# 2. Prove that if a cryptosystem has perfect secrecy and |K|= |C|= |P|, then every ciphertext is equally probable.

We say that a cryptosystem has perfect secrecy if the probability of a message, given a ciphertext, is the same as the probability of the message in spite of the received ciphertext. Hence, knowing the ciphertext gives no information about the original message:

$$
p(a|b) = p(a)
$$

for any $a \in P$ (the plaintext) and $y \in C$ (the ciphertext). 

Now, given that our cryptosystem has perfect secrecy, we can try to use Baye's Theorem:

$$
p(a|b) = \frac{p(b|a)p(a)}{p(b)}
$$

because of perfect secrecy, we get:
$$
p(a) = \frac{p(b|a)p(a)}{p(b)}
$$

$$
p(b|a) = p(b)
$$

which means that the probability of obtaining an specific ciphertext $b$ given a plaintext $a$ is the same as just obtaining $b$.

Now, we know that $|K| = |C| = |P|$, where:

* $|K|$: all the possible keys
* $|C|$: all the possible ciphertexts
* $|P|$: all the possible plaintexts

we can state that all this "sets" have a one-to-one correspondance, which means that we can map each plaintext to a unique ciphertext using a unique key $k$ (each pair (a,b) can be uniquely linked through $k$). So there is only **one** key $k$ that satisfies:

$$
e_k(a) = b
$$

Now, to obtain an specific $k_i$ from the set of all possible keys ($|K|$), we need every key $k_i$ to have the same probability since we have perfect secrecy, which ensures that there is no key more "special" or "more likely" to be picked than the other keys that form the set $|K|$ of all possible keys:

$$
p(k) = \frac{1}{|K|}
$$

this equality ensures that each plaintext has a unique key that can map it to a given ciphertext, and all keys are equally likely.

Now, let’s calculate the probability of a specific ciphertext ($p(b)$). To find it, it is neccessary to take into consideration all possible plaintext messages $a \in P$ that could have been turned into the ciphertext $b$. For this, the law of Total Probability is neccesary:

$$
p(b) = \sum_{a \in P}^{} p(b|a)p(a)
$$

where it is also taken into consideration the probability that a ciphertext $b$ is the result of encrypting a given plaintext $a$ and the probability of picking a plaintext $a$.

Now, given a plaintext $a$ and its corresponding ciphertext $b$ the encryption function $e_k(a)=b$ implies that:

$$
p(b|a) = \frac{1}{|K|}
$$

because there is exactly one key that maps a to b, and each key has the same probability to be picked, so:

$$
p(b) = \sum_{a \in P}^{} p(b|a)p(a) = \sum_{a \in P}^{} \frac{1}{|K|}p(a)
$$

$$
p(b) = \frac{1}{|K|}\sum_{a \in P}p(a)
$$

assuming a perfect distribution over plain text messages, which means that every $a \in P$ has an equal probability, $\sum_{a \in P}p(a) = 1$:

$$
p(b) = \frac{1}{|K|}
$$

and since $|K| = |C|$:

$$
p(b) = \frac{1}{|C|}
$$

which means that each ciphertext $b$ has the same probability of being picked $\blacksquare$.

# 3. Suppose that APNDJI or XYGROBO are ciphertexts that are obtained from encryption using the Shift Cipher. Show in each case that there are two ”meaningful” plaintexts that could encrypt to the given ciphertext.

We can use a caesar decryption proccess in order to fulfill this task. 

In [1]:
def caesar_decrypt(ciphertext, shift):
    decrypted_text = ""
    
    for char in ciphertext:
        if char.isalpha():  # we only work with alphabetic characters
            ascii_offset = 65 if char.isupper() else 97 # deal with lower or uppercase 
            decrypted_text += chr((ord(char) - ascii_offset - shift) % 26 + ascii_offset)
        else:
            decrypted_text += char 

    return decrypted_text

In order to prove that there are at two "meaningful" plaintexts as a result of the decryption process, we can donwload a list of english words from a source like https://github.com/dwyl/english-words, list that can be found in the `words.txt` file. The use of it is justified since it serves as a reference to determine which decrypted outputs are valid English words.

