Fundamentals of Crypto

Dr Shahzaib Tahir
shahzaib.tahir@mcs.edu.pk

Lecture 2
 Introduction
• Information has to be concealed from an unauthorised
person (attacker), so that in the event that it is
passively accessed (e.g., copied or intercepted) by an
attacker, it should not be useful to them

• Hiding Techniques
– Steganography
– Cryptography
 Steganography
• Steganography is the study of hiding critical information within
some less important information:
– Hidden messages on messenger's body, Using invisible ink,
pin punctures, Digital steganography etc.
– If the less important information is revealed, the attacker
should not be able to even identify, let alone extract, the
critical information

3
 3rd March
Dear George,
Greetings to all at Oxford. Many thanks for your
letter and for the Summer examination package.
All Entry Forms and Fees Forms should be ready
for final despatch to the Syndicate by Friday
20th or at the very latest, I'm told, by the 21st.
Admin has improved here, though there's room
for improvement still; just give us all two or three
more years and we'll really show you! Please
don't let these wretched 16+ proposals destroy
your basic O and A pattern. Certainly this
sort of change, if implemented immediately,
would bring chaos.
Sincerely yours,

“A Puzzle for Inspector Morse”, (Originally from “The Silent

World of Nicholas Quinn”, by Colin Dexter)
 3rd March
Dear George,
Greetings to all at Oxford. Many thanks for your
letter and for the Summer examination package.
All Entry Forms and Fees Forms should be ready
for final despatch to the Syndicate by Friday
20th or at the very latest, I'm told, by the 21st.
Admin has improved here, though there's room
for improvement still; just give us all two or three
more years and we'll really show you! Please
don't let these wretched 16+ proposals destroy
your basic O and A pattern. Certainly this
sort of change, if implemented immediately,
would bring chaos.
Sincerely yours,

“A Puzzle for Inspector Morse”, (Originally from “The Silent World of Nicholas
Quinn”, by Colin Dexter)

Message: Your package ready Friday 21st room three please destroy immediately.
 What is Encryption
• Encryption is the process of encoding a message or information in
such a way that only authorized parties can access it

• Encryption does not itself prevent interference, but denies the

intelligible content to a would-be interceptor

• In an encryption scheme, the intended information or message,

referred to as plaintext, is encrypted using an encryption algorithm
a cipher, generating ciphertext that can only be read if decrypted
 Classifying Cryptographic Systems
Cryptosystems are characterized along three independent
dimensions
 Symmetric Key Encryption
• Symmetric encryption, also referred to as conventional
encryption or single-key encryption, was the only type
of encryption in use prior to the development of public
key encryption in the 1970s.
• It remains by far the most widely used of the two types of
encryption
Symmetric Cipher Model

10
 Requirements of Classical Encryption

• There are two requirements for secure use of

conventional encryption
– We need a strong encryption algorithm. At a
minimum, we would like the algorithm to be such that
an opponent who knows the algorithm and has
access to one or more ciphertexts would be
unable to decipher the ciphertext or figure out the
key
– Sender and receiver must have obtained copies of
the secret key in a secure fashion and must keep the
key secure. If someone can discover the key and
knows the algorithm, all communication using this key
is readable
 Kerkhoff’s principle

• Kerkhoff’s principle: the adversary knows all

details about a cryptosystem except the
secret key.
“The security of a system lies in keeping the
keys secret”

12
Model of Symmetric Crypto-System
 Security of Symmetric Algos
• We assume that it is impractical to decrypt a message on the
basis of the ciphertext plus knowledge of the
encryption/decryption algorithm
• In other words, we do not need to keep the algorithm secret;
we need to keep only the key secret
• This feature of symmetric encryption is what makes it feasible
for widespread use
• The fact that the algorithm need not be kept secret means
that manufacturers can and have developed low-cost chip
implementations of data encryption algorithms
• With the use of symmetric encryption, the principal security
problem is maintaining the secrecy of the key
 Cracking the Crypto System
• Cryptanalysis
– Cryptanalytic attacks rely on
• nature of the algorithm
• some knowledge of the general characteristics of the plaintext
• some sample plaintext–ciphertext pairs
– These attacks try to deduce a specific plaintext or to
deduce the key being used

• Brute-force attack
– The attacker tries every possible key on a piece of
ciphertext until an intelligible translation into plaintext is
obtained
– On average, half of all possible keys must be tried to
achieve success.
 Cipher Text Only Attack

• Available
– Ciphertext
– Encryption algorithm (public)

• Modern cryptosystems should be immune to ciphertext-

only attacks

• Approach
– Brute-force Attack – try all possible keys
– Statistical Testing – Idea of type of plaintext being
concealed (English text, an EXE file, accounting file
etc.)
 Known Plaintext Attack
• The analyst may be able to capture one or more
plaintext messages as well as their encryptions, he’s
given, he’s not choosing.
• The attacker cannot produce more plaintext-ciphertext
pairs, he has to obtain them from whoever has the key
• Or the analyst may know that certain plaintext patterns
will appear in a message (Example Baker Street)
– Standardized Header
– Specific Patterns etc.
• With this knowledge, the analyst may be able to deduce
the key on the basis of the way in which the known
plaintext is transformed
 Chosen Plaintext Attack
• Available
– Ciphertexts chosen by cryptanalyst
– Corresponding plaintexts.
– Encryption algorithm (public)
• Example:
– A poorly designed file storage system uses the same
key to encrypt everyone's files, and lets anyone see
anyone's files (in encrypted form). Eve knows Bob
uses the service, she registers as well and starts
encrypting arbitrary files (which she can choose) and
looks at the resulting ciphertext. From this she obtains
the service's encryption key, and decrypts Bob's stuff
 Chosen Ciphertext Attack
• Available
– Ciphertexts chosen by cryptanalyst
– Corresponding plaintexts.
– Encryption algorithm (public)
• Example
– Eve breaks into Bob's house while he is sleeping, and
replaces the ciphertext he was going to send to Alice
tomorrow with a new one of her choosing. She then
eavesdrops on their communications (encrypted or
not) the next day to try and work out what Alice read
when she decrypted the fake ciphertext (variants of
this involve Eve not just creating a new ciphertext, but
modifying the existing one slightly).
• Less commonly employed as cryptanalytic technique but
is nevertheless possible avenue of attack.
Computationally Secure Encryption
• An encryption scheme is said to be computationally
secure if either of the following two criteria are met
– The cost of breaking the cipher exceeds the value of
the encrypted information
– The time required to break the cipher exceeds the
useful lifetime of the information
• An important thing to know about Brute force attacks is
that unless known plaintext is provided, the analyst must
be able to recognize plaintext as plaintext.
 Classical Substitution Ciphers
• Letters/bits of plaintext are replaced by other letters/bits.
• Categorized as:
1. Monoalphabetic Ciphers
• Uses fixed substitution over the entire message.
• Example: Ceaser Cipher

2. Polyalphabetic Ciphers
• uses a number of substitutions at different positions
in the message, where a unit from the plaintext is
mapped to one of several possibilities in the
ciphertext and vice versa.
• Example: Vigenere cipher
 Cont…
3. Homophonic Ciphers
• involves replacing each letter with a variety of
substitutes, the number of potential substitutes being
proportional to the frequency of the letter.
• Example: Beale Ciphers

4. Polygram Ciphers
• In this, group of letters are encrypted together, and
includes enciphering large blocks of letters. Therefore,
permits arbitrary substitution for groups of characters.
• Example: Playfair cipher
 Some examples
a mod n = r
• -4 mod 9 = -4 + 9 = 5 (Since 9 does not divide -4. Just
add 9 to make positive)
• 4 mod 9 = 4
• -49 mod 5 = - 4 + 5 =1 (divide -49 by 5 then add 5 to
make positive)
• 14 mod 2 = 0
• 49 mod 5= 4
• -9 mod 6 = -3 + 6 = 3 (divide -9 by 6=-3 then add 6 to
make positive)
• -6 mod 18 = -6 + 18 = 12 (since -6 is not divisible by 18.
Just add 18 and compute)
23
Monoalphabetic Ciphers
 Caesar Cipher
• The earliest known, and the simplest, use of a substitution cipher
was by Julius Caesar.
• The Caesar cipher involves replacing each letter of the alphabet
with the letter standing three places further down the alphabet.

• Note that the alphabet is wrapped around, so that the letter

following Z is A. We can define the transformation by listing all
possibilities, as follows
 ..contd
• Let us assign a numerical equivalent to each letter

• Then the algorithm can be expressed as follows. For each plaintext letter p,
substitute the ciphertext letter

C = E(3, p) = (p + 3) mod 26
• A shift may be of any amount, so that the general Caesar algorithm is,

C = E(k, p) = (p + k) mod 26
• Here, k takes on a value in the range 1 to 25. The decryption algorithm is
simply
 Decrypting Caesar Cipher
• The decryption algorithm is simply
p = D(k, C) = (C - k) mod 26

• If it is known that a given ciphertext is a

Caesar cipher, then a brute-force
cryptanalysis is easily performed: simply
try all the 25 possible keys
 Analysis of Mono-alphabetic Ciphers
• What was the key space of Caesar Cipher?

• Cryptanalyst can exploit the regularities of the language.

