17

I'm very uneducated when it comes to cryptography. I have tried to find an answer to my question, but what I've read doesn't quite cover what I'm asking.

I have thought up my own encryption algorithm (which I'm sure is nothing new) and I would like to know why this sort of algorithm is not used in terms of security, efficiency and any other reasons.

It stems from the Caesar Cipher. But, instead of shifting each letter by 13, you shift each character (using computer character values) by a certain value each time.

So, let's say I had the sentence:

My dog's name is Rover.

And I have an array of numbers:

1, 4, 3, 2

I would shift M up by 1 character, y by 4, [space] by 3, d by 2 and then continue with the rest of the sentence, looping through the number array. So, the sentence would be converted into N}#fpk*u!rdof$lu!Vrxfv1.

Let's call the array your "key". Only someone with the key could decipher the message, unless someone figures it out. The more items in your array (key), the safer you are from someone deciphering your message.

Apologies if my explanation is poor. To summarize my question:

  • Why is this bad (or, not used)

  • Is it inefficient/insecure compared to other encryption methods

  • Is there anything else about this that should be considered

Thanks.

tylo
  • 12,864
  • 26
  • 40
user1575550
  • 187
  • 1
  • 1
  • 3

6 Answers6

41

Edit: how to break Vigenère

Yes, this cipher (which as SEJPM points out, is Vigenère) is vulnerable to frequency analysis, but Vigenère resists this a bit, because common letters don't always get ciphered into the same ciphertext. The unavoidable vulnerability stems from the repeating nature of the key.

Let's say your message is $N$ characters long and your key is $k$ characters long. You may think that by repeating the key until you reach $N$ characters that you gain some "units of security" ("it's $\lfloor N/k \rfloor$ times more secure!"). But if I know your message is enciphered in this way, I have learned a great deal about your plaintext.

If I can estimate your key length $k$ $-$ and I can, with the great Kasiski's help $-$ then I can take every $k$th ciphertext character and group them together (for example, if $k=5$, group together the first, sixth, eleventh, etc. characters, then group the second, seventh, twelfth, etc. into another block, and so on). Each block is enciphered with the same character, a character from your key. At this point, a straightforward frequency analysis comes into play; breaking this is no harder than breaking the Caesar cipher you started with.

I do this for each "group" and now I have recovered your key.

It is cool that you came up with the idea of a polyalphabetic cipher on your own. But as the comment and other answer have pointed out, this cipher is insecure and can be broken quite reliably. Seriously: only use this for fun or pedagogical reasons.

In 1863, Kasiski even knew how to guess the length of the key for this cipher! That forces you to make your key longer / harder to remember.

It's very efficient; you can encipher text quickly with it. But that's a double-edged sword: I can attempt to decipher it quickly as well.

Community
  • 1
15

Edit:

I think the edit to the question makes it as vigenere cipher; which invalidates my answer below. @galvatron answer gives the suitable answer why vigenere is not secure.

The old answer below ( applies only to substitution)

Baiscally this is a simple substitution cipher, where each letter is mapped to another letter (i.e. the shift). The answers for your questions:

Why is this bad (or, not used)

Because each language has known frequency analysis patterns. For example, in the English language e is the most used letter. So, if an adversary has a piece of encrypted text using your algorithm (long enough) he can easily know the shift you used for each letter.

Is it inefficient/insecure compared to other encryption methods?

Yes, it is not secure and can be broken easily by statistical analysis. You can use also brute-force with worst case scenario of $26!$.

Is there anything else about this that should be considered?

A better algorithm than yours is called the Vigenere cipher but it is also insecure. See the link (https://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher) for more information.

Community
  • 1
NuminousName
  • 452
  • 4
  • 14
11

Encryption is naïvely viewed as a way to send messages from A to B that cannot be deciphered (at least in practice) by an adversary. Sure, encryption does do that, but modern ciphers do so much more...

A common attack scenario is the known plaintext attack (KPA). Of course, if the adversary already knows the entire plaintext, there's not much to be gained by encrypting it. However, a secure cipher remains secure even if the adversary knows the plaintext of a previous message or merely parts of the plaintext of the current one.

Assume a message was encrypted by your algorithm, and the ciphertext begins with the following bytes.

Pksqr,)Rkus|!

Looks scrambled, so far so good. However, if the attacker knows that recipient is Jenny and that the sender would most likely greet her with

Hello, Jenny!

Subtracting the code points of the plaintext from the code points of the ciphertext gives the following result.

   80 107 115 113 114  44  41  82 107 117 115 124  33
-  72 101 108 108 111  44  32  74 101 110 110 121  33
-----------------------------------------------------
    8   6   7   5   3   0   9   8   6   7   5   3   0

With absolutely no effort, statistical analysis or cryptanalysis skills, the attacker can guess the key to be 8 6 7 5 3 0 9 and decrypt the rest of the message.

Thus, KPA resistance is a requirement for ciphers to be considered secure nowadays. All modern ciphers satisfy this requirement and – if properly used – can securely encrypt billions of plaintext containing billions of characters.

Dennis
  • 2,141
  • 16
  • 21
4

Sari's answer is very good at explaining why this method isn't particularly good. However I'd like to add that if your array is chosen from a very good random number source (think radioactive decay, the LSB of radio noise etc.), (at least) as long as your plaintext, and you do not use it to encrypt more than a single message, then what you have is a one time pad. It is worth reading about them, as they are theoretically unbreakable, but you have to keep the keys secure and can never reuse them.

dkaeae
  • 580
  • 5
  • 16
MikeS159
  • 141
  • 3
1

The reasons why this is not particularly secure have been well explained here. On the off chance that you're interested in pursuing these matters a little further, here are a few useful resources to develop your interest and understanding a little further:

  • Helen Gaines, Cryptanalysis (introductory-level text on elementary ciphers and how they can be broken, available from Dover) (this will show you how to systematically break your cipher)
  • Neal Stephenson, Cryptonomicon (fiction, but thought-provoking)
  • David Kahn, The Code Breakers (classic study of the development of codes in politics and war)
  • Dan Boneh, Crypto I (Coursera course, starts to get into the mathematical bases for modern cryptographic systems - if you're willing to struggle a bit, there's a lot of meat on those bones)

If you make it through those, there are deeper resources out there and you'll be well equipped to find the ones you need next. Expect to need some math fundamentals, number theory and advanced algebra for example will be important. Good luck, and have fun!

Jon Kiparsky
  • 111
  • 3
0

That's basically Vigenere, which can be breached in less than 2 seconds with CrypTool 2 or my Python based Vigenere cracker. This is not secure at all. Check out my github at github.com/clats97. I made an algorithm based on real world, tested and approved encryption functions. Technically, the Vigenere Autokey is better, but only by a tiny bit.

Joshua M Clatney
  • 1
  • 1