Announcements: Assignment 2 finalized Questions? Today: Wrap up Hill ciphers

1. DTTF/NB479: Dszquphsbqiz Day 7 • Announcements: • Assignment 2 finalized • Questions? • Today: • Wrap up Hill ciphers • One-time pads and LFSR

2. Hill Ciphers • Lester Hill, 1929. Not used much, but first time linear algebra used in crypto • Use an n x n matrix M. Encrypt by breaking plaintext into blocks of length n (padding with x’s if needed) and multiplying each by M. • Example: Encrypt “hereissomeonetoencrypt” using M • her eis som eon eto enc ryp txx • (7, 4, 17) (4, 8, 18) … (19, 23, 23) • (2, 5, 25) (0, 2, 22) … (0, 22, 15) • cfz acw yga vns ave anc sdd awp • “CFZACWYGAVNSAVEANCSDDAWP”

3. Hill Cipher Demo • Encryption • Easy to do in Matlab. • (Otherwise, you’ll need to find/write a matrix library for language X.) • Decryption • Uses matrix inverse. • How do we determine if a matrix is invertible mod 26? • Does this cipher exhibit diffusion?

4. Next: one time pads • Back to Vigenere: if the codeword were really long, say 25% as long as the entire plaintext, how many characters would contribute to each dot product? ____ • What does this say about our ability to do a frequency analysis? • Now consider the extreme case, the one-time pad…

5. One-time pads • Represent the plaintext in binary, length n • Works for text (from ASCII), images, music, etc • The key is a random vector of length n • Ciphertext = plaintext XOR key • Do • message = 1000011, key = 1110010 • Cipher = ??? • ciphertext XOR key = ???

6. Unbreakable? • Yes, for ciphertext only… Ciphertext: EOFMCKSSDKIVPSSAD Could be: thephoneisringing meetmeinthegarage … I need the whole key to decrypt. • What’s the downside to using a one-time pad? Variation: Maurer, Rabin, Ding et al’s satellite method • If I’m willing to compromise some security…

7. Linear Feedback Shift Register (LFSR) Sequences Name comes from hardware implementation Generated bit stream Shift register b1 b2 b3 b4 … bm-1 bm To encrypt plaintext of length n, generate an n-bit sequence and XOR with the plaintext. Feedback function • Need initial conditions (bits in register) and a function to generate more terms. • Example: • x1 = 0, x2 = 1, x3 = 0, x4 = 0, x5 = 0; • xn+5 = xn + xn+2 (mod 2) • What does this remind you of in math?

8. Linear Feedback Shift Register (LFSR) Sequences • A recurrence relation! • Specify initial conditions and coefficients, for example: • x1 = 0, x2 = 1, x3 = 0, x4 = 0, x5 = 0; • xn+5 = xn + xn+2 (mod 2) • Another way to write is xn+5 = 1xn + 0xn+1 + 1xn+2 +0xn+3 + 0xn+4 (mod 2) • In general, • Generate some more terms • How long until it repeats? (the period of the sequence) • 10 bits generates ____ bits • Demo

9. Long periods • LFSR can generate sequences with long periods • Like Vigenere with long key: hard to decrypt! • Lots of “bang for the buck”! • But it depends on the key • Good example:xn+31=xn + xn+3 (mod 2) • How many bits do we need to represent this recurrence? • 62 bits • How long is the period? • Over 2 billion! Why? • There exist (231 – 1) 31-bit words • Why “-1”? • If it cycles through all of these, it’s maximal. Related to Mersenne primes • See http://www.ece.cmu.edu/~koopman/lfsr/index.html for a list of maximal-period generators • Can you devise a bad example (one with period << 2n-1)?

10. Linear Feedback Shift Register (LFSR) Sequences • Downside: very vulnerable to known plaintext attack. Why? • Discuss with a partner • If time, my example