ABSTRACT

During the last decades, information security has become a major issue.
Encrypting and decrypting data have recently been widely investigated
and developed because there is a demand for a stronger encryption and
decryption which is very hard to crack. Cryptography plays major roles
to fulfilment these demands. Nowadays, many of researchers have
proposed many of encryption and decryption algorithms such as AES,
DES, RSA, and others. But most of the proposed algorithms encountered
some problems such as lack of robustness and significant amount of time
added to packet delay to maintain the security on the communication
channel between the terminals. In this paper, the security goals were
enhanced via "A New Approach for Complex Encrypting and Decrypting
Data" which maintains the security on the communication channels by
making it difficult for attacker to predicate a pattern as well as speed of
the encryption / decryption scheme.

INTRODUCTION

In network security, cryptography has a long history by provides a way to store sensitive
information or transmit it across insecure networks (i.e. the Internet) so that it cannot be
read by anyone except the intended recipient, where the cryptosystem is a set of
algorithms combined with keys to convert the original message (Plain-text) to encrypted
message (Cipher-text) and convert it back in the intended recipient side to the original
message (Plain-text) .
Encryption
"Encrypt" redirects here. For the film, see Encrypt (film).

This article is about algorithms for encryption and decryption. For an overview of cryptographic
technology in general, see Cryptography. For the album by Pro-jekt, see Encryption (album).

In cryptography, encryption is the process of encoding a message or information in such a way

that only authorized parties can access it and those who are not authorized cannot. Encryption
does not itself prevent interference, but denies the intelligible content to a would-be interceptor.
In an encryption scheme, the intended information or message, referred to as plaintext, is
encrypted using an encryption algorithm – a cipher – generating cipher text that can be read only
if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-
random encryption key generated by an algorithm. It is in principle possible to decrypt the
message without possessing the key, but, for a well-designed encryption scheme, considerable
computational resources and skills are required. An authorized recipient can easily decrypt the
message with the key provided by the originator to recipients but not to unauthorized users.

Types
Symmetric key
In symmetric-key schemes,[1] the encryption and decryption keys are the same. Communicating
parties must have the same key in order to achieve secure communication. An example of a
symmetric key is the German military's Enigma Machine. There were key settings for each day.
When the Allies figured out how the machine worked, they were able to decipher the information
encoded within the messages as soon as they could discover the encryption key for a given day's
transmissions.
Public key

Illustration of how encryption is used within servers Public key encryption.

In public-key encryption schemes, the encryption key is published for anyone to use and encrypt
messages. However, only the receiving party has access to the decryption key that enables
messages to be read.[2 HYPERLINK "https://en.wikipedia.org/wiki/Encryption"]Public-key encryption was first
described in a secret document in 1973;[3]before then all encryption schemes were symmetric-
key (also called private-key).[4]:478. Although published subsequently, the work of Diffie and
Hellman, was published in a journal with a large readership, and the value of the methodology
was explicitly described [5] and the method became known as the Diffie Hellman key exchange.
A publicly available public key encryption application called Pretty Good Privacy (PGP) was
written in 1991 by Phil Zimmermann, and distributed free of charge with source code; it was
purchased by Symantec in 2010 and is regularly updated.[6]

Uses[edit]
Encryption has long been used by militaries and governments to facilitate secret communication.
It is now commonly used in protecting information within many kinds of civilian systems. For
example, the Computer Security Institute reported that in 2007, 71% of companies surveyed
utilized encryption for some of their data in transit, and 53% utilized encryption for some of their
data in storage.[7] Encryption can be used to protect data "at rest", such as information stored on
computers and storage devices (e.g. USB flash drives). In recent years, there have been
numerous reports of confidential data, such as customers' personal records, being exposed
through loss or theft of laptops or backup drives; encrypting such files at rest helps protect them
if physical security measures fail.[8] HYPERLINK "https://en.wikipedia.org/wiki/Encryption"[9] HYPERLINK
"https://en.wikipedia.org/wiki/Encryption"[10] Digital rights management systems, which
prevent unauthorized use or reproduction of copyrighted material and protect software
against reverse engineering (see also copy protection), is another somewhat different example of
using encryption on data at rest.[11]
In response to encryption of data at rest, cyber-adversaries have developed new types of attacks.
These more recent threats to encryption of data at rest include cryptographic attacks,[12] stolen
ciphertext attacks,[13] attacks on encryption keys,[14] insider attacks, data corruption or integrity
attacks,[15] data destruction attacks, and ransomware attacks. Data fragmentation[16] and active
defense HYPERLINK "https://en.wikipedia.org/wiki/Encryption"[17] data protection technologies attempt to counter
some of these attacks, by distributing, moving, or mutating ciphertext so it is more difficult to
identify, steal, corrupt, or destroy.[18]
Encryption is also used to protect data in transit, for example data being transferred
via networks (e.g. the Internet, e-commerce), mobile telephones, wireless microphones, wireless
intercom systems, Bluetooth devices and bank automatic teller machines. There have been
numerous reports of data in transit being intercepted in recent years.[19] Data should also be
encrypted when transmitted across networks in order to protect against eavesdropping of network
traffic by unauthorized users.[20]
Message verification[edit]
Encryption, by itself, can protect the confidentiality of messages, but other techniques are still
needed to protect the integrity and authenticity of a message; for example, verification of
a message authentication HYPERLINK
"https://en.wikipedia.org/wiki/Message_authentication_code"code (MAC) or a digital signature.
Standards for cryptographic software and hardware to perform encryption are widely available,
but successfully using encryption to ensure security may be a challenging problem. A single
error in system design or execution can allow successful attacks. Sometimes an adversary can
obtain unencrypted information without directly undoing the encryption. See, e.g., traffic
analysis, TEMPEST, or Trojan horse.[21]
Digital signature and encryption must be applied to the ciphertext when it is created (typically on
the same device used to compose the message) to avoid tampering; otherwise any node between
the sender and the encryption agent could potentially tamper with it. Encrypting at the time of
creation is only secure if the encryption device itself has not been tampered with.
Data erasure[edit]
Main article: Data erasure

Conventional methods for deleting data permanently from a storage device

involve overwriting its whole content with zeros, ones or other patterns – a process which can
take a significant amount of time, depending on the capacity and the type of the medium.
Cryptography offers a way of making the erasure almost instantaneous. This method is
called crypto-shredding. An example implementation of this method can be found
on iOS devices, where the cryptographic key is kept in a dedicated 'Effaceable
Storage'.[22] Because the key is stored on the same device, this setup on its own does not offer
full confidentiality protection in case an unauthorized person gains physical access to the device.