– Monogram Frequencies
– Digram Frequencies
– Trigram Frequencie
 Frequency Analysis
• Study of the frequency of letters or groups of letters in a ciphertext.
The method is used as an aid to breaking classical ciphers

• The longer the text, the closer the letter frequency distributions
match the language’s actual letter frequency distributions

• The monoalphabetic cipher preserves the letter frequency

distributions of the plaintext in the ciphertext (i.e., information about
the plaintext is leaked in the ciphertext)
English Letter Frequencies
 Example: Cryptanalysis of Simple Substitution Cipher

• Ciphertext:
R jrk hbxiu lk vai vzihova ohlls lo rk rmrsvjikv ywbhtbkn.
Ixise jlskbkn ai vrgiu vai ihixrvls tlzk vl vai hlyye rkt hirxiu vai
ywbhtbkn. Bk vai ixikbkn, ai nivu bkvl vai ihixrvls, rkt, bo
vaisi bu uljilki ihui bk vai ihixrvls -- ls bo bv zru srbkbkn varv
tre -- ai nliu yrpg vl abu ohlls tbsipvhe. Alzixis, bo vaisi bu
klylte ihui bk vai ihixrvls rkt bv aruk'v srbkit, ai nliu vl vai
vikva ohlls rkt zrhgu wm vzl ohbnavu lo uvrbsu vl abu sllj.

31
 Example (cont …)

Start by determining and comparing the relative frequency of the

letters to a standard frequency distribution for English.

• Letter frequency count (total = 344 letters):

Letter A B C D E F G H I J K L M

Frequency 23 26 0 0 5 0 3 18 49 5 26 32 2

Letter N O P Q R S T U V W X Y Z

Frequency 9 10 2 0 24 19 11 19 37 3 9 6 6
 Example (cont …)
• Letter Frequencies

Blue: English’s
Frequency
Green: Cipher’s
Frequency
 Example (cont …)
• From the frequency distributions, we assume that:
– C(I) -> P(E) matching relative frequencies

• Partially decrypted ciphertext (red = plaintext):

• R jrk hbxeu lk vae vzehova ohlls lo rk rmrsvjekv
ywbhtbkn. Exese jlskbkn ae vrgeu vae ehexrvls tlzk
vl vae hlyye rkt herxeu vae ywbhtbkn. Bk vae
exekbkn, ae nevu bkvl vae ehexrvls, rkt, bo vaese
bu uljelke ehue bk vae ehexrvls -- ls bo bv zru
srbkbkn varv tre -- ae nleu yrpg vl abu ohlls
tbsepvhe. Alzexes, bo vaese bu klylte ehue bk vae
ehexrvls rkt bv aruk'v srbket, ae nleu vl vae vekva
ohlls rkt zrhgu wm vzl ohbnavu lo uvrbsu vl abu
sllj.

34
 Example (cont …)
• From the frequency distributions, we assume that:
– C(V) -> P(T) matching relative frequencies

• Partially decrypted ciphertext (red = plaintext):

• R jrk hbxeu lk tae tzehoth ohlls lo rk rmrstjekt
ywbhtbkn. Exese jlskbkn ae trgeu tae ehexrtls tlzk tl tae
hlyye rkt herxeu tae ywbhtbkn. Bk tae exekbkn, ae netu
bktl tae ehexrtls, rkt, bo taese bu uljelke ehue bk tae
ehexrtls -- ls bo bt zru srbkbkn tart tre -- ae nleu yrpg tl
abu ohlls tbsepthe. alzexes, bo taese bu klylte ehue bk tae
ehexrtls rkt bt aruk't srbket, ae nleu tl tae tekta ohlls rkt
zrhgu wm tzl ohbnatu lo utrbsu tl abu sllj.

35
 Example (cont …)

A more systematic approach is to look for other regularities

• Check for Digram
– Common digraphs: EN, RE, ER, NT, TH

• Check for Trigram

– Common trigrams: THE, ING, THA, ENT

• Vowels other than E are rarely followed by another vowel

• The letter Q is followed only by U

 Example (cont …)
• From the frequency distributions, we assume that:
– C(A) -> P(H)
– The digram ‘TH’ is the most common in the English language
– The word “THE” is the only frequently used 3-letter English word
starting with T and ending with E

• Partially decrypted ciphertext (red = plaintext):

• R jrk hbxeu lk tae tzehoth ohlls lo rk rmrstjekt ywbhtbkn.
Exese jlskbkn ae trgeu tae ehexrtls tlzk tl tae hlyye rkt herxeu tae
ywbhtbkn. Bk tae exekbkn, ae netu bktl tae ehexrtls, rkt, bo taese
bu uljelke ehue bk tae ehexrtls -- ls bo bt zru srbkbkn tart tre -- ae
nleu yrpg tl abu ohlls tbsepthe. alzexes, bo taese bu klylte ehue bk
tae ehexrtls rkt bt aruk't srbket, ae nleu tl tae tekta ohlls rkt
zrhgu wm tzl ohbnatu lo utrbsu tl abu sllj.
37
 Example (cont …)
• From the frequency distributions, we assume that:
– C(A) -> P(H)
– The digram ‘TH’ is the most common in the English language
– The word “THE” is the only frequently used 3-letter English
word starting with T and ending with E

