EE 418 Network Security and Cryptography Lecture #5 October 13, 2016
Polyalphabetic Classical cryptosystems. Introduction to Cryptanalysis. Lecture notes prepared by Professor Radha Poovendran. Tamara Bonaci Department of Electrical Engineering University of Washington, Seattle
Outline:
1. Review: The Vigen`ereCipher 2. The Hill Cipher 3. The Permutation Cipher 4. Introduction to Cryptanalysis 5. Cryptanalysis of the Shift Cipher 6. Remarks on Letter Distribution of the English Language
1 Review: The Vigen`ereCipher
Last time, we talked about The Vigen`ere cipher, and we said that it is the first polyalphabetic cryptosystem that we are encountering in this course. A polyalphabetic cryptosystem is a cryptosystem where multiple alphabetic characters are encrypted at a time. In other words, each plaintext element is equivalent to m alphabetic characters.
The idea behind this cryptosystem is to use a vector of m keys, i.e., K = (K1,K2, .., Km). m m P = C = K = (Z26) where (Z26) is an m-tuple:
y = eK (x1, x2, .., xm) = (x1 + K1, x2 + K2, .., xm + Km) mod 26, (1)
dK (y1, y2, .., ym) = (y1 − K1, y2 − K2, .., ym − Km) mod 26. (2)
Note: The difference between the Vigen`erecipher and the shift, substitution, and affine ciphers is that in the Vigen`erecipher each alphabetic character is not uniquely mapped to another alphabetic character.
Example Let the plaintext be vector, and let m = 4, K = (2, 4, 6, 7). From the correspondence table we have x = (21, 4, 2, 19, 14, 17), and the cipher is shown in Table 1.
PLAINTEXT: 21 4 2 19 14 17 KEY: 2 4 6 7 2 4 CIPHER: 23 8 8 0 16 21 XIIA QV
To decrypt, we use the same keyword, but modulo subtraction is performed instead of modulo addition. The number of possible keywords of length m is 26m, so even for small m an exhaustive search attack requires a long time. Let’s now consider two more polyalphabetic cryptosystems, the Hill cipher and the permutation cipher.
1 2 The Hill Cipher
Consider the affine cipher, where e(a,b)(x) = ax + b mod m, and suppose that b = 0, so that encryption becomes equal to e(a,0)(x) = ax mod m, i.e. multiplication by the secret key a modulo m. Decryption is then −1 given by dK (y) = a y mod m, provided that gcd (a, m) = 1.
Question: How can we generalize this from x corresponding to a single letter to x corresponding to a string of letters?
Answer: The idea is to choose an integer m > 0, and then to define an m × m key matrix K.
Example: Let consider an example where m = 2. We can define K as:
2 3 K = . (3) 5 7
In this cryptosystem, a plaintext is written as row matrices. For example, if plaintext is test, we write it as: