The Chaocipher Clearing House
Progress Report #5
Deavours's and Kruh's Article:
Chaocipher Exhibit 5
Chapter 21 in Silent Years
provides us with four exhibits to work on. There is,
however, a fifth exhibit found in Deavour's and Kruh's 1990 article in
Cryptologia [1]. This exhibit consists of three messages of
lengths 121, 140, and 162 letters respectively the ciphertexts can be
accessed here).
As Deavours and Kruh write:
"... three messages of
approximately 25 words each as an "in depth" specimen of Chaocipher (as
opposed to the original exhibits in Silent Years, each of which was
enciphered in a single continuous key). The plaintext, which
is typical English prose, is taken from Stewart C. Easton's book, Rudolf Steiner: Herald of a New
Epoch".
Here we have
additional material with which to tackle the Chaocipher with.
Unfortunately, even after Deavours's and Kruh's clues we are
very much in the dark. Owning the book (which you can order
from Amazon.com, and can even preview
the book on Google) does not automatically give you the
plaintexts. This progress report will discuss how I have
attempted to locate the plaintexts.
Assumptions
about the plaintexts
Here are some assumptions one can make
about Exhibit 5:
- Each message consists of
approximately 25 words (Deavours & Kruh)
- I'd
like to believe Deavours and Kruh were not 'malicious' when selecting
the plaintexts.
- It would be nice to know
that they believed we could find the plaintexts based on some
phenomenon in the text, not simply as a means for us to verify having
solved the system and finding the texts came a posteriori from
Easton's book.
- It is possible that the underlying
plaintexts make up an entire sentence (i.e., the sentence is not cut
off in the middle). This, however, is not a safe assumption.
Deavours and Kruh may have started a sentence and stopped
after about 25 words.
- A safer bet is that the
plaintexts start at the beginning of a sentence.
- I
assume the plaintexts were not cut off at the end in the middle of a
word.
- The plaintexts probably have no digits (e.g.,
dates) in them (e.g. "...inner life after 1906, the year he had...").
Chaocipher requires translating the number
into text, something that would make it difficult for us to derive the
exact
plaintext.
- It is not clear if Deavours and Kruh
enciphered punctuation, or ignored it completely when enciphering.
- Deavours
and Kruh say the three messages are "in depth" (the quotation
marks are theirs). Classically, in-depth messages are
messages that all begin with the identical machine settings.
- William
F. Friedman, who understood the Chaocipher mechanism from
Byrne himself, said he needed a series of 50 messages of approximately
25 words apiece.
- Deavours and Kruh believe that
"given the availability of computers today the need for
adequate material should be greatly reduced". Accordingly,
they give only three messages. This, however, assumes one
knows the mechanism, which we don't.
Observations
What
do Deavours & Kruh mean by "in-depth"?
Deavours and Kruh say the
three messages are "in-depth" (the quotation marks are theirs).
In cryptanalytic jargon this means the messages can all be
aligned such that at least one column is enciphered
with the exact same machine settings. For many ciphers (e.g.
periodic polyalphabetics, Enigma, Purple) aligning messages means that all the
columns are enciphered with the same machine settings.
Ciphers where the plaintext or ciphertext influences the
keying sequence (e.g., autokey ciphers) will have different keying
sequences.
Given in-depth messages we can tell
whether the keying sequence is regular (i.e., all columns are aligned)
or influenced (i.e., the columns are not necessary aligned).
The way to differentiate between them is simple: compute the Index
of Coincidence (I.C.) for the aligned messages.
Based on the observed number of coincidences (i.e., identical
ciphertext letters in two messages) we can decide whether the
underlying key sequence is regular or influenced.
The
next section performs this I.C. test.
Can we derived
anything from the fact the messages are "in-depth"?
Regarding
Deavours's and Kruh's in-depth messages: if by in-depth they meant that
all three messages begin with the same initial machine settings,
juxtaposing the messages can teach us something.
1) MHRMCDEGBCWWQFNSDDQCUJHYHYNPYTQCXVRCSFUXQZZLHVVWIV
2) ENWSCEAQGIVIDEMWUMSNZMNTVUFDLBJKKMRHHSNBKTJBHVPTWH
3) JZHASQNRTKTTLZDYOWLNVDMWNYHSMGXJMGZQTHRIWTIFLXYHTK
--------------------------------------------------
a
c
b
a
aa
1) SBFDFQGEXVNXEANSDEJFRVKYARVREDQDEKZQENILQXVEVDXBZP
2) FMQQJPGRWFFVJMDHFUZOXEOZTMKZSAMJYRLSQSXUZYEKRJBFRE
3) BOXUYEANJUDXNVOGFZHMJEGRDGGPUGSXVBACBEPKWHVSBIJGOH
--------------------------------------------------
a
b
c
b
1) URCQYQSHYYVPLXPIKMGXQ
2) SGGFXFEGXLPWTWLZAVIMTBDTQBLVRZVEMMTLXITZ
3) KVKAIBBNKFHFFLSFMIINTTXJXUHWQAPTSNBTBBNKFUCBPIONQS
--------------------------------------------------
c
c
3) MVEHUXTLMRRA
Legend: a - Coincidence between messages 1 and 2 (121 letters)
b -
"
"
" 1 and 3 (121 letters)
c -
"
"
" 2 and 3 (140 letters)
Computing the Index of Coincidence for the three juxtapositions we get:
| Index
of Coincidence | Observed
Hits |
| # letters | Random | Non-Random |
| 1 vs. 2 | 121 | 121 x 0.0385 = 4.7 | 121 x 0.0667 = 8.1 | 5 |
| 1 vs. 3 | 121 | 121 x 0.0385 = 4.7 | 121 x 0.0667 = 8.1 | 3 |
| 2 vs. 3 | 140 | 140 x 0.0385 = 5.4 | 140 x 0.0667 = 9.3 | 4 |
The
number of observed hits is consistently closer to the random I.C.
values than to the non-random values. It can
be safely assumed that the alphabets used are not synchronized between
the messages. This means the
actual keying sequence used was
determined by a factor related to the plaintext and/or the ciphertext,
i.e., influenced, and therefore differs from message to message.
The fact that the messages are in depth is of
little help without knowledge of the underlying plaintexts.
Having said that, however, I wonder if we can still extract
some
information from the in-depthness.
Although Mellen,
Deavours, and Kruh rule out a plain or cipher autokey, it seems that
the more general concept of influence letters may be part of the
Chaocipher mechanism.
Influence Letters in
the Open Literature
In [2, page 148] Greg
Mellen alludes to a rotor-like concept that would preclude isomorphs.
This the Siemens-Halske teleprinter system of 1931.
A switch on the machine allowed selecting one of two
positions, "OHNE KLARTEXTFUNKTION" and "MIT KLARTEXTFUNKTION" ("without
cleartext function" and "with cleartext function", respectively).
In the OHNE position we have a system governed solely by the
rotors. In the MIT position, however, the rotor motion
is determined, in part, by the current plaintext letter.
The machine cycle is then indeterminate and isomorphs are
avoided.
F. L. Bauer's excellent "Decrypted Secrets"
[3, page 148] has more to add on the subject:
"The idea of influencing the
keying procedure of encryption machines in some hidden way by the
plaintext shows up again in the patent literature around 1920
('influence letter', in the patent application of October 10, 1919, by
Arvid Gerhard Damm, Swedish Patent 52279, U.S. Patent 1 502 376).
Thus, with the cipher teletype machines T 52d and T 52c of
Siemens and SZ 42 of Lorenz, the (irregular) movement of the encryption
elements could be further obfuscated ("mit Klartextfunktion") and the
encryption was practically nonperiodic."
Considering
the fact that Byrne conceived Chaocipher in 1918 and that Damm applied
for his patent in 1919, there is a distinct possibility that Chaocipher
uses the principle. I'm not suggesting that Byrne was aware
of Damm's idea. Rather, as Kahn puts it [4, page 410], "the
history of science is replete with coincidence": four men independently
invented the concept of a cryptographic rotor about the same time. A common event
at the time, a scientific article, a conference, or a book could have
spurred unrelated people (e.g., Damm and Byrne) to discover the concept
of influence letters.
For an excellent description of the OHNE/MIT feature in the Siemens-Halske T-52, see the document "German Cipher Machines of World War II" by David Mowry, NSA, located on Frode Weierud's excellent web site.
I believe it is possible to
incorporate plain letters, cipher letters, or both simultaneously to
influence a keying sequence. So long as the sender's and
receiver's machines are set up identically, the plain and resultant
cipher letters are known after enciphering/deciphering a letter.
Locating
the
Message Plaintexts in Easton's Book
It would be most helpful
if we knew the plaintexts corresponding to the three messages in
Exhibit 5. Unlike the four exhibits in Silent Years, messages
that are in depth can yield valuable information which single messages
cannot.
