872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 138

March 23 2006 1

Cryptography and Network Security

Lecture 2 Classical encryption

Ion PetreIon PetreAcademy of Finland andAcademy of Finland andDepartment of IT Aringbo Akademi UniversityDepartment of IT Aringbo Akademi University

Spring 2006httpwwwabofi~ipetrecrypto

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 238

March 23 2006 2

Part I Cryptography

Will cover more than half of this course

I1 Secret-key cryptography

Also called symmetric or conventional cryptography Five ingredients

Plaintext Encryption algorithm runs on the plaintext and the encryption key to yield the ciphertext Secret key an input to the encryption algorithm value independent of the plaintext

different keys will yield different outputs Ciphertext the scrambled text produced as an output by the encryption algorithm Decryption algorithm runs on the ciphertext and the key to produce the plaintext

Requirements for secure conventional encryption Strong encryption algorithm

An opponent who knows one or more ciphertexts would not be able to find the plaintexts or the key Ideally even if he knows one or more pairs plaintext-ciphertext he would not be able to find the key

Sender and receiver must share the same key Once the key is compromised allcommunications using that key are readable

It is impractical to decrypt the message on the basis of the ciphertext plus the knowledgeof the encryption algorithm encryption algorithm is not a secret

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 338

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 438

March 23 2006 4

Caesar Cipher

It is a typical substitution cipher and the oldest known ndash attributed to JuliusCaesar

Simple rule replace each letter of the alphabet with the letter standing 3places further down the alphabet Example

MEET ME AFTER THE TOGA PARTY

PHHW PH DIWHU WKH WRJD SDUWB Here the key is 3 ndash choose another key to get a different substitution The alphabet is wrapped around so that after Z follows A

a b c d e f g h i j k l m n o p q r s t u v w x y z

D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 538

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 638

March 23 2006 6

Attacking Caesar

Caesar can be broken if we only know one pair (plain letterencrypted letter) The difference between them is the key

Caesar can be broken even if we only have the encrypted text andno knowledge of the plaintext Brute-force attack is easy there are only 25 keys possible Try all 25 keys and check to see which key gives an intelligible message

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 738

March 23 2006 7

From Stallings ndash ldquoCryptography andNetwork Securityrdquo

Why is Caesar easy to break

Only 25 keys to try The language of the

plaintext is known and easilyrecognizable What if the language is

unknown What if the plaintext is a

binary file of an unknownformat

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 838

March 23 2006 8

Strengthening Caesar monoalphabetic ciphers

Caesar only has 25 possible keys ndash far from secure Idea instead of shifting the letters with a fixed amount how about allowing

any permutation of the alphabetPlain abcdefghijklmnopqrstuvwxyz

Cipher DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext if we wish to replace letters

Ciphertext WI RF RWAJ UH YFTSDVF SFUUFYA

This is called monoalphabetic susbstitution cipher ndash a single alphabet isused

The increase in the number of keys is dramatic 26 ie more than 4x1026possible keys

Compare DES only has an order of 1016 possible keys

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 938

March 23 2006 9

How large is large

Adapted from Handbook of Applied Cryptography (AMenezes Pvan Oorschot SVanstone) 1996

Reference Order of magnitude

Seconds in a year asymp 3 x 107

Age of our solar system (years) asymp 6 x 109

Seconds since creation of solar system asymp 2 x 1017

Clock cycles per year 3 GHz computer asymp 96 x 1016

Binary strings of length 64 264asymp 18 x 1019

Binary strings of length 128 2128asymp 34 x 1038

Binary strings of length 256 2256asymp 12 x 1077

Number of 75-digit prime numbers asymp 52 x 1072

Electrons in the universe asymp 837 x 1077

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1038

March 23 2006 10

Monoalphabetic ciphers

Having 1016 possible keys appears to make the system challengingdifficult to perform brute-force attacks

There is however another line of attack that easily defeats thesystem even when a relatively small ciphertext is known If the cryptanalyst knows the nature of the text eg noncompressed

English text then he can exploit the regularities of the language

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1138

March 23 2006 11

Language redundancy and cryptanalysis

Human languages are redundant

Letters are not equally commonly used In English E is by far the most common letter Follows TRNIOAS Other letters are fairly rare

See ZJKQX

Tables of single double amp triple letter frequencies exist Most common digram in English is TH

Most common trigram in English in THE

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1238

March 23 2006 12

English Letter Frequencies

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1338

March 23 2006 13

Cryptanalysis of monoalphabetic ciphers

Key concept - monoalphabetic substitution ciphers do not change relativeletter frequencies

Discovered by Arabs in the 9th

century Calculate letter frequencies for ciphertext Compare countsplots against known values

Most frequent letter in the ciphertext may well encrypt E

The next one could encrypt T or A After relatively few tries the system is broken If the ciphertext is relatively short (and so the frequencies are not fully relevant)

then more guesses may be needed

Powerful tool look at the frequency of two-letter combinations (digrams)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1438

March 23 2006 14

Example of cryptanalysis

Ciphertext

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Count relative letter frequencies P is the most frequent (1333) followed byZ (1167) S (833) U (833) O (75) M (667) H (583) etc Guess P and Z stand for E and T but the order is not clear because of small

difference in the frequency The next set of letters SU O M H may stand for A H I N O R S but again it

is not completely clear which is which One may try to guess and see how the text translates Also a good guess is that ZW the most common digram in the ciphertext is TH the

most common digram in English thus ZWP is THE Proceed with trial and error and finally get after inserting the proper blanks

it was disclosed yesterday that several informal but direct contacts havebeen made with political representatives of the viet cong in moscow

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1538

March 23 2006 15

Some conclusions after this cryptanalysis

Monoalphabetic ciphers are easy to break because they reflect thefrequency of the original alphabet Essential to know the original alphabet

Countermeasure provide multiple substitutes for a given letter Highly frequent letters such as E could be encrypted using a larger number of

letters than less frequent letters such as Z to encrypt E one could choose eitherone of say 15 fixed letters and to encrypt Z one could choose either one of say2 fixed letters

The number of encryptions for a letter may be proportional with the frequencyrate in the original language (English)

This should (intuitively) hide the frequency information Wrong Multiple-letter patterns (digrams trigrams etc) survive in the text

providing a tool for cryptanalysis Each element of the plaintext only affects one element in the ciphertext Longer text needed for breaking the system

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1638

March 23 2006 16

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once

2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

Consider both these approaches in the following

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1738

March 23 2006 17

Playfair Cipher

The Playfair Cipher is an example of multiple-letter encryption Invented by Sir Charles Wheatstone in 1854 but named after his

friend Baron Playfair who championed the cipher at the Britishforeign office

Based on the use of a 5x5 matrix in which the letters of the alphabetare written (I is considered the same as J) This is called key matrix

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1838

March 23 2006 18

Playfair key matrix

A 5X5 matrix of letters based on a keyword Fill in letters of keyword (no duplicates)

Left to right top to bottom Fill the rest of matrix with the other letters in alphabetic order

Eg using the keyword MONARCHY we obtain the following matrixM O N A R

C H Y B D

E F G I K

L P Q S T

U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1938

March 23 2006 19

Encrypting and decrypting with Playfair

The plaintext is encrypted two letters at a time

1 Break the plaintext into pairs of two consecutive letters2 If a pair is a repeated letter insert a filler like Xlsquo in the plaintext eg balloon is

treated as ba lx lo on3 If both letters fall in the same row of the key matrix replace each with the letter

to its right (wrapping back to start from end) eg ldquoAR encrypts as RM4 If both letters fall in the same column replace each with the letter below it (again

wrapping to top from bottom) eg ldquoMU encrypts to CM

5 Otherwise each letter is replaced by the one in its row in the column of the otherletter of the pair eg ldquoHS encrypts to BP and ldquoEA to IM or JM (as desired)

Decryption works in the reverse direction The examples above are based on this key matrix

M O N A R M O N A R

C H Y B D C H Y B D

E F G I K E F G I K

L P Q S T L P Q S T

U V W X Z U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2038

March 23 2006 20

Security of Playfair

Security much improved over monoalphabetic There are 26 x 26 = 676 digrams

Needs a 676 entry digram frequency table to analyse (vs 26 for amonoalphabetic) and correspondingly more ciphertext

Widely used for many years (eg US amp British military in WW I otherallied forces in WW II)

Can be broken given a few hundred letters Still has much of plaintext structure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2138

March 23 2006 21

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2238

March 23 2006 22

Polyalphabetic substitution ciphers

Idea use different monoalphabetic substitutions as one proceedsthrough the plaintext

Makes cryptanalysis harder with more alphabets (substitutions) toguess and flattens frequency distribution

A key determines which particular substitution is used in each step Example the Vigenegravere cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 338

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 438

March 23 2006 4

Caesar Cipher

It is a typical substitution cipher and the oldest known ndash attributed to JuliusCaesar

Simple rule replace each letter of the alphabet with the letter standing 3places further down the alphabet Example

MEET ME AFTER THE TOGA PARTY

PHHW PH DIWHU WKH WRJD SDUWB Here the key is 3 ndash choose another key to get a different substitution The alphabet is wrapped around so that after Z follows A

a b c d e f g h i j k l m n o p q r s t u v w x y z

D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 538

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 638

March 23 2006 6

Attacking Caesar

Caesar can be broken if we only know one pair (plain letterencrypted letter) The difference between them is the key

Caesar can be broken even if we only have the encrypted text andno knowledge of the plaintext Brute-force attack is easy there are only 25 keys possible Try all 25 keys and check to see which key gives an intelligible message

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 738

March 23 2006 7

From Stallings ndash ldquoCryptography andNetwork Securityrdquo

Why is Caesar easy to break

Only 25 keys to try The language of the

plaintext is known and easilyrecognizable What if the language is

unknown What if the plaintext is a

binary file of an unknownformat

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 838

March 23 2006 8

Strengthening Caesar monoalphabetic ciphers

Caesar only has 25 possible keys ndash far from secure Idea instead of shifting the letters with a fixed amount how about allowing

any permutation of the alphabetPlain abcdefghijklmnopqrstuvwxyz

Cipher DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext if we wish to replace letters

Ciphertext WI RF RWAJ UH YFTSDVF SFUUFYA

This is called monoalphabetic susbstitution cipher ndash a single alphabet isused

The increase in the number of keys is dramatic 26 ie more than 4x1026possible keys

Compare DES only has an order of 1016 possible keys

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 938

March 23 2006 9

How large is large

Adapted from Handbook of Applied Cryptography (AMenezes Pvan Oorschot SVanstone) 1996

Reference Order of magnitude

Seconds in a year asymp 3 x 107

Age of our solar system (years) asymp 6 x 109

Seconds since creation of solar system asymp 2 x 1017

Clock cycles per year 3 GHz computer asymp 96 x 1016

Binary strings of length 64 264asymp 18 x 1019

Binary strings of length 128 2128asymp 34 x 1038

Binary strings of length 256 2256asymp 12 x 1077

Number of 75-digit prime numbers asymp 52 x 1072

Electrons in the universe asymp 837 x 1077

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1038

March 23 2006 10

Monoalphabetic ciphers

Having 1016 possible keys appears to make the system challengingdifficult to perform brute-force attacks

There is however another line of attack that easily defeats thesystem even when a relatively small ciphertext is known If the cryptanalyst knows the nature of the text eg noncompressed

English text then he can exploit the regularities of the language

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1138

March 23 2006 11

Language redundancy and cryptanalysis

Human languages are redundant

Letters are not equally commonly used In English E is by far the most common letter Follows TRNIOAS Other letters are fairly rare

See ZJKQX

Tables of single double amp triple letter frequencies exist Most common digram in English is TH

Most common trigram in English in THE

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1238

March 23 2006 12

English Letter Frequencies

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1338

March 23 2006 13

Cryptanalysis of monoalphabetic ciphers

Key concept - monoalphabetic substitution ciphers do not change relativeletter frequencies

Discovered by Arabs in the 9th

century Calculate letter frequencies for ciphertext Compare countsplots against known values

Most frequent letter in the ciphertext may well encrypt E

The next one could encrypt T or A After relatively few tries the system is broken If the ciphertext is relatively short (and so the frequencies are not fully relevant)

then more guesses may be needed

Powerful tool look at the frequency of two-letter combinations (digrams)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1438

March 23 2006 14

Example of cryptanalysis

Ciphertext

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Count relative letter frequencies P is the most frequent (1333) followed byZ (1167) S (833) U (833) O (75) M (667) H (583) etc Guess P and Z stand for E and T but the order is not clear because of small

difference in the frequency The next set of letters SU O M H may stand for A H I N O R S but again it

is not completely clear which is which One may try to guess and see how the text translates Also a good guess is that ZW the most common digram in the ciphertext is TH the

most common digram in English thus ZWP is THE Proceed with trial and error and finally get after inserting the proper blanks

it was disclosed yesterday that several informal but direct contacts havebeen made with political representatives of the viet cong in moscow

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1538

March 23 2006 15

Some conclusions after this cryptanalysis

Monoalphabetic ciphers are easy to break because they reflect thefrequency of the original alphabet Essential to know the original alphabet

Countermeasure provide multiple substitutes for a given letter Highly frequent letters such as E could be encrypted using a larger number of

letters than less frequent letters such as Z to encrypt E one could choose eitherone of say 15 fixed letters and to encrypt Z one could choose either one of say2 fixed letters

The number of encryptions for a letter may be proportional with the frequencyrate in the original language (English)

This should (intuitively) hide the frequency information Wrong Multiple-letter patterns (digrams trigrams etc) survive in the text

providing a tool for cryptanalysis Each element of the plaintext only affects one element in the ciphertext Longer text needed for breaking the system

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1638

March 23 2006 16

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once

2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

Consider both these approaches in the following

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1738

March 23 2006 17

Playfair Cipher

The Playfair Cipher is an example of multiple-letter encryption Invented by Sir Charles Wheatstone in 1854 but named after his

friend Baron Playfair who championed the cipher at the Britishforeign office

Based on the use of a 5x5 matrix in which the letters of the alphabetare written (I is considered the same as J) This is called key matrix

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1838

March 23 2006 18

Playfair key matrix

A 5X5 matrix of letters based on a keyword Fill in letters of keyword (no duplicates)

Left to right top to bottom Fill the rest of matrix with the other letters in alphabetic order

Eg using the keyword MONARCHY we obtain the following matrixM O N A R

C H Y B D

E F G I K

L P Q S T

U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1938

March 23 2006 19

Encrypting and decrypting with Playfair

The plaintext is encrypted two letters at a time

1 Break the plaintext into pairs of two consecutive letters2 If a pair is a repeated letter insert a filler like Xlsquo in the plaintext eg balloon is

treated as ba lx lo on3 If both letters fall in the same row of the key matrix replace each with the letter

to its right (wrapping back to start from end) eg ldquoAR encrypts as RM4 If both letters fall in the same column replace each with the letter below it (again

wrapping to top from bottom) eg ldquoMU encrypts to CM

5 Otherwise each letter is replaced by the one in its row in the column of the otherletter of the pair eg ldquoHS encrypts to BP and ldquoEA to IM or JM (as desired)

