Cryptanalysis of the Affine Ciphertextonly attack Bruteforce try
Cryptanalysis of the Affine Ciphertext-only attack: - Brute-force (try possible keys) - Frequency analysis Any other ideas ? Suppose we know two symbols and what they map to. Example: 0 3 7 10
Cryptanalysis of the Affine Cipher More challenging examples: 4 17 19 3 4 17 19 10
Cryptanalysis of the Affine Cipher Remarks: - For which attacks do we have two pairs of symbols and their maps ? - Can we use this idea for the ciphertext-only attack ? - What if we have only one pair of a symbol and its map ? - Read Section 3. 3 to learn more about congruences.
Some More Number Theory Recall that there are 12 elements a 2 Z 26 such that gcd(a, 26)=1. In general, for m>0, the number of elements of Zm that are relatively prime to m is denoted by Á(m) and it is usually referred to as the Euler phi function. Examples: Á(26) = Á(p) = if p is a prime
Some More Number Theory For non-prime numbers: Suppose m = ¦i=1, …, n pie where the pi’s are distinct primes and ei>0 for i 2{1, 2, …, n}. Then, Á(m) = ¦i=1, …, n (pie – pie -1) How many keys do we have for the affine cipher over Zm ?
Some More Number Theory Computing a-1 (mod m): - Option 1: brute-force - advantages / disadvantages ? - Option 2: ? ? ? First, some math analysis: For which a 2 Zm the inverse a-1 does not exist in Zm ?
Some More Number Theory Computing gcd(a, b):
Euclidean Algorithm Def Euclidean. Algorithm (a, b): r 0 = a, r 1 = b m=0 while rm+1 0: m++ qm = b rm-1/rm c rm+1 = rm-1 – qmrm return rm // a, b>0, integers
Extended Euclidean Algorithm Given integers a, b>0, it computes r, s, t such that: r = gcd(a, b) sa + tb = r How is it helpful for computation of a-1 ?
Extended Euclidean Algorithm Def Extended. Euclidean. Algorithm (a, b): // a, b>0, integers r 0 = a, r 1 = b, s 0 = 1, s 1 = 0, t 0 = 0, t 1 = 1 m=0 while rm+1 0: m++ qm = b rm-1/rm c rm+1 = rm-1 – qmrm tm+1 = tm-1 – qmtm sm+1 = sm-1 – qmsm return rm, sm, tm
Extended Euclidean Algorithm Remarks: - By induction on j we can show that for j 2{0, 1, …, m}: r j = s ja + tjb Hence, the algorithm is correct. - We can save space by using many fewer variables. - Running time ?
Solving ax ´ c (mod m) - useful for cryptanalysis of e. g. the affine cipher Possibilities: - if gcd(a, m)=1, then: - if gcd(a, m)=d>1 and d does not divide c, then: - if gcd(a, m)=d>1 and d divides c, then:
- Slides: 12