IMT4531 Introduction to Cryptology
Exercise 1 – Classical cryptography
1. Given the English alphabet (26 letters), encipher the message “NORWAY” by means of the
Caesar’s cipher (the shift is 3). Do the same by using summation modulo 26. What is the key
in that case? Decipher in both cases!
a) The enciphering transformation:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Enciphering by means of the look-up table given above:
NORWAYQRUZDB
Deciphering:
QRUZDBNORWAY
b) Enciphering and deciphering by means of the summation/subtraction modulo 26
The key: since the shift of the alphabet is 3, the key is Zi=3, i=1,2,3,…
Letter encoding:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Enciphering: Yi=(Xi+Zi) mod 26
N13, (13+3) mod 26 = 16Q
O14, (14+3) mod 26 = 17R
R17, (17+3) mod 26 = 20U
W22, (22+3) mod 26 = 25Z
A0, (0+3) mod 26 = 3D
Y24, (24+3) mod 26 = 1B
Deciphering: Xi=(Yi-Zi) mod 26
Q16, (16-3) mod 26 = 13N
R17, (17-3) mod 26 = 14O
U20, (20-3) mod 26 = 17R
Z25, (25-3) mod 26 = 22W
D3, (3-3) mod 26 = 0A
B1, (1-3) mod 26 = 24Y
2. Encipher the message “THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG” by means of
the Vigenѐre’s cipher. Use the formula and the table. Decipher in both cases! The key word is
“TEST”.
a) Enciphering and deciphering by means of the formula
Enciphering: Yi=(Xi+Zi) mod 26
Deciphering: Xi=(Yi-Zi) mod 26
Letter encoding:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Enciphering:
T19
H7
E4
Q16
U20
I8
C2
K10
B1
R17
O14
W22
N13
F5
O14
X23
J9
U20
M12
P15
S18
O14
V21
E4
R17
T19
H7
E4
L11
A0
T19
E4
S18
T19
T19
E4
S18
T19
T19
E4
S18
T19
T19
E4
S18
T19
T19
E4
S18
T19
T19
E4
S18
T19
T19
E4
S18
T19
T19
E4
(19+19) mod 26 = 12  M
(7+4) mod 26 = 11  L
(4+18) mod 26 = 22  W
(16+19) mod 26 = 9  J
(20+19) mod 26 = 13  N
(8+4) mod 26 = 12  M
(2+18) mod 26 = 20  U
(10+19) mod 26 = 3  D
(1+19) mod 26 = 20  U
(17+4) mod 26 = 21  V
(14+18) mod 26 = 6  G
(22+19) mod 26 = 15  P
(13+19) mod 26 = 6  G
(5+4) mod 26 = 9  J
(14+18) mod 26 = 6  G
(23+19) mod 26 = 16  Q
(9+19) mod 26 = 2  C
(20+4) mod 26 = 24  Y
(12+18) mod 26 = 4  E
(15+19) mod 26 = 8  I
(18+19) mod 26 = 11  L
(14+4) mod 26 = 18  S
(21+18) mod 26 = 13  N
(4+19) mod 26 = 23  X
(17+19) mod 26 = 10  K
(19+4) mod 26 = 23  X
(7+18) mod 26 = 25  Z
(4+19) mod 26 = 23  X
(11+19) mod 26 = 4  E
(0+4) mod 26 = 4  E
Z25
Y24
D3
O14
G6
S18
T19
T19
E4
S18
(25+18) mod 26 = 17  R
(24+19) mod 26 = 17  R
(3+19) mod 26 = 22  W
(14+4) mod 26 = 18  S
(6+18) mod 26 = 24  Y
Deciphering:
M12
L11
W22
J9
N13
M12
U20
D3
U20
V21
G6
P15
G6
J9
G6
Q16
C2
Y24
E4
I8
L11
S18
N13
X23
K10
X23
Z25
X23
E4
E4
R17
R17
W22
S18
Y24
T19
E4
S18
T19
T19
E4
S18
T19
T19
E4
S18
T19
T19
E4
S18
T19
T19
E4
S18
T19
T19
E4
S18
T19
T19
E4
S18
T19
T19
E4
S18
T19
T19
E4
S18
(12-19) mod 26 = 19  T
(11-4) mod 26 = 7  H
(22-18) mod 26 = 4  E
(9-19) mod 26 = 16  Q
(13-19) mod 26 = 20  U
(12-4) mod 26 = 8  I
(20-18) mod 26 = 2  C
(3-19) mod 26 = 10  K
(20-19) mod 26 = 1  B
(21-4) mod 26 = 17  R
(6-18) mod 26 = 14  O
(15-19) mod 26 = 22  W
(6-19) mod 26 = 13  N
(9-4) mod 26 = 5  F
(6-18) mod 26 = 14  O
(16-19) mod 26 = 23  X
(2-19) mod 26 = 9  J
(24-4) mod 26 = 20  U
(4-18) mod 26 = 12  M
(8-19) mod 26 = 15  P
(11-19) mod 26 = 18  S
(18-4) mod 26 = 14  O
(13-18) mod 26 = 21  V
(23-19) mod 26 = 4  E
(10-19) mod 26 = 17  R
(23-4) mod 26 = 19  T
(25-18) mod 26 = 7  H
(23-19) mod 26 = 4  E
(4-19) mod 26 = 11  L
(4-4) mod 26 = 0  A
(17-18) mod 26 = 25  Z
(17-19) mod 26 = 24  Y
(22-19) mod 26 = 3  D
(18-4) mod 26 = 14  O
(24-18) mod 26 = 6  G
b) Enciphering and deciphering by means of the table
Enciphering: The plaintext letter determines the row. The key letter determines the
column. The ciphertext letter is at the intersection of these two.
Deciphering: The key letter determines the column. Find the ciphertext letter in that
column. The first letter in the corresponding row is the plaintext letter.
Example: enciphering and deciphering of the first letters of the plaintext (“THE”).
3. Encipher the message “VERNAM 1917” by means of the Vernam cipher, if the key is
“ENCIPHERINGS”. Use ITA-2 for encoding of the letters.
The ITA-2 encoding:
V
11110
E
00001
11111
LTRS
E
00001
N
01100
01101
F
R
01010
C
01110
00100
Sp
N
01100
I
00110
01010
R
A
00011
P
10110
10101
Y
M
11100
H
10100
01000
Cr
Sp
00100
E
00001
00101
S
Figs
11011
R
01010
10001
Z
1
10111
I
00110
10001
Z
9
11000
N
01100
10100
H
1
10111
G
11010
01101
F
7
00111
S
00101
00010
Lf
4. A semiconductor-based random number generator produces a binary sequence, in which the
probability of “1” can vary between 0.2 and 0.45, depending on the threshold setting. Draw
the entropy curve for this source!
𝐻(𝑋) = − ∑ 𝑝(𝑥𝑖 ) log 2 𝑝(𝑥𝑖 )
𝑖
In this case, 𝑥𝑖 ∈ {0,1} .
𝐻(0.2) = −(0.2 log 2 0.2 + 0.8 log 2 0.8) = 0.722
𝐻(0.25) = −(0.25 log 2 0.25 + 0.75 log 2 0.75) = 0.811
𝐻(0.3) = −(0.3 log 2 0.3 + 0.7 log 2 0.7) = 0.881
𝐻(0.35) = −(0.35 log 2 0.35 + 0.65 log 2 0.65) = 0.934
𝐻(0.4) = −(0.4 log 2 0.4 + 0.6 log 2 0.6) = 0.971
𝐻(0.45) = −(0.45 log 2 0.45 + 0.55 log 2 0.55) = 0.993
log 𝑥
Recall, log 2 𝑥 = log 2 .
5. A cryptosystem enciphers three possible plaintexts, x1, x2, and x3, whose probabilities are 0.5,
0.3, and 0.2, respectively. It uses two keys, k1 and k2, whose probabilities are 0.5 each.
Possible ciphertexts are y1, y2, and y3. The choice of the key is always independent on the
choice of the ciphertext. The following are the mappings plaintext-ciphertext in this system:
Calculate the uncertainty of the plaintext before and after receiving the ciphertext. How
much information does the ciphertext give about the plaintext?
The a priori probability of the plaintext:
𝑝(𝑥𝑖 ) = 𝑝(𝑋 = 𝑥𝑖 ), 𝑖 = 1,2,3
The a priori probability of the key:
𝑝(𝑘𝑖 ) = 𝑝(𝐾 = 𝑘𝑖 ), 𝑖 = 1,2
The probability of the ciphertext:
𝑝(𝑦𝑖 ) = 𝑝(𝑌 = 𝑦𝑖 ), 𝑖 = 1,2,3.
