Table Of ContentCOMPUTER SECURITY
AND CRYPTOGRAPHY
ALAN G. KONHEIM
COMPUTER SECURITY
AND CRYPTOGRAPHY
COMPUTER SECURITY
AND CRYPTOGRAPHY
ALAN G. KONHEIM
AbouttheCover:Thetermcipheralphabetisusedwhenreferringtoamonoalphabeticsubstitution.Whentext
iswrittenusingthelettersA, B,...,Z,acipheralphabetisapermutationorrearrangementofthe26letters.
Inthefifteenthcentury,cryptographybecamemoresophisticatedandcryptographersproposedusingmultiple
cipheralphabets,aprocessreferredtoaspolyalphabeticsubstitution.BlaisedeVigene`re’sbookATreatiseon
SecretWritingpublishedinthesixteenthcenturycontainsthebasicVigene`retableux,specifyingtheciphertext
inpolyalphabeticsubstitution.Rotormachinesintroducedinthe20th-centuryprovidedmechanicalmeansfor
implementingandspeedinguppolyalphabeticsubstitution.
Thecoverisamodifiedsetof17cipheralphabets;theblackbackgroundcolorissymbolicoftheU.S.State
Department’sBlackChamberinwhichAmericancryptanalysisoriginatedintheearlypartofthe20th-century.
Itistechnicallydefectiveinseveralaspects(i)fewerthan26lettersineachrowaredisplayedand(ii)repeated
lettersoccurintherowscontainingthewordCRYPTOGRAPHYandmyname.
Nevertheless,thecoverhopefullyprojectsthemessagetoreadComputerSecurityandCryptography.
Copyright#2007byJohnWiley&Sons,Inc.Allrightsreserved
PublishedbyJohnWiley&Sons,Inc.,Hoboken,NewJersey
PublishedsimultaneouslyinCanada
Nopartofthispublicationmaybereproduced,storedinaretrievalsystem,ortransmittedinanyform
orbyanymeans,electronic,mechanical,photocopying,recording,scanning,orotherwise,exceptas
permittedunderSection107or108ofthe1976UnitedStatesCopyrightAct,withouteithertheprior
writtenpermissionofthePublisher,orauthorizationthroughpaymentoftheappropriateper-copyfeetothe
CopyrightClearanceCenter,Inc.,222RosewoodDrive,Danvers,MA01923,(978)750-8400,fax(978)
750-4470,oronthewebatwww.copyright.com.RequeststothePublisherforpermissionshouldbe
addressedtothePermissionsDepartment,JohnWiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030,
(201)748-6011,fax(201)748-6008,oronlineathttp://www.wiley.com/go/permission.
LimitofLiability/DisclaimerofWarranty:Whilethepublisherandauthorhaveusedtheirbesteffortsin
preparingthisbook,theymakenorepresentationsorwarrantieswithrespecttotheaccuracyor
completenessofthecontentsofthisbookandspecificallydisclaimanyimpliedwarrantiesof
merchantabilityorfitnessforaparticularpurpose.Nowarrantymaybecreatedorextendedbysales
representativesorwrittensalesmaterials.Theadviceandstrategiescontainedhereinmaynotbesuitable
foryoursituation.Youshouldconsultwithaprofessionalwhereappropriate.Neitherthepublishernor
authorshallbeliableforanylossofprofitoranyothercommercialdamages,includingbutnotlimitedto
special,incidental,consequential,orotherdamages.
Forgeneralinformationonourotherproductsandservicesorfortechnicalsupport,pleasecontactour
CustomerCareDepartmentwithintheUnitedStatesat(800)762-2974,outsidetheUnitedStatesat(317)
572-3993orfax(317)572-4002.
Wileyalsopublishesitsbooksinavarietyofelectronicformats.Somecontentthatappearsinprintmay
notbeavailableinelectronicformats.FormoreinformationaboutWileyproducts,visitourwebsiteat
www.wiley.com.
LibraryofCongressCataloging-in-PublicationData:
Konheim,AlanG.,1934–
Computersecurity&cryptography / byAlanG.Konheim.
p.cm.
Includesbibliographicalreferencesandindex.
ISBN-13:978-0-471-94783-7
ISBN-10:0-471-94783-0
1.Computersecurity. 2.Cryptography. I.Title.
QA76.9.A25K6382007
005.8--dc22 2006049338
PrintedintheUnitedStatesofAmerica
10 9 8 7 6 5 4 3 2 1
CONTENTS
FOREWORD ix 3.4 Thex2-TestofaHypothesis 67
PREFACE xi 3.5 PruningfromtheTableofIsomorphs 68
ABOUT THE AUTHOR xvii 3.6 PartialMaximumLikelihoodEstimation
ofaMonoalphabeticSubstitution 73
3.7 TheHiddenMarkovModel(HMM) 78
3.8 HillEnciphermentofASCIIN-Grams 90
CHAPTER1 APERITIFS 3.9 GaussianElimination 102
3.10 MonoalphabeticSubstitutionProblems 111
1.1 TheLexiconofCryptography 1
1.2 CryptographicSystems 4
1.3 Cryptanalysis 4 CHAPTER4 POLYALPHABETIC
1.4 SideInformation 6 SUBSTITUTION
1.5 ThomasJeffersonandtheM-94 6
4.1 RunningKeys 116
1.6 CryptographyandHistory 7
4.2 BlaisedeVigene`re 117
1.7 CryptographyandComputers 8
4.3 GilbertS.Vernam 117
1.8 TheNationalSecurityAgency 9
4.4 TheOne-TimePad 119
1.9 TheGiants 10
1.10 NoSex,Money,Crimeor...Love 12 4.5 FindingtheKeyofVernam–Vigene`re
CiphertextwithKnownPeriodby
1.11 AnExampleoftheInferenceProcess
Correlation 120
inCryptanalysis 13
4.6 Coincidence 124
1.12 Warning! 15
4.7 Venona 127
4.8 PolyalphabeticSubstitution
CHAPTER2 COLUMNARTRANSPOSITION Problems 132
2.1 Shannon’sClassificationofSecrecy
Transformations 18 CHAPTER5 STATISTICALTESTS
2.2 TheRulesofColumnarTransposition
5.1 WeaknessesinaCryptosystem 136
Encipherment 18
5.2 TheKolmogorov–SmirnovTest 136
2.3 Cribbing 21
5.3 NIST’sProposedStatisticalTests 138
2.4 ExamplesofCribbing 25
5.4 Diagnosis 139
2.5 PlaintextLanguageModels 30
5.5 StatisticalTestsProblems 143
2.6 Countingk-Grams 33
2.7 DerivingtheParametersofaMarkov
ModelfromSlidingWindowCounts 34
CHAPTER6 THEEMERGENCEOFCIPHER
2.8 MarkovScoring 34
MACHINES
2.9 TheADFGVXTranspositionSystem 47
2.10 CODA 49 6.1 TheRotor 150
2.11 ColumnarTranspositionProblems 50 6.2 RotorSystems 152
6.3 RotorPatents 153
6.4 ACharacteristicPropertyofConjugacy 155
CHAPTER3 MONOALPHABETIC
6.5 Analysisofa1-RotorSystem:
SUBSTITUTION
CiphertextOnly 156
3.1 MonoalphabeticSubstitution 63 6.6 TheDisplacementSequenceofa
3.2 Caesar’sCipher 65 Permutation 158
3.3 CribbingUsingIsomorphs 66 6.7 ArthurScherbius 160
v
vi CONTENTS
6.8 EnigmaKeyDistributionProtocol 163 9.7 IsDESaRandomMapping? 297
6.9 CryptanalysisoftheEnigma 166 9.8 DESintheOutput-FeedbackMode(OFB) 299
6.10 CribbingEnigmaCiphertext 167 9.9 CryptanalysisofDES 300
6.11 TheLorenzSchlu¨sselzusatz 170 9.10 DifferentialCryptanalysis 302
6.12 TheSZ40PinWheels 171 9.11 TheEFSDES-Cracker 308
6.13 SZ40CryptanalysisProblems 175 9.12 WhatNow? 311
6.14 CribbingSZ40Ciphertext 176 9.13 TheFutureAdvancedDataEncryption
Standard 312
9.14 AndtheWinnerIs! 312
