# IT Security - Sheet 1 "Historic Ciphers"

**Total achievable points: 20**

**Released: 17.10.2024**

**Submission Deadline: 24.10.2024 23:59**

---
Groupnumber: 36

Names and matriculation numbers of **ALL** team members:\
Herman Pohosian (469381)\
Volodymyr Yakovlev (469403)\
Denys Ponomarenko (469388)\
Ivan Povoroznyk (469380)\
Volodymyr Pedenko (472195)

Format: John Doe (999999)

---

**Important Information**

The assignments must be submitted by groups of 5 students. Please use the RWTHmoodle exercise room to register for a submission group using the [Submission Groups Section](https://moodle.rwth-aachen.de/course/view.php?id=44012#section-1). Even if you are registered in RWTHmoodle to a submission group, **please include the groupnumber as well as the name and matriculation number of every group member in this notebook**. Register in RWTHmoodle the submission group before you hand in the assignment. The registration of submission groups is available until the first assignment is due (24.10.2024 23:59). Please do not change or leave the submission group after the solution for this group was handed in.

Enter your solutions for the tasks in the respective cells of this notebook. These cells are either marked by "YOUR ANSWER HERE" or `#YOUR CODE HERE`. Cells marked with `###PLAYGROUND` can be used to test your implementation and generate output (see example for the first tasks). They will be ignored during grading. **Do not change any other cells or add new ones.**

Please **do not import any further Python packages** except the default Python ones and the ones that are explicitly given by us.

## Content of this Assignment

In the lecture, you learned about security goals and attacks threatening one or more of those security goals.
Likewise, you learned about vulnerabilities that may arise at different layers and about various possible attackers.
Furthermore, you were introduced to some examples of symmetric ciphers (including historic ones).

In this exercise, you'll build upon this knowledge and try to break some historic ciphers on your own!

## 1. Basics (6 points)

We will start with a little bit of important basic knowledge. Note that these are only some of the basics you need to know to excel in the exciting field of IT-security. For each question, try to answer the tasks **as precisely as possible** but still include all the **necessary** reasoning to support your claims.

### Task 1.1 (3 points)

**Explain** what CIA stands for, **give examples** of attacks against each of the security goals and **reason** why each of those attacks breaches the respective security goal.

YOUR ANSWER HERE

CIA is an acronym that stands for the three main security goals: Confidentiality, Integrity, Availability.

1. Example attacks against Confidentiality: 
    - Eavesdropping (this attack *intercepts data during transfer*)
    - Traffic Analysis (this attack *analyzes address information or timings to deduce who communicates with whom*)
2. Example attacks against Integrity:
    - Modification (this attack *intercepts and modifies data in transfer*)
    - Masquerading (this attack *modifies SCR address information of a data packet in transfer*)
    - Replay (this attack *intercepts a data packet in transfer and later replays it*)
    - Repudiation (this attack *denies an action such as having sent a specific data packet*)
3. Example attacks against Availability:
    - Denial of service (this attack can *flood a web server with fake requests* or *jam someone's wireless connection by emitting a
      strong signal on their frequency* or *enter someone's password wrongly so that their account gets blocked*)


### Task 1.2 (2 points)

**Explain** why cipher negotiation exists and **name one additional problem** which can be introduced by it.

YOUR ANSWER HERE

Cipher negotiation exists to ensure that two parties in a communication session agree on a cryptographic algorithm (cipher) that both can support. Since different systems may have different capabilities, cipher negotiation allows them to establish a secure communication by selecting the most suitable algorithm that both parties can use.

**Problem**: algorithms, e.g., for integrity protection have not been selected yet.


### Task 1.3 (1 point)

Assume a system that has no vulnerabilities regarding the cryptographic primitives and the protocols used. The implementations of all components are bug-free, and there are no vulnerabilities. Also, assume there is no vulnerability in the interplay between those components.

**Explain** whether there is still a potential vulnerability that might break the security of the system when used.

YOUR ANSWER HERE

Yes, there is still a potential vulnerability: Even if there are no cryptographic vulnerabilities in the system itself, vulnerabilities could still arise from external factors, such as weak password policies, human error (e.g., phishing), or side-channel attacks (e.g., timing attacks). These do not rely on breaking the cryptography directly but instead exploit the way the system is used or implemented.

## 2. Monoalphabetic Cipher (5 points)

Now, we will play around with some ciphers and see that, often, it is not that hard to break them. We already know that the key space of the Caesar cipher is too small to be considered sufficiently secure nowadays. One can easily bruteforce the key - with **recognizable** plaintext at least.