In computer systems, the algorithm consist of complex mathematical formulas that dictate the
rules of conversion process from plain text to cipher text and vice versa combined with the key.
However, some of encryption and decryption algorithms use the same key (i.e. sender, and
receiver). And in other encryption and decryption algorithms they use different keys but these
keys must be related. The major issue to design any encryption and decryption algorithm is to
improve the security level. Therefore, this paper aims to propose a new algorithm to improve the
security level and increase the performance by minimizing a significant amount of delay time to
maintain the security and makes comparative study [4]. This paper is structured as follows:
comparison between the most popular encryption algorithms, Advanced Encryption Standard
(AES), Public Key Infrastructure (PKI), proposed technique, performance analysis, security
analysis, and conclusion

 Comparisons of Most Popular Encryption Algorithms .

There is quite a number of encryption algorithms used for keeping information secured.
Their complexity and ability to resist attack varies from one algorithm to another. The
main component of encryption process is the algorithms that serve basic purpose in
different ways. Popularly used algorithms include DES, TripleDES, RC2, RC4,
Blowfish, Twofish and Rijndael (AES) as we mentioned in the abstract. The basic
information of the most popular ciphers is shown in table 1 [5].

1.2. Advanced Encryption Standard (AES)

Based on the table 1, the National Institute of Standards and Technology (NIST) in 1997,
announced officially that Rijndael algorithm would become the Advanced Encryption Standard
(AES) to replace the aging Data Encryption Standard (DES). AES algorithm is a block cipher
text the block size can be 128, 192 or 256 bits. 128(AES -128), 192(AES -192) and 256 (AES -
256) bits key lengths [5- 7]. The Rijndael algorithm is based on round function, and different
combinations of the algorithm are structured by repeating these round function different times.
Each round function contains uniform and parallel four steps, byte substitution, row shifting,
column mixing 147 and key addition, the data is passed through Nr rounds (10, 12, and 14), and
each step has its own particular functionality.

Public Key Infrastructure (PKI) PKI provides series of security services such as,
authentication, confidentiality, non-repudiation, and integrity to the messages being
exchanged [8- 10]. In this paper, PKI use in connection establishment phase to exchange
the security value between the network terminals i.e sender, and receiver.

 PROPOSED TECHNIQUE
 The proposed algorithm is an attempt to present a new approach for complex encrypting
and decrypting data based on parallel programming in such a way that the new approach
can make use of multiple-core processor to achieve higher speed with higher level of
security. 2.1.

 Encryption

In term of encryption process, the algorithm consists of combination of public key

infrastructure for hybrid system and RC6 algorithm for confusion and diffusion
operations as shown. The proposed encryption algorithm consists of the following
processes as shown in figure 3.

Public position is Hexadecimal numbers arranged in 8*8 matrix announced to all. In this step
RC6 algorithm play major roles to generate a private position based to the secrete value from
public key infrastructure. Plain-text 1024- bits size divided to 2 blocks. One of these blocks used
as key after performed confusion and diffusion operations using RC6 algorithm. The last step is
Insert the key inside the Cipher data based on the private position. RC6 is further described by a
pseudo-code as shown in figure.

.2. Decryption The decryption process involves converting the encrypted data back to its original
form for the receiver’s understanding. The same process is performed at the beginning of the
encryption and decryption process (connection established) as described in the encryption part at
the sender side to generate the same private position at the receiver side to eliminate the key
from the cipher text. . The proposed decryption algorithm consists of the following processes as
show in figure.
 SYSTEM ANALYSIS

 In order to test the performance analysis for any encryption and decryption algorithms,
the speed play a major roles [4, 11-12]. In this paper, the proposed algorithm compared
with Rijndael algorithm in term of the speed in both encryption and decryption process
because the National Institute of Standards and Technology (NIST) announced officially
that Rijndael algorithm become the Advanced Encryption Standard (AES) as we
mentioned in the previous section. Both algorithms are implemented in the same
environment and same conditions using C language.

 3. Speed analysis for encryption and decryption

 The speed of the algorithm can be characterized by measuring the time required for
encryption and decryption. This parameter is measured for both the algorithms: Proposed
algorithm and AES as shown in table 2, and 3.

International Journal of Computer Networks & Communications (IJCNC) Vol.5,

The following column charts showing the relationship between the key lengths and the
encryption
and decryption time in both cases in figure 6 and 7.
The result in this paper shows that the average time required to encrypt the data is 0.2972729 ms
in 512-bits key length using the proposed solution, and to encrypt the data using AES is
0.8918188 ms in 512-bits key lengthInternational Journal of Computer Networks &
Communications (IJCNC) Vol.5, No.2, March 2013.

As well as, the result shows that the average time required to decrypt the data is 0.3187594 ms in
512-bits key length using the proposed solution, and to decrypt the data using AES is 0.6365188
ms in 512-bits key length. In other words, the result in this paper shows the average time needed
to encrypt and decrypt a data using a proposed algorithm is much smaller than AES algorithm.
4. SECURITY ANAYSIS
In order to test the security level of the proposed algorithm, a set of tests and analysis are
performed on the algorithm. Some of these tests are taken from different cryptanalysis papers,
NIST statistical suite, and combination of several other statistical analyses. The following
analysis methods are performed on the algorithm: Information Entropy [13], correlation analysis
between the public and private positions [14-15].
4.1. Correlation Analysis
As we mentioned in section 2.1, RC6 algorithm play major roles to generate a private position
based to the secrete value from public key infrastructure. To analyze the correlations between the
public and the private positions, correlation coefficients test is used. The correlation coefficients
rules are described by a pseudo-code shown in figure 8 [13, 15].

