 Oh, right on time, do you see that? It turns a 30 right click. I meant to do that. All right, folks. Let's get started. We are talking now about cryptography. We, a little bit on this topic on Thursday, we're reminding once, what types of security properties can cryptography maybe help us with of our three main security properties that we care about? Confidentiality. Confidentiality. Integrity. And what are some other maybe lesser security properties that don't fit into our CIA triad? Authenticity. Authentication. Yes. Nonrejudication. Yeah, so these are other properties that cryptography can allow us to accomplish. So what is a Caesar cipher? Somebody give me, remind us an overview of what the Caesar cipher is. Take each letter and add four to it. Take each letter and add four. How do you add four to a letter? Those are numbers and letters. They're two different things. Yeah, so two different ways, right? You think about it in terms of just shifting, right? So you have all the letters H or Z. If you're adding four, you're moving a four down the line to it's actually the representation. Add four and mod and make sure that goes all the way around. I wasn't thinking on you in particular, I just didn't make that point before. Cool, okay. So then we can think about, so we have this basic notion of the Caesar cipher. So if we are adding four or encryption then what's our decryption operation? Correct, yeah, go back four. So the idea being as long as we know the key we won't be able to decrypt that message. So we can think about a Caesar cipher in terms of a cryptosystem that we've been talking about. We can say, well the N is, and this is important, we can't have arbitrary letters, right? We can only, we can only have letters. We're only thinking A's or Z's. So what other characters do we not have? Punctuation marks. Punctuation marks, what else? Yeah. I'm not a grammar person, I don't know if those are the same thing or different, but I'll take it. What else? Special characters, you want to say emojis or just internal special characters? Eximation marks. Eximation marks. Could it be like accents? Yeah, accents, numbers. You can't even use numbers in this system. They're only limited to A through Z. So is that a major flaw in our cryptosystem? Will we be able to communicate if we don't have, if we only have letters? You can spell them out. You can spell out numbers if we need it, what else? I'm not sure. That is funny. Okay, yes, you can encode it in Roman New World. What about spaces? Do you often send accents to people with those spaces? Is it impossible to communicate with that? Yeah, it's not impossible, but it's just annoying. So we can assume that we're going to be, the other side would be smart enough to encode properly and to put spaces where spaces need to go. For this system, we're going to say we're annoying that. Then we get a key. So in our case, the key is going to be an integer from 0 to 25. Why this range? How many chips are in that range? 26, excellent. 26? Yeah, 26 letters. So every possible shift, right? So think about there's 26 possible chips, 0 being no-shift, right? Then we can define our encryption operations just like we said them. So if we assign each letter a numerical value 0 to 25, we can encrypt with the letter of the the letter's numeric value plus K. So we're shifting it over, mod 26, and then we can subtract mod 26 and our ciphertext is the same as the message. So we're not going to magically encypher something and get spaces out of it. Spaces are essentially meaningless also in our ciphertext. Okay. How do we attack this? Do we want to go over an example? Do you want to enter something? Okay. Alright, what's our K? So I'm going to make it an easy K. 3. Good. 0 is too easy. Our message, let's say hello. Let's go over more. World. No space. So what's our encrypted ciphertext then? I was going to take it to the first thing that somebody said, so you should all be helping each other. What was it? It can't be L. I know 1. Okay, good. So 0 and we know the next one must be 0 too. Or as well. And then what about 0? It just served like 3 different things. It's hard. It's hard. Oh, not triangle? Not triangle. You should be more specific. R. W. Z. O. We know it's R. R is U. L. We know it's O. D. It's V for R. Shouldn't the second letter be H as well? Wow. Maybe this isn't a very secure princess. I would say this will be U. U? That can't be wrong. We'll go with this for now. Whatever. Okay. Okay, so. No, that's right. That's right. So now, and we did the crispness, so if I just gave you this message, you also need to know the key in order to go backwards, right? Okay. So then what if, what are some attacks that we can perform on this? So let's think about it in two different ways. So what if, what are different types of situations? So put yourself, let's, I don't know, we'll first put ourselves back in Caesar's time. So we're sending a message Hello World is one of our generals for some reason. And we're sending this message along on a courier. What are some things that an attacker could do? How do I brute force it? I don't even have the message at this point. Yeah, so let's hold on to that for one second. How do we even get to that point in the first place? Right, so let's say I'm Caesar here. I have my general over here. I'm sending, well that's going to be, I'm going to call myself C-Hack. So I'm sending out a messenger, right? So a messenger with the message M. I'm just going to call it M. The messenger, right? So you're an attacker. What do you actually need to observe to start attacking this? Yeah. You need to find the messenger, right? If you don't have the message, although I guess technically, depending on what this general does, maybe you can infer what the message was, but that's going a little bit too far for what we're talking about here. So at some point, I'm some barbarian. There you go, this works. I'm the barbarian, Adam. That works. So intercept this message. I get this message M or C. So I'm getting this psychrotex. So now we can talk about, okay, how do I try to break this, right? So the important thing to look