Code Book Cipher Cracked

AssFace writes: "The Code Book challenge -- I believe 10,000 pounds was the reward for it, and it consisted of 10 stages of increasing difficulty that mimicked the evolution of cryptography throughout history -- was cracked and there is a fantasitc description all at http://www.simonsingh.com/. Goodbye Simon Singh." It's a cool read, too -- both Singh's own writeup, and that of the Swedes who broke the cipher. Congratulations to the winners.

Stop!

[slashdoter]

They can't do that! That message is covered under the DMCA! it was a trick. RUN!!!

________

Re:Stop!

[pod]

I think the time has come for posts about breaking trivial obstacles, decrypting emails, etc, to be filed under 'Karma Whoring'. Give it up already, it's getting old.

hard to read

[mmca]

Anyone else have a hard time reading http://www.simonsingh.com/cipher.htm in X with netscape?

Re:hard to read

[chasec]

Yeah, small font. Same thing at server.counter-strike.net. Try turning off stylesheets (in Prefs|Advanced).

Re:hard to read

[ckedge]

And did anyone else notice that the Codebook Solution, http://codebook.org/codebook_solution .ht ml, is missing the section on Stage 5! I had to DL the pdf document to read that.

Re:hard to read

[pb]

Yeah, me too! I hate PDF. "Open Standard", my ass.

Unfortunately, though, I found this stuff so fascinating that I couldn't resist! I'm a sucker for ciphers, I wrote a Vinegre cipher encoder/decoder in BASIC like 8 years ago... :)

This just builds the table, because I'm sure no one wants to see all this old code, but I'm just getting nostalgic here. I guess I was 14, reading through some tiny book on ciphers throughout history, wondering how the modern stuff worked, and later why PGP was so slow on my 386SX25...

DIM ALPHABET$(25, 25)
FOR Y = 0 TO 25
FOR Z = 0 TO 25
A = Y + Z + 65
IF Y + Z > 25 THEN A = Y + Z - 26 + 65
ALPHABET$(Y, Z) = CHR$(A)
NEXT Z
NEXT Y

---
pb Reply or e-mail; don't vaguely moderate.

Ah, but what about...

[tbo]

CueCat XOR encryption. Can they crack that?!?! Ha!

Can They Do CueCat?

[resistant]

Unleash this team on the CueCat encryption! No, no, it's not that easy. They'd have to fight off shark-toothed lawyers with code books, while simultaneously engaging the vicious mind games of money-hungry legislators who pass laws such as the DCMA -- this is no walk in the park!

On a related topic...

[Vuarnet]

...anyone here knows what's the status on the Merlin Challenge book? Has it been solved yet?

This is flat out wrong.

PERIOD. Things such as this just promote the interest in cryptography and interest and knowledge in cryptography is feared and hated by governments and content industries such as those that make up the MPAA. Folks, you're not allowed to experiment with cryptography because it may give you the knowledge to crack technological protection measures which is prohibited under the Digital Millenium Copyright Act. Face it, cryptographic knowledge is a forbidden fruit. Unless you are a government employee working on a government project or a major (large corporation) copyright holder trying to protect it's assets and to assert control over it's content then you have no business to have any knowledge whatsoever about cryptography. Only criminals need to crack copyrighted material and only criminals need to hide what they say from the government. The government has our best interests at heart... AT ALL TIMES.

Its odd...

[Vippy]

Crypto is a weird subject when it comes to breaking codes and the Law. Break a code, and they make a stronger code -- it used to be.. Now if you break a code, you get sued from here to the moon. Why have a very strong encryption in the first place if your just going to cease/desist everyone who breaks it. (coughDeCSScough)...

I guess because you cant arrest the person who broke it from the Ukraine without a lot of trouble. Bah, if only we could get The Man out of the computer world, then it would be a true match between encryptors and decryptors. Would be amusing to make the Internet a scary place again.

Too bad - I was working on it

[ruebarb]

I brushed up on my C skills and started working on this challenge when it first came out. What's astonishing is the sheer geekiness of these guys. Factoring RSA keys on distributed clients and everything. Guess it would have been over my head anyway. Still, it was fun. Congrats to the boys. RB

Goodbye $10K prize money? No Way.

[lowy]

You wrote: "Goodbye Simon Singh"

By this do you mean "Goodbye $10K in prize money?"

I'll bet that's not the way he see's it. In fact I'll bet he is thinking more along the lines of:
"Hello $250K of free advertising for my book. Yipee! Yippee!