In correlation analysis, we randomly choose different values in the public and private positions
(8*8 matrix). The correlation coefficients of the public and the private positions in vertical,
horizontal, and diagonal directions were calculated. The correlation coefficients for the three
dimensions in the private positions are close to zero, and for public positions are close to one.
This indicates that the public and private positions are not correlated.
4.2. Information Entropy
To calculate the entropy H(X), we have:
The entropy H(X) rules are described by a pseudo-code as shown in figure 9. The result shows
the entropy value H (X) for the proposed algorithm is 7.98789 which is very close to the
theoretical value 8. This indicates that the encryption algorithm is secure upon the entropy attack.

Figure 9. Rules of Information Entropy

4.3. The Strength of Encryption
The strength of encryption measure by the time required to decode or extract the key [10]. The
calculation of encryption strength of an encryption algorithm the following equation is used [16].
Differential Characteristic = (p1p2) −1 ×Filtering weight. The result shows, the proposed
algorithm needed 1.00E+68 time (Years) to crack.
5. CONCLUSION
This paper introduced a new approach for complex encrypting and decrypting data. Although
there have been many researchers on the cryptography, but most of the existing algorithms have
several weaknesses either caused by low security level or increase the delay time due the design
International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.2, March 2013
103
of the algorithm itself. The proposed algorithm have been tested against different known attacks
and proved to be secure against them. Therefore, it can be consider as a good alternative to some
applications because of the high level of security and average time needed to encrypt and decrypt.
ENCRYPTION AND ITS USE (APPLICATIONS)

For most of recorded history, encryption has been used to protect the secrecy of
communications between a sender and a receiver. Governments have historically been
heavy users of encryption. The Caesar cipher goes back to the Roman Empire. Ciphers were
used by both sides in the American Revolutionary War. Histories of World War II dwell at
length on the contribution of defeating German and Japanese encryption systems to the
Allied victory. At the same time, the Allies also relied on encryption systems, some of
which were defeated by Axis codebreakers. Governments’ reliance on encrypted
communications continues to the present day.

In recent years, encryption has become far more widely available on a wide range of consumer
and business products and services. Increasingly, encryption is available by default—often
without the user even being aware of it—and the keys for decrypting data are held by individual
users. As a result, more data is routinely encrypted today than ever before.
Today, encryption protects the communications of individuals and organizations from
unsophisticated and sophisticated criminals and repressive governments. It assures the security of
electronic commerce transactions over the Internet—for example making it possible to transmit
credit card numbers. It protects information stored on smartphones, laptops, and other devices.
Encrypted communication capabilities are built into major computing platforms and in an array
of messaging applications that are used by hundreds of millions of users.
Computer and communications systems use cryptography for three broad purposes—to protect
the confidentiality of information.(i.e.encryption), to protect the integrity of information, and to
authenticate the originator or sender of information. Applications that require the secrecy of large
volumes of information use symmetric cryptography. Asymmetric (public key) cryptography is
frequently used to securely disseminate keys that are used in symmetric cryptography. For
example, cryptography enables the secure distribution of regular software updates, including
security patches, over a network and is used to verify the identity of individuals and
organizations. This report focuses largely on the first application, encryption protecting
confidentiality. However, it touches on another use of cryptography: schemes to provide
exceptional access to information stored on smartphones or laptops that are locked with a
passcode may involve modifications to the cryptography that implements the locking
mechanism.
The increased availability and use of encryption—most notably to protect access to data stored
on smartphones and to keep Internet messages confidential—means that it is increasingly
encountered in investigations by law enforcement and intelligence agencies.1
This chapter provides a basic introduction to encryption and its uses. It provides context for
subsequent discussions of mechanisms that would afford government access and associated
technical and operational risks. It begins with a description of the different kinds of encryption
that are important today and with an overview of the ways that encryption systems are created. It
then provides an overview of some of the ways that modern computer and communications
systems use encryption to provide a secure experience to their end users. This is followed by a
description of the issues and challenges of managing the cryptographic keys that encryption
systems rely on. The chapter concludes with a discussion of the threats that modern encryption
systems face and attemt.

WEAKNESS IN ENCRYPTION
All encryption techniques have weak spots. As these weaknesses are revealed and exploited,
new methods of encrypting data are developed to provide additional layers of security for users.

One of the most common and bothersome weaknesses occurs when an encryption method,
also called a cipher or an algorithm, that's supposed to generate seemingly random strings of
gibberish instead produces outputs that have a discernible pattern. If the pattern gets noticed by
interlopers, it may help them crack the encrypted data.

A similar issue involves encryption algorithms that generate predictable patterns of characters
in response to repetitious, predictable input.

MORE: Email Encryption: Worth the Trouble?

If this problem is extensive enough, it can help digital intruders decipher at least part of the
encrypted data, which may include financial information, government documents or
other sensitive information. In many cases, even a partial data breach can be devastating.

Defenses against hackers and file corruption

Individuals and organizations that want to add protection to their encryption

algorithms often insert extra lines of code to alter the outputs -- a practice known
as "salting."

For example, one of the most common passwords used is simply "password."
Malicious hackers know what "password" and other common passwords look like
after they're run though common encryption algorithms.

But if an organization adds extra characters to each password during the

encryption process, such as "password" plus "safe," the output will be something
malicious hackers won't recognize — as long as the extra characters are kept
secret.

Encryption can also be used to verify the integrity of a file or piece of software. The raw
binary data of a file or application is run through a special encryption algorithm to produce a
"hash," a long number unique to that file.

Any alteration to the file, such as by a hacker inserting malicious code or by random data
corruption, will produce a different hash. Computers and mobile devices compare a new piece of
software's stated hash to its actual one before installing the software.

A similar process involves running a piece of software through a simple algorithm that
produces a single short number, a "checksum." Altering the software in any way will likely
produce a different checksum.

To guard against random, accidental corruption, many pieces of software include protection in
the form of self-diagnostic checksum matches that the software performs each time it's launched.

