4. What is Cryptography?
0 The idea of storing and transmitting data in a form
that only the authorized parties can interpret.
0 Process of making and using codes to secure
transmission of information
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-4
5. Cryptography
0 Can be characterized by:
0 type of encryption operations used
0 substitution / transposition / product
0 number of keys used
0 single-key or private / two-key or public
0 way in which plaintext is processed
0 block / stream
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-5
6. Basic terminology
0 Plaintext: original message to be encrypted
0 Ciphertext: the encrypted message
0 Enciphering or encryption: the process of converting
plaintext into ciphertext
0 Encryption algorithm: performs encryption
0 Two inputs: a plaintext and a secret key
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-6
7. Basic terminology
0 Deciphering or decryption: recovering plaintext from
ciphertext
0 Decryption algorithm: performs decryption
0 Two inputs: ciphertext and secret key
0 Secret key: same key used for encryption and decryption
0 Also referred to as a symmetric key
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-7
11. Cryptanalysis
0 Opponent whose goal is to break cryptosystem is the
adversary
0 Objective: to recover the plaintext of a ciphertext or,
more typically, to recover the secret key.
0 Kerkhoffâs principle: adversary knows algorithm used,
but not key
0 Two general approaches:
0 brute-force attack
0 non-brute-force attack (cryptanalytic attack)
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-11
12. Brute-Force Attack
0 Try every key to decipher the ciphertext.
0 On average, need to try half of all possible keys
0 Time needed proportional to size of key space
Key Size (bits) Number of Alternative
Keys
Time required at 1
decryption/Âľs
Time required at 106
decryptions/Âľs
32 232
= 4.3 Ă 109 231
Âľs = 35.8 minutes 2.15 milliseconds
56 256
= 7.2 Ă 1016 255
Âľs = 1142 years 10.01 hours
128 2128
= 3.4 Ă 1038
2127
Âľs = 5.4 Ă 1024
years 5.4 Ă 1018
years
168 2168
= 3.7 Ă 1050
2167
Âľs = 5.9 Ă 1036
years 5.9 Ă 1030
years
26 characters
(permutation)
26! = 4 Ă 1026
2 Ă 1026
Âľs = 6.4 Ă 1012
years 6.4 Ă 106
years
13. Cryptanalytic Attacks
0 Classified by how much information needed by the
attacker
0 Three types of attacks:
0 Ciphertext only: adversary has only ciphertext; goal is to find
plaintext, possibly key.
0 Known plaintext: adversary has ciphertext, corresponding
plaintext; goal is to find key
0 Chosen plaintext: adversary may supply plaintexts and obtain
corresponding ciphertext; goal is to find key
0 Chosen-ciphertext attack: adversary may choose ciphertext
and corresponding decrypted plaintext ; goal is to find key
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-13
14. Ciphertext-only attack
0 Given: a ciphertext c
0 Q: what is the plaintext m?
0 An encryption scheme is completely insecure if it
cannot resist ciphertext-only attacks.
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-14
15. Known-plaintext attack
0 Given: (m1,c1), (m2,c2), âŚ, (mk,ck) and a new ciphertext c.
0 Q: what is the plaintext of c?
0 Q: what is the secret key in use?
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-15
16. Chosen-plaintext attack
0 Given: (m1,c1), (m2,c2), âŚ, (mk,ck), where m1,m2, âŚ, mk are
chosen by the adversary; and a new ciphertext c.
0 Q: what is the plaintext of c, or what is the secret key?
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-16
17. Chosen-Plaintext Attack
Crook #1 changes
his PIN to a number
of his choice
cipher(key,PIN)
PIN is encrypted and
transmitted to bank
Crook #2 eavesdrops
on the wire and learns
ciphertext corresponding
to chosen plaintext PIN
⌠repeat for any PIN value
18. Chosen-ciphertext attack
0 Given: (m1,c1), (m2,c2), âŚ, (mk,ck), where c1,c2, âŚ, ck are
chosen by the adversary; and a new ciphertext c.
0 Q: what is the plaintext of c, or what is the secret key?
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-18
19. Basis for Attacks
0 Mathematical attacks
0 Based on analysis of underlying mathematics
0 Statistical attacks
0 Make assumptions about the distribution of letters,
pairs of letters (digrams), triplets of letters (trigrams),
etc.
0 Called models of the language
0 Examine ciphertext, correlate properties with the
assumptions.
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-19
20. Statistical Attack
0 Compute frequency of each letter in ciphertext:
G 0.1 H 0.1 K 0.1 O 0.3
R 0.2 U 0.1 Z 0.1
0 Apply 1-gram model of English
0 Frequency of characters (1-grams) in English is on next
slide
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-20
22. More Definitions
0 Unconditional security
0 no matter how much computer power is available, the
cipher cannot be broken since the ciphertext provides
insufficient information to uniquely determine the
corresponding plaintext
0 Computational security
0 given limited computing resources (eg time needed for
calculations is greater than age of universe), the cipher
cannot be broken
23. Cryptosystem
0 Quintuple (E, D, M, K, C)
0 M set of plaintexts
0 K set of keys
0 C set of ciphertexts
0 E set of encryption functions e: M Ă K â C
0 D set of decryption functions d: C Ă K â M
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-23
24. Example
0 Example: CĂŚsar cipher
0 M = { sequences of letters }
0 K = { i | i is an integer and 0 ⤠i ⤠25 }
0 E = { Ek | k â K and for all letters m,
Ek(m) = (m + k) mod 26 }
0 D = { Dk | k â K and for all letters c,
Dk(c) = (26 + c â k) mod 26 }
0 C = M
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-24
25. Ciphers
0Symmetric cipher: same key used for
encryption and decryption
0 Block cipher: encrypts a block of plaintext at a time
(typically 64 or 128 bits)
0 Stream cipher: encrypts data one bit or one byte at
a time
0Asymmetric cipher: different keys used for
encryption and decryption
IFETCE/M.E CSE/NE7202-NIS/Unit 2
25
26. Classical Cryptography
0Sender, receiver share common key
0 Keys may be the same, or trivial to derive
from one another
0 Sometimes called symmetric cryptography
0Two basic types
0 Transposition ciphers
0 Substitution ciphers
0 Combinations are called product ciphers
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-26
28. Classical Ciphers
0 Plaintext is viewed as a sequence of elements
(e.g., bits or characters)
0 Substitution cipher: replacing each element of
the plaintext with another element.
0 Transposition (or permutation) cipher:
rearranging the order of the elements of the
plaintext.
0 Product cipher: using multiple stages of
substitutions and transpositions
IFETCE/M.E CSE/NE7202-NIS/Unit 2
28
29. Substitution Ciphers
0 Change characters in plaintext to produce
ciphertext
0 Monoalphabetic Substitution
0 Each plaintext character is mapped onto a unique
character of a ciphertext.
0 Polyalphabetic Substitution
0 Each plaintext character can be mapped onto m
alphabetic characters of a ciphertext.
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-29
31. 1.Caesar Cipher
0 Earliest known substitution cipher
0 Invented by Julius Caesar
0 Each letter is replaced by the letter three positions further
down the alphabet.
Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
0 Example: ohio state ď RKLR VWDWH
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-31
32. Caesar Cipher
0Mathematically, map letters to numbers:
a, b, c, ..., x, y, z
0, 1, 2, ..., 23, 24, 25
0Then the general Caesar cipher is:
c = EK(p) = (p + k) mod 26
p = DK(c) = (c â k) mod 26
0Can be generalized with any alphabet.
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-32
33. Cryptanalysis of Caesar
Cipher
0 Only have 26 possible ciphers
0 A maps to A,B,..Z
0 Could simply try each in turn
0 A brute force search
0 Given ciphertext, just try all shifts of letters
0 Do need to recognize when have plaintext
0 Eg. break ciphertext "GCUA VQ DTGCM"
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-33
34. 2.Monoalphabetic Cipher
0 Shuffle (jumble) the letters arbitrarily
0 Each plaintext letter maps to a different
random ciphertext letter
0 Hence key is 26 letters long
Plain letters: abcdefghijklmnopqrstuvwxyz
Cipher letters: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-34
35. Monoalphabetic Cipher
Security
0 Now have a total of 26! = 4 x 1026
keys
0 With so many keys, might think is secure
0 But not secure against some cryptanalytic
attacks.
0 Problem is language characteristics
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-35
36. Language Statistics and
Cryptanalysis
0 Human languages are not random.
0 Letters are not equally frequently used.
0 In English, E is by far the most common letter,
followed by T, R, N, I, O, A, S.
0 Other letters like Z, J, K, Q, X are fairly rare.
0 There are tables of single, double & triple
letter frequencies for various languages
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-36
38. Statistics for double & triple
letters
0 In decreasing order of frequency
0 Double letters:
th he an in er re es on, âŚ
0 Triple letters:
the and ent ion tio for nde, âŚ
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-38
39. Use in Cryptanalysis
0 Key concept - monoalphabetic substitution ciphers do not
change relative letter frequencies
0 To attack, we
0 calculate letter frequencies for ciphertext
0 compare this distribution against the known one
0 If caesar cipher look for common peaks/troughs
0 peaks at: A-E-I triple, NO pair, RST triple
0 troughs at: JK, X-Z
0 For monoalphabetic must identify each letter
0 tables of common double/triple letters help
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-39
40. Example Cryptanalysis
0 Given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
0 Count relative letter frequencies
0 Guess P & Z are e and t
0 Guess ZW is th and hence ZWP is the
0 Proceeding with trial and error finally get:
it was disclosed yesterday that several informal but
direct contacts have been made with political
representatives of the viet cong in moscow
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-40
41. 3.Playfair Cipher
ďNot even the large number of keys in a monoalphabetic
cipher provides security
ďOne approach to improving security was to encrypt
multiple letters
ďPlayfair Cipher was invented by Charles Wheatstone in
1854, but named after his friend Baron Playfair
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-41
42. Playfair Key Matrix
0 A 5X5 matrix of letters based on a keyword
0 Fill in letters of keyword (sans duplicates)
0 Fill rest of matrix with other letters
0 Eg. using the keyword MONARCHY
MM OO NN AA RR
CC HH YY BB DD
EE FF GG I/JI/J KK
LL PP QQ SS TT
UU VV WW XX ZZ
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-42
43. Encrypting and Decrypting
0Plaintext is encrypted two letters at a time
1. if a pair is a repeated letter, insert filler like
'Xâ
2. if both letters fall in the same row, replace
each with letter to right (wrapping back to
start from end)
3. if both letters fall in the same column,
replace each with the letter below it
(wrapping to top from bottom)
4. otherwise each letter is replaced by the
letter in the same row and in the column of
the other letter of the pair
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-43
44. Security of Playfair Cipher
0 Equivalent to a monoalphabetic cipher with
an alphabet of 26 x 26 = 676 characters.
0 Security is much improved over the simple
monoalphabetic cipher.
0 Widely used for many years
ďeg. by US & British military in WW1 and WW2
0 Once thought to be unbreakable.
0 Actually, it can be broken, because it still
leaves some structure of plaintext intact.
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-44
45. Polyalphabetic Substitution
Ciphers
0 A sequence of monoalphabetic ciphers (M1, M2,
M3, ..., Mk) is used in turn to encrypt letters.
0 A key determines which sequence of ciphers to
use.
0 Each plaintext letter has multiple corresponding
ciphertext letters.
0 This makes cryptanalysis harder since the letter
frequency distribution will be flatter.
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-45
46. 1.Vigenère Cipher
0 Simplest polyalphabetic substitution cipher
0 Effectively multiple caesar ciphers
0 Key is multiple letters long K = k1 k2 ... kd
0 ith
letter specifies ith
alphabet to use
0 Use each alphabet in turn
0 Repeat from start after d letters in message
0 Decryption simply works in reverse
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-46
48. Example of Vigenère Cipher
0 Keyword: deceptive
key:
deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:
ZICVTWQNGRZGVTWAVZHCQYGLMGJ
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-48
49. Security of Vigenère Ciphers
0 There are multiple ciphertext letters corresponding
to each plaintext letter.
0 So, letter frequencies are obscured but not totally
lost.
0 To break Vigenere cipher:
1. Try to guess the key length. How?
2. If key length is N, the cipher consists of N Caesar
ciphers. Plaintext letters at positions k, N+k, 2N+k,
3N+k, etc., are encoded by the same cipher.
3. Attack each individual cipher as before.IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-49
50. Guessing the Key Length
0 Main idea: Plaintext words separated by multiples
of the key length are encoded in the same way.
