CB3491

CRYPTOGRAPHY AND
CYBER SECURITY
UNIT I INTRODUCTION TO SECURITY
• Computer Security Concepts – The OSI Security
Architecture – Security Attacks – Security
Services and Mechanisms – A Model for Network
Security – Classical encryption techniques:
Substitution techniques, Transposition
techniques, Steganography – Foundations of
modern cryptography: Perfect security –
Information Theory – Product Cryptosystem –
Cryptanalysis.
 Cryptography
• Cryptography is the process of hiding or coding
information so that only the person a message
was intended for can read it.
• Individuals and organizations use cryptography on
a daily basis to protect their privacy and keep
their conversations and data confidential.
Cryptography ensures confidentiality by
encrypting sent messages using an algorithm with
a key only known to the sender and recipient.
 History of Cryptography
• inscription carved around 1900 BC, in the main chamber of the tomb Egypt.
• In 1500 BC, a Mesopotamian scribe used cryptography to conceal a formula for
pottery glaze.
• around 100 BC, Julius Caesar was known to use a form of encryption to convey
secret messages to his army generals posted in the war front.(Substitution
cipher)
• During the 16th century, Vigenere designed a, the encryption key was repeated
multiple times spanning the entire message. the Vigènere cipher was broken in
1863 by Friedrich Kasiski.
• Cryptography played a huge role in both World War I and World War II. In 1918,
the Enigma Machine was created by German engineer Arthur Scheribus. By
World War II, it was used regularly by Nazi German military.
• The Enigma Machine was ultimately cracked by Poland, which led the British to
create the Bombe, a device that helped to identify the wheel order of the
Enigma machine and the rotors’ initial settings.
• that changed when businesses saw cryptography’s commercial potential to
secure data from competitors.
History of Cryptography
• 1970s, IBM created a cipher called Lucifer, a block cipher –
Symmetric key Algms
• The Data Encryption Standard(DES) uses a symmetric-key
algorithm and has a key-length of 56 bits To protect
sensitive electronic government data and a modified
version was accepted in 1976.
• In 1999, it was deciphered in 22 hours and 15 minutes by
Brute-force attack method.
• In 2001, the National Institute of Standards and Technology
(NIST), selected the Advanced Encryption Standard (AES)
• uses larger key lengths of 128, 192 and 256 bits, with a
block size of 128 bits.
 Cyber Crime
• A cyber attack is any malicious attempt to gain
unauthorized access to a computer, computing
system or computer network with the intent to
cause damage.
Common types of cyber attacks
• Malware is a term used to describe malicious software,
including spyware, ransomware, viruses, and worms. when
a user clicks a dangerous link or email attachment that then
installs risky software.
• Phishing is the practice of sending fraudulent
communications that appear to come from a reputable
source, usually through email. The goal is to steal sensitive
data like credit card and login information or to install
malware on the victim’s machine.
• Man-in-the-middle (MitM) attacks, also known as
eavesdropping attacks.
• On unsecure public Wi-Fi
• Once malware has breached a device, an attacker can install
software to process all of the victim’s information.
• A Structured Query Language (SQL) injection occurs
when an attacker inserts malicious code into a server
that uses SQL and forces the server to reveal
information
• A zero-day exploit hits after a network vulnerability is
announced but before a patch or solution is
implemented. Attackers target the disclosed
vulnerability during this window of time.
• Social engineering attacks Social engineering is a
technique where attackers use psychological tactics to
manipulate people into taking a desired action.
Sources of cybersecurity threats
• Cybercriminals
• Hackers
• Nation-state actors
• Insider threats
 Computer Security

• The protection afforded to an automated

information system in order to attain the
applicable objectives of preserving the integrity,
availability and confidentiality of information
system resources (includes hardware, software,
firmware, information/data, and
telecommunications)
Key Security Concepts (Heart of
Computer Security)
Confidentiality:
• Preserving authorized restrictions on information access and disclosure, including
means for protecting personal privacy and proprietary information.
•Data confidentiality: Assures that private or confidential information is not made
available or disclosed to unauthorized individuals.
•Privacy: Assures that individuals control or influence what information related to
them may be collected and stored and by whom and to whom that information may
be disclosed.
Integrity:
• Guarding against improper information modification or destruction, including
ensuring information nonrepudiation and authenticity.
a. Data integrity: Assures that information (both stored and in transmitted packets)
and programs are changed only in a specified and authorized manner.
b. System integrity: Assures that a system performs its intended function in an
unimpaired manner, free from deliberate or inadvertent unauthorized
manipulation of the system.
• Authenticity: This means verifying that users are who they say they are and that
each input arriving at the system came from a trusted source.
• Accountability: Systems must keep records of their activities to permit later
forensic analysis to trace security breaches or to aid in transaction disputes.
1.Confidentiality
1. Follow an organization's data-handling security policies.
2. Use encryption and 2FA.
3. Keep access control lists and other file permissions up to date.
2.Integrity
1. Ensure employees are knowledgeable about compliance and regulatory
requirements to minimize human error.
2. Use backup and recovery software and services.
3. Use version control, access control, security control, data logs and checksums.
3. Availability
4. Use preventive measures, such as redundancy, failover and RAID.
5. Ensure systems and applications stay updated.
6. Use network or server monitoring systems.
7. Have a data recovery and business continuity plan in place in case of data loss.
Levels of Impact
can define 3 levels of impact from a security
breach
Low
Moderate
High
Low Impact
• The loss could be expected to have a limited adverse effect on
organizational operations, organizational assets, or individuals.
• A limited adverse effect means that, for example, the loss of
confidentiality, integrity, or availability might
• (i) cause a degradation in mission capability to an extent
and duration that the organization is able to perform its
primary functions, but the effectiveness of the functions is
noticeably reduced;
• (ii) result in minor damage to organizational assets;
• (iii) result in minor financial loss; or
• (iv) result in minor harm to individuals.
Moderate Impact
• The loss could be expected to have a serious adverse effect on
organizational operations, organizational assets, or individuals.
• A serious adverse effect means that, for example, the loss
might
• (i) cause a significant degradation in mission capability to
an extent and duration that the organization is able to
perform its primary functions, but the effectiveness of the
functions is significantly reduced;
• (ii) result in significant damage to organizational assets;
• (iii) result in significant financial loss; or
• (iv) result in significant harm to individuals that does not
involve loss of life or serious, life-threatening injuries.
High Impact
• The loss could be expected to have a severe or catastrophic
adverse effect on organizational operations, organizational
assets, or individuals.
• A severe or catastrophic adverse effect means that, for
example, the loss might
• (i) cause a severe degradation in or loss of mission
capability to an extent and duration that the organization
is not able to perform one or more of its primary functions;
• (ii) result in major damage to organizational assets;
• (iii) result in major financial loss; or
• (iv) result in severe or catastrophic harm to individuals
involving loss of life or serious life threatening injuries.
Examples of Security Requirements

• confidentiality – student grades

• integrity – patient information
• availability – authentication service
 authenticity– admission ticket
 non-repudiation – stock sell order
 Challenges in Computer Security
• In developing a particular security mechanism or algorithm, one must
always consider potential attacks on those security features.
• Having designed various security mechanisms, it is necessary to decide
where to use them.
• the creation, distribution, and protection of that secret information.
• There is a natural tendency on the part of users and system managers to
see little benefit from security investment until a security failure occur.
• Security requires regular, even constant, monitoring, and this is difficult in
today’s short-term, overloaded environment.
• Security is still too often an afterthought to be incorporated into a system
after the design is complete rather than being an integral part of the
design process.
• Many users and even security administrators view strong security as an
impediment to efficient and user-friendly operation of an information
system or use of information.
 The OSI Security Architecture
• The OSI security architecture is useful to managers as a way of
organizing the task of providing security.
• ITU-T X.800 “Security Architecture for OSI” defines a systematic
way of defining and providing security requirements
• The OSI security architecture focuses on security attacks,
mechanisms, and services. These can be defined briefly as follows:
• Security attack: Any action that compromises the security of
information owned by an organization.
• Security mechanism (control): A process (or a device
incorporating such a process) that is designed to detect, prevent,
or recover from a security attack.
• Security service: A processing or communication service that
enhances the security of the data processing systems and the
Terms

threat – a potential for violation of security

vulnerability – a way by which loss can happen

attack – an assault on system security, a deliberate
attempt to evade security services

10/21/2024 OSI Security Architecture 21

 Passive Attack -
Interception
Interception : release of message contents

10/21/2024 OSI Security Architecture 22

 Passive Attack: Traffic
Analysis

Traffic analysis - monitor traffic flow to determine
location and identity of communicating hosts and could
observe the frequency and length of messages being
exchanged
Observe traffic pattern

10/21/2024 OSI Security Architecture 23

 Active Attack:
Fabrication/Masquerade

Fabricate message

10/21/2024 OSI Security Architecture 24

 Active Attack: Replay

10/21/2024 OSI Security Architecture 25

 Active Attack:
Modification

Modify message

10/21/2024 OSI Security Architecture 26

 Active Attack: Denial of
Service/Interruption

Block delivery of message

10/21/2024 OSI Security Architecture 27

 Handling Attacks

Passive attacks – focus on Prevention
• Easy to stop
• Hard to detect

Active attacks – focus on Detection and Recovery
• Hard to stop
• Easy to detect

10/21/2024 OSI Security Architecture 28

 Security Service

enhance security of data processing systems and
information transfers of an organization

intended to counter security attacks

using one or more security mechanisms

often replicates functions normally associated with
physical documents
• which, for example, have signatures, dates; need
protection from disclosure, tampering, or destruction;
be notarized or witnessed; be recorded or licensed

10/21/2024 OSI Security Architecture 29

 Security Services
 X.800:
“a service provided by a protocol layer of communicating
open systems, which ensures adequate security of the
systems or of data transfers”

 RFC 2828:
“a processing or communication service provided by a
system to give a specific kind of protection to system
resources”

10/21/2024 OSI Security Architecture 30

 Security Services
(X.800)
 Authentication - assurance that communicating entity is the one
claimed
 Access Control - prevention of the unauthorized use of a resource
 Data Confidentiality –protection of data from unauthorized
disclosure
 Data Integrity - assurance that data received is as sent by an
authorized entity
 Non-Repudiation - protection against denial by one of the parties
in a communication
 Availability – resource accessible/usable

10/21/2024 OSI Security Architecture 31

 Security Services
 Authentication - assurance that communicating entity
is the one claimed
 Peer Entity Authentication
Used in association with a logical connection to
provide confidence in the identity of the entities
connected.
 Data Origin Authentication
In a connectionless transfer, provides assurance that
the source of received data is as claimed.

10/21/2024 OSI Security Architecture 32

 Security Services
 Data Confidentiality –protection of data from unauthorized
disclosure
 Connection Confidentiality
 The protection of all user data on a connection.
 Connectionless Confidentiality
 The protection of all user data in a single data block
 Selective-Field Confidentiality
 The confidentiality of selected fields within the user data on a connection or in
a single data block.
 Traffic Flow Confidentiality
 The protection of the information that might be derived from observation of
traffic flows.

10/21/2024 OSI Security Architecture 33

 Security Services
 Data Integrity - contain no modification, insertion, deletion, or
replay
 Connection Integrity with Recovery
 Provides for the integrity of all user data on a connection and detects any
modification, insertion, deletion, or replay of any data within an entire data
sequence, with recovery attempted.
 Connection Integrity without Recovery
 As above, but provides only detection without recovery.
 Selective-Field Connection Integrity
 Provides for the integrity of selected fields within the user data of a data
block transferred over a connection and takes the form of determination of
whether the selected fields have been modified, inserted, deleted, or
replayed.

10/21/2024 OSI Security Architecture 34

 Security Services
 Connectionless Integrity
 Provides for the integrity of a single connectionless data block
and may take the form of detection of data modification.
Additionally, a limited form of replay detection may be provided.

 Selective-Field Connectionless Integrity

 Provides for the integrity of selected fields within a single
connectionless data block; takes the form of determination of
whether the selected fields have been modified.

10/21/2024 OSI Security Architecture 35

 Security Services
 Non-Repudiation - protection against denial by
one of the parties in a communication
 Nonrepudiation, Origin
Proof that the message was sent by the
specified party.

 Nonrepudiation, Destination
Proof that the message was received by the
specified party.