Decryption works in the reverse direction The examples above are based on this key matrix

M O N A R M O N A R

C H Y B D C H Y B D

E F G I K E F G I K

L P Q S T L P Q S T

U V W X Z U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2038

March 23 2006 20

Security of Playfair

Security much improved over monoalphabetic There are 26 x 26 = 676 digrams

Needs a 676 entry digram frequency table to analyse (vs 26 for amonoalphabetic) and correspondingly more ciphertext

Widely used for many years (eg US amp British military in WW I otherallied forces in WW II)

Can be broken given a few hundred letters Still has much of plaintext structure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2138

March 23 2006 21

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2238

March 23 2006 22

Polyalphabetic substitution ciphers

Idea use different monoalphabetic substitutions as one proceedsthrough the plaintext

Makes cryptanalysis harder with more alphabets (substitutions) toguess and flattens frequency distribution

A key determines which particular substitution is used in each step Example the Vigenegravere cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 438

March 23 2006 4

Caesar Cipher

It is a typical substitution cipher and the oldest known ndash attributed to JuliusCaesar

Simple rule replace each letter of the alphabet with the letter standing 3places further down the alphabet Example

MEET ME AFTER THE TOGA PARTY

PHHW PH DIWHU WKH WRJD SDUWB Here the key is 3 ndash choose another key to get a different substitution The alphabet is wrapped around so that after Z follows A

a b c d e f g h i j k l m n o p q r s t u v w x y z

D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 538

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 638

March 23 2006 6

Attacking Caesar

Caesar can be broken if we only know one pair (plain letterencrypted letter) The difference between them is the key

Caesar can be broken even if we only have the encrypted text andno knowledge of the plaintext Brute-force attack is easy there are only 25 keys possible Try all 25 keys and check to see which key gives an intelligible message

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 738

March 23 2006 7

From Stallings ndash ldquoCryptography andNetwork Securityrdquo

Why is Caesar easy to break

Only 25 keys to try The language of the

plaintext is known and easilyrecognizable What if the language is

unknown What if the plaintext is a

binary file of an unknownformat

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 838

March 23 2006 8

Strengthening Caesar monoalphabetic ciphers

Caesar only has 25 possible keys ndash far from secure Idea instead of shifting the letters with a fixed amount how about allowing

any permutation of the alphabetPlain abcdefghijklmnopqrstuvwxyz

Cipher DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext if we wish to replace letters

Ciphertext WI RF RWAJ UH YFTSDVF SFUUFYA

This is called monoalphabetic susbstitution cipher ndash a single alphabet isused

The increase in the number of keys is dramatic 26 ie more than 4x1026possible keys

Compare DES only has an order of 1016 possible keys

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 938

March 23 2006 9

How large is large

Adapted from Handbook of Applied Cryptography (AMenezes Pvan Oorschot SVanstone) 1996

Reference Order of magnitude

Seconds in a year asymp 3 x 107

Age of our solar system (years) asymp 6 x 109

Seconds since creation of solar system asymp 2 x 1017

Clock cycles per year 3 GHz computer asymp 96 x 1016

Binary strings of length 64 264asymp 18 x 1019

Binary strings of length 128 2128asymp 34 x 1038

Binary strings of length 256 2256asymp 12 x 1077

Number of 75-digit prime numbers asymp 52 x 1072

Electrons in the universe asymp 837 x 1077

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1038

March 23 2006 10

Monoalphabetic ciphers

Having 1016 possible keys appears to make the system challengingdifficult to perform brute-force attacks

There is however another line of attack that easily defeats thesystem even when a relatively small ciphertext is known If the cryptanalyst knows the nature of the text eg noncompressed

English text then he can exploit the regularities of the language

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1138

March 23 2006 11

Language redundancy and cryptanalysis

Human languages are redundant

Letters are not equally commonly used In English E is by far the most common letter Follows TRNIOAS Other letters are fairly rare

See ZJKQX

Tables of single double amp triple letter frequencies exist Most common digram in English is TH

Most common trigram in English in THE

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1238

March 23 2006 12

English Letter Frequencies

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1338

March 23 2006 13

Cryptanalysis of monoalphabetic ciphers

Key concept - monoalphabetic substitution ciphers do not change relativeletter frequencies

Discovered by Arabs in the 9th

century Calculate letter frequencies for ciphertext Compare countsplots against known values

Most frequent letter in the ciphertext may well encrypt E

The next one could encrypt T or A After relatively few tries the system is broken If the ciphertext is relatively short (and so the frequencies are not fully relevant)

then more guesses may be needed

Powerful tool look at the frequency of two-letter combinations (digrams)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1438

March 23 2006 14

Example of cryptanalysis

Ciphertext

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Count relative letter frequencies P is the most frequent (1333) followed byZ (1167) S (833) U (833) O (75) M (667) H (583) etc Guess P and Z stand for E and T but the order is not clear because of small

difference in the frequency The next set of letters SU O M H may stand for A H I N O R S but again it

is not completely clear which is which One may try to guess and see how the text translates Also a good guess is that ZW the most common digram in the ciphertext is TH the

most common digram in English thus ZWP is THE Proceed with trial and error and finally get after inserting the proper blanks

it was disclosed yesterday that several informal but direct contacts havebeen made with political representatives of the viet cong in moscow

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1538

March 23 2006 15

Some conclusions after this cryptanalysis

Monoalphabetic ciphers are easy to break because they reflect thefrequency of the original alphabet Essential to know the original alphabet

Countermeasure provide multiple substitutes for a given letter Highly frequent letters such as E could be encrypted using a larger number of

letters than less frequent letters such as Z to encrypt E one could choose eitherone of say 15 fixed letters and to encrypt Z one could choose either one of say2 fixed letters

The number of encryptions for a letter may be proportional with the frequencyrate in the original language (English)

This should (intuitively) hide the frequency information Wrong Multiple-letter patterns (digrams trigrams etc) survive in the text

providing a tool for cryptanalysis Each element of the plaintext only affects one element in the ciphertext Longer text needed for breaking the system

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1638

March 23 2006 16

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once

2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

Consider both these approaches in the following

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1738

March 23 2006 17

Playfair Cipher

The Playfair Cipher is an example of multiple-letter encryption Invented by Sir Charles Wheatstone in 1854 but named after his

friend Baron Playfair who championed the cipher at the Britishforeign office

Based on the use of a 5x5 matrix in which the letters of the alphabetare written (I is considered the same as J) This is called key matrix

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1838

March 23 2006 18

Playfair key matrix

A 5X5 matrix of letters based on a keyword Fill in letters of keyword (no duplicates)

Left to right top to bottom Fill the rest of matrix with the other letters in alphabetic order

Eg using the keyword MONARCHY we obtain the following matrixM O N A R

C H Y B D

E F G I K

L P Q S T

U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1938

March 23 2006 19

Encrypting and decrypting with Playfair

The plaintext is encrypted two letters at a time

1 Break the plaintext into pairs of two consecutive letters2 If a pair is a repeated letter insert a filler like Xlsquo in the plaintext eg balloon is

treated as ba lx lo on3 If both letters fall in the same row of the key matrix replace each with the letter

to its right (wrapping back to start from end) eg ldquoAR encrypts as RM4 If both letters fall in the same column replace each with the letter below it (again

wrapping to top from bottom) eg ldquoMU encrypts to CM

5 Otherwise each letter is replaced by the one in its row in the column of the otherletter of the pair eg ldquoHS encrypts to BP and ldquoEA to IM or JM (as desired)

Decryption works in the reverse direction The examples above are based on this key matrix

M O N A R M O N A R

C H Y B D C H Y B D

E F G I K E F G I K

L P Q S T L P Q S T

U V W X Z U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2038

March 23 2006 20

Security of Playfair

Security much improved over monoalphabetic There are 26 x 26 = 676 digrams

Needs a 676 entry digram frequency table to analyse (vs 26 for amonoalphabetic) and correspondingly more ciphertext

Widely used for many years (eg US amp British military in WW I otherallied forces in WW II)

Can be broken given a few hundred letters Still has much of plaintext structure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2138

March 23 2006 21

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2238

March 23 2006 22

Polyalphabetic substitution ciphers

Idea use different monoalphabetic substitutions as one proceedsthrough the plaintext

Makes cryptanalysis harder with more alphabets (substitutions) toguess and flattens frequency distribution

A key determines which particular substitution is used in each step Example the Vigenegravere cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 538

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 638

March 23 2006 6

Attacking Caesar

Caesar can be broken if we only know one pair (plain letterencrypted letter) The difference between them is the key

Caesar can be broken even if we only have the encrypted text andno knowledge of the plaintext Brute-force attack is easy there are only 25 keys possible Try all 25 keys and check to see which key gives an intelligible message

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 738

March 23 2006 7

From Stallings ndash ldquoCryptography andNetwork Securityrdquo

Why is Caesar easy to break

Only 25 keys to try The language of the

plaintext is known and easilyrecognizable What if the language is

unknown What if the plaintext is a

binary file of an unknownformat

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 838

March 23 2006 8

Strengthening Caesar monoalphabetic ciphers

Caesar only has 25 possible keys ndash far from secure Idea instead of shifting the letters with a fixed amount how about allowing

any permutation of the alphabetPlain abcdefghijklmnopqrstuvwxyz

Cipher DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext if we wish to replace letters

Ciphertext WI RF RWAJ UH YFTSDVF SFUUFYA

This is called monoalphabetic susbstitution cipher ndash a single alphabet isused

The increase in the number of keys is dramatic 26 ie more than 4x1026possible keys

Compare DES only has an order of 1016 possible keys

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 938

March 23 2006 9

How large is large

Adapted from Handbook of Applied Cryptography (AMenezes Pvan Oorschot SVanstone) 1996

Reference Order of magnitude

Seconds in a year asymp 3 x 107

Age of our solar system (years) asymp 6 x 109

Seconds since creation of solar system asymp 2 x 1017

Clock cycles per year 3 GHz computer asymp 96 x 1016

Binary strings of length 64 264asymp 18 x 1019

Binary strings of length 128 2128asymp 34 x 1038

Binary strings of length 256 2256asymp 12 x 1077

Number of 75-digit prime numbers asymp 52 x 1072

Electrons in the universe asymp 837 x 1077

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1038

March 23 2006 10

Monoalphabetic ciphers

Having 1016 possible keys appears to make the system challengingdifficult to perform brute-force attacks

There is however another line of attack that easily defeats thesystem even when a relatively small ciphertext is known If the cryptanalyst knows the nature of the text eg noncompressed

English text then he can exploit the regularities of the language

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1138

March 23 2006 11

Language redundancy and cryptanalysis

Human languages are redundant

Letters are not equally commonly used In English E is by far the most common letter Follows TRNIOAS Other letters are fairly rare

See ZJKQX

Tables of single double amp triple letter frequencies exist Most common digram in English is TH

Most common trigram in English in THE

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1238

March 23 2006 12

English Letter Frequencies

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1338

March 23 2006 13

Cryptanalysis of monoalphabetic ciphers

Key concept - monoalphabetic substitution ciphers do not change relativeletter frequencies

Discovered by Arabs in the 9th

century Calculate letter frequencies for ciphertext Compare countsplots against known values

Most frequent letter in the ciphertext may well encrypt E

The next one could encrypt T or A After relatively few tries the system is broken If the ciphertext is relatively short (and so the frequencies are not fully relevant)

then more guesses may be needed

Powerful tool look at the frequency of two-letter combinations (digrams)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1438

March 23 2006 14

Example of cryptanalysis

Ciphertext

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Count relative letter frequencies P is the most frequent (1333) followed byZ (1167) S (833) U (833) O (75) M (667) H (583) etc Guess P and Z stand for E and T but the order is not clear because of small

difference in the frequency The next set of letters SU O M H may stand for A H I N O R S but again it

is not completely clear which is which One may try to guess and see how the text translates Also a good guess is that ZW the most common digram in the ciphertext is TH the

most common digram in English thus ZWP is THE Proceed with trial and error and finally get after inserting the proper blanks

it was disclosed yesterday that several informal but direct contacts havebeen made with political representatives of the viet cong in moscow

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1538

March 23 2006 15

Some conclusions after this cryptanalysis

Monoalphabetic ciphers are easy to break because they reflect thefrequency of the original alphabet Essential to know the original alphabet

Countermeasure provide multiple substitutes for a given letter Highly frequent letters such as E could be encrypted using a larger number of

letters than less frequent letters such as Z to encrypt E one could choose eitherone of say 15 fixed letters and to encrypt Z one could choose either one of say2 fixed letters

The number of encryptions for a letter may be proportional with the frequencyrate in the original language (English)

This should (intuitively) hide the frequency information Wrong Multiple-letter patterns (digrams trigrams etc) survive in the text

providing a tool for cryptanalysis Each element of the plaintext only affects one element in the ciphertext Longer text needed for breaking the system

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1638

March 23 2006 16

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once

2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

Consider both these approaches in the following

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1738

March 23 2006 17

Playfair Cipher

The Playfair Cipher is an example of multiple-letter encryption Invented by Sir Charles Wheatstone in 1854 but named after his

friend Baron Playfair who championed the cipher at the Britishforeign office

Based on the use of a 5x5 matrix in which the letters of the alphabetare written (I is considered the same as J) This is called key matrix

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1838

March 23 2006 18

Playfair key matrix

A 5X5 matrix of letters based on a keyword Fill in letters of keyword (no duplicates)

Left to right top to bottom Fill the rest of matrix with the other letters in alphabetic order

Eg using the keyword MONARCHY we obtain the following matrixM O N A R

C H Y B D

E F G I K

L P Q S T

U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1938

March 23 2006 19

Encrypting and decrypting with Playfair

The plaintext is encrypted two letters at a time

1 Break the plaintext into pairs of two consecutive letters2 If a pair is a repeated letter insert a filler like Xlsquo in the plaintext eg balloon is

treated as ba lx lo on3 If both letters fall in the same row of the key matrix replace each with the letter

to its right (wrapping back to start from end) eg ldquoAR encrypts as RM4 If both letters fall in the same column replace each with the letter below it (again

wrapping to top from bottom) eg ldquoMU encrypts to CM

5 Otherwise each letter is replaced by the one in its row in the column of the otherletter of the pair eg ldquoHS encrypts to BP and ldquoEA to IM or JM (as desired)

Decryption works in the reverse direction The examples above are based on this key matrix

M O N A R M O N A R

C H Y B D C H Y B D

E F G I K E F G I K

L P Q S T L P Q S T

U V W X Z U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2038

March 23 2006 20

Security of Playfair

Security much improved over monoalphabetic There are 26 x 26 = 676 digrams

Needs a 676 entry digram frequency table to analyse (vs 26 for amonoalphabetic) and correspondingly more ciphertext

Widely used for many years (eg US amp British military in WW I otherallied forces in WW II)

Can be broken given a few hundred letters Still has much of plaintext structure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2138

March 23 2006 21

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2238

March 23 2006 22

Polyalphabetic substitution ciphers

Idea use different monoalphabetic substitutions as one proceedsthrough the plaintext

Makes cryptanalysis harder with more alphabets (substitutions) toguess and flattens frequency distribution

A key determines which particular substitution is used in each step Example the Vigenegravere cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 638

March 23 2006 6

Attacking Caesar

Caesar can be broken if we only know one pair (plain letterencrypted letter) The difference between them is the key

Caesar can be broken even if we only have the encrypted text andno knowledge of the plaintext Brute-force attack is easy there are only 25 keys possible Try all 25 keys and check to see which key gives an intelligible message

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 738

March 23 2006 7

From Stallings ndash ldquoCryptography andNetwork Securityrdquo

Why is Caesar easy to break

Only 25 keys to try The language of the

plaintext is known and easilyrecognizable What if the language is

unknown What if the plaintext is a

binary file of an unknownformat

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 838

March 23 2006 8

Strengthening Caesar monoalphabetic ciphers

Caesar only has 25 possible keys ndash far from secure Idea instead of shifting the letters with a fixed amount how about allowing

any permutation of the alphabetPlain abcdefghijklmnopqrstuvwxyz

Cipher DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext if we wish to replace letters

Ciphertext WI RF RWAJ UH YFTSDVF SFUUFYA

This is called monoalphabetic susbstitution cipher ndash a single alphabet isused

The increase in the number of keys is dramatic 26 ie more than 4x1026possible keys

Compare DES only has an order of 1016 possible keys

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 938

March 23 2006 9

How large is large

Adapted from Handbook of Applied Cryptography (AMenezes Pvan Oorschot SVanstone) 1996

Reference Order of magnitude

Seconds in a year asymp 3 x 107

Age of our solar system (years) asymp 6 x 109

Seconds since creation of solar system asymp 2 x 1017

Clock cycles per year 3 GHz computer asymp 96 x 1016

Binary strings of length 64 264asymp 18 x 1019

Binary strings of length 128 2128asymp 34 x 1038

Binary strings of length 256 2256asymp 12 x 1077

Number of 75-digit prime numbers asymp 52 x 1072

Electrons in the universe asymp 837 x 1077

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1038

March 23 2006 10

Monoalphabetic ciphers

Having 1016 possible keys appears to make the system challengingdifficult to perform brute-force attacks

There is however another line of attack that easily defeats thesystem even when a relatively small ciphertext is known If the cryptanalyst knows the nature of the text eg noncompressed

English text then he can exploit the regularities of the language

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1138

March 23 2006 11

Language redundancy and cryptanalysis

Human languages are redundant

Letters are not equally commonly used In English E is by far the most common letter Follows TRNIOAS Other letters are fairly rare

See ZJKQX

Tables of single double amp triple letter frequencies exist Most common digram in English is TH

Most common trigram in English in THE

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1238

March 23 2006 12

English Letter Frequencies

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1338

March 23 2006 13

Cryptanalysis of monoalphabetic ciphers

Key concept - monoalphabetic substitution ciphers do not change relativeletter frequencies

Discovered by Arabs in the 9th

century Calculate letter frequencies for ciphertext Compare countsplots against known values

Most frequent letter in the ciphertext may well encrypt E

The next one could encrypt T or A After relatively few tries the system is broken If the ciphertext is relatively short (and so the frequencies are not fully relevant)

then more guesses may be needed

Powerful tool look at the frequency of two-letter combinations (digrams)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1438

March 23 2006 14

Example of cryptanalysis

Ciphertext

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Count relative letter frequencies P is the most frequent (1333) followed byZ (1167) S (833) U (833) O (75) M (667) H (583) etc Guess P and Z stand for E and T but the order is not clear because of small

difference in the frequency The next set of letters SU O M H may stand for A H I N O R S but again it

is not completely clear which is which One may try to guess and see how the text translates Also a good guess is that ZW the most common digram in the ciphertext is TH the

most common digram in English thus ZWP is THE Proceed with trial and error and finally get after inserting the proper blanks

it was disclosed yesterday that several informal but direct contacts havebeen made with political representatives of the viet cong in moscow

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1538

March 23 2006 15

Some conclusions after this cryptanalysis

Monoalphabetic ciphers are easy to break because they reflect thefrequency of the original alphabet Essential to know the original alphabet

Countermeasure provide multiple substitutes for a given letter Highly frequent letters such as E could be encrypted using a larger number of

letters than less frequent letters such as Z to encrypt E one could choose eitherone of say 15 fixed letters and to encrypt Z one could choose either one of say2 fixed letters

The number of encryptions for a letter may be proportional with the frequencyrate in the original language (English)

This should (intuitively) hide the frequency information Wrong Multiple-letter patterns (digrams trigrams etc) survive in the text

providing a tool for cryptanalysis Each element of the plaintext only affects one element in the ciphertext Longer text needed for breaking the system

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1638

March 23 2006 16

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once

2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

Consider both these approaches in the following

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1738

March 23 2006 17

Playfair Cipher

The Playfair Cipher is an example of multiple-letter encryption Invented by Sir Charles Wheatstone in 1854 but named after his

friend Baron Playfair who championed the cipher at the Britishforeign office

Based on the use of a 5x5 matrix in which the letters of the alphabetare written (I is considered the same as J) This is called key matrix

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1838

March 23 2006 18

Playfair key matrix

A 5X5 matrix of letters based on a keyword Fill in letters of keyword (no duplicates)

Left to right top to bottom Fill the rest of matrix with the other letters in alphabetic order

Eg using the keyword MONARCHY we obtain the following matrixM O N A R

C H Y B D

E F G I K

L P Q S T

U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1938

March 23 2006 19

Encrypting and decrypting with Playfair

The plaintext is encrypted two letters at a time

1 Break the plaintext into pairs of two consecutive letters2 If a pair is a repeated letter insert a filler like Xlsquo in the plaintext eg balloon is

treated as ba lx lo on3 If both letters fall in the same row of the key matrix replace each with the letter

to its right (wrapping back to start from end) eg ldquoAR encrypts as RM4 If both letters fall in the same column replace each with the letter below it (again

wrapping to top from bottom) eg ldquoMU encrypts to CM

5 Otherwise each letter is replaced by the one in its row in the column of the otherletter of the pair eg ldquoHS encrypts to BP and ldquoEA to IM or JM (as desired)

Decryption works in the reverse direction The examples above are based on this key matrix

M O N A R M O N A R

C H Y B D C H Y B D

E F G I K E F G I K

L P Q S T L P Q S T

U V W X Z U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2038

March 23 2006 20

Security of Playfair

Security much improved over monoalphabetic There are 26 x 26 = 676 digrams

Needs a 676 entry digram frequency table to analyse (vs 26 for amonoalphabetic) and correspondingly more ciphertext

Widely used for many years (eg US amp British military in WW I otherallied forces in WW II)

Can be broken given a few hundred letters Still has much of plaintext structure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2138

March 23 2006 21

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2238

March 23 2006 22

Polyalphabetic substitution ciphers

Idea use different monoalphabetic substitutions as one proceedsthrough the plaintext

Makes cryptanalysis harder with more alphabets (substitutions) toguess and flattens frequency distribution

A key determines which particular substitution is used in each step Example the Vigenegravere cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 738

March 23 2006 7

From Stallings ndash ldquoCryptography andNetwork Securityrdquo

Why is Caesar easy to break

Only 25 keys to try The language of the

plaintext is known and easilyrecognizable What if the language is

unknown What if the plaintext is a

binary file of an unknownformat

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 838

March 23 2006 8

Strengthening Caesar monoalphabetic ciphers

Caesar only has 25 possible keys ndash far from secure Idea instead of shifting the letters with a fixed amount how about allowing

any permutation of the alphabetPlain abcdefghijklmnopqrstuvwxyz

Cipher DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext if we wish to replace letters

Ciphertext WI RF RWAJ UH YFTSDVF SFUUFYA

This is called monoalphabetic susbstitution cipher ndash a single alphabet isused

The increase in the number of keys is dramatic 26 ie more than 4x1026possible keys

Compare DES only has an order of 1016 possible keys

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 938

March 23 2006 9

How large is large

Adapted from Handbook of Applied Cryptography (AMenezes Pvan Oorschot SVanstone) 1996

Reference Order of magnitude

Seconds in a year asymp 3 x 107

Age of our solar system (years) asymp 6 x 109

Seconds since creation of solar system asymp 2 x 1017

Clock cycles per year 3 GHz computer asymp 96 x 1016

Binary strings of length 64 264asymp 18 x 1019

Binary strings of length 128 2128asymp 34 x 1038

Binary strings of length 256 2256asymp 12 x 1077

Number of 75-digit prime numbers asymp 52 x 1072

Electrons in the universe asymp 837 x 1077

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1038

March 23 2006 10

Monoalphabetic ciphers

Having 1016 possible keys appears to make the system challengingdifficult to perform brute-force attacks

There is however another line of attack that easily defeats thesystem even when a relatively small ciphertext is known If the cryptanalyst knows the nature of the text eg noncompressed

English text then he can exploit the regularities of the language

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1138

March 23 2006 11

Language redundancy and cryptanalysis

Human languages are redundant

Letters are not equally commonly used In English E is by far the most common letter Follows TRNIOAS Other letters are fairly rare

See ZJKQX

Tables of single double amp triple letter frequencies exist Most common digram in English is TH

Most common trigram in English in THE

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1238

March 23 2006 12

English Letter Frequencies

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1338

March 23 2006 13

Cryptanalysis of monoalphabetic ciphers

Key concept - monoalphabetic substitution ciphers do not change relativeletter frequencies

Discovered by Arabs in the 9th

century Calculate letter frequencies for ciphertext Compare countsplots against known values

Most frequent letter in the ciphertext may well encrypt E

The next one could encrypt T or A After relatively few tries the system is broken If the ciphertext is relatively short (and so the frequencies are not fully relevant)

then more guesses may be needed

Powerful tool look at the frequency of two-letter combinations (digrams)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1438

March 23 2006 14

Example of cryptanalysis

Ciphertext

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Count relative letter frequencies P is the most frequent (1333) followed byZ (1167) S (833) U (833) O (75) M (667) H (583) etc Guess P and Z stand for E and T but the order is not clear because of small

difference in the frequency The next set of letters SU O M H may stand for A H I N O R S but again it

is not completely clear which is which One may try to guess and see how the text translates Also a good guess is that ZW the most common digram in the ciphertext is TH the

most common digram in English thus ZWP is THE Proceed with trial and error and finally get after inserting the proper blanks

it was disclosed yesterday that several informal but direct contacts havebeen made with political representatives of the viet cong in moscow

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1538

March 23 2006 15

Some conclusions after this cryptanalysis

Monoalphabetic ciphers are easy to break because they reflect thefrequency of the original alphabet Essential to know the original alphabet

Countermeasure provide multiple substitutes for a given letter Highly frequent letters such as E could be encrypted using a larger number of

letters than less frequent letters such as Z to encrypt E one could choose eitherone of say 15 fixed letters and to encrypt Z one could choose either one of say2 fixed letters

The number of encryptions for a letter may be proportional with the frequencyrate in the original language (English)

This should (intuitively) hide the frequency information Wrong Multiple-letter patterns (digrams trigrams etc) survive in the text

providing a tool for cryptanalysis Each element of the plaintext only affects one element in the ciphertext Longer text needed for breaking the system

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1638

March 23 2006 16

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once

2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

Consider both these approaches in the following

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1738

March 23 2006 17

Playfair Cipher

The Playfair Cipher is an example of multiple-letter encryption Invented by Sir Charles Wheatstone in 1854 but named after his

friend Baron Playfair who championed the cipher at the Britishforeign office

Based on the use of a 5x5 matrix in which the letters of the alphabetare written (I is considered the same as J) This is called key matrix

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1838

March 23 2006 18

Playfair key matrix

A 5X5 matrix of letters based on a keyword Fill in letters of keyword (no duplicates)

Left to right top to bottom Fill the rest of matrix with the other letters in alphabetic order

Eg using the keyword MONARCHY we obtain the following matrixM O N A R

C H Y B D

E F G I K

L P Q S T

U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1938

March 23 2006 19

Encrypting and decrypting with Playfair

The plaintext is encrypted two letters at a time

1 Break the plaintext into pairs of two consecutive letters2 If a pair is a repeated letter insert a filler like Xlsquo in the plaintext eg balloon is

treated as ba lx lo on3 If both letters fall in the same row of the key matrix replace each with the letter

to its right (wrapping back to start from end) eg ldquoAR encrypts as RM4 If both letters fall in the same column replace each with the letter below it (again

wrapping to top from bottom) eg ldquoMU encrypts to CM

5 Otherwise each letter is replaced by the one in its row in the column of the otherletter of the pair eg ldquoHS encrypts to BP and ldquoEA to IM or JM (as desired)

Decryption works in the reverse direction The examples above are based on this key matrix

M O N A R M O N A R

C H Y B D C H Y B D

E F G I K E F G I K

L P Q S T L P Q S T

U V W X Z U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2038

March 23 2006 20

Security of Playfair

Security much improved over monoalphabetic There are 26 x 26 = 676 digrams

Needs a 676 entry digram frequency table to analyse (vs 26 for amonoalphabetic) and correspondingly more ciphertext

Widely used for many years (eg US amp British military in WW I otherallied forces in WW II)

Can be broken given a few hundred letters Still has much of plaintext structure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2138

March 23 2006 21

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2238

March 23 2006 22

Polyalphabetic substitution ciphers

Idea use different monoalphabetic substitutions as one proceedsthrough the plaintext

Makes cryptanalysis harder with more alphabets (substitutions) toguess and flattens frequency distribution

A key determines which particular substitution is used in each step Example the Vigenegravere cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 838

March 23 2006 8

Strengthening Caesar monoalphabetic ciphers

Caesar only has 25 possible keys ndash far from secure Idea instead of shifting the letters with a fixed amount how about allowing

any permutation of the alphabetPlain abcdefghijklmnopqrstuvwxyz

Cipher DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext if we wish to replace letters

Ciphertext WI RF RWAJ UH YFTSDVF SFUUFYA

This is called monoalphabetic susbstitution cipher ndash a single alphabet isused

The increase in the number of keys is dramatic 26 ie more than 4x1026possible keys

Compare DES only has an order of 1016 possible keys

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 938

March 23 2006 9

How large is large

Adapted from Handbook of Applied Cryptography (AMenezes Pvan Oorschot SVanstone) 1996

Reference Order of magnitude

Seconds in a year asymp 3 x 107

Age of our solar system (years) asymp 6 x 109

Seconds since creation of solar system asymp 2 x 1017

Clock cycles per year 3 GHz computer asymp 96 x 1016

Binary strings of length 64 264asymp 18 x 1019

Binary strings of length 128 2128asymp 34 x 1038

Binary strings of length 256 2256asymp 12 x 1077

Number of 75-digit prime numbers asymp 52 x 1072

Electrons in the universe asymp 837 x 1077

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1038

March 23 2006 10

Monoalphabetic ciphers

Having 1016 possible keys appears to make the system challengingdifficult to perform brute-force attacks

There is however another line of attack that easily defeats thesystem even when a relatively small ciphertext is known If the cryptanalyst knows the nature of the text eg noncompressed

