This repository contains the solution code and data for the Cryptography and Secure Development (CSD) midterm. It demonstrates two attacks against an 8-rotor substitution-permutation style machine: a Known Plaintext Attack (KPA) and a Ciphertext-Only Attack (COA).

Repository at a glance

• KPA.java — Known Plaintext Attack implementation (dictionary search).
• COA.java — Ciphertext-Only Attack implementation (scoring + dictionary search).
• Rotor96Crypto.java — 8-rotor encryption/decryption engine used by both attacks.
• CSVReader.java — CSV helper used to load student ciphertexts.
• passwords — dictionary of candidate keys (one per line).
• ciphertext1.txt — ciphertext for the KPA task.
• ciphertext2.txt — ciphertext for the COA task.
• decrypted_results.txt — output generated by KPA.java (found key + plaintext).
• password_scores.csv — scoring output generated by COA.java for analysis.
• report.pdf / report.tex — written report with methodology, calculations, and results.
• Midterm_Assignment.pdf — assignment brief.

What the code does (short)

• KPA: Brute-force the passwords list. Decrypt ciphertext1.txt with each key and check for the known prefix ("We"). The key giveme was recovered; the plaintext is in decrypted_results.txt.
• COA: Brute-force the passwords list. For each candidate key, decrypt ciphertext2.txt and score the result using English-language statistics (letter frequency and n-gram scores). The highest-scoring plaintext corresponds to the key octopus.

Results (from experiments / report)

• Known Plaintext Attack (KPA): key recovered = giveme. The full decrypted message (checked for the student ID 3043047J) is written to decrypted_results.txt.
• Ciphertext-Only Attack (COA): key recovered = octopus. The decrypted plaintext includes a timestamp and the student identifier; COA.java also writes per-key scores to password_scores.csv for analysis.
• Unicity distance (summary): the report calculates a theoretical unicity distance of approximately 8.8 characters (using H(K) ≈ 13.22 bits and H(P) ≈ 1.5 bits/char). Experimentally, using the implemented scoring and clustering, the COA required about 110 ciphertext characters to reach an unambiguous result for this dataset.

Notes:

• The report discusses why a very short known plaintext (e.g., two characters "We") can lead to multiple candidate keys: the provided password list (≈9473 entries) is larger than the 96^2 possible two-character combinations, so collisions are expected. The verification steps in KPA.java (checking full plaintext coherence and the student ID) disambiguate candidates.
• See report.pdf / report.tex for detailed derivations, plots, and the scoring algorithm used by COA.java.

Quick start — build & run

1. Compile (from the repository root):

javac KPA.java COA.java Rotor96Crypto.java CSVReader.java

2. Run the Known Plaintext Attack (KPA) — decrypt ciphertext1.txt:

java KPA

• Output: decrypted_results.txt will be created/updated and contains the discovered key and plaintext.

3. Run the Ciphertext-Only Attack (COA) — decrypt ciphertext2.txt and generate scores:

java COA

• Output: best key and decrypted plaintext are printed to the console. password_scores.csv is written with per-key scores (useful for analysis and plotting).

Tips

• If the JVM runs out of memory while processing a very large passwords file, increase heap size, e.g.:

java -Xmx2G COA

Reproducing the experiments

• Use the provided passwords file and ciphertexts to reproduce results in the report. Running COA will produce password_scores.csv which contains the per-password scoring data used for analysis (e.g., to estimate unicity distance and score separability).
• The report.pdf contains derivations for the expected number of keys matching a known-plaintext prefix (KPA) and the unicity distance estimates used to reason about the COA.

Implementation notes and ideas for improvement

• Scoring in COA.java combines letter frequency and n-gram statistics; inspect the source to tune weights or add a language model.
• The search is single-threaded. You can parallelize by splitting passwords and running multiple JVM instances or by modifying COA.java to use a thread pool.
• Add a small unit test (or an integration test) that runs Rotor96Crypto with a known key/plaintext pair to validate encryption/decryption round-trips.

Troubleshooting

• If the program can't find passwords or the ciphertext files, ensure you run from the repository root where those files live.
• If output differs from the report, confirm you are using the provided passwords file and ciphertext files from this repository.

Report summary (brief)

The attached report.pdf documents the approach and results. High-level findings:

• KPA: With the known prefix "We" and the provided password dictionary, the correct key giveme was recovered reliably. The report derives the probability of multiple keys matching the known-prefix and shows it is negligible for the chosen dictionary size.
• COA: Using statistical scoring of decrypted candidates, the highest-scoring candidate corresponds to the key octopus. password_scores.csv demonstrates a clear score separation for this dataset, and the report discusses unicity distance calculations that explain why the plaintext is recoverable from the ciphertext alone with high probability.

For full details (math, code excerpts and plots), see report.pdf and the LaTeX source report.tex.

---

If you'd like, I can:

• also add a short runnable test that demonstrates Rotor96Crypto round-trips; or
• update COA.java to run in parallel and add a simple script to split the passwords file for easy parallel runs.

If you want me to commit this README change, confirm and I'll finalize the update and mark the task completed.