The Beale ciphers in fiction

The Beale ciphers are an interesting unsolved cryptographic puzzle, if for no other reason than their solution may uncover the location of a multimillion-dollar treasure. That is, if they are not a hoax. Over the years many cryptanalysts, amateur and professional, have tried and failed to decrypt the final two Beale ciphers. Recently, a number of writers have used the ciphers in their works of fiction. I review ten such novels and a short animated movie that all use the Beale ciphers as plot elements. The novels fall into two categories. First are novels where the objective is to solve the Beale ciphers and find the treasure. These novels use probable and improbable techniques to find the solutions. In some the solution occurs out of sight so the reader has no insight into the cryptanalysis. Second are novels where the existence of the Beale ciphers and their construction as book ciphers further a different story narrative. In these novels the Beale ciphers are mentioned and described but no attempt is made to solve them. There is usually another book cipher that must be solved instead. In conclusion, the Beale ciphers still seem to be generating significant interest.     

Elastic block ciphers: method, security and instantiations

We introduce the concept of an elastic block cipher which refers to stretching the supported block size of a block cipher to any length up to twice the original block size while incurring a computational workload that is proportional to the block size. Our method uses the round function of an existing block cipher as a black box and inserts it into a substitution- permutation network. Our method is designed to enable us to form a reduction between the elastic and the original versions of the cipher. Using this reduction, we prove that the elastic version of a cipher is secure against key-recovery attacks if the original cipher is secure against such attacks. We note that while reduction-based proofs of security are a cornerstone of cryptographic analysis, they are typical when complete components are used as sub-components in a larger design. We are not aware of the use of such techniques in the case of concrete block cipher designs. We demonstrate the general applicability of the elastic block cipher method by constructing examples from existing block ciphers: AES, Camellia, MISTY1, and RC6. We compare the performance of the elastic versions to that of the original versions and evaluate the elastic versions using statistical tests measuring the randomness of the ciphertext. We also use our examples to demonstrate the concept of a generic key schedule for block ciphers.

一种分组密码强化安全方法的研究

分析了级联加密的特点,讨论了分组密码的三种强化技术:密码级联技术、多重加密技术和白化技术,提出了一种双重级联加密方案NCC,并用现有的级联加密模式进行了比较,分析了其安全性和特点。同时为了减少密钥量,设计了一种密钥生成方案,用两个主密钥生成三个加密密钥,并且分析了它的安全性。     

关于Trivium-型序列密码代数次数估计的研究

对于序列密码,输出密钥流比特可以视为关于密钥变元和Ⅳ变元的布尔函数,而该布尔函数的代数次数是影响密码算法安全性的重要因素;当代数次数偏低时,密码算法抵抗代数攻击、立方攻击和积分攻击的能力比较弱.目前,针对Trivium-型序列密码算法,最有效的代数次数估计方法是数值映射方法和基于MILP的可分性质方法.本文通过分析两种典型方法的特点,结合两种方法的优势,对Trivium-型算法的代数次数估计进行了改进.我们利用改进后的方法对大量随机选取的Ⅳ变量集进行了实验.实验结果表明,对于Trivium-型算法,改进后的方法能够给出比数值映射方法更紧的代数次数上界.特别地,针对Trivium算法,当输入变元为全密钥变元和全Ⅳ变元时,即80个密钥变元和80个Ⅳ变元,输出比特代数次数未达到160的最大轮数从907轮提高到912轮,这是目前已知的全变元情形下的最优代数次数估计结果.     

THE PAPAL CIPHER SECTION IN THE EARLY NINETEENTH CENTURY

In the early 19th century, papal cryptography was moribund. The pope's Secretariat maintained a small cipher section, but this unit was sadly neglected. It shunned cryptanalysis, and limited itself to handling the few secret communications that passed between the Vatican and its diplomatic representative abroad. Papal ciphers were simple, and provided only modest security.     

THE NAVY CIPHER BOX MARK II

Recent suggestions in [8] that optimization techniques such as the genetic algorithm can be used to successfully solve knapsack ciphers are somewhat optimistic. The inability to assign an appropriate fitness to an arbitrary solution of the knapsack cipher is the downfall with this method. In this paper a detailed analysis of the proposed fitness function is undertaken and numerical results are presented displaying the futility of using this fitness function in a genetic algorithm for solving knapsack ciphers of any reasonable size.     

MA4210 ALPHANUMERIC POCKET CIPHER

Abstract

Vigenère ciphers can be broken, if the key length is known. In trying to break the Vigenère cipher, Charles Babbage and Friedrich Wilhelm Kasiski found the length of the key by searching for periodical repetitions in the ciphertext to split the cipher into multiple Caesar ciphers. William Friedman's, “index of coincidence,” also requires an adequate length of the ciphertext to retrieve the key length. Both methods lack, if the ciphertext is short or does not include repetitions and no other effective linguistic solution to break short Vigenère ciphers is known. Massively decreasing the solution space by logic, reverse digram frequency, and language properties allows breaking short and long Vigenère ciphers with and without repetitions.     

How I reconstructed a Spanish cipher from 1591

The present author identified a cipher used in a letter of Alessandro Farnese, Duke of Parma, dated 25 January 1591. It turned out to be similar to known Spanish ciphers of the time in that it is based on simple substitution (with some homophones) and vowel indicator symbols to form syllables systematically. About the same time, the Duke of Mayenne used a much simpler cipher in writing to the same recipient.     

