cryptography
DESCRIPTION
Coursera1.35 CryptographyTRANSCRIPT
Cryptography
CryptographyBreaking the Vigenre cipher
Breaking the Vigenre cipherNeeded for programming assignment 1
The Vigenre cipherThe key is a string of lettersTo encrypt, shift each character in the plaintext by the amount dictated by the next character of the keyWrap around in the key as neededDecryption just reverses the process
tellhimaboutmecafecafecafecaveqpjiredozxoe
Variant Vigenre cipherEasier to work with ASCII plaintext and hex ciphertextEasier to implementEasier to use (plaintext not limited to lowercase characters)
Easier to work with byte-wise XOR rather than modular addition
Variant Vigenre cipherThe key is a string of bytesThe plaintext is a string of ASCII charactersTo encrypt, XOR each character in the plaintext with the next character of the keyWrap around in the key as neededDecryption just reverses the process
ExampleSay plaintext is Hello! and key is 0xA1 2FHello! = 0x48 65 6C 6C 6F 21XOR with 0xA1 2F A1 2F A1 2F0x48 0xA1 0100 1000 1010 0001 = 1110 1001 = 0xE9
Ciphertext: 0xE9 4A CD 43 CE 0E
Attacking the (variant) Vigenre cipher Two steps:Determine the key lengthDetermine each byte of the key
Known plaintext letter frequencies
Determining the key lengthLet pi (for 0 i 255) be the frequency of byte i in plaintext (assuming English text)I.e., pi =0 for i127I.e., p97 = frequency of aThe distribution is far from uniformIf the key length is N, then every Nth character of the plaintext is encrypted using the same shiftIf we take every Nth character and calculate frequencies, we should get the pis in permuted orderIf we take every Mth character (M not a multiple of N) and calculate frequencies, we should get something close to uniform
Determining the key lengthHow to distinguish these two?For some candidate distribution q0, , q255, compute qi2 If close to uniform, qi2 256 (1/256)2 = 1/256If a permutation of pi, then qi2 pi2 Could compute pi2 (but somewhat difficult)Key point: will be much larger than 1/256 Try all possibilities for the key length, compute qi2, and look for maximum value
Determining the ith byte of the key Assume the key length N is knownLook at every Nth character of the ciphertext, starting with the ith characterCall this the ith ciphertext streamNote that all bytes in this stream were generated by XORing plaintext with the same byte of the keyTry decrypting the stream using every possible byte value BGet a candidate plaintext stream for each value
Determining the ith byte of the keyWhen the guess B is correct:All bytes in the plaintext stream will be between 32 and 127Frequencies of lowercase letters (as a fraction of all lowercase letters) should be close to known English-letter frequenciesTabulate qa, , qzShould find qi pi pi2 0.065In practice, take B that maximizes qi pi, subject to caveat above (and possibly others)
Attack time?Say the key length is between 1 and LDetermining the key length: 256 LDetermining all bytes of the key: 2562 L
Brute-force key search: 256L
The attack in practiceAttacks get more reliable as the ciphertext length grows larger
Attacks still work for short(er) ciphertexts, but more tweaking and manual involvement is neededYou should expect to have to do this for the HW!
Programming assignmentUse discussion boards for help
Good luck!