ADVANTAGES OF ENCRYPTION

With so much of our sensitive data stored online, it’s no surprise that cybercrime is on the rise.
Data breaches have long been a problem for businesses and individuals, but criminals are
ramping up attacks, and the numbers are alarming. In 2015,ID Theft Center reports that
government agencies, businesses, education, healthcare, and banking organizations were the
victims of 781 breaches in the United States. In 2014, 783 breaches occurred, and 2013, 614. It’s
important to realize that these numbers only represent breaches confirmed by government
agencies and the media—there are new attacks happening every day. As of September 2016, 638
breaches had already been confirmed for the year and mega attacks continue to be on the rise.
Info Security shares projections that cybercrime costs worldwide will double from $3 trillion in
2015 to $6 trillion in 2021.

Rising data breaches are bad news, but there are ways businesses and agencies can help
protect their information from cybercrime. Encryption technology is one of the key methods for
protecting data online, and what started as simple code use over telegraph in World War I is now
a sophisticated coded algorithm that allows data to safely be stored and transferred. Encrypted
data is known as “cipher text” and can only be decrypted with a key or password. While
encryption cannot protect against all cyber-attacks, the technology makes data theft a much more
difficult task for hackers. Here are just 5 of the benefits of using encryption technology:

READ
Data Center Security: Not Just About Cyber
 1. Encryption Provides Security for Data at All Times
Generally, data is most vulnerable when it is being moved from one
location to another. Encryption works during data transport or at rest,
making it an ideal solution no matter where data is stored or how it is
used. Encryption should be standard for all data stored at all times,
regardless of whether or not it is deemed “important”.

2. Encrypted Data Maintains Integrity

Hackers don’t just steal information, they also can benefit from
altering data to commit fraud. While it is possible for skilled individuals
to alter encrypted data, recipients of the data will be able to detect the
corruption, which allows for a quick response to the cyber-attack.

3. Encryption Protects Privacy

Encryption is used to protect sensitive data, including personal
information for individuals. This helps to ensure anonymity and privacy,
reducing opportunities for surveillance by both criminals and
government agencies. Encryption technology is so powerful that some
governments are attempting to put limits on the effectiveness of
encryption—which does not ensure privacy for companies or
individuals.

4. Encryption is Part of Compliance

Many industries have strict compliance requirements to help protect
those whose personal information is stored by organizations. HIPAA,
FIPS, and other regulations rely on security methods such as encryption
to protect data, and businesses can use encryption to achieve
comprehensive security.

READ
4 Ways Big Data Has Made Bluetooth A Terrifying Security Risk
5. Encryption Protects Data across Devices
Multiple (and mobile) devices are a big part of our lives, and
transferring data from device to device is a risky proposition. Encryption
technology can help protect store data across all devices, even during
transfer. Additional security measures like advanced authentication help
deter unauthorized users.

The Future of Encryption

As hackers continue to become more savvy and sophisticated,
encryption technology must evolve as well. Security professionals are
working on a few different exciting technological advances in the
encryption field, including Elliptic Curve Cryptography (ECC),
homomorphic encryption, and quantum computation.

ECC is a method of cryptography that isn’t so much an improvement

of the encryption method itself, but a method that allows encryption and
decryption to take place much faster, without any loss of data security.

Homomorphic encryption would be a system allowing calculations on

encrypted data without decrypting it. This method would allow
encryption across cloud systems, and ensure greater privacy for users.
As an example, a financial institution could make assessments for
individuals without revealing personal information.

Quantum computation and key distribution generate random sequences

that result in codes that are virtually unbreakable. Attempted
interceptions of the data would be detectable by both the sender and
recipient, allowing for a quick response to any hacking attempts.
Quantum computation can store data in multiple states, allowing for
incredibly fast calculations.
HISTORY OF PYTHON

Python is an interpreted, high-level, general-purpose programming language. Created by Guido

van Rossum and first released in 1991, Python's design philosophy emphasizes code readability
with its notable use of significant whitespace. Its language constructs and object-oriented
approach aims to help programmers write clear, logical code for small and large-scale
projects.[28]

Python is dynamically typed and garbage-collected. It supports multiple programming

paradigms, including procedural, object-oriented, and functional programming. Python is often
described as a "batteries included" language due to its comprehensive standard library.[29]

Python was conceived in the late 1980s as a successor to the ABC language. Python 2.0, released
2000, introduced features like list comprehensions and a garbage collection system capable of
collecting reference cycles. Python 3.0, released 2008, was a major revision of the language that
is not completely backward-compatible, and much Python 2 code does not run unmodified on
Python 3. Due to concern about the amount of code written for Python 2, support for Python 2.7
(the last release in the 2.x series) was extended to 2020. Language developer Guido van Rossum
shouldered sole responsibility for the project until July 2018 but now shares his leadership as a
member of a five-person steering council.[30][31][32]

Python interpreters are available for many operating systems. A global community of
programmers develops and maintains CPython, an open source[33] reference implementation. A
non-profit organization, the Python Software Foundation, manages and directs resources for
Python and CPython development.

Python was conceived in the late 1980s[34] by Guido van Rossum at Centrum Wiskunde &
Informatica (CWI) in the Netherlands as a successor to the ABC language (itself inspired by
SETL)[35], capable of exception handling and interfacing with the Amoeba operating system.[8]
Its implementation began in December 1989.[36] Van Rossum continued as Python's lead
developer until July 12, 2018, when he announced his "permanent vacation" from his
responsibilities as Python's Benevolent Dictator For Life, a title the Python community bestowed
upon him to reflect his long-term commitment as the project's chief decision-maker.[37] In
January, 2019, active Python core developers elected Brett Cannon, Nick Coghlan, Barry
Warsaw, Carol Willing and van Rossum to a five-member "Steering Council" to lead the
project.[38]
Python 2.0 was released on 16 October 2000 with many major new features, including a cycle-
detecting garbage collector and support for Unicode.[39]

Python 3.0 was released on 3 December 2008. It was a major revision of the language that is not
completely backward-compatible.[40] Many of its major features were backported to Python
2.6.x[41] and 2.7.x version series. Releases of Python 3 include the 2to3 utility, which automates
(at least partially) the translation of Python 2 code to Python 3.[42]

Python 2.7's end-of-life date was initially set at 2015 then postponed to 2020 out of concern that
a large body of existing code could not easily be forward-ported to Python 3.[43][44] In January
2017, Google announced work on a Python 2.7 to Go transcompiler to improve performance
under concurrent workloads.[45]

Features and philosophy

Python is a multi-paradigm programming language. Object-oriented programming and structured

programming are fully supported, and many of its features support functional programming and
aspect-oriented programming (including by metaprogramming[46] and metaobjects (magic
methods)).[47] Many other paradigms are supported via extensions, including design by
contract[48][49] and logic programming.[50]

Python uses dynamic typing, and a combination of reference counting and a cycle-detecting
garbage collector for memory management. It also features dynamic name resolution (late
binding), which binds method and variable names during program execution.

