Английская Википедия:Caesar cipher

Материал из Онлайн справочника
Перейти к навигацииПерейти к поиску

Шаблон:Short description Шаблон:Featured article

Файл:Caesar cipher left shift of 3.svg
The action of a Caesar cipher is to replace each plaintext letter with a different one a fixed number of places down the alphabet. The cipher illustrated here uses a left shift of three, so that (for example) each occurrence of Шаблон:Mono in the plaintext becomes Шаблон:Mono in the ciphertext.

In cryptography, a Caesar cipher, also known as Caesar's cipher, the shift cipher, Caesar's code, or Caesar shift, is one of the simplest and most widely known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions down the alphabet. For example, with a left shift of 3, Шаблон:Mono would be replaced by Шаблон:Mono, Шаблон:Mono would become Шаблон:Mono, and so on. The method is named after Julius Caesar, who used it in his private correspondence.[1]

The encryption step performed by a Caesar cipher is often incorporated as part of more complex schemes, such as the Vigenère cipher, and still has modern application in the ROT13 system. As with all single-alphabet substitution ciphers, the Caesar cipher is easily broken and in modern practice offers essentially no communications security.

Example

The transformation can be represented by aligning two alphabets; the cipher alphabet is the plain alphabet rotated left or right by some number of positions. For instance, here is a Caesar cipher using a left rotation of three places, equivalent to a right shift of 23 (the shift parameter is used as the key Шаблон:Aligned table

When encrypting, a person looks up each letter of the message in the "plain" line and writes down the corresponding letter in the "cipher" line.

Plaintext:  THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG
Ciphertext: QEB NRFZH YOLTK CLU GRJMP LSBO QEB IXWV ALD

Deciphering is done in reverse, with a right shift of 3.

The encryption can also be represented using modular arithmetic by first transforming the letters into numbers, according to the scheme, A → 0, B → 1, ..., Z → 25.[2] Encryption of a letter x by a shift n can be described mathematically as,[3]

<math>E_n(x) = (x + n) \mod {26}.</math>

Decryption is performed similarly,

<math>D_n(x) = (x - n) \mod {26}.</math>

(Here, "mod" refers to the modulo operation. The value x is in the range 0 to 25, but if Шаблон:Nowrap or Шаблон:Nowrap are not in this range then 26 should be added or subtracted.)

The replacement remains the same throughout the message, so the cipher is classed as a type of monoalphabetic substitution, as opposed to polyalphabetic substitution.

History and usage

Шаблон:See also

Файл:Bust of Julius Caesar from History of the World (1902).png
The Caesar cipher is named for Julius Caesar, who used an alphabet where decrypting would shift three letters to the left.

The Caesar cipher is named after Julius Caesar, who, according to Suetonius, used it with a shift of three (A becoming D when encrypting, and D becoming A when decrypting) to protect messages of military significance. While Caesar's was the first recorded use of this scheme, other substitution ciphers are known to have been used earlier.[4][5] Шаблон:Quote His nephew, Augustus, also used the cipher, but with a right shift of one, and it did not wrap around to the beginning of the alphabet: Шаблон:Quote Evidence exists that Julius Caesar also used more complicated systems,[6] and one writer, Aulus Gellius, refers to a (now lost) treatise on his ciphers: Шаблон:Quote

It is unknown how effective the Caesar cipher was at the time; there is no record at that time of any techniques for the solution of simple substitution ciphers. The earliest surviving records date to the 9th-century works of Al-Kindi in the Arab world with the discovery of frequency analysis.[7]

A piece of text encrypted in a Hebrew version of the Caesar cipher is sometimes found on the back of Jewish mezuzah scrolls. When each letter is replaced with the letter before it in the Hebrew alphabet the text translates as "YHWH, our God, YHWH", a quotation from the main part of the scroll.[8][9]

In the 19th century, the personal advertisements section in newspapers would sometimes be used to exchange messages encrypted using simple cipher schemes. Kahn (1967) describes instances of lovers engaging in secret communications enciphered using the Caesar cipher in The Times.[10] Even as late as 1915, the Caesar cipher was in use: the Russian army employed it as a replacement for more complicated ciphers which had proved to be too difficult for their troops to master; German and Austrian cryptanalysts had little difficulty in decrypting their messages.[11]

Caesar cipher can be constructed into a disk with outer rotating wheel as plain text and the inner fixed wheel as cipher text. Both outer and inner plates should have alphabets in the same direction.
Caesar cipher translated to a disk has both outer and inner plates having alphabets in the same direction and not the reverse as seen in CipherDisk2000.

