Lecture 3

Classical Cryptography
 Classical cipher systems
• The Vernam cipher (1917) (One-time pad)
– Key: binary random sequence used only once.
– Mathematical representation:
• Encipherment: 0 1

• Decipherment: y i  xi  z i
0 0 1

– Example - plaintext:
xi come
yi  z i soon (Encoding ITA-2 : 1 1 0

Int Telegraph Alphabet 2)

Plaintext 01110 11000 11100 00001 00100 00101 11000 11000 01100

Key 11011 00101 01011 00110 01111 10110 10101 01100 10010
Ciphertext 10101 11101 10111 00111 01011 10011 01101 10100 11110
2/71
Classical cipher systems

• The Vernam cipher was a cipher intended to be

used on teletype writers.
• Because of that, the key storage medium was a
paper tape of the same type as the tape that
was used for storing the messages.

3/71
Classical cipher systems

• The message had to be encoded first, and the

teletype writer itself performed this
transformation.
• Every teletype writer implemented some
encoding and the most widespread one was
International Telegraph Alphabet No 2 (ITA-
2).

4/71
Classical cipher systems

• ITA-2
Binary Decimal  LETTERS NUMBERS Binary Decimal  LETTERS NUMBERS
----------------------------------------------------- ----------------------------------------------------
00000    0  BLANK BLANK 10000       16  T     5
00001        1  E     3 10001       17  Z     "
00010        2  LF    LF 10010       18  L     )
00011        3  A     - 10011       19  W     2
00100        4  SP    SP 10100       20  H     #
00101        5  S     BELL 10101       21  Y     6
00110        6  I     8 10110       22  P     0
00111        7  U     7 10111       23  Q     1
01000        8  CR    CR 11000       24  O     9
01001        9  D     $ 11001       25  B     ?
01010      10  R     4 11010       26  G     &
01011      11  J     ‘ 11011       27  FIGS  FIGS
01100      12  N     , 11100       28  M     .
01101      13  F     ! 11101       29  X     /
01110      14  C     : 11110       30  V     ;
01111      15  K     ( 11111       31  LTRS  LTRS

5/71
Cryptographic security

• How much security a cipher system offers?

– This question implies that there is a measure of
security.
– It is not easy to define such a measure.
• A desirable property of a cipher system would be that a
cryptanalyst should not be able to decrypt the plaintext
by trying all the possible keys.
• But this does not necessarily provide high level of
security.

6/71
Cryptographic security
• Example: any monoalphabetic cipher
– 26 letters alphabet
– Each key (a permutation of the alphabet) equally
likely
– Relatively long plaintext (>25 letters for English)

7/71
Cryptographic security
• Example (cont.):
– 1 ns (10-9s) to check one out of 26! possible keys
– Then we need 1.281010 years to try all the keys.
– Is the system secure? No!
– We can break it by statistical means, without trying
any key.

8/71
Cryptographic security

• Suppose that the cryptanalyst does actually

have resources (i.e. time) to try all the keys.
• Can he/she determine the plaintext?
• Not necessarily!
– It is possible (this depends on the cipher system)
that the cryptanalyst cannot decide which plaintext
was sent even after trying all the possible keys.

9/71
Cryptographic security

• Theoretical security (perfect secrecy)

– The system is secure against an attacker with
unlimited time and computational resources.
• Example: The Vernam cipher (One-time pad).
• Practical security
– The system is secure against an attacker with
limited time and computational resources.
• Example: The RSA cryptosystem.

10/71
Cryptographic security

• Perfect secrecy (Shannon, 1949)

– A cryptosystem is perfectly secret if:
• The plaintext X is statistically independent on the
cryptogram Y for all the possible plaintexts and all the
possible cryptograms, i.e.
P(X = x | Y = y) = P(X = x)
– This is achieved if:
• There is exactly 1 key transforming each plaintext to
each cryptogram.
• All the keys are equally likely.

11/71
Cryptographic security

• Is perfect secrecy practically achievable?

– Example:
• A cipher with X, Y, Z{0,1,…,L-1}n
• All the keys are equally likely
• The enciphering transformation:
yi  xi  zi  mod L , i  1, , n

• The number of keys/plaintexts/ciphertexts is Ln.

12/71
Cryptographic security

• Example (cont.)
– Then there is exactly one key transforming each
plaintext to each cryptogram.
– Even if the cryptanalyst can try all the possible
keys, there is no way of telling whether the
obtained plaintext is the right one or not, since all
the plaintexts obtained by trying the keys will
belong to the set X.

13/71
Cryptographic security

• Example: L=4, n=1

• If we receive the cryptogram y1 and
try all the possible keys, we get all
the plaintexts (x1,…,x4).
• Then we still do not know which
plaintext is the right one.
• The same happens if the other
possible cryptograms (y2,…,y4) are
received.
• Thus this cipher system is perfectly
secret.
14/71
Cryptographic security

• Security of monoalphabetic ciphers.

– The statistical properties of the plaintext are
reflected exactly in the ciphertext.
– The statistical methods of cryptanalysis use the
statistical properties of the language in which the
message has been written.

15/71
Cryptographic security

• Letter statistics – English

E 12.70% H 6.09%
T 9.06% R 5.99%
A 8.17% D 4.25%
O 7.51% L 4.03%
I 6.97% C 2.78%
N 6.75% U 2.76%
S 6.33% M 2.41%
16/71
Cryptographic security

• Letter statistics – English

W 2.36% K 0.77%
F 2.23% J 0.15%
G 2.02% X 0.15%
Y 1.97% Q 0.10%
P 1.93% Z 0.07%
B 1.49% Source: Cipher Systems – Henry Beker,
Fred Piper, Northwood Books, 1982.
V 0.98%
17/71
Cryptographic security

• Letter statistics – Norwegian

E 17% M 3%
N, R 9% F, P, U, V 2%
T 8% B, H, J, Y, Æ, Ø, Å 1%
S 7% C, Q, W, X, Z <1%
I, L 6% Source: Kryptografi – Ben Johnsen,
Tapir Akademisk Forlag, Trondheim,
A, D, K 5% 2005.

G, O 4%
18/71