In: Computer Science
I want to compare between breaking the shift (Caesar Cipher), substitution, and Vigenere cipher by using a chosen-plaintext attack or by known-plaintext attack. How much plaintext must be encrypted in order for the adversary to completely recover the key for those ciphers in chosen-plaintext attack and in known-plaintext attack? is there difference in each attack?
Solution
Shift cipher
For the shift cipher given a single plain text character p and ciphertext character c, the key is simply k = (c − p) mod 26. The encryption of only a single plain text character thus suffices to recover the key.
Substitution cipher
In case of substitution cipher, given a plain text character pi and corresponding cipher text character ci , we can conclude that π(pi) = ci (where π is the permutation determining the key). In order to fully determine the key, it therefore suffices to be given the encryption of a plain text containing 25 distinct letters of the alphabet. (Since is a permutation, knowing the value of on 25 inputs fully determines the value of on the last remaining input.) Note that if normal English text is encrypted, however, much more than 25 letters will be needed before 25 distinct letters occur.
Vigenere cipher
Now we consider the case of Vigenere cipher. Suppose the period t is known. Then, each part of the key can be recovered as in the shift cipher. Thus the encryption of t (consecutive) characters of plain text suffices for recovering the entire key. However, if the period is not known, enough known plain text is needed to verify that the key is repeating. For example, if we ask for 5 characters and obtain shifts of ‘cafec’ then we could conclude that the 5th is repeating. However, the key may be ‘cafecorner’ and so the repetition of c is not sufficient.
Comparison
Now come to the main part of the question for comparison
The attacks on the shift and Vigenere ciphers remain the same
However, for the substitution cipher, it is now possible to use a chosen plain text attack to ask for an encryption of a carefully chosen plain text that contains 25 distinct letters of the alphabet. Given the resulting cipher text, it is then possible to fully recover the key. Thus, less plain text is required as compared to the previously described one
---
Answered completely
if you have any doubt, please mention it, love to help
all the best
please upvote