Then:
𝑝(𝑦1 ) = 𝑝(𝑘1 )𝑝(𝑥1 ) + 𝑝(𝑘2 )𝑝(𝑥1 ) = 0.5 ∙ 0.5 + 0.5 ∙ 0.5 = 0.5
𝑝(𝑦2 ) = 𝑝(𝑘1 )𝑝(𝑥2 ) + 𝑝(𝑘2 )𝑝(𝑥3 ) = 0.5 ∙ 0.3 + 0.5 ∙ 0.2 = 0.25
𝑝(𝑦3 ) = 𝑝(𝑘1 )𝑝(𝑥3 ) + 𝑝(𝑘2 )𝑝(𝑥2 ) = 0.5 ∙ 0.2 + 0.5 ∙ 0.3 = 0.25
Also:
𝑝(𝑥1 |𝑦1 ) = 1, 𝑝(𝑥1 |𝑦2 ) = 0, 𝑝(𝑥1 |𝑦3 ) = 0, 𝑝(𝑥2 |𝑦1 ) = 0, 𝑝(𝑥3 |𝑦1 ) = 0
Recall the Bayes formula for 2 variables: 𝑝(𝑥|𝑦) =
𝑝(𝑥,𝑦)
𝑝(𝑦)
=
𝑝(𝑥)𝑝(𝑦|𝑥)
𝑝(𝑦)
Since only k1 maps x2 into y2
Then we have:
𝑝(𝑥2 |𝑦2 ) =
𝑝(𝑥2 ,𝑦2 )
𝑝(𝑦2 )
=
𝑝(𝑥2 ,𝑘1 )
𝑝(𝑦2 )
=
𝑝(𝑥2 )𝑝(𝑘1 )
𝑝(𝑦2 )
=
0.3∙0.5
0.25
= 0.6
Since plaintexts and keys are
independently chosen
𝑝(𝑥2 |𝑦3 ) =
𝑝(𝑥2 ,𝑦3 )
𝑝(𝑦3 )
𝑝(𝑥3 |𝑦2 ) =
𝑝(𝑥3 , 𝑦2 ) 𝑝(𝑥3 , 𝑘2 ) 𝑝(𝑥3 )𝑝(𝑘2 ) 0.2 ∙ 0.5
=
=
=
= 0.4
𝑝(𝑦2 )
𝑝(𝑦2 )
𝑝(𝑦2 )
0.25
𝑝(𝑥3 |𝑦3 ) =
𝑝(𝑥3 , 𝑦3 ) 𝑝(𝑥3 , 𝑘1 ) 𝑝(𝑥3 )𝑝(𝑘1 ) 0.2 ∙ 0.5
=
=
=
= 0.4
𝑝(𝑦3 )
𝑝(𝑦3 )
𝑝(𝑦3 )
0.25
=
𝑝(𝑥2 ,𝑘2 )
𝑝(𝑦3 )
=
𝑝(𝑥2 )𝑝(𝑘2 )
𝑝(𝑦3 )
=
0.3∙0.5
0.25
= 0.6
We now compare the probabilities of the plaintext messages a priori and a posteriori.
x1
x2
x3
A priori
𝑝(𝑥1 ) = 0.5
𝑝(𝑥2 ) = 0.3
𝑝(𝑥3 ) = 0.2
A posteriori
𝑝(𝑥1 |𝑦1 ) = 1; 𝑝(𝑥1 |𝑦2 ) = 0; 𝑝(𝑥1 |𝑦3 ) = 0
𝑝(𝑥2 |𝑦1 ) = 0; 𝑝(𝑥2 |𝑦2 ) = 0.6; 𝑝(𝑥2 |𝑦3 ) = 0.6
𝑝(𝑥3 |𝑦1 ) = 0; 𝑝(𝑥3 |𝑦2 ) = 0.4; 𝑝(𝑥3 |𝑦3 ) = 0.4
Thus the ciphertext gives us information about the plaintext. But how much information?
