The document discusses classical encryption techniques such as the Caesar cipher, monoalphabetic ciphers, the Playfair cipher, and polyalphabetic ciphers. It explains the basic principles of how each technique works to encrypt plaintext into ciphertext and highlights some of their weaknesses, such as being vulnerable to frequency analysis for the monoalphabetic ciphers. The document also introduces block ciphers and stream ciphers as two general categories of encryption algorithms.

1. 1
Cryptography and Network
Security
Lecture 2: Classical encryption

2. 2
OutlineOutline
• Conventional Encryption Principles
• Conventional Encryption Algorithms
• Cipher Block Modes of Operation
• Location of Encryption Devices
• Key Distribution

3. 3
Background
• Cryptography is the science of writing in secret
code
• Ancient art;
– the first documented use of cryptography in writing
dates back to 1900 B.C.
– Egyptian scribe used non-standard hieroglyphs in an
inscription. Some experts argue that cryptography
appeared spontaneously sometime after writing was
invented, with applications ranging from diplomatic
missives to war-time battle plans.

4. 4
Secret-key cryptography
• Will cover more than half of this course
• I.1 Secret-key cryptography
• Also called symmetric or conventional cryptography
• �Five ingredients
– �Plaintext
– �Encryption algorithm: runs on the plaintext and the encryption key to yield the cipher text
– �Secret key: an input to the encryption algorithm, value independent of the plaintext;
different keys will yield different outputs
– �Cipher text: the scrambled text produced as an output by the encryption algorithm
– �Decryption algorithm: runs on the cipher text and the key to produce the plaintext
• �Requirements for secure conventional encryption
– �Strong encryption algorithm
• �An opponent who knows one or more cipher texts would not be able to find the plaintexts or the key
• �Ideally, even if he knows one or more pairs plaintext-cipher text, he would not be able to find the key
• �Sender and receiver must share the same key. Once the key is compromised, all
communications using that key are readable�
• It is impractical to decrypt the message on the basis of the cipher text plus the
knowledge of the encryption algorithm �encryption algorithm is not a secret

5. 5
Cryptography –some notations
• �Notation for relating the plaintext, cipher
text, and the keys
– �C=EK(P) denotes that C is the encryption of the
plaintext P using the key K
– �P=DK(C) denotes that P is the decryption of the
cipher text C using the key K
– �Then DK(EK(P))=P

6. 6
Conventional EncryptionConventional Encryption
PrinciplesPrinciples

7. 7
Disadvantage of symmetric crypto
• The disadvantage of symmetric
cryptography is that it presumes two
parties have agreed on a key and been
able to exchange that key in a secure
manner prior to communication. This is a
significant challenge

8. 8
CryptographyCryptography
• Classified along three independent
dimensions:
– The type of operations used for transforming
plaintext to cipher text
– The number of keys used
• symmetric (single key)
• asymmetric (two-keys, or public-key encryption)
– The way in which the plaintext is processed

9. 9
Cryptanalysis & Brute force
• Cryptanalysis:
– refers to the study of ciphers, ciphertext, with a view to finding weakness
in them that will permit retrieval of the plaintext from the ciphertext ,
without knowing the key or the algorithm. This is known as breaking
cipher, or ciphertext.
• Brute-force attack:
– The attacker tries every possible key on a piece of ciphertext until an
intelligible translation into plaintext is obtained. On average, half of all
possible keys must be tried to achieve success.

10. 10
Caesar Cipher
• Mathematically give each letter a number
– a b c d e f g h i j k l m n o p q r s t u v w x y z
– 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 2425
• The key is a number from 0 to 25
• Caesar cipher can now be given as

11. 11
Caesar Cipher
• It is a typical substitution cipher and the oldest known –attributed to
Julius Caesar
• Simple rule: replace each letter of the alphabet with the letter
standing 3 places further down the alphabet
• For decryption move back ward
• Example:
– MEET ME AFTER THE TOGA PARTY
– PHHW PH DIWHU WKH WRJD SDUWB
• Here the key is 3 –choose another key to get a different substitution
• The alphabet is wrapped around so that after Z follows A:
a b c d e f g h i j k l m n o p q r s t u v w x y z
• D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

12. 12
Attacking Caesar
• Caesar can be broken if we only know one pair
(plain letter, encrypted letter)
– The difference between them is the key
• Caesar can be broken even if we only have the
encrypted text and no knowledge of the plaintext
– Brute-force attack is easy: there are only 25 keys
possible
– Try all 25 keys and check to see which key gives an
intelligible message

