Traditional Symmetric-key

Ciphers
Courtesy:
Behrouz A Forouzan, Debdeep Mukhopadhyay
and William Stallings

Dr. Balu L. Parne

CoED, SVNIT, Surat.
 Polyalphabetic Ciphers

• In polyalphabetic substitution, each occurrence of a character

may have a different substitute.
• The relationship between a character in the plaintext to a
character in the ciphertext is one-to-many.
• To create a polyalphabetic cipher, we need to make each
ciphertext character dependent on both the corresponding
plaintext character and the it’s position in the message.
• Our key should be a stream of subkeys, in which each subkey depends
somehow on the position of the plaintext character that uses that
subkey for enchipherment.
• A key is in the form k=(k1,k2,k3,….) in which ki is used to encipher the
ith character in plaintext to create ith character in ciphertext.
 Autokey Cipher
• The key is a stream of subkeys, in which each subkey is used
to encrypt the corresponding character in the plaintext.
• The first subkey is a predetermined value secretly agreed upon
by sender and receiver.
• The second subkey is the value of the first plaintext character.
• The third subkey is the value of the second plaintext and so
on. – implies that subkeys are automatically created from the
plaintext during encryption process.
 Cryptanalysis
➢ The autokey cipher hides the single-letter frequency statistics of the plaintext.
➢ However it is still vulnerable to the brute-force attack. – The first subkey can be only one of
the 25 values.
➢ So we need to have not only hiding the characteristics of the language and also require large
key domains
 Playfair Cipher
• The secret key in this cipher is made of 25 alphabet letters
arranged in a 5*5 matrix (letters I and J are considered the
same when encrypting).
• Different arrangements of the letters in the matrix can create
many different secret keys.
 Encryption rules

Cryptanalysis

➢ Brute-force attack is very difficult because the

size of key domain is 25!
➢ It also hides single letter frequency of the
characters.
➢ However the frequency of digrams are
preserved to some extent because of filler
insertions – So cryptanalyst can use a
ciphertext-only attack based on the digram
frequency test to find the key
 Vigenere Cipher
• It uses a different strategy to create the key stream.
• The key stream is a repetition of an initial secret key stream
of length ‘m’, 1<=m<=26.
• The cipher can be described as follows where (k1,k2,…,km) is
the initial secret key agreed to by sender and receiver.
• It does not depend on the plaintext characters; it depends
only on the position of the characters in the plaintext. – The
key stream can be created without knowing what the plaintext
is.
Vigenere cipher can be seen as combinations of m additive ciphers and also that
the additive cipher is a special case of Vigenere cipher in which m=1.

Figure A Vigenere cipher as a combination of m additive ciphers

Vigenere Tableau

❑ The first row shows the plaintext character to be

encrypted
❑ The first column contains the characters to be
used by the key
❑ The rest of the tableau shows the ciphertext
characters.
 Hill Cipher
❑ The plaintext is divided into equal-size blocks.
❑ The blocks are encrypted one at a time in such a way that

each character in the block contributes to the encryption of

other characters in the block. – Category of Block Cipher.
❑ In a Hill cipher, the key is a square matrix of size m*m in which

m is the size of the block.

❑ Let us show how one block of plaintext is encrypted:
• The above equations shows that each ciphertext character is
depends on all plaintext letters in the block.
• NOTE: We should be aware of that not all square matrices
have multiplicative inverses in Z26.
 Cryptanalysis
▪ Ciphertext-only cryptanalysis of Hill
cipher is difficult.
▪ Brute-force attack on a Hill cipher is
difficult because
▪ the key is an m*m matrix.
▪ entry in the matrix can have one of
the 26 values.
▪ means that the size of the key
domain is 26m*m.
▪ Not all the matrices have inverse, so
key domain is smaller – but is huge.
▪ Do not preserve the statistics of the
plaintext.
▪ Adversary can’t run frequency
analysis.
▪ Known plaintext attack – if knows the value of m and knows ▪ A frequency analysis of words of size
the plaintext/ciphertext pairs for at least ‘m’ distinct ‘m’ might work – rare – a plaintext
blocks has less strings of size ‘m’ that are
▪ Can create two m*m matrices, P and C, in which the the same.
corresponding rows represent the corresponding plaintext/
ciphertext pairs.
 One-Time Pad
• One of the goals of cryptography is perfect secrecy.
• A study by Shannon has shown that perfect secrecy can be
achieved if each plaintext symbol is encrypted with a key
randomly chosen from a key domain. This idea is used in a
cipher called one-time pad, invented by Vernam.
• The key has the same length as the plaintext and is chosen
completely in random.
• It is a perfect cipher, but it is almost impossible to implement
commercially
• If the key must be newly generated each time, how can Alice tell Bob
the new key each time she has a message to send?
• His system works on binary data rather than letters. The
system can be expressed succinctly as follows:
• An Army Signal Corp officer, Joseph Mauborgne suggested (improvement
to the Vernam Cipher) using a random key that is as long as the message,
so that the key need not be repeated.
• In addition, the key is to be used to encrypt and decrypt a single
message, and then is discarded.
• Each new message requires a new key of the same length as the new
message. Such a scheme, known as a one-time pad, is unbreakable.
• It produces random output that bears no statistical relationship to the
plaintext. Because the ciphertext contains no information whatsoever
about the plaintext, there is simply no way to break the code.
 Rotor Cipher
• It uses the idea behind monoalphabetic
substitution but changes the mapping It uses only 6 letters, but the actual rotors use
between the plaintext and the ciphertext 26 letters
characters for each plaintext character.
• The initial setting of the rotor is the secret
key between Alice and Bob.
• The first plaintext character is encrypted
using the initial setting; the second
character is encrypted after the first
rotation, and so on.
• A three-letter word such as “bee” is
encrypted as “BAA” if the rotor is Cryptanalysis
stationary, but it will be encrypted as • Resistant to Brute-force attack because it
“BCA” if it is rotating. – Polyalphabetic needs to find first set of mapping among 26!
cipher. possible ones.
• It does not preserve letter frequency.
Enigma Machine
• Main Components:
• Keyboard
• Lampboard
• Plug board – 26 plugs – connected by 13
wires – changed everyday to provide
different scrambling.
• Three wired rotors are selected from
five rotors - makes 1/26 turn for each
character – fast rotor – 1/26 turn for
complete turn of fast rotor – medium
rotor – 1/26 turn for complete turn of
medium rotor – slow rotor.
• A Reflector – stationary & Prewired.
• Code Book:
• 3 of 5 rotors are chosen
• Order of the rotors to be installed
• Setting for plugboard
• A three-letter code of the day
• Encryption:
1. Set the starting position of the rotors to the code of the day.
Ex: the code is “HUA” – So rotors are initialized to ‘H’,’U’,’A’, respectively.
2. Choose a random three letter code “ACF”, encrypt the text “ACFACF” with
initial setting and assume that it yields “OPNABT”
3. Set the starting position of the rotors to “OPN”
4. Append the encrypted six letters obtained from step 2(OPNABT) to the
beginning of the message.
5. Encrypt the message including the 6-letter code. Send the encrypted
message.
• Decryption:
1. Receive the message and separate the first six letters.
2. Set the starting position of the rotors to the code of the day.
3. Decrypt the first six letters using the initial setting in step 2.
4. Set the position of the rotors to the first half of the decrypted code.
5. Decrypt the message without first six letters.
 Transposition Ciphers
• A transposition cipher does not substitute one symbol for
another, instead it changes the location of the symbols.

