Better to know some
... than all
Polyalphabetic substitutions and Vigen'ere ciphers
A simple substitution cipher involves a single mapping of the plaintext alphabet onto ciphertext characters. A more complex alternative is to use different substitution mappings (called multiple alphabets) on various portions of the plaintext. This results in so-called polyalphabetic substitution.
In the simplest case, the different alphabets are used sequentially and then repeated, so the position of each plaintext character in the source string determines which mapping is applied to it. Under different alphabets, the same plaintext character is thus encrypted to different ciphertext characters, precluding simple frequency analysis as per mono-alphabetic substitution.
Definition: A simple Vigen'ere cipher of period t, over an s-character alphabet, involves a t-character key k,1 k2 …. kt. The mapping of plaintext m = m1m2m3….. to ciphertext c = c1c2c3….. is defined on individual characters by ci = mi+ki mod s, where subscript i in ki is taken modulo t (the key is re-used).
The simple Vigen'ere uses t shift ciphers, defined by t shift values ki, each specifying one of s (mono-alphabetic) substitutions; ki is used on the characters in position i, i + s, i + 2s,…. In general, each of the t substitutions is different; this is referred to as using t alphabets rather than a single substitution mapping. The shift cipher is a simple Vigen'ere with period t = 1.
Beaufort variants of Vigen'ere: Compared to the simple Vigen'ere mapping ci = mi + ki mod s, the Beaufort cipher has ci = ki- mi mod s, and is its own inverse. The variant Beaufort has encryption mapping ci = mi- ki mod s.
Compound Vigen'ere: The compound Vigen'ere has encryption mapping ci = mi + (k1i + k2i +…+ kri) mod s, where in general the keys kj , 1 <= j <= r, have distinct periods tj , and the subscript i in kij , indicating the ith character of kj , is taken modulo tj . This corresponds to the sequential application of r simple Vigen'eres, and is equivalent to a simple Vigen'ere of period lcm(t1,…,tr).
Fact: A running-key cipher can be strengthened by successively enciphering plaintext under two or more distinct running keys. For typical English plaintext and running keys, it can be shown that iterating four such encipherments appears unbreakable. An auto-key cipher is a cipher wherein the plaintext itself serves as the key (typically subsequent to the use of an initial priming key).
Auto-key Vigen'ere: In a running-key Vigen'ere with an s-character alphabet, define a priming key k = k1k2 …. kt. Plaintext characters mi are encrypted as ci = mi + ki mod s for 1 <= i <= t (simplest case: t = 1). For i > t, ci = (mi + mi-t) mod s. An alternative involving more keying material is to replace the simple shift by a full Vigen'ere with permutations ei, 1 <= i <= s, defined by the key ki or character mi: for 1 <= i <= t, ci = eki(mi), and for i > t, ci = emi-t(mi).
An alternative to Example is to auto-key a cipher using the resulting ciphertext as the key: for example, for i > t, ci = (mi + ci-t) mod s. This, however, is far less desirable, as it provides an eavesdropping cryptanalyst the key itself.
Vernam viewed as a Vigen'ere: Consider a simple Vigen'ere defined by ci = mi +ki mod s. If the keystream is truly random and independent - as long as the plaintext and never repeated - this yields the unconditionally secure Vernam cipher, generalized from a binary to an arbitrary alphabet.