# IT Security - Sheet 1 "Historic Ciphers"

**Total achievable points: 19.5**

**Released: 24.10.2025**

**Submission Deadline: 31.10.2025 13:00**

---
Names and matriculation numbers of **ALL** team members: 

Neo Ahrens (456647)

Christian Bick (456513)

Yorck Heilmann (456599)

---

**Important Information**

The assignments must be submitted by groups of 4 students. Please use the forum in the RWTHmoodle exercise room to find other group members if you do not have (enogh) team members yet. **Include the groupnumber as well as the name and matriculation number of every group member in this notebook**.

Enter your solutions for the tasks in the respective cells of this notebook. These cells are either marked by "YOUR ANSWER HERE" or `#YOUR CODE HERE`. Please do not add any new cells or remove existing ones, especially do not copy cells. Cells marked with `###PLAYGROUND` can be used to test your implementation and generate output (see example for the first tasks). Please do not add any other output or tests in the cell of the task, just implement the function with the header provided. If you want to test your implementation, use the `###PLAYGROUND` cells. They will be ignored during grading. **Do not change any other cells or add new ones.**

Please **do not import any further Python packages** except the default Python ones and the ones that are explicitly given by us.

Finally, the code will be evaluated using Python 3.12, so make sure that your code is compatible with that Python version. Also, **restart the kernel and re-run all (code) cells before submission** to make sure that your code is actually working.

## Content of this Assignment

In the lecture, you learned about security goals and attacks threatening one or more of those security goals.
Likewise, you learned about vulnerabilities that may arise at different layers and about various possible attackers.
Furthermore, you were introduced to some examples of symmetric ciphers (including historic ones).

In this exercise, you'll build upon this knowledge and try to break some historic ciphers on your own!

## 1. Basics (6 points)

We will start with a little bit of important basic knowledge. Note that these are only some of the basics you need to know to excel in the exciting field of IT-security. For each question, try to answer the tasks **as precisely as possible** but still include all the **necessary** reasoning to support your claims.

### Task 1.1 (3 points)

**Explain** what CIA stands for, **give examples** of attacks against each of the security goals and **reason** why each of those attacks breaches the respective security goal.

YOUR ANSWER HERE

Confidentiality: Confidentiality i.e.only authorized entitites can access assets in a system

                 - Eavesdropping attack (Interception of data during transfer)
                 
                 - Traffic Analysis attack (Deduce who communicates with whom)
                 
Integrity: Integrity i.e. only authorized entitites can change assets in a system

           - Modification attack (Intercept and modify data in transfer)
           
           - Masquerading attack (Change SCR address info)
           
           - Replay attack (Intercept and later fake replay)
           
           - Repudiatian attack (Completely blocking package)
           
Availability: Availability i.e. authorized entities can access assets in a system as intended

              -Denial of Service attack (Overload part of the connection infrastructure to block)

### Task 1.2 (2 points)

**Explain** why cipher negotiation exists and **name one additional problem** which can be introduced by it.

YOUR ANSWER HERE

Cipher negotiation exists to allow a client and server to agree on a mutually supported, strong set of cryptographic algorithms.

A major problem it introduces is the Downgrade Attack, where an attacker forces the connection to use an older, weaker, and potentially vulnerable cipher or protocol version.

The problem that arises hereby is that the negotiation needs to be protected as well.

### Task 1.3 (1 point)

Assume a system that has no vulnerabilities regarding the cryptographic primitives and the protocols used. The implementations of all components are bug-free, and there are no vulnerabilities. Also, assume there is no vulnerability in the interplay between those components.

**Explain** whether there is still a potential vulnerability that might break the security of the system when used.

YOUR ANSWER 

It remains the User-level where the user could potentially install malicious software or ignore security patches.

This way provides access into the system and thus poses a threat.

