Chapter 3

Traditional
Symmetric-Key Ciphers

3.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
 Chapter 3
Objectives
❏ To define the terms and the concepts of symmetric
key ciphers
❏ To emphasize the two categories of traditional
ciphers: substitution and transposition ciphers
❏ To describe the categories of cryptanalysis used to
break the symmetric ciphers
❏ To introduce the concepts of the stream ciphers
and
block ciphers
❏ To discuss some very dominant ciphers used in the
3.2 past, such as the Enigma machine
 3-1 INTRODUCTION

Figure 3.1 shows the general idea behind a symmetric-key

cipher. The original message from Alice to Bob is called
plaintext; the message that is sent through the channel is
called the ciphertext. To create the ciphertext from the
plaintext, Alice uses an encryption algorithm and a shared
secret key. To create the plaintext from ciphertext, Bob
uses a decryption algorithm and the same secret key.

Topics discussed in this section:

3.1.1 Kerckhoff’s Principle
3.1.2 Cryptanalysis
3.1.3 Categories of Traditional Ciphers
3.3
3.1 Continued

Figure 3.1 General idea of symmetric-key cipher

3.4
 3.1 Continued

If P is the plaintext, C is the ciphertext, and K is the key,

We assume that Bob creates P1; we prove that P1 = P:

3.5
 3.1 Continued

Figure 3.2 Locking and unlocking with the same key

3.6
 3.1.1 Kerckhoff’s Principle

Based on Kerckhoff’s principle, one should always

assume that the adversary, Eve, knows the
encryption/decryption algorithm. The resistance of the
cipher to attack must be based only on the secrecy of the
key.

3.7
 3.1.2 Cryptanalysis

As cryptography is the science and art of creating secret

codes, cryptanalysis is the science and art of breaking
those codes.

Figure 3.3 Cryptanalysis attacks

3.8
 3.1.2 Continued
Ciphertext-Only Attack

Figure 3.4 Ciphertext-only attack

3.9
 3.1.2 Continued
Known-Plaintext Attack

Figure 3.5 Known-plaintext attack

3.10
 3.1.2 Continued
Chosen-Plaintext Attack

Figure 3.6 Chosen-plaintext attack

3.11
 3.1.2 Continued
Chosen-Ciphertext Attack

Figure 3.7 Chosen-ciphertext attack

3.12
 3-2 SUBSTITUTION CIPHERS

A substitution cipher replaces one symbol with another.

Substitution ciphers can be categorized as either
monoalphabetic ciphers or polyalphabetic ciphers.

Note

A substitution cipher replaces one

symbol with another.

Topics discussed in this section:

3.2.1 Monoalphabetic Ciphres
3.2.2 Polyalphabetic Ciphers

3.13
 Symmetric

Substitution Transposition

Cipher cipher

Monoalphabetic polyalphabetic

3.14 Caesar Cipher Vigenère Cipher

 3.2.1 Monoalphabetic Ciphers

Note

In monoalphabetic substitution, the

relationship between a symbol in the
plaintext to a symbol in the ciphertext is
always one-to-one.

3.15
 3.2.1 Continued

Example 3.1
The following shows a plaintext and its corresponding ciphertext.
The cipher is probably monoalphabetic because both l’s (els) are
encrypted as O’s.

Example 3.2
The following shows a plaintext and its corresponding ciphertext.
The cipher is not monoalphabetic because each l (el) is encrypted
by a different character.

3.16
 3.2.1 Continued
Additive Cipher

The simplest monoalphabetic cipher is the additive cipher. This

cipher is sometimes called a shift cipher and sometimes a Caesar
cipher, but the term additive cipher better reveals its
mathematical nature.

Figure 3.8 Plaintext and ciphertext in Z26

3.17
 3.2.1 Continued
Figure 3.9 Additive cipher

Note

When the cipher is additive, the

plaintext, ciphertext, and key are
integers in Z26.
3.18
 3.2.1 Continued
Example 3.3
Use the additive cipher with key = 15 to encrypt the message
“hello”.