• Partially decrypted ciphertext (red = plaintext):

• R jrk hbxeu lk the tzehoth ohlls lo rk rmrstjekt ywbhtbkn.
Exese jlskbkn he trgeu the ehexrtls tlzk tl the hlyye rkt herxeu
the ywbhtbkn. Bk the exekbkn, he netu bktl the ehexrtls, rkt, bo
these bu uljelke ehue bk the ehexrtls -- ls bo bt zru srbkbkn thrt
tre -- he nleu yrpg tl hbu ohlls tbsepthe. hlzexes, bo these bu
klylte ehue bk the ehexrtls rkt bt hruk't srbket, he nleu tl the
tekth ohlls rkt zrhgu wm tzl ohbnhtu lo utrbsu tl hbu sllj.
38
 Example (cont …)

• We can assume that C(R) -> P(A) because:

– The word “THAT” is the only frequently used 4-letter English
word starting with ‘TH’ and ending with T

• Partially decrypted ciphertext (red = plaintext):

• R jrk hbxeu lk the tzehoth ohlls lo rk rmrstjekt ywbhtbkn.
Exese jlskbkn he trgeu the ehexrtls tlzk tl the hlyye rkt herxeu
the ywbhtbkn. Bk the exekbkn, he netu bktl the ehexrtls, rkt, bo
these bu uljelke ehue bk the ehexrtls -- ls bo bt zru srbkbkn thrt
tre -- he nleu yrpg tl hbu ohlls tbsepthe. hlzexes, bo these bu
klylte ehue bk the ehexrtls rkt bt hruk't srbket, he nleu tl the
tekth ohlls rkt zrhgu wm tzl ohbnhtu lo utrbsu tl hbu sllj.

39
 Example (cont …)
• We can assume that C(R) -> P(A) because:
– The word “THAT” is the only frequently used 4-letter English
word starting with ‘TH’ and ending with T

• Partially decrypted ciphertext (red = plaintext):

• A jak hbxeu lk the tzehoth ohlls lo ak amastjekt ywbhtbkn.
Exese jlskbkn he tageu the ehexatls tlzk tl the hlyye akt heaxeu the
ywbhtbkn. Bk the exekbkn, he netu bktl the ehexatls, akt, bo these
bu uljelke ehue bk the ehexatls -- ls bo bt zau sabkbkn that tae --
he nleu yapg tl hbu ohlls tbsepthe. hlzexes, bo these bu klylte ehue
bk the ehexatls akt bt hauk't sabket, he nleu tl the tekth ohlls akt
zahgu wm tzl ohbnhtu lo utabsu tl hbu sllj.

40
 Example (cont …)
• We can assume that C(K) -> P(N) because:
– The words “AN” and “AT” are the only frequently used 2-letter
English words starting with A
– The relative frequency of K in the ciphertext closely approximates
the relative frequency of N in English
• Partially decrypted ciphertext (red = plaintext):
• A jak hbxeu lk the tzehoth ohlls lo ak amastjekt
ywbhtbkn. Exese jlskbkn he tageu the ehexatls tlzk
tl the hlyye akt heaxeu the ywbhtbkn. Bk the
exekbkn, he netu bktl the ehexatls, akt, bo these
bu uljelke ehue bk the ehexatls -- ls bo bt zau
sabkbkn that tae -- he nleu yapg tl hbu ohlls
tbsepthe. hlzexes, bo these bu klylte ehue bk the
ehexatls akt bt hauk't sabket, he nleu tl the tekth
ohlls akt zahgu wm tzl ohbnhtu lo utabsu tl hbu
sllj.
41
 Example (cont …)
• We can assume that C(K) -> P(N) because:
– The words “AN” and “AT” are the only frequently used 2-letter
English words starting with A
– The relative frequency of K in the ciphertext closely approximates
the relative frequency of N in English
• Partially decrypted ciphertext (red = plaintext):
• A jan hbxeu ln the tzehoth ohlls lo an amastjent
ywbhtbnn. Exese jlsnbnn he tageu the ehexatls tlzn
tl the hlyye ant heaxeu the ywbhtbnn. Bn the
exenbnn, he netu bntl the ehexatls, ant, bo these
bu uljelne ehue bn the ehexatls -- ls bo bt zau
sabnbnn that tae -- he nleu yapg tl hbu ohlls
tbsepthe. hlzexes, bo these bu nlylte ehue bn the
ehexatls ant bt haun't sabnet, he nleu tl the tenth
ohlls ant zahgu wm tzl ohbnhtu lo utabsu tl hbu
sllj.
42
 Example (cont …)

