Cryptography

CryptographyBreaking the Vigenre cipher

Breaking the Vigenre cipherNeeded for programming assignment 1

The Vigenre cipherThe key is a string of lettersTo encrypt, shift each character in the plaintext by the amount dictated by the next character of the keyWrap around in the key as neededDecryption just reverses the process

tellhimaboutmecafecafecafecaveqpjiredozxoe

Variant Vigenre cipherEasier to work with ASCII plaintext and hex ciphertextEasier to implementEasier to use (plaintext not limited to lowercase characters)

Easier to work with byte-wise XOR rather than modular addition

Variant Vigenre cipherThe key is a string of bytesThe plaintext is a string of ASCII charactersTo encrypt, XOR each character in the plaintext with the next character of the keyWrap around in the key as neededDecryption just reverses the process

ExampleSay plaintext is Hello! and key is 0xA1 2FHello! = 0x48 65 6C 6C 6F 21XOR with 0xA1 2F A1 2F A1 2F0x48 0xA1 0100 1000 1010 0001 = 1110 1001 = 0xE9

Ciphertext: 0xE9 4A CD 43 CE 0E

Attacking the (variant) Vigenre cipher Two steps:Determine the key lengthDetermine each byte of the key

Known plaintext letter frequencies

Determining the key lengthLet pi (for 0 i 255) be the frequency of byte i in plaintext (assuming English text)I.e., pi =0 for i127I.e., p97 = frequency of aThe distribution is far from uniformIf the key length is N, then every Nth character of the plaintext is encrypted using the same shiftIf we take every Nth character and calculate frequencies, we should get the pis in permuted orderIf we take every Mth character (M not a multiple of N) and calculate frequencies, we should get something close to uniform

Determining the key lengthHow to distinguish these two?For some candidate distribution q0, , q255, compute qi2 If close to uniform, qi2 256 (1/256)2 = 1/256If a permutation of pi, then qi2 pi2 Could compute pi2 (but somewhat difficult)Key point: will be much larger than 1/256 Try all possibilities for the key length, compute qi2, and look for maximum value

Determining the ith byte of the key Assume the key length N is knownLook at every Nth character of the ciphertext, starting with the ith characterCall this the ith ciphertext streamNote that all bytes in this stream were generated by XORing plaintext with the same byte of the keyTry decrypting the stream using every possible byte value BGet a candidate plaintext stream for each value

Determining the ith byte of the keyWhen the guess B is correct:All bytes in the plaintext stream will be between 32 and 127Frequencies of lowercase letters (as a fraction of all lowercase letters) should be close to known English-letter frequenciesTabulate qa, , qzShould find qi pi pi2 0.065In practice, take B that maximizes qi pi, subject to caveat above (and possibly others)

Attack time?Say the key length is between 1 and LDetermining the key length: 256 LDetermining all bytes of the key: 2562 L

Brute-force key search: 256L

The attack in practiceAttacks get more reliable as the ciphertext length grows larger

Attacks still work for short(er) ciphertexts, but more tweaking and manual involvement is neededYou should expect to have to do this for the HW!

Programming assignmentUse discussion boards for help

Good luck!