## 2. The Monoalphabetic Ransomware (5 points)

Your friend, Chuckle McByte, is known for his knack for getting into trouble, especially when it comes to homework. Just last week, he claimed that a ransomware attack had encrypted his assignments, but you suspected it was just another excuse to avoid doing his work. However, this time things are different: The telltale signs of malware have appeared on his laptop screen, and he seems genuinely panicked.

Desperate to help him recover his homework before the deadline, you decide to embark on a quest to decrypt the files. Reverse engineering of the malware reveales that a monoalphabetic cipher was used. Such ciphers replace each letter in the ciphertext with a different letter, and luckily, most of them can be broken quite easily, at least if the plaintext is reconizable.
For example, you can use a property of languages: letters have a common frequency in their natural language. Hence, you can map back the ciphertext letters to the plaintext letters if you have plaintext that "makes sense". 

In the following, you will use that knowledge recover your friend's homework!

In [1]:
encrypted_homework = (
    'royiy liy ln ynqlcsgwlrbnm syqgibru cluwale ysc ciaraqaw eaqgjynr lne ln lgroynrbqlrban oyleyi lo ' +
    'ciaraqaw eaqgjynr rolr qakyi roy clqdyr paijlr lne mynyilw bssgys iymliebnm roy iyscyqrbky ciaraqaws ' +
    'roy ynqiucrban lwmaibroj eaqgjynr syr soavn an roy wypr bs roy syr ap eaqgjynrs eysqibxbnm oav klibags ' +
    'ynqiucrban lwmaibrojs liy gsye pai ysc roy qajxbnye lwmaibroj eaqgjynr syr soavn bn roy jbeewy bs roy syr ap ' +
    'eaqgjynrs eysqibxbnm oav klibags qajxbnye jaey lwmaibrojs liy gsye ra ciakbey xaro ynqiucrban lne bnrymibru ' +
    'ciaryqrban pai ysc  roy pawwavbnm sribnm bs ra ynsgiy ebppyiynr qagnrs cyi wyrryi kvvuujcggoq'
)

task1_english_reference_counts = {
    'a': 27, 'b': 5, 'c': 25, 'd': 23, 'e': 63, 'f': 9, 'g': 13, 
    'h': 24, 'i': 34, 'k': 1, 'l': 15, 'm': 16, 'n': 38,
    'o': 49, 'p': 17, 'r': 36, 's': 32, 't': 53, 'u': 18,
    'v': 6, 'w': 7, 'y': 8
}

### Task 2.1 (2 point)

The first step to decrypting your friend's hoemwork is to count how often each letter occurs in a text. To that end, implement the function ```get_counts(text)```. 

Your function should return a dictionary of the format ```{letter: count}```, i.e, the keys are the letters and the values are the corresponding counts.

In [2]:
def get_counts(text: str) -> dict[str, int]:
    counts = {} 
    alphabet = "abcdefghijklmnopqrstuvwxyz" 
    
    text_lower = text.lower()

    for letter in alphabet:
        counts[letter] = text_lower.count(letter)
        
    return counts

In [3]:
### PLAYGROUND
# You can use this cell to test out your implementation. Everything in this cell will be ignored during grading.
counts = get_counts(encrypted_homework)
print(get_counts(encrypted_homework))

{'a': 49, 'b': 34, 'c': 17, 'd': 1, 'e': 23, 'f': 0, 'g': 18, 'h': 0, 'i': 36, 'j': 16, 'k': 6, 'l': 27, 'm': 13, 'n': 38, 'o': 24, 'p': 9, 'q': 25, 'r': 53, 's': 32, 't': 0, 'u': 8, 'v': 7, 'w': 15, 'x': 5, 'y': 63, 'z': 0}


