Cryptography Reference
In-Depth Information
least have learnt
something
about the plaintext since we will be able to determine
which positions in the plaintext the same unknown plaintext letters occur, which
may or may not be useful.
In the second circumstance, the ciphertext letter frequenciesmay not be reliable
enough for us to make deductions about which plaintext letter corresponds to
which ciphertext letter. We will discuss what 'too short' might mean for the
Simple Substitution Cipher in a moment.
SUFFICIENCY OF KEYSPACE SIZE
We have just seen how the Simple SubstitutionCipher can easily be broken despite
its large keyspace. This is because it fails to 'destroy' the fundamental structure of
the underlying plaintext, even though it disguises the actual letters themselves.
This leads us to the important design principle that
having a large keyspace
is necessary to make an exhaustive key search impractical to conduct, but it is not
sufficient to guarantee the security of a cryptosystem
. Putting this another way, in
a quote attributed to Martin Hellman, one of the co-authors of the first published
paper on public-key cryptography:
a large key is not a guarantee of security but
a small key is a guarantee of insecurity
. Surprisingly, this design principle does
not always seem to be understood by the sales teams of encryption products, who
sometimes claim that the main security advantage offered by their products is that
they have an incredibly large number of possible keys.
2.1.4
A study of theory versus practice
Before leaving the topic of monoalphabetic ciphers, it is worth using letter
frequency analysis of the Simple Substitution Cipher to illustrate a point that
we will keep returning to throughout our investigation of cryptography: the
differences between theory and practice.
THEORY: UNIQUENESS OF THE PLAINTEXT
We have just observed that the Simple Substitution Cipher can provide reasonable
protection for very short plaintexts. As an illustration, consider plaintexts
consisting of just three letters. With only three ciphertext characters to work
with, an attacker is faced with so many possible three-letter plaintexts that could
encrypt into a given three-letter ciphertext, that it is probably fair to describe the
Simple Substitution Cipher as being unbreakable.
To illustrate this, if we are given a three-letter ciphertext MFM then letter
frequency analysis is useless, but we do know that the first and the third plaintext
letter must be the same. The plaintext could be BOB, or POP, or MUM, or
NUN, or …
However, given a 'reasonable' length of ciphertext, we know that letter
frequency analysis becomes very effective. So how much ciphertext does it take
for the apparently hard problemof decrypting a short ciphertext to transform into
the easy problem of decrypting a longer ciphertext?
