Abstract:

In this report some classical Ciphers are presented along with their Cryptanalysis. Here Vigenere is also discussed along with its implementation using Java programming.

Introduction:
Classical Cryptographic systems are important in studying today's complex cryptographic techniques. Classical ciphers like Transposition Ciphers Columnar Transposition !u"stitution Ciphers #$$ine Ciphers and Vigenere Ciphers are among the classical ciphers which are presented in this report.

[1] Transposition Ciphers:

Transposition ciphers %um"le the letters o$ the message in a way that is designed to con$use the attacker "ut can "e un%um"led "y the intended recipient. &ote that the key must provide su$$icient in$ormation to unscram"le the ciphertext.

[2] Columnar Transposition:

!uppose we have plaintext !''TH'(I)HT and we want to encrypt this using a columnar transposition cipher. *e $irst put the plaintext into the rows o$ an array o$ some given dimension. Then we read the ciphertext out o$ the columns. The key consists o$ the num"er o$ columns in the array. +or example suppose we choose the key to "e $our which means that we write the plaintext in $our columns as
S H G E E H E L T T I X

where the $inal , is used as to $ill out the array. The ciphertext is then read $rom the columns which in this case yields !H)''H'(TTI,. The intended recipient who knows the num"er o$ columns can put the ciphertext into an appropriate-si.ed array and read the plaintext out $rom the rows.

[2.1] Cryptanalysis on Columnar Transposition Ciphers:

# columnar transposition is not particularly strong. To per$orm a ciphertext only attack on this cipher we simply need to test all possi"le decrypts using c columns where c is a divisor o$ the num"er o$ characters in the ciphertext.

[3] Keyword Columnar Transposition

The columnar transposition cipher can "e strengthened "y using a keyword where the keyword determines the order in which the columns o$ ciphertext are transcri"ed. *e re$er to this as a keyword columnar transposition cipher. +or example consider encrypting the plaintext C/01T2I!+3& using a keyword columnar transposition cipher with keyword 4#TH again using $our columns. In this case we get the array
M C T F A R O U T Y I N H P S X

The ciphertext is read $rom the columns in alpha"etical order 5as determined "y the keyword6 so that in this example the ciphertext is !"#$%CT&'I(.

[3.1 Cryptanalysis on Keyword Columnar Transposition Ciphers:

!uppose we o"tain the ciphertext )!*$A I)*(* + T(, *A(-* .T(I+ /T+** A0,T (I$/! 0.!*/ which we "elieve was encrypted using a keyword columnar transposition. 2ur goal is to recover the key and the plaintext. +irst note that there are 78 letters in the ciphertext. #ssuming the array is not a single column or row the array could have any o$ the $ollowing dimensions9 : x 8 8 x : ;8 x < or < x ;8. !uppose that we $irst try a : x 8 array. Then we have the ciphertext array in Ta"le ;.;. Ta"le ;.;9 Ciphertext #rray = ; > < 7

V O E S A I V E N

E M R T N L E A N

G E W T N I M H T

M E E A D L T R N

I S H O D W O E H

*e $ocus our attention on the top row o$ the array in Ta"le ;.;. I$ we permute the columns as shown in Ta"le ;.> we see the word )IV' in the $irst row and we see words or partial words in the other rows. There$ore we have almost certainly recovered the key. The process could "e automated provided we can automatically recogni.e likely plaintexts. In this example we have recovered the encryption key >7=;< and the plaintext is -I)* +* $!+*./* * T! $TA(0 A(0 I .I,, +!)* T/* *A T/. Ta"le ;.>9 1ermuted Ciphertext #rray >
G E W T N I M H T

7
I S H O D W O E H

=
V O E S A I V E N

;
E M R T N L E A N

<
M E E A D L T R N

+or example we can strengthen the columnar transposition cipher "y allowing the permutation o$ columns and rows. !ince two transpositions are involved this is known as a dou"le transposition cipher which is descri"ed next.

