The Secrets of the Chaocipher Finally Revealed 121
nickpelling2 writes "In 1918, John F. Byrne invented a truly amazing cipher system, called 'The Chaocipher,' that fit inside a small cigar box, could be operated by a ten-year-old, yet produced practically unbreakable ciphertext (arguably even stronger than the Nazi Enigma machine). But now, thanks to the efforts of Chaocipher fan Moshe Rubin and the generous gift of Byrne's cryptographic effects by his daughter-in-law Pat Byrne to the National Cryptologic Museum, the secrets of the Chaocipher are finally starting to be revealed — it's a great story. To accompany Moshe Rubin's excellent textual description of the Chaocipher, I've posted a 30-second animation of the Chaocipher in action to YouTube, just in case anyone wants to see the most devious cipher of the 20th century in action (sort of)."
Wow (Score:2, Interesting)
Don't know how the previous cretins managed to extract SCO and APPLE FUD from the article, but after reading the summary, reading the linked articles, and watching the video... looks to me its an easily breakable substitution cipher. Anybody care to fill me in on what I missed?
Re:Wow (Score:5, Interesting)
Yes, the Enigma algorithm, or actually wiring, was known and Polish and later English Cryptologists worked long and hard to crack it since a lot was at stake. This one as of now relied a lot on security through obscurity. I doubt it would have lasted long in a world war scenario.
Just as the Enigma it might be impossible to de-cypher it manually, but with a machine and Turing-level minds to help you I would think it is solved quickly. But since secure encryption is perceived as a solved problem (still, where is the AES equivalent of a secure hash?) maybe bright minds turn their attention elsewhere nowadays.
Re:Probably weaker than Enigma (Score:4, Interesting)
So if you have known plaintext anywhere in the message, you can look for it with the usual techniques for monoalphabetic substitution, while considering
all of the small number of possible changes to the two alphabets on each cycle.
From what I can gather the "key" in this system is the ordering of the two alphabets, which is not fixed. Doesn't your method assume that you already have the key? If not, how does your method deal with all the possible alphabet permutations?
I'm no crypto guy tho so I might be missing the obvious :)
Re:Probably weaker than Enigma (Score:3, Interesting)
Well, just think about it: in a substitution cipher, the "key" is a permutation of the alphabet (i.e, a -> q, b -> w, etc). If you used this device without the "twizzling" step, it would be exactly like a plain old sub cipher. I just don't see how that twizzle step injects enough entropy into the system for this to be significantly more secure than even a Vignere cipher with a sufficiently long keyword, and that you can do with pen, paper and a good memory.
Basically, if nobody ever broke the known-plaintext ciphertexts, it's more likely to be because nobody cared enough to reverse-engineer this guy's algorithm than because of any actual cryptographic considerations.
Chalk up another win for security through obscurity!
Re:Probably weaker than Enigma (Score:3, Interesting)
Well but that's the thing - this cipher can be described as a specific case of "substitution cipher, except you permute the key after every character in deterministic manner 'x'". Note that a Vignere cipher can be described in much the same way, except it's a shift cipher instead of a substitution cipher (the difference is that the key to a substitution cipher is a permutation on the alphabet, whereas a shift cipher's key is just a shift of the alphabet).
The question boils down to: "is substitution cipher with some sort of non-random key permutation worthwhile?" The answer is probably no (and if you allow random key permutations, then it's basically a one-time pad). Indeed, I wouldn't be surprised if this thing is only a little bit more secure than a sort of Vignere cipher hybrid that uses a list of substitution ciphers instead of a list of shift ciphers.
So yeah, while this might have been useful in the roaring twenties, it's peanuts compared to modern cryptography.
Re:Its a two wheel enigma, neh? (Score:4, Interesting)
1) A plain text letter can be encrypted as itself (something an enigma machine cannot do due to physical design).
2) In an enigma machine each wheel is wired in a fixed "permutation"; in the Chaocipher "machine" each wheel is "rewired" depending upon the letter just encrypted.
3) In an enigma machine it is necessary to rotate the wheels semi-independently (ie like the wheels in a tape counter, each one causing the next one to rotate one letter each time it makes a complete revolution) whereas in the Chaocipher "machine" the wheels do not actually need to rotate - by rotating the wheels it makes the "rewiring" easier to explain.
The "rewiring" could possibly be seen as the effect of rotating the enigma wheels, but without a closer look at the algorithm than that I have done I cannot definitely say but my gut feeling is that it is not - I am sure a properly devised plain text with 676 (26^2) characters would show that they are not equivalent as after encrypting the 676th character the 2 wheel enigma machine will now be back in the position in which it started and the Chaocipher "machine" will not.