971 Cryptography Homework #1

abcde f gh i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

2.13.5 The following ciphertext was encrypted by an affine cipher mod 26:

CRW W Z
The plaintext starts with ha. Decrypt the message.

Sol.
Since the ciphertext corresponding to the plaintext ”ha” (7, 0) is
”CR” (2, 17) and the cipher is an affine cipher, we immediately have
the following two equations:

2 ≡ α·7+β (mod 26)

17 ≡ α · 0 + β (mod 26)

The second equation says that β = 17. Substitute back to the first
equation, we have 2 ≡ α · 7 + 17 (mod 26), i.e. 7 · α ≡ 11 (mod 26).
∗
Since gcd(7, 16) = 1, 7 has inverse in Z26 , i.e. 7 · 15 ≡ 1 (mod 26).
Thus, α ≡ 15 · 11 ≡ 9 (mod 26).
The encryption formula is Y ≡ 9 · x + 17 (mod 26).
The decryption formula is x ≡ 3 · (Y − 17) ≡ 3Y + 1 (mod 26).
ciphertext W −→ 22, x ≡ 3 · 22 + 1 ≡ 15 (mod 26) −→ plaintext p
ciphertext Z −→ 25, x ≡ 3 · 25 + 1 ≡ 24 (mod 26) −→ plaintext y
Plaintext: happy

2.13.8 Suppose that you want to encrypt a message using an affine cipher. You let
a = 0, b = 1, ..., z = 25, but you also include ? = 26, ; = 27, ” = 28, ! = 29.
Therefore, you use x −→ αx + β (mod 30) for your encryption function, for
some integers α and β.

(a) Show that there are exactly eight possible choices for the integer α (that
is, there are only eight choices of α (with 0 < α < 30) that allow you to
decrypt).
(b) Suppose you try to use α = 10, β = 0. Find two plaintext letters that
encrypt to the same ciphertext letter.

Sol.
 (a) Basically, the only usable values of α must satisfy gcd(α, 30)
= 1 such that each ciphertext can be decrypted. Therefore, the
number of possible values are those α being relatively prime to
30.
In terms of the Euler’s totient function, the number of possible
values is φ(30) = φ(5) · φ(6) = φ(5) · φ(3) · φ(2) = 4 · 2 · 1 = 8.
These values include {1, 7, 11, 13, 17, 19, 23, 29}.
(b) The encryption formula is Y ≡ αx + β ≡ 10x (mod 30).
Note that gcd(30, 10) = 10 implies that there must be 10 plain-
text letters that map to the same ciphertext letter.
e.g.
For the plaintext ‘a’, x = 0, Y ≡ 10 · 0 ≡ 0, ciphertext is ‘A’
To find the plaintext letters that map to the ciphertext ‘A’, we
solve the congruence relation 0 ≡ 10 · x (mod 30)
⇒ 0 ≡ x (mod 10)
⇒ x = 0, 3, 6, 9, 12, 15, 18, 21, 24, 27 all satisfy 0 ≡ 10·x (mod 30)

For the plaintext ‘b’, x = 1, Y ≡ 10 · 1 ≡ 10, ciphertext is ‘K’

To find the plaintext letters that map to the ciphertext ‘K’, we
solve the congruence relation 10 ≡ 10 · x (mod 30)
⇒ 1 ≡ x (mod 10)
⇒ x = 1, 4, 7, 10, 13, 16, 19, 22, 25, 28 all satisfy 10 ≡ 10·x (mod 30)

For the plaintext ‘c’, x = 2, Y ≡ 10 · 2 ≡ 20, ciphertext is ‘U ’

To find the plaintext letters that map to the ciphertext ‘U ’, we
solve the congruence relation 20 ≡ 10 · x (mod 30)
⇒ 2 ≡ x (mod 10)
⇒ x = 2, 5, 8, 11, 14, 17, 20, 23, 26, 29 all satisfy 20 ≡ 10·x (mod 30)


12
2.13.17 Suppose the matrix is used for an encryption matrix in a Hill cipher.
34
Find two plaintexts that encrypt to the same ciphertext

Sol.
First, this is a block cipher scheme, the plaintext always means a
block of plaintext letters (i.e. a pair of plaintext letters).
The determinant is d = 4 − 3 · 2 = −2, is coprime to the modulus 26.
It can be expected that for each ciphertext block, there are gcd(26,
2) = 2 plaintext blocks that map to it.
The encryption equation is