CHAPTER7 THEJAPANESECIPHER 9.15 TheRijndaelOperations 314
MACHINES 9.16 TheRijndaelCipher 323
9.17 Rijndael’sStrength:Propagationof
7.1 JapaneseSignalingConventions 191
Patterns 323
7.2 Half-Rotors 191
9.18 WhenisaProductBlock-CipherSecure?326
7.3 ComponentsoftheREDMachine 193
9.19 GeneratingtheSymmetricGroup 327
7.4 CribbingREDCiphertext 200
9.20 AClassofBlockCiphers 329
7.5 GeneralizedVowelsandConsonants 209
9.21 TheIDEABlockCipher 332
7.6 “ClimbMountItaka” – War! 210
7.7 ComponentsofthePURPLEMachine 211
7.8 ThePURPLEKeys 217
CHAPTER10 THEPARADIGMOF
7.9 CribbingPURPLE:FindingtheV-Stepper 219
PUBLICKEYCRYPTOGRAPHY
7.10 CribbingPURPLE:Findingthe
C-Steppers 238 10.1 IntheBeginning... 334
10.2 KeyDistribution 335
10.3 E-Commerce 336
CHAPTER8 STREAMCIPHERS 10.4 Public-KeyCryptosystems:
EasyandHardComputationalProblems 337
8.1 StreamCiphers 244
10.5 DoPKCS SolvetheProblem
8.2 FeedbackShiftRegisters 244
ofKeyDistribution? 341
8.3 TheAlgebraofPolynomialsoverZZ 247
2 10.6 P.S. 342
8.4 TheCharacteristicPolynomialofa
LinearFeedbackShiftRegister 251
8.5 PropertiesofMaximalLengthLFSR
CHAPTER11 THEKNAPSACK
Sequences 254
CRYPTOSYSTEM
8.6 LinearEquivalence 258
8.7 CombiningMultipleLinearFeedback 11.1 SubsetSumandKnapsackProblems 344
ShiftRegisters 259 11.2 ModularArithmeticand
8.8 MatrixRepresentationoftheLFSR 260 theEuclideanAlgorithm 346
8.9 CribbingofStreamEncipheredASCII 11.3 AModularArithmetic
Plaintext 261 KnapsackProblem 350
8.10 NonlinearFeedbackShiftRegisters 271 11.4 Trap-DoorKnapsacks 350
8.11 NonlinearKeyStreamGeneration 273 11.5 KnapsackEnciphermentand
8.12 IrregularClocking 275 DeciphermentofASCII-Plaintext 355
8.13 RC4 278 11.6 CryptanalysisoftheMerkle–Hellman
8.14 StreamEnciphermentProblems 281 KnapsackSystem(ModularMapping) 358
11.7 DiophantineApproximation 364
11.8 ShortVectorsinaLattice 368
CHAPTER9 BLOCK-CIPHERS:LUCIFER, 11.9 Knapsack-LikeCryptosystems 371
DES,ANDAES 11.10 KnapsackCryptosystemProblems 371
9.1 LUCIFER 283
9.2 DES 288
CHAPTER12 THERSACRYPTOSYSTEM
9.3 TheDESS-Boxes,P-Box,andInitial
Permutation(IP) 289 12.1 AShortNumber-TheoreticDigression 376
9.4 DESKeySchedule 292 12.2 RSA 378
9.5 SampleDESEncipherment 294 12.3 TheRSAEnciphermentand
9.6 Chaining 295 DeciphermentofASCII-Plaintext 379
CONTENTS vii
12.4 AttackonRSA 382 15.10 TheEllipticCurveDigitalSignature
12.5 WilliamsVariationofRSA 383 Algorithm 444
12.6 MultiprecisionModularArithmetic 387 15.11 TheCerticomChallenge 445
15.12 NSAandEllipticCurveCryptography 445
CHAPTER13 PRIMENUMBERSAND
FACTORIZATION CHAPTER16 KEYEXCHANGEINANETWORK
13.1 NumberTheoryandCryptography 390 16.1 KeyDistributioninaNetwork 447
13.2 PrimeNumbersandtheSieveof 16.2 U.S.Patent’770 448