[1] 0ouble Transposition Cipher

To encrypt with a dou"le transposition cipher we $irst write the plaintext into an array o$ a given si.e and then permute the rows and columns according to speci$ied permutations. +or example suppose we write the plaintext ATTACKAT0A.( into a < x 7 array9

A C D

T K A

T A W

A T N

&ow i$ we transpose the rows according to 5= ; >6 ? 5> ; =6 and then transpose the columns according to 5= ; > <6 ? 5< ; = >6 we o"tain
A C D T K A T A W A D T ? C A N A K T W A T N N T ? T A A A K T D C A W A T

The ciphertext is read directly $rom the $inal array9 (A0.TKCAATAT. +or the dou"le t ransposition the key consists o$ the si.e o$ the matrix and the row and column permutations. The recipient who knows the key can simply put the ciphertext into the appropriate si.ed matrix and undo the permutations to recover the plaintext.

[1.1] Cryptanalysis on 0ouble Transposition Cipher:

I$ attacker happens to know the si.e o$ the matrix used in a dou"le transposition she can insert the ciphertext into a matrix o$ the appropriate si.e. !he can then try to unscram"le the columns to reveal words 5or partial words6. 2nce the column transposition has "een undone she can easily unscram"le the rows. This attack illustrates the $undamental principle o$ divide and conquer. That is attacker can recover the dou"le transposition key in parts instead o$ attacking the entire key all at once.

[2] $ubstitution Ciphers:

In Caesar@s cipher encryption is accomplished "y replacing each plaintext letter with its corresponding Ashi$t"y-threeB letter that is A is replaced "y C D is replaced "y ' C is replaced "y + and so on. #t the end o$ the alpha"et a wrap around occurs with , replaced "y A3 ' replaced "y D and E replaced "y C. Cecryption is accomplished "y replacing each ciphertext letter with its corresponding le$t-shi$t-"y-three letter again taking the wrap around into account. !uppose we assign numerical values = ; . . . >8 to the letters # D . . . E respectively (et pi "e the ith plaintext letter o$ a given message and ci the corresponding ith ciphertext letter. Then Caesar@s cipher can "e mathematically stated as

ci F pi G < 5mod >H6 and there$ore pi F ci - < 5mod >H6. In Caesar@s cipher the key is A<B which is not very secure since there is only one key-anyone who knows that the Caesar@s cipher is "eing used can immediately decrypt the message. # simple su"stitution 5or mono-alpha"etic su"stitution6 cipher is a generali.ation o$ the Caesar@s cipher where the key can "e any permutation o$ the alpha"et. +or the simple su"stitution there are >HI F >JJ keys availa"le. This is too many keys $or any attacker to simply try them all "ut even with this huge num"er o$ keys the simple su"stitution cipher is insecure.

[4] A55ine Cipher and its Cryptanalysis:

#n a$$ine cipher is a simple su"stitution where ci F api G " 5mod >H6. Here the constants a and " are integers in the range = to >8 5as are pi and ci6. To decrypt uniquely--always a nice $eature $or a cipher system--we must have gcd5a >H6 F ;. Consequently there are >H. 5>H6 F <;> a$$ine ciphers $or the 'nglish language where

is the 'uler-phi. The decryption $unction $or the a$$ine cipher is pi F a ; 5ci - "6
5mod >H6 where aa ; F ; 5mod >H6 that is a ; is the multiplicative inverse o$ a modulo >H. #$$ine ciphers are weak $or several reasons "ut the most o"vious pro"lem is that they have a small keyspace. # ciphertext only attack can "e per$ormed "y conducting a "rute $orce search o$ all <;> possi"le key pairs 5 a "6. This attack is trivial provided we can recogni.e the plaintext when we see it or automatically test $or it.

