Cryptanalysis. Four kinds of attacks (recall) The objective: determine the key ( Herckhoff principle ) Assumption: English plaintext text Basic techniques: frequency analysis based on: Probabilities of occurrences of 26 letters Common digrams and trigrams.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Index of coincidence
( Formula IC)
Suppose x is a string of English text, denote the expected
probability of occurrences of A,B,…,Z by p0,p1,…,p25 with
values from table 1.1, then Ic(x) pi2 =0.0822+0.0152+…+0.0012=0.065
(since the probability that two random elements both are A is p02, both are B is p12,…)
Question: if y is a ciphertext obtained by shift cipher, what is the Ic(y)?
Answer: should be 0.065, because the individual probabilities will be
permuted, but the pi2 will be unchanged.
Therefore, supposey=y1y2…yn is the ciphertext from Vigenere cipher.
For any given m, divide yinto m substrings:
y1=y1ym+1y2m+1… if m is indeed the keyword length, then
y2=y2ym+2y2m+2… each yi is a shift cipher, Ic(yi) is about 0.065.
ym=ymy2my3m… otherwise, Ic(yi) 26(1/26)2 = 0.038.
For purpose of verify keyword length m, divide the ciphertext into m substrings,
compute the index of coincidence by formula IC for each substring. If all IC values
of the substrings are around 0.065, then m is the correct keyword length. Otherwise
m is not the correct keyword length.
If want to use Ic to determine correct keyword length m, what to do?
Beginning from m=2,3, … until an m, for which all substrings have
IC value around 0.065.
Now, how to determine keyword K=(k1,k2,…,km)? Assume m is given.
n′, , n′
Determine keyword K=(k1,k2,…,km)
2.3 if the shift key is ki, then f0+ki (i.e., A+ki) is the frequency of
a in the corresponding plaintext xi , …, f25+ki (note the subscript
25+ki should be computed by modulo 26) is the frequency
of z in xi. Since xi is normal English text, probability distribution
n′, , n′
should be “close to” ideal probability
p0, …, p25
Determine keyword K=(k1,k2,…,km) (cont.)
On the other hand, for any g !=ki,
will not be close to 0.065.
When g=ki, Mg will generally be around 0.065 (i.e., i=025pi2).
Otherwise Mg will be quite smaller than 0.065.
So let g from 0, until 25, compute Mg, and for some g, if Mg
is around 0.065, then ki=g.
Note: the subscript i+g should be seen as modulo 26.
n′Cryptanalysis of Vigenere cipher--example
0.068,0.069,0.061,0.072, so m=5 is correct.
As a result, k1=9,k2=0,k3=13,k4=4,k5=19, i.e., JANET
then define two matrices X=(xi,j) and Y=(yi,j)
Let Y=XK, if X is invertible, then K=X-1Y.
and ciphertext is: PQCFKU
and the m=2. Then eK(f,r)=(P,Q), eK(i,d)=(C,F).
( ) = ( )K
K=( )-1( )=( )( )=( )
Then using the third pair, i.e., (a,y) and (K,U) to verify K.
In case m is unknown, try m=2,3, …
(recall that zi+m = m-1j=0cjzi+jmod 2 for all i1)
z1 z2 … zm
z2z3 … zm+1
zmzm+1 … z2m-1
Example 1.14, page 37. Suppose LFSR 5 with the following:
Ciphertext string: 101101011110010
Plaintext string: 011001111111000
Then keystream: 110100100001010
Therefore initialization vector is: 11010.
For next five key elements: 01000, set up equation
for coefficients (c0,c1,c2,c3,c4) and solve it.
The result is: (c0,c1,c2,c3,c4) =(1,0,0,1,0)
i.e., zi+5=(zi+zi+3) mod 2.