Eratosthenes 390 16.3 Spoofing 448
13.3 Pollard’sp21Method 391 16.4 ElGamal’sExtensionof
13.4 Pollard’sr-Algorithm 394 Diffie–Hellman 450
13.5 QuadraticResidues 396 16.5 Shamir’sAutonomousKeyExchange 451
13.6 RandomFactorization 401 16.6 X9.17KeyExchangeArchitecture 453
13.7 TheQuadraticSieve(QS) 403 16.7 TheNeedham–SchroederKey
13.8 TestingifanIntegerisaPrime 405 DistributionProtocol 456
13.9 TheRSAChallenge 407
13.10 PerfectNumbersandthe
MersennePrimes 408 CHAPTER17 DIGITALSIGNATURESAND
AUTHENTICATION
13.11 MultiprecisionArithmetic 409
13.12 PrimeNumberTestingand
17.1 TheNeedforSignatures 464
FactorizationProblems 410
17.2 ThreatstoNetworkTransactions 465
17.3 Secrecy,DigitalSignatures,and
Authentication 465
CHAPTER14 THEDISCRETELOGARITHM
17.4 TheDesiderataofaDigital
PROBLEM
Signature 466
14.1 TheDiscreteLogarithmProblem 17.5 Public-KeyCryptographyand
Modulop 414 SignatureSystems 467
14.2 SolutionoftheDLPModulopGivena 17.6 Rabin’sQuadraticResidue
Factorizationofp21 415 SignatureProtocol 468
14.3 Adelman’sSubexponentialAlgorithm 17.7 HashFunctions 470
fortheDiscreteLogarithmProblem 419 17.8 MD5 471
14.4 TheBaby-Step,Giant-Step 17.9 TheSecureHashAlgorithm 473
Algorithm 420 17.10 NIST’sDigitalSignature
14.5 TheIndex-CalculusMethod 420 Algorithm 474
14.6 Pollard’sr-Algorithm 424 17.11 ElGamal’sSignatureProtocol 475
14.7 ExtensionFields 426 17.12 TheFiat–ShamirIdentificationand
14.8 TheCurrentStateofDiscrete SignatureSchema 476
LogarithmResearch 428 17.13 TheObliviousTransfer 478
CHAPTER15 ELLIPTICCURVECRYPTOGRAPHY CHAPTER18 APPLICATIONSOF
CRYPTOGRAPHY
15.1 EllipticCurves 429
15.2 TheEllipticGroupovertheReals 431 18.1 UNIXPasswordEncipherment 480
15.3 Lenstra’sFactorizationAlgorithm 432 18.2 MagneticStripeTechnology 482
15.4 TheEllipticGroupoverZ (p.3) 434 18.3 ProtectingATMTransactions 484
p
15.5 EllipticGroupsovertheFieldZ 436 18.4 Keyed-AccessCards 491
m,2
15.6 ComputationsintheEllipticGroup 18.5 SmartCards 491
EZ (a,b) 438 18.6 WhoCanYouTrust?:Kohnfelder’s
m,2
15.7 SupersingularEllipticCurves 441 Certificates 495
15.8 Diffie–HellmanKeyExchangeUsing 18.7 X.509Certificates 495
anEllipticCurve 442 18.8 TheSecureSocketLayer(SSL) 497
15.9 TheMenezes–VanstoneElliptic 18.9 MakingaSecureCreditCard
CurveCryptosystem 443 PaymentontheWeb 502
viii CONTENTS
CHAPTER19 CRYPTOGRAPHIC 19.7 U.S.Patent3,543,904 509
PATENTS 19.8 U.S.Patent4,200,770 511
19.9 U.S.Patent4,218,582 512
19.1 WhatisaPatent? 506
19.10 U.S.Patent4,405,829 512
19.2 PatentabilityofIdeas 507 19.11 PKS/RSADSILitigation 514
19.3 TheFormatofaPatent 507
19.12 LeonStambler 514
19.4 PatentableversusNonpatentable
Subjects 508
INDEX 516
19.5 Infringement 509
19.6 TheRoleofPatentsin
Cryptography 509