0 In our example, if plaintext = ââŚthexxxxxxtheâŚâ
then âtheâ will be encrypted to the same ciphertext
words.
0 So look at the ciphertext for repeated patterns.
0 E.g. repeated âVTWâ in the previous example
suggests a key length of 3 or 9:
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
0 Of course, the repetition could be a random fluke.
0 Then attack each monoalphabetic cipher
individually using same techniques as before
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-50
51. 2.Vernam Cipher
0 Ultimate defense is to use a key as long as the plaintext
with no statistical relationship to it
0 Invented by AT&T engineer Gilbert Vernam in 1918
0 Originally proposed using a very long but eventually
repeating key
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-51
52. 3.One-Time Pad
0 If a truly random key as long as the message is
used, the cipher will be secure
0 Called as One-Time pad
0 It is unbreakable since ciphertext bears no
statistical relationship to the plaintext
0 Since for any plaintext & any ciphertext there
exists a key mapping one to other
0 Can use the key only once though
0 Problems in generation & safe distribution of key
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-52
53. 4.Rotor Cipher Machines
0 Before modern ciphers, rotor machines were most common
complex ciphers in use.
0 Widely used in WW2.
0 Used a series of rotating cylinders.
0 Implemented a polyalphabetic substitution cipher of period K.
0 With 3 cylinders, K = 263
=17,576.
0 With 5 cylinders, K = 265
=12 x 106
.
0 What is a key?
0 If the adversary has a machine
0 If the adversary doesnât have a machine
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-53
55. German secret setting sheets
IFETCE/M.E CSE/NE7202-NIS/Unit 2
Date
Which rotors to use (there were 10 rotors)
Ring setting
Plugboard setting
Slide #9-55
59. Transposition Ciphers
0 Also called permutation ciphers.
0 Shuffle the plaintext, without altering the
actual letters used.
0 Can recognise these since have the same
frequency distribution as the original text
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-59
60. 1.Rail Fence cipher
0 Write message letters out diagonally over a
number of rows
0 Then read off cipher row by row
0 Eg. write message out as:
m e m a t r h t g p r y
e t e f e t e o a a t
0 Ciphertext
MEMATRHTGPRYETEFETEOAAT
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-60
61. 2.Row Transposition Ciphers
0 Plaintext is written row by row in a rectangle.
0 Ciphertext: write out the columns in an order
specified by a key.
Key: 3 4 2 1 5 6 7
Plaintext:
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
IFETCE/M.E CSE/NE7202-NIS/Unit 2
a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Slide #9-61
62. Product Ciphers
0 Ciphers using substitutions or transpositions are
not secure because of language characteristics
0 Consider using several ciphers in succession to
make harder, but:
0 two substitutions make a more complex substitution
0 two transpositions make more complex transposition
0 Uses a sequence of substitutions and
transpositions
0 Harder to break than just substitutions or
transpositions
0 This is a bridge from classical to modern ciphers
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-62
63. Unconditional & Computational
Security
0 A cipher is unconditionally secure if it is secure no
matter how much resources (time, space) the attacker
has.
0 A cipher is computationally secure if the best algorithm
for breaking it will require so much resources (e.g., 1000
years) that practically the cryptosystem is secure.
0 All the ciphers we have examined are not
unconditionally secure.
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-63
64. An unconditionally Secure Cipher
IFETCE/M.E CSE/NE7202-NIS/Unit 2
1 2 3 4
1 2 3 4
1 2 3 4
Key = (random, )
Plaintext =
Cipherte
Vernamâs one-time pad cip
used one-time only
xt =
where
Can be proved to be unconditionally sec
her
ur .e
i i i
k k k k
m m m m
c c c c
c m k= â
â˘
â˘
â˘
â˘
K
K
K
Slide #9-64
65. Classical to Modern Cryptography
0 Classical cryptography
0 Encryption/decryption done by hand
0 Modern cryptography
0 Computers to encrypt and decrypt
0 Same principles, but automation allows ciphers to
become much more complex
IFETCE/M.E CSE/NE7202-NIS/Unit 2 Slide #9-65
Unconditional security would be nice, but the only known such cipher is the one-time pad (later). For all reasonable encryption algorithms, have to assume computational security where it either takes too long, or is too expensive, to bother breaking the cipher.
