Cryptology Lessons Learned

a7Hzq .#5r< kÜ\as TâÆK$ ûj(Ö2 ñw%h: Úk{4R f~`z8 ¤˜Æ+Ô „&¢Dø

The canonical method of cryptanalyzing the disk cipher proceeds in three steps:

1. Determine the period l.
2. Rearrange the ciphertext in rows of length l.
3. Reconstruct the monoalphabets of the columns.

Note that the effort is essentially independent of the key length. However the success probability decreases with the period length, because

• The probability of finding non-accidental repetitions decreases.
• Finding useful frequency distributions in the columns becomes harder.

Some special cases have special facilities:

• For a BELLASO cipher or more generally for a disk cipher with a decimated alphabet or even more generally for a disk cipher with a known primary alphabet we may rearrange the monoalphabets of the columns and are left with a large monoalphabetic ciphertext.
• Known plaintext gives the plaintext equivalents of single letters in a few columns that may be extended to other columns by symmetry of position when the alphabets are related, for example for a disk cipher (not treated here, but see Chapter 5).

These findings result in two recommendations for the use of polyalphabetic ciphers:

• The larger the period, the better the security.
• Independent alphabets more reliably protect from attacks.

Both of these recommendations make polyalphabetic ciphers more cumbersome in routine use, and therefore in history were adopted only after many failures.