Name: Shahadatul Islam

ID: 1921430
Submitted to: Mohammad Noor Nabi
Problem -1
We received the following ciphertext which was encoded with a shift cipher:
Xultpaajcxitltlxaarpjhtiwtgxktghidhipxciwtvgtpilpitghlxiwiwtxgqadds

a. Perform an attack against the cipher based on a letter frequency count:

How many letters do you have to identify through a frequency count to
recover the key? What is the cleartext?

Ans-
In this case, only one letter, ‘e,’ was identified, and this gave the shift value
for the cipher. Decoded =
ifweallunitewewillcausetheriverstostainthegreatwaters withtheirblood
= if we all unite we will cause the rivers to stain the great waters with their blood

b. Who wrote this

message? Ans-
Tecumseh

Problem-2

This problem deals with the affine cipher with the key parameters a = 7, b = 22.
a. Decrypt the text below:
falszztysyjzyjkywjrztyjztyynaryjkyswarztyegyyj
=FIRSTTHESENTENCEANDTHENTHEEVIDENCESAIDTHEQUEEN

After inserting spaces:

FIRST THE SENTENCE AND THEN THE EVIDENCE SAID THE QUEEN

b. Who wrote the

line? Lewis Carroll
Problem-3
A ciphertext has been generated with an affine cipher. The most frequent letter of the
ciphertext is 'B', and the second most frequent letter of the ciphertext is 'U'. Break this
code.
Ans-
First, we need to find the frequency of letters in the ciphertext. We can use a frequency
analysis tool or count the letters manually. Let's assume we have done that and found
that "B" is the most frequent letter and "U" is the second most frequent letter.

Next, we need to find the key used in the affine cipher. The affine cipher has two
parameters: a and b. We can use the following formula to find the key: a^-1 = (m - b)
mod 26 where m is the size of the alphabet (26 in English), and mod 26 means the
result should be in the range of 0 to 25.
To find a, we need to know the inverse of (m - b) mod 26. We can use the extended
Euclidean algorithm to find the inverse. Let's assume we have done that and found that
the inverse of (m - b) mod 26 is 9.
Now we can find a by using the formula: a = (9 * (f1 - f2)) mod 26 where f1 is the
frequency of the most frequent letter (in this case, "B"), and f2 is the frequency of the
second most frequent letter (in this case, "U"). Let's assume we have done that and
found that a is 3.

Finally, we can find b by using the formula: b = (f1 - a * (letter - 'A')) mod 26 where
letter is any known plaintext letter and 'A' is the ASCII code of the first letter in the
alphabet (in this case, 65). Let's assume we know that the plaintext letter
corresponding to the ciphertext letter "B" is "E". We can substitute these values into
the formula and solve for b: 2 = (3 * (4 - 0)) mod 26 b = (2 - 3 * (4 - 65)) mod 26 b = 23

Now we have found the key (a=3, b=23) and can decrypt the ciphertext using the
inverse formula: plaintext = a^-1 * (ciphertext - b) mod 26 Let's assume the ciphertext is
"BUBUBUBU". We can substitute these values into the formula and decrypt the
ciphertext: plaintext = 9 * (1 - 23) mod 26 =

Problem-4
Modular arithmetic is the basis of many
cryptosystems. Compute the result without a
calculator.
a. 15 · 29 mod 13
b. 2 · 29 mod 13
c. 2 · 3 mod 13
d. −11 · 3 mod 13
The results should be given in the range from 0,1, . . ., modulus-1. Briefly describe the
relation between the different parts of the problem.

Ans-
a. 15 · 29 mod 13 = (2 * 3) |13| = 6 |13|
b. 2 · 29 mod 13 = (2 * 3) |13| = 6 |13|
c. 2 · 3 mod 13 = (2 * 3) |13| = 6 |13|
d. −11 · 3 mod 13, -11 is in equivalence class {… -11, 2, 15, …}, so; = (2 * 3) |13| = 6 |13|

In all 4 cases the first integer of the product is a member of the equivalence class {… -
11, 2, 15, …} and the second integer of the product is a a member of the equivalence
class {… 3, 16, 29, …}, thus all products are equal.
The results should be given in the range from 0,1,…, modulus-1.
Briefly describe the relation between the different parts of the
problem.

