Cryptology, Cryptography, and Cryptanalysis

we decoded it on the very first try! let’s try a harder one.

encrypted message:
tgtlgsdauwewkksywjwuawnwvoaddfglsuloalzgmlafxgjeslagfozqgjsfywbmauw

frequency count:
8 - w
7 - ag
6 - l
5 - s
4 - fu
etc

Our first guess should be to substitute ‘w’ with ‘e’ (rot8), since it’s the highest count.

bobtoalicemessagerecievedwillnotactwithoutinformationwhyorangejuice
with spaces:
bob to alice message recieved will not act without information why orange juice

So, how would you go about making it more difficult to find patterns in the frequency count? The next step up from a rotation cipher is a ‘polyalphabetic cipher’. Here’s how it works.

First, you come up with a codeword, known by both alice and bob. Let’s say the codeword is “boner”.

Converted to number values, this word is:
"2 15 14 5 18"

Now, we take the message we want to encrypt. Let’s say:
"bobtoaliceacknowledgedwillinvest"

You convert it to numbers:
"2 15 2 20 15 1 12 9 3 5 1 3 11 14 15 23 12 5 4 7 5 4 23 9 12 12 9 14 22 5 19 20"

Now, you go through the codeword, which is called the “key”, and repeatedly add the values of the codeword to the value of the letter, like so:

"b+b o+o b+n t+e o+r a+b l+o i+n c+e e+r a+b c+o k+n n+e o+r w+b l+o e+n d+e g+r e+b d+o w+n i+e l+r l+b i+o n+n v+e e+r s+b t+o"

"2+2 15+15 2+14 20+5 15+18 1+2 12+15 9+14 3+5 5+18 1+2 3+15 11+14 14+5 15+18 23+2 12+15 5+14 4+5 7+18 5+2 4+15 23+14 9+5 12+18 12+2 9+15 14+14 22+5 5+18 19+2 20+15"

"4 30 16 25 33 3 27 23 8 23 3 18 25 29 33 25 27 19 9 25 7 19 37 14 30 14 24 28 27 23 21 35"

subtract 26 from all numbers >26:
"4 4 16 25 7 3 1 23 8 23 3 18 25 3 7 25 1 19 9 25 7 19 11 14 4 14 24 2 1 23 21 9"

turn into letters:

"d d p y g c a w h w c r y c g y a s i y g s k n d n x b a w u i"

so the encrypted message is:
ddpygcawhwcrycgyasiygskndnxbawui

This is quite unusual; the variances in frequency are flattened out. This would tell us, after testing ‘y = e’, that we probably aren’t dealing with a rotation cipher.

The reason this cipher is called ‘polyalphabetic’ is because it uses n alphabets, where n is the number of characters in the ‘codeword’ or ‘key’. In the case of the previous post, there were five alphabets: one used for characters encoded with ‘b’, one for ‘o’, one for ‘n’, one for ‘e’, and one for ‘r’.

How do we use this to attack the cipher? Well, if we suspect we’re dealing with a polyalphabetic cipher, the first thing we do is try to guess at the number of characters in the key. Let’s say we assume there are four. We would divide up the message into characters encrypted by the first character in the key, encrypted by the second character in the key, the third, and the fourth.

the first character (d) in the message was encrypted by the first character in the key. The second (d) by the second, the third (p) by the third, the fourth (y) by the fourth, but the *fifth* character in the message was encrypted by the *first* character in the key (if we’re right about the length.key=4)

So let’s divide the message up into four parts. Every fourth character starting with the first character goes in one pile, every fourth character starting with the second character goes into another pile, etc.

ddpygcawhwcrycgyasiygskndnxbawui
d1 d2 p3 y4 g1 c2 a3 w4 h1 w2 c3 r4 y1 c2 g3 y4 a1 s2 k3 n4 d1 n2 x3 b4 a1 w2 u3 i4
characters encrypted with first key character: dghyagda
characters encrypted with second key character: dcwcssnw
characters encrypted with third key character: pacgikxu
characters encrypt with fourth key character: ywryynbi

Now we have four individual ‘messages’, each of which is encoded using its own rotation cipher.

We do frequency counts on each of the individual alphabets:

1st: 2 - adg, 1 - hy
2nd: 2 - csw, 1 - dn
3rd: 2 - , 1 - pacgikxu
4th: 3 - y, 2 - , 1 - wrnbi

Now, this is bad. While the fourth alphabet has 3 “y’s”, which is good, the third alphabet has absolutely no pattern, and the other two aren’t much better. We’re looking for a really, really solid pattern, and this didn’t give us one. What does this tell us?

We’re probably wrong about the key (codeword) being 4 characters long.

(though, we might want to check, by plugging in ‘e’, ‘t’, and ‘a’ for ‘a’, ‘d’, ‘g’ in the first alphabet in various combinations, for ‘c’, ‘s’, ‘w’ in the second alphabet in various combinations, and ‘e’ for ‘y’ in the fourth alphabet, and see if we can maybe reconstruct a message just using intuition. but we’ll skip this step this time, since we happen to know that the key is five characters long [boner]).

Next, we’ll try a five character key, and divide the message into 5 alphabets:

ddpygcawhwcrycgyasiygskndnxbawui
d1 d2 p3 y4 g5 c1 a2 w3 h4 w5 c1 r2 y3 c4 g5 y1 a2 s3 i4 y5 g1 s2 k3 n4 d5 n1 x2 b3 a4 w5 u1 i2

1: d c c y g n u
2: d a r a s x i
3: p w y s k b
4: y h c i n a
5: g w g y d w

Frequency counts:
1: 2 - c, 1 - dygnu
2: 2 - a, 1 - drsxi
3: 1 - pwyskb
4: 1 - yhcina
5: 2 - gw, 1 - yd

This is a little bit better, but not a whole lot. However, we know that if they used a 6 length key, it’ll be even harder to solve, so we decide to spend some time analyzing this possibility.

Now, remember that each message so far has started with either “alicetobob” or “bobtoalice”. This message is from bob, so we know the first letters are probably “bobtoalice”. From this, we gain the following information

[Alphabet: what we learned]
1st: d = b, c = a
2nd: d = o, a = l
3rd: p = b, w = i
4th: y = t, h = c
5th: g = o, w = e

For the third and fourth alphabets, we don’t learn anything. However, in the first and second alphabets, we learn one new character, and in the fifth alphabet, we learn two new characters!

We can now decode this much:

ddpygcawhwcrycgyasiygskndnxbawui
bobtoaliceaXXXoXlXXXXXXXXXXXXeXX

This is the most we can do for now. However, it’s enough for us to figure out what the key is!

Simply subtract the bottom row (the decoded message) from the top row, and we get:

2 15 14 5 18 2 15 14 5 18 X X X 5 X 2 X X X X X X X X X X X X 5 X X

This means that, *if* the key is five characters long, then it’s “boner”. Let’s decrypt with “boner” and see what we get.

"4-2 4-15 16-14 25-5 7-18 3-2 1-15 23-14 8-5 23-18 3-2 18-15 25-14 3-5 7-18 25-2 1-15 19-14 9-5 25-18 7-2 19-15 11-14 14-5 4-18 14-2 24-15 2-14 1-5 23-18 21-2 9-15"

"2 15 2 20 15 1 12 9 3 5 1 3 11 14 15 23 12 5 4 7 5 4 23 9 12 12 9 14 22 5 19 20"

"BOBTOALICEACKNOWLEDGEDWILLINVEST"

"Bob to Alice Acknowledged Will Invest"

We got it!

Alright, here’s one for you. It’s long, which makes it much easier, but it’s also harder because you have to do a lot more math. Just keep in mind, literally the only math you have to do is adding and subtracting numbers smaller than 52.

Metadata: It is a letter from bob to alice. It’s encrypted with a polyalphabetic cipher and the key is 5 characters long:

jenabubgqatklxuyozdcnfbaitvrbtontvyolyrcotsdnjssxrsejqirevjmonfxuzhrjszafrahlnbtontbmgcxjnjbnwgontdnjeejgkduxoqeebyuuelaxesdloninsziapcumornkdjrtnmlxciafrotayrnyiqnronsxrsagrothneereqcognvwcxeqrbrecaoligooxbbchufhbsogandhoo

>>7690323
Nice, keep up the work!

>actually decent thread
Wrong board mate

>>7690338

It's just a repost. You can google any part of it, and it shows up in some archive from 2013.

>>7690345
I am, in fact, the original poster of the original thread! Someone informed me there was a /sci/ board on 4chan now, and I thought, "hmm, i will go post my cryptanalysis 100 guide there and see if they enjoyed it as OC as much as /g/ did"

but i see it isn't even considered OC anymore

wow good thread, original content, not like these shit threads we usually get

wow good thread, original content, not like these shit threads we usually get

>>7690348

I actually haven't seen it before. I just see something of quality, and assume that it's stolen from somewhere.

Good job with the guide.

>>7690348
Breh it's good.

I have a question for you though.

If I use consistently used a book to encode my messages, using a polyalphabetic cipher, how would you be able to decode it?

How about if use, for example, only page 1 for January 1st, and page 365 for December 31st. Would it be possible to decode it? Without inputting every book known to mankind, or writing a programme to go through a dictionary and try to decode each character using that?

How about if I used to polyalphabetic ciphers. I encrypt using one book, then run the product through a second encryption.

>>7690429
You're talking about something similar to a one-time pad. Before your opposition is aware that you're using the same key all day and/or that there's a 365 day key cycle and/or what book you're using, it effectively is an OTP and isn't breakable. As soon as they realize any of those things (which gets easier in proportion to the volume of messages you send and the time they've been capturing messages for), it stops being an OTP and is breakable by conventional analysis.

Although honestly just use a real OTP. It's no more difficult that using a book and it has none of the weaknesses.

>>7690439

The reason I'm asking is out of curiosity.

There are people who memorise books, or texts, so for them it would be as if they are carrying around a one-time pad.

I'm aware that a one time pad is much more effective to use.

>>7690447
>memorizing a book is just as easy as carrying around a one-time pad
m8

>>7690458
No I didn't say that you pleb.

I said there are people who already memorise books; Christian bishops, Jewish Rabbis, Muslim Imams, Hindu Brahmin, etc etc

So for them, it is AS IF THEY ARE CARRYING A ONE TIME PAD

Fucking pleb.

Learn to into reading comprehension

There something that's been at the back of my head since I started to learn about cryptography, but I never found an answer :
To encode a message using RSA, you need the public key of the guy you want to send it to. However, how can you be sure that it's the guy's public key you're receiving and not a fake key sent by someone hijacking the line ?

>>7690511
If someone was hijacking the line from the beginning, you have no way at all of verifying security.

You should get the public key over a known secure channel before you ever use it with him in the wild.

ssh is a good example of this. The first time you connect to any machine, it asks you to verify that the key it's being presented with should be trusted, and if it should be, it stores that key. If you ever try to connect to that address in the future and are presented with a different key, ssh will warn you and refuse to connect by default.

>>7690323
>tfw actually decent thread
>tfw moreover it's in my field
>tfw nobody derailed using quantum/post quantum crypto arguments

I'm proud, /sci/.

File: interested.jpg (32KB, 184x184px) Image search: [Google]

32KB, 184x184px

this is sick

>>7690608
What you got against quantum cryptology? The government likes it.

http://phys.org/news/2013-05-los-alamos-reveals-quantum-network.html