10/21/2024 OSI Security Architecture 36

 Security Mechanism
 Security Mechanism” which are the specific means of
implementing one or more security services.
 Feature designed to detect, prevent, or recover from a
security attack
 No single mechanism that will support all services
required
 However one particular element underlies many of the
security mechanisms in use:

cryptographic techniques

10/21/2024 OSI Security Architecture 37

 Security Mechanisms
(X.800)
 Specific security mechanisms:

encipherment, digital signatures, access
controls, data integrity, authentication
exchange, traffic padding, routing control,
notarization

 Pervasive security mechanisms:


trusted functionality, security labels, event
detection, security audit trails, security
recovery
10/21/2024 OSI Security Architecture 38
 Specific security
mechanisms
 Encipherment
 The use of mathematical algorithms to transform data into a
form that is not readily intelligible.
 Digital Signature
 Data appended to, or a cryptographic transformation of, a data
unit that allows a recipient of the data unit to prove the source
and integrity of the data unit and protect against forgery (e.g.,
by the recipient).
 Access Control
 A variety of mechanisms that enforce access rights to
resources.
 Data Integrity
 A variety of mechanisms used to assure the integrity of a data
10/21/2024
unit or stream of data units.
OSI Security Architecture 39
 Specific security
 mechanisms
Authentication Exchange
 A mechanism intended to ensure the identity of an
entity by means of information exchange.
 Traffic Padding
 The insertion of bits into gaps in a data stream to
frustrate traffic analysis attempts.
 Routing Control
 Enables selection of particular physically secure
routes for certain data and allows routing changes,
especially when a breach of security is suspected.
 Notarization
 The use of a trusted third party to assure certain
properties of a data exchange
10/21/2024 OSI Security Architecture 40
 Pervasive security
 mechanisms
Trusted Functionality
 That which is perceived to be correct with respect to some
criteria (e.g., as established by a security policy).
 Security Label
 The marking bound to a resource (which may be a data unit)
that names or designates the security attributes of that
resource.
 Event Detection
 Detection of security-relevant events.
 Security Audit Trail
 Data collected and potentially used to facilitate a security
audit, which is an independent review and examination of
system records and activities.
10/21/2024 OSI Security Architecture 41
 Model for Network
Security

10/21/2024 OSI Security Architecture 42

 Model for Network

Security
Four basic tasks in designing a particular security service:

design a suitable algorithm for the security
transformation

generate the secret information (keys) used by the
algorithm

develop methods to distribute and share the secret
information

specify a protocol enabling the principals to use the
transformation and secret information for a security service

10/21/2024 OSI Security Architecture 43

 Model for Network Access
Security

10/21/2024 OSI Security Architecture 44

 Model for Network Access
Security
 Model requires :

select appropriate gatekeeper functions to identify
users

implement security controls to ensure only authorised
users access designated information or resources
 note that model does not include:

monitoring of system for successful penetration

monitoring of authorized users for misuse, audit
logging for forensic uses, etc.

10/21/2024 OSI Security Architecture 45

Classical Encryption
Techniques
 Symmetric Encryption
 or conventional / private-key / single-key
 sender and recipient share a common key
 all classical encryption algorithms are
private-key
 was only type prior to invention of public-
key in 1970’s
 and by far most widely used (still)
 is significantly faster than public-key crypto

21/10/2024 Classical Encryption 47

 Some Basic Terminology
 plaintext - original message
 ciphertext - coded message
 cipher - algorithm for transforming plaintext to ciphertext
 key - info used in cipher known only to sender/receiver
 encipher (encrypt) - converting plaintext to ciphertext
 decipher (decrypt) - recovering plaintext from ciphertext
 cryptography - study of encryption principles/methods
 cryptanalysis (codebreaking) - study of principles/
methods of deciphering ciphertext without knowing key
 cryptology - field of both cryptography and cryptanalysis

21/10/2024 Classical Encryption 48

 Symmetric Cipher Model
 Plaintext - original message
 Encryption algorithm – performs substitutions/transformations on plaintext
 Secret key – control exact substitutions/transformations used in encryption
algorithm
 Ciphertext - scrambled message
 Decryption algorithm – inverse of encryption algorithm

