Department of Computer Science & Engineering

CSE-411 Cryptography
Instructor : Dr. Ahmed Gomaa

Fall, 2024
 Cryptography
Lecture 2
Classical cryptography
Recommended reading: Sections 1.1-1.4
 Lecture Outline

•What did we cover last time?

•What is ahead?
 Classical cryptography

• Until the 1970s, exclusively concerned with ensuring secrecy of

communication

• I.e., encryption
 Kerckhoffs’s principle

• The encryption scheme is not secret

– The attacker knows the encryption scheme
– The only secret is the key
– The key must be chosen at random; kept secret

• Arguments in favor of this principle

– Easier to keep key secret than algorithm
– Easier to change key than to change algorithm
– Standardization
• Ease of deployment
• Public scrutiny
 Modern cryptography

Design, analysis, and implementation of mathematical techniques for

securing information, systems, and distributed computations against
adversarial attack
 Recall

• A private-key encryption scheme is defined by a message space

M and algorithms (Gen, Enc, Dec):
– Gen (key-generation algorithm): generates k
– Enc (encryption algorithm): takes key k and message
m  M as input; outputs ciphertext c
c  Enck(m)
– Dec (decryption algorithm): takes key k and
ciphertext c as input; outputs m.
m := Deck(c)
 Private-key encryption
key key
ciphertext

c
k k

m m := Deck(c)
c := Enck(m) message/plaintext

decryption
encryption
 Encryption
• Goal: secrecy of communication

• Basic terminology
– plaintext or message
– ciphertext
– cryptographic key

• Encryption scheme is defined by algorithms

– Gen: setup public parameters and key(s)
– Enc: given a message m and encryption key, output ciphertext c
– Dec: given a ciphertext c and decryption key, output plaintext m or fail
 Encryption

• Gen can be configurable and takes a parameter n ∈ N called security parameter

•Encryption scheme E = (Gen, Enc, Dec) has associated
– message space M
– ciphertext space C
– key space K

•We obtain:
– Gen : N → K
– Enc : M × K → C
– Dec : C × K → M
 Encryption

•What do we want from an encryption scheme?

– correctness

– security
 Types of Encryption

•Symmetric key encryption

•Public-key encryption

•How about cryptography beyond encryption?

Caesar Cipher
Caesar Cipher Algorithm
 Caesar Cipher
https://www.dcode.fr/caesar-cipher

jrtbgbvah
Caesar Cipher
 Caesar Cipher

•Example
AB C D E F G H I J K L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

– Message M = CIPHER
– Ciphertext C = ?

•Assuming Kerckhoffs’ principle, how do you break shift cipher?

 Caesar Cipher
We are encrypting the message CIPHER using a shift cipher. The alphabet positions based on the table are:
C=2
I=8
P = 15
H=7
E=4
R = 17
Let’s assume the shift is, for example, 3 (this shift could be any value as per the cipher used). For each letter
the message "CIPHER", we will shift it by 3 positions forward in the alphabet:
C (2) becomes F (2+3 = 5)
I (8) becomes L (8+3 = 11)
P (15) becomes S (15+3 = 18)
H (7) becomes K (7+3 = 10)
E (4) becomes H (4+3 = 7)
R (17) becomes U (17+3 = 20)
Thus, the ciphertext for CIPHER with a shift of 3 would be:
Ciphertext=FLSKHU
 Caesar Cipher

Breaking a Shift Cipher (Kerckhoffs’ Principle):

Kerckhoffs' Principle states that a cryptosystem should be secure even if everything about the
system, except the key, is public knowledge.
To break a shift cipher under this principle:
1.Frequency Analysis: You can analyze the frequency of the letters in the ciphertext. In English,
some letters (like E, T, A) appear more frequently. By comparing the frequencies in the ciphertext
with standard English letter frequencies, you can estimate the shift.
2.Brute Force Attack: Since the key space of a shift cipher is limited (there are only 25 possible
shifts), you can simply try all possible shifts. For each shift, decrypt the ciphertext and check if the
resulting plaintext makes sense.
3.Known Plaintext Attack: If part of the plaintext is known or can be guessed (for example,
common words like "THE" or "AND"), you can use this knowledge to determine the shift by
comparing the ciphertext with the known part of the plaintext.
These techniques can help in breaking the shift cipher efficiently.
 Cipher Methods

• Plaintext can be encrypted through:

1. Bit stream: each plaintext bit is transformed into a cipher bit one bit at
a time.
» commonly use functions like the exclusive OR operation (XOR)
2. Block cipher: the message is divided into blocks (e.g., sets of 8- or 16-bit
blocks), and each is transformed into an encrypted block of cipher bits
using an algorithm and key.
o can use substitution, transposition, XOR, or some
combination of these operations
 Cipher Methods
An important distinction in symmetric cryptographic algorithms is between
stream and block ciphers.
• Stream ciphers convert one symbol of plaintext directly into a
symbol of ciphertext.
• Block ciphers encrypt a group of plaintext symbols as one block.

Simple substitution is an example of a stream cipher. Columnar transposition

is a block cipher.

Most modern symmetric encryption algorithms are block ciphers. Block sizes
vary (64 bits for DES, 128 bits for AES, etc.).
 Cipher Methods
Stream Cipher
• Advantages:
 Speed of transformation: algorithms are linear in time and constant
in space.
 Low error propagation: an error in encrypting one symbol likely will not
affect subsequent symbols.

• Disadvantages:
 Lowdiffusion: all information of a plaintext symbol is contained
in a single ciphertext symbol. (no chance to change the location
of bit)
 Less secure: Susceptibility to insertions/ modifications: an
active interceptor who breaks the algorithm might insert spurious text that
looks authentic.
 Cipher Methods
Block Cipher:
• Advantages:
 High diffusion: information from one plaintext symbol is diffused into several
ciphertext symbols.
 More secure: Immunity to tampering: difficult to insert symbols without detection.

• Disadvantages:
 Encryption process is slow
 Slowness of encryption: an entire block must be accumulated before
encryption / decryption can begin.
 Error propagation: An error in one symbol may corrupt the entire block.
 Caesar Cipher

•Caesar cipher works on individual letters

– associates each letter with a number between 0 and 25, i.e., A = 0, B = 1, etc.
– message space is M = {0, . . ., 25} and ciphertext space is C = { 0, . . ., 25}

•Encryption: shift the letter right by 3 positions, i.e., Enc(m) = ( m + 3) mod 26

•Decryption: shift the letter left by 3 positions, i.e., Dec( c) = ( c − 3) mod 26

 Substitution Cipher
• Substitutes: exchanges one value for another
 for example, it might exchange a letter in the alphabet with
the letter three values to the right.

• It has three types:

• Monoalphabetic, Polyalphabetic and Vigenère cipher
 Substitution Cipher
Summary of Substitution

 Advantages:
 Simple
 Easy to encrypt

 Disadvantages:
 Easy to break!!!
 Exclusive OR (XOR)
• Boolean logic operation
• A function within Boolean algebra used as an encryption
function in which two bits are compared.
– If the two bits are identical, the result is a binary 0.
– If the two bits are not identical, the result is a binary 1.
• Very simple to implement and simple to break; should
not be used by itself when an organization is
transmitting/storing sensitive data.
 Table 8-3 XOR Table

First bit Second bit result

0 0 0

0 1 1

1 0 1

1 1 0
Table 8-3 Example XOR Encryption

Text value Binary value

CAT as bits 010000110100000101010100

VVV as key 010101100101011001010110

Cipher 000101010001011100000010
 Transposition Cipher

• Also known as a permutation cipher; involves simply rearranging

the values within a block based on an established pattern.

• Can be done at the bit level or at the byte (character) level.

• To make the encryption even stronger, the keys and block sizes

can be increased to 128 bits or more.

 Transposition Cipher
 Letters of the message are rearranged
 Break patterns, e.g., columnar transposition
Plaintext: this is a test
this
isat tiehssiatst!
est!
 Advantages: easy to implement
 Disadvantages:
 Trivially broken for known plaintext attack
 Easily broken for cipher only attack
 Vernam Cipher
• A cryptographic technique developed and known as the “one-time pad.”
• This cipher uses a set of characters for encryption operations
only one time and then discards it.
• To perform:
– The pad values are added to numeric values that represent the plaintext that
needs to be encrypted
– Each character of the plaintext is turned into a number and a pad value for
that position is added
– The resulting sum for that character is then converted back to a ciphertext
letter for transmission
– If the sum of the two values exceeds 26, then 26 is subtracted from the total
 The key is used one time; every bit/letter treated separately in encryption
 Shift Cipher

•Shift cipher is generalization of Caesar cipher

– uses a key with key space K = {1, . . ., 25}
R
• Gen: choose k ← K

• Enc: given key k, shift the letter right by k positions, i.e.,

Enc k (m) = ( m + k) mod 26
• Dec: given key k, shift the letter left by k positions, i.e.,
Deck ( c) = ( c − k) mod 26

•How hard is this one to break? What does it tell us?

 Substitution Cipher

• Similarly, operates on one letter at a time (M = C = Z 26 )

• The key space consists of all possible permutations of the 26 symbols 0, . . . , 25

• Gen: choose a random permutation π : Z 26 → Z 26

• Enc: permute using π, i.e., Enc π (m) = π ( m )

• Dec: reverse permutation, i.e., Dec π (c) = π −1 (c), where π −1 is the inverse permutation to π
• Example

AB C D E FGH I J K LMNO PQR S T UVWXYZ

X N YA H P O G Z Q W B T S F L R C V M U E K J D I
 Substitution Cipher

•Key space is 26! ≈ 4 ·10 26

– exhaustive (or brute-force) search is no longer possible
– the cipher thought to be unbreakable at the time it was used

•The key to breaking the cipher lies in frequency analysis

•The fact: each language has certain features such as frequency of letters and
frequency of groups of letters

•Substitution cipher preserves such features

 Substitution Cipher: Cryptanalysis

•Probabilities of occurrence of English language letters:

letter prob letter prob letter prob letter prob
A 0.082 H 0.061 O 0.075 V 0.010
B 0.015 I 0.070 P 0.019 W 0.023
C 0.028 J 0.002 Q 0.001 X 0.001
D 0.043 K 0.008 R 0.060 Y 0.020
E 0.127 L 0.040 S 0.063 Z 0.001
F 0.022 M 0.024 T 0.091
G 0.020 N 0.067 U 0.028

•The common sequences of two or three consecutive letters (diagrams and

trigrams, resp.) are also known

•Other language features: vowels constitute 40% of plaintext, letter Q is always

followed by U, etc.
 Substitution Cipher: Cryptanalysis

•Given a ciphertext, count different characters and their combinations to determine

the frequency of usage
•Examine the ciphertext for patterns, repeated series, etc.

•Replace ciphertext characters with possible plaintext equivalents using known

language characteristics
•Example:YIFQFMZRWQFYVECFMDZPCVMRZWNMDZVEJBTXCDDUMJ
NDIFEFMDZCDMQZKCEYFCJMYRNCWJCSZREXCHZUNMXZ
NZUCDRJXYYSMRTMEYIFZWDYVZVYFZUMRZCRWNZDZJJ
XZWGCHSMRNMDHNCMFQCHZJMXJZWIEJYUCFWDJNZDIR
 Another Attack on Shift Ciphers

• Using probabilities we can also automate cryptanalysis of shift cipher

– why is previous approach harder to automate?
• How this attack works
– let p i denote the probability of ith letter, 0 ≤ i ≤ 25, in English text
– using known values for pi’s, we get

– let qi denote the probability of ith letter in a ciphertext

• how is it computed?
 Another Attack on Shift Ciphers

• How this attack works (cont.)

– if the key was k, then we expect q i + k ≈ p i
– so test each value of k using

for 0 ≤ j ≤ 25
– output k for which I k is closest to 0.065
 Vigene`re Cipher

• The security of the substitution cipher can be improved if each letter is mapped to
different letters
– such ciphers are called polyalphabetic
– shift and substitution ciphers are both monoalphabetic

• In Vigene`re cipher, the key is a string of length L and is called a keyword

• Encryption is performed on L characters at a time similar to the shift cipher

The Vigenere square
 Vigene`re Cipher

• Gen: choose L ← N and random key

R
k ← Z 26
L

• Enc: given key k = (k 1 , k 2 , . . ., k L ), encrypt L-character message m as

Enc k (m 1 , . . ., m L ) = ( ( m 1 + k 1 ) mod 26, . . ., ( m L + k L ) mod 26)

• To decrypt c using k:
Dec k(c1, . . ., c L ) = ((c 1 − k 1 ) mod 26, . . ., (c L − k L ) mod 26)
 Vigene`re Cipher

• Example:
– using L = 4 and the keyword k = LUCK, encrypt the plaintext
m = CRYPTOGRAPHY
– rewrite the key as k = (11, 20, 2, 10) and compute the ciphertext as:

2 17 24 15 19 14 6 17 0 15 7 24
11 20 2 10 11 20 2 10 11 20 2 10
13 11 0 25 4 8 8 1 11 9 9 8

– the ciphertext is c = NLAZEIIBLJJI

 Vigene`re Cipher

• Shift ciphers are vulnerable to frequency analysis attacks, but what about the Vigene`re cipher?

• As the length of the keyword increases, usage of letters no longer follows language structure

• Think of this cipher as a collection of several shift ciphers

• Now the first task is to find the length of the key L

• Then we can divide the message into L parts and use frequency analysis on each
 Vigene`re Cipher

• There are two methods to find the key length: Kasisky test and index of coincidence

• Kasisky test:
– two identical segments of plaintext will be encrypted to the same ciphertext if they are
δ positions apart where δ ≡ 0 ( m od L )
– search for identical segments (of length ≥ 3) and record the distances between them (δ 1 ,
δ2, . . .)
– L divides the δi’s ⇒ l divides gcd(δ 1 , δ2, . . .)
 Vigene`re Cipher

• Index of coincidence:
– assume we are given a string x = x 1 x 2 ···x n of n characters
– index of coincidence of x, I c (x), is measures the likelihood that two randomly drawn
elements of x are identical
– as before, let q i denote probability of ith letter in x
– index of coincidence is computed (in simplified form) as

– for English text, we get 0.065

– for random strings, each q i has roughly the same probability
 Vigene`re Cipher

• Index of coincidence:
– for q i = 1/26, we get

• Thus we can test for various key lengths to see whether I c of the ciphertext is
close to that of English

• We first divide the ciphertext string c = c 1 . . .c n into L substrings s 1 , . . ., s L

and write them in a matrix
 Vigene`re Cipher
• Guessing key length:

– compute I c ( C i ) for i = 1, . . ., L
– if the values are not close to 0.065, try a different key length L

• Once the key size is determined, use frequency analysis on each C i

 Vigene`re Cipher

• How index of coincidence is derived

– denote the frequency of ith letter in x by f i
– so we have q i = f i / n for n-character x
– we can choose two elements in x in ways

• recall that the binomial coefficient

– for each letter i, there are ways of choosing both elements to be i

 Cipher Cryptanalysis

• Types of attacks on encryption:

– ciphertext only attack: the cryptanalyst knows a number of ciphertexts
– known plaintext attack: the cryptanalyst knows a number of ciphertexts and the corresponding
plaintexts
– chosen plaintext attack: the cryptanalyst can obtain encryptions of chosen plaintext messages
– chosen ciphertext attack: the cryptanalyst can obtain decryptions of chosen ciphertexts

• Which did we use so far? what about others?

• How realistic are they?

 Summary

• Encryption: definitions, types, properties

• Shift ciphers have small key space and are easy to break using brute force search

• Substitution ciphers preserve language features and are vulnerable to frequency

analysis attacks

• Vigene`re ciphertexts can be decrypted as well

– once the key length is found, frequency analysis can be applied
Thank You