Theory and Practice of Modern Cryptography

Chapter 2 Classical
Encryption

Miao Fuyou ( 苗付友 )

mfy@ustc.edu.cn
Sept. 2021

网络视频： http://wlkt.ustc.edu.cn/video/detail_3363_0.htm
 Outlines

 2.1 Evolution of Contemporary cryptology

 2.2 Symmetric Cipher Model
 2.3 Substitution Ciphers
 2.4 Transposition Ciphers
 2.5 Rotor Machines-Enigma
 2.6 Cracking Enigma

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 2/52
2.1 Evolution of contemporary
cryptology
 1918, William Friedman (Sept. 24,1891 –Nov. 12, 1969)
,
◦ US military specialist in cryptology, Cracking Japanese PURPLE
machine.
 Claude Shannon (Apr. 30, 1916 – Feb. 24, 2001)
◦ American Electronic engineer and mathematician
◦ The Communication Theory of Secrecy System (1948)-foundation of
modern cryptography, The father of information theory
 1949-1967 age of silence
 1971: IBM’s Luciffer Cipher
◦ 128 bits block encryption by Horst Feistel (Jan.30, 1915–Nov.14,
1990)
◦ Foundation of Data Encryption Standard (DES)
 1976-1977 ， NIST published DES
 1975, Whitfield Diffie & Matin Hellman,
◦ A New Direction in Cryptography: epoch-making Idea of public key
School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 3/52
2.1 Evolution of contemporary
cryptology
 1977 － 1978: Ronald Rivest, Adi Shamir, Len Adleman- RSA
public key system

 1981:International Association for Cryptology Research (IACR)

was found

 1984: Semantic security by Goldwasser & Micali (2012 Turing

award)

 1985: Abbas El Gamal –probabilistic method of ElGamal

 1990 － 1992 ， Lai Xuejia and James: IDEA, The International

Data Encryption Algorithm

 2000, AES, Advanced Encryption Standard

 2004: MD5,HAVAL － 128,MD4, RIPEMD cracked by Wang Xiaoyun

 School of Computer
2005: SHA-1 cracked
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 4/52
2.1 Evolution of contemporary
cryptology
 Challenges from quantum algorithms
◦ 1994:Peter Shor factor N in
◦ Grover’ s Search algorithm reduce from to
 Post-quantum Cryptography
◦ Hash-based Digital Signature Schemes
◦ Code-based cryptography
◦ Lattice-based Cryptography
◦ Multivariate Public Key Cryptography

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 5/52
2.2 Symmetric Cipher
Model
A symmetric encryption scheme has five ingredients (Figure


3.1):
■ Plaintext: original intelligible message or data that is fed into the
algorithm as input.
■ Encryption algorithm: The encryption algorithm performs various
substitutions and transformations on the plaintext.
■ Secret key: The secret key is also input to the encryption algorithm. The
key is a value independent of the plaintext and of the algorithm. The
algorithm will produce a different output depending on the specific key being
used at the time. The exact substitutions and transformations performed by
the algorithm depend on the key.
■ Ciphertext: the scrambled message produced as output. It depends on
the plaintext and the secret key. For a given message, two different keys will
produce two different ciphertexts. The ciphertext is an apparently random
stream of data and, as it stands, is unintelligible.
 ■ Decryption algorithm: This is essentially the encryption algorithm run in
reverse. It takes the ciphertext and the secret key and produces the original
plaintext.
School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 6/52
2.2 Symmetric Cipher
Model

 Plaintext: X
 Cyphertext: Y
 Encryption algorithm: E
 Secret Key ： K
 Decryption
algorithm :D
School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 7/52
Some terms
 Cryptography : the area of study of encryption;

Cryptographic system/cipher: encryption schemes;
 Cryptanalysis : the area of techniques used for deciphering a
message without any knowledge of the enciphering details.
 Cryptology: cryptography+ cryptanalysis

■ Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus

perhaps some knowledge of the general characteristics of the plaintext or even some
sample plaintext–ciphertext pairs. This type of attack exploits the characteristics of the
algorithm to attempt to deduce a specific plaintext or to deduce the key being used.
■ Brute-force attack: The attacker tries every possible key on a piece of ciphertext
until an intelligible translation into plaintext is obtained. On average, half of all
possible keys must be tried to achieve success.

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 8/52
Brute-force attack

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 9/52
cryptanalytic attacks
Various types of cryptanalytic attacks based on the amount
of information known to the cryptanalyst.

