The History and Mathematics of Codes and Code Breaking

Month: August 2010

Resources from August 31st

The plaintext from today's cryptanalysis exercise comes from this Guardian (UK) story about an MI6 worker found murdered in his apartment. MI6 is the UK version of the CIA, an all-purpose espionage agency. The victim apparently worked at GCHQ, the top-secret crypto unit over in the UK and an offshoot of the crypto unit at Bletchey Park during World War II. had an update to the story yesterday. Police still aren't saying if they know how or why he was killed, although they've stated it wasn't because of his personal life. The victim, Gareth Williams, worked with colleagues at GCHQ and the National Security Agency (NSA) to analyze coded al Qaeda messages related to a planned bombing of transcontinental flights. Remember our discussion on the first day about not tipping the "bad guys" off that you can read their encrypted messages? Here's a quote from the Wired story that references that idea:

The NSA shared the e-mails with British prosecutors but wouldn’t allow them to use the evidence in an early trial of the suspects out of fear of tipping off Rauf that he was under surveillance. It was only after Rauf was reportedly killed in a U.S. drone attack that the NSA allowed prosecutors to use the e-mails to convict the other suspects.

Here's the Excel file I used today to help decipher the ciphertext in today's exercise. As I mentioned, the substitution cipher used was the atbash cipher in which the cipher alphabet is the plain alphabet in reverse order. Even thought the method used was very simple, the ciphertext still looks suitably cryptic on first glance.  However, as we saw in class today, a simple substitution method can lead to a very quick cryptanalysis.

Also, nice job on the responses to the reading questions for today. I was impressed with your thoughtfulness and the examples you mentioned in support of your arguments. The pre-class reading questions and the free writes you'll do during class are opportunities for you to practice your writing and communication skills in a low-stakes environment.

Update on the BlackBerry-in-India Situation

With five days to go until the August 31st deadline set by India, it looks like Research in Motion (RIM), makers of the BlackBerry, are sitting down to negotiate. Here's the latest news from the BBC on this situation. Notice that BlackBerry claims not to have a "master key" that would enable them to decipher any encrypted message sent by their users. If this is true, the strong encryption that BlackBerry uses might make it hard for the Indian authorities to do anything with any data they might be given.

Image: "SXSW 2007" by Flickr user Laughing Squid, Creative Commons licensed

Resources from August 26th

I enjoyed getting to know you a bit this morning. Don't forget your meetings with me today and tomorrow! If you've forgotten the time of your meeting, just email me and ask. Here are some directions to my office. Just ask for me at the reception desk.

We brainstormed some examples of codes and ciphers during class, and I took notes. Here's our list of examples:

  • Sherlock Holmes – solves mysteries, uses deduction
  • The Windtalkers – WW2, Navajo code talkers
  • Enigma Machine – German code machine, 92 septillion-ish settings
  • Binary code
  • Morse code – actually an alphabet (according to the book)
  • A Beautiful Mind – John Nash, code-breaker for the CIA? NSA?, also broke codes that existed only in his mind
  • Smoke signals – code
  • [Improv] Boat flag signals – also code
  • [Improv] Sign language – letters and words
  • Vigenere Cipher – 2nd generation cipher
  • Julius Caesar – Caesar shift
  • Al-Kindi – frequency analysis
  • Charles Babbage – broke the Vigenere, also invented the cowcatcher
  • National Treasure – Nic Cage’s finest work
  • The Da Vinci Code’s cryptex – not a code or cipher, but involved a riddle
  • “So dark the con of man” – transposition cipher / anagram

The plaintext from today's example comes from this blog post on Forbes about the Leo Marks poem read at Chelsea's wedding, a poem once used as part of a poem code by Marks while he worked at the Special Operations Executive (a British spy agency) during World War II.

You may have noticed that my Excel file didn't do a perfect job deciphering the quote about the Chelsea Clinton wedding. After class, I found two bugs in the file. One was that I had enciphered a couple of apostrophes as "F" instead of leaving them as punctuation. The other was that the Excel file didn't actually include the plaintext "z" in its calculations! I've used this file many times, but this must have been the first time I've had a "z" in a piece of plaintext. In this case, it was the last name of Chelsea Clinton's new husband, Marc Mezvinky. Here's the updated Excel file.

The visuals I used while describing the Zimmerman Telegram and BlackBerry encryption examples were created in a program called Prezi. One advantage of Prezi: I can embed it here on the blog. See below.

Finally, don't forget to read Chapter 1 in the Singh book for Tuesday and (optionally, but strongly encouraged) respond to the pre-class reading questions here on the blog for Tuesday.

Introduction: Cryptography Timeline

The third way you can participate in this course outside of class is to contribute entries to the collaborative cryptography timeline we'll build as a class. Here's an introduction:

What Is a Collaborative Timeline?

You're probably familiar with timelines, which are visual representations of events that happened in the past where the horizontal axis represents time. A collaborative timeline is just a timeline constructed by a group of people working together, kind of like a wiki is a website written by people working together. Here's an example from a course on the Victorian Age at Central Connecticut State University.

You can see our collaborative cryptography timeline here. As I write there, there's not much there, just four events from the history of cryptography. Over the semester, you'll have the chance to add more events to the timeline and, in the process, contributing to your participation grade.

How Do I Read the Timeline?

If you hover your mouse over the timeline, it will turn into a hand that you can use to "grab" and move the timeline to see different parts of it. The light gray band is marked off in 10-year intervals; the dark gray band is marked off in 100-year intervals. If you grab the dark gray band and move it around, you'll scroll through the timeline faster.

If you click on one of the entries in the timeline, you'll get a pop-up box with more info--a description, maybe an image, maybe a link to a website. While the timeline helps you see how events relate to each other in time, it's the pop-up boxes that have the details on particular events.

You'll notice that each event is categorized and color-coded. On the right side of the screen, you'll see a list of those categories. Click on a category to filter the timeline so that only events in that category appear. Once you've done so, you can uncheck the box next to the category to remove the filter and see all the events again.

There's also a search box on the right side of the screen. Enter a search term and you'll see only those events that include that search term--either in the event name or in the pop-up box.

Why a Collaborative Timeline?

Although I haven't searched exhaustively, I haven't found a good timeline showing the history of cryptography, so I thought we would make one together. As you go through the course, the timeline will be helpful to see how various events in the history of cryptography relate to each other over time. And when you go to write your final essay in the course, the "Big Questions" paper, you'll probably make good use of the timeline as you pull together evidence for your arguments.

Although I could probably put together a timeline on the history of cryptography for you, I would much rather involve you in the process of building it. This way, when the semester is over, the class as a whole will be able to point to this timeline (freely available online for others to use) and say that we built it.

Contributing to the Timeline

The data that appears in the timeline is pulled from this Google Spreadsheet.To contribute to the timeline, you'll first have to get access to edit this spreadsheet.

Head for the spreadsheet itself and click on “Edit this page” at the bottom left. You’ll be prompted to sign in using a Google account. (I think your Vanderbilt email will do, since it's powered by Gmail, but let me know if it doesn't.) After that, you should get a notice that you don’t have permission to edit the spreadsheet. There should be a link that reads “request access to this document.” Click on that and wait for me to give you access.

Once you have access, visit the spreadsheet and click "Edit this page" at the bottom to add something to the spreadsheet. Follow these instructions:

  1. Always add your entries at the bottom of the spreadsheet, in the first empty row.
  2. The first field, {label}, is the text that will appear on the timeline.  Please keep this text relatively short.  To add italics, type something like “Simon Singh’s <em>The Code Book</em>” (but without the quotes).  The “<em>” and “</em>” need to bracket whatever you would like to appear in quotes.
  3. The second field, {start:date}, is the date of the event.  You must enter the date in yyyy-mm-dd format.  If all you have is a year, then just enter the year, leaving off the month and date.
  4. The third field, {end:date}, is optional and can be used to indicate the end of an event that spans a length of time.  Again, use the yyyy-mm-dd format.
  5. The fourth field, {description:single}, is the text that will appear when you click on the event in the timeline.  You can link to another Web site here if you like.  The format is as follows: <a href=””>Google</a>.  Also, be sure to cite your source somehow.
  6. The fifth field, {image:url}, is optional and can be used to display an image in the box that pops up when you click on an event.  If you find an image you like online, you can usually right-click the image, select Properties, then find the address of the image under Address, Location, or URL.  Copy this Web address and paste it in the Google spreadsheet.
  7. The sixth field, {cat}, assigns the event to a category.  You can make up your own category if none of the ones already in use fit.  Don’t get too carried away, however, since too many categories isn’t helpful.
  8. The seventh field, {initials}, is where you should list your initials.  Contributing to the timeline is one way to affect your class participation grade, so I want to make sure to give you credit.

That should do it. I know that this isn't quite as straight forward as leaving a comment on the blog or tagging a website in Delicious, but I think that once you do it once or twice, you'll find it's pretty straight forward. But, please, let me know if you have questions.

Introduction: Online Discussions

Another way you can participate in this course outside of class is to contribute to discussions about the readings here on the blog. (If you're still fuzzy about the course blog, please see my earlier post introducing the course blog.) Here's a quick introduction.

How Will Online Discussions Work?

Most weeks during the semester you'll be assigned a selection from our textbook, The Code Book by Simon Singh, to read before class. For each reading, I'll post a few open-ended discussion questions about the reading on the course blog, and you're invited to respond to these questions in writing by leaving comments on the blog. For example, here are the questions for the first reading, to be discussed in class on Tuesday, August 31st.

You're encouraged to use your real name when leaving comments. If you feel uncomfortable doing so (because the course blog is open to public access, perhaps), you're welcome to use a pseudonym. If you use a pseudonym, please let me know what it is so I can give you credit for your contributions to the online discussions.

Why Online Discussions about the Reading?

The key here is that I'm asking you to respond to questions about the reading before you come to class and discuss the reading with your peers and me. These questions are designed to help you make a little more sense out of the reading so that you come to class better prepared to contribute to class discussions. This will mean our in-class discussions will be the third time you think about a reading: once while you read it, a second time when you respond to the online questions, and a third time during class. By cycling back through the material multiple times, you'll understand it better.

And by having you respond here on the blog to the reading questions, you'll also get to see what your peers are thinking about regarding the course material. You're likely to learn a thing or two from hearing their perspectives--and they'll learn from hearing yours. Again, this will help to make our class discussions even more fruitful.

Many of the reading questions will generate ideas and perspectives useful for your final essay assignment in the course, the "Big Questions" paper. So as you respond to the reading questions and read your peers' responses, be looking for "Big Questions" you might like to tackle in your final paper, as well as perspectives on those questions you might integrate into your paper. (Please note that if you use one of your peers' ideas in your paper, you'll need to cite it, just as you would cite ideas you use from journal articles and books.)

Reading Questions for August 31st

In preparation for class on Tuesday, August 31st, please read the first chapter in the Simon Singh book and think about the following questions.

  1. What advantages do transposition ciphers offer over substitution ciphers?  What advantages do substitution ciphers offer over transposition ciphers?
  2. Many of the examples of cryptography in this chapter dealt with uses in political or military contexts, where the need for keeping secrets is usually clear.  What are some reasons that people today might need cryptography in other settings?
  3. On page 15, Singh writes, “Cryptanalysis could not be invented until a civilization had reached a sufficiently sophisticated level of scholarship in several disciplines, including mathematics, statistics, and linguistics.”  If such a level of scholarship was required for the development of the frequency analysis approach to solving substitution ciphers, what do you make of the fact that amateur cryptanalysts today often use that approach “on their own,” so to speak, without being trained in it?
  4. On page 41, Singh writes, “The cipher of Mary Queen of Scots clearly demonstrates that a weak encryption can be worse than no encryption at all.”  What does Singh mean by this and what does it imply for those who would attempt to keep their communications secret through cryptography?

As a reminder, note that responding to these questions by leaving a comment here on the blog is one of the ways in which you can contribute to your participation grade in this course.


Introduction: Social Bookmarking via Delicious

One of the ways you can participate in the course outside of class is to tag relevant websites, news articles, and other online resources using the social bookmarking tool Delicious.Here's a quick introduction:

What Is Delicious?

The idea behind Delicious (and other social bookmarking tools) is that instead of saving an interesting website as a bookmark or "favorite" in your Web browser (Firefox, Internet Explorer, etc.), you save the website to your Delicious account. Then you can...

  • Access the bookmark from any Web browser and any computer (not just the Web browser you were using when you saved the site),
  • Make the bookmark publicly available so that others who are interested in the things that interest you can see it, and
  • Assign one or more "tags" to the bookmark to categorize it so you can more easily find it later.

Watch this three-minute video on social bookmarking via Delicious for a great introduction to this process. Seriously, watch the video.

Why Social Bookmarking?

Cryptography is a rich, active, and relevant field, and there's no way we can cover every aspect of the field in a single course. Tagging resources related to cryptography on Delicious and sharing those resources with the class is useful for two reasons. One is that it helps you make connections between the content of this course and other interests of yours, both academic and personal. The other is that by sharing interesting cryptography resources with the course, you're enriching the learning experience for all of us (including me) in the class. Both of those reasons merit including this activity in your course participation grade.

Also, keep in mind that you'll want to identify a particular code or cipher not covered during class to discuss in your second essay, the expository paper. Keep an eye on the Delicious feed for potential paper topics. You may also find some of the resources tagged in Delicious useful in your final essay, the "Big Questions" paper, as you put together your arguments in that paper.

Getting Started

Getting started is pretty simple. Just follow these steps, most of which are illustrated in the video:

  1. Visit and sign up for a free account. Pick any user name you like that's available. You're welcome to use your actual name or to pick a pseudonym. If you pick a pseudonym, however, let me know what it is so I can give you credit for your contributions to Delicious.
  2. When you find an interesting cryptography site to share, you can copy the URL from the address bar in your Web browser, visit Delicious, click on "Save a New Bookmark," and paste the URL into the appropriate place. You'll then get a chance to add comments and tags to the bookmark.
  3. However, I recommend that you install one of the browser tools Delicious makes available. Once you install one of these tools in your Web browser, you'll be able to save a website to Delicious just by clicking a button in your browser. When you do, a window will pop up letting you add comments and tags to your bookmark. This makes it much easier to save something to Delicious than the cut-and-paste approach. (And if you have a smart phone like an iPhone or Android, you can find apps that do the same thing. Search your app store for "Delicious" to find one.)
  4. However you use Delicious, be sure to tag your bookmarks with the keyword "fywscrypto" (without the quotes, of course). All bookmarks tagged with that keyword will show up on the Delicious page for the "fywscrypto" and, more importantly, on the sidebar of this blog. This will make it easier for all of us to see what we've all be tagging lately. (In case it didn't occur to you: The "fyws" in "fywscrypto" stands for First-Year Writing Seminar.)
  5. You're welcome to use other tags in addition to "fywscrypto." Additional tags will just make it easier to find particular bookmarks later. See the Delicious feed for "fywscrypto" for some ideas, such as "bletchleypark," "cybersecurity," and "unsolved."

If you have any questions about using Delicious, feel free to ask me.

Powered by WordPress & Theme by Anders Norén