CORE 139 S04: Lab 2

FSem 132

Methods and Issues in Cryptology

Fall 2005

Lab 1 Solutions

Part I: Monoalphabetic or Polyalphabetic?

In this part, you will use the index of coincidence to determine if ciphertexts are monoalphabetic or polyalphabetic.

Use the Index of Coincidence tool to compute the index of coincidence for ciphers #1 and #2. Record the actual index of coincidence and whether the ciphers are monoalphabetic or polyalphabetic below:

index of coincidence monoalphabetic or polyalphabetic?

cipher #1 .0376 polyalphabetic

cipher #2 .0639 monoalphabetic

	index of coincidence	monoalphabetic or polyalphabetic?
cipher #1	.0376	polyalphabetic
cipher #2	.0639	monoalphabetic

Part II: Breaking Vigenère Ciphers

In this part, you will break a Vigenère-encrypted text using the index of coincidence, the Kasiski test, and frequency counts to find the keyword and thus the plaintext.

Use the Index of Coincidence tool to compute the index of coincidence for cipher #3. Record the actual index of coincidence and whether the cipher is monoalphabetic or polyalphabetic below:

index of coincidence monoalphabetic or polyalphabetic?

cipher #3 .0409 polyalphabetic

(What should the answer be?)

	index of coincidence	monoalphabetic or polyalphabetic?
cipher #3	.0409	polyalphabetic

Knowing the length of the key is very valuable for breaking a Vigenère cipher. Use the Kasiski Analysis tool to apply the Kasiski test to find the keyword length.

keyword length GLC: 2 4 7 8 14 28 56
TIF: 61
ESE: 2 3 6 7 14 21 42
The mostly likely prospects are 7 or 14 - 2 is too short to be a likely keyword

Use the Splitter tool to separate out the columns once you have determined the length of the keyword. This tool will arrange the text in two ways: as a matrix, with the columns aligned vertically, and as a list of columns, with each column's text arranged in a row. The second form is the most convenient for cutting and pasting.

keyword length	GLC: 2 4 7 8 14 28 56 TIF: 61 ESE: 2 3 6 7 14 21 42 The mostly likely prospects are 7 or 14 - 2 is too short to be a likely keyword

Use the Index of Coincidence tool to find the index of coincidence for each column of ciphertext to verify that the correct length was found for the keyword. (Note: it is easier to paste the entire ciphertext into the "ciphertext" box and use "test period" than it is to compute the index of coincidence for each column separately. Enter your guess for the length of the keyword in the "period" box.) Record the actual value for each column below. (There are more spaces in the table than you'll need.) Are the values appropriate for monoalphabetic ciphers? Explain any anomalies you find. You might also want to try a couple of incorrect periods to see what it looks like when the keyword length is wrong.

column number index of coincidence column number index of coincidence

0 0.0762 0 0.0621

1 0.0667 1 0.0437

2 0.0286 2 0.0460

3 0.0571 3 0.0369

4 0.0190 4 0.0419

5 0.0952 5 0.0616

6 0.1048 6 0.0094

7 0.0952

8 0.0571

9 0.0761

10 0.0220

11 0.0330

12 0.0440

13 0.0769

appropriate values?
also explanation (as needed) The first column shows the values for a keyword of length 14; the second for a keyword of length 7.
Length 14 is most likely the right answer - 9 of 14 columns have values closer to the monoalphabetic value of 0.0667 than the polyalphabetic value, rather than 3 of 7 for the length 7 keyword.
Not all of the values are closer to monoalphabetic even for length 14, but that's only to be expected - we're looking at statistical properties and there are relatively few characters in each column, so some variation is expected.

column number	index of coincidence	column number	index of coincidence
0	0.0762	0	0.0621
1	0.0667	1	0.0437
2	0.0286	2	0.0460
3	0.0571	3	0.0369
4	0.0190	4	0.0419
5	0.0952	5	0.0616
6	0.1048	6	0.0094
7	0.0952
8	0.0571
9	0.0761
10	0.0220
11	0.0330
12	0.0440
13	0.0769
appropriate values? also explanation (as needed)	The first column shows the values for a keyword of length 14; the second for a keyword of length 7. Length 14 is most likely the right answer - 9 of 14 columns have values closer to the monoalphabetic value of 0.0667 than the polyalphabetic value, rather than 3 of 7 for the length 7 keyword. Not all of the values are closer to monoalphabetic even for length 14, but that's only to be expected - we're looking at statistical properties and there are relatively few characters in each column, so some variation is expected.