13. 13
Why is Caesar easy to
break?�
Only 25 keys to try�
The language of the
plaintext is known and
easily recognizable

14. 14
Another example
• Key Text
• 0 exxegoexsrgi
• 1 dwwdfndwrqfh
• 2 cvvcemcvqpeg
• 3 buubdlbupodf
• 4 attackatonce
• 5 zsszbjzsnmbd
• 6 yrryaiyrmlac...
• 23 haahjrhavujl
• 24 gzzgiqgzutik
• 25 fyyfhpfytshj

15. 15
Strengthening Caesar: monoalphabetic
ciphers
• Caesar only has 25 possible keys –far from secure
• Idea: instead of shifting the letters with a fixed amount
how about allowing any permutation of the alphabet
– Plain: a b c d e f g h I j k l m n o p q r s t u v w x y z
– Cipher: D K V Q F I B J W PE S C X H T M Y A U O L R G Z N
– Plaintext: if we wish to replace letters
– Cipher text: WI RF RWAJ UH YFTSDVF SFUUFYA
• This is called monoalphabetic substitution cipher–a
single alphabet is used
• The increase in the number of keys is dramatic: 26!, i.e.,
more than 400,000,000,000,000,000,000,000,000 such
rearrangements

16. 16
Monoalphabetic ciphers
• Having SO MANY possible keys appears to make the system
challenging: difficult to perform brute-force attacks
• �There is however another line of attack that easily defeats the
system even when a relatively small ciphertext is known
– If the cryptanalyst knows the nature of the text, e.g., non
compressed English text, then he can exploit the regularities of
the language

17. 17
Language redundancy and cryptanalysis
• Human languages are redundant
• �Letters are not equally commonly used
– �In English E is by far the most common letter
– �Follows T,R,N,I,O,A,S
– �Other letters are fairly rare
• �See Z,J,K,Q,X
• �Tables of single, double & triple letter frequencies exist
– �Most common diagram in English is TH
– �Most common trigram in English in THE
• Here is the cipher text:
– Ftt bdv bfhvq efno ukvj f tnmvbnxv ic bdv fkvjfyv Fxvjnlfz fjv
qevzb ic bdv yukvjzxvzb nz tvqq bdfz f qvluzo.

18. 18
Cryptanalysis of monoalphabetic ciphers
• Key concept –monoalphabetic substitution ciphers do
not change relative letter frequencies
– �Discovered by Arabs in the 9thcentury
• �Calculate letter frequencies for cipher text
• �Compare counts/plots against known values
• �Most frequent letter in the cipher text may well encrypt E
• �The next one could encrypt T or A
• �After relatively few tries the system is broken
• �If the cipher text is relatively short (and so, the frequencies are not
fully relevant) then more guesses may be needed
• �Powerful tool: look at the frequency of two-letter
combinations (digrams)

19. 19
English Letter Frequencies

20. 20
Breaking contd
• Let’s count some letters. The most common letter is V,
followed by F, N, B, Z
• The most common English letters are ETAIN… it is
highly likely that we have some matches here – though it
is not a certainty. Also ‘F’ probably stands for I or A as ‘F’
appears alone more than once
• It should also be noted that where V ends a three letter
word, that word is ‘BDV’. The most common trigraph
(three letter sequence) in English is ‘THE’ – so let us
guess that ‘BDV’is ‘THE’.
• The sequence ‘BDFZ’ gives a little hope, as f is likely to
be ‘A’ or ‘I’ then ‘BDFZ’ could be ‘THIS’ or ‘THAN’ (not
‘THAT’

21. 21
Breaking contd
• What else can we establish? Either N or Z is likely to be
a vowel (‘NZ’) – and so is I or C (‘IC’).
• Looking at the first word, Ftt – F is likely to be A or I,
so what could this be?
• ADD
• AHH
• ALL
• ANN
• ASS
• Resonable one is ALL
• BDFZ’ is ‘THAN’

22. 22
Breaking contd
• All the ta e a e a l et e the
• Ftt bdv bfhvq efno ukvj f tnmvbnxv ic bdv

23. 23
Block Cipher
• First break the plain text into equal sized blocks.
• Most popular block is 8 character, or 64 bits
• Operates on a fixed size block
• Add extra character if block is not complete
plaintext: The only thing we have to fear is fear
itself
modified plaintext:
Theonlythingwehavetofearisfearitself
plaintext blocks:
Theonlyt hingweha vetofear isfearit selfXend

