This is a Tier-1-graded worksheet. Submit this filled worksheet only. The Tier-2 hash-and-auth labs are the deeper artifacts; today is the byte-level calibration that turns the Week 4-5 crypto prose into hands-on arithmetic.
Purpose
Week 4 introduced XOR as the simplest building-block cipher and the one-time pad as its uncompromising upper bound. Week 5 walked classical substitution ciphers (Caesar + monoalphabetic) and frequency analysis. Today's worksheet drives the Cipher Visualizer (/workbench/static/cipher-visualizer.html) so you can verify all three by hand and watch the live tool confirm or correct your computations.
The visualizer is a three-tab page: Tab 1 XOR shows byte-by-byte XOR of plaintext against a key (full-length pad mode and repeating-key mode); Tab 2 Substitution / Caesar shows the alphabet-shift mapping and the per-character output for a Caesar shift or a custom monoalphabetic substitution; Tab 3 Frequency Analysis shows the cipher's letter-frequency histogram against the reference English-letter histogram, with a shift slider to interactively recover the key. You use those tabs to answer two kinds of question: predictive (what is H XOR L byte-by-byte?) and observational (the cipher histogram peaks at letter L; what shift maps L to E?).
The pedagogical claim of Week 4 is that XOR is reversible: (plain XOR key) XOR key = plain. The visualizer makes that reversibility visible: change a key byte and the corresponding ciphertext byte changes; XOR the result with the same key byte and the plaintext returns. The pedagogical claim of Week 5 is that frequency analysis breaks every classical substitution cipher on natural-language text: short ciphertexts are noisy, but a paragraph of English ciphertext gives away its shift in one histogram inspection.
The deeper purpose: this worksheet builds the byte-level fluency you carry into Week 5's Caesar-cracking lab and the eventual cryptographic-protocol labs in SEC-201. Every modern cipher inherits XOR (AES is built on it) and every classical-cipher attack inherits frequency analysis (digrams + trigrams + index-of-coincidence are extensions of the same idea).
Learning Objectives
By the end of this worksheet, you will be able to:
- Hand-compute byte-level XOR for an ASCII plaintext and key, and verify against the visualizer's hex output (Apply; Week 4 §1).
- Hand-apply a Caesar shift to a short English plaintext and verify against the visualizer's per-character output (Apply; Week 5 §2).
- Read a frequency histogram and recover the shift of a Caesar-encrypted English passage using the heuristic
shift = (cipher_peak - E + 26) mod 26(Apply; Week 5 §3 frequency analysis). - Explain why repeating-key XOR breaks when the key cycles, naming the attack vector by name (Analyze; Week 4 §4 OTP-vs-repeating-key distinction).
- Articulate one observation about the visualizer that the prose alone could not surface, in 3-5 sentences (Evaluate; visualizer-vs-prose distinction).
Equipment Checklist
- Modern web browser (Chromium-family preferred)
- Visualizer URL open:
https://virtuscyberacademy.org/workbench/static/cipher-visualizer.html - An ASCII table at hand (the visualizer's bit-level detail panel labels each byte, but having a chart speeds the hand work)
- Paper notebook for predictions (do NOT click an example button before you predict)
- SEC-101 Week 4 §§1-3 and Week 5 §§1-3 re-read
Step-by-Step Procedure
This worksheet takes ~60 minutes. Plan one sitting.
Stage 1 - Tab 1 XOR: HELLO XOR LEMON
- Step 1. Open the visualizer at the URL above. Confirm the three tab buttons read
Tab 1 - XOR,Tab 2 - Substitution / Caesar,Tab 3 - Frequency Analysis. Tab 1 is active by default. - Step 2. Confirm the example
Full-length key (pad mode)is selected and the plaintext + key textareas readHELLOandLEMONrespectively. - Step 3. Without clicking anything else, hand-compute
HELLO XOR LEMONbyte by byte. Each character's ASCII value XOR'd with the corresponding key byte's ASCII value. Fill Table A predictions. - Step 4. Read the visualizer's XOR table and the
cipher hexoutput at the bottom of Tab 1. Fill Table A observations. The expected ciphertext is04 00 01 03 01.
Stage 2 - Tab 1 XOR: repeating-key cycling
- Step 5. Click the example button
Repeating key (cycling). The plaintext gets longer than the key; the key cycles. The visualizer should highlight the position-asterisk indicator above each cycled byte and the cycle-note should readkey cycles every N bytes - positions marked *. - Step 6. Identify the cycle-asterisk positions. The first byte the asterisk appears on is the byte where the key wrapped back to position 0. Without computing, predict: how does an attacker who knows the key cycles every N bytes recover the plaintext? Write the answer in Reflection 2 below.