at is to think what are looking at just as one message, right? The letters that were in the plain text and in the psychrotex. What are some similarities and some common patterns that are still present when we encrypt this plain text message? How they're repeated. Yeah, so not just that they're next to each other, but they're also repeated, right? So we have patterns. So we know that because every element, every message, every character in our plain text is going to be mapped to the exact same character in the psychrotex, we know that there are at least three of the same letters in this plain text. And we know that two of them are next to each other. Because we know that all of the L's map to O's. So we know that there are some patterns that are still in the encrypted text. So how can we use that knowledge of patterns maybe to help us try to encrypt this? All the words that have two letters next to each other, right? You can look through the dictionary, you can figure this out, you can write a program that does this and spits out all the words, right? And then you can try to see what shift would properly fit where that is and test to see if the rest of the message is correct. But what else could you do? Yeah? Yeah, so I could maybe try I don't need to try zero because otherwise I would be reading this message. So I could try all the keys from one to 25 and see just try all of them, write them all out and see does any of these actually give me the correct answer? How would I know it's the correct answer? It makes sense, right? So there's semantic meaning in the message of whatever it's supposed to be in whatever language that is. What if I can't read this language? I mean, I'm already kind of not going to discover the meaning, right? You have to, in some sense, assume you already know what the language is. But if we try this we could try, I don't want to write all this out, we could try every variation of this and one of these variations will be Hello World. Right? And we don't necessarily have to worry about all this other stuff. Okay, cool. So we talk about this is also that I already mentioned this for coding interviews. Lots of heads looked up. Oftentimes when they're asking you to solve a question, so two things. A, they usually under-specify the problem. So they just say how to solve this problem and part of it is they want to see your ability to figure out the specification of the problem. So you could say things like I don't know if it's possible for this program to be known or all these kinds of stuff. So they want you to actually what they don't want is for you to just like, say for two minutes and then write down the correct answer. Right? They want to see somebody who can work with them to understand what's going on. The second thing is the best way to solve on that is to say, well, let's do the brute force way first because whatever, if it's sorting I don't know, sorting some lines of text, sure you didn't want a quick sort, but if your lines of text are only ever going to be ten lines then who cares what sorting out you use. So as long as you can start maybe going down that path it's usually always nice to think about brute forcing the problem first and then moving on to more complicated things and it gives you time to think about what way you want to go forward. But anyways, and this works here and why does this work well here? What's that? Short. Short, yeah the number of things we need to brute force is very short, right? We only need to brute force 25 things. There's something that you can all do right now. I guess I won't make you do it but you could. So we can brute force we can also look at, this is the technique we talked about a little bit maybe so we can look at two grams so two grams are characters that appear next to each other, so that's the two. So one grams would be the frequency of one character appearances. We can look at as you mentioned the two character appearances because we know that there's two of the same letter that follow each other and so we could try to look for what words and maybe rather than do a brute force do more targeted brute force. So what if, so in this scenario I was able to steal the message right? What if I want to make a big box called E that's going to stand for a correction so I have a message coming in on one side and cyber attacks coming out so what if I can't break into this box it's a very well secured cut like to our Caesar days but as an attacker I'm able to steal both the message and the cyber attacks so I have the message and I have the cyber attacks how can I break the key? If you know the method like this one you can just check what the offset is between the two. Yeah this would be very easy right? If I don't have a key and I just have this message with the cyber attacks I can take the delta between each of the characters it's going to be three in this case and there we go that's my key so then I can decrypt all possible messages after that that are encrypted with that key and why was that easier than just having the cyber attacks? Yeah so I have more information right? I don't just have the cyber attacks, I have the cyber attacks plus the message. And what if okay what if I again have an encryption and instead of instead of stealing a message that's going to be sent to me encrypted what if I dress up like one of Caesar's screams or something and I put my own message in so I put like message prime and they give me back cyber attacks prime what should my message be so I can quickly and easily discover the key? That's long what else do I really need? Just one A okay my message is one A what's my cyber attacks going to be? B? B which I know is three from A so boom done right? So this is three different ways I mean to think about attacks on a crypto system and each of these an adversary has a different level of capabilities so we can go and think about so this case would be you're sending some encrypted message to the internet and somebody is able to intercept that transmission read it and maybe they can try decrypting it so this is a so this would be cyber attacks only so this is the attacker has access to the cyber attacks and that's it and they may have access to multiple cyber attacks so we can talk about that later but they have at least one cyber attacks whereas here they have a known plaintext so they know the plaintext and they know the cyber attacks and how's that different from our third option? A well maybe that's not necessarily simple but we chose the plaintext right as the attackers yes and we made it simple to take advantage of weaknesses that we know and disturb us we know if we give it an A it'll essentially tell us the key right back right and we got to choose the message in this case so these are the three kind of adversary capabilities that we think about. Cyber attacks only known plaintext and chosen plaintext and these are essentially the order of increasing capabilities of the attacker so it's important that we'll get to as we get to more and more if you let's say design your crypto system so that it's only secure against a cyber attacks only attacker maybe it's not good enough right so if you think about what's a often times like a chosen plaintext like a web server you're talking HTTPS so you're talking a secure communication to a web server it may include some of your content in the web page that it sends back to you that it's encrypted with its server key so you're choosing the plaintext that it's encrypting and so if you take advantage of that you can attack it using this model but you want your thing to be resistant to that. The other point we need to get to is what assumptions should we make about the adversary so should we assume that the adversary knows the algorithm use? Yes. No because you don't understand their capabilities fully so it would be best to assume. So if we're trying to make guarantees on the security of a system we should maybe assume the strongest possible adversary and that would be somebody that knows exactly how the system works should we assume they know the key to be a pretty strong adversary? There wouldn't be a way to defeat that if they have the key. Yeah, based on our cryptosystem right if they have the key that end the cyber attacks they can encrypt the message right and they can even encrypt messages that we could be correct so yeah so the fundamental assumption is we're assuming the key is secret it's something that must be kept secret and the adversary otherwise knows everything about our algorithms does this is this a realistic scenario in practice seems pretty reasonable to think like well I could just make some crazy cryptosystem and nobody's going to be able to understand how it works. They have a way to get your encrypted messages they probably could figure out roughly what method you're using to encrypt them. Yeah so if they have access to your maybe the software that's doing the encryption right they don't have your key but they you need to talk to people so um and I guess the other way to think about it is once you become enough value that somebody cares about breaking your system they will do whatever it takes to figure out how it works and so yeah for multiple reasons right from a security perspective we don't want to rely on just the other way to think about it is now how your system works become essentially the same as your key right so you need to protect that with as much secrecy as you would protect your key which is way more difficult than like one integer now you have to keep how your whole system works which is very difficult cool okay awesome so we actually are already talking about attacks right so we're going to talk about mathematical attacks um we can identify vulnerabilities in the underlying mathematics of the crypto system um we'll see some examples of these when we look at other things like RSA and DDS that have been known and shown to be vulnerable and think that an attacker could break them faster than brute forcing the attacker will look at a lot in this section is more statistical attacks so why do we think statistics here what do we mean like letter frequency maybe yeah like letter frequency so why is that important so is every letter in English equally likely that's how it is look at all the letters in the English alphabet you can look at the frequency of letters used you can analyze text that's been used you can you can come up with a very good model of the relative frequency of each character yeah if you're talking about like C's or I mean the word like attack and like leeches or something like that he might have been more frequent yeah so then we can even think about targeting our statistics for the specific domain that we're interested in essentially our adversary's language but we should be able to come up with probabilities and statistics of those languages so yeah we can basically and the essential idea is examine the cyber text and try to smartly figure out what things can decrypt and maybe what keys to try based on knowledge of our understanding from the cyber text so you can think of that it should be the case that no statistical properties relate from encryption and we can see this already in the Caesar Cypher you all look at that already all the L's get mapped to the same thing so you can see that there's two letters that are next to each other and all L's get mapped to the same letter but even if all this stuff is 100% secure and again this is why I'm trying to mark along the do not write your own crypto system even if you get this 100% provably formally correct mathematics all great the statistical assumptions you've proven that they're not possible to do those attacks you can still have attacks against the implementation itself and so these are vulnerabilities where it's the implementation itself so maybe it could be something silly like a buffer overflow that leaks the key or that allows in fact a controller system to seal the key it could be like the has anybody heard of the Heartbleed vulnerability that occurred a few years ago so this was essentially in the TLS or SSL I can't remember exactly which one but in the underlying secure communication protocol that HTTPS uses to feature all the Heartbleed so say like hey are you