Traditional Symmetric-key

Ciphers
Courtesy:
Behrouz A Forouzan, Debdeep Mukhopadhyay
and William Stallings

Dr. Balu L. Parne

CoED, SVNIT, Surat.
 Polyalphabetic Ciphers

• In polyalphabetic substitution, each occurrence of a character

may have a different substitute.
• The relationship between a character in the plaintext to a
character in the ciphertext is one-to-many.
• To create a polyalphabetic cipher, we need to make each
ciphertext character dependent on both the corresponding
plaintext character and the it’s position in the message.
• Our key should be a stream of subkeys, in which each subkey depends
somehow on the position of the plaintext character that uses that
subkey for enchipherment.
• A key is in the form k=(k1,k2,k3,….) in which ki is used to encipher the
ith character in plaintext to create ith character in ciphertext.
 Autokey Cipher
• The key is a stream of subkeys, in which each subkey is used
to encrypt the corresponding character in the plaintext.
• The first subkey is a predetermined value secretly agreed upon
by sender and receiver.
• The second subkey is the value of the first plaintext character.
• The third subkey is the value of the second plaintext and so
on. – implies that subkeys are automatically created from the
plaintext during encryption process.
 Cryptanalysis
➢ The autokey cipher hides the single-letter frequency statistics of the plaintext.
➢ However it is still vulnerable to the brute-force attack. – The first subkey can be only one of
the 25 values.
➢ So we need to have not only hiding the characteristics of the language and also require large
key domains
 Playfair Cipher
• The secret key in this cipher is made of 25 alphabet letters
arranged in a 5*5 matrix (letters I and J are considered the
same when encrypting).
• Different arrangements of the letters in the matrix can create
many different secret keys.
 Encryption rules

Cryptanalysis

➢ Brute-force attack is very difficult because the

size of key domain is 25!
➢ It also hides single letter frequency of the
characters.
➢ However the frequency of digrams are
preserved to some extent because of filler
insertions – So cryptanalyst can use a
ciphertext-only attack based on the digram
frequency test to find the key
 Vigenere Cipher
• It uses a different strategy to create the key stream.
• The key stream is a repetition of an initial secret key stream
of length ‘m’, 1<=m<=26.
• The cipher can be described as follows where (k1,k2,…,km) is
the initial secret key agreed to by sender and receiver.
• It does not depend on the plaintext characters; it depends
only on the position of the characters in the plaintext. – The
key stream can be created without knowing what the plaintext
is.
Vigenere cipher can be seen as combinations of m additive ciphers and also that
the additive cipher is a special case of Vigenere cipher in which m=1.

Figure A Vigenere cipher as a combination of m additive ciphers

Vigenere Tableau

❑ The first row shows the plaintext character to be

encrypted
❑ The first column contains the characters to be
used by the key
❑ The rest of the tableau shows the ciphertext
characters.
 Hill Cipher
❑ The plaintext is divided into equal-size blocks.
❑ The blocks are encrypted one at a time in such a way that

each character in the block contributes to the encryption of

other characters in the block. – Category of Block Cipher.
❑ In a Hill cipher, the key is a square matrix of size m*m in which

m is the size of the block.

