Welcome Guest [Log In] [Register]
Welcome to Crypto. We hope you enjoy your visit.


You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free.


Join our community!


If you're already a member please log in to your account to access all of our features:

Username:   Password:
Add Reply
Jefferson's Wheel Cipher And The One Time Pad; Interesting Properties
Topic Started: Feb 5 2014, 12:21 AM (690 Views)
JoeJoeSchmidt
Just registered
[ * ]
I am impressed by Thomas Jefferson's Wheel Cipher (Wikipedia) and the ease with which it operates (hence it was used by the US military for 20 years in the 20th century as the M-94). There seems to be several possibilities as to why the cipher is considered not secure, the first obvious one is that if you capture an example you can readily (if not immediately) solve an encryption performed with an identical device, the second is that there may be some general solution based on the fact that the cipher shifts an equal number of characters on each wheel, and the third may be based on the fact that the cipher potentially repeats itself and may reveal some statistical information.

However, as I do not fully understand how or if a consistent shift is a vulnerability in all scenarios, I have hypothesized that given some strict conditions, some elements of the Jefferson style cipher may perform like a one time pad, but be easier to encrypt/decrypt (regardless of difficult pad generation)

First we imagine the Jefferson cipher on paper
25 random alphabets numbered 1 to 25
The paper can only be used once
The message has to be at or under 25 characters

I observe that for every letter of the plaintext of 25 letters/numbers, the equal shift (modulo 26 etc.) would land, for each random alphabet, on a totally random ciphercharacter (necessarily because the alphabets are generated randomly)

I even see a potentiality for the limited reuse of the paper because reusing it once only has ruled out a letter or number (e.g. 25 letters remain out of 26 if just the alphabet is used), but this introduces some information for the cryptoanalyst

Unless something compromises the randomness of the substitutions (perhaps there is a relationship of some sort between plaintext and permutations of the alphabet that is revealed by the shift?) then it offers good security at least.

the sole benefit is that anyone could quickly look at a sheet and look at the 25 characters next (assuming a single shift) to the ciphertext characters, without performing any other decryption.

Supposed To Be Random Example
QWERTY
UIOPZA
SDFGHJ
KLXCVB
NM
PLMOKN
IJBUHY
GVTFCR
DXESZW
AQ
ZAXQSC
WDVEFB
RGNTHM
YJUKIL
OP
PLAINTEXT: THE
CIPHERTEXT: YYF (+1)
Edited by JoeJoeSchmidt, Feb 5 2014, 12:27 AM.
Offline Profile Quote Post Goto Top
 
WTShaw
Advanced Member
[ *  *  * ]
You have discovered a great device indeed. The problem in WWII even as the m-94 was still used was that in addition to being insecure with lots of traffic, the cylinder form wheels were difficult to make and distribute, but that is different in electronic versions. There are ways, one in particular, that can be used to make the algorithm secure, or rather a protocol/transposition change in how it should be used. A strip version, M-138, can also be found, an array of alphabets on strips that can be moved. Obviously, new keys are easier to produce and distribute when they are on paper or can be entered by hand but elaborate schemes are destined to be too awkward if done by by hand, pencil, and paper, and most subject to clerical errors.
Offline Profile Quote Post Goto Top
 
mok-kong shen
NSA worthy
[ *  *  *  *  *  * ]
@ JoeJoeSchmidt: I had some opinions on the Jefferson's cylinder in the thread http://s13.zetaboards.com/Crypto/topic/7116751/1/
Offline Profile Quote Post Goto Top
 
osric
Super member
[ *  *  *  * ]
WTShaw
 
Obviously, new keys are easier to produce and distribute when they are on paper or can be entered by hand but elaborate schemes are destined to be too awkward if done by by hand, pencil, and paper, and most subject to clerical errors.


Yes this is true. At the end of the day the problem with many of these simple devices is key distribution. Every message really needs a different key to avoid the enemy gaining depths that will lead to successful cryptanalysis.

The ENIGMA system was nice. With a relatively brief key of the day, a message key could be securely encrypted and sent as the initial part of the message.

The Chaocipher system could have been used in a similar way but the whole thing was too slow and cumbersome to use in practice.

