Chapter 3

Traditional
Symmetric-Key Ciphers

Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
3.1
 Chapter 3
Objectives
❏ To define the terms and the concepts of symmetric
key ciphers
❏ To emphasize the two categories of traditional
ciphers: substitution and transposition ciphers
❏ To describe the categories of cryptanalysis used to
break the symmetric ciphers
❏ To introduce the concepts of the stream ciphers and
block ciphers
❏ To discuss some very dominant ciphers used in the
past, such as the Enigma machine
3.2
 3-1 INTRODUCTION

Figure 3.1 shows the general idea behind a symmetric-

key cipher. The original message from Alice to Bob is
called plaintext; the message that is sent through the
channel is called the ciphertext. To create the ciphertext
from the plaintext, Alice uses an encryption algorithm
and a shared secret key. To create the plaintext from
ciphertext, Bob uses a decryption algorithm and the
same secret key.
Topics discussed in this section:
3.1.1 Kerckhoff’s Principle
3.1.2 Cryptanalysis
3.1.3 Categories of Traditional Ciphers
3.3
 ‫‪3-1 INTRODUCTION‬‬

‫‪ plain :Plaintext‬ﺑﻪ ﻣﻌﻨﻲ ﺳﺎده اﺳﺖ و ‪ plaintext‬ﺑﻪ ﻣﻌﻨﻲ ﻣﺘﻦ ﺳﺎده اﺳﺖ‪.‬‬
‫ﭘﻴﺎم اﺻﻠﻲ )ﺳﺎده( از آﻟﻴﺲ ﺑﻪ ﺑﺎب را ‪ plaintext‬ﮔﻮﻳﻨﺪ‪.‬‬
‫‪ :Ciphertext‬ﭘﻴﺎم رﻣﺰﺷﺪهاي ﻛﻪ از ﻃﺮﻳﻖ ﻳﻚ ﻛﺎﻧﺎل ﻧﺎاﻣﻦ از آﻟﻴﺲ ﺑﻪ ﺑﺎب‬
‫ارﺳﺎل ﻣﻲﺷﻮد را ‪ ciphertext‬ﮔﻮﻳﻨﺪ‪.‬‬
‫ﺑﺮاي اﻳﺠﺎد ‪ ciphertext‬از ‪ ،plaintext‬آﻟﻴﺲ از اﻟﮕﻮرﻳﺘﻢ رﻣﺰﻧﮕﺎري و ﻛﻠﻴﺪ‬
‫ﻣﺨﻔﻲ ﻣﺸﺘﺮك اﺳﺘﻔﺎده ﻣﻲﻛﻨﺪ‪.‬‬
‫ﺑﺮاي اﻳﺠﺎد ‪ plaintext‬از ‪ ،ciphertext‬ﺑﺎب از اﻟﮕﻮرﻳﺘﻢ رﻣﺰﮔﺸﺎﻳﻲ و ﻛﻠﻴﺪ ﻣﺨﻔﻲ‬
‫ﻣﺸﺘﺮك اﺳﺘﻔﺎده ﻣﻲﻛﻨﺪ‪.‬‬
‫‪Topics discussed in this section:‬‬
‫‪3.1.1 Kerckhoff’s Principle‬‬
‫‪3.1.2 Cryptanalysis‬‬
‫‪3.1.3 Categories of Traditional Ciphers‬‬
‫‪3.4‬‬
3.1 Continued

Figure 3.1 General idea of symmetric-key cipher

3.5
 3.1 Continued

Traditional symmetric-key ciphers are not used today,

but we study them for several reasons:
First, they are simpler than modern ciphers and easier to
understand.
‫ اﻳﻦ اﻟﮕﻮرﻳﺘﻢﻫﺎ آﺳﺎنﺗﺮ از اﻟﮕﻮرﻳﺘﻢﻫﺎي ﭘﻴﺸﺮﻓﺘﻪ ﻫﺴﺘﻨﺪ و درك آﻧﻬﺎ ﺳﺎدهﺗﺮ‬،‫ل‬‫او‬
.‫اﺳﺖ‬
Second, they show the basic foundation of cryptography
and encipherment: This foundation can be used to better
understand modern ciphers.
‫ اﻳﻦ ﺷﺎﻟﻮده ﺑﺮاي ﻓﻬﻢ ﺑﻬﺘﺮ‬:‫ اﻳﻦ اﻟﮕﻮرﻳﺘﻢﻫﺎ ﺷﺎﻟﻮدهي اﺻﻠﻲ رﻣﺰﻧﮕﺎري ﻫﺴﺘﻨﺪ‬،‫م‬‫دو‬
.‫اﻟﮕﻮرﻳﺘﻢﻫﺎي رﻣﺰﻧﮕﺎري ﭘﻴﺸﺮﻓﺘﻪ اﺳﺘﻔﺎده ﻣﻲﺷﻮد‬

3.6
 ‫‪3.1‬‬ ‫‪Continued‬‬
‫‪Third, they provide the rationale for using modern‬‬
‫‪ciphers, because the traditional ciphers can be easily‬‬
‫‪attacked using a computer.‬‬

‫ﺳﻮ‪‬م‪ ،‬اﻳﻦ اﻟﮕﻮرﻳﺘﻢﻫﺎ دﻟﻴﻠﻲ ﺑﺮ اﺳﺘﻔﺎده از اﻟﮕﻮرﻳﺘﻢﻫﺎي رﻣﺰﻧﮕﺎري ﭘﻴﺸﺮﻓﺘﻪ اﺳﺖ‬

‫زﻳﺮا اﻟﮕﻮرﻳﺘﻢﻫﺎي رﻣﺰ ﻧﮕﺎري ﻗﺪﻳﻤﻲ ﺑﻪ آﺳﺎﻧﻲ ﺗﻮﺳﻂ ﻛﺎﻣﭙﻴﻮﺗﺮﻫﺎ ﻣﻮرد ﺣﻤﻠﻪ ﻗﺮار‬
‫ﻣﻲﮔﻴﺮﻧﺪ‪.‬‬

‫‪3.7‬‬
 3.1 Continued
If P is the Plaintext, C is the Ciphertext, and K is the
Key,

We assume that Bob creates P1; we prove that P1 = P:

• Encryption and decryption algorithms as ciphers

• A key is a set of values (numbers) that the cipher, as
an algorithm, operates on.
3.8
 3.1 Continued

Figure 3.2 Locking and unlocking with the same key

3.9
 ‫‪3.1.1‬‬ ‫‪Kerckhoff’s Principle‬‬

‫‪Based on Kerckhoff’s principle, one should always‬‬

‫‪assume that the adversary, Eve, knows the‬‬
‫‪encryption/decryption algorithm. The resistance of the‬‬
‫‪cipher to attack must be based only on the secrecy of the‬‬
‫‪key.‬‬

‫اﺻﻞ دو‪‬م از اﺻﻮل ﺷﺶﮔﺎﻧﻪ ﻛﺮﻛﻬﻒ‪:‬‬

‫ﺟﺰﺋﻴﺎت اﻟﮕﻮرﻳﺘﻢﻫﺎي رﻣﺰﻧﮕﺎري ﺑﺎﻳﺴﺘﻲ آﺷﻜﺎرا و در دﻳﺪ ﻋﻤﻮم ﺑﺎﺷﺪ و ﻓﻘﻂ‬
‫ﻛﻠﻴﺪﻫﺎي رﻣﺰ ﺳﺮّي و ﻣﺤﺮﻣﺎﻧﻪ ﺑﺎﺷﺪ‪ .‬ﺑﻪ ﻋﺒﺎرت دﻳﮕﺮ‪ ،‬ﻣﻘﺎوﻣﺖ اﻟﮕﻮرﻳﺘﻢﻫﺎي‬
‫رﻣﺰﻧﮕﺎري و رﻣﺰﮔﺸﺎﻳﻲ در ﺑﺮاﺑﺮ ﺣﻤﻠﻪ ﺑﺎﻳﺴﺘﻲ ﺑﺮ اﺳﺎس ﺳﺮّي و ﻣﺤﺮﻣﺎﻧﻪ‬
‫ﺑﻮدن ﻛﻠﻴﺪ ﺑﺎﺷﺪ‪.‬‬

‫‪3.10‬‬
 3.1.2 Cryptanalysis

As cryptography is the science and art of creating secret

codes, cryptanalysis is the science and art of breaking
those codes.

Figure 3.3 Cryptanalysis attacks

3.11
 3.1.2 Continued
Ciphertext-Only Attack

Eve has access to only some ciphertext. She tries to find the
corresponding key and the plaintext.
‫ اﻳﻮ ﺳﻌﻲ ﻣﻲﻛﻨﺪ ﻛﻠﻴﺪ ﻣﺘﻨﺎﻇﺮ‬.‫ دﺳﺘﺮﺳﻲ دارد‬ciphertext ‫اﻳﻮ ﻓﻘﻂ ﺑﻪ ﭼﻨﺪ‬
.‫ را ﭘﻴﺪا ﻛﻨﺪ‬plaintext ‫و‬
Figure 3.4 Ciphertext-only attack

3.12
 3.1.2 Continued
Ciphertext-Only Attack

Various methods can be used in ciphertext-only attack. We

mention some common ones here:
Brute-Force Attack
In the brute-force method or exhaustive-key-search
method, Eve tries to use all possible keys.
Using brute-force attack was a difficult task in the past; it
is easier today using a computer.
To prevent this type of attack, the number of possible
keys must be very large.

3.13
 3.1.2 Continued
Ciphertext-Only Attack

Statistical Attack
The cryptanalyst can benefit from some inherent
characteristics of the plaintext language to launch a
statistical attack. or example, we know that the letter E is
the most frequently used letter in English text.
To prevent this type of attack, the cipher should hide the
characteristics of the language.

3.14
 3.1.2 Continued
Ciphertext-Only Attack

Pattern Attack
Some ciphers may hide the characteristics of the language,
but may create some patterns in the ciphertext. A
cryptanalyst may use a pattern attack to break the cipher.
Therefore, it is important to use ciphers that make the
ciphertext look as random as possible.

3.15
 3.1.2 Continued
Known-Plaintext Attack
The plaintext/ciphertext pairs have been collected earlier. For
example, Alice has sent a secret message to Bob, but she has later
made the contents of the message public.
Eve has kept both the ciphertext and the plaintext to use them to
break the next secret message from Alice to Bob, assuming that
Alice has not changed her key.

Figure 3.5 Known-plaintext attack

3.16
 3.1.2 Continued
Chosen-Plaintext Attack
The chosen-plaintext attack is similar to the known-plaintext attack,
but the plaintext/ciphertext pairs have been chosen by the attacker
herself.
This can happen, for example, if Eve has access to Alice's
computer. Figure 3.6 Chosen-plaintext attack

3.17
 3.1.2 Continued
Chosen-Ciphertext Attack
The chosen-ciphertext attack is similar to the chosen-plaintext
attack, except that Eve chooses some ciphertext and decrypts it to
form a ciphertext/plaintext pair.

Figure 3.7 Chosen-ciphertext attack

3.18
 3-2 SUBSTITUTION CIPHERS
A substitution (‫ ﺟﺎﻧﺸﺎﻧﻲ‬،‫ )ﺟﺎﻧﺸﻴﻨﻲ‬cipher replaces one
symbol with another. Substitution ciphers can be
categorized as either monoalphabetic ciphers or
polyalphabetic ciphers.
Note

A substitution cipher replaces one

symbol with another.

Topics discussed in this section:

3.2.1 Monoalphabetic Ciphres
3.2.2 Polyalphabetic Ciphers

3.19
 3.2.1 Monoalphabetic Ciphers

Note
In monoalphabetic substitution, a character (or a
symbol) in the plaintext is always changed to the
same character (or symbol) in the ciphertext
regardless of its position in the text.
In monoalphabetic substitution, the relationship
between a symbol in the plaintext to a symbol in
the ciphertext is always one-to-one. For example,
if the algorithm says that letter A in the plaintext
is changed to letter D, every letter A is changed to
letter D.

3.20
 3.2.1 Continued

Example 3.1
The following shows a plaintext and its corresponding ciphertext.
The cipher is probably monoalphabetic because both l’s (els) are
encrypted as O’s.

Example 3.2
The following shows a plaintext and its corresponding ciphertext.
The cipher is not monoalphabetic because each l (el) is encrypted
by a different character.

3.21
 3.2.1 Continued
Additive Cipher
The simplest monoalphabetic cipher is the additive cipher. This
cipher is sometimes called a shift cipher and sometimes a Caesar
cipher, but the term additive cipher better reveals its
mathematical nature.
Additive Cipher = Shift Cipher = Caesar Cipher

Figure 3.8 Plaintext and ciphertext in Z26

3.22
 3.2.1 Continued
Figure 3.9 Additive cipher

Note

When the cipher is additive, the

plaintext, ciphertext, and key are
integers in Z26.
3.23
 3.2.1 Continued
Example 3.3
Use the additive cipher with key = 15 to encrypt the message
“hello”.
Solution
We apply the encryption algorithm to the plaintext, character by
character:

Shift down 15

3.24
 3.2.1 Continued
Example 3.4

Use the additive cipher with key = 15 to decrypt the message

“WTAAD”.
Solution
We apply the decryption algorithm to the plaintext character by
character:

Shift up 15

3.25
 3.2.1 Continued
Shift Cipher and Caesar Cipher
Historically, additive ciphers are called shift ciphers. Julius Caesar
used an additive cipher to communicate with his officers. For this
reason, additive ciphers are sometimes referred to as the Caesar
cipher. Caesar used a key of 3 for his communications.

Note

Additive ciphers are sometimes referred

to as shift ciphers or Caesar cipher.

3.26
 3.2.1 Continued
Shift Cipher and Caesar Cipher
The reason is that the encryption algorithm can be interpreted as
"shift key characters down" and the decryption algorithm can be
interpreted as "shift key character up". (Go To Slides 22 & 23)
For example, if the key = 15, the encryption algorithm shifts 15
characters down (toward the end of the alphabet). The decryption
algorithm shifts 15 characters up (toward the beginning of the
alphabet). Of course, when we reach the end or the beginning of
the alphabet, we wrap around (manifestation of modulo 26).
Additive ciphers are vulnerable to ciphertext-only attacks using
exhaustive key searches method (brute-force attacks). The key
domain of the additive cipher is very small; there are only 26 keys.

3.27
 3.2.1 Continued
Example 3.5
Eve has intercepted the ciphertext “UVACLYFZLJBYL”. Show
how she can use a brute-force attack to break the cipher.
Solution
Eve tries keys from 1 to 7. With a key of 7, the plaintext is “not
very secure”, which makes sense.

3.28
 3.2.1 Continued
Shift Cipher and Caesar Cipher
Additive ciphers are also subject to statistical attacks. This is
especially true if the adversary has a long ciphertext. The
adversary can use the frequency of occurrence of characters for a
particular language.

3.29
 3.2.1 Continued
Table 3.1 Frequency of characters in English

Table 3.2 Frequency of diagrams and trigrams

http://practicalcryptography.com/
3.30
 3.2.1 Continued
Example 3.6
Eve has intercepted the following ciphertext. Using a statistical
attack, find the plaintext.

Solution
When Eve tabulates the frequency of letters in this ciphertext, she
gets: I =14, V =13, S =12, and so on. The most common character
is I with 14 occurrences. This means key = 4 (e → I).

3.31
Key = 4
 3.2.1 Continued
Multiplicative Ciphers

Figure 3.10 Multiplicative cipher

P C

Note

In a multiplicative cipher, the plaintext

and ciphertext are integers in Z26; the
key is an integer in Z26*.
3.32
 3.2.1 Continued

Example 3.7
What is the key domain for any multiplicative cipher?
Solution
The key needs to be in Z26*. This set has only 12 members: 1, 3, 5,
7, 9, 11, 15, 17, 19, 21, 23, 25.
Example 3.8
We use a multiplicative cipher to encrypt the message “hello” with
a key of 7. The ciphertext is “XCZZU”.

3.33
 3.2.1 Continued
Affine Ciphers
We can combine the additive and multiplicative ciphers to get what is called
the affine cipher -a combination of both ciphers with a pair of keys.
Figure 3.11 Affine cipher

3.34
 3.2.1 Continued
Affine Ciphers

Cryptanalysis
Ciphertext-only attack (brute-force and statistical method) and chosen-
plaintext attack.

Figure 3.11 Affine cipher

3.35
 3.2.1 Continued

Example 3.09
The affine cipher uses a pair of keys in which the first key is from
Z26* and the second key is from Z26. The size of the key domain is
26 × 12 = 312.

Example 3.10
Use an affine cipher to encrypt the message “hello” with the key
pair (7, 2).

3.36
 3.2.1 Continued

Example 3.11
Use the affine cipher to decrypt the message “ZEBBW” with the
key pair (7, 2) in modulus 26. (7-1 = 15)
Solution

Example 3.12
The additive cipher is a special case of an affine cipher in which
k1 = 1. The multiplicative cipher is a special case of affine cipher in
which k2 = 0.
3.37
 3.2.1 Continued
Monoalphabetic Substitution Cipher

Because additive, multiplicative, and affine ciphers have small key

domains, they are very vulnerable to brute-force attack.

A better solution is to create a mapping between each plaintext

character and the corresponding ciphertext character. Alice and
Bob can agree on a table showing the mapping for each character.

Figure 3.12 An example key for monoalphabetic substitution cipher

3.38
 3.2.1 Continued
Monoalphabetic Substitution Cipher

Cryptanalysis
The size of the key space for the monoalphabetic substitution
cipher is 26! (almost 4 × 1026). This makes a brute-force attack
extremely difficult for Eve even if she is using a powerful
computer. However, she can use statistical attack based on the
frequency of characters. The cipher does not change the frequency
of characters.

Figure 3.12 An example key for monoalphabetic substitution cipher

3.39
 3.2.1 Continued

Example 3.13
We can use the key in Figure 3.12 to encrypt the message

The ciphertext is

Figure 3.12 An example key for monoalphabetic substitution cipher

3.40
 3.2.2 Polyalphabetic Ciphers

In polyalphabetic substitution, each occurrence of a character

may have a different substitute. The relationship between a
character in the plaintext to a character in the ciphertext is one-to-
many.
For example, "a" could be enciphered as "D" in the beginning of
the text, but as "N" at the middle.
Polyalphabetic ciphers have the advantage of hiding the letter
frequency of the underlying language.

Autokey Cipher

3.41
 3.2.2 Polyalphabetic Ciphers
Autokey Cipher

• Autokey cipher is a simple polyalphabetic cipher.

• In this cipher, the key is a stream of subkeys, in which each
subkey is used to encrypt the corresponding character in the
plaintext.
• The first subkey is a predetermined value secretly agreed upon
by Alice and Bob. The second subkey is the value of the first
plaintext character (between 0 and 25). The third subkey is the
value of the second plaintext. And so on

Autokey Cipher

3.42
 3.2.2 Continued
Example 3.14
Assume that Alice and Bob agreed to use an autokey cipher with
initial key value k1 = 12. Now Alice wants to send Bob the message
“Attack is today”. Enciphering is done character by character.

Cryptanalysis
The autokey cipher definitely hides the single-letter frequency
statistics of the plaintext. However, it is still as vulnerable to the
brute-force attack as the additive cipher. The first subkey can be
only one of the 25 values (1 to 25).
3.43
 3.2.2 Continued
Playfair Cipher
Another example of a polyalphabetic cipher is the Playfair cipher used by the
British army during World War I. The secret key in this cipher is made of 25
alphabet letters arranged in a 5 × 5 matrix (letters I and J are considered the same
when encrypting).
Different arrangements of the letters in the matrix can create many different secret
keys. One of the possible arrangements is shown in Figure 3.13.
Figure 3.13 An example of a secret key in the Playfair cipher

3.44
 3.2.2 Continued
Playfair Cipher
Before encryption:
I. if the two letters in a pair are the same, a bogus letter is inserted to
separate them.
II. After inserting bogus letters, if the number of characters in the
plaintext is odd, one extra bogus character is added at the end to make
the number of characters even.
The cipher uses three rules for encryption:
a. If the two letters in a pair are located in the same row of the secret key,
the corresponding encrypted character for each letter is the next letter to
the right in the same row (with wrapping to the beginning of the row if
the plaintext letter is the last character in the row).
b. If the two letters in a pair are located in the same column of the secret
key, the corresponding encrypted character for each letter is the letter
beneath it in the same column (with wrapping to the beginning of the
column if the plaintext letter is the last character in the column).
c. If the two letters in a pair are not in the same row or column of the
secret, the corresponding encrypted character for each letter is a letter
that is in its own row but in the same column as the other letter.
3.45
 3.2.2 Continued
Playfair Cipher
Figure 3.13 An example of a secret key in the Playfair cipher

Example 3.15
Let us encrypt the plaintext “hello” using the key in Figure 3.13.

3.46
 3.2.2 Continued
Playfair Cipher

Cryptanalysis
Obviously a brute-force attack on a Playfair cipher is very
difficult. The size of the key domain is 25! (factorial 25). In
addition, the encipherment hides the single-letter frequency of
the characters. However, the frequencies of diagrams are
preserved (to some extent because of filler insertion), so a
cryptanalyst can use a ciphertext-only attack based on the
diagram frequency test to find the key.

3.47
 3.2.2 Continued
Vigenere Cipher

One interesting kind of polyalphabetic cipher was designed by

Blaise de Vigenere, a sixteenth-century French mathematician. A
Vigenere cipher uses a different strategy to create the key stream.
The key stream is a repetition of an initial secret key stream of
length m, where we have 1 ≤ m ≤ 26.

3.48
 3.2.2 Continued
Example 3.16
Let us see how we can encrypt the message “She is listening” using
the 6-character keyword “PASCAL”. The initial key stream is (15,
0, 18, 2, 0, 11). The key stream is the repetition of this initial key
stream (as many times as needed).

3.49
 3.2.2 Continued
Example 3.17

Vigenere cipher can be seen as combinations of m additive ciphers.

Figure 3.14 A Vigenere cipher as a combination of m additive ciphers

3.50
 3.2.2 Continued
Example 3.18
Using Example 3.18, we can say that the additive cipher is a
special case of Vigenere cipher in which m = 1.

Table 3.3
A Vigenere Tableau

3.51
 3.2.2 Continued
Vigenere Cipher (Crypanalysis)

Example 3.19
Let us assume we have intercepted the following ciphertext:

The Kasiski test for repetition of three-character segments yields

the results shown in Table 3.4.

3.52
 3.2.2 Continued
Example 3.19

Let us assume we have intercepted the following ciphertext:

The Kasiski test for repetition of three-character segments yields

the results shown in Table 3.4.

3.53
 3.2.2 Continued
Example 3.19 (Continued)
The greatest common divisor of differences is 4, which means that
the key length is multiple of 4. First try m = 4.

In this case, the plaintext makes sense.

3.54
 3.2.2 Continued
Hill Cipher
Another interesting example of a polyalphabetic cipher is the Hill cipher
invented by Lester S. Hill. Unlike the other polyalphabetic ciphers we
have already discussed, the plaintext is divided into equal-size blocks. The
blocks are encrypted one at a time in such a way that each character in
the block contributes to the encryption of other characters in the block.

The equations show that each ciphertext character such as C1 depends

on all plaintext characters in the block (P1, P2, . . ., Pm). However, we
should be aware that not all square matrices have multiplicative
inverses in Z26, so Alice and Bob should be careful in selecting the key.

3.55
 3.2.2 Continued
Hill Cipher
Figure 3.15 Key in the Hill cipher

Note
The key matrix in the Hill cipher needs to
have a multiplicative inverse.
3.56
 3.2.2 Continued
Example 3.20
For example, the plaintext “code is ready” can make a 3 × 4
matrix when adding extra bogus character “z” to the last block
and removing the spaces. The ciphertext is “OHKNIHGKLISS”.

Figure 3.16 Example 3.20

c o d e

3.57
 3.2.2 Continued
Example 3.21
Assume that Eve knows that m = 3. She has intercepted three
plaintext/ciphertext pair blocks (not necessarily from the same
message) as shown in Figure 3.17.

Figure 3.17 Example 3.21

3.58
 3.2.2 Continued
Example 3.21 (Continued)

She makes matrices P and C from these pairs. Because P is

invertible, she inverts the P matrix and multiplies it by C to get the
K matrix as shown in Figure 3.18.
Figure 3.18 Example 3.21

Now she has the key and can break any ciphertext encrypted with
that key.
3.59
 3.2.2 Continued
One-Time Pad

One of the goals of cryptography is perfect secrecy. A

study by Shannon has shown that perfect secrecy can be
achieved if each plaintext symbol is encrypted with a key
randomly chosen from a key domain. This idea is used in
a cipher called one-time pad, invented by Vernam.
A one-time pad is a perfect cipher, but it is almost
impossible to implement commercially. If the key must
be newly generated each time, how can Alice tell Bob the
new key each time she has a message to send?

3.60
 3.2.2 Continued
Rotor Cipher

Figure 3.19 A rotor cipher

3.61
 3.2.2 Continued
Enigma Machine

Figure 3.20 A schematic of the Enigma machine

3.62
 3-3 TRANSPOSITION CIPHERS
A transposition (‫ )ﺟﺎﺑﺠﺎﻳﻲ‬cipher does not substitute one
symbol for another, instead it changes the location of
the symbols.
A symbol in the first position of the plaintext may
appear in the tenth position of the ciphertext.

Note
A transposition cipher reorders symbols.

Topics discussed in this section:

3.3.1 Keyless Transposition Ciphers
3.3.2 Keyed Transposition Ciphers
3.3.3 Combining Two Approaches
3.63
 3.3.1 Keyless Transposition Ciphers

Simple transposition ciphers, which were used in the

past, are keyless.

There are two methods for permutation of characters:

 In the first method, the text is written into a table column by
column and then transmitted row by row.
 In the second method, the text is written into the table row by row
and then transmitted column by column.

3.64
 3.3.1 Keyless Transposition Ciphers
Example 3.22

A good example of a keyless cipher using the first method is the

rail fence cipher. In this cipher, the plaintext is arranged in two
lines as a zigzag pattern (which means column by column);The
ciphertext is created reading the pattern row by row. For example,
to send the message “Meet me at the park” to Bob, Alice writes

She then creates the ciphertext “MEMATEAKETETHPR”.

.‫ را ﻣﻲﻧﻮﻳﺴﻴﻢ و ﺳﭙﺲ ﺳﻄﺮ ﺑﻪ ﺳﻄﺮ ارﺳﺎل ﻣﻲﻛﻨﻴﻢ‬plaintext ‫ﺳﺘﻮن ﺑﻪ ﺳﺘﻮن‬

3.65
 3.3.1 Continued
Example 3.23

Alice and Bob can agree on the number of columns and use the
second method. Alice writes the same plaintext, row by row, in a
table of four columns.

She then creates the ciphertext “MMTAEEHREAEKTTP”.

،alice ‫ ﻗﺮار ﻣﻲﮔﻴﺮد ﺳﭙﺲ‬bob ‫ و‬alice ‫اﺑﺘﺪا ﺗﻌﺪاد ﺳﺘﻮن ﻣﻮرد ﺗﻮاﻓﻖ ﺑﻴﻦ‬
‫ را ﺑﻪ ﺻﻮرت ﺳﻄﺮ ﺑﻪ ﺳﻄﺮ ﻧﻮﺷﺘﻪ و ﺑﻪ ﺻﻮرت ﺳﺘﻮن ﺑﻪ ﺳﺘﻮن ارﺳﺎل‬plaintext
.‫ﻣﻲﻛﻨﺪ‬
3.66
 3.3.1 Continued
Example 3.24

The cipher in Example 3.23 is actually a transposition cipher. The

following shows the permutation of each character in the plaintext
into the ciphertext based on the positions.
m e e t m e a t t h e p a r k

M M T A E E H R E A E K T T P
The second character in the plaintext has moved to the fifth
position in the ciphertext; the third character has moved to the
ninth position; and so on. Although the characters are permuted,
there is a pattern in the permutation: (01, 05, 09, 13), (02, 06, 10,
14), (03, 07, 11, 15), and (04, 08, 12). In each section, the difference
between the two adjacent numbers is 4.
3.67
 3.3.2 Keyed Transposition Ciphers

The keyless ciphers permute the characters by using

writing plaintext in one way and reading it in another
way The permutation is done on the whole plaintext to
create the whole ciphertext.
‫ ﺑﺎ ﻳﻚ‬plaintext ‫اﻟﮕﻮرﻳﺘﻢ رﻣﺰﻧﮕﺎري ﺑﺪون ﻛﻠﻴﺪ ﻛﺎراﻛﺘﺮﻫﺎ را ﺑﺎ اﺳﺘﻔﺎده از ﻧﻮﺷﺘﻦ‬
‫ﻋﻤﺎل ﺟﺎﺑﺠﺎﻳﻲ روي ﺳﺮﺗﺎﺳﺮ‬‫ ا‬.‫روش و ﺧﻮاﻧﺪن آن ﺑﺎ روش دﻳﮕﺮ ﺟﺎﺑﺠﺎ ﻣﻲﻛﻨﺪ‬
.‫ را اﻳﺠﺎد ﻣﻲﻛﻨﺪ‬ciphertext ،plaintext
Another method (keyed transposition ciphers) is to
divide the plaintext into groups of predetermined size,
called blocks, and then use a key to permute the
characters in each block separately.
‫ را ﺑﻪ‬plaintext ‫روش دﻳﮕﺮ )اﻟﮕﻮرﻳﺘﻢ رﻣﺰﻧﮕﺎري ﺟﺎﺑﺠﺎﻳﻲ ﻫﻤﺮاه ﻛﻠﻴﺪ( اﻳﻦ اﺳﺖ ﻛﻪ‬
‫ ﺗﻘﺴﻴﻢ ﻛﻨﻴﻢ و‬،‫ﮔﺮوهﻫﺎﻳﻲ ﺑﺎ ﺳﺎﻳﺰﻫﺎي از ﻗﺒﻞ ﺗﻌﻴﻴﻦ ﺷﺪه ﻛﻪ ﺑﻪ آﻧﻬﺎ ﺑﻠﻮك ﻣﻲﮔﻮﻳﻴﻢ‬
.‫ﺳﭙﺲ از ﻳﻚ ﻛﻠﻴﺪ ﺑﺮاي ﺟﺎﺑﺠﺎﻳﻲ ﻛﺎراﻛﺘﺮﻫﺎ در ﻫﺮ ﺑﻠﻮك اﺳﺘﻔﺎده ﻛﻨﻴﻢ‬
3.68
 3.3.2 Continued
Example 3.25

Alice needs to send the message “Enemy attacks tonight” to Bob..

The key used for encryption and decryption is a permutation key,

which shows how the character are permuted.

The permutation yields

3.69
 ‫‪3.3.3 Combining Two Approaches‬‬

‫‪Example 3.26‬‬
‫‪Figure 3.21‬‬

‫ﺳﺘﻮن ﺳﻮم ﻣﻴﺮه‬ ‫ﺳﺘﻮن او‪‬ل ﻣﻴﺮه‬

‫ﺟﺎي ﺳﺘﻮن او‪‬ل‪،‬‬ ‫ﺟﺎي ﺳﺘﻮن ﺳﻮ‪‬م‪،‬‬
‫ﺳﺘﻮن او‪‬ل ﻣﻴﺮه‬ ‫ﺳﺘﻮن دو‪‬م ﻣﻴﺮه‬
‫ﺟﺎي ﺳﺘﻮن دو‪‬م و‪...‬‬ ‫ﺟﺎي ﺳﺘﻮن او‪‬ل و‪...‬‬

‫‪3.70‬‬
 3.3.3 Continued
Keys

In Example 3.27, a single key was used in two directions for the
column exchange: downward for encryption, upward for
decryption. It is customary to create two keys.

‫ ﻓﻠﺶ رو ﺑﻪ ﭘﺎﻳﻴﻦ‬.‫در ﻣﺜﺎل ﻗﺒﻞ ﻣﺎ از ﻳﻚ ﻛﻠﻴﺪ ﺑﺮاي ﻫﺮ دو ﻃﺮف اﺳﺘﻔﺎده ﻣﻲﻛﺮدﻳﻢ‬

‫ اﻣﺎ روش ﻣﺮﺳﻮم اﻳﻦ اﺳﺖ ﻛﻪ از دو‬.‫ ﻓﻠﺶ رو ﺑﻪ ﺑﺎﻻ ﺑﺮاي رﻣﺰﮔﺸﺎﻳﻲ‬،‫ﺑﺮاي رﻣﺰﻧﮕﺎري‬
.‫ﻛﻠﻴﺪ اﺳﺘﻔﺎده ﻛﻨﻴﻢ ﻳﻜﻲ ﺑﺮاي رﻣﺰﻧﮕﺎري و ﻳﻜﻲ ﺑﺮاي رﻣﺰﮔﺸﺎﻳﻲ‬

Figure 3.22 Encryption/decryption keys in transpositional ciphers

1 2 3 4 1 2 3 4

3.71
 3.3.3 Continued

Figure 3.23 Key inversion in a transposition cipher

3.72
 3.3.3 Continued
Figure 3.23 Key inversion in a transposition cipher

Index 1 2 3 4 5 6 7

Encryption 2 6 3 1 4 7 5
key

Decryption 4 1 3 5 7 2 6
key

index ‫ ﻣﻴﺮه ﺑﻪ‬1 ‫ اﺳﺖ ﭘﺲ ﻋﺪد‬1 ‫ ﺷﻤﺎرهي‬index ‫ در‬2 ‫ﻋﺪد‬

.2 ‫ﺷﻤﺎرهي‬

3.73
 3.3.3 Continued
Using Matrices
We can use matrices to show the encryption/decryption process
for a transposition cipher.

Example 3.27

Figure 3.24 Representation of the key as a matrix in the transposition cipher

e n e m y E E M Y N

3.74
 3.3.3 Continued
Example 3.27
Figure 3.24 shows the encryption process. Multiplying the 4 × 5
plaintext matrix by the 5 × 5 encryption key gives the 4 × 5
ciphertext matrix.

Figure 3.24 Representation of the key as a matrix in the transposition cipher

e n e m y E E M Y N

3.75
 3.3.3 Continued
Double Transposition Ciphers
Figure 3.25 Double transposition cipher

3.76
 3-4 STREAM AND BLOCK CIPHERS

The literature divides the symmetric ciphers into two

broad categories: stream ciphers and block ciphers.
Although the definitions are normally applied to
modern ciphers, this categorization also applies to
traditional ciphers.

Topics discussed in this section:

3.4.1 Stream Ciphers
3.4.2 Block Ciphers
3.4.3 Combination

3.77
 3.4.1 Stream Ciphers

Call the plaintext stream P, the ciphertext stream C, and

the key stream K.

Figure 3.26 Stream cipher

3.78
 3.4.1 Continued
 Characters in the plaintext are fed into the encryption
algorithm, one at a time.
 The ciphertext characters are also created one at a time.
 The key stream, can be created in many ways:
 It may be a stream of predetermined values.
 It may be created one value at a time using an algorithm.
:‫ﺟﺮﻳﺎن ﻛﻠﻴﺪ ﺗﻮﺳﻂ روشﻫﺎي ﻣﺘﻔﺎوت اﻳﺠﺎد ﺷﻮد‬
.‫ ﺟﺮﻳﺎن ﻛﻠﻴﺪ ﻣﻤﻜﻦ اﺳﺖ ﻳﻚ ﺟﺮﻳﺎن از ﻣﻘﺎدﻳﺮ از ﻗﺒﻞ ﺗﻌﻴﻴﻦ ﺷﺪه ﺑﺎﺷﺪ‬
.‫ ﻳﺎ ﻣﻤﻜﻦ اﺳﺖ ﻫﺮ ﻣﻘﺪار از ﺟﺮﻳﺎن ﻛﻠﻴﺪ ﺑﻪ ﺻﻮرت ﻳﻜﻲ ﻳﻜﻲ و ﺗﻮﺳﻂ اﻟﮕﻮرﻳﺘﻢ اﻳﺠﺎد ﮔﺮدد‬

3.79
 3.4.1 Continued

Example 3.30
Additive ciphers can be categorized as stream ciphers in which the
key stream is the repeated value of the key. In other words, the
key stream is considered as a predetermined stream of keys or
K = (k, k, …, k). In this cipher, however, each character in the
ciphertext depends only on the corresponding character in the
plaintext, because the key stream is generated independently.

