Lecture-4

Traditional
Symmetric-Key Ciphers: Part 1
Department of Computer Science
and Technology (CSE)
 Cryptographic Approaches

1. Un-Keyed (Hash Function)

2. Secret Key (Symmetric) – “man made”
3. Public Key (Asymmetric) – “math made”

2
 Symmetric Key Cipher:
General Structure
 Secret shared key
 Kerckhoff’s Principle
 How many keys?  m * (m – 1) / 2
 Cryptanalysis
 As cryptography is the science and art of creating secret codes, cryptanalysis is
the science and art of breaking those codes.
 Important for finding how vulnerable our Cryptosystem is.
 4 common types.
 Cryptanalysis

 Ciphertext-Only Attacks:
 Adversary tries to find corresponding key. The types are:
 Brute-force method or exhaustive-key-search method
 Statistical Attack
 Pattern Attack

 Known-Plaintext Attack:
 Adversary has access to plaintext/ciphertext pairs from previous sessions.
 Chosen-Plaintext Attack:
 Adversaries themselves choose the plaintext/ciphertext pairs by accessing the sender’s
computer.
 Chosen-Ciphertext Attack:
 Adversaries themselves choose the ciphertext/plaintext pairs by accessing the receiver’s
computer.
 Categories of Traditional Ciphers

Traditional
Ciphers

Substitution Transposition
Cipher Cipher

Monoalphabetic Polyalphabetic
Keyless Keyed

Caesar Multiplicative Affine Autokey Playfair Vigenere Hill

 Substitution Ciphers

 A substitution cipher replaces one symbol with another.

 If the symbols in the plaintext are alphabetic characters, we replace one character
with another.

 For example, we can replace letter A with letter D, and letter T with letter Z.

 If the symbols are digits (0 to 9), we can replace 3 with 7, and 2 with 6.

 Substitution ciphers can be categorized as either monoalphabetic ciphers or

polyalphabetic ciphers.
 Monoalphabetic Ciphers

 A character (or a symbol) in the plaintext is always changed to the same character
(or symbol) in the ciphertext regardless of its position in the text.

 For example, if the algorithm says that letter A in the plaintext is changed to
letter D, every letter A is changed to letter D.

 In other words, the relationship between letters in the plaintext and the
ciphertext is one-to-one.

 Monoalphabetic Ciphers can be categorized into:

 Caesar/Additive Cipher
 Multiplicative Cipher

 Affine Cipher
 Caesar/Additive Cipher

 Caesar/Additive Cipher is
sometimes referred as Shift
Cipher.
 Representation of Cipher and
Plaintext.
 Encryption and Decryption are
inverse of each other.
 Susceptible to Brute force &
Statical Attacks
 Key Domain is small (26 keys)
 Frequency of Character
occurrence like E, T, A etc.
 Frequency of Character
Combination like “TH”, “THE”,
“HE”, “ING” etc.
 Caesar/Additive Cipher

 Example
 With k = 15, encrypt the message “hello”.

 The encrypted message is “WTAAD”

 Multiplicative Cipher

 The key for Decryption should be k-1 which is the multiplicative inverse.
 Thus the selected key should have a multiplicative inverse modulo 26.

 This is done to guarantee the encryption and decryption are inverses of each other.
 Keys with multiplicative inverses under 26 are: (12 keys)
 Affine Cipher

 Combination of
Caesar/Additive Cipher and
Multiplicative Cipher
 2 rules to follow:
 Each key has an inverse at
the other side of the line
 They are used in reverse
order in the encryption
and decryption.
 If addition is the last
operation in encryption,
then subtraction should be
the first in decryption.
 Attacking Caesar/Additive Cipher
Caesar cipher

 Caesar can be broken if we only know one pair (plain letter, encrypted letter)
 The difference between them is the key

 Caesar can be broken even if we only have the encrypted text and no knowledge of the
plaintext
 Brute-force attack is easy: there are only 25 keys possible
 Try all 25 keys and check to see which key gives an intelligible message
Attacking Caesar/Additive Cipher

Why is Caesar easy to break?

 Only 25 keys to try

 The language of the plaintext is known and easily recognizable
 What if the language is unknown?
 What if the plaintext is a binary file of an unknown format?