In [7]:
# Load a list of English words
with open("words.txt") as word_file:
    english_words = set(word.strip().lower() for word in word_file)

Once that is done, the rest is just try the 26 possibilities of shift that are available

## For the ciphertext **APNDJI**

In [8]:
# Check if each decrypted text is a valid English word
for shift in range(26):
    decrypted_message = caesar_decrypt("APNDJI", shift).lower()
    if decrypted_message in english_words:
        print(f"Shift {shift}: {decrypted_message.upper()} is a valid word")

Shift 15: LAYOUT is a valid word
Shift 21: FUSION is a valid word


## For the ciphertext **XYGROBO**

In [9]:
# Check if each decrypted text is a valid English word
for shift in range(26):
    decrypted_message = caesar_decrypt("XYGROBO", shift).lower()
    if decrypted_message in english_words:
        print(f"Shift {shift}: {decrypted_message.upper()} is a valid word")

Shift 10: NOWHERE is a valid word
Shift 23: ABJURER is a valid word


Thus, for each ciphertext, two different shifts that produce meaningful plaintexts were shown, meeting the requirements of the problem $\blacksquare$.

# 4. Compute $H(K|C)$ and $H(K|P, C)$ for the Affine Cipher, assuming that keys are used equiprobably and the plaintexts are equiprobable.


As we know, for the affine cipher each letter of the plain text $P$ transforms into a cipher text $C$ using this function: $C = (aP + b)\space mod \space m$
Let's calculate the key space $|K|$

$|K| = \phi(m) \times m $ In this case, we have to consider that we are using the English alphabet, which has 26 characters, so $m=26$

Eulers totient $\phi(26) = 12$

So $|K| = 12 \times 26 = 312$

Calculate $H(K)$

$H(K) = \log_2 |K| = \log_2 312 = 8.29$ bits This is the key's entropy

Calculations for $H(K|P,C)$

As we know, affine ciphers formula encryption is $C=(aP + b) \space mod \space m$ 

if we know $P$ and $C$ we could resolve for $a$ and $b$. With most of the pairs of $(P,C)$ we could determine $K$

So we get that $H(K|P,C) = 0$ bits


Calculations for $H(K|C)$

Considering that we only have the cipher text, the information needed to calculate $K$ is not enough. Because for each $C$ there are multiple pairs of $(P,K)$ that can produce it, on the other hand, we have to consider that for long cipher texts we can apply different cryptographic analysis techniques that can reduce the uncertainty over $K$

So $H(K|C) > 0$

## 5. Below are given four examples of ciphertext, one obtained from a Substitution Cipher, one from a Vigen` ere Cipher, one from an Affine Cipher, and one unspecified. In each case, the task is to determine the plaintext. Give a clearly written description of the steps you followed to decrypt each ciphertext. This should include all statistical analysis and computations you performed. The first two plaintexts were taken from The Diary of Samuel Marchbanks, by Robertson Davies, Clarke Irwin, 1947; the fourth was taken from Lake Wobegon Days, by Garrison Keillor, Viking Penguin, Inc., 1985.

In [1]:
def calc_fitness(txt, quadgrams, alphabet):
    # Create a mapping of each character to a numerical value
    trans = {val: key for key, val in enumerate(alphabet.lower())}
    
    # Iterator to convert text into numerical values
    def text_iterator(txt):
        for char in txt.lower():
            val = trans.get(char)
            if val is not None:
                yield val

    iterator = text_iterator(txt)
    
    # Calculate initial quadgram value using the first three characters
    try:
        quadgram_val = next(iterator)
        quadgram_val = (quadgram_val << 5) + next(iterator)
        quadgram_val = (quadgram_val << 5) + next(iterator)
    except StopIteration:
        raise ValueError("More than three characters from the given alphabet are required")

    fitness = 0
    nbr_quadgrams = 0

    # Compute fitness score using quadgrams
    for numerical_char in iterator:
        quadgram_val = ((quadgram_val & 0x7FFF) << 5) + numerical_char
        # If quadgram exists, add its score; otherwise, penalize
        if quadgram_val < len(quadgrams):
            fitness += quadgrams[quadgram_val]
        else:
            fitness += -10 
        nbr_quadgrams += 1

    if nbr_quadgrams == 0:
        raise ValueError("More than three characters from the given alphabet are required")

    # Normalize the fitness score by the number of quadgrams
    return fitness / nbr_quadgrams / 10

To solve this question we have to use quadgrams the quadgrams and the fitness function to evaluate the text were obtained from here https://gitlab.com/guballa/SubstitutionBreaker/-/blob/master/subbreaker/breaker.py?ref_type=heads

