i i “CryptoBook” — 2009/5/13 — 10:49 — page 1 — #1 i i Elementary Cryptanalysis A Mathematical Approach Second Edition i i i i Second Edition ©2009 by The Mathematical Association of America (Incorporated) Library of Congress Catalog Card Number 2009927623 Print ISBN 978-0-88385-647-5 Electronic ISBN 978-0-88385-937-7 Printed in the United States of America Current Printing (last digit): 10 9 8 7 6 5 4 3 2 1 i i “CryptoBook” — 2009/5/13 — 10:49 — page 3 — #3 i i Elementary Cryptanalysis A Mathematical Approach Second Edition Abraham Sinkov Revised andUpdatedby Todd Feil ® PublishedandDistributedby TheMathematicalAssociationofAmerica i i i i (cid:1) (cid:1) “Main” — 2009/5/13 — 15:41 — page 4 — #4 (cid:1) (cid:1) ANNELILAXNEWMATHEMATICALLIBRARY PUBLISHEDBY THEMATHEMATICALASSOCIATIONOFAMERICA EditorialBoard HaroldP.Boas,Editor SteveAbbott MichaelE.Boardman GailA.Kaplan KatherineS.Socha (cid:1) (cid:1) (cid:1) (cid:1) (cid:1) (cid:1) “Main” — 2009/5/13 — 15:41 — page 5 — #5 (cid:1) (cid:1) ANNELILAXNEWMATHEMATICALLIBRARY 1. Numbers:RationalandIrrationalbyIvanNiven 2. WhatisCalculusAbout?byW.W.Sawyer 3. AnIntroductiontoInequalitiesbyE.F.BeckenbachandR.Bellman 4. GeometricInequalitiesbyN.D.Kazarinoff 5. The Contest Problem Book I Annual High School Mathematics Examinations 1950–1960.CompiledandwithsolutionsbyCharlesT.Salkind 6. TheLoreofLargeNumbersbyP.J.Davis 7. UsesofInfinitybyLeoZippin 8. GeometricTransformationsIbyI.M.Yaglom,translatedbyA.Shields 9. ContinuedFractionsbyCarlD.Olds 10. (cid:1) ReplacedbyNML-34 11. HungarianProblemBooksIandII,BasedontheEo¨tvo¨sCompetitions 12. 1894–1905and1906–1928,translatedbyE.Rapaport 13. EpisodesfromtheEarlyHistoryofMathematicsbyA.Aaboe 14. GroupsandTheirGraphsbyE.GrossmanandW.Magnus 15. TheMathematicsofChoicebyIvanNiven 16. FromPythagorastoEinsteinbyK.O.Friedrichs 17. The Contest Problem Book II AnnualHighSchoolMathematicsExaminations 1961–1965.CompiledandwithsolutionsbyCharlesT.Salkind 18. FirstConceptsofTopologybyW.G.ChinnandN.E.Steenrod 19. GeometryRevisitedbyH.S.M.CoxeterandS.L.Greitzer 20. InvitationtoNumberTheorybyOysteinOre 21. GeometricTransformationsIIbyI.M.Yaglom,translatedbyA.Shields 22. ElementaryCryptanalysis—AMathematicalApproach,SecondEditionby A.Sinkov,revisedandupdatedbyToddFeil 23. IngenuityinMathematicsbyRossHonsberger 24. GeometricTransformationsIIIbyI.M.Yaglom,translatedbyA.Shenitzer 25. TheContestProblemBookIIIAnnualHighSchoolMathematicsExaminations 1966–1972.CompiledandwithsolutionsbyC.T.SalkindandJ.M.Earl 26. MathematicalMethodsinSciencebyGeorgePo´lya 27. International Mathematical Olympiads—1959–1977. Compiled and with solutionsbyS.L.Greitzer 28. TheMathematicsofGamesandGambling,SecondEditionbyEdwardW. Packel 29. TheContestProblemBookIVAnnualHighSchoolMathematicsExaminations 1973–1982. Compiled and with solutions by R. A. Artino, A. M. Gaglione, andN.Shell 30. TheRoleofMathematicsinSciencebyM.M.SchifferandL.Bowden 31. InternationalMathematicalOlympiads1978–1985andfortysupplementary problems.CompiledandwithsolutionsbyMurrayS.Klamkin 32. RiddlesoftheSphinxbyMartinGardner 33. U.S.A.MathematicalOlympiads1972–1986.Compiledandwithsolutions byMurrayS.Klamkin 34. Graphs and Their Uses by Oystein Ore. Revised and updated by Robin J. Wilson (cid:1) (cid:1) (cid:1) (cid:1) (cid:1) (cid:1) “Main” — 2009/5/13 — 15:41 — page 6 — #6 (cid:1) (cid:1) 35. ExploringMathematicswithYourComputerbyArthurEngel 36. GameTheoryandStrategybyPhilipD.Straffin,Jr. 37. Episodes in Nineteenth and Twenthieth Century Euclidean Geometry by RossHonsberger 38. TheContestProblemBookVAmericanHighSchoolMathematicsExaminations andAmericanInvitationalMathematicsExaminations1983–1988.Compiledand augmentedbyGeorgeBerzsenyiandStephenB.Maurer 39. OverandOverAgainbyGengzheChangandThomasW.Sederberg 40. TheContestProblemBookVIAmericanHighSchoolMathematicsExaminations 1989–1994.CompiledandaugmentedbyLeoJ.Schneider 41. The Geometry of Numbers by C. D. Olds, Anneli Lax, and Giuliana P. Davidoff 42. Hungarian Problem Book III Based on the Eo¨tvo¨s Competitions 1929–1943 translatedbyAndyLiu 43. MathematicalMiniaturesbySvetoslavSavchevandTituAndreescu 44. GeometricTransformationsIVbyI.M.Yaglom,translatedbyA.Shenitzer Othertitlesinpreparation. Booksmaybeorderedfrom: MAAServiceCenter P.O.Box91112 Washington,DC20090-1112 1-800-331-1622 fax:301-206-9789 (cid:1) (cid:1) (cid:1) (cid:1) (cid:1) (cid:1) “Main” — 2009/5/13 — 15:41 — page vii — #7 (cid:1) (cid:1) Contents PrefacetotheFirstEdition ix PrefacetotheSecondEdition xiii 1 MonoalphabeticCiphersUsingAdditiveAlphabets 1 1.1 TheCaesarCipher. . . . . . . . . . . . . . . . . . . . . 1 1.2 Modulararithmetic . . . . . . . . . . . . . . . . . . . . 3 1.3 Additivealphabets. . . . . . . . . . . . . . . . . . . . . 6 1.4 Solutionofadditivealphabets . . . . . . . . . . . . . . . 9 1.5 Frequencyconsiderations . . . . . . . . . . . . . . . . . 12 1.6 Multiplications . . . . . . . . . . . . . . . . . . . . . . 17 1.7 Solutionofmultiplicativealphabets . . . . . . . . . . . 22 1.8 Affineciphers . . . . . . . . . . . . . . . . . . . . . . . 26 2 GeneralMonoalphabeticSubstitution 31 2.1 Mixedalphabets . . . . . . . . . . . . . . . . . . . . . . 31 2.2 Solutionofmixedalphabetciphers . . . . . . . . . . . . 34 2.3 Solutionoffive-lettergroupings . . . . . . . . . . . . . 40 2.4 Monoalphabetswithsymbols . . . . . . . . . . . . . . . 47 3 PolyalphabeticSubstitution 51 3.1 Polyalphabeticciphers . . . . . . . . . . . . . . . . . . 51 3.2 Recognitionofpolyalphabeticciphers . . . . . . . . . . 54 3.3 Determinationofnumberofalphabets . . . . . . . . . . 62 3.4 Solutionsofadditivesubalphabets . . . . . . . . . . . . 66 3.5 Mixedplainsequences . . . . . . . . . . . . . . . . . . 70 3.6 Matchingalphabets . . . . . . . . . . . . . . . . . . . . 73 3.7 Reductiontoamonoalphabet . . . . . . . . . . . . . . . 83 3.8 Mixedciphersequences . . . . . . . . . . . . . . . . . . 84 3.9 Generalcomments . . . . . . . . . . . . . . . . . . . . 99 vii (cid:1) (cid:1) (cid:1) (cid:1) (cid:1) (cid:1) “Main” — 2009/5/13 — 15:41 — page viii — #8 (cid:1) (cid:1) viii Contents 4 PolygraphicSystems 103 4.1 LinearTransformations . . . . . . . . . . . . . . . . . . 103 4.2 Multiplicationofmatrices—inverses . . . . . . . . . . . 110 4.3 Involutorytransformations . . . . . . . . . . . . . . . . 115 4.4 Recognitionofdigraphicciphers . . . . . . . . . . . . . 118 4.5 Solutionofalineartransformation . . . . . . . . . . . . 119 4.6 HowtomaketheHillSystemmoresecure . . . . . . . . 127 5 Transposition 129 5.1 Columnartransposition . . . . . . . . . . . . . . . . . . 