Another approach was introduced in the lecture, namely a monoalphabetic substitution cipher. Here, we use a substitution table and replace each letter in the plaintext with the corresponding letter in the table. This effectively increases the key space, but there remains a problem. We can still make use of another property of languages: letters have a common frequency in their natural language. Hence, we can map back the ciphertext letters to the plaintext letters if we have plaintext that "makes sense". 

In the following, you will use that knowledge to break such a monoalphabetic substitution cipher.

With a monoalphabetic cipher, a letter in the plaintext is mapped to another letter in the alphabet.
You can think of it as a permutation of letters, where the key describes the permutation. Thus, the
key space has a size of k!. 

We use Python's dictionary datatype to store such a key. One example of a given key in the format would be: ```key = {'a': 'x', 'b': 'd', 'c': 't', 'd': 'f', ... , 'z': 'm'} ```

You can now assume the following counts of each letter were computed on the plaintext for the given ciphertext:

In [52]:
mono_counts = {
    'a': 27, 'b': 5, 'c': 25, 'd': 23, 'e': 63, 'f': 9, 'g': 13, 
    'h': 24, 'i': 34, 'k': 1, 'l': 15, 'm': 16, 'n': 38,
    'o': 49, 'p': 17, 'r': 36, 's': 32, 't': 53, 'u': 18,
    'v': 6, 'w': 7, 'y': 8
}

In [51]:
cipher_1 = (
    'royiy liy ln ynqlcsgwlrbnm syqgibru cluwale ysc ciaraqaw eaqgjynr lne ln lgroynrbqlrban oyleyi lo ' +
    'ciaraqaw eaqgjynr rolr qakyi roy clqdyr paijlr lne mynyilw bssgys iymliebnm roy iyscyqrbky ciaraqaws ' +
    'roy ynqiucrban lwmaibroj eaqgjynr syr soavn an roy wypr bs roy syr ap eaqgjynrs eysqibxbnm oav klibags ' +
    'ynqiucrban lwmaibrojs liy gsye pai ysc roy qajxbnye lwmaibroj eaqgjynr syr soavn bn roy jbeewy bs roy syr ap ' +
    'eaqgjynrs eysqibxbnm oav klibags qajxbnye jaey lwmaibrojs liy gsye ra ciakbey xaro ynqiucrban lne bnrymibru ' +
    'ciaryqrban pai ysc  roy pawwavbnm sribnm bs ra ynsgiy ebppyiynr qagnrs cyi wyrryi kvvuujcggoq'
)

### Task 2.1 (2 point)

Implement the function ```get_counts(text)``` that counts, how often each letter occurs in a text. 

Your function should return a dictionary of the format ```{letter: count}```, i.e, the keys are the letters and the values are the corresponding counts.

In [68]:
def get_counts(text: str) -> dict:
    # YOUR CODE HERE
    
    # Version 1
    '''
    letters_list = sorted(list(set([letter for letter in text if letter != ' '])))
    letters_dict = dict().fromkeys(letters_list, 0)
    
    for letter in text:
        if letter != ' ':
            letters_dict[letter] += 1
            
    return letters_dict
    '''
    # Version 2
    '''
    letters_dict = {}
    
    for letter in text:
        if letter != ' ':
            letters_dict[letter] = letters_dict.get(letter, 0) + 1
            
    return letters_dict
    '''
    # Version 3
    return {letter: text.count(letter) for letter in set(text) if letter != ' '}
    
    raise NotImplementedError()

In [69]:
### PLAYGROUND
# You can use this cell to test out your implementation. Everything in this cell will be ignoored during grading.

print(get_counts(cipher_1))

{'m': 13, 'n': 38, 'u': 8, 'i': 36, 'x': 5, 'c': 17, 'b': 34, 'd': 1, 'w': 15, 'y': 63, 'r': 53, 'a': 49, 'l': 27, 'e': 23, 'g': 18, 'q': 25, 'o': 24, 'p': 9, 'j': 16, 'v': 7, 'k': 6, 's': 32}


In [43]:
# This test just checks the output format of your solution

oft_result = get_counts(cipher_1)
assert len(oft_result) >= 22
for letter in cipher_1:
    assert (letter in oft_result or letter == ' ')

In [None]:
# Even this cell seems empty, it contains automatic tests. Please do not remove this cell and just ignore it.

### Task 2.2 (3 points)

Implement the function ```mono_decrypt(cipher_text, counts_english)``` that decrypts a ciphertext with the help of a given dictionary of letter counts. 

In addition to the decrypted plaintext, the decryption key should be returned. For your key, only consider letters that appear in the ciphertext. In this example, your key will have fewer entries than 26. 

The key has to be a dictionary with the format ```{cipher_letter: plain_letter}``` as described above. Your function should return a tuple of the form ```(plaintext, recovered_key)```.

