Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
DECONSTRUCTING
COLUMNAR TRANSPOSITION
       CIPHERS
                     Robert Talbert, PhD
 Associate Professor of Math...
How encryption/decryption works
How encryption/decryption works
How encryption/decryption works
How encryption/decryption works

Message (plaintext)
How encryption/decryption works

Message (plaintext)




       Key
How encryption/decryption works

Message (plaintext)

                 Encrypted
                  message
               ...
How encryption/decryption works

Message (plaintext)

                          Encrypted
                           messa...
How encryption/decryption works

Message (plaintext)

                          Encrypted
                           messa...
How encryption/decryption works

Message (plaintext)            Message (plaintext)

                          Encrypted
 ...
How encryption/decryption works

Message (plaintext)                    Message (plaintext)

                             ...
How encryption/decryption works

Message (plaintext)                     Message (plaintext)

                            ...
How encryption/decryption works

Message (plaintext)                     Message (plaintext)

                            ...
CLASSICAL
                 CIPHER
                SYSTEMS




SUBSTITUTION               TRANSPOSITION
CLASSICAL
                                      CIPHER
                                     SYSTEMS




                  ...
CLASSICAL
                                      CIPHER
                                     SYSTEMS




                  ...
Columnar transposition cipher
Columnar transposition cipher

     : Agree upon a positive integer, C
Columnar transposition cipher

                  : Agree upon a positive integer, C

            C
                    •••...
Columnar transposition cipher

                  : Agree upon a positive integer, C

            C                        ...
Columnar transposition cipher

                  : Agree upon a positive integer, C

            C                        ...
Columnar transposition cipher

                  : Agree upon a positive integer, C

            C                        ...
THE ENEMY ADVANCES AT DAWN
         (USING C=5)
THE ENEMY ADVANCES AT DAWN
         (USING C=5)

     T   H   E     E   N

     E   M   Y     A   D

     V   A   N     C ...
THE ENEMY ADVANCES AT DAWN
          (USING C=5)

      T   H   E     E   N

      E   M   Y     A   D

      V   A   N   ...
Double encryption = Double security?
     Multiple encryption using CTC with C = 4:
Double encryption = Double security?
     Multiple encryption using CTC with C = 4:
     CRYPTOGRAPHY
Double encryption = Double security?
     Multiple encryption using CTC with C = 4:
     CRYPTOGRAPHY
     CTAROPYGHPRY
Double encryption = Double security?
     Multiple encryption using CTC with C = 4:
     CRYPTOGRAPHY
     CTAROPYGHPRY
  ...
Double encryption = Double security?
     Multiple encryption using CTC with C = 4:
     CRYPTOGRAPHY
     CTAROPYGHPRY
  ...
Double encryption = Double security?
     Multiple encryption using CTC with C = 4:
     CRYPTOGRAPHY
     CTAROPYGHPRY
  ...
Double encryption = Double security?
     Multiple encryption using CTC with C = 4:
     CRYPTOGRAPHY
     CTAROPYGHPRY
  ...
Double encryption = Double security?
     Multiple encryption using CTC with C = 4:
     CRYPTOGRAPHY
     CTAROPYGHPRY
  ...
AGENDA FOR TALK
AGENDA FOR TALK
• Address: What     is the order of a columnar transposition cipher?

• Explicit   formula for underlying ...
A FORMULA FOR THE
COLUMNAR TRANSPOSITION
  CIPHER PERMUTATION
π C, L = Permutation implementing C.T.C.
C = Number of columns being used
L = Length of plaintext (= length of ciphertext)...
π C, L = Permutation implementing C.T.C.
C = Number of columns being used
L = Length of plaintext (= length of ciphertext)...
π C, L = Permutation implementing C.T.C.
C = Number of columns being used
L = Length of plaintext (= length of ciphertext)...
π C, L = Permutation implementing C.T.C.
C = Number of columns being used
L = Length of plaintext (= length of ciphertext)...
π 4,13 :
  t0     t1   t2      t3
  t4     t5   t6      t7
                                 t 0t 4 t 8t12t1t 5t 9t 2t 6t10...
C
                                          •••



                                          •••



                      ...
THE ENEMY ADVANCES AT DAWN
          (USING C=5)

      T   H   E     E   N

      E   M   Y     A   D

      V   A   N   ...
0       1        2        3      4

      5       6        7        8      9

     10      11       12        13     14

 ...
}
                      •••

                                      q
A                     •••



                n     ••...
C
                                                        •••
    B
                                                      ...
Theorem 1
 Let C be the number of columns used in a CTC and let L be the length of
the message. Also let n be one of the c...
π5,12


        01234

        56789

        10 11
π5,12
             1−1       12 
π 5,12 (1) =     + 1⋅   = 3
              5       5
                               ...
π5,12
               1−1       12 
  π 5,12 (1) =     + 1⋅   = 3
                5       5
                         ...
π5,12
               1−1       12 
  π 5,12 (1) =     + 1⋅   = 3
                5       5
                         ...
THE RAIL FENCE CIPHER
C       Y       T       G       A       H
    R       P       O       R       P       Y
C       Y        T       G       A       H
    R       P        O       R       P       Y


                CYTGAHRPORPY
C       Y        T       G       A       H
    R       P        O       R       P       Y


                CYTGAHRPORPY

...
C       Y        T       G       A       H
    R       P        O       R       P       Y


                CYTGAHRPORPY

...
        n − n′          L 
                              + n′               if L ′ = 0, or if L ′ ≠ 0 and 0 ≤ n′...
        n − n′          L 
                              + n′               if L ′ = 0, or if L ′ ≠ 0 and 0 ≤ n′...
        n − n′          L 
                              + n′               if L ′ = 0, or if L ′ ≠ 0 and 0 ≤ n′...
        n − n′          L 
                              + n′               if L ′ = 0, or if L ′ ≠ 0 and 0 ≤ n′...
Corollary 2
Let L be the length of a message enciphered with the rail fence cipher. Also
      let n be one of the charact...
What character positions are fixed by the RFC?
      C    R
      Y    P
      T    O
                       CYTGAHRPORPY
 ...
What character positions are fixed by the RFC?
      C    R
      Y    P
      T    O
                       CYTGAHRPORPY
 ...
What character positions are fixed by the RFC?
           C    R
           Y    P
           T    O
                      ...
π 2, L (n) = n
π 2, L (n) = n


                           L odd:
L even:
π 2, L (n) = n


                                              L odd:
          L even:
n even:             n odd:
π 2, L (n) = n


                                               L odd:
           L even:
 n even:             n odd:
n
  ...
π 2, L (n) = n


                                               L odd:
           L even:
 n even:             n odd:
n   ...
π 2, L (n) = n


                                               L odd:
           L even:
                                ...
π 2, L (n) = n


                                                L odd:
           L even:
                               ...
π 2, L (n) = n


                                                 L odd:
            L even:
                             ...
THE INITIAL CYCLE AND THE
 STRUCTURE OF THE RAIL
       FENCE CIPHER
How does π2,L factor into a product of disjoint cycles?
How does π2,L factor into a product of disjoint cycles?

    0th position always fixed; position 1 is first one that moves.
How does π2,L factor into a product of disjoint cycles?

    0th position always fixed; position 1 is first one that moves.
...
How does π2,L factor into a product of disjoint cycles?

    0th position always fixed; position 1 is first one that moves.
...
How does π2,L factor into a product of disjoint cycles?

    0th position always fixed; position 1 is first one that moves.
...
How does π2,L factor into a product of disjoint cycles?

    0th position always fixed; position 1 is first one that moves.
...
How does π2,L factor into a product of disjoint cycles?

    0th position always fixed; position 1 is first one that moves.
...
How does π2,L factor into a product of disjoint cycles?

    0th position always fixed; position 1 is first one that moves.
...
Initial cycle of π2,11:
(1, 6, 3, 7, 9, 10, 5, 8, 4, 2)
Initial cycle of π2,11:
(1, 6, 3, 7, 9, 10, 5, 8, 4, 2)

        6        5          4
       2 mod11   2 mod11   2 mod11
Initial cycle of π2,11:
 (1, 6, 3, 7, 9, 10, 5, 8, 4, 2)

               6           5           4
              2 mod11  ...
Initial cycle of π2,11:
 (1, 6, 3, 7, 9, 10, 5, 8, 4, 2)

               6            5          4
              2 mod11  ...
What about the other cycles?
                        π 2,17
(1, 9, 13, 15, 16, 8, 4, 2)(3, 10, 5, 11, 14, 7, 12, 6)
1     ...
What about the other cycles?
                        π 2,17
(1, 9, 13, 15, 16, 8, 4, 2)(3, 10, 5, 11, 14, 7, 12, 6)
1     ...
What about the other cycles?
                        π 2,17
(1, 9, 13, 15, 16, 8, 4, 2)(3, 10, 5, 11, 14, 7, 12, 6)
1     ...
What about the other cycles?
                        π 2,17
(1, 9, 13, 15, 16, 8, 4, 2)(3, 10, 5, 11, 14, 7, 12, 6)
1     ...
What about the other cycles?
                        π 2,17
(1, 9, 13, 15, 16, 8, 4, 2)(3, 10, 5, 11, 14, 7, 12, 6)
1     ...
What about the other cycles?
                        π 2,17
(1, 9, 13, 15, 16, 8, 4, 2)(3, 10, 5, 11, 14, 7, 12, 6)
1     ...
What about the other cycles?
                        π 2,17
(1, 9, 13, 15, 16, 8, 4, 2)(3, 10, 5, 11, 14, 7, 12, 6)
1     ...
What about the other cycles?
                        π 2,17
(1, 9, 13, 15, 16, 8, 4, 2)(3, 10, 5, 11, 14, 7, 12, 6)
1     ...
What about the other cycles?
                        π 2,17
(1, 9, 13, 15, 16, 8, 4, 2)(3, 10, 5, 11, 14, 7, 12, 6)
1     ...
Proof of Theorem 8
Proof of Theorem 8
                 L +1
    π 2, L (1) =
                   2
Proof of Theorem 8
                                    L +1
                       π 2, L (1) =
                          ...
Proof of Theorem 8
                                    L +1
                       π 2, L (1) =
                          ...
Proof of Theorem 8
                                        L +1
                           π 2, L (1) =
                  ...
THE ORDER OF THE RAIL
    FENCE CIPHER
Proposition (basic group theory)
If a permutation in Sn is written as a product of disjoint
  cycles, then the order of th...
Proposition (basic group theory)
 If a permutation in Sn is written as a product of disjoint
   cycles, then the order of ...
Proposition (basic group theory)
 If a permutation in Sn is written as a product of disjoint
   cycles, then the order of ...
G = π 2, L ⊆ SL
G = π 2, L ⊆ SL

          {                                }
                       k
orbG (n) = y : y = π          (n) f...
G = π 2, L ⊆ SL

          {                                  }
                       k
orbG (n) = y : y = π          (n)...
G = π 2, L ⊆ SL

          {                                  }
                       k
orbG (n) = y : y = π          (n)...
G = π 2, L ⊆ SL

          {                                  }
                       k
orbG (n) = y : y = π          (n)...
G = π 2, L ⊆ SL

          {                                                   }
                       k
orbG (n) = y : y...
Let x be the smallest element of its cycle, so cycle = orbG(x).

                  orbG(1) acts on orbG(x):
Let x be the smallest element of its cycle, so cycle = orbG(x).

                         orbG(1) acts on orbG(x):
       ...
Let x be the smallest element of its cycle, so cycle = orbG(x).

                            orbG(1) acts on orbG(x):
    ...
Let x be the smallest element of its cycle, so cycle = orbG(x).

                            orbG(1) acts on orbG(x):
    ...
π2,35 = (1, 18, 9, 22, 11, 23, 29, 32, 16, 8, 4, 2)(3, 19, 27, 31, 33,
 34, 17, 26, 13, 24, 12, 6)(5, 20, 10)(7, 21, 28, 1...
π2,35 = (1, 18, 9, 22, 11, 23, 29, 32, 16, 8, 4, 2)(3, 19, 27, 31, 33,
 34, 17, 26, 13, 24, 12, 6)(5, 20, 10)(7, 21, 28, 1...
π2,35 = (1, 18, 9, 22, 11, 23, 29, 32, 16, 8, 4, 2)(3, 19, 27, 31, 33,
 34, 17, 26, 13, 24, 12, 6)(5, 20, 10)(7, 21, 28, 1...
orbG (1)
              orbG (1)
                                       = orbG (x)
                            =
          ...
Theorem 11
                       orbG (1) ≅ 2 ⊆ ¢        ∗
                                               L


           ...
UNANSWERED QUESTIONS
UNANSWERED QUESTIONS

• Simple   way to calculate length of initial cycle?
UNANSWERED QUESTIONS

• Simple   way to calculate length of initial cycle?

• How   much of this still works if C > 2?
UNANSWERED QUESTIONS

• Simple   way to calculate length of initial cycle?

• How   much of this still works if C > 2?

• ...
UNANSWERED QUESTIONS

• Simple   way to calculate length of initial cycle?

• How   much of this still works if C > 2?

• ...
UNANSWERED QUESTIONS

• Simple   way to calculate length of initial cycle?

• How   much of this still works if C > 2?

• ...
THANK YOU
                      Contact:
             rtalbert@franklincollege.edu

               Slides/PDFs for this ta...
Deconstructing Columnar Transposition Ciphers
Deconstructing Columnar Transposition Ciphers
Upcoming SlideShare
Loading in …5
×

Deconstructing Columnar Transposition Ciphers

6,638 views

Published on

Examining the cycle structure and order of columnar transposition ciphers as elements of the symmetric group on L elements (L = length of message). Talk given at Ball State University Faculty Mathematics Colloquium, 2 April 2009.

