90

CHAPTER 6

A MODIFIED HILL CIPHER

INVOLVING INTERWEAVING

AND ITERATION

91

6.1. INTRODUCTION

In the literature of cryptography, it is well known that, confusion and

diffusion play a vital role in the development of a cipher. The

transposition or permutation of characters in the plaintext is responsible

for confusion, and the influence of each bit of the key on each plaintext

bit causes diffusion.

The study of the classical Hill cipher[105], in which, a matrix

containing numbers is used as a key in the encryption process, and the

modular arithmetic inverse of the key is employed in the decryption

process, has attracted the attention of several researchers in the recent

years. In the Hill cipher, the basic steps of encryption and decryption

are given by

C=KP mod 26, (6.1.1)

and

P=K-1C mod 26, (6.1.2)

where P is the plaintext, K the key matrix, C the ciphertext and K-1 is the

modular arithmetic inverse of K. Here, he has taken mod 26, as he

focused his attention on the 26 characters of English alphabet.

Subsequently, Fiestel analyzed the general principles of block ciphers

and lead to the development of Data Encryption Standard (DES). In this,

the length of the key is 56 bits, and the length of the plaintext block is 64

bits. In DES, as the length of the key is only 56 bits, it is found that this

cipher is breakable with a good deal of effort by brute force attack. In

92

view of this fact, several variants, of DES, such as 2DES and 3DES came

into existence. However, these are found to be relatively sluggish in

software. In the light of this, at the end of the last century, Joan

Daeman and Vincent Rijman developed an algorithm called Advanced

Encryption Standard (AES). In this, the block length is 128 bits and the

key length is 128, 192 or 256 bits. This cipher is found to be a strong

one.

In the present chapter, we modify the Hill cipher by introducing

interweaving (transposition of the binary bits of the plaintext characters)

and iteration. In this, the multiplication of the plaintext with the key

matrix, the interweaving and the iteration cause a lot of diffusion and

confusion. Here, our objective is to develop a strong block cipher, whose

key length is significantly large.

In section 6.2, we present the development of the cipher. We design

the algorithms for encryption, decryption, modular arithmetic inverse,

interweaving, and inverse interweaving in section 6.3. In section 6.4, we

illustrate the cipher with an example. We discuss the cryptanalysis in

section 6.5, and mention the avalanche effect in section 6.6. Finally, in

section 6.7, we draw conclusions from the computations carried out in

this analysis.

6.2. DEVELOPMENT OF THE CIPHER

Consider a plaintext P of 2n characters. By using the ASCII code, let

us represent P in the form of a matrix, given by

93

P = [Pij], i=1 to n, j=1 to 2.

Let K = [Kij], i = 1 to n, j = 1 to n, be the key matrix, in which all the

elements are less than 128. The process of encryption can be described

by the following equations.

P0 = P, (6.2.1)

Pi=interweave(KPi-1 mod 128), i = 1 to N, (6.2.2)

C=KPN mod 128. (6.2.3)

Here, C is the ciphertext.

The process of decryption is governed by the relations

PN=K-1C mod 128, (6.2.4)

Pi-1 = invinterweave(K-1Pi mod 128), i = N to 1, (6.2.5)

P=P0. (6.2.6)

In this, K-1 is the modular arithmetic inverse of K and invinterweave

denotes the reverse operation of interweave.

The process of interweaving can be described as follows.

Let [Qij], i = 1 to n, j = 1 to 2 be the transformed plaintext matrix

obtained after performing the multiplication with the key matrix and

taking mod 128. On converting each element of [Qij] into binary form, we

get a new matrix

[bil], i = 1 to n, l = 1 to 14. (6.2.7)

Thus we have

94

[bil] =

⎥⎥⎥⎥⎥⎥

⎦

⎤

⎢⎢⎢⎢⎢⎢

⎣

⎡

1421

2142221

1141211

...........

...

