Cryptographic Techniques

 cryptosystem
 Forms of cryptographic techniques
Symmetric
asymmetric
 Their implementation

BITS Pilani, Hyderabad Campus

Cryptanalysis

 Cryptanalysis: crack encryption algorithms or their

implementations
 cryptography and cryptology
 cryptolinguistics

BITS Pilani, Hyderabad Campus

 Classical Encryption
Techniques
 Symmetric encryption
 symmetric / single key / private-key

BITS Pilani, Hyderabad Campus

Symmetric Encryption

 conventional / private-key / single-key

 sender and recipient share a common key
 all classical encryption algorithms are private-
key

BITS Pilani, Hyderabad Campus

Basic Terminology
(ingredients)
 plaintext - original message
 ciphertext - coded message
 cipher - algorithm for transforming plaintext to ciphertext
 key - info used in cipher known only to sender/receiver
 encipher (encrypt) - converting plaintext to ciphertext
 decipher (decrypt) - recovering ciphertext from plaintext
 cryptography - study of encryption principles/methods
 cryptanalysis (code breaking) - study of principles/
methods of deciphering ciphertext without knowing key
 cryptology - field of both cryptography and cryptanalysis

BITS Pilani, Hyderabad Campus

Symmetric Cipher Model

BITS Pilani, Hyderabad Campus

Requirements

 two requirements for secure use of symmetric

encryption:
a strong encryption algorithm
a secret key known only to sender / receiver
 mathematically have:
 Y = EK(X)
 X = DK(Y)
 assume encryption algorithm is known
 implies a secure channel to distribute key

BITS Pilani, Hyderabad Campus

Characterizing cryptographic
systems – 3 dimensions

characterize cryptographic systems by:

type of encryption operations used
substitution / transposition / product
number of keys used
single-key or private / two-key or
public
The way in which plaintext is processed
block / stream

BITS Pilani, Hyderabad Campus

Cryptanalysis

 Cryptanalytic attacks rely on the nature of the algorithm

plus perhaps some knowledge of the general
characteristics of the plaintext or even some sample
plaintext-cipher text pairs
 Brute-force attacks try every possible key on a piece of
cipher text until an intelligible translation into plaintext is
obtained. On an average, half of all possible keys must
be tried to achieve success

BITS Pilani, Hyderabad Campus

Cryptanalytic Attack

 ciphertext only
only knows algorithm & ciphertext
 known plaintext
know/suspect plaintext & ciphertext
 chosen plaintext
select plaintext and obtain ciphertext
 chosen ciphertext
select ciphertext and obtain plaintext
 chosen text
select plaintext or ciphertext to en/decrypt

BITS Pilani, Hyderabad Campus

unconditional security
no matter how much computer power or time
is available, the cipher cannot be broken
since the ciphertext provides insufficient
information to uniquely determine the
corresponding plaintext
computational security
given limited computing resources (e.g., time
needed for calculations is greater than age of
universe), the cipher cannot be broken

BITS Pilani, Hyderabad Campus

One Time Pad (OTP)
 In cryptography, the one-time pad (OTP) is a type of encryption
which has been proven to be impossible to crack if used correctly
 Each bit or character from the plaintext is encrypted by a modular
addition with a bit or character from a secret random key (or pad) of
the same length as the plaintext, resulting in a ciphertext
 If the key is truly random, as large as or greater than the plaintext,
never reused in whole or part, and kept secret, the ciphertext will be
impossible to decrypt or break without knowing the key
 It has also been proven that any cipher with the perfect secrecy
property must use keys with effectively the same requirements as
OTP keys.
 However, practical problems have prevented one-time pads from
being widely used.