Stage 3 - Tab 2 Caesar: HELLO WORLD shift 3
- Step 7. Click the
Tab 2 - Substitution / Caesarbutton. Confirm the shift slider reads 3 and theA maps tolabel readsD. The plaintext textarea readsHELLO WORLD. - Step 8. Without looking at the output, hand-apply Caesar shift 3 to
HELLO WORLD. For each letter, replace it with the letter 3 positions later in the alphabet (wrapping Z to A, Y to B, X to C). Fill Table B predictions for the 10 letters. - Step 9. Read the visualizer's
sub-outputdiv. The expected output isKHOOR ZRUOG. Fill Table B observations and mark match / miss.
Stage 4 - Tab 3 Frequency: recover the shift of a paragraph
- Step 10. Click the
Tab 3 - Frequency Analysisbutton. The default example isShort text (shift 3, easy); the cipher textarea is pre-filled withWKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ(which is "THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG" shifted by 3). - Step 11. Click the example button
Longer passage (shift 7, realistic). The cipher textarea fills with a longer English passage (the opening of the US Declaration of Independence) shifted by 7. The cipher histogram updates to show the letter-frequency distribution. - Step 12. Without dragging the shift slider, read the cipher histogram. Identify the most common cipher letter (the tallest bar in the cipher chart). Apply the heuristic:
shift = (cipher_peak - E + 26) mod 26whereEis index 4 (its position in the alphabet). Fill Table C prediction columns. - Step 13. Drag the shift slider to the predicted shift value. The decrypted plaintext should appear directly below the slider; confirm it reads recognizable English starting with
WE HOLD THESE TRUTHS. Fill Table C observation columns.
Stage 5 - Reflection
Answer the 4 reflection prompts below in 2-4 sentences each.
Data Entry Tables
Table A - XOR HELLO ^ LEMON (Steps 3-4; PREDICT before reading the visualizer)
ASCII anchors: H = 0x48, E = 0x45, L = 0x4C, O = 0x4F, M = 0x4D, N = 0x4E.
| # | Plaintext char | Key char | Predicted XOR byte | Observed XOR byte | Match |
|---|---|---|---|---|---|
| 0 | H (0x48) | L (0x4C) | 0x____ | 0x____ | [ ] |
| 1 | E (0x45) | E (0x45) | 0x____ | 0x____ | [ ] |
| 2 | L (0x4C) | M (0x4D) | 0x____ | 0x____ | [ ] |
| 3 | L (0x4C) | O (0x4F) | 0x____ | 0x____ | [ ] |
| 4 | O (0x4F) | N (0x4E) | 0x____ | 0x____ | [ ] |
| Cipher hex string | (all 5 bytes) | _______________ | 04 00 01 03 01 |
[ ] |
Table B - Caesar Shift 3 on HELLO WORLD (Steps 8-9; PREDICT before reading)
| # | Plaintext letter | Predicted shifted letter | Observed shifted letter | Match |
|---|---|---|---|---|
| 0 | H | _____ | _____ | [ ] |
| 1 | E | _____ | _____ | [ ] |
| 2 | L | _____ | _____ | [ ] |
| 3 | L | _____ | _____ | [ ] |
| 4 | O | _____ | _____ | [ ] |
| 5 | (space) | (space) | (space) | [ ] |
| 6 | W | _____ | _____ | [ ] |
| 7 | O | _____ | _____ | [ ] |
| 8 | R | _____ | _____ | [ ] |
| 9 | L | _____ | _____ | [ ] |
| 10 | D | _____ | _____ | [ ] |
| Full ciphertext | _________________ | KHOOR ZRUOG |
[ ] |
Table C - Frequency-Analysis Shift Recovery, Longer Passage (Steps 12-13; PREDICT before sliding)
| Field | Predicted | Observed | Match |
|---|---|---|---|
| Most-common cipher letter (cipher histogram peak) | _____ | _____ | [ ] |
| Position of that letter in the alphabet (A=0, B=1, ..., Z=25) | _____ | _____ | [ ] |
| Position of E in the alphabet | 4 | 4 | [ ] |
| Predicted shift = (cipher_peak_position - 4 + 26) mod 26 | _____ | _____ | [ ] |
| Decrypted text starts with | "WE HOLD THESE TRUTHS..." | _____ | [ ] |
Confirm the recovered shift is 7 (the visualizer's example claims shift 7): [ ] Yes [ ] No (explain in Reflection 4)
Reflection Prompts
Answer in 2-4 sentences each.
1. Why is repeating-key XOR broken when the key cycles? (Hint: the OTP works because the key is as long as the plaintext and never reused. When the key cycles every N bytes, two plaintext bytes N apart are XOR'd with the same key byte; XOR'ing those two ciphertext bytes together cancels the key ((P1 XOR K) XOR (P2 XOR K) = P1 XOR P2) and yields the XOR of two plaintext bytes, which can be attacked with crib-dragging or known-plaintext analysis. Name the attack vector by name.)
2. What does it tell you when the frequency histogram has one tall peak that significantly exceeds the others? (Hint: in English, the letter E accounts for ~12% of letters in long enough texts; the next-most-common letters (T, A, O, I) cluster around 6-9%. A single tall peak in the cipher histogram suggests a Caesar or simple substitution cipher; the peak maps to E. If no letter stands out, the cipher is probably not a simple substitution; consider Vigenere or a polyalphabetic.)
