Читать книгу Security Engineering - Ross Anderson - Страница 146
5.2.1 An early stream cipher – the Vigenère
ОглавлениеThis early stream cipher is commonly ascribed to the Frenchman Blaise de Vigenère, a diplomat who served King Charles IX. It works by adding a key repeatedly into the plaintext using the convention that ‘A’ = 0, ‘B’ = 1, …, ‘Z’ = 25, and addition is carried out modulo 26 – that is, if the result is greater than 25, we subtract as many multiples of 26 as are needed to bring it into the range [0, …, 25], that is, [A, …, Z]. Mathematicians write this as
So, for example, when we add P (15) to U (20) we get 35, which we reduce to 9 by subtracting 26. 9 corresponds to J, so the encryption of P under the key U (and of U under the key P) is J, or more simply U + P = J. In this notation, Julius Caesar's system used a fixed key = D, while Augustus Caesar's used = C and Vigenère used a repeating key, also known as a running key. Techniques were developed to do this quickly, ranging from printed tables to brass cipher wheels. Whatever the technology, the encryption using a repeated keyword for the key would look as shown in Figure 5.2:
Plain | tobeornottobethatisthequestion |
Key | runrunrunrunrunrunrunrunrunrun |
Cipher | KIOVIEEIGKIOVNURNVJNUVKHVMGZIA |
Figure 5.2: Vigenère (polyalphabetic substitution cipher)
A number of people appear to have worked out how to solve polyalphabetic ciphers, from the womaniser Giacomo Casanova to the computing pioneer Charles Babbage. But the first published solution was in 1863 by Friedrich Kasiski, a Prussian infantry officer [1023]. He noticed that given a long enough piece of ciphertext, repeated patterns will appear at multiples of the keyword length.
In Figure 5.2, for example, we see ‘KIOV
’ repeated after nine letters, and ‘NU
’ after six. Since three divides both six and nine, we might guess a keyword of three letters. Then ciphertext letters one, four, seven and so on were all enciphered under the same keyletter; so we can use frequency analysis techniques to guess the most likely values of this letter, and then repeat the process for the remaining letters of the key.