



Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Material Type: Notes; Class: Codes and Cryptography; Subject: Mathematical Computer Science; University: University of Illinois - Chicago; Term: Spring 2005;
Typology: Study notes
1 / 6
This page cannot be seen from the preview
Don't miss anything!




The key:^ A sequence of characters.To make brute-force decryption impractical, the key shouldhave at least 15 or 16 characters. Also, it should not be a“special” sequence. such as an English language word. It maybe best if all letters of the key are distinct. Encryption:^ Duplicate the key as many times as necessary, so that thelength of the (duplicated) key matches the length of theplaintext.For
i^ = 0, 1, 2, 3, ...:“Add” letter^ i^ of the key to letter the
i^ of the plaintext, to obtain letter^ i^ of the ciphertext.(In adding letters, we identify them with integers modulo26:^ a^ →^ 0,^ b^ →^ 1, ...,
z^ →^ 25.) Example:key:^ w o n d e r l a n d
(10 characters, not an ideal key) plaintext:^ a l i c e w a s b e g i n n i n g t o g e t v e r y t i r e d o f key^ (duplicated):^ w o n d e r l a n d w o n d e r l a n d w o n d e r l a n d w o n ciphertext:^ W Z V F I N L S O H C W A Q M E R T B J A H I H V P E I E H Z C S We obtained letter 5 the ciphertext like this:
w^ →^22 + r^ →^ + 17 N^ ←^ 13 (mod 26)
The 463 character plaintext^ alicewasbeginningtogetverytiredofsittingbyhersisteronthebankandofhavingnothingtodoonceortwiceshehadpeepedintothebookhersisterwasreadingbutithadnopicturesorconversationsinitandwhatistheuseofabookthoughtalicewithoutpicturesorconversationsoshewasconsideringinherownmindaswellasshecouldforthehotdaymadeherfeelverysleepyandstupidwhetherthepleasureofmakingadaisychainwouldbeworththetroubleofgettingupandpickingthedaisieswhensuddenlyawhiterabbitwithpinkeyesranclosebyher encrypts using the key
wonderland^ to WZVFINLSOHCWAQMERTBJAHIHVPEIEHZCSVMKEIAJXMUHVJTSGHNCAWLVMAANWBQRJYLVVQCBBWLZYGGRZCBQGVZRGZEQRVLVSAQSASCHHZYTBWDSORSBSEEVEGGHVNLSEHWRVQKSFTVWDOQQSGTCGXNSFRVTZNIHNGNWMFYSVQEHNQHNSAGLOHUHYJPOSDXCBNXYZUTKPOYLGVHIGKKIGSMTEUEHOCEFSEGEEVWHVRRJZSUHSOFFSEDIQHNWAJMESEERSBZLRULSJHHZNVWYPCBXHRSRVKSEURPRNBQROEUHNTRHPMPRLVHSRSCRYDFWQDVGAYPTUHNHUHTCPAFXNSBIQRVIAJWRNLWPNHNLJKBXPUMEJRNHUWLVERBXXZRRJXPTGLJUHSEEOPVFGWAJXYPDNLOWRVAYPNFXZRRQPPLWULPSEDFSTTJLPVCLRBPYRVNOAFPFDEOBDSE In C, we could encrypt a plaintext using code like this:^ for^ ( i = 0 ; i < textLength ; ++i
cipherText[i] = (plainText[i]
-^ 'a'^ + key[i^ %^ keyLength] -^ 'a')^ %^ 26 + 'A'; (This assumes plaintext and key consist entirely of lower case letters.)
Decryption:^ Like encryption, except we get the plaintext by subtractingletters of the (duplicated) key from letters of the ciphertext Breaking^ A simple frequency analysis isn’t useful. For example, Vegenere^ with the 463 character ciphertext, we get the following Ciphers:^ frequencies. (ciphertext only)
Letter Frequency^ S^33 R^32 H^32 V^29 E^29 N^24 P^21 L^20 W^19 G^18 Q^16 B^16 A^16 J^15 U^14 T^14 F^14 Z^14 Y^13 C^13 O^13 X^12 D^10 I^10 M^9 K^7 The frequencies don’t differ that much. (With a longer key,or a key with distinct letters, they would differ even less.)
Here is a method that often works, if we have enoughciphertext. It consists of two steps:i)^ Find the^ length of the key
(the period). ii) Find the^ key^ itself. Finding the We perform a^ k -position right cyclic shift of a sequence (or key length: vector) by moving each component
k^ positions to the right. However, the last^
k^ positions are moved to the beginning.For example, a 3-position right cyclic shift of vv vv vv^ vvv^0 1 2 3 4 5 6 7 8 gives vv vv vv^ vvv^6 7 8 0 1 2 3 4 If we have a fair amount of ciphertext, the following methodoften allows us to make a good guess at the key length.For^ k^ = 1, 2, 3, ..., (
largest likely key length
), do the following:Perform a^ k -position right cyclic shift of the ciphertext.Compare the cyclic shift with the original ciphertext, andcount the number of positions in which they are the same.Call this number
c.k^ If among c , c , c, ..., one of the numbers (say 1 2 3
c ) is m significantly larger than the rest, then the key length islikely to be^ m. If^ c ,^ c ,^ c , ... are comparable in size, and larger than m^2 m^3 m the other numbers, the key length is likely to be
m.