Caesar ciphers can be found today in children's toys such as secret decoder rings. A Caesar shift of thirteen is also performed in the ROT13 algorithm, a simple method of obfuscating text widely found on Usenet and used to obscure text (such as joke punchlines and story spoilers), but not seriously used as a method of encryption.[12]

The Vigenère cipher uses a Caesar cipher with a different shift at each position in the text; the value of the shift is defined using a repeating keyword.[13] If the keyword is as long as the message, is chosen at random, never becomes known to anyone else, and is never reused, this is the one-time pad cipher, proven unbreakable. However the problems involved in using a random key as long as the message make the one-time pad difficult to use in practice. Keywords shorter than the message (e.g., "Complete Victory" used by the Confederacy during the American Civil War), introduce a cyclic pattern that might be detected with a statistically advanced version of frequency analysis.[14]

In April 2006, fugitive Mafia boss Bernardo Provenzano was captured in Sicily partly because some of his messages, clumsily written in a variation of the Caesar cipher, were broken. Provenzano's cipher used numbers, so that "A" would be written as "4", "B" as "5", and so on.[15]

In 2011, Rajib Karim was convicted in the United Kingdom of "terrorism offences" after using the Caesar cipher to communicate with Bangladeshi Islamic activists discussing plots to blow up British Airways planes or disrupt their IT networks. Although the parties had access to far better encryption techniques (Karim himself used PGP for data storage on computer disks), they chose to use their own scheme (implemented in Microsoft Excel), rejecting a more sophisticated code program called Mujahedeen Secrets "because 'kaffirs', or non-believers, know about it, so it must be less secure".[16]

Breaking the cipher

Decryption
shift
Candidate plaintext
0 Шаблон:Mono
1 Шаблон:Mono
2 Шаблон:Mono
3 Шаблон:Mono
4 Шаблон:Mono
5 Шаблон:Mono
6 Шаблон:Mono
...
23 Шаблон:Mono
24 Шаблон:Mono
25 Шаблон:Mono

The Caesar cipher can be easily broken even in a ciphertext-only scenario. Since there are only a limited number of possible shifts (25 in English), an attacker can mount a brute force attack by deciphering the message, or part of it, using each possible shift. The correct description will be the one which makes sense as English text.[17] An example is shown on the right for the ciphertext "Шаблон:Mono"; the candidate plaintext for shift four "Шаблон:Mono" is the only one which makes sense as English text. Another type of brute force attack is to write out the alphabet beneath each letter of the ciphertext, starting at that letter. Again the correct decryption is the one which makes sense as English text. This technique is sometimes known as "completing the plain component".[18][19]

Файл:English letter frequency percentages.png
The distribution of letters in a typical sample of English language text has a distinctive and predictable shape. A Caesar shift "rotates" this distribution, and it is possible to determine the shift by examining the resultant frequency graph.

Another approach is to match up the frequency distribution of the letters. By graphing the frequencies of letters in the ciphertext, and by knowing the expected distribution of those letters in the original language of the plaintext, a human can easily spot the value of the shift by looking at the displacement of particular features of the graph. This is known as frequency analysis. For example, in the English language the plaintext frequencies of the letters Шаблон:Mono, Шаблон:Mono, (usually most frequent), and Шаблон:Mono, Шаблон:Mono (typically least frequent) are particularly distinctive.[20] Computers can also do this by measuring how well the actual frequency distribution matches up with the expected distribution; for example, the chi-squared statistic can be used.[21]

The unicity distance for the Caesar cipher is about 2, meaning that on average at least two characters of ciphertext are required to determine the key.[22] In rare cases more text may be needed. For example, the words "Шаблон:Mono" and "Шаблон:Mono" can be converted to each other with a Caesar shift, which means they can produce the same ciphertext with different shifts. However, in practice the key can almost certainly be found with at least 6 characters of ciphertext.[23]

With the Caesar cipher, encrypting a text multiple times provides no additional security. This is because two encryptions of, say, shift A and shift B, will be equivalent to a single encryption with shift Шаблон:Nowrap. In mathematical terms, the set of encryption operations under each possible key forms a group under composition.[24] Шаблон:Clearleft


Keyboard Caesar cipher

is obtained by a certain shift at the computer keyboard. For instance, a 'single shift right', a->s (which implies q -> w) transforms the name

'JohnSmith' into a password

'KpjmD,oyj'

These codes are easy to break for longer samples, but can serve as a useful tool to memorize 8-12 symbols passwords.


See also

Notes

Шаблон:Reflist

Bibliography

Further reading

External links

Шаблон:Commons category

Шаблон:Cryptography navbox