...

nnn bbb

bbbbbb

(6.2.8)

We rotate the first column and see that it assumes the form [b21,

b31,…bn1, b11]T, where T denotes the transpose of the vector. Here, each

element has gone one step up and the first element has come down to

the last position. This process is carried out for columns 1,3,5 and so

on. Similarly, we carry out a circular left shift of the rows numbered 2,

4, 6 …etc. After carrying out the aforementioned steps, the matrix

assumes the form

[bil]=

⎥⎥⎥⎥⎥⎥⎥⎥

⎦

⎤

⎢⎢⎢⎢⎢⎢⎢⎢

⎣

⎡

11144132

31214243322

114213231221

.....................

...

...

bbbbb

bbbbbbbbbb

nnn

Then we construct the modified plaintext matrix P wherein, the

elements of the first column of P are obtained from the first seven

columns of [bil], and the second column of P from the subsequent seven

columns of [bil].

This completes the process of interweaving. We denote the reverse

process of interweaving as inverse interweaving.

The schematic diagram of the cipher is given in Fig. 6.1. This shows

the processes of the encryption and the decryption in detail.

95

In this analysis, N denotes the number of iterations and it is taken as 16.

P0 = P

for i =1 to N

Pi=KPi-1mod128 interweave()

C = KPNmod128

write C

Read P,K,N,n Read C,K,N,n

Find K-1

for i = N to 1

invinterweave() Pi-1=K-1Pimod128

PN=K-1Cmod128

write P

P=P0

b) Decryption a) Encryption

Fig. 6.1. Schematic diagram of the cipher

96

6.3. ALGORITHMS The algorithms describing encryption, decryption, modular

arithmetic inverse, interweaving and inverse interweaving are given below. 6.3.1 ALGORITHM FOR ENCRYPTION 1. read n,N,K,P; 2. P0 = P; 3. for i=1 to N { Pi = KPi-1mod128;

interweave(); } 4. C = KPNmod128; 5. write C; 6.3.2 ALGORITHM FOR DECRYPTION 1. read n,N,K,C; 2. find modinverse(K); 3. PN =K-1Cmod128; 4. for i=N to 1 { invinterweave(); Pi-1 = K-1Pimod128; } 5. P=P0; 6. write P; 6.3.3 ALGORITHM FOR MODINVERSE 1. read n,K; 2. find Kij,∆; /* Kij are the cofactors of the elements of K, and ∆ is the determinant of K */ 3. find d such that (d∆)mod128=1;/*d is the multiplicative inverse of ∆ */ 4. K-1=(Kjid)mod128; 6.3.4 ALGORITHM FOR INTERWEAVE 1. convert Pi into binary bits; 2. construct [bij], i=1 to n, j=1 to 14; 3. for j=1 to 14 in step 2 { k=b1j; for i=1 to n-1 { bij=b(i+1)j; } bnj=k; } 4. for i=2 to n in step 2 { k=bi1; for j=1 to 13 { bij=bi(j+1); }

97

bi14=k; } 5. Construct Pi from bij;. 6.3.5 ALGORITHM FOR INVINTERWEAVE 1. convert Pi into binarybits; 2. construct [bij], i=1 to n, j=1 to 14; 3. for i= n to 2 in step 2 { k=bi14; for j= 14 to 2{ bij=bi(j-1); } bi1=k; } 4. for j = 13 to 1 in step 2{ k=bnj; for i= n to 2 { bij=b(i-1)j; } b1j=k; } 5. Construct Pi from bij; 6.4. ILLUSTRATION OF THE CIPHER

Consider a plaintext given below.

The development of the nuclear technology of all the developed countries

must be watched carefully by a super committee consisting of

representatives of all the countries. This ensures the safety of all the

nations if and only if a resolution is taken in this direction. (6.4.1)

Let us focus our attention on the first sixteen characters given by

The developmentb (6.4.2)

On substituting ASCII codes for these characters, and arranging

them in the form of a matrix, we get

98

P =

⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥

⎦

⎤

⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢

⎣

⎡

32 101116 118110 101101 100109 32112 101111 104108 84

(6.4.3)

Let us take the key matrix K as

K=

⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥

⎦

⎤

⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢

⎣

⎡

287703450238114945539119100444036211055435211337561252212610631620576127591124238994751105324830464188115835602963112454310711849331246253