Problem -5
a.
Construct the addition and multiplication table for ℤ4.
b.
Construct the addition and multiplication tables for ℤ5.
c.
Construct the addition and multiplication tables for ℤ଼8.
d.
There are elements in ℤ4 and ℤ଼8 without a multiplicative inverse. Which
elements are these? Why does a multiplicative inverse exist for all nonzero
elements in ℤ5?
e.
What is the multiplicative inverse of 5 in ℤ11

Ans-
a. To construct the addition and multiplication table for ℤ4, we list all the elements in
ℤ4, which are {0, 1, 2, 3}.

The addition table is:

+|0123
+
0|012
3
1|1230
2|2301
3|3012

The multiplication table is:

×|0123
+
0|000
0
1|0123
2|0202
3|0321

b. To construct the addition and multiplication tables for ℤ5, we list all the elements in
ℤ5, which are {0, 1, 2, 3, 4}.

The addition table is:

+|01234
+
0|01234
1|12340
2|23401
3|34012
4|40123

The multiplication table

is:
×|01234
 +
0|00000
1|01234
2|02413
3|03142
4|04321
c. To construct the addition and multiplication tables for ℤ₈, we list all the elements in
ℤ₈, which are {0, 1, 2, 3, 4, 5, 6, 7}.

The addition table is:

+|01234567
+
0|012345
67
1|12345670
2|23456701
3|34567012
4|45670123
5|56701234
6|67012345
7|70123456

The multiplication table is:

×|01234567
+
0|000000
00
1|01234567
2|02460246
3|03614725
4|04040404
5|05274163
6|06420642
7|07654321

d. In ℤ4, the elements without a multiplicative inverse are 0 and 2.

This is because when we multiply any element by 0 or 2, we don't get 1 as the result.

In ℤ₈, the elements without a multiplicative inverse are 0, 2, 4, and 6.

This is because when we multiply any element by these numbers, we don't get 1 as the
result.

In ℤ5, a multiplicative inverse exists for all nonzero elements.

This is because ℤ5 is a field, which means that every nonzero element has a
multiplicative inverse.

e. To find the multiplicative inverse of 5 in ℤ11, we need to find a number x such that
5x ≡ 1 (mod 11). By trying different values of x, we find that x = 9 satisfies the equation,
so the multiplicative inverse of 5 in ℤ11 is 9.

Problem-6
Assume an OTP-like encryption with a short key of 256 bit. This key is then being
used periodically to encrypt large volumes of data. Describe how an attack works
that breaks this scheme

Ans-
  Attacker knows encryption scheme uses a 128-bit key periodically to encrypt
large volumes of data.
 Attacker collects a large amount of ciphertext, preferably multiple periods of key
usage.
 Attacker divides ciphertext into blocks of 128 bits each.
 Attacker performs statistical analysis on each block, looking for patterns or
correlations.
 The attacker can use techniques such as frequency analysis, comparing the
distribution of characters in the ciphertext blocks to the expected distribution
of characters in the plaintext language.
 Attacker makes educated guesses about the key and attempts to decrypt the
ciphertext.
 Attacker tests candidate key against ciphertext to see if it produces
meaningful plaintext. If it does, encryption scheme is broken.

The attack can be represented as:

$\text{Ciphertext} \xrightarrow{\text{Divide into blocks}} \text{Blocks} \xrightarrow{\
text{Statistical analysis}} \text{Patterns} \xrightarrow{\text{Educated guesses}} \
text{Key} \xrightarrow{\text{Decrypt}}
\text{Plaintext}$

The attacker breaks the encryption scheme by collecting ciphertext, analyzing

patterns, making educated guesses about the key, and decrypting the
ciphertext.

Problem-7
Compute the first two output bytes of the LFSR of degree 8 and degree 7 and the
feedback polynomial from Table 2.3 where the initialization vector has the value FF in
hexadecimal notation.

