JaVi v0.8 - Java Vigenere

User Manual

Indice

1. Introduction

2. The JaVi GUI

3.1. The Vigenere's algorithm

2. A taste of statistics

4.1. The classes

2. UML stuff

5. Problems and known bugs

6. Ideas for the future

1. Introduction

JaVi is a Java implementation of Vigenere's algorithm for criptography. At this time it works within a Java applet (JaVi2Applet.java). It's builded using the Java AWT and it should work on almost any browser.

2. The JaVi GUI (Graphical User Interface)

The first gray panel on top contains information about the version, the copyright and the license. The left panel gives an evaluation of the key strength, printing the percent value obtained from the procedure in par. 3.2. Under the percent a small panel is green if the strength is more than 90%, yellow if it's more than 60%, red otherwise or if the key is shorter than the phrase.

The central panel is divided into 3 sub-panels (panelPhrase, panelKey, panelEncrypted), which contain respectively the plain phrase, the key and the encrypted phrase. The panelKey contains also two buttons (buttonCrypt e buttonDecrypt) used respectively to encrypt the plain phrase and to decrypt the encrypted phrase. Note that the text area containing the key is editable at first. You can insert a personal key, and this is the suggested way. Now if you want to hide the key frow a curious eye, use the nearby checkbox "Visible key". The button "Reset key" restores the default key (composed by the first ciphers of pi and of the e number).

Last, the coloured buttons on the right let you switch from the Italian from the English version.

Note: every time the applet is loaded, the key is the default key: if you want to use many times a personal key you will need to save it somehow and to cut&paste it in the text area every time.

3. Vigenere's algorithm

For those who want to find an essay on the algorithm: http://it.geocities.com/teutoburgo in the Java section at the link "Approfondimento sulla crittografia" (in italian!), or use a search engine with keywords e.g. "Vigenere algorithm". Anyway, briefly, the algorithm is based on the sum modulo n letter by letter of numbers associated at every character (in this case the Unicode numbers).

Depending on the choosen key, it can be either a really weak crypographic system or nevertheless a "perfect cryptographic system".

The rules you must absolutely observe if you don't want to transform this system in an useless attempt of encryption are:

1. The key phrase must be LONGER than the plain phrase. (The applet will work even if the key phrase is shorter, but the result is extremely insecure).

2. Each time use a different key (using always the same key, even if it's strong, is insecure).

Although a text as long as the plain phrase could be a good attempt for choosing a key, still it's an unperfect method.

A good one could be using a chaotic output (you use normally many files that are chaotic in the structure: compressed file, multimedia file with images, sounds or movies) and obtaining in some way a sequence of numbers between 32 and 123 that using the Unicode generate a text to cut&paste in the applet. There's still the problem of sending securely the key phrase to the recipient of the message, but this is another story.

The systems becomes perfect when you are able to generate a cryptographically secure pseudo-random output. You can find many pseudo-random number generators (how to evaluate the quality of the generator is beyond the aim of this document) . The optimum for the sender and the recipient of the message would be to generate separately the pseudo-random sequence starting from a parameter known exclusively by them.

3.2. A taste of statistics

What does it means cryptographically secure pseudo-random output? It means that the sequence of characters must pass the strongest statistical tests (e.g. the Maurer universal test). JaVi provides a test which evaluates the strength of the key (the Maurer test is the best I know, maybe in the future I'll implement it; if anyone knows a Java implementation of it please let me know!). JaVi, in the Vigenere class, makes a test which evaluates the frequencies in the key of the substrings of length from 1 to 30. The idea is that a random key should have the frequencies of each character very close to the mean frequency (i.e. 1/92, as JaVi uses 92 Unicode symbols). And like this will be the frequencies of the strings of length 2 ("aa","ab","ac", etc.), length 3 and so on. In order to measure how much the frequencies are close to the mean, I used the standard deviation, i.e. the square root of the variance. The variance is given by the formula:

n is the number of possible strings of the fixed length

Thus, first I compute the standard deviation for the strings of length 1 (all the characters in the Unicode interval 32-123); then for the strings of length 2,3,etc.. until the key length, anyway until 30. Now I have an array with these standard deviations: in order to be more selective I consider only the worst, i.e. the biggest, and I obtain the desired strength in percent. Anyway this method can't evaluate very precisely small differencies between strong keys: so if the evaluation is 95% or more, other stronger tests may find out some defects. For the maximum security I suggest to search through the net for other tests, such as Maurer's one.

4.1. The classes.

The two classes of the JaVi package are Javi2Applet and Vigenere. The packages java.awt e java.applet are imported to implement the GUI.

The Business Object containing Vigenere's algorithm obviously is Vigenere.java. The two fundamental methods are getEncryptedPhrase e getPhrase, and are complementary. The algorithm is applied, character by character, operating on the Unicode of every character. The admitted interval is from Unicode 32 (' ' or space) to Unicode 123 ('Z'). Therefore in this version the characters like 'è','à', ecc. and the return key are not admitted. For informations on the Unicode standard: www.unicode.org

The last methods I have added are used to evaluate the key strength: getKSPerCent gives the percentual strength, after converting it from the double returned by getKeyStrength; this one uses maxKeyStrength to select the greatest standard deviation. defaultKeyStrength and averageKeyStrength are not used, but you can try them, rebuilding the applet, to see the differencies with maxKeyStrength. Last, trovaStringhe is used to count the frequencies of the key substrings of length k and to put them into an object FrequenzaNijk.

The BO FrequenzaNijk.java is only a bean used to memorize the frequency of a single string and it has only the set and get methods.

4.2 UML diagrams.

UML is a powerful tool for the design of object oriented applications. To learn more follow these UML links

5. Problems and known bugs.

I have tested the applet on various platforms (Windows 98-NT etc., Linux) and with various browsers (Internet Explorer 5, Netscape Navigator 4) and it has always worked except on an old PC with Windows 95 and Internet Explorer 3.0 . The only "strange" bug I found was on Netscape Navigator 4.76: the applet works, but the method which should evaluate the key strength doesn't work properly.

For working or compatibility problems not reported here please send your report using this form, including a brief description of the problem and of the platform on which the applet has run (processor, operating system (with version) and browser (with version)).

The principal bug is the fact that you can use only characters within the Unicode set 32-123 (I guess I'll be able to fix it easily).

6. Ideas for the future

With the help of my students, I have released also a version as standalone application, beside of the applet version. If someone would like to contribute in the developing, I'd be glad to know about it.

Tell me about it.

Index of documentation