BITS Pilani, Hyderabad Campus

Perfect secrecy

 given an encrypted message (or ciphertext) from a

perfectly secure encryption system (or cipher),
absolutely nothing will be revealed about the
unencrypted message (or plaintext) by the ciphertext

BITS Pilani, Hyderabad Campus

Brute Force Search

 On an average, half of all possible keys must be tried to

achieve success.
 DES is 56, AES is 128, Triple-DES is 168, plus general
mono-alphabetic cipher

BITS Pilani, Hyderabad Campus

Brute Force Attack

 always possible to simply try every key

 most basic attack, proportional to key size
 assume either know / recognise plaintext
Key Size (bits) Number of Time required at 1 Time required at 106
Alternative Keys decryption/µs decryptions/µs

32 232 = 4.3  109 231 µs = 35.8 minutes 2.15 milliseconds

56 256 = 7.2  1016 255 µs = 1142 years 10.01 hours

128 2128 = 3.4  1038 2127 µs = 5.4  1024 years 5.4  1018 years

168 2168 = 3.7  1050 2167 µs = 5.9  1036 years 5.9  1030 years

26 characters 26! = 4  1026 2  1026 µs = 6.4  1012 years 6.4  106 years
(permutation)

BITS Pilani, Hyderabad Campus

Classical Substitution Ciphers

letters of plaintext are replaced by other

letters or by numbers or symbols
if plaintext is viewed as a sequence of bits,
then the substitution involves replacing
plaintext bit patterns with ciphertext bit
patterns

BITS Pilani, Hyderabad Campus

Various substitution ciphers

 Caesar cipher
 Monoalphabetic ciphers
 Playfair cipher
 Hill cipher
 Polyalphabetic ciphers
 One-Time Pad

BITS Pilani, Hyderabad Campus

Caesar Cipher

 earliest known substitution cipher

 by Julius Caesar
 first attested use in military affairs
 replaces each letter by 3rd letter on
example:
PT: meet me after the toga party
CT: PHHW PH DIWHU WKH WRJD SDUWB
Also known as caesar’s cipher, caesar shift,
shift cipher or caesar code

BITS Pilani, Hyderabad Campus

How a caesar cipher works?

BITS Pilani, Hyderabad Campus

Caesar Cipher

We can define transformation as:

a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
mathematically give each letter a number
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

then have Caesar cipher as:

c = E(k, p) = (p + k) mod (26)
p = D(k, c) = (c – k) mod (26)

Here k takes a value in the range 1 to 25

BITS Pilani, Hyderabad Campus

This mathematical description uses modulo arithmetic.
Here, when you reach Z you go back to A and start
again. Mod 26 implies that when you reach 26, you use
0 instead (i.e. the letter after Z, or 25 + 1 goes to A or 0).
Example: howdy (7,14,22,3,24) encrypted using key f (ie
a shift of 5) is MTBID

BITS Pilani, Hyderabad Campus

Cryptanalysis of Caesar
Cipher
 only have 26 possible ciphers
A maps to A,B,..Z
 could simply try each in turn
 a brute force search
 given ciphertext, just try all shifts of letters
 do need to recognize when have plaintext
 eg. break ciphertext "GCUA VQ DTGCM"

BITS Pilani, Hyderabad Campus

When brute force cryptanalysis is
easy on caesar cipher
 Encryption and decryption algorithms are known
 There are only 25 keys to try
 The language of the plain text is known and easily
recognizable

BITS Pilani, Hyderabad Campus

If the input is abbreviated or
compressed
 then plain text may not be recognized when
uncovered in the brute force cryptanalysis

BITS Pilani, Hyderabad Campus

Monoalphabetic Cipher

 rather than just shifting the alphabet we could

shuffle (jumble) the letters arbitrarily
 each plaintext letter maps to a different random
ciphertext letter; hence key is 26 letters long
With only 25 possible keys, the Caesar
cipher is far from secure
Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

BITS Pilani, Hyderabad Campus

Monoalphabetic Cipher Security

 now we have a total of 26! = 4 x 1026 keys

 referred to as mono alphabetic substitution cipher
 language characteristics: (like determining relative
frequency of the letters and comparing it with standard
frequency distribution for English)

BITS Pilani, Hyderabad Campus

Cryptanaysis on monoalphabetc ciphers
 not secure, because it does not sufficiently obscure the
underlying language characteristics
 i.e., the analyst can exploit the regularities of the
language

BITS Pilani, Hyderabad Campus

Language Redundancy and
Cryptanalysis
human languages are redundant
eg "th lrd s m shphrd shll nt wnt"
letters are not equally commonly used
in English E is by far the most common letter
 followed by T,R,N,I,O,A,S
other letters like Z,J,K,Q,X are fairly rare
have tables of single, double & triple letter
frequencies for various languages

BITS Pilani, Hyderabad Campus

English Letter Frequencies

 Note that all human languages have varying letter

frequencies, though the number of letters and their
frequencies varies
 The following figure shows English letter frequencies
 There exist letter frequency graphs for 20 languages
(most European & Japanese & Malay)

BITS Pilani, Hyderabad Campus

BITS Pilani, Hyderabad Campus
Use in Cryptanalysis
 key concept - monoalphabetic substitution ciphers do not
change relative letter frequencies
 discovered by Arabian scientists in 9th century
 calculates letter frequencies for ciphertext
 compares counts/plots against known values
 if caesar cipher, then it looks for common peaks/troughs
 peaks at: A-E-I triple, NO pair, RST triple
 troughs at: JK, X-Z
 for monoalphabetic cipher it must identify each letter
 tables of common double/triple letters help

BITS Pilani, Hyderabad Campus

 Mono alphabetic ciphers are easy to break because they
reflect the frequency data of the original alphabet.
 The cryptanalyst looks for a mapping between the
observed pattern in the cipher text, and the known
source language letter frequencies.
 If English, look for peaks at: A-E-I triple, NO pair, RST
triple, and troughs at: JK, X-Z.

BITS Pilani, Hyderabad Campus

Digrams

 Two-letter combinations are called digrams

 Most common digram is th
 In the cipher text look for frequency of digrams
 Map it to the commonly occurring digrams

BITS Pilani, Hyderabad Campus

Homophones

 Providing multiple substitutes for a single letter is called

a homophone
 Monoalphabetic ciphers are easy to break because they
reflect the frequency data of the original alphabet
 In such cases a proper countermeasure would be the
use of a homophone
 Ex: the letter e could be assigned a number of different
cipher symbols such as 16,74,35 and 21 with each
homophone assigned to a letter in rotation or randomly

BITS Pilani, Hyderabad Campus

Example Cryptanalysis

 given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
 count relative letter frequencies
 guess P & Z are e and t
 guess ZW is th and hence ZWP is the
 proceeding with trial and error finally get:
it was disclosed yesterday that several informal but
direct contacts have been made with political
representatives of the viet cong in moscow
(TWO LETTER COMBINATIONS ARE CALLED
DIGRAMS)
BITS Pilani, Hyderabad Campus
Approaches in substituion ciphers

Two principal methods are used in substitution ciphers to

lessen the extent to which the structure of the plaintext
survives in the ciphertext:
 encrypt multiple letters of plaintext
 use multiple cipher alphabets

BITS Pilani, Hyderabad Campus

Playfair Cipher

 not even the large number of keys in a mono

alphabetic cipher provides security; one
approach to improving security was to encrypt
multiple letters
 the Playfair Cipher is an example
 invented by Charles Wheatstone in 1854, but
named after his friend Baron Playfair

BITS Pilani, Hyderabad Campus

How playfair works?
 approach is to encrypt more than one letter at once. The
Playfair cipher is an example of doing this.
 The best-known multiple-letter encryption cipher is the
Playfair, which treats digrams in the plaintext as single
units and translates these units into ciphertext digrams.
 The Playfair algorithm is based on the use of a 5x5
matrix of letters constructed using a keyword.

BITS Pilani, Hyderabad Campus

Playfair Key Matrix

 a 5X5 matrix of letters based on a keyword

 fill in letters of keyword (sans duplicates)
 fill rest of matrix with other letters (sequentially)
 eg. using the keyword MONARCHY

M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z

BITS Pilani, Hyderabad Campus

 The Playfair algorithm is based on the use of a 5x5
matrix of letters constructed using a keyword
 The rules for filling in this 5x5 matrix are: L to R, top to
bottom, first with keyword after duplicate letters have
been removed and then with the remain letters, with I/J
used as a single letter
 probable word attack

BITS Pilani, Hyderabad Campus

Encrypting and Decrypting

plaintext is encrypted two letters at a time

1. if a pair is a repeated letter, insert filler like
'X’
2. if both letters fall in the same row, replace
each with letter to right (wrapping back to
start from end)
3. if both letters fall in the same column,
replace each with the letter below it (again
wrapping to top from bottom)
4. otherwise each letter is replaced by the letter
in the same row and in the column of the
other letter of the pair

BITS Pilani, Hyderabad Campus

Rules of Playfair

Plaintext is encrypted two letters at a time, according to the rules as

shown. Note how you wrap from right side back to left, or from bottom
back to top.
1. if a pair is a repeated letter, insert a filler like 'X', eg. "balloon"
encrypts as "ba lx lo on"
2. if both letters fall in the same row, replace each with letter to right
(wrapping back to start from end), eg. “ar" encrypts as "RM"
3. if both letters fall in the same column, replace each with the letter
below it (again wrapping to top from bottom), eg. “mu" encrypts to
"CM"
4. otherwise each letter is replaced by the one in its row in the
column of the other letter of the pair, eg. “hs" encrypts to "BP",
and “ea" to "IM" or "JM" (as desired)
Decrypting ofcourse works exactly in reverse.
work the example pairs shown, backwards.

BITS Pilani, Hyderabad Campus

Another example: perform
decryption key: playfair example
P LAY F I R E X M B C D G H K N O
P LAY F
IREX M
BCDGH
KNOQS
TUVWZ

message "Hide the gold in the tree stump"

HI DE TH EG OL DI NT HE TR EX ES TU MP
assuming that I and J are interchangeable

BITS Pilani, Hyderabad Campus

Security of Playfair Cipher

 Security much improved over mono alphabetic,

since we have 26 x 26 = 676 digrams
 We would need a 676 entry frequency table to
analyse (verses 26 for a mono alphabetic) and
correspondingly more ciphertext
 It was widely used for many years
 eg. by US & British military in WW1 & WW2
 It can be broken, given a few hundred letters
since still has much of plaintext structure

BITS Pilani, Hyderabad Campus

Adv. & Disadv.

 since there are 26*26=676 digrams (vs 26 letters), so

that identification of individual digrams is more difficult.
 Also,the relative frequencies of individual letters exhibit a
much greater range than that of digrams, making
frequency analysis much more difficult.
 the Playfair cipher is relatively easy to break because it
still leaves much of the structure of the plaintext
language intact

BITS Pilani, Hyderabad Campus

Hill cipher

 Another interesting multiletter cipher, developed by the

mathematician Lester Hill in 1929
 Uses the Hill algorithm
 This encryption algorithm takes successive m plaintext
letters and substitutes for them m ciphertext letters. The
substitution is determined by linear equations in which
each character is assigned a numerical value (a=0,
b=1…z=25)
 For m=3, the system can be described as

BITS Pilani, Hyderabad Campus

Hill cipher

 C and P are row vectors of length 3 representing the

plaintext and ciphertext, and K is a matrix representing
the encryption key. Operations are performed mod 26.

BITS Pilani, Hyderabad Campus

Generalization of Hill System

 Similar to Playfair, the strength of the Hill cipher is that it

completely hides single-letter frequencies
 With Hill, the use of a larger matrix hides more frequency
information
 Thus, a 3x3 Hill cipher hides not only single-letter but
also two-letter frequency information
BITS Pilani, Hyderabad Campus
Ex: Hill cipher - encryption

 Let the plain text be “paymoremoney”

 Let the key be

BITS Pilani, Hyderabad Campus

Ex: Hill cipher - decryption

BITS Pilani, Hyderabad Campus

Cryptanalysis of Hill cipher

 Hill cipher is strong against a ciphertext-only attack, it is easily broken with a

known plaintext attack
 Ex: Suppose that the plaintext “hillcipher” is encrypted using a 2X2 cipher to
yield the ciphertext HCRZSSXNSP

BITS Pilani, Hyderabad Campus

Polyalphabetic Ciphers

using multiple cipher alphabets in turn

the same plaintext letter could be replaced by several
ciphertext letters, depending on which alphabet is used
The general name for this approach is a polyalphabetic
substitution cipher. All these techniques have the
following features in common:
 A set of related monoalphabetic substitution rules is used.
 A key determines which particular rule is chosen for a given transformation.

