Upload
trinhliem
View
215
Download
1
Embed Size (px)
Citation preview
Classical Cryptosystems
Note
We will use the convention that plaintext will be lowercase andciphertext will be in all capitals.
Shift Ciphers
The idea of the Caesar cipher:
To encrypt, shift the letters to the right by 3 and wrap around.a 7→ Db 7→ Ex 7→ A
To decrypt, shift the letters to the left by 3 and wrap around.
Useful to hide message from ‘friendly’ agents.
Shift Ciphers
The idea of the Caesar cipher:
To encrypt, shift the letters to the right by 3 and wrap around.a 7→ Db 7→ Ex 7→ A
To decrypt, shift the letters to the left by 3 and wrap around.
Useful to hide message from ‘friendly’ agents.
Shift Ciphers
The idea of the Caesar cipher:
To encrypt, shift the letters to the right by 3 and wrap around.a 7→ Db 7→ Ex 7→ A
To decrypt, shift the letters to the left by 3 and wrap around.
Useful to hide message from ‘friendly’ agents.
A Better Version
We could choose any integer between 1 and 25 to shift, with thenumber being secret.
ExampleSuppose you were given
Z UVKVJK KYV PREBVVJwith no key. How would you decrypt?
A less naive attack:
The first letter is single, so A or I would be good to start with.
Start with just 2-3 letters to see if it is the start of a word
A Better Version
We could choose any integer between 1 and 25 to shift, with thenumber being secret.
ExampleSuppose you were given
Z UVKVJK KYV PREBVVJwith no key. How would you decrypt?
A less naive attack:
The first letter is single, so A or I would be good to start with.
Start with just 2-3 letters to see if it is the start of a word
A Better Version
We could choose any integer between 1 and 25 to shift, with thenumber being secret.
ExampleSuppose you were given
Z UVKVJK KYV PREBVVJwith no key. How would you decrypt?
A less naive attack:
The first letter is single, so A or I would be good to start with.
Start with just 2-3 letters to see if it is the start of a word
A Better Version
We could choose any integer between 1 and 25 to shift, with thenumber being secret.
ExampleSuppose you were given
Z UVKVJK KYV PREBVVJwith no key. How would you decrypt?
A less naive attack:
The first letter is single, so A or I would be good to start with.
Start with just 2-3 letters to see if it is the start of a word
Attacks
No matter the technique, this is easy to break using a ciphertext attack.
DefinitionA ciphertext attack is performed when all that is had is a copy of theciphertext.
Even worse, if the attacker was performing a known-plaintext attack,they would have the decryption key while only needing a single letter.
DefinitionA known plaintext attack is when an attacker has a ciphertext and thecorresponding plaintext. If the key is not changed, they can decryptfuture ciphertexts.
Attacks
No matter the technique, this is easy to break using a ciphertext attack.
DefinitionA ciphertext attack is performed when all that is had is a copy of theciphertext.
Even worse, if the attacker was performing a known-plaintext attack,they would have the decryption key while only needing a single letter.
DefinitionA known plaintext attack is when an attacker has a ciphertext and thecorresponding plaintext. If the key is not changed, they can decryptfuture ciphertexts.
Attacks
No matter the technique, this is easy to break using a ciphertext attack.
DefinitionA ciphertext attack is performed when all that is had is a copy of theciphertext.
Even worse, if the attacker was performing a known-plaintext attack,they would have the decryption key while only needing a single letter.
DefinitionA known plaintext attack is when an attacker has a ciphertext and thecorresponding plaintext. If the key is not changed, they can decryptfuture ciphertexts.
Attacks
No matter the technique, this is easy to break using a ciphertext attack.
DefinitionA ciphertext attack is performed when all that is had is a copy of theciphertext.
Even worse, if the attacker was performing a known-plaintext attack,they would have the decryption key while only needing a single letter.
DefinitionA known plaintext attack is when an attacker has a ciphertext and thecorresponding plaintext. If the key is not changed, they can decryptfuture ciphertexts.
Affine Ciphers
This is a method for encrypting with numbers.
ProcedureTake α, β with 0 ≤ α, β ≤ 25 such that (α, 26) = 1. Then, the affinefunction
x 7→ αx + β(mod 26)
It is a is a linear transformation followed by a translation.
Alternate Notation
Eα,β(x) = (αx + β)(mod 26)
Affine Ciphers
This is a method for encrypting with numbers.
ProcedureTake α, β with 0 ≤ α, β ≤ 25 such that (α, 26) = 1. Then, the affinefunction
x 7→ αx + β(mod 26)
It is a is a linear transformation followed by a translation.
Alternate Notation
Eα,β(x) = (αx + β)(mod 26)
Encrypting Using Affine Ciphers
Example
E3,11(hello) = GXSSB
h = 7⇒ 3 · 7 + 11 = 32 ≡ 6(mod 26)
e = 4⇒ 3 · 4 + 11 = 23 ≡ 23(mod 26)
l = 11⇒ 3 · 11 + 11 = 44 ≡ 18(mod 26)
o = 14⇒ 3 · 14 + 11 = 53 ≡ 1(mod 26)
Encrypting Using Affine Ciphers
Example
E3,11(hello) = GXSSB
h = 7⇒ 3 · 7 + 11 = 32 ≡ 6(mod 26)
e = 4⇒ 3 · 4 + 11 = 23 ≡ 23(mod 26)
l = 11⇒ 3 · 11 + 11 = 44 ≡ 18(mod 26)
o = 14⇒ 3 · 14 + 11 = 53 ≡ 1(mod 26)
Encrypting Using Affine Ciphers
Example
E3,11(hello) = GXSSB
h = 7⇒ 3 · 7 + 11 = 32 ≡ 6(mod 26)
e = 4⇒ 3 · 4 + 11 = 23 ≡ 23(mod 26)
l = 11⇒ 3 · 11 + 11 = 44 ≡ 18(mod 26)
o = 14⇒ 3 · 14 + 11 = 53 ≡ 1(mod 26)
Encrypting Using Affine Ciphers
Example
E3,11(hello) = GXSSB
h = 7⇒ 3 · 7 + 11 = 32 ≡ 6(mod 26)
e = 4⇒ 3 · 4 + 11 = 23 ≡ 23(mod 26)
l = 11⇒ 3 · 11 + 11 = 44 ≡ 18(mod 26)
o = 14⇒ 3 · 14 + 11 = 53 ≡ 1(mod 26)
Encrypting Using Affine Ciphers
Example
E3,11(hello) = GXSSB
h = 7⇒ 3 · 7 + 11 = 32 ≡ 6(mod 26)
e = 4⇒ 3 · 4 + 11 = 23 ≡ 23(mod 26)
l = 11⇒ 3 · 11 + 11 = 44 ≡ 18(mod 26)
o = 14⇒ 3 · 14 + 11 = 53 ≡ 1(mod 26)
Decryption with the Affine Cipher
What do we need?
Inverses ...
y = 3x + 11⇒ x =13(y− 11)
Problem?We need to represent 1
3 in terms of (mod 26). Since (3, 26) = 1, themultiplicative inverse of 3 exists modulo 26.
9 · 3 = 27 ≡ 1(mod 26)
So, we can replace 13 with 9 in our mapping.
x = 9(y− 11)
So, we see for G = 6, we have
9(6− 11) = −45(mod 26) ≡ 7(mod 26)
Decryption with the Affine Cipher
What do we need? Inverses ...
y = 3x + 11⇒ x =13(y− 11)
Problem?We need to represent 1
3 in terms of (mod 26). Since (3, 26) = 1, themultiplicative inverse of 3 exists modulo 26.
9 · 3 = 27 ≡ 1(mod 26)
So, we can replace 13 with 9 in our mapping.
x = 9(y− 11)
So, we see for G = 6, we have
9(6− 11) = −45(mod 26) ≡ 7(mod 26)
Decryption with the Affine Cipher
What do we need? Inverses ...
y = 3x + 11⇒ x =13(y− 11)
Problem?
We need to represent 13 in terms of (mod 26). Since (3, 26) = 1, the
multiplicative inverse of 3 exists modulo 26.
9 · 3 = 27 ≡ 1(mod 26)
So, we can replace 13 with 9 in our mapping.
x = 9(y− 11)
So, we see for G = 6, we have
9(6− 11) = −45(mod 26) ≡ 7(mod 26)
Decryption with the Affine Cipher
What do we need? Inverses ...
y = 3x + 11⇒ x =13(y− 11)
Problem?We need to represent 1
3 in terms of (mod 26). Since (3, 26) = 1, themultiplicative inverse of 3 exists modulo 26.
9 · 3 = 27 ≡ 1(mod 26)
So, we can replace 13 with 9 in our mapping.
x = 9(y− 11)
So, we see for G = 6, we have
9(6− 11) = −45(mod 26) ≡ 7(mod 26)
Decryption with the Affine Cipher
What do we need? Inverses ...
y = 3x + 11⇒ x =13(y− 11)
Problem?We need to represent 1
3 in terms of (mod 26). Since (3, 26) = 1, themultiplicative inverse of 3 exists modulo 26.
9 · 3 = 27 ≡ 1(mod 26)
So, we can replace 13 with 9 in our mapping.
x = 9(y− 11)
So, we see for G = 6, we have
9(6− 11) = −45(mod 26) ≡ 7(mod 26)
Decryption with the Affine Cipher
What do we need? Inverses ...
y = 3x + 11⇒ x =13(y− 11)
Problem?We need to represent 1
3 in terms of (mod 26). Since (3, 26) = 1, themultiplicative inverse of 3 exists modulo 26.
9 · 3 = 27 ≡ 1(mod 26)
So, we can replace 13 with 9 in our mapping.
x = 9(y− 11)
So, we see for G = 6, we have
9(6− 11) = −45(mod 26) ≡ 7(mod 26)
Decryption with the Affine Cipher
What do we need? Inverses ...
y = 3x + 11⇒ x =13(y− 11)
Problem?We need to represent 1
3 in terms of (mod 26). Since (3, 26) = 1, themultiplicative inverse of 3 exists modulo 26.
9 · 3 = 27 ≡ 1(mod 26)
So, we can replace 13 with 9 in our mapping.
x = 9(y− 11)
So, we see for G = 6, we have
9(6− 11) = −45(mod 26) ≡ 7(mod 26)
Known Plaintext Attack
ExampleSuppose we had the following plaintext-ciphertext pairs:
f 7→ K
l 7→ Z
Can we find the key?
First, we convert this to numerical values.f 7→ K ⇒ 5 7→ 10l 7→ Z ⇒ 11 7→ 25
This gives
5α+ β ≡ 10(mod 26)
11α+ β ≡ 25(mod 26)
Combining gives6α ≡ 15(mod 26)
This will not work. Every choice for α will produce an even numberand an even taken modulo 26 will always be even.
Known Plaintext Attack
ExampleSuppose we had the following plaintext-ciphertext pairs:
f 7→ K
l 7→ Z
Can we find the key?
First, we convert this to numerical values.f 7→ K ⇒ 5 7→ 10l 7→ Z ⇒ 11 7→ 25
This gives
5α+ β ≡ 10(mod 26)
11α+ β ≡ 25(mod 26)
Combining gives6α ≡ 15(mod 26)
This will not work. Every choice for α will produce an even numberand an even taken modulo 26 will always be even.
Known Plaintext Attack
ExampleSuppose we had the following plaintext-ciphertext pairs:
f 7→ K
l 7→ Z
Can we find the key?
First, we convert this to numerical values.f 7→ K ⇒ 5 7→ 10l 7→ Z ⇒ 11 7→ 25
This gives
5α+ β ≡ 10(mod 26)
11α+ β ≡ 25(mod 26)
Combining gives6α ≡ 15(mod 26)
This will not work. Every choice for α will produce an even numberand an even taken modulo 26 will always be even.
Known Plaintext Attack
ExampleSuppose we had the following plaintext-ciphertext pairs:
f 7→ K
l 7→ Z
Can we find the key?
First, we convert this to numerical values.f 7→ K ⇒ 5 7→ 10l 7→ Z ⇒ 11 7→ 25
This gives
5α+ β ≡ 10(mod 26)
11α+ β ≡ 25(mod 26)
Combining gives6α ≡ 15(mod 26)
This will not work. Every choice for α will produce an even numberand an even taken modulo 26 will always be even.
Another Known Plaintext Attack
ExampleSuppose we had the following plaintext-ciphertext pairs:
f 7→ K
i 7→ Z
Can we find the key?
We begin as before.f 7→ K ⇒ 5 7→ 10i 7→ Z ⇒ 8 7→ 25
This gives
5α+ β ≡ 10(mod 26)
8α+ β ≡ 25(mod 26)
Combining gives3α ≡ 15(mod 26)
Another Known Plaintext Attack
ExampleSuppose we had the following plaintext-ciphertext pairs:
f 7→ K
i 7→ Z
Can we find the key?
We begin as before.f 7→ K ⇒ 5 7→ 10i 7→ Z ⇒ 8 7→ 25
This gives
5α+ β ≡ 10(mod 26)
8α+ β ≡ 25(mod 26)
Combining gives3α ≡ 15(mod 26)
Another Known Plaintext Attack
ExampleSuppose we had the following plaintext-ciphertext pairs:
f 7→ K
i 7→ Z
Can we find the key?
We begin as before.f 7→ K ⇒ 5 7→ 10i 7→ Z ⇒ 8 7→ 25
This gives
5α+ β ≡ 10(mod 26)
8α+ β ≡ 25(mod 26)
Combining gives3α ≡ 15(mod 26)
Another Known Plaintext Attack
ExampleSuppose we had the following plaintext-ciphertext pairs:
f 7→ K
i 7→ Z
Can we find the key?
We begin as before.f 7→ K ⇒ 5 7→ 10i 7→ Z ⇒ 8 7→ 25
This gives
5α+ β ≡ 10(mod 26)
8α+ β ≡ 25(mod 26)
Combining gives3α ≡ 15(mod 26)
Finishing the Decryption Algorithm
We can divide because (3, 26) = 1, so this becomes
α ≡ 5(mod 26)
And knowing α = 5 gives that β = 11.
Therefore the cipher would be 5x + 11(mod 26).
Finishing the Decryption Algorithm
We can divide because (3, 26) = 1, so this becomes
α ≡ 5(mod 26)
And knowing α = 5 gives that β = 11.
Therefore the cipher would be 5x + 11(mod 26).
Finishing the Decryption Algorithm
We can divide because (3, 26) = 1, so this becomes
α ≡ 5(mod 26)
And knowing α = 5 gives that β = 11.
Therefore the cipher would be 5x + 11(mod 26).
What To Avoid
We have to be careful here with our choice as we need the mapping tobe 1-1 modulo 26 and this only happens when (α, 26) = 1.
Here’s what happens if we aren’t careful:
Suppose we try to decrypt, we get 12 to find the inverse of. Using the
other technique, we cannot find
a∗ 3 2a∗ ≡ 1(mod 26)
So, no multiplicative inverse exists. This would give a non-uniquedeciphering for the same ciphertext.
What To Avoid
We have to be careful here with our choice as we need the mapping tobe 1-1 modulo 26 and this only happens when (α, 26) = 1.Here’s what happens if we aren’t careful:
Suppose we try to decrypt, we get 12 to find the inverse of. Using the
other technique, we cannot find
a∗ 3 2a∗ ≡ 1(mod 26)
So, no multiplicative inverse exists. This would give a non-uniquedeciphering for the same ciphertext.
Improvement Over Shifts
How many keys are there for a shift cipher?
25
How many keys are there for an affine cipher?
We could have
possible values for α? 12
possible values for β? 26
So the total would be 312 different ciphers.
Another improvement: And, we would need two plaintext-ciphertextpairs to deduce α and β instead of one pair for a shift cipher.
Improvement Over Shifts
How many keys are there for a shift cipher? 25
How many keys are there for an affine cipher?
We could have
possible values for α? 12
possible values for β? 26
So the total would be 312 different ciphers.
Another improvement: And, we would need two plaintext-ciphertextpairs to deduce α and β instead of one pair for a shift cipher.
Improvement Over Shifts
How many keys are there for a shift cipher? 25
How many keys are there for an affine cipher?
We could have
possible values for α?
12
possible values for β? 26
So the total would be 312 different ciphers.
Another improvement: And, we would need two plaintext-ciphertextpairs to deduce α and β instead of one pair for a shift cipher.
Improvement Over Shifts
How many keys are there for a shift cipher? 25
How many keys are there for an affine cipher?
We could have
possible values for α? 12
possible values for β?
26
So the total would be 312 different ciphers.
Another improvement: And, we would need two plaintext-ciphertextpairs to deduce α and β instead of one pair for a shift cipher.
Improvement Over Shifts
How many keys are there for a shift cipher? 25
How many keys are there for an affine cipher?
We could have
possible values for α? 12
possible values for β? 26
So the total would be 312 different ciphers.
Another improvement: And, we would need two plaintext-ciphertextpairs to deduce α and β instead of one pair for a shift cipher.
Improvement Over Shifts
How many keys are there for a shift cipher? 25
How many keys are there for an affine cipher?
We could have
possible values for α? 12
possible values for β? 26
So the total would be 312 different ciphers.
Another improvement: And, we would need two plaintext-ciphertextpairs to deduce α and β instead of one pair for a shift cipher.
Playfair Ciphers
Shift and affine ciphers are substitution ciphers - permute oneletter at a time
Playfair ciphers permute two at a time
Invented in 1854 by Charles Wheatstone
Named after Lord Playfair, who promoted the usage
Used by British in Second Boer War and WWI
Used by Australians and Germans in WWII
Playfair Ciphers
Shift and affine ciphers are substitution ciphers - permute oneletter at a time
Playfair ciphers permute two at a time
Invented in 1854 by Charles Wheatstone
Named after Lord Playfair, who promoted the usage
Used by British in Second Boer War and WWI
Used by Australians and Germans in WWII
Playfair Ciphers
Shift and affine ciphers are substitution ciphers - permute oneletter at a time
Playfair ciphers permute two at a time
Invented in 1854 by Charles Wheatstone
Named after Lord Playfair, who promoted the usage
Used by British in Second Boer War and WWI
Used by Australians and Germans in WWII
Playfair Ciphers
Shift and affine ciphers are substitution ciphers - permute oneletter at a time
Playfair ciphers permute two at a time
Invented in 1854 by Charles Wheatstone
Named after Lord Playfair, who promoted the usage
Used by British in Second Boer War and WWI
Used by Australians and Germans in WWII
Playfair Ciphers
Shift and affine ciphers are substitution ciphers - permute oneletter at a time
Playfair ciphers permute two at a time
Invented in 1854 by Charles Wheatstone
Named after Lord Playfair, who promoted the usage
Used by British in Second Boer War and WWI
Used by Australians and Germans in WWII
Playfair Ciphers
Shift and affine ciphers are substitution ciphers - permute oneletter at a time
Playfair ciphers permute two at a time
Invented in 1854 by Charles Wheatstone
Named after Lord Playfair, who promoted the usage
Used by British in Second Boer War and WWI
Used by Australians and Germans in WWII
How It Works
We first need a keyword: we’ll use Boston.