(6.4.4)

On multiplying the plaintext matrix with the key matrix, we get the

modified P, denoted by P1, as

P1=

⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥

⎦

⎤

⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢

⎣

⎡

111276159863825374110811383831711227

(6.4.5)

On converting the numbers in these two columns into binary form

and constructing the matrix b, we get

99

b =

0 0 1 1 0 1 1 1 1 1 0 0 0 00 0 1 0 0 0 1 1 0 1 0 0 1 11 0 1 0 0 1 1 1 1 1 0 0 0 11 1 0 1 1 0 0 0 1 0 1 0 0 10 1 0 0 1 0 1 0 0 1 1 0 0 10 1 0 0 1 1 0 1 0 1 0 1 1 00 1 1 1 0 1 1 0 1 1 1 1 0 11 1 1 1 1 1 1 0 0 0 1 0 1 1

⎡ ⎤⎢ ⎥⎢ ⎥⎢ ⎥⎢ ⎥⎢ ⎥⎢ ⎥⎢ ⎥⎢ ⎥⎢ ⎥⎢ ⎥⎢ ⎥⎣ ⎦

(6.4.6)

On performing interweaving (see section 6.2), we get the transformed

b as

b =

⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥

⎦

⎤

⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢

⎣

⎡

0101101111110101001010110111111010001110100001110111100110011100010011110000101001111100101110010001000111100010

(6.4.7)

We now convert these binary bits into decimal numbers and

construct the modified P as

P1 =

⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥

⎦

⎤

⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢

⎣

⎡

90958211823465679571006711483199835

(6.4.8)

After carrying out all the sixteen rounds, we get the ciphertext in the

form

100

C =

⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥

⎦

⎤

⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢

⎣

⎡

9911773043781824718156651008114

(6.4.9)

The modular arithmetic inverse of K, denoted by K-1, is obtained as

K-1=

⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥

⎦

⎤

⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢

⎣

⎡

85123301061869557194633539112231014892398899102561142572274966279133733698787544111764411738962824497695051151121071261167708949154635

(6.4.10)

It is to be noted that the modular arithmetic inverse of the key matrix

K exists only when K is nonsingular and the determinant of K is

relatively prime to 128. It can be readily verified that

KK-1mod128=K-1Kmod128=I.

On taking the C given in (6.4.9), and applying the decryption process,

we get the PN as

PN =

⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥

⎦

⎤

⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢

⎣

⎡

4047324110416115125562458969321075

(6.4.11)

101

On applying the inverse interweaving process described in section

6.2, we get the modified PN as

PN =

⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥

⎦

⎤

⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢

⎣

⎡

120564201215856926148931893232106

(6.4.12)

After carrying out all the sixteen iterations, we get the plaintext in the

form

P =

⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥

⎦

⎤

⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢

⎣

⎡

32 101116 118110 101101 100109 32112 101111 104108 84

(6.4.13)

This is the same as the plaintext given in (6.4.3).

In what follows, we discuss the avalanche effect which gives an

insight into the role played by the various operations in the cipher which

are causing confusion and diffusion.

6.5. AVALANCHE EFFECT

We study the avalanche effect, in two cases: (1) one bit change in the

plaintext, and (2) one bit change in the key.

102

On changing the 9th character from l to m, we get a change of one bit

as the ASCII code of l is 108, and that of m is 109.

The cipher text corresponding to the plaintext given in (6.4.2) is

1110010110010001110001000111000100001001010000000111010100010001000001101000100110001010001000010010010011100011.

(6.5.1) The ciphertext pertaining to the modified plaintext is obtained in the

form

0000001010001000011100010000011111010000100110001111101011111000010000100001100010111100011011111000000111100101.

(6.5.2) It can be readily seen that the ciphertexts given by (6.5.1) and (6.5.2)

differ by 57 bits (out of 112 bits), which is significant.

We now change the key element K36 from 32 to 33. With this change,

the original key and the modified key differ by exactly one bit. On

applying the modified key on the original plaintext, given in (6.4.2), we

get the ciphertext as

0101100100100110000111000110101001010110011001110010110000000100101100010000001000010110001001111010100110011000.