BITS Pilani, Hyderabad Campus

Polyalphabetic Ciphers cont..

polyalphabetic substitution ciphers

 improve security using multiple cipher alphabets
 make cryptanalysis harder with more alphabets
to guess and flatter frequency distribution
 use a key to select which alphabet is used for
each letter of the message
 use each alphabet in turn
 repeat from start after end of key is reached

BITS Pilani, Hyderabad Campus

Polyalphabetic ciphers

 Vigenere cipher
 Vernam cipher
 One-Time Pad (OTP)

BITS Pilani, Hyderabad Campus

 Vigenère Cipher

 The best known, and one of the simplest, such

algorithms is referred to as the Vigenère cipher, where
the set of related monoalphabetic substitution rules
consists of the 26 Caesar ciphers, with shifts of 0
through 25
 Each cipher is denoted by a key letter, which is the
ciphertext letter that substitutes for the plaintext letter
 So if plaintext letter a, a Caesar cipher with a shift of 3 is
denoted by the key value d

BITS Pilani, Hyderabad Campus

Vigenère Cipher

 simplest polyalphabetic substitution cipher

 effectively multiple caesar ciphers
 key is multiple letters long K = k1 k2 ... kd
 ith letter specifies ith alphabet to use
 use each alphabet in turn
 repeat from start after d letters in message
 decryption simply works in reverse

BITS Pilani, Hyderabad Campus

Description of Vigenere cipher

BITS Pilani, Hyderabad Campus

Example of Vigenère Cipher

 write the plaintext out

 write the keyword repeated above it
 use each key letter as a caesar cipher key
 encrypt the corresponding plaintext letter
 eg using keyword deceptive
 key: deceptivedeceptivedeceptive
 plaintext: wearediscoveredsaveyourself
 ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ

BITS Pilani, Hyderabad Campus

Numeric representation

BITS Pilani, Hyderabad Campus

Security of Vigenère Ciphers

 This technique has multiple ciphertext letters for

each plaintext letter
 hence letter frequencies are obscured; but not
totally lost
 start with letter frequencies
see if it looks monoalphabetic or not
 if not, then need to determine number of
alphabets, since then can attach each

BITS Pilani, Hyderabad Campus

Autokey system – extension
of Vigenere
 The periodic nature of the keyword can be eliminated by
using a nonrepeating keyword that is as long as the
message itself
 Vigenère proposed what is referred to as an autokey
system, in which a keyword is concatenated with the
plaintext itself to provide a running key

BITS Pilani, Hyderabad Campus

Autokey Cipher

 ideally we want a key as long as the message

 Vigenère proposed the autokey cipher with
keyword is prefixed to message as key
 By knowing the keyword we can recover the
first few letters
 use these in turn on the rest of the message
 but still have frequency characteristics to attack
 eg. given key deceptive
 key: deceptivewearediscoveredsav
 plaintext: wearediscoveredsaveyourself
 ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA
BITS Pilani, Hyderabad Campus
Autokey Cipher – the idea

 Taking the polyalphabetic idea to the extreme, we want as many

different translation alphabets as letters in the message being sent.
One way of doing this with a smallish key, is to use the Autokey
cipher
 The example uses the keyword "DECEPTIVE" prefixed to as much
of the message "WEAREDISCOVEREDSAV" as is needed. When
deciphering, recover the first 9 letters using the keyword
"DECEPTIVE". Then instead of repeating the keyword, start using
the recovered letters from the message "WEAREDISC". As recover
more letters, have more of key to recover later letters
 Problem is that the same language characteristics are used by the
key as the message. ie. a key of 'E' will be used more often than a
'T' etc hence an 'E' encrypted with a key of 'E' occurs with
probability (0.1275)2 = 0.01663, about twice as often as a 'T‘
enciphered by a Twould occur only about half as often.

BITS Pilani, Hyderabad Campus

Security of autokey system

 Even this scheme is vulnerable to cryptanalysis

 Because the key and the plaintext share the same
frequency distribution of letters, a statistical technique
can be applied
 For example, e enciphered by e , can be expected to
occur with a frequency of (0.127)2 = 0.016, whereas t
enciphered by t would occur only about half as often
 These regularities can be exploited to achieve
successful cryptanalysis

BITS Pilani, Hyderabad Campus

Vernam cipher
 The ultimate defense against such a cryptanalysis is to
choose a keyword that is as long as the plaintext and
has no statistical relationship to it
 Such a system was introduced by an AT&T engineer
named Gilbert Vernam in 1918
 It works on binary data (bits) rather than letters
 The system can be expressed as:

 Compare this with Vigenere cipher BITS Pilani, Hyderabad Campus

Working of Vernam cipher

BITS Pilani, Hyderabad Campus

Vernam cipher - strength

 The essence of this technique is the means of

construction of the key
 Vernam proposed the use of a running loop of tape that
eventually repeated the key, so that in fact the system
worked with a very long but repeating keyword
 Although such a scheme, with a long key, presents
formidable cryptanalytic difficulties, it can be broken with
sufficient ciphertext, the use of known or probable
plaintext sequences, or both

BITS Pilani, Hyderabad Campus

One-Time Pad

 The One-Time Pad is an evolution of the Vernham cipher,

which was invented by Gilbert Vernham in 1918, and used
a long tape of random letters to encrypt the message
 Joseph Mauborgne, proposed an improvement using a
random key that was truly as long as the message, with no
repetitions, which thus totally obscures the original
message
 It produces random output that bears no statistical
relationship to the plaintext
 Because the ciphertext contains no information whatsoever
about the plaintext, there is simply no way to break the
code, since any plaintext can be mapped to any ciphertext
given some key
BITS Pilani, Hyderabad Campus
OTP – contd..

 if a truly random key as long as the message is used, the

cipher will be secure
 OTP is unbreakable since cipher text bears no statistical
relationship to the plaintext
 since for any plaintext & any cipher text there exists a
key mapping one to other
 We can only use the key once though
 There are issues in generation & safe distribution of the
key

BITS Pilani, Hyderabad Campus

One-Time Pad Issues

The one-time pad offers complete security but, in practice,

has two fundamental difficulties:
1.There is the practical problem of making large quantities
of random keys.
2. And the problem of key distribution and protection, where
for every message to be sent, a key of equal length is
needed by both sender and receiver.
Because of these difficulties, the one-time pad is of limited
utility, and is useful primarily for low-bandwidth channels
requiring very high security.

BITS Pilani, Hyderabad Campus

OTP – perfect secrecy

The one-time pad is the only cryptosystem that

exhibits what is referred to as perfect secrecy
 Perfect Secrecy (or information-theoretic secure) means that the ciphertext
conveys no information about the content of the plaintext
 In effect this means that, no matter how much ciphertext you have, it does
not convey anything about what the plaintext and key were
 It can be proved that any such scheme must use at least as much key
material as there is plaintext to encrypt
 In terms of probabilities, it means that the probability distribution of the
possible plaintexts is independent of the ciphertext.

BITS Pilani, Hyderabad Campus

Substitution in modern cryptography

 Substitution ciphers discussed earlier, especially the

older pencil-and-paper hand ciphers, are no longer in
serious use
 However, the cryptographic concept of substitution
carries on even today
 From a sufficiently abstract perspective, modern bit-
oriented block ciphers (e.g., DES, or AES) can be
viewed as substitution ciphers on an enormously large
binary alphabet
 In addition, block ciphers often include smaller
substitution tables called S-boxes
 substitution-permutation network

BITS Pilani, Hyderabad Campus

Transposition Ciphers

 All the techniques examined so far involve the

substitution of a ciphertext symbol for a plaintext symbol
 A very different kind of mapping is achieved by
performing some sort of permutation on the plaintext
letters
 This technique is referred to as a transposition cipher,
and forms the second basic building block of ciphers
 The core idea is to rearrange the order of basic units
(letters/bytes/bits) without altering their actual values
 classical transposition or permutation ciphers hide the
message by rearranging the letter order without altering
the actual letters used

BITS Pilani, Hyderabad Campus

Rail Fence cipher –
basic transposition cipher
 The simplest such cipher is the rail fence technique, in
which the plaintext is written down as a sequence of
diagonals and then read off as a sequence of rows
 The example message is: "meet me after the toga party"
with a rail fence of depth 2
 This sort of thing would be trivial to cryptanalyze

BITS Pilani, Hyderabad Campus

Rail Fence cipher – ex:

 write message letters out diagonally over a

number of rows, then read off cipher row by row
 eg. write message out as:

m e m a t r h t g p r y
e t e f e t e o a a t

 giving ciphertext
MEMATRHTGPRYETEFETEOAAT

BITS Pilani, Hyderabad Campus

Row Transposition Ciphers

 A more complex transposition cipher is to write the

message in a rectangle, row by row, and read the
message off shuffling the order of the columns in each
row
 A pure transposition cipher is easily recognized because
it has the same letter frequencies as the original plaintext
 For the type of columnar transposition just shown,
cryptanalysis is fairly straightforward and involves laying
out the ciphertext in a matrix and playing around with
column positions
 Digram and trigram frequency tables can be useful.

BITS Pilani, Hyderabad Campus

Row Transposition Ciphers
 a more complex transposition
 write letters of message out in rows over a specified
number of columns; then reorder the columns according
to some key before reading off the rows

Key: 4 3 1 2 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z

Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

BITS Pilani, Hyderabad Campus

Security of transposition
ciphers
 The transposition cipher can be made significantly more
secure by performing more than one stage of
transposition.The result is a more complex permutation
that is not easily reconstructed
Key: 431 2567
Input: t t naap t
mt suoao
dw coi x k
n l ypet z
Output: NSCYAUOPTTWLTMDNAOIEPAXTTOKZ

BITS Pilani, Hyderabad Campus

Double transposition

BITS Pilani, Hyderabad Campus

Product Ciphers

 We have seen that ciphers based on just substitutions or

transpositions are not secure, and can be attacked
because they do not sufficient obscure the underlying
language structure
 So consider using several ciphers in succession to make
harder.
 A substitution followed by a transposition is known as a
Product Cipher, and makes a new much more secure
cipher, and forms the bridge to modern ciphers.

BITS Pilani, Hyderabad Campus

Product Ciphers

 ciphers using substitutions or transpositions are

not secure because of language characteristics
 hence consider using several ciphers in
succession to make harder, but:
 two substitutions make a more complex substitution
 two transpositions make more complex transposition
 but a substitution followed by a transposition makes a
new much harder cipher
 this is the bridge from classical to modern
ciphers

BITS Pilani, Hyderabad Campus

Rotor Machines

 The next major advance in ciphers required use of

mechanical cipher machines which enabled to use of
complex varying substitutions.
 A rotor machine consists of a set of independently
rotating cylinders through which electrical pulses can
flow. Each cylinder has 26 input pins and 26 output pins,
with internal wiring that connects each input pin to a
unique output pin. If we associate each input and output
pin with a letter of the alphabet, then a single cylinder
defines a monoalphabetic substitution.

BITS Pilani, Hyderabad Campus

Rotor Machines

 After each input key is depressed, the cylinder rotates

one position, so that the internal connections are shifted
accordingly. The power of the rotor machine is in the use
of multiple cylinders, in which the output pins of one
cylinder are connected to the input pins of the next, and
with the cylinders rotating like an “odometer”, leading to
a very large number of substitution alphabets being
used, eg with 3 cylinders have 263=17576 alphabets
used.
 They were extensively used in world war 2, and the
history of their use and analysis is one of the great
stories from WW2.

BITS Pilani, Hyderabad Campus

Hagelin Rotor Machine

BITS Pilani, Hyderabad Campus

Summary

 We have learnt about:

classical cipher techniques and terminology
monoalphabetic substitution ciphers
cryptanalysis using letter frequencies
Various substitution ciphers
transposition ciphers
product ciphers and rotor machines

BITS Pilani, Hyderabad Campus