Letters non-distinct, we we delete all copies after first of any repeatedletter. So, our keyword becomes Bostn.We construct a 5× 5 grid with the keyword first and then the rest ofthe alphabet that is unused (with the convention i = j).
b o s t na c d e fg h i k lm p q r uv w x y z
How It Works
We first need a keyword: we’ll use Boston.Letters non-distinct, we we delete all copies after first of any repeatedletter. So, our keyword becomes Bostn.
We construct a 5× 5 grid with the keyword first and then the rest ofthe alphabet that is unused (with the convention i = j).
b o s t na c d e fg h i k lm p q r uv w x y z
How It Works
We first need a keyword: we’ll use Boston.Letters non-distinct, we we delete all copies after first of any repeatedletter. So, our keyword becomes Bostn.We construct a 5× 5 grid with the keyword first and then the rest ofthe alphabet that is unused (with the convention i = j).
b o s t na c d e fg h i k lm p q r uv w x y z
Encoding
Now we need a message to encode.
patriots will beat the jets
We break up the text into pairs of letters
pa tr io ts wi ll
Problem ...
pa tr io ts wi lxlb ea tx th ej etsx
Encoding
Now we need a message to encode.
patriots will beat the jets
We break up the text into pairs of letters
pa tr io ts wi ll
Problem ...
pa tr io ts wi lxlb ea tx th ej etsx
Encoding
Now we need a message to encode.
patriots will beat the jets
We break up the text into pairs of letters
pa tr io ts wi ll
Problem ...
pa tr io ts wi lxlb ea tx th ej etsx
Encoding
Now we need a message to encode.
patriots will beat the jets
We break up the text into pairs of letters
pa tr io ts wi ll
Problem ...
pa tr io ts wi lxlb ea tx th ej etsx
Rules for Encoding
1 Two plaintext letters that fall in the same row of the matrix areeach replaced by the letter to the right, with the first element ofthe row cyclically treated.
2 Two plaintext letters that fall in the same column of the matrixare each replaced by the letter beneath them, with the firstelement of the column cyclically treated.
3 Otherwise each plaintext letter is replaced by the letter that liesin its row and column occupied by the other plaintext letter.
Rules for Encoding
1 Two plaintext letters that fall in the same row of the matrix areeach replaced by the letter to the right, with the first element ofthe row cyclically treated.
2 Two plaintext letters that fall in the same column of the matrixare each replaced by the letter beneath them, with the firstelement of the column cyclically treated.
3 Otherwise each plaintext letter is replaced by the letter that liesin its row and column occupied by the other plaintext letter.
Rules for Encoding
1 Two plaintext letters that fall in the same row of the matrix areeach replaced by the letter to the right, with the first element ofthe row cyclically treated.
2 Two plaintext letters that fall in the same column of the matrixare each replaced by the letter beneath them, with the firstelement of the column cyclically treated.
3 Otherwise each plaintext letter is replaced by the letter that liesin its row and column occupied by the other plaintext letter.
Example
pa is a pair from different rows and columns.
b o s t na c d e fg h i k lm p q r uv w x y z
Each plaintext letter is replaced but the letter that lies in its row andcolumn occupied by the other plaintext letter.
p 7→ M
a 7→ C
Example
pa is a pair from different rows and columns.
b o s t na c d e fg h i k lm p q r uv w x y z
Each plaintext letter is replaced but the letter that lies in its row andcolumn occupied by the other plaintext letter.
p 7→ M
a 7→ C
Example
tr is a pair in the same column.
b o s t na c d e fg h i k lm p q r uv w x y z
Two plaintext letters that fall in the same column of the matrix areeach replaced by the letter beneath them, with the first element of thecolumn cyclically treated.
t 7→ E
r 7→ Y
Finish the ciphertext.
Example
tr is a pair in the same column.
b o s t na c d e fg h i k lm p q r uv w x y z
Two plaintext letters that fall in the same column of the matrix areeach replaced by the letter beneath them, with the first element of thecolumn cyclically treated.
t 7→ E
r 7→ Y
Finish the ciphertext.
The Ciphertext
pa tr io ts wi lxlb ea tx th ej etsx
MC EY HS NT XH IZGN FC SY OK DK KEDS
Now, we remove the spaces to finish the encryption.
MCEYHSNTXHIZGNFCSYOKDKKEDS
To decrypt, we essentially reverse the process, provided we know thekey.
The Ciphertext
pa tr io ts wi lxlb ea tx th ej etsx
MC EY HS NT XH IZGN FC SY OK DK KEDS
Now, we remove the spaces to finish the encryption.
MCEYHSNTXHIZGNFCSYOKDKKEDS
To decrypt, we essentially reverse the process, provided we know thekey.
The Ciphertext
pa tr io ts wi lxlb ea tx th ej etsx
MC EY HS NT XH IZGN FC SY OK DK KEDS
Now, we remove the spaces to finish the encryption.
MCEYHSNTXHIZGNFCSYOKDKKEDS
To decrypt, we essentially reverse the process, provided we know thekey.
Weaknesses
If the key is not known, once broken into pairs, common pairsare searched by looking for repetitive pairs and trial and error tosee which common pairs it is.Does anyone know what pairs have the highest probability?
Probability dictates that the common pairs are th, he, an, in, re,es.
Another weakness is that there are only 5 possible letters foreach ciphertext letter.This is an improvement as there are 262 digrams (2 letter pairs)v. only 26 letters in prior methods.
Weaknesses
If the key is not known, once broken into pairs, common pairsare searched by looking for repetitive pairs and trial and error tosee which common pairs it is.Does anyone know what pairs have the highest probability?Probability dictates that the common pairs are th, he, an, in, re,es.
Another weakness is that there are only 5 possible letters foreach ciphertext letter.
This is an improvement as there are 262 digrams (2 letter pairs)v. only 26 letters in prior methods.
Weaknesses
If the key is not known, once broken into pairs, common pairsare searched by looking for repetitive pairs and trial and error tosee which common pairs it is.Does anyone know what pairs have the highest probability?Probability dictates that the common pairs are th, he, an, in, re,es.
Another weakness is that there are only 5 possible letters foreach ciphertext letter.This is an improvement as there are 262 digrams (2 letter pairs)v. only 26 letters in prior methods.
Block Ciphers
Block ciphers use symmetric keys to encrypt a string of consecutivecharacters through the use of matrices.
To work with these, we need a little linear algebra.
We define the inverse of a square matrix M, denoted M−1, by theequation
MM−1 = M−1M = In
The inverse does not always exist, but when it does this equation issatisfied.
Block Ciphers
Block ciphers use symmetric keys to encrypt a string of consecutivecharacters through the use of matrices.
To work with these, we need a little linear algebra.
We define the inverse of a square matrix M, denoted M−1, by theequation
MM−1 = M−1M = In
The inverse does not always exist, but when it does this equation issatisfied.
Block Ciphers
Block ciphers use symmetric keys to encrypt a string of consecutivecharacters through the use of matrices.
To work with these, we need a little linear algebra.
We define the inverse of a square matrix M, denoted M−1, by theequation
MM−1 = M−1M = In
The inverse does not always exist, but when it does this equation issatisfied.
Is the Matrix Invertible?
Easiest way to determine if M is invertible is by
taking determinants.
ExampleDetermine if A is invertible. [
5 817 3
]∣∣∣∣ 5 8
17 3
∣∣∣∣ = 5(3)− 8(17) = −121 6= 0
Since det(A) 6= 0, A is invertible.
Is the Matrix Invertible?
Easiest way to determine if M is invertible is by taking determinants.
ExampleDetermine if A is invertible. [
5 817 3
]∣∣∣∣ 5 8
17 3
∣∣∣∣ = 5(3)− 8(17) = −121 6= 0
Since det(A) 6= 0, A is invertible.
Is the Matrix Invertible?
Easiest way to determine if M is invertible is by taking determinants.
ExampleDetermine if A is invertible. [
5 817 3
]
∣∣∣∣ 5 817 3
∣∣∣∣ = 5(3)− 8(17) = −121 6= 0
Since det(A) 6= 0, A is invertible.
Is the Matrix Invertible?
Easiest way to determine if M is invertible is by taking determinants.
ExampleDetermine if A is invertible. [
5 817 3
]∣∣∣∣ 5 8
17 3
∣∣∣∣ = 5(3)− 8(17) = −121 6= 0
Since det(A) 6= 0, A is invertible.
Finding the Inverse
ExampleFind the inverse of A.
Using the algorithm for an 2× 2 matrix. we get
− 1121
[3 -8
-17 5
](mod 26)
Problem?
−121 ≡ 9(mod 26)
so we have19
[3 -8
-17 5
](mod 26)
Finding the Inverse
ExampleFind the inverse of A.
Using the algorithm for an 2× 2 matrix. we get
− 1121
[3 -8
-17 5
](mod 26)
Problem?
−121 ≡ 9(mod 26)
so we have19
[3 -8
-17 5
](mod 26)
Finding the Inverse
ExampleFind the inverse of A.
Using the algorithm for an 2× 2 matrix. we get
− 1121
[3 -8
-17 5
](mod 26)
Problem?
−121 ≡ 9(mod 26)
so we have19
[3 -8
-17 5
](mod 26)
Finding the Inverse
ExampleFind the inverse of A.
Using the algorithm for an 2× 2 matrix. we get
− 1121
[3 -8
-17 5
](mod 26)
Problem?
−121 ≡ 9(mod 26)
so we have19
[3 -8
-17 5
](mod 26)
Finding the Inverse
Still a problem?
3 · 9 ≡ 1(mod 26)
we can replace 19 by 3 to get
3[
3 -8-17 5
](mod 26)
Done? [9 -24
-51 15
](mod 26)
Now?
A−1 =
[9 21 15
]
Finding the Inverse
Still a problem?
3 · 9 ≡ 1(mod 26)
we can replace 19 by 3 to get
3[
3 -8-17 5
](mod 26)
Done? [9 -24
-51 15
](mod 26)
Now?
A−1 =
[9 21 15
]
Finding the Inverse
Still a problem?
3 · 9 ≡ 1(mod 26)
we can replace 19 by 3 to get
3[
3 -8-17 5
](mod 26)
Done?
[9 -24
-51 15
](mod 26)
Now?
A−1 =
[9 21 15
]
Finding the Inverse
Still a problem?
3 · 9 ≡ 1(mod 26)
we can replace 19 by 3 to get
3[
3 -8-17 5
](mod 26)
Done? [9 -24
-51 15
](mod 26)
Now?
A−1 =
[9 21 15
]
Finding the Inverse
Still a problem?
3 · 9 ≡ 1(mod 26)
we can replace 19 by 3 to get
3[
3 -8-17 5
](mod 26)
Done? [9 -24
-51 15
](mod 26)
Now?
A−1 =
[9 21 15
]
Finding the Inverse
Still a problem?
3 · 9 ≡ 1(mod 26)
we can replace 19 by 3 to get
3[
3 -8-17 5
](mod 26)
Done? [9 -24
-51 15
](mod 26)
Now?
A−1 =
[9 21 15
]
The Hill Algorithm
This is named after Lester Hill, who produced work in 1929.
The encryption algorithm takes m successive plaintext letters andsubstitutes them for m ciphertext letters. This substitution isdetermined by m linear equations in which each character is assigneda numerical value (a = 0, b = 1, . . .).
How the Hill Cipher Works
For m = 3, the system of equations can be described as
c1 = (k11p1 + k12p1 + k13p1)(mod 26)
c2 = (k21p2 + k22p2 + k23p2)(mod 26)
c3 = (k31p3 + k32p3 + k33p3)(mod 26)
This can now be expressed in terms of vectors and matrices
[c1 c2 c3
]=[
p1 p2 p3] k11 k12 k13
k21 k22 k23k31 k32 k33
(mod 26)
where c and p are vectors of length 3 representing the plaintext andassociated ciphertext.
How the Hill Cipher Works
For m = 3, the system of equations can be described as
c1 = (k11p1 + k12p1 + k13p1)(mod 26)
c2 = (k21p2 + k22p2 + k23p2)(mod 26)
c3 = (k31p3 + k32p3 + k33p3)(mod 26)
This can now be expressed in terms of vectors and matrices
[c1 c2 c3
]=[
p1 p2 p3] k11 k12 k13
k21 k22 k23k31 k32 k33
(mod 26)
where c and p are vectors of length 3 representing the plaintext andassociated ciphertext.
Using the Hill Algorithm
ExampleUsing the encryption key 17 17 5
21 18 212 2 19
encrypt ‘pay more money’.
The first 3 letters of the plaintext are represented by the vector[15 0 24
]
Using the Hill Algorithm
ExampleUsing the encryption key 17 17 5
21 18 212 2 19
encrypt ‘pay more money’.
The first 3 letters of the plaintext are represented by the vector[15 0 24
]
Using the Hill Algorithm
Then, [15 0 24
]K =
[303 303 531
](mod 26)
Which, when take modulo 26, becomes[17 17 11
]and this corresponds to RRL.Continuing in this way, the ciphertext for the whole plaintext is
RRLMWBKASPDH
Using the Hill Algorithm
Then, [15 0 24
]K =
[303 303 531
](mod 26)
Which, when take modulo 26, becomes[17 17 11
]and this corresponds to RRL.
Continuing in this way, the ciphertext for the whole plaintext is
RRLMWBKASPDH
Using the Hill Algorithm
Then, [15 0 24
]K =
[303 303 531
](mod 26)
Which, when take modulo 26, becomes[17 17 11
]and this corresponds to RRL.Continuing in this way, the ciphertext for the whole plaintext is
RRLMWBKASPDH
Decryption with the Hill Cipher
Decryption requires using the inverse of the matrix K. First,∣∣∣∣∣∣17 17 521 18 212 2 19
∣∣∣∣∣∣ = 23 6= 0
K−1 =
4 9 1515 17 624 0 17
when taken modulo 26.If K−1 is applied to the ciphertext, then the plaintext is easilyrecovered.[
17 17 11]
K−1 =[
587 442 544](mod 26)
=[
15 0 24]
Decryption with the Hill Cipher
Decryption requires using the inverse of the matrix K. First,∣∣∣∣∣∣17 17 521 18 212 2 19
∣∣∣∣∣∣ = 23 6= 0
K−1 =
4 9 1515 17 624 0 17
when taken modulo 26.
If K−1 is applied to the ciphertext, then the plaintext is easilyrecovered.[
17 17 11]
K−1 =[
587 442 544](mod 26)
=[
15 0 24]
Decryption with the Hill Cipher
Decryption requires using the inverse of the matrix K. First,∣∣∣∣∣∣17 17 521 18 212 2 19
∣∣∣∣∣∣ = 23 6= 0
K−1 =
4 9 1515 17 624 0 17
when taken modulo 26.If K−1 is applied to the ciphertext, then the plaintext is easilyrecovered.[
17 17 11]
K−1 =[
587 442 544](mod 26)
=[
15 0 24]
What’s Good and Bad
As with the Playfair cipher, the strength of the Hill cipher is that itcompletely hides single letter frequencies.
As with Hill, the use of larger matrices hides more frequencyinformation.For example, K ∈M3 hides 2 letter frequencies.Although the Hill cipher is strong against the cipher-only attack, it iseasily broken down with a known plaintext attack.If we have an m× m Hill cipher, suppose we have m plaintext-ciphertext pairs, each of length m. We label the pairs⇀P j = (p1j, p2j, . . . , pmj) and
⇀C j = (c1j, c2j, . . . , cmj) such that
⇀C j =
⇀P jK for 1 ≤ j ≤ m and for some unknown key matrix K.
Now, define X,Y ∈Mm such that X = (pij) and Y = (cij). Then wecan form the equation Y = XK. If X is invertible, K = X−1Y and weare done. If not, then a new version of X can be formed withadditional plaintext-ciphertext pairs until and invertible X is obtained.
What’s Good and Bad
As with the Playfair cipher, the strength of the Hill cipher is that itcompletely hides single letter frequencies.As with Hill, the use of larger matrices hides more frequencyinformation.
For example, K ∈M3 hides 2 letter frequencies.Although the Hill cipher is strong against the cipher-only attack, it iseasily broken down with a known plaintext attack.If we have an m× m Hill cipher, suppose we have m plaintext-ciphertext pairs, each of length m. We label the pairs⇀P j = (p1j, p2j, . . . , pmj) and
⇀C j = (c1j, c2j, . . . , cmj) such that
⇀C j =
⇀P jK for 1 ≤ j ≤ m and for some unknown key matrix K.
Now, define X,Y ∈Mm such that X = (pij) and Y = (cij). Then wecan form the equation Y = XK. If X is invertible, K = X−1Y and weare done. If not, then a new version of X can be formed withadditional plaintext-ciphertext pairs until and invertible X is obtained.
What’s Good and Bad
As with the Playfair cipher, the strength of the Hill cipher is that itcompletely hides single letter frequencies.As with Hill, the use of larger matrices hides more frequencyinformation.For example, K ∈M3 hides 2 letter frequencies.
Although the Hill cipher is strong against the cipher-only attack, it iseasily broken down with a known plaintext attack.If we have an m× m Hill cipher, suppose we have m plaintext-ciphertext pairs, each of length m. We label the pairs⇀P j = (p1j, p2j, . . . , pmj) and
⇀C j = (c1j, c2j, . . . , cmj) such that
⇀C j =
⇀P jK for 1 ≤ j ≤ m and for some unknown key matrix K.
Now, define X,Y ∈Mm such that X = (pij) and Y = (cij). Then wecan form the equation Y = XK. If X is invertible, K = X−1Y and weare done. If not, then a new version of X can be formed withadditional plaintext-ciphertext pairs until and invertible X is obtained.
What’s Good and Bad
As with the Playfair cipher, the strength of the Hill cipher is that itcompletely hides single letter frequencies.As with Hill, the use of larger matrices hides more frequencyinformation.For example, K ∈M3 hides 2 letter frequencies.Although the Hill cipher is strong against the cipher-only attack, it iseasily broken down with a known plaintext attack.
If we have an m× m Hill cipher, suppose we have m plaintext-ciphertext pairs, each of length m. We label the pairs⇀P j = (p1j, p2j, . . . , pmj) and
⇀C j = (c1j, c2j, . . . , cmj) such that
⇀C j =
⇀P jK for 1 ≤ j ≤ m and for some unknown key matrix K.
Now, define X,Y ∈Mm such that X = (pij) and Y = (cij). Then wecan form the equation Y = XK. If X is invertible, K = X−1Y and weare done. If not, then a new version of X can be formed withadditional plaintext-ciphertext pairs until and invertible X is obtained.
What’s Good and Bad
As with the Playfair cipher, the strength of the Hill cipher is that itcompletely hides single letter frequencies.As with Hill, the use of larger matrices hides more frequencyinformation.For example, K ∈M3 hides 2 letter frequencies.Although the Hill cipher is strong against the cipher-only attack, it iseasily broken down with a known plaintext attack.If we have an m× m Hill cipher, suppose we have m plaintext-ciphertext pairs, each of length m. We label the pairs⇀P j = (p1j, p2j, . . . , pmj) and
⇀C j = (c1j, c2j, . . . , cmj) such that
⇀C j =
⇀P jK for 1 ≤ j ≤ m and for some unknown key matrix K.
Now, define X,Y ∈Mm such that X = (pij) and Y = (cij). Then wecan form the equation Y = XK. If X is invertible, K = X−1Y and weare done. If not, then a new version of X can be formed withadditional plaintext-ciphertext pairs until and invertible X is obtained.
What’s Good and Bad
As with the Playfair cipher, the strength of the Hill cipher is that itcompletely hides single letter frequencies.As with Hill, the use of larger matrices hides more frequencyinformation.For example, K ∈M3 hides 2 letter frequencies.Although the Hill cipher is strong against the cipher-only attack, it iseasily broken down with a known plaintext attack.If we have an m× m Hill cipher, suppose we have m plaintext-ciphertext pairs, each of length m. We label the pairs⇀P j = (p1j, p2j, . . . , pmj) and
⇀C j = (c1j, c2j, . . . , cmj) such that
⇀C j =
⇀P jK for 1 ≤ j ≤ m and for some unknown key matrix K.
Now, define X,Y ∈Mm such that X = (pij) and Y = (cij). Then wecan form the equation Y = XK. If X is invertible, K = X−1Y and weare done. If not, then a new version of X can be formed withadditional plaintext-ciphertext pairs until and invertible X is obtained.
Cracking the Hill Algorithm
ExampleSuppose the plaintext ‘hill cipher’ is encrypted using a 2× 2 Hillcipher to yield the ciphertext HCRZSSXNSP. Find the encryption key.
Based on the plaintext-cipher text pairs we have, we can set up thefollowing: [
7 8]
K(mod 26) =[
7 2][
11 11]
K(mod 26) =[
17 25]
and so forth.
Cracking the Hill Algorithm
ExampleSuppose the plaintext ‘hill cipher’ is encrypted using a 2× 2 Hillcipher to yield the ciphertext HCRZSSXNSP. Find the encryption key.
Based on the plaintext-cipher text pairs we have, we can set up thefollowing: [
7 8]
K(mod 26) =[
7 2][
11 11]
K(mod 26) =[
17 25]
and so forth.
Cracking the Hill Algorithm
Using the first two plaintext-ciphertext pairs, we have[7 2
17 25
]=
[7 8
11 11
]K(mod 26)
Now, we need to find the inverse of P. Since this is a 2× 2 system, wehave the following algorithm:
P−1 =
[a bd d
]−1
=1
det(P)
[d -b-c a
]
Cracking the Hill Algorithm
Using the first two plaintext-ciphertext pairs, we have[7 2
17 25
]=
[7 8
11 11
]K(mod 26)
Now, we need to find the inverse of P. Since this is a 2× 2 system, wehave the following algorithm:
P−1 =
[a bd d
]−1
=1
det(P)
[d -b-c a
]
Cracking the Hill Algorithm
If P−1 exists, then |P| 6= 0. Here ,∣∣∣∣ 7 811 11
∣∣∣∣ = −11 6= 0
So, we have that
P−1 =1−11
[11 -8-11 7
](mod 26)
Cracking the Hill Algorithm
If P−1 exists, then |P| 6= 0. Here ,∣∣∣∣ 7 811 11
∣∣∣∣ = −11 6= 0
So, we have that
P−1 =1−11
[11 -8-11 7
](mod 26)
Cracking the Hill Algorithm
We need to rewrite modulo 26, which means no negatives and nofractions.
First, −11 ≡ 15(mod 26), so we can replace 1−11 with 1
15 . Next, weneed to represent 1
15 as an integer.To do so, consider that 15 · 1
15 ≡ 1(mod 26). So what we need is aninteger such that the product of that integer and 15 is congruent to 1modulo 26. Here, the integer we seek is 7.
Cracking the Hill Algorithm
We need to rewrite modulo 26, which means no negatives and nofractions.First, −11 ≡ 15(mod 26), so we can replace 1
−11 with 115 . Next, we
need to represent 115 as an integer.
To do so, consider that 15 · 115 ≡ 1(mod 26). So what we need is an
integer such that the product of that integer and 15 is congruent to 1modulo 26. Here, the integer we seek is 7.
Cracking the Hill Algorithm
We need to rewrite modulo 26, which means no negatives and nofractions.First, −11 ≡ 15(mod 26), so we can replace 1
−11 with 115 . Next, we
need to represent 115 as an integer.
To do so, consider that 15 · 115 ≡ 1(mod 26). So what we need is an
integer such that the product of that integer and 15 is congruent to 1modulo 26. Here, the integer we seek is 7.
Cracking the Hill Algorithm
At this point we now have
P−1 = 7[
11 -8-11 7
](mod 26)
We multiply through to get
P−1 =
[77 -56-77 49
](mod 26)
And finally, when we take this modulo 26, we get[7 8
11 11
]−1
=
[25 221 23
]
Cracking the Hill Algorithm
At this point we now have
P−1 = 7[
11 -8-11 7
](mod 26)
We multiply through to get
P−1 =
[77 -56-77 49
](mod 26)
And finally, when we take this modulo 26, we get[7 8
11 11
]−1
=
[25 221 23
]
Cracking the Hill Algorithm
At this point we now have
P−1 = 7[
11 -8-11 7
](mod 26)
We multiply through to get
P−1 =
[77 -56-77 49
](mod 26)
And finally, when we take this modulo 26, we get[7 8
11 11
]−1
=
[25 221 23
]
Cracking the Hill Algorithm
So,
K =
[25 221 23
] [7 217 25
]=
[549 600398 577
](mod 26)
Which reduces to
K =
[3 28 5
]
Cracking the Hill Algorithm
So,
K =
[25 221 23
] [7 217 25
]=
[549 600398 577
](mod 26)
Which reduces to
K =
[3 28 5
]
Permutation Ciphers
How many of you remember what a permutation is from abstractalgebra?
DefinitionA permutation π : S→ S such that π is a bijection.
We can use permutations to encrypt plaintext by arranging the lettersin blocks of an appropriate length and then permuting within eachone.
Permutation Ciphers
How many of you remember what a permutation is from abstractalgebra?
DefinitionA permutation π : S→ S such that π is a bijection.
We can use permutations to encrypt plaintext by arranging the lettersin blocks of an appropriate length and then permuting within eachone.
Permutation Ciphers
How many of you remember what a permutation is from abstractalgebra?
DefinitionA permutation π : S→ S such that π is a bijection.
We can use permutations to encrypt plaintext by arranging the lettersin blocks of an appropriate length and then permuting within eachone.
Permutation Cipher Example
ExampleIf our plaintext is ‘lets go black and gold’, use the permutationπ = (13)(254) to encrypt.
The length of the permutation tells us that we want to break theplaintext into blocks of length 5.
letsg oblac kandg oldxx
Next, apply π to each block.
letsg oblac kandg oldxxtgles lcoba ngkad dxolx
Finally, we have
TGLESLCOBANGKADDXOLX
Permutation Cipher Example
ExampleIf our plaintext is ‘lets go black and gold’, use the permutationπ = (13)(254) to encrypt.
The length of the permutation tells us that we want to break theplaintext into blocks of length 5.
letsg oblac kandg oldxx
Next, apply π to each block.
letsg oblac kandg oldxxtgles lcoba ngkad dxolx
Finally, we have
TGLESLCOBANGKADDXOLX
Permutation Cipher Example
ExampleIf our plaintext is ‘lets go black and gold’, use the permutationπ = (13)(254) to encrypt.