• We assume that:
– C(T) -> P(D) (from the word ‘ant’)

• Partially decrypted ciphertext (red = plaintext):

• A jan hbxeu ln the tzehoth ohlls lo an amastjent ywbhtbnn.
Exese jlsnbnn he tageu the ehexatls tlzn tl the hlyye ant heaxeu
the ywbhtbnn. Bn the exenbnn, he netu bntl the ehexatls, ant, bo
these bu uljelne ehue bn the ehexatls -- ls bo bt zau sabnbnn that
tae -- he nleu yapg tl hbu ohlls tbsepthe. hlzexes, bo these bu
nlylte ehue bn the ehexatls ant bt haun't sabnet, he nleu tl the
tenth ohlls ant zahgu wm tzl ohbnhtu lo utabsu tl hbu sllj.

43
 Example (cont …)

• We assume that:
– C(T) -> P(D) (from the word ‘ant’)

• Partially decrypted ciphertext (red = plaintext):

• A jan hbxeu ln the tzehoth ohlls lo an amastjent ywbhdbnn.
Exese jlsnbnn he tageu the ehexatls dlzn tl the hlyye and
heaxeu the ywbhdbnn. Bn the exenbnn, he netu bntl the
ehexatls, and, bo these bu uljelne ehue bn the ehexatls -- ls bo
bt zau sabnbnn that tae -- he nleu yapg tl hbu ohlls tbsepthe.
hlzexes, bo these bu nlylte ehue bn the ehexatls and bt haun't
sabned, he nleu tl the tenth ohlls and zahgu wm tzl ohbnhtu lo
utabsu tl hbu sllj.

44
 Example (cont …)

• We assume that:
– C(B) -> P(I) (from the words ‘bt’ and ‘bn’)

• Partially decrypted ciphertext (red = plaintext):

• A jan hbxeu ln the tzehoth ohlls lo an amastjent ywbhdbnn.
Exese jlsnbnn he tageu the ehexatls dlzn tl the hlyye and
heaxeu the ywbhdbnn. Bn the exenbnn, he netu bntl the
ehexatls, and, bo these bu uljelne ehue bn the ehexatls -- ls bo
bt zau sabnbnn that tae -- he nleu yapg tl hbu ohlls tbsepthe.
hlzexes, bo these bu nlylte ehue bn the ehexatls and bt haun't
sabned, he nleu tl the tenth ohlls and zahgu wm tzl ohbnhtu lo
utabsu tl hbu sllj.

45
 Example (cont …)

• We assume that:
– C(B) -> P(I) (from the words ‘bt’ and ‘bn’)

• Partially decrypted ciphertext (red = plaintext):

• A jan hixeu ln the tzehoth ohlls lo an amastjent ywihdbnn.
Exese jlsnbnn he tageu the ehexatls dlzn tl the hlyye and
heaxeu the ywbhdbnn. In the exeninn, he netu intl the ehexatls,
and, io these iu uljelne ehue in the ehexatls -- ls io it zau saininn
that tae -- he nleu yapg tl hiu ohlls tisepthe. hlzexes, io these iu
nlylte ehue in the ehexatls and it haun't sabned, he nleu tl the
tenth ohlls and zahgu wm tzl ohinhtu lo utabsu tl hiu sllj.

46
 Example (cont …)
• If you continue like this, you will eventually obtain a complete
decryption of the message and will also have recovered the key
(the substitution alphabet)

• The substitution alphabet for this example is:

– p: ABCDEFGHIJKLMNOPQRSTUVWXYZ
– Fk(p) : RYPTIONABFGHJKLMQSUVWXZDEC

Analysis:
Monoalphabetic ciphers are easy to break because they reflect the
frequency data of the original alphabet. A countermeasure is to
provide multiple substitutes
47
 What is Affine Cipher