### Substitution Cipher: EMGLOSUDCGDNCUSWYSFHNSFCYKDPUMLWGYICOXYSIPJCKQPKUGKMGOLICGINCGACKSNISACYKZSCKXECJCKSHYSXCGOIDPKZCNKSHICGIWYGKKGKGOLDSILKGOIUSIGLEDSPWZUGFZCCNDGYYSFUSZCNXEOJNCGYEOWEUPXEZGACGNFGLKNSACIGOIYCKXCJUCIUZCFZCCNDGYYSFEUEKUZCSOCFZCCNCIACZEJNCSHFZEJZEGMXCYHCJUMGKUCY



In [3]:
import re
from collections import Counter
import random
import json
import math

# Provided ciphertext
ciphertext = '''
EMGLOSUDCGDNCUSWYSFHNSFCYKDPUMLWGYICOXYSIPJCK
QPKUGKMGOLICGINCGACKSNISACYKZSCKXECJCKSHYSXCG
OIDPKZCNKSHICGIWYGKKGKGOLDSILKGOIUSIGLEDSPWZU
GFZCCNDGYYSFUSZCNXEOJNCGYEOWEUPXEZGACGNFGLKNS
ACIGOIYCKXCJUCIUZCFZCCNDGYYSFEUEKUZCSOCFZCCNC
IACZEJNCSHFZEJZEGMXCYHCJUMGKUCY
'''

# Clean the ciphertext: remove non-alphabetic characters and convert to uppercase
clean_text = re.sub(r'[^A-Z]', '', ciphertext.upper())

# Calculate the frequency of individual letters in the ciphertext
single_freq = Counter(clean_text)

# English letter frequency (most to least frequent)
english_freq = list('ETAOINSHRDLCUMWFGYPBVKJXQZ')

# Define the alphabet and create a mapping from letter to index
alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
letter_to_index = {letter: i for i, letter in enumerate(alphabet)}

# Function to create the initial key as a list of 26 letters (a permutation of the alphabet)
def create_initial_key():
    key = [''] * 26
    # Sort the ciphertext letters by frequency
    sorted_cipher_letters = [letter for letter, freq in sorted(single_freq.items(), key=lambda x: x[1], reverse=True)]
    used_plain_letters = set()

    # Map the most frequent letters in the ciphertext to the most frequent English letters
    for i, cipher_letter in enumerate(sorted_cipher_letters):
        cipher_index = letter_to_index[cipher_letter]
        plain_letter = english_freq[i]
        # Assign the letter if it has not been used already
        if plain_letter not in used_plain_letters:
            key[cipher_index] = plain_letter
            used_plain_letters.add(plain_letter)
        else:
            # Assign an unused letter if the plain letter is already used
            for letter in english_freq:
                if letter not in used_plain_letters:
                    key[cipher_index] = letter
                    used_plain_letters.add(letter)
                    break

    # Assign any remaining letters that have not been used yet
    for i in range(26):
        if key[i] == '':
            for letter in english_freq:
                if letter not in used_plain_letters:
                    key[i] = letter
                    used_plain_letters.add(letter)
                    break
            else:
                # Use the remaining letters from the alphabet if english_freq letters are exhausted
                for letter in alphabet:
                    if letter not in used_plain_letters:
                        key[i] = letter
                        used_plain_letters.add(letter)
                        break
    return key

# Function to apply the key to the ciphertext and get the plaintext
def apply_key(ciphertext, key):
    plaintext = ''
    # Replace each letter in the ciphertext with its corresponding letter in the key
    for c in ciphertext:
        index = letter_to_index[c]
        plaintext += key[index]
    return plaintext

# Function to swap two letters in the key
def swap_letters(key, index1, index2):
    # Create a copy of the key and swap the letters at the given indices
    new_key = key.copy()
    new_key[index1], new_key[index2] = new_key[index2], new_key[index1]
    return new_key