❑ Let us show how one block of plaintext is encrypted:
• The above equations shows that each ciphertext character is
depends on all plaintext letters in the block.
• NOTE: We should be aware of that not all square matrices
have multiplicative inverses in Z26.
 Cryptanalysis
▪ Ciphertext-only cryptanalysis of Hill
cipher is difficult.
▪ Brute-force attack on a Hill cipher is
difficult because
▪ the key is an m*m matrix.
▪ entry in the matrix can have one of
the 26 values.
▪ means that the size of the key
domain is 26m*m.
▪ Not all the matrices have inverse, so
key domain is smaller – but is huge.
▪ Do not preserve the statistics of the
plaintext.
▪ Adversary can’t run frequency
analysis.
▪ Known plaintext attack – if knows the value of m and knows ▪ A frequency analysis of words of size
the plaintext/ciphertext pairs for at least ‘m’ distinct ‘m’ might work – rare – a plaintext
blocks has less strings of size ‘m’ that are
▪ Can create two m*m matrices, P and C, in which the the same.
corresponding rows represent the corresponding plaintext/
ciphertext pairs.
 One-Time Pad
• One of the goals of cryptography is perfect secrecy.
• A study by Shannon has shown that perfect secrecy can be
achieved if each plaintext symbol is encrypted with a key
randomly chosen from a key domain. This idea is used in a
cipher called one-time pad, invented by Vernam.
• The key has the same length as the plaintext and is chosen
completely in random.
• It is a perfect cipher, but it is almost impossible to implement
commercially
• If the key must be newly generated each time, how can Alice tell Bob
the new key each time she has a message to send?
• His system works on binary data rather than letters. The
system can be expressed succinctly as follows:
• An Army Signal Corp officer, Joseph Mauborgne suggested (improvement
to the Vernam Cipher) using a random key that is as long as the message,
so that the key need not be repeated.
• In addition, the key is to be used to encrypt and decrypt a single
message, and then is discarded.
• Each new message requires a new key of the same length as the new
message. Such a scheme, known as a one-time pad, is unbreakable.
• It produces random output that bears no statistical relationship to the
plaintext. Because the ciphertext contains no information whatsoever
about the plaintext, there is simply no way to break the code.
 Rotor Cipher
• It uses the idea behind monoalphabetic
substitution but changes the mapping It uses only 6 letters, but the actual rotors use
between the plaintext and the ciphertext 26 letters
characters for each plaintext character.
• The initial setting of the rotor is the secret
key between Alice and Bob.
• The first plaintext character is encrypted
using the initial setting; the second
character is encrypted after the first
rotation, and so on.
• A three-letter word such as “bee” is
encrypted as “BAA” if the rotor is Cryptanalysis
stationary, but it will be encrypted as • Resistant to Brute-force attack because it
“BCA” if it is rotating. – Polyalphabetic needs to find first set of mapping among 26!
cipher. possible ones.
• It does not preserve letter frequency.
Enigma Machine
• Main Components:
• Keyboard
• Lampboard
• Plug board – 26 plugs – connected by 13
wires – changed everyday to provide
different scrambling.
• Three wired rotors are selected from
five rotors - makes 1/26 turn for each
character – fast rotor – 1/26 turn for
complete turn of fast rotor – medium
rotor – 1/26 turn for complete turn of
medium rotor – slow rotor.
• A Reflector – stationary & Prewired.
• Code Book:
• 3 of 5 rotors are chosen
• Order of the rotors to be installed
• Setting for plugboard
• A three-letter code of the day
• Encryption:
1. Set the starting position of the rotors to the code of the day.
Ex: the code is “HUA” – So rotors are initialized to ‘H’,’U’,’A’, respectively.
2. Choose a random three letter code “ACF”, encrypt the text “ACFACF” with
initial setting and assume that it yields “OPNABT”
3. Set the starting position of the rotors to “OPN”
4. Append the encrypted six letters obtained from step 2(OPNABT) to the
beginning of the message.
5. Encrypt the message including the 6-letter code. Send the encrypted
message.
• Decryption:
1. Receive the message and separate the first six letters.
2. Set the starting position of the rotors to the code of the day.
3. Decrypt the first six letters using the initial setting in step 2.
4. Set the position of the rotors to the first half of the decrypted code.
5. Decrypt the message without first six letters.
 Transposition Ciphers
• A transposition cipher does not substitute one symbol for
another, instead it changes the location of the symbols.

Keyless Transposition Ciphers Keyed Transposition Ciphers Combining Two Approaches

Keyless Transposition Ciphers

❑ Simple transposition ciphers, which were used in the past, are keyless.
❑ First Method: Text is written into a table column by column and then transmitted row by row.
❑ Second Method: Text is written into a table row by row and then transmitted column by
column.