From Stallings – “Cryptography and

Network Security”
Language redundancy and cryptanalysis

 Human languages are redundant

 Letters are not equally commonly used

 In English E is by far the most common letter
 Follows T,R,N,I,O,A,S
 Other letters are fairly rare
 See Z,J,K,Q,X

 Tables of single, double & triple letter frequencies exist

 Most common digram in English is TH
 Most common trigram in English in THE
English Letter Frequencies
Cryptanalysis of monoalphabetic
ciphers

 Key concept - monoalphabetic substitution ciphers do not change relative letter frequencies
 Discovered by Arabs in the 9th century
 Calculate letter frequencies for ciphertext
 Compare counts/plots against known values
 Most frequent letter in the ciphertext may well encrypt E
 The next one could encrypt T or A
 After relatively few tries the system is broken
 If the ciphertext is relatively short (and so, the frequencies are not fully relevant) then more guesses
may be needed
 Powerful tool: look at the frequency of two-letter combinations (digrams)
 Example of cryptanalysis
 Ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZ
WYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

 Count relative letter frequencies: P is the most frequent (13.33%), followed by Z (11.67), S (8.33), U
(8.33), O (7.5), M (6.67), H (5.83), etc.
 Guess P and Z stand for E and T but the order is not clear because of small difference in the frequency
 The next set of letters {S,U, O, M, H} may stand for {A, H, I, N, O, R, S} but again it is not completely clear
which is which
 One may try to guess and see how the text translates
 Also, a good guess is that ZW, the most common digram in the ciphertext, is TH, the most common digram in
English: thus, ZWP is THE

 Proceed with trial and error and finally get after inserting the proper blanks:
it was disclosed yesterday that several informal but direct contacts have been made with
political representatives of the viet cong in moscow
 Some conclusions after this
cryptanalysis
 Monoalphabetic ciphers are easy to break because they reflect the frequency of the original alphabet
 Essential to know the original alphabet

 Countermeasure: provide multiple substitutes for a given letter

 Highly frequent letters such as E could be encrypted using a larger number of letters than less frequent letters
such as Z: to encrypt E one could choose either one of, say 15 fixed letters, and to encrypt Z one could choose
either one of, say 2 fixed letters
 The number of encryptions for a letter may be proportional with the frequency rate in the original language
(English)
 This should (intuitively) hide the frequency information

 Wrong: Multiple-letter patterns (digrams, trigrams, etc) survive in the text providing a tool for cryptanalysis
 Each element of the plaintext only affects one element in the ciphertext
 Longer text needed for breaking the system
 Measures to hide the structure of
the plaintext

1. Encrypt multiple letters of the plaintext at once

2. Use more than one substitution in encryption and decryption (polyalphabetic ciphers)

 Consider both these approaches in the following

 Polyalphabetic Ciphers

 In polyalphabetic substitution, each occurrence of a character may have a different

substitute.
 Here, the relationship between a character in the plaintext to a character in the
ciphertext is one-to-many.
 For example, “a” could be enciphered as “D” in the beginning of the text, but as
“N” at the middle.
 To create a polyalphabetic cipher, we need to make each ciphertext character
dependent on both the corresponding plaintext character and the position of the
plaintext character in the message.
 This implies that our key should be a stream of subkeys, in which each subkey
depends somehow on the position of the plaintext character that uses that subkey
for encipherment.
Cryptanalysis

The autokey cipher definitely hides the single-letter

frequency statistics of the plain
text. However, it is still as vulnerable to the brute-force
attack as the additive cipher.
The first subkey can be only one of the 25 values (1 to
Autokey Cipher
25). We need polyalphabetic
ciphers that not only hide the characteristics of the
language but also have large key
domains.

 This a polyalphabetic cipher where the subkeys are automatically created from the
plaintext cipher characters during the encryption process.
 The first subkey is a predetermined value secretly agreed upon by the sender-receiver.

 The second subkey is the value of the first plaintext character (between 0 and 25).
 The third subkey is the value of the second plaintext. And so on.
 Cryptanalysis: Not affected by single-letter frequency Statistical attack but however
vulnerable to Brute-force Attack
 Playfair Cipher

 This is another polyalphabetic cipher used by the British army during World War I.
 The secret key in this cipher is made of 25 alphabet letters arranged in a 5 × 5 matrix
(letters I and J are considered the same when encrypting).
 Different arrangements of the letters in the matrix can create many different secret
keys.
 Playfair Cipher

 Before encryption, if the two letters in a pair are the same, a bogus letter is
inserted to separate them.
 If the number of characters in the plaintext is odd, one extra bogus character is
added at the end to make the number of characters even.
 The cipher uses three rules for encryption:
a) If the two letters in a pair are located in the same row of the secret key, the
corresponding encrypted character for each letter is the next letter to the right in the
same row (with wrapping to the beginning of the row if the plaintext letter is the last
character in the row).
b) If the two letters in a pair are located in the same column of the secret key, the
corresponding encrypted character for each letter is the letter beneath it in the same
column (with wrapping).
c) If the two letters in a pair are not in the same row or column, the corresponding encrypted
character for each letter is a letter that is in its own row but in the same column as the
other letter.
 Playfair Cipher

 Example
 Encrypt “Hello” using the secret key:
 When we group the letters in two-character pairs, we get:
“he, ll, o”
 We need to insert an x between the two l’s, giving
“he, lx, lo”.
 Even or odd?
 “he”  “EC”
 “lx”  “QZ”
 “lo”  “BX”
 Vigenere Cipher

 This is a polyalphabetic cipher designed by Blaise de Vigenere, a sixteenth-century

French mathematician.
 A Vigenere cipher uses a different strategy to create the key stream.
 The key stream is a repetition of an initial secret key stream of length m, where we
have 1 ≤ m ≤ 26.
 Hill Cipher

 Invented by Lester S. Hill, unlike the other

polyalphabetic ciphers, the plaintext is
divided into equal-size blocks.
 In a Hill cipher, the key is a square matrix
of size m × m in which m is the size of the
block.
 The plaintext is of size l × m.
 Thus ciphertext is of size l × m.
 The key matrix in the Hill cipher needs to
have a multiplicative inverse.
 Transposition Ciphers

 A transposition cipher does not substitute one symbol for another, instead it
changes the location of the symbols.

 A symbol in the first position of the plaintext may appear in the tenth position of
the ciphertext.

 A symbol in the eighth position in the plaintext may appear in the first position
of the ciphertext.

 In other words, a transposition cipher reorders (transposes) the symbols.

 Keyless Transposition Ciphers

 Two methods: Zigzag and Fixed

Columns
 Plaintext -> “Meet me at the
park” Fig: Zigzag Method
 Zigzag: Generated Ciphertext
-> “MEMATEAKETETHPR” (1st row
followed by 2nd)
 Fixed Columns: The sender and
receiver can agree on the
number of columns. (Say 4)
 Generated Ciphertext ->
“MMTAEEHREAEKTTP” (1st column Fig: Fixed Columns
followed by 2nd column and so
on)
 Keyed Transposition Ciphers

 Divide the plaintext into

groups of predetermined size,
called blocks.
Fig: Block Size = 5
 Then use a key to permute the
characters in each block
separately.
 Plaintext = “Enemy attacks
tonight”
 Ciphertext = Fig: Key
“EEMYNTAACTTKONSHITZG”
 Ciphertext can be generated
row wise or column wise
Fig: Generated Cipher
 Keyed
Example
 Stream vs Block Ciphers

 In a stream cipher, encryption and decryption are done one symbol (such as a
character or a bit) at a time.

 For example: Monoalphabetic Ciphers, Autokey Ciphers & Vigenere Ciphers.

 In a block cipher, a group of plaintext symbols of size m (m > 1) are encrypted

together creating a group of ciphertext of the same size.

 In a block cipher, a single key is used to encrypt the whole block even if the key
is made of multiple values.

 For example: Playfair Ciphers, Hill Ciphers & Keyed Transposition Ciphers.
References
Main Reference:
Chapter-3 : Cryptography and Network Security- by Behrouz A. Forouzan

Supporting Reference:
Chapter -2 : Cryptography and Network Security: Principles and Practice- by William Stallings