971 Cryptography Homework #1
971 Cryptography Homework #1
abcde f gh i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
2.13.5 The following ciphertext was encrypted by an affine cipher mod 26:
CRW W Z
The plaintext starts with ha. Decrypt the message.
Sol.
Since the ciphertext corresponding to the plaintext ”ha” (7, 0) is
”CR” (2, 17) and the cipher is an affine cipher, we immediately have
the following two equations:
The second equation says that β = 17. Substitute back to the first
equation, we have 2 ≡ α · 7 + 17 (mod 26), i.e. 7 · α ≡ 11 (mod 26).
∗
Since gcd(7, 16) = 1, 7 has inverse in Z26 , i.e. 7 · 15 ≡ 1 (mod 26).
Thus, α ≡ 15 · 11 ≡ 9 (mod 26).
The encryption formula is Y ≡ 9 · x + 17 (mod 26).
The decryption formula is x ≡ 3 · (Y − 17) ≡ 3Y + 1 (mod 26).
ciphertext W −→ 22, x ≡ 3 · 22 + 1 ≡ 15 (mod 26) −→ plaintext p
ciphertext Z −→ 25, x ≡ 3 · 25 + 1 ≡ 24 (mod 26) −→ plaintext y
Plaintext: happy
2.13.8 Suppose that you want to encrypt a message using an affine cipher. You let
a = 0, b = 1, ..., z = 25, but you also include ? = 26, ; = 27, ” = 28, ! = 29.
Therefore, you use x −→ αx + β (mod 30) for your encryption function, for
some integers α and β.
(a) Show that there are exactly eight possible choices for the integer α (that
is, there are only eight choices of α (with 0 < α < 30) that allow you to
decrypt).
(b) Suppose you try to use α = 10, β = 0. Find two plaintext letters that
encrypt to the same ciphertext letter.
Sol.
(a) Basically, the only usable values of α must satisfy gcd(α, 30)
= 1 such that each ciphertext can be decrypted. Therefore, the
number of possible values are those α being relatively prime to
30.
In terms of the Euler’s totient function, the number of possible
values is φ(30) = φ(5) · φ(6) = φ(5) · φ(3) · φ(2) = 4 · 2 · 1 = 8.
These values include {1, 7, 11, 13, 17, 19, 23, 29}.
(b) The encryption formula is Y ≡ αx + β ≡ 10x (mod 30).
Note that gcd(30, 10) = 10 implies that there must be 10 plain-
text letters that map to the same ciphertext letter.
e.g.
For the plaintext ‘a’, x = 0, Y ≡ 10 · 0 ≡ 0, ciphertext is ‘A’
To find the plaintext letters that map to the ciphertext ‘A’, we
solve the congruence relation 0 ≡ 10 · x (mod 30)
⇒ 0 ≡ x (mod 10)
⇒ x = 0, 3, 6, 9, 12, 15, 18, 21, 24, 27 all satisfy 0 ≡ 10·x (mod 30)
Sol.
First, this is a block cipher scheme, the plaintext always means a
block of plaintext letters (i.e. a pair of plaintext letters).
The determinant is d = 4 − 3 · 2 = −2, is coprime to the modulus 26.
It can be expected that for each ciphertext block, there are gcd(26,
2) = 2 plaintext blocks that map to it.
The encryption equation is
12
(Y1 , Y2 ) ≡ (x1 , x2 ) (mod 26)
34
That is,
Y1 ≡ x1 + 3x2 (mod 26)
Y2 ≡ 2x1 + 4x2 (mod 26)
Assuming that the second pair of plaintext that satisfies the same
equation is (x1 , x2 ). Then,
(x1 − x1 ) + 3(x2 − x2 ) ≡ 0 (mod 26)
2(x1 − x1 ) + 4(x2 − x2 ) ≡ 0 (mod 26)
Multiply the first equation by 2 and subtract the second equation
from it, we obtain
2(x2 − x2 ) ≡ 0 (mod 26)
i.e. x2 = x2 or x2 = x2 + 13. If x2 = x2 , then from the first equation,
x1 = x1 . This is a trivial case.
If x2 = x2 + 13, then from the first equation, x1 = x1 + 13.
From the above discussion, we note that any pair of plaintexts such
that x1 = x1 + 13 and x2 = x2 + 13 would encrypt to the same
ciphertext block. For example, (a, b) → (N, O), (b, i) → (O, V ),
(s, k) → (F, X), ...
2.14.7 The following was encrypted using the Vigenere method using a key of length
at most 6. Decrypt it and decide what is unusual about the plaintext. How
did this affect the results?
hdsf gvmkoowaf weetcmf thskucaqbilgjof maqlgspvatvxqbiryscpcf rmvsw
rvnqlszdmgaoqsakmlupsqf orvtwvdf cjzvgsoaoqsacjkbrsevbelvbksarls
cdcaarmnvrysywxqgvellcyluwwveoaf gclazowaf ojdlhssf iksepsoywxaf o
wlbf csocylngqsyzxgjbmlvgrggokgf gmhlmejabsjvgmlnrvqzcrggcrghgeu
pcyf gtydycjkhqluhgxgzovqswpdvbwsf f senbxapasgazmyuhgsf hmf tayjxm
wznrsof rsoaopgauaaarmf tqsmahvqecev
(The ciphertext is stored in the downloadable computer files (see the Appen-
dices) under the name hdsf. The plaintext is from Gadsby by Ernest Vincent
Wright.)
Sol.
Using the MATLAB programs, you can estimate the length of the
key, the key, the decipher the ciphertext.
(a) execute ciphertexts.m to define the hdsf
(b) f or i = 1 : 12
coincidence(i) = coinc(hdsf, i);
end
coincidence = 11 14 15 25 14 14 15 23 15 11 6 27
Therefore, the length of key is very likely to be 4.
(c) f or i = 1 : 4
[y, key(i)] = max(vigvec(hdsf, 4, i));
end
key = key − [1 1 1 1];
keytext = int2text(key)
(d) The plaintext can be calculated by
With this code, we can find out that the key is “noes”.
The decrypted ciphertext is:
uponthisbasisiamgoingtoshowyouhowabunchof brightyoungf olksd
idf indachampionamanwithboysandgirlsof hisownamanof sodominat
ingandhappyindividualitythatyouthisdrawntohimasisaf lytoasu
garbowlitisastoryaboutasmalltownitisnotagossipyyarnnorisit
adrymonotonousaccountf ullof suchcustomaryf illinsasromanticm
oonlightcastingmurkyshadowsdownalongwindingcountryroad