.The values of A (0) ( cyclic rightshifted m ) A (^ j^ −^ i^ ) with^ j^ ≠^ i^ (mod 26) range between 0.0304 and 0.0444.They are considerably less than
Now let^ n^ = length of plaintext and ciphertext.^ xxx ...^ x^0 1 2 n –^
= the plaintext. yyy ... y = the ciphertext. 0 1 2 n –1 (^) L = length of key. (We assume^ L
<<^ n .) kkk ...^ k = the key (which will be duplicated). In^0 1 2 L –1^ general,
k will denote^ k^ i^ i^ mod
If we compare the ciphertext with its
m -position cyclic right shift, how many positions of agreement do we expect?ciphertext:^ yy^0
...^ yyy 1 m –1^ m^ m ...^ yy +1 n –2^ n – ciphertext:^ yyn – m^ n –
...^ yyym +1 n –1^0 ...^ yyn – m –2^ n – m – What is the probability of a match in column
i , i.e.,^ y =^ yi^ i – m. y =^ y ⇔^ xi^ i – m^ i^
+^ k =^ x +^ k^ i^ i – m^ i – m ⇔ ( x +^ k =^ α) and ( xi^ i^
+^ k =^ α) i – m i – m^ for some^ α^ in {A,...,Z} ⇔ ( x^ =^ α^ −^ k ) and^ ( i^ i
x =^ α^ −^ k ) i – m^ i – m for some^ α^ in {A,...,Z}, Since^ x and^ x are somewhat close to independent (except i^ i – m^ perhaps when^ m^ = 1), we obtain^ p ( y =^ y )^ ≈^ i^ i – m^
Z∑ p ( x =^ α^ −^ k ) i^ i α=A^ p ( x^ =^ α^ −^ k ). i – m^ i – m
The sum on the right is approximately^ A (^
. k ) A (^ k^ ), ii – m which equals^ A ( k
.− k ) A ( 0 ), i i – m assuming our plaintext is somewhat typical of an Englishlanguage text.Nowi)^ If^ m^ is a multiple of the key length
L , then^ k^ =^ k for i^ i – m^ all^ i , and^ p ( y =^ y )^ ≈^ i^ i – m^
So we expect to find the number
c of matching m^ positions to be about 0.
n. ii)^ If^ m^ is not a multiple of the key length
L , and if all the characters in the key are distinct, then
k −^ k^ ≠^ 0 for i^ i – m every^ i , and^ p ( y =^ y )^ ≈^ i^ i – m^
. A ( k − k ) A (0), i i – m so^ p ( y =^ y^ ) should lie in the range [0.030, 0.044], or i^ i – m^ at least close to it.We expect^ c to be in the range [0.030 m^
n , 0.044 n ], or close to it.iii) If^ m^ is not a multiple of the key length
L , and if^ most^ of the characters in the key are distinct, then
k −^ k^ ≠^0 i^ i – m for^ most^ values of^
i. c is a sum of^ n^ terms, most of which lie in the range m^ [0.030, 0.044], so we expect
c^ to be fairly close to the m^ range [0.030 n , 0.
n ], if not within it.
Consider our previous 1840-character text. We computed thenumber^ c^ of matches of the ciphertext with an m^
m -position cyclic right shift of the ciphertext,
m^ = 1, 2, 3, ...., 30. Here is the same data with
c expressed as a fraction of the m^
n. m^ cm^
m^ cm 1 0.043 n^
16 0.036 n 2 0.034 n^
17 0.042 n 3 0.036 n^
18 0.061 n 4 0.027 n^
19 0.041 n 5 0.038 n^
20 0.039 n 6 0.039 n^
21 0.038 n 7 0.035 n^
22 0.042 n 8 0.032 n^
23 0.033 n 9 0.070 n^
24 0.033 n 10 0.040 n^
25 0.038 n 11 0.037 n^
26 0.035 n 12 0.034 n^
27 0.077 n 13 0.038 n^
28 0.042 n 14 0.034 n^
29 0.040 n 15 0.027 n^
30 0.039 n This data is just what we would expect for key length
i)^ For^ m^ = 9, 18, 27,
c is 0.070 n , 0.061 m^
n , 0.077 n^ — all reasonably close to the expected 0.
n. ii)^ For other values of
m ,^ c ranges from 0.027 m^
n^ to 0.043 n^ — all in or close to the expected range of[0.030 n , 0.044 n ].
Finding^ We assume we have found the length
L^ of the key^ kk ...^01
k. L –
the key:^ We find
k first. Each of the characters^0 y , y,^ y ,^ y ,^ y , ..., 0 L^2 L^3 L^4 L
y ( q^ ≈^ n^ /^ L )( q –1) L^ have been encrypted by adding
k (Essentially, if we restrict.^ to these characters, we have a simple shift cipher with shift
k .)^0
We count the frequency of each letter (A, B, ..., Z) in these
q
characters of the ciphertext, and divide these frequencies by
q
to obtain probabilities.Let^ W^ = ( w ,^ w , ...,^0
w ),^ where^ w ,^250
w , ...,^ w are the^125 probabilities of A, B, ..., Z inpositions 0,^ L , 2 L , ..., ( q −1) L
of the ciphertext. w ,^ w , ...,^ w are the probabilities of A^0125
−^ k , B−^ k , ..., Z−^0
k in^0
the plaintext (same positions).So^ W^ ≈^ A ( k ) assuming these positions of our ciphertext^0 resemble a typical English language text.We can use the size of
. WA ( k ) as a measure of how close^0
is to^ A ( k ).^0 .We compute^ WA
( i ) for^ i^ = 0, 1, ...,25..If one value of i makes^ WA ( i ) significantly larger than anyother, that value of^ i^ is our best guess for
k.^0