Polyalphabetic Ciphers

Transcription

1 Polyalphabetic Ciphers 1

2 Basic Idea: The substitution alphabet used for enciphering successive letters of plaintext changes. The selection of alphabets may depend on a keyword, a key stream, or electromechanical means (e.g., Enigma). 2

3 Vigenère Keyword Cipher Setup: Correspondents agree on a keyword Encryption: Write keyword repeatedly alongside the plaintext, adding corresponding plaintext and key letters modulo 26 by finding the letter where the plain letter column and the key letter row intersect in the Vigenère square. 3

4 Decryption: Write keyword repeatedly alongside the ciphertext, subtracting corresponding key letters modulo 26 by finding the cipher letter in the key row and looking up the plaintext letter at the head of the column in which the cipher letter appears. 4

5 Example: If keyword is WIND and plaintext is GO AHEAD MAKE MY DAY, then encipherment is plain key cipher G O A H E A D M A K E M Y D A Y W I N D W I N D W I N D W I N D 5

6 Example: If keyword is WIND and plaintext is GO AHEAD MAKE MY DAY, then encipherment is plain key cipher G O A H E A D M A K E M Y D A Y W I N D W I N D W I N D W I N D C 6

7 Example: If keyword is WIND and plaintext is GO AHEAD MAKE MY DAY, then encipherment is plain key cipher G O A H E A D M A K E M Y D A Y W I N D W I N D W I N D W I N D C W 7

8 Example: If keyword is WIND and plaintext is GO AHEAD MAKE MY DAY, then encipherment is plain key cipher G O A H E A D M A K E M Y D A Y W I N D W I N D W I N D W I N D C W N 8

9 Example: If keyword is WIND and plaintext is GO AHEAD MAKE MY DAY, then encipherment is plain key cipher G O A H E A D M A K E M Y D A Y W I N D W I N D W I N D W I N D C W N K A I Q P W S R P U L N B 9

10 Example: Suppose the keyword is NUMBER. The punch line of the joke, There are three kinds of mathematicians... isthe decipherment of GBATI NUIOB RTBOZ UEEQN TPWVJ BADEE G. Weget cipher key plain G B A T I N U I O B R T B O Z U E E Q N T P W V J B A D E E G N U M B E R N U M B E R N U M B E R N U M B E R N U M B E R N 10

11 Example: Suppose the keyword is NUMBER. The punch line of the joke, There are three kinds of mathematicians... isthe decipherment of GBATI NUIOB RTBOZ UEEQN TPWVJ BADEE G. Weget cipher key plain G B A T I N U I O B R T B O Z U E E Q N T P W V J B A D E E G N U M B E R N U M B E R N U M B E R N U M B E R N U M B E R N T H O S E W H O C A N C O U N T A N D T H O S E W H O C A N T 11

12 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z AA AB AC AD AE AF AG N U M B E R N U M B E R N U M B E R N U M B E R N U M B E R N T H O S E W H O C A N C O U N T A N D T H O S E W H O C A N T G B A T I N U I O B R T B O Z U E E Q N T P W V J B A D E E G =CHAR(MOD(CODE(A2)-CODE("A") + CODE(A1)-CODE("A"),26)+CODE("A")) =A9 G B A T I N U I O B R T B O Z U E E Q N T P W V J B A D E E G N U M B E R N U M B E R N U M B E R N U M B E R N U M B E R N T H O S E W H O C A N C O U N T A N D T H O S E W H O C A N T =CHAR(MOD(CODE(A8)-CODE("A") - (CODE(A9)-CODE("A")),26)+CODE("A")) Vigenere encipherment and decipherment using an Excel spreadsheet 12

13 Property: Vigenère encipherments with longer keywords tend to even out the distribution of letters in the ciphertexts. Thus the statistics in the underlying plaintext are obscured. A 1565-letter plaintext was enciphered using the keywords A, IF, VOW, ZEAL, MARKS,COUPLE,CORNELL,CONSIDER. Here are the letter distributions. 13

14 ABCDEFGHIJKLMNOPQRSTUVWXYZ CORNELL ABCDEFGHIJKLMNOPQRSTUVWXYZ CONSIDER ABCDEFGHIJKLMNOPQRSTUVWXYZ MARKS ABCDEFGHIJKLMNOPQRSTUVWXYZ COUPLE ABCDEFGHIJKLMNOPQRSTUVWXYZ VOW ABCDEFGHIJKLMNOPQRSTUVWXYZ ZEAL ABCDEFGHIJKLMNOPQRSTUVWXYZ A ABCDEFGHIJKLMNOPQRSTUVWXYZ IF 14

15 Cryptanalysis of Vigenere-enciphered Text Ciphertext: CTMYR DOIBS RESRR RIJYR EBYLD IYMLC CYQXS RRMLQ FSDXF OWFKT CYJRR IQZSM X Assumption: keyword is a 3-letter English word. 15

16 Basic idea: three monoalphabetic shifts are used to get C Y O S..., _ T R I R _..., M D B E... Determine the likely shift values and try out the corresponding possible keywords. 16

17 Work: set 1 set 2 set 3 let. freq. let. freq. let. freq. C 2 T 2 M 2 Y 3 R 4 D 1 O 2 I 4 B 1 S 2 Y 2 E 2 R 3 L 1 R 3 B 1 S 2 J 1 D 2 M 1 L 2 M 1 F 1 Y 1 X 2 X 1 C 2 Q 1 W 1 Q 2 K 1 J 1 S 1 Z 1 F 2 17

18 If E Y, shift 24 4=20; key letter U. If T Y, shift = 5; key letter F. If N Y, shift = 11; key letter L.. 18

19 likely likely likely first second third letter letter letter U N N F Y Y L E E K D D H A A Q J J Y R R G Z Z Likely keywords: HER, GAY,... FAD, FAN, FAR, FED, FEN, LEE, LEA, KEN, KEY, Knowledge that the key word is a real 3-letter English word vastly reduces the amount of work from trying out all 3-letter strings or all 2-, 3-, 4-letter,... strings. 19

20 key cipher plain FEDFEDFED... CTMYRDOIB... XPJTN... key KEYKEYKEYKEY... cipher CTMYRDOIBSRE... plain SPOONFEEDING... 20

21 key cipher plain FEDFEDFED... CTMYRDOIB... XPJTN... key KEYKEYKEYKEY... cipher CTMYRDOIBSRE... plain SPOONFEEDING... SPOONFEEDING IN THE LONG RUN TEACHES US NOTHING BUT THE SHAPE OF THE SPOON 21

22 Brute-force Cryptanalysis of a Vigenere Cipher The following two slides show how a spreadsheet can be used to help with cryptanalysis of a Vigenere cipher where the length of the keyword is known to be 2. 22

23 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z AA AB AC AD AE AF AG The ciphertext X B M E E H D L M P D L J E Y K W A E R R Q I K E Q X F D D was produced by a Vigenere cipher using a two-letter keyword. To cryptanalyze by brute force, try out decipherments with two-letter keywords as shown here. Readable plaintext will correspond to the correct keyword. With the cell formulas as indicated, fill down from cells A9-B9 through A33-B33, and fill across and down from cells D8-E8 through AF33-AG33. Successively entering A, B, C,... in cell A8 will yield all the 676 decipherments = A8 =CHAR(MOD(CODE(B8)-65+1,26)+65) =CHAR(MOD(CODE(D$7)-65 -( CODE($A8)-65),26)+65) =CHAR(MOD(CODE(E$7)-65 - (CODE($B8)-65),26)+65) X B M E E H D L M P D L J E Y K W A E R R Q I K E Q X F D D A A X B M E E H D L M P D L J E Y K W A E R R Q I K E Q X F D D A B X A M D E G D K M O D K J D Y J W Z E Q R P I J E P X E D C A C X Z M C E F D J M N D J J C Y I W Y E P R O I I E O X D D B A D X Y M B E E D I M M D I J B Y H W X E O R N I H E N X C D A A E X X M A E D D H M L D H J A Y G W W E N R M I G E M X B D Z A F X W M Z E C D G M K D G J Z Y F W V E M R L I F E L X A D Y A G X V M Y E B D F M J D F J Y Y E W U E L R K I E E K X Z D X A H X U M X E A D E M I D E J X Y D W T E K R J I D E J X Y D W A I X T M W E Z D D M H D D J W Y C W S E J R I I C E I X X D V A J X S M V E Y D C M G D C J V Y B W R E I R H I B E H X W D U A K X R M U E X D B M F D B J U Y A W Q E H R G I A E G X V D T A L X Q M T E W D A M E D A J T Y Z W P E G R F I Z E F X U D S A M X P M S E V D Z M D D Z J S Y Y W O E F R E I Y E E X T D R A N X O M R E U D Y M C D Y J R Y X W N E E R D I X E D X S D Q A O X N M Q E T D X M B D X J Q Y W W M E D R C I W E C X R D P A P X M M P E S D W M A D W J P Y V W L E C R B I V E B X Q D O A Q X L M O E R D V M Z D V J O Y U W K E B R A I U E A X P D N A R X K M N E Q D U M Y D U J N Y T W J E A R Z I T E Z X O D M A S X J M M E P D T M X D T J M Y S W I E Z R Y I S E Y X N D L A T X I M L E O D S M W D S J L Y R W H E Y R X I R E X X M D K A U X H M K E N D R M V D R J K Y Q W G E X R W I Q E W X L D J A V X G M J E M D Q M U D Q J J Y P W F E W R V I P E V X K D I A W X F M I E L D P M T D P J I Y O W E E V R U I O E U X J D H A X X E M H E K D O M S D O J H Y N W D E U R T I N E T X I D G A Y X D M G E J D N M R D N J G Y M W C E T R S I M E S X H D F A Z X C M F E I D M M Q D M J F Y L W B E S R R I L E R X G D E 23

24 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z AA AB AC AD AE AF AG The ciphertext X B M E E H D L M P D L J E Y K W A E R R Q I K E Q X F D D was produced by a Vigenere cipher using a two-letter keyword. To cryptanalyze by brute force, try out decipherments with two-letter keywords as shown here. Readable plaintext will correspond to the correct keyword. With the cell formulas as indicated, fill down from cells A9-B9 through A33-B33, and fill across and down from cells D8-E8 through AF33-AG33. Successively entering A, B, C,... in cell A8 will yield all the 676 decipherments = A8 =CHAR(MOD(CODE(B8)-65+1,26)+65) =CHAR(MOD(CODE(D$7)-65 -( CODE($A8)-65),26)+65) =CHAR(MOD(CODE(E$7)-65 - (CODE($B8)-65),26)+65) X B M E E H D L M P D L J E Y K W A E R R Q I K E Q X F D D Q A H B W E O H N L W P N L T E I K G A O R B Q S K O Q H F N D Q B H A W D O G N K W O N K T D I J G Z O Q B P S J O P H E N C Q C H Z W C O F N J W N N J T C I I G Y O P B O S I O O H D N B Q D H Y W B O E N I W M N I T B I H G X O O B N S H O N H C N A Q E H X W A O D N H W L N H T A I G G W O N B M S G O M H B N Z Q F H W W Z O C N G W K N G T Z I F G V O M B L S F O L H A N Y Q G H V W Y O B N F W J N F T Y I E G U O L B K S E O K H Z N X Q H H U W X O A N E W I N E T X I D G T O K B J S D O J H Y N W Q I H T W W O Z N D W H N D T W I C G S O J B I S C O I H X N V Q J H S W V O Y N C W G N C T V I B G R O I B H S B O H H W N U Q K H R W U O X N B W F N B T U I A G Q O H B G S A O G H V N T Q L H Q W T O W N A W E N A T T I Z G P O G B F S Z O F H U N S Q M H P W S O V N Z W D N Z T S I Y G O O F B E S Y O E H T N R Q N H O W R O U N Y W C N Y T R I X G N O E B D S X O D H S N Q Q O H N W Q O T N X W B N X T Q I W G M O D B C S W O C H R N P Q P H M W P O S N W W A N W T P I V G L O C B B S V O B H Q N O Q Q H L W O O R N V W Z N V T O I U G K O B B A S U O A H P N N Q R H K W N O Q N U W Y N U T N I T G J O A B Z S T O Z H O N M Q S H J W M O P N T W X N T T M I S G I O Z B Y S S O Y H N N L Q T H I W L O O N S W W N S T L I R G H O Y B X S R O X H M N K Q U H H W K O N N R W V N R T K I Q G G O X B W S Q O W H L N J Q V H G W J O M N Q W U N Q T J I P G F O W B V S P O V H K N I Q W H F W I O L N P W T N P T I I O G E O V B U S O O U H J N H Q X H E W H O K N O W S N O T H I N G D O U B T S N O T H I N G Q Y H D W G O J N N W R N N T G I M G C O T B S S M O S H H N F Q Z H C W F O I N M W Q N M T F I L G B O S B R S L O R H G N E 24

25 Running-key Cipher Instead of repeating a single keyword, use a text 25

26 Illustration of a Perfectly Secure Cipher Assumptions: keyword consisting of 24 random letters messages are 24 characters long Intercepted ciphertext: XPQACOPJMFTSSKYEMCUNHDOR 26

27 The key word can be any of the keywords AAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAB. ZZZZZZZZZZZZZZZZZZZZZZZY ZZZZZZZZZZZZZZZZZZZZZZZZ 27

28 E.g., keyword BLQHVKYCIOPLERYRJHQWJAXT gives plaintext WEATHERHEREHOTANDVERYDRY Keyword IBFSJGNJBLGBOSFCYPFUJKZ gives plaintext POLITICALUNRESTCONTINUES 28

29 Another keyword gives plaintext POLITICALUNRESTNOWWANING As Eve tries out keywords, she will produce every sensible English sentence containing 24 letters, along with every sensible 24-letter sentence in any language that uses the Roman alphabet! She will also produce all the nonsense strings of 24 characters as well. No knowledge about keyword implies no knowledge about plaintext. Eve might as well guess. 29

30 Perfect Security Principle If correspondents have agreed on random keys of some length and if messages do not exceed this length, then intercepted ciphertext is unbreakable provided a new key is used with each message. 30