3. How would you attack a Caesar cipher where the plaintext is NOT English? (Hint: the heuristic peak = E is English-specific. For French, the most common letter is also E but with different runner-up frequencies. For Italian, A is also very common. For a language with no letter-frequency reference, you have 26 possible shifts, so brute-force-and-eyeball is the fallback: decrypt with all 26 shifts and pick the one that produces readable text in the suspected language.)
4. The brief's headline question. What does the visualizer show that the Week 4-5 prose alone could not? (Hint: prose can tell you the XOR truth table and the Caesar formula; the visualizer animates each byte through the formula and renders the running ciphertext, the cycle-asterisks for repeating-key cycling, and the side-by-side frequency histograms. A good answer names a specific dynamic property the visualizer surfaces: the bit-level XOR detail panel, the cycle-asterisk on repeating-key XOR, the histogram peak that shifts as you drag the slider, or the live decrypt that updates as the slider moves.)
Submission Checklist
- This worksheet, with Tables A, B, C filled
- All 4 Reflection Prompts answered
- Table A predictions filled BEFORE reading the visualizer cipher output
- Table B predictions filled BEFORE reading the Caesar output
- Table C frequency peak identified by eye before dragging the shift slider
- Toolchain Diary entry for the Cipher Visualizer added
Pass/Fail Self-Evidence (Tier 1 of the rubric)
Every gate must be checked.
- Gate 1. Tables A, B, C predictions filled before observations.
- Gate 2. Table A cipher hex string matches
04 00 01 03 01exactly. - Gate 3. Table B ciphertext matches
KHOOR ZRUOGexactly. - Gate 4. Table C recovered shift is 7 (the longer-passage example's encrypted-with shift).
- Gate 5. Reflection 4 names a specific dynamic property the visualizer surfaced.
If any gate is unchecked, do not submit yet.
Common Pitfalls
The five most common first-attempt failures:
- Clicked the example button before computing. Tables A and B ask for predictions. Clicking first and back-filling loses the calibration value. If you clicked first, redo with the alternate example (ROT13 in Tab 2; a custom key in Tab 1).
- Mis-computed XOR by reading the wrong byte boundary. XOR is bitwise;
0x48 XOR 0x4C = 0100 1000 XOR 0100 1100 = 0000 0100 = 0x04. If your Table A row 0 shows anything other than0x04, recompute the bits one at a time. - Mis-wrapped Caesar shift. Shift 3 maps Z to C (
Z + 3 mod 26 = C), not toZ. If your Table B includes wrap errors, double-check at the alphabet boundary. - Used the short-text example for frequency analysis. The short text (39 letters) is too short for frequency analysis to be reliable; its peak is O, not E. Use the longer passage (~200 letters; shift 7) as the brief directs.
- Mis-applied the shift-recovery formula. The formula is
shift = (cipher_peak_position - 4 + 26) mod 26where positions are 0-indexed (A=0). If you used A=1, every shift will be off by 1.
Forward Pointer
SEC-101 Lab 3 (Crypto Warm-Up) is the paper version of today's exercise. If you have not done it, do it first; today's worksheet calibrates against the live tool what Lab 3 calibrated against paper.
SEC-101 Week 5 Lab Caesar-Cracking asks you to recover the shift from a longer real-world ciphertext without the visualizer's pre-built histogram. The skill you build today (read a histogram, apply the heuristic, verify with a slider) is the skill that lab asks you to do without the slider.
SEC-101 Weeks 6-7 (Symmetric Ciphers + AES) introduce modern symmetric ciphers, all of which incorporate XOR. The byte-level XOR fluency you build today carries forward into the AES round-key XOR step and the CBC chaining XOR.
SEC-201 (next belt) covers Vigenere, the Kasiski examination, and the index of coincidence. All three are extensions of frequency analysis to keys longer than 1 byte. The visualizer is your first frequency-analysis tool; SEC-201's tools generalize it.
LAB WORKSHEET COMPLETE - SEC-101 lab-cipher-visualizer v1.0; Tier-1 worksheet-completion (first numbered worksheet in worksheets/sec-101/); 3 data tables (A HELLO ^ LEMON byte-by-byte predict-then-verify; B HELLO WORLD Caesar shift-3 predict-then-verify; C frequency-histogram peak letter + shift-recovery heuristic) + 4 reflection prompts (repeating-key XOR break + crib-dragging name; single tall peak = simple sub + E heuristic; Caesar on non-English; visualizer-vs-prose headline) + 5 Tier-1 gates + 5 common pitfalls + forward pointer to SEC-101 Lab 3 crypto warm-up + Week 5 Caesar-cracking + Weeks 6-7 symmetric ciphers/AES + SEC-201 Vigenere/Kasiski; em-dash + blacklist clean per editor-guide.