Just out of curiosity I like to post a challenge on Vigenere encrypted

ciphertexts.

As we all know, the Vigenere cipher is badly broken, except for one kind

of usage - if the key is randomly and unique and as long as the plaintext.

Obviously a very impractical solution, because we would need to share a

bunch of such randomly and unique cipher keys in advance with our

communication partner and we need to keep track of every key used.

Effectively just as encrypting with a OTP.

Perhaps there might be a simple solution how to take advantage of such

randomly and unique cipher keys - by using a nonce/IV alongside the

ciphertext. This way we can re-use a pre-shared key over and over again

with the Vigenere encryption. There is just one point of critique, that

the nonce/IV is double the size of the plaintext. Essentially this would

mean in practice that the scheme might only be practical for the

exchange of short text messages.

Okay now let's have a look how it works.

That's it.Code:1) We need a randomly and unique IV double the length of the plaintext. It can be generated using a PRNG or a dice and a alphabet square, like below 1 2 3 4 5 6 +------------------ 1 | A B C D E F 2 | G H I J K L 3 | M N O P Q R 4 | S T U V W X 5 | Y Z 0 1 2 3 6 | 4 5 6 7 8 9 The first die roll selects a row in the table and the second a column. So, for example, a roll of 2 followed by a roll of 4 would select the letter "J" from the table above. To generate upper/lower case characters or some symbols a coin flip can be used, heads capital, tails lower case. Using the table above we can include numbers as well. Assuming we have a plaintext like This Plaintext does not contain any Number and we use only capital letters, prepared for encryption it would read THISPLAINTEXTDOESNOTCONTAINANYNUMBER So the generated IV, double the length of the plaintext, could read like URKFYEUXZSWHYCTDZDBYLYPNVRRLIFSCCVPUULLRHQTGSFYALDBZYXWTOFKSTIZDSVWTKJST 2) In this step we encrypt the IV with our pre-shared secret key, which read THISISOURSECRETKEY As result we have an encrypted IV NYSXGWIRQKAJPGMNDBUFTQXFJLIDMHJGVFTSNSTJPIHAJXCCCHUJCVPAWXSKHCQVWXNXDTWR 3) Now we split the encrypted IV in two parts of equal length NYSXGWIRQKAJPGMNDBUFTQXFJLIDMHJGVFTS NSTJPIHAJXCCCHUJCVPAWXSKHCQVWXNXDTWR 4) In this step we encrypt the upper part of the encrypted IV using the lower as its key which will give as the actual cipher/encryption key AQLGVEPRZHCLRNGWFWJFPNPPQNYYIEWDYYPJ 5) Now we are ready for encryption of the plaintext using the previously generated cipher key THISPLAINTEXTDOESNOTCONTAINANYNUMBER AQLGVEPRZHCLRNGWFWJFPNPPQNYYIEWDYYPJ ------------------------------------ TXTYKPPZMAGIKQUAXJXYRBCIQVLYVCJXKZTA 6) In the final step we send the original IV alongside the ciphertext URKFYEUXZSWHYCTDZDBYLYPNVRRLIFSCCVPU ULLRHQTGSFYALDBZYXWTOFKSTIZDSVWTKJST TXTYKPPZMAGIKQUAXJXYRBCIQVLYVCJXKZTA The receiver need to generate the cipher/encryption key first out of the IV using our pre-shared secret key. He actually perform step 2 to 4 and now is able to decrypt the ciphertext. TXTYKPPZMAGIKQUAXJXYRBCIQVLYVCJXKZTA AQLGVEPRZHCLRNGWFWJFPNPPQNYYIEWDYYPJ ------------------------------------ THISPLAINTEXTDOESNOTCONTAINANYNUMBER

And now the challenge. It consist of 2 times 5 combination of IV and ciphertext.

The first 5 ciphertexts are build from the same plaintext using the same keyword.

The plaintext and keywords do not contain any number or special character, they are

in the range A-Z (capital letters).

The plaintext is of natural English language.

The pre-shared secret key is semantic, of natural English language as well, and

12 characters long.

