The Secrets of the Chaocipher Finally Revealed

nickpelling2 writes "In 1918, John F. Byrne invented a truly amazing cipher system, called 'The Chaocipher,' that fit inside a small cigar box, could be operated by a ten-year-old, yet produced practically unbreakable ciphertext (arguably even stronger than the Nazi Enigma machine). But now, thanks to the efforts of Chaocipher fan Moshe Rubin and the generous gift of Byrne's cryptographic effects by his daughter-in-law Pat Byrne to the National Cryptologic Museum, the secrets of the Chaocipher are finally starting to be revealed — it's a great story. To accompany Moshe Rubin's excellent textual description of the Chaocipher, I've posted a 30-second animation of the Chaocipher in action to YouTube, just in case anyone wants to see the most devious cipher of the 20th century in action (sort of)."

The 20th Century?

AES came out in 1998.

Re:The 20th Century?

Yeah, that'd be the 20th century.

Re:The 20th Century?

Except if the century ended in 1999 in which case it was the 19th.

My head 'sploded.

Re:The 20th Century?

Except if the century ended in 1999 in which case it was the 19th.

Please do not breed. It would also be appreciated if you do not vote or drive on public roads.

Re:The 20th Century?

[thms]

In some countries centuries are actually labelled in that fashion. So maybe you should just advise said AC to travel more of the real or virtual world instead. But less breeding is always good. Though, probably not in said countries, with their negative population growth....

Re:The 20th Century?

I believe that he was implying that the choice between zero-based or one-based numbering should be the same for both the year and the century.

Conventionally, one-based numbering has been used: years within a century are numbered 1 to 100, e.g. the years 1801 (1800+1) to 1900 (1800+100) inclusive comprise a century, and centuries are numbered with the first century comprising the years 0001-0100 inclusive, the second century 0101-0200 inclusive, etc.

If you want to use zero-based numbering for years, e.g. having the years 1900-1999 inclusive form a century, then you should also use zero-based numbering for centuries, so the years 0000-0099 would be the "zeroth" century while 1900-1999 would be the 19th century.

Re:The 20th Century?

Thanks for the enlightening update on how centuries work on whatever planet you're from. Round here, we call 1998 the 20th century.

Re:The 20th Century?

[the_enigma_1983]

According to your link, some countries use terms like "the 1900s" to refer to anything between 1900 and 1999. As it says, this is equivalent to English-speakers using the term the "nineteen hundreds". It doesn't mention in any way how someone could refer to the year "1999" as being in the "19th century".

Re:The 20th Century?

[Alsee]

I always end my centuries on the 97's.

-

Re:The 20th Century?

Indeed. And the years -1 to -100 would be the zeroth, and -101 to -200 the minus first century. It all makes as much sense as starting a count on an arbitrary reference point allows.

Re:The 20th Century?

No, we are assuming the first century.... the one starting with year 1 and ending with year 100 is the 0th century (zero-th century), that way, illiterates won't be all confused and whatnot. If you have the zeroth century, then the first century can start at year 101 and everyone will be happy (none ah thet thar thinkin rekwired). Just go with me sparky. Just close your eyes, clench your fists and cry out "YES!" Now I feel like Ned Flanders as he appeared on the TV at the "Re-Neducation Center": "Just relax and let the hooks do their work." (Simpsons Treehouse of Horror V).

Re:The 20th Century?

[Low+Ranked+Craig]

Since there is no year zero, even though years ending in zero are commonly perceived to be the start of decades and centuries, technically, 1901 was the first year of the 20th century, and 2000 was the last year, with 2001 being the first year of the 21st century. This is all based on the Georgian calendar which is what most of the world uses today.

Regardless, even based on popular perception, 1998 is in the 20th century no matter how you slice it. Referring to them as the 1900s is also correct, but the two methods are different.

Re:The 20th Century?

[Troed]

(while thoroughly irrelevant to the original topic .. )

Well, as a native from one of the countries in that link - our way sometimes bleeds through when doing on-the-top-of-your-head translations. In Sweden the correct description of the years 1900-1999 is "nittonhundratalet" - literally translated as "the nineteenth century".

It's quite common, for us, to slip up.
 

Re:The 20th Century?

[HungryHobo]

years 0-99 first century.(the first 100 years AD)
years 100-199 second century.(the second 100 years AD)
years 200-299 third century.
.
.
.
years 1800-1899 nineteenth century.
years 1900-1999 twentieth century.
years 2000-2099 twenty-first century.

surprisingly it does not refer to the most significant digits of the date.
it's perfectly logical if you give it a moments thought.

Re:The 20th Century?

If you want to use zero-based numbering for years, e.g. having the years 1900-1999 inclusive form a century, then you should also use zero-based numbering for centuries, so the years 0000-0099 would be the "zeroth" century while 1900-1999 would be the 19th century.

Zero-based or 1-based numbering is irrelevant, as those are referring to the number of the year, not the relative position of the year. You could just as easily start counting with the year 20, or 20,000,001, or even -500 if you wanted to really mess with people. But no matter what value you use to start your count with, that is still the FIRST century.

Re:The 20th Century?

[anomaly256]

If you take the first century as being the years 0-99, or if you take the first century as being the years 1-100.. 1998 is still within the 20th century. Only if you (for some really silly reason) ignore the existence of the first century AD, and call the second set of 100 years after the first set of 100 years AD 'the first century', would 1998 be in the 19th century. Don't try to think about it too long though, you'll only hurt yourself.

Re:The 20th Century?

[Kr3m3Puff]

So when is this year 0 again? There is no year 0 in the Gregorian Calendar.

Re:The 20th Century?

[Gnavpot]

Well, as a native from one of the countries in that link - our way sometimes bleeds through when doing on-the-top-of-your-head translations. In Sweden the correct description of the years 1900-1999 is "nittonhundratalet" - literally translated as "the nineteenth century".

I know enough Swedish to know that this is a very bad translation.

The word "nittonhundratalet" is better translated into "the nineteen hundred age". Note that this says nothing about nittonhundratalet's position in a sequence of centuries in the same way as "the nineteenth century" does.

Re:The 20th Century?

[Gnavpot]

In some countries centuries are actually labelled in that fashion.

I live in one of the three countries mentioned in your Wikepedia link. We use the same sequence numbering of centuries as the rest of the world: the 19th century, the 20th century, etc.

If this is what is meant with "ordinal numbering" in the Wikepedia article, then this part of the article is wrong: "In Swedish, Danish and Finnish centuries are typically not named ordinally".

But we ALSO have another informal way of saying it as described in the link, just as the English speaking do.

Re:The 20th Century?

[HungryHobo]

Ah you're correct of course.
Silly mistake on my part.
So it goes
years 1-100 first century.(the first 100 years AD)
years 101-200 second century.(the second 100 years AD)
years 201-300 third century.
.
.
.
years 1901-2000 twentieth century.
years 2001-2100 twenty-first century.

Re:The 20th Century?

[Twinbee]

Yes, everyone knows the 19th century ended *on* 2000 not at the end of 1999... sigh.

Re:The 20th Century?

1999. Drop two 9s and what are you left with? 19 so if a century did end in 1999 it would have been the 19th.

Re:The 20th Century?

[Troed]

Your "enough Swedish" is indeed good enough to require further commentary ;)

To your point, it's possible to deconstruct "nittonhundratalet" into three parts:

nitton = nineteen
hundra = hundred
talet = "the age"

The best translation would then be "the age of the nineteen hundreds". If that was all there was to it, you'd be correct - and the translation would make perfect sense. However, what goes through a swede's mind could instead be described with a deconstruction into two parts:

nitton = nineteen
hundratalet = the century

... which is why we'd translate "nittonhundratalet" as "the nineteenth century" and back. The perfect literal translation "det nittonde århundradet" has an archaic ring to it and is not in every day use.

This is actually one of the well known caveats when swedes speak English - even more so than trying to translate the Swedish cultural concept of "den lilla människan" into "small people". I'm just glad Carl-Henrik failed at even the literal translation which would've been "the little people/person".

Anyway, pulling a random century/talet example from Google, involving our beloved state-subsidised radio journalists and a politician's blog:

http://brandewall.blogspot.com/2008/08/vilket-rhundrade-var-det-vi-levde-i-nu.html

Re:The 20th Century?

Yes, everyone knows the 19th century ended *on* 2000 not at the end of 1999... sigh.

That was the 20th Century that ended at the end of 2000.

Re:The 20th Century?

Think about it: Which years do you think are in the the _first_ century? Is the year 199 in the first century or the second? Then what century does that make for 1999?

Re:The 20th Century?

[knarf]

The naming of centuries is actually sometimes confusing. In the Netherlands the space of time between 1900 and 1999 is called 'de twintigste eeuw' (the twentieth century) while in Sweden they speak about 'nittonhundratalet' ('the nineteenhundreds') but also '20:e århundradet' ('the twentieth century). Our house was built in 1700-something so in Sweden it is a 'sjuttonhundratalsvilla' (seventeenhundreds house) while in Dutch is would be a '18de eeuws huis' (18th century house).

Re:The 20th Century?

[Jane+Q.+Public]

Exactly. This was kind of a pet peeve of mine. I got so tired of people asking me what I was going to do on New Year's Eve of the Millennium. I'd say, "Since it's more than a year away, I haven't decided yet." They'd just look at me funny. Of course I went to the celebrations, even though I knew it was a year early. Sometimes it's just not worth fighting the common ignorance.

I lit some fireworks just after midnight, on Jan. 1, 2001.

Re:The 20th Century?

I really hope this is a joke, or that at the very least you don't write code for a living.

Man, but there are some morons on /. today. Who knew cryptography would flush them out??

Re:The 20th Century?

You are wrong there is. The timeline is in human years. When a human is born it is year 0. This 1 AD is 1 year after the birth of Jesus, so the moment of the birth of Jesus is year 0. Thus 31-12-1999 23:59:59 is the last second of 20th century and 01-01-2000 00:00:00 is the first second of 21th century. We learn this in Europe. (on a side note, there is no 12 AM - it is 0 - zero hours.

Re:The 20th Century?

[Painted]

My pet peeve is that since some Monk decided on the calendar centuries ago didn't know about 0 decided the system we use today, and get people constantly correcting us when we say that the 1990's ended in 1999, not 2000. Or the Millennium, which really brought calendar nerds out of the woodwork saying how it's not the 21st century due to 2000 being in the 20th.

It was a mistake made in ignorance, and I wish we could all agree on correcting it.

Re:The 20th Century?

Zero was introduced in 1232 AD he worked out the centuries in 825 AD

Re:The 20th Century?

2^21 = 1088

Re:The 20th Century?

[Jane+Q.+Public]

Me too. My big problem was that even after it was explained to them, most people seemed to either actively deny the obvious logic, or just ignored it completely.

Re:The 20th Century?

[jesset77]

Me too. My big problem was that even after it was explained to them, most people seemed to either actively deny the obvious logic, or just ignored it completely.

Bah, humbug. There's nothing "obvious" nor "logical" about it. The Calendar is just notation. It's power is in keeping track of dates, of guaranteeing a consistently understood sequence of events. Bitching about archane confluences just proves that you care more about being pedantic and unhelpful than you do about harmony with your fellow man.

When arbitrary definitions are dischordant with common understanding, it's an order of magnitude easier to alter the definitions to fit the established understanding than the other way around. So why do we not do that?

You say there is no "Year Zero", so I just say "Yes there is." You say "Haha, when was it?" so I say "The year before Year 1". You say "Nya nya, that year was 1 BCE" so I just say "Who cares? 1 BCE = 0 CE, now get off my lawn".

Re:The 20th Century?

Except if the century ended in 1999 in which case it was the 19th.

Please do not breed. It would also be appreciated if you do not vote or drive on public roads.

Is u a nigger?

Re:The 20th Century?

[Jane+Q.+Public]

Bah, humbug. There's nothing "obvious" nor "logical" about it. The Calendar is just notation.

A calendar is numbers. Integers, more precisely, arranged in a specific and orderly fashion.

If you have a specific date on which your calendar starts (and we do), figuring out what a century and what a millennium is -- exactly, and without ambiguity -- is elementary math. It isn't a matter of opinion, or fashion. It is simply a matter of adding numbers, in precisely the way they are usually added.

So yes, it is logical, and it is obvious. And those who get it wrong are just... wrong.

Re:The 20th Century?

[jesset77]

Well then, I'm glad you said Integers instead of Positive, Natural Numbers because as we all know the integer ordinally preceding one is zero.

If you have a specific date on which your calendar starts (and we do), figuring out what a century and what a millennium is -- exactly, and without ambiguity -- is elementary math. It isn't a matter of opinion, or fashion. It is simply a matter of adding numbers, in precisely the way they are usually added.

You seem pretty sure of yourself there, as well. According to you, Jan 1 2001 is the official beginning of a new millenium because it commemorates precisely 2000 years elapsed after... after what, again?

Oh yes, that's right! Contemporary scholars have found evidence of the date of the Christian Messiah's birth to be inaccurate, and now put best estimates at early fall, 4 BCE. Kind of hard to celebrate two millenia past an indeterminate event with any accuracy is it? No matter how many numbers you simply add together?

But I'll tell you what I think. I think flipping the large dials on the chronometer is a more momentous occasion than trying to precisely count how many years have elapsed since a possibly fictional event was supposed to have occurred. I think being able to say "we're in a new millennium, because the digit which delineates which millennium we are in has now incremented" is more important than trying to account for the fact that the people who constructed the calendar we currently used punched a whole in the number line.

Re:The 20th Century?

[Jane+Q.+Public]

And before 0, there is -1. But when you start at a single point, a year from then is 1, and a year before then is -1. There is still no year 0.

And we have an agreed-upon date for the start of the calendar. I don't give a damn about what it's supposed to be based on. Or whether China agrees with most of the rest of the world.

Re:The 20th Century?

How the hell did you score 2? This is /.!

Re:The 20th Century?

No, we are assuming the first century.... the one starting with year 1 and ending with year 100 is the 0th century (zero-th century), that way, illiterates won't be all confused and whatnot. If you have the zeroth century, then the first century can start at year 101 and everyone will be happy (none ah thet thar thinkin rekwired). Just go with me sparky. Just close your eyes, clench your fists and cry out "YES!" Now I feel like Ned Flanders as he appeared on the TV at the "Re-Neducation Center": "Just relax and let the hooks do their work." (Simpsons Treehouse o.f Horror V).

Read above. Someone wants a 0 and minus 0 century.

Re:The 20th Century?

Except if the century ended in 1999 in which case it was the 19th.

Please do not breed. It would also be appreciated if you do not vote or drive on public roads.

How did you score 5 funny when you are (i) irrelevant and (ii) unfunny?

Re:The 20th Century?