alive if you are like send me back some data and so they would send you back data but it turns out an attacker could trick the other machine to send back more data and read its own memory and so by doing this enough you could steal the server's private key and be able to decrypt never communication so this was something that like the system itself was 100% secure theoretically but with the data implementation and coding bugs you can introduce these kinds of implementation vulnerabilities okay cool so we are going to focus first on what we call classical cryptography and this will be more clear when we talk about kind of more modern systems but a sensitive idea is and as we talked about with CaesarCycler the sender and receiver both have the a key they are either the same key or they are trivially derivable it's also called symmetric cryptography so the keys are symmetric they are centered the same so what's the so then how does this actually work so how do you then do this how do you share a key so going back to our CaesarCycle for example how did Caesar and the general know to use that key do you send them a message and say also by the way the key is 4 they agreed on a key before the general set off to go to wherever they had to go so you have a pre-agreed on a key beforehand and what is this pre-supposed by your adversary that they are not listening when you give the original key yeah that they are not listening when you get their original key right so think about even now if you were going to share a key secretly with somebody so that nobody else knew it how would you do it any thoughts in person whispering you know you are carrying a recording device with you at all times if somebody acts into it you can turn it on and record what you are saying you have to make sure there are no electronic devices in there you have to make sure there are no bugs or electronic listening devices in whatever room you are using what else yeah write it on a piece of paper and then what then hold it up to them and make sure that there is no you also have to make sure what if there is a camera in the room that you are in engrave it into the bottom of it basically the same thing can seal it under something sure maybe yeah but where are you writing it down to then seal it into because you have to make sure that is secure and nobody can see what you are writing down then yeah but how did that system become secure where did the keys there get it exchanged yeah so that is a nice thing right if we had a secure way to communicate we can maybe communicate new keys or do something like that we will see that actually gets used later so this is the the key is it is very difficult so this is the the main problem but if we can do that then we get all kind of nice security properties and still use it in a lot of places so we will see why eventually but we are going to look at two types of types of ciphers that are exactly what their names sound like so substitution ciphers you are substituting one character for another just like a seizure cycle that we talked about the other ones are transition ciphers where you are moving characters in the input around and believe it or not this is what the crazy thing is I really like talking about these because we are going to study these older types of cryptosystems that you can do by hand and then we will see that actually modern S-A-E-S is just made up of lots of these types of operations and it is used all the time cool questions so far substitution ciphers and the classic example is the seizure cipher oh here is where we can check our work look at that hello world let's see if you did it you guys chose the same key that I did did you do that on purpose I feel like I am a mentalist right now I trick you into using the same thing core zero okay cool sweet so seizure cipher is one of those classic first examples of any substitution cipher we are going to change every letter of the input into something else so then we talk how to attack this we can brute force try every possible key and in this case it is very easy with a seizure cipher there is 26 possibilities we don't need to any more than that we can also try to do interesting analysis and this is the one thing we will look at we can compare the cipher text with a so one gram model of English so what does that mean the occurrence of one letter yes letter in this case letter so the gram we are talking about is a letter so one gram model of English is the frequency of each letter in an average English text two gram model would be the frequency of two characters appearing one after the other and you can even go on three, four all this kind of stuff you can think about words so how does that help us then attack the seizure cipher so let me have some cipher texts it is not a ton of letters I think it is roughly 20 letters so it kind of seems one of the interesting examples is kind of looking at this and seeing that we could that even the statistical properties we are interested in are still manifest themselves here even with like roughly 20 to 25 characters like looking at it I know there is a lot of B's and I know that E is the most common letter in English so I would try that one first there is a lot of B's yeah there is a lot of B's there is also the thing that so we also maybe at a higher level need to think is this a if we didn't know we could say this a seizure cipher or a substitution cipher or a a transposition cipher where they are swapping positions so we would say well looking at this there are at least two Q's in this cipher text which is highly unlikely to happen just by moving letters around especially because I don't see any there is only one U in here too so that is even more unlikely so maybe we would look at common characters mostly all the B's mostly all the B's are followed by H's oh B's so the two grand frequency so starting at the beginning there we go BH BHE ok cool so we can also think about it holistically we can say and you can easily go look up this information we can look up to go with our intuition of what actually are the most frequent characters in english we can