Lecture Notes on Classical Cryptology

Cryptography has a long and interesting history.

Spartan use of the Scytale (a tapered rod on which a papyrus strip is wound and the message written - the message must be rewound on the same size rod to be read). Biblical references.

Another ancient, if somewhat ludicrous, means of sending secret messages was devised by an ingenious Histiæus, when he was at the Persian court. He wished to send word to Aristagoras, his son-in-law who was in Greece, to revolt. It was, of course, vital that the message should not be intercepted. To assure secrecy Histiæus shaved the head of his most trusted slave, tattooed it with his message [the slave was told that this was the start of a cure for his failing eyesight], and waited until the hair grew. The slave was instructed to say to Aristagoras, "Shave my head and look thereon." [this was to be the final part of the cure]. Aristagoras revolted.

This is an example of a concealment cipher, the message is present but concealed in some way. There are many examples of such. The security of such messages is wholly dependent upon the concealment trick. These are easily broken if one is looking for such devices and they do not lend themselves to fast ciphering and deciphering, so they are not used in any serious applications.

Ex: In England, during the days of Cromwell, Sir John Trevanion, a cavalier of distinction, having fallen from grace was locked up in Colcester Castle. He had every reason to believe that he would be put to death just as had been his friends and fellow Royalists, Sir Charles Lucas and Sir George Lisle. While awaiting his doom, however, he was one day handed the following letter by his jailer.

Worthie Sir John:- Hope, that is ye beste comfort of ye afflicted, cannot much, I fear me, help you now. That I would saye to you, is this only: if ever I may be able to requite that I do owe you, stand not upon asking me. 'Tis not much that I can do: but what I can do, bee ye verie sure I wille. I knowe that, if dethe comes, if ordinary men fear it, it frights not you, accounting it for a high honor, to have such a rewarde of your loyalty. Pray yet that you may be spared this soe bitter, cup. I fear not that you will grudge any sufferings; only if bie submission you can turn them away, 'tis the part of a wise man. Tell me, an if you can, to do for you anythinge that you wolde have done. The general goes back on Wednesday. Restinge your servant to command. - R.T.

If you do what Sir John did - that is, read the third letter after every punctuation mark - you may not feel the same degree of relief, but you will know that the

PANEL AT EAST END OF CHAPEL SLIDES

The prisoner asked to be allowed to pass an hour in private repentance in the chapel. But apparently being less devout than his jailers believed, he spent the hour not in prayer, but in flight.

Ex: Another example that uses concealment is the Russian Nihilist secret writing. This method is a combination of concealment and a substitution cipher.

Consider this innocent looking note:

Ex: Another example of this type is the Francis Bacon Bi-literal cipher where two slightly different typefaces are used to conceal a binary code of length 5. At the end of the 19th century, a Mrs. Gallup studied the first edition of one of Bacon's early works, and on the title-page, hidden under two sets of italics, she discovered the name of William Rowley - Bacon's chief secretary.

She went on with the work of deciphering and wrote several books on the subject. She claimed to have found this cipher not only in the books of Bacon himself but also in the early editions of works by Greene, Marlowe, Shakespeare, and Ben Jonson. But her startling claim was that the enciphered story thus hidden proved that Bacon was the author of all Shakespeare's plays, and , furthermore, that he was the eldest son of Queen Elizabeth by her first marriage to the Earl of Leicester, which took place while she was imprisoned in the Tower by Queen Mary.

In any case, in the first edition of Shakespeare's works, published by Isaac Jaggard in 1623, Mrs. Gallup claims to have found the following message, enciphered in the 'L. Digges' Poem.

'Francis of Verulam is the author of all the plays heretofore published by Marlowe, Greene, Peele and Shakespeare, and of the twenty-two (plays) now put out for the first time. Some are altered to continue his history. Fr. St. A'

The difference between the two sets of italic fonts being very small, it is an extremely difficult matter to decipher these messages.


    A        aaaaa             IJ     abaaa              R  baaaa
    B        aaaab              K     abaab              S  baaab
    C        aaaba              L     ababa              T  baaba

         etc....

The two main classes of ciphers are the transposition ciphers and the substitution ciphers.

Transposition Ciphers

In a transposition cipher the letters of the original message remain the same, but their positions are scrambled in some systematic way.

Ex: A simple columnar transposition. The letters of the message are written in a rectangular array by rows and then "read out" by columns. Variations: alter the method of writing the message into the array, or alter the method of reading out the encrypted message.

For instance, the "clear" message, THIS IS A PHONY MESSAGE BUT IT SERVES ITS PURPOSE, contains 40 letters. We write the letters in an 8 x 5 array (one choice amongst many possible sizes) to get:

T	H	I	S	I
S	A	P	H	O
N	Y	M	E	S
S	A	G	E	B
U	T	I	T	S
E	R	V	E	S
I	T	S	P	U
R	P	O	S	E

We can now encipher (encrypt) the message by reading out by columns to get: TSNSU EIRHA YATRT PIPMG IVSOS HEETE PSIOS BSSUE. As a variation, we could read out by diagonals and get: TSHNA ISYPS UAMHI ETGEO IRIES RTVTB PSESO PSSUE.

Ex: The Nihilist transposition using a keyword. In this type of transposition, a keyword (of length equal to the number of columns) is used to permute the order that the columns are read out. In the above example if the keyword is SPIKE, we use order 5 4 2 3 1 to read out the columns (the numbers correspond to the relative positions of the letters in the keyword in the natural lexicographical order of the alphabet) to get:

IOSBS SUESH EETEP SHAYA TRTPI PMBIV SOTSN SUEIR.

Recognizing transposition ciphers is easily done by considering the fact that the vowel percentage in English is 40% and almost never varies outside of the range 35% - 45%.

Transposition ciphers are easily recognized by their letter frequencies but remain hard to decipher since there are many ways to systematically encrypt. With patience they can all be broken.

Substitution Ciphers

In a substitution cipher, the letters are systematically replaced by other letters or symbols.

Caesar's Cipher (Simple shift - monoalphabetic) In this classical cipher, each letter is replaced by the letter that is 3 positions further along in the usual lexicographical ordering. Thus, "A" is replaced by "D", "B" is replaced by "E", and so on. In general, a shift cipher replaces the letters by some cyclic shift of the alphabet. This is most easily done by assigning the letters numbers from 0 to 25. Each letter of the clear message is replaced by the letter whose number is obtained by adding the key (a number from 0 to 25) to the letter's number modulo 26. In the Caesar cipher the key is 3.

Freemason's Cipher

This cipher uses special symbols as the replacements for the letters.

Morse Code provides another example of a substitution cipher where letters are replaced by sequences of dots and dashes. This code was developed for use by telegraph operators, and adopted internationally. The international distress signal (SOS) which in Morse code is ... --- ..., was first used by the radio operator of the Titanic.

Letter	Code	Letter	Code	Letter	Code	Letter	Code	Letter	Code	Letter	Code
A	. -	J	. - - -	S	. . .	Ä	. - . -	5	. . . . .	;	- . - . - .
B	- . . .	K	- . -	T	-	É	. . - . .	6	- . . . .	:	- - - . . .
C	- . - .	L	. - . .	U	. . -	Ñ	- - . - -	7	- - . . .	/	- . . - .
D	- . .	M	- -	V	. . . -	Ö	- - - .	8	- - - . .	-	- . . . . -
E	.	N	- .	W	. - -	Ü	. . - -	9	- - - - .	'	. - - - - .
F	. . - .	O	- - -	X	- . . -	1	. - - - -	0	- - - - -	( or )	- . - - . -
G	- - .	P	. - - .	Y	- . - -	2	. . - - -	,	- - . . - -	_	. . - - . -
H	. . . .	Q	- - . -	Z	- - . .	3	. . . - -	.	. - . - . -
I	. .	R	. - .	Á	. - - . -	4	. . . . -	?	. . - - . .

Monoalphabetic using a keyword

This is the type of cryptogram that can be found in the daily newspapers. In a monoalphabetic substitution cipher, any permutation of the alphabet can be used as replacements. An easy way to obtain a permutation (and easy to remember) is to pick a keyword or phrase, and write it down, letter by letter, below the alphabet in normal order, using a letter only the first time it appears in the keyword. The letters of the alphabet that are not used in the keyword are then listed in order (or sometimes in reverse order) after the keyword. The table so produced is used for the substitutions, replacing each letter of the alphabet by the one below it. Thus, using the key phrase, THIS IS A POSSIBLE KEYWORD, we would construct the substitution table:

Block Substitution (Playfair Cipher)

Arrange alphabet in 5 by 5 grid according to some pattern. Substitute digrams as follows:

if in same row, use letters to the right.
if in same column, use letters below.
else, use letters in opposite corners (replace with one in its row)

Block Substitution (Hill Cipher)

Take an n × n matrix M which has an inverse (mod 26). That is, gcd(det M, 26) = 1. Break the message into blocks of size n (fill the last block with nulls if necessary). Convert each block to numbers from 0 to 25, and thinking of the block as a vector, multiply the vector by M. Reduce the resulting vector's entries mod 26 and convert back to letters.