The next five IV/ciphertext combinations are build from differentCode:SHA256 of the Plaintext = d3ebaef74ffd5aca9d7194acd4c0856156241681c22fa62a90f9cee1c6825ab2 1.1) UQLESGWLMBTLTGPQBEYVEKMGUAOXRWFRDYITJK HCBSUDQHTBBUPCXAUIUTUMXJORIMDEPBGUAGOG SDFCXSBJZOFWMNWWDOIFTHYCQGTICPVHZSYXFQ 2.1) VTRBLXXGRDVYSKLBTMYWLRPLAGSNLZHUUHLBBL ZRYELBNGTHXORMRMOVNWUJVOUDUVNDBOKYOFQU LVILHHZDEWDDNBMTPJBJALZMCYJHGRJXUFPEZF 3.1) JXTILGTUXZKOXFKSEYHQWYIIFETJEDATAVSEUE QPYZMPYBQEOOVQOENCAAJMUYXSXPFVOWKQDTTE QXKNIEGMHPJTWAICZCXHAVRTKLNXRNPEALLVVI 4.1) YREXTOLNHFMGIVMYYXJSVKAWOXIIXBBPFVPBYL HWWQMDSDMKRNUQUFYJUMSFPTMTRGWDCMITGNGO WYTTQASHNBOKGQQJEITVIAECIFWNBTEQDOLMMZ 5.1) TJKNVLQYXYWTIFGKWCYHCNHSYQQKJNXWYWVQGI CNJDJWOCEDMISBYNVXCKJAGRGLAWTUIEVEACUD MHMWPQTRVNTSELODZBQIGYCWMQNFKWGPJALQIL

plaintexts but the same key (not the one of 1.1 - 5.1). Again the

plaintext is of natural English language, but the pre-shared secret key

may be randomly chosen from the character range A-Z (capital letters).

The plaintext and keyword does not contain any number or special

character.

Now I'm very curious if this can be broken and if yes, how.Code:2.1) FFRMRBVIMHUURCKTMXBDECOVTNOYZLKHAUCG ZWFLLVIKLRWZLUTRIMJCPWYCJEJGVFGTSLJL KXEAPZMAQYQIGDAEYAKGZIJSFMJMCUEHKMXO SHA256 plaintext = 0adce11b1be0274cc606d9ca13cbed6aca38071e8b11a8e62922633a6ae7821d 2.2) JYENCIGJEHGELEIXWIDRNEWSJQZCJVFOKIF OLZQIVCTLEYFBTLRUBYSTAFZCBEGMYDUKBJ JYYHIVLIMZJMVIHKAAOCQMDQODHLELFYMYD SHA256 plaintext = 3fa92ad44784381a319bff61c0763bec0da0e82fa8c37d507015f59e97043a20 2.3) INNHUUUKILSIPJUEEYUDKRYDRCBRBCXEQHVLKWER WYDNOMKLDYBIIIUTKACHHEHKQBTXAUDZYJTZXPKA QBUWEKMJLCQDQEOLZELIBLKMTIYMGPHAOHQHBPTL SHA256 plaintext = a116c4b23801f1491e39765f31a1ebbea4eda3010b740243da7090dcdaeb50df 2.4) NWHLRSIDVCWPMOJKYJFEJVFSYCGNFVAOSCAX FDBKKLUOHGWTINJAHURWCGOHBJKUGDOFANFJ LIIYSKYCJBTGFHDFFNHZUENVARWAGWBWDMLR SHA256 plaintext = 8e2dea7ad6eab85607b900649ff8d56c12bcb85b7d2bb1b8d197bbbf57195f70 2.5) VNADFXYTOVFXYLGSFOKHBYQVNJUVUNSPZFJNMXOAZSL PQQWYPJMSHJRRHDYMEIWQKJVCKBTDOMRHRZCIRQXQHC ATHHDGGDZVITUBAWKICYFAPXAMRENNBIWAVSUHKIGAC SHA256 plaintext = a6c93957798fa27347397097948533475b14b6472939b265576ff91fa737c7be

Well than, good luck!

Cheers,

Karl-Uwe

Tweet This+ 1 thisPost To Linkedin