# Function for optimize the key
def decrypt(ciphertext, initial_key, quadgrams, alphabet, max_iterations=8000, temp=1.0, cooling_rate=0.995, restart_threshold=700):
    current_key = initial_key.copy()
    current_plaintext = apply_key(ciphertext, current_key)
    current_fitness = calc_fitness(current_plaintext, quadgrams, alphabet)
    best_key = current_key.copy()
    best_fitness = current_fitness
    print(f"Initial fitness score: {current_fitness}")

    no_improvement_count = 0

    # Iteratively attempt to improve the key
    for iteration in range(max_iterations):
        temp *= cooling_rate

        # Swap two random positions in the key
        index1, index2 = random.sample(range(26), 2)
        new_key = swap_letters(current_key, index1, index2)
        new_plaintext = apply_key(ciphertext, new_key)
        new_fitness = calc_fitness(new_plaintext, quadgrams, alphabet)

        # Decide whether to accept the new key based on fitness
        if new_fitness > current_fitness:
            accept = True
            no_improvement_count = 0
        else:
            delta = new_fitness - current_fitness
            probability = math.exp(delta / temp)
            accept = random.random() < probability
            no_improvement_count += 1

        # Update the current key if accepted
        if accept:
            current_key = new_key.copy()
            current_fitness = new_fitness

            # Update the best key if the new fitness is better
            if current_fitness > best_fitness:
                best_key = current_key.copy()
                best_fitness = current_fitness
                print(f"Iteration {iteration}: New best fitness score: {best_fitness}")
        
        # Restart with a random key if no improvement after many iterations
        if no_improvement_count >= restart_threshold:
            current_key = list(alphabet)
            random.shuffle(current_key)
            current_plaintext = apply_key(ciphertext, current_key)
            current_fitness = calc_fitness(current_plaintext, quadgrams, alphabet)
            no_improvement_count = 0
            temp = 2.0

    return best_key, best_fitness

# Function to print the comparison of the key with the alphabet
def print_key_comparison(key):
    print("\nAlphabet: ", ' '.join(alphabet))
    print("Key     : ", ' '.join(key))

# Load quadgram data from the JSON file
with open("EN.json", "r") as quadgram_fh:
    quadgram_data = json.load(quadgram_fh)
    alphabet = quadgram_data["alphabet"]
    quadgrams = quadgram_data["quadgrams"]

# Create the initial key based on frequency analysis
initial_key = create_initial_key()

# Apply the initial key to decrypt the ciphertext
initial_plaintext = apply_key(clean_text, initial_key)

# Calculate the fitness score for the initial decryption
initial_fitness = calc_fitness(initial_plaintext, quadgrams, alphabet)

# Display the initial key, decrypted text, and its fitness score
print("\nInitial key based on frequency analysis:")
print_key_comparison(initial_key)
print("\nInitial plaintext:\n", initial_plaintext)
print(f"\nInitial fitness score: {initial_fitness}")

# Optimize the key
optimized_key, optimized_fitness = decrypt(clean_text, initial_key, quadgrams, alphabet)

# Apply the optimized key to decrypt the ciphertext
optimized_plaintext = apply_key(clean_text, optimized_key)

# Display the optimized plaintext, fitness score, and key comparison
print("\nOptimized plaintext:\n", optimized_plaintext)
print(f"\nOptimized fitness score: {optimized_fitness}")

print_key_comparison(optimized_key)



Initial key based on frequency analysis:

Alphabet:  a b c d e f g h i j k l m n o p q r s t u v w x y z
Key     :  V J E U D C T B N F O M Y H L G K X A Q S Z P W I R

Initial plaintext:
 DYTMLASUETUHESAPIACBHACEIOUGSYMPTINELWIANGFEOKGOSTOYTLMNETNHETVEOAHNAVEIORAEOWDEFEOABIAWETLNUGOREHOABNETNPITOOTOTLMUANMOTLNSANTMDUAGPRSTCREEHUTIIACSAREHWDLFHETIDLPDSGWDRTVETHCTMOHAVENTLNIEOWEFSENSRECREEHUTIIACDSDOSREALECREEHENVERDFHEABCRDFRDTYWEIBEFSYTOSEI

Initial fitness score: 60.12569169960474
Initial fitness score: 60.12569169960474
Iteration 104: New best fitness score: 60.64545454545455
Iteration 107: New best fitness score: 61.5505928853755
Iteration 262: New best fitness score: 61.9102766798419
Iteration 264: New best fitness score: 62.653754940711465
Iteration 289: New best fitness score: 62.98814229249011
Iteration 290: New best fitness score: 63.27786561264823
Iteration 292: New best fitness score: 63.694071146245065
Iteration 300: New best fitness score: 63.79446640316205
Iteration 374: