MATH3302 – Cryptography Problem Set 1

These questions are based on the material in Section 2: Introduction to cryptography and
Section 3: Classical Cryptographic Techniques. You do not need to submit your answers to
any of these questions.

1. Explain why the following 5-tuple (P, C, K, E, D) is not a cryptosystem.

P = Z (the set of integers)
C = Z+ (the set of positive integers)
K = Z+ (the set of positive integers)
E = for k ∈ K and x ∈ P, the function ek is defined by ek (x) = k|x|
D = for k ∈ K and y ∈ C, the function dk is defined by dk (y) = y/k
2. Suppose Oscar knows that Alice is going to send the message “meet me at noon” to
Bob and he then intercepts the ciphertext “PIJZTMJDRSS”. What is the name given
to the type of attack that he can now apply to the cipher?

3. (a) Use the Euclidean Algorithm to find gcd(26, 14). Hence explain why 14 does not
have a multiplicative inverse in Z26 .
(b) Use the Euclidean Algorithm to find gcd(26, 23).
(c) Find the multiplicative inverse of 23 in Z26 .

4. Consider an affine cipher with the key K = (a, b) = (5, 6).

(a) Find the ciphertext corresponding to the plaintext hello.

(b) Find the plaintext corresponding to the ciphertext OGVOGT.
(c) Determine which letters remain unchanged when encrypting using this key.

5. Use letter, digram and trigram frequencies in written English to carry out a ciphertext-
only attack on the following ciphertext which was encrypted using an Affine cipher.
YFWFCKRSHHUPBSHIVSBZEWNMRSFSNRSCVGPHSCYCIPFGCBBIXX
SBBGMPIPNGCHINNHSRGHHGMJFIPASBMINRCHBSFWCPBHCBISWS
CFBFGXWCPBNFCVSFWSBTUCTFGGQNRCNRCBINWWGEFKSCMCUTCK
QIPNRSMGGBWGJNRSGHBKENRTSFNXHCKSINMCWFSXENSBNGTSCP
IPNFIKCNSRSCBHGPATFGGQIPINWSCFHISFKGEFWS
Frequencies of letters appearing in the ciphertext
S C N G,F B I H P W R K,M T E,X Q,U,V A,J,Y,Q Z D,L,O
28 24 20 19 18 16 14 13 12 11 7 6 5 3 2 1 0
Frequencies of digrams and trigrams appearing in the ciphertext
CB, FG, FW, WS IN, SB, SF IP, RS NR, SC IPN, NRC, NRS
4 times 5 times 6 times 7 times 3 times

1
MATH3302 – Cryptography Problem Set 1

6. The ciphertext FLAKIYIMWQ was obtained using the Vigenere cipher with the key-
word MESSAGE. Find the corresponding plaintext.
7. The index of coincidence for German is 0.0762. Determine a formula for m, the most
likely keyword length, for ciphertext obtained from German plaintext using the Vi-
genere cipher.
8. Consider the following Playfair array.
B A R M G
U E I/J T N
H O S D W
Y L P C F
K Q V X Z

(a) Encrypt the plaintext happy days.

(b) Decrypt the ciphertext TERCSUBW.
 
a b
9. Suppose you know that using a Hill cipher with key K = , the plaintext er
c d
encrypts to the ciphertext DE and the plaintext re encrypts to the ciphertext DR.
Explain why this is not enough information for you to determine K.
10. Consider the implementation of the row transposition cipher given on page 45 of the
notes with the keyword SCRAMBLE.

(a) Encrypt the plaintext thoroughlymixed.

(b) Decrypt the ciphertext EAAERCKTNEHRAREWGNALGINRESTXXRTE.
(c) Write down the permutation π for this row transpostion cipher in one-line cycle
form.

11. A plaintext message was encrypted using the ADFGVX cipher with the keyword
CIPHER and the following 6 × 6 array. (Note that the entry in the AA cell is a
zero, not the letter O.)
A D F G V X
A 0 A D G 1 J
D M 2 P S V 3
F Y B 4 5 E H
G 6 K N Q T 7
V W 8 Z C F I
X L O R U 9 X
The ciphertext FXFFDAXDGGDXVGGXDX was received. Determine the plaintext
message.

