Professional Documents
Culture Documents
In this report some classical Ciphers are presented along with their Cryptanalysis. Here Vigenere is also discussed along with its implementation using Java programming.
Introduction:
Classical Cryptographic systems are important in studying today's complex cryptographic techniques. Classical ciphers like Transposition Ciphers Columnar Transposition !u"stitution Ciphers #$$ine Ciphers and Vigenere Ciphers are among the classical ciphers which are presented in this report.
where the $inal , is used as to $ill out the array. The ciphertext is then read $rom the columns which in this case yields !H)''H'(TTI,. The intended recipient who knows the num"er o$ columns can put the ciphertext into an appropriate-si.ed array and read the plaintext out $rom the rows.
The ciphertext is read $rom the columns in alpha"etical order 5as determined "y the keyword6 so that in this example the ciphertext is !"#$%CT&'I(.
V O E S A I V E N
E M R T N L E A N
G E W T N I M H T
M E E A D L T R N
I S H O D W O E H
*e $ocus our attention on the top row o$ the array in Ta"le ;.;. I$ we permute the columns as shown in Ta"le ;.> we see the word )IV' in the $irst row and we see words or partial words in the other rows. There$ore we have almost certainly recovered the key. The process could "e automated provided we can automatically recogni.e likely plaintexts. In this example we have recovered the encryption key >7=;< and the plaintext is -I)* +* $!+*./* * T! $TA(0 A(0 I .I,, +!)* T/* *A T/. Ta"le ;.>9 1ermuted Ciphertext #rray >
G E W T N I M H T
7
I S H O D W O E H
=
V O E S A I V E N
;
E M R T N L E A N
<
M E E A D L T R N
+or example we can strengthen the columnar transposition cipher "y allowing the permutation o$ columns and rows. !ince two transpositions are involved this is known as a dou"le transposition cipher which is descri"ed next.
A C D
T K A
T A W
A T N
&ow i$ we transpose the rows according to 5= ; >6 ? 5> ; =6 and then transpose the columns according to 5= ; > <6 ? 5< ; = >6 we o"tain
A C D T K A T A W A D T ? C A N A K T W A T N N T ? T A A A K T D C A W A T
The ciphertext is read directly $rom the $inal array9 (A0.TKCAATAT. +or the dou"le t ransposition the key consists o$ the si.e o$ the matrix and the row and column permutations. The recipient who knows the key can simply put the ciphertext into the appropriate si.ed matrix and undo the permutations to recover the plaintext.
ci F pi G < 5mod >H6 and there$ore pi F ci - < 5mod >H6. In Caesar@s cipher the key is A<B which is not very secure since there is only one key-anyone who knows that the Caesar@s cipher is "eing used can immediately decrypt the message. # simple su"stitution 5or mono-alpha"etic su"stitution6 cipher is a generali.ation o$ the Caesar@s cipher where the key can "e any permutation o$ the alpha"et. +or the simple su"stitution there are >HI F >JJ keys availa"le. This is too many keys $or any attacker to simply try them all "ut even with this huge num"er o$ keys the simple su"stitution cipher is insecure.
is the 'uler-phi. The decryption $unction $or the a$$ine cipher is pi F a ; 5ci - "6
5mod >H6 where aa ; F ; 5mod >H6 that is a ; is the multiplicative inverse o$ a modulo >H. #$$ine ciphers are weak $or several reasons "ut the most o"vious pro"lem is that they have a small keyspace. # ciphertext only attack can "e per$ormed "y conducting a "rute $orce search o$ all <;> possi"le key pairs 5 a "6. This attack is trivial provided we can recogni.e the plaintext when we see it or automatically test $or it.
a simple su"stitution and we know that the underlying plaintext is 'nglish. Consider the 'nglish letter $requency in$ormation in Ta"le ;.< which was compiled $rom a MJ<7-letter sample o$ written 'nglish. Dy simply computing letter $requency counts on our ciphertext we can make educated guesses as to which plaintext letters correspond to some o$ the ciphertext letters. +or example the most common ciphertext letter pro"a"ly corresponds to plaintext '. *e can o"tain additional statistical in$ormation "y making use o$ digraphs 5pairs o$ letters6 and common trigraphs 5triples6. This type o$ statistical attack on a simple su"stitution is very e$$ective. #$ter a $ew letters have "een guessed correctly partial words will start to appear and the cipher should then quickly unravel. Ta"le ;.<9 'nglish (etter +requencies as 1ercentages (etter # D C C ' + ) H I J O ( 4 /elative +requency J.<:: ;.77> >.8>M 7.J== ;>.;8 >.;<> >.<>< H.=>8 H.7J8 =.;=> =.HJ: 7.==J >.8HH (etter & 2 1 N / ! T 3 V * , 0 E /elative +requency H.MMJ M.7:< ;.::; =.=MM H.=H< H.<;: J.::: >.MJ< =.::H >.7H7 =.>=7 >.;8M =.=>8
5 mod
>H6
5mod
>H6 .
4#TH 5since 4 corresponds to a shi$t o$ ;> # corresponds to a shi$t o$ = and so on6. 3sing this keyword the the plaintext !'C/'T4'!!#)' is encrypted as ''V0NT+('!T&N. +ollowing is Java class $or Vigenere ciphe it can "e used "y calling encrypt and decrypt $unction see #ppendix #.; $or $ull implementation.
public class VigenereCipher { public static void main(String[] args) { String key = "VIGENERECIP ER"; String ori = "Cryptanalysis is important sub!ect "or industry"; String enc = encrypt(ori, key); System.out.println(enc); System.out.println(decrypt(enc, key)); } static String encrypt(String te#t, "inal String key) { String res = ""; te#t = te#t.to$pperCase(); for (int i = %, ! = %; i < te#t.length(); i++) { char c = te#t.char&t(i); if (c < '&' || c > '(') continue; res += (char)((c + key.char&t(!) - ) * '&') % )* + '&'); ! = ++! % key.length(); } return res; } static String decrypt(String te#t, "inal String key) { String res = ""; te#t = te#t.to$pperCase(); for (int i = %, ! = %; i < te#t.length(); i++) { char c = te#t.char&t(i); if (c < '&' || c > '(') continue; res += (char)((c - key.char&t(!) + )*) % )* + '&'); ! = ++! % key.length(); } return res; } }
!uppose that the $ollowing ciphertext was created using a Vigenere cipher with a threelettered keyword9 /(*/V 4/(#N 'C3'N N*)OI (+4+' ,E0,# N,)JH +4,O4 N*/(# (O(+' ()*C( !2(4, /(*1I 2CV*( !O&I! CV*3! 4JHTC /)/V4 /(!E! C#E0, #N. To recover the key and decrypt the message we can make use o$ the $act that the ciphertext is composed o$ three simple su"stitutions. To accomplish this we ta"ulate the letter $requencies $or the sets
S = = Qc= c< c H ....P S; = Qc; c 7 c M ....P and S > = Qc > c8 cJ ....P
I4+'! J3V#/
4+',E
where ci is the ith ciphertext letter. Coing so we o"tain the results in Ta"les ;.7 ;.8 and ;.H respectively. (etter +requenc y / ; = N 7 Ta"le ;.79 (etter +requencies in S = 3 O + ' 0 J 4 ( ) 1 C & I E * D < ; > < > < < 7 > > 7 ; ; ; ; ; Ta"le ;.89 (etter +requencies in S; ' * I 4 , N O ! H / 0 C # 7 > 7 7 M ; ; H ; > ; ; ;
(etter +requenc y
( H
V 8
(etter +requenc y
* 4 H 7
Ta"le ;.H9 (etter +requencies in S > # C N ) ( + E O C 2 , ! 8 > ; < < 8 7 > ; < ; >
J T 0 ; > ;
+rom the S = ciphertext in Ta"le ;.7 we might reasona"ly guess that ciphertext / corresponds to plaintext '. T & 2 / I # or !. which gives us candidate values $or k = namely
correspond to plaintext ' T & 2 / I # or ! $rom which we o"tain likely values $or
k; and $rom set S > ciphertext * likely correspond to plaintext ' T & 2 / I # or
Ta"le ;.M9 (ikely Oeyword (etters ko k; k> &T! 0'C 'OJ CJI #)+ J12 /,* E+'
Conclusion:
In this review on classical ciphers and their cryptanalysis are discussed with examples and computer codes. 4any o$ the classical ciphers can "e "roken even i$ the attacker only knows su$$icient ciphertext and hence they are suscepti"le to a ciphertextonly attack. !ome classical ciphers 5e.g. the Caesar cipher6 have a small key space. These ciphers can "e "roken with a "rute $orce attack that is "y simply trying out all keys. !u"stitution ciphers can have a large key space "ut are o$ten suscepti"le to a $requency analysis "ecause $or example $requent letters in the plaintext language correspond to $requent letters in the ciphertexts. 1olyalpha"etic ciphers such as the VigenRre cipher prevent a simple $requency analysis "y using multiple su"stitutions.
e5erences:
S;T #pplied Cryptanalysis9 Dreaking Ciphers in the /eal *orld 4ark !tamp /ichard 4. (ow *iley-I''' 1ressK ; edition 5#pril >8 >==M6 S>T http9LLen.wikipedia.orgLwikiLClassicalUcipher on Classical cipher accessed on >>nd #ugust >=;< S<T http9LLmysite.veri.on.netLeric%ulie$armerLvigenereL on Cryptanalysis o$ the Vigenere cipher accessed on >>nd #ugust >=;<
Appnendix:
+,, , -his class contains methods "or encrypting and decrypting using the Vigenere , cipher. &ll computation is done /ith arrays o" character codes in the range , % to )0 1'a' to '2'34 convenience methods convert bet/een this and string , "ormat. , , &!uthor Eric 5armer , &"er'ion )%%)6%768% ,+ public class Vigenere { +, Contains only static methods. ,+ private Vigenere() {} +,, , Converts the alphabetic characters in the given string to an array o" , character codes in the range % to )0. &ll non6alphabetic characters are , ignored. , , &p!r!$ s the string to convert , , &return the array o" character codes ,+ public static char[] string-o9etters(String s) { String:u""er bu""er = ne( String:u""er(s.to9o/erCase()); int length = %; for (int i = %; i < bu""er.length(); i++) { char ch = bu""er.char&t(i); if (Character.is9etter(ch)) { bu""er.setChar&t(length++, ch); } } bu""er.set9ength(length); char[] c = bu""er.toString().toChar&rray(); for (int i = %; i < c.length; i++) { c[i] -= 'a'; } return c; } +,, , Converts the given array o" character codes; in the range % to )0; to a , string o" corresponding lo/ercase alphabetic characters. ,
!"! #$p%e$ent!tion
, &p!r!$ c the array o" character codes , , &return the string o" alphabetic characters ,+ public static String letters-oString(char[] c) { for (int i = %; i < c.length; i++) { c[i] += 'a'; } String s = String.copyValue<"(c); for (int i = %; i < c.length; i++) { c[i] -= 'a'; } return s; } +,, , Encrypts the given plainte#t /ith the given key; both consisting
o"
, character codes in the range % to )0. , , &p!r!$ plain-e#t the te#t to be encrypted , &p!r!$ key the encryption key , , &return the encrypted te#t ,+ public static char[] encrypt(char[] plain-e#t, char[] key) { char[] cipher-e#t = ne( char[plain-e#t.length]; for (int i = %; i < plain-e#t.length; i++) { cipher-e#t[i] = (char)((plain-e#t[i] + key[i%key.length]) %)*); } return cipher-e#t; } +,, , =ecrypts the given cipherte#t /ith the given key; both consisting o" , character codes in the range % to )0. , , &p!r!$ cipher-e#t the te#t to be decrypted , &p!r!$ key the decryption key , , &return the decrypted te#t ,+ public static char[] decrypt(char[] cipher-e#t, char[] key) { char[] plain-e#t = ne( char[cipher-e#t.length]; for (int i = %; i < cipher-e#t.length; i++) { plain-e#t[i] = (char)((cipher-e#t[i] + )* - key[i %key.length])%)*); } return plain-e#t; } +,, , Estimates the key/ord length "or the given cipherte#t; based on
the
the
, minimum inde# o" coincidence over all parts o" the cipherte#t partition , is returned. , , &p!r!$ cipher-e#t the cipherte#t , , &return the estimated key/ord length ,+ public static int guess>ey9ength(char[] cipher-e#t) { int best>ey9ength = ); double ma#?inInde# = =ouble.NEG&-IVE@IN5INI-A; int ma#>ey9ength = (int)?ath.sBrt(cipher-e#t.length); +, -ry "all" possible key/ord lengths. ,+ for (int key9ength = ); key9ength <= ma#>ey9ength; key9ength++) { double minInde# = =ouble.P<SI-IVE@IN5INI-A; +, Compute each inde# o" coincidence; and "ind the minimum. ,+ for (int o""set = %; o""set < key9ength; o""set++) { double inde# = inde#<"Coincidence(cipher-e#t, o""set, key9ength); if (inde# < minInde#) { minInde# = inde#; } } +, Select the key/ord length that ma#imi2es the minimum. ,+ if (minInde# > ma#?inInde#) { ma#?inInde# = minInde#; best>ey9ength = key9ength; } } return best>ey9ength; } +,, , Estimates the key/ord "or the given cipherte#t; given the key/ord , length; based on a combination o" monoalphabetic "reBuency analysis and , mutual indices o" coincidence. , , &p!r!$ cipher-e#t the cipherte#t , &p!r!$ key9ength the key/ord length , , &return the estimated key/ord ,+ public static char[] guess>ey(char[] cipher-e#t, int key9ength) { char[] key = ne( char[key9ength]; boolean[] "ound = ne( boolean[key9ength]; int last5ound = %;
+, , :uild the key/ord one letter at a time. :ased on simple "reBuency , analysis in each 1monoalphabetic3 block; estimate each keyletter by , matching the most "reBuent cipherte#t letter /ith plainte#t 'e'. , Select the best o" these matches by "con"idence;" measured by the , discrepancy bet/een the most "reBuent and second most "reBuent , letter. ,+ int ma#=i""5reB = -C; for (int o""set = %; o""set < key9ength; o""set++) { int[] bins = "reBuencies(cipher-e#t, o""set, key9ength); int bestE = %; +, Estimate keyletter based on plainte#t 'e'. ,+ for (int c = C; c < )*; c++) { if (bins[c] > bins[bestE]) { bestE = c; } } int ma#5reBuency = bins[bestE]; +, Select the keyletter /e are most con"ident in. ,+ sort(bins); int di"" = ma#5reBuency - bins[)7]; if (di"" > ma#=i""5reB) { ma#=i""5reB = di""; last5ound = o""set; key[o""set] = (char)((bestE + )))%)*); }
} "ound[last5ound] = true;
+, , Continue the incremental building o" the key/ord using mutual , indices o" coincidence. Pair the most recently "ound keyletter /ith , each other remaining keyletter; "solving" using the mutual inde# o" , coincidence test. Select the best o" these solutions again by , "con"idence;" or discrepancy bet/een the t/o highest indices. ,+ for (int i = C; i < key9ength; i++) { int best<""set = %; double ma#=i""Inde# = =ouble.NEG&-IVE@IN5INI-A; for (int o""set = %; o""set < key9ength; o""set++) { +, I" this keyletter isn't already kno/n; estimate it. ,+
if ()"ound[o""set]) { double[] indices = mutualIndices<"Coincidence(cipher-e#t, o""set, last5ound, key9ength); int bestShi"t = %; +, Estimate keyletter based on mutual inde#. ,+ for (int shi"t = C; shi"t < )*; shi"t++) { if (indices[shi"t] > indices[bestShi"t]) { bestShi"t = shi"t; } } double ma#Inde# = indices[bestShi"t]; +, Select the keyletter /e are most con"ident in. ,+ sort(indices); double di"" = ma#Inde# - indices[)7]; if (di"" > ma#=i""Inde#) { ma#=i""Inde# = di""; best<""set = o""set; key[o""set] = (char)((key[last5ound] + bestShi"t)%)*); } }
} last5ound = best<""set; "ound[last5ound] = true; } +, , &t this point; /e have a very good guess o" the key/ord. -he /eak 1derived the )* De re"ine , point seems to be not the relationships bet/een keyletters , by the mutual indices o" coincidence3; but the choice "rom , cyclic shi"ts o" the key/ord based on "reBuency analysis.
, our guess by selecting the shi"t /hich ma#imi2es the average , "reBuency o" guessed plainte#t 'e' over all parts o" the cipherte#t , partition. ,+ int[][] bins = ne( int[key9ength][]; for (int o""set = %; o""set < key9ength; o""set++) { bins[o""set] = "reBuencies(cipher-e#t, o""set, key9ength); } int bestShi"t = %, ma#5reB = -C; for (int shi"t = %; shi"t < )*; shi"t++) { int total5reB = %; for (int o""set = %; o""set < key9ength; o""set++) {
for (int o""set = %; o""set < key9ength; o""set++) { key[o""set] = (char)((key[o""set] + bestShi"t)%)*); } return key; } +,, , Returns the "reBuencies o" the letters in the given subte#t o" the given , cipherte#t. Element c 1in the range % to )03 in the array that is , returned indicates the number o" occurrences o" letter c in the subte#t. , -he subte#t is speci"ied by the key/ord length and an o""set4 e.g.; the , entire cipherte#t is speci"ied by o""set % and key length C. , , &p!r!$ cipher-e#t the entire cipherte#t , &p!r!$ o""set the o""set "rom the start o" the cipherte#t , &p!r!$ key9ength the key/ord length , , &return the "reBuencies o" the )* cipherte#t letters ,+ public static int[] "reBuencies(char[] cipher-e#t, int o""set, int key9ength) { int[] bins = ne( int[)*]; for (int i = o""set; i < cipher-e#t.length; i+= key9ength) { bins[cipher-e#t[i]]++; } return bins; } +,, , Returns the inde# given , cipherte#t. , , &'ee E"reBuencies , , &p!r!$ cipher-e#t , &p!r!$ o""set , &p!r!$ key9ength , , &return ,+ public static double o""set, double inde# = %; o" coincidence o" the given subte#t o" the
the entire cipherte#t the o""set "rom the start o" the cipherte#t the key/ord length the inde# o" coincidence inde#<"Coincidence(char[] cipher-e#t, int int key9ength) {
int[] bins = "reBuencies(cipher-e#t, o""set, key9ength); int length = %; for (int c = %; c < )*; c++) { inde# += bins[c]*(bins[c] - C); length += bins[c]; } return inde#*(length*(length - C)); } +,, , Returns the mutual indices o" coincidence "or the given subte#ts o" the , given cipherte#t; one "or each o" )* possible shi"ts. Element c in the , array that is returned indicates the mutual inde# o" coincidence "or the , "irst subte#t and the second subte#t shi"ted by c. , , &'ee E"reBuencies , , &p!r!$ cipher-e#t the entire cipherte#t , &p!r!$ o""setC the "irst o""set "rom the start o" the cipherte#t , &p!r!$ o""set) the second o""set "rom the start o" the cipherte#t , &p!r!$ key9ength the key/ord length , , &return the mutual indices o" coincidence ,+ public static double[] mutualIndices<"Coincidence(char[] cipher-e#t, int o""setC, int o""set), int key9ength) { double[] indices = ne( double[)*]; once. ,+ +, Compute "reBuencies in each 1monoalphabetic3 block only int[] binsC = "reBuencies(cipher-e#t, o""setC, key9ength); int[] bins) = "reBuencies(cipher-e#t, o""set), key9ength); int lengthC = %, length) = %; for (int c = %; c < )*; c++) { lengthC += binsC[c]; length) += bins)[c]; } +, Compute inde# "or each possible shi"t. ,+ for (int shi"t = %; shi"t < )*; shi"t++) { for (int c = %; c < )*; c++) { indices[shi"t] += binsC[(c + shi"t)%)*]*bins)[c]; } indices[shi"t] *= lengthC*length); } return indices; }
+, Sorting is not built in to Fava C.C ,+ private static void sort(int[] a) { for (int i = %; i < a.length - C; i++) { for (int ! = i + C; ! < a.length; !++) { if (a[i] > a[!]) { int temp = a[i]; a[i] = a[!]; a[!] = temp; } } } } private static void sort(double[] a) { for (int i = %; i < a.length - C; i++) { for (int ! = i + C; ! < a.length; !++) { if (a[i] > a[!]) { double temp = a[i]; a[i] = a[!]; a[!] = temp; } } } } }