T-79.4501 Cryptography and Data Security Autumn 2008 Homework 1

Tutor : Joo Y. Cho joo.cho@tkk.fi

16th September 2008 Before we start...

• Please prepare solutions at home. • You register in a list the problems you have solved and are willing to present. • A tutor will pick your name from the list and ask to present the solutions, if there is no volunteer. • Other students should ask questions and participate in the discussion. Q1. The ciphertext NS KFHY HQJTUFYWF FSI HFJXFW HTZQI STY RFWWD. FX WTRFS QFB XYTTI YMJ NSXYNYZYNTS TK RFWWNFLJ BFX TSQD WJHTLSNEJI GJYBJJS YBT WTRFS HNYNEJSX FSI FX HQJTUFYWF BFX VZJJS TK JLDUY XMJ BFX STY F WTRFS HNYNEJS. was generated using the Shift cipher. Find the key. A1. By trying different keys and doing the decryptions of the ciphertext one finds the correct encryption key K = 5 as follows:

Key decryptions 0 NS KFHY HQJTUFYWF 1 mr jegx gpistexve 2 lq idfw fohrsdwud 3 kp hcev engqrcvtc 4 jo gbdu dmfpqbusb 5 in fact cleopatra

Decrypted text: in fact cleopatra and caesar could not marry. as roman law stood the institution of marriage was only recognized between two roman citizens and as cleopatra was queen of egypt she was not a roman citizen. Q2. The Atbash cipher is a simple substitution cipher, which converts the order of the alphabet, that is, it encrypts A to Z, B to Y, C to X, and so on, on the English alphabet. Decrypt the following Atbash ciphertext: YVO YLDVGS WLDM, MVYL HGLLKVGS; GSVRI RWLOH ZIV FKLM GSV YVZHGH, ZMW FKLM GSV XZGGOV. A2. The Atbash cipher has the following substitution table:

plain: abcdefghijklmnopqrstuvwxyz cipher: ZYXWVUTSRQPONMLKJIHGFEDCBA

To perform decryption, one replaces each letter in the ciphertext according to the substitution table. Hence, the decrypted message is bel boweth down, nebo stoopeth; their idols are upon the beasts, and upon the cattle. Q3. Consider double encryption using the Atbash cipher and Shift cipher on the English alphabet. Usually these ciphers do not commute, that is, if you apply Atbash first and then Shift the result is different from what you get if you apply Shift first and then Atbash. But there is one non-zero key of the Shift cipher, for which the encryption result is the same in both ways. What is it? Under which name this cipher is known? A3. The encryption function EK for the Shift cipher with a key K ∈ {0,..., 25} is defined as

EK(x) ≡ x + K (mod 26).

The encryption function is its own inverse iff x ≡ EK(EK(x)) for all x in the alphabet {0,..., 25}. In this case the key K is defined as follows:

x ≡ EK(EK(x)) ≡ (x + K)+ K ≡ x + 2K ⇐⇒ 2K ≡ 0, or equivalently K = 0 + 13m, m ∈ Z. Since K ∈ {0,..., 25}, the only nonzero possibility for K is 13. The Shift cipher with the key K = 13 is often called ROT13. The decrypted message is the rot algorithm is not designed to provide any cryptographic security, but to provide an easy means to obscure pieces of text such as messages posted in an online forum or in the usenet. Q4. Here you find the truth about the Playfair cipher. The keyword is government. MQ AF GW EC AF GA BT RV IT BE GM QP HE HT SB SZ BA AB DI OH MV GM RV PF QA DK BQ ZS HN KD FS QA BZ AF RA BE GM PI BS GA IL DC GA BF PB DI BE QO LZ QA BA PB GM AH FN YN PW QW HO RF QR FM QA QP HE HT SB DC QF RG A4. • The keyword without any duplicate letters is GOVERNMT. • We use this word as the key in the 5 × 5 matrix. • The matrix is filled in from left to right and from top to bottom with the letters of the key. • The remainder of the matrix is filled in with the rest of the letters in alphabetical order (with I and J in the same space). • Thus, we get the following matrix: GOVE R NMTA B C D F H I/J KLPQ S UWXY Z This matrix can be used for decryption: MQ → al, AF → th, GW → ou, EC → gh, AF → th, GA → en, BT → am, RV → eo, IT → fb, BE → ar, GM → on, QP → pl, HE → ay, HT → fa, SB → ir, SZ → is, BA → at, AB → ta, DI → ch, OH → ed, MV → to, ... For the plaintext we get although the name of baron playfair is attached to one of the classical ciphers the barons friend scientist charles wheatstone actually devised the playfair cipher Q5. The ciphertext VKMHG QFVMO IJOII OHNSN IZXSS CSZEA WWEXU LIOZB AGEKQ UHRDH IKHWE OBNSQ RVIES LISYK BIOVF IEWEO BQXIE UUIXK EKTUH NSZIB SWJIZ BSKFK YWSXS EIDSQ INTBD RKOZD QELUM AAAEV MIDMD GKJXR UKTUH TSBGI EQRVF XBAYG UBTCS XTBDR SLYKW AFHMM TYCKU JHBWV TUHRQ XYHWM IJBXS LSXUB BAYDI OFLPO XBULU OZAHE JOBDT ATOUT GLPKO FHNSO KBHMW XKTWX SX was generated using the Vigenere` cipher. Use Kasiski’s method to determine the keylength (period). These occurrences are underlined in the ciphertext: VKMHG QFVMO IJOII OHNSN IZXSS CSZEA WWEXU LIOZB AGEKQ UHRDH IKHWE OBNSQ RVIES LISYK BIOVF IEWEO BQXIE UUIXK EKTUH NSZIB SWJIZ BSKFK YWSXS EIDSQ INTBD RKOZD QELUM AAAEV MIDMD GKJXR UKTUH TSBGI EQRVF XBAYG UBTCS XTBDR SLYKW AFHMM TYCKU JHBWV TUHRQ XYHWM IJBXS LSXUB BAYDI OFLPO XBULU OZAHE JOBDT ATOUT GLPKO FHNSO KBHMW XKTWX SX A5. • At least following strings occur (at least) twice in the ciphertext: KTUH, HNS and WEO. • The string KTUH occurs in positions (starting from 0) 18 · 5 + 1 = 91 and 30 · 5 + 1 = 151, so the distance between the occurrences is 151 − 91 = 60 characters. • Similarly, the trigram HNS occurs in positions 3 · 5 + 1 and 18 · 5 + 4 giving the distance 78 between the occurrences. • The trigram WEO occurs in positions 10 · 5 + 3 and 15 · 5 + 2 giving the distance 24 between the occurrences. • The greatest common divisors are

gcd(78, 60)= gcd(78, 24)= 6.

By Kasiski’s test, the key length is 6. (Note that gcd(60, 24)= 12) Q6. Consider the encryption matrix (key)

k1 k2 k3   k4 k5 k6  k7 k8 k9  of a 3 × 3 Hill cipher.

1. Show how the unknown key entries ki ∈ {1,..., 9} can be solved given a sufficient number (at least three) known plaintext-ciphertext pairs. 2. Show how the computations can be simplified with a chosen plaintext attack by selecting the three plaintexts in an appropriate way. (In chosen plaintext attack the adversary has access to the encryption device. It can feed in chosen plaintext and read out the corresponding ciphertext.) A6-1. A Hill cipher of three plaintext-ciphertext pairs can be defined as matrix multiplication Y = KX, where K, Y, and X are 3 × 3 matrices so that X represents plaintext as column vectors and Y ciphertext as column vectors. If we know both X and Y, and X is invertible, we can compute X−1 and thus K = YX−1. A6-2. We can choose the vectors (1, 0, 0), (0, 1, 0), and (0, 0, 1) for the plaintext, so that X is the identity matrix. This gives us the key K immediately, since K = Y.