Published in: Education, Technology
  • Be the first to comment

Deconstructing Columnar Transposition Ciphers

  1. 1. DECONSTRUCTING COLUMNAR TRANSPOSITION CIPHERS Robert Talbert, PhD Associate Professor of Mathematics and Computing Science Franklin College, Franklin, IN Ball State University Mathematics Faculty Colloquium 2 April 2009
  2. 2. How encryption/decryption works
  3. 3. How encryption/decryption works
  4. 4. How encryption/decryption works
  5. 5. How encryption/decryption works Message (plaintext)
  6. 6. How encryption/decryption works Message (plaintext) Key
  7. 7. How encryption/decryption works Message (plaintext) Encrypted message (ciphertext) Key
  8. 8. How encryption/decryption works Message (plaintext) Encrypted message (ciphertext) Key
  9. 9. How encryption/decryption works Message (plaintext) Encrypted message (ciphertext) Key Key
  10. 10. How encryption/decryption works Message (plaintext) Message (plaintext) Encrypted message (ciphertext) Key Key
  11. 11. How encryption/decryption works Message (plaintext) Message (plaintext) Encrypted message (ciphertext) Key Key Alice and Bob share the same key
  12. 12. How encryption/decryption works Message (plaintext) Message (plaintext) Encrypted message (ciphertext) Key Key Alice and Bob share the same key Should be easy to decrypt with the key
  13. 13. How encryption/decryption works Message (plaintext) Message (plaintext) Encrypted message (ciphertext) Key Key Alice and Bob share the same key Should be easy to decrypt with the key Should be very difficult to decrypt without the key
  14. 14. CLASSICAL CIPHER SYSTEMS SUBSTITUTION TRANSPOSITION
  15. 15. CLASSICAL CIPHER SYSTEMS SUBSTITUTION TRANSPOSITION Replace plaintext symbols by other symbols.
  16. 16. CLASSICAL CIPHER SYSTEMS SUBSTITUTION TRANSPOSITION Rearrange plaintext Replace plaintext symbols according to a well- by other symbols. defined rule.
  17. 17. Columnar transposition cipher
  18. 18. Columnar transposition cipher : Agree upon a positive integer, C
  19. 19. Columnar transposition cipher : Agree upon a positive integer, C C ••• ••• ••• ••• ••• ••• ••• • • • •••
  20. 20. Columnar transposition cipher : Agree upon a positive integer, C C Enter plaintext into the grid one row at a time; ••• wrap to first column. ••• ••• ••• ••• ••• ••• • • • •••
  21. 21. Columnar transposition cipher : Agree upon a positive integer, C C Enter plaintext into the grid one row at a time; ••• wrap to first column. ••• Read text off starting in top-left position and going down first ••• column; wrap to first row. ••• ••• ••• ••• • • • •••
  22. 22. Columnar transposition cipher : Agree upon a positive integer, C C Enter plaintext into the grid one row at a time; ••• wrap to first column. ••• Read text off starting in top-left position and going down first ••• column; wrap to first row. ••• ••• ••• ••• • • Enter ciphertext into the • grid one column at a time; ••• wrap to first row & read off.
  23. 23. THE ENEMY ADVANCES AT DAWN (USING C=5)
  24. 24. THE ENEMY ADVANCES AT DAWN (USING C=5) T H E E N E M Y A D V A N C E S A T D A W N
  25. 25. THE ENEMY ADVANCES AT DAWN (USING C=5) T H E E N E M Y A D V A N C E S A T D A W N TEVSWHMAANEYNTEACDNDEA
  26. 26. Double encryption = Double security? Multiple encryption using CTC with C = 4:
  27. 27. Double encryption = Double security? Multiple encryption using CTC with C = 4: CRYPTOGRAPHY
  28. 28. Double encryption = Double security? Multiple encryption using CTC with C = 4: CRYPTOGRAPHY CTAROPYGHPRY
  29. 29. Double encryption = Double security? Multiple encryption using CTC with C = 4: CRYPTOGRAPHY CTAROPYGHPRY COHTPPAYRRGY
  30. 30. Double encryption = Double security? Multiple encryption using CTC with C = 4: CRYPTOGRAPHY CTAROPYGHPRY COHTPPAYRRGY CPROPRHAGTYY
  31. 31. Double encryption = Double security? Multiple encryption using CTC with C = 4: CRYPTOGRAPHY CTAROPYGHPRY COHTPPAYRRGY CPROPRHAGTYY CPGPRTRHYOAY
  32. 32. Double encryption = Double security? Multiple encryption using CTC with C = 4: CRYPTOGRAPHY CTAROPYGHPRY COHTPPAYRRGY CPROPRHAGTYY CPGPRTRHYOAY CRYPTOGRAPHY
  33. 33. Double encryption = Double security? Multiple encryption using CTC with C = 4: CRYPTOGRAPHY CTAROPYGHPRY COHTPPAYRRGY Columnar transposition on 12 characters using 4 columns has order = 5. CPROPRHAGTYY CPGPRTRHYOAY CRYPTOGRAPHY
  34. 34. AGENDA FOR TALK
  35. 35. AGENDA FOR TALK • Address: What is the order of a columnar transposition cipher? • Explicit formula for underlying permutation • Specialize to C = 2, the “rail fence cipher” • Analyze cycle structure when C = 2 • Determine order when C = 2 • Unanswered questions
  36. 36. A FORMULA FOR THE COLUMNAR TRANSPOSITION CIPHER PERMUTATION
  37. 37. π C, L = Permutation implementing C.T.C. C = Number of columns being used L = Length of plaintext (= length of ciphertext) (an element of SL )
  38. 38. π C, L = Permutation implementing C.T.C. C = Number of columns being used L = Length of plaintext (= length of ciphertext) (an element of SL ) C A1 R π 3,9 : CARDINALS CDA2A1ILRNS D I N A2 L S
  39. 39. π C, L = Permutation implementing C.T.C. C = Number of columns being used L = Length of plaintext (= length of ciphertext) (an element of SL ) C A1 R π 3,9 : CARDINALS CDA2A1ILRNS D I N A2 L S 0 1 2 012345678 036147258 3 4 5 6 7 8
  40. 40. π C, L = Permutation implementing C.T.C. C = Number of columns being used L = Length of plaintext (= length of ciphertext) (an element of SL ) C A1 R π 3,9 : CARDINALS CDA2A1ILRNS D I N A2 L S 0 1 2 012345678 036147258 3 4 5 6 7 8 π 3,9 = (1 3)(2 6)(5 7)
  41. 41. π 4,13 : t0 t1 t2 t3 t4 t5 t6 t7 t 0t 4 t 8t12t1t 5t 9t 2t 6t10t 3t 7t11 t8 t9 t10 t11 t12 π 4,13 = (1, 4)(2, 7, 11, 12, 3, 10, 9, 6, 8) 0 is fixed (always); 5 is fixed Where does the character in position n end up?
  42. 42. C ••• ••• n ••• ••• ••• ••• ••• • • • ••• π C, L (n) = (# of preceding rows) + (# of positions in preceding columns) A B
  43. 43. THE ENEMY ADVANCES AT DAWN (USING C=5) T H E E N E M Y A D V A N C E S A T D A W N TEVSWHMAANEYNTEACDNDEA
  44. 44. 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 π 5,22 (2) = 10 (# char's in preceding columns) π 5,22 (5) = 1 (# of preceding rows) π 5,22 (11) = 7 (5 in prec column + 2 prec rows) π 5,22 (13) = 10 + 4 + 2 = 16
  45. 45. } ••• q A ••• n ••• ••• ••• ••• ••• • • • ••• n’ = n mod C n = Cq + n′ n − n′ q= C
  46. 46. C ••• B ••• n L/C, round up ••• ••• ••• ••• ••• • • • a ••• If a column preceding n’s column is not full, fill it with a “dummy”. # characters in any quot;fullquot; column: # dummies: L   C 0 if L ′ = 0, or if L ′ ≠ 0 and 0 ≤ n′ ≤ L ′ # full columns: C, or L’ n′ − L ′ if L ′ ≠ 0 and n′ > L ′
  47. 47. Theorem 1 Let C be the number of columns used in a CTC and let L be the length of the message. Also let n be one of the character position indices (0 ≤ n < L) and let n’ = n mod C and L’ = L mod C. Then:  n − n′   L   + n′     if L ′ = 0, or if L ′ ≠ 0 and 0 ≤ n′ ≤ L ′ C   C   π C, L (n) =   n − n ′ + n ′   L   − (n ′ − L ′ ) if L ′ ≠ 0 and n′ > L ′   C  C    
  48. 48. π5,12 01234 56789 10 11
  49. 49. π5,12 1−1  12  π 5,12 (1) = + 1⋅   = 3 5 5 01234 3− 3   12  π 5,12 (3) = + 3    − (3 − 2) = 0 + 3(3) − 1 = 8 5   5  56789 8−3   12  π 5,12 (8) = + 3    − (3 − 2) = 1 + 8 = 9 5   5  10 11
  50. 50. π5,12 1−1  12  π 5,12 (1) = + 1⋅   = 3 5 5 01234 3− 3   12  π 5,12 (3) = + 3    − (3 − 2) = 0 + 3(3) − 1 = 8 5   5  56789 8−3   12  π 5,12 (8) = + 3    − (3 − 2) = 1 + 8 = 9 5   5  10 11 7−2   12  π 5,12 (7) = + 2 ⋅    = 1 + 2(3) = 7 5   5 
  51. 51. π5,12 1−1  12  π 5,12 (1) = + 1⋅   = 3 5 5 01234 3− 3   12  π 5,12 (3) = + 3    − (3 − 2) = 0 + 3(3) − 1 = 8 5   5  56789 8−3   12  π 5,12 (8) = + 3    − (3 − 2) = 1 + 8 = 9 5   5  10 11 7−2   12  π 5,12 (7) = + 2 ⋅    = 1 + 2(3) = 7 5   5  π 5,12 = (1, 3, 8, 9,11, 5)
  52. 52. THE RAIL FENCE CIPHER
  53. 53. C Y T G A H R P O R P Y
  54. 54. C Y T G A H R P O R P Y CYTGAHRPORPY
  55. 55. C Y T G A H R P O R P Y CYTGAHRPORPY Rail fence cipher = π 2, L
  56. 56. C Y T G A H R P O R P Y CYTGAHRPORPY Rail fence cipher = π 2, L C R Y P T O CYTGAHRPORPY G R A P H Y