With a caesar cipher, there are only 26 possible keys, of which only 25 are of any use, since mapping A to A etc doesn't really obscure the message! Note this basic rule of cryptanalysis "check to ensure the cipher operator hasn't goofed and sent a plaintext message by mistake"!
Can try each of the keys (shifts) in turn, until can recognise the original message. See Stallings Fig 2.3 for example of search.
Note: as mentioned before, do need to be able to recognise when have an original message (ie is it English or whatever). Usually easy for humans, hard for computers. Though if using say compressed data could be much harder.
Example "GCUA VQ DTGCM" when broken gives "easy to break", with a shift of 2 (key C).
With only 25 possible keys, the Caesar cipher is far from secure. A dramatic increase in the key space can be achieved by allowing an arbitrary substitution, where the translation alphabet can be any permutation of the 26 alphabetic characters. A permutation of a finite set of elements S is an ordered sequence of all the elements of S, with each element appearing exactly once. In general, there are n! permutations of a set of n elements.
See text example of a translation alphabet, and an encrypted message using it.
Note that even given the very large number of keys, being 10 orders of magnitude greater than the key space for DES, the monoalphabetic substitution cipher is not secure, because it does not sufficiently obscure the underlying language characteristics.
Note that all human languages have varying letter frequencies, though the number of letters and their frequencies varies. Stallings Figure 2.5 shows English letter frequencies. Seberry & Pieprzyk, "Cryptography - An Introduction to Computer Security", Prentice-Hall 1989, Appendix A has letter frequency graphs for 20 languages (most European & Japanese & Malay). Also useful are tables of common two-letter combinations, known as digrams, and three-letter combinations, known as trigrams.
The simplicity and strength of the monoalphabetic substitution cipher meant it dominated cryptographic use for the first millenium AD. It was broken by Arabic scientists. The earliest known description is in Abu al-Kindi's "A Manuscript on Deciphering Cryptographic Messages", published in the 9th century but only rediscovered in 1987 in Istanbul, but other later works also attest to their knowledge of the field. Monoalphabetic ciphers are easy to break because they reflect the frequency data of the original alphabet. The cryptanalyst looks for a mapping between the observed pattern in the ciphertext, and the known source language letter frequencies. If English, look for peaks at: A-E-I triple, NO pair, RST triple, and troughs at: JK, X-Z.
Monoalphabetic ciphers are easy to break because they reflect the frequency data of the original alphabet.
Illustrate the process with this example from the text in Stallings section 2.2. Comparing letter frequency breakdown with Figure 2.5, it seems likely that cipher letters P and Z are the equivalents of plain letters e and t, but it is not certain which is which. The letters S, U, O, M, and H are all of relatively high frequency and probably correspond to plain letters from the set {a, h, i, n, o, r, s}. The letters with the lowest frequencies (namely, A, B, G, Y, I, J) are likely included in the set {b, j, k, q, v, x, z}. A powerful tool is to look at the frequency of two-letter combinations, known as digrams. A table similar to Figure 2.5 could be drawn up showing the relative frequency of digrams. The most common such digram is th. In our ciphertext, the most common digram is ZW, which appears three times. So we make the correspondence of Z with t and W with h. Then, by our earlier hypothesis, we can equate P with e. Now notice that the sequence ZWP appears in the ciphertext, and we can translate that sequence as "the." This is the most frequent trigram (three- letter combination) in English, which seems to indicate that we are on the right track. Next, notice the sequence ZWSZ in the first line. We do not know that these four letters form a complete word, but if they do, it is of the form th_t. If so, S equates with a. Only four letters have been identified, but already we have quite a bit of the message. Continued analysis of frequencies plus trial and error should easily yield a solution from this point. The complete plaintext, with spaces added between words, is shown on slide.
Consider ways to reduce the "spikyness" of natural language text, since if just map one letter always to another, the frequency distribution is just shuffled. One approach is to encrypt more than one letter at once. The Playfair cipher is an example of doing this, treats digrams in the plaintext as single units and translates these units into ciphertext digrams.