Re:Goodbye $10K prize money? No Way.

[lowy]

Hmmmm... one might even say, "Good Buy, Simon Singh!"

Re:Goodbye $10K prize money? No Way.

[AssFace]

if you read the page on his site that discusses it you will see a code at the very bottom of the page...
----------------------------------------- ---------

Re:Goodbye $10K prize money? No Way.

[Webmonger]

Perhaps it was, "Hello Slashdot Effect, goodbye Simon Singh"?

Re:Uhh, their explaination skips a stage.

[ruebarb]

It's there. They used the Fermat Text in latin and did a letter count (as opposed to the word count in Beale Ciphers.) - Read the PDF on Simon's site. RB

Did I miss something about stage 5?

[A+nonymous+Coward]

The Swedish site skips stage 5, only mentioning in passing how tricky it was, and Singh calls it the infamous stage 5. What's going on here? Have I missed something obvious?

--

Re:Did I miss something about stage 5?

[Soko]

Get the PDF - Stage 5 is in there in detail. It was a bitch indeed...

Re:Did I miss something about stage 5?

[ruebarb]

The son of a bitch about stage 5 was that technically, it was a cipher of numbers built off of a key text - you use the first letter of each numbered word (for example, 1 2 3 4 5 in this comment would equal Tsoab - To make it worse, sounds like he just used a short text and numbered the letters instead. And it was a LATIN version of the text. (Lots of those were in foreign languages. Ouch)

So it wasn't so much decrypting as finding a key text that fit the numbers. It's modeled off the Beale cyphers, which are three lists of numbers that supposedly point to gold. The second one used the Declaration of Independance as a code text. No one can find the first or third, as I recall.

It's virtually a one time pad if you wrote the key text yourself, and in all other respects, is more a matter of luck in finding the text then skills/techniques used in any of the other ciphers (frequency analysis, familiarity with the cipher) and so forth) - Most groups didn't get this one till much later. Most skipped it for quite a while.

I was looking for some text that might be based in Oxford myself, like a text of Newton's or something. Suck.

Re:Did I miss something about stage 5?

[tc]

"I was looking for some text that might be based in Oxford myself, like a text of Newton's or something. Suck."

Sorry, don't mean to be too picky, but Newton is more usually associated with Cambridge than Oxford. Y'know, what with him studying at Caius College, and holding the same maths chair at Cambridge now occupied by Stephen Hawking.

Re:Did I miss something about stage 5?

"... what with him studying at Caius College ..."

Sorry, don't mean to be too picky ;) but Newton actually went to Trinity, not Caius. Many of his books, including his own annotated first edition copy of Principia, are on view at the Wren Library there.

Hawking, however, does indeed go to Caius. I think.

Re:Did I miss something about stage 5?

[tc]

Doh! You're right, I was thinking Hawking (who is, as you say, at Caius) and somehow slipped Newton in there too.

Cambridge either way though.

Re:Did I miss something about stage 5?

[ruebarb]

Ah - I just knew Oxford people were solving the puzzle and I was looking for possible texts that might be in a Library there. - Truth is, I was hitting my head on stage 3 for so long, I didn't really get to stage 5 - (Italian? The Language was Italian??? Dagnabit.) -

That, and I'm still working on the old Poe Cipher. Too many goals, and no dates.. suck.

Re:HAHAHA (MOD UP!)

[slashdoter]

too bad you don't have any mod points

________

stage 10

[cancerward]

stage 10 required the factorisation of a 512-bit number. Singh says the authors had access only to 'ordinary' computers but I'd think 99% of people don't have access to a computer with 4Gb of RAM like the winners did. congratulations to them on cracking stage 5 - now that was obscure!

Re:stage 10

[AssFace]

It isn't that obscure - Simon Singh's last book was on Fermat - so it would actually make sense. Most of his codes had cute little things like that - the Viginere was in French, the Caesar was in Latin, etc etc.
-------------------------------------------- ------

Re:stage 10

[crt]

Well, by ordinary access I'm sure he means that anyone with enough money (probably $50-100k) can buy one without arousing suspiscion or having a federal background check. Yea, you can't buy one at CompUSA, but I'm sure you can buy one over the 'net at compaq.com...

Re:stage 10

[ckedge]

Not only that, but they had their distributed software running on hundreds of workstations. Most ordinary people don't have access to that all on their own either. Not yet.

Of course if we're talking ordinary, most ordinary people don't have the right software or the right education to do stage 9 or 10. Not yet ;)

Re:stage 10

[toriver]

Not only that, but they had their distributed software running on hundreds of workstations. Most ordinary people don't have access to that all on their own either. Not yet.

Sure they have. Just write a variant of distributed.net as a trojan/virus thingy, then make a deal with one of the top 10 pr0n sites. Thousands of workstations in a flash! :-)

Re:stage 10

[Pig+Bodine]

Yeah. The guy who, earlier in this discussion, referred to number 5 as almost a one-time pad (i.e. provably secure encryption) had it right. At least some of us know algorithms for factoring, even if we don't have the computer power to do it and possibly don't know the best algorithms; trying to find the right text to decode #5 must have been hellish for everyone who tried, whether they had a network of computers or an Atari 400 (my first computer at 1.79 MHz...). If, as would be reasonable for anyone trying to REALLY encrypt something, Singh had selected a random sequence of letters instead, the code would have been unbreakable.

I found the trouble people had with #5 illuminating: public key cryptography isn't everything. If you can distribute your key secretly, or not distribute it at all, symmetric cryptography can be pretty powerful. I guess that's part of why public key methods are chiefly used to distribute keys for DES and the like. (The other reason being computational complexity---would anyone use RSA to encrypt a reasonably long message?)

FWIW I've been really impressed with Singh as a science writer who tries to get it right. There aren't that many of them (and one of my hobbies is poking holes in popular accounts of science and mathematics.)

Re:stage 10

[Salamander]

I'd think 99% of people don't have access to a computer with 4Gb of RAM

4GB is not that extraordinary any more. Sure, you're not likely to see 4GB in too many people's desktop PCs, but is that the operative definition of "ordinary"? I'd say that any computer that the manufacturer can ship to you off an assembly line because they make thousands like it is ordinary, and that covers a lot of machines with a lot more than 4GB.

Re:stage 10

[PD]

The reason public key crypto is only used to distribute keys is that public key crypto is slow compared to a strong algorithm such as DES. If you encrypt a meg of text with DES that will be pretty fast. A meg of text encrypted with a public key algorithm will take a while to crypt.

Re:What the

[alienmole]

It's how much your brain would weigh if you had one.

Cool...

[smoondog]

Wow, that is cool. Congrats to the Swedes. I wish I had that much time.... :)

-Moondog

Thanks -- it's in the PDF but not in HTML

[A+nonymous+Coward]

How very odd. I'll have to send someone email...

Thanks for the PDF suggestion.

--

Prize Money

[wsloand]

So Singh was just slashdotted and had to spend the whole prize on bandwidth. I have no signature. I am no one.

Yes

[Anne+Marie]

I don't have the link handy, but as they say (or ought to say), use Google, Luke.

Ah well...immense fun while it lasted

[dmccarty]

(Drats! Every time I really want to post a comment I load the article only to find out that I'm supposed to be moderating. Well, not this time.)

For those of you who haven't read this book but are interested in cryptography, I can't urge you enough to read it. The challenge at the back is especially enticing. I'm not sure if it will lose its appeal now that the answers are published and known, but for me there was something absolutely special about breaking the codes and knowing that I was one of the few people in the world to have done it.

I solved stages 1 - 6 and 9 (I was on the 2nd team to brute force the Stage 9 DES cipher). Stage 7 was the ADFGVX cipher used in WWI and Stage 8 was the infamouse Enigma cipher used in WWII. For those who haven't had a crack at this, it's certainly worth it. IMO there is nothing quite like revealing a code piece by piece. I was privelaged or lucky enough to decipher some of the hints on the eGroups message board and be one of the first few to solve Stage 5, and the elation from seeing--for the first time--what only a few people have ever seen is nearly indescribable.

In summary, this was a wonderful book and an excellent adventure. Best wishes to the Swedish smarties who actually cracked Stage 10 (they had to pick between brute forcing triple DES or 512-bit RSA) and to everyone else who contributed along the way. It has certainly been an excellent experience!
--

Re:Ah well...immense fun while it lasted

[Psiren]

I've just finished reading the book myself. While I didn't contemplate trying to break the codes (I don't have the patience for it) I found the book itself extremely interesting. I would certainly recommend it to anyone even remotely interested in cryptography, and not just computer users. It talks about all sorts of code breaking, including how they used the Rosetta Stone to crack the Egyptian Hieroglyph's. A very good read.

Re:Ah well...immense fun while it lasted

[vslashg]

Heh, well, this review will certainly change the minds of all the Slashdot-reading non-computer-users who weren't going to get it. ;-)

Re:Ah well...immense fun while it lasted

[Leto2]

Could you explain what stage 5 was and how you did it? The guys from Sweden explained every step except for stage 5.

Thanks in advance!

It's the author of the article..

[Chuck+Chunder]

who seems to have a liking for beans.

Re:Uhh, their explaination skips a stage.

The explanation does not really skip stage 5. The report was written in TeX and converted to dvi, PostScript, PDF and HTML. Some of these conversion come out better than the others. The conversion to HTML is somehow buggy so it missed the fifth stage. I do promise you that we did solve stage 5 even if it almost made us give up. I mean we searched for that keytext for more than six months and tried almost anything else we could possibly think of. /Fredrik Almgren

The most interesting part is....

[ssimpson]

This is the first time "normal" computer hardware has been used to break a 512-bit RSA key.

The first public break of an RSA key of this size was performed using 224 CPU hours on a Cray C916 whilst the team that cracked the codebook puzzles took just 13 days on a quad-Alpha Compaq beast.

Don't forget, before the export rules were changed around 90%+ of all "secure" SSL transactions on the internet were using 512-bit keys. Scary, huh?

--

Re:The most interesting part is....

[jovlinger]

I found it interesting that they had the balls to go to compaq and say "we've got a huge equation to solve. If you lend us some cycles, you can use us as a bragging point on how powerful the Alpha is."

Compaq was cool enough to take em up on it and lent them 13 days on a quad machine. That's alot of CPU that compaq donated for PR. mind you, I don't know if I think it necessarily qualifies as "normal", but still.

Bit-slicing for stage 9

[Peter+Millerchip]

I was most intrigued by the descriptiong of the bi-slicing technique that the Swedish team used in their Stage 9 key search. They realised that the DES algorithm could be implemented using only boolean operators (AND, OR, NOT etc.) and so caluclated 32 keys simultaneously by using each bit of a 32-bit word to represent a different key.

So basically they were searching 32 keys at once, which is a very clever use of resources. Does anyone know if the Distributed.Net clients use similar techniques to speed up the RC5 key searches, or is it impossible to implement RC5 using the boolean operators?

Re:Bit-slicing for stage 9

[Rager-vs-Machine]

They did not invent this idea -- This comes from Dr Eli Biham, and was presented at the "Fast Software Encryption 4" (FSE4), held in Haifa, Israel in January 1997. Here's a couple links for info on bitslicing and DES stuff.

Birham's paper in .ps.gz format
An explanation of the technique and source

Looks like the Swedish team used these older ideas.

The second link also indicates that Distributed.Net clients use this method for DES, but no info on RC5.

Where are the problems?

[pallex]

I dont have the book. Is there a page on the net with the actual questions? The pdf file by the winning team mentions that they ocr`d it - does that exist anywhere?

Re:Where are the problems?

[AssFace]

If you go to egroups.com, there is a mailing list called "cipherchallange" that was devoted to this book. in the files section they have electronic versions of all the cipher texts as well as a ton of other data in there.
------------------------------------------ --------

Re:Where are the problems?

[AssFace]

Alos it should be noted that the egroups list that I just referred to has been slotted to be shut down on Oct 15 according to the list owner.
------------------------------------------ --------

Re:Where are the problems?

[pallex]

Cheers!

(BTW i cracked the encryption on your mailing list name!)

;)

Re:Where are the problems?

[AssFace]

how so?
--------------------------------------------- -----

Re:Where are the problems?

[pallex]

Simple! I just switched the second `a` in `cipherchallange` for an `e`... :)

(I dont normally complain about spelling!!)

I`m now waiting for egroups to email me the registration number. Its taking its time - hope i get it before the 15th!!

A.

Re:Where are the problems?

[AssFace]

oh yeah... my bad. I'm not a good typist, nor linguist - combined it is hard to tell what the hell I'm ever trying to say. There is some discussion on the list now as to whether it will stay active or not - I personall see no reason for shutting it down - but we shall see.
-------------------------------------------- ------

Re:Where are the problems?

[pallex]

Looks like its staying for a bit!
Cheers again,
alex.

Re:So here I go

[pallex]

"when are people going to clue into the fact that white text on a black background, while uber cool looking, is pretty much un-readable. "

is? IS??

whats the point of having IMHO when you dont use it. Its just an opinion. I prefer white on black, as it means theres no flashing monitor to give me a headache!