  57. 57.  n − n′   L   + n′     if L ′ = 0, or if L ′ ≠ 0 and 0 ≤ n′ ≤ L ′ C   C   π C, L (n) =   n − n ′ + n ′   L   − (n ′ − L ′ ) if L ′ ≠ 0 and n′ > L ′   C  C    
  58. 58.  n − n′   L   + n′     if L ′ = 0, or if L ′ ≠ 0 and 0 ≤ n′ ≤ L ′ C   C   π C, L (n) =   n − n ′ + n ′   L   − (n ′ − L ′ ) if L ′ ≠ 0 and n′ > L ′   C  C     n’ = 0 (n even) or 1 (n odd)
  59. 59.  n − n′   L   + n′     if L ′ = 0, or if L ′ ≠ 0 and 0 ≤ n′ ≤ L ′ C   C   π C, L (n) =   n − n ′ + n ′   L   − (n ′ − L ′ ) if L ′ ≠ 0 and n′ > L ′   C  C     n’ = 0 (n even) or 1 (n odd)  n n even  2  π 2, L (n) =   n − 1 +  L  n odd 2 2  
  60. 60.  n − n′   L   + n′     if L ′ = 0, or if L ′ ≠ 0 and 0 ≤ n′ ≤ L ′ C   C   π C, L (n) =   n − n ′ + n ′   L   − (n ′ − L ′ ) if L ′ ≠ 0 and n′ > L ′   C  C     n’ = 0 (n even) or 1 (n odd) L  n L even  2 n even  = 2   L + 1 L odd π 2, L (n) =  2  n − 1 +  L  n odd  2 2  
  61. 61. Corollary 2 Let L be the length of a message enciphered with the rail fence cipher. Also let n be one of the character position indices (0 ≤ n < L). Then:  n n even  2   n+L π 2, L (n) =  n odd, L odd 2   n + L −1 n odd, L even  2 
  62. 62. What character positions are fixed by the RFC? C R Y P T O CYTGAHRPORPY G R A P H Y
  63. 63. What character positions are fixed by the RFC? C R Y P T O CYTGAHRPORPY G R A P H Y
  64. 64. What character positions are fixed by the RFC? C R Y P T O CYTGAHRPORPY G R A P H Y Corollary 3 The first character in the message is always fixed by the RFC. The last character is fixed if and only if L is even. There are no other fixed points.
  65. 65. π 2, L (n) = n
  66. 66. π 2, L (n) = n L odd: L even:
  67. 67. π 2, L (n) = n L odd: L even: n even: n odd:
  68. 68. π 2, L (n) = n L odd: L even: n even: n odd: n =n⇔n=0 2
  69. 69. π 2, L (n) = n L odd: L even: n even: n odd: n n + L −1 =n⇔n=0 =n 2 2 n = L −1
  70. 70. π 2, L (n) = n L odd: L even: n odd: n even: n odd: n n + L −1 =n⇔n=0 =n 2 2 n = L −1
  71. 71. π 2, L (n) = n L odd: L even: n odd: n even: n odd: n n+L n + L −1 =n⇔n=0 =n =n 2 2 2 n=L ⊗ n = L −1 (0 ≤ n < L)
  72. 72. π 2, L (n) = n L odd: L even: n odd: n even: n odd: n n+L n + L −1 =n⇔n=0 =n =n 2 2 2 n=L ⊗ n = L −1 (0 ≤ n < L) Corollary 4 If L is even, then π2,L = π2,L+1. So we may assume for what follows that L is odd.
  73. 73. THE INITIAL CYCLE AND THE STRUCTURE OF THE RAIL FENCE CIPHER
  74. 74. How does π2,L factor into a product of disjoint cycles?
  75. 75. How does π2,L factor into a product of disjoint cycles? 0th position always fixed; position 1 is first one that moves.
  76. 76. How does π2,L factor into a product of disjoint cycles? 0th position always fixed; position 1 is first one that moves. Cycle containing 1 = initial cycle
  77. 77. How does π2,L factor into a product of disjoint cycles? 0th position always fixed; position 1 is first one that moves. Cycle containing 1 = initial cycle Initial cycle of π2,11: (1, 6, 3, 7, 9, 10, 5, 8, 4, 2)
  78. 78. How does π2,L factor into a product of disjoint cycles? 0th position always fixed; position 1 is first one that moves. Cycle containing 1 = initial cycle Initial cycle of π2,11: (1, 6, 3, 7, 9, 10, 5, 8, 4, 2)
  79. 79. How does π2,L factor into a product of disjoint cycles? 0th position always fixed; position 1 is first one that moves. Cycle containing 1 = initial cycle Initial cycle of π2,11: (1, 6, 3, 7, 9, 10, 5, 8, 4, 2) Initial cycle of π2,33: (1, 17, 25, 29, 31, 32, 16, 8, 4, 2)
  80. 80. How does π2,L factor into a product of disjoint cycles? 0th position always fixed; position 1 is first one that moves. Cycle containing 1 = initial cycle Initial cycle of π2,11: (1, 6, 3, 7, 9, 10, 5, 8, 4, 2) Initial cycle of π2,33: (1, 17, 25, 29, 31, 32, 16, 8, 4, 2)
  81. 81. How does π2,L factor into a product of disjoint cycles? 0th position always fixed; position 1 is first one that moves. Cycle containing 1 = initial cycle Initial cycle of π2,11: (1, 6, 3, 7, 9, 10, 5, 8, 4, 2) Initial cycle of π2,33: (1, 17, 25, 29, 31, 32, 16, 8, 4, 2) Theorem 5 the initial cycle of π2,L is k-1, then If L = 2 k −1 k−2 (1, 2 ,2 ,K , 8, 4, 2)
