Total Pageviews

Tuesday, October 15, 2013

Cryptography in a Nutshell & Steampunk PGP

My views on cryptography as a rank amateur:

It is best to prevent the enemy from detecting or intercepting messages if possible, but radio, internet, mail, and phone are easily intercepted. So it's safe for certain people and groups to assume their messages are being intercepted and that the enemy will try to decrypt them.

The goal should not be to make an unbreakable code, but make decryption difficult enough that the enemy won't waste time with it. A few basic principles greatly increase the difficulty of breaking a code:

1) No spaces between words: spaces indicate single words which can be guessed if enough context is present.

2) If possible, large amounts of bogus messages should be sent to keep the enemy busy intercepting and decrypting nonsense.

3) Simple substitution cyphers are quick, but easily broken. The best codes never encrypt the same letter in a consistent way. The German Enigma machine was a good example of this.

4) Real messages should be short and rarely sent. The more messages that are sent, the more data the enemy has to analyze.

5) Codes should be changed frequently. However strong a code is, if the machine and code books are ever captured, that code is now a tool for the enemy. The Germans and the Japanese thought their codes were safe and kept using them even after they were broken. This was a major factor in their defeat.

6) By the same principle as 5), if an enemy code is broken, the information must be exploited judiciously to avoid warning the enemy. During WW2, the US could have exploited decrypted Japanese messages in many ways, but the only made use of them to win the Battle of Midway and to kill Admiral Yamamoto.

I invented my own code today that I call Steampunk PGP (pretty good privacy). The first part is to write the message in all caps with no spaces. For example: EDWARDSNOWDENISAHERO

Next, each letter changed into a 2-digit code according to a cypher. To make things simple, I'll let each letter match up with its alphabetical order. That gives:

05 04 23 01 18 04 19 14 15 23 04 05 14 10 19 01 08 05 18 15

Next, I use a pair of dice to add a random 1-digit number to each of the number pairs. I disregard 12 and treat 11 as 1 and treat 10 as 0.

That gives something like:


This message can be easily decrypted by disregarding the first, fourth, etc. digits and then matching up the numbers according to the cypher.

An enemy analyst who tried to decrypt this message would likely notice that the number of characters in every message is a multiple of 3, and use that to try to break the code into 3-digit groups for letters. However, since letters are encoded with a random leading digit, they would have a hard time telling whether 205 is the same as 505 or 705. To make the code even stronger, a random digit could be added in front of every code digit. Thus, each letter would be encoded by a 4-digit number with 2 random digits. The process could be repeated for even greater secrecy although doing the encryption and decryption by hand would probably be too slow. Also, approximately 1/6 of the random digits will be 7 as that is the most common outcome of rolling 2 dice. Still, I think it's random enough to be a good code.

I call this method steampunk because it requires no special equipment- just pen, paper, and dice.


No comments: