Question

I want to compare between breaking the shift (Caesar Cipher), substitution, and Vigenere cipher by using a chosen-plaintext attack or by known-plaintext attack. How much plaintext must be encrypted in order for the adversary to completely recover the key for those ciphers in chosen-plaintext attack and in known-plaintext attack? is there difference in each attack?

Answer 1

Solution

Shift cipher

For the shift cipher given a single plain text character p and ciphertext character c, the key is simply k = (c − p) mod 26. The encryption of only a single plain text character thus suffices to recover the key.

Substitution cipher

In case of substitution cipher, given a plain text character pi and corresponding cipher text character ci , we can conclude that π(p_i) = c_i (where π is the permutation determining the key). In order to fully determine the key, it therefore suffices to be given the encryption of a plain text containing 25 distinct letters of the alphabet. (Since is a permutation, knowing the value of on 25 inputs fully determines the value of on the last remaining input.) Note that if normal English text is encrypted, however, much more than 25 letters will be needed before 25 distinct letters occur.

Vigenere cipher

Now we consider the case of Vigenere cipher. Suppose the period t is known. Then, each part of the key can be recovered as in the shift cipher. Thus the encryption of t (consecutive) characters of plain text suffices for recovering the entire key. However, if the period is not known, enough known plain text is needed to verify that the key is repeating. For example, if we ask for 5 characters and obtain shifts of ‘cafec’ then we could conclude that the 5th is repeating. However, the key may be ‘cafecorner’ and so the repetition of c is not sufficient.

Comparison

Now come to the main part of the question for comparison

The attacks on the shift and Vigenere ciphers remain the same

However, for the substitution cipher, it is now possible to use a chosen plain text attack to ask for an encryption of a carefully chosen plain text that contains 25 distinct letters of the alphabet. Given the resulting cipher text, it is then possible to fully recover the key. Thus, less plain text is required as compared to the previously described one

---

Answered completely

if you have any doubt, please mention it, love to help

all the best

please upvote