  82. 82. Initial cycle of π2,11: (1, 6, 3, 7, 9, 10, 5, 8, 4, 2)
  83. 83. Initial cycle of π2,11: (1, 6, 3, 7, 9, 10, 5, 8, 4, 2) 6 5 4 2 mod11 2 mod11 2 mod11
  84. 84. Initial cycle of π2,11: (1, 6, 3, 7, 9, 10, 5, 8, 4, 2) 6 5 4 2 mod11 2 mod11 2 mod11 Theorem 6 Let l1 be the length of the initial cycle of π2,L. Then k l1 − k π 2, L (1) = 2 mod L
  85. 85. Initial cycle of π2,11: (1, 6, 3, 7, 9, 10, 5, 8, 4, 2) 6 5 4 2 mod11 2 mod11 2 mod11 Theorem 6 Let l1 be the length of the initial cycle of π2,L. Then k l1 − k π 2, L (1) = 2 mod L Corollary 7 l1 > log 2 L
  86. 86. What about the other cycles? π 2,17 (1, 9, 13, 15, 16, 8, 4, 2)(3, 10, 5, 11, 14, 7, 12, 6) 1 9 13 15 16 8 4 2 3 10 5 11 14 7 12 6
  87. 87. What about the other cycles? π 2,17 (1, 9, 13, 15, 16, 8, 4, 2)(3, 10, 5, 11, 14, 7, 12, 6) 1 9 13 15 16 8 4 2 3 10 5 11 14 7 12 6
  88. 88. What about the other cycles? π 2,17 (1, 9, 13, 15, 16, 8, 4, 2)(3, 10, 5, 11, 14, 7, 12, 6) 1 9 13 15 16 8 4 2 3 10 5 11 14 7 12 6
  89. 89. What about the other cycles? π 2,17 (1, 9, 13, 15, 16, 8, 4, 2)(3, 10, 5, 11, 14, 7, 12, 6) 1 9 13 15 16 8 4 2 3 10 5 11 14 7 12 6
  90. 90. What about the other cycles? π 2,17 (1, 9, 13, 15, 16, 8, 4, 2)(3, 10, 5, 11, 14, 7, 12, 6) 1 9 13 15 16 8 4 2 3 10 5 11 14 7 12 6 3x
  91. 91. What about the other cycles? π 2,17 (1, 9, 13, 15, 16, 8, 4, 2)(3, 10, 5, 11, 14, 7, 12, 6) 1 9 13 15 16 8 4 2 3 10 5 11 14 7 12 6 3x
  92. 92. What about the other cycles? π 2,17 (1, 9, 13, 15, 16, 8, 4, 2)(3, 10, 5, 11, 14, 7, 12, 6) 1 9 13 15 16 8 4 2 3 10 5 11 14 7 12 6 3x mod 3x 17
  93. 93. What about the other cycles? π 2,17 (1, 9, 13, 15, 16, 8, 4, 2)(3, 10, 5, 11, 14, 7, 12, 6) 1 9 13 15 16 8 4 2 3 10 5 11 14 7 12 6 3x mod 3x 17
  94. 94. What about the other cycles? π 2,17 (1, 9, 13, 15, 16, 8, 4, 2)(3, 10, 5, 11, 14, 7, 12, 6) 1 9 13 15 16 8 4 2 3 10 5 11 14 7 12 6 3x mod 3x Theorem 8 17 π 2, L (n) = ( n ⋅ π 2, L (1)) mod L I.e.: Every cycle is determined by the initial cycle.
  95. 95. Proof of Theorem 8
  96. 96. Proof of Theorem 8 L +1 π 2, L (1) = 2
  97. 97. Proof of Theorem 8 L +1 π 2, L (1) = 2 n nL + n  n n even: π 2, L (n) − n ⋅ π 2, L (1) = − = L  −  ∈¢  2 2 2 n + L nL + n 1− n n odd: π 2, L (n) − n ⋅ π 2, L (1) = = L −  ∈¢ 2 2 2
  98. 98. Proof of Theorem 8 L +1 π 2, L (1) = 2 n nL + n  n n even: π 2, L (n) − n ⋅ π 2, L (1) = − = L  −  ∈¢  2 2 2 n + L nL + n 1− n n odd: π 2, L (n) − n ⋅ π 2, L (1) = = L −  ∈¢ 2 2 2 In all cases, L divides difference.
  99. 99. Proof of Theorem 8 L +1 π 2, L (1) = 2 n nL + n  n n even: π 2, L (n) − n ⋅ π 2, L (1) = − = L  −  ∈¢  2 2 2 n + L nL + n 1− n n odd: π 2, L (n) − n ⋅ π 2, L (1) = = L −  ∈¢ 2 2 2 In all cases, L divides difference. Corollary 9 ( ) mod L k l1 − k (n) = n ⋅ 2 π 2, L
  100. 100. THE ORDER OF THE RAIL FENCE CIPHER
  101. 101. Proposition (basic group theory) If a permutation in Sn is written as a product of disjoint cycles, then the order of the permutation is the least common multiple of the cycle lengths.
  102. 102. Proposition (basic group theory) If a permutation in Sn is written as a product of disjoint cycles, then the order of the permutation is the least common multiple of the cycle lengths. Theorem 10 The order of the rail fence cipher is the length of its initial cycle.
  103. 103. Proposition (basic group theory) If a permutation in Sn is written as a product of disjoint cycles, then the order of the permutation is the least common multiple of the cycle lengths. Theorem 10 The order of the rail fence cipher is the length of its initial cycle. Proof outline: Show that the length of each cycle in the disjoint cycle factorization divides the length of the initial cycle.
  104. 104. G = π 2, L ⊆ SL
  105. 105. G = π 2, L ⊆ SL { } k orbG (n) = y : y = π (n) for some k = Cycle containing n 2, L
  106. 106. G = π 2, L ⊆ SL { } k orbG (n) = y : y = π (n) for some k = Cycle containing n 2, L orbG (1) = Initial cycle