Example 3.31
The monoalphabetic substitution ciphers discussed in this chapter
are also stream ciphers. However, each value of the key stream in
this case is the mapping of the current plaintext character to the
corresponding ciphertext character in the mapping table.
3.80
 3.4.1 Continued
Example 3.32
Vigenere ciphers are also stream ciphers according to the
definition. In this case, the key stream is a repetition of m values,
where m is the size of the keyword. In other words,

Example 3.33
We can establish a criterion to divide stream ciphers based on
their key streams. We can say that a stream cipher is a
monoalphabetic cipher if the value of ki does not depend on the
position of the plaintext character in the plaintext stream;
otherwise, the cipher is polyalphabetic.
‫ ﺑﻪ‬ki ‫ اﻟﮕﻮرﻳﺘﻢ رﻣﺰﻧﮕﺎري ﺗﻚ ﺣﺮﻓﻲ اﺳﺖ اﮔﺮ ﻣﻘﺪار‬،‫ﻳﻚ اﻟﮕﻮرﻳﺘﻢ رﻣﺰﻧﮕﺎري ﺟﺮﻳﺎﻧﻲ‬
‫ واﺑﺴﺘﻪ ﻧﺒﺎﺷﺪ در ﻏﻴﺮ اﻳﻨﺼﻮرت اﻳﻦ‬plaintext ‫ در ﭘﻴﺎم‬plaintext ‫ﻣﻮﻗﻌﻴﺖ ﻛﺎراﻛﺘﺮ‬
.‫اﮔﻮرﻳﺘﻢ رﻣﺰﻧﮕﺎري ﭼﻨﺪ ﺣﺮﻓﻲ اﺳﺖ‬
3.81
 3.4.1 Continued
Example 3.33 (Continued)

 Additive ciphers are definitely monoalphabetic because ki in the

key stream is fixed; it does not depend on the position of the
character in the plaintext.

 Monoalphabetic substitution ciphers are monoalphabetic

because ki does not depend on the position of the corresponding
character in the plaintext stream; it depends only on the value of
the plaintext character.

 Vigenere ciphers are polyalphabetic ciphers because ki

definitely depends on the position of the plaintext character.
However, the dependency is cyclic. The key is the same for two
characters m positions apart.

3.82
 3.4.2 Stream Ciphers

In a block cipher, a group of plaintext symbols of size m

(m > 1) are encrypted together creating a group of
ciphertext of the same size. A single key is used to
encrypt the whole block even if the key is made of
multiple values. Figure 3.27 shows the concept of a block
cipher.
Figure 3.27 Block cipher

3.83
 3.4.2 Continued

Example 3.34
Playfair ciphers are block ciphers. The size of the block is m = 2.
Two characters are encrypted together.
Example 3.35
Hill ciphers are block ciphers. A block of plaintext, of size 2 or
more is encrypted together using a single key (a matrix). In these
ciphers, the value of each character in the ciphertext depends on
all the values of the characters in the plaintext. Although the key is
made of m × m values, it is considered as a single key.
Example 3.36
From the definition of the block cipher, it is clear that every block
cipher is a polyalphabetic cipher because each character in a
ciphertext block depends on all characters in the plaintext block.
3.84
 3.4.3 Combination

In practice, blocks of plaintext are encrypted

individually, but they use a stream of keys to encrypt the
whole message block by block. In other words, the cipher
is a block cipher when looking at the individual blocks,
but it is a stream cipher when looking at the whole
message considering each block as a single unit.
‫ﺎ اﻳﻦ ﺑﻠﻮكﻫﺎ‬‫ ﺑﻪ ﻃﻮر ﻣﺠﺰا رﻣﺰ ﻣﻲﺷﻮﻧﺪ اﻣ‬plaintext ‫ ﺑﻠﻮكﻫﺎي‬،‫در ﻋﻤﻞ‬
‫از ﺟﺮﻳﺎﻧﻲ از ﻛﻠﻴﺪﻫﺎ ﺑﺮاي رﻣﺰﻛﺮدن ﺑﻠﻮك ﺑﻪ ﺑﻠﻮك ﭘﻴﺎمﻫﺎ اﺳﺘﻔﺎده‬
‫ وﻗﺘﻲﻛﻪ ﺑﻪ ﻳﻚ ﺑﻠﻮك ﺑﻪ ﺻﻮرت ﻣﺠﺰا ﻧﮕﺎه ﻛﻨﻴﻢ‬،‫ ﺑﻪ ﺑﻴﺎن دﻳﮕﺮ‬.‫ﻣﻲﻛﻨﻨﺪ‬
‫ﺎ وﻗﺘﻲﻛﻪ ﺑﻪ ﻛﻞ ﭘﻴﺎم ﻧﮕﺎه ﻛﻨﻴﻢ )ﻫﺮ‬‫اﻟﮕﻮرﻳﺘﻢ رﻣﺰﻧﮕﺎري ﺑﻠﻮﻛﻲ اﺳﺖ اﻣ‬
‫ﺑﻠﻮك ﺑﻪ ﻋﻨﻮان ﻳﻚ واﺣﺪ ﻣﺴﺘﻘﻞ( ﻧﮕﺎه ﻛﻨﻴﻢ اﻟﮕﻮرﻳﺘﻢ رﻣﺰﻧﮕﺎري ﺟﺮﻳﺎﻧﻲ‬
.‫اﺳﺖ‬
3.85