The entropy of the plaintext:
𝐻(𝑋) = −(0.5 log 2 0.5 + 0.3 log 2 0.3 + 0.2 log 2 0.2) = 1.485
The conditional entropy of the plaintext given the ciphertext:
𝐻(𝑋|𝑌) = − ∑ ∑ 𝑝(𝑦)𝑝(𝑥|𝑦) log 2 𝑝(𝑥|𝑦) =
𝑥
𝑦
= −(𝑝(𝑦1 )𝑝(𝑥1 |𝑦1 ) log 2 𝑝(𝑥1 |𝑦1 ) + 𝑝(𝑦2 )𝑝(𝑥1 |𝑦2 ) log 2 𝑝(𝑥1 |𝑦2 ) + 𝑝(𝑦3 )𝑝(𝑥1 |𝑦3 ) log 2 𝑝(𝑥1 |𝑦3 ) +
+𝑝(𝑦1 )𝑝(𝑥2 |𝑦1 ) log 2 𝑝(𝑥2 |𝑦1 ) + 𝑝(𝑦2 )𝑝(𝑥2 |𝑦2 ) log 2 𝑝(𝑥2 |𝑦2 ) + 𝑝(𝑦3 )𝑝(𝑥2 |𝑦3 ) log 2 𝑝(𝑥2 |𝑦3 ) +
+𝑝(𝑦1 )𝑝(𝑥3 |𝑦1 ) log 2 𝑝(𝑥3 |𝑦1 ) + 𝑝(𝑦2 )𝑝(𝑥3 |𝑦2 ) log 2 𝑝(𝑥3 |𝑦2 ) + 𝑝(𝑦3 )𝑝(𝑥3 |𝑦3 ) log 2 𝑝(𝑥3 |𝑦3 )) =
= 0.485
Recall: to compute the entropy of an event whose probability is 0, the following limit is used:
lim 𝑥 log 𝑥 = 0
𝑥→0
So, the uncertainty of the plaintext decreases when the ciphertext is known – the system is not
perfectly secret.
6. A cryptosystem enciphers three possible plaintexts, x1, x2, and x3, whose probabilities are 0.5,
0.3, and 0.2, respectively. It uses three keys, k1, k2, and k3, whose probabilities are 0.333
each. Possible ciphertexts are y1, y2, and y3. The choice of the key is always independent on
the choice of the ciphertext. The following are the mappings plaintext-ciphertext in this
system:
Calculate the uncertainty of the plaintext before and after receiving the ciphertext. How
much information does the ciphertext give about the plaintext?
𝑝(𝑦1 ) = 𝑝(𝑥1 )𝑝(𝑘2 ) + 𝑝(𝑥2 )𝑝(𝑘1 ) + 𝑝(𝑥3 )𝑝(𝑘3 ) = 0.5 ∙ 0.333 + 0.3 ∙ 0.333 + 0.2 ∙ 0.333 = 0.333
𝑝(𝑦2 ) = 𝑝(𝑥1 )𝑝(𝑘1 ) + 𝑝(𝑥2 )𝑝(𝑘3 ) + 𝑝(𝑥3 )𝑝(𝑘1 ) = 0.5 ∙ 0.333 + 0.3 ∙ 0.333 + 0.2 ∙ 0.333 = 0.333
