PERFECT SUBSTITUTION

The Perfect Substitution Cipher
 Use many alphabets to produce a perfectly flat

distribution with no recognizable pattern for the
choice of any alphabet at any given point.
 Suppose the Vigenère Tableau were extended
infinitely with a random key
 Would defy the Kasiski Method. Any repeat
encryptions would be purely coincidental
 IC = 0.038 suggesting a totally random
encryption.
Network & Information
Security Prof. Shawkat K. Guirguis 1
One-time Pads
 Called the perfect cipher because it uses an
arbitrarily long encryption key
 Sender and receiver are provided a book of keys
and encryption tableaus. If each key has length
= 20, then a 300 letter message would require
15 keys pasted adjacently. After encryption and
subsequent decryption, both sender and receiver
destroy the keys.
 No key is ever used twice.
Problems with One-time Pads
 Requires absolute synchronization
between sender and receiver
 Need exists for an unlimited number of

keys
 Publishing, distributing and securing keys

is a major problem - an administrative
burden
Use Of Random Numbers
 Approximates one-time pads

 computer generated random numbers must
be scaled to the interval [0, 25]
 Requires complete synchronization
between sender and receiver
 RN Generators are not truly random, and
given enough ciphertext, they can be
broken
INFINITE KEYS
Using Long RN Sequences
 RANDNOi+1 = c  RANDNOi + b mod w
where w is a large integer, typically 2x
 Short messages are generally pretty secure;

long messages are vulnerable to probable
word attacks

The Vernam Cipher
 The Vernam cipher is a type of one-time pad devised by
Gilbert Vernam for AT&T.
 The Vernam cipher is immune to most cryptanalytic
attacks.
 The basic encryption involves an arbitrarily long
nonrepeating sequence of numbers that are combined
with the plaintext.
 Vernam's invention used an arbitrarily long punched
paper tape that fed into a teletype machine.
 The tape contained random numbers that were
combined with characters typed into the teletype.
 The sequence of random numbers was non-repeating,
and each tape was used only once.
The Vernam Cipher (cont.)
 As long as the key tape does not repeat or is
not reused, this type of cipher is immune to
cryptanalytic attack because the available
ciphertext does not display the pattern of the
key.
 A model of this process is shown in next

Figure 2-7.

Vernam Model
Long Random Number Sequence
Original
Plaintext Ciphertext Plaintext
 
Encryption Decryption
 denotes an XOR or other combining function

Example:
 We will perform a Vernam encryption in
decimal notation.
 Assume that the alphabetic letters are
combined by sum mod 26 with a stream of
random two-digit numbers.
 If the message is VERNAM CIPHER
 the letters would first be converted to their
numeric equivalents, as shown here:
V E R N A M C I P H E R
21 4 17 13 0 12 2 8 15 7 4 17
Example: (cont.)
 Next we need some random numbers to
combine with the letter codes.
 Suppose the following series of random
two-digit numbers is generated.
76 48 16 82 44 03 58 11 60 05 48 88
 The encoded form of the message is the

sum mod 26 of each coded letter with
the corresponding random number.
 The result is then encoded in the usual

base-26 alphabet representation.
Vernam Example
plaintext V E R N A M C I P H E R
numeric equivalent 21 4 17 13 0 12 2 8 15 7 4 17
+ random number 76 48 16 82 44 3 58 11 60 5 48 88
= sum 97 52 33 95 44 15 60 19 75 12 52 105
 mod 26 19 0 7 17 18 15 8 19 23 12 0 1
ciphertext t a h r s p i t x m a b

Example: (cont.)
 In this example, the repeated random number
48 happened to fall at the places of repeated
letters, accounting for the repeated ciphertext
letter a; such a repetition is highly unlikely.
 The repeated letter t comes from different

plaintext letters, a much more likely
occurrence.
 Duplicate ciphertext letters are generally

unrelated with this encryption algorithm.

The Binary Vernam Cipher
 This scheme works just as well with an
"alphabet" of any other base.
 In order to encrypt a binary string (perhaps a

series of words of binary data), random
binary digits can be combined mod 2 with
bits from the binary string.
 The result is another binary string .

The Binary Vernam Cipher
(cont.)
For example, the binary number
101101100101011100101101011100101
can be encoded with the random binary stream
101111011110110101100100100110001
to produce the following ciphertext.
000010111011101001001001111010100
 Binary addition mod 2 can be calculated by the "exclusive-or"

function, which is addition without carry.
 Exclusive or is often supplied as a basic machine instruction on

computers, making it easier to implement this algorithm.
 Adding 0 produces no change, whereas adding 1

"complements" or reverses a bit.

Example
Encrypt the word “ABC” with the key “tom”

using binary vernam cipher?

Characteristics of RNGs
 Many encryption algorithms rely on
random numbers
 RNGs produce long period sequences but
the cycle eventually repeats
 The linear congruential RNG is the
most common type - requires a seed
value
NEW_RANDNO := (A*OLD_RANDNO + B) mod N
A, B and N are constants; seed number and N must be prime relative to N

Cracking Random Number
Generators
 Notice that many encryption algorithms, like the
Vernam cipher, incorporate random numbers.
 The safety of the encryption depends on the
randomness of the numbers used.
 A random sequence for a Vernam cipher has to be
truly random, meaning without any discernible
pattern.
 For example, the binary string 01010101 has the
obvious pattern of alternating 0s and 1s. Such a
string would make a very bad choice for a random
stream because of the discernible pattern.
Generators (cont.)
 Where can we get truly random numbers, especially in a form
easy to use with computers?
 The two-digit decimal numbers used in the Vernam cipher
example are middle digits from a list of phone numbers in a
residential directory.
 As such, they would be expected to be free from patterns.
(There may still be some non-uniformity because many easy-to
remember sequences, such as ddd-d000, ddd-1234, or ddd-
1212, are assigned to businesses.
 Exploiting that non-uniformity would require the interceptor to
acquire and analyze great amounts of ciphertext.)
 A telephone directory is rather limited as a source of random
numbers, and the numbers may not be available in a machine-
readable format.
Generators (cont.)
 A more common source of random numbers is a
pseudo-random number generator computer
program.
 Contrary to their name, these programs generate
numbers from a predictable, repeating sequence.
 The most common type, the linear congruential
random number generator, begins with an initial
value or "seed," ro. Each successive random number
ri+1 is generated by
ri+1 = (a * ri + b) mod n
where a, b, and n are constants.
Generators (cont.)
 Often, n is chosen as 1 more than the maximum number
that can be stored in a computer word, so that this
computation can be performed by discarding any portion
of the intermediate result that exceeds storage.
 This generator produces random integers between 0 and
n - 1. (See [KNU81] for a thorough study of random
number generators.)
 If ro and a are relatively prime to n, each number
between 0 and n - 1 will be generated before the
sequence repeats.
 But once the repetition begins, the entire sequence
repeats in order.

Generators (cont.)
 The problem with this form of random
number generator is its dependability.
 Because each number depends only on the
previous number, you can determine
constants by solving a series of equations.
r1 = a*r0 + b mod n
r2 = a*r1 + b mod n
r3 = a*r2 + b mod n
 An interceptor who has r0, r1, r2 and r3 can
Network &solve
Security
for a, b, Prof.
Information n. K. Guirguis
andShawkat 21
Generators (cont.)
 An interceptor can get r0, r1, r2 and r3 by a
probable word attack. (See Next Slide)
 With a Vernam cipher, each ciphertext letter
comes from the formula: ci = ri + pi mod 26.
 If an interceptor of the ciphertext guesses
that the message starts with MEMO (M = 12,
E = 4, O = 14), the interceptor can try to
substitute probable values of Pi and solve for
values of ri.
Probable Word Attacks
 Given the structure of the linear congruential

RNG, assume the first few ciphertext
characters represent some likely word such
as ‘MEMO,’ ‘DATE’ or ‘FROM’
 Inserting the numeric equivalents for the
plaintext probable words, a system of
simultaneous equations can be developed
and solved
Generators (cont.)
r0 = c0 – 12 mod 26
r1 = c1 – 4 mod 26
r2 = c2 – 12 mod 26
r3 = c3 – 14 mod 26
 With these values of r0 to r3, the interceptor may be

able to solve the three equations for a, b, and n.
 Given those, the interceptor can generate the full

sequence of random numbers and obtain plaintext
directly.

CRYPTOANALYTIC TOOLS
FOR SUBSTITUTION CIPHERS
 Frequency distribution
 Index of coincidence
 Consideration of highly likely letters
and probable words
 Pattern analysis and Kasiski approach
 Persistence, organization, ingenuity,
and luck


PERFECT SUBSTITUTION

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PERFECT SUBSTITUTION

Uploaded by

Copyright:

Available Formats

The Perfect Substitution Cipher

 Use many alphabets to produce a perfectly flat

 Need exists for an unlimited number of

 Publishing, distributing and securing keys

 Approximates one-time pads

 RANDNOi+1 = c  RANDNOi + b mod w

where w is a large integer, typically 2x

 Short messages are generally pretty secure;

Network & Information

 A model of this process is shown in next

Network & Information

 denotes an XOR or other combining function

Network & Information

 The encoded form of the message is the

 The result is then encoded in the usual

Network & Information

 The repeated letter t comes from different

 Duplicate ciphertext letters are generally

Network & Information

 In order to encrypt a binary string (perhaps a

 The result is another binary string .

Network & Information

 Binary addition mod 2 can be calculated by the "exclusive-or"

 Exclusive or is often supplied as a basic machine instruction on

 Adding 0 produces no change, whereas adding 1

Network & Information

Encrypt the word “ABC” with the key “tom”

Network & Information

A, B and N are constants; seed number and N must be prime relative to N

Network & Information

 Given the structure of the linear congruential

 With these values of r0 to r3, the interceptor may be

 Given those, the interceptor can generate the full

Network & Information

Network & Information

You might also like