[6] $imple $ubstitution Cryptanalysis:

Trying all possi"le keys is known as an exhaustive key search and this attack is always an option $or an attacker. I$ there are & possi"le keys then an attacker will on average need to try a"out hal$ o$ these that isK &L> o$ the keys "e$ore she can expect to $ind the correct key. There$ore the $irst rule o$ cryptography is that any cipher must have a large enough keyspace so that an exhaustive search is impractical. However a large keyspace does not ensure that a cipher is secure. To see that this is the case we next consider an attack that will work against any simple su"stitution cipher and in the general case requires $ar less work than an exhaustive key search. This attack relies on the $act that statistical in$ormation that is present in the plaintext language AleaksB through a simple su"stitution. !uppose we have a reasona"ly large ciphertext message generated "y

a simple su"stitution and we know that the underlying plaintext is 'nglish. Consider the 'nglish letter $requency in$ormation in Ta"le ;.< which was compiled $rom a MJ<7-letter sample o$ written 'nglish. Dy simply computing letter $requency counts on our ciphertext we can make educated guesses as to which plaintext letters correspond to some o$ the ciphertext letters. +or example the most common ciphertext letter pro"a"ly corresponds to plaintext '. *e can o"tain additional statistical in$ormation "y making use o$ digraphs 5pairs o$ letters6 and common trigraphs 5triples6. This type o$ statistical attack on a simple su"stitution is very e$$ective. #$ter a $ew letters have "een guessed correctly partial words will start to appear and the cipher should then quickly unravel. Ta"le ;.<9 'nglish (etter +requencies as 1ercentages (etter # D C C ' + ) H I J O ( 4 /elative +requency J.<:: ;.77> >.8>M 7.J== ;>.;8 >.;<> >.<>< H.=>8 H.7J8 =.;=> =.HJ: 7.==J >.8HH (etter & 2 1 N / ! T 3 V * , 0 E /elative +requency H.MMJ M.7:< ;.::; =.=MM H.=H< H.<;: J.::: >.MJ< =.::H >.7H7 =.>=7 >.;8M =.=>8

[7] )i8enere Cipher:

# poly-alpha"etic su"stitution cipher uses multiple simple su"stitutions to encrypt a message. The Vigenere cipher is a classic poly-alpha"etic su"stitution cipher. In the Vigenere cipher a key o$ the $orm K = 5 k = k; ..... k n ; 6 where each k i Q= ; ... >8P is used to encipher the plaintext. Here each ki represents a particular shi$t o$ the alpha"et. To encrypt a message ci = pi + k i 5 mod and to decrypt p i = ci k i 5 mod
n6 n6

5 mod

>H6

5mod

>H6 .

+or example suppose O F 5;> = ;: M6 which corresponds to the keyword

4#TH 5since 4 corresponds to a shi$t o$ ;> # corresponds to a shi$t o$ = and so on6. 3sing this keyword the the plaintext !'C/'T4'!!#)' is encrypted as ''V0NT+('!T&N. +ollowing is Java class $or Vigenere ciphe it can "e used "y calling encrypt and decrypt $unction see #ppendix #.; $or $ull implementation.
public class VigenereCipher { public static void main(String[] args) { String key = "VIGENERECIP ER"; String ori = "Cryptanalysis is important sub!ect "or industry"; String enc = encrypt(ori, key); System.out.println(enc); System.out.println(decrypt(enc, key)); } static String encrypt(String te#t, "inal String key) { String res = ""; te#t = te#t.to$pperCase(); for (int i = %, ! = %; i < te#t.length(); i++) { char c = te#t.char&t(i); if (c < '&' || c > '(') continue; res += (char)((c + key.char&t(!) - ) * '&') % )* + '&'); ! = ++! % key.length(); } return res; } static String decrypt(String te#t, "inal String key) { String res = ""; te#t = te#t.to$pperCase(); for (int i = %, ! = %; i < te#t.length(); i++) { char c = te#t.char&t(i); if (c < '&' || c > '(') continue; res += (char)((c - key.char&t(!) + )*) % )* + '&'); ! = ++! % key.length(); } return res; } }

[7.1] Cryptanalysis on )i8enere Cipher:

Dut $irst note that a polyalpha"etic su"stitution 5such as the Vigenere cipher6 does not preserve plaintext letter $requencies to the same degree as a mono-alpha"etic su"stitution. +urthermore i$ the num"er o$ alpha"ets is large relative to the message si.e the plaintext letter $requencies will not "e preserved at all. There$ore the generic simple su"stitution attack discussed a"ove will not work on a polyalpha"etic su"stitution. However the Vigenere cipher is vulnera"le to a slightly more sophisticated statistical attack. To see how this works $irst consider a Vigenere cipher with a small keyword.