No, we are assuming the first century.... the one starting with year 1 and ending with year 100 is the 0th century (zero-th century), that way, illiterates won't be all confused and whatnot. If you have the zeroth century, then the first century can start at year 101 and everyone will be happy (none ah that that? thinking rekwired). Just go with me sparky. Just close your eyes, clench your fists and cry out "YES!" Now I feel like Ned Flanders as he appeared on the TV at the "Re-Neducation Center": "Just relax and let the hooks do their work." (Simpsons Treehouse o.f Horror V).

Read above. Someone wants a 0 and minus 0 century.

Re:The 20th Century?

But why would there be a oth century when it could be the First?

Re:The 20th Century?

You are wrong there is. The timeline is in human years. When a human is born it is year 0. This 1 AD is 1 year after the birth of Jesus, so the moment of the birth of Jesus is year 0. Thus 31-12-1999 23:59:59 is the last second of 20th century and 01-01-2000 00:00:00 is the first second of 21th century. We learn this in Europe. (on a side note, there is no 12 AM - it is 0 - zero hours.

Except where counted as 1 when born as in the numbering system used there at the time.

Wow

Don't know how the previous cretins managed to extract SCO and APPLE FUD from the article, but after reading the summary, reading the linked articles, and watching the video... looks to me its an easily breakable substitution cipher. Anybody care to fill me in on what I missed?

Re:Wow

[omglolbah]

While a polyalphabetic substitution cipher can be broken I would not call breaking this particular one "simple".
Compared to many other such ciphers it is quite good in that there is a shifting alphabet which has a very large range of values.

Considering it was made in 1918 I suspect it would be a pain in the ass to actually break it.
You cant do much with frequency analysis as the alphabet and thus the substitutions change on every letter.

Much like with Enigma I suspect that this cipher's biggest weakness is in the application. In other words following a set pattern which makes it possible to find "cribs".

Re:Wow

[thms]

Yes, the Enigma algorithm, or actually wiring, was known and Polish and later English Cryptologists worked long and hard to crack it since a lot was at stake. This one as of now relied a lot on security through obscurity. I doubt it would have lasted long in a world war scenario.

Just as the Enigma it might be impossible to de-cypher it manually, but with a machine and Turing-level minds to help you I would think it is solved quickly. But since secure encryption is perceived as a solved problem (still, where is the AES equivalent of a secure hash?) maybe bright minds turn their attention elsewhere nowadays.

Re:Wow

[Randle_Revar]

>(still, where is the AES equivalent of a secure hash?)
here:
http://csrc.nist.gov/groups/ST/hash/timeline.html

Re:Wow

Dunno, but I'm almost tempted to make a javascript that does a rot-256 (pretty much plain ol' ASCII) and then you type in whatever you want encoded. Then for the "key" you just put in a URL of your choice. Then it takes the text of the key page, truncates it to the length of it to your message (or if it's somehow shorter, have it loop from the beginning or reverse), and then parses it in a way to bump the rotors around that jumble the text.

Considering the key could be any website, and is made equal in length to that encoded - I figure that'd be damn hard to figure out unless you know what URL's text was used to encrypt the thing. Also it's probably handy for limited time keys when certain web pages are changed often. Etc...

Being that it's javascript based and works with ASCII text, I'm sure any schmoe on the web could devise something similar. I'm curious to how effective something like that would actually be. (Provided somebody doesn't use an intentionally simple URL to encode it and effectively break the encoding.)

Re:Wow

"rot-256"

I don't think that word means what you think it means.

Re:Wow

[kestasjk]

Isn't whirlpool an AES-based hashing system?

Re:Wow

[RichiH]

As long as the NIST has not finished its current competition, there is a simple fix:

Use both Whirlpool _and_ SHA-512 (or better: SHA2 in its 512 bit variant). They are long enough to make reasonably sure no one can deduct anything about a potentially secret cleartext any time soon (there is _more_ information about the clear text in the wild, after all) while also making sure that no one will be able to create a matching clear text, both due to their length and based on the fact that they come from totally different families.

Re:Wow

it would be a pain in the ass to actually break it

Would that be an American ass or a Europen ass? The distinction is crucial, as the former is significantly larger than the latter.

Re:Wow

[KDR_11k]

If you repeat your key (looks like you're going for an OTP) you make it breakable. I'm not sure an OTP based on a public code page is a good idea and if the key used is text in a language that already gives a strong hint for any cracker.

Re:Wow

[NightWhistler]

You're basically proposing to use a website as a One time pad. In theory a one-time pad is unbreakable, but that does require that the content of the one time pad would be truly random, which a web-site text is obviously not.

Also, if the text of the site changes, your key breaks, though that may actually be a benefit.

Re:Wow

[Jane+Q.+Public]

That does not necessarily follow. While it seems reasonable and logical, it is quite possible that using the second algorithm would actually serve to undo some of the security of the first. Not at all likely, you understand, but possible. And showing that such interference does not occur is rather difficult to do.

Re:Wow

[RichiH]

That's what I meant by "reasonably sure", yes.

I am not aware of any research in this direction, though.

If you are paranoid, salt both hashes. With different salts.

Re:Wow

[MichaelSmith]

Brings to mind those "OUTGOING" posts we used to see. Could it have been a key distribution system?

