Читать книгу Information Security - Mark Stamp - Страница 33

Suppose that Trudy intercepts the following ciphertext, which she suspects was produced by a simple substitution cipher, where the key could be any permutation of the alphabet:

(2.2)

Since it's too much work for Trudy to try all possible keys, can she be more clever? Assuming the plaintext is English, Trudy can make use of expected English letter relative frequencies in Figure 2.2 together with the frequency counts for the ciphertext, which are given in Figure 2.3.

Figure 2.2 English letter relative frequencies

From the ciphertext frequency counts in Figure 2.3, we see that “ F ″ is the most common letter in the encrypted message and, according to Figure 2.2, “ E ″ is the most common letter in the English language. Trudy therefore surmises that it's likely that “ F ″ has been substituted for “ E .″ Continuing in this manner, Trudy can try likely substitutions until she recognizes words, at which point she can be confident in her guesses.

Figure 2.3 Frequency counts for ciphertext in 2.2

Initially, the easiest word to determine might be the first word, since Trudy doesn't know where inter‐word spaces belong in the text. Since the third plaintext letter appears to be “ e ,″ and given the high frequency counts of the first two letter, Trudy might reasonably guess (correctly, as it turns out) that the first word of the plaintext is “ the .″ Making these substitutions into the remaining ciphertext, she will be able to guess more letters and the puzzle will begin to unravel. Trudy will likely make some missteps along the way, but with sensible use of the statistical information available, she will find the plaintext in considerably less time than 4450 millennia.

This attack on the simple substitution shows that a large keyspace is not sufficient to ensure security. It also shows that cipher designers must guard against clever attacks. How can we protect against attacks when new attacks are developed all the time? The answer is that we can't and, as a result, a cipher must be subjected to extensive analysis by skilled cryptographers before we can trust it—the more skilled cryptographers who have tried to break a cipher and failed, the more confidence we have in the cipher.