!uppose that the $ollowing ciphertext was created using a Vigenere cipher with a threelettered keyword9 /(*/V 4/(#N 'C3'N N*)OI (+4+' ,E0,# N,)JH +4,O4 N*/(# (O(+' ()*C( !2(4, /(*1I 2CV*( !O&I! CV*3! 4JHTC /)/V4 /(!E! C#E0, #N. To recover the key and decrypt the message we can make use o$ the $act that the ciphertext is composed o$ three simple su"stitutions. To accomplish this we ta"ulate the letter $requencies $or the sets
S = = Qc= c< c H ....P S; = Qc; c 7 c M ....P and S > = Qc > c8 cJ ....P

I4+'! J3V#/

4+',E

4/'+* ,E)/0 /(*1I 240CD !+JCT

where ci is the ith ciphertext letter. Coing so we o"tain the results in Ta"les ;.7 ;.8 and ;.H respectively. (etter +requenc y / ; = N 7 Ta"le ;.79 (etter +requencies in S = 3 O + ' 0 J 4 ( ) 1 C & I E * D < ; > < > < < 7 > > 7 ; ; ; ; ; Ta"le ;.89 (etter +requencies in S; ' * I 4 , N O ! H / 0 C # 7 > 7 7 M ; ; H ; > ; ; ;

(etter +requenc y

( H

V 8

(etter +requenc y

* 4 H 7

Ta"le ;.H9 (etter +requencies in S > # C N ) ( + E O C 2 , ! 8 > ; < < 8 7 > ; < ; >

J T 0 ; > ;

+rom the S = ciphertext in Ta"le ;.7 we might reasona"ly guess that ciphertext / corresponds to plaintext '. T & 2 / I # or !. which gives us candidate values $or k = namely

k = Q;< >7 7 < = : ;M >8P. !imilarly

$or set S; ciphertext , might

correspond to plaintext ' T & 2 / I # or ! $rom which we o"tain likely values $or
k; and $rom set S > ciphertext * likely correspond to plaintext ' T & 2 / I # or

!. The corresponding likely keyword letters are ta"ulated in Ta"le ;.M.

Ta"le ;.M9 (ikely Oeyword (etters ko k; k> &T! 0'C 'OJ CJI #)+ J12 /,* E+'

Conclusion:
In this review on classical ciphers and their cryptanalysis are discussed with examples and computer codes. 4any o$ the classical ciphers can "e "roken even i$ the attacker only knows su$$icient ciphertext and hence they are suscepti"le to a ciphertextonly attack. !ome classical ciphers 5e.g. the Caesar cipher6 have a small key space. These ciphers can "e "roken with a "rute $orce attack that is "y simply trying out all keys. !u"stitution ciphers can have a large key space "ut are o$ten suscepti"le to a $requency analysis "ecause $or example $requent letters in the plaintext language correspond to $requent letters in the ciphertexts. 1olyalpha"etic ciphers such as the VigenRre cipher prevent a simple $requency analysis "y using multiple su"stitutions.

e5erences:
S;T #pplied Cryptanalysis9 Dreaking Ciphers in the /eal *orld 4ark !tamp /ichard 4. (ow *iley-I''' 1ressK ; edition 5#pril >8 >==M6 S>T http9LLen.wikipedia.orgLwikiLClassicalUcipher on Classical cipher accessed on >>nd #ugust >=;< S<T http9LLmysite.veri.on.netLeric%ulie$armerLvigenereL on Cryptanalysis o$ the Vigenere cipher accessed on >>nd #ugust >=;<