2
MATH3302 – Cryptography Problem Set 1

12. Consider a 5-stage LFSR-based stream cipher using the linear recurrence relation

li+5 = li + li+2 + li+4 (mod 2).

Determine the keystream generated by the initial key (1, 0, 0, 1, 1).

13. Suppose that some binary plaintext has been encrypted using a 4-stage LFSR-based
stream cipher in which the ciphertext is the sum modulo 2 of the plaintext and the
keystream. The keystream is produced from an initial key (l1 , l2 , l3 , l4 ) and a linear
recurrence relation

li+4 = c0 li + c1 li+1 + c2 li+2 + c3 li+3 (mod 2).

You know that the plaintext 11100110 corresponds to the ciphertext 01101100. Deter-
mine the linear recurrence relation.

3
MATH3302 – Cryptography Problem Set 1 – Solutions
1. The given 5-tuple is not a cryptosystem because the encryption function is not one-one.
For example 2 ∈ P, −2 ∈ P, 3 ∈ K and e3 (2) = e3 (−2) = 6 but 2 6= −2.
2. Oscar could apply a known plaintext attack to the cipher.
3. (a) 26 = 14 × 1 + 12 and 14 = 12 × 1 + 2 and 12 = 2 × 6 + 0 so gcd(26, 14) = 2. Since
gcd(26, 14) 6= 1, 14 does not have a multiplicative inverse in Z26 .
(b) 26 = 23 × 1 + 3 and 23 = 3 × 7 + 2 and 3 = 2 × 1 + 1 and 2 = 1 × 2 + 0 thus
gcd(26, 23) = 1.
(c) Working backwards from part (b) we have 1 = 3 − 2 × 1 and 1 = 3 − (23 − 3 × 7) =
3 × 8 − 23. Thus 1 = (26 − 23) × 8 − 23 = 26(8) + 23(−9). Thus the multiplicative
inverse of 23 in Z26 is −9 = 17.
4. (a) We have the encryption function eK (x) = 5x + 6.
plaintext h e l l o
x 7 4 11 11 14
5x + 6 41 26 61 61 76
in Z26 15 0 9 9 24
ciphertext P A J J Y
(b) Since 5−1 = 21, we have the decryption function dK (y) = 21(y − 6).
ciphertext O G V O G T
y 14 6 21 14 6 19
21(y − 6) 168 0 315 168 0 273
in Z26 12 0 3 12 0 13
plaintext m a d m a n
(c) We need to solve eK (x) = x so 5x + 6 = x for x ∈ Z26 . This is equivalent to
solving 4x = −6 or 4x = 20. Since 4 does not have a multiplicative inverse in Z26 ,
this equation has multiple solutions. Consider the series of equations 4x = 20,
4x = 46, 4x = 72, 4x = 98. These give the solutions x = 5 and x = 18, so the
two letters that remain unchanged during encryption are the letters f and s.
5. Based on the most frequently used digrams and trigrams on page 27 of the notes, we
could guess that
ciphertext NR RS NRS
plaintext th he the
Then we use two of the above letter matches to check if we get a sensible affine cipher
key K = (a, b). If e encrypts to S and t encrypts to N, then

4a + b = 18
19a + b = 13
15a = 21

so a = 17. (The multiplicative inverse of 15 is 7 and 7 × 21 = 17 mod 26.) Hence b = 2

and K = (a, b) = (17, 2) is a possible key for an Affine cipher.

4
MATH3302 – Cryptography Problem Set 1 – Solutions

5. (continued) Now the multiplicative inverse of 17 is 23. Using the decryption function
dK (y) = 23(y − 2) we obtain the following mapping:
y A B C D E F G H I J K L M
23(y − 2) g d a x u r o l i f c z w
y N O P Q R S T U V W X Y Z
23(y − 2) t q n k h e b y v s p m j
Replacing each ciphertext letter by its corresponding plaintext letter gives the following
plaintext:
mrsrachellyndelivedjustwheretheavonleamainroaddipp
eddownintoalittlehollowfringedwithaldersandladiese
ardropsandtraversedbyabrookthathaditssourceawaybac
kinthewoodsoftheoldcuthbertplaceitwasreputedtobean
intricateheadlongbrookinitsearliercourse