Keyless Transposition Ciphers Keyed Transposition Ciphers Combining Two Approaches

Keyless Transposition Ciphers

❑ Simple transposition ciphers, which were used in the past, are keyless.
❑ First Method: Text is written into a table column by column and then transmitted row by row.
❑ Second Method: Text is written into a table row by row and then transmitted column by
column.
Example

A good example of a keyless cipher using the first method is the rail fence cipher.
The ciphertext is created reading the pattern row by row. For example, to send the
message “Meet me at the park” to Bob, Alice writes

She then creates the ciphertext “MEMATEAKETETHPR” by sending the first

row followed by the second row. Bob receives the ciphertext and divides it in half.
The first half forms the first row, the second half, the second row. Bob reads the
result in zigzag.
Because there is no key and the number of rows is fixed(2), the cryptanalysis of the
ciphertext would be very easy for Eve. All she needs to know is that the rail fence
cipher is used.
Example

Alice and Bob can agree on the number of columns and use the second method.
Alice writes the same plaintext, row by row, in a table of four columns.

❑ She then creates the ciphertext “MMTAEEHREAEKTTP”

by transmitting the characters column by column.
❑ Bob receives the ciphertext and follows the reverse process.
❑ He writes the received message, column by column,

and reads it row by row as the plain text.

❑ Eve can decipher the message if she knows the number

of columns.
Example
The cipher in above Example is actually a transposition cipher. The following
shows the permutation of each character in the plaintext into the ciphertext
based on the positions.

❑ The second character in the plaintext has moved to the fifth position in the
ciphertext; the third character has moved to the ninth position; and so on.
❑ Although the characters are permuted, there is a pattern in the permutation:
(01, 05, 09, 13), (02, 06, 10, 13), (03, 07, 11, 15), and (08, 12). In each section,
the difference between the two adjacent numbers is 4.
Keyed Transposition Ciphers

❑The permutation, in keyless, is done on the whole plaintext to create

the whole ciphertext.
❑Another method is to divide the plaintext into groups of predetermined
size, called blocks, and then use a key to permute the characters in
each block separately.
Combining Two Approaches – Keyed Columnar or Columnar Transposition Ciphers
 Keys In Example, a single key was used in two directions for the column exchange:
downward for encryption, upward for decryption. It is customary to create two keys.
Encryption/decryption keys in transpositional ciphers

The keys are stored in tables with one entry for each column. The entry shows the source
column number; the destination column number is understood from the position of the entry.

Key inversion in a transposition cipher

 We can use matrices to show the encryption/decryption process for a
Using Matrices transposition cipher.

Example Representation of the key as a matrix in the transposition cipher

Decryption matrix is the inverse of the encryption matrix – no need to apply invert – Encryption
key matrix can be simply transposed to get Decryption matrix.
 Cryptanalysis of Transposition Cipher
❑Brute-Force Attack:

❑Eve can try all possible keys to decrypt the message.

❑However the number of keys can be huge (1!+2!+3!+….+L!), where L

is the length of the ciphertext.

❑A better approach is to guess the number of columns – Eve knows that

the number of columns divides L.
❑For example if the length of the cipher is 20 characters, then 20= 1*2*2*5. This
means the number of columns can be a combination of these factors
(1,2,4,5,10,20).
❑However, the first(only one column) is out of the question and the last (only one
row) is unlikely.
• Statistical attack
• It does not change the frequency of letters in the ciphertext; it only
reorders the letters – So we can apply single letter frequency
analysis. – It is useful if the length of the ciphertext is long enough.
• These ciphers do not preserve the frequency of digrams and trigrams.
• Pattern attack
• The ciphertext created from a keyed transposition cipher has some
repeated patterns.
• The following show where each character in the ciphertext in above
example comes from:
❑The 1st character ciphertext comes from 3rd character from
plaintext, 2nd <- 8th ,20th <- 17th , and so on.
❑There is a pattern- we have five groups:
❑ 3,8,13,18
❑ 1,6,11,16
❑ 4,9,14,19
❑ 5,10,15,20
❑ 2,7,12,17

❑In all groups the difference between adjacent numbers is 5.

❑It can be used to break the cipher by guessing the number of
columns, which is 5 in this case, Eve can organize the
ciphertext in group of four characters.
❑Permuting the groups can provide the clue to finding the
plaintext.
Double Transposition Ciphers

Pattern
attack can
be
avoided.

Single
letter
frequency
analysis is
still is able
to do.
 Stream and Block Ciphers
• Symmetric ciphers divided into two broad categories: stream
ciphers and block ciphers.
• Stream Ciphers
• Call the plaintext stream P, the ciphertext stream C, and the key
stream K.
K:
▪ Stream of predetermined
values
▪ Created one value at a
time using an algorithm
▪ May depend on previous
Plaintext/Ciphertext
▪ May depend on Previous
key values

One Char at a time One Char at a time

Example
Additive ciphers can be categorized as stream ciphers in which the key stream is the repeated value
of the key. In other words, the key stream is considered as a predetermined stream of keys or
K = (k, k, …, k).
In this cipher, however, each character in the ciphertext depends only on the corresponding
character in the plaintext, because the key stream is generated independently.

Example
The monoalphabetic substitution ciphers discussed in this chapter are also stream ciphers.
However, each value of the key stream in this case is the mapping of the current plaintext
character to the corresponding ciphertext character in the mapping table.
Example
Vigenere ciphers are also stream ciphers according to the definition. In this case, the key stream is a repetition
of m values, where m is the size of the keyword. In other words,

Example
▪ We can establish a criterion to divide stream ciphers based on their key streams. We can say that a stream
cipher is a monoalphabetic cipher if the value of ki does not depend on the position of the plaintext character
in the plaintext stream; otherwise, the cipher is polyalphabetic.

▪ Additive ciphers are definitely monoalphabetic because ki in the key stream is fixed; it does not depend on
the position of the character in the plaintext.

▪ Monoalphabetic substitution ciphers are monoalphabetic because ki does not depend on the position of the
corresponding character in the plaintext stream; it depends only on the value of the plaintext character.

▪ Vigenere ciphers are polyalphabetic ciphers because ki definitely depends on the position of the plaintext
character. However, the dependency is cyclic. The key is the same for two characters m positions apart.
 Block Ciphers
In a block cipher, a group of plaintext symbols of size m (m > 1) are encrypted together creating
a group of ciphertext of the same size. A single key is used to encrypt the whole block even if
the key is made of multiple values.

Example
• Playfair ciphers are block ciphers. The size of the block is m = 2. Two characters are encrypted
together.
• Hill ciphers are block ciphers. A block of plaintext, of size 2 or more is encrypted together using a
single key (a matrix). In these ciphers, the value of each character in the ciphertext depends on all the
values of the characters in the plaintext. Although the key is made of m × m values, it is considered as
a single key.
• From the definition of the block cipher, it is clear that every block cipher is a polyalphabetic cipher
because each character in a ciphertext block depends on all characters in the plaintext block.
Combination
❑ In practice, blocks of plaintext are encrypted individually, but they use a
stream of keys to encrypt the whole message block by block.

❑ In other words, the cipher is a block cipher when looking at the

individual blocks, but it is a stream cipher when looking at the whole
message considering each block as a single unit.

❑ Each block uses a different key that may be generated before or during
the encryption process.
Algebraic Structures
ALGEBRAIC STRUCTURES
• Cryptography requires sets of integers and specific operations
that are defined for those sets.
• The combination of the set and the operations that are
applied to the elements of the set is called an algebraic
structure.
 Group
• A group G, sometimes denoted by {G, ·} is a set of elements
with a binary operation, denoted by ·, that associates to each
ordered pair (a, b) of elements in G an element (a · b) in G,
such that the following axioms are obeyed:

(A1) Closure: If a and b belong to G, then a · b is also in G.