graph A through Z the average frequency of each character so what are some of the kind of peaks that we see we have E A T so we have several interesting things here so A but we have to kind of check ourselves are we going to expect to see the exact same distribution why not yeah that's the other important thing to think about this is the averages computed across a ton of english text if you were going to compute this yourself how would you do this either one textbook maybe a bunch of textbooks there's the project Gutenberg which has three text files of a lot of english books we have a bias more towards older works so that would be interesting to keep in mind but yeah it's literally counting you all can count you can write programs that count count of how many times is that character here divided by the total number of characters do you get all that information and so you can make this graph you can make this for whatever language you want it could be german which is going to be different all the different languages would be different but you can calculate this so if we think about this graphically what does and this is what we're going to think about for different types of ciphers what does applying a Caesar cipher to some text do to this graph so if we think about this graph let's say with the key of three like our example what's it going to do to this graph yeah let's go over here yeah shift so the key thing to think about is it going to change any of the relative frequencies no but the other thing to think about is there's when we think about our message our plain text message has its own set of frequencies which are probably going to be closely aligned with this but maybe not precisely and then it's just going to shift those by three so by shifting it by three what does that preserve from this graph well in what sense it preserves kind of the shape of the graph that's shifted over the shape of the graph meaning the peaks so the characters that are most frequent will still be most frequent to shift it over three the delta between characters so if we look here there's which is kind of exacted there's not a lot of j's q's, x's or z's and those are kind of fixed differences so we'd expect maybe and v is not very frequent so we'd expect there to kind of be this one, two, three, four, five like a five character stretch of low frequency in our cipher text and that'll just get shifted right so then we can calculate that in our cipher text so just like we discussed we have let's see it's b the most frequent I think yes so b is very frequent so one of the two maybe is assorted by frequency upper left to the right so it's b, h, l, e, y, r, q, a, b so I want to go for right the most frequent so maybe if we were just going by this maybe what would we try what would we guess that b maps to e e yeah so we can think of this as a minus four shift or whatever that is the other way what's that 21 so 21 around would get you there so we can maybe try that see if that'd be crisp we'd maybe think maybe it's the next most maybe t and we'd maybe try that to see if that shifts so we could just try to match it up the most frequently used with the rest we can so we can so these are all different kinds of techniques so we can do this we can do that by hand the other thing we could do is we could try to pick statistical measures to see how frequent how does the frequency that we compute match up with this graph essentially so we can compute is a statistical analysis we can say for every possible key so we can try all possible keys and see essentially which one shifts the graph such that it aligns closest with the graph that we care about so we can use p of x is the frequency of the character in English that's the graph that we just looked at we have all those frequencies f of c is the frequency of that character in the ciphertext and we can calculate for all the characters what does that shift do to that character in this calculation so this would be again it's kind of here we still have to try all the keys so kind of this is a slightly more elegant solution than brute forcing but essentially we're brute forcing all the keys trying to calculate a statistical measure that tells us how close we are to being correct so we can do something like this you can do this and you can say that so you can get a sorted list of all of the keys and then from here we can try what's the different value so does that map kind of what we thought so 23 is map b where what's the map of the t what we can choose so by 23 we get something like this does that look correct if we're writing an automated program maybe what could we do to try to score this to see if this is more correct yeah check for common words you can get a list of common words and we can check for all words right we can say how many words actually appear in this yeah we can maybe use more statistical measures to see if those are correct we can see that this is not correct we can see 13 where does 13 put us so we have b map 13 so 1 2 b map to o and then we see something that says never build your own crypto does that look correct yeah so again why wasn't this the first answer in our statistical measure the sample size of letters wasn't big enough right we didn't have like the so the distribution we're sampling from for this message a there's not a lot of characters and b so there's not a lot of words and b there's you know weird words in there like crypto and you and stuff so it's over-representing things like why which we probably wouldn't expect to be in the message necessarily if it was random English letters but it's still got it's still cut down our analysis time basically from trying all 26 letters to just and brute forcing those to just trying three so then what's the fundamental what is the problem with the Caesar Cybers we just broke it trivially you could do this with literally pen and paper you could write out all 26 all abilities even if it's long cybers next maybe you only do the first four letters and just try and shift in each of those by 26 0 to 26 hopefully you get something that makes sense and then there you go you have you don't have to actually by hand decrypt everything yeah how does that function we're using get you those values like 23 so these are the i's so we're calculating this metric for each i we're doing from 0 to 25 then we're going to calculate and sum up from all the characters 0 to 25 basically the frequency of that character in the cipher text times the frequency of the shifted character in the other text I believe it's calculating the mean squared error or an error metric of how close your distribution matches that distribution yeah it's really easy to prove for so how would you make that more difficult think about it in terms of our crypto systems use words in your messages that you're sending to your generals or whoever you're sending it to but don't mean the same thing tricky okay so like a code underneath the code you can have a bigger alphabet yeah maybe a bigger alphabet you can use a through z capital a through z lower case you can add punctuation marks what would be some downsides of that the method would be more keys let's say we extended it up to how many how many numbers can a byte represent 256 so let's say using a byte for a character so it can represent 0 to 256 right so now our keys are 256 possibilities was that better no because you came up with this this wasn't like the exact same I was thinking like use a language with a bigger alphabet if you have just a normal 256 things so you're blaming it on me so what's the problem the problem is that if you're switching over to characters that are never used then you know it doesn't really help you anymore yeah so if you think about the graph right or graph of English frequency imagine you had this but then you had for uppercase letters versus lowercase letters versus the numbers 0 to 9 and then add on punctuation so you'll have vast swaths of areas that are never used so it would be pretty clear how much you need to go to get to something that actually makes sense you could insert random noise that makes certain things look more or less prevalent where? in the message itself? yeah in the message itself between words that you actually want to see yeah it's tricky it's a little bit so you could add in a bunch of x's y's and z's randomly in the message but a question would be is that actually now part of your algorithm where you're encrypting things so then you assume they would know what you're doing and would be able to easily undo it in some sense instead of just using one character represent d maybe use four or five three characters represent the ones with the highest frequencies interesting yeah so maybe yeah have a variable shift so maybe first letters 3 next letters 4 next letters 5 would be shown yeah so maybe based on position out of that you can shift it by different amounts or different letters in the ciphertext so that can maybe address some of the problems we were talking about which is well a one problem is this graph so this is why I like thinking about it in terms of this because you're just shifting this graph you're not doing anything to change these letter frequencies the other problems is the one-to-one mapping so you have the letter l always maps to the same letter which again then manifests itself in this way right so we need some way to maybe get rid of that so the one idea that will go with and it's actually been done in kind of one of the possible crypto systems is to make the key longer so essentially it's combining multiple ideas that we've been talking about so one is kind of the position aspect so there'll be a different key based on position and the the key idea is well essentially the scheme is pretty kind of simple but I mean more tricky than the script but the idea is you still use the basic principles of a Caesar cipher you're just going to have multiple keys that will encrypt multiple parts of the message yeah I think you could do it I would say that's part of your scheme of how you're you're sending the message so yeah if you're scrambling the message before it's being sent it's essentially part of your crypto system so it helps me analyze the thing and you assume that they know that that's how you're doing it but yeah that would be interesting and the idea is that we're going to try to smooth out those frequencies so that the frequencies get closer and closer to where every character is uniform in our and equally likely in our ciphertext so that the adversary has no way of knowing which one is actually cool when we care about okay so this is the vision air cipher I hope I pronounced that right I'm sorry for people who speak French the idea is similar to a Caesar cipher but we're going to have keys as essentially a phrase so for instance and we'll still keep our same scheme of messages and ciphertext so it's going to be just a through z and we'll see that we can actually get awesome security properties from what we want so let's say the message is the boy has the ball this time our key would be a three letter key v-i-g in this case it could be whatever we want and the idea being we're going to use the position idea and keep essentially repeating v-i-g and the v-i-g just like we saw that our key could be we could represent our key as a letter or a number right so our shift of the three we could represent as d our shift of three we represent as c our shift of four we represent as d so that would tell you how many characters to shift it by and so the idea is but I do want to keep this up here so we don't have to keep going over this okay so what I'm going to do is essentially write so the key is just going to repeat over and over again over each of the characters so the v-i-g v-i-g v-i-g v-i-g v-i-g v-i-g v-i-g it's surprisingly difficult okay what do I do with this last letter and do I write any i's no so essentially each character is going to be encrypted meaning shifted by the amount that the key says on the letter above it so t will be shifted by v which is a o I will tell you but like before so if we're thinking about this in terms of a senior cycle the key was v you can think of it as exactly the same way with just v all the way across because every