## Attacking to Substitution Ciphers

### Cracking the Caesar Cipher
In Caesar’s cipher, the key is 3, so anyone who knows that Caesar’s cipher is being used can decrypt the message.<br>

Trying all possible keys is an exhaustive search or brute force attack. If there are N possible keys, then Alice will, on average, need to try about half of these, that is, N/2 of the keys before she can expect to find the correct key. 

In [1]:
# Caesar Cipher
def caesar_cipher(text, shift):
    encrypted_text = ""
    for char in text:
        if char.isalpha():  # Check if the character is a letter
            if char.islower():
                shifted_char = chr(((ord(char) - ord('a') + shift) % 26) + ord('a'))
            else:
                shifted_char = chr(((ord(char) - ord('A') + shift) % 26) + ord('A'))
        else:
            shifted_char = char
        encrypted_text += shifted_char
    return encrypted_text

def caesar_decipher(text, shift):
    return caesar_cipher(text, -shift)

In [2]:
plaintext = input(f'Input the text to encrypt')
shift = int(input(f'Input the shift'))
encrypted = caesar_cipher(plaintext,shift)
print("Encrypted "+ "\'"+ plaintext +"\'"+ " is "+"\'"+ encrypted+"\'")

Encrypted 'Cryptanalysis in action' is 'Fubswdqdobvlv lq dfwlrq'


In [4]:
message = "CDEFGHI" # shift is 2
SYMBOLS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890 !?."

for key in range(len(SYMBOLS)):
    translated = ''
    for symbol in message:
        if symbol in SYMBOLS:
            symbolindex = SYMBOLS.find(symbol)
            translatedindex = symbolindex - key
            if translatedindex < 0:
                translatedindex = translatedindex + len(SYMBOLS)
            translated = translated + SYMBOLS[translatedindex]
        else:
            translated = translated + symbol
    print('Key #%s: %s' % (key, translated))

Key #0: CDEFGHI
Key #1: BCDEFGH
Key #2: ABCDEFG
Key #3: .ABCDEF
Key #4: ?.ABCDE
Key #5: !?.ABCD
Key #6:  !?.ABC
Key #7: 0 !?.AB
Key #8: 90 !?.A
Key #9: 890 !?.
Key #10: 7890 !?
Key #11: 67890 !
Key #12: 567890 
Key #13: 4567890
Key #14: 3456789
Key #15: 2345678
Key #16: 1234567
Key #17: z123456
Key #18: yz12345
Key #19: xyz1234
Key #20: wxyz123
Key #21: vwxyz12
Key #22: uvwxyz1
Key #23: tuvwxyz
Key #24: stuvwxy
Key #25: rstuvwx
Key #26: qrstuvw
Key #27: pqrstuv
Key #28: opqrstu
Key #29: nopqrst
Key #30: mnopqrs
Key #31: lmnopqr
Key #32: klmnopq
Key #33: jklmnop
Key #34: ijklmno
Key #35: hijklmn
Key #36: ghijklm
Key #37: fghijkl
Key #38: efghijk
Key #39: defghij
Key #40: cdefghi
Key #41: bcdefgh
Key #42: abcdefg
Key #43: Zabcdef
Key #44: YZabcde
Key #45: XYZabcd
Key #46: WXYZabc
Key #47: VWXYZab
Key #48: UVWXYZa
Key #49: TUVWXYZ
Key #50: STUVWXY
Key #51: RSTUVWX
Key #52: QRSTUVW
Key #53: PQRSTUV
Key #54: OPQRSTU
Key #55: NOPQRST
Key #56: MNOPQRS
Key #57: LMNOPQR
Key #58: KLMNOPQ
Key #59

In [16]:
%pip install langdetect
%pip install langid
# if you use Python 3.9 then you can try fasttext

Note: you may need to restart the kernel to use updated packages.
Note: you may need to restart the kernel to use updated packages.