In [65]:
def mono_decrypt(cipher_text: str, counts: dict) -> tuple:
    # YOUR CODE HERE
    
    cipher_frequency_of_letters = get_counts(cipher_text)
    
    sorted_cipher_letters = sorted(cipher_frequency_of_letters, key=cipher_frequency_of_letters.get, reverse=True)
    sorted_english_letters = sorted(mono_counts, key=mono_counts.get, reverse=True)
    
    recovered_key = {}
    for i in range(min(len(sorted_cipher_letters), len(sorted_english_letters))):
        recovered_key[sorted_cipher_letters[i]] = sorted_english_letters[i]
    
    plaintext = ''.join(recovered_key.get(letter, letter) for letter in cipher_text)
    
    return plaintext, recovered_key
    
    raise NotImplementedError()

In [66]:
### PLAYGROUND
# You can use this cell to test out your implementation. Everything in this cell will be ignoored during grading.

print(mono_decrypt(cipher_1, mono_counts))

('there are an encapsulating security payload esp protocol document and an authentication header ah protocol document that cover the packet format and general issues regarding the respective protocols the encryption algorithm document set shown on the left is the set of documents describing how various encryption algorithms are used for esp the combined algorithm document set shown in the middle is the set of documents describing how various combined mode algorithms are used to provide both encryption and integrity protection for esp  the following string is to ensure different counts per letter vwwyympuuhc', {'y': 'e', 'r': 't', 'a': 'o', 'n': 'n', 'i': 'r', 'b': 'i', 's': 's', 'l': 'a', 'q': 'c', 'o': 'h', 'e': 'd', 'g': 'u', 'c': 'p', 'j': 'm', 'w': 'l', 'm': 'g', 'p': 'f', 'u': 'y', 'v': 'w', 'k': 'v', 'x': 'b', 'd': 'k'})


In [67]:
# This test just checks the output format of your solution

oft_result = mono_decrypt(cipher_1, mono_counts)

# Check tuple
assert type(oft_result) == tuple
assert len(oft_result) == 2

# Check plaintext
assert type(oft_result[0]) == str

# Check key
for letter in cipher_1:
    assert (letter in oft_result[1] or letter == ' ')

In [None]:
# Even this cell seems empty, it contains automatic tests. Please do not remove this cell and just ignore it.

## Task 3: Vigenère Cipher (8 Points)

We saw during the last task that monoalphabetic substitution is also not yet a really secure cipher. Let's try another approach: polyalphabetic substitution ciphers! Here, we replace each letter in the plaintext with a different letter again but this time, this depends, e.g., on the position of the letter in the plaintext. Through this, we change the one-to-one substitution approach to a one-to-many substitution. 

You probably already guessed: in the next task, you are going to break an example of a polyalphabetic substitution cipher.

The Vigenère cipher is an example of a polyalphabetic substitution cipher. Each letter in the plaintext will be substituted depending on the key letter it is paired with. For your implementation, interpret the letters 'a' to 'z' as the numbers 0 to 25, such that you can calculate in a finite group Z mod 26.

For example, the letter `d` = 3 encrypted with the key `y` = 24 is equal to 3 + 24 = 27 = 1 mod 26 = `b`.

### Task 3.1 (3 Points)

Implement the function ```vigenere_decrypt(key, text)``` that decrypts a text with a given key according to the Vigenère cipher. First, you need to expand the key to the length of the text, such that you can pairwise subtract the cipher and key letters to obtain the decryption. Do **not** decrypt white spaces. Your function should return the decrypted text as a string.

Hint: You can use the built-in functions ```ord()``` *and* ```chr()``` to convert a character to its ASCII code and an integer to its character representation, respectively.

**Make sure that your function can decrypt arbitrary text. If you want to test your function, you can use [CyberChef](https://cyberchef.org/#recipe=Vigen%C3%A8re_Decode('')) to generate ciphertext-plaintext-pairs.

In [None]:
def vigenere_decrypt(key: str, text: str) -> str:
    # YOUR CODE HERE
    raise NotImplementedError()

In [None]:
### PLAYGROUND
# You can use this cell to test out your implementation. Everything in this cell will be ignoored during grading.

In [None]:
# Even this cell seems empty, it contains automatic tests. Please do not remove this cell and just ignore it.

### Task 3.2 (2 Point)

Implement the function ```recognizable(text, counts_english)```. 

It should recognize a potential plaintext as an English text if the below-given letter counts match the letter counts in the computed plaintext. 

Return ```True``` or ```False``` depending on whether the text was a recognizable text or not. You can use the function ```get_counts()``` of task 2.1 (with the new counts!).