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 10/52
More terms
 unconditionally secure:
◦ the ciphertext generated by the scheme does not contain
enough information to determine uniquely the corresponding plaintext, no matter
how much ciphertext is available;
 computationally secure:
◦ The cost of breaking the cipher exceeds the value of the encrypted information.
◦ The time required to break the cipher exceeds the useful lifetime of the
information.

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 11/52
2.3 Substitution
techniques
the letters of plaintext are replaced by other letters or by numbers
or symbols.

 Caesar Cipher
 Monoalphabetic Ciphers
 Polyalphabetic Ciphers

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 12/52
 Caesar Cipher
 Example:
◦ plain: meet me after the toga party
◦ cipher: PHHW PH DIWHU WKH WRJD SDUWB
 Encryption alphabet
◦ plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
◦ cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

◦ Encryption algorithm: C = E(3, p) = (p + 3) mod 26

 For any shift k: C = E(k, p) = (p + k) mod 26
◦ Decrption algorithm: p = D(k, C) = (C - k) mod 26
School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 13/52
Caesar Cipher
 If one has the
knowledge, brute-force
cryptanalysis is
applicable.
◦ 1. The encryption and
decryption algorithms are
known.
◦ 2. There are only 25 keys to
try.
◦ 3. The language of the
plaintext is known and easily
recognizable.
 brute-force
cryptanalysis ： simply
try all the 25 possible
keys
School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 14/52
Monoalphabetic Substitution
Ciphers
 Permutation: an ordered sequence of all the elements of finite
set S
 Example: S = {a, b, c}, there are six permutations of S:
abc, acb, bac, bca, cab, cba
 there are n! permutations of a set of n elements

plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
 26! or greater than 4 * 1026 possible keys.

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 15/52
 How to Crack Monoalphabetic
Substitution Ciphers
 Example of ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

 Frequency Analysis:
◦ 9th Century, Prosperity of Muslim civilization
◦ Theologians scrutinized the revelations of Muhammad in
Koran, daily utterances  authentic statement by etymology of
words, structure of sentences  individual letter analysis: a ,l
---j  breakthrough in cryptanalysis
◦ al-Kindi, philosopher of the Arabs, author of 290 books, A
Manuscript on Deciphering Cryptographic Message ,
1987,Istanbul
School of Computer
 (Finding the characteristic
Science&Technology, USTC of Information Source)
mfy@ustc.edu.
cn 现代密码学理论与实践 16/52
 How to Crack Monoalphabetic
Substitution Ciphers

School of Computer
Science&Technology,
al-Kindi’ manuscript about
mfy@ustc.edu.
frequency analysis
USTC
cn 现代密码学理论与实践 17/52
How to Crack Monoalphabetic Substitution
Ciphers
 the relative frequency of the letters can be determined (see the
table)and compared to a standard frequency distribution for
English (Figure 2.5).

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 18/52
 Playfair Cipher
Encryption:
 2-letter encryption 1. Repeating plaintext letters that are in
the same pair are separated with a filler
cipher letter, such as x, so that balloon would
◦ Using 5 * 5 matrix of be treated as ba lx lo on.

letters constructed using 2. Two plaintext letters that fall in the same
a keyword row of the matrix are each replaced by the
letter to the right, with the first element of
 Example the row circularly following
the last. For example, ar is encrypted as RM.
keyword – monarchy
3. Two plaintext letters that fall in the same
column are each replaced by the letter
beneath, with the top element of the
column circularly following the last.
For example, mu is encrypted as CM.

4. Otherwise, each plaintext letter in a pair

is replaced by the letter that lies in its own
there are 26 * 26 = 676
School of Computer
digrams
row and the column occupied by the other
plaintext letter. Thus, hs
Science&Technology, USTC
mfy@ustc.edu.
becomes BP and ea becomes IM (or JM, as
the encipherer wishes).
cn 现代密码学理论与实践 19/52
Hill Cipher
 by the mathematician Lester Hill in 1929.
 M-1 is the inverse of a square matrix M s.t. M(M-1) =M-1M = I,
where I is the identity matrix
 THE HILL ALGORITHM
◦ encyrption
c1 = (k11p1 + k21p2 + k31p3) mod 26
c2 = (k12p1 + k22p2 + k32p3) mod 26
c3 = (k13p1 + k23p2 + k33p3) mod 26
or

or
C = PK mod 26S

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 20/52
Hill Cipher
 Example
 Plaintext: paymoremoney Encryption Key:

pay={15,0,24}

 Ciphertext: LNSHDLEWMTRW Decryption Key:

KK-1 = =I

School
K-1 of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 21/52
 School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 22/52
Polyalphabetic Cipher
 1. A set of related monoalphabetic substitution rules is used.
 2. A key determines which particular rule is chosen for a given
transformation.
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
 Expressed numerically

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 23/52
 key: deceptivedeceptivedeceptive
School of Computer
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 24/52
How to Crack
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ

 1.Decide the length of key to reduce to

monoalphabetic cipher;
 2. Crack each monoalphabetic cipher;

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 25/52
Autokey Cipher
 Key: deceptive
key: deceptivewearediscoveredsav
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA
 Ciphertext still keep some of the structure
of the plaintext

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 26/52
 An example of breaking
Vigenère
 Key : ? ? ? ? ? ? ? ? ??? ? ?? ? ? ? ? ? ??
 Plaintext: ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
 Ciphertext: V H R M H E U Z N FQ D E Z R W X F I D K

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 27/52
An example of breaking
Vigenère

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 28/52
 One-Time Pad

Two problems in one-time pad

1. making large quantities of random keys.
Any heavily used system might require millions of random characters on a regular
basis. Supplying truly random characters in this volume is a significant task.
2. key distribution and protection.
For every message to be sent, a key of equal length is needed by both sender and
School of Computer
receiver. Thus, a
Science&Technology, USTC
mammoth key distribution problem exists.
mfy@ustc.edu.
cn 现代密码学理论与实践 29/52
2.4 Tansposition
Techniques

(The first military cryptographic device, used by Sparta in the war against Persia,404
B.C. ）

Spartan scytale (5th century BC)

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 30/52
Transposition
 One-dimensional － Matrix Transposition
Input

Output C A N Y Plaintext ： can you understand

O U U N
D E R S
T A N D Ciphertext ： codtaueanurnynsd

 2D － Graph Transposition
D Ciphertext
T A N
N D E R S
C A N Y O U U Ciphertext ： dnsuaruteodynnac
Plaintext Plaintext ： can you understand
School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 31/52
Rail Fence cipher
 The plaintext is written down as a sequence of diagonals and then
read off as a sequence of rows.
 Example 1:
Plaintext: “meet me after the toga party” with a rail fence of depth 2,
mematrhtgpry
etefeteoaat
Ciphertext:
mematrhtgpryetefeteoaat
 Example 2:
Key: 4 3 1 2 5 6 7
Plaintext: a t t a c k p
ostpone
duntilt
woamxyz
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 32/52
Product Cipher
 Pure Substitution Cipher / Transposition
Cipher--Not secure
 Product Cipher-Mixes of Substitution Cipher

and Transposition Cipher

 A bridge between classical cipher to modern

Cipher

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 33/52
 2.5 Rotor Machine-Enigma
 Polyalphabetic Cipher popular in WWII
◦ German Enigma, Japanese Purple,
Allied Hagelin

“Scherbius & Ritter” – turbine, heated

pillows…


by Arthur Scherbius &

Arthur Scherbius(--1929) – to change

Richard Ritter (1918 )

cipher in WWI ， sold to military in



1923(Churchill <<World
Crisis>>1914.9)

Enigma- widely used in Germany

During WWII, highly confident in by


Hitler
produced 30000 machines
School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 34/52
 2.5 Rotor Machine-Enigma

Keyboard ： Input Plaintext

Lampboard: Ciphertext Display
Plugboard: swap 2 letters
Scramblers: monoalphabetic cipher
School
Reflector: of Computer
guarantee AC; CA

Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 35/52
2.5 Rotor Machine-Enigma
 Keyboard

 Lampboard

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 36/52
2.5 Rotor Machine-Enigma
 Scramblers: a polyalphabetic cipher each
position

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 37/52
2.5 Rotor Machine-Enigma
 Scramblers

Simplified structure-6 keys

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 38/52
2.5 Rotor Machine-Enigma
Rotor Machine: an
implementation of
monoalphabetic substitution
cipher;
Use 3 independent
Scramblers; each scrambler has
26 inputs and 26 outputs; each
input links to an output; each
scrambler defines a
monoalphabetic cipher;
The scrambler move one
position and change the wire
connection after a key stroke,
and defines a different
monoalphabetic cipher. After 26
letters, the scrambler come back
to the original position-
School of Computer polyalphabetic cipher with a
period of 26 letters.
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 39/52
2.5 Rotor Machine-Enigma

Scrambler
Rotor Machine with 3 scramblers:
monoalphabetic ciphers
3 scramblers-6 permutations

5 scramblers-60 permutations

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 40/52
2.5 Rotor Machine-Enigma
 Plugboard
◦ Swap a pair of letters;
◦ Allow 6 pairs of 26
letters;
◦ Total combinations
100,391,791,500
2 2 2 2 2 2
(C 26 C 24 C 22 C 20 C18C16 ) / 6!

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 41/52
2.5 Rotor Machine-Enigma
 Reflector:
◦ reflect scrambled
results to scrambler
◦ Guarantee the
invertibility between
plaintext and
ciphertext under
any state.

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 42/52
2.5 Rotor Machine-Enigma
 Operation procedure
◦ Encryption
 Arrange 3 scramblers (6)
 Set initial position of each scrambler 263=17576
 2 2 2 2 2 2
Plugboard links: (C26C24C22C20C18C16 ) / 6!
 Input plaintext-write down Ciphertext from
lampboard-send out ciphertext
◦ Decryption
 Set the same state as encryption
 Receive ciphertext-Input ciphertext-write down
plaintext from lampboard
School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 43/52
2.5 Rotor Machine-Enigma
 Enigma Security
◦ 3 parts
 3 scramblers—6 permutations
 Total Initial positions: 263=17576
 Links of plugboard: 100391791500

 Total possible keys ：

 6*263* 100391791500= 10,000,000,000,000,000
（）

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 44/52
 2.6 Cracking the Enigma
 Situation after WWI
◦ Allies lacked of fear and adversity
◦ Poland
 otherwise lived in threats
 Set up “Biuro Szyfrow”
 1919-1920 war at Russia intercept
>400 msgs until 1926 Enigma
 Commercial Enigma to Military
Enigma ???
 Belgium, Nov. 8, 1931, Schmidt -->
Rex. French secret agent for 10000
marks ( or today’s $30000)
 (handbook without arrangement of
School of Computer
internal wires)
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 45/52
2.6 Cracking the Enigma
 Work by Poland
◦ German Usage
◦ Daily setup:
 plugboard links:
A/L-P/R-T/D-B/W-L/F-O/Y
 Scrambler permutation:2-3-1
 Initial positions:Q-C-W (day
key)
◦ Each message is encrypted
with message key(MK)
◦ Each MK is encrypted twice
with day key (DK)
School of Computer
e.g. PGHPGHKIVBJE
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 46/52
2.6 Cracking the Enigma
 Work by Poland

Each row is a ciphertext of duplicate MKs

encrypted using the same DK

Table of ciphertexts of the 1st and 4th (the same)

letters in MK

The ring of letters after swapping S/G, T/K

School of Computer
Ring of letters from the above table

Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 47/52
2.6 Cracking the Enigma
 Work by Poland
 The mode of ring of letters is irrelative with
plugboard
 Set up the database of all rings of letters which
characterize each DK (17576 DKs).
Rings of letters of length 3,9,7,7 from 1st and 4th letters
Rings of letters of length 2,3,9,12 from 2nd and 5th letters
Rings of letters of length 5,5,5,3,8 from 3st and 6th letters

 Test the links of plugboard, e.g.

alliveinbelrinarrive in Berlin R/L

 The database separates the analysis of scramblers

from plugboard, which reduces the complexity
sharply.
School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 48/52
2.6 Cracking the Enigma
 Work by Britain
 In Dec.1938 Increased security
5 scramblers ： 60 permutation
plugboard ： 10 pairs of letters
2 2 2 2 2 2 2 2 2
(C 26 C 24 C 22 C 20 C18 C16 C14 C12 C10 C82 ) / 10!
total keys ： 159,000,000,000,000,000,000
 Polish bombesFrance/ Britain ( Polish Langer)
 Alan Turing

Born on Jun 23,1912/with grandma/Sherborne

school in 1926/ King’s College, Cambridge in
1931Turing machine for Decidability
School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 49/52
 2.6 Cracking the Enigma
 Work by Britain
 Guess the ciphertext/plaintext pairs (crib)
e.g. wetter in 6 a.m.’s message
 determine the setup of Enigma

A ring of letters from cribs

 Use 3 Enigmas to simulate a ring, the first
scramblers of 3 enigmas is set up according to
School of Computer
the ring of letters, USTC
Science&Technology,
mfy@ustc.edu.
cn 现代密码学理论与实践 50/52
2.6 Cracking the Enigma
 Work by Britain
 Set aside the plugboard,

test 17576*60 keys

 Test the setup of

plugboard
 The same as Rejewski’s
 tewwerwetter w/t

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 51/52
2.6 Cracking the Enigma
 Work by
Britain
◦ British Bombe
◦ Bletchley Park
“ The geese who
laid golden eggs
and never
cackled .”
--Churchill in
Sept 6,1941

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 52/52
Enigma ： A monument in cryptology
 Monument in cryptology -- Enigma
◦ Design of Enigma --- cryptography
 German Arthur Scherbius ；
 (http://www.techcn.com.cn/index.php?doc-view-131925)
◦ Breaking Enigma ---cryptology
 Poland (Marian Rejewski) ； British (Alan Turing)

Bletchley Park
The place where Enigma
is cracked

School of Computer
Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 53/52
Review Questions and
Problems
 3.4 The following ciphertext was generated using a simple substitution algorithm.
 hzsrnqc klyy wqc flo mflwf ol zqdn nsoznj wskn lj xzsrbjnf,wzsxz gqv zqhhnf ol ozn glco zlfnco
hnlhrn; nsoznj jnrqosdnc lj fnqj kjsnfbc, wzsxz sc xnjoqsfrv gljn efeceqr. zn rsdnb qrlfn sf zsc
zlecn sf cqdsrrn jlw, wzsoznj flfn hnfnojqonb. q csfyrn blgncosx cekksxnb ol cnjdn zsg. zn
pjnqmkqconb qfb bsfnb qo ozn xrep, qo zlejc gqozngqosxqrrv ksanb, sf ozn cqgn jllg, qo ozn
cqgn oqprn, fndnj oqmsfy zsc gnqrc wsoz loznj gngpnjc, gexz rncc pjsfysfy q yenco wsoz zsg;
qfb wnfo zlgn qo naqxorv gsbfsyzo, lfrv ol jnosjn qo lfxn ol pnb. zn fndnj ecnb ozn xlcv
xzqgpnjc wzsxz ozn jnkljg hjldsbnc klj soc kqdlejnb gngpnjc. zn hqccnb onf zlejc leo lk ozn
ownfov-klej sf cqdsrrn jlw, nsoznj sf crnnhsfy lj gqmsfy zsc olsrno.
 Decrypt this message.
 Hints:
 1. As you know, the most frequently occurring letter in English is e. Therefore, the first or
second (or perhaps third?) most common character in the message is likely to stand for e.
Also, e is often seen in pairs (e.g., meet, fleet, speed, seen, been, agree, etc.). Try to find a
character in the ciphertext that decodes to e.
 2. The most common word in English is “the.” Use this fact to guess the characters that
stand for t and h.
 3. Decipher the rest of the message by deducing additional words.
 Warning: The resulting message is in English but may not make much sense on a first
School of Computer
reading.

Science&Technology, USTC
mfy@ustc.edu.
cn 现代密码学理论与实践 54/52
 Review Questions and
Problems

 3.9 When the PT-109 American patrol boat, under the command of Lieutenant John F.
Kennedy, was sunk by a Japanese destroyer, a message was received at an
Australian wireless station in Playfair code:
KXJEY UREBE ZWEHE WRYTU HEYFS
KREHE GOYFI WTTTU OLKSY CAJPO
BOTEI ZONTX BYBNT GONEY CUZWR
GDSON SXBOU YWRHE BAAHY USEDQ
The key used was royal new zealand navy. Decrypt the message. Translate TT into
tt.

 3.25 Write a program that can perform a letter frequency attack on an

additive
 cipher without human intervention. Your software should produce possible

 plaintexts in rough order of likelihood. It would be good if your user interface

 allowed the user to specify “give me the top 10 possible plaintexts.”

School
 3.28 of Computer
Create software that can perform a fast known plaintext attack on a Hill
Science&Technology,
cipher,
mfy@ustc.edu.
USTC
 given the dimension m. How fast are your algorithms, as a function of m?
cn 现代密码学理论与实践 55/52