𝑝(𝑦3 ) = 𝑝(𝑥1 )𝑝(𝑘3 ) + 𝑝(𝑥2 )𝑝(𝑘2 ) + 𝑝(𝑥3 )𝑝(𝑘2 ) = 0.5 ∙ 0.333 + 0.3 ∙ 0.333 + 0.2 ∙ 0.333 = 0.333
𝑝(𝑥1 |𝑦1 ) =
𝑝(𝑥1 ,𝑦1 )
𝑝(𝑦1 )
=
𝑝(𝑥1 ,𝑘2 )
𝑝(𝑦1 )
=
𝑝(𝑥1 )𝑝(𝑘2 )
𝑝(𝑦1 )
=
0.5∙0.333
0.333
= 0.5
𝑝(𝑥1 |𝑦2 ) =
𝑝(𝑥1 ,𝑦2 )
𝑝(𝑦2 )
=
𝑝(𝑥1 ,𝑘1 )
𝑝(𝑦2 )
=
𝑝(𝑥1 )𝑝(𝑘1 )
𝑝(𝑦2 )
=
0.5∙0.333
0.333
= 0.5
𝑝(𝑥1 |𝑦3 ) =
𝑝(𝑥1 ,𝑦3 )
𝑝(𝑦3 )
=
𝑝(𝑥1 ,𝑘3 )
𝑝(𝑦3 )
=
𝑝(𝑥1 )𝑝(𝑘3 )
𝑝(𝑦3 )
=
0.5∙0.333
0.333
= 0.5
𝑝(𝑥2 |𝑦1 ) =
𝑝(𝑥2 ,𝑦1 )
𝑝(𝑦1 )
=
𝑝(𝑥2 ,𝑘1 )
𝑝(𝑦1 )
=
𝑝(𝑥2 )𝑝(𝑘1 )
𝑝(𝑦1 )
=
0.3∙0.333
0.333
= 0.3
𝑝(𝑥2 |𝑦2 ) =
𝑝(𝑥2 ,𝑦2 )
𝑝(𝑦2 )
=
𝑝(𝑥2 ,𝑘3 )
𝑝(𝑦2 )
=
𝑝(𝑥2 )𝑝(𝑘3 )
𝑝(𝑦2 )
=
0.3∙0.333
0.333
= 0.3
𝑝(𝑥2 |𝑦3 ) =
𝑝(𝑥2 ,𝑦3 )
𝑝(𝑦3 )
=
𝑝(𝑥2 ,𝑘2 )
𝑝(𝑦3 )
=
𝑝(𝑥2 )𝑝(𝑘2 )
𝑝(𝑦3 )
=
0.3∙0.333
0.333
= 0.3
𝑝(𝑥3 |𝑦1 ) =
𝑝(𝑥3 ,𝑦1 )
𝑝(𝑦1 )
=
𝑝(𝑥3 ,𝑘3 )
𝑝(𝑦1 )
=
𝑝(𝑥3 )𝑝(𝑘3 )
𝑝(𝑦1 )
=
0.2∙0.333
0.333
= 0.2
𝑝(𝑥3 |𝑦2 ) =
𝑝(𝑥3 ,𝑦2 )
𝑝(𝑦2 )
=
𝑝(𝑥3 ,𝑘1 )
𝑝(𝑦2 )
=
𝑝(𝑥3 )𝑝(𝑘1 )
𝑝(𝑦2 )
=
0.2∙0.333
0.333
= 0.2
𝑝(𝑥3 |𝑦3 ) =
𝑝(𝑥3 ,𝑦3 )
𝑝(𝑦3 )
=
𝑝(𝑥3 ,𝑘2 )
𝑝(𝑦3 )
=
𝑝(𝑥3 )𝑝(𝑘2 )
𝑝(𝑦3 )
=
0.2∙0.333
0.333
= 0.2
𝐻(𝑋) = −(0.5 log 2 0.5 + 0.3 log 2 0.3 + 0.2 log 2 0.2) = 1.485
𝐻(𝑋|𝑌) = − ∑ ∑ 𝑝(𝑦)𝑝(𝑥|𝑦) log 2 𝑝(𝑥|𝑦) =
𝑥
𝑦
= −(𝑝(𝑦1 )𝑝(𝑥1 |𝑦1 ) log 2 𝑝(𝑥1 |𝑦1 ) + 𝑝(𝑦2 )𝑝(𝑥1 |𝑦2 ) log 2 𝑝(𝑥1 |𝑦2 ) + 𝑝(𝑦3 )𝑝(𝑥1 |𝑦3 ) log 2 𝑝(𝑥1 |𝑦3 ) +
+𝑝(𝑦1 )𝑝(𝑥2 |𝑦1 ) log 2 𝑝(𝑥2 |𝑦1 ) + 𝑝(𝑦2 )𝑝(𝑥2 |𝑦2 ) log 2 𝑝(𝑥2 |𝑦2 ) + 𝑝(𝑦3 )𝑝(𝑥2 |𝑦3 ) log 2 𝑝(𝑥2 |𝑦3 ) +
+𝑝(𝑦1 )𝑝(𝑥3 |𝑦1 ) log 2 𝑝(𝑥3 |𝑦1 ) + 𝑝(𝑦2 )𝑝(𝑥3 |𝑦2 ) log 2 𝑝(𝑥3 |𝑦2 ) + 𝑝(𝑦3 )𝑝(𝑥3 |𝑦3 ) log 2 𝑝(𝑥3 |𝑦3 )) =
= 1.485
Since the entropy of the plaintext is the same no matter whether the ciphertext is known or not, this
system is perfectly secret.