In [None]:
vigenere_ciphertext = "ty uxmxbx zmis qbj pnffl bb mulej lz bxm fkx beys xfyeizdb n tuxkn yeywb bj puna c bxm mfm kocjkx beche wfjy fp mtjy xrluocxb c xmipb csqi mfm jvyx"
vigenere_counts = {'a': 10, 'b': 0, 'c': 2, 'd': 4, 'e': 16, 'f': 2, 'g': 1, 'h': 10, 'i': 11, 'j': 0, 'k': 2, 'l': 1, 'm': 2, 'n': 6, 'o': 7, 'p': 5, 'q': 0, 'r': 5, 's': 16, 't': 6, 'u': 3, 'v': 0, 'w': 7, 'x': 0, 'y': 1, 'z': 0}

In [None]:
def recognizable(text: str, counts_english: dict) -> bool:
    # YOUR CODE HERE
    raise NotImplementedError()

In [None]:
### PLAYGROUND
# You can use this cell to test out your implementation. Everything in this cell will be ignoored during grading.

In [None]:
# Even this cell seems empty, it contains automatic tests. Please do not remove this cell and just ignore it.

### Task 3.3 (3 Points)

Implement the function ```brute_force_vigenere(text, counts_english, max_key_length)```. It should find the plaintext by trying every possible key up to a specified length. You can use the below function `get_all_keys` to iterate over all possible keys of a given length. The given counts help you recognize a decryption result as an English text. 

In addition, you have to retrieve the encryption key that was used to encrypt the plaintext. Hence, your function should return a tuple of the form ```(plaintext, encryption_key)```. The returned encryption key can either be a string or a tuple consisting of the individual chars of the key.

In [None]:
import itertools
def get_all_keys(key_length: int):
    letters = [chr(ascii_index) for ascii_index in range(ord("a"), ord("z") + 1)]
    return itertools.product(letters, repeat=key_length)

In [None]:
def brute_force_vigenere(text: str, counts: dict, max_key_length: int) -> tuple:
    # YOUR CODE HERE
    raise NotImplementedError()

In [None]:
### PLAYGROUND
# You can use this cell to test out your implementation. Everything in this cell will be ignoored during grading.

In [None]:
# This test just checks the output format of your solution

oft_result = brute_force_vigenere(vigenere_ciphertext, vigenere_counts, 5)

# Check tuple
assert type(oft_result) == tuple
assert len(oft_result) == 2

# Check plaintext
assert type(oft_result[0]) == str

# Check key
if type(oft_result[1]) == tuple:
    for c in oft_result[1]:
        assert type(c) == str
        assert len(c) == 1
else:
    assert type(oft_result[1]) == str

In [None]:
# Even this cell seems empty, it contains automatic tests. Please do not remove this cell and just ignore it.

In [None]:
# Even this cell seems empty, it contains automatic tests. Please do not remove this cell and just ignore it.

## 5. Example Exam Questions (0.5 points)

This task contains questions you could find during an exam. We will not grade the correctness of this task, but we will discuss it during the exercise session. You will be awarded 0.5 points, if you work on this task and every subtask has some written answer. Please be aware that also task 1 can occur during an exam, but task 1 will be graded for correctness.

### 5.1

Briefly **describe or define** what a **chosen-ciphertext attack** on an encryption scheme is and **list** what the attacker knows and can obtain.

YOUR ANSWER HERE

Chosen-ciphertext attack is attack that allow adversaries to decrypt arbitrary ciphertexts using a decryption oracle, excluding the target ciphertext. It can submit chosen ciphertexts to the oracle and analyze the relationship between ciphertexts and plaintexts to decrypt the target ciphertext.

### 5.2

**Explain** the difference between a **block cipher** and a **stream cipher**.

YOUR ANSWER HERE

Block ciphers encrypt data in fixed-size blocks, while stream ciphers process data one bit at a time. Block ciphers are better for large amounts of data, while stream ciphers are faster and simpler for real-time applications.

### 5.3

Briefly **explain two different motives** of cyber attackers.

YOUR ANSWER HERE

The first motive is confidentiality attacks. Confidentiality attacks aim to view private information without altering it. The second motive is integrity attacks. Integrity attacks focus on changing or destroying information to cause damage.

## 4. Feedback (0.5 points)

You made it through. Since we want to know how it went and how we might improve the exercises, we include the following task. Here, you can write constructive feedback! You even get 0.5 points for it if you write anything. But don't worry, we do not grade the content itself!

YOUR ANSWER HERE

In the process of studying these topics, we familiarized ourselves with the basic concepts of ciphers and got acquainted with their working principles in detail. Performing the tasks helped us to consolidate the theoretical knowledge, which will certainly be useful for us in the future.