A military uses a cipher where each letter is shifted by a secret number (Caesar cipher with unknown shift). An analyst intercepts a long ciphertext and notices the letter 'X' appears far more often than any other. What technique is the analyst using, and what can they likely conclude?
Think about your answer, then reveal below.
Model answer: The analyst is using frequency analysis. In English, 'E' is the most common letter. If 'X' is the most frequent ciphertext letter, the shift is likely E→X, which is a shift of 19. The analyst can decrypt the entire message by shifting back 19 positions.
Frequency analysis exploits the fact that substitution ciphers preserve the statistical distribution of plaintext. Since each plaintext letter maps to exactly one ciphertext letter, the frequency profile of the plaintext language leaks through. With enough ciphertext, the most common ciphertext symbol almost certainly corresponds to the most common plaintext symbol. This is why simple substitution ciphers are insecure regardless of key secrecy.
Question 2 Multiple Choice
Kerckhoffs' principle states that a cryptosystem should be secure even if everything about the system is public knowledge except the key. A colleague argues this is unrealistic because hiding the algorithm provides extra security. What is the flaw in this reasoning?
AHiding the algorithm is impossible because attackers can always reverse-engineer it
BAlgorithm secrecy is fragile — once leaked, the entire system is permanently compromised, whereas a compromised key can be changed. Security must rest on the key alone
CHidden algorithms are always weaker than public ones
DKerckhoffs' principle only applies to military cryptography, not civilian systems
The fundamental issue is resilience to partial compromise. If security depends on algorithm secrecy, a single leak — through reverse engineering, insider betrayal, or accidental disclosure — permanently breaks the system. Keys, by contrast, are small, changeable, and designed to be replaced. A public algorithm also benefits from widespread scrutiny: the cryptographic community can find weaknesses before adversaries exploit them. History is filled with proprietary ciphers (DVD's CSS, GSM's A5/1) that crumbled once their algorithms were discovered.
Question 3 Short Answer
The Vigenere cipher was considered 'unbreakable' for centuries. What property distinguishes it from a simple substitution cipher, and what ultimately enabled its cryptanalysis?
Think about your answer, then reveal below.
Model answer: The Vigenere cipher uses a repeating keyword to apply different Caesar shifts to different positions, making it a polyalphabetic cipher — each plaintext letter can map to multiple ciphertext letters depending on position. This flattens single-letter frequency distributions. However, the keyword repeats, creating periodic patterns. Kasiski examination and Friedman's index of coincidence exploit this periodicity to determine keyword length, after which each position reduces to a simple Caesar cipher broken by frequency analysis.
Polyalphabetic substitution obscures single-letter frequencies but does not eliminate statistical patterns — it merely distributes them across keyword-length groups. Once the period is known, the cipher decomposes into independent monoalphabetic ciphers. The lesson is that obscuring frequency statistics is necessary but not sufficient: any deterministic, periodic transformation leaves exploitable structure.
Question 4 True / False
A transposition cipher rearranges plaintext letters without changing them, while a substitution cipher replaces letters without moving them.
TTrue
FFalse
Answer: True
This is the fundamental distinction between the two classical cipher families. Substitution changes the identity of symbols (a→X, b→Q) while preserving their order. Transposition changes the order of symbols while preserving their identity. Both alone are weak against statistical attacks — substitution leaks frequency data, transposition leaks letter identities. Combining both (as in rotor machines and modern product ciphers) is far stronger, which is why modern block ciphers alternate substitution layers (S-boxes) with permutation layers.
Question 5 Short Answer
An analyst has a ciphertext produced by a monoalphabetic substitution cipher applied to an English plaintext. The analyst also has a short segment of known plaintext-ciphertext pairs. Why does this known-plaintext attack provide dramatically more leverage than ciphertext-only frequency analysis?
Think about your answer, then reveal below.
Model answer: Known plaintext-ciphertext pairs directly reveal portions of the substitution mapping (e.g., if plaintext 'the' maps to ciphertext 'QXV', then t→Q, h→X, e→V are known). Each confirmed mapping eliminates possibilities for remaining letters and can be propagated through the rest of the ciphertext. With enough known plaintext, the full 26-letter mapping can be reconstructed directly, whereas frequency analysis requires statistical inference and can be ambiguous for letters with similar frequencies.
Known-plaintext attacks are devastating against simple substitution because the substitution table is a fixed, deterministic mapping. Every confirmed pair is a constraint that reduces the remaining keyspace. Even a handful of known pairs dramatically narrows possibilities. This illustrates why modern ciphers must resist known-plaintext attacks by design — the attacker should learn nothing about the key even with access to many plaintext-ciphertext pairs.