Classical ciphers

Introduction, Legacy ciphers

Dr Bobby Yang

1/27
 Course text and reference

• Textbook: Understanding
Cryptography – A textbook for
Students and Practitioners, by
Christof Paar & Jan Pelzl
• Unless otherwise stated, all
diagrams in the slides in this
course are taken from the above
textbook.
• References:
Cryptography and Network
Security – Principles and
Practice, by William Stallings
Course manual

2/27
 Basic terminology

• Plaintext (P) – the original message, data, file

• Ciphertext (C) – coded from Plaintext
• Cipher – algorithm for transforming plaintext to ciphertext
• Encipher or encrypt – to code plaintext into ciphertext
• Decipher or decrypt – to recover ciphertext into plaintext
• Key – secret data used in encryption and decryption
• Cryptography – the study of making encryption algorthms
Cryptanalysis – the study of deciphering without knowing
the key
• Cryptology – covers both cryptography and analysis
• Steganography – the art/science of hiding information in
other data

3/27
 Information security challenges

• Alice and Bob are friends and sends and receives

messages between them using an insecure channel.
• Eve or Oscar – malicious users, i.e. adversary or attacker.
• "Insecure channel" – the path between sender and
receiver where an attacker can
• eavesdrop – monitor, listen, read the content
• modify or corrupt the message and send it on
• forge a message – create a message with fake content
and/or source
• capture a message and resend it later on
• block the message, etc.
Examples of insecure channel: – almost all network media
including Internet, WiFi, Ethernet, etc.
• Need to protect for CIA &RAF

4/27
 Security Requirements – CIA & RAF

• Confidentiality – only the sender and intended receiver can

understand the message.
• Integrity – the message is intact, has not been modified in
any way.
• Authenticity – the source of the message as claimed, is
genuine.
• non Repudiation – the person who created the message
cannot deny being the author.
• Availibity – the message or resource is available to those
who should have it.
• Freshness – the receiver is assured that the message
received is not a copy of an older message.

5/27
 Confidentiality – Encryption/Decryption

• Encryption – the process of

transforming plaintext P using a
key ks into a ciphertext output C
C = E (P, ks )
• The key ks is secret.
• The ciphertext cannot be
decrypted without knowing the
key
• Decryption – the process of
converting the ciphertext C using
the key ks into the original
plaintext P.
D(C, ks ) = P

6/27
 Kerckhoffs’s principle
• A cryptosystem should be secure even if everything about
the system, except the key, is public knowledge. – Auguste
Kerckhoffs, 1883.
• Design principles for a cipher system:
• The system must be practically, if not mathematically,
indecipherable;
• It should not require secrecy, and it should not be a problem
if it falls into enemy hands;
• It must be possible to communicate and remember the key
without using written notes, and correspondents must be
able to change or modify it at will;
• It must be applicable to telegraph communications;
• It must be portable, and should not require several persons
to handle or operate;
• Lastly, given the circumstances in which it is to be used, the
system must be easy to use and should not be stressful to
use or require its users to know and comply with a long list
of rules.
7/27
 Classical Ciphers

• Substitution ciphers
• Caesar cipher
• Vigenere table
• German Enigma
machine
• Transposition ciphter
• Scytale of Sparta
• Rail fence cipher

8/27
 Substitution cipher example – Caesar’s
cipher

• Each letter in the plaintext

is substituted with a
different letter.
• To encrypt, Caesar shifted
each letter of his message
3 places down in the
alphabet system
• Method – shift letter down, key = 3

9/27
 Mono-alphabetic Substitution cipher -
Caesar’s method

• Denote each alphabet by the ordinal number of the

character in the alphabet.
• Caesar’s Cipher: If p is the ordinal number of the plaintext
character and the encryption key is k, then the ordinal
number of the ciphertext character is: c = p + k (mod 26)
• Decryption, the ordinal number of the plaintext is
(c − k) = p (mod 26)
• What is the keyspace of this cipher?
• How many attempts are required at most to break this
cipher?
• E.g. What is the ciphertext of P = ”RETREAT ”?
10/27
 Mono-alphabetic random substitution
cipher

• Method: substitute each letter with a different one

according to a table (key), e.g.
A → k, B → d , C → w , · · · , Z → m
P = ”ABBA” is encrypted as kddk.
• The key (table) is completely random and both Alice and
Bob have it.
• Keyspace = 26 · 25 · 24 · · · 1 = 26! ≈ 288
• Brute force attack or exhaustive key search would
require 288 attempts.
• A plaintext charater is encoded to the same ciphertext
character – a major weakness!!!

11/27
 Mono-alphabetic random substitution
cipher

Example of a possible key:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
k d w p q m s f o c g t e i l a j u z n r y v b h x
• Method: substitute each letter with a different one
according to a table (key), e.g.
A → k, B → d , C → w , · · · , Z → x
P = ”ABBA” is encrypted as kddk.
• The key (table) should be completely random and both
Alice and Bob have it.

12/27
 Random substitution cipher example

• Key
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
k d w p q m s f o c g t e i l a j u z n r y v b h x

• Plaintext:
• Ciphertext:

• Question: What is the keyspace?

• Brute force attack or exhaustive key search would
require attempts?
• A plaintext character is encoded to the same ciphertext
character – a major weakness!!! Why?

13/27
 Poly-alphabetic cipher

• Polyalphabetic cipher uses

different monoalphabetic
substitution as it proceeds
through the plaintext.
• A set of monoalphabetic
substitution rules required
• A keyword or key that determines
the transformation.
• Example: Vignere Table, Enigma
machine

14/27
 Vigenère Cipher

• Write the plaintext (without space) along the top of the

Tabula Recta, key Ks along the side, or vice versa
• The key is written as a text string (no space), same length
as the plaintext (or used repeatedly)
• Encryption: For each corresponding plaintext and key
character, the ciphertext is the letter at their intersection in
the tabula recta
• E.g. Plaintext = “MEETATDAWN”, Key = “CORONA”
Ciphertext = OSVHTHONB 15/27
 Vigenère Cipher – modulo addition

• Represent text as ordinal values: A = 0, B = 1, · · · , Z = 25

• Encryption: Ci = Pi + Ki mod 26
• Decryption: Pi′ = Ci − Ki mod 26

16/27
 Vigenère cipher example
• Plaintext P = ATTACKATDAWN, can be written as
(0 19 19 0 2 10 0 19 3 14 22 13).
• Key, Ks = CIPHER, written as (2 8 15 7 4 17), m = 6
(length of Ks ),.
• Split the plaintext into two blocks of 6 characters, then do
addition with the key (mod 26)
P 0 19 19 0 2 10 0 19 3 14 22 13
Ks 2 8 15 7 4 17 2 8 15 7 4 17
C 2 1 8 7 6 1 2 1 18 21 0 4
• The corresponding ciphertext is thus
C = CBIHGBCBSVAE
• Decryption using the same modulo 26 subtraction with Ks
The original plaintext is recovered.

17/27
 Autokey Vigenère cipher
• Problem: If plaintext is much longer than the key?
• Naive solution: Use the key repeatedly.
• Vulnerability: identical characters in the plaintext can
appear as identical characters in the ciphertext
• Frequency analysis can be used to break the cipher.
• Autokey Vigenere cipher:
• The shared key is Ks , and plaintext is x . The actual
encryption key is hKs k x i, i.e. the plantext is appended to
the shared key and used as the encryption key.

18/27
 Autokey Vigenère cipher example
• e.g. Plaintext x = VICTORY IS NEAR NO RETREAT ,
(spaces shown for optics only),
shared key Ks = COVID
• The encryption key is
k = COVIDVICTORYISNEARNORETREAT
Ciphertext, y = XWXBRMGKLBVYZFBVEKESRX
• Decryption: The key Ks = COVID is first used to decrypt
XWXBR to obtain VICTO
• Then VICTO is used as key to decrypt MGKLB to obtain
RYISN, and so on.