English text then he can exploit the regularities of the language

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1138

March 23 2006 11

Language redundancy and cryptanalysis

Human languages are redundant

Letters are not equally commonly used In English E is by far the most common letter Follows TRNIOAS Other letters are fairly rare

See ZJKQX

Tables of single double amp triple letter frequencies exist Most common digram in English is TH

Most common trigram in English in THE

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1238

March 23 2006 12

English Letter Frequencies

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1338

March 23 2006 13

Cryptanalysis of monoalphabetic ciphers

Key concept - monoalphabetic substitution ciphers do not change relativeletter frequencies

Discovered by Arabs in the 9th

century Calculate letter frequencies for ciphertext Compare countsplots against known values

Most frequent letter in the ciphertext may well encrypt E

The next one could encrypt T or A After relatively few tries the system is broken If the ciphertext is relatively short (and so the frequencies are not fully relevant)

then more guesses may be needed

Powerful tool look at the frequency of two-letter combinations (digrams)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1438

March 23 2006 14

Example of cryptanalysis

Ciphertext

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Count relative letter frequencies P is the most frequent (1333) followed byZ (1167) S (833) U (833) O (75) M (667) H (583) etc Guess P and Z stand for E and T but the order is not clear because of small

difference in the frequency The next set of letters SU O M H may stand for A H I N O R S but again it

is not completely clear which is which One may try to guess and see how the text translates Also a good guess is that ZW the most common digram in the ciphertext is TH the

most common digram in English thus ZWP is THE Proceed with trial and error and finally get after inserting the proper blanks

it was disclosed yesterday that several informal but direct contacts havebeen made with political representatives of the viet cong in moscow

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1538

March 23 2006 15

Some conclusions after this cryptanalysis

Monoalphabetic ciphers are easy to break because they reflect thefrequency of the original alphabet Essential to know the original alphabet

Countermeasure provide multiple substitutes for a given letter Highly frequent letters such as E could be encrypted using a larger number of

letters than less frequent letters such as Z to encrypt E one could choose eitherone of say 15 fixed letters and to encrypt Z one could choose either one of say2 fixed letters

The number of encryptions for a letter may be proportional with the frequencyrate in the original language (English)

This should (intuitively) hide the frequency information Wrong Multiple-letter patterns (digrams trigrams etc) survive in the text

providing a tool for cryptanalysis Each element of the plaintext only affects one element in the ciphertext Longer text needed for breaking the system

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1638

March 23 2006 16

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once

2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

Consider both these approaches in the following

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1738

March 23 2006 17

Playfair Cipher

The Playfair Cipher is an example of multiple-letter encryption Invented by Sir Charles Wheatstone in 1854 but named after his

friend Baron Playfair who championed the cipher at the Britishforeign office

Based on the use of a 5x5 matrix in which the letters of the alphabetare written (I is considered the same as J) This is called key matrix

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1838

March 23 2006 18

Playfair key matrix

A 5X5 matrix of letters based on a keyword Fill in letters of keyword (no duplicates)

Left to right top to bottom Fill the rest of matrix with the other letters in alphabetic order

Eg using the keyword MONARCHY we obtain the following matrixM O N A R

C H Y B D

E F G I K

L P Q S T

U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1938

March 23 2006 19

Encrypting and decrypting with Playfair

The plaintext is encrypted two letters at a time

1 Break the plaintext into pairs of two consecutive letters2 If a pair is a repeated letter insert a filler like Xlsquo in the plaintext eg balloon is

treated as ba lx lo on3 If both letters fall in the same row of the key matrix replace each with the letter

to its right (wrapping back to start from end) eg ldquoAR encrypts as RM4 If both letters fall in the same column replace each with the letter below it (again

wrapping to top from bottom) eg ldquoMU encrypts to CM

5 Otherwise each letter is replaced by the one in its row in the column of the otherletter of the pair eg ldquoHS encrypts to BP and ldquoEA to IM or JM (as desired)

Decryption works in the reverse direction The examples above are based on this key matrix

M O N A R M O N A R

C H Y B D C H Y B D

E F G I K E F G I K

L P Q S T L P Q S T

U V W X Z U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2038

March 23 2006 20

Security of Playfair

Security much improved over monoalphabetic There are 26 x 26 = 676 digrams

Needs a 676 entry digram frequency table to analyse (vs 26 for amonoalphabetic) and correspondingly more ciphertext

Widely used for many years (eg US amp British military in WW I otherallied forces in WW II)

Can be broken given a few hundred letters Still has much of plaintext structure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2138

March 23 2006 21

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2238

March 23 2006 22

Polyalphabetic substitution ciphers

Idea use different monoalphabetic substitutions as one proceedsthrough the plaintext

Makes cryptanalysis harder with more alphabets (substitutions) toguess and flattens frequency distribution

A key determines which particular substitution is used in each step Example the Vigenegravere cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 938

March 23 2006 9

How large is large

Adapted from Handbook of Applied Cryptography (AMenezes Pvan Oorschot SVanstone) 1996

Reference Order of magnitude

Seconds in a year asymp 3 x 107

Age of our solar system (years) asymp 6 x 109

Seconds since creation of solar system asymp 2 x 1017

Clock cycles per year 3 GHz computer asymp 96 x 1016

Binary strings of length 64 264asymp 18 x 1019

Binary strings of length 128 2128asymp 34 x 1038

Binary strings of length 256 2256asymp 12 x 1077

Number of 75-digit prime numbers asymp 52 x 1072

Electrons in the universe asymp 837 x 1077

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1038

March 23 2006 10

Monoalphabetic ciphers

Having 1016 possible keys appears to make the system challengingdifficult to perform brute-force attacks

There is however another line of attack that easily defeats thesystem even when a relatively small ciphertext is known If the cryptanalyst knows the nature of the text eg noncompressed

English text then he can exploit the regularities of the language

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1138

March 23 2006 11

Language redundancy and cryptanalysis

Human languages are redundant

Letters are not equally commonly used In English E is by far the most common letter Follows TRNIOAS Other letters are fairly rare

See ZJKQX

Tables of single double amp triple letter frequencies exist Most common digram in English is TH

Most common trigram in English in THE

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1238

March 23 2006 12

English Letter Frequencies

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1338

March 23 2006 13

Cryptanalysis of monoalphabetic ciphers

Key concept - monoalphabetic substitution ciphers do not change relativeletter frequencies

Discovered by Arabs in the 9th

century Calculate letter frequencies for ciphertext Compare countsplots against known values

Most frequent letter in the ciphertext may well encrypt E

The next one could encrypt T or A After relatively few tries the system is broken If the ciphertext is relatively short (and so the frequencies are not fully relevant)

then more guesses may be needed

Powerful tool look at the frequency of two-letter combinations (digrams)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1438

March 23 2006 14

Example of cryptanalysis

Ciphertext

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Count relative letter frequencies P is the most frequent (1333) followed byZ (1167) S (833) U (833) O (75) M (667) H (583) etc Guess P and Z stand for E and T but the order is not clear because of small

difference in the frequency The next set of letters SU O M H may stand for A H I N O R S but again it

is not completely clear which is which One may try to guess and see how the text translates Also a good guess is that ZW the most common digram in the ciphertext is TH the

most common digram in English thus ZWP is THE Proceed with trial and error and finally get after inserting the proper blanks

it was disclosed yesterday that several informal but direct contacts havebeen made with political representatives of the viet cong in moscow

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1538

March 23 2006 15

Some conclusions after this cryptanalysis

Monoalphabetic ciphers are easy to break because they reflect thefrequency of the original alphabet Essential to know the original alphabet

Countermeasure provide multiple substitutes for a given letter Highly frequent letters such as E could be encrypted using a larger number of

letters than less frequent letters such as Z to encrypt E one could choose eitherone of say 15 fixed letters and to encrypt Z one could choose either one of say2 fixed letters

The number of encryptions for a letter may be proportional with the frequencyrate in the original language (English)

This should (intuitively) hide the frequency information Wrong Multiple-letter patterns (digrams trigrams etc) survive in the text

providing a tool for cryptanalysis Each element of the plaintext only affects one element in the ciphertext Longer text needed for breaking the system

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1638

March 23 2006 16

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once

2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

Consider both these approaches in the following

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1738

March 23 2006 17

Playfair Cipher

The Playfair Cipher is an example of multiple-letter encryption Invented by Sir Charles Wheatstone in 1854 but named after his

friend Baron Playfair who championed the cipher at the Britishforeign office

Based on the use of a 5x5 matrix in which the letters of the alphabetare written (I is considered the same as J) This is called key matrix

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1838

March 23 2006 18

Playfair key matrix

A 5X5 matrix of letters based on a keyword Fill in letters of keyword (no duplicates)

Left to right top to bottom Fill the rest of matrix with the other letters in alphabetic order

Eg using the keyword MONARCHY we obtain the following matrixM O N A R

C H Y B D

E F G I K

L P Q S T

U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1938

March 23 2006 19

Encrypting and decrypting with Playfair

The plaintext is encrypted two letters at a time

1 Break the plaintext into pairs of two consecutive letters2 If a pair is a repeated letter insert a filler like Xlsquo in the plaintext eg balloon is

treated as ba lx lo on3 If both letters fall in the same row of the key matrix replace each with the letter

to its right (wrapping back to start from end) eg ldquoAR encrypts as RM4 If both letters fall in the same column replace each with the letter below it (again

wrapping to top from bottom) eg ldquoMU encrypts to CM

5 Otherwise each letter is replaced by the one in its row in the column of the otherletter of the pair eg ldquoHS encrypts to BP and ldquoEA to IM or JM (as desired)

Decryption works in the reverse direction The examples above are based on this key matrix

M O N A R M O N A R

C H Y B D C H Y B D

E F G I K E F G I K

L P Q S T L P Q S T

U V W X Z U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2038

March 23 2006 20

Security of Playfair

Security much improved over monoalphabetic There are 26 x 26 = 676 digrams

Needs a 676 entry digram frequency table to analyse (vs 26 for amonoalphabetic) and correspondingly more ciphertext

Widely used for many years (eg US amp British military in WW I otherallied forces in WW II)

Can be broken given a few hundred letters Still has much of plaintext structure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2138

March 23 2006 21

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2238

March 23 2006 22

Polyalphabetic substitution ciphers

Idea use different monoalphabetic substitutions as one proceedsthrough the plaintext

Makes cryptanalysis harder with more alphabets (substitutions) toguess and flattens frequency distribution

A key determines which particular substitution is used in each step Example the Vigenegravere cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1038

March 23 2006 10

Monoalphabetic ciphers

Having 1016 possible keys appears to make the system challengingdifficult to perform brute-force attacks

There is however another line of attack that easily defeats thesystem even when a relatively small ciphertext is known If the cryptanalyst knows the nature of the text eg noncompressed

English text then he can exploit the regularities of the language

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1138

March 23 2006 11

Language redundancy and cryptanalysis

Human languages are redundant

Letters are not equally commonly used In English E is by far the most common letter Follows TRNIOAS Other letters are fairly rare

See ZJKQX

Tables of single double amp triple letter frequencies exist Most common digram in English is TH

Most common trigram in English in THE

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1238

March 23 2006 12

English Letter Frequencies

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1338

March 23 2006 13

Cryptanalysis of monoalphabetic ciphers

Key concept - monoalphabetic substitution ciphers do not change relativeletter frequencies

Discovered by Arabs in the 9th

century Calculate letter frequencies for ciphertext Compare countsplots against known values

Most frequent letter in the ciphertext may well encrypt E

The next one could encrypt T or A After relatively few tries the system is broken If the ciphertext is relatively short (and so the frequencies are not fully relevant)

then more guesses may be needed

Powerful tool look at the frequency of two-letter combinations (digrams)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1438

March 23 2006 14

Example of cryptanalysis

Ciphertext

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Count relative letter frequencies P is the most frequent (1333) followed byZ (1167) S (833) U (833) O (75) M (667) H (583) etc Guess P and Z stand for E and T but the order is not clear because of small

difference in the frequency The next set of letters SU O M H may stand for A H I N O R S but again it

is not completely clear which is which One may try to guess and see how the text translates Also a good guess is that ZW the most common digram in the ciphertext is TH the

most common digram in English thus ZWP is THE Proceed with trial and error and finally get after inserting the proper blanks

it was disclosed yesterday that several informal but direct contacts havebeen made with political representatives of the viet cong in moscow

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1538

March 23 2006 15

Some conclusions after this cryptanalysis

Monoalphabetic ciphers are easy to break because they reflect thefrequency of the original alphabet Essential to know the original alphabet

Countermeasure provide multiple substitutes for a given letter Highly frequent letters such as E could be encrypted using a larger number of

letters than less frequent letters such as Z to encrypt E one could choose eitherone of say 15 fixed letters and to encrypt Z one could choose either one of say2 fixed letters

The number of encryptions for a letter may be proportional with the frequencyrate in the original language (English)

This should (intuitively) hide the frequency information Wrong Multiple-letter patterns (digrams trigrams etc) survive in the text

providing a tool for cryptanalysis Each element of the plaintext only affects one element in the ciphertext Longer text needed for breaking the system

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1638

March 23 2006 16

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once

2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

Consider both these approaches in the following

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1738

March 23 2006 17

Playfair Cipher

The Playfair Cipher is an example of multiple-letter encryption Invented by Sir Charles Wheatstone in 1854 but named after his

friend Baron Playfair who championed the cipher at the Britishforeign office

Based on the use of a 5x5 matrix in which the letters of the alphabetare written (I is considered the same as J) This is called key matrix

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1838

March 23 2006 18

Playfair key matrix

A 5X5 matrix of letters based on a keyword Fill in letters of keyword (no duplicates)

Left to right top to bottom Fill the rest of matrix with the other letters in alphabetic order

Eg using the keyword MONARCHY we obtain the following matrixM O N A R

C H Y B D

E F G I K

L P Q S T

U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1938

March 23 2006 19

Encrypting and decrypting with Playfair

The plaintext is encrypted two letters at a time

1 Break the plaintext into pairs of two consecutive letters2 If a pair is a repeated letter insert a filler like Xlsquo in the plaintext eg balloon is

treated as ba lx lo on3 If both letters fall in the same row of the key matrix replace each with the letter

to its right (wrapping back to start from end) eg ldquoAR encrypts as RM4 If both letters fall in the same column replace each with the letter below it (again

wrapping to top from bottom) eg ldquoMU encrypts to CM

5 Otherwise each letter is replaced by the one in its row in the column of the otherletter of the pair eg ldquoHS encrypts to BP and ldquoEA to IM or JM (as desired)

Decryption works in the reverse direction The examples above are based on this key matrix

M O N A R M O N A R

C H Y B D C H Y B D

E F G I K E F G I K

L P Q S T L P Q S T

U V W X Z U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2038

March 23 2006 20

Security of Playfair

Security much improved over monoalphabetic There are 26 x 26 = 676 digrams

Needs a 676 entry digram frequency table to analyse (vs 26 for amonoalphabetic) and correspondingly more ciphertext

Widely used for many years (eg US amp British military in WW I otherallied forces in WW II)

Can be broken given a few hundred letters Still has much of plaintext structure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2138

March 23 2006 21

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2238

March 23 2006 22

Polyalphabetic substitution ciphers

Idea use different monoalphabetic substitutions as one proceedsthrough the plaintext

