| Welcome to Crypto. We hope you enjoy your visit. You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free. Join our community! If you're already a member please log in to your account to access all of our features: |
| Recognizing Ciphers | |
|---|---|
| Topic Started: Nov 12 2005, 10:23 PM (379 Views) | |
| Revelation | Nov 12 2005, 10:23 PM Post #1 |
Administrator
  ![]](http://209.85.122.85/static/1/pip_r.png)
|
In cryptanalysis, it is very important to know which cipher you are dealing with. There are several methods to tell. The purpose of this thread is to describe these methods so we can all use them. I will start with letter frequencies. If you collect all frequencies and put them in a table, there might be a couple of things you notice. First you check if there is a frequency that pops out. It is very likely that that letter is an e. But what if it isn't? This means that the letters are juggled up. So you are dealing with some kind of substitution cipher or with a shift cipher (which actually is a special case of a substitution cipher). If the letters do match with the standard table then you are most likely dealing with a transposition cipher. |
|
RRRREJMEEEEEPVKLWENFNVJKEEEEEAOLKAFKLXCFZAASDJXZTTTTTTTLSIOWJXMOKLAFJNNKFNXN RAGRBAQEMHIGDJVDSEOXVIYCELFHWLELJFIENXLRATALSJFSLCYTKLASJDKMHGOVOKAJDNMNUITN RRRRLJVEEEEECLYVYHNVPFTAEEEEEMWLMEIRNGLARWJAKJDFLWNTIERJMIPQWOTZEOCXKNUBNXCN RJIRPOWEANFUSNCZVDVZNMSFEKLOEPZLDKDJWSAAAAAAAOERHJCTNCKFRIMVKSOFOMKMANREWNBN RZUDRGXEEEEENFQIDVLQNCKNEEEEEDGLLLLLLAWIOSNCDARLODMTOEJXMILDFJROTKJSDNLVCZNN | |
 |
 
|
| insecure | Nov 12 2005, 11:42 PM Post #2 |
|
Elite member
|
What if the distribution is, for all intents and purposes, flat? |
|
|
|
| cows | Nov 13 2005, 08:31 AM Post #3 |
Advanced Member
|
Didn't you just talk about identifying Mono shifts. What happens if we had a vigenere cipher - that's a polyalphabetic shift, and frequency analysis doesn't work for those until you know the keyword - and then if the keyword is 6 letters long we go to the letter 1, 6, 11, 16 and so on. How are we supposed to know if it's a poly shift though? |
|
Everything is possible, The impossible just takes longer If we do not know what a particle is doing then it is allowed t do everything possible simultaneously. "Anyone who can contemplate Quantum Mechanics without getting dizzy, didn't understand it." | |
|
|
|
| insecure | Nov 13 2005, 08:36 AM Post #4 |
|
Elite member
|
Those figures would be for a 5-letter key, not a 6-letter key. |
|
|
|
| Revelation | Nov 13 2005, 09:33 AM Post #5 |
|
Administrator
|
The purpose of this thread is that not only I will describe identification methods, but that you describe ones too, like the Kasaki method for an example.
I don't understand what you just said. |
|
RRRREJMEEEEEPVKLWENFNVJKEEEEEAOLKAFKLXCFZAASDJXZTTTTTTTLSIOWJXMOKLAFJNNKFNXN RAGRBAQEMHIGDJVDSEOXVIYCELFHWLELJFIENXLRATALSJFSLCYTKLASJDKMHGOVOKAJDNMNUITN RRRRLJVEEEEECLYVYHNVPFTAEEEEEMWLMEIRNGLARWJAKJDFLWNTIERJMIPQWOTZEOCXKNUBNXCN RJIRPOWEANFUSNCZVDVZNMSFEKLOEPZLDKDJWSAAAAAAAOERHJCTNCKFRIMVKSOFOMKMANREWNBN RZUDRGXEEEEENFQIDVLQNCKNEEEEEDGLLLLLLAWIOSNCDARLODMTOEJXMILDFJROTKJSDNLVCZNN | |
|
|
|
| insecure | Nov 13 2005, 12:56 PM Post #6 |
|
Elite member
|
I'm not familiar with the Kasaki method. I am guessing you mean the Kasiski attack, but I could be wrong. The Kasiski attack has already been described here, hasn't it? By a "flat" distribution, I mean that all the characters in the ciphertext appear with approximately the same frequency. |
|
|
|
| cows | Nov 13 2005, 01:40 PM Post #7 |
|
Advanced Member
|
Oops yes - sorry - for a 6 letter key word it owuld be 1, 7, 13 e.t.c |
|
Everything is possible, The impossible just takes longer If we do not know what a particle is doing then it is allowed t do everything possible simultaneously. "Anyone who can contemplate Quantum Mechanics without getting dizzy, didn't understand it." | |
|
|
|
| Donald | Nov 13 2005, 05:59 PM Post #8 |
|
Elite member
|
If you have a fairly flat frequency analysis, (most letters about the same frequency), then you have a LOT of directions to go. Try a Vigenere style first, check for a period using Kasiski and IOC. If an obvious period shows up, then you start playing with the various different possibilities for this style of cipher, and hope they didn't do anything unusual. If you can't seem to find a period, then you should check digraph frequencies. You need quite a hunk of text for this to work, but with a Vigenere, the digraph frequencies should be pretty flat, but a playfair will show peaks and troughs. Of course, the problem with all of this is that it only has a chance if the encryptor didn't do anything unusual. If they did a monosub AND a transposition, or combined a vigenere and a playfair, or did a double vigenere, or any of the countless nasty variations, you are going to have a LOT more work on your hands, involving a LOT of trial and error, in order to detect the crypt type. And it could always be something else entirely. It might be a bifid, or a four square or just ANYTHING. Donald |
|
|
|
| insecure | Nov 13 2005, 06:32 PM Post #9 |
|
Elite member
|
This is basically the problem. It could be anything. That's why governments go to such lengths to find out which encryption schemes are being used. If this means rubberhosing a few low-level spies, that's what they'll do. And because governments know that other governments will go to these lengths, they never, ever choose algorithms whose efficacy will be compromised by the leaking of that information. The security belongs in the key, not the algorithm. |
|
|
|
| rot13 | Nov 14 2005, 03:44 PM Post #10 |
|
Elite member
|
The program I use for letter counts also spits out the IC. That's usually my first indicator that it might not be a monosub. After that, I use the program that does IC at each period, looking to see if there are any that stand out. Lately I have been doing Kasiski by hand just to keep in practice.
 If there is an odd number of letters, it rules out any digraph substitution (playfair, (2,3,4)-square). If there is an even number, see if there are any J's. If the cipher is based on a polybius square, J is combined with I. Of course, the cryptographer could just randomly use J for I in places an not affect the readability of the message. Still, the absence of J is a good clue. Also, an absence of doubled letters might point towards Playfair. There are cases of people doubling letters in a playfair. In those cases, the doubled PT letters show up unchanged in the CT, so if you see doubled letters that could reasonably appear doubled in a PT, it might still be a playfair Also, if there is an even number of letters, look at the frequency of the first and last letters. If the cipher is a checkerboard, the number of unique letters in the first and second positions should each be a multiple of 5 (assuming every letter was used). There was one in The Cryptogram recently that was labeled "Unknown". I was able to guess the cipher type from the crib and patterns I saw in the cipher. A crib is often a big help for eliminating possibilities. |
|
|
|
| Donald | Nov 15 2005, 04:38 AM Post #11 |
|
Elite member
|
Thanks rot13, thats a great and helpful guide! |
|
|
|
| rot13 | Nov 15 2005, 11:43 AM Post #12 |
|
Elite member
|
I forgot that a 3-square cipher has 3 CT letters for every 2 PT letters, so for those, you look for a multiple of 3. |
|
|
|
| 1 user reading this topic (1 Guest and 0 Anonymous) | |
| « Previous Topic · General · Next Topic » |
11:26 AM Nov 27