Re:Cool stuff...

[SlippyToad]

It's interesting the mystique that is invoked whenever someone talks about a highly-funded government agency. What maks anyone think that just because they're the CIA they have people who are soooo much smarter than everyone else that they can just do this without trying? I think it far more likely that the CIA would have sent a team in to kidnap the guy who knew the answers, rather than invest the intellectual effort involved in cracking the code. There's no evidence that the CIA is any smarter than anyone else in the world. And yes I think you watch too much X-files.

Cynic

[stephend]

Is it just a co-incidence that the challenge has been completed just as his new TV series airs?

Re:Cynic

[pallex]

Is the book any good? I bought his `Fermats last theorem` book and thought it was a bit crap. I really liked it for a little while, then i realised that he didnt understand the maths and wasnt going to give more than vague hints at what they were trying to solve... i`ve pretty much given up with (non fiction) books now when theres so much stuff on the net - would i miss anything by not getting this one?

BO-ring!

[whuppy]

Wake me up when someone cracks DirecTV's HU card.

--

Will the Real Simon Singh please stand up?

[b1t+r0t]

I called the spokesperson, Fredrik Almgren, and a somewhat cautious dialogue ensued. How did the Swedes know that this was really Simon Singh on the phone and not some imposter trying to steal their solution? I was the only other person in the world who also knew the plaintexts, and this became the decisive factor in establishing a relationship of trust.

What's interesting about this is that they used the cryptography from the book as a form of authentication! Sort of like a digital signature in reverse. If he was the real Simon Singh, he would have already known the plaintext to #10, and could use that to identify himself. And if he weren't, then he would presumably be from a team that had already solved it, so why bother calling them? (Yeah, I know, they might have solved every one but #5, but the same challenge/response works for all the problems, and strengthens the authentication.)

Re:Will the Real Simon Singh please stand up?

[monkeydo]

Explain how this works over the phone please. Simon needed to authenticate himself to the person on the other end using the cleartext, but he couldn't use any of the cleartext to do so since he didn't know if the other person had actually solved it.

Re:Will the Real Simon Singh please stand up?

[pallex]

Simon didnt want to give away (part of) the solution. With some encryption systems only a few chars of plaintext will be massively helpful.

Re:Will the Real Simon Singh please stand up?

[E-Tray]

Quote from How we Cracked the Code Book Ciphers
---
From: Fredrik Almgren
Subject: RE: Nervous
Date: Fri, 6 Oct 2000 11:07:44 +0200

I have just talked on the phone with an English-speaking gentleman who said he was Simon Singh. He started off the call with a short discussion on how he was going to make me believe that he was indeed Simon Singh. After some rambling from my side, he said that the first part of the plaintext for Stage 10 consisted of fourteen words and that words 5 and 14 rhyme. At that point, I felt about ready to accept that he was really who he claimed.
----

Your sig...

[DeadSea]

How about:

Mary used cryptography, she kept the key in escrow. Everything that Mary said, the feds were sure to know.

I think it flows a bit better....

Re:Your sig...

[wwphx]

Doesn't parse well. "Used" is weird for meter, and four syllable words don't flow well. The second line doesn't flow well at all: it makes for much harder emphasis on the first syllable in "escrow" which really breaks up the flow of the poem.

Sorry, I think the original flows much better. But I do like losing the "And" for the third line.

--

If you purchase the book

[JustSayHey]

If all of this hoo-haa gets you to think of actually buying the book, the author is selling individually signed copies of this and his other books (paperback) on his web site at list price, but with 25% of the purchase price going to a vision-oriented charity. Maybe a bit better than sending your $$ to BigOl' BookCo?

Simon Singh on TV

[Aztech]

For anyone in the UK, Simon Singh has a new series on crypto on channel4, the second program is on tonight at 9pm (BST). You can find out more here

There's also a competetion where you can win a trip to Eygpt if you crack the code.

Easy...

[Mike1024]

Hey,

I confided in Paul Leyland, an encryption expert working for Microsoft

Well *no wonder* it was cracked!

Michael

...another comment from Michael Tandy.

Re:Easy...

[Xilman]

Hey,

I confided in Paul Leyland, an encryption expert working for Microsoft

Well *no wonder* it was cracked!

8-)

They actually did it the hard way. I spoke with Frederik to see how they cracked the code.

I'm impressed with their achievement.

Paul

Re:Cool stuff...

[Tungz10]

You're thinking of NSA