Introduction to Modern Cryptography

Michele Ciampi

(Slides courtesy of Prof. Jonathan Katz)

Lecture 01 Part 3

1 / 17
Shift Cipher

2 / 17
The Shift Cipher

▶ Consider encrypting English text

▶ Associate a ← 0, b ← 1, ... z ← 25
▶ k ∈ K = {0, . . . , 25}
▶ To encrypt using key k, shift every letter of the plaintext
by k positions (with wraparound)
▶ Decryption just does the reverse

helloworldz
ccccccccccc
jgnnqyqtnfb

3 / 17
Modular arithmetic

▶ x = y mod N if and only if N divides x − y

▶ [x mod N ] = the remainder when x is divided by N
▶ i.e. the unique value y ∈ {0, . . . , N − 1} such that x = y
mod N
▶ 25 = 35 mod 10
▶ 25 ̸= [35 mod 10]
▶ 5 = [35 mod 10]

4 / 17
The Shift Cipher, formally

▶ M = strings over lowercase English alphabet

▶ Gen: choose uniform k ∈ {0, . . . , 25}
▶ Enck (m1 . . . mt ): output c1 . . . ct , where

ci = [mi + k mod 26]

▶ Deck (c1 . . . ct ): output m1 . . . mt , where

mi = [ci − k mod 26]

5 / 17
Is the Shift Cipher secure?

Brute-force Attack
▶ No – only 26 possible keys!
▶ Given a ciphertext, try decrypting with every possible key
▶ Only one possibility will “make sense”
▶ Example of a brute-force or exhaustive-search attack

6 / 17
Brute-force Attack on Shift Cipher

Example
▶ Ciphertext uryybjbeyq
▶ Try every possible key and decrypt:
▶ message under key 1 is: tqxxaiadxp
▶ message under key 2 is: spwwzhzcwo
▶ ...
▶ message under key i is: helloworld
▶ ...

7 / 17
Byte-wise Shift Cipher

▶ Alphabet of bytes rather than (English, lowercase) letters

▶ Works natively for arbitrary data!
▶ Use XOR instead of modular addition
▶ Essential properties still hold

8 / 17
Hexadecimal (base 16) Notation

Hex Bits Decimal Hex Bits Decimal

0 0000 0 8 1000 8
1 0001 1 9 1001 9
2 0010 2 A 1010 10
3 0011 3 B 1011 11
4 0100 4 C 1100 12
5 0101 5 D 1101 13
6 0110 6 E 1110 14
7 0111 7 F 1111 15

9 / 17
Hexadecimal (base 16) Notation

0x10
▶ 0x10 = 16*1 + 0 = 16
▶ 0x10 = 0001 0000

0xAF
▶ 0xAF = 16*A + F = 16*10 + 15 = 175
▶ 0xAF = 1010 1111

10 / 17
ASCII

▶ American Standard Code for Information Interchange

▶ Character encoding standard
▶ Byte-wise Shift Cipher: encode characters in ASCII
▶ 1 byte = 1 character = 2 hex digits
▶ Encoded using the ASCII table

11 / 17
ASCII table

https://hubpages.com/technology/What-Are-ASCII-Codes
12 / 17
Useful observations

▶ Only 128 valid ASCII chars (128 bytes invalid)

▶ Only 0x20-0x7E printable
▶ 0x41-0x7A includes upper/lowercase letters
▶ Uppercase letters begin with 0x4 or 0x5
▶ Lowercase letters begin with 0x6 or 0x7

13 / 17
Byte-wise Shift Cipher, Formally

▶ M = strings of bytes
▶ Gen: choose uniform k ∈ K = {0x00 . . . 0xFF} i.e. there
are 256 possible keys
▶ Enck (m1 . . . mt ): output c1 . . . ct , where

ci = mi ⊕ k

▶ Deck (c1 . . . ct ): output m1 . . . mt , where

mi = ci ⊕ k

14 / 17
Is this scheme secure?

▶ No – only 256 possible keys!

▶ Given a ciphertext, try decrypting with every possible key
▶ If ciphertext is long enough, only one plaintext will ”make
sense”
▶ Can further optimize
▶ First nibble of plaintext likely 0x4,0x5,0x6,0x7 (assuming
letters only)
▶ Recover 2 key bits and reduce exhaustive search by a factor
of 4.

15 / 17
Sufficient key space principle

Crypto Design Lesson One

▶ The key space must be large enough to make brute-force
attacks impractical

Spoiler: necessary, but not sufficient

16 / 17
 End

Reference: Section 1.3 of the book

17 / 17