‫ﻛــﻠــﯿـــﺔ ھﻨﺪﺳﺔ اﻟﺤﺎﺳﻮب واﻟﻤﻌﻠﻮﻣﺎﺗﯿﺔ‬

Faculty of Computer &Informatics Engineering

Information Systems Security

LAB
Eng. Christine Zenieh

Affine Cipher

Introduction
The Affine Cipher is an example of a Substitution cipher. It is vulnerable
to all of the attacks that work against substitution ciphers, in addition to
other attacks.

The Algorithm
The 'key' for the Affine cipher consists of 2 numbers, a and b. The
following discussion assumes the use of a 26 character alphabet
(m=26). a should be chosen to be relatively prime to m (i.e. a should have
no factors in common with m). For example 15 and 26 have no factors in
common, so 15 is an acceptable value for a, however 12 and 26 have
factors in common (e.g. 2) so 12 cannot be used for a value of a. When
encrypting, we first convert all the letters to numbers ('a'=0, 'b'=1, ...,
'z'=25). The ciphertext letter c, for any given letter p is (remember p is the
number representing a letter):

The decryption function is:

where a−1 is the multiplicative inverse of a in the group of integers

modulo m.
To find a multiplicative inverse, we need to find a number x such that:
1
Syrian Private University Information Systems Security LAB
Faculty of Computer &Informatics Engineering
 If we find the number x such that the equation is true, then x is the inverse
of a, and we call it a−1. The easiest way to solve this equation is to search
each of the numbers 1 to 25, and see which one satisfies the equation.
Remember, this is just the definition of an inverse i.e. if a*x = 1(mod 26),
then x is an inverse of a (and a is an inverse of x).
We now use the value of x we calculated as a-1. This allows us to perform
the decryption step.
Note: As stated above, m does not have to be 26, it is simply the number
of characters in the alphabet you choose to use. If upper case characters,
lowercase characters and spaces are used, then m will be 53. Digits and
punctuation could also be incorporated (which again would change the
value of m).
Assume we discard all non alphabetical characters including spaces. Let
the key be a=5 and b=7. The encryption function is the (5*p+7)(mod 26).
To encode:

'defend the east wall of the castle',

We would take the first letter, 'd', convert it to a number, 3 ('a'=0, 'b'=1,
..., 'z'=25) and plug it into the equation:

since 'w' = 22, 'd' is transformed into 'w' using the values a=5 and b= 7. If
we continue with all the other letters we would have:

'wbgbuw yqb bhty nhkk zg yqb rhtykb'

Now to decode, the inverse of 5 modulo 26 is 21, i.e. 5*21 = 1 (mod 26).
The decoding function is

So we have recovered d=3 as the first plaintext character.

'defend the east wall of the castle'

2
Syrian Private University Information Systems Security LAB
Faculty of Computer &Informatics Engineering
 Cryptanalysis
The Affine cipher is a very insecure cipher, with the Caesar
cipher possibly being the only easier cipher to crack. The Affine cipher is
a monoalphabetic substitution cipher, so all the methods that are used to
cryptanalyse substitution ciphers can be used for the affine cipher. Affine
ciphers can also be cracked if any 2 characters are known.
As an example, imagine we have a ciphertext. If the 2 most common
characters in the ciphertext are 'h' and 'q', then we can assume that these
correspond to 'e' and 't' in the plaintext. We can set up a simultaneous
equation ('h' -> 'e' and 'q' -> 't'), the following 2 equations are simply two
instances of the affine cipher where we know (or assume we know) the
values of the plaintext character and the corresponding ciphertext
character for 2 cases, but do not know a or b (In the following equation
we have converted letters to numbers, 'e'=4, 'h'=7, 'q'=16, 't'=19):

For the following discussion we will refer to the more general set of
equations:

Solving systems of equations modulo 26 is slightly more difficult than

solving them normally, but it is still quite easy. We know the
values p, q, r and s, and we wish to find a and b. We must first find the
number D= p - q, and D-1 (the inverse of D). D-1 is found by looping
through the numbers between 1 and 25 until you find a number, x, such
that D*x = 1 (mod 26). We can now find the value of a and b.

Using the example we started with, p=4, r=7, q=19, s=16.

D = p-q = -15 = 11 (mod 26).
This means D-1 = 19.
So:

From this we would conclude that the a, b pair used to encrypt the
plaintext was 11 and 15 (this represents the key), respectively. If we
3
Syrian Private University Information Systems Security LAB
Faculty of Computer &Informatics Engineering
 decrypt the ciphertext under this assumption, we can see if these are
correct. If they are, that is the end, otherwise we could try other
combinations of common ciphertext letters instead of our guess of 'e' and
't'. This method is much easier to perform if you have a program that
performs these steps automatically.

4
Syrian Private University Information Systems Security LAB
Faculty of Computer &Informatics Engineering