Python's design offers some support for functional programming in the Lisp tradition. It has
filter, map, and reduce functions; list comprehensions, dictionaries, sets and generator
expressions.[51] The standard library has two modules (itertools and functools) that implement
functional tools borrowed from Haskell and Standard ML.[52]

The language's core philosophy is summarized in the document The Zen of Python (PEP 20),
which includes aphorisms such as:[53]
Beautiful is better than ugly

Explicit is better than implicit

Simple is better than complex

Complex is better than complicated

Readability counts

Rather than having all of its functionality built into its core, Python was designed to be highly
extensible. This compact modularity has made it particularly popular as a means of adding
programmable interfaces to existing applications. Van Rossum's vision of a small core language
with a large standard library and easily extensible interpreter stemmed from his frustrations with
ABC, which espoused the opposite approach.[34]

Python strives for a simpler, less-cluttered syntax and grammar while giving developers a choice
in their coding methodology. In contrast to Perl's "there is more than one way to do it" motto,
Python embraces a "there should be one—and preferably only one—obvious way to do it" design
philosophy.[53] Alex Martelli, a Fellow at the Python Software Foundation and Python book
author, writes that "To describe something as 'clever' is not considered a compliment in the
Python culture."[54]

Python's developers strive to avoid premature optimization, and reject patches to non-critical
parts of the CPython reference implementation that would offer marginal increases in speed at
the cost of clarity.[55] When speed is important, a Python programmer can move time-critical
functions to extension modules written in languages such as C, or use PyPy, a just-in-time
compiler. Cython is also available, which translates a Python script into C and makes direct C-
level API calls into the Python interpreter.

An important goal of Python's developers is keeping it fun to use. This is reflected in the
language's name—a tribute to the British comedy group Monty Python[56]—and in occasionally
playful approaches to tutorials and reference materials, such as examples that refer to spam and
eggs (from a famous Monty Python sketch) instead of the standard foo and bar.[57][58]
A common neologism in the Python community is pythonic, which can have a wide range of
meanings related to program style. To say that code is pythonic is to say that it uses Python
idioms well, that it is natural or shows fluency in the language, that it conforms with Python's
minimalist philosophy and emphasis on readability. In contrast, code that is difficult to
understand or reads like a rough transcription from another programming language is called
unpythonic.

Users and admirers of Python, especially those considered knowledgeable or experienced, are
often referred to as Pythonists, Pythonistas, and Pythoneers.[59][60]

Syntax and semantics

Main article: Python syntax and semantics

Python is meant to be an easily readable language. Its formatting is visually uncluttered, and it
often uses English keywords where other languages use punctuation. Unlike many other
languages, it does not use curly brackets to delimit blocks, and semicolons after statements are
optional. It has fewer syntactic exceptions and special cases than C or Pascal.[61]

Indentation

Main article: Python syntax and semantics § Indentation

Python uses whitespace indentation, rather than curly brackets or keywords, to delimit blocks.
An increase in indentation comes after certain statements; a decrease in indentation signifies the
end of the current block.[62] Thus, the program's visual structure accurately represents the
program's semantic structure.[1] This feature is also sometimes termed the off-side rule.
Vigenère cipher

The Vigenère cipher is named for Blaise de

Vigenère (pictured), although Giovan Battista

Bellaso had invented the cipher earlier. Vigenère

did invent a stronger autokey cipher.

A reproduction of the Confederacy's cipher disk

on display at the National Cryptologic Museum

The Vigenère cipher is a method of encrypting alphabetic text by

using a series of different Caesar ciphers based on the letters of a

keyword. It is a simple form of polyalphabetic substitution.[1][2]

The Vigenère (French pronunciation: [viʒnɛːʁ]) cipher has been reinvented

many times. The method was originally described by Giovan Battista

Bellaso in his 1553 book La cifra del. Sig. Giovan Battista Bellaso;

however, the scheme was later misattributed to Blaise de Vigenère in

the 19th century, and is now widely known as the "Vigenère cipher".

This cipher is well known because while it is easy to understand and

implement, it often appears to beginners to be unbreakable; this earned

it the description le chiffre indéchiffrable (French for 'the

indecipherable cipher'). Consequently, many people have tried to

implement encryption schemes that are essentially Vigenère ciphers,

only to have them broken.[3]

History

The first well documented description of a polyalphabetic cipher was

formulated by Leon Battista Alberti around 1467 and used a metal

cipher disc to switch between cipher alphabets. Alberti's system only

switched alphabets after several words, and switches were indicated by

writing the letter of the corresponding alphabet in the ciphertext. Later,

in 1508, Johannes Trithemius, in his work Poligraphia, invented the

tabula recta, a critical component of the Vigenère cipher. The

Trithemius cipher, however, only provided a progressive, rigid and

predictable system for switching between cipher alphabets.

What is now known as the Vigenère cipher was originally described by

Giovan Battista Bellaso in his 1553 book La cifra del. Sig. Giovan

Battista Bellaso. He built upon the tabula recta of Trithemius, but

added a repeating "countersign" (a key) to switch cipher alphabets every letter.

Whereas Alberti and Trithemius used

a fixed pattern of substitutions, Bellaso's scheme meant the pattern of substitutions

could be easy changed simply by

selecting a new key. Keys were typically single words or short phrases, known to
both parties in advance, or

transmitted "out of band" along with the message. Bellaso's method thus required
strong security for only the key. As

it is relatively easy to secure a short key phrase, say by a previous private

conversation, Bellaso's system was
considerably more secure.

Blaise de Vigenère published his description of a similar but stronger autokey

cipher before the court of Henry III of

France, in 1586. Later, in the 19th century, the invention of Bellaso's cipher was
misattributed to Vigenère. David

Kahn in his book The Codebreakers lamented the misattribution by saying that
history had "ignored this important

contribution and instead named a regressive and elementary cipher for him
[Vigenère] though he had nothing to do

with it".[4]

The Vigenère cipher gained a reputation for being exceptionally strong. Noted
author and mathematician Charles

Lutwidge Dodgson (Lewis Carroll) called the Vigenère cipher unbreakable in his
1868 piece "The Alphabet Cipher"

in a children's magazine. In 1917, Scientific American described the Vigenère

cipher as "impossible of translation".[5]

Vigenère cipher 2

This reputation was not deserved. Charles Babbage was known to have broken a
variant of the cipher as early as

1854; however, he didn't publish his work.[6] Kasiski entirely broke the cipher and
published the technique in the

19th century. Even before this, though, some skilled cryptanalysts could
occasionally break the cipher in the 16th

century.[4]

Cryptographic slide rule used as a calculation aid

by the Swiss Army between 1914 and 1940.

The Vigenère cipher is simple enough to be a field cipher if it is used

in conjunction with cipher disks.[7] The Confederate States of America,

for example, used a brass cipher disk to implement the Vigenère cipher

during the American Civil War. The Confederacy's messages were far

from secret and the Union regularly cracked their messages.

Throughout the war, the Confederate leadership primarily relied upon

three key phrases, "Manchester Bluff", "Complete Victory" and, as the

war came to a close, "Come Retribution".[8]

Gilbert Vernam tried to repair the broken cipher (creating the

Vernam-Vigenère cipher in 1918), but, no matter what he did, the

cipher was still vulnerable to cryptanalysis. Vernam's work, however, eventually

led to the one-time pad, a provably

unbreakable cipher.

Description

The Vigenère square or Vigenère table, also known as the tabula recta, can be
used

for encryption and decryption.

In a Caesar cipher, each letter of the

alphabet is shifted along some number of

places; for example, in a Caesar cipher of

shift 3, A would become D, B would

become E, Y would become B and so on.

The Vigenère cipher consists of several

Caesar ciphers in sequence with different

shift values.

To encrypt, a table of alphabets can be used,

termed a tabula recta, Vigenère square, or

Vigenère table. It consists of the alphabet

written out 26 times in different rows, each

alphabet shifted cyclically to the left

compared to the previous alphabet,

corresponding to the 26 possible Caesar

ciphers. At different points in the encryption

process, the cipher uses a different alphabet

from one of the rows. The alphabet used at

each point depends on a repeating keyword.

For example, suppose that the plaintext to be

encrypted is:

ATTACKATDAWN

The person sending the message chooses a keyword and repeats it until it matches
the length of the plaintext, for

example, the keyword "LEMON":

LEMONLEMONLE

Vigenère cipher 3
Each row starts with a key letter. The remainder of the row holds the letters A to Z
(in shifted order). Although there

are 26 key rows shown, you will only use as many keys (different alphabets) as
there are unique letters in the key

string, here just 5 keys, {L, E, M, O, N}. For successive letters of the message, we
are going to take successive

letters of the key string, and encipher each message letter using its corresponding
key row. Choose the next letter of

the key, go along that row to find the column heading that matches the message
character; the letter at the

intersection of [key-row, msg-col] is the enciphered letter.

For example, the first letter of the plaintext, A, is paired with L, the first letter of
the key. So use row L and column

A of the Vigenère square, namely L. Similarly, for the second letter of the
plaintext, the second letter of the key is

used; the letter at row E and column T is X. The rest of the plaintext is enciphered
in a similar fashion:

Plaintext: ATTACKATDAWN

Key: LEMONLEMONLE

Ciphertext: LXFOPVEFRNHR

Decryption is performed by going to the row in the table corresponding to the key,
finding the position of the

ciphertext letter in this row, and then using the column's label as the plaintext. For
example, in row L (from

LEMON), the ciphertext L appears in column A, which is the first plaintext letter.
Next we go to row E (from
LEMON), locate the ciphertext X which is found in column T, thus T is the second
plaintext letter.

Algebraic description

Vigenère can also be viewed algebraically. If the letters A–Z are taken to be the
numbers 0–25, and addition is

performed modulo 26, then Vigenère encryption using the key can be written,

and decryption using the key ,

whereas is the message, is the ciphertext and is the used

key.

Thus using the previous example, to encrypt with key letter the calculation would
result in .

Therefore to decrypt with key letter the calculation would result in .

Vigenère cipher 4

Cryptanalysis

The Vigenère cipher masks the characteristic letter frequencies of English

plaintexts, but

some patterns remain.

The idea behind the Vigenère cipher,

like all polyalphabetic ciphers, is to

disguise plaintext letter frequencies,

which interferes with a straightforward

application of frequency analysis. For

instance, if P is the most frequent

letter in a ciphertext whose plaintext is

in English, one might suspect that P

corresponds to E, because E is the

most frequently used letter in English.

However, using the Vigenère cipher,

E can be enciphered as different

ciphertext letters at different points in

the message, thus defeating simple

frequency analysis.

The primary weakness of the Vigenère

cipher is the repeating nature of its key. If a cryptanalyst correctly guesses the key's
length, then the cipher text can

be treated as interwoven Caesar ciphers, which individually are easily broken. The
Kasiski and Friedman tests can

help determine the key length.

Kasiski examination

For more details on this topic, see Kasiski examination.

In 1863 Friedrich Kasiski was the first to publish a successful general attack on the
Vigenère cipher. Earlier attacks

relied on knowledge of the plaintext, or use of a recognizable word as a key.

