Читать онлайн книгу - Information Security. Mark Stamp. Зарубежная компьютерная литература. LiveLib

Новинки Лучшее Рекомендации

Информация о книге:

Название:

Автор:

Жанр:

Серия:

Издательство:

Скачать книгу

before the ciphertext can be decrypted. If we can securely transmit the pad, why not simply transmit the plaintext by the same means and do away with the encryption?

Below, we'll see an historical example, where it actually did make sense to use a one‐time pad—in spite of its limitations. However, for modern high data‐rate systems, a one‐time pad cipher would generally be impractical.

Why is it that the one‐time pad can only be used once? Suppose we have two plaintext messages and , and we encrypted these as as and , that is, we have two messages encrypted with the same “one‐time″ pad . In the cryptanalysis business, this is known as a depth. From these two one‐time pad ciphertexts in depth, we can compute

upper C 1 circled-plus upper C 2 equals upper P 1 circled-plus upper K circled-plus upper P 2 circled-plus upper K equals upper P 1 circled-plus upper P 2

and we see that the key has disappeared from the problem. In this case, the ciphertext does yield some information about the underlying plaintext. Another way to see this is to consider an exhaustive key search. If the pad is only used once, then the attacker has no way to know whether the guessed key is correct or not. But if two messages are in depth, for the correct key, both putative plaintexts must make sense. This provides the attacker with a means to distinguish the correct key from incorrect guesses. The problem only gets worse (or better, from a cryptanalyst's perspective) the more times the key is reused.

Let's consider an example of one‐time pad encryptions that are in depth. Using the same bit encoding as in Table 2.1, suppose we have

upper P 1 equals like equals left-parenthesis 100 010 011 000 right-parenthesis and upper P 2 equals kite equals left-parenthesis 011 010 111 000 right-parenthesis comma

and both are encrypted with the same key . Then

StartLayout 1st Row 1st Column Blank 2nd Column monospace l 3rd Column monospace i 4th Column monospace k 5th Column monospace e 2nd Row 1st Column upper P 1 2nd Column 100 3rd Column 010 4th Column 011 5th Column 000 3rd Row 1st Column upper K 2nd Column 110 3rd Column 011 4th Column 101 5th Column 111 4th Row 1st Column upper C 1 2nd Column 010 3rd Column 001 4th Column 110 5th Column 111 5th Row 1st Column Blank 2nd Column monospace i 3rd Column monospace h 4th Column monospace s 5th Column monospace t EndLayout

and

StartLayout 1st Row 1st Column Blank 2nd Column monospace k 3rd Column monospace i 4th Column monospace t 5th Column monospace e 2nd Row 1st Column upper P 2 2nd Column 011 3rd Column 010 4th Column 111 5th Column 000 3rd Row 1st Column upper K 2nd Column 110 3rd Column 011 4th Column 101 5th Column 111 4th Row 1st Column upper C 2 2nd Column 101 3rd Column 001 4th Column 010 5th Column 111 5th Row 1st Column Blank 2nd Column monospace r 3rd Column monospace h 4th Column monospace i 5th Column monospace t EndLayout

If Trudy the cryptanalyst knows that the messages are in depth, she immediately sees that the second and fourth letters of upper P 1 and upper P 2 are the same, since the corresponding ciphertext letters are identical. But far more devastating is the fact that Trudy can now guess a putative message and check her results using . Suppose that Trudy, who only knows upper C 1 and upper C 2 , suspects that upper P 1 equals kill equals left-parenthesis 011 010 100 100 right-parenthesis . Then she can find the corresponding putative key

StartLayout 1st Row 1st Column Blank 2nd Column monospace k 3rd Column monospace i 4th Column monospace l 5th Column monospace l 2nd Row 1st Column putative upper P 1 2nd Column 011 3rd Column 010 4th Column 100 5th Column 100 3rd Row 1st Column upper C 1 2nd Column 010 3rd Column 001 4th Column 110 5th Column 111 4th Row 1st Column putative upper C 1 2nd Column 001 3rd Column 021 4th Column 010 5th Column 011 EndLayout

and she can then use this upper K to “decrypt″ upper C 2 and obtain

StartLayout 1st Row 1st Column upper C 2 2nd Column 101 3rd Column 001 4th Column 010 5th Column 111 2nd Row 1st Column putative upper K 2nd Column 001 3rd Column 011 4th Column 010 5th Column 011 3rd Row 1st Column putative upper P 2 2nd Column 100 3rd Column 010 4th Column 000 5th Column 100 4th Row 1st Column Blank 2nd Column monospace l 3rd Column monospace i 4th Column monospace e 5th Column monospace l EndLayout

Since this upper K does not yield a sensible decryption for upper P 2 , Trudy can safely assume that her guess for upper P 1 was incorrect. When Trudy eventually guesses that upper P 1 equals like she will obtain the correct key upper K and decrypt to also find that upper P 2 equals kite , thereby confirming the correctness of the key and, consequently, the correctness of both decryptions.

2.3.6 Codebook Cipher

A classic codebook cipher is, literally, a dictionary‐like book containing (plaintext) words and their corresponding (ciphertext) codewords. To encrypt a word, the cipher clerk would simply look it up in the codebook and replace it with the corresponding codeword. Decryption, using the inverse codebook, is equally straightforward. Below, we briefly discuss the Zimmermann Telegram, which is surely the most infamous use of a codebook cipher in history.

The security of a classic codebook cipher depends primarily on the physical security of the book itself. That is, the book must be protected from capture by the enemy. In addition, statistical attacks analogous to those used to break a simple substitution cipher apply to codebooks, although the amount of data required is much larger. The reason that a statistical attack on a codebook is more difficult is due to the fact that the size

Скачать книгу

Information Security. Mark Stamp

Чтение книги онлайн.

Читать онлайн книгу Information Security - Mark Stamp страница 20

Информация о книге:

2.3.6 Codebook Cipher