(newbie) question on modification of polyalphabetic substitution cipher

vedaal_at_hush.com
Date: 03/28/04 

Date: 28 Mar 2004 08:26:24 -0800

is it possible to securely modify a substitution cipher as follows:

ordinarily,
a simple rot-13, (or rot-'anything') substitution cipher is trivial to
crack,

but what if it is modified to change with each successive character of
plaintext?

assume, for a simplified example, an ordinary 26 character alphabet,
and, assume that the ciphertext is obtained from the plaintext by the
following relation:

[1] C == P rot[ f(n)[mod 26]]

where

C == Ciphertext
P == Plaintext
n == as the sequential position of the character of the plaintext,
where the first character has n=1, the second, n=2, etc

f(n) is some function of n agreed upon by the correspondents,

for simplicity, consider the trivial example of f(n) = 30^n

and a simple plaintext example where the plaintext is the word
'code'

then, using the above plaintext to ciphertext relation,

C = P rot [30^n (mod26)]

the ciphertext becomes:
'geda'

(assume that the 'actual' cipher (not simplified as in this example)
would be modified for 256 characters,
with ascii characters representing spaces and punctuation,
so that word breaks are not apparent to the attacker,
and that the relationship would be

C = P rot [f(n)mod256] )

the question i now have is,

how complex should 'f(n)' be to withstand a brute force attack?
 
since the attacker needs only to try a few small values of n,
the strength is dependent upon the amount of work needed to try
the different possible f(n)'s

if f(n) is of the the form

f(n) = [a[(b)^(n+c)] + d[(k)^(n+g)] + r]mod(256)

where the constants a, b, c, d, k, g, and r,
can have any value from 0 to 9999,

then,
if this would be attacked using brute force,
it would be about as difficult as cracking a 7 word diceware
passphrase
( 10000^7 > 7776^7 )

the communicators agree beforehand on the above f(n), with initial
values of the constants, and can include instructions in the plaintext
message
about how often to change any or all of the 7 constants

is there a mode of attack against this that would be better than brute
force?

TIA,

vedaal

Relevant Pages

  • Re: reasons for the algorithm
    ... but i can't call the first variable keystream because it only ... That has gigs of known plaintext (all the operating system ... You really think you can prevent the attacker from knowing ... different attacks in different classes such as plaintext ciphertext side ...
    (sci.crypt)
  • Re: [PROPOSAL/PATCH] Fortuna PRNG in /dev/random
    ... > plaintext that's not one of the two. ... > which plaintext of the two goes with which ciphertext, ... > attacker has to mount their attack is limited. ... > and propose a comment patch. ...
    (Linux-Kernel)
  • Vigenere++ Proposal of a (new?) cipher
    ... additional ciphertext shuffling phase. ... which is a fast hash function with a low collision rate and the Mersenne ... plaintext, "C" to indicate the i-th letter of the ciphertext and ... For each character of index "i" of the plaintext: ...
    (sci.crypt)
  • Re: minimum plaintext length for security?
    ... I mean "is there a known method by which an attacker can figure out ... > given ciphertext plaintext pairs you do. ... > My Crypto code ...
    (sci.crypt)
  • Re: encryption using a block cipher // ? size limit of plaintext
    ... The attacker finds two ciphertext blocks C_and C_that are the same. ... two plaintext blocks whose ciphertext matches. ... encrypt one file with a key you will only need to use one nonce, ...
    (sci.crypt)