Solution
We apply the encryption algorithm to the plaintext, character by
character:

3.19
 3.2.1 Continued
Example 3.4

Use the additive cipher with key = 15 to decrypt the message

“WTAAD”.
Solution
We apply the decryption algorithm to the plaintext character by
character:

3.20
 3.2.1 Continued
Shift Cipher and Caesar Cipher
Historically, additive ciphers are called shift ciphers. Julius
Caesar used an additive cipher to communicate with his officers.
For this reason, additive ciphers are sometimes referred to as the
Caesar cipher. Caesar used a key of 3 for his communications.

Note

Additive ciphers are sometimes referred

to as shift ciphers or Caesar cipher.

3.21
 3.2.1 Continued
Example 3.5
Eve has intercepted the ciphertext “UVACLYFZLJBYL”. Show
how she can use a brute-force attack to break the cipher.
Solution
Eve tries keys from 1 to 7. With a key of 7, the plaintext is “not
very secure”, which makes sense.

3.22
 3.2.1 Continued
Table 3.1 Frequency of characters in English

Table 3.2 Frequency of diagrams and trigrams

3.23
 3.2.1 Continued
Multiplicative Ciphers

Figure 3.10 Multiplicative cipher

Note

In a multiplicative cipher, the plaintext

and ciphertext are integers in Z26; the
key is an integer in Z26*.
3.24
 3.2.1 Continued

Example 3.7
What is the key domain for any multiplicative cipher?
Solution
The key needs to be in Z26*. This set has only 12 members: 1, 3, 5,
7, 9, 11, 15, 17, 19, 21, 23, 25.
Example 3.8
We use a multiplicative cipher to encrypt the message “hello” with
a key of 7. The ciphertext is “XCZZU”.

3.25
 3.2.1 Continued
Monoalphabetic Substitution Cipher
Because additive, multiplicative, and affine ciphers have small key
domains, they are very vulnerable to brute-force attack.

A better solution is to create a mapping between each plaintext

character and the corresponding ciphertext character. Alice and
Bob can agree on a table showing the mapping for each character.

Figure 3.12 An example key for monoalphabetic substitution cipher

3.26
 3.2.1 Continued

Example 3.13
We can use the key in Figure 3.12 to encrypt the message

The ciphertext is

3.27
 POLY-ALPHABETIC CIPHER

A poly-alphabetic cipher is any cipher based on substitution, using

several substitution alphabets. In polyalphabetic substitution ciphers,

the plaintext letters are enciphered differently based upon their

installation in the text. Rather than being a one-to-one correspondence,

there is a one-to-many relationship between each letter and its

substitutes.

For example, ‘a’ can be enciphered as ‘d’ in the starting of the text, but

as ‘n’ at the middle. The polyalphabetic ciphers have the benefit of

hiding the letter frequency of the basic language. Therefore attacker

3.28 cannot use individual letter frequency static to divide the ciphertext.
 3.2.2 Polyalphabetic Ciphers

In polyalphabetic substitution, each occurrence of a

character may have a different substitute. The
relationship between a character in the plaintext to a
character in the ciphertext is one-to-many.

Autokey Cipher

3.29
 3.2.2 Continued
Example 3.14
Assume that Alice and Bob agreed to use an autokey cipher with
initial key value k1 = 12. Now Alice wants to send Bob the message
“Attack is today”. Enciphering is done character by character.

3.30
 PLAYFAIR CIPHER

In this section , pairs of letters are encrypted, instead of single letters as in the case

of simple substitution cipher.