Makes cryptanalysis harder with more alphabets (substitutions) toguess and flattens frequency distribution

A key determines which particular substitution is used in each step Example the Vigenegravere cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1138

March 23 2006 11

Language redundancy and cryptanalysis

Human languages are redundant

Letters are not equally commonly used In English E is by far the most common letter Follows TRNIOAS Other letters are fairly rare

See ZJKQX

Tables of single double amp triple letter frequencies exist Most common digram in English is TH

Most common trigram in English in THE

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1238

March 23 2006 12

English Letter Frequencies

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1338

March 23 2006 13

Cryptanalysis of monoalphabetic ciphers

Key concept - monoalphabetic substitution ciphers do not change relativeletter frequencies

Discovered by Arabs in the 9th

century Calculate letter frequencies for ciphertext Compare countsplots against known values

Most frequent letter in the ciphertext may well encrypt E

The next one could encrypt T or A After relatively few tries the system is broken If the ciphertext is relatively short (and so the frequencies are not fully relevant)

then more guesses may be needed

Powerful tool look at the frequency of two-letter combinations (digrams)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1438

March 23 2006 14

Example of cryptanalysis

Ciphertext

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Count relative letter frequencies P is the most frequent (1333) followed byZ (1167) S (833) U (833) O (75) M (667) H (583) etc Guess P and Z stand for E and T but the order is not clear because of small

difference in the frequency The next set of letters SU O M H may stand for A H I N O R S but again it

is not completely clear which is which One may try to guess and see how the text translates Also a good guess is that ZW the most common digram in the ciphertext is TH the

most common digram in English thus ZWP is THE Proceed with trial and error and finally get after inserting the proper blanks

it was disclosed yesterday that several informal but direct contacts havebeen made with political representatives of the viet cong in moscow

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1538

March 23 2006 15

Some conclusions after this cryptanalysis

Monoalphabetic ciphers are easy to break because they reflect thefrequency of the original alphabet Essential to know the original alphabet

Countermeasure provide multiple substitutes for a given letter Highly frequent letters such as E could be encrypted using a larger number of

letters than less frequent letters such as Z to encrypt E one could choose eitherone of say 15 fixed letters and to encrypt Z one could choose either one of say2 fixed letters

The number of encryptions for a letter may be proportional with the frequencyrate in the original language (English)

This should (intuitively) hide the frequency information Wrong Multiple-letter patterns (digrams trigrams etc) survive in the text

providing a tool for cryptanalysis Each element of the plaintext only affects one element in the ciphertext Longer text needed for breaking the system

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1638

March 23 2006 16

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once

2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

Consider both these approaches in the following

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1738

March 23 2006 17

Playfair Cipher

The Playfair Cipher is an example of multiple-letter encryption Invented by Sir Charles Wheatstone in 1854 but named after his

friend Baron Playfair who championed the cipher at the Britishforeign office

Based on the use of a 5x5 matrix in which the letters of the alphabetare written (I is considered the same as J) This is called key matrix

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1838

March 23 2006 18

Playfair key matrix

A 5X5 matrix of letters based on a keyword Fill in letters of keyword (no duplicates)

Left to right top to bottom Fill the rest of matrix with the other letters in alphabetic order

Eg using the keyword MONARCHY we obtain the following matrixM O N A R

C H Y B D

E F G I K

L P Q S T

U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1938

March 23 2006 19

Encrypting and decrypting with Playfair

The plaintext is encrypted two letters at a time

1 Break the plaintext into pairs of two consecutive letters2 If a pair is a repeated letter insert a filler like Xlsquo in the plaintext eg balloon is

treated as ba lx lo on3 If both letters fall in the same row of the key matrix replace each with the letter

to its right (wrapping back to start from end) eg ldquoAR encrypts as RM4 If both letters fall in the same column replace each with the letter below it (again

wrapping to top from bottom) eg ldquoMU encrypts to CM

5 Otherwise each letter is replaced by the one in its row in the column of the otherletter of the pair eg ldquoHS encrypts to BP and ldquoEA to IM or JM (as desired)

Decryption works in the reverse direction The examples above are based on this key matrix

M O N A R M O N A R

C H Y B D C H Y B D

E F G I K E F G I K

L P Q S T L P Q S T

U V W X Z U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2038

March 23 2006 20

Security of Playfair

Security much improved over monoalphabetic There are 26 x 26 = 676 digrams

Needs a 676 entry digram frequency table to analyse (vs 26 for amonoalphabetic) and correspondingly more ciphertext

Widely used for many years (eg US amp British military in WW I otherallied forces in WW II)

Can be broken given a few hundred letters Still has much of plaintext structure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2138

March 23 2006 21

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2238

March 23 2006 22

Polyalphabetic substitution ciphers

Idea use different monoalphabetic substitutions as one proceedsthrough the plaintext

Makes cryptanalysis harder with more alphabets (substitutions) toguess and flattens frequency distribution

A key determines which particular substitution is used in each step Example the Vigenegravere cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1238

March 23 2006 12

English Letter Frequencies

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1338

March 23 2006 13

Cryptanalysis of monoalphabetic ciphers

Key concept - monoalphabetic substitution ciphers do not change relativeletter frequencies

Discovered by Arabs in the 9th

century Calculate letter frequencies for ciphertext Compare countsplots against known values

Most frequent letter in the ciphertext may well encrypt E

The next one could encrypt T or A After relatively few tries the system is broken If the ciphertext is relatively short (and so the frequencies are not fully relevant)

then more guesses may be needed

Powerful tool look at the frequency of two-letter combinations (digrams)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1438

March 23 2006 14

Example of cryptanalysis

Ciphertext

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Count relative letter frequencies P is the most frequent (1333) followed byZ (1167) S (833) U (833) O (75) M (667) H (583) etc Guess P and Z stand for E and T but the order is not clear because of small

difference in the frequency The next set of letters SU O M H may stand for A H I N O R S but again it

is not completely clear which is which One may try to guess and see how the text translates Also a good guess is that ZW the most common digram in the ciphertext is TH the

most common digram in English thus ZWP is THE Proceed with trial and error and finally get after inserting the proper blanks

it was disclosed yesterday that several informal but direct contacts havebeen made with political representatives of the viet cong in moscow

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1538

March 23 2006 15

Some conclusions after this cryptanalysis

Monoalphabetic ciphers are easy to break because they reflect thefrequency of the original alphabet Essential to know the original alphabet

Countermeasure provide multiple substitutes for a given letter Highly frequent letters such as E could be encrypted using a larger number of

letters than less frequent letters such as Z to encrypt E one could choose eitherone of say 15 fixed letters and to encrypt Z one could choose either one of say2 fixed letters

The number of encryptions for a letter may be proportional with the frequencyrate in the original language (English)

This should (intuitively) hide the frequency information Wrong Multiple-letter patterns (digrams trigrams etc) survive in the text

providing a tool for cryptanalysis Each element of the plaintext only affects one element in the ciphertext Longer text needed for breaking the system

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1638

March 23 2006 16

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once

2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

Consider both these approaches in the following

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1738

March 23 2006 17

Playfair Cipher

The Playfair Cipher is an example of multiple-letter encryption Invented by Sir Charles Wheatstone in 1854 but named after his

friend Baron Playfair who championed the cipher at the Britishforeign office

Based on the use of a 5x5 matrix in which the letters of the alphabetare written (I is considered the same as J) This is called key matrix

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1838

March 23 2006 18

Playfair key matrix

A 5X5 matrix of letters based on a keyword Fill in letters of keyword (no duplicates)

Left to right top to bottom Fill the rest of matrix with the other letters in alphabetic order

Eg using the keyword MONARCHY we obtain the following matrixM O N A R

C H Y B D

E F G I K

L P Q S T

U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1938

March 23 2006 19

Encrypting and decrypting with Playfair

The plaintext is encrypted two letters at a time

1 Break the plaintext into pairs of two consecutive letters2 If a pair is a repeated letter insert a filler like Xlsquo in the plaintext eg balloon is

treated as ba lx lo on3 If both letters fall in the same row of the key matrix replace each with the letter

to its right (wrapping back to start from end) eg ldquoAR encrypts as RM4 If both letters fall in the same column replace each with the letter below it (again

wrapping to top from bottom) eg ldquoMU encrypts to CM

5 Otherwise each letter is replaced by the one in its row in the column of the otherletter of the pair eg ldquoHS encrypts to BP and ldquoEA to IM or JM (as desired)

Decryption works in the reverse direction The examples above are based on this key matrix

M O N A R M O N A R

C H Y B D C H Y B D

E F G I K E F G I K

L P Q S T L P Q S T

U V W X Z U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2038

March 23 2006 20

Security of Playfair

Security much improved over monoalphabetic There are 26 x 26 = 676 digrams

Needs a 676 entry digram frequency table to analyse (vs 26 for amonoalphabetic) and correspondingly more ciphertext

Widely used for many years (eg US amp British military in WW I otherallied forces in WW II)

Can be broken given a few hundred letters Still has much of plaintext structure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2138

March 23 2006 21

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2238

March 23 2006 22

Polyalphabetic substitution ciphers

Idea use different monoalphabetic substitutions as one proceedsthrough the plaintext

Makes cryptanalysis harder with more alphabets (substitutions) toguess and flattens frequency distribution

A key determines which particular substitution is used in each step Example the Vigenegravere cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1338

March 23 2006 13

Cryptanalysis of monoalphabetic ciphers

Key concept - monoalphabetic substitution ciphers do not change relativeletter frequencies

Discovered by Arabs in the 9th

century Calculate letter frequencies for ciphertext Compare countsplots against known values

Most frequent letter in the ciphertext may well encrypt E

The next one could encrypt T or A After relatively few tries the system is broken If the ciphertext is relatively short (and so the frequencies are not fully relevant)

then more guesses may be needed

Powerful tool look at the frequency of two-letter combinations (digrams)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1438

March 23 2006 14

Example of cryptanalysis

Ciphertext

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Count relative letter frequencies P is the most frequent (1333) followed byZ (1167) S (833) U (833) O (75) M (667) H (583) etc Guess P and Z stand for E and T but the order is not clear because of small

difference in the frequency The next set of letters SU O M H may stand for A H I N O R S but again it

is not completely clear which is which One may try to guess and see how the text translates Also a good guess is that ZW the most common digram in the ciphertext is TH the

most common digram in English thus ZWP is THE Proceed with trial and error and finally get after inserting the proper blanks

it was disclosed yesterday that several informal but direct contacts havebeen made with political representatives of the viet cong in moscow

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1538

March 23 2006 15

Some conclusions after this cryptanalysis

Monoalphabetic ciphers are easy to break because they reflect thefrequency of the original alphabet Essential to know the original alphabet

Countermeasure provide multiple substitutes for a given letter Highly frequent letters such as E could be encrypted using a larger number of

letters than less frequent letters such as Z to encrypt E one could choose eitherone of say 15 fixed letters and to encrypt Z one could choose either one of say2 fixed letters

The number of encryptions for a letter may be proportional with the frequencyrate in the original language (English)

This should (intuitively) hide the frequency information Wrong Multiple-letter patterns (digrams trigrams etc) survive in the text

providing a tool for cryptanalysis Each element of the plaintext only affects one element in the ciphertext Longer text needed for breaking the system

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1638

March 23 2006 16

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once

2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

Consider both these approaches in the following

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1738

March 23 2006 17

Playfair Cipher

The Playfair Cipher is an example of multiple-letter encryption Invented by Sir Charles Wheatstone in 1854 but named after his

friend Baron Playfair who championed the cipher at the Britishforeign office

Based on the use of a 5x5 matrix in which the letters of the alphabetare written (I is considered the same as J) This is called key matrix

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1838

March 23 2006 18

Playfair key matrix

A 5X5 matrix of letters based on a keyword Fill in letters of keyword (no duplicates)

Left to right top to bottom Fill the rest of matrix with the other letters in alphabetic order

Eg using the keyword MONARCHY we obtain the following matrixM O N A R

C H Y B D

E F G I K

L P Q S T

U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1938

March 23 2006 19

Encrypting and decrypting with Playfair

The plaintext is encrypted two letters at a time

1 Break the plaintext into pairs of two consecutive letters2 If a pair is a repeated letter insert a filler like Xlsquo in the plaintext eg balloon is

treated as ba lx lo on3 If both letters fall in the same row of the key matrix replace each with the letter

to its right (wrapping back to start from end) eg ldquoAR encrypts as RM4 If both letters fall in the same column replace each with the letter below it (again

wrapping to top from bottom) eg ldquoMU encrypts to CM

5 Otherwise each letter is replaced by the one in its row in the column of the otherletter of the pair eg ldquoHS encrypts to BP and ldquoEA to IM or JM (as desired)

Decryption works in the reverse direction The examples above are based on this key matrix

M O N A R M O N A R

C H Y B D C H Y B D

E F G I K E F G I K

L P Q S T L P Q S T

U V W X Z U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2038

March 23 2006 20

Security of Playfair

Security much improved over monoalphabetic There are 26 x 26 = 676 digrams

Needs a 676 entry digram frequency table to analyse (vs 26 for amonoalphabetic) and correspondingly more ciphertext

Widely used for many years (eg US amp British military in WW I otherallied forces in WW II)

Can be broken given a few hundred letters Still has much of plaintext structure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2138

March 23 2006 21

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2238

March 23 2006 22

Polyalphabetic substitution ciphers

Idea use different monoalphabetic substitutions as one proceedsthrough the plaintext

Makes cryptanalysis harder with more alphabets (substitutions) toguess and flattens frequency distribution

A key determines which particular substitution is used in each step Example the Vigenegravere cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1438

March 23 2006 14

Example of cryptanalysis

Ciphertext

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Count relative letter frequencies P is the most frequent (1333) followed byZ (1167) S (833) U (833) O (75) M (667) H (583) etc Guess P and Z stand for E and T but the order is not clear because of small

difference in the frequency The next set of letters SU O M H may stand for A H I N O R S but again it

is not completely clear which is which One may try to guess and see how the text translates Also a good guess is that ZW the most common digram in the ciphertext is TH the

most common digram in English thus ZWP is THE Proceed with trial and error and finally get after inserting the proper blanks

it was disclosed yesterday that several informal but direct contacts havebeen made with political representatives of the viet cong in moscow

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1538

March 23 2006 15

Some conclusions after this cryptanalysis

Monoalphabetic ciphers are easy to break because they reflect thefrequency of the original alphabet Essential to know the original alphabet

Countermeasure provide multiple substitutes for a given letter Highly frequent letters such as E could be encrypted using a larger number of

letters than less frequent letters such as Z to encrypt E one could choose eitherone of say 15 fixed letters and to encrypt Z one could choose either one of say2 fixed letters

The number of encryptions for a letter may be proportional with the frequencyrate in the original language (English)

This should (intuitively) hide the frequency information Wrong Multiple-letter patterns (digrams trigrams etc) survive in the text

providing a tool for cryptanalysis Each element of the plaintext only affects one element in the ciphertext Longer text needed for breaking the system

