Introduction to Modern Cryptography
Michele Ciampi
(Slides courtesy of Prof. Jonathan Katz)
Lecture 01 Part 3
1 / 17
�Shift Cipher
2 / 17
�The Shift Cipher
▶ Consider encrypting English text
▶ Associate a ← 0, b ← 1, ... z ← 25
▶ k ∈ K = {0, . . . , 25}
▶ To encrypt using key k, shift every letter of the plaintext
by k positions (with wraparound)
▶ Decryption just does the reverse
helloworldz
ccccccccccc
jgnnqyqtnfb
3 / 17
�Modular arithmetic
▶ x = y mod N if and only if N divides x − y
▶ [x mod N ] = the remainder when x is divided by N
▶ i.e. the unique value y ∈ {0, . . . , N − 1} such that x = y
mod N
▶ 25 = 35 mod 10
▶ 25 ̸= [35 mod 10]
▶ 5 = [35 mod 10]
4 / 17
�The Shift Cipher, formally
▶ M = strings over lowercase English alphabet
▶ Gen: choose uniform k ∈ {0, . . . , 25}
▶ Enck (m1 . . . mt ): output c1 . . . ct , where
ci = [mi + k mod 26]
▶ Deck (c1 . . . ct ): output m1 . . . mt , where
mi = [ci − k mod 26]
5 / 17
�Is the Shift Cipher secure?
Brute-force Attack
▶ No – only 26 possible keys!
▶ Given a ciphertext, try decrypting with every possible key
▶ Only one possibility will “make sense”
▶ Example of a brute-force or exhaustive-search attack
6 / 17
�Brute-force Attack on Shift Cipher
Example
▶ Ciphertext uryybjbeyq
▶ Try every possible key and decrypt:
▶ message under key 1 is: tqxxaiadxp
▶ message under key 2 is: spwwzhzcwo
▶ ...
▶ message under key i is: helloworld
▶ ...
7 / 17
�Byte-wise Shift Cipher
▶ Alphabet of bytes rather than (English, lowercase) letters
▶ Works natively for arbitrary data!
▶ Use XOR instead of modular addition
▶ Essential properties still hold
8 / 17
�Hexadecimal (base 16) Notation
Hex Bits Decimal Hex Bits Decimal
0 0000 0 8 1000 8
1 0001 1 9 1001 9
2 0010 2 A 1010 10
3 0011 3 B 1011 11
4 0100 4 C 1100 12
5 0101 5 D 1101 13
6 0110 6 E 1110 14
7 0111 7 F 1111 15
9 / 17
�Hexadecimal (base 16) Notation
0x10
▶ 0x10 = 16*1 + 0 = 16
▶ 0x10 = 0001 0000
0xAF
▶ 0xAF = 16*A + F = 16*10 + 15 = 175
▶ 0xAF = 1010 1111
10 / 17
�ASCII
▶ American Standard Code for Information Interchange
▶ Character encoding standard
▶ Byte-wise Shift Cipher: encode characters in ASCII
▶ 1 byte = 1 character = 2 hex digits
▶ Encoded using the ASCII table
11 / 17
�ASCII table
https://hubpages.com/technology/What-Are-ASCII-Codes
12 / 17
�Useful observations
▶ Only 128 valid ASCII chars (128 bytes invalid)
▶ Only 0x20-0x7E printable
▶ 0x41-0x7A includes upper/lowercase letters
▶ Uppercase letters begin with 0x4 or 0x5
▶ Lowercase letters begin with 0x6 or 0x7
13 / 17
�Byte-wise Shift Cipher, Formally
▶ M = strings of bytes
▶ Gen: choose uniform k ∈ K = {0x00 . . . 0xFF} i.e. there
are 256 possible keys
▶ Enck (m1 . . . mt ): output c1 . . . ct , where
ci = mi ⊕ k
▶ Deck (c1 . . . ct ): output m1 . . . mt , where
mi = ci ⊕ k
14 / 17
�Is this scheme secure?
▶ No – only 256 possible keys!
▶ Given a ciphertext, try decrypting with every possible key
▶ If ciphertext is long enough, only one plaintext will ”make
sense”
▶ Can further optimize
▶ First nibble of plaintext likely 0x4,0x5,0x6,0x7 (assuming
letters only)
▶ Recover 2 key bits and reduce exhaustive search by a factor
of 4.
15 / 17
�Sufficient key space principle
Crypto Design Lesson One
▶ The key space must be large enough to make brute-force
attacks impractical
Spoiler: necessary, but not sufficient
16 / 17
� End
Reference: Section 1.3 of the book
17 / 17
