Prev: Modular Scalable Key Cryptography - Completed Feasibility Model.
Next: On dynamic substitutions
From: mosherubin on 2 Jul 2010 08:04
Ninety-two years after its invention, fifty-seven years after
challenge messages were published, and after many cryptanalytic
researchers unsuccessfully tried to solve these challenge messages,
John F. Byrne's Chaocipher algorithm can finally be revealed.

Readers of sci.crypt may recall Chaocipher-related posts over the past
two years detailing progress made in analyzing this fascinating cipher
system. Justified criticism was raised that John F. Byrne, by keeping
his cryptographic system secret, did not abide by Kerckhoff's
principle.

As of today, this is no longer the case.

The Chaocipher Cleaning House is proud to present a paper entitled
"Chaocipher Revealed: The Algorithm" which describes the exact
algorithm used in the Chaocipher system. Now anyone can approach the
challenge messages found in Byrne's autobiographical "Silent Years",
attempting to solve them with full knowledge of the system.

The paper "Chaocipher Revealed: The Algorithm" can be found at:

http://www.mountainvistasoft.com/chaocipher/chaocipher-017.htm

Be sure to follow the anticipated flurry of activity in the Chaocipher
area in the Crypto Forum web site (http://s13.zetaboards.com/Crypto/
forum/3003636/).

Moshe Rubin
The Chaocipher Clearing House
http://www.mountainvistasoft.com/chaocipher/

========================

The "Chaocipher Clearing House" is a web site dedicated to tracking
cryptanalytic work related to solving John F. Byrne's Chaocipher. The
site can be found at http://www.mountainvistasoft.com/chaocipher.

If you've never tackled the Chaocipher challenge, you'll find all the
resources you need to start with on the Chaocipher Clearing House site
(http://www.mountainvistasoft.com/chaocipher). If you've done any
work in the past on Chaocipher, how about sharing your thoughts with
the community? Collaborative work has a tendency to snowball. Come
aboard and be part of the joint effort.

Comments, informational contributions, and suggestions are most
welcomed. Feel free to contact me at the Chaocipher Clearing House
(mosher(a)mountainvistasoft.com)

Moshe Rubin
From: Mok-Kong Shen on 3 Jul 2010 05:38
mosherubin wote:
[snip]
> So far I have not been able to make an analysis "break" into the
> Chaocipher algorithm. Even given some 13,500 matching plaintext and
> ciphertext letters (!) in Exhibit 1 I still don't see how to determine
> the starting alphabets! It might not be OTP, but the difficulty in
> solving at the moment seems to rank with Enigma and other alphabet-
> generating mechanisms.

This certainly amply shows how dynamics, if appropriately exploited,
could (easily) render analysis of encryption hard. The exploitation
of this (trivial) principle seems to be often consciously/unconsciously
ignored/neglected though, as the much research efforts directed
to the study of breaking static schemes (block encryption with a
fixed key) indicate IMHO.

BTW, maybe my thought is quite wrong, but somehow I have the feeling
that the current knowledge of the Chaocipher is in some sense not
compatible with the challenge problem of Chaocipher posed in
Cryptologia.

M. K. Shen

From: mosherubin on 4 Jul 2010 04:32
On Jul 3, 12:38 pm, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote:
> mosherubin wote:
> [snip]
>
> > So far I have not been able to make an analysis "break" into the
> > Chaocipher algorithm.  Even given some 13,500 matching plaintext and
> > ciphertext letters (!) in Exhibit 1 I still don't see how to determine
> > the starting alphabets!  It might not be OTP, but the difficulty in
> > solving at the moment seems to rank with Enigma and other alphabet-
> > generating mechanisms.
>
> This certainly amply shows how dynamics, if appropriately exploited,
> could (easily) render analysis of encryption hard. The exploitation
> of this (trivial) principle seems to be often consciously/unconsciously
> ignored/neglected though, as the much research efforts directed
> to the study of breaking static schemes (block encryption with a
> fixed key) indicate IMHO.
>
> BTW, maybe my thought is quite wrong, but somehow I have the feeling
> that the current knowledge of the Chaocipher is in some sense not
> compatible with the challenge problem of Chaocipher posed in
> Cryptologia.
>
> M. K. Shen

The three "in-depth" challenge messages posed by Kruh and Deavours in
their 1990 Cryptologia article (aka "Exhibit 5") may eventually turn
out to have been unfair to the readers. In-depth Chaocipher messages,
with their highly nonlinear alphabets, may have been beyond anyone who
did not have knowledge of the underlying system. But in what way do
you feel the current knowledge of Chaocipher is not compatible with
the challenge problems?