24. 24
Block Cipher
• Extra bit adding is called padding
• If block size is 8 each block would be
transformed into different 8 character
cipher block
• Block cipher can use number of other
cryptography techniques to transform
each block

25. 25
The first character in each block
becomes the last
plaintext: The only thing we have to fear is
fear itself
plaintext blocks: Theonlyt hingweha vetofear
isfearit selfXend
ciphertext blocks: tylnoehT ahewgnih
raefotev tiraefsi dneXfles
ciphertext:
tylnoehTahewgnihraefotevtiraefsidneXfles

26. 26
Block cipher
• To send cryptanalysis in the wrong
direction, the cipher text can be sent in
blocks of a different size than the size
used to encrypt the plaintext. For example,
the above cipher text could be sent in
blocks of five
• ciphertext:
selfXendisfearitvetofearhingwehaTheonlyt

27. 27
Block Cipher
• Although this message may appear like total
garbage at first, a cryptanalysis would have
absolutely no problem decoding this quote.
Simply be reversing the entire ciphertext and
eliminating any white space (empty spaces),
parts of the quote can be read. Here is what the
ciphertext looks like when it is reversed:
• ciphertext:
selfXendisfearitvetofearhingwehaTheonlyt

28. 28
Stream Cipher
• Stream cipher are faster compared to block cipher
• Operates on small group of bits
• Cryptography key and algorithm are applied to each binary digit in a
data stream, one bit at a time. (encrypt data bit by bit)
• Produces output on element at a time.
• Consist of a state machine that outputs at each state one bit of
information.
• This stream of output bits is commonly called running key.
• State machine is nothing more than a pseudo random number
generator
• Attack is possible if the same key stream is used
• Not used in modern cryptography

29. 29
Determining the Difficulty of a
Brute Force Attack
• The difficulty of a brute force attack depends on
several factors, such as:
– How long can the key be?
– How many possible values can each component of
the key have?
– How long will it take to attempt each key?
– Is there a mechanism which will lock the attacker out
after a number of failed attempts?

30. 30
Average time required forAverage time required for
exhaustiveexhaustive key searchkey search
Key Size
(bits)
Number of
Alternative Keys
Time required at
106
Decryption/µs
32 232
= 4.3 x 109
2.15 milliseconds
56 256
= 7.2 x 1016
10 hours
128 2128
= 3.4 x 1038
5.4 x 1018
years
168 2168
= 3.7 x 1050
5.9 x 1030
years

31. 31
Substitution techniques
• A study of these techniques enables us to
illustrate the basic approaches to symmetric
encryption
• A substitution technique is one in which the
letters of plaintext are replaced by other letters
or by numbers or symbols
• The two basic building blocks of all encryption
techniques are substitution and transposition

32. 32
Play fair Cipher
• The Playfair Cipher is an example of multiple-
letter encryption
• Invented by Sir Charles Wheatstone in 1854, but
named after his friend Baron Play fair who
championed the cipher at the British foreign
office
• Based on the use of a 5x5 matrix in which the
letters of the alphabet are written (I is considered
the same as J)
• This is called key matrix

33. 33
Playfair Matrix
• �A 5X5 matrix of letters based on a keyword
• �Fill in letters of keyword (no duplicates)
– �Left to right, top to bottom
• �Fill the rest of matrix with the other letters in alphabetic order
• �E.g. using the keyword MONARCHY, we obtain the following
matrix
M O N A R
C H Y B D
E F G I K
L P Q S T
U V W X Z

34. 34
Encrypting and decrypting with
Playfair
The plaintext is encrypted two letters at a time:
1 .Break the plaintext into pairs of two consecutive letters
2. If a pair is a repeated letter, insert a filler like 'X‘ in the plaintext, eg. "balloon" is treated as "ba lx
lo on"
3. If both letters fall in the same row of the key matrix, replace each with the letter to its right
(wrapping back to start from end), eg. “AR" encrypts as "RM"
4. If both letters fall in the same column, replace each with the letter below it (again wrapping to top
from bottom), eg. “MU" encrypts to "CM"
5. Otherwise each letter is replaced by the one in its row in the column of the other letter of the pair,
eg. “HS" encrypts to "BP", and “EA" to "IM" or "JM" (as desired)
• �Decryption works in the reverse direction
• �The examples above are based on this key matrix:
• M O N A R M O N A R
• C H Y B D C HY BD
• E F G I K E F G I K
• L P Q S T LPQ ST
• U V W X Z U V W X Z

36. 36
CIPHER TEXT:
kxjeyurebezwehewrytuheyfskrehegoyfiwtt
tuolskycajpoboteizontxbybntgoneycuzwrg
dsonsxbouywrhebaahyusedq
Key: royal new Zealand navy
Exercise

37. 37
Security of Playfair
• Security much improved over monoalphabetic
– There are 26 x 26 = 676 diagrams
• Needs a 676 entry diagram frequency table to
analyse (vs. 26 for a monoalphabetic) and
correspondingly more cipher text
• Widely used for many years (eg. US & British
military in WW I, other allied forces in WW II)
• Can be broken, given a few hundred letters
– Still has much of plaintext structure

38. 38
Measures to hide the structure of
the plaintext
• 1.Encrypt multiple letters of the plaintext at
once
• 2.Use more than one substitution in
encryption and decryption
(polyalphabeticciphers)

39. 39
Polyalphabetic substitution ciphers
• Well, one way is to use more than one alphabet, switching between them
systematically. This type of cipher is called a polyalphabetic substitution cipher
("poly" is the Greek root for "many"). The difference, as you will see, is that
frequency analysis no longer works the same way to break these
• Idea: use different monoalphabetic substitutions as one
proceeds through the plaintext
• Makes cryptanalysis harder with more alphabets
(substitutions) to guess and flattens frequency
distribution
• A key determines which particular substitution is used in
each step
– �Example: the Vigenère cipher

40. 40
Vigenère
• Proposed by GiovanBatista Belaso(1553) and reinvented by
Blaisede Vigenère (1586), called “le chiffreindéchiffrable”for 300
years
• Effectively multiple Caesar ciphers
• Key is a word K = k1 k2 ... kd
• Encryption
– Read one letter t from the plaintext and one letter k from the key
– t is encrypted according to the Caesar cipher with key k
– When the key word is finished, start the reading of the key from the
beginning
• Decryption works in reverse
– Example: key is “bcde”; “testing” is encrypted as “ugvxjpj”
– Note that the two ‘t’ are encrypted by different letters: ‘u’ and ‘x’
– The two ‘j’ in the crypto text come from different plain letters: ‘i’ and ‘j’

41. 41

42. 42
Example Vigenère
Example
• •write the plaintext out
• •write the keyword repeated above it
• •use each key letter as a Caesar cipher key
• •encrypt the corresponding plaintext letter
• •egusing keyword deceptive
– plain: wearediscoveredsaveyourself
– key: deceptivedeceptivedeceptive
• cipher:
ZICVTWQNGRZGVTWAVZHCQYGLMGJ

43. 43
Security of Vigenère Ciphers
• Its strength lays in the fact that each plaintext
letter has multiple cipher text letters
• Letter frequencies are obscured (but not totally lost)
• Breaking Vigenère
– If we need to decide if the text was encrypted with a
monoalphabetic cipher or with Vigenère:
– Start with letter frequencies
– See if it “looks” monoalphabetic or not: the frequencies should
be those of letters in English texts
– If not, then it is Vigenère

44. 44
One time pad
• The idea of the auto key system can be extended to
create an unbreakable system: one-time pad
• Idea: use a (truly) random key as long as the plaintext
• It is unbreakable since the cipher text bears no statistical
relationship to the plaintext
• Moreover, for any plaintext & any cipher text there
exists a key mapping one to the other
• Thus, a cipher text can be decrypted to any plaintext of
the same length
• The cryptanalyst is in an impossible situation

45. 45
One time pad example
• THE BRITISH ARE COMING
• DKJFOISJOGIJPAPDIGN
• Step 1-
– T H E B R I T I S H A R E C O M I N G
D K J F O I S J O G I J P A P D I G N
• Step 2 - Determine an algorithm
– A=0
– B=1
– C=2
– D=3
– E=4
– F=5
• It follows the formula "(plaintext + key) MOD alphabet length":

46. 46
One time pad cont’d
• Step 3 - Perform the encryption
(T(19)+D(03)=22) MOD 26 = 22 = W
(H(07)+K(10)=17) MOD 26 = 17 = R
(E(04)+J(09)=13) MOD 26 = 13 = N
(B(01)+F(05)=06) MOD 26 = 06 = G
(R(17)+O(14)=31) MOD 26 = 05 = F
(I(08)+I(08)=16) MOD 26 = 16 = Q
(T(19)+S(18)=37) MOD 26 = 11 = L
(I(08)+J(09)=17) MOD 26 = 17 = R
(S(18)+O(14)=32) MOD 26 = 06 = G
(H(07)+G(06)=13) MOD 26 = 13 = N
(A(00)+I(08)=08) MOD 26 = 08 = I
(R(17)+J(09)=26) MOD 26 = 00 = A
(E(04)+P(15)=19) MOD 26 = 19 = T
(C(02)+A(00)=02) MOD 26 = 02 = C
(O(14)+P(15)=29) MOD 26 = 03 = D
(M(12)+D(03)=15) MOD 26 = 15 = P
(I(08)+I(08)=16) MOD 26 = 16 = Q
(N(13)+G(06)=19) MOD 26 = 19 = T
(G(06)+N(13)=19) MOD 26 = 19 = T