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1638

March 23 2006 16

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once

2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

Consider both these approaches in the following

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1738

March 23 2006 17

Playfair Cipher

The Playfair Cipher is an example of multiple-letter encryption Invented by Sir Charles Wheatstone in 1854 but named after his

friend Baron Playfair who championed the cipher at the Britishforeign office

Based on the use of a 5x5 matrix in which the letters of the alphabetare written (I is considered the same as J) This is called key matrix

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1838

March 23 2006 18

Playfair key matrix

A 5X5 matrix of letters based on a keyword Fill in letters of keyword (no duplicates)

Left to right top to bottom Fill the rest of matrix with the other letters in alphabetic order

Eg using the keyword MONARCHY we obtain the following matrixM O N A R

C H Y B D

E F G I K

L P Q S T

U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1938

March 23 2006 19

Encrypting and decrypting with Playfair

The plaintext is encrypted two letters at a time

1 Break the plaintext into pairs of two consecutive letters2 If a pair is a repeated letter insert a filler like Xlsquo in the plaintext eg balloon is

treated as ba lx lo on3 If both letters fall in the same row of the key matrix replace each with the letter

to its right (wrapping back to start from end) eg ldquoAR encrypts as RM4 If both letters fall in the same column replace each with the letter below it (again

wrapping to top from bottom) eg ldquoMU encrypts to CM

5 Otherwise each letter is replaced by the one in its row in the column of the otherletter of the pair eg ldquoHS encrypts to BP and ldquoEA to IM or JM (as desired)

Decryption works in the reverse direction The examples above are based on this key matrix

M O N A R M O N A R

C H Y B D C H Y B D

E F G I K E F G I K

L P Q S T L P Q S T

U V W X Z U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2038

March 23 2006 20

Security of Playfair

Security much improved over monoalphabetic There are 26 x 26 = 676 digrams

Needs a 676 entry digram frequency table to analyse (vs 26 for amonoalphabetic) and correspondingly more ciphertext

Widely used for many years (eg US amp British military in WW I otherallied forces in WW II)

Can be broken given a few hundred letters Still has much of plaintext structure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2138

March 23 2006 21

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2238

March 23 2006 22

Polyalphabetic substitution ciphers

Idea use different monoalphabetic substitutions as one proceedsthrough the plaintext

Makes cryptanalysis harder with more alphabets (substitutions) toguess and flattens frequency distribution

A key determines which particular substitution is used in each step Example the Vigenegravere cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1538

March 23 2006 15

Some conclusions after this cryptanalysis

Monoalphabetic ciphers are easy to break because they reflect thefrequency of the original alphabet Essential to know the original alphabet

Countermeasure provide multiple substitutes for a given letter Highly frequent letters such as E could be encrypted using a larger number of

letters than less frequent letters such as Z to encrypt E one could choose eitherone of say 15 fixed letters and to encrypt Z one could choose either one of say2 fixed letters

The number of encryptions for a letter may be proportional with the frequencyrate in the original language (English)

This should (intuitively) hide the frequency information Wrong Multiple-letter patterns (digrams trigrams etc) survive in the text

providing a tool for cryptanalysis Each element of the plaintext only affects one element in the ciphertext Longer text needed for breaking the system

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1638

March 23 2006 16

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once

2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

Consider both these approaches in the following

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1738

March 23 2006 17

Playfair Cipher

The Playfair Cipher is an example of multiple-letter encryption Invented by Sir Charles Wheatstone in 1854 but named after his

friend Baron Playfair who championed the cipher at the Britishforeign office

Based on the use of a 5x5 matrix in which the letters of the alphabetare written (I is considered the same as J) This is called key matrix

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1838

March 23 2006 18

Playfair key matrix

A 5X5 matrix of letters based on a keyword Fill in letters of keyword (no duplicates)

Left to right top to bottom Fill the rest of matrix with the other letters in alphabetic order

Eg using the keyword MONARCHY we obtain the following matrixM O N A R

C H Y B D

E F G I K

L P Q S T

U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1938

March 23 2006 19

Encrypting and decrypting with Playfair

The plaintext is encrypted two letters at a time

1 Break the plaintext into pairs of two consecutive letters2 If a pair is a repeated letter insert a filler like Xlsquo in the plaintext eg balloon is

treated as ba lx lo on3 If both letters fall in the same row of the key matrix replace each with the letter

to its right (wrapping back to start from end) eg ldquoAR encrypts as RM4 If both letters fall in the same column replace each with the letter below it (again

wrapping to top from bottom) eg ldquoMU encrypts to CM

5 Otherwise each letter is replaced by the one in its row in the column of the otherletter of the pair eg ldquoHS encrypts to BP and ldquoEA to IM or JM (as desired)

Decryption works in the reverse direction The examples above are based on this key matrix

M O N A R M O N A R

C H Y B D C H Y B D

E F G I K E F G I K

L P Q S T L P Q S T

U V W X Z U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2038

March 23 2006 20

Security of Playfair

Security much improved over monoalphabetic There are 26 x 26 = 676 digrams

Needs a 676 entry digram frequency table to analyse (vs 26 for amonoalphabetic) and correspondingly more ciphertext

Widely used for many years (eg US amp British military in WW I otherallied forces in WW II)

Can be broken given a few hundred letters Still has much of plaintext structure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2138

March 23 2006 21

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2238

March 23 2006 22

Polyalphabetic substitution ciphers

Idea use different monoalphabetic substitutions as one proceedsthrough the plaintext

Makes cryptanalysis harder with more alphabets (substitutions) toguess and flattens frequency distribution

A key determines which particular substitution is used in each step Example the Vigenegravere cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1638

March 23 2006 16

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once

2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

Consider both these approaches in the following

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1738

March 23 2006 17

Playfair Cipher

The Playfair Cipher is an example of multiple-letter encryption Invented by Sir Charles Wheatstone in 1854 but named after his

friend Baron Playfair who championed the cipher at the Britishforeign office

Based on the use of a 5x5 matrix in which the letters of the alphabetare written (I is considered the same as J) This is called key matrix

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1838

March 23 2006 18

Playfair key matrix

A 5X5 matrix of letters based on a keyword Fill in letters of keyword (no duplicates)

Left to right top to bottom Fill the rest of matrix with the other letters in alphabetic order

Eg using the keyword MONARCHY we obtain the following matrixM O N A R

C H Y B D

E F G I K

L P Q S T

U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1938

March 23 2006 19

Encrypting and decrypting with Playfair

The plaintext is encrypted two letters at a time

1 Break the plaintext into pairs of two consecutive letters2 If a pair is a repeated letter insert a filler like Xlsquo in the plaintext eg balloon is

treated as ba lx lo on3 If both letters fall in the same row of the key matrix replace each with the letter

to its right (wrapping back to start from end) eg ldquoAR encrypts as RM4 If both letters fall in the same column replace each with the letter below it (again

wrapping to top from bottom) eg ldquoMU encrypts to CM

5 Otherwise each letter is replaced by the one in its row in the column of the otherletter of the pair eg ldquoHS encrypts to BP and ldquoEA to IM or JM (as desired)

Decryption works in the reverse direction The examples above are based on this key matrix

M O N A R M O N A R

C H Y B D C H Y B D

E F G I K E F G I K

L P Q S T L P Q S T

U V W X Z U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2038

March 23 2006 20

Security of Playfair

Security much improved over monoalphabetic There are 26 x 26 = 676 digrams

Needs a 676 entry digram frequency table to analyse (vs 26 for amonoalphabetic) and correspondingly more ciphertext

Widely used for many years (eg US amp British military in WW I otherallied forces in WW II)

Can be broken given a few hundred letters Still has much of plaintext structure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2138

March 23 2006 21

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2238

March 23 2006 22

Polyalphabetic substitution ciphers

Idea use different monoalphabetic substitutions as one proceedsthrough the plaintext

Makes cryptanalysis harder with more alphabets (substitutions) toguess and flattens frequency distribution

A key determines which particular substitution is used in each step Example the Vigenegravere cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1738

March 23 2006 17

Playfair Cipher

The Playfair Cipher is an example of multiple-letter encryption Invented by Sir Charles Wheatstone in 1854 but named after his

friend Baron Playfair who championed the cipher at the Britishforeign office

Based on the use of a 5x5 matrix in which the letters of the alphabetare written (I is considered the same as J) This is called key matrix

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1838

March 23 2006 18

Playfair key matrix

A 5X5 matrix of letters based on a keyword Fill in letters of keyword (no duplicates)

Left to right top to bottom Fill the rest of matrix with the other letters in alphabetic order

Eg using the keyword MONARCHY we obtain the following matrixM O N A R

C H Y B D

E F G I K

L P Q S T

U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1938

March 23 2006 19

Encrypting and decrypting with Playfair

The plaintext is encrypted two letters at a time

1 Break the plaintext into pairs of two consecutive letters2 If a pair is a repeated letter insert a filler like Xlsquo in the plaintext eg balloon is

treated as ba lx lo on3 If both letters fall in the same row of the key matrix replace each with the letter

to its right (wrapping back to start from end) eg ldquoAR encrypts as RM4 If both letters fall in the same column replace each with the letter below it (again

wrapping to top from bottom) eg ldquoMU encrypts to CM

5 Otherwise each letter is replaced by the one in its row in the column of the otherletter of the pair eg ldquoHS encrypts to BP and ldquoEA to IM or JM (as desired)

Decryption works in the reverse direction The examples above are based on this key matrix

M O N A R M O N A R

C H Y B D C H Y B D

E F G I K E F G I K

L P Q S T L P Q S T

U V W X Z U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2038

March 23 2006 20

Security of Playfair

Security much improved over monoalphabetic There are 26 x 26 = 676 digrams

Needs a 676 entry digram frequency table to analyse (vs 26 for amonoalphabetic) and correspondingly more ciphertext

Widely used for many years (eg US amp British military in WW I otherallied forces in WW II)

Can be broken given a few hundred letters Still has much of plaintext structure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2138

March 23 2006 21

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2238

March 23 2006 22

Polyalphabetic substitution ciphers

Idea use different monoalphabetic substitutions as one proceedsthrough the plaintext

Makes cryptanalysis harder with more alphabets (substitutions) toguess and flattens frequency distribution

A key determines which particular substitution is used in each step Example the Vigenegravere cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1838

March 23 2006 18

Playfair key matrix

A 5X5 matrix of letters based on a keyword Fill in letters of keyword (no duplicates)

Left to right top to bottom Fill the rest of matrix with the other letters in alphabetic order

Eg using the keyword MONARCHY we obtain the following matrixM O N A R

C H Y B D

E F G I K

L P Q S T

U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1938

March 23 2006 19

Encrypting and decrypting with Playfair

The plaintext is encrypted two letters at a time

1 Break the plaintext into pairs of two consecutive letters2 If a pair is a repeated letter insert a filler like Xlsquo in the plaintext eg balloon is

treated as ba lx lo on3 If both letters fall in the same row of the key matrix replace each with the letter

to its right (wrapping back to start from end) eg ldquoAR encrypts as RM4 If both letters fall in the same column replace each with the letter below it (again

wrapping to top from bottom) eg ldquoMU encrypts to CM

5 Otherwise each letter is replaced by the one in its row in the column of the otherletter of the pair eg ldquoHS encrypts to BP and ldquoEA to IM or JM (as desired)

Decryption works in the reverse direction The examples above are based on this key matrix

M O N A R M O N A R

C H Y B D C H Y B D

E F G I K E F G I K

L P Q S T L P Q S T

U V W X Z U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2038

March 23 2006 20

Security of Playfair

Security much improved over monoalphabetic There are 26 x 26 = 676 digrams

Needs a 676 entry digram frequency table to analyse (vs 26 for amonoalphabetic) and correspondingly more ciphertext

Widely used for many years (eg US amp British military in WW I otherallied forces in WW II)

Can be broken given a few hundred letters Still has much of plaintext structure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2138

March 23 2006 21

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2238

March 23 2006 22

Polyalphabetic substitution ciphers

Idea use different monoalphabetic substitutions as one proceedsthrough the plaintext

Makes cryptanalysis harder with more alphabets (substitutions) toguess and flattens frequency distribution

A key determines which particular substitution is used in each step Example the Vigenegravere cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 1938

March 23 2006 19

Encrypting and decrypting with Playfair

The plaintext is encrypted two letters at a time

1 Break the plaintext into pairs of two consecutive letters2 If a pair is a repeated letter insert a filler like Xlsquo in the plaintext eg balloon is

treated as ba lx lo on3 If both letters fall in the same row of the key matrix replace each with the letter

to its right (wrapping back to start from end) eg ldquoAR encrypts as RM4 If both letters fall in the same column replace each with the letter below it (again

wrapping to top from bottom) eg ldquoMU encrypts to CM

5 Otherwise each letter is replaced by the one in its row in the column of the otherletter of the pair eg ldquoHS encrypts to BP and ldquoEA to IM or JM (as desired)

Decryption works in the reverse direction The examples above are based on this key matrix

M O N A R M O N A R

C H Y B D C H Y B D

E F G I K E F G I K

L P Q S T L P Q S T

U V W X Z U V W X Z

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2038

March 23 2006 20

Security of Playfair

Security much improved over monoalphabetic There are 26 x 26 = 676 digrams

Needs a 676 entry digram frequency table to analyse (vs 26 for amonoalphabetic) and correspondingly more ciphertext

Widely used for many years (eg US amp British military in WW I otherallied forces in WW II)

Can be broken given a few hundred letters Still has much of plaintext structure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2138

March 23 2006 21

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2238

March 23 2006 22

Polyalphabetic substitution ciphers

Idea use different monoalphabetic substitutions as one proceedsthrough the plaintext

Makes cryptanalysis harder with more alphabets (substitutions) toguess and flattens frequency distribution

A key determines which particular substitution is used in each step Example the Vigenegravere cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2038

March 23 2006 20

Security of Playfair

Security much improved over monoalphabetic There are 26 x 26 = 676 digrams

Needs a 676 entry digram frequency table to analyse (vs 26 for amonoalphabetic) and correspondingly more ciphertext

Widely used for many years (eg US amp British military in WW I otherallied forces in WW II)

Can be broken given a few hundred letters Still has much of plaintext structure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2138

March 23 2006 21

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2238

March 23 2006 22

Polyalphabetic substitution ciphers

Idea use different monoalphabetic substitutions as one proceedsthrough the plaintext

Makes cryptanalysis harder with more alphabets (substitutions) toguess and flattens frequency distribution

A key determines which particular substitution is used in each step Example the Vigenegravere cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2138

March 23 2006 21

Measures to hide the structure of the plaintext

1 Encrypt multiple letters of the plaintext at once2 Use more than one substitution in encryption and decryption

(polyalphabetic ciphers )

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2238

March 23 2006 22

Polyalphabetic substitution ciphers

Idea use different monoalphabetic substitutions as one proceedsthrough the plaintext

Makes cryptanalysis harder with more alphabets (substitutions) toguess and flattens frequency distribution

A key determines which particular substitution is used in each step Example the Vigenegravere cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2238

March 23 2006 22

Polyalphabetic substitution ciphers

Idea use different monoalphabetic substitutions as one proceedsthrough the plaintext

Makes cryptanalysis harder with more alphabets (substitutions) toguess and flattens frequency distribution

A key determines which particular substitution is used in each step Example the Vigenegravere cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2338

March 23 2006 23

Vigenegravere Cipher

Proposed by Giovan Batista Belaso (1553) and reinvented by Blaisede Vigenegravere (1586) called ldquole chiffre indeacutechiffrablerdquo for 300 years

Effectively multiple Caesar ciphers Key is a word K = k1 k2 kd Encryption

Read one letter t from the plaintext and one letter k from the key

t is encrypted according to the Caesar cipher with key k When the key word is finished start the reading of the key from the beginning

Decryption works in reverse Example key is ldquobcderdquo ldquotestingrdquo is encrypted as ldquougvxjpjrdquo

Note that the two lsquotrsquo are encrypted by different letters lsquoursquo and lsquoxrsquo The two lsquo jrsquo in the cryptotext come from different plain letters lsquoirsquo and lsquo jrsquo

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2438

March 23 2006 24

Plaintext letters here

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2538

March 23 2006 25

Vigenere tableauA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Example

bull write the plaintext out

bull write the keyword repeated above it

bull use each key letter as a Caesar cipher key

bull encrypt the corresponding plaintext letter

bull eg using keyword deceptive

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZICVTWQNGRZGVTWAVZHCQYGLMGJ

K

e y l e t t e r s h e

r e

f h

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2638

March 23 2006 26

Security of Vigenegravere Ciphers

Its strength lays in the fact that each plaintext letter has multipleciphertext letters

Letter frequencies are obscured (but not totally lost) Breaking Vigenegravere

If we need to decide if the text was encrypted with a monoalphabeticcipher or with Vigenegravere Start with letter frequencies See if it ldquolooksrdquo monoalphabetic or not the frequencies should be those of

letters in English texts If not then it is Vigenegravere

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2738

March 23 2006 27

Breaking Vigenegravere the Kasiski Method (cryptotext only)

Method developed by Babbage (1854) Kasiski (1863) Famous incident with breaking the Zimmerman telegram (Jan 16 1917)

We need to find the key word and for this we first find its length Idea if the length is N then the letters on positions 1 N+1 2N+1 3N+1 etc are encrypted with

Caesar same for letters on positions i N+i 2N+i 3N+i etc where i runs from 1 to N Clearly if we deduce the length of the key word then breaking the system is easy break N

Caesar systems

Finding the length of the key word If plaintext starts with ldquotherdquo (encrypted say by ldquoXYZrdquo) and ldquotherdquo also occurs starting from

position N+1 then 2nd occurrence of ldquotherdquo will also be encrypted by ldquoXYZrdquo Idea repetitions in ciphertext give clues to period Approach find a piece of ciphertext that is repeated several times (say at distance 6 9 18 9

from each other) If they really come from the same piece of plaintext then the length of the key word will be a

divisor of all those distances (in our example the length of the key word must be 3)

Example

plain wearediscoveredsaveyourself

key deceptivedeceptivedeceptive

cipher ZIC VTWQNGRZG VTW AVZHCQYGLMGJ

I Vi egrave k

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2838

March 23 2006 28

Improvement on Vigenegravere autokey system

If the key were as long as the message then the system would bedefended against the previous attack

Vigenegravere proposed the autokey cipher the keyword is followed by the message itself (see example bellow) Decryption

Knowing the keyword can recover the first few letters Use these in turn on the rest of the message

Note the system still has frequency characteristics to attack and can berather easily defeated

Example the key is deceptive

Weakness plaintext and key share the same statistical distribution of

letters

plaintext wearediscoveredsaveyourself

key deceptivewearediscoveredsav

ciphertext ZICVTWQNGKZEIIGASXSTSLVVWLA

O Ti d

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2938

March 23 2006 29

One-Time pad

The idea of the autokey system can be extended to create an

unbreakable system one-time pad Idea use a (truly) random key as long as the plaintext It is unbreakable since the ciphertext bears no statistical

relationship to the plaintext Moreover for any plaintext amp any ciphertext there exists a key

mapping one to the other Thus a ciphertext can be decrypted to any plaintext of the same length

The cryptanalyst is in an impossible situation

S it f th ti d

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3038

March 23 2006 30

Security of the one-time pad

The security is entirely given by the randomness of the key If the key is truly random then the ciphertext is random A key can only be used once if the cryptanalyst is to be kept in the

ldquo darkrdquo

Problems with this ldquoperfectrdquo cryptosystem Making large quantities of truly random characters is a significant

task Key distribution is enormously difficult for any message to be sent a

key of equal length must be available to both parties

Oth r t h i f r pti tr p iti

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3138

March 23 2006 31

Other technique of encryption transpositions

We have considered so far substitutions to hide the plaintext eachletter is mapped into a letter according to some substitution

Different idea perform some sort of permutation on the plaintextletters Hide the message by rearranging the letter order without altering the

actual letters used

The simplest such technique rail fence technique

Rail Fence cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3238

March 23 2006 32

Rail Fence cipher

Idea write plaintext letters diagonally over a number of rows thenread off cipher row by row

Eg with a rail fence of depth 2 to encrypt the text ldquomeet me afterthe toga partyrdquo write message out asm e m a t r h t g p r y

e t e f e t e o a a t

Ciphertext is read from the above row-by-rowMEMATRHTGPRYETEFETEOAAT

Attack this is easily recognized because it has the same frequencydistribution as the original text

Row transposition ciphers

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3338

March 23 2006 33

Row transposition ciphers

More complex scheme row transposition Write letters of message out in rows over a specified number of columns Reading the cryptotext column-by-column with the columns permuted

according to some key

Example ldquoattack postponed until two amrdquo with key 4312567 first readthe column marked by 1 then the one marked by 2 etc

Key 4 3 1 2 5 6 7

Plaintext a t t a c k p

o s t p o n ed u n t i l t

w o a m x y z

If we number the letters in the plaintext from 1 to 28 then the result ofthe first encryption is the following permutation of letters from plaintext03 10 17 24 04 11 18 25 02 09 16 23 01 08 15 22 05 12 19 26 06 13 20 27 07 14 21 28 Note the regularity of that sequence Easily recognized

Ciphertext TTNAAPTMTSUOAODWCOIXKNLYPETZ

Iterating the encryption makes it more secure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3438

March 23 2006 34

Iterating the encryption makes it more secure

Idea use the same scheme once more to increase security

Key 4 3 1 2 5 6 7

Input T T N A A P T

M T S U O A O

D W C O I X K

N L Y P E T Z

After the second transposition we get the following sequence of letters

17 09 05 27 24 16 12 07 10 02 22 20 03 25 15 12 04 23 19 14 11 01 26 21 18 08 06 28

This is far less structured and so more difficult to cryptanalyze

Output NSCYAUOPTTWLTMDNAOIEPAXTTOKZ

Product Ciphers

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3538

March 23 2006 35

Product Ciphers

Ciphers using substitutions or transpositions are not secure becauseof language characteristics

Idea using several ciphers in succession increases security However

two substitutions only make another (more complex) substitution two transpositions make another (more complex) transposition a substitution followed by a transposition makes a new much harder

cipher

This is the bridge from classical to modern ciphers

Rotor Machines

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3638

March 23 2006 36

Rotor Machines

Before modern ciphers rotor machines were most common product cipher Widely used in WW2

German Enigma Allied Hagelin Japanese Purple

Implemented a very complex varying substitution cipher Principle the machine has a set of independently rotating cylinders through whichelectrical impulses flow Each cylinder has 26 input pins and 26 output pins with internal wiring that connects each input

pin to a unique fixed output pin (one cylinder thus defines a monoalphabetic substitutioncipher)

The output pins of one cylinder are connected to the input pins of the next cylinder After each keystroke the last cylinder rotates one position and the others remain still After a complete rotation of the last cylinder (26 keystrokes) the cylinder before it rotates one

position etc 3 cylinders have a period of 263=17576 4 cylinders have a period of 456 976 5 cylinders have a period of 11 881 376

The Enigma machine (pictures from Wikipedia)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3738

March 23 2006 37

The Enigma machine (pictures from Wikipedia)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3838

March 23 2006 38

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 2938

March 23 2006 29

One-Time pad

The idea of the autokey system can be extended to create an

unbreakable system one-time pad Idea use a (truly) random key as long as the plaintext It is unbreakable since the ciphertext bears no statistical

relationship to the plaintext Moreover for any plaintext amp any ciphertext there exists a key

mapping one to the other Thus a ciphertext can be decrypted to any plaintext of the same length

The cryptanalyst is in an impossible situation

S it f th ti d

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3038

March 23 2006 30

Security of the one-time pad

The security is entirely given by the randomness of the key If the key is truly random then the ciphertext is random A key can only be used once if the cryptanalyst is to be kept in the

ldquo darkrdquo

Problems with this ldquoperfectrdquo cryptosystem Making large quantities of truly random characters is a significant

task Key distribution is enormously difficult for any message to be sent a

key of equal length must be available to both parties

Oth r t h i f r pti tr p iti

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3138

March 23 2006 31

Other technique of encryption transpositions

We have considered so far substitutions to hide the plaintext eachletter is mapped into a letter according to some substitution

Different idea perform some sort of permutation on the plaintextletters Hide the message by rearranging the letter order without altering the

actual letters used

The simplest such technique rail fence technique

Rail Fence cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3238

March 23 2006 32

Rail Fence cipher

Idea write plaintext letters diagonally over a number of rows thenread off cipher row by row

Eg with a rail fence of depth 2 to encrypt the text ldquomeet me afterthe toga partyrdquo write message out asm e m a t r h t g p r y

e t e f e t e o a a t

Ciphertext is read from the above row-by-rowMEMATRHTGPRYETEFETEOAAT

Attack this is easily recognized because it has the same frequencydistribution as the original text

Row transposition ciphers

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3338

March 23 2006 33

Row transposition ciphers

More complex scheme row transposition Write letters of message out in rows over a specified number of columns Reading the cryptotext column-by-column with the columns permuted

according to some key

Example ldquoattack postponed until two amrdquo with key 4312567 first readthe column marked by 1 then the one marked by 2 etc

Key 4 3 1 2 5 6 7

Plaintext a t t a c k p

o s t p o n ed u n t i l t

w o a m x y z

If we number the letters in the plaintext from 1 to 28 then the result ofthe first encryption is the following permutation of letters from plaintext03 10 17 24 04 11 18 25 02 09 16 23 01 08 15 22 05 12 19 26 06 13 20 27 07 14 21 28 Note the regularity of that sequence Easily recognized

Ciphertext TTNAAPTMTSUOAODWCOIXKNLYPETZ

Iterating the encryption makes it more secure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3438

March 23 2006 34

Iterating the encryption makes it more secure

Idea use the same scheme once more to increase security

Key 4 3 1 2 5 6 7

Input T T N A A P T

M T S U O A O

D W C O I X K

N L Y P E T Z

After the second transposition we get the following sequence of letters

17 09 05 27 24 16 12 07 10 02 22 20 03 25 15 12 04 23 19 14 11 01 26 21 18 08 06 28

This is far less structured and so more difficult to cryptanalyze

Output NSCYAUOPTTWLTMDNAOIEPAXTTOKZ

Product Ciphers

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3538

March 23 2006 35

Product Ciphers

Ciphers using substitutions or transpositions are not secure becauseof language characteristics

Idea using several ciphers in succession increases security However

two substitutions only make another (more complex) substitution two transpositions make another (more complex) transposition a substitution followed by a transposition makes a new much harder

cipher

This is the bridge from classical to modern ciphers

Rotor Machines

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3638

March 23 2006 36

Rotor Machines

Before modern ciphers rotor machines were most common product cipher Widely used in WW2

German Enigma Allied Hagelin Japanese Purple

Implemented a very complex varying substitution cipher Principle the machine has a set of independently rotating cylinders through whichelectrical impulses flow Each cylinder has 26 input pins and 26 output pins with internal wiring that connects each input

pin to a unique fixed output pin (one cylinder thus defines a monoalphabetic substitutioncipher)

The output pins of one cylinder are connected to the input pins of the next cylinder After each keystroke the last cylinder rotates one position and the others remain still After a complete rotation of the last cylinder (26 keystrokes) the cylinder before it rotates one

position etc 3 cylinders have a period of 263=17576 4 cylinders have a period of 456 976 5 cylinders have a period of 11 881 376

The Enigma machine (pictures from Wikipedia)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3738

March 23 2006 37

The Enigma machine (pictures from Wikipedia)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3838

March 23 2006 38

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3038

March 23 2006 30

Security of the one-time pad

The security is entirely given by the randomness of the key If the key is truly random then the ciphertext is random A key can only be used once if the cryptanalyst is to be kept in the

ldquo darkrdquo

Problems with this ldquoperfectrdquo cryptosystem Making large quantities of truly random characters is a significant

task Key distribution is enormously difficult for any message to be sent a

key of equal length must be available to both parties

Oth r t h i f r pti tr p iti

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3138

March 23 2006 31

Other technique of encryption transpositions

We have considered so far substitutions to hide the plaintext eachletter is mapped into a letter according to some substitution

Different idea perform some sort of permutation on the plaintextletters Hide the message by rearranging the letter order without altering the

actual letters used

The simplest such technique rail fence technique

Rail Fence cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3238

March 23 2006 32

Rail Fence cipher

Idea write plaintext letters diagonally over a number of rows thenread off cipher row by row

Eg with a rail fence of depth 2 to encrypt the text ldquomeet me afterthe toga partyrdquo write message out asm e m a t r h t g p r y

e t e f e t e o a a t

Ciphertext is read from the above row-by-rowMEMATRHTGPRYETEFETEOAAT

Attack this is easily recognized because it has the same frequencydistribution as the original text

Row transposition ciphers

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3338

March 23 2006 33

Row transposition ciphers

More complex scheme row transposition Write letters of message out in rows over a specified number of columns Reading the cryptotext column-by-column with the columns permuted

according to some key

Example ldquoattack postponed until two amrdquo with key 4312567 first readthe column marked by 1 then the one marked by 2 etc

Key 4 3 1 2 5 6 7

Plaintext a t t a c k p

o s t p o n ed u n t i l t

w o a m x y z

If we number the letters in the plaintext from 1 to 28 then the result ofthe first encryption is the following permutation of letters from plaintext03 10 17 24 04 11 18 25 02 09 16 23 01 08 15 22 05 12 19 26 06 13 20 27 07 14 21 28 Note the regularity of that sequence Easily recognized

Ciphertext TTNAAPTMTSUOAODWCOIXKNLYPETZ

Iterating the encryption makes it more secure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3438

March 23 2006 34

Iterating the encryption makes it more secure

Idea use the same scheme once more to increase security

Key 4 3 1 2 5 6 7

Input T T N A A P T

M T S U O A O

D W C O I X K

N L Y P E T Z

After the second transposition we get the following sequence of letters

17 09 05 27 24 16 12 07 10 02 22 20 03 25 15 12 04 23 19 14 11 01 26 21 18 08 06 28

This is far less structured and so more difficult to cryptanalyze

Output NSCYAUOPTTWLTMDNAOIEPAXTTOKZ

Product Ciphers

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3538

March 23 2006 35

Product Ciphers

Ciphers using substitutions or transpositions are not secure becauseof language characteristics

Idea using several ciphers in succession increases security However

two substitutions only make another (more complex) substitution two transpositions make another (more complex) transposition a substitution followed by a transposition makes a new much harder

cipher

This is the bridge from classical to modern ciphers

Rotor Machines

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3638

March 23 2006 36

Rotor Machines

Before modern ciphers rotor machines were most common product cipher Widely used in WW2

German Enigma Allied Hagelin Japanese Purple

Implemented a very complex varying substitution cipher Principle the machine has a set of independently rotating cylinders through whichelectrical impulses flow Each cylinder has 26 input pins and 26 output pins with internal wiring that connects each input

pin to a unique fixed output pin (one cylinder thus defines a monoalphabetic substitutioncipher)

The output pins of one cylinder are connected to the input pins of the next cylinder After each keystroke the last cylinder rotates one position and the others remain still After a complete rotation of the last cylinder (26 keystrokes) the cylinder before it rotates one

position etc 3 cylinders have a period of 263=17576 4 cylinders have a period of 456 976 5 cylinders have a period of 11 881 376

The Enigma machine (pictures from Wikipedia)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3738

March 23 2006 37

The Enigma machine (pictures from Wikipedia)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3838

March 23 2006 38

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3138

March 23 2006 31

Other technique of encryption transpositions

We have considered so far substitutions to hide the plaintext eachletter is mapped into a letter according to some substitution

Different idea perform some sort of permutation on the plaintextletters Hide the message by rearranging the letter order without altering the

actual letters used

The simplest such technique rail fence technique

Rail Fence cipher

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3238

March 23 2006 32

Rail Fence cipher

Idea write plaintext letters diagonally over a number of rows thenread off cipher row by row

Eg with a rail fence of depth 2 to encrypt the text ldquomeet me afterthe toga partyrdquo write message out asm e m a t r h t g p r y

e t e f e t e o a a t

Ciphertext is read from the above row-by-rowMEMATRHTGPRYETEFETEOAAT

Attack this is easily recognized because it has the same frequencydistribution as the original text

Row transposition ciphers

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3338

March 23 2006 33

Row transposition ciphers

More complex scheme row transposition Write letters of message out in rows over a specified number of columns Reading the cryptotext column-by-column with the columns permuted

according to some key

Example ldquoattack postponed until two amrdquo with key 4312567 first readthe column marked by 1 then the one marked by 2 etc

Key 4 3 1 2 5 6 7

Plaintext a t t a c k p

o s t p o n ed u n t i l t

w o a m x y z

If we number the letters in the plaintext from 1 to 28 then the result ofthe first encryption is the following permutation of letters from plaintext03 10 17 24 04 11 18 25 02 09 16 23 01 08 15 22 05 12 19 26 06 13 20 27 07 14 21 28 Note the regularity of that sequence Easily recognized

Ciphertext TTNAAPTMTSUOAODWCOIXKNLYPETZ

Iterating the encryption makes it more secure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3438

March 23 2006 34

Iterating the encryption makes it more secure

Idea use the same scheme once more to increase security

Key 4 3 1 2 5 6 7

Input T T N A A P T

M T S U O A O

D W C O I X K

N L Y P E T Z

After the second transposition we get the following sequence of letters

17 09 05 27 24 16 12 07 10 02 22 20 03 25 15 12 04 23 19 14 11 01 26 21 18 08 06 28

This is far less structured and so more difficult to cryptanalyze

Output NSCYAUOPTTWLTMDNAOIEPAXTTOKZ

Product Ciphers

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3538

March 23 2006 35

Product Ciphers

Ciphers using substitutions or transpositions are not secure becauseof language characteristics

Idea using several ciphers in succession increases security However

two substitutions only make another (more complex) substitution two transpositions make another (more complex) transposition a substitution followed by a transposition makes a new much harder

cipher

This is the bridge from classical to modern ciphers

Rotor Machines

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3638

March 23 2006 36

Rotor Machines

Before modern ciphers rotor machines were most common product cipher Widely used in WW2

German Enigma Allied Hagelin Japanese Purple

Implemented a very complex varying substitution cipher Principle the machine has a set of independently rotating cylinders through whichelectrical impulses flow Each cylinder has 26 input pins and 26 output pins with internal wiring that connects each input

pin to a unique fixed output pin (one cylinder thus defines a monoalphabetic substitutioncipher)

The output pins of one cylinder are connected to the input pins of the next cylinder After each keystroke the last cylinder rotates one position and the others remain still After a complete rotation of the last cylinder (26 keystrokes) the cylinder before it rotates one

position etc 3 cylinders have a period of 263=17576 4 cylinders have a period of 456 976 5 cylinders have a period of 11 881 376

The Enigma machine (pictures from Wikipedia)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3738

March 23 2006 37

The Enigma machine (pictures from Wikipedia)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3838

March 23 2006 38

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3238

March 23 2006 32

Rail Fence cipher

Idea write plaintext letters diagonally over a number of rows thenread off cipher row by row

Eg with a rail fence of depth 2 to encrypt the text ldquomeet me afterthe toga partyrdquo write message out asm e m a t r h t g p r y

e t e f e t e o a a t

Ciphertext is read from the above row-by-rowMEMATRHTGPRYETEFETEOAAT

Attack this is easily recognized because it has the same frequencydistribution as the original text

Row transposition ciphers

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3338

March 23 2006 33

Row transposition ciphers

More complex scheme row transposition Write letters of message out in rows over a specified number of columns Reading the cryptotext column-by-column with the columns permuted

according to some key

Example ldquoattack postponed until two amrdquo with key 4312567 first readthe column marked by 1 then the one marked by 2 etc

Key 4 3 1 2 5 6 7

Plaintext a t t a c k p

o s t p o n ed u n t i l t

w o a m x y z

If we number the letters in the plaintext from 1 to 28 then the result ofthe first encryption is the following permutation of letters from plaintext03 10 17 24 04 11 18 25 02 09 16 23 01 08 15 22 05 12 19 26 06 13 20 27 07 14 21 28 Note the regularity of that sequence Easily recognized

Ciphertext TTNAAPTMTSUOAODWCOIXKNLYPETZ

Iterating the encryption makes it more secure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3438

March 23 2006 34

Iterating the encryption makes it more secure

Idea use the same scheme once more to increase security

Key 4 3 1 2 5 6 7

Input T T N A A P T

M T S U O A O

D W C O I X K

N L Y P E T Z

After the second transposition we get the following sequence of letters

17 09 05 27 24 16 12 07 10 02 22 20 03 25 15 12 04 23 19 14 11 01 26 21 18 08 06 28

This is far less structured and so more difficult to cryptanalyze

Output NSCYAUOPTTWLTMDNAOIEPAXTTOKZ

Product Ciphers

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3538

March 23 2006 35

Product Ciphers

Ciphers using substitutions or transpositions are not secure becauseof language characteristics

Idea using several ciphers in succession increases security However

two substitutions only make another (more complex) substitution two transpositions make another (more complex) transposition a substitution followed by a transposition makes a new much harder

cipher

This is the bridge from classical to modern ciphers

Rotor Machines

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3638

March 23 2006 36

Rotor Machines

Before modern ciphers rotor machines were most common product cipher Widely used in WW2

German Enigma Allied Hagelin Japanese Purple

Implemented a very complex varying substitution cipher Principle the machine has a set of independently rotating cylinders through whichelectrical impulses flow Each cylinder has 26 input pins and 26 output pins with internal wiring that connects each input

pin to a unique fixed output pin (one cylinder thus defines a monoalphabetic substitutioncipher)

The output pins of one cylinder are connected to the input pins of the next cylinder After each keystroke the last cylinder rotates one position and the others remain still After a complete rotation of the last cylinder (26 keystrokes) the cylinder before it rotates one

position etc 3 cylinders have a period of 263=17576 4 cylinders have a period of 456 976 5 cylinders have a period of 11 881 376

The Enigma machine (pictures from Wikipedia)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3738

March 23 2006 37

The Enigma machine (pictures from Wikipedia)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3838

March 23 2006 38

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3338

March 23 2006 33

Row transposition ciphers

More complex scheme row transposition Write letters of message out in rows over a specified number of columns Reading the cryptotext column-by-column with the columns permuted

according to some key

Example ldquoattack postponed until two amrdquo with key 4312567 first readthe column marked by 1 then the one marked by 2 etc

Key 4 3 1 2 5 6 7

Plaintext a t t a c k p

o s t p o n ed u n t i l t

w o a m x y z

If we number the letters in the plaintext from 1 to 28 then the result ofthe first encryption is the following permutation of letters from plaintext03 10 17 24 04 11 18 25 02 09 16 23 01 08 15 22 05 12 19 26 06 13 20 27 07 14 21 28 Note the regularity of that sequence Easily recognized

Ciphertext TTNAAPTMTSUOAODWCOIXKNLYPETZ

Iterating the encryption makes it more secure

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3438

March 23 2006 34

Iterating the encryption makes it more secure

Idea use the same scheme once more to increase security

Key 4 3 1 2 5 6 7

Input T T N A A P T

M T S U O A O

D W C O I X K

N L Y P E T Z

After the second transposition we get the following sequence of letters

17 09 05 27 24 16 12 07 10 02 22 20 03 25 15 12 04 23 19 14 11 01 26 21 18 08 06 28

This is far less structured and so more difficult to cryptanalyze

Output NSCYAUOPTTWLTMDNAOIEPAXTTOKZ

Product Ciphers

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3538

March 23 2006 35

Product Ciphers

Ciphers using substitutions or transpositions are not secure becauseof language characteristics

Idea using several ciphers in succession increases security However

two substitutions only make another (more complex) substitution two transpositions make another (more complex) transposition a substitution followed by a transposition makes a new much harder

cipher

This is the bridge from classical to modern ciphers

Rotor Machines

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3638

March 23 2006 36

Rotor Machines

Before modern ciphers rotor machines were most common product cipher Widely used in WW2

German Enigma Allied Hagelin Japanese Purple

Implemented a very complex varying substitution cipher Principle the machine has a set of independently rotating cylinders through whichelectrical impulses flow Each cylinder has 26 input pins and 26 output pins with internal wiring that connects each input

pin to a unique fixed output pin (one cylinder thus defines a monoalphabetic substitutioncipher)

The output pins of one cylinder are connected to the input pins of the next cylinder After each keystroke the last cylinder rotates one position and the others remain still After a complete rotation of the last cylinder (26 keystrokes) the cylinder before it rotates one

position etc 3 cylinders have a period of 263=17576 4 cylinders have a period of 456 976 5 cylinders have a period of 11 881 376

The Enigma machine (pictures from Wikipedia)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3738

March 23 2006 37

The Enigma machine (pictures from Wikipedia)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3838

March 23 2006 38

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3438

March 23 2006 34

Iterating the encryption makes it more secure

Idea use the same scheme once more to increase security

Key 4 3 1 2 5 6 7

Input T T N A A P T

M T S U O A O

D W C O I X K

N L Y P E T Z

After the second transposition we get the following sequence of letters

17 09 05 27 24 16 12 07 10 02 22 20 03 25 15 12 04 23 19 14 11 01 26 21 18 08 06 28

This is far less structured and so more difficult to cryptanalyze

Output NSCYAUOPTTWLTMDNAOIEPAXTTOKZ

Product Ciphers

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3538

March 23 2006 35

Product Ciphers

Ciphers using substitutions or transpositions are not secure becauseof language characteristics

Idea using several ciphers in succession increases security However

two substitutions only make another (more complex) substitution two transpositions make another (more complex) transposition a substitution followed by a transposition makes a new much harder

cipher

This is the bridge from classical to modern ciphers

Rotor Machines

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3638

March 23 2006 36

Rotor Machines

Before modern ciphers rotor machines were most common product cipher Widely used in WW2

German Enigma Allied Hagelin Japanese Purple

Implemented a very complex varying substitution cipher Principle the machine has a set of independently rotating cylinders through whichelectrical impulses flow Each cylinder has 26 input pins and 26 output pins with internal wiring that connects each input

pin to a unique fixed output pin (one cylinder thus defines a monoalphabetic substitutioncipher)

The output pins of one cylinder are connected to the input pins of the next cylinder After each keystroke the last cylinder rotates one position and the others remain still After a complete rotation of the last cylinder (26 keystrokes) the cylinder before it rotates one

position etc 3 cylinders have a period of 263=17576 4 cylinders have a period of 456 976 5 cylinders have a period of 11 881 376

The Enigma machine (pictures from Wikipedia)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3738

March 23 2006 37

The Enigma machine (pictures from Wikipedia)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3838

March 23 2006 38

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3538

March 23 2006 35

Product Ciphers

Ciphers using substitutions or transpositions are not secure becauseof language characteristics

Idea using several ciphers in succession increases security However

two substitutions only make another (more complex) substitution two transpositions make another (more complex) transposition a substitution followed by a transposition makes a new much harder

cipher

This is the bridge from classical to modern ciphers

Rotor Machines

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3638

March 23 2006 36

Rotor Machines

Before modern ciphers rotor machines were most common product cipher Widely used in WW2

German Enigma Allied Hagelin Japanese Purple

Implemented a very complex varying substitution cipher Principle the machine has a set of independently rotating cylinders through whichelectrical impulses flow Each cylinder has 26 input pins and 26 output pins with internal wiring that connects each input

pin to a unique fixed output pin (one cylinder thus defines a monoalphabetic substitutioncipher)

The output pins of one cylinder are connected to the input pins of the next cylinder After each keystroke the last cylinder rotates one position and the others remain still After a complete rotation of the last cylinder (26 keystrokes) the cylinder before it rotates one

position etc 3 cylinders have a period of 263=17576 4 cylinders have a period of 456 976 5 cylinders have a period of 11 881 376

The Enigma machine (pictures from Wikipedia)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3738

March 23 2006 37

The Enigma machine (pictures from Wikipedia)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3838

March 23 2006 38

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3638

March 23 2006 36

Rotor Machines

Before modern ciphers rotor machines were most common product cipher Widely used in WW2

German Enigma Allied Hagelin Japanese Purple

Implemented a very complex varying substitution cipher Principle the machine has a set of independently rotating cylinders through whichelectrical impulses flow Each cylinder has 26 input pins and 26 output pins with internal wiring that connects each input

pin to a unique fixed output pin (one cylinder thus defines a monoalphabetic substitutioncipher)

The output pins of one cylinder are connected to the input pins of the next cylinder After each keystroke the last cylinder rotates one position and the others remain still After a complete rotation of the last cylinder (26 keystrokes) the cylinder before it rotates one

position etc 3 cylinders have a period of 263=17576 4 cylinders have a period of 456 976 5 cylinders have a period of 11 881 376

The Enigma machine (pictures from Wikipedia)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3738

March 23 2006 37

The Enigma machine (pictures from Wikipedia)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3838

March 23 2006 38

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3738

March 23 2006 37

The Enigma machine (pictures from Wikipedia)

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3838

March 23 2006 38

872019 Cryptography - lecture2

httpslidepdfcomreaderfullcryptography-lecture2 3838

March 23 2006 38