In playfair cipher, initially a key table is created. The key table is a 5×5 grid of

alphabets that acts as the key for encrypting the plaintext. Each of the 25 alphabets

must be unique and one letter of the alphabet (usually J) is omitted from the table as

we need only 25 alphabets instead of 26. If the plaintext contains J, then it is

replaced by I.
3.31
 Rules for Playfair Cipher
 If two letters in a pair are same, we have to insert a
bogus letter in between them,if total letters are now odd
one more bogus letter has to be inserted
 If two letters are in same row of secret key, encrypted
letter is the next letter to right in same row
 If two letters are in same column of secret key,
encrypted letter is the next letter is letter beneath in
same column
 If two letters are not in the same row or column,
encrypted letter is letter that is its own row but in same
column as the other

3.32
 The sender and the receiver deicide on a particular key, say ‘tutorials’. In a

key table, the first characters (going left to right) in the table is the phrase,

excluding the duplicate letters. The rest of the table will be filled with the

remaining letters of the alphabet, in natural order. The key table works out to

be −

3.33
 Process of Playfair Cipher

•First, a plaintext message is split into pairs of two letters (digraphs). If

there is an odd number of letters, a Z is added to the last letter. Let us say

we want to encrypt the message “hide money”. It will be written as −

•HI DE MO NE YZ

•The rules of encryption are −

• If both the letters are in the same column, take the letter below each
3.34
one (going back to the top if at the bottom)
 T U O R I
A L S B C
D E F G H
K M N P Q ‘H’ and ‘I’ are in same
column, hence take letter
V W X Y Z below them to replace. HI
→ QC

3.35
 If both letters are in the same row, take the letter to the right of each one (going

back to the left if at the farthest right)

T U O R I
A L S B C
D E F G H ‘D’ and ‘E’ are in same
row, hence take letter to
K M N P Q
the right of them to
V W X Y Z replace. DE → EF

3.36
 If neither of the preceding two rules are true, form a rectangle with the two letters

and take the letters on the horizontal opposite corner of the rectangle.

3.37
 Using these rules, the result of the encryption of ‘hide money’ with the key

of ‘tutorials’ would be −

QC EF NU MF ZV

Decrypting the Playfair cipher is as simple as doing the same process in

reverse. Receiver has the same key and can create the same key table, and

then decrypt any messages made using that key.

3.38
 Example:-Apply Playfair

Text:- HELLO

Key:- MONARCHY

3.39
 3.2.2 Continued
Playfair Cipher
Figure 3.13 An example of a secret key in the Playfair cipher

Example 3.15
Let us encrypt the plaintext “hello” using the key in Figure 3.13.

3.40
 Vigenere
Cipher
This scheme of cipher uses a text string (say, a word) as a key, which

is then used for doing a number of shifts on the plaintext.

For example, let’s assume the key is ‘point’. Each alphabet of the key

is converted to its respective numeric value: In this case,

p → 16, o → 15, i → 9, n → 14, and t → 20.

Thus, the key is: 16 15 9 14 20

3.41
 Process of Vigenere Cipher

The sender and the receiver decide on a key. Say ‘point’ is the

key. Numeric representation of this key is ‘16 15 9 14 20’.

The sender wants to encrypt the message, say ‘attack from south

east’. He will arrange plaintext and numeric key as follows −

3.42
 He now shifts each plaintext alphabet by the number written

below it to create ciphertext as shown below

Here, each plaintext character has been shifted by a different amount – and

that amount is determined by the key. The key must be less than or equal to

the size of the message.

3.43
 For decryption, the receiver uses the same key and shifts received

ciphertext in reverse order to obtain the plaintext.

Security Value

Vigenere Cipher was designed by tweaking the standard Caesar cipher to

reduce the effectiveness of cryptanalysis on the ciphertext and make a

cryptosystem more robust. It is significantly more secure than a regular

Caesar Cipher.

3.44
 3.2.2 Continued
Vigenere Cipher

Example 3.16
We can encrypt the message “She is listening” using the 6-
character keyword “PASCAL”.

3.45
 3.2.2 Continued
Example 3.16
Let us see how we can encrypt the message “She is listening” using
the 6-character keyword “PASCAL”. The initial key stream is (15,
0, 18, 2, 0, 11). The key stream is the repetition of this initial key
stream (as many times as needed).

3.46
 3.2.2 Continued
Example 3.17
Vigenere cipher can be seen as combinations of m additive
ciphers.