The affine cipher is a type of

monoalphabetic substitution cipher,
wherein each letter in an alphabet is
mapped to its numeric equivalent,
encrypted using a simple mathematical
function, and converted back to a letter
 Mathematically
• The encryption function for a
single letter is
• E(x)=(ax+b)mod{m}
• where b is the magnitude of the
shift.
 Mathematically
• The decryption function is
• D(y)=a^{-1}(y-b)mod {m}
• where modulus m is the size of
the alphabet and a and b are the
key of the cipher
 Example
• In coming two examples, one
encrypting and one decrypting,
the alphabet is going to be the
letters A through Z, and will have
the corresponding values found in
the following table.
Example
 Coprime
• In mathematics, two integers (a and b)
are coprime (or relatively prime) if they
share no common factors
 Encrypting
• In this encrypting example,[1] the plaintext
to be encrypted is "AFFINE CIPHER"
using the table mentioned above for the
numeric values of each letter, taking a to
be 5, b to be 8, and m to be 26 since there
are 26 characters in the alphabet being
used.
 Encrypting
• Only the value of a has a
restriction since it has to be
coprime with 26. The possible
values that a could be are 1, 3, 5,
7, 9, 11, 15, 17, 19, 21, 23, and
25
 Encrypting
• The first step in encrypting the message is to
write the numeric values of each letter.
 Encrypting
• Now, take each value of x, and solve the
first part of the equation, (5x + 8). After
finding the value of (5x + 8) for each
character, take the remainder when
dividing the result of (5x + 8) by 26. The
following table shows the first four steps of
the encrypting process.
 Encrypting
• The final step in encrypting the message is
to look up each numeric value in the table
for the corresponding letters. In this
example, the encrypted text would be
IHHWVCSWFRCP. The table below
shows the completed table for encrypting
a message in the Affine cipher.
 Decrypting
• In this decryption example, the ciphertext
that will be decrypted is the ciphertext from
the encryption example. The
corresponding decryption function is D(y)
= 21(y − 8) mod 26, where a−1 is
calculated to be 21, b is 8, and m is 26. To
begin, write the numeric equivalents to
each letter in the ciphertext, as shown in
the table below
 Relatively Prime Numbers & GCD: two numbers a, b are relatively prime
if they have no common divisors apart from 1

Phi(n) gives us total relatively prime numbers

For multiplicative inverse modulo a prime

3/14/2022 61
 Decrypting
• Now, the next step is to compute 21(y − 8),
and then take the remainder when that
result is divided by 26. The following table
shows the results of both computations
 Decrypting
• The final step in decrypting the ciphertext
is to use the table to convert numeric
values back into letters. The plaintext in
this decryption is AFFINECIPHER. Below
is the table with the final step completed.
Homophonic Ciphers
 Homophonic Ciphers
• Replacing each letter with a variety of
substitutes (homophones) where a
homophone is used in rotation or chosen
randomly and the number of potential
substitutes are proportional to the
frequency of the letter.
 Example
A
B
• pt: defending against C
D
frequency analysis attacks E
F
• CT: 45 14 31 87 66 01 73 G
H
59 25 09 06 78 88 71 11 I
J
49 10 40 98 94 63 46 58 K
L
41 52 12 58 53 26 21 19 M
N
73 36 33 20 69 67 62 04 O
P
76 Q
R
S
T
U
V
W
X
Y
Z
 Algorithm Security
• Breaking homophonic substitution ciphers can be very difficult if the
number of homophones is high

• Low-frequency ciphertext symbols are of interest.

– Half of the plaintext letters correspond to only

one or two ciphertext symbols.

• Monogram frequencies are balanced off but digram, trigram

frequencies still persist.
Polygram Ciphers
 Playfair Cipher
• It is a digraph substitution cipher
• Consists of a key matrix and some basic
rules for encryption and decryption.
• Different rules for encryption and
decryption

69
 Playfair Key Matrix
• Use a 5 x 5 matrix.
• Fill in letters of the key (w/o duplicates).
• Fill the rest of matrix with other letters.
• E.g., key = MONARCHY.
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
70
 Encrypting and Decrypting
Plaintext is encrypted two letters at a time.
1. If a pair is a repeated letter, insert filler like 'X’.
2. If both letters fall in the same row, replace
each with the letter to its right (circularly).
3. If both letters fall in the same column, replace
each with the letter below it (circularly).
4. Otherwise, each letter is replaced by the letter
in the same row but in the column of the other
letter of the pair.
71
 Green = plaintext
Red = ciphertext
Rules: encryption

Note: Same row

opposite corner

72
 Polygram Cipher: Playfair
• Playfair technique encrypts pairs of letters (digraphs), instead of
single letters as in the simple substitution cipher. The Playfair is
significantly harder to break since the frequency analysis used for
simple substitution ciphers does not work with it

• Frequency analysis can still be undertaken, but on the 25*25=625

possible digraphs rather than the 25 possible monographs.
Frequency analysis thus requires much more ciphertext in order to
work

• For instance, it can be something like:

 Playfair Cipher: Example
• Key: Keyword
K E Y W O

R D A B C

F G H I L

M N P Q S

T U V X Z
 Preparing your Message
• Split PT into pairs
• Separate all duplicated letters by inserting "X"
• If there is an odd letter at the end of message, insert letter "X"
• Ignore all spaces

