Applied Cryptography

Stream Ciphers

A mixture of a keystream with the plaintext or ciphertext

  • Random keystream (Vernam's one-time pad).

  • Pseudo-random keystream (produced by a generator using a finite key).

Reversible mixture function

  • e.g. bitwise XOR

  • C = P ^ ks, P = C ^ ks

Polyalphabetic cipher

  • Each keystream symbol defines an alphabet.

Keystream may be infinite but with a finite period.

  • The period depends on the generator.

Practical security issues.

  • Each keystream should be used only once!

    • Otherwise, the sum of cryptograms yields the sum of plaintexts.

      • C1 = P1 ^ Ks, C2 = P2 ^ Ks -> C1 ^ C2 = P1 ^ P2

  • Plaintext length should be smaller than the keystream period.

    • Total keystream exposure under know/chosen plaintext attacks.

    • Keystream cycles help the cryptanalysts know plaintext samples.

  • Integrity control is mandatory.

    • No diffusion! (only confusion).

    • Chiphertexts can easily be changed deterministically.

Lorenz (Tunny)

  • 12-Rotor stream cipher

    • Used by the German high command during WWII

    • Implements a stream cipher.

      • Each 5-bit character is mixed with 5 keystreams.

  • Operation

    • 5 regularly stepped (x) wheels.

    • 5 irregularly stepped (y) wheels.

      • All or no stepping

    • 2 motor wheels.

      • For stepping the y wheels.

    • The number of steps on all wheels is relatively prime.

Cryptanalysis of Tunny in Bletchley Parl

They didn't know Lorenz's internal structure.

  • They observed one only at the end of the war.

  • They knew about them because they could get 5-bit encrypted transmissions.

    • Using the 32-symbol Baudot code instead of Morse code.

The mistake (August 30, 1941)

A german operator had a long message (~4,000) to send.

  • He set up Lorenz and sent a 12-letter indicator (wheel setup) to the receiver.

  • After ~4,000 characters had been keyed, by hand, the receiver said "send it again".

The operator resets the machine to the same initial setup.

  • Same keystream! Absolutely forbidden!

The sender began to key in the message again (by hand).

  • But he typed a slightly different message!

C = M ^ Ks

C'= M' ^ Ks -> M' = C ^ C' ^ M -> text variations.

Know parts of the initial text M reveal the variations, M'.

Breakthrough

Messages began with SPRUCHNUMBER - "msg number"

  • The first time the operator typed S P R U C H N U M M E R.

  • The second time he typed S P R U C H N R

  • Thus, immediately following the N the two texts were different!

John Tiltman at Bletchley Park was able to fully decrypt both messages (called Depths) using an addictive combination of them.

  • The 2nd message was ~500 characters shorter than the first one.

  • Tiltman managed to discover the correct message for the 1st ciphertext.

They got for the 1st time in a long stretch of the Lorenz keystream.

  • They did not know how the machine did it, but they knew that this was what it was generating!

Colossus

The cipher structure was determined from the keystream.

  • But deciphering it required knowing the initial position of rotors.

Germans started using numbers for the initial wheels' state.

  • Bill Tutte invented the double-delta method for finding that state.

  • The Colossus was built to apply the double-data method.

Colossus

  • Design started in March 1943.

  • The 1,500-valve Colossus Mark 1 was operational in January 1944.

  • Colossus reduced the time to break Lorenz from weeks to hours.

PreviousRotor MachinesNextTypes

Last updated