Re:Glad parent is modded "Insightful"

[omglolbah]

+5 for effort :p

Video link

[Nieriko]

http://www.youtube.com/watch?v=BPI3P-ikWCk

Allow me to spare you the googling :D

Re:Video link

[CarpetShark]

Allow me to spare you the googling :D

And what if we wanted to google it, eh? Did you stop to think of that before posting your own god-damned link?

Re:Video link

[Nieriko]

I don't know what are you complaining about, you can still google it. Here is the link

Re:Video link

[CarpetShark]

It's not the same. Posting an electronic link is theft, just as if you'd posted it in a shop.

Its a two wheel enigma, neh?

What am I missing here?

Re:Its a two wheel enigma, neh?

[Ciggy]

It's not a two wheeled enigma for at least three reasons:

1) A plain text letter can be encrypted as itself (something an enigma machine cannot do due to physical design).
2) In an enigma machine each wheel is wired in a fixed "permutation"; in the Chaocipher "machine" each wheel is "rewired" depending upon the letter just encrypted.
3) In an enigma machine it is necessary to rotate the wheels semi-independently (ie like the wheels in a tape counter, each one causing the next one to rotate one letter each time it makes a complete revolution) whereas in the Chaocipher "machine" the wheels do not actually need to rotate - by rotating the wheels it makes the "rewiring" easier to explain.

The "rewiring" could possibly be seen as the effect of rotating the enigma wheels, but without a closer look at the algorithm than that I have done I cannot definitely say but my gut feeling is that it is not - I am sure a properly devised plain text with 676 (26^2) characters would show that they are not equivalent as after encrypting the 676th character the 2 wheel enigma machine will now be back in the position in which it started and the Chaocipher "machine" will not.

Probably weaker than Enigma

[Animats]

It's not a particularly strong cypher. It's basically a monoalphabetic substitution with some feedback, but not much. For each letter encyphered, the wheels change, but they don't change by much, and the number of change possibilities is small. So if you have known plaintext anywhere in the message, you can look for it with the usual techniques for monoalphabetic substitution, while considering all of the small number of possible changes to the two alphabets on each cycle. The "permuting" step just consists of shifting half the alphabet by one place left or right.

Once you have an entry into the cypher from some stretch of known text, you can work backwards and forwards until you've recovered the wheels.

There are better pre-computer cyphers. Jefferson's wheel cypher is much stronger, and was used by the US as late as the Vietnam War.

Re:Probably weaker than Enigma

[CAIMLAS]

Yet, this thing was around in 1918. It was some time before computers, and still reasonably capable. Arguably, I'm not quite sure how it's an inferior cipher compared to the Jefferson cipher - this one appears to allow for slightly more "randomness", as well as creating templates which could arguably be used for single-time pads without the additional transmission of information for an effective cipher. (the Jefferson wheel cipher wasn't used past WWII, from what I can tell).

At any rate, it just goes to show you how effective a relatively simple machine can be, compared to modern electronic and/or computational methods to do the same basic thing (in this case, the enigma). Another good example would be drive/steer-by-wire vs. hydraulic or mechanical steering and acceleration/breaking. I'm sure there are more, but I'm not creative enough to think of any of them in my current alcohol-addled state.

Sometimes, the conceptually simpler method is the better one. This thing apparently still works; how many cryptographic engines of later years no longer do due to the copious mantainance required? Same can be said for more modern vehicle electronics vs. the older and more reliable (despite what the automotive industry says) mechanical means of doing the same: instead of outright replacement its often relatively easy to fix the broken systems on an older car.

Of course, when it comes to things depending on complex mathematics and the ability to be generalized, nothing beats generalized computing. :)

Re:Probably weaker than Enigma

[Lord+Crc]

So if you have known plaintext anywhere in the message, you can look for it with the usual techniques for monoalphabetic substitution, while considering
all of the small number of possible changes to the two alphabets on each cycle.

From what I can gather the "key" in this system is the ordering of the two alphabets, which is not fixed. Doesn't your method assume that you already have the key? If not, how does your method deal with all the possible alphabet permutations?

I'm no crypto guy tho so I might be missing the obvious :)

Re:Probably weaker than Enigma

[IICV]

Well, just think about it: in a substitution cipher, the "key" is a permutation of the alphabet (i.e, a -> q, b -> w, etc). If you used this device without the "twizzling" step, it would be exactly like a plain old sub cipher. I just don't see how that twizzle step injects enough entropy into the system for this to be significantly more secure than even a Vignere cipher with a sufficiently long keyword, and that you can do with pen, paper and a good memory.

Basically, if nobody ever broke the known-plaintext ciphertexts, it's more likely to be because nobody cared enough to reverse-engineer this guy's algorithm than because of any actual cryptographic considerations.

Chalk up another win for security through obscurity!

Re:Probably weaker than Enigma

[Lord+Crc]

Well, just think about it: in a substitution cipher, the "key" is a permutation of the alphabet (i.e, a -> q, b -> w, etc). If you used this device without the "twizzling" step, it would be exactly like a plain old sub cipher. I just don't see how that twizzle step injects enough entropy into the system for this to be significantly more secure than even a Vignere cipher with a sufficiently long keyword, and that you can do with pen, paper and a good memory.

Well, a substitution cipher only has one "scrambled" alphabet. However the two alphabets in the Chaocipher are "twizzled" differently, so I don't think you can treat it as if you only got one "scrambled" alphabet, and must also consider the possible permutations of the two alphabets. I agree that if the alphabets were "twizzled" in the same way it wouldn't be much different from the plain substitution cipher.

Again, I might be missing the big picture here :)

Re:Probably weaker than Enigma

[IICV]

Well but that's the thing - this cipher can be described as a specific case of "substitution cipher, except you permute the key after every character in deterministic manner 'x'". Note that a Vignere cipher can be described in much the same way, except it's a shift cipher instead of a substitution cipher (the difference is that the key to a substitution cipher is a permutation on the alphabet, whereas a shift cipher's key is just a shift of the alphabet).

The question boils down to: "is substitution cipher with some sort of non-random key permutation worthwhile?" The answer is probably no (and if you allow random key permutations, then it's basically a one-time pad). Indeed, I wouldn't be surprised if this thing is only a little bit more secure than a sort of Vignere cipher hybrid that uses a list of substitution ciphers instead of a list of shift ciphers.

So yeah, while this might have been useful in the roaring twenties, it's peanuts compared to modern cryptography.

Re:Probably weaker than Enigma

[igb]

I think it's somewhat better than you describe, in that it is at least feeding the ciphertext back into the permutation. It would depend on how it was used as to how much benefit that gave.

It's reasonable to assume that in a communications network, there would be a setting for the day or week. If that were used unmodified, identical opening phrases would encrypt identically, and would then diverge at the point the plaintext diverged. As with Enigma or Purple there's weak diffusion: the only thing that affects characters 1..n of the ciphertext are the key setting and characters 1..n of the plaintext (contrast a block cipher, where the two blocks whose plaintext differ only in the last byte will generate ciphertext that potentially differs throughout). Without careful use, which would have been unlikely in 1918 given the Germans screwed this up in the 1940s, stereotypical opening sequences would expose a lot of the key.

If an initial sequence were generated randomly for each message, so that the message itself starts with the alphabets already significantly permuted, that problem goes away. But generation of random initial sequences is hard. Again, the Germans screwed this up, and although it's not performing the same job the Herivel Tip seems relevant for any mechanical system.

As you say, locating plaintext within the message is also plausible with a computer or even a Colussus device, although it would be very complex by paper methods: for a conjectured plaintext, you can predict the transformations of the input and output alphabets, and (I suspect) the better attacks would come from conjectured or known plaintext that contains repeated letters.

Re:Probably weaker than Enigma

[DamnStupidElf]

It looked a lot like RC4 at first glance. E.g. in a cipher feedback mode where the ciphertext letter of the last operation is the plaintext input to the next operation, its output may be more secure as a stream cipher than its intended usage.

Re:Probably weaker than Enigma

[dredwerker]

I love this "twizzling" with regards to ciphers it makes me smile. It should be a registered word in the cracker's arsenal. There is an interesting idea a register of known industry standard words for each area.

Re:Probably weaker than Enigma

Hi Animats,

Your analysis is not correct for nonlinear systems like Chaocipher. Although each alphabet changes slightly each pair enciphered, the disks/alphabets are highly coupled to each other in an autokeying fashion. Changing one plaintext letter garbles the decipherment completely after two or three steps.

The proof of the pudding is, can you solve Exhibit 1 using the method you describe? A posting in the Crypto Forum (http://s13.zetaboards.com/Crypto/single/?p=8002450&t=6713216) shows the matching plaintext and ciphertext pairs for the first 1,100 letters in Exhibit 1. Can you derive the starting alphabets given this plethora of pt/ct pairs?

No armchair cryptanalysis here. Are you up to the task of backing up your opinion?

Re:Probably weaker than Enigma

Ah, the joys of armchair analysis .

The twizzling makes *all* the difference, injecting a high degree of nonlinearity into every step. The disks/alphabets are highly coupled to each other in an autokeying fashion. Changing one plaintext letter garbles the decipherment completely after two or three steps.

The proof of the pudding is, can you solve Exhibit 1 using the method you describe? A posting in the Crypto Forum (http://s13.zetaboards.com/Crypto/single/?p=8002450&t=6713216) shows the matching plaintext and ciphertext pairs for the first 1,100 letters in Exhibit 1. Can you derive the starting alphabets given this plethora of pt/ct pairs?

No armchair cryptanalysis here. Are you up to the task of backing up your opinion?

Re:Probably weaker than Enigma

[synth7]

I've been reading The Codebreakers (the original 1967 printing) and this particular device would rank in the "possible, though time-consuming to solve" category, as a shifting monalphabetic cypher. And, no, most people aren't going to be up to the challenge of breaking it themselves since a good deal of practice and a lot of time is needed to crack apart a given encryption of this kind... more or less time depending upon the volume of traffic and the nature of the data encrypted. (Knowing that a message will begin with the date or a "Dear Sir" can make a huge difference.) I will rely upon the expert opinion of the authors and the cryptographers who no longer use such devices as sufficient proof that such devices are, in and of themselves, not terribly good at resisting cryptanalysis. However, if you use this device to superencrypt and already reasonably secure message consisting of codegroups with many polyphones and homophones, then you'll certainly give the cryptanalysts a run for their money. (Caveat: I may be totally wrong... I don't know enough about the subject or this device to do other than a base comparison of it against similar devices and schemes from the same period.)

Starker! Zis is die CHAOCIPHER!

[grcumb]

"Starker! Zis is die CAOCIPHER! The CAOCIPHER doesn't go 'PHTHHHHBBBBTTT!!!'"

"But Siegfried, look. See, right here betveen ze CHGFYTTSSXHS und ze KJHJHLRUUIGE."

"Ah. Yes. Vell zen, carry on."

[It's funnier when you say it out loud. Trust me. Your workmates will love you for it.]

Re:Starker! Zis is die CHAOCIPHER!

[AJWM]

Wouldn't that be the KAOSYPHER?

Re:Starker! Zis is die CHAOCIPHER!

[BazilBBrush]

The European Commission has just announced an agreement whereby English will be the official language of the European Union rather than German, which was the other possibility.

As part of the negotiations, the British Government conceded that English spelling had some room for improvement and has accepted a 5-year phase-in plan that would become known as "Euro-English".

In the first year, "s" will replace the soft "c".

Sertainly, this will make the sivil servants jump with joy.

The hard "c" will be dropped in favour of "k".

This should klear up konfusion, and keyboards kan have one less letter.

There will be growing publik enthusiasm in the sekond year when the troublesome "ph" will be replaced with "f".

This will make words like fotograf 20% shorter.

In the 3rd year, publik akseptanse of the new spelling kan be expected to reach the stage where more komplikated changes are possible.

Governments will enkourage the removal of double letters which have always ben a deterent to akurate speling.

Also, al wil agre that the horibl mes of the silent "e" in the language is disgrasful and it should go away.

By the 4th yer people wil be reseptiv to steps such as replasing "th" with "z" and "w" with "v".

During ze fifz yer, ze unesesary "o" kan be dropd from vords containing "ou" and after ziz fifz yer, ve vil hav a reil sensibl riten styl.

Zer vil be no mor trubl or difikultis and evrivun vil find it ezi tu understand ech oza.

Und efter ze fifz yer, ve vil al be speking German like zey vunted in ze forst plas.

Unt Ze drem vil kum tru.

Re:Starker! Zis is die CHAOCIPHER!

mods? hello? a nice, dry chunk of literary humor like that gets passed over? come on now...

Re:Starker! Zis is die CHAOCIPHER!

An interesting update to Mark Twain's "A Plan for the Improvement of English Spelling". Authorship of that piece is up for debate, of course, but still funny and worth the read.

Posted anonymously because I have modded this discussion.

Re:Starker! Zis is die CHAOCIPHER!

I could actually read all of that with no problem. I must be a nazi.

Re:Starker! Zis is die CHAOCIPHER!

[Chih]

This still makes me laugh :)

Re:Starker! Zis is die CHAOCIPHER!

Missing step

Remove excess space to create minimum word length of 26 characters.

Re:Starker! Zis is die CHAOCIPHER!

[KDR_11k]

No, a German would likely mispronounce the CH there. Different people would likely pick different pronunciations.

Re:Starker! Zis is die CHAOCIPHER!

its funny but it's really old funny.

Re:Starker! Zis is die CHAOCIPHER!

Except that chaos is a german word, and pronounced more or less ka:os.

Re:Starker! Zis is die CHAOCIPHER!

[Teun]

A British nazi?

Because from a continental European's point of view the main problem with English is the oddball pronunciation of the vowels, not the Latin origin consonants.

Re:Starker! Zis is die CHAOCIPHER!

[Teun]

Typical for someone who's mother tongue is English

The main problem for continental Europeans with the pronunciation of English is that weird thing called The Great Vowel Shift .
We are all fairly accustomed to the English' Latin-style spelling of the consonants and pronouncing a hard 'c' as a 'k' or the 'ph' as an 'f' is not too hard to do on the fly.

But the change away from the original Germanic and even Latin pronunciation of the vowels yet leaving the spelling in tact is really weird.

Re:Starker! Zis is die CHAOCIPHER!

[JSG]

Thanks for the link.

I notice by reading down to the bottom, that at least German and Dutch also underwent a Great Vowel Shift of some sort. Also I notice that one of the reasons for the English one is given as becoming more French.

Now without being an expert in linguistics, and allowing for the fact there are rather a lot of other European languages than those I mention above, what is your beef with English exactly with respect to some sort of idealized vowel pronunciation?

From what I can see, our methods of pronunciation are no stranger than anyone else's.

Besides, the regional differences in GB alone mean that many vowel sounds that you might recognize are quite valid somewhere.

There is no such thing as a correctly pronounced en - unless you qualify that with at least a country eg en_GB. Even then you are still skating on really thin ice, despite the modern day trend towards homogeneity of the language and pronunciation due to population diffusion.

en_GB_janner != en_GB_geordie, where != means barely understandable by, unless both are drunk or have an alternative means of communication such as paper and a blunt crayon.

Yes, English is - in linguistic circles - defined as a "Germanic language" but there is far more to it than that. You might like to reflect on the Brythonic, Cumbric, Gaelic, Galic, Cornish, French, Latin, Saxon, Angle, Danish and Norwegion and other influences for example. I'll accept that some of those are also Germanic. We have been invaded/merged/warred with culturally and otherwise just as often as any other European piece of land. As a result English is just as richly "weird" as any other language.

I suspect that you'll find that you'll still be understood by a native English speaker even if you rotate your vowels randomly - they are handy (cf Egyptian hieroglyphics) but you can mess them around.

Oh and intact is one word.

PS You don't get a prize for working out what a janner or a geordie is but you will get a sense of a research job done well.

Re:Starker! Zis is die CHAOCIPHER!

[Jane+Q.+Public]

A geordie is a guy who works in engineering and wears part of an automotive air filter over his eyes.

Re:Starker! Zis is die CHAOCIPHER!

[Teun]

I have no beef with the English pronunciation, be it regional or 'Standard' :)

I was just commenting on the implied 'wish of continentals' worded in the old joke.

Yes continental Europeans do initially have a problem with the English pronunciation but that's not with the consonants which seem to be the main subject of the joke.

Indeed, seen from an international perspective there is no such thing as a 'correct' pronunciation (or spelling!), yet we Europeans all use the Latin alphabet and I don't think it's far fetched to see its original pronunciation as a sort of common basis.

As mentioned Dutch and German went through their own (smaller) vowel change, interesting is that Dutch had another vowel change that more or less returned us to the older version.

It's just that a European student new to English will have a natural inclination to pronounce English somewhat like it used to sound when the spelling was standardised, that's before the great vowel shift.

Re:Starker! Zis is die CHAOCIPHER!

[Genrou]

Zer vil be no mor trubl or difikultis and evrivun vil find it ezi tu understand ech oza.

Yu mispeld "evriun".

Re:Starker! Zis is die CHAOCIPHER!

[TangoMargarine]

Typical for someone whose mother tongue is English

FTFY.

Re:Starker! Zis is die CHAOCIPHER!

Italian has only 33 pronunciations of the letters in its alphabet English has over 1 000.

Re:Glad parent is modded "Insightful"

[buckeyeguy]

Now that Slashdot has been taken over by 4chan, the least they could do is change the logo at the top of the page.

Re:BS Karma whoring

Yes, but sparing Slashdot readers from having to read TFA is a much greater service than saving them from having to Google.

Re:BS Karma whoring

[pspahn]

You do realize that for someone to find the comment posting the video link, they already waded through a bunch of silly comments and garbage.

Sparing /. readers from /. itself is sometimes the best service.

Since this is /.

[Dracos]

YYWVOXWTHYZIYTOJYJWAVNVFIZHE

Re:Since this is /.

[MobileTatsu-NJG]

YYWVOXWTHYZIYTOJYJWAVNVFIZHE

Wait.. wait.. I can translate this:

Yo mama... sleeps.. with.. her dog?

Hey!

Re:BS Karma whoring

Unless of course they noticed the summary mentioning YouTube and did a search for "www.youtube.com" and found it that way.

The really interesting thing about this machine

[VORNAN-20]

is that it can be built by anyone with intermediate carpentry/model-making skills. This is not the case with Enigma, for example, that is in the advanced electromechanical category. Definitely deserves an A for excellent design and first-rate results with minimally advanced technology.

Fitted?

WTF?

+5 English Fail

"Fitted" inside a box? At least in America, the proper term would be "fit" inside a box.

And these guys claim to be editors...

Re:+5 English Fail

What does America have to do with anything?

I thought we were talking about English.

The perl script from the pdf

http://chaociphersim.pastebin.com/bdFUZ52R

hehe..

LDNVL9ZUAKB UQDCW2CWVNVP1J1QQBJ1F5A6

Let me guess ...

don't rely on security by obscurity.

The problem is the one-time key (base setting)

[Kupfernigk]

This is exactly the same as with Enigma. What matters is the initial setting, which is a key. If the base setting is always the same, then the decoding of one message works for all. The difficulty is to find a way of distributing the initial key securely, given that it needs to be changed very frequently. Any system which can be compromised if a station is captured becomes useless until all stations have new key sets - difficult for a spy network in wartime, or even a submarine fleet.

Given the Enigma architecture, it was the capture of a German weathership and later a submarine by the Royal Navy that did most for German Enigma decryption.

Why it wasn't broken

[DerekLyons]

It looks to me like the code was never broken mostly due to the lack of sufficient ciphered material to analyze, not due to any significant property of the machine. To break polyalphabetic systems like this, you need a lot of ciphered material to analyze.

Chaocipher and chaos theory post...

[nickpelling2]

I've just put up a follow-up Chaocipher post which discusses the parallels between Byrne's cryptography and chaos theory, if you're interested. :-)