CHAPTER TWO

ELEMENTARY CRYPTOGRAPHY

Part Two

Substitution Ciphers

1
Objectives
 Discus about Substitution ciphers

1. Monoalphabetic or Simple cipher

 Caesar (Additive) cipher

 Multiplicative Cipher

 Affine Cipher

 Pigpen Cipher

2. Polyalphabetic cipher

 Vigenère cipher, Hill Sipher

3. Multiple letter cipher

2  Playfair cipher
Introduction

 A substitution technique is one in which the letters of plaintext

are replaced by other letters or by numbers or symbols.

 If the plaintext is viewed as a sequence of bits, then

substitution involves replacing plaintext bit patterns with

ciphertext bit patterns.

3
Monoalphabetic cipher
In monoalphabetic substitution, the relationship between a symbol

in the plaintext to a symbol in the ciphertext is always one-to-one.

Plaintext characters are substituted by a different alphabet stream

of characters shifted to the right or left by n positions

E.g., ABCDEFGHIJKLMNOPQRSTUVWXYZ

DEFGHIJKLMNOPQRSTUVWXYZABC

Caesar cipher corresponds to n = 3

Julius Caesar used the Caesar cipher method

4
ADDITIVE CIPHER
 The simplest monoalphabetic cipher is the additive cipher.

 This cipher is sometimes called a shift cipher or Caesar cipher,

but the term additive cipher better reveals its mathematical nature.

 Historically, additive ciphers are called shift ciphers.

 Julius Caesar used an additive cipher to communicate with his

officers.

 For this reason, additive ciphers are sometimes referred to as the

5 Caesar cipher. Caesar used a key of 3 for his communications.

Contd.

 When the cipher is additive, the plaintext, ciphertext, and

6
key are integers in Z26.
 Example 1
 Use the additive cipher with key = 15 to encrypt the message
“hello”.
Solution
 We apply the encryption algorithm to the plaintext, character by

character:

 Use the additive cipher with key = 15 to decrypt the message

“WTAAD”?
7
Brute-force cryptanalysis attack
 If it is known that a given ciphertext is a Caesar cipher, then a brute-force

cryptanalysis is easily performed: simply try all the 25 possible keys.

 Three important characteristics of this problem enabled us to use a brute-

force cryptanalysis:
1. The encryption and decryption algorithms are known.
2. There are only 25 keys to try.
3. The language of the plaintext is known and easily recognizable.
 In most networking situations, we can assume that the algorithms are

known.
 What generally makes brute-force cryptanalysis impractical is the use of an

algorithm that employs a large number of keys and if the language of the
plain text is unknown.
8
 Example
 Eve has intercepted the ciphertext “UVACLYFZLJBYL”. Show
how she can use a brute-force attack to break the cipher.
Solution
 Eve tries keys from 1 to 7. With a key of 7, the plaintext is “not very

secure”, which makes sense.

9
Contd.

 Eve has intercepted the

ciphertext “PHHW PH
DIWHU WKH WRJD
SDUWB”. She can use a
brute-force attack to break
the cipher.

10
 Multiplicative Ciphers

 In a multiplicative cipher, the plaintext and ciphertext are

integers in Z26; the key is an integer in Z26*.
11
 Example 1

 What is the key domain for any multiplicative cipher?

Solution
 The key needs to be in Z26*. This set has only 12 members: 1, 3, 5, 7,

9, 11, 15, 17, 19, 21, 23, 25.

Example 2
 We use a multiplicative cipher to encrypt the message “hello” with a
key of 7. The ciphertext is “XCZZU”.

12
Affine Ciphers

13
Example
 Use an affine cipher to encrypt the message “hello” with the key pair

(7, 2).
Solution

Example
 Use the affine cipher to decrypt the message “ZEBBW” with the key
pair (7, 2) in modulus 26.
Solution

14
 Monoalphabetic Substitution Cipher
 With only 25 keys, the Caesar cipher is far from secure. A

dramatic increase in the key space can be achieved by allowing an

arbitrary substitution.
 Before proceeding, we define the term permutation.

 A permutation of a finite set of elements S is an ordered sequence

of all the elements of S, with each element appearing exactly once.

 For example, if S={a, b, c}, there are six permutations of S :

abc, acb, bac, bca, cab, cbc

 In general, there are n! permutations of a set of n elements,

because the first element can be chosen in one of n ways, the

15 second in n -1 ways, the third in n-2 ways, and so on.
 Contd.
 The additive cipher is a special case of an affine cipher in which

k1 = 1. The multiplicative cipher is a special case of affine cipher

in which k2 = 0.
 Because additive, multiplicative, and affine ciphers have small

key domains, they are very vulnerable to brute-force attack.

 A better solution is to create a mapping between each plaintext

character and the corresponding ciphertext character.

 Alice and Bob can agree on a table showing the mapping for each

character.

16
Fig. An example key for monoalphabetic substitution cipher
 Contd.
 We can use the key in the above figure to encrypt the message:

 The ciphertext is

17
 Pigpen Cipher
 Pigpen cipher is a variation on letter substitution

 Alphabets are arranged as follows:

 This is a weak cipher

A B C J K L

D E F
M N O

G H I

P Q R
18
 Contd.
S W

T U X Y

V Z

A G W
C

 Alphabets will be represented by the corresponding

diagram
19
Polyalphabetic Cipher
 In monoalphabetic cipher the problem was that each character

was substituted by a single character

 Cryptanalysts are helped by the fact that they have to see what

character would correspond in plaintext for a given ciphertext

character
 Polyalphabetic cipher’s goal is to make this process difficult

 In polyalphabetic cipher, each plaintext character may be

replaced by more than one character

 Since there are only 26 alphabets this process will require using
20
a different representation than the alphabets.
Contd.

 Alphabets ‘A’ through ‘Z’ are replaced by 00, 01, 02, …, 25

 We need two digits in this representation since we need to

know how to reverse the process at the decryption side.

 In polyalphabetic substitution, each occurrence of a

character may have a different substitute.

 The relationship between a character in the plaintext to a

character in the ciphertext is one-to-many.

21
Vigenère cipher

 Is the most commonly used polyalphabetic cipher method.

 Vigenère cipher starts with a 26 x 26 matrix of alphabets in

sequence. First row starts with ‘A’, second row starts with ‘B’, etc.

 It requires a keyword that the sender and receiver know ahead of

time

 Each character of the message is combined with the characters of the

keyword to find the ciphertext character

22
 Vigenère cipher Table
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
23 M N O P Q R S T U V W X Y Z A B C D E F G H I
M J K L
 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
Z
24 Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
Contd.
Example
 Given a Message = SEE ME IN MALL and a keyword as
INFOSEC. By using Vigenère cipher find the ciphertext?
Solution

S E E M E I N M A L L
I N F O S E C I N F O
----------------------------------
A R J A W M P U N Q Z

 Easiest way to handle Vigenère cipher is to use arithmetic modulo

26

25
 Keyword is converted to numbers and corresponding numbers in
Decryption of Ciphertext
Example
 To decrypt, the receiver places the keyword characters below each ciphertext character
 Using the table, choose the row corresponding to the keyword character and look for
the ciphertext character in that row
 Plaintext character is then at the top of that column

Solution

A R J A W M P U N Q Z
I N F O S E C I N F O
----------------------------------
S E E M E I N M A L L

 Best feature is that same plaintext character is substituted by

26
different ciphertext characters (i.e., polyalphabetic)
Contd.

Vigenère cipher uses the fact that the keyword character helps to

get different ciphertext characters from the table

Instead of the Vigenère table, one could develop a new table in

which each character is represented as an integer and the

ciphertext could use multiple digits for substitution depending on

the frequency analysis of the letter

E.g., Q gets only one substitution value where as E gets 12

different substitution values, and so on

27
Contd.
Vigenere cipher can be seen as combinations of m additive

ciphers.

Figure A Vigenere cipher as a combination of m additive ciphers

28
 Beale Cipher

 Also known as book cipher

 Keyword is taken as the first few words of a book that is agreed

upon by sender and receiver

 Everything else works like the Vigenère cipher

[Reading Assignment]

29
Hill Cipher
 Is a polyalphabetic cipher invented by Lester S. Hill.

 Unlike the other polyalphabetic ciphers we studied so far, the plaintext

is divided into equal size blocks.

 The blocks are encrypted one at a time in a such away that each

character in the block contains to the encryption of other characters in

the block.

 Is a block cipher but the others we studied so far belongs to the stream

30
cipher category.
 Contd.
 In Hill cipher, the key is a square matrix of size mm in which m

is the size of the block.

 Let the key be K, each element of the matrix is Kij as shown below.

31
 Contd.
 The substitution is determined by m linear equations in which each

character is assigned a numerical value (a = 0, b = 1 ... z = 25).

 For m = 3, the system can be described as follows:

C1 = (k11P1 + k12P2 + k13P3) mod 26

C2 = (k21P1 + k22P2 + k23P3) mod 26
C3 = (k31P1 + k32P2 + k33P3) mod 26
 This can be expressed in term of column vectors and matrices:

 C=KP mod 26

32
Contd.
Example
 Given a plaintext = PAY MORE MONEY and the encryption key
17 17 5
21 18 21
2 2 19
 The first three letters of the plaintext are represented as
15 375 11
K 0  819 mod 26  13  LNS
24 486 18

 The text for the entire palintxt is LNSHDLEWMTRW

 Decryption requires using inverse of the matrix K.
 The Inverse K-1 of a matrix K is defined by the equation K K-1= K-
33 1
K=I where I si the identity matrix.
Contd.
In General,
The Hill system can be expressed as:

C = E(K,P) = KP mod 26

P = D(C,K) = K-1C mod 26 = K-1KP

Note

1.Hill cipher completely hides single-letter frequencies

2.Although Hill cipher is strong against a ciphertext-only attack, it is

easily broken with a known plaintext attack.

