The History and Mathematics of Codes and Code Breaking

Tag: cryptanalysis Page 1 of 5

The Everest of Cryptanalysis

As Singh indicates in his The Code Book, the Beale Ciphers have gone unbroken for over a hundred years, the best and brightest minds of recent decades pouring hours upon hours into the effort of deciphering them. Unfortunately, their work, as of yet, has borne no fruit. Ultimately, this begs the question: why do people continue to attempt that which has eluded the brightest minds of this generation and those long since passed?

I believe the answer is twofold. Of course, money is a key motivating factor. $20 million by today's standards is quite a bot of cash, and would enable an individual to live quite comfortably for the rest of their days. In fact, as Singh points out, there are entire societies that have been formed around the goal of solving the Beale Ciphers, their membership contingent on how the treasure, should it be discovered, would be allocated to the members of said society; often, the people who crack the cipher believe they should have the right to keep all of it. For that reason, it is impossible not to acknowledge money and, by extension, greed, as one of the key motivators that drives people to crack the Beale Cipher.

Beyond that, however, lie the intellectuals, those who see the Beale Ciphers as the ultimate challenge, akin to winning a Nobel Prize or Fields Medal. For them, the money is irrelevant, as the Beale Ciphers serve as the perfect opportunity to affirm their skills as cryptanalysts and codebreakers. These people are likely driven by pure intellectual curiosity, much like Babbage and Poe, wanting to test their abilities against the hardest cryptographic problem the world has yet to offer. For that reason, their motivation for solving the Beale Ciphers is akin to that of George Mallory's for climbing Mount Everest: because they're there, they must be solved.

British Pride and Competition

In reality, the knowledge that Britain had deciphered Germany’s codes should have remained a secret for several more decades. Regardless of the reasoning, staying ahead of the opponent, even in a time of peace, provides tactical advantages on many fronts.  I believe, however, that pride and competition with the United States ultimately lead Churchill and the British Royal Navy to publish the information.

A gruesome war that tore through most of Europe had finally come to an end. It was a time of celebration for the countries that had triumphed. Publishing the findings showed the military tact that had been used by Britain and their ability to triumph their foes. It proved the resourcefulness of the country and allowed for a sense of pride to be instilled in Britain’s citizens. This also allowed Britain to show that they had been vital in the victory of the war. To some, it looked like the United States had joined the war efforts, intercepted messages, and swiftly ended the war in a year. It allowed British citizens to not feel like their ally had done everything.

Although Britain allied with the United States during and after the war, superpowers in the world are still each other's competitors at the end of the day. Across the ocean, “Herbert Hoover had been elected President and was attempting to usher in a new era of trust in international affairs” (Singh, 1999, p 141). After the war, in several countries, a lack of transparency between the government and citizens was felt. Since the United States was appearing to be more open with its’ citizens, Churchill most likely felt pressured to respond in some way. By publishing his findings, he was able to show that by keeping some secrecy during the war, Britain was ultimately able to keep the upper hand on Germany. Now, the information was viewed as not being pertinent and it was a good way to loop the citizens in.

If Britain had not revealed this information publically, it is possible that the Enigma machine would not have been utilized by Germany. After all, many were hesitant to adopt new forms of encryption due to cost and ease of use; WWII potentially could have been a far different war.

Is cryptanalysis really as easy as Singh makes it seem?

As Singh deciphered the example of the Vigènere cipher on page 116, and also other ciphers previously, I contemplated just how simple he was making them. He makes a lot of assumptions, and he also never points out some flaws that I have seen in his messages. In the example on page 16, Singh uses a message that makes his technique work very well. In this example, he uses a keyphrase that is as long as the message. Normally, this should be almost impossible to crack, because none of the cipher alphabets would be repeated in a pattern. He proposes a solution, by placing common words (he uses "the") in random locations in the plaintext. In his example, he gets it right on the first try. This is not that unlikely with such a short message, but a full paragraph of a long letter would take many more tries. He also makes the assumption that the cryptographer encrypting the message would use the word "the", or "and", or whatever word. If a cryptographer knew their code could be broken that way, they could simply refrain from using common words often. Once there are fewer common words present,  it becomes much more difficult to crack. In addition, using the method he proposed can cause false positives. It's possible that the letters "the" in the plaintext produce a discernible string of three letters in the ciphertext. If the cryptographer was smart, they could place a few traps, so that random keywords would show up in the cipher text. This would completely confuse the person deciphering the code, and may just make it extremely difficult to crack. Singh fails to address these flaws in his examples, and it makes it cryptanalysis seem easier than it really is.

Why Cryptanalysis Seems Easier Than It Actually Is

Singh's examples in book seem easy to comprehend. The methods are relatively straightforward and codes were broken within few pages of the book. However, in practice the process of cryptanalysis is usually much more complicated. I believe there are three reasons for that.

First of all, the cryptanalyst has no idea what type of code is being used. Surely a frequency analysis could narrow the answer: if frequency is equal for all letters it's probably a Vigenère cipher; if frequencies don't change it's probably a transposition cipher; if frequencies follow the same pattern as English alphabets it's probably some type of shift cipher. However, those are not the only types of ciphers that can be utilized, and even if we manage to narrow it down to a few of them, they might each require different cryptanalysis methods, and that takes time.

Secondly, cryptographers could mix unimportant information with the actual content. For instance, they could encode a string of random letters and hide the real message in between them. For a cryptanalyst, if the bunk of the message doesn't make sense, he/she would assume the analysis is wrong and resort to the next solution.

Last but not least, it's hard to guess. In a lot of the examples in the book, the author takes several guesses and one of them yielded the right result. When we are doing cryptanalysis, sometimes it takes a dozen guesses to find the right answer. Sometimes we are not finding the right piece of code to guess upon. All of which takes up a lot of time and in the world of cryptanalysis, time is everything.

Breaking (Almost) Unbreakable Ciphers

The strength of the Vigenère Cipher depends largely on the length of the keyword. If the keyword is just one letter, then it is nothing more than a simple shift cipher; if the keyword is the same length as the plain text, there will be little to no discernable pattern. However, Singh clearly demonstrates that even with a keyword as long as the text, breaking the Vigenère is doable by guessing common words like "the."

Even though it is relatively straightforward to break even these more secure ciphers, doing so in practice is often much harder. Primarily, this is because of the amount of guessing and checking required and the creative insights necessary to realize the best way to break the code. During the process of deciphering the message, and essential step is guessing words either in the plain text or in the keyword, and if your guess is wrong, you have to backtrack until you are confident that all of your work is correct and start from there again. This makes the process of cryptanalysis tedious and time-consuming.

Once you know what method to use to break the cipher, deciphering the message is only a matter of time, but often, figuring out how to approach a complicated cipher takes even the smartest cryptanalysts years to figure out on their own. For example, breaking the simple Vigenère cipher was not difficult; once Charles Babbage figured out how to break it, the Vigenère went from being an unbreakable cipher to extremely insecure overnight. This demonstrates that breaking the cipher itself is often not the most difficult part; the hardest part of breaking complex ciphers is coming up with a foolproof method which exploits weaknesses in the cipher.

The Race Between Cryptanalysis and Encryption

The status quo of cryptography can be accurately represented by a game of tennis between two equally good players. When a strong cipher is developed, the ball moves to cryptanalysis. Upon development of better decryption techniques, the ball returns back to the court of the encryptors. The period in which an event happens in the world of cryptography is heavily influenced by who has the power between cryptanalysis and encryption.

During the time of Mary Queen of Scots, the users of cryptography had little to no faith in the abilities to decrypt, causing them to have  undue faith on their abilities to encrypt. By not giving sufficient credit to cryptanalysis, they did not bother with either reinforcing the difficulty of the cipher  or any sort of counter measures in case the cipher was broken, leaving them in a worse position had they chosen not to encrypt. On the other hand, the situation before the Vigenère cipher was the exact opposite as the strength of any cipher was presumed to be weak. Encryptors were motivated to fortify their ciphers and even after encryption, they would communicate in  ways that would seem senseless without context. Some would even avoid cryptography altogether and find other ways to convey the desired message.

I also believe that during the period of Mary Queen of Scots, cryptography itself was fairly new and unheard of. This meant that almost no one had any idea how to encrypt (and naturally, decrypt) ciphers. After cryptography became more popular, more people explored the avenue and cipher breaking became more ubiquitous. This was another reason for encryptors to strive to strengthen their ciphers.

Uncertain Environments Generate Safer Practices

An environment in which one knows he or she must constantly maintain precautions is safer than one where they are unaware of the dangers that potentially exist.  

This concept is exemplified in the case of Mary Queen of Scots by the simple fact that her naive belief that she was speaking in secrecy directly resulted in her death. She essentially signed up for her own funeral by openly disclosing matters of treason. If she had been living in the era in which it was common knowledge that a “codebreaker might intercept and decipher their most precious secrets,” (Singh, p.45) then it is much more likely she would have been less forthcoming with the information she provided in her encrypted messages.

The new environment created was far more advanced than anyone in her time could have predicted. Mary’s generation falls in the era of monoalphabetic substitution, whereas the new age moved on to as many as twenty-six (polyalphabetic). Furthermore, everyone in this new era of cryptography frequently changed their methods. They would not be caught dead using such a basic cipher over a prolonged period of time to transport such crucial information. Even the ciphers used for general business information transported by telegraphs was more secure than the cipher Mary trusted her life with.

The new environment of encryption even allowed for progression in the cryptography field. As ciphers became more complex, more professional codebreakers emerged that continued to prove how difficult it was to create an uncrackable code. In turn, this generated more ciphers and the loop continues from there. Progression did not just make the population more cautious, but it also generated societal growth.

The Appeal of an Unbreakable Cipher

The unbroken Beale ciphers, likely enciphered using a book cipher, will remain nearly impossible to break until we figure out what key text was used to encipher them. Despite this, cryptanalysts have been trying to decipher the messages using various key texts, essentially guessing and checking in the hopes that they stumble upon the correct one. At this point, a reasonable guess is that the key text was a letter written by Beale himself, and without that letter, the ciphers will remain unbroken.

Nevertheless, people continue to try to break the ciphers with various different methods. Some test new key texts and hope to crack the cipher by pure luck; others try cracking the cipher in new ways in hopes that the messages were encoded with something other than a book cipher. Either way, these efforts require large amounts of time and creativity for even a minuscule chance of cracking either one of the ciphers.

The people who try to break these ciphers today are likely aware that they are nearly impossible to crack, and their motivation is probably not the wealth; there are many other ways to get wealthy if you are willing to put in that much time and effort. Rather, the reward they chase after is an intellectual one; they are hoping that, even by pure chance, in cracking the Beale cipher, they will be the first one to read his note, knowing that the knowledge it contains is entirely theirs until they decide to share it with the world. Even though the contents of the note are probably all related to the buried treasure which is of secondary importance, there is a unique appeal to being the first one to break a supposedly unbreakable cipher. The opportunity to become known as the person who did the impossible is tantalizing, and apparently to some, that satisfaction is worth chasing after no matter how unlikely it is that you will achieve it.

The Dangers of Weak Cryptography

For one who is not well-versed in “cryptography,” hearing the word might simply bring to mind the language game Pig Latin. However, Singh is trying to convey, in layman’s terms, that cryptography is not a child’s game for all; in Mary Queen of Scots’ case, it was literally an instance of life or death. The issue at hand is that while encryption is meant to show that one's guard is up, it actually creates a false sense of security when utilized poorly.

For instance, there has been a time in every person’s life when he or she whispered something to a neighbor in the hopes of keeping the message a secret. Unbeknownst to them, spectators who speak the same language were either able to eavesdrop and hear the secret or possibly even lipread bits and pieces. Yet, to the two that were whispering in their own world, it was as if they had been speaking a foreign language. Babington and Mary were in this same little world, where they had a false sense of reality and security. As Singh stated, this was honestly an unfortunate time for Mary to be communicating through cryptography because the first true cryptanalysts were emerging. The two did little to alter their patterns and believed that only they could read what was intended for one another. The problem is, in an ever-changing world, it is naive to think that one should not have to adapt to remain undiscovered. Like two people whispering, Babington and Mary let their guard down at a critical point of their mission

By trusting her basic encoding system at an essential turning point in the history of cryptanalysis, Mary left herself vulnerable to decryption and was caught openly aligning with the rebels attempting to free her. Had she been writing without encryption, she would not have directly given her blessing for the assassination. Singh wants other cryptographers to be aware that they cannot expect to simply lay encryption over their messages like some form of a safety blanket. If a message is truly meant to be a secret, cryptographers should work to ensure that their ciphers are unbreakable.

How to Keep Communication Relatively Safe through Cryptography

"A weak encryption can be worse than no encryption" because it gives the communicators a false sense of security (41). As a result, they would fail to conceal their meaning in writing and use plain language.

What's communicated throughout the chapter is that one form of encryption is never enough. If one only employs the method of stenography, the message could be completely compromised upon discovery by the enemy. On the other hand, reliance on one form of cryptography is likewise reckless. Even in Queen Mary's case, as she employs several methods to conceive her message, the secret was still easily discovered.

To keep communication safe through the usage of cryptography might mean multiple forms of cryptography. For example, a substitution mixed with transposition, which adds an additional layer of protection. While that might still be insufficient, one could always choose to hide words by using secret language codes (unlike the codes adopted in encryption). For instance, "to assassin Queen Elizabeth" could be written as "to execute the sailing plan". In Queen Mary's case, such communication could have saved her from facing the death penalty.

Cryptography is only adopted when the messengers can't meet in person, in which case some form of written message has to be created. The key and algorithm, however, are always vulnerable to the risk of being deciphered. Cryptanalysis developed alongside cryptography. Thus, the security of encryption depends on how long it's going to take for the enemy to decipher the code. In other words, cryptography is a highly time-sensitive tool. The complexity of encryption could largely increase security, while also decreasing efficiency to communicate for all parties involved.

Page 1 of 5

Powered by WordPress & Theme by Anders Norén