129 5.2 Completelyfilledrectangles . . . . . . . . . . . . . . . 135 5.3 Incompletelyfilledrectangles . . . . . . . . . . . . . . . 138 5.4 Probablewordmethod . . . . . . . . . . . . . . . . . . 140 5.5 Generalcase . . . . . . . . . . . . . . . . . . . . . . . . 145 5.6 Identicallengthmessages . . . . . . . . . . . . . . . . . 153 6 RSAEncryption 159 6.1 Public-keyencryption . . . . . . . . . . . . . . . . . . . 159 6.2 TheRSAmethod . . . . . . . . . . . . . . . . . . . . . 160 6.3 CreatingtheRSAkeys . . . . . . . . . . . . . . . . . . 162 6.4 WhyRSAworks—Fermat’sLittleTheorem . . . . . . . 163 6.5 Computationalconsiderations. . . . . . . . . . . . . . . 166 6.6 MapleandMathematicaforRSA . . . . . . . . . . . . . 171 6.7 BreakingRSAandsignatures . . . . . . . . . . . . . . . 175 7 PerfectSecurity—One-timePads 179 7.1 One-timepads . . . . . . . . . . . . . . . . . . . . . . . 179 7.2 Pseudo-randomnumbergenerators . . . . . . . . . . . . 181 AppendixA:Tables 185 AppendixB:ASCIICodes 191 AppendixC:BinaryNumbers 193 SolutionstoExercises 197 FurtherReadings 205 Index 207 AbouttheAuthors 211 (cid:1) (cid:1) (cid:1) (cid:1) (cid:1) (cid:1) “Main” — 2009/5/13 — 15:41 — page ix — #9 (cid:1) (cid:1) Preface to the First Edition Toaverygreatextent,mankindowesitsprogresstotheabilitytocommu- nicate,andakeyaspectinthisabilityisthecapabilityofcommunicatingin writing.Fromtheearliestdaysofwriting,therehavebeenoccasionswhen individuals have desired to limit their information to a restricted group of people.Theyhadsecretstheywantedtokeep.Tothisend,suchindividuals developed ideas by means of which their communications could be made unintelligibletothosewhohadnotbeenprovidedwiththespecialinforma- tion needed for decipherment. The general techniques used to accomplish such a purpose, i.e. the hiding of the meaning of messages, constitute the studyknownascryptography. Before the development of postal systems and electrical transmission ofinformation,theusualmannerofsendingacommunicationwasbypri- vatemessenger.Evenunderthesecircumstancestheuseoftheconcealment tactics of cryptography was often advisable because of the possibility that the messenger might be apprehended or prove disloyal. In recent times a messagetransmittedbyradiocouldbecopiedbyanyonehavingappropri- ateequipmentandlisteningtotherightfrequencyattherighttime.Insuch a case, a sender desiring privacy of communication would be required to employsomemethodofcryptographicconcealment. Now, just as the sender of the message attempted to conceal informa- tion from any but the desired recipient, there would be individuals very muchinterestedindeterminingwhatthemessagesaid—mostprobablythe veryindividualsfromwhomthesenderwastryingtokeeptheinformation. Shouldsuchindividualsobtain—inonewayoranother—acopyofthecryp- tographedmessage,theywouldattempttounravelthesecretitcarried.But ofcoursetheirattemptwouldhavetobemadewithoutaknowledgeofthe cryptographic details employed tohide the content. Efforts aimed at read- ingasecretmessageinthiswaycomeundertheheadingofthestudycalled cryptanalysis. Historyaboundswithaccountsofsituationswheresuccessfulcryptanal- ysis proved a most important element in achieving diplomatic successes, ix (cid:1) (cid:1) (cid:1) (cid:1)