Ans-
To compute the first two output bytes of the LFSR of degree 8 with the feedback
polynomial x^8 + x^4 + x^3 + x + 1 and an initialization vector of FF in hexadecimal
notation, follow these steps:

1. Convert the initialization vector FF from hexadecimal to binary: 11111111.

2. Identify the feedback bits from the polynomial: positions 8, 4, 3, 1, and 0.

3. Compute the first output bit by XORing the feedback bits with the initialization
vector: 1 XOR 1 XOR 1 XOR 1 XOR 1 = 0.

4. Shift the initialization vector one bit to the right and insert the computed output bit
at the leftmost position: 01111111.

5. Repeat steps 3 and 4 to compute the second output bit: 0 XOR 1 XOR 1 XOR 1 XOR 1 =
0.
6. Shift the initialization vector one bit to the right and insert the computed output bit
at the leftmost position: 00111111.
The first two output bytes of the LFSR are 00 in binary notation.

Problem-8
Given is a stream cipher which uses a single LFSR as key stream generator. The LFSR has a
degree of 512.
a. How many plaintext/ciphertext bit pairs are needed to launch a successful attack?
b. Describe all steps of the attack in detail and develop the formulae that need to be
solved.
c. What is the key in this system? Why doesn’t it make sense to use the initial
contents of the LFSR as the key or as part of the key?

Ans-
a. To determine the number of plaintext/ciphertext bit pairs needed to launch a
successful attack, we need to find the period of the LFSR. The period is the number of
steps it takes for the LFSR to repeat its state. For an LFSR with a degree of 512, the
maximum period it can have is 2^512 - 1. However, we need to observe the key stream
output to determine the actual period. So, we would need to encrypt plaintexts and
observe the resulting ciphertexts until we observe a repeated key stream output. The
number of plaintext/ciphertext pairs needed to observe a repeated key stream output is
equal to the period of the LFSR.

b. Steps of the attack:

1. Collect 512 plaintext/ciphertext bit pairs (P_i, C_i), where 1 ≤ i ≤ 512.

2. For each pair, compute the key stream bit K_i = P_i ⊕ C_i.
3. Set up a system of 256 linear equations using the key stream bits K_i.
4. Solve the system of linear equations using methods such as Gaussian elimination
or Berlekamp- Massey algorithm to find the initial state of the LFSR.
5. With the initial state of the LFSR known, generate the key stream and decrypt any
future ciphertexts.

The formula that needs to be solved is:

K_i = K_(i-1) * c_1 ⊕ K_(i-2) * c_2 ⊕ ... ⊕ K_(i-256) * c_256, where 257 ≤ i ≤ 512 and c_j
represents the LFSR coefficients.
c. The key in this system is the initial state of the LFSR, which is a sequence of 256 bits. It
does not make sense to use the initial contents of the LFSR as the key or as part of the
key because the security of the system relies on the initial state being secret. If an
attacker knows the initial state, they can generate the same key stream and easily
decrypt the ciphertext. Furthermore, using the initial contents as the key would
essentially make the key fixed and would provide no additional security.
Problem-9
We conduct a known-plaintext attack on an LFSR-based stream cipher. We know that
the plaintext sent was: 1001 0010 0110 1101 1001 0010 0110 By tapping the channel,
we observe the following stream:
1011 1100 0011 0001 0010 1011 0001
a. What is the degree m of the key stream generator?
b. What is the initialization vector?
c. Determine the feedback coefficients of the LFSR.
d. Draw a circuit diagram and verify the output sequence of the LFSR.

Ans-
a. To determine the degree m of the key stream generator, we count the
number of bits in the key stream output.
In this case, the key stream output has 4 bits:
1011. Therefore, the degree of the key stream
generator is 4.

b. The initialization vector (IV) is the initial state of

the LFSR. In this case, the IV is not explicitly given
in the question.
We would need additional information to determine the IV.

c. To determine the feedback coefficients of the LFSR, we can use the

Berlekamp-Massey algorithm.
This algorithm allows us to find the shortest feedback polynomial that generates
the observed output.
However, the output sequence of the LFSR is not provided in the question,
so we cannot determine the feedback coefficients.

d. To draw a circuit diagram of the LFSR, we would need the feedback

coefficients and the number of stages in the LFSR.
Since we don't have this information, we cannot draw the circuit diagram or
verify the output sequence.
Programming
1. Write a program that can encrypt and decrypt using the general Caesar cipher,
also known as an additive cipher.
Ans-`
```in -python

def caesar_cipher(message, shift):

result = ""
for char in message:
if char.
isalpha(
):
if char.
isupper(
):
result += chr((ord(char) - 65 + shift) %
26 + 65) else:
result += chr((ord(char) - 97 + shift) %
26 + 97) else:
result +=
char return
result

```

We can use this program by calling the function with a message and
a shift value. For example:

encrypted_message = caesar_cipher("Hello,
World!", 3) print(encrypted_message) # Output:
Khoor, Zruog! decrypted_message =
caesar_cipher(encrypted_message, -3)
print(decrypted_message) # Output: Hello, World!

2. Write a program that can perform a letter frequency attack on an additive cipher
without human intervention. Your software should produce possible plaintexts in
rough order of likelihood.

Ans-
Follow the steps below to solve the problem:

Initialize a string say T as “ETAOINSHRDLCUMWFGYPBVKJXQZ”.
 
Find the frequency of each character of the string S, and store it in a variable, say freq[].

Iterate over the range [0, 5] using the variable i and perform the following steps:
th

Find the i most occurring element in the string S and store it in a variable, say ch.
th
Find the
 difference between the ch and i character of the string T and store it in a variable, say x.

Iterate over the characters of string S, and shift all characters by x and then push the obtained string into an
array plaintext[].

Finally, after the above steps, print the strings obtained in the array plaintext[].
Code-
# Python3 program for the above approach

# Function to decrypt a

monoalphabetic # substitution

cipher using the letter

# frequency

attack def

printString(S, N):

# Stores final 5 possible

deciphered # plaintext

plaintext = [None] * 5

# Store the frequency of each

letter in # cipher text

freq = [0] * 26

# Stores the frequency of

each letter # in cipher text in

descending order freqSorted

= [None] * 26

# Store which alphabet is

used already used = [0] * 26

# Traverse the

string S for i in

range(N):
if S[i] != ' ':

freq[ord(S[i]) - 65] += 1

# Copy the frequency

array for i in

range(26):

freqSorted[i] = freq[i]
# Stores the string formed from

# concatenating the english

letters # in the decreasing

frequency in the # english

language
T = "ETAOINSHRDLCUMWFGYPBVKJXQZ"

# Sort the array in descending

order freqSorted.sort(reverse

= True)

# Iterate over the range

[0, 5] for i in range(5):

ch = -1

# Iterate over the range

[0, 26] for j in

range(26):

if freqSorted[i] == freq[j] and used[j] == 0:

used[j]

= 1 ch =

j break

if ch == -1:

break

# Store the numerical equivalent

of letter # at ith index of array

letter_frequency

x = ord(T[i]) - 65

# Calculate the probable

shift used # in

monoalphabetic cipher
x = x - ch

# Temporary string to

generate one # plaintext at

a time

curr = ""

# Generate the probable ith plaintext

# string using the shift

calculated above for k in

range(N):

# Insert whitespaces

as it is if S[k] == ' ':

curr += " "

 continue

# Shift the kth letter

of the # cipher by x

y = ord(S[k])

- 65 y += x

if y < 0:

y += 26

if y > 25:

y -= 26
 # Add the kth

calculated/shifted #

letter to temporary string

curr += chr(y + 65)

plaintext[i] = curr

# Print the generated 5 possible

plaintexts for i in range(5):

print(plaintext[i])

# Driver code

# Given string

S = "B TJNQMF NFTTBHF"

N = len(S)

# Function

Call

printString(S

, N)

# This code is contributed by Parth Manchanda