A genetic strategy to design cellular automata based block ciphers

We propose an evolutionary computation approach to design a fast and secure block cipher using non-uniform second-order cellular automata. We build a flexible block ciphering model that permit the construction of a huge space of possible instances defined each one by a finite set of elementary transition rules. The constructed space is explored using a genetic algorithms strategy in order to find an optimal solution with respect to the strict avalanche criterion used as fitness measurements. The genetically designed cipher is benchmarked experimentally using conventional statistical tests, and shown to have very admissible characteristics leading to a very acceptable level of cryptographic security. Moreover, performances analysis shows that the designed cipher permit to achieve a high encryption/decryption speed, and compete many of the existing standardized ciphers.     

A TUTORIAL ON LINEAR AND DIFFERENTIAL CRYPTANALYSIS

In this paper, we present a detailed tutorial on linear cryptanalysis and differential cryptanalysis, the two most significant attacks applicable to symmetric-key block ciphers. The intent of the paper is to present a lucid explanation of the attacks, detailing the practical application of the attacks to a cipher in a simple, conceptually revealing manner for the novice cryptanalyst. The tutorial is based on the analysis of a simple, yet realistically structured, basic Substitution-Permutation Network cipher. Understanding the attacks as they apply to this structure is useful, as the Rijndael cipher, recently selected for the Advanced Encryption Standard (AES), has been derived from the basic SPN architecture. As well, experimental data from the attacks is presented as confirmation of the applicability of the concepts as outlined.     

A THEORY OF CRYPTOGRAPHY

It Is proposed that a theory of cryptography covering both substitution and transposition ciphers in a general way be considered so as to not overlook, various characteristics of cipher systems. A cipher consists of correspondence classes and their sequence, the classes being roughly equal to equivalence classes in algebra. Examples are given.     

Louis Kruh,Cryptologist, Editor,Activist

Abstract

The double transposition cipher was considered to be one of the most secure types of manual ciphers. It was extensively used in both World Wars and during the Cold War. In 1999, Otto Leiberich, the former head of the German federal office for information security, suggested that a double transposition challenge be published with specific parameters designed to ensure its security. Such a challenge was published by Klaus Schmeh in 2007. In November 2013, the authors solved the challenge using a ciphertext-only hill climbing attack. They also solved the challenge using a dictionary attack. In this article, they describe both methods, which are based on a “divide-and-conquer” approach. They additionally discuss the impact of their solutions with respect to the general security of the double transposition cipher.     

COMPUTER METHODS FOR DECRYPTING RANDOM STREAM CIPHERS

Relaxation algorithms have been used successfully in the automated cryptanalysis of simple substitution ciphers [5,6,7]. This paper describes a Pascal implementation of relaxation using an adjustment formula by Shannon [8]. The formula is used to generate trigram statistics suitable for the solution of simple substitution ciphers without word divisions. Problems encountered when applying relaxation to homophonic ciphers are identified.     

Distinguishing attacks on stream ciphers based on arrays of pseudo-random words

In numerous modern stream ciphers, the internal state consists of a large array of pseudo-random words, while the output key-stream is a relatively simple function of the state. It has been heuristically shown in several situations [3], [8], [9], [10], [11] and [14] that this structure may lead to distinguishing attacks on the cipher. In this note we present a more rigorous treatment of this structural attack. First, we present a rigorous proof of the main probabilistic claim behind it in the basic cases. We then apply it concretely to the cipher sn3 [12], and demonstrate that the heuristic assumptions of the attack are remarkably precise in more complicated cases.     

Differential fault analysis on Camellia

Camellia is a 128-bit block cipher published by NTT and Mitsubishi in 2000. On the basis of the byte-oriented model and the differential analysis principle, we propose a differential fault attack on the Camellia algorithm. Mathematical analysis and simulating experiments show that our attack can recover its 128-bit, 192-bit or 256-bit secret key by introducing 30 faulty ciphertexts. Thus our result in this study describes that Camellia is vulnerable to differential fault analysis. This work provides a new reference to the fault analysis of other block ciphers.     

一个基于混沌系统的动态换位加密方案

在对换位加密技术研究的基础上,提出了一个基于混沌系统的动态换位加密方案。该方案通过二进制数据转换、数据替换及动态换位等加密步骤,很好地实现了明文的混淆与扩散。与传统的换位加密相比,新方案不仅有较大的密钥空间,而且产生的换位序列具有很强的随机性。理论分析及实验结果表明,给出的新方案可以抵抗多种已知的密码攻击,克服了传统换位加密技术的弱点,具有较高的安全性。     

Differential fault analysis on the ARIA algorithm

The ARIA algorithm is a Korean Standard block cipher, which is optimized for lightweight environments. On the basis of the byte-oriented model and the differential analysis principle, we propose a differential fault attack on the ARIA algorithm. Mathematical analysis and simulating experiment show that our attack can recover its 128-bit secret key by introducing 45 faulty ciphertexts. Simultaneously, we also present a fault detection technique for protecting ARIA against this proposed analysis. We believe that our results in this study will also be beneficial to the analysis and protection of the same type of other iterated block ciphers.     

An automatic cryptanalysis of simple substitution ciphers using compression

Automatic recognition of correct solutions as a result of a ciphertext only attack of simple ciphers is not a trivial issue and still remains a taxing problem. A new compression based method for the automatic cryptanalysis of simple substitution ciphers is introduced in this paper. In particular, this paper presents how a Prediction by Partial Matching (PPM) text compression scheme, a method that shows a high level of performance when applied to different natural language processing tasks, can also be used for the automatic decryption of simple substitution ciphers. Experimental results showed that approximately 92% of the cryptograms were decrypted correctly without any errors and 100% with just three errors or less. Extensive investigations are described in this paper, in order to determine which is the most appropriate type of PPM scheme that can be applied to the problem of automatically breaking substitution ciphers. This paper shows how a new character-based PPM variant significantly outperforms other schemes including the standard Gzip and Bzip2 compression schemes. We also apply a word-based variant which when combined with the character-based method leads to further improved results.