Figure 3.14 A Vigenere cipher as a combination of m additive ciphers

3.47
 3.2.2
Example 3.18  Vigenère square or Vigenère table.

Using Example 3.18, we can say that the additive cipher is a

special case of Vigenere cipher in which m = 1.

Table 3.3
A Vigenere Tableau

3.48
 The table consists of the alphabets written out 26 times in different

rows, each alphabet shifted cyclically to the left compared to the

previous alphabet, corresponding to the 26 possible Caesar Ciphers.

At different points in the encryption process, the cipher uses a

different alphabet from one of the rows.

The alphabet used at each point depends on a repeating keyword.

3.49
 Example

Input :

Plaintext : CYBERSECURITY

Keyword : PARAM

Output : Ciphertext : RYSEDHETUDXTP

For generating key, the given keyword is repeated in a circular manner

until it matches the length of the plain text.

The keyword “PARAM" generates the key “PARAMPARAMPAR"

The plain text is then encrypted using the process explained below.

3.50
 Example

Input

Plaintext : ILOVEMYSELF

Keyword : PARAM

Output : Ciphertext : ??????

3.51
 3.2.2 Continued
Hill Cipher
Figure 3.15 Key in the Hill cipher

Note

The key matrix in the Hill cipher needs

to have a multiplicative inverse.
3.52
 Hill Cipher

Hill cipher is a polygraphic substitution cipher based on linear

algebra.Each letter is represented by a number modulo 26. Often the

simple scheme A = 0, B = 1, …, Z = 25 is used, but this is not an

essential feature of the cipher. To encrypt a message, each block of n

letters (considered as an n-component vector) is multiplied by an

invertible n × n matrix, against modulus 26. To decrypt the message,

each block is multiplied by the inverse of the matrix used for

encryption.

3.53
 Input :

Plaintext: ACT

Key: GYBNQKURP

Output :

Ciphertext: POH

Input :

Plaintext: GFG

Key: HILLMAGIC

Output :

Ciphertext: SWK

3.54
 We have to encrypt the message ‘ACT’ (n=3).The key is ‘GYBNQKURP’ which

can be written as the nxn matrix: 

        

3.55
3.56
 3-3 TRANSPOSITION CIPHERS
A transposition cipher does not substitute one symbol for
another, instead it changes the location of the symbols.

Note

A transposition cipher reorders symbols.

Types of Transpositon:
3.3.1 Keyless Transposition Ciphers
3.3.2 Keyed Transposition Ciphers
3.3.3 Combining Two Approaches

3.57
 3.3.1 Keyless Transposition Ciphers

Simple transposition ciphers, which were used in the

past, are keyless.
Example 3.22
A good example of a keyless cipher using the first method is the
rail fence cipher. The ciphertext is created reading the pattern
row by row. For example, to send the message “Meet me at the
park” to Bob, Alice writes

She then creates the ciphertext “MEMATEAKETETHPR”.

3.58
 3.3.1 Continued
Example 3.23

Alice and Bob can agree on the number of columns and use the
second method. Alice writes the same plaintext, row by row, in a
table of four columns.

She then creates the ciphertext “MMTAEEHREAEKTTP”.

3.59
 3.3.1 Continued
Example 3.24

The cipher in Example 3.23 is actually a transposition cipher. The

following shows the permutation of each character in the plaintext
into the ciphertext based on the positions.

The second character in the plaintext has moved to the fifth

position in the ciphertext; the third character has moved to the
ninth position; and so on. Although the characters are permuted,
there is a pattern in the permutation: (01, 05, 09, 13), (02, 06, 10,
13), (03, 07, 11, 15), and (08, 12). In each section, the difference
between the two adjacent numbers is 4.
3.60
 3.3.2 Keyed Transposition Ciphers

The keyless ciphers permute the characters by using

writing plaintext in one way and reading it in another
way The permutation is done on the whole plaintext to
create the whole ciphertext. Another method is to divide
the plaintext into groups of predetermined size, called
blocks, and then use a key to permute the characters in
each block separately.

