Become a fan of Slashdot on Facebook


Forgot your password?
Encryption Security Hardware IT

The Secrets of the Chaocipher Finally Revealed 121

nickpelling2 writes "In 1918, John F. Byrne invented a truly amazing cipher system, called 'The Chaocipher,' that fit inside a small cigar box, could be operated by a ten-year-old, yet produced practically unbreakable ciphertext (arguably even stronger than the Nazi Enigma machine). But now, thanks to the efforts of Chaocipher fan Moshe Rubin and the generous gift of Byrne's cryptographic effects by his daughter-in-law Pat Byrne to the National Cryptologic Museum, the secrets of the Chaocipher are finally starting to be revealed — it's a great story. To accompany Moshe Rubin's excellent textual description of the Chaocipher, I've posted a 30-second animation of the Chaocipher in action to YouTube, just in case anyone wants to see the most devious cipher of the 20th century in action (sort of)."
This discussion has been archived. No new comments can be posted.

The Secrets of the Chaocipher Finally Revealed

Comments Filter:
  • The 20th Century? (Score:3, Insightful)

    by Anonymous Coward on Saturday July 03, 2010 @06:03PM (#32788434)

    AES came out in 1998.

  • Wow (Score:2, Interesting)

    by Anonymous Coward

    Don't know how the previous cretins managed to extract SCO and APPLE FUD from the article, but after reading the summary, reading the linked articles, and watching the video... looks to me its an easily breakable substitution cipher. Anybody care to fill me in on what I missed?

    • Re:Wow (Score:5, Informative)

      by omglolbah ( 731566 ) on Saturday July 03, 2010 @06:24PM (#32788542)

      While a polyalphabetic substitution cipher can be broken I would not call breaking this particular one "simple".
      Compared to many other such ciphers it is quite good in that there is a shifting alphabet which has a very large range of values.

      Considering it was made in 1918 I suspect it would be a pain in the ass to actually break it.
      You cant do much with frequency analysis as the alphabet and thus the substitutions change on every letter.

      Much like with Enigma I suspect that this cipher's biggest weakness is in the application. In other words following a set pattern which makes it possible to find "cribs".

      • Re:Wow (Score:5, Interesting)

        by thms ( 1339227 ) on Saturday July 03, 2010 @06:33PM (#32788614)

        Yes, the Enigma algorithm, or actually wiring, was known and Polish and later English Cryptologists worked long and hard to crack it since a lot was at stake. This one as of now relied a lot on security through obscurity. I doubt it would have lasted long in a world war scenario.

        Just as the Enigma it might be impossible to de-cypher it manually, but with a machine and Turing-level minds to help you I would think it is solved quickly. But since secure encryption is perceived as a solved problem (still, where is the AES equivalent of a secure hash?) maybe bright minds turn their attention elsewhere nowadays.

        • Re:Wow (Score:5, Informative)

          by Randle_Revar ( 229304 ) <> on Saturday July 03, 2010 @06:50PM (#32788678) Homepage Journal

          >(still, where is the AES equivalent of a secure hash?)

        • Isn't whirlpool an AES-based hashing system?
        • by RichiH ( 749257 )

          As long as the NIST has not finished its current competition, there is a simple fix:

          Use both Whirlpool _and_ SHA-512 (or better: SHA2 in its 512 bit variant). They are long enough to make reasonably sure no one can deduct anything about a potentially secret cleartext any time soon (there is _more_ information about the clear text in the wild, after all) while also making sure that no one will be able to create a matching clear text, both due to their length and based on the fact that they come from totally

          • That does not necessarily follow. While it seems reasonable and logical, it is quite possible that using the second algorithm would actually serve to undo some of the security of the first. Not at all likely, you understand, but possible. And showing that such interference does not occur is rather difficult to do.
            • by RichiH ( 749257 )

              That's what I meant by "reasonably sure", yes.

              I am not aware of any research in this direction, though.

              If you are paranoid, salt both hashes. With different salts.

      • by Kupfernigk ( 1190345 ) on Sunday July 04, 2010 @02:07PM (#32792720)
        This is exactly the same as with Enigma. What matters is the initial setting, which is a key. If the base setting is always the same, then the decoding of one message works for all. The difficulty is to find a way of distributing the initial key securely, given that it needs to be changed very frequently. Any system which can be compromised if a station is captured becomes useless until all stations have new key sets - difficult for a spy network in wartime, or even a submarine fleet.

        Given the Enigma architecture, it was the capture of a German weathership and later a submarine by the Royal Navy that did most for German Enigma decryption.

  • Video link (Score:4, Informative)

    by Nieriko ( 200589 ) on Saturday July 03, 2010 @06:29PM (#32788584) []

    Allow me to spare you the googling :D

  • by Animats ( 122034 ) on Saturday July 03, 2010 @06:39PM (#32788634) Homepage

    It's not a particularly strong cypher. It's basically a monoalphabetic substitution with some feedback, but not much. For each letter encyphered, the wheels change, but they don't change by much, and the number of change possibilities is small. So if you have known plaintext anywhere in the message, you can look for it with the usual techniques for monoalphabetic substitution, while considering all of the small number of possible changes to the two alphabets on each cycle. The "permuting" step just consists of shifting half the alphabet by one place left or right.

    Once you have an entry into the cypher from some stretch of known text, you can work backwards and forwards until you've recovered the wheels.

    There are better pre-computer cyphers. Jefferson's wheel cypher is much stronger, and was used by the US as late as the Vietnam War.

    • by CAIMLAS ( 41445 ) on Saturday July 03, 2010 @07:49PM (#32788986) Homepage

      Yet, this thing was around in 1918. It was some time before computers, and still reasonably capable. Arguably, I'm not quite sure how it's an inferior cipher compared to the Jefferson cipher - this one appears to allow for slightly more "randomness", as well as creating templates which could arguably be used for single-time pads without the additional transmission of information for an effective cipher. (the Jefferson wheel cipher wasn't used past WWII, from what I can tell).

      At any rate, it just goes to show you how effective a relatively simple machine can be, compared to modern electronic and/or computational methods to do the same basic thing (in this case, the enigma). Another good example would be drive/steer-by-wire vs. hydraulic or mechanical steering and acceleration/breaking. I'm sure there are more, but I'm not creative enough to think of any of them in my current alcohol-addled state.

      Sometimes, the conceptually simpler method is the better one. This thing apparently still works; how many cryptographic engines of later years no longer do due to the copious mantainance required? Same can be said for more modern vehicle electronics vs. the older and more reliable (despite what the automotive industry says) mechanical means of doing the same: instead of outright replacement its often relatively easy to fix the broken systems on an older car.

      Of course, when it comes to things depending on complex mathematics and the ability to be generalized, nothing beats generalized computing. :)

    • by Lord Crc ( 151920 ) on Saturday July 03, 2010 @09:19PM (#32789390)

      So if you have known plaintext anywhere in the message, you can look for it with the usual techniques for monoalphabetic substitution, while considering
      all of the small number of possible changes to the two alphabets on each cycle.

      From what I can gather the "key" in this system is the ordering of the two alphabets, which is not fixed. Doesn't your method assume that you already have the key? If not, how does your method deal with all the possible alphabet permutations?

      I'm no crypto guy tho so I might be missing the obvious :)

      • Re: (Score:3, Interesting)

        by IICV ( 652597 )

        Well, just think about it: in a substitution cipher, the "key" is a permutation of the alphabet (i.e, a -> q, b -> w, etc). If you used this device without the "twizzling" step, it would be exactly like a plain old sub cipher. I just don't see how that twizzle step injects enough entropy into the system for this to be significantly more secure than even a Vignere cipher with a sufficiently long keyword, and that you can do with pen, paper and a good memory.

        Basically, if nobody ever broke the known-pla

        • Well, just think about it: in a substitution cipher, the "key" is a permutation of the alphabet (i.e, a -> q, b -> w, etc). If you used this device without the "twizzling" step, it would be exactly like a plain old sub cipher. I just don't see how that twizzle step injects enough entropy into the system for this to be significantly more secure than even a Vignere cipher with a sufficiently long keyword, and that you can do with pen, paper and a good memory.

          Well, a substitution cipher only has one "scrambled" alphabet. However the two alphabets in the Chaocipher are "twizzled" differently, so I don't think you can treat it as if you only got one "scrambled" alphabet, and must also consider the possible permutations of the two alphabets. I agree that if the alphabets were "twizzled" in the same way it wouldn't be much different from the plain substitution cipher.

          Again, I might be missing the big picture here :)

          • Re: (Score:3, Interesting)

            by IICV ( 652597 )

            Well but that's the thing - this cipher can be described as a specific case of "substitution cipher, except you permute the key after every character in deterministic manner 'x'". Note that a Vignere cipher can be described in much the same way, except it's a shift cipher instead of a substitution cipher (the difference is that the key to a substitution cipher is a permutation on the alphabet, whereas a shift cipher's key is just a shift of the alphabet).

            The question boils down to: "is substitution cipher w

          • I love this "twizzling" with regards to ciphers it makes me smile. It should be a registered word in the cracker's arsenal. There is an interesting idea a register of known industry standard words for each area.

    • Re: (Score:3, Insightful)

      by igb ( 28052 )

      I think it's somewhat better than you describe, in that it is at least feeding the ciphertext back into the permutation. It would depend on how it was used as to how much benefit that gave.

      It's reasonable to assume that in a communications network, there would be a setting for the day or week. If that were used unmodified, identical opening phrases would encrypt identically, and would then diverge at the point the plaintext diverged. As with Enigma or Purple there's weak diffusion: the only thing that af

    • It looked a lot like RC4 at first glance. E.g. in a cipher feedback mode where the ciphertext letter of the last operation is the plaintext input to the next operation, its output may be more secure as a stream cipher than its intended usage.
  • "Starker! Zis is die CAOCIPHER! The CAOCIPHER doesn't go 'PHTHHHHBBBBTTT!!!'"

    "But Siegfried, look. See, right here betveen ze CHGFYTTSSXHS und ze KJHJHLRUUIGE."

    "Ah. Yes. Vell zen, carry on."

    [It's funnier when you say it out loud. Trust me. Your workmates will love you for it.]

    • by AJWM ( 19027 )

      Wouldn't that be the KAOSYPHER?

    • by BazilBBrush ( 1259370 ) on Saturday July 03, 2010 @08:16PM (#32789120)

      The European Commission has just announced an agreement whereby English will be the official language of the European Union rather than German, which was the other possibility.

      As part of the negotiations, the British Government conceded that English spelling had some room for improvement and has accepted a 5-year phase-in plan that would become known as "Euro-English".

      In the first year, "s" will replace the soft "c".

      Sertainly, this will make the sivil servants jump with joy.

      The hard "c" will be dropped in favour of "k".

      This should klear up konfusion, and keyboards kan have one less letter.

      There will be growing publik enthusiasm in the sekond year when the troublesome "ph" will be replaced with "f".

      This will make words like fotograf 20% shorter.

      In the 3rd year, publik akseptanse of the new spelling kan be expected to reach the stage where more komplikated changes are possible.

      Governments will enkourage the removal of double letters which have always ben a deterent to akurate speling.

      Also, al wil agre that the horibl mes of the silent "e" in the language is disgrasful and it should go away.

      By the 4th yer people wil be reseptiv to steps such as replasing "th" with "z" and "w" with "v".

      During ze fifz yer, ze unesesary "o" kan be dropd from vords containing "ou" and after ziz fifz yer, ve vil hav a reil sensibl riten styl.

      Zer vil be no mor trubl or difikultis and evrivun vil find it ezi tu understand ech oza.

      Und efter ze fifz yer, ve vil al be speking German like zey vunted in ze forst plas.

      Unt Ze drem vil kum tru.

      • by Anonymous Coward on Saturday July 03, 2010 @10:14PM (#32789562)

        An interesting update to Mark Twain's "A Plan for the Improvement of English Spelling" []. Authorship of that piece is up for debate, of course, but still funny and worth the read.

        Posted anonymously because I have modded this discussion.

      • by Chih ( 1284150 )
        This still makes me laugh :)
      • by Teun ( 17872 )
        Typical for someone who's mother tongue is English

        The main problem for continental Europeans with the pronunciation of English is that weird thing called The Great Vowel Shift [] .
        We are all fairly accustomed to the English' Latin-style spelling of the consonants and pronouncing a hard 'c' as a 'k' or the 'ph' as an 'f' is not too hard to do on the fly.

        But the change away from the original Germanic and even Latin pronunciation of the vowels yet leaving the spelling in tact is really weird.

        • by JSG ( 82708 )

          Thanks for the link.

          I notice by reading down to the bottom, that at least German and Dutch also underwent a Great Vowel Shift of some sort. Also I notice that one of the reasons for the English one is given as becoming more French.

          Now without being an expert in linguistics, and allowing for the fact there are rather a lot of other European languages than those I mention above, what is your beef with English exactly with respect to some sort of idealized vowel pronunciation?

          From what I can see, our methods

          • A geordie is a guy who works in engineering and wears part of an automotive air filter over his eyes.
          • by Teun ( 17872 )
            I have no beef with the English pronunciation, be it regional or 'Standard' :)

            I was just commenting on the implied 'wish of continentals' worded in the old joke.

            Yes continental Europeans do initially have a problem with the English pronunciation but that's not with the consonants which seem to be the main subject of the joke.

            Indeed, seen from an international perspective there is no such thing as a 'correct' pronunciation (or spelling!), yet we Europeans all use the Latin alphabet and I don't think it's f

        • Typical for someone whose mother tongue is English


      • by Genrou ( 600910 )

        Zer vil be no mor trubl or difikultis and evrivun vil find it ezi tu understand ech oza.

        Yu mispeld "evriun".


  • by VORNAN-20 ( 318139 ) on Saturday July 03, 2010 @09:55PM (#32789492)
    is that it can be built by anyone with intermediate carpentry/model-making skills. This is not the case with Enigma, for example, that is in the advanced electromechanical category. Definitely deserves an A for excellent design and first-rate results with minimally advanced technology.
  • It looks to me like the code was never broken mostly due to the lack of sufficient ciphered material to analyze, not due to any significant property of the machine. To break polyalphabetic systems like this, you need a lot of ciphered material to analyze.

  • I've just put up a follow-up Chaocipher post [] which discusses the parallels between Byrne's cryptography and chaos theory, if you're interested. :-)

To do two things at once is to do neither. -- Publilius Syrus