Model Classical Encryption

21/10/2024 49
of Symmetric encryption
Model of Symmetric Cryptosystem

21/10/2024 Classical Encryption 50

 Requirements
 Two requirements for secure use of symmetric
encryption:

a strong encryption algorithm

a secret key known only to sender / receiver
 Mathematically have:
Y = E(K, X) = EK(X)
X = D(K, Y) = DK(Y)
 Assume encryption algorithm is known

Kerckhoff’s Principle: security in secrecy of
key alone, not in obscurity of the encryption
algorithm
 implies a secure channel to distribute key
21/10/2024 
Central problem Classical
in symmetric
Encryption
cryptography 51
 Cryptography
 can characterize cryptographic system by:

type of encryption operations used
• substitution
• transposition
• product

number of keys used
• single-key or private
• two-key or public

way in which plaintext is processed
• block
• stream
21/10/2024 Classical Encryption 52
 Cryptanalysis
 objective to recover key not just message
 general approaches:

Cryptanalysis

Relies on the nature of the algorithm plus perhaps some knowledge of the
general characteristics of the plaintext or even some sample plaintext-
ciphertext pairs. This type of attack exploits the characteristics of the
algorithm to attempt to deduce a specific plaintext or to deduce the key
being used.

Brute-force attack
Try every possible key on a piece of ciphertext until an intelligible
translation into plaintext is obtained. On average,half of all possible keys
must be tried to achieve success.
 if either type of attack succeeds in deducing the key, the effect is
catastrophic

21/10/2024 Classical Encryption 53

 Cryptanalytic Attacks
 ciphertext only

only know algorithm & ciphertext, is statistical, can
identify plaintext
 known plaintext

know/suspect plaintext & ciphertext
 chosen plaintext

select plaintext and obtain ciphertext
 chosen ciphertext

select ciphertext and obtain plaintext
 chosen text

select plaintext or ciphertext to en/decrypt

21/10/2024 Classical Encryption 54

 Classical Encryption
Techniques
 Substitution Techniques
 A substitution technique is one in which the letters
of plaintext are replaced by other letters or by
numbers or symbol

 Transposition Techniques
 here letters of plaintext are replaced by other letters
or by numbers or symbols

21/10/2024 Classical Encryption 55

 Caesar Cipher
 earliest known substitution cipher
 by Julius Caesar
 first attested use in military affairs
 mathematically give each letter a number
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

then have Caesar (rotation) cipher as:

c = E(k, p) = (p + k) mod (26)
p = D(k, c) = (c – k) mod (26)

21/10/2024 Classical Encryption 56

 Caesar Cipher
Key = 3
replaces each letter by 3rd letter on
example:
MEET ME AFTER THE TOGA PARTY
PHHW PH DIWHU WKH WRJD SDUWB

21/10/2024 Classical Encryption 57

 Monoalphabetic Cipher
 rather than just shifting the alphabet
 could shuffle (permute) the letters arbitrarily
 each plaintext letter maps to a different random
ciphertext letter
 hence key is 26 letters long

Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

21/10/2024 Classical Encryption 58

 Monoalphabetic Cipher
Security
 key size is now 25 characters…
 now have a total of 26! = 4 x 1026 keys
 with so many keys, might think is secure
 problem is language characteristics

21/10/2024 Classical Encryption 59

 Playfair Cipher
 not even the large number of keys in a monoalphabetic
cipher provides security
 one approach to improving security was to encrypt
multiple letters
 the Playfair Cipher is an example
 invented by Charles Wheatstone in 1854, but named
after his friend Baron Playfair

21/10/2024 Classical Encryption 60

 Playfair Key Matrix
 a 5X5 matrix of letters based on a keyword
 fill in letters of keyword (sans duplicates)
 fill rest of matrix with other letters
 eg. using the keyword MONARCHY

M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
21/10/2024 Classical Encryption 61
 Encrypting and

Decrypting
plaintext is encrypted two letters at a time

if a pair is a repeated letter, insert filler like 'X’

if both letters fall in the same row, replace each with letter to
right (wrapping back to start from end)

if both letters fall in the same column, replace each with the
letter below it (wrapping to top from bottom)

otherwise each letter is replaced by the letter in the same row
and in the column of the other letter of the pair

