Cryptography Programming Workshop, Project 1

Submit by November 14, 2021

This project will work with binary strings. (Note that in class we discussed
character strings but the requirements of the project are different to make it
simpler.)
You are required to implement the programs in Python. (If you plan on
using special modules in Python then ask us before using them, to make sure
that we allow it.) You can use any python version higher than 3.6.
For each program, you should also write a short description of the
algorithm that you implemented.
Prepare your answer alone. If you use some resource on the web
(Wikipedia, github, stackoverflow, etc.) then clearly describe how
you used that resource.

Submission Instructions
The submission should contain a single file (‘.py’, see below). The first line of
your file must be a comment with:
⟨f irstname⟩⟨comma⟩⟨lastname⟩⟨comma⟩⟨ID⟩
The second line of your file must be a comment:
⟨P ython V ersion⟩
Example:
#I s r a e l , I s r a e l i , 1 2 3 4 5 6 7 8 9
#Python 3 . 8

Attach this file to an email with TITLE: “Sadna Crypto Ex1 ⟨ID⟩” No need
to add text to the email. Send the email to ‘[email protected]’. A submission
that does not follow the above format might be skipped (without being checked
and graded).

Python
Submit a file named ex1.py with the implementation of the following functions:

• my xor(lhs, rhs)
• original1(encrypted)

1
 • original2(encrypted)
• repeated xor(plaintext, key)
• break vigenere(source path, target path)

1 Fixed XOR
Write a function that takes two equal-length binary strings (‘bytes‘) and returns
a bytes string which is the XOR of the two input strings. For example, if the
first ASCII character of the first string is represented by 0x11 and the first
character in the second string is represented by 0x22, then the first char of the
output is 0x33. (You can try this by the python command ”hex(0x11ˆ0x22)”;
the ‘ˆ’ symbol in python represents the XOR operation).
The required function signature is:
my xor(lhs, rhs)

1.1 Example
r e s = my xor ( b”\ x11 \ x22 ” , b”\ x22 \ x11 ” )
Input (represented in hex):
lhs=”1122”, rhs=”2211”
Output:
res=”3333”

2 Single character XOR cipher

Write a function which receives as an input a string which was computed in the
following way:
• An English text in ASCII is stored as a string of characters (buf ).
• A key which is a single character (k) was chosen.
• Each character in buf was XORed with k.
• The resulting string, represented as a binary string, is the only input to
your function.
Your function should output the original English text (buf ), represented as a
binary string (your function should return the output).
We will test two variants for this question
1. In the first variant buf is an English text in lower case letters without
special characters, and where all kinds of spaces were removed (i.e. it is
just a binary string representation of lower-case letters in English). The
required function signature is:
original1(encrypted)

2
 2. In the second variant, buf is an arbitrary English text with spaces, upper
case letters, digits, and the punctuation marks ,.:!?. The required func-
tion signature is:
original2(encrypted)
We will test your programs using a random English text that matches the
above requirements.
Note that if you have a method to identify if a certain string is an English
text then it is easy to identify the right key. The program should work well
with an input text of about 100 characters. Bonus points will be awarded to a
program which works well with inputs of about 40 characters.

2.1 Example
Text with only lower case English:
thebaldeagle
The plaintext is:
b”thebaldeagle”
We choose the key ‘L’:
b”L”
By XORing the text with the key we get (hexlified) encrypted:
3824292e2d2028292d2b2029

plaintext =
o r i g i n a l h e x 1 ( b”\ x38 \ x24 \ x29 \ x2e \ x2d \ x20 \ x28 \ x29 \ x2d \ x2b \ x20 \ x29 ” )
Input:
encrypted=b”\x38\x24\x29\x2e\x2d\x20\x28\x29\x2d\x2b\x20\x29”
Output:
plaintext=b”\x74\x68\x65\x62\x61\x6c\x64\x65\x61\x67\x6c\x65”

3 Implement repeating-key XOR

Implement a function which receives two binary strings:

• A binary string representation of a plaintext (plain) (along with its length).

• A binary string representation of a key (key) (along with its length).
The function outputs the binary string representation of the encryption of the
plaintext by repeatedly XORing it with the key. Namely, character i in plain
is XORed with character (i mod |key|) in key.
The required function signature is:
repeated xor(plaintext, key)

3
3.1 Example
Text
thebaldeagle
The plaintext is:
b”\x74\x68\x65\x62\x61\x6c\x64\x65\x61\x67\x6c\x65”
We choose the key “LMN”:
b”\x4C\x4D\x4E”
By XORing the text with the key we get encrypted:
b”\x38\x25\x2b\x2e\x2c\x22\x28\x28\x2f\x2b\x21\x2b”

res =
r e p e a t e d x o r ( b”\ x74 \ x68 \ x65 \ x62 \ x61 \ x6c \ x64 \ x65 \ x61 \ x67 \ x6c \ x65 ” ,
”\x4C\x4D\x4E ” )
Input:
plaintext=b”\x74\x68
\x65\x62\x61\x6c\x64\x65\x61\x67\x6c\x65”, key=”\x4C\x4D\x4E”
Output:
res= b”\x38\x25\x2b\x2e\x2c\x22\x28\x28\x2f\x2b\x21\x2b”

4 Break repeating-key XOR

This is the most complicated part of your project. You will receive a binary file
which was generated by encrypting an English text by repeated key-XORing
(as in Question 3). For this part, you don’t know the key, and you don’t even
know the length of the key.
You need to do a cryptanalysis of this file. Your task has two parts: finding
the length of the key, and decrypting the file. Your final output should be the
original file and the length of the key.
The required function signature is:
break vigenere(source path, target path)
The function reads a file named ‘<source path>’ and writes the output to a file
named ‘<target path>’. The function also returns the length of the key.
The function will be tested against several inputs of different lengths. The
input files will contain English text in lower case letters without special char-
acters, and where all spaces are removed, as in original1(encrypted) of Question
2.
Try to design a function which will work with the shortest possible input
length.

4.1 Example
Assume we have the following plaintext
thebaldeagle
Which, in hex representation is:

4
74686562616C646561676C65
We choose the key “LMN”:
4C4D4E
By XORing the text with the key we get the ciphertext:
38252B2E2C2228282F2B212B
So the file ‘<source path>’ contains the bytes with hex representation:
38252B2E2C2228282F2B212B

key len = break vigenere ( sousrce path , target path )

Input:
‘<source path>’ Output:
key len=3 and the file ‘<target path>’ (in the same directory as the Python
script) that contains bytes with the hex representation: ”74686562616C646561676C65”.

4.2 Decrypting the file

Suppose that you already know the length of the key, t. Then all characters in
locations i, j which satisfy i = j mod t are encrypted by XORing them with the
same character of the key. Therefore cryptanalysis can be done as in Question 2.

4.3 Finding the length of the key

Denote the input buffer as cipherhex. Suppose that the length of the key is
t. Then if we compute the XOR of the characters in locations 0, . . . , t − 1 in
cipherhex with the characters in locations t, . . . , 2t − 1 in cipherhex, then
the characters of the key will be cancelled out, and we will obtain the XOR of
the string of the first t characters of the plaintext with the string of the second
set of t characters of the plaintext. This is the XOR of an English text with
an English text, and has a special characteristic. The same happens if we take
any string of t characters in cipherhex and XOR it with any t-character string
whose distance from the first string is a multiple of t.
On the other hand, if we choose a different value t′ ̸= t and compute the
XOR of the characters in locations 0, . . . , t′ − 1 with the characters in locations
t′ , . . . , 2t′ − 1, then in location i we obtain the XOR of two letters in English and
the key characters in locations i mod t, and (i + t′ ) mod t. The key characters
do not cancel out (unless they happen to be equal) and the distribution of the
result will be far away from the first distribution.
So your task is to identify the result which is the XOR of two English texts.
The latter has a much higher probability of including the 0 character, and
therefore, a simple procedure for finding t can work as follows:
• Go over values of t starting from t = 1
• For each value of t compute the XOR of adjacent ciphertext strings of
length t, and count the frequency of obtaining zeroes.

5
 • The smallest t value which results in a substantially higher frequency of
zeroes is probably the key length.
A more involved method could compute the sum-of-squares of the differences
between the observed distribution of characters in XOR, and the uniform dis-
tribution. This value should be maximal when we find the correct value of t.
Another method could compute the sum-of-squares of the differences between
the observed distribution of characters in XOR, and the distribution of the XOR
of two English texts. This value should be minimal when we find the correct
value of t.

5 Break shifted repeating-key XOR

You will receive a binary file which was generated by encrypting an English text
by repeated XORing with a shifted key, in a way that is described below. You
do not know the key or the length of the key.

5.1 The encryption function

(You do not need to implement this function.) The encryption function that we
use receives two binary strings:

• A binary string representation of a plaintext.

• A binary string representation of a key.
Suppose that the length of the key in characters is s. The function first generates
s versions of the key: The key k0 is the original key. The key ki , for i =
1, . . . , s − 1, is generated by cyclicly shifting ki−1 to the left by one character.
(Note that the shift is by a character, not by a bit.) For example, if the original
key is secret then k0 =secret, k1 =ecrets, k2 =cretse, etc.
Let fullkey by k0 k1 . . . ks−1 . This string is of length s2 . In the example
above it is the string secretecretscretse. . . tsecre of length 36 characters.
Encryption is performed by repeatedly XORing the plaintext with fullkey.

5.2 Your task

You need to do a cryptanalysis of this encryption.
The required function signature is:
break shiftedvigenere(source path, target path)
As before, the function reads a file named ‘<source path>’ and writes the output
to a file named ‘<target path>’. The function also returns the length of the
key. It should have the same fingerpring as is defined in Section 4.1.
The function will be tested against several inputs of different lengths. The
input files will contain English text in lower case letters without special char-
acters, and where all spaces are removed, as in original1(encrypted) of Question
2.

6
 Try to design a function which will work with the shortest possible input
length.