2: Different Types of Ciphers

BY PRATYUSA MUKHERJEE, ASSISTANT PROFESSOR (I)

KIIT DEEMED TO BE UNIVERSITY

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 1

List of Topics
•Symmetric Encryption Principles
•Substitution and Transposition Ciphers
•Stream and Block Ciphers

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 2

 Basic Encryption Principles
An encryption scheme has five ingredients as depicted in Fig 1
• Plaintext: This is the original message or data that is fed into the algorithm as input.
• Encryption algorithm: The encryption algorithm performs various substitutions and transformations on
the plaintext.
• Secret key: The secret key is also input to the algorithm. The exact substitutions and transformations
performed by the algorithm depend on the key.
• Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the secret
key. For a given message, two different keys will produce two different ciphertexts.
• Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the ciphertext
and the same secret key and produces the original plaintext.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 3

Fig 1: Simplified Model of Symmetric Encryption

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 4

Essential Requirements for Secure
Symmetric Encryption
• We need a strong encryption algorithm. The opponent should be unable to decrypt ciphertext
or discover the key even if he or she is in possession of a number of ciphertexts together with the
plaintext that produced each ciphertext.
• Sender and receiver must have obtained copies of the secret key in a secure fashion and must
keep the key secure.
If someone can discover the key and knows the algorithm, all communication using this key
is readable.

What makes Symmetric Key Encryption popular??

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 5

Classification of Cryptographic Systems
➢The type of operations used for transforming plaintext to ciphertext
All encryption algorithms are based on two general principles:
• Substitution, in which each element in the plaintext is mapped into another element
• Transposition, in which elements in the plaintext are rearranged.
• The fundamental requirement is that no information be lost (that is, that all operations be reversible).
• Most systems, referred to as product systems, involve multiple stages of substitutions and
transpositions.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 6

➢ The number of keys used.
• Symmetric: If both sender and receiver use the same key. Such system is also referred to as,
single-key, secret-key, private-key or conventional encryption.
• Asymmetric: If the sender and receiver each use a different key. Such the system is also
referred to as two-key, or public-key encryption.
➢ The way in which the plaintext is processed.
• Block Cipher: It processes the input one block of elements at a time, producing an output
block for each input block.
• Stream Cipher: It processes the input elements continuously, producing output one element at
a time, as it goes along.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 7

Substitution Cipher
A substitution cipher replaces one symbol with another. Substitution ciphers
can be categorized as either monoalphabetic ciphers or polyalphabetic ciphers.

A substitution cipher replaces one symbol

with another.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 8

Monoalphabetic Ciphers
In monoalphabetic substitution, the relationship between a symbol in
the plaintext to a symbol in the ciphertext is always one-to-one.

The following shows a plaintext and its corresponding ciphertext. The

cipher is monoalphabetic because both l’s are encrypted as O’s.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 9

 Examples of Monoalphabetic Ciphers
❑Additive Cipher
The simplest monoalphabetic cipher is the additive cipher. This cipher is sometimes called a shift cipher and
sometimes a Caesar cipher, but the term additive cipher better reveals its mathematical nature.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 10

Example 1: Use the additive cipher with key = 15 to encrypt the
message “hello”.

Solution
We apply the encryption algorithm to the plaintext, character by
character:

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 11

Example 2: Use the additive cipher with key = 15 to decrypt the
message “WTAAD”.
Solution
We apply the decryption algorithm to the plaintext character by
character:

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 12

❑Shift Cipher

• Historically, additive ciphers are also called shift ciphers.

• Encryption can be considered to “shift key characters down” and decryption as
“shift key characters up”.
• Whenever we reach the end or beginning of the alphabet set, we wrap around
using modulo operation.

❑Caesar Cipher
• Julius Caesar used an additive cipher to communicate with his officers.
• For this reason, additive ciphers are sometimes referred to as the Caesar cipher.
• Caesar used a key of 3 for his communications.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 13

Cryptanalysis of Additive Ciphers
❖Brute Force Attack: The attacker systematically checks all possible keys until the correct one is
found. This is known as an exhaustive key search.
Example 3: Eve has intercepted the ciphertext “UVACLYFZLJBYL”. Show how
she can use a brute-force attack to break the cipher.
Solution Eve tries keys from 1 to 7. With a key of 7, the plaintext is “not
verysecure”, which makes sense.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 14

❖ Statistical Attack by Frequency Analysis

Adversary uses frequency of occurrences of characters to break the cipher.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 15

Example 4: Eve has intercepted the following ciphertext. Using a
statistical attack, find the plaintext.