Kasiski's method had no such
dependencies. Kasiski was the first to publish an account of the attack, but it's clear
that there were others who were

aware of it. In 1854, Charles Babbage was goaded into breaking the Vigenère
cipher when John Hall Brock Thwaites

submitted a "new" cipher to the Journal of the Society of the Arts. When Babbage
showed that Thwaites' cipher was

essentially just another recreation of the Vigenère cipher, Thwaites challenged

Babbage to break his cipher encoded

twice, with keys of different length. Babbage succeeded in decrypting a sample,

which turned out to be the poem

"The Vision of Sin", by Alfred Tennyson, encrypted according to the keyword

"Emily", the first name of Tennyson's

wife. Babbage never explained the method he used. Studies of Babbage's notes
reveal that he had used the method

later published by Kasiski, and suggest that he had been using the method as early
as 1846.[9]

The Kasiski examination, also called the Kasiski test, takes advantage of the fact
that repeated words may, by

chance, sometimes be encrypted using the same key letters, leading to repeated
groups in the ciphertext. For

example, Consider the following encryption using the keyword ABCD:

Key: ABCDABCDABCDABCDABCDABCDABCD

Plaintext: CRYPTOISSHORTFORCRYPTOGRAPHY

Ciphertext: CSASTPKVSIQUTGQUCSASTPIUAQJB

There is an easily seen repetition in the ciphertext, and the Kasiski test will be
effective. Here the distance between
the repetitions of CSASTP is 16. Assuming that the repeated segments represent
the same plaintext segments, this

implies that the key is 16, 8, 4, 2, or 1 characters long. (All factors of the distance
are possible key lengths – a key of

length one is just a simple shift cipher, where cryptanalysis is much easier.) Since
key lengths 2 and 1 are

unrealistically short, one only needs to try lengths 16, 8, or 4. Longer messages
make the test more accurate because

Vigenère cipher 5

they usually contain more repeated ciphertext segments. The following ciphertext
has two segments that are

repeated:

Ciphertext:
VHVSSPQUCEMRVBVBBBVHVSURQGIBDUGRNICJQUCERVUAXSSR

The distance between the repetitions of VHVS is 18. Assuming that the repeated
segments represent the same

plaintext segments, this implies that the key is 18, 9, 6, 3, 2, or 1 characters long.
The distance between the

repetitions of QUCE is 30 characters. This means that the key length could be 30,
15, 10, 6, 5, 3, 2, or 1 characters

long. By taking the intersection of these sets one could safely conclude that the
most likely key length is 6, since 3,

2, and 1 are unrealistically short.

Friedman test

The Friedman test (sometimes known as the kappa test) was invented during the
1920s by William F. Friedman.
Friedman used the index of coincidence, which measures the unevenness of the
cipher letter frequencies to break the

cipher. By knowing the probability that any two randomly chosen source-language
letters are the same (around

0.067 for monocase English) and the probability of a coincidence for a uniform
random selection from the alphabet

(1/26 = 0.0385 for English), the key length can be estimated as:

from the observed coincidence rate

where c is the size of the alphabet (26 for English), N is the length of the text, and
n1 through nc are the observed

ciphertext letter frequencies, as integers.

This is, however, only an approximation whose accuracy increases with the size of
the text. It would in practice be

necessary to try various key lengths close to the estimate.[10] A better approach
for repeating-key ciphers is to copy

the ciphertext into rows of a matrix having as many columns as an assumed key
length, then compute the average

index of coincidence with each column considered separately; when this is done
for each possible key length, the

highest average I.C. then corresponds to the most likely key length.[11] Such tests
may be supplemented by

information from the Kasiski examination.

Frequency analysis

Once the length of the key is known, the ciphertext can be rewritten into that many
columns, with each column

corresponding to a single letter of the key. Each column consists of plaintext that
has been encrypted by a single
Caesar cipher; the Caesar key (shift) is just the letter of the Vigenère key that was
used for that column. Using

methods similar to those used to break the Caesar cipher, the letters in the
ciphertext can be discovered.

An improvement to the Kasiski examination, known as Kerckhoffs' method,

matches each column's letter

frequencies to shifted plaintext frequencies to discover the key letter (Caesar shift)
for that column. Once every letter

in the key is known, the cryptanalyst can simply decrypt the ciphertext and reveal
the plaintext.[12] Kerckhoffs'

method is not applicable when the Vigenère table has been scrambled, rather than
using normal alphabetic

sequences, although Kasiski examination and coincidence tests can still be used to
determine key length in that case.

Vigenère cipher 6

Key elimination

The Vigenère cipher function is essentially modulo arithmetic, and thus

commutative. So if the key length is known

(or guessed) then subtracting the cipher text from itself, offset by the key length
will produce the cipher text

encrypted with itself. If any words in the cipher text are known or can be guessed,
then the plain text and also the

key, will be revealed. This is useful if the key is an obscure sequence of letters
because the plain text will generally

be ordinary words. Key elimination is useful for making short versions of the plain
text.

Variants
The running key variant of the Vigenère cipher was also considered unbreakable at
one time. This version uses as the

key a block of text as long as the plaintext. Since the key is as long as the message
the Friedman and Kasiski tests no

longer work (the key is not repeated). In 1920, Friedman was the first to discover
this variant's weaknesses. The

problem with the running key Vigenère cipher is that the cryptanalyst has
statistical information about the key

(assuming that the block of text is in a known language) and that information will
be reflected in the ciphertext.

If using a key which is truly random, is at least as long as the encrypted message
and is used only once, the Vigenère

cipher is theoretically unbreakable. However, in this case it is the key, not the
cipher, which provides cryptographic

strength and such systems are properly referred to collectively as one-time pad
systems, irrespective of which ciphers

are employed.

Vigenère actually invented a stronger cipher: an autokey cipher. The name

"Vigenère cipher" became associated

with a simpler polyalphabetic cipher instead. In fact, the two ciphers were often
confused, and both were sometimes

called "le chiffre indéchiffrable". Babbage actually broke the much stronger
autokey cipher, while Kasiski is

generally credited with the first published solution to the fixed-key polyalphabetic
ciphers.

A simple variant is to encrypt using the Vigenère decryption method, and decrypt
using Vigenère encryption. This
method is sometimes referred to as "Variant Beaufort". This is different from the
Beaufort cipher, created by Sir

Francis Beaufort, which nonetheless is similar to Vigenère but uses a slightly

modified enciphering mechanism and

tableau. The Beaufort cipher is a reciprocal cipher.

