Cryptography

Introduction, continued

Sufficient key space principle

• If an encryption scheme has a key space that is too small, then it will be vulnerable to exhaustive-search attacks

The Vigenère cipher

• The key is now a string, not just a character• To encrypt, shift each character in the

plaintext by the amount dictated by the next character of the key– Wrap around in the key as needed

• Decryption just reverses the process

tellhimaboutmecafecafecafecaveqpjiredozxoe

The Vigenère cipher

• Size of key space?– If keys are 14-character strings; then key space

has size 2614 266

– Brute-force search expensive/impossible

• Is the Vigenère cipher secure?

• (Believed secure for many years…)

Attacking the Vigenère cipher

• (Assume a 14-character key)• Observation: every 14th character is

“encrypted” using the same shift

• Looking at every 14th character is(almost) like looking at ciphertextencrypted with the shift cipher– Though brute-force attack from

before doesn’t work…

veqpjiredozxoeualpcmsdjquiqndnossoscdcusoakjqmxpqrhyycjqoqqodhjcciowieii

veqpjiredozxoeualpcmsdjquiqndnossoscdcusoakjqmxpqrhyycjqoqqodhjcciowieii

veqpjiredozxoeualpcmsdjquiqndnossoscdcusoakjqmxpqrhyycjqoqqodhjcciowieii

Using plaintext letter frequencies

8.2

1.5

2.8

4.3

12.7

2.2 2.0

6.1

7.0

0.2 0.8

4.0

2.4

6.7

1.5 1.9

0.1

6.0 6.3

9.1

2.8

1.0

2.4

0.2

2.0

0.1 0.0

2.0

4.0

6.0

8.0

10.0

12.0

14.0

a b c d e f g h i j k l m n o p q r s t u v w x y z

Perc

enta

ge

Letter

Attacking the Vigenère cipher

• Look at every 14th character of the ciphertext, starting with the first

• Let be the most common character appearing in this portion of the ciphertext

• Most likely, this character corresponds to the most common plaintext character (‘e’)– Guess the first character of the key is - ’e’

• Repeat for all other positions

• Better (more complicated) attacks also possible

Back to the drawing board…

• So far: “ad hoc” constructions; construct, break, repeat, …

• Can we prove that some encryption scheme is secure?

• First need to define what we mean by “secure” in the first place…