Scribd
Upload
560 views3 pages

Vigenere Cipher

The document discusses the Vigenere cipher and its cryptanalysis. It explains that the Vigenere cipher uses a keyword to shift letters in the plaintext by different amounts at each position. Two main methods are described for determining the keyword length: Kasiski's method looks for repetitions in the ciphertext, and Friedman's method calculates the index of coincidence for different key lengths. Transposition ciphers are also introduced, along with the permutation cipher and Hill cipher variations.

Uploaded by

asd
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
560 views3 pages

Vigenere Cipher

The document discusses the Vigenere cipher and its cryptanalysis. It explains that the Vigenere cipher uses a keyword to shift letters in the plaintext by different amounts at each position. Two main methods are described for determining the keyword length: Kasiski's method looks for repetitions in the ciphertext, and Friedman's method calculates the index of coincidence for different key lengths. Transposition ciphers are also introduced, along with the permutation cipher and Hill cipher variations.

Uploaded by

asd
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

For example, for codeword HELLO and plaintext SEE ME AFTER CLASS, we obtain

SEEME AFTER CLASS


HELLO HELLO HELLO

ZIXPS HJEPF JPLDG

![[Pasted image 20230130170435.png]]

### Formal Definition


For codeword length $d$, we have

$M = Z_{26}^d$
$C=Z_{26}^d$
$K=Z_{26}^d$
$E_k(m1,\dots,m_{d)}= (c_1,\dots,c_d)$ where $c_{i}= [(m_i+k_i)\%26]$
$D_k(c_1,\dots,c_{d)}= (m_1,\dots,m_d)$ where $m_{i}= [(c_i-k_i)\%26]$

![[Pasted image 20230130170608.png]]

### Cryptanalysis of the Vigenere Cipher


Basic approach to cryptanalysis of the Vigenere cipher:
- find $d$
- use [[Shift Cipher]] method for each codeword position

How do we find $d$ ?


Two approaches: Kasiski method (1863), Friedman's *index of coincidence*

![[Pasted image 20230130171145.png]]

### Kaiski's Method

Look for repetitions of three or more letters in ciphertext, e.g.,


```
TOB EOR NOT TOB E
NOW NOW NOW NOW N

GCX RCN ACP GCX R


```

We see *GCX* repeated after 9 characters, suggesting $d=3$ or $d=9$ In general, if


we discover *[[Period|periods]]* $p_1,\dots,p_k$ in the ciphertext, we would expect
$d$ to divide $gcd(p_1,\dots,p_k)$

![[Pasted image 20230130174950.png]]

### Friedman's Method

- We want to test wheter the key length is $l'$


- Write the ciphertext in an array with $l'$ columns
- If $l'$ is the actual key length each column corresponds to plaintext characters
shifted by the same character - so the obserived [[Index of Coincidence (IC)|IC]] $
(=\sum\limits_0^{25}q_i^2)$ of any column should be $\approx 0.065$
- If the guess is incorrect, the IC will be closer to that of a random string $26(\
frac{1}{26})^{2}\approx 0.038$
- Take $l'$ to be the smallest $l$ that gives an average column IC $\approx 0.065$
- Once we have $l'$ we're back to the monoalphabetic case
![[Pasted image 20230201133045.png]]

### Correlation Example

Consider the ciphertext

```
QPWK ALVR XCQZ IKGR BPFA EOMF LJMS DZVD HXCX JYEB IMTR QWNM
EAIZ RVKC VKVL XNEI CFZP ZCZZ HKML VZVZ IZRR QWDK ECHO SNYX
XLSP MYKV QXJT DCIO MEEX DQVS RXLR LKZH OV
```

We get the following average IC values for key length up to 10:


| 1 | 2 | 3 | 4 | 5 |
| ----- | ----- | ----- | ----- | ----- |
| 0.043 | 0.046 | 0.040 | 0.045 | 0.070 |
| 6 | 7 | 8 | 9 | 10 |
| 0.038 | 0.038 | 0.040 | 0.044 | 0.079 |

Exercise: find the key!


![[Pasted image 20230201134319.png]]

### Transposition Ciphers


Transposition ciphers involce a rearrangement of plaintext characters, as opposed
to a character-by-character substitution.
The most simple transposition cipher is the *permutation* cipher.

$P=(Z_{26})^l$
$C=(Z_{26})^l$
$K=\{\pi | \pi : [l] \rightarrow [l]\}$ is a permutation

$Enc_\pi(m_1,m_2,\dots,m_{l)}=(m_{\pi(1)},\dots,m_{\pi(l)})$
$D_\pi(c_1,c_2,\dots,c_l)=(c_{\pi^{-1}(1)},\dots,c_{\pi^{-1}(l)})$

![[Pasted image 20230201135127.png]]

### Permutation Cipher - Matrix View


We can view the encryption (decryption) operations as multiplication by the $l$
character plaintext (resp. ciphertext) can appropriate $l$ x $l$ matrix.
We define the matrix $K_\pi-(k_{i,j})$

$k_{i,j}=\begin{Bmatrix}1 & \text{if} \ i=\pi(j) \\0 & \text{otherwise} \


end{Bmatrix}$
Then $e_\pi(m)=mK_\pi$ and $d_\pi(c)=cK_\pi^{-1}$, where $m=(m_1,\dots,m_l)$ and
$c=(c_1,\dots,c_l)$

![[Pasted image 20230201140245.png]]

### The Hill Cipher


We can generalize this matrix approach by letting $K$ be *any* invertible matrix
(say over $Z_N$,) so that {$K\ |\ K$ is a $l$ x $l$ invertible matrix}, and $e_\
pi(m)=mK$ and $d_\pi(c)=cK^{-1}$

While ciphertext-only cryptanalysis of the Hill cipher is more difficult, there is


a simple known-plaintext attack. Suppose we have $l$ plaintext/ciphertext pairs. We
can form a matrix $M$ of plaintexts and $C$ ciphertexts. Assuming $M$ is
invertible, we have $K=M^{-1}C$. For a chosen-plaintext attack, we can ensure the
$M$ is invertible.

![[Pasted image 20230201142128.png]]

## Questions
- How to read the table in [[Vigenere Cipher#Correlation Example]]
- How to find the key
- In [[Vigenere Cipher#Kaiski's Method]], what is $d=3$ and $d=9$ mean?
- What does $d$ represent?
- In [[Vigenere Cipher#Transposition Ciphers]] what is $l$
- In [[Vigenere Cipher#Permutation Cipher - Matrix View]], what is $k_{i,j}$ and
what are $i,j$
- What is $cK_\pi^{-1}$?
- What is $c$
- What is $m$
- In the line if $i=\pi(j)$ is there a different meaning of $\pi$? It seems
to be written as a function, but $\pi$ is a float
- In [[Vigenere Cipher#The Hill Cipher]]

#questions

You might also like