[Cryptography] Unicity distance of Playfair

mok-kong shen mok-kong.shen at t-online.de
Sat Mar 26 10:10:44 EDT 2016


Am 25.03.2016 um 23:24 schrieb Ray Dillinger:
>
>
> On 03/25/2016 02:21 AM, mok-kong shen wrote:
>> Am 25.03.2016 um 01:38 schrieb Ray Dillinger:
>
>> Your sentence "Every cipher that has the same key length will have
>> the same unicity distance when used to encrypt English." is IMHO
>> evidently a "consequence" of these "ciphers" which have been examined
>> all have alphabet of size 26 (excepting Playfair, which we are arguing
>> here). So your logic is apparently problematical here.
>
> It's subject to a few assumptions.  As others have pointed
> out, Playfair is a block cipher of two-letter blocks, so
> calculating its unicity distance in terms of letters is
> valid for an even number of letters.  The Unicity distance
> will always be a multiple of the block size, so if the
> calculation in letters had come out to, eg, 26.8 or something
> you'd have to round up to 28 instead of 27.
>
> Also the redundancy measure I used was a very specific figure
> applicable to most hand ciphers:  It was the redundancy of
> English text represented in letters, over the space of all
> possible strings of letters the same length.
>
> But if we're talking about the redundancy of English text as
> represented in a 676-character alphabet (digraphs) over the
> space of all possible digraph strings the same length, the
> sizes of the units (and therefore the redundancy per unit)
> are the only thing that's changed.
>
> You have the same ratio of non-English strings to English
> strings at a length of N digraphs, that you have at a length
> of 2N letters.  So your redundancy per digraph is twice as much
> as the redundancy per letter.
>
> You get a unicity distance half as big as it was with letters
> because you doubled the redundancy in the denominator without
> changing the number of possible keys.  So you get unicity =
> 13 digraphs, which happens to be 26 letters.
>
>> Anyway, your post of 24.03. employed the term "aphabet". In a post
>> of mein to J. Leichter I used the hypothetical (because impractical)
>> case of digraphic Vigenere. Do you agree at all that in that case
>> the "alphabet" is 26**2 instead of 26?
>
> Sure, you could calculate any cipher's unicity distance in
> pairs instead of letters.  But ultimately all it will tell
> you is that unicity measured in digraphs is half (rounding up)
> the unicity distance in characters.  Because each digraph
> is twice as much plaintext as each letter, that's the same
> amount of plaintext either way.
>
> Anyway, Viginere (26x26 or 676x676) can have any key length,
> so a unicity measurement requires making an assumption about
> the key length.  If the sequence across the table is not known
> to your opponent (ie, if that's part of the key) then the
> 676x676 version would have a much larger practical unicity
> distance just because there are MANY more keys.

As is apparent from my OP, my knowledge of unicity-distance is very
poor. Thus I continue to wonder whether one could in computing the
unicity-distance of a scheme the fact that in it diagrams are being
processed in each step instead of single characters. For, as a
parallel, in cryptanalysis one could study not only single letter
frequency distribution of the alphabetical characters but also
additionally the frequency distributions of digrams, which provides
correspondingly additional informations.

I have another question to ask: It seems to me that the concept of
unicity-distance doesn't properly take into account whether the entropy
in the key is well or poorly utilized in a cipher scheme. Take the
case of the classical poly-alphabetical substitution with a 26*26 table.
That table could have columns that are sufficiently random on the
one side (normally termed "with mixed alphabets") or have columns that
are simply shifted versions of the the alphabet in its natural order
(normally termed a Vigenere table) on the other side. Now the cipher in
question is evidently stronger in the first case than in the second
(special) case. However, the unicity-distance would be the same for
both cases. Am I right in this? If the answer is yes, than the measure
unicity-distance wouldn't be useful at all for the purpose I originally
thought of to use it. (As mentioned in my post of 22.03., I was
thinking to employ it to compare the original Playfair with a suggested
variant of it in respect of performance.)

M. K. Shen







More information about the cryptography mailing list