Re: Which paper and pencil cipher to use ?

From: Roger Fleming (roger_for_nntp@hotmail.com)
Date: 01/21/03 

From: roger_for_nntp@hotmail.com (Roger Fleming)
Date: 21 Jan 2003 07:38:45 -0800

"Mike South" <miso@someplace.net> wrote in reply to me:
[...]
> I agree too, let's put this in the FAQ.

One thing I would add to my previous list is that we need "rules" for
the P&P cipher. In previous discussions it has generally been observed
that it is pointless to design a P&P cipher if you can get access to
modern electronic equipment, so the scenario usually presented is that
you must be able to conceal your apparatus from an oppressive Secret
Police organisation. (Since I am re-reading "Between Silk and
Cyanide", I would suggest thinking of Resistance fighters trying to
evade the Gestapo while still communicating with London). With this in
mind, I would suggest the following categories:
I. A pure P&P cipher, which can be entirely memorised, and only
requires paper for working through the details. In BS&C, this would be
poem codes and MOPs. VIC is also category I, as is
Playfair-transpose-Playfair.
II. A cipher which requires additional apparatus, which however can be
quickly assembled from common items and stripped back down after use.
Solitaire and reduced RC-4 are of this category. A while ago someone
also suggested a PRNG requiring an ordinary 4 function calculator;
that would also be category III.
III. A cipher requiring apparatus which cannot be easily disposed of,
but for which the covert function is not obvious. A book cipher falls
into this category.
IV. A cipher requiring obviously suspicious apparatus, but which is
(you hope) easily concealed. In BS&C, WOKs and LOPs fell into this
category.

> 1. I'll stick with double transposition, which can be broken with
> enough messages by multiple anagramming. For few messages, it
> is fairly secure provided the lengths of the messages are of
> different lengths -- I suspect the lengths should be relatively
> prime, but I've never tried to prove that.

I understand, unfortunately, that there is a modern cryptanalytic
technique that breaks double transposition fairly fast (in computer
terms). It works on the basis that DT exhibits fairly poor key
avalanche, i.e. keys that are close to the correct one often show
short chunks of coherent text between the gibberish. On this basis the
full key can be found by a hill climbing algorithm.

Transposition is still useful for separating/diffusing the pieces from
polygraphic or fractionating systems, however I'm not sure there's
much advantage in making it a double transposition for this case -
especially as you've just added yet another operation, and DT was
already considered to be near the limit of practical difficulty.

> There are people with amazing anagramming skills, and the double
> transposition even with a few messages may fall to these people
> if the key is not long enough. A guy named Joseph Courville wrote
> a paper on solving double transpositions, which may be available
> yet.
>
> 2. the book cipher used as page, line, and word indicators,
> not as a running key. I think this is rather difficult to use
> because another encryption must be used for words not in the
> book, and practically speaking, a concordance is needed.

I've no idea how to go about breaking a book cipher, but apparently it
can be done; more clueful users seem to have super-enciphered the
output of a book cipher. Obviously if the Gestapo find your book when
they arrest you (and apprehend its significance), they will easily get
all your back traffic. Superencipherment will help with this, but only
if the superencipherment step is itself fairly robust.

> Also, the user is supposed to select words at random, which is
> a tall order. Most of us cannot do that without mechanical
> help. Maybe the concordance can arrange the indexes to a word
> randomly.

IMHO the randomised concordance would break the rules of a P&P cipher
in that it is a highly suspicious item for the Gestapo to discover
(hence Category IV) yet also rather difficult to conceal. If we could
have apparatus like that, I would just have PocketC on my Palm Pilot
and whip up RC4 or TEA whenever I needed it (& delete it afterwards).

> I'm still skeptical. I suspect there is NO pencil and paper
> cipher that is both practical and secure for the specified
> period of several months.

Well, there's varying degrees of practical, too. On the one hand,
agents hiding in ill-lit barns and working on damp notebooks with the
bloodhounds baying in the distance, found double transposition so hard
that a cryptanlysis team was required in order to reliably receive
messages. On the other hand Reino Hayhanen succesfully used the VIC
cipher within the US for 5 years. VIC is _much_ more complex than
double transposition, and it was only broken after he defected and
revealed the key.

Cheers,
Roger

Quantcast