Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Could you give me examples as the quality of the key for substitution type cryptographies such as Caeaser or Vigenere ciphering?

Posted on 2010-11-30
Medium Priority
Last Modified: 2012-05-10
Hi there;

Could you give me examples as the quality of the key for substitution type cryptographies such as Caeaser or Vigenere ciphering?

I mean for Caesar cipher, the key length is 3 or for Vigenere cipher, the key length depends on the input plaintext.

But how can one motivate the key quality of those above?

Best regards.
Question by:jazzIIIlove
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
LVL 65

Expert Comment

ID: 34266889
you may want to check out cryptool that is a free, open-source e-learning application, used worldwide in the implementation and analysis of cryptographic algorithms.  @ http://www.cryptool.com/

There is an online version @ http://www.cryptool-online.org/

For Caesar cipher, see http://www.cryptool-online.org/index.php?option=com_content&view=article&id=96&Itemid=117&lang=en
For Vigenere cipher, see http://www.cryptool-online.org/index.php?option=com_content&view=article&id=139&Itemid=162&lang=en

Hope it helps
LVL 12

Author Comment

ID: 34271858
This question has the intention to learn your ideas from "quality of a substitution cipher".

Could you tell me your ideas w.r.t. quality of a substitution cipher? Good or bad and why?

Kind regards.
LVL 65

Accepted Solution

btan earned 2000 total points
ID: 34272227
I am no crypto expert but rather a user instead. The common one is the Public key infrastructure which uses the private and public key concept that would be robust than substitution ciphering. Similar for the NIST Crypto Suit B that include the well known symmetric AES etc. There is no substitution ciphering.

I am not saying that substitution is bad but rather it is more easily breakable since the key is also ASCII compared to the rest. They are all breakable (just a matter of time and immense patience) but it is the measure of work factor that is based on the key length and block/stream ciphering scheme (e.g. CBC, RC4, etc). There isnt any for substitution cipher but rather the other use it as one of the working blocks as in AES (they called it the S-box). That why perpetrator go for the low hanging like keylogging and dumpster diving for the password.

The deployment need should determine the risk appetite and hence the decision to take up ciphering if need be. For example, if you going for military grade or protecting highly sensitive document, I doubt you will want to use substitution scheme. But simple scheme like substitution or transposition scheme is not deem simple to break either.

Each cipher scheme contributes its own strength, so for substitution cipher I see it as contributing confusion, whereas a transposition, it performs diffusion. As mentioned earlier, the AES algorithm use a combination of relatively simple functions. It does not necessarily guaranteed to result in a unbreakable scheme but it does make it more stronger and complex against cryptanalysis. You can check out this

@ http://www.economicexpert.com/a/Confusion:and:diffusion.htm
LVL 65

Assisted Solution

btan earned 2000 total points
ID: 34272285
Saw this slides and thought it is useful for this query. Check out section 2.3
@ http://www.apprendre-en-ligne.net/crypto/bibliotheque/PDF/Kwang.pdf

Good of substitution (or monoalphabetic) ciphers
- Simple and straightforward process to protect information.
- Minimally needed some effort to solve the puzzle (e.g. cross word puzzle). Sound contradicting but I see it as plus (or good enough) for case merely to confuse and hold time. Especially if the plain words are long and may not be as coherent

Bad of substitution (or monoalphabetic) ciphers
- Short words, words with repeated patterns, and common initial and final letters all give clues for guessing the permutation e.g. their frequency distribution reflects the distribution of the underlying alphabet

Apparently, polyalphabetic substitutions (Vigenere) are apparently more secure than monoalphabetic substitutions. But it is mentioned that the ideal substitution cipher is one-time pad.

Advantage of one-time pad
– perfectly secure
– ciphertext does not reveal any information of the corresponding plaintext

– the need for absolute synchronization between sender and receiver
– the need for an unlimited number of keys

Overall, it may be as good enough for the days of written communication where most common ciphers involved some form or substitution or transposition of alphabetical letters. In the digital age, ciphers changed as it revolves commonly on the two types of algorithms--one using the same key to encrypt and decrypt, and one using different keys to encrypt and decrypt (also known as symmetric and asymmetric key algorithms, respectively).

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How does someone stay on the right and legal side of the hacking world?
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question