Cryptology: Monoalphabetic Substitution in Perl

Cryptology

Monoalphabetic Substitution in Perl

a7Hzq .#5r< kÜ\as TâÆK$ ûj(Ö2 ñw%h: Úk{4R f~`z8 ¤˜Æ+Ô „&¢Dø

Programming the procedures of classic cryptography is especially easy in the programming language Perl. Perl interpreters ready for implementation are available [external link] here for all relevant operating systems.

Here you find some explanations on Perl (a crash course) that should help in understanding of the following program chunks.

Translation Tables in Perl

Perl provides a very convenient treatment of character strings. In particular the monoalphabetic substitution is built in as operator tr. It transforms strings according to a given translation table (for an alphabet consisting of printable ASCII characters).

Example: The monoalphabetic substitution

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Q W E R T Z U I O P A S D F G H J K L Y X C V B N M

is in the Perl directive

tr/ABCDEFGHIJKLMNOPQRSTUVWXYZ/QWERTZUIOPASDFGHJKLYXCVBNM/;

or even shorter:

tr/A-Z/QWERTZUIOPASDFGHJKLYXCVBNM/;

Question: Why shouldn't you use this permutation as a key?

The Program - Simplest Version

The complete program—including standard input and output—with a fixed built-in key is this:

while (<>) {                          # Read input line,
  tr/A-Z/QWERTZUIOPASDFGHJKLYXCVBNM/; # translate using key,
  print;                              # and print.
  }

To get somewhat more freedom we put the key into a variable. Then for the correct effect of the tr operator the directive must be wrapped by the eval function that generates the translation table at runtime:

$permut = "QWERTZUIOPASDFGHJKLYXCVBNM"; # Hard coded key
while (<>) {                          # Read input line,
  eval "tr /A-Z/$permut/";            # translate using key,
  print;                              # and print.
  }

And this is the corresponding decryption program:

$permut = "QWERTZUIOPASDFGHJKLYXCVBNM"; # Hard coded key
while (<>) {                          # Read input line,
  eval "tr/$permut/A-Z/";             # translate using key,
  print;                              # and print.
  }

Attention! Note a security problem that you as a future professional security expert should know:

You never must input an unchecked string to the Perl function eval—likewise to corresponding functions in other programming languages—in particular if this string comes from a web form. Otherwise a malicious user could provide a string like: abc/abc/;rm -rf *.*;tr/A-Z—and the webmaster will execrate you.

Somewhat More Comfort

To get somewhat more freedom for the input and somewhat more structure in the output, we provide some auxiliary subroutines:

Translate texts into the alphabet A...Z,
generate a permuted alphabet from a keyword,
read a text from input and concatenate it into a single character string,
print a text in groups of 5 letters, 10 groups per row (the standard format for ciphertexts in classical cryptology).

We bundle all this as a module auxcrypt.pl that waits for download as well as monoalph.pl, the monoalphabetic encryption program, and monodecr.pl, the corresponding decryption program.

Question: How do these programs avoid the security problem mentioned above?

Call from the Command Line

Under MS-Windows use

perl monoalph.pl key < plain.txt > cipher.txt

where key stands for a keyword, plain.txt for the filename of the plaintext, and cipher.txt for the filename of the ciphertext.

Under Unix we can make Perl scripts directly executable. Check the first line of each script:

#!/usr/bin/perl

If necessary modify it for the path to your Perl interpreter. Then call it (e. g.) as follows:

myscript.pl < input.txt > output.txt

Execute on a Server by a Web Form

Author: Klaus Pommerening, 29. September 1999-Sep-29; last change: 2014-Jan-23.