Autokey cipher

A tabula recta for use with an autokey cipher

An autokey cipher (also known as the autoclave cipher) is a cipher that incorporates the message (the plaintext) into the key. The key is generated from the message in some automated fashion, sometimes by selecting certain letters from the text or, more commonly, by adding a short primer key to the front of the message.

There are two forms of autokey cipher: key-autokey and text-autokey ciphers. A key-autokey cipher uses previous members of the keystream to determine the next element in the keystream. A text-autokey uses the previous message text to determine the next element in the keystream.

History

This cipher was invented in 1586 by Blaise de Vigenère with a reciprocal table of ten alphabets. Vigenère's version used an agreed-upon letter of the alphabet as a primer, making the key by writing down that letter and then the rest of the message.[1]

More popular autokeys use a tabula recta, a square with 26 copies of the alphabet, the first line starting with 'A', the next line starting with 'B' etc. Instead of a single letter, a short agreed-upon keyword is used, and the key is generated by writing down the primer and then the rest of the message, as in Vigenère's version. To encrypt a plaintext, the row with the first letter of the message and the column with the first letter of the key are located. The letter in which the row and the column cross is the ciphertext letter.

Method

The autokey cipher, as used by members of the American Cryptogram Association, starts with a relatively-short keyword, the primer, and appends the message to it. For example, if the keyword is QUEENLY and the message is attack at dawn, then the key would be QUEENLYATTACKATDAWN.[2] 

Plaintext:  attackatdawn
Key:        QUEENLYATTACKATDAWN
Ciphertext: QNXEPVYTWTWP

The ciphertext message would thus be "QNXEPVYTWTWP".

To decrypt the message, the recipient would start by writing down the agreed-upon keyword. 

QNXEPVYTWTWP
QUEENLY

The first letter of the key, Q, would then be taken, and that row would be found in a tabula recta. That column for the first letter of the ciphertext would be looked across, also Q in this case, and the letter to the top would be retrieved, A. Now, that letter would be added to the end of the key: 

QNXEPVYTWTWP
QUEENLYA
a

Then, since the next letter in the key is U and the next letter in the ciphertext is N, the U row is looked across to find the N to retrieve T: 

QNXEPVYTWTWP
QUEENLYAT
at

That continues until the entire key is reconstructed, when the primer can be removed from the start.

With Vigenère's autokey cipher, a single mistake in encryption renders the rest of the message unintelligible.[3]

Cryptanalysis

Autokey ciphers are somewhat more secure than polyalphabetic ciphers that use fixed keys since the key does not repeat within a single message. Therefore, methods like the Kasiski examination or index of coincidence analysis will not work on the ciphertext, unlike for similar ciphers that use a single repeated key.[3]

A crucial weakness of the system, however, is that the plaintext is part of the key. That means that the key will likely contain common words at various points. The key can be attacked by using a dictionary of common words, bigrams, trigrams etc. and by attempting the decryption of the message by moving that word through the key until potentially-readable text appears.

Consider an example message meet at the fountain encrypted with the primer keyword KILT:[4] To start, the autokey would be constructed by placing the primer at the front of the message: 

plaintext:  meetatthefountain
primer:     KILT
autokey:    KILTMEETATTHEFOUN

The message is then encrypted by using the key and the substitution alphabets, here a tabula recta: 

plaintext:  meetatthefountain
key:        KILTMEETATTHEFOUN
ciphertext: WMPMMXXAEYHBRYOCA

The attacker receives only the ciphertext and can attack the text by selecting a word that is likely to appear in the plaintext. In this example, the attacker selects the word the as a potential part of the original message and then attempts to decode it by placing THE at every possible location in the key: 

ciphertext: WMP MMX XAE YHB RYO CA 
key:        THE THE THE THE THE ..
plaintext:  dfl tft eta fax yrk ..

ciphertext: W MPM MXX AEY HBR YOC A
key:        . THE THE THE THE THE .
plaintext:  . tii tqt hxu oun fhy .

ciphertext: WM PMM XXA EYH BRY OCA
key:        .. THE THE THE THE THE
plaintext:  .. wfi eqw lrd iku vvw

In each case, the resulting plaintext appears almost random because the key is not aligned for most of the ciphertext. However, examining the results can suggest locations of the key being properly aligned. In those cases, the resulting decrypted text is potentially part of a word. In this example, it is highly unlikely that dfl is the start of the original plaintext and so it is highly unlikely either that the first three letters of the key are THE. Examining the results, a number of fragments that are possibly words can be seen and others can be eliminated. Then, the plaintext fragments can be sorted in their order of likelihood: 

unlikely ←——————————————————→ promising
eqw dfl tqt ... ... ... ... eta oun fax

A correct plaintext fragment is also going to appear in the key, shifted right by the length of the keyword. Similarly, the guessed key fragment (THE) also appears in the plaintext shifted left. Thus, by guessing keyword lengths (probably between 3 and 12), more plaintext and key can be revealed.

Trying that with oun, possibly after wasting some time with the others, results in the following: 

shift by 4:
ciphertext: WMPMMXXAEYHBRYOCA
key:        ......ETA.THE.OUN
plaintext:  ......the.oun.ain

shift by 5:
ciphertext: WMPMMXXAEYHBRYOCA
key:        .....EQW..THE..OU
plaintext:  .....the..oun..og

shift by 6:
ciphertext: WMPMMXXAEYHBRYOCA
key:        ....TQT...THE...O
plaintext:  ....the...oun...m

A shift of 4 can be seen to look good (both of the others have unlikely Qs) and so the revealed ETA can be shifted back by 4 into the plaintext: 

ciphertext: WMPMMXXAEYHBRYOCA
key:        ..LTM.ETA.THE.OUN
plaintext:  ..eta.the.oun.ain

A lot can be worked with now. The keyword is probably 4 characters long (..LT), and some of the message is visible: 

m.eta.the.oun.ain

Because the plaintext guesses have an effect on the key 4 characters to the left, feedback on correct and incorrect guesses is given. The gaps can quickly be filled in: 

meetatthefountain

The ease of cryptanalysis is caused by the feedback from the relationship between plaintext and key. A three-character guess reveals six more characters (three on each side), which then reveal further characters, creating a cascade effect. That allows incorrect guesses to be ruled out quickly.

See also

Notes

  1. ^ "Vigenère Cipher". Crypto Corner. Retrieved 2018-08-13.
  2. ^ "Autokey Calculator". Asecuritysite.com. Archived from the original on 2013-12-02. Retrieved 2012-12-26.
  3. ^ a b Hoffstein, Jeffrey; Pipher, Jill; Silverman, Joseph (2014). An Introduction to Mathematical Cryptography. Springer. p. 288. ISBN 9781493917112.
  4. ^ "Autokey Calculator". Asecuritysite.com. Archived from the original on 2013-12-03. Retrieved 2012-12-26.

References

  • Bellaso, Giovan Battista, Il vero modo di scrivere in cifra con facilità, prestezza, et securezza di Misser Giovan Battista Bellaso, gentil’huomo bresciano, Iacobo Britannico, Bressa 1564.
  • Vigenère, Blaise de, Traicté des chiffres ou secrètes manières d’escrire, Abel l’Angelier, Paris 1586. ff. 46r-49v.
  • LABRONICUS (Buonafalce, A), Early Forms of the Porta Table, “The Cryptogram”, vol. LX n. 2, Wilbraham 1994.
  • Buonafalce, Augusto, Bellaso’s Reciprocal Ciphers, “Cryptologia” 30 (1):39-51, 2006.
  • LABRONICUS (Buonafalce, A), Vigenère and Autokey. An Update, “The Cryptogram”, vol. LXXIV n. 3, Plano 2008.

 

Index: pl ar de en es fr it arz nl ja pt ceb sv uk vi war zh ru af ast az bg zh-min-nan bn be ca cs cy da et el eo eu fa gl ko hi hr id he ka la lv lt hu mk ms min no nn ce uz kk ro simple sk sl sr sh fi ta tt th tg azb tr ur zh-yue hy my ace als am an hyw ban bjn map-bms ba be-tarask bcl bpy bar bs br cv nv eml hif fo fy ga gd gu hak ha hsb io ig ilo ia ie os is jv kn ht ku ckb ky mrj lb lij li lmo mai mg ml zh-classical mr xmf mzn cdo mn nap new ne frr oc mhr or as pa pnb ps pms nds crh qu sa sah sco sq scn si sd szl su sw tl shn te bug vec vo wa wuu yi yo diq bat-smg zu lad kbd ang smn ab roa-rup frp arc gn av ay bh bi bo bxr cbk-zam co za dag ary se pdc dv dsb myv ext fur gv gag inh ki glk gan guw xal haw rw kbp pam csb kw km kv koi kg gom ks gcr lo lbe ltg lez nia ln jbo lg mt mi tw mwl mdf mnw nqo fj nah na nds-nl nrm nov om pi pag pap pfl pcd krc kaa ksh rm rue sm sat sc trv stq nso sn cu so srn kab roa-tara tet tpi to chr tum tk tyv udm ug vep fiu-vro vls wo xh zea ty ak bm ch ny ee ff got iu ik kl mad cr pih ami pwn pnt dz rmy rn sg st tn ss ti din chy ts kcg ve
Prefix: a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9

Portal di Ensiklopedia Dunia

Portal : Agama
Agama
Portal : Bahasa
Bahasa
Portal : Biografi
Biografi
Portal : Budaya
Budaya
Portal : Ekonomi
Ekonomi
Portal : Elektronika
Elektronika
Portal : Film
Film
Portal : Filsafat
Filsafat
Portal : Geografi
Geografi
Portal : Indonesia
Indonesia
Portal : Ilmu
Ilmu
Portal : Lingkungan
Lingkungan
Portal : Masyarakat
Masyarakat
Portal : Matematika
Matematika
Portal : Militer
Militer
Portal : Mitologi
Mitologi
Portal : Musik
Musik
Portal : Olahraga
Olahraga
Portal : Pendidikan
Pendidikan
Portal : Politik
Politik
Portal : Sastra
Sastra
Portal : Sejarah
Sejarah
Portal : Seni
Seni
Portal : Teknologi
Teknologi