Despite the Vigenère cipher's apparent strength it never became widely used
throughout Europe. The Gronsfeld

cipher is a variant created by Count Gronsfeld which is identical to the Vigenère

cipher, except that it uses just 10

different cipher alphabets (corresponding to the digits 0 to 9). The Gronsfeld cipher
is strengthened because its key is

not a word, but it is weakened because it has just 10 cipher alphabets. Gronsfeld's
cipher did become widely used

throughout Germany and Europe, despite its weaknesses.

References

[1] Bruen, Aiden A. & Forcinito, Mario A. (2011). Cryptography, Information

Theory, and Error-Correction: A Handbook for the 21st Century

(http:/ / books. google. com/ books?id=fd2LtVgFzoMC& pg=PA21). John Wiley

& Sons. p. 21. ISBN 978-1-118-03138-4. .

[2] Martin, Keith M. (2012). Everyday Cryptography (http:/ / books. google. com/
books?id=1NHli2uzt_EC& pg=PT142). Oxford University

Press. p. 142. ISBN 978-0-19-162588-6. .

[3] Smith, Laurence D. (1943). "Substitution Ciphers". Cryptography the Science

of Secret Writing: The Science of Secret Writing. Dover

Publications. pp. 81. ISBN 0-486-20247-X.

[4] David, Kahn (1999). "On the Origin of a Species". The Codebreakers: The
Story of Secret Writing. Simon & Schuster. ISBN 0-684-83130-9.
[5] Knudsen, Lars R. (1998). "Block Ciphers— a survey". In Bart Preneel and
Vincent Rijmen. State of the Art in Applied Cryptography: Course

on Computer Security and Industrial Cryptograph Leuven Belgium, June 1997

Revised Lectures. Berlin ; London: Springer. pp. 29.

ISBN 3-540-65474-7.

[6] Singh, Simon (1999). "Chapter 2: Le Chiffre Indéchiffrable". The Code Book.
Anchor Books, Random House. pp. 63–78.

ISBN 0-385-49532-3.

[7] Codes, Ciphers, & Codebreaking (http:/ / www. vectorsite. net/ ttcode_03.
html#m2) (The Rise Of Field Ciphers)

[8] David, Kahn (1999). "Crises of the Union". The Codebreakers: The Story of
Secret Writing. Simon & Schuster. pp. 217–221.

ISBN 0-684-83130-9.

[9] Franksen, O. I. (1985) Mr. Babbage's Secret: The Tale of a Cipher—and APL.
Prentice Hall.

Vigenère cipher 7

[10] Henk C.A. van Tilborg, ed. (2005). Encyclopedia of Cryptography and
Security (First ed.). Springer. pp. 115. ISBN 0-387-23473-X.

[11] Mountjoy, Marjorie (1963). "The Bar Statistics". NSA Technical Journal VII
(2,4). Published in two parts.

[12] "Lab exercise: Vigenere, RSA, DES, and Authentication Protocols" (http:/ /
courses. umass. edu/ cs415/ labs/ lab1/ 415-lab1-crypto. pdf)

(PDF). CS 415: Computer and Network Security. . Retrieved 2006-11-10.

Sources
• Beutelspacher, Albrecht (1994). "Chapter 2". Cryptology. translation from
German by J. Chris Fisher.

Washington, DC: Mathematical Association of America. pp. 27–41. ISBN 0-

88385-504-6.

• Singh, Simon (1999). "Chapter 2: Le Chiffre Indéchiffrable". The Code Book.

Anchor Book, Random House.

ISBN 0-385-49532-3.

• Gaines, Helen Fouche (1939). "The Gronsfeld, Porta and Beaufort Ciphers".
Cryptanalysis a Study of Ciphers and

Their Solutions. Dover Publications. pp. 117–126. ISBN 0-486-20097-3.

• Mendelsohn, Charles J. (1940). "Blaise De Vigenere and The "Chiffre Carre","

Proceedings of the American

Philosophical Society 82, no. 2

External links

Articles

• History of the cipher from Cryptologia (http:/ / home. att. net/ ~tleary/ cryptolo.
htm)

• Basic Cryptanalysis (http:/ / www. bbc. co. uk/ dna/ h2g2/ alabaster/ A613135) at
H2G2

• Lecture Notes on Classical Cryptology including an explanation and derivation of

the Friedman Test (http:/ /

www-math. cudenver. edu/ ~wcherowi/ courses/ m5410/ m5410cc. html)

• (http:/ / web. archive. org/ web/ 20110624100854/ http:/ / www. aolnews. com/
2010/ 12/ 25/

civil-war-message-in-a-bottle-opened-decoded/ )
Programming

• Sharky's Online Vigenere Cipher (http:/ / sharkysoft. com/ misc/ vigenere/ ) —

Encode and decode messages,

using a known key, within a Web browser (JavaScript)

• PyGenere: an online tool for automatically deciphering Vigenère-encoded texts

(http:/ / smurfoncrack. com/

pygenere/ ) (6 languages supported)

• Vigenère Cipher encryption and decryption program (browser version, English

only) (http:/ / ljplawcom00.

web707. discountasp. net/ Vigenere/ Vigenere. aspx/ )

• Crypt::Vigenere (http:/ / search. cpan. org/ ~alizta/ Crypt-Vigenere-0. 07/

Vigenere. pm) — a CPAN module

implementing the Vigenère cipher

• Breaking the indecipherable cipher: Perl code to decipher Vigenère text, with the
source in the shape of Babbage's

head (http:/ / www. perlmonks. org/ ?node_id=550450)

• Vigenère in BASH (http:/ / papacharliefox3. wordpress. com/ 2009/ 04/ 02/

desafio-de-crypto-ii-cifra-de-vigenere/ )

• Java Vigenere (http:/ / www. vigenere. tk) applet with source code (GNU GPL)

• Vigenere Cipher in Java (http:/ / log. flirt-wind. net/ 2010/ 08/ vigenere-cipher-in-
java/ )

• Vijner 974 Encryption Tool in C# (Vigenere Algorithm) (http:/ / sourceforge. net/

projects/ tstools/ )

• Vigenère Cipher encryption tool (http:/ / www. vigenere. net/ ) - Browser

• Vigenère Cipher encryption tool (https:/ / chrome. google. com/ webstore/ detail/

jefmgpafeddooefhpnhccodndbcpbmhj) - Google Chrome extension

<