19/27
 Transposition ciphers - rail fence

• Transposition and permutation ciphers keep the original

characters in P but transpose or permutate them according
to a key Ks to produce C
1. Rail Fence Cipher –
The plaintext is written in a zig-zag pattern:
Example: Encryption using 3 rails (key) with
P = FLANK EAST ATTACK AT DAWN, written without
spaces:
Row1: F K T A T N
Row2: L N E S A T C A D W
Row3: A A T K A
• The ciphertext is C = FKTATNLNESATCADWAATKA
• Decryption?

20/27
 Transposition using keyword

• Write the message in rows of length given by the length of

the keyword.
• Write out the columns according to the sequence in the
keyword.
• Example: Plaintext:
P = WE ARE DISCOVERED FLEE AT ONCE , keyword
ZEBRA i.e. sequence is "5,3,2,4,1"
Keyword Z E B R A
W E A R E
D I S C O
V E R E D
F L E E A
T O N C E
• Ciphertext C = EODAEASRENEIELORCEECWDVFT

21/27
 Modern ciphers principles

• Two primitive operations for strong cryptography (Claude

Shannon):
• Confusion – obscure the relationship between the key and
ciphertext, e.g. using substitution.
• Diffusion – hiding the statistical properties of the plaintext,
e.g. using permutations
• Modern ciphers work by concatenating several confusion
and diffusion operations.

22/27
 Two common attacks – 1.Brute force
attack

• First, obtain some ciphertext Cx and the related plaintext

Px .
• Generate all the possible keys.
• For each key, decrypt the ciphertext and check if obtain the
plantext, if not try another key until success.
?
Px′ = D(Cx , Ki ) = Px for each Ki until success
• No thinking required, just do as fast as possible, 100 %
success rate.
• Also known as exhaustive key search attack
• Question: How to defend against this attack?

23/27
 Two common attacks – 2. Frequency
analysis

• In every language, some letters and combinations of letters

occur with known frequency, e.g. the letter “e”, “th” in
English.
• If the plaintext character is always encoded to the same
character, the frequency of the ciphextext characters can
leak information about the plaintext.
• Similarly the frequencies of groups of ciphertext can leak
information about the plaintext.
• Works particularly well in mono-alphabetic substitution
ciphers.

24/27
 Frequency analysis attack

Figure: English language letter frequencies

• Most frequent letters: "E" –12.7%, etc.

• Digrams frequency in descending order: TH, HE, IN, ER,
AN, RE, ED, ON, ES, ST, EN, AT, TO, NT, HA, ND, OU, EA,
NG, AS, OR, TI, IS, ET, IT, AR, TE, SE, HI, and OF
• Frequent Trigrams: THE, ING, AND, HER, ERE, ENT,
THA, NTH, WAS, ETH, FOR, and DTH.
25/27
 Frequency analysis example

• Following cipher text from an English language plaintext,

using substitution cipher
C = HSPAA SLRUV DSLKN LPZHK HUNLY VBZAO PUN
• Find most frequent letters
4 times: L
3 times: A, H, N, P, S, U
• Guess: Decrypt L as E
• Assume Ceasar’s cipher, try Key = L-E = 7
Decrypt (HSPAA SLRUV DSLKN LPZHK HUNLY VBZAO
PUN, 7)
= ALITT LEKNO WLEDG EISAD ANGER OUSTH ING

26/27
 Summary

1 Two security triads: CIA nRAF

2 Kerchoff’s principle – method is known, key is secret
3 Substitution ciphers – mono, poly alphabetic
4 Transposition ciphers
5 Modern ciphers – uses confusion and diffusion
6 Two common attacks – Brute force, Frequency analysis

27/27