  107. 107. G = π 2, L ⊆ SL { } k orbG (n) = y : y = π (n) for some k = Cycle containing n 2, L orbG (1) = Initial cycle Define binary operation * on orbG(1): a b a +b π 2, L (1) ∗ π 2, L (1) = π 2, L (1)
  108. 108. G = π 2, L ⊆ SL { } k orbG (n) = y : y = π (n) for some k = Cycle containing n 2, L orbG (1) = Initial cycle Define binary operation * on orbG(1): a b a +b π 2, L (1) ∗ π 2, L (1) = π 2, L (1) Claim: orbG(1) forms an abelian group under *.
  109. 109. G = π 2, L ⊆ SL { } k orbG (n) = y : y = π (n) for some k = Cycle containing n 2, L orbG (1) = Initial cycle Define binary operation * on orbG(1): a b a +b π 2, L (1) ∗ π 2, L (1) = π 2, L (1) Claim: orbG(1) forms an abelian group under *. −1 (π ) a = π 2,− a (n) l1 (1) 2, L L
  110. 110. Let x be the smallest element of its cycle, so cycle = orbG(x). orbG(1) acts on orbG(x):
  111. 111. Let x be the smallest element of its cycle, so cycle = orbG(x). orbG(1) acts on orbG(x): ( )( π i2, L (1), ( x ⋅ π 2, L (1)) mod L a ) j x ⋅ π 2, Lj (1) mod L i+
  112. 112. Let x be the smallest element of its cycle, so cycle = orbG(x). orbG(1) acts on orbG(x): ( )( π i2, L (1), ( x ⋅ π 2, L (1)) mod L a ) j x ⋅ π 2, Lj (1) mod L i+ { } k k Fx = π (1) ∈orbG (1) : x ⋅ π (1) = x mod L = Stabilizer of x 2, L 2, L
  113. 113. Let x be the smallest element of its cycle, so cycle = orbG(x). orbG(1) acts on orbG(x): ( )( π i2, L (1), ( x ⋅ π 2, L (1)) mod L a ) j x ⋅ π 2, Lj (1) mod L i+ { } k k Fx = π (1) ∈orbG (1) : x ⋅ π (1) = x mod L = Stabilizer of x 2, L 2, L Classical group theory: Fx is a subgroup of orbG(1) The following mapping is a bijection: orbG (1) → orbG (x) FX π 2, L (1) ⋅ FX a π 2, L (x) k k
  114. 114. π2,35 = (1, 18, 9, 22, 11, 23, 29, 32, 16, 8, 4, 2)(3, 19, 27, 31, 33, 34, 17, 26, 13, 24, 12, 6)(5, 20, 10)(7, 21, 28, 14)(15, 25, 30)
  115. 115. π2,35 = (1, 18, 9, 22, 11, 23, 29, 32, 16, 8, 4, 2)(3, 19, 27, 31, 33, 34, 17, 26, 13, 24, 12, 6)(5, 20, 10)(7, 21, 28, 14)(15, 25, 30) (1, 18, 9, 22, 11, 23, 29, 32, 16, 8, 4, 2) { } F7 = {n ∈orbG (1) : 7n = 7 mod 35} = {1,11,16} = π 0 35 (1),π 2, 35 (1),π 8 35 (1) 4 2, 2,
  116. 116. π2,35 = (1, 18, 9, 22, 11, 23, 29, 32, 16, 8, 4, 2)(3, 19, 27, 31, 33, 34, 17, 26, 13, 24, 12, 6)(5, 20, 10)(7, 21, 28, 14)(15, 25, 30) (1, 18, 9, 22, 11, 23, 29, 32, 16, 8, 4, 2) { } F7 = {n ∈orbG (1) : 7n = 7 mod 35} = {1,11,16} = π 0 35 (1),π 2, 35 (1),π 8 35 (1) 4 2, 2, orbG (1) = {1⋅ F7 , 18 ⋅ F7 , 9 ⋅ F7 , 22 ⋅ F7 } F7 orbG (7) = {7, 21, 28,14} = {1mod 35,(18 ⋅ 7)mod 35,(9 ⋅ 7)mod 35,(22 ⋅ 7)mod 35}
  117. 117. orbG (1) orbG (1) = orbG (x) = FX Fx ∴ orbG (1) = Fx ⋅ orbG (x) Therefore the length of the cycle containing x divides the length of the initial cycle.
  118. 118. Theorem 11 orbG (1) ≅ 2 ⊆ ¢ ∗ L By Theorem 6, π 2, L (1) = 2 l1 − k mod L k Corollary 12 The order of the rail fence cipher on a text of length L (odd) is the order of the integer 2 in ¢ L ∗ Corollary 13 π 2, L divides φ(L).
  119. 119. UNANSWERED QUESTIONS
  120. 120. UNANSWERED QUESTIONS • Simple way to calculate length of initial cycle?
  121. 121. UNANSWERED QUESTIONS • Simple way to calculate length of initial cycle? • How much of this still works if C > 2?
  122. 122. UNANSWERED QUESTIONS • Simple way to calculate length of initial cycle? • How much of this still works if C > 2? • What are the fixed points in a general CTC?
  123. 123. UNANSWERED QUESTIONS • Simple way to calculate length of initial cycle? • How much of this still works if C > 2? • What are the fixed points in a general CTC? • Can we tell when the RFC or general CTC has a k-cycle?
  124. 124. UNANSWERED QUESTIONS • Simple way to calculate length of initial cycle? • How much of this still works if C > 2? • What are the fixed points in a general CTC? • Can we tell when the RFC or general CTC has a k-cycle? • When is the RFC or general CTC a single (L-1)-cycle?
  125. 125. THANK YOU Contact: rtalbert@franklincollege.edu Slides/PDFs for this talk: http://www.slideshare.net/rtalbert/deconstructing- columnar-transposition-ciphers http://www.box.net/shared/2ye298vm3g Paper: “The cycle structure and order of the rail fence cipher”. Cryptologia, 30(2):159-172, 2006.

×