Cryptography Reference
In-Depth Information
Second, there is one more risk we should be aware of: when designing an algo-
rithm, the developer may be particularly cautious, never letting any character
transform onto itself. In doing this, he actually compromises his own method.
Bauer [BauerMM] refers to this approach as an
illusory complication
. Endeav-
oring to design things particularly well often leads to the exact opposite. At
this point, you might
not
understand why German cryptologists hadn't seen
the risk caused by the Enigma's reversing drum: it enabled negative pattern
search.
3.4.3 This is Still Interesting Today!
The ciphering cylinder is history, and so is characterwise encryption. 'So what
do we discuss it for?', you will probably ask. We encrypt bitwise nowadays!
Well, negative pattern search is still a potential risk, even with algorithms
working bitwise. We certainly won't compare superimposed bits any longer.
But we might be able to prove a statement like the following:
If byte 1 has even and byte 3 uneven parity in the plaintext block, then there
is a 76 % likelihood that bit 26 in the ciphertext block is equal to 1.
Of course, it would be best to have a 100 % probability, for we could then run
a negative pattern search, like before. But every value that deviates from 50 %
can be helpful.
These kinds of statements are dangerous for all algorithms that are vulnerable
to plaintext attacks. Look at this not totally unrealistic example: assume a
WordPerfect file was encrypted bitwise using a Vigenere method (more about
this in Sections 3.5 and 3.6). We know for sure that it includes the string
Lexmark 4039 plus PS2
(21 characters), since our security department uses this printer. Moreover, we
know the code writer is chronically lazy, i.e., he would never bring himself to
use a password with a length of ten characters. We are looking for the position
of the probable word; we have a hunch where in the ciphertext it might be
found. If the password is four characters long, then 'L' and 'a' have got to be
encrypted in the same way. This is written as follows in cryptology:
⊕
s=c
1
p
1
⊕
s=c
5
p
5
