Hello everyone, this blog series demonstrates how to get started with cryptography challenges in CTFs and learn about common cryptography attacks in general. This blog is for people who are interested in learning the basics of common cryptography attacks while improving their CTF skills. Certain sections of the blog may be heavy on math, but it is essential for building a strong foundation in cryptography.
Introduction
Cryptology branches into two fields: Cryptography and Cryptanalysis.
The word “cryptography” originates from two Greek words: “kryptós” meaning “hidden” and “gráphein” meaning “to write.” Thus, cryptography is the practice of creating hidden or secret messages through various techniques and algorithms to protect the confidentiality and integrity of information.
Cryptanalysis, derived from the same Greek roots, “kryptós” meaning hidden and “analýein” meaning “to analyze,” is the process of deciphering or analyzing coded or encrypted messages to reveal their hidden content without having access to the encryption key or method. It involves breaking codes and encryption systems to uncover the original information.
The roots of cryptography date back 4000 years. However, these historical ciphers are considered weak and are often disregarded for use in modern applications. This also implies that you are most likely to encounter these historical ciphers in CTFs, but they can be easily broken using common techniques like Exhaustive Key Search (Brute Force) or Letter Frequency Analysis.
Here are a few reference websites that can help solve these historic ciphers and prove to be very useful in CTFs.
C) https://www.boxentriq.com/ .
The historical ciphers mainly used the substitution properties and were commonly called as substitution cipher.
Substitution Cipher
A substitution cipher is a method of encrypting or encoding text by consistently replacing each letter in the plaintext with another letter or symbol. Substitution ciphers are further classified into monoalphabetic and polyalphabetic substitution ciphers. A monoalphabetic substitution cipher is a type of substitution cipher where each letter in the plaintext is consistently replaced by a single, fixed letter or symbol in the ciphertext. In contrast, a polyalphabetic substitution cipher is a type of substitution cipher where each letter in the plaintext can be replaced by multiple different letters or symbols in the ciphertext, depending on its position.
Solving Common Substitution Cipher
Caeser Cipher
One of the most well-known classic shift ciphers is the Caesar cipher. You can easily explore this cipher using various online tools, such as https://www.dcode.fr/caesar-cipher, or employ it as a command-line tool by executing “sudo apt install bsdgames” Additionally, you have the option to provide a specific key for the Caesar cipher.
Mathematically the Encryption function is as follows where a is the key.
E(x) = a + x mod 26
For those interested, here’s a concise one-liner that allows you to experiment with all possible letter positions:
Atbash Cipher
When faced with text that appears cryptic and mysterious, the Atbash cipher can come to your rescue. This unique cipher employs a letter mapping technique where the traditional alphabet is entirely reversed. For example, ‘A’ maps to ‘Z,’ ‘B’ maps to ‘Y,’ and so forth. To decode or encode messages using the Atbash cipher, you have several options. You can use numerous online tools available, such as this one.
If you’re feeling adventurous and want to delve deeper into cryptography, you can even create your own Atbash cipher program using Python. This cipher is a fascinating tool for both beginners and enthusiasts in the realm of secret codes and ciphers.
Vigenère cipher
The Vigenère cipher is a captivating encryption method that adds an extra layer of complexity to message security. Unlike the Caesar cipher, which uses a single, fixed key, the Vigenère cipher employs a keyword to determine the shifting values for each letter in the plaintext. This makes it more challenging to crack, as the shifting pattern varies throughout the message.
To explore the Vigenère cipher and decode or encode messages with it, you have several resources at your disposal. You can use online tools like My Geocaching Profile or Gabala’s Vigenère Solver, to simplify the process. For those who enjoy hands-on coding, you can create your own Vigenère cipher program using Python, as exemplified in this personal Python code: Python Vigenère Cipher Code. The Vigenère cipher is a versatile and intriguing cryptographic tool that provides both novices and cryptography enthusiasts with an engaging challenge.
Bacon Cipher
A substitution cipher replaces each character with five characters from a set of two (A and B is used most of the time). If we interpret A as 0 and B as 1, it is a special encoding to binary numbers, where the character A represents 0 and B represents 1. This cipher is easy to recognize because the ciphertext contains only two characters (e.g., A and B) and the length of the ciphertext is divisible by 5. Example: AAABB AAABA ABBAB AAABB AABAA AAAAB AAAAA AAABA ABBAB ABBAA.
http://rumkin.com/tools/cipher/baconian.php
Affine Cipher
The Affine cipher is a classical encryption technique that offers a unique approach to securing messages. It combines two mathematical operations—multiplication and addition—to transform plaintext letters into ciphertext. The use of modular arithmetic ensures that this cipher supports both encryption and decryption methods.
To delve into the world of the Affine cipher and encode or decode messages, there are various tools and methods available to assist you. You can utilize online tools designed specifically for the Affine cipher, such as those found at https://www.boxentriq.com/code-breaking/affine-cipher. Additionally, if you’re eager to implement this cipher yourself, you can create your own Affine cipher program using programming languages like Python.
There are many more historical ciphers, but reading about them is left as an exercise for the readers. Keep in mind that all historical ciphers have been broken and can be easily cracked with the computational power of modern computers. Consequently, we have moved towards more mathematical implementations of cryptography, which can be secure if used properly.
Before we wrap up this blog, I would like to discuss some basic notation that we will use throughout our cryptography journey.
X = PlaintextY = CiphertextE = Encryption FunctionD = Decryption FunctionK = KeyWith this, we wrap up this blog. In the next section, we will cover a few basic mathematical concepts that will help us move further on in our discussion and talk about Stream Cipher.
Suggested Read: Stream Ciphers: Cryptography for CTFs Part 2