In [5]:
# Detect the language

from langdetect import detect
import langid

print(detect(encrypted))
print(langid.classify(encrypted))

ca
('en', -10.752016067504883)


In [6]:
# Try a frequency analysis
# This is a just a simple example

test_str = "Testing the Frequency Finder for Cryptanalysis."
result = {i: test_str.count(i) for i in set(test_str)}
print(result)

{'l': 1, 'n': 4, 'o': 1, 'a': 2, 'r': 4, 'g': 1, '.': 1, 'p': 1, 'T': 1, 'h': 1, ' ': 5, 'e': 5, 'C': 1, 'i': 3, 'F': 2, 'd': 1, 'u': 1, 'c': 1, 's': 3, 'f': 1, 'y': 3, 't': 3, 'q': 1}


Above frequency analysis can be used for any encrypted text to reveal the language characteristics.<br>
After analyzing the frequencies we can decide the most possible language of the plaintext.<br>
Because language characteristics remain in Caesar Cipher, frequency analysis is a proven technique to break the encryption.<br>
After the frequency analysis and detection of the language we can replace the characters and start to construct bigrams, trigrams and decipher the ciphertext.

This problem of frequency distribution analysis is a concern with any monoalphabetic cipher because, by its definition, every time it sees a particular letter it will always encrypt it to some given ciphertext character (as determined by the key).

### Attacking to Transposition Ciphers

In transposition cipher key is the number of columns in the array. To perform ciphertext only attack on this cipher, we need to test all possible decrypts using c columns, where c is a divisor of the number of characters in the ciphertext.

If there is a key in the transposition, ciphertext only attack might be a challenge but we can do that either way.<br>
Double transposition can be a challenge to directly implement COA, but Eve can solve the ciphertext via divide-and-conquer approach.

Message: ATTACK AT DAWN → ATTACKATDAWN

As we did at the section 3 we write row wise. We send column wise. Analyzing the ciphertext reveals the frequency characteristics of the language. If the application id polyalphabetic then frequency analysis does not work.

### Attacking Vigenére Cipher
<ol>
<li>Polyalphabetic substitution ciphers do not preserve the plaintext frequencies.</li>
<li>Consider the  Vigenére Cipher with a small key.</li>
<li>If we know the length of the key then we separate the ciphertext into equal length subtexts.</li>
<li>Then we count the frequencies and do a frequency analysis.</li>
<li>This will give us candidate keys combination of the candidates will reveal the real key used for encryption.</li>
<li>If we do not know the length of the key two identical characters occurring a distance apart that is a multiple of the key length will be encrypted identically.</li>
</ol>


## Attacking Stream Ciphers

### Linear Feedback Shift Register

In [7]:
# Example implementation of LFSR
class LFSR:
    def __init__(self, state, feedback_mask):
        self.state = state
        self.feedback_mask = feedback_mask
        self.length = len(state)

    def shift(self):
        feedback_bit = 0
        for i in self.feedback_mask:
            feedback_bit ^= self.state[i]

        self.state.insert(0, feedback_bit)
        self.state.pop()

    def generate_sequence(self, num_bits):
        result = []
        for _ in range(num_bits):
            result.append(self.state[-1])  # Output the rightmost bit
            self.shift()  # Shift the LFSR

        return result

# Example usage:
state = [1, 0, 0, 0]  # Initial state
feedback_mask = [0, 2]  # Feedback mask, e.g., x^4 + x^3 + 1

lfsr = LFSR(state, feedback_mask)
num_bits = 10

output_sequence = lfsr.generate_sequence(num_bits)
print("LFSR Output Sequence:", output_sequence)


LFSR Output Sequence: [0, 0, 0, 1, 1, 1, 0, 1, 0, 0]


### Correlation Attack
<ol>
<li>Attacker tries to recover initial fills of LSFR, then the stream cipher is broken. Because consecutive key bits can be constructed.</li>
<li>Attacker also exhaustively tries all possibilities of the initial fills.</li>
<li>This attack requies a known plaintext.</li>
<li>Combinin f function must not leak information about the individual shift registers.</li>
</ol>


### RC4 encryption algorithm:

Attacker tries to recover initial fills, then the stream cipher is broken. Because consecutive key bits can be constructed.
Attacker also exhaustively tries all possibilities of the initial fills.
This attack requies a known plaintext. 
Combinin f function must not leak information about the individual shift registers.


### PKZIP Encryption

- PKZIP is a file compression and archiving utility.
- PKZIP offers optional encryption called ZipCrypto.
- ZipCrypto uses a simple XOR-based encryption method.
- It relies on a user-provided password for encryption and decryption.
- Security concerns include weak encryption and predictable pseudorandom numbers.
- For stronger encryption, it's recommended to use modern encryption methods like AES.

#### pkcrack tool for pkzip known plaintext attack

Linux or MacOS

git clone https://github.com/keyunluo/pkcrack<br>
mkdir pkcrack/build<br>
cd pkcrack/build<br>
cmake ..<br>
make<br>

  pkcrack -C encrypted-ZIP -c ciphertextname -P plaintext-ZIP 
          -p plaintextname -d decrypted_file -a

- Details: https://github.com/keyunluo/pkcrack

## Attacking Block Ciphers

## Hash Functions

### The Birthday Problem

Suppose that Eve is in a room containing a total of N people (including herself). What is the probability that at least one of the other N-1 people has the same birthday as Eve?<br>

- Assume that birthdays are uniformly distributed among the 365 days in a year.
- This problem is a discrete probability problem.
- For each person this probability 364/365, so that for all N-1 people, the probability is (364/365)N-1. Consequently the probability we want is 1-(364/365)^N-1.
- By setting formula to ½ and solving for N, we can find the number of people that must be in a room before we expect someone to have the same birthday as Eve.
- If N>= 254, then the probability is greater than ½ and we expect to find someone with the same birthday as Eve.
- On the other hand if we want to find two people in a room share the same birthday, where there are N people in the room.
- 1-365/365.364/365.363/365…(365-N+1)/365; N<= 366
- When N>=23 than probability is greater than ½
- Therefore at least 24 people share the same birthday. This is called the birthday paradox
Weak collision resistance → Brute force until finding a match against h(x)


In [9]:
import random

def birthday_simulation(num_simulations, num_people):
    matching_birthdays = 0

    for _ in range(num_simulations):
        birthdays = [random.randint(1, 365) for _ in range(num_people)]
        if len(birthdays) != len(set(birthdays)):
            matching_birthdays += 1

    probability = matching_birthdays / num_simulations
    return probability

def main():
    num_simulations = 10000  # Number of simulations
    num_people = 23  # Number of people in each group

    probability = birthday_simulation(num_simulations, num_people)

    print(f"Probability of at least two people sharing a birthday in a group of {num_people} is approximately: {probability:.4f}")

if __name__ == "__main__":
    main()


Probability of at least two people sharing a birthday in a group of 23 is approximately: 0.5150


### Birthday Attack Against Digital Signatures
- Eve gets digitally signed message from Alice 
- Then Eve creates 2^n/2 messages all of them are not malicious and meaning the same (such as I), their hashes are different.
- Eve creates 2^n/2 messages all are malicious and meaning the same, their hashes are different
- If there is a match in signatures in malicious and non malicious and Eve asks Alice to sign matching pair of the non malicious message then she got the Alice’s signature with a brute force attack


### Nostradamus Attack 
Please refer to the course content.

## PKI and Hybrid Systems

### Lattice Reduction Attack

A lattice reduction attack is a type of cryptographic attack that targets encryption schemes based on lattice problems. Lattice problems involve finding the shortest vector in a lattice, which is a grid-like structure in multi-dimensional space. Here's a simplified explanation with pseudo-code:

```plaintext
# Pseudo-code for a Lattice Reduction Attack
# Step 1: Define the lattice
lattice = generate_lattice_basis()

# Step 2: Apply lattice reduction algorithm
reduced_lattice = reduce_lattice(lattice)

# Step 3: Solve the SVP (Shortest Vector Problem)
shortest_vector = solve_svp(reduced_lattice)

# Step 4: Find the secret key
secret_key = derive_secret_key(shortest_vector)

# Step 5: Decrypt the ciphertext
plaintext = decrypt(ciphertext, secret_key)

# Step 6: Recover the original message
original_message = remove_padding(plaintext)

# Output the result
print("Recovered Message:", original_message)
```

In this pseudo-code:

1. We start by defining the lattice, which is often generated based on the public parameters of the encryption scheme.

2. We apply a lattice reduction algorithm to reduce the lattice. The goal of lattice reduction is to transform the lattice in such a way that the shortest vector becomes easier to find.

3. We solve the Shortest Vector Problem (SVP) on the reduced lattice. This problem involves finding the shortest non-zero vector in the lattice.

4. Once we have the shortest vector, we derive the secret key from it. This is possible because the secret key is usually related to some properties of the lattice.

5. With the secret key in hand, we can decrypt the ciphertext.

6. Finally, we remove any padding or additional processing to recover the original message.

Lattice-based cryptography is designed to make these steps computationally difficult, ensuring the security of encryption schemes based on lattice problems. However, advances in lattice reduction algorithms and other mathematical techniques may pose a threat to the security of these systems, which is why ongoing research and analysis are essential in the field of cryptography.

### Man-in-the-Middle Attack 

A Man-in-the-Middle (MitM) attack in the context of SSL (Secure Sockets Layer) or its successor TLS (Transport Layer Security) is an attack where an adversary intercepts communication between two parties (e.g., a client and a server) and can potentially eavesdrop on or manipulate the data being exchanged. Here's a high-level explanation with pseudo-code to demonstrate a MitM attack:

```plaintext
# Pseudo-Code for a Man-in-the-Middle Attack on SSL/TLS

# Step 1: Attacker intercepts the initial connection attempts
client_hello = intercept_client_hello()
server_hello = intercept_server_hello()

# Step 2: Attacker impersonates the client and initiates a connection with the server
attacker_client_hello = modify_client_hello(client_hello)
server_response = send_to_server(attacker_client_hello)

# Step 3: Attacker intercepts the server's response and sends it to the client
attacker_server_response = intercept_server_response(server_response)
send_to_client(attacker_server_response)

# Step 4: Client and server establish an encrypted connection, unaware of the attacker
client_finished = intercept_client_finished()
server_finished = intercept_server_finished()

# Step 5: Attacker can now intercept, eavesdrop, or manipulate data between client and server
data_from_client = intercept_data_from_client()
data_from_server = intercept_data_from_server()
modify_data(data_from_client)
modify_data(data_from_server)
send_to_server(data_from_client)
send_to_client(data_from_server)

# Continue eavesdropping or manipulating data as needed

# End of the attack
```

In this pseudo-code:

1. The attacker intercepts the initial client_hello and server_hello messages during the SSL/TLS handshake, which initiates the secure connection.

2. The attacker impersonates the client and crafts a modified client_hello message to initiate a connection with the server, pretending to be the client.

3. The server responds, believing it is communicating with the client, and the attacker intercepts this response.

4. The attacker forwards the server's response to the client.

5. The client and server continue with the handshake, establishing an encrypted connection. During this phase, the attacker may intercept and manipulate data between the client and server.

6. Once the MitM attack is successful, the attacker can eavesdrop on the data being exchanged or even modify it.

MitM attacks on SSL/TLS are dangerous because they can compromise the confidentiality and integrity of secure communications. To prevent MitM attacks, SSL/TLS implementations employ techniques like certificate validation and secure key exchange protocols to ensure the authenticity of the parties involved in the communication. Additionally, the use of public key infrastructure (PKI) and proper certificate management helps establish trust in SSL/TLS connections.