The Caesar Cipher

This scheme is considered to be the oldest monoalphabetic ciphering scheme.

It is certainly the simplest.
In a monoalphabetic scheme, each letter in the plaintext is replaced by
a set letter in the ciphertext.
In the Caesar cipher, each letter is replaced by one a fixed distance from it.
Caesar used a shift of 3, so “A” => “D”, “B” => “E”, “X” => “A”, etc.

The security of the Caesar cipher depended mostly on the fact that
almost nobody could read.
Writing in plaintext was often quite secure, so this additional layer of
security often sufficed in Caesar’s time.
One advantage of the Caesar cipher is that it can be memorized. Capture of
the cipher key is always a VERY BIG VULNERABILITY.
 Monoalphabetic Substitution Ciphers
In a monoalphabetic substitution cipher, each letter is replaced by a fixed
substitution value, based on an encryption key.
Here is a sample, based on the standard text used by all typing schools
“The quick brown fox jumped over the lazy dogs.”
We take the phrase and remove all duplicate letters and spaces to get
THEQUICKBROWNFXJMPDVLAZYGS
The encryption key is thus.
Cleartext: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphertext: THEQUICKBROWNFXJMPDVLAZYGS
For some time, this method was thought to be secure.
There are 26! ≈ 4.033•1026 possible key values, so brute force
is not an option for attacking this cipher.
 Pattern Analysis of Substitution Ciphers
Substitution ciphers are easily broken by pattern analysis. It is for this reason
that pure substitution ciphers are rarely used.
Consider the following fragment of ciphertext.
VKBD BD T HTQ
The problem here is that spaces were retained from the original.
We begin our cryptanalysis by listing all single letter English words.
The most common would be “A” or “I”.
If “T” => “A” we have **** ** A *A*
Guess “B” => “I” to get **I* I* A *A*
Then we say “D” => “S” **IS IS A *A*
Another good guess THIS IS A *A*
Observed rule: Remove all of the spaces. The message is now
VKBDBDTHTQ
 Analysis of Substitution Ciphers (Part 2)
Given enough ciphertext, any substitution cipher can be broken.
For analysis of enciphered English text, one uses the tables of letter frequencies.
Here is a table of the frequencies of the 7 most common letters in English text.
Letter “E” “T” “A” “O” “I” “N” “S” Others
Frequency 12.7% 9.1% 8.2% 7.5% 7.0% 6.7% 6.1% 42.7%
Given enough ciphertext, these frequencies will show through.
The main class of substitution ciphers is called “polyalphabetic substitution”.
In such a cipher, one uses a set of monoalphabetic substitutions.
The Vigenère cipher is one of the most common polyalphabetic substitution
ciphers. It is often based on a key word or key phrase.
The example cipher will build a table based on the key phrase “THE QUICK”,
which will be handled as “THEQUICK”; the space has been removed.
The table is usually called a “Vigenère Tableau”.
 Using a Vigenère Tableau
Here is part of a complete tableau. The complete tableau would
contain substitutions for each of the 26 letters.
Plaintext T H E Q U I C K
A T H E Q U I C K
B U I F R V J D L
C V J G S W K E M
D W K H T X L F N
E X L I U Y M G O
F Y M J V Z N H P
G Z N K W A O I Q
Encrypt “BE A BAD CAFE”. First compress to “BEABADCAFE”.
B Col. 1 U D Col. 6 L
E Col. 2 L C Col. 7 E
A Col. 3 E A Col. 8 K
B Col.4 R F Col. 1 Y
A Col. 5 U E Col. 2 L
The ciphertext is “ULERULEKYL”, possibly written as “ULERU LEKYL”.
 Transposition Ciphers
In transposition ciphers, the letters are not encrypted but just rearranged.
One of the most common transpositions is to write the plaintext in a rectangular
array, called a block, placing by row and reading by column.
Consider a 35–character block, written as five rows of seven columns each.
Encrypt the message “THIS IS A MESSAGE TO SHOW A COLUMN”.
Column: 1 2 3 4 5 6 7
Text: T H I S I S A
M E S S A G E
T O S H O W A
C O L U M N Z
Notice that the last row has only six characters of plaintext, so it is padded
with an extra character. I chose “Z” for no real reason.
The ciphertext is “TMTC HEOO ISSL SSHU IAOM SGWN AEAZ”.
Note the frequency distribution of letters in a pure transposition cipher
will be exactly that of the letters in the language of the plaintext.
 Product Ciphers
A product cipher is just a combination of two or more ciphers.
One common product cipher is a combination of a substitution cipher
and a transposition cipher.
Consider the previous plaintext “BE A BAD CAFÉ” with the product cipher
1. the previous Vigenère Tableau,
2. a five–by–two transposition.
After the substitution, we have ULERULEKYL.
Arrange in a rectangle
U L E R U
L E K Y L
The ciphertext is U L L E E K R Y U L.
 Modern Transposition Ciphers
The basic assumption of all modern ciphers is that a digital computer
will be used, and that all characters will be represented by a character code.
Assume ASCII encoding, the string “BE A BAD”. Here we keep the spaces.
“B” 0 1 0 0 0 0 1 0
“E” 0 1 0 0 0 1 0 1
“ ” 0 0 1 0 0 0 0 0
“A” 0 1 0 0 0 0 0 1
“ ” 0 0 1 0 0 0 0 0
“B” 0 1 0 0 0 0 1 0
“A” 0 1 0 0 0 0 0 1
“D” 0 1 0 0 0 1 0 0
Here is the transposed text (in binary)
00000000 11010111 00101000 00000000
00000000 01000001 10000100 01010010
 Session Keys
Any simple cipher (substitution, transposition, or product) can be
broken given enough ciphertext encrypted with the same key.
One obvious response to this is to change encryption keys often.
In the Second World War, it was common to change keys once a day.
Doing so more often would have been inconvenient.
In modern network security, each messaging session is assigned a
unique session key. Only data transmitted during that session will
be encrypted with that key.
As a result of session keys, it is hard to collect any significant amount
of ciphertext encrypted with the same key; security is improved.
 Ciphers vs. Codes
It is important to distinguish between ciphers and codes.
The term “cipher” is reserved for those methods that process text
one character at a time.
The term “code” is reserved for those methods that processes text
one word at a time. For example, “Midway Island” was coded as “AF”.
Codes do not always function to support security. For example, during the days
of telegraph communications, commercial codes were devised.
The telegraph companies charged by the number of characters sent. The
response was to use codes to reduce the character count of the message, and
hence the charge to send.
These codes were published in Commercial Code Books, so there was no
expectation of confidentiality.
In the military, it is common practice to super–encrypt the text. It is first
encoded, and then the encoded text is encrypted.
 Final Warning: “Don’t Roll Your Own”
This aphorism is a warning against trying to develop your own encryption
system. This task is generally beyond most of us.
It is quite easy to design an encryption system with multiple layers of
complexity, but that does not ensure that such a system is hard to crack.
History is littered with so–called unbreakable cipher systems that proved
amazingly easy to crack. Most of these “invulnerable” systems could
be compromised with no more computing power than a modern laptop.
True security in encryption comes from:
1. Using a encryption system that is publicly known and has
been extensively studied.
2. Using a key that is kept sufficiently secure.
For example, the DES encryption method was widely rumored to have an
easy way to crack it. Years of continuous study by highly respected experts
have failed to discover this supposed vulnerability. The most probable case
is that no such vulnerability exists.