) , outside the United States at (317) or fax (317) Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at Library of Congress Cataloging-in-Publication Data: Konheim, Alan G., 1934 Computer security & cryptography / by Alan G. Konheim. p. cm. Includes bibliographical references and index. ISBN-13: ISBN-10: Computer security. 2. Cryptography. I. Title. QA76.9.A25K dc Printed in the United States of America

8 CONTENTS FOREWORD PREFACE ABOUT THE AUTHOR CHAPTER 1 APERITIFS ix xi xvii 1.1 The Lexicon of Cryptography Cryptographic Systems Cryptanalysis Side Information Thomas Jefferson and the M Cryptography and History Cryptography and Computers The National Security Agency The Giants No Sex, Money, Crime or... Love An Example of the Inference Process in Cryptanalysis Warning! 15 CHAPTER 2 COLUMNAR TRANSPOSITION 2.1 Shannon s Classification of Secrecy Transformations The Rules of Columnar Transposition Encipherment Cribbing Examples of Cribbing Plaintext Language Models Counting k-grams Deriving the Parameters of a Markov Model from Sliding Window Counts Markov Scoring The ADFGVX Transposition System CODA Columnar Transposition Problems 50 CHAPTER 3 MONOALPHABETIC SUBSTITUTION 3.1 Monoalphabetic Substitution Caesar s Cipher Cribbing Using Isomorphs The x 2 -Test of a Hypothesis Pruning from the Table of Isomorphs Partial Maximum Likelihood Estimation of a Monoalphabetic Substitution The Hidden Markov Model (HMM) Hill Encipherment of ASCII N-Grams Gaussian Elimination Monoalphabetic Substitution Problems 111 CHAPTER 4 POLYALPHABETIC SUBSTITUTION 4.1 Running Keys Blaise de Vigenère Gilbert S. Vernam The One-Time Pad Finding the Key of Vernam Vigenère Ciphertext with Known Period by Correlation Coincidence Venona Polyalphabetic Substitution Problems 132 CHAPTER 5 STATISTICAL TESTS 5.1 Weaknesses in a Cryptosystem The Kolmogorov Smirnov Test NIST s Proposed Statistical Tests Diagnosis Statistical Tests Problems 143 CHAPTER 6 THE EMERGENCE OF CIPHER MACHINES 6.1 The Rotor Rotor Systems Rotor Patents A Characteristic Property of Conjugacy Analysis of a 1-Rotor System: Ciphertext Only The Displacement Sequence of a Permutation Arthur Scherbius 160 v

9 vi CONTENTS 6.8 Enigma Key Distribution Protocol Cryptanalysis of the Enigma Cribbing Enigma Ciphertext The Lorenz Schlüsselzusatz The SZ40 Pin Wheels SZ40 Cryptanalysis Problems Cribbing SZ40 Ciphertext 176 CHAPTER 7 THE JAPANESE CIPHER MACHINES 7.1 Japanese Signaling Conventions Half-Rotors Components of the RED Machine Cribbing RED Ciphertext Generalized Vowels and Consonants Climb Mount Itaka War! Components of the PURPLE Machine The PURPLE Keys Cribbing PURPLE: Finding the V-Stepper Cribbing PURPLE: Finding the C-Steppers 238 CHAPTER 8 STREAM CIPHERS 8.1 Stream Ciphers Feedback Shift Registers The Algebra of Polynomials over Z The Characteristic Polynomial of a Linear Feedback Shift Register Properties of Maximal Length LFSR Sequences Linear Equivalence Combining Multiple Linear Feedback Shift Registers Matrix Representation of the LFSR Cribbing of Stream Enciphered ASCII Plaintext Nonlinear Feedback Shift Registers Nonlinear Key Stream Generation Irregular Clocking RC Stream Encipherment Problems 281 CHAPTER 9 BLOCK-CIPHERS: LUCIFER, DES, AND AES 9.1 LUCIFER DES The DES S-Boxes, P-Box, and Initial Permutation (IP) DES Key Schedule Sample DES Encipherment Chaining Is DES a Random Mapping? DES in the Output-Feedback Mode (OFB) Cryptanalysis of DES Differential Cryptanalysis The EFS DES-Cracker What Now? The Future Advanced Data Encryption Standard And the Winner Is! The Rijndael Operations The Rijndael Cipher Rijndael s Strength: Propagation of Patterns When is a Product Block-Cipher Secure? Generating the Symmetric Group A Class of Block Ciphers The IDEA Block Cipher 332 CHAPTER 10 THE PARADIGM OF PUBLIC KEY CRYPTOGRAPHY 10.1 In the Beginning Key Distribution E-Commerce Public-Key Cryptosystems: Easy and Hard Computational Problems Do PKCS Solve the Problem of Key Distribution? P.S. 342 CHAPTER 11 THE KNAPSACK CRYPTOSYSTEM 11.1 Subset Sum and Knapsack Problems Modular Arithmetic and the Euclidean Algorithm A Modular Arithmetic Knapsack Problem Trap-Door Knapsacks Knapsack Encipherment and Decipherment of ASCII-Plaintext Cryptanalysis of the Merkle Hellman Knapsack System (Modular Mapping) Diophantine Approximation Short Vectors in a Lattice Knapsack-Like Cryptosystems Knapsack Cryptosystem Problems 371 CHAPTER 12 THE RSA CRYPTOSYSTEM 12.1 A Short Number-Theoretic Digression RSA The RSA Encipherment and Decipherment of ASCII-Plaintext 379

10 CONTENTS vii 12.4 Attack on RSA Williams Variation of RSA Multiprecision Modular Arithmetic The Elliptic Curve Digital Signature Algorithm The Certicom Challenge NSA and Elliptic Curve Cryptography 445 CHAPTER 13 PRIME NUMBERS AND FACTORIZATION CHAPTER 16 KEY EXCHANGE IN A NETWORK 13.1 Number Theory and Cryptography Prime Numbers and the Sieve of Eratosthenes Pollard s p 2 1 Method Pollard s r-algorithm Quadratic Residues Random Factorization The Quadratic Sieve (QS) Testing if an Integer is a Prime The RSA Challenge Perfect Numbers and the Mersenne Primes Multiprecision Arithmetic Prime Number Testing and Factorization Problems 410 CHAPTER 14 THE DISCRETE LOGARITHM PROBLEM 14.1 The Discrete Logarithm Problem Modulo p Solution of the DLP Modulo p Given a Factorization of p Adelman s Subexponential Algorithm for the Discrete Logarithm Problem The Baby-Step, Giant-Step Algorithm The Index-Calculus Method Pollard s r-algorithm Extension Fields The Current State of Discrete Logarithm Research Key Distribution in a Network U.S. Patent Spoofing El Gamal s Extension of Diffie Hellman Shamir s Autonomous Key Exchange X9.17 Key Exchange Architecture The Needham Schroeder Key Distribution Protocol 456 CHAPTER 17 DIGITAL SIGNATURES AND AUTHENTICATION 17.1 The Need for Signatures Threats to Network Transactions Secrecy, Digital Signatures, and Authentication The Desiderata of a Digital Signature Public-Key Cryptography and Signature Systems Rabin s Quadratic Residue Signature Protocol Hash Functions MD The Secure Hash Algorithm NIST s Digital Signature Algorithm El Gamal s Signature Protocol The Fiat Shamir Identification and Signature Schema The Oblivious Transfer 478 CHAPTER 15 ELLIPTIC CURVE CRYPTOGRAPHY 15.1 Elliptic Curves The Elliptic Group over the Reals Lenstra s Factorization Algorithm The Elliptic Group over Z p ( p. 3) Elliptic Groups over the Field Z m, Computations in the Elliptic Group E Zm,2 (a, b) Supersingular Elliptic Curves Diffie Hellman Key Exchange Using an Elliptic Curve The Menezes Vanstone Elliptic Curve Cryptosystem 443 CHAPTER 18 APPLICATIONS OF CRYPTOGRAPHY 18.1 UNIX Password Encipherment Magnetic Stripe Technology Protecting ATM Transactions Keyed-Access Cards Smart Cards Who Can You Trust?: Kohnfelder s Certificates X.509 Certificates The Secure Socket Layer (SSL) Making a Secure Credit Card Payment on the Web 502