6. ciphertext F L A K I Y I M W Q
in Z26 5 11 0 10 8 24 8 12 22 16
− 12 4 18 18 0 6 4 12 4 18
19 7 8 18 8 18 4 0 18 24
plaintext t h i s i s e a s y
7. We will follow the discussion on pages 35–36 of the notes.
The expected number of pairs of equal letters in which the letters are from the same
column is n
n(n − m)
0.0762 m m = 0.0762 .
2 2m
The expected number of pairs of equal letters in which the letters are from different
columns is
0.038n2 (m − 1)
   
m n n
(0.038) = .
2 m m 2m
Adding these together gives the expected number of pairs of equal letters in the entire
ciphertext,
0.0762n(n − m) + 0.038n2 (m − 1)
.
2m
Dividing this by n2 gives the proportion of equal pairs, Ic .

0.0762n(n − m) + 0.038n2 (m − 1) 2 0.0382n + m(0.038n − 0.0762)

Ic = = .
2m n(n − 1) m(n − 1)
Thus P25
0.0382n i=0fi (fi − 1)
m= where Ic = .
(n − 1)Ic − 0.038n + 0.0762 n(n − 1)

5
 MATH3302 – Cryptography Problem Set 1 – Solutions

8. (a) Because of the double p we must encrypt “ha px py da ys”. This encrypts as
OBCVCLOMPH.
(b) TE could be iu or ju and SU could be hi or hj. Using our knowledge of the English
language we deduce that the plaintext is jump high.

9. Using this information we know that

    
4 17 a b 3 4
=
17 4 c d 3 17

However, since 4 × 4 − 17 × 17 = 13 (mod 26) and 13 does not have a multiplicative

inverse in Z26 , the left-hand matrix does not have an inverse in Z26 and so this equation
does not have a unique solution for K.
For example, here are two possibilities for K, both of which make the above matrix
equation true.    
1 −1 3 1
and
3 2 1 0

10. (a) Key S C R A M B L E

8 3 7 1 6 2 5 4
t h o r o u g h
l y m i x e d x
The ciphertext is RUHHGOOTIEYXDXML.
(b) For each group of 8 ciphertext letters we write them in the order 8th, 3rd, 7th,
1st, 6th, 2nd, 5th, 4th.
E A A E R C K T
N E H R A R E W
G N A L G I N R
E S T X X R T E
The plaintext is takecarewhenrearranginglettersxx, so the message is take care when
rearranging letters.
(c) Since the plaintext x1 x2 x3 x4 x5 x6 x7 x8 becomes x4 x6 x2 x8 x7 x5 x3 x1 , the permuta-
tion is (1,4,8) (2,6,5,7,3).

11. Since the keyword was CIPHER, to undo the permutation of the letters, for each group
of 6 ciphertext letters, we write them in the order 1st, 4th, 5th, 3rd, 2nd, 6th.
Thus the ciphertext FXFFDA XDGGDX VGGXDX is rearranged as FFDFXA XGDGDX
VXDGGX. Then we consider pairs as row-column labels and decrypt them using the
6 × 6 array. This gives the plaintext message 4 plus 3 is 7.

6
 MATH3302 – Cryptography Problem Set 1 – Solutions

12. The keystream is 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, . . . . It has period 15.

13. To obtain the keystream we add modulo 2 the ciphertext and the plaintext (in mod 2,
addtion is the same as subtraction). Thus the keystream is

1, 0, 0, 0, 1, 0, 1, 0 = l1 , l2 , l3 , l4 , l5 , l6 , l7 , l8 .

We obtain 4 equations in the 4 unknowns c0 , c1 , c2 , c3

l5 = c0 l1 + c1 l2 + c2 l3 + c3 l4 so 1 = c0
l6 = c0 l2 + c1 l3 + c2 l4 + c3 l5 so 0 = c3
l7 = c0 l3 + c1 l4 + c2 l5 + c3 l6 so 1 = c2
l8 = c0 l4 + c1 l5 + c2 l6 + c3 l7 so 0 = c1 + c3

Thus c0 = c2 = 1 and c1 = c3 = 0 so the linear recurrence relation is li+4 = li + li+2 .