Having bought Easton's book I scanned in the
first two chapters and converted them to text (eventually I hope to
scan in the entire book). This would enable me to run
programs against the scanned texts. The idea was to drag each
of the three messages in Exhibit 5 through the scanned chapters,
examining those juxtapositions that meet specific criteria.
These criteria are:
- I assume
Exhibit 5 shows the same "no pt/ct identities in less than 9 letters"
phenomenon. I am aware that Exhibits 2 and 3 violate this
phenomenon. At the moment I have no explanation why they
violate it, but I will assume that Exhibit 5 upholds this trait.
- I
assume the plaintexts fulfill at least one of the following
possibilities (see "Assumptions about the Plaintexts" above):
- The
plaintexts begin at the start of a sentence.
- The
plaintexts begin at the start of a paragraph.
- The
plaintexts are complete sentences (i.e., they end at the last word of a
sentence)
- The plaintexts do not include digits or
numbers.
- Deavours and Kruh may or might
not have enciphered punctuation as per Byrne's instructions.
I
wrote a Perl script to trawl a given message through a chapter,
displaying candidate placements. Here is a table with the
results. Links from within the table take you to pages that
list all matches under specific assumptions.
| Inputs | Test
Case |
| A | B | C |
| 1 | 2 | 3 | 4 | 5 | 6 | 1 | 2 | 3 | 4 | 5 | 6 | 1 | 2 | 3 | 4 | 5 | 6 |
| Punctuation
is enciphered | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | N | N | N | N | N | N |
| Allow identities < 9 | N | N | N | N | N | N | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y |
| Plaintext begins at start of sentence | N | N | N | N | N | N | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y |
| Plaintext begins at start of paragraph | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N |
| Plaintext is complete sentence(s) | N | N | N | N | N | N | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y |
| Plaintext
ends with complete word | N | N | N | N | N | N | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y |
| Chapter # | 1 | 1 | 1 | 2 | 2 | 2 | 1 | 1 | 1 | 2 | 2 | 2 | 1 | 1 | 1 | 2 | 2 | 2 |
| Message # | 1 | 2 | 3 | 1
| 2 | 3 | 1 | 2 | 3 | 1 | 2 | 3 | 1 | 2 | 3 | 1 | 2 | 3 |
| | | | | | | | | | | | | | | | | | |
| Number of candidates | 1794 | 1334 | 919 | 1616 | 1198 | 1055 | 1 | 2 | 0 | 0 | 1 | 0 | 1 | 0 | 0 | 0 | 0 | 0 |
| Comments | | | | | | | | | | | a | | | | | | | |
Comments:
a)
Two back-to-back sentences
Analyzing the
Results
Here are my comments after examining the results in
the preceding table.
- The cases in group
A try to position the three messages in Exhibit 5 such that
there are no pt/ct identities with a distance less than 9 positions.
- The
method of placing using the "distance < 9" method is not reliable as
there are simply too many candidates for each message.
- Group
B tries to place the ciphertexts such that the underlying plaintexts
are complete sentences. Punctuation in the plaintext is
enciphered as per Byrne's scheme (see Silent Years, chapter 21, page 279).
- Message 1 can be placed in chapter 1.
- Message 2 can be placed in both chapters 1 and 2.
- Message 3 cannot be placed in either chapter.
- Group C is similar to Group B, the difference being that punctuation in the plaintext is ignored.
- The only message placeable in the first two chapters is message 1.
In the near future hope to check the messages against other chapters in Easton's book.
Conclusions
- The Chaocipher uses plaintext and/or ciphertext letters to influence the keying sequence.
- To
date I have not been able to conclusively find plaintexts in
Easton's book corresponding to the Exhibit 5 messages.
Nonetheless, I believe working with the Exhibit 5 messages
and Easton's book may yield results.
References
[1]
John Byrne, Cipher A. Deavours and Louis Kruh. Chaocipher
enters
the computer age when its method is disclosed to Cryptologia
editors. Cryptologia, 14(3): 193-197.
[2]
Mellen, Greg. 1979. J. F. Byrne and the Chaocipher,
Work in Progress. Cryptologia, 3(3): 136-154.
[3]
Bauer, Friedrich. L. 2000. Decrypted Secrets: Methods and
Maxims of Cryptology (2nd ed.). Berlin: Springer.
[4] Kahn, David. 1967. The Codebreakers: The Story of Secret Writing. Macmillan.
Copyright
(c) 2009 Moshe Rubin
Last updates: 31 July 2009