• Plaintext: SECRET MESSAGE

SE CR ET ME SX SA GE
 Encoding
• IF in same COLUMN
– Move each letter down ONE
– Upon reaching end of table, wrap around

• IF in same ROW
– Move each letter right ONE
– Upon reaching the end of table, wrap around

• IF it forms a Rectangle
– Swap the letters with the ones on the end of
the rectangle
 Example (cont)
SE CR ET ME SX SA GE

K E Y W O

Rule 3:
R D A B C SE
Swap letters
with one on
end of the F G H I L NO
rectangle

M N P Q S

T U V X Z
 Example (cont)
SE CR ET ME SX SA GE

K E Y W O

Rule 2: CR
R D A B C
Move each
letter right
F G H I L RD

M N P Q S

T U V X Z
 Example (cont)
SE CR ET ME SX SA GE

K E Y W O

Rule 3:
R D A B C ET
Swap letters
with one on
end of the F G H I L KU
rectangle

M N P Q S

T U V X Z
 Example (cont)
SE CR ET ME SX SA GE

K E Y W O

Rule 3:
Swap letters
R D A B C ME
with one on
end of the F G H I L NK
rectangle

M N P Q S

T U V X Z
 Example (cont)
SE CR ET ME SX SA GE

K E Y W O

Rule 3:
R D A B C SX
Swap letters
with one on
end of the F G H I L QZ
rectangle

M N P Q S

T U V X Z
 Example (cont)
SE CR ET ME SX SA GE

K E Y W O

Rule 3:
R D A B C SA
Swap letters
with one on
end of the F G H I L PC
rectangle

M N P Q S

T U V X Z
 Example (cont)
SE CR ET ME SX SA GE

K E Y W O

Rule 1:
R D A B C GE
Move each
letter down
ONE F G H I L ND

M N P Q S

T U V X Z
 Finally….
Orignal Text:
• SECRET MESSAGE
• SECRETMESSAGE
• SE CR ET ME SX SA GE

Cipher Text
• NO RD KU NK QZ PC ND
• NORDKUNKQZPCND
Polyalphabetic Ciphers
 Vigenere Cipher
Find the intersection point of the keyword and plaintext in the vigenere
table

Keyword: RELAT IONSR ELATI ONSRE LATIO NSREL

Plaintext: TOBEO RNOTT OBETH ATIST HEQUE STION
Ciphertext: KSMEH ZBBLK SMEMP OGAJX SEJCS FLZSY

Decryption is similar. Take the key

character and search for the cipher
character intersection point.
86
 Cryptanalysis of Vigenere
• The idea behind the Vigenère cipher, like all polyalphabetic
ciphers, is to disguise plaintext letter frequencies, which
interferes with a straightforward application of frequency
analysis.

• For instance, if P is the most frequent letter in a ciphertext

whose plaintext is in English, one might suspect
that P corresponds to E, because E is the most frequently
used letter in English

• However, using the Vigenère cipher, E can be enciphered as

different ciphertext letters at different points in the message,
thus defeating simple frequency analysis.
 ..contd
• The primary weakness of the Vigenère cipher is the
repeating nature of its key

• If a cryptanalyst correctly guesses the key's length, then

the cipher text can be treated as interwoven Caesar
ciphers, which individually are easily broken

• The Kasiski examination and Friedman test can help

determine the key length.
 Kasiski Examination
• The father of computers Charles Babbage was the first to have
successfully broken Vigenere cipher but he never revealed his method.
Studies of Babbage's notes reveal that he had used the method later
published by Kasiski, and suggest that he had been using the method as
early as 1846

• The Kasiski examination involves looking for strings of characters that are
repeated in the ciphertext. The strings should be three characters long or
more for the examination to be successful

• Then, the distances between consecutive occurrences of the strings are

likely to be multiples of the length of the keyword

• Thus finding more repeated strings narrows down the possible lengths of
the keyword, since we can take the greatest common divisor of all the
distances.
Finding Repetitive Distance
 Key Length Estimate
• Encryption key determined from repetitive distances is 2,3,6 or 9
• Eve assumes the key length to be 6
..contd
..contd
..contd
..contd
..contd
..contd
..contd
..contd
Transposition Ciphers
 Background
• All the techniques examined so far involve the substitution of a
ciphertext symbol for a plaintext symbol

• A very different kind of mapping is achieved by performing some sort

of permutation on the plaintext letters.

• This technique is referred to as a transposition cipher

 Spartan Scytale
• It consists of a cylinder with a strip of parchment wound around it on which
is written a message. The ancient Greeks, and the Spartans in particular,
are said to have used this cipher to communicate during military campaigns
 Encryption and Decryption
• Suppose the rod allows one to write four letters around in a circle and five
letters down the side of it. The plaintext could be: "I am hurt very badly
HELP".