21/10/2024 Classical Encryption 62

 Playfair Example

 Message = Move forward

 Plaintext = mo ve fo rw ar dx
 Here x is just a filler, message is padded and
 segmented
mo  ON; ve  UF; fo  PH, etc.
 Ciphertext
M = ON
O UF PH
N NZARM BZ
R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
21/10/2024 Classical Encryption 63
 Hill Cipher

• The algorithm of Hill cipher works as follows

• C=pk mod 26
• Where c and p are row vectors of length 3
representation cipher text and plain text. k is
a 3x3 matrix representing the encryption key
• That is,
 k11 k12 k13 
c1 c 2 c3  p1 p 2 p3 k 21 k 22 k 23
 k 31 k 32 k 33

21/10/2024 Classical Encryption 64

Hill Cipher

• Where, c1 = (k11p1+k12p2+k13p3)mod 26
c2 = (k21p1+k22p2+k23p3)mod 26
c3 = (k31p1+k32p2+k23p3)mod 26

• Example:
• Plaintext :paymoremoney
• Key:
17 17 5
21 18 21
2 2 19
• Cipher Text : rrlmwbkaspdh

21/10/2024 Classical Encryption 65

 Polyalphabetic Ciphers
 polyalphabetic substitution ciphers
 improve security using multiple cipher alphabets
 make cryptanalysis harder with more alphabets to
guess and flatter frequency distribution
 use a key to select which alphabet is used for each
letter of the message
 repeat from start, after end of key is reached
 Example:
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext: zicvtwqngrzgvtwavzhcqyglmgj

21/10/2024 Classical Encryption 66

 Vigenère Cipher

 Vigenère proposed what is referred to as an

autokey system
 In this a keyword is concatenated with the
plaintext itself to provide a running key.
key: deceptivewearediscoveredsav
plaintext: wearediscoveredsaveyourself
ciphertext: zicvtwqngkzeiigasxstslvvwla

21/10/2024 Classical Encryption 67

 Vernam Cipher
 pi = ith binary digit of plaintext
 ki = ith binary digit of key
 ci = ith binary digit of ciphertext
 ⊕ = exclusive-or (XOR) operation

21/10/2024 Classical Encryption 68

 One-Time Pad

 if a truly random key as long as the message is

used, the cipher will be secure called a One-Time
pad (OTP)
 is unbreakable since ciphertext bears no
statistical relationship to the plaintext
 since for any plaintext & any ciphertext there
exists a key mapping one to other
 can only use the key once though
 problems in generation & safe distribution of key

21/10/2024 Classical Encryption 69

 Transposition Ciphers

 These hide the message by rearranging

the letter order without altering the
actual letters used
 Can recognise these since have the same
frequency distribution as the original text

21/10/2024 Classical Encryption 70

 Rail Fence cipher

 Write message letters out diagonally over

a number of rows
 Then read off cipher row by row
 eg. Plain Text meet me after the toga
party
 write message out as:
m e m a t r h t g p r y
e t e f e t e o a a t
 giving ciphertext
21/10/2024
MEMATRHTGPRYETEFETEOAAT
Classical Encryption 71
 Row Transposition Ciphers
 is a more complex transposition
 write letters of message out in rows over a
specified number of columns
 then reorder the columns according to some key
before reading off the rows
Key: 4312567
Column Out 4 3 1 2 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext:
TTNAAPTMTSUOAODWCOIXKNLYPETZ
21/10/2024 Classical Encryption 72
 Steganography
 an alternative to encryption
 hides existence of message

using only a subset of letters/words in a longer message
marked in some way

using invisible ink

hiding in LSB in graphic image or sound file

hide in “noise”
 has drawbacks

high overhead to hide relatively few info bits
 advantage is can obscure encryption use

21/10/2024 Classical Encryption 73

Product Ciphers
ciphers using substitutions or transpositions are not
secure because of language characteristics
hence consider using several ciphers in succession to
make harder, but:

two substitutions make a more complex substitution

two transpositions make more complex transposition

but a substitution followed by a transposition makes
a new much harder cipher
A substitution followed by a transposition is known as a
Product Cipher, and makes a new much more secure
cipher and forms a bridge to modern ciphers

21/10/2024 Classical Encryption 74