12
(Y1 , Y2 ) ≡ (x1 , x2 ) (mod 26)
34

That is, 
Y1 ≡ x1 + 3x2 (mod 26)
Y2 ≡ 2x1 + 4x2 (mod 26)
 Assuming that the second pair of plaintext that satisfies the same
equation is (x1 , x2 ). Then,

(x1 − x1 ) + 3(x2 − x2 ) ≡ 0 (mod 26)
2(x1 − x1 ) + 4(x2 − x2 ) ≡ 0 (mod 26)
Multiply the first equation by 2 and subtract the second equation
from it, we obtain
2(x2 − x2 ) ≡ 0 (mod 26)
i.e. x2 = x2 or x2 = x2 + 13. If x2 = x2 , then from the first equation,
x1 = x1 . This is a trivial case.
If x2 = x2 + 13, then from the first equation, x1 = x1 + 13.
From the above discussion, we note that any pair of plaintexts such
that x1 = x1 + 13 and x2 = x2 + 13 would encrypt to the same
ciphertext block. For example, (a, b) → (N, O), (b, i) → (O, V ),
(s, k) → (F, X), ...

2.14.7 The following was encrypted using the Vigenere method using a key of length
at most 6. Decrypt it and decide what is unusual about the plaintext. How
did this affect the results?
hdsf gvmkoowaf weetcmf thskucaqbilgjof maqlgspvatvxqbiryscpcf rmvsw
rvnqlszdmgaoqsakmlupsqf orvtwvdf cjzvgsoaoqsacjkbrsevbelvbksarls
cdcaarmnvrysywxqgvellcyluwwveoaf gclazowaf ojdlhssf iksepsoywxaf o
wlbf csocylngqsyzxgjbmlvgrggokgf gmhlmejabsjvgmlnrvqzcrggcrghgeu
pcyf gtydycjkhqluhgxgzovqswpdvbwsf f senbxapasgazmyuhgsf hmf tayjxm
wznrsof rsoaopgauaaarmf tqsmahvqecev

(The ciphertext is stored in the downloadable computer files (see the Appen-
dices) under the name hdsf. The plaintext is from Gadsby by Ernest Vincent
Wright.)

Sol.
Using the MATLAB programs, you can estimate the length of the
key, the key, the decipher the ciphertext.
(a) execute ciphertexts.m to define the hdsf
(b) f or i = 1 : 12
coincidence(i) = coinc(hdsf, i);
end
coincidence = 11 14 15 25 14 14 15 23 15 11 6 27
Therefore, the length of key is very likely to be 4.
(c) f or i = 1 : 4
[y, key(i)] = max(vigvec(hdsf, 4, i));
end
key = key − [1 1 1 1];
keytext = int2text(key)
(d) The plaintext can be calculated by

plaintext = vigenere(hdsf, [26 26 26 26] − key);

With this code, we can find out that the key is “noes”.
The decrypted ciphertext is:
uponthisbasisiamgoingtoshowyouhowabunchof brightyoungf olksd
idf indachampionamanwithboysandgirlsof hisownamanof sodominat
ingandhappyindividualitythatyouthisdrawntohimasisaf lytoasu
garbowlitisastoryaboutasmalltownitisnotagossipyyarnnorisit
adrymonotonousaccountf ullof suchcustomaryf illinsasromanticm
oonlightcastingmurkyshadowsdownalongwindingcountryroad

Let’s insert some spaces, punctuation and capitalize some charac-

ters for easier reading of this paragraph:

Upon this basis, I am going to show you how a bunch of bright

young folks did find a champion aman.
With boys and girls of his own aman.
Of so dominating and happy individuality that you this drawn to
him as is a fly to a sugar bowl.
It is a story about a small town.
It is not a gossipy yarn nor is it a dry monotonous account full of
such customary fillins as romantic moonlight casting murky shadows
down along winding country road.

You can use f requency(plaintext) to further explore the letter fre-

quency of the plaintext. The result is 35 6 9 14 0 9 12 15 34 0 2 13 12 31
41 5 0 13 28 25 15 1 10 0 14 0. Notice that in this poem/prayer style
English paragraph, the letter ‘e’ did not occur at all in these 344
character paragraph. This is different from a normal English para-
graph. This implies that had we not used the correlation analysis
in the crytanalysis of the key but used the first method treating
the most frequently occurred letter as ‘e’, we would run into deep
troubles.