(A2) Associative: a · (b · c) = (a · b) · c for all a, b, c in G.
(A3) Identity element: There is an element e in G such that a · e = e · a = a for
all a in G.
(A4) Inverse element: For each a in G there is an element a' in G such that a · a'
= a' · a = e.
• If a group has a finite number of elements, it is referred to as
a finite group, and the order of the group is equal to the
number of elements in the group - |G|. Otherwise, the group
is an infinite group.
Abelian Group: A group is said to be abelian if it satisfies the following additional
condition:
(A5) Commutative: a · b = b · a for all a, b in G.

• Example: The set of integers (positive,

negative, and 0) under addition is an abelian
group. The set of nonzero real numbers under
multiplication is an abelian group.
 Although a group involves a single operation, the properties imposed on the operation allow
the use of a pair of operations as long as they are inverses of each other.

Example
The set of residue integers with the addition operator, G = < Zn , +>, is a
commutative group. We can perform addition and subtraction on the elements
of this set without moving out of the set.
Example The set Zn* with the multiplication operator, G = <Zn*, ×>, is also
an abelian group.
Example Let us define a set G = < {a, b, c, d}, •> and the operation as shown
in Table.
 Subgroups
• A subset H of a group G is a subgroup of G if H itself is a group
with respect to the operation on G.
• In other words, if G=<S, · > is a group, H=<T, ·> is a group
under the same operation and T is a nonempty subset of S,
then H is a subgroup of G. The above definition implies that:

• If a and b are members of both groups, then c=a · b is also a member

of both groups.
• The groups share the same identity element.
• If a is a member of both groups, the inverse of a is also a member of
both groups.
• The group made of identity element of G, H = <{e}, ·>, is a subgroup
of G.
• Each group is a subgroup of itself.
Example Is the group H = <Z10, +> a subgroup of the group G = <Z12, +>?
Solution The answer is no. Although H is a subset of G, the operations defined for these two
groups are different. The operation in H is addition modulo 10; the operation in G is
addition modulo 12.

Cyclic Subgroups If a subgroup of a group can be generated using the power of an element, the
subgroup is called the cyclic subgroup. The term power here means repeatedly
applying the group operation to the element:

Example Four cyclic subgroups can be made from the group G = <Z6, +>. They are H1 = <{0}, +>, H2 =
<{0, 2, 4}, +>, H3 = <{0, 3}, +>, and H4 = G.
 Three cyclic subgroups can be made from the group
Example
G =<Z10∗, ×>. G has only four elements: 1, 3, 7, and 9. The cyclic subgroups are H1 = <{1}, ×>, H2
= <{1, 9}, ×>, and H3 = G.

Cyclic Groups • A cyclic group is a group that is its own cyclic subgroup.
• In previous example, the group G has a cyclic subgroup H5 = G. This means that the
group G is a cyclic subgroup.
• In this case, the element that generates the cyclic subgroup can also generate the
group itself. This element is referred to as a generator.
• If g is a generator, the elements in a finite cyclic group can be written as

• Further, we define a0 = e, the identity element.

• A group G is cyclic if every element of G is a power ak (k is an integer) of a fixed element 𝑎 ∈ 𝐺.
• The element a is said to generate the group G, or to be a generator of G.
• A cyclic group is always abelian, and may be finite or infinite.
 1. The group G = <Z6, +> is a cyclic group with two generators, g = 1 and g = 5.
Example
2. The group G = <Z10∗, ×> is a cyclic group with two generators, g = 3 and g = 7.

In the group G = <Z6, +>, the orders of the elements are: ord(0) = 1, ord(1) = 6,ord(2) = 3,ord(3) = 2, ord(4) =
3, ord(5) = 6.
Example
In the group G = <Z10*, ×>, the orders of the elements are: ord(1) = 1, ord(3) = 4, ord(7) = 4, ord(9) = 2.
Thank You..!!