(6.5.3) It can be noticed that the ciphertexts given in (6.5.1) and (6.5.3) differ

by 62 bits (out of 112 bits), which quite substantial.

From the above discussion, we conclude that this cipher produces

strong avalanche effect, which is quite desirable.

In what follows, let us offer formal proof for cryptanalytic attacks.

6.6. CRYPTANALYSIS

The general cryptanalytic attacks which are used in cryptology are

103

1 Ciphertext only attack (Brute force attack)

2 Known plaintext attack

3 Chosen plaintext attack and

4 Chosen ciphertext attack.

In all these attacks, the algorithm and the ciphertext are clearly

known to the cryptanalyst.

Following William Stallings [21], we discuss the first two cases in

detail.

Let us now consider the brute force attack. In this cipher, the size of

the key matrix is n. As each element of the matrix is lying between 0 and

127, it can be represented in terms of seven binary bits. Thus, the size

of the key space is 27n².

If we assume that the time required for executing the encryption

algorithm with one value of the key in the key space is 10-7 seconds,

then the time required for the computation of the cipher with all possible

keys in the key space is

60X60X24X36510X2 77 2 −n

≈ 157 10X12.3X22 −n ≈ 151.2 10X12.3X10

2 −n = 151.2 2

10X12.3 −n years.

Here, we notice that the time required for breaking the cipher by the

brute force attack is extremely large, when n≥4. When n = 4, the time

required is 6.1810X12.3 years.

Let us now consider the known plaintext attack. In this case, we

know as many plaintext and ciphertext pairs as we require.

104

In this analysis, the basic relations governing the cipher are

P0 = P, (6.6.1)

Pi = (KPi-1) mod 128, (6.6.2)

and

Pi = interweave(Pi), i = 1 to 16. (6.6.3)

For simplicity of presentation, we use Ψ in the place of the function

interweave, and write (6.6.3) in the form

Pi = Ψ(Pi).

Now, the relation connecting the ciphertext C and the plaintext P, at

the end of the 16th iteration, can be written in the form

C=(K(Ψ(K....Ψ(KΨ((KP) mod 128) mod 128)) ...mod 128))))mod 128. (6.6.4)

In (6.6.4), as the plaintext P is totally the control of the function

interweaving, it cannot be transferred to the left side, by obtaining the

inverse of P, as it could be done in the case of the classical Hill cipher.

In the light of this fact, this cipher cannot be broken by the known

plaintext attack.

From the above discussion, we conclude that it is difficult to break

this cipher by the conventional cryptanalytic attacks.

6.7. COMPUTATIONS AND CONCLUSIONS

In this chapter, we have developed a block cipher by introducing

interweaving and iteration. As the interweaving is done in each step of

the iteration process, the plaintext has undergone several

105

transformations before it has become the ciphertext. The cryptanalysis

indicates that the cipher is a strong one and it is difficult to break.

The algorithms presented in this chapter for encryption and

decryption are implemented in C language.

The modular arithmetic inverse of the 8x8 matrix is calculated by

using the systematic procedure developed in [133].

The ciphertext corresponding to the entire plaintext given in (6.4.1) is

presented below in hexadecimal notation.

E591C4710940751106898A2124E3748854D546D204894FFC5EDA5055E873789485440D23B6A7989668A72A6BDCF7BCFB82315BAEC7D8429E0EBADC4B04D242F5264C45BD452EE5512F774EEE9BCDC0B1C3E4B76EC4173BC14AFCD853E3922818165D3037C198D1743381A79A1A24C058B843A13D67C13CBFD585E2450EE495EA8081A4D4F37FBD1CF7C898B7. The time required for encryption and decryption of the plaintext given

in (6.4.1) is 6.1*10-3 and 12*10-3 seconds respectively. The cipher

developed in this analysis is an efficient one.

The analysis presented in this chapter can be extended to the case,

wherein the plaintext block is enormously large. This problem is

considered in the ensuing chapter.