The Secrets of the Chaocipher Finally Revealed

nickpelling2 writes "In 1918, John F. Byrne invented a truly amazing cipher system, called 'The Chaocipher,' that fit inside a small cigar box, could be operated by a ten-year-old, yet produced practically unbreakable ciphertext (arguably even stronger than the Nazi Enigma machine). But now, thanks to the efforts of Chaocipher fan Moshe Rubin and the generous gift of Byrne's cryptographic effects by his daughter-in-law Pat Byrne to the National Cryptologic Museum, the secrets of the Chaocipher are finally starting to be revealed — it's a great story. To accompany Moshe Rubin's excellent textual description of the Chaocipher, I've posted a 30-second animation of the Chaocipher in action to YouTube, just in case anyone wants to see the most devious cipher of the 20th century in action (sort of)."

The 20th Century?

[Anonymous Coward]

AES came out in 1998.

The really interesting thing about this machine

[VORNAN-20]

is that it can be built by anyone with intermediate carpentry/model-making skills. This is not the case with Enigma, for example, that is in the advanced electromechanical category. Definitely deserves an A for excellent design and first-rate results with minimally advanced technology.

Re:Probably weaker than Enigma

[igb]

I think it's somewhat better than you describe, in that it is at least feeding the ciphertext back into the permutation. It would depend on how it was used as to how much benefit that gave.

It's reasonable to assume that in a communications network, there would be a setting for the day or week. If that were used unmodified, identical opening phrases would encrypt identically, and would then diverge at the point the plaintext diverged. As with Enigma or Purple there's weak diffusion: the only thing that affects characters 1..n of the ciphertext are the key setting and characters 1..n of the plaintext (contrast a block cipher, where the two blocks whose plaintext differ only in the last byte will generate ciphertext that potentially differs throughout). Without careful use, which would have been unlikely in 1918 given the Germans screwed this up in the 1940s, stereotypical opening sequences would expose a lot of the key.

If an initial sequence were generated randomly for each message, so that the message itself starts with the alphabets already significantly permuted, that problem goes away. But generation of random initial sequences is hard. Again, the Germans screwed this up, and although it's not performing the same job the Herivel Tip seems relevant for any mechanical system.

As you say, locating plaintext within the message is also plausible with a computer or even a Colussus device, although it would be very complex by paper methods: for a conjectured plaintext, you can predict the transformations of the input and output alphabets, and (I suspect) the better attacks would come from conjectured or known plaintext that contains repeated letters.

Re:Wow

[NightWhistler]

You're basically proposing to use a website as a One time pad [wikipedia.org]. In theory a one-time pad is unbreakable, but that does require that the content of the one time pad would be truly random, which a web-site text is obviously not.

Also, if the text of the site changes, your key breaks, though that may actually be a benefit.