In [4]:
# This test just checks the output format of your solution

oft_result = get_counts(encrypted_homework)
assert len(oft_result) >= 26, "The whole alphabet should be covered."
for letter in encrypted_homework:
    assert (letter in oft_result or letter == ' '), "A letter seems to be missing"

what_counts_should_be = {'a': 49, 'b': 34, 'c': 17, 'd': 1, 'e': 23, 'f': 0, 'g': 18, 'h': 0, 'i': 36, 'j': 16, 'k': 6, 'l': 27, 'm': 13, 'n': 38, 'o': 24, 'p': 9, 'q': 25, 'r': 53, 's': 32, 't': 0, 'u': 8, 'v': 7, 'w': 15, 'x': 5, 'y': 63, 'z': 0}
for letter, c in what_counts_should_be.items():
    assert counts[letter] == c

# Do not assume that your code is correct just because it passes this test. Properly test your code.

In [None]:
# Even this cell seems empty, it contains automatic tests. Please do not remove this cell and just ignore it.

### Task 2.2 (3 points)

With that helper function implemented, you move on to decrypt your friend's homework. To that end, implement the function ```mono_decrypt(cipher_text, counts_english)``` that decrypts a ciphertext with the help of a given dictionary of letter counts. 

In addition to the decrypted plaintext, the decryption key should be returned. For your key, only consider letters that appear in the ciphertext. In this example, your key will have fewer entries than 26. 

The key has to be a dictionary with the format ```{cipher_letter: plain_letter}```. Your function should return a tuple of the form ```(plaintext, recovered_key)```.

In [5]:
def mono_decrypt(cipher_text: str, reference_counts: dict[str, int]) -> tuple[str, dict[str, str]]:
    cipher_counts = get_counts(cipher_text)
    
    sorted_cipher_counts = sorted(
        cipher_counts.items(), 
        key=lambda item: item[1], 
        reverse=True
    )
    sorted_ref_counts = sorted(
        reference_counts.items(), 
        key=lambda item: item[1], 
        reverse=True
    )

    key = {}
    for i in range(min(len(sorted_cipher_counts), len(sorted_ref_counts))):
        cipher_char = sorted_cipher_counts[i][0]
        plain_char = sorted_ref_counts[i][0]
        key[cipher_char] = plain_char
    
    plaintext = ""
    
    for char in cipher_text:
        char_lower = char.lower()
        
        if char_lower in key:
            plain_char = key[char_lower]
            plaintext += plain_char
        else:
            plaintext += char
            
    return plaintext, key

In [6]:
### PLAYGROUND
# You can use this cell to test out your implementation. Everything in this cell will be ignored during grading.

print(mono_decrypt(encrypted_homework, task1_english_reference_counts))

('there are an encapsulating security payload esp protocol document and an authentication header ah protocol document that cover the packet format and general issues regarding the respective protocols the encryption algorithm document set shown on the left is the set of documents describing how various encryption algorithms are used for esp the combined algorithm document set shown in the middle is the set of documents describing how various combined mode algorithms are used to provide both encryption and integrity protection for esp  the following string is to ensure different counts per letter vwwyympuuhc', {'y': 'e', 'r': 't', 'a': 'o', 'n': 'n', 'i': 'r', 'b': 'i', 's': 's', 'l': 'a', 'q': 'c', 'o': 'h', 'e': 'd', 'g': 'u', 'c': 'p', 'j': 'm', 'w': 'l', 'm': 'g', 'p': 'f', 'u': 'y', 'v': 'w', 'k': 'v', 'x': 'b', 'd': 'k'})


In [9]:
# This test just checks the output format of your solution

oft_result = mono_decrypt(encrypted_homework, task1_english_reference_counts)

# Check tuple
assert type(oft_result) == tuple, "Result should be a tuple"
assert len(oft_result) == 2, "Result should only contain plaintext, and key used for decryption."

# Check plaintext
assert type(oft_result[0]) == str, "First result should be the plaintext."

# Check key
for letter in encrypted_homework:
    assert (letter in oft_result[1] or letter == ' '), "Letter missing from the key."

In [8]:
# Even this cell seems empty, it contains automatic tests. Please do not remove this cell and just ignore it.

## Task 3: Escoffier and the Vigenère Cipher (8 Points)

Each year, there is a cooking competition between some legendary cyber chefs, and it just so happens that your group is in the audience. The event start off with a bang: [Auguste Escoffier](https://en.wikipedia.org/wiki/Auguste_Escoffier) shows off the recipe he is going to cook, at least in it's encrypted form. "You are never going to crack this cipher!", he claims. Well, let's see about that.

Having seen in the previous exercise that monoalphabetic substituion ciphers are not really secure, you assume that he must use something more advanced: a polyalphabetic substitution cipher.
Such ciphers replace each letter in the plaintext with a different letter again but this time, this depends, e.g., on the position of the letter in the plaintext. Through this, the one-to-one substitution approach is changed to a one-to-many substitution.

Given his French origins, you deduct that Escoffier must have used the Viginère cipher. It works by shifting each letter in the alphabet, but the shifts are given by the corresponding letter in the key. When the text is longer than the key, the key is simply repeated until it matches the plaintext length. For example, let's encrypt the message "bbb xx" using the key "defg", resulting in the ciphertext "efg da":

| Letter | Plaintext | Key | Ciphertext | Comment |
| ------ | --------- | --- | ---------- | ------- |
| 1      | b         | d   | e          | We count `a` as zero shifts -> key `d` means shift by 3 positions |
| 2      | b         | e   | f          | Key `e` means shift by 4 positions. |
| 3      | b         | f   | g          | Key `f` means shift by 5 positions. |
| 4      | " "       | /   | " "        | Spaces are ignored. |
| 5      | x         | g   | d          | Key `g` means shift by 6 positions, `x+6` "wraps around" to `d`. |
| 6      | x         | d   | a          | If the key is too short, we simply repeat the key. |

And you probably already guessed: in this task, you are going to break the cipher, and decrypt the recipe!

### Task 3.1 (3 Points)

The first step to breaking the cipher is to be able to propely decrypt messages with a key.
Therefore, implement the function ```vigenere_decrypt(key, text)``` that decrypts a text with a given key according to the Vigenère cipher. If the text is longer than the key, the key should be repeated until it is long enough to decrypt the text. Do **not** decrypt white spaces. Your function should return the decrypted text as a string.

Hint: You can use the built-in functions ```ord()``` *and* ```chr()``` to convert a character to its ASCII code and an integer to its character representation, respectively.

**Make sure that your function can decrypt arbitrary text. If you want to test your function, you can use [CyberChef](https://cyberchef.org/#recipe=Vigen%C3%A8re_Decode('')) to generate ciphertext-plaintext-pairs.**

In [12]:
def vigenere_decrypt(key: str, text: str) -> str:
    decrypted_text = ""
    key_index = 0
    key_length = len(key)
    
    key_lower = key.lower()

    for char in text:
        if char.isalpha():
            offset = ord('A') if char.isupper() else ord('a')
            
            current_key_char = key_lower[key_index % key_length]
            key_shift = ord(current_key_char) - ord('a')
            
            cipher_index = ord(char) - offset
            plain_index = (cipher_index - key_shift) % 26
            
            plain_char = chr(plain_index + offset)
            decrypted_text += plain_char
            
            key_index += 1
        else:
            decrypted_text += char

    return decrypted_text

In [13]:
### PLAYGROUND
# You can use this cell to test out your implementation. Everything in this cell will be ignored during grading.
# Hint: Use the CyberChef website ( https://cyberchef.io/ ) to generate more test cases.

print(vigenere_decrypt('defg', 'efg da'))
assert vigenere_decrypt('defg', 'efg da') == "bbb xx"

# Do not assume that your code is correct just because it passes this test. Properly test your code.

bbb xx


In [None]:
# Even this cell seems empty, it contains automatic tests. Please do not remove this cell and just ignore it.

### Task 3.2 (2 Point)

Seems like luck is on your side! Through social engineering, you were able to obtain a second ciphertext created using the same key, and while you were not able to learn the corresponding plaintext, you
at least got the letter counts of the plaintext.

Hence, you decide to **implement the function** ```recognizable(text, known_counts)```. 

It should recognize a potential plaintext as valid plaintexts if the below-given letter counts match the letter counts in the computed plaintext. 

Return ```True``` or ```False``` depending on whether the text was a recognizable text or not. You can use the function ```get_counts()``` of task 2.1 (with the new counts!).

In [19]:
vigenere_ciphertext = "ty uxmxbx zmis qbj pnffl bb mulej lz bxm fkx beys xfyeizdb n tuxkn yeywb bj puna c bxm mfm kocjkx beche wfjy fp mtjy xrluocxb c xmipb csqi mfm jvyx"
vigenere_counts = {'a': 10, 'b': 0, 'c': 2, 'd': 4, 'e': 16, 'f': 2, 'g': 1, 'h': 10, 'i': 11, 'j': 0, 'k': 2, 'l': 1, 'm': 2, 'n': 6, 'o': 7, 'p': 5, 'q': 0, 'r': 5, 's': 16, 't': 6, 'u': 3, 'v': 0, 'w': 7, 'x': 0, 'y': 1, 'z': 0}

In [None]:
def recognizable(text: str, known_counts: dict[str, int]) -> bool:
    return get_counts(text) == known_counts

In [31]:
### PLAYGROUND
# You can use this cell to test out your implementation. Everything in this cell will be ignored during grading.

assert recognizable("abc", get_counts("abc")) == True
assert recognizable("abc", get_counts("abd")) == False

# Do not assume that your code is correct just because it passes this test. Properly test your code.

In [29]:
# Even this cell seems empty, it contains automatic tests. Please do not remove this cell and just ignore it.

### Task 3.3 (3 Points)

You are almost done, you can feel it! The final missing piece is a function that can brute-force the key:

Implement the function ```brute_force_vigenere(text, counts_english, max_key_length)```. It should find the plaintext by trying every possible key up to a specified length. You can use the below function `get_all_keys` to iterate over all possible keys of a given length. The given counts help you recognize a decryption result as an English text. 

In addition, you have to retrieve the encryption key that was used to encrypt the plaintext. Hence, your function should return a tuple of the form ```(plaintext, encryption_key)```. The returned encryption key can either be a string or a tuple consisting of the individual chars of the key. When no key could be found, i.e., the real key is longer than `max_key_length`, your function should return `None`.

In [32]:
import itertools
from typing import Generator, Any
def get_all_keys(key_length: int) -> Generator[str, Any, Any]:
    all_letters = [chr(ascii_index) for ascii_index in range(ord("a"), ord("z") + 1)]
    for key_as_tuple in itertools.product(all_letters, repeat=key_length):
        yield "".join(key_as_tuple)

In [33]:
def brute_force_vigenere(text: str, known_counts: dict[str, int], max_key_length: int) -> tuple[str, str] | None:
    for key_len in range(1, max_key_length + 1):
        for key in get_all_keys(key_len):
            potential_plaintext = vigenere_decrypt(key, text)

            if recognizable(potential_plaintext, known_counts):
                return (potential_plaintext, key)
    return None

In [34]:
### PLAYGROUND
# You can use this cell to test out your implementation. Everything in this cell will be ignored during grading.

reference_counts = get_counts("bbb xx")
assert brute_force_vigenere('efg da', reference_counts, 3) is None
assert brute_force_vigenere('efg da', reference_counts, 4) == ("bbb xx", "defg")

# Do not assume that your code is correct just because it passes this test. Properly test your code.


# Only the decrption function will be grades, i.e., decrypting the recipe is not part of the grading.
# This is just for your entertainment :)
_, recipe_key = brute_force_vigenere(vigenere_ciphertext, vigenere_counts, 3)

encrypted_recipe = """
ciwqs lourp vzqnjo
ztond dlfjm kiizo
znsymrhibly jcqicqfnjom hlfi yltqb

lbhyis mbuy yoyqyw rhyff llfibh grn sln goibk
uia uqi zqlow xn tkwj xhi pnno oxfhl x qmfmp
pfttfd xxi ziqa vwlnm tbniy xqcwocsd
wtle becqb ihzuxfisxfqv myflwfhl rhyff yey xxohb bfp nmb xjpcwbx hlhxfmybhhv
qmbh yey xxohb nmfwpbhx viz tcqi hjbx yl myfl rllj qi uoyabhy qbj puzzy koir yowkcsd
"""
print(vigenere_decrypt(recipe_key, encrypted_recipe))



forty grams butter
forty grams flour
fivehundert milliliters cold broth

gently heat butter until golden but not brown
add all flour at once and stir using a whisk
slowly add cold broth while stirring
cook while occasionally stirring until the sauce has the desired consistency
when the sauce thickens you will need to stir more to prevent the sauce from burning



In [36]:
# This test just checks the output format of your solution

rec_test = 'abcdefghijklmnopqrstuvwxy'
full_counts = {'a': 1, 'b': 1, 'c': 1, 'd': 1, 'e': 1, 'f': 1, 'g': 1, 'h': 1, 'i': 1, 'j': 1, 'k': 1, 'l': 1, 'm': 1, 'n': 1, 'o': 1, 'p': 1, 'q': 1, 'r': 1, 's': 1, 't': 1, 'u': 1, 'v': 1, 'w': 1, 'x': 1, 'y': 1, 'z': 0}
nn_counts = {'a': 1, 'b': 1, 'c': 1, 'd': 1, 'e': 1, 'f': 1, 'g': 1, 'h': 1, 'i': 1, 'j': 1, 'k': 1, 'l': 1, 'm': 1, 'n': 1, 'o': 1, 'p': 1, 'q': 1, 'r': 1, 's': 1, 't': 1, 'u': 1, 'v': 1, 'w': 1, 'x': 1, 'y': 1}
vigenere_counts_nn = {'a': 10, 'c': 2, 'd': 4, 'e': 16, 'f': 2, 'g': 1, 'h': 10, 'i': 11, 'k': 2, 'l': 1, 'm': 2, 'n': 6, 'o': 7, 'p': 5, 'r': 5, 's': 16, 't': 6, 'u': 3, 'w': 7, 'y': 1}

## Recognizable Test
full = 0
if recognizable(rec_test, full_counts):
    full = 1
elif recognizable(rec_test, nn_counts):
    full = 2

## Format Check
if full == 1:
    oft_result = brute_force_vigenere(vigenere_ciphertext, vigenere_counts, 4)
elif full == 2:
    oft_result = brute_force_vigenere(vigenere_ciphertext, vigenere_counts_nn, 4)
else:
    raise Exception("Recognizable failed!")

# Check tuple
assert type(oft_result) == tuple
assert len(oft_result) == 2

# Check plaintext
assert type(oft_result[0]) == str

# Check key
assert type(oft_result[1]) == str

In [None]:
# Even this cell seems empty, it contains automatic tests. Please do not remove this cell and just ignore it.

In [None]:
# Even this cell seems empty, it contains automatic tests. Please do not remove this cell and just ignore it.

## 4. Make sure that your code is working (0 points)

Please make sure that your code is working, i.e., check whether
- you import only built-in Python libraries and libraries provided by us,
- your code is compatible with Python 3.12,
- and **restarting the Jupyter kernel and re-running all code cells works without errors**.

Technically, this is not a task, just a gentle reminder to make sure that your previous solutions are working :)

## 5. Feedback (0.5 points)

You made it through. Since we want to know how it went and how we might improve the exercises, we include the following task. Here, you can write constructive feedback! You even get 0.5 points for it if you write anything. But don't worry, we do not grade the content itself!

Very nice structure but the phrasing of the exercises was somewhat vague in ex 3.2.

Nevertheless it was sometimes confusing when someone forgot to run every single prewritten codeline.

9/10 homework experience.