Nowadays with computer systems we are in a different world.
Offline Profile Quote Post Goto Top
 
JoeJoeSchmidt
Just registered
[ * ]
I found a site which claimed that there is a relation between the fixed shift in the m-94, the permutations of the alphabet and the plaintext which makes breaking the cipher easy or something like "childish." In that case it would defeat the purpose of using it in a regular fashion as in the OP. I can't tell if it is this simple to break on one "round" of encryption with one time use, but I'm sure the flaw applies to all usage. Doing additional things as some posters have remarked would help (and did, as the evolution of the cipher in WWII proved), but I would probably stick to OTP over devices. Apparently the Jefferson cipher loses a lot of its implied randomness due to structural problems. I will elaborate more later I am on break right now.
Offline Profile Quote Post Goto Top
 
WTShaw
Advanced Member
[ *  *  * ]
Of the two standard sets of wheels used by the US in WWII, the Army set and the Navy Set, upon testing for inter-wheel correlations on a computer, I found the Army Set was superior. Given a means for reasonable tests, I compared various other suggested sets. One method proved satisfactory, as many different wheels could be cross-checked and the lowest coincident levels indicated best wheels. Since everything is relative, using a wheel with a straight ordered set can be included as a control/reference. Inverse sequenced wheels may also be used.

Savants were sometimes used whereas they quickly learned to recognize familiar combinations, slower for others. But remember, then there were only two familiar/routine M-94 cylinders.
Offline Profile Quote Post Goto Top
 
JoeJoeSchmidt
Just registered
[ * ]
I guess what its come down is if you monoalphabetically/homophonically replace each letter in a message with a unique character without repeating that character and never reusing the scheme and keeping it secret: how can anyone ever decipher it? its just random, never recurring characters to the observer? i came to this thought after someone said sort-of "homophonic ciphers can be very secure" this is a little different from the jefferson scheme which does repeat characters... but i dont see why a limited non vigenere substitution scheme can't be perfect in practice with short messages.
Offline Profile Quote Post Goto Top
 
WTShaw
Advanced Member
[ *  *  * ]
While the original system plainly used 26 rows of characters along the cyllnder, only 25 Ct's were possible. Awhile ago, 20 years, I came up with a nifty protocol that got lots of notice. I was using 40 characters x 250 alphabets, and 65 characters x 200 alphabets. This meant the there could be loads of randomness ready to be tapped in a special way.

Consider the 2nd system, 65 x 200 in which the cylinder was the first key: 1) Start with registering a Pt string shorter than the cylinder; 2) Pick any one of the 64 possible outputs and store that string; 3) Add the a character of a second key to the head of the stored string and register it on the cylinder; 4) Repeat steps 2 and 3 until you have used all letters of the secondary key; 5) Your final random pick of the 64 possible outputs is the Ct string.

Solution means 1) Register the Ct string; 2) Look for the row that starts with a character of the 2nd key beginning with the last character and working backwards until you exhaust the key, remembering to cut the first character from the string each round until the Pt is found to be the rest of the string.

Early on THEY paid for an early version of the code. I had spent a solid year just on key generation which can be very simple to utterly complex requiring either 10K or 13K characters respectively in the form of permutations for the two versions.

Rather than just rows minus one for distinct output possibilities, the quantity was derived by the characters in a permuted alphabet raised to the power (equal to the length of the secondary key plus one). The really weird possibilities drove them bananas, still does, and even got feedback from across the pond, "Well, I'll be."

Offline Profile Quote Post Goto Top
 
novice
Super member
[ *  *  *  * ]
I haven't been able to understand this at all. Give us a worked example please.
Offline Profile Quote Post Goto Top
 
mok-kong shen
NSA worthy
[ *  *  *  *  *  * ]
WTShaw
Feb 9 2014, 06:05 AM
I was using 40 characters x 250 alphabets, and 65 characters x 200 alphabets.
(1) This seems to me to be hardly conceivable, at least with the original cylinder. (And if you did use any highly complicated protocols, the operator errors would loom.) (2) What would you say to the seemingly realistic case where there would be lots of more exchangeable disks (with appropriate modern manufacturing techniques)?
Edited by mok-kong shen, Feb 9 2014, 08:15 PM.
Offline Profile Quote Post Goto Top
 
WTShaw
Advanced Member
[ *  *  * ]
Of course, a physical device would be impractical but mine are electronic, programs that were compiled for a Mac. At that time, still for that matter, I considered the equipment alternatives as rather behind the curve. Note trivial problems in that other world still, even as I sometimes use a PC laptop for tests, but I never put it on the net where it is sort of a precracked egg.

What makes good crypto includes stable and intelligent machines, good programming languages, and coordinated measures to maintain the integrity of the user and chosen platform.

My implementation of a Jefferson-like system proved to be quite dependable and easy to operate, but those were the days when AOL was king, and good before the government bought into it as a testbed for meddling with future communications infrastructures. Imagine sending all communications through Herndon, Virginia...

As for modern uses of a true Jeffersonian, OK for play, but maxing electronic is THE way to go, everything else considered.

Edited by WTShaw, Feb 9 2014, 10:59 PM.
Offline Profile Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
ZetaBoards - Free Forum Hosting
ZetaBoards gives you all the tools to create a successful discussion community.
« Previous Topic · General · Next Topic »
Add Reply