Decrypting uses the same procedure except that the matrix M^-1 is used.

Polyalphabetic (Vigenère Cipher) 1586

In this type of substitution cipher, a letter is not always replaced by the same letter. This procedure distorts the statistical frequencies of the original message. A keyword or phrase is used, and duplicate letters are not discarded. The keyword is written below the clear message and repeated as often as needed to get a letter below each letter of the clear message. Now each letter of the clear message is replaced by its cyclic shift using the keyword letter below it as the key of the cyclic shift. This is most easily done numerically, replace each letter of the message and the keyword by its numerical equivalent and then add column by column mod 26 to get the enciphered message.

Cryptanalysis

Use letter and digram frequencies to break a monoalphabetic cipher.

Example Cryptanalysis of a Substitution Cipher

Reference Book Icon For an example of breaking a Playfair cipher we refer to: Helen Fouchè Gaines, Cryptanalysis, a study of ciphers and their solution, Dover, 1956

Cryptanalysis of a Vigenère:

A Vigenère cipher can be broken using the techniques of breaking a shift cipher as soon as the length of the keyword is known. This is because each repeat of a letter in the keyword corresponds to a single shift cipher. There are two ways to determine the keylength.

Kasiski Test (1863 - Major F.W. Kasiski, German cryptologist): Length of keyword is a divisor of the gcd of the distances between identical strings of length at least 3.

Friedman Test (1925, Colonel William Frederick Friedman (1891-1969)) also called the Kappa Test:

The index of coincidence of a message is the probability that a randomly chosen pair of letters in the message are equal. If the message has length n and n_i denotes the number of occurrences of the i^th letter then the index, denoted by I, is given by:

Now we can also calculate this index for any language source if we know the probabilities of occurrence of each of the letters. Thus, if p_a is the probability of occurrence of the letter a, for example, then we get:

Using our knowledge of these probabilities we can easily calculate that I_English ~ 0.065 and if we had a random source of English letters then I_Random ~ 0.038 (= 1/26).

This index can give information about a message. For instance, if a ciphered message was either a transposition or a monoalphabetic substitution then one would expect to have I_Message ~ I_English , but if a polyalphabetic substitution was used then this value should decrease (but no lower than 0.038) since the polyalphabetic procedure tends to randomize the occurrences of the letters.

Let us now apply this index to a Vigenère ciphertext. If the ciphertext has length n and the keyword has length k (and n >> k) then in the positions corresponding to the same letter of the keyword, the ciphertext has been created with a monoalphabetic substitution, so if one were to calculate the index of just those positions, we should get 0.065. On the other hand if one were to calculate the index using only pairs from different letters of the keyword, the index would be much lower (0.038 if the keyword letters were randomly chosen). We may therefore calculate the expected number (A) of pairs of equal letters in the following way:

Pick a letter from the ciphertext (n choices), there are (n/k - 1) remaining letters that have used the same keyword letter [we are neglecting round-off error] and so,

pairs of this type. There are (n - n/k) remaining letters that have used a different keyword letter [assuming the keyword letters are all distinct], and so there are

pairs of this type. Therefore,

from which we may solve for k (keyword length):

Machines used to encipher and decipher.

Hagelin (US Army)
Enigma (German Army and Navy) ( photo )
Purple (Japanese Diplomatic)

One-Time Pad (Vernam Cipher)

Vigenère Cipher with keylength = size of message and the key is formed randomly.
Perfect Security, it can not be broken. Used in the Washington-Moscow Red Phone line.
Disadvantage, both parties must have the same key. (Books of random numbers)

Modern Cryptanalysis

Levels of Attack:

Ciphertext only (cryptanalyst sees only the enciphered text)
Plaintext attack (cryptanalyst has both the enciphered text and the clear message that it came from)
Chosen plaintext attack (cryptanalyst can chose the clear message that is enciphered, as often as needed)
Chosen ciphertext attack (cryptanalyst can chose ciphertexts to be deciphered as often as necessary, but is not given the key(s)).

The "philosophy" of modern cryptanalysis is embodied in Kerckhoffs' principle, which was formulated in the book La cryptographie militaire (1883) by the Dutch philologist Jean Guillaume Hubert Victor François Alexandre Auguste Kerckhoffs von Nieuwenhof, as he is called in all his full glory.

Kerckhoffs' Principle: The security of a cryptosystem must not depend on keeping secret the crypto-algorithm. The security depends only on keeping secret the key.

Return to <a href="m5410.html"> index </a> (non-frame version). <hr>

wcherowi@carbon.cudenver.edu