The best-known multiple-letter encryption cipher is the Playfair, which treats digrams in the plaintext as single units and translates these units into ciphertext digrams. The Playfair algorithm is based on the use of a 5x5 matrix of letters constructed using a keyword. The rules for filling in this 5x5 matrix are: L to R, top to bottom, first with keyword after duplicate letters have been removed, and then with the remain letters, with I/J used as a single letter. This example comes from Dorothy Sayer's book "Have His Carcase", in which Lord Peter Wimsey solves it, and describes the use of a probably word attack.
Plaintext is encrypted two letters at a time,according to the rules as shown. Note how you wrap from right side back to left, or from bottom back to top.
if a pair is a repeated letter, insert a filler like 'X', eg. "balloon" encrypts as "ba lx lo on"
if both letters fall in the same row, replace each with letter to right (wrapping back to start from end), eg. âar" encrypts as "RM"
if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom), eg. âmu" encrypts to "CM"
otherwise each letter is replaced by the one in its row in the column of the other letter of the pair, eg. âhs" encrypts to "BP", and âea" to "IM" or "JM" (as desired)
Decrypting of course works exactly in reverse. Can see this by working the example pairs shown, backwards.
The Playfair cipher is a great advance over simple monoalphabetic ciphers, since there are 26*26=676 digrams (vs 26 letters), so that identification of individual digrams is more difficult. Also,the relative frequencies of individual letters exhibit a much greater range than that of digrams, making frequency analysis much more difficult. The Playfair cipher was for a long time considered unbreakable. It was used as the standard field system by the British Army in World War I and still enjoyed considerable use by the U.S.Army and other Allied forces during World War II. Despite this level of confidence in its security, the Playfair cipher is relatively easy to break because it still leaves much of the structure of the plaintext language intact. A few hundred letters of ciphertext are generally sufficient.
The best known, and one of the simplest, such algorithms is referred to as the Vigenère cipher, where the set of related monoalphabetic substitution rules consists of the 26 Caesar ciphers, with shifts of 0 through 25. Each cipher is denoted by a key letter, which is the ciphertext letter that substitutes for the plaintext letter âaâ, and which are each used in turn, as shown next.
The ultimate defense against such a cryptanalysis is to choose a keyword that is as long as the plaintext and has no statistical relationship to it. Such a system was introduced by an AT&T engineer named Gilbert Vernam in 1918. His system works on binary data (bits0 rather than letters. The system can be expressed succinctly as follows: ci = pi XOR ki
The essence of this technique is the means of construction of the key. Vernam proposed the use of a running loop of tape that eventually repeated the key, so that in fact the system worked with a very long but repeating keyword. Although such a scheme, with a long key, presents formidable cryptanalytic difficulties, it can be broken with sufficient ciphertext, the use of known or probable plaintext sequences, or both.
The One-Time Pad is an evolution of the Vernham cipher. An Army Signal Corp officer, Joseph Mauborgne, proposed an improvement using a random key that was truly as long as the message, with no repetitions, which thus totally obscures the original message. It produces random output that bears no statistical relationship to the plaintext. Because the ciphertext contains no information whatsoever about the plaintext, there is simply no way to break the code, since any plaintext can be mapped to any ciphertext given some key.
The one-time pad offers complete security but, in practice, has two fundamental difficulties:
There is the practical problem of making large quantities of random keys.
And the problem of key distribution and protection, where for every message to be sent, a key of equal length is needed by both sender and receiver.
Because of these difficulties, the one-time pad is of limited utility, and is useful primarily for low-bandwidth channels requiring very high security. The one-time pad is the only cryptosystem that exhibits what is referred to as perfect secrecy.
All the techniques examined so far involve the substitution of a ciphertext symbol for a plaintext symbol. A very different kind of mapping is achieved by performing some sort of permutation on the plaintext letters. This technique is referred to as a transposition cipher, and form the second basic building block of ciphers. The core idea is to rearrange the order of basic units (letters/bytes/bits) without altering their actual values.
The simplest such cipher is the rail fence technique, in which the plaintext is written down as a sequence of diagonals and then read off as a sequence of rows.
The example message is: "meet me after the toga party" with a rail fence of depth 2.
This sort of thing would be trivial to cryptanalyze.
Have seen that ciphers based on just substitutions or transpositions are not secure, and can be attacked because they do not sufficient obscure the underlying language structure
So consider using several ciphers in succession to make harder.
A substitution followed by a transposition is known as a Product Cipher, and makes a new much more secure cipher, and forms the bridge to modern ciphers.