Appnendix:
+,, , -his class contains methods "or encrypting and decrypting using the Vigenere , cipher. &ll computation is done /ith arrays o" character codes in the range , % to )0 1'a' to '2'34 convenience methods convert bet/een this and string , "ormat. , , &!uthor Eric 5armer , &"er'ion )%%)6%768% ,+ public class Vigenere { +, Contains only static methods. ,+ private Vigenere() {} +,, , Converts the alphabetic characters in the given string to an array o" , character codes in the range % to )0. &ll non6alphabetic characters are , ignored. , , &p!r!$ s the string to convert , , &return the array o" character codes ,+ public static char[] string-o9etters(String s) { String:u""er bu""er = ne( String:u""er(s.to9o/erCase()); int length = %; for (int i = %; i < bu""er.length(); i++) { char ch = bu""er.char&t(i); if (Character.is9etter(ch)) { bu""er.setChar&t(length++, ch); } } bu""er.set9ength(length); char[] c = bu""er.toString().toChar&rray(); for (int i = %; i < c.length; i++) { c[i] -= 'a'; } return c; } +,, , Converts the given array o" character codes; in the range % to )0; to a , string o" corresponding lo/ercase alphabetic characters. ,

A.1 Vigenere cipher

!"! #$p%e$ent!tion

, &p!r!$ c the array o" character codes , , &return the string o" alphabetic characters ,+ public static String letters-oString(char[] c) { for (int i = %; i < c.length; i++) { c[i] += 'a'; } String s = String.copyValue<"(c); for (int i = %; i < c.length; i++) { c[i] -= 'a'; } return s; } +,, , Encrypts the given plainte#t /ith the given key; both consisting

o"

, character codes in the range % to )0. , , &p!r!$ plain-e#t the te#t to be encrypted , &p!r!$ key the encryption key , , &return the encrypted te#t ,+ public static char[] encrypt(char[] plain-e#t, char[] key) { char[] cipher-e#t = ne( char[plain-e#t.length]; for (int i = %; i < plain-e#t.length; i++) { cipher-e#t[i] = (char)((plain-e#t[i] + key[i%key.length]) %)*); } return cipher-e#t; } +,, , =ecrypts the given cipherte#t /ith the given key; both consisting o" , character codes in the range % to )0. , , &p!r!$ cipher-e#t the te#t to be decrypted , &p!r!$ key the decryption key , , &return the decrypted te#t ,+ public static char[] decrypt(char[] cipher-e#t, char[] key) { char[] plain-e#t = ne( char[cipher-e#t.length]; for (int i = %; i < cipher-e#t.length; i++) { plain-e#t[i] = (char)((cipher-e#t[i] + )* - key[i %key.length])%)*); } return plain-e#t; } +,, , Estimates the key/ord length "or the given cipherte#t; based on

the

the

, inde# o" coincidence test.

-he key/ord length /hich ma#imi2es

, minimum inde# o" coincidence over all parts o" the cipherte#t partition , is returned. , , &p!r!$ cipher-e#t the cipherte#t , , &return the estimated key/ord length ,+ public static int guess>ey9ength(char[] cipher-e#t) { int best>ey9ength = ); double ma#?inInde# = =ouble.NEG&-IVE@IN5INI-A; int ma#>ey9ength = (int)?ath.sBrt(cipher-e#t.length); +, -ry "all" possible key/ord lengths. ,+ for (int key9ength = ); key9ength <= ma#>ey9ength; key9ength++) { double minInde# = =ouble.P<SI-IVE@IN5INI-A; +, Compute each inde# o" coincidence; and "ind the minimum. ,+ for (int o""set = %; o""set < key9ength; o""set++) { double inde# = inde#<"Coincidence(cipher-e#t, o""set, key9ength); if (inde# < minInde#) { minInde# = inde#; } } +, Select the key/ord length that ma#imi2es the minimum. ,+ if (minInde# > ma#?inInde#) { ma#?inInde# = minInde#; best>ey9ength = key9ength; } } return best>ey9ength; } +,, , Estimates the key/ord "or the given cipherte#t; given the key/ord , length; based on a combination o" monoalphabetic "reBuency analysis and , mutual indices o" coincidence. , , &p!r!$ cipher-e#t the cipherte#t , &p!r!$ key9ength the key/ord length , , &return the estimated key/ord ,+ public static char[] guess>ey(char[] cipher-e#t, int key9ength) { char[] key = ne( char[key9ength]; boolean[] "ound = ne( boolean[key9ength]; int last5ound = %;

+, , :uild the key/ord one letter at a time. :ased on simple "reBuency , analysis in each 1monoalphabetic3 block; estimate each keyletter by , matching the most "reBuent cipherte#t letter /ith plainte#t 'e'. , Select the best o" these matches by "con"idence;" measured by the , discrepancy bet/een the most "reBuent and second most "reBuent , letter. ,+ int ma#=i""5reB = -C; for (int o""set = %; o""set < key9ength; o""set++) { int[] bins = "reBuencies(cipher-e#t, o""set, key9ength); int bestE = %; +, Estimate keyletter based on plainte#t 'e'. ,+ for (int c = C; c < )*; c++) { if (bins[c] > bins[bestE]) { bestE = c; } } int ma#5reBuency = bins[bestE]; +, Select the keyletter /e are most con"ident in. ,+ sort(bins); int di"" = ma#5reBuency - bins[)7]; if (di"" > ma#=i""5reB) { ma#=i""5reB = di""; last5ound = o""set; key[o""set] = (char)((bestE + )))%)*); }

} "ound[last5ound] = true;

+, , Continue the incremental building o" the key/ord using mutual , indices o" coincidence. Pair the most recently "ound keyletter /ith , each other remaining keyletter; "solving" using the mutual inde# o" , coincidence test. Select the best o" these solutions again by , "con"idence;" or discrepancy bet/een the t/o highest indices. ,+ for (int i = C; i < key9ength; i++) { int best<""set = %; double ma#=i""Inde# = =ouble.NEG&-IVE@IN5INI-A; for (int o""set = %; o""set < key9ength; o""set++) { +, I" this keyletter isn't already kno/n; estimate it. ,+

if ()"ound[o""set]) { double[] indices = mutualIndices<"Coincidence(cipher-e#t, o""set, last5ound, key9ength); int bestShi"t = %; +, Estimate keyletter based on mutual inde#. ,+ for (int shi"t = C; shi"t < )*; shi"t++) { if (indices[shi"t] > indices[bestShi"t]) { bestShi"t = shi"t; } } double ma#Inde# = indices[bestShi"t]; +, Select the keyletter /e are most con"ident in. ,+ sort(indices); double di"" = ma#Inde# - indices[)7]; if (di"" > ma#=i""Inde#) { ma#=i""Inde# = di""; best<""set = o""set; key[o""set] = (char)((key[last5ound] + bestShi"t)%)*); } }

} last5ound = best<""set; "ound[last5ound] = true; } +, , &t this point; /e have a very good guess o" the key/ord. -he /eak 1derived the )* De re"ine , point seems to be not the relationships bet/een keyletters , by the mutual indices o" coincidence3; but the choice "rom , cyclic shi"ts o" the key/ord based on "reBuency analysis.

, our guess by selecting the shi"t /hich ma#imi2es the average , "reBuency o" guessed plainte#t 'e' over all parts o" the cipherte#t , partition. ,+ int[][] bins = ne( int[key9ength][]; for (int o""set = %; o""set < key9ength; o""set++) { bins[o""set] = "reBuencies(cipher-e#t, o""set, key9ength); } int bestShi"t = %, ma#5reB = -C; for (int shi"t = %; shi"t < )*; shi"t++) { int total5reB = %; for (int o""set = %; o""set < key9ength; o""set++) {

total5reB } if (total5reB ma#5reB = bestShi"t } }

+= bins[o""set][(7 + key[o""set] + shi"t)%)*]; > ma#5reB) { total5reB; = shi"t;

for (int o""set = %; o""set < key9ength; o""set++) { key[o""set] = (char)((key[o""set] + bestShi"t)%)*); } return key; } +,, , Returns the "reBuencies o" the letters in the given subte#t o" the given , cipherte#t. Element c 1in the range % to )03 in the array that is , returned indicates the number o" occurrences o" letter c in the subte#t. , -he subte#t is speci"ied by the key/ord length and an o""set4 e.g.; the , entire cipherte#t is speci"ied by o""set % and key length C. , , &p!r!$ cipher-e#t the entire cipherte#t , &p!r!$ o""set the o""set "rom the start o" the cipherte#t , &p!r!$ key9ength the key/ord length , , &return the "reBuencies o" the )* cipherte#t letters ,+ public static int[] "reBuencies(char[] cipher-e#t, int o""set, int key9ength) { int[] bins = ne( int[)*]; for (int i = o""set; i < cipher-e#t.length; i+= key9ength) { bins[cipher-e#t[i]]++; } return bins; } +,, , Returns the inde# given , cipherte#t. , , &'ee E"reBuencies , , &p!r!$ cipher-e#t , &p!r!$ o""set , &p!r!$ key9ength , , &return ,+ public static double o""set, double inde# = %; o" coincidence o" the given subte#t o" the

the entire cipherte#t the o""set "rom the start o" the cipherte#t the key/ord length the inde# o" coincidence inde#<"Coincidence(char[] cipher-e#t, int int key9ength) {

int[] bins = "reBuencies(cipher-e#t, o""set, key9ength); int length = %; for (int c = %; c < )*; c++) { inde# += bins[c]*(bins[c] - C); length += bins[c]; } return inde#*(length*(length - C)); } +,, , Returns the mutual indices o" coincidence "or the given subte#ts o" the , given cipherte#t; one "or each o" )* possible shi"ts. Element c in the , array that is returned indicates the mutual inde# o" coincidence "or the , "irst subte#t and the second subte#t shi"ted by c. , , &'ee E"reBuencies , , &p!r!$ cipher-e#t the entire cipherte#t , &p!r!$ o""setC the "irst o""set "rom the start o" the cipherte#t , &p!r!$ o""set) the second o""set "rom the start o" the cipherte#t , &p!r!$ key9ength the key/ord length , , &return the mutual indices o" coincidence ,+ public static double[] mutualIndices<"Coincidence(char[] cipher-e#t, int o""setC, int o""set), int key9ength) { double[] indices = ne( double[)*]; once. ,+ +, Compute "reBuencies in each 1monoalphabetic3 block only int[] binsC = "reBuencies(cipher-e#t, o""setC, key9ength); int[] bins) = "reBuencies(cipher-e#t, o""set), key9ength); int lengthC = %, length) = %; for (int c = %; c < )*; c++) { lengthC += binsC[c]; length) += bins)[c]; } +, Compute inde# "or each possible shi"t. ,+ for (int shi"t = %; shi"t < )*; shi"t++) { for (int c = %; c < )*; c++) { indices[shi"t] += binsC[(c + shi"t)%)*]*bins)[c]; } indices[shi"t] *= lengthC*length); } return indices; }

+, Sorting is not built in to Fava C.C ,+ private static void sort(int[] a) { for (int i = %; i < a.length - C; i++) { for (int ! = i + C; ! < a.length; !++) { if (a[i] > a[!]) { int temp = a[i]; a[i] = a[!]; a[!] = temp; } } } } private static void sort(double[] a) { for (int i = %; i < a.length - C; i++) { for (int ! = i + C; ! < a.length; !++) { if (a[i] > a[!]) { double temp = a[i]; a[i] = a[!]; a[!] = temp; } } } } }