One of the desirable properties of an encryption system is that of high variance, or entropy. The larger the number of possible values in a key, the harder it is to work out what the key could be.

In the last post, I used the Caesar cipher as an example, and said that because the system only used the 26 letters of the alphabet, there were only 25 possibilities any letter could be transposed into (If you exclude transposing a character to itself).

The Caesar cipher had another weakness in that the character shift was consecutive – once you identify the value of the character shift, you easily work out the remaining characters in the text as they are all shifted by the same amount.

The Caesar cipher is an example of a system that would be classed as mono-alphabetic – it only used one iteration of the alphabet. It has very low entropy.

A slightly more complex solution is to use a poly-alphabetic approach – use more than one iteration of the alphabet.

The Vigenère cipher

The Vigenère cipher (A.K.A. Vigenère square) is one example of a poly-alphabetic system. The system is named after the French diplomat Bliase de Vigenère (1523 – 1596), however it was first devised by the Italian cryptologist Giovan Battista Bellaso in 1553.

The Vigenère cipher uses 26 different iterations of the alphabet, with each iteration starting at the next consecutive letter.

The Vigenère cipher

In addition to the square, a key is required that must be the same length as the plain-text which is to be encoded. If the key is shorter than the plain-text, it is simply repeated until it becomes the same length

So, for example, if the plain-text is meet at noon (10 chrs) the key could be driver(6 chrs) which would need to be re-worded as driverdriv (10 chrs)

To encode the message, the first letter of the plain-text is identified along the top row of the square, and the first letter of the key is identified in the 1st column. The encoded character is the one which represents the intersect of the two. Thus M = P, E = V, etc.

The encoded message would be PVMOEKQFWI

To decrypt the message, Identify the 1st letter of the key in the left-most column, then locate the 1st letter of the cipher-text along that row to identify the character on the top row.

As can be seen here, the addition of multiple versions of the alphabet generates a much stronger system – a greater degree of entropy (randomness) is given to each letter.

The weakness in the Vigenère cipher is the repeated nature of the key – If a cryptanalyst identifies the key length they can then start to identify all possible words that they key could be to attempt to recover readable words.

Running key

The solution to this weakness is to utilise a key that is the exact same length as the plain text. This approach is called a running key.

Rather than using a keyword, the running key cipher uses a key text or key book, which is agreed upon by both parties before any encryption takes place. The keystream is taken from this agreed publication by choosing a page and line number to start at.

This starting point is then referenced in a known way within the cipher-text itself, to let the receiver know where to start their keystream from.

So, as an example, we might decide to use “The colour of Magic” by Terry Pratchett as our key book.

For the message “meet at noon by the church steps” we decide to use page 81, line 9 which reads “The creature grunted and with one swipe…”

Our message is 26 characters in length, so we need the same number of characters for our key =”The creature grunted and with o

Encoding our plain-text with the key produces the following cipher text:

FLIV RX NHIE FE KBR VLXRPK OBXWG

So that the recipient knows which page and line number to use for the key, we tell them within the cipher-text

We might decide to encode the page number 81 as 8 and 1, so that might become H and A and the line number 9 as I (each character is their respective number in the alphabet)

We then simply insert this string into the cipher-text at a pre-agreed position – e.g.:

FLIV HAI RX NHIE FE KBR VLXRPK OBXWG

Using letters, words and phrases is one thing, but computers tend to operate best on numeric data, fortunately, the possible entropy offered by numbers is limitless and as such gives rise to some extremely complex encryption options.

In the next post, we shall start to look at modern cryptographic solutions.

Related Articles

(30/07/23) Blog 211 – Israeli oil refinery targeted by Pro-Palestine hackers
365 days of blogs / October

(30/07/23) Blog 211 – Israeli oil refinery targeted by Pro-Palestine hackers

Mark
(14-02-23) Blog 45 – Prilex malware blocks NFC payments
365 days of blogs / October

(14-02-23) Blog 45 – Prilex malware blocks NFC payments

Mark
(12/04/23) Blog 102 – Somebody really wants to know what the blend of 11 herbs & spices is
365 days of blogs / October

(12/04/23) Blog 102 – Somebody really wants to know what the blend of 11 herbs & spices is

Mark
(06/09/23) Blog 249 – Crypto-gambling site Stake hacked – $40M stolen
365 days of blogs / October

(06/09/23) Blog 249 – Crypto-gambling site Stake hacked – $40M stolen

Mark
(03/11/23) Blog 307 – Common Vulnerability Scoring System Version 4.0 released
365 days of blogs / October

(03/11/23) Blog 307 – Common Vulnerability Scoring System Version 4.0 released

Mark