• To encrypt, one simply writes across the leather:

• To decrypt, all one must do is wrap the leather strip around the rod and read
across. The ciphertext is: "IryyatbHmvaEhedLurlP" Every fifth letter will
appear on the same line, so the plaintext is extracted
 Rail-fence Cipher
• The simplest such cipher is the rail fence
technique, in which the plaintext is written
down as a sequence of diagonals and
then read off as a sequence of rows
 Encryption
• For the plaintext, "defend the east wall", with a key of 3, we get the
encryption process shown below

• The ciphertext is read off row by row to get

"DNETLEEDHESWLXFTAAX".
 Decryption
• The decryption process for the Rail Fence Cipher involves reconstructing
the diagonal grid used to encrypt the message

• For example, if you receive the ciphertext

TEKOOHRACIRMNREATANFTETYTGHH encrypted with a key of 4, you
start by placing the "T" in the first square. You then dash the diagonal down
spaces until you get back to the top row, and place the "E" here. Continuing
to fill the top row you get the pattern below
 Row Transposition Cipher
• Write the message row-wise.
• Read the message column-wise, in some specific order.
• Example: Plain Text is “Attack postponed until 2 am”

Key: 4 3 1 2 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z

Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
 Example
• Decrypt where K: 7416352
– CT: STTMNKGUESNXNEEIDWAEE

– No of rows = 21/7=3

7 4 1 6 3 5 2
A S S I G N M
E N T D U E N
E X T W E E K

– PT: ASSIGNMENT DUE NEXT WEEK

 Analysis
• Simple transposition can be easily detected by doing a
frequency count.
– Can be attacked by anagramming.
– Also keys very close to the correct key will reveal long
sections of legible plaintext interspersed by gibberish.

• Can be more secure if multiple stages of transposition,

using multiple keys, are performed.
Block and Stream Ciphers
 Stream Ciphers
• Encrypts a digital data stream one bit or one byte at a
time

• In the ideal case a one-time pad would be used, in which

the keystream is as long as the plaintext bit stream

• For practical reasons the bit-stream generator must be

implemented as an algorithmic procedure so that the
cryptographic bit stream can be produced by both users
 The two users need only share the generating key
and each can produce the keystream
Stream Cipher
 Block Ciphers
• A block of plaintext is treated as a whole and used to
produce a ciphertext block of equal length
– Typically a block size of 64 or 128 bits is used
• The majority of network-based symmetric cryptographic
applications make use of block ciphers
 Ideal Block Cipher – Feistel Cipher
– Feistal Cipher refers to an ideal block cipher, because it
allows for the maximum number of possible encryption
mappings from the plaintext to ciphertext block.
4-bit input
produces one of
16 possible output
states, which is
mapped by the
substitution cipher
into a unique one
of 16 possible
output states,
represented by 4
ciphertext bits.
Encryption and Decryption tables for the
previous figure
 Confusion

Seeks to make the relationship between the statistics of

ciphertext and value of encryption key as complex as
possible
Changing one bit of key should change ciphertext
completely.
Achieved by the use of a complex substitution algorithm
 Diffusion
The statistical structure of the plaintext is dissipated into
long-range statistics of the cipher text.
Changing one bit of plaintext should change ciphertext
completely.
Achieved by repeatedly performing some permutation on
the data followed by applying a function to that permutation.
 Feistal Cipher
Structure
• Split data in 2 halves
• Process data through a
number of rounds
• Apply permutation to swap
halves
• Confusion is achieved
through XOR operation
• Diffusion is achieved
through numerous
permutations
 One round of Feistal Cipher
Block b bits Let F = round function and
let K0,K1…, Kn be the sub-
L R keys for rounds 0,1,…, n
respectively.

F(R,K) + Encryption operation:

After permutation Split
the plaintext block into
two equal pieces, (L0, R0)
For each round i =
0,1,…, n, compute:
R L + F(R,K) Li+1 = Ri
Ri+1 = Li  F(Ri, Ki+1)
New L New R
Ciphertext is (Rn + 1,Ln + 1).
 Feistel Cipher Design Elements
The exact realization of a Feistel network depends on the
choice of the following parameters and design features:
• Block Size - increasing size improves security, but
slows cipher
• Key Size - increasing number improves security, but
slows cipher
• Number of Rounds (algorithm) - greater complexity
can make analysis harder, but slows cipher
• Round Function - greater complexity can make
analysis harder, but slows cipher
• Subkey Generation Algorithm: increasing size
improves security, makes exhaustive key searching
harder, but may slow cipher
 Feistal Decryption

• The process of
decryption with a Feistel
cipher is essentially the
same as the encryption
process.

• Ciphertext is used as
input to the algorithm,
but subkeys Ki are used
in reverse order.