Use the Additive Cracker tool to analyze each column of text to determine the keyword and thus the plaintext. Record both.

keyword POLYALPHABETIC

plaintext the polyalphabetic nature of the vigenere cipher is what gives it its strength but also what makes it much more complicated to use
the additional effort required in order to implement the vigenere cipher discouraged many people from employing it

keyword	POLYALPHABETIC
plaintext	the polyalphabetic nature of the vigenere cipher is what gives it its strength but also what makes it much more complicated to use the additional effort required in order to implement the vigenere cipher discouraged many people from employing it

Part III: Rotation Ciphers

In The Pleasures of Counting, Körner describes a rotation cipher called R^k. Let i_r be the integer equivalent of the rth letter of the plaintext, where a=0, b=1, c=2, etc. The ciphertext letter is then the letter associated with the integer i_r+k(r-1) mod 26.

For example, ROTATION is encoded as RPVDXNUU with k=1, RQXGBSAB with k=2, and RRZJFXGI with k=3. Make sure you understand how this works before continuing on.

k is the key. How many different keys are there which produce useful, non-trivial ciphers? (A trivial cipher is one in which the ciphertext is the same as the plaintext; a non-useful cipher is one in which several different plaintext letters are enciphered to the same ciphertext letter.) Explain.

answer There are at most 25 non-trivial keys, since R²⁶ is the original plaintext, R²⁷ = R¹, etc.
Of those keys, only 12 are really interesting, because k=13 will only shift every other plaintext letter by 13 and even keys cause the cipher alphabet to repeat every 13 letters instead of every 26. For example, consider k=2. In position 1, letters are shifted by 0 mod 26. In position 2, letters are shifted by 2 mod 26. In position 3, letters are shifted by 4 mod 26. In position 14, letters are shifted by 2(14-1) = 26 mod 26 = 0. In position 15, letters are shifted by 28 mod 26 = 2.

answer	There are at most 25 non-trivial keys, since R²⁶ is the original plaintext, R²⁷ = R¹, etc. Of those keys, only 12 are really interesting, because k=13 will only shift every other plaintext letter by 13 and even keys cause the cipher alphabet to repeat every 13 letters instead of every 26. For example, consider k=2. In position 1, letters are shifted by 0 mod 26. In position 2, letters are shifted by 2 mod 26. In position 3, letters are shifted by 4 mod 26. In position 14, letters are shifted by 2(14-1) = 26 mod 26 = 0. In position 15, letters are shifted by 28 mod 26 = 2.

Applying a rotation of k₁ followed by a rotation of k₂, written k₂k₁, is equivalent to applying a single rotation of k₁+k₂. Explain why this is true.

answer Consider the rth letter of the plaintext, whose integer equivalent is i_r. First apply a rotation of k₁ - the new letter is i'_r = i_r+k₁(r-1). Now apply a rotation k₂ to i'_r: i''_r = i'_r+k₂(r-1). Substituting i_r+k₁(r-1) for i'_r yields i''_r = i_r+k₁(r-1)+k₂(r-1); rearranging yields i_r+(k₁+k₂)(r-1), which is exactly the formula that would be applied if the key k₁+k₂ was used.

answer	Consider the rth letter of the plaintext, whose integer equivalent is i_r. First apply a rotation of k₁ - the new letter is i'_r = i_r+k₁(r-1). Now apply a rotation k₂ to i'_r: i''_r = i'_r+k₂(r-1). Substituting i_r+k₁(r-1) for i'_r yields i''_r = i_r+k₁(r-1)+k₂(r-1); rearranging yields i_r+(k₁+k₂)(r-1), which is exactly the formula that would be applied if the key k₁+k₂ was used.

For each of the following values of k, state the inverse key k' (where applying R^k' to a ciphertext generated by R^k results in the original plaintext). How did you arrive at your answers?

k 1 k 3 k 5

k' 25 k' 23 k' 21

method The key observations: R²⁶ is the original plaintext, and that k₂k₁ is equivalent to a single rotation by k₁+k₂. Thus, if the ciphertext is encoded by R^k, all we need to recover the plaintext is to apply a second rotation k' so that k+k'=26. Solving for k' yields k'=26-k.

k	1	k	3	k	5
k'	25	k'	23	k'	21
method	The key observations: R²⁶ is the original plaintext, and that k₂k₁ is equivalent to a single rotation by k₁+k₂. Thus, if the ciphertext is encoded by R^k, all we need to recover the plaintext is to apply a second rotation k' so that k+k'=26. Solving for k' yields k'=26-k.

Is a rotation cipher very secure? Explain. If you say no, include an explanation of how you would break the cipher.

answer No, it is not secure - simply rotate by 1, 2, 3, 4, etc up to 25. The result of one of the rotations will be the correct plaintext, which will presumably be recognizable as text that makes sense. (Note: at most 25 keys will need testing; if "trivial" keys like 2, 4, 6, 13, etc are not used then only 12 inverse keys will need to be tested.)

answer	No, it is not secure - simply rotate by 1, 2, 3, 4, etc up to 25. The result of one of the rotations will be the correct plaintext, which will presumably be recognizable as text that makes sense. (Note: at most 25 keys will need testing; if "trivial" keys like 2, 4, 6, 13, etc are not used then only 12 inverse keys will need to be tested.)

Part IV: Körner Passage 1

Combining several weak ciphers can lead to a stronger cipher.

Cipher #10 ("Passage 1" on page 325 of Körner) has been enciphered using a cipher of the form R^kS - first a monoalphabetic substitution cipher (which is easily broken) was applied, and then the rotation cipher R^k (also easily broken) was applied to the result of the substitution to get the final ciphertext.

The key for R^kS is the cipher alphabet used for the substitution cipher plus the value of k. How many keys are there? (Include trivial keys but do not include keys which cause multiple plaintext letters to be represented by the same ciphertext letter.) Explain.

answer 12*26!
There are 12 rotation keys and 26! substitution ciphers, which are combined by multiplication because any rotation key can be paired with any of the substitution cipher alphabets.

answer	12*26! There are 12 rotation keys and 26! substitution ciphers, which are combined by multiplication because any rotation key can be paired with any of the substitution cipher alphabets.

Use the Index of Coincidence tool to compute the index of coincidence for cipher #10. Record the actual index of coincidence and whether the cipher is monoalphabetic or polyalphabetic below:

index of coincidence monoalphabetic or polyalphabetic?

cipher #10 .0369 polyalphabetic
(as expected, since the rotation cipher is polyalphabetic because each position of the plaintext is enciphered with a different alphabet)

	index of coincidence	monoalphabetic or polyalphabetic?
cipher #10	.0369	polyalphabetic (as expected, since the rotation cipher is polyalphabetic because each position of the plaintext is enciphered with a different alphabet)

(What would you expect the answer to be?)

To break this cipher, note that if the inverse key k' was known, then R^k' could be applied to the ciphertext to undo R^k - and the result would be just the plaintext encrypted by S. So that you don't have to try every possibility, assume that k is either 3, 5, 21, or 23. What is the correct value for k'? How do you know?

number of rotations 23

method Try all possible values for k' - in this case, 23, 21, 5, 3 - and compute the index of coincidence for the rotated ciphertext. If the value for k' is correct, then the result should be the plaintext enciphered with only a substitution cipher (monoalphabetic). If k' is wrong, then the result will still be some rotation plus the substitution, which is polyalphabetic. k'=23 has an index of coincidence of .0796 while the others are in .03 range.

number of rotations	23
method	Try all possible values for k' - in this case, 23, 21, 5, 3 - and compute the index of coincidence for the rotated ciphertext. If the value for k' is correct, then the result should be the plaintext enciphered with only a substitution cipher (monoalphabetic). If k' is wrong, then the result will still be some rotation plus the substitution, which is polyalphabetic. k'=23 has an index of coincidence of .0796 while the others are in .03 range.

Use frequency analysis and the Substitution Cipher tool to crack the unrotated ciphertext. Write down the cipher alphabet you discover. What is the message? (Hint: a particular letter is used instead of a space to indicate a word break.)

plaintext Replacing the Xs with spaces: the story current at the time that six of our code books were missing and that a seventh neatly wrapped firmly tied and accompanied by a courteous note had been returned to one or another of our embassies by the japanese

plaintext	Replacing the Xs with spaces: the story current at the time that six of our code books were missing and that a seventh neatly wrapped firmly tied and accompanied by a courteous note had been returned to one or another of our embassies by the japanese

This cipher is not especially strong, though it is better than the individual techniques (especially if you do not know the encryption algorithm); see Körner's "Passage 2" for another combination of rotation and substitution which is stronger than "Passage 1".

Part V: Breaking Vigenère Ciphers, Take Two

In this part, you'll attempt to break a harder instance of a Vigenère-encrypted text.

Use the Index of Coincidence tool to compute the index of coincidence for cipher #4. Record the actual index of coincidence and whether the cipher is monoalphabetic or polyalphabetic below:

index of coincidence monoalphabetic or polyalphabetic?

cipher #4 .0397 polyalphabetic

(What should the answer be?)

	index of coincidence	monoalphabetic or polyalphabetic?
cipher #4	.0397	polyalphabetic

Knowing the length of the key is very valuable for breaking a Vigenère cipher. Use the Kasiski Analysis tool to apply the Kasiski test to find the keyword length. What do you get? Are any of these values likely to be the correct keyword length? Explain.

keyword length message length

explanation The only repeated string is UKY with an interval of 181. This is pretty long, which suggests that the keyword is as long as the message (or at least isn't short).

Decryption of messages with a long key is easier if multiple messages can be found which share a key. Use the Polyalphabetic Alignment tool to determine which of ciphers #5-#9 are encrypted with the same key as #4 and what the offset is.

same key as #4? offset
(if same key)

cipher #5 yes 0

cipher #6 no

cipher #7 yes 0

cipher #8 yes 23

cipher #9 no

keyword length	message length
explanation	The only repeated string is UKY with an interval of 181. This is pretty long, which suggests that the keyword is as long as the message (or at least isn't short).

	same key as #4?	offset (if same key)
cipher #5	yes	0
cipher #6	no
cipher #7	yes	0
cipher #8	yes	23
cipher #9	no

There aren't enough messages to apply frequency analysis to the collection of letters for each keyword letter, so try to decipher cipher #4 by guessing sections of the plaintext. You can use the other ciphers with the same key to help with this process, since the guessed plaintext for all of the messages must result in the same keyword. Use the Vigenère Cracker #2 tool - it may be useful to have several copies of it open simultaneously, one for each of the relevant ciphers.

plaintext for #4 the cost of sending a letter used to depend on the distance the letter had to travel but babbage pointed out that the cost of the labor required to calculate the price for each letter was more than the cost of the postage
instead he proposed the system we still use today a single price for all letters regardless of where in the country the addressee lives
the key: the most intriguing figure in nineteenth century cryptanalysis is charles babbage the eccentric british genius best known for developing the blueprint for the modern computer
he was born in seventeen ninety one the son of benjamin babbage a wealthy london banker
when charles married without his fathers permission he no longer has access to the
(There's actually no way to tell which is the key and which is the plaintext, other than the clue that one ends abruptly.)

plaintext for #4	the cost of sending a letter used to depend on the distance the letter had to travel but babbage pointed out that the cost of the labor required to calculate the price for each letter was more than the cost of the postage instead he proposed the system we still use today a single price for all letters regardless of where in the country the addressee lives the key: the most intriguing figure in nineteenth century cryptanalysis is charles babbage the eccentric british genius best known for developing the blueprint for the modern computer he was born in seventeen ninety one the son of benjamin babbage a wealthy london banker when charles married without his fathers permission he no longer has access to the (There's actually no way to tell which is the key and which is the plaintext, other than the clue that one ends abruptly.)

This is a tricky problem. If you can't completely solve the cipher, write down as much as you got with an explanation of what you attempted and where you got stuck.

Ciphers

#1:

TFCMM TVSBL VLWWE ENEKU QPRXZ GCUKY BADTV SSWPQ CDPQF ZPRZT HPCNM
FIMPX PDVKP LTKTB VYJSG UKYOM OGAUF YQBEC IZOGJ NZQJM QFTPQ ZBBZR
GDJPA XJOUZ VGVZW CKTBA R

#2:

XGSZD CUWTI TCATT CAFLT CAESU KESKG WTWAF TZGCG DVKFD HTAJL WEHWA
JAEAJ GCLJK FTSMD WKTSX TLAVU DPTOE DATJX UGEMD CATPA GTCWE STAFD
AUGES WTSID CAMDW ECDHV TAGST DPUGE SKSJI DATLG SSTWK GCPTC LTGSJ
XUGEM DCATP AGKSG ATLAU GESPJ DSUXS GZAFT KSUJC BTUTW GXUGE SWKGE
WTAFT CAFTG VPXDW FJGCT PAUKT GXLJK FTSMD WJPTD VZGCG DVKFD HTAJL
WEHWA JAEAJ GCWMD WOEJL RTDWU AGEWT DCPWT LESTD BDJCW AKTGK VTECW
LFGGV TPJCL SUKAD CDVUW JW

#3:

IVPNO WNHLQ LTJGI WNLAE JYEPJ MPGKW RCNPG LCJTA MTXGH FAEVP VFWBB
KIGDR RPCNT IFNBC AGZUH LITAL ILQVB INFMZ GLCPQ ITKRO ECDED BSFXA
MCSRT RIZCH LFJYW TIFPO UTGLD JRHZF TFEMI XESEN IGBVW SGGGP CLRFG
BXJTF OGSND BRBKX LOPBJ NEZES EGVHU GBDWM YTCNI U

#4:

MOIOC KMWSL VVJCV TGQMZ NVVCF RLGSW ITRGK QRGAY UGUKY CVEGH PJWBL
MJJHD KZXJB VFMBA XUHFF CIICH ZVVFU WNBLO GXGPY UPWLH PGVAY FPFUV
ZUFWG MQZHJ EMNOP PKMGA JDIBJ IRCUI RPJZQ INXVN HWIOJ FHYNV GZIXS
FMSJG UMCSL ROTIB UWLSN RMFTE XPAAR ETIFS EWTAQ WPLAG WZHVS GPDNI
EJEUK YGWRZ NIXAR RCTPH PBXYG LXNIJ ILXZW FXLLV DMAFB VRJSH BEFLZ
LVHDV RGUWW WEWOL W

#5:

APWUB NXVGB FVYCV PRZLK NYIAC RMQSF IXRKH PHGAY TMYTY IVHRR LBWDA
KWVOA KNSMM DCFFO BXKXS VJISK FVVPW AMMST RSPWG GUMNX CGCYY JOIFE
OXWSU ZBSKH MMHUC IIIPD XWEML VYGRJ JPKSZ ICYMT IVAAC UVIBC TZWCI
JTWXU RNVVL RHBVX HPANR HMBXG QEIQQ UHPGA ZVEAV IYZKC ASAGS QPNGR
EKULE EUDER ELWDA EUPIG ALNJS XMOIL NTPHW GGHWZ NTWLW RRAIE ATBRV
EJACD IOCXW KUMLA YEYJO GGRHW VGNGV FYL

#6:

BCFOT AVFLD UITRG VQAZX YIUHY UARQN IOIJW CHNYA FPJRQ NXTNI NVCSM
ICPKY VVRZG KNNLV QHHEV VKQMJ LEIOU HZABD FWPGW GCZQH LGCGD KVNAC
AWSYW SWUZR VYCQB GTECZ GGKNU WMPPX ZSNFM CYMYQ SSUHP MDUJM FHAWB
VTMIF DSIXA MWHUA WQIGM YMLYR BVRVC PGHUV VRCOW SZOMK CPIIR XMWGJ
BJSCM IFOHU EGTET NMEJW TIOIF WAHZF GTWVM QKAIO THHVP TNVVS LSEXU
ZQECM OIOMN LLZGK FDNGU TSCXI MDBYC CBUXH VISGY UGEUG ARNMF XUMFX
IGEGB HXQ

#7:

IYSBC KXBBT EMTAT VYMUG HRRGC EQAGB TPRHY CRLBH JRTLK TGTUO HCNMJ
IVOPR RMPWB NEZOA ABSPS DUIEO VBJBK BAMOO UPRMZ XPVLH PGVAR SUCLW
CQTBS QFJBY IDEYH IFNVG IOUBM JUQXP KLCRQ UYVXF YEJIE QCJFQ OAPDX
LBRMG VNLSN QDRED ASZWZ CKBQN LHUVR GOSQE KPIJK AAHAY ECUHK VMLCB
SEKBR PGPTZ XTGES ZSTIL BGHBD YXSIH TTTAS NAILZ FJWXW FROMF SJSFN
INPLD DGEPS JXWMB WFLFT SHIHO LLYVX XCESR GMAWT JEDTV BYGWB ZR

#8:

JNOJN KXLEQ ULESZ XCERG ICHME QIYAA XZMJU HTRGI JZYPV NMEZL MRNCX
RKCQH FYMKM UHRPR LBGXL ALMUW HQMCF GLJFM MDKPG LPSOL FPNXW GANAZ
GASFF RYSYG HTTVB KXLVX OQTAR QMPAT CIELF YGVNV KHRVB PWVJS TRKBP
VQBIG AHBLM ZFUYN ZSUEM OCVSL WVRDO ACIHQ LRPGV FKSMK UNXVV YLPGP
HGIVJ IKNOG HPCQE EZZNM DBVRV AASCG BLXYL DWTGE XWVVW IOISS TPMKX
NAVLN UVBMA LHEXB SZBGK XUSZG BXHYE WBBUL JQEOJ PATFA GVMVS

#9:

DRBDK ORNAG JJHWO YTGVM GLWKM VIXKV IVGCA MUIIK RQFSY EILOJ NSLCX
XYPKW CWXRR CLJDX LZGAL SAPNI YBUCC NVFDS YBPAW ZQQUC ZFJJD KVDUL
RMVXJ ZCHSX XZXQC XILRT SGFMM RRQIA WLRTF NBKHQ VVXYH SHQWY UXWJO
CBKBQ AFLWL RHVIA WCNAX MVOUS XUGAC SLLUF IGVIF XULKS CFKXU YKHKI
OFSUV LWBHR RDDSR HIFJN LGKEK EYPJL OSWVY WRHQC MXHTP DDXYW QVMZX
JQIFW PJGMP WHP

#10:

IBUAC XPYRS RDNQE IEQGN ZTMFL FGDUA UNWDP RKYBK PKTVF WVIGF LHXAL
ZDBGY MSENA DWIXQ GUACW PYFRH XZAWG KGZVW YRYCP QOIMF IFMOZ JJJVI
JDEPW YOCIK AMPCI FSGAL SUQCD TJIVX HPYKM JNOZN WCMVM OKRUY DSGDU
ETVCE YQNWR TZIRI YMXLE XPGPU PYAKB BQDAP SLWBF BNOIB UAXTM ZNPUV

sbridgeman@mail.colgate.edu

last updated: --Mon Feb 9 16:08:37 Eastern Standard Time 2004--