The length of the permutation tells us that we want to break theplaintext into blocks of length 5.
letsg oblac kandg oldxx
Next, apply π to each block.
letsg oblac kandg oldxxtgles lcoba ngkad dxolx
Finally, we have
TGLESLCOBANGKADDXOLX
Permutation Cipher Example
ExampleIf our plaintext is ‘lets go black and gold’, use the permutationπ = (13)(254) to encrypt.
The length of the permutation tells us that we want to break theplaintext into blocks of length 5.
letsg oblac kandg oldxx
Next, apply π to each block.
letsg oblac kandg oldxxtgles lcoba ngkad dxolx
Finally, we have
TGLESLCOBANGKADDXOLX
Decryption of the Permutation Cipher
To decrypt, we need to find the inverse of the permutation and apply itto the cipher text.
Do we remember how to find the inverse of a permutation?
Example
Find π−1 for π = (13)(254).
We reverse the cycles and invert the order.
π−1 = (452)(31) = (452)(13)
Decryption of the Permutation Cipher
To decrypt, we need to find the inverse of the permutation and apply itto the cipher text.Do we remember how to find the inverse of a permutation?
Example
Find π−1 for π = (13)(254).
We reverse the cycles and invert the order.
π−1 = (452)(31) = (452)(13)
Decryption of the Permutation Cipher
To decrypt, we need to find the inverse of the permutation and apply itto the cipher text.Do we remember how to find the inverse of a permutation?
Example
Find π−1 for π = (13)(254).
We reverse the cycles and invert the order.
π−1 = (452)(31) = (452)(13)
Attacks on the Permutation Cipher
This cipher is easily beatable with a known plaintext attack
We could also use brute force
DefinitionA brute force attack involves trying all possible arrangements of theletters in a ciphertext to find the associated plaintext
Attacks on the Permutation Cipher
This cipher is easily beatable with a known plaintext attack
We could also use brute force
DefinitionA brute force attack involves trying all possible arrangements of theletters in a ciphertext to find the associated plaintext
Attacks on the Permutation Cipher
This cipher is easily beatable with a known plaintext attack
We could also use brute force
DefinitionA brute force attack involves trying all possible arrangements of theletters in a ciphertext to find the associated plaintext
Decryption with the Permutation Cipher
ExampleDecrypt
TGLESLCOBANGKADDXOLX
with only the knowledge that it was encrypted with a permutationcipher.
Where do we start?Size of blocks must be divisor of 20.Why can we rule out key size 2?No two letter words made up of T and G.
Decryption with the Permutation Cipher
ExampleDecrypt
TGLESLCOBANGKADDXOLX
with only the knowledge that it was encrypted with a permutationcipher.
Where do we start?
Size of blocks must be divisor of 20.Why can we rule out key size 2?No two letter words made up of T and G.
Decryption with the Permutation Cipher
ExampleDecrypt
TGLESLCOBANGKADDXOLX
with only the knowledge that it was encrypted with a permutationcipher.
Where do we start?Size of blocks must be divisor of 20.
Why can we rule out key size 2?No two letter words made up of T and G.
Decryption with the Permutation Cipher
ExampleDecrypt
TGLESLCOBANGKADDXOLX
with only the knowledge that it was encrypted with a permutationcipher.
Where do we start?Size of blocks must be divisor of 20.Why can we rule out key size 2?
No two letter words made up of T and G.
Decryption with the Permutation Cipher
ExampleDecrypt
TGLESLCOBANGKADDXOLX
with only the knowledge that it was encrypted with a permutationcipher.
Where do we start?Size of blocks must be divisor of 20.Why can we rule out key size 2?No two letter words made up of T and G.
Decryption with the Permutation Cipher
Next we try key length 4. Can we instantly rule this out?
No, since the first 4 letters are TGLE, which could give ‘GET L’
T G L ES L C OB A N GK A D DX O L X
Notice the last row and the X’s ...Possible last rows: OLXX and LOXXPossible 4th rows: ADKD, ADDK, DAKD and DADK
Decryption with the Permutation Cipher
Next we try key length 4. Can we instantly rule this out?No, since the first 4 letters are TGLE, which could give ‘GET L’
T G L ES L C OB A N GK A D DX O L X
Notice the last row and the X’s ...Possible last rows: OLXX and LOXXPossible 4th rows: ADKD, ADDK, DAKD and DADK
Decryption with the Permutation Cipher
Next we try key length 4. Can we instantly rule this out?No, since the first 4 letters are TGLE, which could give ‘GET L’
T G L ES L C OB A N GK A D DX O L X
Notice the last row and the X’s ...Possible last rows: OLXX and LOXXPossible 4th rows: ADKD, ADDK, DAKD and DADK
Decryption with the Permutation Cipher
Next we try key length 4. Can we instantly rule this out?No, since the first 4 letters are TGLE, which could give ‘GET L’
T G L ES L C OB A N GK A D DX O L X
Notice the last row and the X’s ...
Possible last rows: OLXX and LOXXPossible 4th rows: ADKD, ADDK, DAKD and DADK
Decryption with the Permutation Cipher
Next we try key length 4. Can we instantly rule this out?No, since the first 4 letters are TGLE, which could give ‘GET L’
T G L ES L C OB A N GK A D DX O L X
Notice the last row and the X’s ...Possible last rows: OLXX and LOXX
Possible 4th rows: ADKD, ADDK, DAKD and DADK
Decryption with the Permutation Cipher
Next we try key length 4. Can we instantly rule this out?No, since the first 4 letters are TGLE, which could give ‘GET L’
T G L ES L C OB A N GK A D DX O L X
Notice the last row and the X’s ...Possible last rows: OLXX and LOXXPossible 4th rows: ADKD, ADDK, DAKD and DADK
Decryption with the Permutation Cipher
We look at the first 5 letters and we see that we have LETS G, so wecannot rule out 5 for a length. We again set up an array.
T G L E SL C O B AN G K A DD X O L X
If we begin with LETS G, we arrange the other rows using the samepermutation.
l e t s go b l a ck a n d go l d x x
And if we rewrite with appropriate spacing, we’d have our plaintext.
Decryption with the Permutation Cipher
We look at the first 5 letters and we see that we have LETS G, so wecannot rule out 5 for a length. We again set up an array.
T G L E SL C O B AN G K A DD X O L X
If we begin with LETS G, we arrange the other rows using the samepermutation.
l e t s go b l a ck a n d go l d x x
And if we rewrite with appropriate spacing, we’d have our plaintext.
Column Permutation Ciphers
We again are using a permutation, and the initial encoding is not thatunlike the permutation cipher. The difference is, instead of justpermuting a block, we permute all of them simultaneously and thenwrite the ciphertext by taking the columns in the same orientation asthe permutation.
Example
Using the permutation π = (13)(24), encrypt the message
this is a sample plaintext
Encrypting with a Column Permutation Cipher
First we arrange the plaintext into an array with rows of length 4.
t h i si s a sa m p le p l ai n t ex t x x
with padding at the end to make all rows the same length.
Encrypting with a Column Permutation Cipher
Then we permute based on π.
3 4 1 2t h i si s a sa m p le p l ai n t ex t x x
The corresponding ciphertext is
IAPLTXSSLAEXTIAEIXHSMPNT
Encrypting with a Column Permutation Cipher
Then we permute based on π.
3 4 1 2t h i si s a sa m p le p l ai n t ex t x x
The corresponding ciphertext is
IAPLTXSSLAEXTIAEIXHSMPNT
Decryption with a Column Permutation Cipher
Here again, we know the key length must be a divisor of the numberof characters in the ciphertext. In our last example, the length is 24, sowe know there are 2,3,4,6,8,12 or 24 columns.
Here is a trick to guess this key length - 40% of letters in any stretchof English text are vowels. So we can use probability to help us. Wecan arrange into a number of columns and do a frequency analysis tosee if it makes sense.
Decryption with a Column Permutation Cipher
Here again, we know the key length must be a divisor of the numberof characters in the ciphertext. In our last example, the length is 24, sowe know there are 2,3,4,6,8,12 or 24 columns.
Here is a trick to guess this key length - 40% of letters in any stretchof English text are vowels. So we can use probability to help us. Wecan arrange into a number of columns and do a frequency analysis tosee if it makes sense.
Decryption Example with a Column Permutation Cipher
ExampleIf we know the following Ciphertext was encrypted usIng a columnPermutation cipHer, decodE the cipheRtext.
WEDENODTURTKRHNSUKUXNSOSOIJOQRHYGWGRHTTTEAEATHEOAEHEGIFISOAX
There are 60 characters here, so we know the number of columns is adivisor of 60.60 is a small number, so frequency analysis may be tough since thereis such a small sample size.
Decryption Example with a Column Permutation Cipher
ExampleIf we know the following Ciphertext was encrypted usIng a columnPermutation cipHer, decodE the cipheRtext.
WEDENODTURTKRHNSUKUXNSOSOIJOQRHYGWGRHTTTEAEATHEOAEHEGIFISOAX
There are 60 characters here, so we know the number of columns is adivisor of 60.
60 is a small number, so frequency analysis may be tough since thereis such a small sample size.
Decryption Example with a Column Permutation Cipher
ExampleIf we know the following Ciphertext was encrypted usIng a columnPermutation cipHer, decodE the cipheRtext.