34
 Multiple Letter Cipher
Playfair cipher is a multiple letter cipher

Each plaintext letter is replaced by a digram in this cipher

Number of digrams is 26 x 26 = 676

User chooses a keyword and puts it in the cells of a 5 x 5 matrix.

I and J stay in one cell.

Duplicate letters appear only once.

Alphabets that are not in the keyword are arranged in the

remaining cells from left to right in successive rows in ascending

order
35
 Playfair Cipher

Keyword “Infosec”

I/J N F O S

E C A B D

G H K L M

P Q R T U

V W X Y Z

36
 Playfair Cipher Rules

1. Group plaintext letters two at a time

2. Separate repeating letters with an x
3. Take a pair of letters from plaintext
4. Plaintext letters in the same row are replaced by letters to the right
(cyclic manner)
5. Plaintext letters in the same column are replaced by letters below
(cyclic manner)
6. Plaintext letters in different row and column are replaced by the letter
in the row corresponding to the column of the other letter and vice
versa
37
 Contd.

E.g., Plaintext: “CRYPTO IS TOO EASY”

Keyword is “INFOSEC”

Grouped text: CR YP TO IS TO XO EA SY

Ciphertext: AQ VT YB NI YB YF CB OZ

To decrypt, the receiver reconstructs the 5 x 5 matrix using

the keyword and then uses the same rules as for encryption
38
Contd.
An example of a secret key in the Playfair cipher

Example
Let us encrypt the plaintext “hello” using the key in Figure
3.13.

39
 Vernam Cipher
 One of the goals of cryptography is perfect secrecy. A study by Shannon

has shown that perfect secrecy can be achieved if each plaintext symbol is
encrypted with a key
 randomly chosen from a key domain. This idea is used in a cipher called

one-time pad, invented by Vernam.

 U.S. Army Major Joseph Mauborgne and AT&T’s Gilbert Vernam

developed a cipher in 1917

 Uses a one time arrangement of a key string that is as long as the plaintext

 Plaintexts are assumed to be short

40
 Contd.

 Also known as One-Time Pad cipher

 Key is used only once but characters in key may not be

distinct
E.g., Plaintext: HELLO
Key: KTBXZ
--------------
Ciphertext : RXMIN (using addition mod 26)
Key: KTBXZ
--------------
Plaintext: HELLO (using subtraction mod 26)
41
 STREAM AND BLOCK CIPHERS

42
 Stream Ciphers

Call the plaintext stream P, the ciphertext stream C, and the key stream K.

Figure Stream cipher

43
Contd.
 Additive ciphers can be categorized as stream ciphers in which the key

stream is the repeated value of the key. In other words, the key stream
is considered as a predetermined stream of keys or K = (k, k, …, k).
 In this cipher, however, each character in the ciphertext depends

only on the corresponding character in the plaintext, because the

key stream is generated independently.
 The monoalphabetic substitution ciphers discussed in this chapter are

also stream ciphers.

 However, each value of the key stream in this case is the mapping

of the current plaintext character to the corresponding ciphertext

44
character in the mapping table.
Contd.
 Vigenere ciphers are also stream ciphers according to the

definition.
 In this case, the key stream is a repetition of m values, where m

is the size of the keyword. In other words,

 We can establish a criterion to divide stream ciphers based on

their key streams.

 We can say that a stream cipher is a monoalphabetic cipher if

the value of Ki does not depend on the position of the plaintext

45
character in the plaintext stream; otherwise, the cipher is
Contd.
 Additive ciphers are definitely monoalphabetic because Ki in the

key stream is fixed; it does not depend on the position of the

character in the plaintext.
 Monoalphabetic substitution ciphers are monoalphabetic because

Ki does not depend on the position of the corresponding character

in the plaintext stream; it depends only on the value of the
plaintext character.

 Vigenere ciphers are polyalphabetic ciphers because Ki definitely

depends on the position of the plaintext character. However, the

dependency is cyclic. The key is the same for two characters m
46
 Block Ciphers
 In a block cipher, a group of plaintext symbols of size m (m > 1) are

encrypted together creating a group of ciphertext of the same size.

 A single key is used to encrypt the whole block even if the key is

made of multiple values.

 The below Figure shows the concept of a block cipher.

Figure Block cipher

47
Contd.

 Playfair ciphers are block ciphers. The size of the block is m = 2.

Two characters are encrypted together.

 Hill ciphers are block ciphers. A block of plaintext, of size 2 or more

is encrypted together using a single key (a matrix). In these ciphers,

the value of each character in the ciphertext depends on
 All the values of the characters in the plaintext. Although the key is

made of m × m values, it is considered as a single key.

 From the definition of the block cipher, it is clear that every block

cipher is a polyalphabetic cipher because each character in a

48
ciphertext block depends on all characters in the plaintext block.
Combination

 In practice, blocks of plaintext are encrypted individually, but

they use a stream of keys to encrypt the whole message block

by block.

 In other words, the cipher is a block cipher when looking at

the individual blocks, but it is a stream cipher when looking

at the whole message considering each block as a single unit.

49