|
Cryptology
Lessons Learned |
a7Hzq .#5r< kÜ\as TâÆK$ ûj(Ö2 ñw%h:
Úk{4R f~`z8 ¤˜Æ+Ô „&¢Dø |
|
The canonical method of cryptanalyzing the disk cipher proceeds in three steps:
- Determine the period l.
- Rearrange the ciphertext in rows of length l.
- Reconstruct the monoalphabets of the columns.
Note that the effort is essentially independent of the key length. However the success
probability decreases with the period length, because
- The probability of finding non-accidental repetitions decreases.
- Finding useful frequency distributions in the columns becomes harder.
Some special cases have special facilities:
- For a BELLASO cipher or more generally for a disk cipher with a decimated
alphabet or even more generally for a disk cipher with a known primary
alphabet we may rearrange the monoalphabets of the columns and are left
with a large monoalphabetic ciphertext.
- Known plaintext gives the plaintext equivalents of single letters in a few
columns that may be extended to other columns by symmetry of position
when the alphabets are related, for example for a disk cipher (not treated
here, but see Chapter 5).
These findings result in two recommendations for the use of polyalphabetic ciphers:
- The larger the period, the better the security.
- Independent alphabets more reliably protect from attacks.
Both of these recommendations make polyalphabetic ciphers more cumbersome in routine use,
and therefore in history were adopted only after many failures.
Author: Klaus Pommerening, 1997-Jul-14;
last change: 2014-Jan-20.