3.61
 3.3.2 Continued
Example 3.25

Alice needs to send the message “Enemy attacks tonight” to Bob..

The key used for encryption and decryption is a permutation key,

which shows how the character are permuted.

The permutation yields

3.62
 3.3.3 Combining Two Approaches

Example 3.26
Figure 3.21

3.63
 3.3.3 Continued
Keys
In Example 3.27, a single key was used in two directions for the
column exchange: downward for encryption, upward for
decryption. It is customary to create two keys.

Figure 3.22 Encryption/decryption keys in transpositional ciphers

3.64
 3.3.3 Continued
Double Transposition Ciphers
Figure 3.25 Double transposition cipher

3.65
 3-4 STREAM AND BLOCK CIPHERS

The literature divides the symmetric ciphers into two

broad categories: stream ciphers and block ciphers.
Although the definitions are normally applied to modern
ciphers, this categorization also applies to traditional
ciphers.

Topics discussed in this section:

3.4.1 Stream Ciphers
3.4.2 Block Ciphers
3.4.3 Combination

3.66
 3.4.1 Stream Ciphers

Call the plaintext stream P, the ciphertext stream C, and

the key stream K.

Figure 3.26 Stream cipher

3.67
 3.4.1 Continued

Example 3.30
Additive ciphers can be categorized as stream ciphers in which the
key stream is the repeated value of the key. In other words, the
key stream is considered as a predetermined stream of keys or
K = (k, k, …, k). In this cipher, however, each character in the
ciphertext depends only on the corresponding character in the
plaintext, because the key stream is generated independently.

Example 3.31
The monoalphabetic substitution ciphers discussed in this chapter
are also stream ciphers. However, each value of the key stream in
this case is the mapping of the current plaintext character to the
corresponding ciphertext character in the mapping table.

3.68
 3.4.1 Continued

Example 3.32
Vigenere ciphers are also stream ciphers according to the
definition. In this case, the key stream is a repetition of m values,
where m is the size of the keyword. In other words,

Example 3.33
We can establish a criterion to divide stream ciphers based on
their key streams. We can say that a stream cipher is a
monoalphabetic cipher if the value of ki does not depend on the
position of the plaintext character in the plaintext stream;
otherwise, the cipher is polyalphabetic.
3.69
 3.4.1 Continued
Example 3.33 (Continued)

 Additive ciphers are definitely monoalphabetic because ki in the

key stream is fixed; it does not depend on the position of the
character in the plaintext.

 Monoalphabetic substitution ciphers are monoalphabetic

because ki does not depend on the position of the corresponding
character in the plaintext stream; it depends only on the value of
the plaintext character.

 Vigenere ciphers are polyalphabetic ciphers because ki

definitely depends on the position of the plaintext character.
However, the dependency is cyclic. The key is the same for two
characters m positions apart.
3.70
 3.4.2 Stream Ciphers

In a block cipher, a group of plaintext symbols of size m

(m > 1) are encrypted together creating a group of
ciphertext of the same size. A single key is used to
encrypt the whole block even if the key is made of
multiple values. Figure 3.27 shows the concept of a block
cipher.
Figure 3.27 Block cipher

3.71
 3.4.2 Continued

Example 3.34
Playfair ciphers are block ciphers. The size of the block is m = 2.
Two characters are encrypted together.
Example 3.35
Hill ciphers are block ciphers. A block of plaintext, of size 2 or
more is encrypted together using a single key (a matrix). In these
ciphers, the value of each character in the ciphertext depends on
all the values of the characters in the plaintext. Although the key
is made of m × m values, it is considered as a single key.
Example 3.36
From the definition of the block cipher, it is clear that every block
cipher is a polyalphabetic cipher because each character in a
ciphertext block depends on all characters in the plaintext block.
3.72
 3.4.3 Combination

In practice, blocks of plaintext are encrypted

individually, but they use a stream of keys to encrypt the
whole message block by block. In other words, the cipher
is a block cipher when looking at the individual blocks,
but it is a stream cipher when looking at the whole
message considering each block as a single unit.

3.73