The Chaocipher Clearing House

Progress Report #5

Moshe Rubin (mosher@mountainvistasoft.com)
Last updated: 13 March 2009

Deavours's and Kruh's Article: Chaocipher Exhibit 5

Chapter 21 in Silent Years provides us with four exhibits to work on.  There is, however, a fifth exhibit found in Deavour's and Kruh's 1990 article in Cryptologia [1].  This exhibit consists of three messages of lengths 121, 140, and 162 letters respectively the ciphertexts can be accessed here).  As Deavours and Kruh write:

"... three messages of approximately 25 words each as an "in depth" specimen of Chaocipher (as opposed to the original exhibits in Silent Years, each of which was enciphered in a single continuous key).  The plaintext, which is typical English prose, is taken from Stewart C. Easton's book, Rudolf Steiner: Herald of a New Epoch".

Here we have additional material with which to tackle the Chaocipher with.  Unfortunately, even after Deavours's and Kruh's clues we are very much in the dark.  Owning the book (which you can order from Amazon.com, and can even preview the book on Google) does not automatically give you the plaintexts.  This progress report will discuss how I have attempted to locate the plaintexts.

Assumptions about the plaintexts

Here are some assumptions one can make about Exhibit 5:
  1. Each message consists of approximately 25 words (Deavours & Kruh)
  2. I'd like to believe Deavours and Kruh were not 'malicious' when selecting the plaintexts.
    1. It would be nice to know that they believed we could find the plaintexts based on some phenomenon in the text, not simply as a means for us to verify having solved the system and finding the texts came a posteriori from Easton's book.
    2. It is possible that the underlying plaintexts make up an entire sentence (i.e., the sentence is not cut off in the middle).  This, however, is not a safe assumption.  Deavours and Kruh may have started a sentence and stopped after about 25 words.
    3. A safer bet is that the plaintexts start at the beginning of a sentence.
    4. I assume the plaintexts were not cut off at the end in the middle of a word.
    5. The plaintexts probably have no digits (e.g., dates) in them (e.g. "...inner life after 1906, the year he had...").  Chaocipher requires translating the number into text, something that would make it difficult for us to derive the exact plaintext.
    6. It is not clear if Deavours and Kruh enciphered punctuation, or ignored it completely when enciphering.
  3. Deavours and Kruh say the three messages are "in depth" (the quotation marks are theirs).  Classically, in-depth messages are messages that all begin with the identical machine settings.
  4. William F. Friedman, who understood the Chaocipher mechanism from Byrne himself, said he needed a series of 50 messages of approximately 25 words apiece.
  5. Deavours and Kruh believe that "given  the availability of computers today the need for adequate material should be greatly reduced".  Accordingly, they give only three messages.  This, however, assumes one knows the mechanism, which we don't.

Observations

What do Deavours & Kruh mean by "in-depth"?

Deavours and Kruh say the three messages are "in-depth" (the quotation marks are theirs).  In cryptanalytic jargon this means the messages can all be aligned such that at least one column is enciphered with the exact same machine settings.  For many ciphers (e.g. periodic polyalphabetics, Enigma, Purple) aligning messages means that all the columns are enciphered with the same machine settings.  Ciphers where the plaintext or ciphertext influences the keying sequence (e.g., autokey ciphers) will have different keying sequences.

Given in-depth messages we can tell whether the keying sequence is regular (i.e., all columns are aligned) or influenced (i.e., the columns are not necessary aligned).  The way to differentiate between them is simple: compute the Index of Coincidence (I.C.) for the aligned messages.  Based on the observed number of coincidences (i.e., identical ciphertext letters in two messages) we can decide whether the underlying key sequence is regular or influenced.

The next section performs this I.C. test.

Can we derived anything from the fact the messages are "in-depth"?

Regarding Deavours's and Kruh's in-depth messages: if by in-depth they meant that all three messages begin with the same initial machine settings, juxtaposing the messages can teach us something.

    1) MHRMCDEGBCWWQFNSDDQCUJHYHYNPYTQCXVRCSFUXQZZLHVVWIV
    2) ENWSCEAQGIVIDEMWUMSNZMNTVUFDLBJKKMRHHSNBKTJBHVPTWH
    3) JZHASQNRTKTTLZDYOWLNVDMWNYHSMGXJMGZQTHRIWTIFLXYHTK
       --------------------------------------------------
           a              c     b        a         aa  

    1) SBFDFQGEXVNXEANSDEJFRVKYARVREDQDEKZQENILQXVEVDXBZP
    2) FMQQJPGRWFFVJMDHFUZOXEOZTMKZSAMJYRLSQSXUZYEKRJBFRE
    3) BOXUYEANJUDXNVOGFZHMJEGRDGGPUGSXVBACBEPKWHVSBIJGOH
       --------------------------------------------------
             a    b         c                    b     

    1) URCQYQSHYYVPLXPIKMGXQ
    2) SGGFXFEGXLPWTWLZAVIMTBDTQBLVRZVEMMTLXITZ
    3) KVKAIBBNKFHFFLSFMIINTTXJXUHWQAPTSNBTBBNKFUCBPIONQS
       --------------------------------------------------
                         c c

    3) MVEHUXTLMRRA

    Legend: a - Coincidence between messages 1 and 2 (121 letters)
            b -      "         "        "    1 and 3 (121 letters)
            c -      "         "        "    2 and 3 (140 letters)

Computing the Index of Coincidence for the three juxtapositions we get:

Index of CoincidenceObserved Hits
# lettersRandomNon-Random
1 vs. 2121121 x 0.0385 = 4.7121 x 0.0667 = 8.15
1 vs. 3121121 x 0.0385 = 4.7121 x 0.0667 = 8.13
2 vs. 3140140 x 0.0385 = 5.4140 x 0.0667 = 9.34

The number of observed hits is consistently closer to the random I.C. values than to the non-random values.  It can be safely assumed that the alphabets used are not synchronized between the messages.  This means the actual keying sequence used was determined by a factor related to the plaintext and/or the ciphertext, i.e., influenced, and therefore differs from message to message.  The fact that the messages are in depth is of little help without knowledge of the underlying plaintexts.  Having said that, however, I wonder if we can still extract some information from the in-depthness.

Although Mellen, Deavours, and Kruh rule out a plain or cipher autokey, it seems that the more general concept of influence letters may be part of the Chaocipher mechanism.

Influence Letters in the Open Literature

In [2, page 148] Greg Mellen alludes to a rotor-like concept that would preclude isomorphs.  This the Siemens-Halske teleprinter system of 1931.  A switch on the machine allowed selecting one of two positions, "OHNE KLARTEXTFUNKTION" and "MIT KLARTEXTFUNKTION" ("without cleartext function" and "with cleartext function", respectively).  In the OHNE position we have a system governed solely by the rotors.  In the MIT position, however, the rotor motion is determined, in part, by the current plaintext letter.  The machine cycle is then indeterminate and isomorphs are avoided.

F. L. Bauer's excellent "Decrypted Secrets" [3, page 148] has more to add on the subject:

"The idea of influencing the keying procedure of encryption machines in some hidden way by the plaintext shows up again in the patent literature around 1920 ('influence letter', in the patent application of October 10, 1919, by Arvid Gerhard Damm, Swedish Patent 52279, U.S. Patent 1 502 376).  Thus, with the cipher teletype machines T 52d and T 52c of Siemens and SZ 42 of Lorenz, the (irregular) movement of the encryption elements could be further obfuscated ("mit Klartextfunktion") and the encryption was practically nonperiodic."

Considering the fact that Byrne conceived Chaocipher in 1918 and that Damm applied for his patent in 1919, there is a distinct possibility that Chaocipher uses the principle.  I'm not suggesting that Byrne was aware of Damm's idea.  Rather, as Kahn puts it [4, page 410], "the history of science is replete with coincidence": four men independently invented the concept of a cryptographic rotor about the same time.  A common event at the time, a scientific article, a conference, or a book could have spurred unrelated people (e.g., Damm and Byrne) to discover the concept of influence letters.

For an excellent description of the OHNE/MIT feature in the Siemens-Halske T-52, see the document "German Cipher Machines of World War II" by David Mowry, NSA, located on Frode Weierud's excellent web site.

I believe it is possible to incorporate plain letters, cipher letters, or both simultaneously to influence a keying sequence.  So long as the sender's and receiver's machines are set up identically, the plain and resultant cipher letters are known after enciphering/deciphering a letter.

Locating the Message Plaintexts in Easton's Book

It would be most helpful if we knew the plaintexts corresponding to the three messages in Exhibit 5.  Unlike the four exhibits in Silent Years, messages that are in depth can yield valuable information which single messages cannot.

Having bought Easton's book I scanned in the first two chapters and converted them to text (eventually I hope to scan in the entire book).  This would enable me to run programs against the scanned texts.  The idea was to drag each of the three messages in Exhibit 5 through the scanned chapters, examining those juxtapositions that meet specific criteria.  These criteria are:
I wrote a Perl script to trawl a given message through a chapter, displaying candidate placements.  Here is a table with the results.  Links from within the table take you to pages that list all matches under specific assumptions.

InputsTest Case
ABC
123456123456123456
Punctuation is encipheredYYYYYYYYYYYYNNNNNN
Allow identities < 9NNNNNNYYYYYYYYYYYY
Plaintext begins at start of sentenceNNNNNNYYYYYYYYYYYY
Plaintext begins at start of paragraphNNNNNNNNNNNNNNNNNN
Plaintext is complete sentence(s)NNNNNNYYYYYYYYYYYY
Plaintext ends with complete wordNNNNNNYYYYYYYYYYYY
Chapter #111222111222111222
Message #1231
23123123123123
Number of candidates17941334919161611981055120010100000
Commentsa

Comments:

a) Two back-to-back sentences

Analyzing the Results

Here are my comments after examining the results in the preceding table.
In the near future hope to check the messages against other chapters in Easton's book.

Conclusions

  1. The Chaocipher uses plaintext and/or ciphertext letters to influence the keying sequence.
  2. To date I have not been able to conclusively find plaintexts in Easton's book corresponding to the Exhibit 5 messages.  Nonetheless, I believe  working with the Exhibit 5 messages and Easton's book may yield results.

References

[1] John Byrne, Cipher A. Deavours and Louis Kruh.  Chaocipher enters the computer age when its method is disclosed to Cryptologia editors.  Cryptologia, 14(3): 193-197.

[2] Mellen, Greg.  1979.  J. F. Byrne and the Chaocipher, Work in Progress.  Cryptologia, 3(3): 136-154.

[3] Bauer, Friedrich. L.  2000.  Decrypted Secrets: Methods and Maxims of Cryptology (2nd ed.).  Berlin: Springer.

[4] Kahn, David.  1967.  The Codebreakers: The Story of Secret Writing.  Macmillan.


Copyright (c) 2009 Moshe Rubin
Last updates: 31 July
 2009

Return to the home page