Moshe Rubin
From: Mok-Kong Shen on 4 Jul 2010 04:51
mosherubin wrote:
> Mok-Kong Shen wrote:

> The three "in-depth" challenge messages posed by Kruh and Deavours in
> their 1990 Cryptologia article (aka "Exhibit 5") may eventually turn
> out to have been unfair to the readers. In-depth Chaocipher messages,
> with their highly nonlinear alphabets, may have been beyond anyone who
> did not have knowledge of the underlying system. But in what way do
> you feel the current knowledge of Chaocipher is not compatible with
> the challenge problems?

I tend to think with the disclosure of the algorithm that the challenge
is very unfair. In more direct words: Would the originators of the
challenge themselves have a realistic chance of solving, if they were
readers of the article?

M. K. Shen

From: mosherubin on 5 Jul 2010 03:38
On Jul 4, 11:51 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote:
> mosherubin wrote:
> > Mok-Kong Shen wrote:
> > The three "in-depth" challenge messages posed by Kruh and Deavours in
> > their 1990 Cryptologia article (aka "Exhibit 5") may eventually turn
> > out to have been unfair to the readers.  In-depth Chaocipher messages,
> > with their highly nonlinear alphabets, may have been beyond anyone who
> > did not have knowledge of the underlying system.  But in what way do
> > you feel the current knowledge of Chaocipher is not compatible with
> > the challenge problems?
>
> I tend to think with the disclosure of the algorithm that the challenge
> is very unfair. In more direct words: Would the originators of the
> challenge themselves have a realistic chance of solving, if they were
> readers of the article?
>
> M. K. Shen

Your astute comment is certainly in place. In my opinion, Kruh &
Deavour's 1990 challenge messages, without fully disclosing the
Chaocipher algorithm, indeed may not have been fair. To be honest,
K&D were bound to secrecy by John Byrne, but the tone of their three
challenge messages seemed to be "guys, you can do it with computers
without full knowledge of the system".

Over the past two years other researchers and myself scanned,
corrected, trawled through, and dissected Stewart C. Easton's book
"Rudolf Steiner: Herald of a New Epoch", which was the plaintext
source of the three messages chosen by K&D. Based on patterns
discerned in Exhibit 1 (i.e., identical pt/ct pairs were never less
than 9 positions apart) I proposed several possible matches for the
three cipher messages. There was no way, however, to verify the
matches without a better knowledge of the underlying algorithm. Even
with this knowledge today I cannot verify my hypotheses (yet!).

Even today, with full knowledge of the algorithm and given full
plaintexts and ciphertexts, we are racing to develop a method for
recreating the starting alphabets given full pt and ct pairs. This is
the first mountain to climb. Here is a doable challenge to all
sci.crypt readers:

===================
Start of Challenge
===================

See http://s13.zetaboards.com/Crypto/single/?p=8002450&t=6713216 for a
listing of the first 1,100 plaintext and ciphertext pairs in Exhibit
1.

Knowing the algorithm, can you recreate the starting left/right
alphabets given this wealth of pt/ct pairs? Should anyone need more,
I can easily provide 13,500 such pairs. Can someone develop a
cryptanalytic technique that can solve for the starting alphabets
given the pt and ct?

If you develop such a technique, I will gladly publish a paper
explaining the method, with full credit to you, on The Chaocipher
Clearing House.

===================
End of Challenge
===================

The next step, and the ultimate challenge, will be to solve a
ciphertext-only Chaocipher message. But this can wait until the pt+ct
is solved.

BTW, if you do develop a technique for solving a known-plaintext
Chaocipher message, you will discover the 262-letter secret message
John F. Byrne enciphered starting in position 5500.

I look forward to Professor Deavours writing an article on his
Chaocipher experience, and would like to hear whether he feels today
that the challenge was a fair one.

Regards,

Moshe
 |  Next  |  Last
Pages: 1 2 3
Prev: Modular Scalable Key Cryptography - Completed Feasibility Model.
Next: On dynamic substitutions