Solution
When Eve tabulates the frequency of letters in this ciphertext, she gets:
I =14, V =13, S =12, and so on. The most common character is I with
14 occurrences. This shows that I in ciphertext is probably e in
plaintext. This means key = 4.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 16

❑Multiplicative Ciphers

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 17

Example 5: We use a multiplicative cipher to encrypt the message
“hello” with a key of 7. The ciphertext is “XCZZU”.

Solution

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 18

❑Affine Ciphers

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 19

Example 6 : Use an affine cipher to encrypt the message “hello” with
the key pair (7, 2).
Solution

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 20

Example 7: Use the affine cipher to decrypt the message “ZEBBW”
with the key pair (7, 2) in modulus 26.
Solution

Justify: The additive cipher is a special case of an affine cipher in which

k1 = 1. The multiplicative cipher is a special case of affine cipher in which k2 = 0.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 21

❑Substitution table based Monoalphabetic Ciphers
Because additive, multiplicative, and affine ciphers have small key domains, they are very vulnerable
to brute-force attack.
A better solution is to create a mapping between each plaintext character and the corresponding
ciphertext character. Alice and Bob can agree on a table depicted below showing the mapping for
each character.

Using this table we can encrypt the original message

To Ciphertext

Are they really safe? Can you conduct Known Plaintext Attack or Chosen Ciphertext Attack on them?

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 22

Polyalphabetic Cipher
In polyalphabetic substitution, each occurrence of a character may have a
different substitute. The relationship between a character in the plaintext to a
character in the ciphertext is one-to-many.
The are thus protected from single letter frequency analysis statistical attack.
Here each character of the ciphertext depends on the corresponding
plaintext character as well as its position in the original message.
As a result of this, the key K must be a stream of subkeys (k1,k2..) where ki is
used to encrypt the ith character of plaintext into ith character of ciphertext
depending upon the position of the plaintext character.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 23

Examples of Polyalphabetic Ciphers
❑Autokey Cipher
•Here the first subkey is predetermined and secretly agreed upon by Alice (sender) and Bob
(receiver).
•The second subkey is the value of the first plaintext character (between 0 to 25). Why cant they be
predecided like K1?
•The third subkey is the value of the second plaintext character etc.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 24

Example 8: Assume that Alice and Bob agreed to use an autokey cipher with initial
key value k1 = 12. Now Alice wants to send Bob the message “Attack is today”.
Enciphering is done character by character.

Solution

Is it safe??

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 25

❑Playfair Cipher

Example 9: Let us encrypt the plaintext “hello” using the subkey shown
above

Is it safe??
CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 26
❑Vigenere Cipher
Here the key stream is a repetition of the initial secret key
stream of length m where 1≤ m ≤ 25, which is predetermined
by Alice and Bob.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 27

Example 10: Let us see how we can encrypt the message “She is listening” using the 6-
character keyword “PASCAL”. The initial key stream is (15, 0, 18, 2, 0, 11). The key
stream is the repetition of this initial key stream (as many times as needed).
Solution

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 28

Vigenere cipher can be seen as combinations of m additive ciphers.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 29

We can say that the additive cipher is a special case of Vigenere cipher in which m = 1.

Table 1 A Vigenere Tableau

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 30

 Cryptanalysis of Vigenere Cipher
Let us assume we have intercepted the following ciphertext:

The Kasiski Test for repetition of three-character segments yields the

results shown below

The greatest common divisor of differences is 4, which means that the key
length is multiple of 4. First try m = 4.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 31

Divide Ciphertext into pieces of 4. C1 is made of characters 1,5,9…; C2 with 2,6,10… Use
Frequency Analysis on each piece and read each deciphered character one at a time to get a
meaningful plaintext.

In this case, the plaintext makes sense.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 32

❑Hill Cipher

The key matrix in the Hill cipher needs to

have a multiplicative inverse.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 33

Example 11: For example, the plaintext “code is ready” can make a 3 × 4 matrix when
adding extra bogus character “z” to the last block and removing the spaces. The
ciphertext is “OHKNIHGKLISS”.
Solution

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 34

 Cryptanalysis of Hill Cipher

Assume that Eve knows that m = 3. She has intercepted three plaintext/ciphertext pair
blocks (not necessarily from the same message) as shown below

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 35

She makes matrices P and C from these pairs. Because P is invertible, she inverts the P
matrix and multiplies it by C to get the K matrix as shown below.

Now she has the key and can break any ciphertext encrypted with that key.

Do you really think Polyalphabetic Ciphers are completely safe??

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 36

One-Time Pad
•One of the goals of cryptography is perfect secrecy.
•A study by Shannon has shown that perfect secrecy can be achieved if each
plaintext symbol is encrypted with a key randomly chosen from a key
domain.
•This idea is used in a cipher called one-time pad, invented by Vernam.

What can be the advantages and disadvantages of using OTP?

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 37

Rotor Cipher

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 3.38

Enigma Machine

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 3.39

Transposition Cipher
A transposition cipher does not substitute one symbol for another, instead it
changes the location of the symbols.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 40

Keyless Transposition Ciphers
❑Rail
. Fence Cipher

For example, to send the message “Meet me at the park” to Bob, Alice writes

She then creates the ciphertext “MEMATEAKETETHPR”.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 3.41

❑Simple Columnar Transposition Technique

Alice and Bob can agree on the number of columns and use the second method. Alice
writes the same plaintext, row by row, in a table of four columns.

She then creates the ciphertext “MMTAEEHREAEKTTP”.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 42

Keyed Transposition Cipher
•The keyless ciphers permute the characters by using writing plaintext in one way and reading it in
another way.
•The permutation is done on the whole plaintext to create the whole ciphertext.
•Another method is to divide the plaintext into groups of predetermined size, called blocks, and
then use a key to permute the characters in each block separately.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 3.43

Example 12: Alice needs to send the message “Enemy attacks tonight” to Bob.

The key used for encryption and decryption is a permutation key, which
shows how the character are permuted.

The permutation yields

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 44

Combining Two Approaches

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 3.45

 ❑Using Matrices
We can use matrices to show the encryption/decryption process for a transposition
cipher.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 46

Double Transposition Ciphers

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 3.47

Stream Ciphers
.

Call the plaintext stream P, the ciphertext stream C, and the key stream K

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 3.48

 Note 1

Additive ciphers can be categorized as stream ciphers in which the key

stream is the repeated value of the key. In other words, the key stream is
considered as a predetermined stream of keys or
K = (k, k, …, k). In this cipher, however, each character in the ciphertext
depends only on the corresponding character in the plaintext, because the key
stream is generated independently.

Note 2

The monoalphabetic substitution ciphers discussed in this chapter are also

stream ciphers. However, each value of the key stream in this case is the
mapping of the current plaintext character to the corresponding ciphertext
character in the mapping table.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 49

 Note 3

Vigenere ciphers are also stream ciphers according to the definition. In this case,
the key stream is a repetition of m values, where m is the size of the keyword. In
other words,

Note 4

We can establish a criterion to divide stream ciphers based on their key streams.
We can say that a stream cipher is a monoalphabetic cipher if the value of ki does
not depend on the position of the plaintext character in the plaintext stream;
otherwise, the cipher is polyalphabetic.

3.50 CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE

 Note 5
Additive ciphers are definitely monoalphabetic because ki in the key stream is
fixed; it does not depend on the position of the character in the plaintext.
Note 6
Monoalphabetic substitution ciphers are monoalphabetic because ki does not
depend on the position of the corresponding character in the plaintext stream; it
depends only on the value of the plaintext character.
Note 7
Vigenere ciphers are polyalphabetic ciphers because ki definitely depends on the
position of the plaintext character. However, the dependency is cyclic. The key is
the same for two characters m positions apart.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 51

Block Ciphers
•In a block cipher, a group of plaintext symbols of size m (m > 1) are encrypted together creating a
group. of ciphertext of the same size.
•A single key is used to encrypt the whole block even if the key is made of multiple values.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 3.52

 Note 8

Playfair ciphers are block ciphers. The size of the block is m = 2. Two characters are
encrypted together.
Note 9
Hill ciphers are block ciphers. A block of plaintext, of size 2 or more is encrypted
together using a single key (a matrix). In these ciphers, the value of each character in the
ciphertext depends on
all the values of the characters in the plaintext. Although the key is made of m × m
values, it is considered as a single key.
Note 10

From the definition of the block cipher, it is clear that every block cipher is a
polyalphabetic cipher because each character in a ciphertext block depends on all
characters in the plaintext block.
CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 53
Combination of Stream and Block
Ciphers
•In practice, blocks of plaintext are encrypted individually, but they use a stream of keys to encrypt
the whole message block by block.
•In other words, the cipher is a block cipher when looking at the individual blocks, but it is a
stream cipher when looking at the whole message considering each block as a single unit.

CRYOTOGRAPHY NOTES BY PRATYUSA MUKHERJEE 3.54