47. 47
Pad cont’d
• We now show two different decryptions using two
different keys:
• ciphertext:
ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
• key: pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyih
• plaintext: mr mustard with the candlestick in the hall
• ciphertext:
ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
• key: mfugpmiydgaxgoufhklllmhsqdqogtewbqfgyovuhwt
• plaintext: miss scarlet with the knife in the library

48. 48
Pad cont’d
• Two plausible plaintexts are produced.
• How is the cryptanalyst to decide which is
the correct decryption
• If the actual key were produced in a truly
random fashion, then the cryptanalyst
cannot say that one of these two keys is
more likely than the other.

49. 49
Security of the one-time pad
• The security is entirely given by the randomness
of the key
• If the key is truly random, then the ciphertext is random
• A key can only be used onceif the cryptanalyst is to be kept
in the“dark”
• Problems with this “perfect” cryptosystem
• Making large quantities of truly randomcharacters is a
significant task
• Key distribution is enormously difficult: for any message to be
sent, a key of equal length must be available to both parties

50. 50
Other technique of encryption:
transpositions
We have considered so far substitutions to hide
the plaintext: each letter is mapped into a letter
according to some substitution
• Different idea: perform some sort of permutation
on the plaintext letters
• Hide the message by rearranging the letter order
without altering the actual letters used
• The simplest such technique: rail fence
technique

51. 51
Rail Fence cipher
• Idea:write plaintext letters diagonally over a number of
rows, then read off cipher row by row
• �E.g., with a rail fence of depth 2, to encrypt the text
“meet me after the toga party”, write message out as:
m e m a t r h t g p r y
e t e f e t e o a a t
• �Ciphertext is read from the above row-by-row:
– MEMATRHTGPRYETEFETEOAAT
• �Attack: this is easily recognized because it has the
same frequency distribution as the original text

52. 52
Row transposition ciphers
• More complex scheme: row transposition�
• Write letters of message out in rows over a
specified number of columns�
• Reading the cryptotext column-by-column, with
the columns permuted according to some
• Example: “attack postponed until two am” with
key 4312567:
• Key: 4 3 1 2 5 6 7
• Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z

53. 53
Row transposition ciphers
• Ciphertext:
TTNAAPTMTSUOAODWCOIXKNLYPETZ
• If we number the letters in the plaintext from 1 to
28, then the result of the first encryption is the
following permutation of letters from plaintext:03
10 17 24 04 11 18 25 02 09 16 23 01 08 15 22
05 12 19 26 06 13 20 27 07 14 21 28�
• Note the regularity of that sequence!�
• Easily recognized!

54. 54
Iterating the encryption makes it
more secure
• Idea: use the same scheme once more to increase security
• Key: 4 3 1 2 5 6 7
• Input: T T N A A P T
M T S U O A O
D W C O I X K
N L Y P E T Z
• Output: NSCYAUOPTTWLTMDNAOIEPAXTTOKZ
• After the second transposition we get the following sequence of letters:
– 17 09 05 27 24 16 12 07 10 02 22 20 03 25 15 12 04 23 19 14 11 01 26 21 18 08
06 28
• This is far less structured and so, more difficult to cryptanalyze

55. 55
Block cipher principles
• Stream cipher is one that encrypts a digital data
stream one bit (or byte) at a time
– Example: auto key Vigenère system
• Block cipher is one in which the plaintext is
divided in blocks and one block is encrypted at
one time producing a cipher text of equal length
– Similar to substitution ciphers on very big characters:
64 bits or 128 bits are typical block lengths
• Many modern ciphers are block ciphers

56. 56
Product Ciphers
• Ciphers using substitutions or transpositions are not secure
because of language characteristics
• Idea:using several ciphers in succession increases security
• However:
• two substitutions only make another (more complex?) substitution
• two transpositions make another (more complex?) transposition
• a substitution followed by a transposition makes a new much
harder cipher
• This is the bridge from classical to modern ciphers