WEDENODTURTKRHNSUKUXNSOSOIJOQRHYGWGRHTTTEAEATHEOAEHEGIFISOAX
There are 60 characters here, so we know the number of columns is adivisor of 60.60 is a small number, so frequency analysis may be tough since thereis such a small sample size.
Be Clever with Attacks
WEDENODTURTKRHNSUKUXNSOSOIJOQRHYGWGRHTTTEAEATHEOAEHEGIFISOAX
The 20th and 60th letter are both X, so we may guess that those werenull letters at the bottom of columns.Good choices for the number of columns?The number of rows is a divisor of 60 and a multiple of 10. Thatwould leave us with 10, 20 or 30 rows.
Be Clever with Attacks
WEDENODTURTKRHNSUKUXNSOSOIJOQRHYGWGRHTTTEAEATHEOAEHEGIFISOAX
The 20th and 60th letter are both X, so we may guess that those werenull letters at the bottom of columns.
Good choices for the number of columns?The number of rows is a divisor of 60 and a multiple of 10. Thatwould leave us with 10, 20 or 30 rows.
Be Clever with Attacks
WEDENODTURTKRHNSUKUXNSOSOIJOQRHYGWGRHTTTEAEATHEOAEHEGIFISOAX
The 20th and 60th letter are both X, so we may guess that those werenull letters at the bottom of columns.Good choices for the number of columns?
The number of rows is a divisor of 60 and a multiple of 10. Thatwould leave us with 10, 20 or 30 rows.
Be Clever with Attacks
WEDENODTURTKRHNSUKUXNSOSOIJOQRHYGWGRHTTTEAEATHEOAEHEGIFISOAX
The 20th and 60th letter are both X, so we may guess that those werenull letters at the bottom of columns.Good choices for the number of columns?The number of rows is a divisor of 60 and a multiple of 10. Thatwould leave us with 10, 20 or 30 rows.
Decryption with a Column Permutation Cipher
So let’s start with 10, which would mean there are 6 columns.
W T N H E HE K S Y A ED R O G E GE H S W A IN N O G T FO S I R H ID U J H E ST K O T O OU U Q T A AR X R T E X
Decryption with a Column Permutation Cipher
Then, we reorder them with the two columns that end in X as the lasttwo. From there, we want to permute the first four columns until wefind an arrangement that makes sense.
w h e n t he y a s k ed g e o r ge w a s h in g t o n fo r h i s id h e j u st t o o k ou t a q u ar t e r x x
when they asked george washington for his id, he just tookout a quarter.
Decryption with a Column Permutation Cipher
Then, we reorder them with the two columns that end in X as the lasttwo. From there, we want to permute the first four columns until wefind an arrangement that makes sense.
w h e n t he y a s k ed g e o r ge w a s h in g t o n fo r h i s id h e j u st t o o k ou t a q u ar t e r x x
when they asked george washington for his id, he just tookout a quarter.
Decryption with a Column Permutation Cipher
Then, we reorder them with the two columns that end in X as the lasttwo. From there, we want to permute the first four columns until wefind an arrangement that makes sense.
w h e n t he y a s k ed g e o r ge w a s h in g t o n fo r h i s id h e j u st t o o k ou t a q u ar t e r x x
when they asked george washington for his id, he just tookout a quarter.
Double Transposition Cipher
Here we take the original plaintext P and encipher it using acolumn transposition with one keyword creating an intermediateciphertext C′
Then we will encipher C′ using a second keyword in a columntransposition creating the final ciphertext C
It is not necessary for the two keywords to be of the same length
If necessary, we can pad C′ with null characters so that itbecomes the appropriate length
Double Transposition Cipher
Here we take the original plaintext P and encipher it using acolumn transposition with one keyword creating an intermediateciphertext C′
Then we will encipher C′ using a second keyword in a columntransposition creating the final ciphertext C
It is not necessary for the two keywords to be of the same length
If necessary, we can pad C′ with null characters so that itbecomes the appropriate length
Double Transposition Cipher
Here we take the original plaintext P and encipher it using acolumn transposition with one keyword creating an intermediateciphertext C′
Then we will encipher C′ using a second keyword in a columntransposition creating the final ciphertext C
It is not necessary for the two keywords to be of the same length
If necessary, we can pad C′ with null characters so that itbecomes the appropriate length
Double Transposition Cipher
Here we take the original plaintext P and encipher it using acolumn transposition with one keyword creating an intermediateciphertext C′
Then we will encipher C′ using a second keyword in a columntransposition creating the final ciphertext C
It is not necessary for the two keywords to be of the same length
If necessary, we can pad C′ with null characters so that itbecomes the appropriate length
Double Transposition Cipher Example
ExampleSuppose we wanted to encrypt the plaintext
it better stop raining before the game
using a double transposition cipher with keywords redsox andbaseball. Find the ciphertext.
First, we arrange the plaintext in an array with rows of length 6.
i t b e t te r s t o pr a i n i ng b e f o re t h e g am e x x x x
Why did we use 6 for the row length? That is the length of our firstkeyword.
Double Transposition Cipher Example
ExampleSuppose we wanted to encrypt the plaintext
it better stop raining before the game
using a double transposition cipher with keywords redsox andbaseball. Find the ciphertext.
First, we arrange the plaintext in an array with rows of length 6.
i t b e t te r s t o pr a i n i ng b e f o re t h e g am e x x x x
Why did we use 6 for the row length?
That is the length of our firstkeyword.
Double Transposition Cipher Example
ExampleSuppose we wanted to encrypt the plaintext
it better stop raining before the game
using a double transposition cipher with keywords redsox andbaseball. Find the ciphertext.
First, we arrange the plaintext in an array with rows of length 6.
i t b e t te r s t o pr a i n i ng b e f o re t h e g am e x x x x
Why did we use 6 for the row length? That is the length of our firstkeyword.
Double Transposition Cipher Example
R E D S O Xi t b e t te r s t o pr a i n i ng b e f o re t h e g am e x x x x
Double Transposition Cipher Example
Now we include numerical values.
R E D S O X4 2 1 5 3 6i t b e t te r s t o pr a i n i ng b e f o re t h e g am e x x x x
Now, we get our intermediate ciphertext by taking the columns inorder.C′: BSIEHXTRABTETOIOGXIERGEMETNFEXTPNRAX
Double Transposition Cipher Example
Now we include numerical values.
R E D S O X4 2 1 5 3 6i t b e t te r s t o pr a i n i ng b e f o re t h e g am e x x x x
Now, we get our intermediate ciphertext by taking the columns inorder.C′: BSIEHXTRABTETOIOGXIERGEMETNFEXTPNRAX
Double Transposition Cipher Example
Now we take this ciphertext and make a new array with this brokeninto rows of length 8.
B S I E H X T RA B T E T O I OG X I E R G E ME T N F E X T PN R A X Z Z Z Z
Double Transposition Cipher Example
Now we take this ciphertext and make a new array with this brokeninto rows of length 8.
B S I E H X T RA B T E T O I OG X I E R G E ME T N F E X T PN R A X Z Z Z Z
Double Transposition Cipher Example
B A S E B A L LB S I E H X T RA B T E T O I OG X I E R G E ME T N F E X T PN R A X Z Z Z Z
Double Transposition Cipher Example
B A S E B A L L3 1 8 5 4 2 6 7B S I E H X T RA B T E T O I OG X I E R G E ME T N F E X T PN R A X Z Z Z Z
We now do the same with this keyword as we did with the last one.Since there is repetition of letters, we assign the smaller value to theone that appears first in the keyword.
Now we take the columns in numerical order to get our finalciphertext.C: SBXTRXOGXZBAGENHTREZEEEFXTIETZROMPZITINA
Double Transposition Cipher Example
B A S E B A L L3 1 8 5 4 2 6 7B S I E H X T RA B T E T O I OG X I E R G E ME T N F E X T PN R A X Z Z Z Z
We now do the same with this keyword as we did with the last one.Since there is repetition of letters, we assign the smaller value to theone that appears first in the keyword.Now we take the columns in numerical order to get our finalciphertext.C: SBXTRXOGXZBAGENHTREZEEEFXTIETZROMPZITINA
Cryptanalysis on Double Transposition Ciphers
collect several ciphertexts of the same length and line them up,one right underneath the other
Then attempt to permute the columns in such a way that all ofthe rows make sense
it still makes sense to try to utilize the information about thepercentage of vowels in a piece of English
there are many more letters to permute, the task is most definitelymuch more difficult than breaking a single column transposition
Cryptanalysis on Double Transposition Ciphers
collect several ciphertexts of the same length and line them up,one right underneath the other
Then attempt to permute the columns in such a way that all ofthe rows make sense
it still makes sense to try to utilize the information about thepercentage of vowels in a piece of English
there are many more letters to permute, the task is most definitelymuch more difficult than breaking a single column transposition
Cryptanalysis on Double Transposition Ciphers
collect several ciphertexts of the same length and line them up,one right underneath the other
Then attempt to permute the columns in such a way that all ofthe rows make sense
it still makes sense to try to utilize the information about thepercentage of vowels in a piece of English
there are many more letters to permute, the task is most definitelymuch more difficult than breaking a single column transposition
Cryptanalysis on Double Transposition Ciphers
collect several ciphertexts of the same length and line them up,one right underneath the other
Then attempt to permute the columns in such a way that all ofthe rows make sense
it still makes sense to try to utilize the information about thepercentage of vowels in a piece of English
there are many more letters to permute, the task is most definitelymuch more difficult than breaking a single column transposition
Can You Decipher?
ExampleSuppose you intercepted the following message:
YRGSFCGUBANILNNRDLGOCLEXNEATRAHHLAEOOITXAGUAOETT
You think it is a quote from a famous comedian. Decipher thisciphertext.
Solution
We have to realize that this is a column permutation cipher and thatthe code word is ‘Carlin’. Once we do, we see that we should set thisup with 6 columns.
Y B D N L AR A L E A GG N G A E US I O T O AF L C R O OC N L A I EG N E H T TU R X H X T
Solution
We have to realize that this is a column permutation cipher and thatthe code word is ‘Carlin’. Once we do, we see that we should set thisup with 6 columns.
Y B D N L AR A L E A GG N G A E US I O T O AF L C R O OC N L A I EG N E H T TU R X H X T
Solution
Now, we can use the code word Carlin.
A C I L N RY B D N L AR A L E A GG N G A E US I O T O AF L C R O OC N L A I EG N E H T TU R X H X T
Solution
When we reorder, we get
C A R L I Nb y a n d la r g e l an g u a g ei s a t o ol f o r c on c e a l in g t h e tr u t h x x
Which gives us
By and large, language is a tool for concealing the truth.
Solution
When we reorder, we get
C A R L I Nb y a n d la r g e l an g u a g ei s a t o ol f o r c on c e a l in g t h e tr u t h x x
Which gives us
By and large, language is a tool for concealing the truth.
Another Decryption
ExampleFind the plaintext for the following ciphertext, given that a doubletransposition cipher was used, and it is attributed to an UnknownAthlete.
NELT NXCHU PITT IRCRA OTYA WNEUXL OGUGEXLCI TOUT ODTTI NYRG PIIIE TCGN ATRT
Solution
The keywords we need here are unknown and athlete. We first countto see that there are 63 characters, and since the keyword ‘athlete’ has7 letters, we need 9 rows. So, we break this ciphertext into sets of 9and make them the columns.
N P O L I I EE I T O T N TL T Y G O Y CT T A U U R GN I W G T G NX R N E O P AC C E X D I TH R U L T I RU A X C T I T
Solution
The keywords we need here are unknown and athlete. We first countto see that there are 63 characters, and since the keyword ‘athlete’ has7 letters, we need 9 rows. So, we break this ciphertext into sets of 9and make them the columns.
N P O L I I EE I T O T N TL T Y G O Y CT T A U U R GN I W G T G NX R N E O P AC C E X D I TH R U L T I RU A X C T I T
Solution
Now we use the keyword to see how to rearrange.
A E E H L T TN P O L I I EE I T O T N TL T Y G O Y CT T A U U R GN I W G T G NX R N E O P AC C E X D I TH R U L T I RU A X C T I T
Solution
A T H L E T EN I L I P E OE N O T I T TL Y G O T C YT R U U T G AN G G T I N WX P E O R A NC I X D C T EH I L T R R UU I C T A T X
This gives the intermediate ciphertext
NILIPEOENOTITTLYGOTCYTRUUTGANGGTINWXPEORANCIXDCTEHILTRRUUICTATX
Solution
A T H L E T EN I L I P E OE N O T I T TL Y G O T C YT R U U T G AN G G T I N WX P E O R A NC I X D C T EH I L T R R UU I C T A T X
This gives the intermediate ciphertext
NILIPEOENOTITTLYGOTCYTRUUTGANGGTINWXPEORANCIXDCTEHILTRRUUICTATX
Solution
And now we have another keyword with 7 letters, so we use thisciphertext to write the 9 rows of the next grid.
N O T A P D RI T C N E C UL I Y G O T UI T T G R E IP T R T A H CE L U I N I TO Y U N C L AE G T W I T TN O G X X R X
Solution
And now we have another keyword with 7 letters, so we use thisciphertext to write the 9 rows of the next grid.
N O T A P D RI T C N E C UL I Y G O T UI T T G R E IP T R T A H CE L U I N I TO Y U N C L AE G T W I T TN O G X X R X
Solution
Now we factor in the other keyword
K N N N O U WN O T A P D RI T C N E C UL I Y G O T UI T T G R E IP T R T A H CE L U I N I TO Y U N C L AE G T W I T TN O G X X R X
Solution
and rearrange accordingly
U N K N O W ND O N T P R AC T I C E U NT I L Y O U GE T I T R I GH T P R A C TI C E U N T IL Y O U C A NT G E T I T WR O N G X X X
which reveals the message
Don’t practice until you get it right; practice until you can’tget it wrong.
Solution
and rearrange accordingly
U N K N O W ND O N T P R AC T I C E U NT I L Y O U GE T I T R I GH T P R A C TI C E U N T IL Y O U C A NT G E T I T WR O N G X X X
which reveals the message
Don’t practice until you get it right; practice until you can’tget it wrong.
Hill Example
ExampleThe ciphertext YIFZMA was encrypted by a Hill cipher with thematrix [
9 132 3
]Find the plaintext.
What do we need to do? Let’s start with the inverse.
K−1 =
[3 -13-2 9
]and
Y = 24 I = 8 F = 5Z = 25 M = 12 A = 0
Hill Example
ExampleThe ciphertext YIFZMA was encrypted by a Hill cipher with thematrix [
9 132 3
]Find the plaintext.
What do we need to do?
Let’s start with the inverse.
K−1 =
[3 -13-2 9
]and
Y = 24 I = 8 F = 5Z = 25 M = 12 A = 0
Hill Example
ExampleThe ciphertext YIFZMA was encrypted by a Hill cipher with thematrix [
9 132 3
]Find the plaintext.
What do we need to do? Let’s start with the inverse.
K−1 =
[3 -13-2 9
]and
Y = 24 I = 8 F = 5Z = 25 M = 12 A = 0
Hill Example
ExampleThe ciphertext YIFZMA was encrypted by a Hill cipher with thematrix [
9 132 3
]Find the plaintext.
What do we need to do? Let’s start with the inverse.
K−1 =
[3 -13-2 9
]and
Y = 24 I = 8 F = 5Z = 25 M = 12 A = 0
Solution
Then,
[24 8
] [ 3 -13-2 9
]=[
56 -240]=[
4 20]
This gives eu as the start to the plaintext.
[5 25
] [ 3 -13-2 9
]=[
-35 160]=[
17 4]
which gives reand finally
[12 0
] [ 3 -13-2 9
]=[
36 -156]=[
15 0]
which gives ka.Take all together, eureka the plaintext.
Solution
Then,
[24 8
] [ 3 -13-2 9
]=[
56 -240]=[
4 20]
This gives eu as the start to the plaintext.
[5 25
] [ 3 -13-2 9
]=[
-35 160]=[
17 4]
which gives re
and finally
[12 0
] [ 3 -13-2 9
]=[
36 -156]=[
15 0]
which gives ka.Take all together, eureka the plaintext.
Solution
Then,
[24 8
] [ 3 -13-2 9
]=[
56 -240]=[
4 20]
This gives eu as the start to the plaintext.
[5 25
] [ 3 -13-2 9
]=[
-35 160]=[
17 4]
which gives reand finally
[12 0
] [ 3 -13-2 9
]=[
36 -156]=[
15 0]
which gives ka.Take all together, eureka the plaintext.
Affine Example
ExampleThe ciphertext UCR was encrypted using the affine function
(9x + 2)(mod 26)
Find the plaintext.
First, we find the numerical values corresponding to UCR.
U 7→ 20
C 7→ 2
R 7→ 17
If y = 9x + 2(mod 26), then we need to find y−1.
Affine Example
ExampleThe ciphertext UCR was encrypted using the affine function
(9x + 2)(mod 26)
Find the plaintext.
First, we find the numerical values corresponding to UCR.
U 7→ 20
C 7→ 2
R 7→ 17
If y = 9x + 2(mod 26), then we need to find y−1.
Solution
y−1 ≡ 19(x− 2)(mod 26)
≡ 3(x− 2)(mod 26)
Now we can decrypt.
U : y−1 = 3(20− 2)(mod 26)
≡ 54(mod 26)
≡ 2(mod 26)
7→ c
C : y−1 = 3(2− 2)(mod 26)
≡ 0(mod 26)
7→ a
Solution
y−1 ≡ 19(x− 2)(mod 26)
≡ 3(x− 2)(mod 26)
Now we can decrypt.
U : y−1 = 3(20− 2)(mod 26)
≡ 54(mod 26)
≡ 2(mod 26)
7→ c
C : y−1 = 3(2− 2)(mod 26)
≡ 0(mod 26)
7→ a
Solution
y−1 ≡ 19(x− 2)(mod 26)
≡ 3(x− 2)(mod 26)
Now we can decrypt.
U : y−1 = 3(20− 2)(mod 26)
≡ 54(mod 26)
≡ 2(mod 26)
7→ c
C : y−1 = 3(2− 2)(mod 26)
≡ 0(mod 26)
7→ a
Solution
R : y−1 = 3(17− 2)(mod 26)
≡ 45(mod 26)
≡ 19(mod 26)
7→ t
So, the plaintext is cat.