Cryptography

Prof. Sugata Gangopadhyay

Department of Computer Science and
Engineering
Indian Institute of Technology Roorkee
Cryptography

The branch of knowledge that provides ways to ensure the

confidentiality of messages that we send, the integrity of data that we
store, and authenticates content and source of communications that
we receive is said to be Cryptography.
Cryptosystem
• A cryptosystem is a five-tuple of sets (𝒫, 𝒞, 𝒦, ℰ, 𝒟) where

𝒫 = a finite set of possible plaintexts.

𝒞 = a finite set of possible ciphertexts.

𝒦= a finite set of possible keys called the keyspace.

ℰ = the set of encryption functions from 𝒫 to 𝒞.

𝒟 = the set of decryption functions from 𝒞 to 𝒫.

For each 𝐾 ∈ 𝒦 there is a unique pair of functions 𝑒 ∈ ℰ and 𝑑 ∈ 𝒟

such that 𝑑 𝑒 𝑥 = 𝑥, for all 𝑥 ∈ 𝒫. 𝑒 is said to be the encryption function, and 𝑑 is said to be the
decryption function.
Kerckhoffs’ principle
(Auguste Kerckhoffs, 1883)
A cryptosystem should be secure even if the attacker knows all details
about the system, with the exception of the secret key. In particular,
the system should be secure when the attacker knows the encryption
and decryption algorithms.
 Sender is Alice

Alice,
Bob, and Receiver is Bob
Oscar
Adversary or
Attacker is Oscar
 A secure communication model

Oscar

𝑥∈𝒫 𝑥 = 𝑑 (𝑦) ∈ 𝒫
Alice Encrypter Decrypter Bob
𝑦=𝑒 𝑥 ∈𝒞
Insecure channel
K∈ 𝒦
Secure channel

Key
generator
A secure communication model
• Key agreement: Alice and Bob must agree upon a key randomly
chosen from the keyspace .
• Alice encrypts the plaintext messages one by one using
and generates the ciphertexts

and sends it to Bob over an insecure channel.

• Bob decrypts the ciphertexts using and retrieves the plaintext
message:
Classical cryptography

• These are the ciphers that were used before the advent to digital
computers.

• They are insecure for present day applications.

• However, some aspects of their design principles are relevant even

today.
Examples of classical ciphers
• The Shift Cipher.

• The Affine Cipher.

• The Vigenère Cipher.

Modern cryptography

• Symmetric Cryptography: Both the sender and the receiver have

access to the encryption and decryption functions and
corresponding to the shared secret key .

• Asymmetric Cryptography: The sender has the access to the

encryption function but cannot use that information to compute
the decryption function .
Examples of modern cryptosystems
• Symmetric ciphers
• Stream ciphers:
• A5/1, A5/2. Used in GSM standard
• RC4: formerly used in TLS protocol
• Block Ciphers
• DES (Data Encryption Standard)
• AES (Advanced Encryption Standard)
• Asymmetric ciphers
• RSA cryptosystem
• Cryptographic hash functions
• MD-4, MD-5
• SHA-1, SHA-2
• SHA-3
 Week 1
Module 2.1
• Shift Ciphers. After completing this module, you will be able to
• Encrypt using a shift cipher

• Decrypt using a shift cipher

• Prerequisite: fundamentals of modular arithmetic

The Shift Cipher
• The set of plaintexts
• The set of ciphertexts
• The keyspace , the set of integers modulo .
• Map the alphabetic characters to the element of as follows:
Encryption and Decryption Rules

• Let be the key.

• The encryption function is defined as:

• The decryption function is defined as:

Example
• Plaintext message: goodmorning
• Key = . Encryption function
• Ciphertext: jrrgpruqlqj
g o o d m o r n i n g
6 14 14 3 12 14 17 13 8 13 6
3 3 3 3 3 3 3 3 3 3 3
9 17 17 6 15 17 20 16 11 16 9
j r r g p r u q l q j
Example
• Ciphertext: jrrgpruqlqj
• Key = . Decryption function
• Decryption:
J R R g p r u q l q J
9 17 17 6 15 17 20 16 11 16 9
-3 -3 -3 -3 -3 -3 -3 -3 -3 -3 -3
6 14 14 3 12 14 17 13 8 13 6
g O O D m o r n i n g
 Week 1
Module 2.2
• Affine Ciphers. After completing this module, you will be able to
• Encrypt using an affine cipher

• Decrypt using a affine cipher

• Prerequisite: fundamentals of modular arithmetic

Affine Cipher
• The plaintext set
• The ciphertext set
• The keyspace

• Encryption function corresponding to the

• key is: ,
• Decryption function corresponding to the
• key is:
,
Finding inverse in
• The set is said to be integers modulo .

• The elements of are The

binary operations defined on are addition
modulo and multiplication modulo .

• Define ∗

• For any , there exists

such that .

• The extended Euclidean algorithm outputs

from the input .
Finding inverse in
• For any ∗
there exist such that

• Suppose that . Then

• The integer is said to be the inverse of modulo . We write

instead of to stress this point.
Affine Cipher (continues)
• Finally, we need to check

, , ,

• This completes the description of the affine

cipher.
Example: the affine cipher
1. Using the affine cipher with key encrypt the
plaintext message:
code blue alert

2. Use the above affine cipher to decrypt the following ciphertext:

CJISEIZCZRCFPCUWXCVZ
Example: the affine cipher
• Plaintext: code blue alert
• Plaintext after removing spaces and encoding to numbers:
2 14 3 4 1 11 20 4 0 11 4 17 19
• Encoded ciphertext:
18 0 23 2 13 11 4 2 8 11 2 15 25

• Ciphertext: SAXCNLECILCPZ

• Encryption: .c S
Example: the affine cipher
• Ciphertext: CJISEIZCZRCFPCUWXCVZ
• Plaintext: codebluealert

• , .
 Week 1
Module 2.3
• Vigenère Cipher
Vigenère Cipher
• Giovan Battista Bellaso proposed a cipher in 1553 that resisted all attempts to
break it.
• Later this cipher was misattributed to Blaise de Vigenère and called the Vigenère
Cipher.
• The Vigenère Cipher resisted attacks for three centuries until Friedrich Kasiski
developed a general method to break it in 1863.
• William F. Friedman designed the most powerful attack on the Vigenère cipher in
1920.

• We will be covering these topics in this week starting from this module.
Vigenère Cipher:
• The plaintext space: , using the
encoding .

• The ciphertext space: , using the

encoding .

• A key is a string of letters from of length . The

value of is kept secret.
Vigenère Cipher:
• Let where
• where
• Let denote the addition modulo
• The encryption rule is

• The decryption rule is

Example
• Input (with punctuations, space, uppercase)
Here, on the level sand, Between the sea and land,
What shall I build or write Against the fall of
night? Tell me of runes to grave That hold the
bursting wave, Or bastions to design For longer date
than mine.

• Plaintext sequence (without punctuations, space, and uppercase)

hereonthelevelsandbetweentheseaandlandwhatshallibuil
dorwriteagainstthefallofnighttellmeofrunestogravetha
tholdtheburstingwaveorbastionstodesignforlongerdatet
hanmine
Example (cont.)
• Key: crypto

• Output:
jvpthbvycaxjgcqpgrdvrlxspkftlscrlseopuuwthuyyaew
dlgawctnpxmscxyxggvkftyoncmugwiyrixzndcdyfwechmc
iiykxhjrrwhzfkftuitjrxguyrtthfdrqibcpjrdwsuzecyc
tcmczstuyixhjrlbbbg
Example (cont.)
• hereonthelevelsand =
7,4,17,4,14,13,19,7,4,11,4,21,4,11,18,0,13,3
• cryptocryptocrypto =
2,17,24,15,19,14,2,17,24,15,19,14,2,17,24,15,19,14

(7+2)mod 26 = 9 = j
(4+17)mod 26 = 21 = v
(17+24)mod 26 = 15 = p
(4+15)mod 26 = 19 = t
(14+19)mod 26 = 7 = h
 Week 1
Module 3
• Cryptanalysis of
• The Shift Cipher
• The Affine Cipher
Cryptanalysis: the Shift Cipher
Letter Prob. Letter Prob.
A 0.082 N 0.067
• The probability distribution of
B 0.015 O 0.075
letter appearing in English
language texts. C 0.028 P 0.019
D 0.043 Q 0.001
• The list of letters in the E 0.127 R 0.060
decreasing of order of probability
F 0.022 S 0.063
of occurrence is:
G 0.020 T 0.091
• E
H 0.061 U 0.028
• T, A, O, I, N, S, H, R
I 0.070 V 0.010
• D, L
• C, U, M, W, F, G, Y, P, B J 0.002 W 0.023

• V, K, J, X, Q, Z K 0.008 X 0.001
L 0.040 Y 0.020
M 0.024 Z 0.001
Cryptanalysis: the Shift Cipher
Letter Prob. Letter Prob.
A 0.082 N 0.067
• Further 30 most common
B 0.015 O 0.075
digrams are: C 0.028 P 0.019
• TH, HE, IN, ER, AN, RE, AN, RE, ED, D 0.043 Q 0.001
ON, ES, ST, EN, AT, TO, NT, HA, ND,
E 0.127 R 0.060
OU, EA, NG, AS, OR, TI, IS, ET, IT,
AR, TE, SE, HI, OF F 0.022 S 0.063
G 0.020 T 0.091
• The twelve most common H 0.061 U 0.028
trigrams are: I 0.070 V 0.010
• THE, ING, AND, HER, ERE, ENT, J 0.002 W 0.023
THA, NTH, WAS, ETH, FOR, DTH K 0.008 X 0.001
L 0.040 Y 0.020
M 0.024 Z 0.001
Cryptanalysis: the Shift Cipher
• Consider the ciphertext:
tqdqazftqxqhqxemzpnqfiqqzftqeqmmzpxmzpitmfetmxxung Letter Prob. Letter Prob.
uxpadidufqmsmuzefftqrmxxarzustffqxxyqardgzqefasdmhqf A 0.082 N 0.067
tmftaxpftqngdefuzsimhqadnmefuazefapqeuszradxazsqdpm B 0.015 O 0.075
fqftmzyuzq C 0.028 P 0.019
D 0.043 Q 0.001
• The frequency distribution of the letters appearing in E 0.127 R 0.060
the above ciphertext is: F 0.022 S 0.063
[('a', 11), ('d', 9), ('e', 9), ('f', 18), ('g', 3), ('h', 3), ('i', 4), G 0.020 T 0.091
('m', 15), ('n', 4), ('p', 7), ('q', 22), ('r', 4), ('s', 6), ('t', 11), H 0.061 U 0.028
('u', 9), ('x', 12), ('y', 2), ('z', 14)] I 0.070 V 0.010
• The most frequently occurring variables are: J 0.002 W 0.023
('q', 22), ('f', 18), ('m', 15), ('z', 14), ('x', 12), ('t', 11). K 0.008 X 0.001
L 0.040 Y 0.020
M 0.024 Z 0.001
Cryptanalysis: the Shift Cipher

• The most frequently occurring letters are: ('q', 22), ('f', 18), ('m', 15),
('z', 14), ('x', 12), ('t', 11).
• The most frequently occurring letter is e.
• e is encoded to 4 and q is encoded to 16.

• The decryption function .

Cryptanalysis: the Shift Cipher

• The decryption function .

• Ciphertext:
tqdqazftqxqhqxemzpnqfiqqzftqeqmmzpxmzpitmfetmxxunguxpadiduf
qmsmuzefftqrmxxarzustffqxxyqardgzqefasdmhqftmftaxpftqngdefuzsi
mhqadnmefuazefapqeuszradxazsqdpmfqftmzyuzq
• After decryption using the proposed decryption function:
hereonthelevelsandbetweentheseaandlandwhatshallibuildorwriteagain
stthefallofnighttellmeofrunestogravethatholdtheburstingwaveorbastion
stodesignforlongerdatethanmine
 A successful frequency analysis attack
• After decryption using the proposed decryption function:
hereonthelevelsandbetweentheseaandlandwhatshallibuildorwriteagain
stthefallofnighttellmeofrunestogravethatholdtheburstingwaveorbastion
stodesignforlongerdatethanmine
• Including spaces at appropriate positions we obtain:

Here on the level sand between the sea and land what shall I build or
write against the fall of night tell me of runes to grave that hold the
bursting wave or bastions to design for longer date than mine
This is meaningful English text.
Cryptanalysis: the Affine Cipher
Letter Prob. Letter Prob.
A 0.082 N 0.067
• Consider the ciphertext:
B 0.015 O 0.075
kpcphaqkpmpepmjnaiupqlppaqkpjpnnaim
nailknqjknmmruxrmihclcrqpndnrajqqkpwn C 0.028 P 0.019
mmhwardkqqpmmtphwcxapjqhdcnepqknq D 0.043 Q 0.001
khmiqkpuxcjqradlnephcunjqrhajqhipjrdawh
E 0.127 R 0.060
cmhadpcinqpqknatrap
F 0.022 S 0.063
• The frequency distribution of the letters
appearing in the above ciphertext is: G 0.020 T 0.091
[('a', 14), ('c', 9), ('d', 6), ('e', 3), ('h', H 0.061 U 0.028
11), ('i', 7), ('j', 9), ('k', 10), I 0.070 V 0.010
('l', 4), ('m', 12), ('n', 15), ('p', 22), ('q', J 0.002 W 0.023
18), ('r', 8), ('t', 2), ('u', 4),
K 0.008 X 0.001
('w', 4), ('x', 3)]
L 0.040 Y 0.020
M 0.024 Z 0.001
 Cryptanalysis: the Affine Cipher
• First few letters in decreasing order of
frequencies:
[('p', 22), ('q', 18), ('n', 15), ('a', 14), ('m', 12),
('h', 11), ]
• Assuming that e p, and t q that is
and for yet unknown key
we set up the equations

• Subtracting we get . Inverting

modulo we get .
•
.
• The proposed key is
Cryptanalysis: the Affine Cipher
• The proposed encryption function is
,
• The decryption function corresponding to this decryption function is
,
• The proposed plaintext is
hereonthelevelsandbetweentheseaandlandwhatshallibuildorwriteagainstthefa
llofnighttellmeofrunestogravethatholdtheburstingwaveorbastionstodesignforl
ongerdatethanmine
• Inserting spaces at appropriate positions we have
Here on the level sand between the sea and land what shall I build or write
against the fall of night tell me of runes to grave that hold the bursting wave or
bastions to design for longer date than mine
Cryptanalysis: the Affine Cipher
• Suppose that for a proposed pair of plaintext-ciphertext
combinations, say, we have the equations

giving us .
• If is not invertible modulo , or is
not coprime to , we do not obtain a valid value for .
• In that case we have to guess the other possibilities of plaintext-
ciphertext combinations to derive the values of the candidate keys.
 Week 1
Module 4-5
• Cryptanalysis of the Vigenère Cipher
History

Vigenère cipher was proposed by Giovan Battista Bellaso in 1553. Three

hundred years later in 1863, Friedrich Kasiski proposed a general
attack. There is evidence that Charles Babbage discovered a similar
attack around 1854. In 1920, William F. Friedman proposed another
attack based on the index of coincidence. The Vigenère cipher is
attacked combining Kasiski’s test with Friedman’s analysis.
Kasiski’s test
• Kasiski’s test involves the following steps:
• We search the ciphertext for pairs of identical segments of length at least
three, and record the distance between starting positions of the two
segments.
• If we obtain several such distances, say , then we would
conjecture that divides all of the ’s, and hence divides the greatest
common divisor of the ’s.

• Further evidence for the value of can be obtained by computing

index of coincidence.
Index of coincidence
• Suppose that is a string of alphabetic characters. The
index of coincidence of , denoted by , is defined to be the
probability that two elements of chosen at random are identical.
• Let us suppose that we have the -letter roman alphabet used to
write English, that is, our alphabet is encoded by the
numbers .
• Let the probability of occurrence of the number , where ,
be .
• Then for any sufficiently long string the index of coincidence is
Index of coincidence of a “random” language
• Suppose that letters encoded by using the integers from the set
we construct strings such that each letter is chosen
uniformly at random.
• Let us call this the “random” language.
• The Index of Coincidence for this language is
The Index of Coincidence for English
Letter Prob. Letter Prob.
• Letters appearing in any sufficiently long
A 0.082 N 0.067
text written in English follow the probability
B 0.015 O 0.075
distribution given in the adjacent table. C 0.028 P 0.019
• As before we encode the letters A through Z D 0.043 Q 0.001
by the integers through , respectively. E 0.127 R 0.060
F 0.022 S 0.063
• Let the probability of occurrence of the
G 0.020 T 0.091
letter be .
H 0.061 U 0.028
• By direct computation from the values listed I 0.070 V 0.010
in the adjacent table . J 0.002 W 0.023
K 0.008 X 0.001
L 0.040 Y 0.020
M 0.024 Z 0.001
Cryptanalysis
• We adopt the following steps:
• Use Kasiski test to obtain the key length, say .
• Suppose that the ciphertext after encoding is .
• Suppose
• Construct the following table
Cryptanalysis
• Let the key is .
• The th column of the following table is encrypted by the key
component where .
Cryptanalysis
• The th column of the above matrix is

• Let the corresponding plaintext symbols, encoded using integers) be

• Therefore, the following equations are satisfied modulo :

Cryptanalysis
• In the th column suppose the letter corresponding to the integer ,
, appears times.
• The probability of its appearance is estimated by .
• Since the integer is appearing as a symbol in the ciphertext
encrypted by the key , the decrypted plaintext symbol is
reduced modulo , that we write as .
• The probability of appearance of this symbol is .
• If the choice of the key is correct, then .
Cryptanalysis
• William Friedman (1920) proposed a technique to use this
observation and the values of indices of coincidence to retrieve the
key. The steps are as follows:
• Step 1: for each column , generate the frequency distribution
.
• Step 2: for each compute the sum .
• Step 3: the values of for which the sum are the
considered to be the possible values of the key .
• This process is repeated for each column .
Example
Ciphertext:

KCCPKBGUFDPHQTYAVINRRTMVGRKDNBVFDETDGILTXRGUD
DKOTFMBPVGEGLTGCKQRACQCWDNAWCRXIZAKFTLEWRPTYC
QKYVXCHKFTPONCQQRHJVAJUWETMCMSPKQDYHJVDAHCTRL
SVSKCGCZQQDZXGSFRLSWCWSJTBHAFSIASPRJAHKJRJUMV
GKMITZHFPDISPZLVLGWTFPLKKEBDPGCEBSHCTJRWXBAFS
PEZQNRWXCVYCGAONWDDKACKAWBBIKFTIOVKCGGHJVLNHI
FFSQESVYCLACNVRWBBIREPBBVFEXOSCDYGZWPFDTKFQIY
CWHJVLNHIQIBTKHJVNPIST
Result of Kasiski test
• The segment 'kft’ appears at positions 79, 97, 253.

• gcd(97-79, 253-79) = 6.

• Proposed length of the key = 6

 The columns
• The columns are
Col. 0: ‘kgqngvggtgcqwawqhnjepjtkqfwapjghpwkctaqvncivjfvnivcpqjqjt’
Col. 1: ‘cutrrfiufekcckrkkcvtkvrcdrsfrrkfzteejfnywkkkvfyvrfdfiviv’,
Col. 2: ‘cfyrkdldmgqwrfpyfqamqdlgzljsjjmplfbbrsrcdafclscreeydylbn’,
Col. 3: ‘pdatdetdblrdxttvtqjcdascxstiauidvpdswpwgdwtgnqlwpxgtcntp’,
Col. 4: ‘kpvmntxkptanilyxprumyhvzgwbahmtillphxexakbigheabbozkwhki’,
Col. 5: ‘bhivbdrovgcazeccohwshcsqschskvzsgkgcbzcoabohiscbbswfhihs'
Column 0
Key IC Key IC IC Key IC
Key
A 0.031 H 0.031 O 0.038 V 0.039

B 0.035 I 0.042 P 0.046 W 0.043

C 0.064 J 0.045 Q 0.036 X 0.034

D 0.038 K 0.025 R 0.040 Y 0.041

E 0.033 L 0.033 S 0.042 Z 0.033

F 0.042 M 0.038 T 0.033

G 0.036 N 0.042 U 0.030

Column 1
Key IC Key IC IC Key IC
Key
A 0.038 H 0.030 O 0.040 V 0.035

B 0.039 I 0.026 P 0.032 W 0.029

C 0.048 J 0.035 Q 0.035 X 0.037

D 0.041 K 0.044 R 0.070 Y 0.045

E 0.039 L 0.030 S 0.036 Z 0.036

F 0.036 M 0.035 T 0.029

G 0.045 N 0.047 U 0.029

Column 2
Key IC Key IC IC Key IC
Key
A 0.035 H 0.038 O 0.036 V 0.032

B 0.036 I 0.033 P 0.031 W 0.034

C 0.033 J 0.042 Q 0.034 X 0.043

D 0.037 K 0.041 R 0.039 Y 0.058

E 0.035 L 0.045 S 0.042 Z 0.045

F 0.041 M 0.040 T 0.031

G 0.027 N 0.042 U 0.039

Column 3
Key IC Key IC IC Key IC
Key
A 0.045 H 0.033 O 0.034 V 0.035

B 0.038 I 0.038 P 0.065 W 0.041

C 0.043 J 0.037 Q 0.037 X 0.033

D 0.037 K 0.036 R 0.029 Y 0.034

E 0.036 L 0.033 S 0.038 Z 0.044

F 0.037 M 0.040 T 0.040

G 0.031 N 0.031 U 0.025

Column 4
Key IC Key IC IC Key IC
Key
A 0.040 H 0.046 O 0.033 V 0.035

B 0.033 I 0.046 P 0.044 W 0.043

C 0.034 J 0.034 Q 0.033 X 0.044

D 0.039 K 0.034 R 0.035 Y 0.030

E 0.044 L 0.035 S 0.035 Z 0.032

F 0.033 M 0.034 T 0.055

G 0.043 N 0.035 U 0.040

Column 5
Key IC Key IC IC Key IC
Key
A 0.041 H 0.039 O 0.070 V 0.041

B 0.038 I 0.036 P 0.042 W 0.035

C 0.036 J 0.034 Q 0.031 X 0.037

D 0.042 K 0.047 R 0.032 Y 0.039

E 0.038 L 0.034 S 0.038 Z 0.048

F 0.026 M 0.024 T 0.032

G 0.033 N 0.036 U 0.040

The key and the plaintext
• The key is “CRYPTO”
• The plaintext is:
ilearnedhowtocalculatetheamountofpaperneededforaroomwheniwas
atschoolyoumultiplythesquarefootageofthewallsbythecubiccontentso
fthefloorandceilingcombinedanddoubleityouthenallowhalfthetotalfor
openingssuchaswindowsanddoorsthenyouallowtheotherhalfformatch
ingthepatternthenyoudoublethewholethingagaintogiveamarginoferro
randthenyouorderthepaper
The key and the plaintext
• The plaintext after inserting spaces is:
I learned how to calculate the amount of paper needed for a room
when I was at school you multiply the square footage of the walls by
the cubic contents of the floor and ceiling combined and double it you
then allow half the total for openings such as windows and doors then
you allow the other half for matching the pattern then you double the
whole thing again to give a margin of error and then you order the
paper
Cryptography
Prof. Sugata Gangopadhyay
Department of Computer Science and
Engineering
Indian Institute of Technology Roorkee
 Week 1
Module 4
• Cryptanalysis of the Vigenère Cipher
History

Vigenère cipher was proposed by Giovan Battista Bellaso in 1553. Three

hundred years later in 1863, Friedrich Kasiski proposed a general
attack. There is evidence that Charles Babbage discovered a similar
attack around 1854. In 1920, William F. Friedman proposed another
attack based on the index of coincidence. The Vigenère cipher is
attacked combining Kasiski’s test with Friedman’s analysis.
Kasiski’s test
• Kasiski’s test involves the following steps:
• We search the ciphertext for pairs of identical segments of length at least
three, and record the distance between starting positions of the two
segments.
• If we obtain several such distances, say , then we would
conjecture that divides all of the ’s, and hence divides the greatest
common divisor of the ’s.

• Further evidence for the value of can be obtained by computing

index of coincidence.
Index of coincidence
• Suppose that is a string of alphabetic characters. The
index of coincidence of , denoted by , is defined to be the
probability that two elements of chosen at random are identical.
• Let us suppose that we have the -letter roman alphabet used to
write English, that is, our alphabet is encoded by the
numbers .
• Let the probability of occurrence of the number , where ,
be .
• Then for any sufficiently long string the index of coincidence is
Index of coincidence of a “random” language
• Suppose that letters encoded by using the integers from the set
we construct strings such that each letter is chosen
uniformly at random.
• Let us call this the “random” language.
• The Index of Coincidence for this language is
The Index of Coincidence for English
Letter Prob. Letter Prob.
• Letters appearing in any sufficiently long
A 0.082 N 0.067
text written in English follow the probability
B 0.015 O 0.075
distribution given in the adjacent table. C 0.028 P 0.019
• As before we encode the letters A through Z D 0.043 Q 0.001
by the integers through , respectively. E 0.127 R 0.060
F 0.022 S 0.063
• Let the probability of occurrence of the
G 0.020 T 0.091
letter be .
H 0.061 U 0.028
• By direct computation from the values listed I 0.070 V 0.010
in the adjacent table . J 0.002 W 0.023
K 0.008 X 0.001
L 0.040 Y 0.020
M 0.024 Z 0.001
Cryptanalysis
• We adopt the following steps:
• Use Kasiski test to obtain the key length, say .
• Suppose that the ciphertext after encoding is .
• Suppose
• Construct the following table
Cryptanalysis
• Let the key is .
• The th column of the following table is encrypted by the key
component where .
Cryptanalysis
• The th column of the above matrix is

• Let the corresponding plaintext symbols, encoded using integers) be

• Therefore, the following equations are satisfied modulo :

Cryptanalysis
• In the th column suppose the letter corresponding to the integer ,
, appears times.
• The probability of its appearance is estimated by .
• Since the integer is appearing as a symbol in the ciphertext
encrypted by the key , the decrypted plaintext symbol is
reduced modulo , that we write as .
• The probability of appearance of this symbol is .
• If the choice of the key is correct, then .
Cryptanalysis
• William Friedman (1920) proposed a technique to use this
observation and the values of indices of coincidence to retrieve the
key. The steps are as follows:
• Step 1: for each column , generate the frequency distribution
.
• Step 2: for each compute the sum .
• Step 3: the values of for which the sum are the
considered to be the possible values of the key .
• This process is repeated for each column .
Cryptography
Prof. Sugata Gangopadhyay
Department of Computer Science and
Engineering
Indian Institute of Technology Roorkee
 Week 1
Module 5
• Cryptanalysis of the Vigenère Cipher
Example
Ciphertext:

KCCPKBGUFDPHQTYAVINRRTMVGRKDNBVFDETDGILTXRGUD
DKOTFMBPVGEGLTGCKQRACQCWDNAWCRXIZAKFTLEWRPTYC
QKYVXCHKFTPONCQQRHJVAJUWETMCMSPKQDYHJVDAHCTRL
SVSKCGCZQQDZXGSFRLSWCWSJTBHAFSIASPRJAHKJRJUMV
GKMITZHFPDISPZLVLGWTFPLKKEBDPGCEBSHCTJRWXBAFS
PEZQNRWXCVYCGAONWDDKACKAWBBIKFTIOVKCGGHJVLNHI
FFSQESVYCLACNVRWBBIREPBBVFEXOSCDYGZWPFDTKFQIY
CWHJVLNHIQIBTKHJVNPIST
Result of Kasiski test
• The segment 'kft’ appears at positions 79, 97, 253.

• gcd(97-79, 253-79) = 6.

• Proposed length of the key = 6

 The columns
• The columns are
Col. 0: ‘kgqngvggtgcqwawqhnjepjtkqfwapjghpwkctaqvncivjfvnivcpqjqjt’
Col. 1: ‘cutrrfiufekcckrkkcvtkvrcdrsfrrkfzteejfnywkkkvfyvrfdfiviv’,
Col. 2: ‘cfyrkdldmgqwrfpyfqamqdlgzljsjjmplfbbrsrcdafclscreeydylbn’,
Col. 3: ‘pdatdetdblrdxttvtqjcdascxstiauidvpdswpwgdwtgnqlwpxgtcntp’,
Col. 4: ‘kpvmntxkptanilyxprumyhvzgwbahmtillphxexakbigheabbozkwhki’,
Col. 5: ‘bhivbdrovgcazeccohwshcsqschskvzsgkgcbzcoabohiscbbswfhihs'
Column 0
Key IC Key IC IC Key IC
Key
A 0.031 H 0.031 O 0.038 V 0.039

B 0.035 I 0.042 P 0.046 W 0.043

C 0.064 J 0.045 Q 0.036 X 0.034

D 0.038 K 0.025 R 0.040 Y 0.041

E 0.033 L 0.033 S 0.042 Z 0.033

F 0.042 M 0.038 T 0.033

G 0.036 N 0.042 U 0.030

Column 1
Key IC Key IC IC Key IC
Key
A 0.038 H 0.030 O 0.040 V 0.035

B 0.039 I 0.026 P 0.032 W 0.029

C 0.048 J 0.035 Q 0.035 X 0.037

D 0.041 K 0.044 R 0.070 Y 0.045

E 0.039 L 0.030 S 0.036 Z 0.036

F 0.036 M 0.035 T 0.029

G 0.045 N 0.047 U 0.029

Column 2
Key IC Key IC IC Key IC
Key
A 0.035 H 0.038 O 0.036 V 0.032

B 0.036 I 0.033 P 0.031 W 0.034

C 0.033 J 0.042 Q 0.034 X 0.043

D 0.037 K 0.041 R 0.039 Y 0.058

E 0.035 L 0.045 S 0.042 Z 0.045

F 0.041 M 0.040 T 0.031

G 0.027 N 0.042 U 0.039

Column 3
Key IC Key IC IC Key IC
Key
A 0.045 H 0.033 O 0.034 V 0.035

B 0.038 I 0.038 P 0.065 W 0.041

C 0.043 J 0.037 Q 0.037 X 0.033

D 0.037 K 0.036 R 0.029 Y 0.034

E 0.036 L 0.033 S 0.038 Z 0.044

F 0.037 M 0.040 T 0.040

G 0.031 N 0.031 U 0.025

Column 4
Key IC Key IC IC Key IC
Key
A 0.040 H 0.046 O 0.033 V 0.035

B 0.033 I 0.046 P 0.044 W 0.043

C 0.034 J 0.034 Q 0.033 X 0.044

D 0.039 K 0.034 R 0.035 Y 0.030

E 0.044 L 0.035 S 0.035 Z 0.032

F 0.033 M 0.034 T 0.055

G 0.043 N 0.035 U 0.040

Column 5
Key IC Key IC IC Key IC
Key
A 0.041 H 0.039 O 0.070 V 0.041

B 0.038 I 0.036 P 0.042 W 0.035

C 0.036 J 0.034 Q 0.031 X 0.037

D 0.042 K 0.047 R 0.032 Y 0.039

E 0.038 L 0.034 S 0.038 Z 0.048

F 0.026 M 0.024 T 0.032

G 0.033 N 0.036 U 0.040

The key and the plaintext
• The key is “CRYPTO”
• The plaintext is:
ilearnedhowtocalculatetheamountofpaperneededforaroomwheniwas
atschoolyoumultiplythesquarefootageofthewallsbythecubiccontentso
fthefloorandceilingcombinedanddoubleityouthenallowhalfthetotalfor
openingssuchaswindowsanddoorsthenyouallowtheotherhalfformatch
ingthepatternthenyoudoublethewholethingagaintogiveamarginoferro
randthenyouorderthepaper
The key and the plaintext
• The plaintext after inserting spaces is:
I learned how to calculate the amount of paper needed for a room
when I was at school you multiply the square footage of the walls by
the cubic contents of the floor and ceiling combined and double it you
then allow half the total for openings such as windows and doors then
you allow the other half for matching the pattern then you double the
whole thing again to give a margin of error and then you order the
paper
The Vigenère Cipher
Sugata Gangopadhyay
Vigenère Cipher
• Giovan Battista Bellaso proposed a cipher in 1553 that resisted all attempts to
break it.
• Later this cipher was misattributed to Blaise de Vigenère and called the Vigenère
Cipher.
• The Vigenère Cipher resisted attacks for three centuries until Friedrich Kasiski
developed a general method to break it in 1863.
• William F. Friedman designed the most powerful attack on the Vigenère cipher in
1920.

• We will be covering these topics in this week starting from this module.
Vigenère Cipher:
• The plaintext space: , using the
encoding .

• The ciphertext space: , using the

encoding .

• A key is a string of letters from of length . The

value of is kept secret.
Vigenère Cipher:
• Let where
• where
• Let denote the addition modulo
• The encryption rule is

• The decryption rule is

Example
• Input (with punctuations, space, uppercase)
Here, on the level sand, Between the sea and land,
What shall I build or write Against the fall of
night? Tell me of runes to grave That hold the
bursting wave, Or bastions to design For longer date
than mine.

• Plaintext sequence (without punctuations, space, and uppercase)

hereonthelevelsandbetweentheseaandlandwhatshallibuil
dorwriteagainstthefallofnighttellmeofrunestogravetha
tholdtheburstingwaveorbastionstodesignforlongerdatet
hanmine
Example (cont.)
• Key: crypto

• Output:
jvpthbvycaxjgcqpgrdvrlxspkftlscrlseopuuwthuyyaew
dlgawctnpxmscxyxggvkftyoncmugwiyrixzndcdyfwechmc
iiykxhjrrwhzfkftuitjrxguyrtthfdrqibcpjrdwsuzecyc
tcmczstuyixhjrlbbbg
Example (cont.)
• hereonthelevelsand =
7,4,17,4,14,13,19,7,4,11,4,21,4,11,18,0,13,3
• cryptocryptocrypto =
2,17,24,15,19,14,2,17,24,15,19,14,2,17,24,15,19,14

(7+2)mod 26 = 9 = j
(4+17)mod 26 = 21 = v
(17+24)mod 26 = 15 = p
(4+15)mod 26 = 19 = t
(14+19)mod 26 = 7 = h