Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Isochronous CipherText Beats Brute Force Statistical Mapping.
34 views
Skip to first unread message
austin...@hotmail.com
May 16, 2012, 9:42:47 AM5/16/12
to
A very good treatment of this topic is to be found in Simon Singh – “The Code Book “ under both ‘Kasiski’ and ‘Babbage’.
I am claiming that this method of cryptanalysis by brute force that depends on the natural frequency of occurrence of characters is impossible in my “Displacement Cryptography”.
It is simply impossible to implement this attack using comparator tables of frequency in the first place since these tables are difficult to construct and so physically incongruent they are worthless as comparisons in this case.
The reader may be interested in my analysis of isochronous ciphertext however that puts the kibosh on that attack for all time.
Isochronous means all items of ciphertext having equal frequency of occurrence. This rules out statistical mapping by a brute force program unless there is some sensible proportionality between them in the first place which of course could not be further from the truth in the samples to hand or those envisaged for future.
In this cryptography, the ciphertext vector is what is known as a ‘bound vector” i.e it starts and finishes at the same unique points in space and cannot be translated around space like some other vector types (free vectors and sliding vectors). It is ‘fixed’ by its starting point and finishing point and any claim that a repeat ciphertext has occurred must satisfy this rule
What I want to demonstrate here is this, the starting point i.e. the origin of the ciphertext vector is a point designated by the instantaneous change-of-origin vector that in practice is called sequentially from a large array of such vectors in a computer. This determines the starting point of the ciphertext vector and the terminal point (the end point) is determined by the position vector called Pn as that is calculated for each corresponding plaintext as the encryption goes on in the computer.
The Chances of a Repeat Ciphertext Occurring.
1 ) This cannot possibly happen ever if the size of the array of non-repeating change-of-origin vectors is purposely kept lower than the message length i.e say an array of say 30000 elements of change-of-origin vectors will service a message length of 30000 alphanumeric characters from ASCII.
2) This array can be re-used by wrapping back to the beginning and making possible a larger message length that might then have a repeated ciphertext item but against great odds.
Example.
The cipher to hand on (free download http://www.adacrypt.com - see Skew Line Encryptions – The Eventual Cipher) has an array of 15000 change-of-origin vectors and an array of 1000 'normal' vectors that are often reused by wrapping back to the beginning in each case when a large message-length is being encrypted.
If I want a ciphertext string that has no repeats guaranteed, I can purposely keep my message length down to 15000 characters so as not to cause the array to wrap back to the beginning when it is then impossible for a repeat to occur.
If I am not ‘fussed’ by a repeat occurring, I can settle for my arrays to wrap back to the beginning any time I like and the chances then of a repeated ciphertext (just one only repeat) occurring is I in 15 million or thereabouts.
Clearly this event is not of any use to a cryptanalyst who would be needing thousands of repeats to be able to do any worthwhile comparison mapping in his brute force program.
Either way it can be said that “Isochronous Ciphertext” (or ciphertext very close thereto i.e involving not more than a few repeats) is the death knell of brute force cryptanalysis in this form of cryptography for all time.
It is worth remembering (in the classroom possibly) that the ciphertext can invariably be modelled as a ‘bound’ vector as a basis for discussion of this important topic.
- adacrypt
I am claiming that this method of cryptanalysis by brute force that depends on the natural frequency of occurrence of characters is impossible in my “Displacement Cryptography”.
It is simply impossible to implement this attack using comparator tables of frequency in the first place since these tables are difficult to construct and so physically incongruent they are worthless as comparisons in this case.
The reader may be interested in my analysis of isochronous ciphertext however that puts the kibosh on that attack for all time.
Isochronous means all items of ciphertext having equal frequency of occurrence. This rules out statistical mapping by a brute force program unless there is some sensible proportionality between them in the first place which of course could not be further from the truth in the samples to hand or those envisaged for future.
In this cryptography, the ciphertext vector is what is known as a ‘bound vector” i.e it starts and finishes at the same unique points in space and cannot be translated around space like some other vector types (free vectors and sliding vectors). It is ‘fixed’ by its starting point and finishing point and any claim that a repeat ciphertext has occurred must satisfy this rule
What I want to demonstrate here is this, the starting point i.e. the origin of the ciphertext vector is a point designated by the instantaneous change-of-origin vector that in practice is called sequentially from a large array of such vectors in a computer. This determines the starting point of the ciphertext vector and the terminal point (the end point) is determined by the position vector called Pn as that is calculated for each corresponding plaintext as the encryption goes on in the computer.
The Chances of a Repeat Ciphertext Occurring.
1 ) This cannot possibly happen ever if the size of the array of non-repeating change-of-origin vectors is purposely kept lower than the message length i.e say an array of say 30000 elements of change-of-origin vectors will service a message length of 30000 alphanumeric characters from ASCII.
2) This array can be re-used by wrapping back to the beginning and making possible a larger message length that might then have a repeated ciphertext item but against great odds.
Example.
The cipher to hand on (free download http://www.adacrypt.com - see Skew Line Encryptions – The Eventual Cipher) has an array of 15000 change-of-origin vectors and an array of 1000 'normal' vectors that are often reused by wrapping back to the beginning in each case when a large message-length is being encrypted.
If I want a ciphertext string that has no repeats guaranteed, I can purposely keep my message length down to 15000 characters so as not to cause the array to wrap back to the beginning when it is then impossible for a repeat to occur.
If I am not ‘fussed’ by a repeat occurring, I can settle for my arrays to wrap back to the beginning any time I like and the chances then of a repeated ciphertext (just one only repeat) occurring is I in 15 million or thereabouts.
Clearly this event is not of any use to a cryptanalyst who would be needing thousands of repeats to be able to do any worthwhile comparison mapping in his brute force program.
Either way it can be said that “Isochronous Ciphertext” (or ciphertext very close thereto i.e involving not more than a few repeats) is the death knell of brute force cryptanalysis in this form of cryptography for all time.
It is worth remembering (in the classroom possibly) that the ciphertext can invariably be modelled as a ‘bound’ vector as a basis for discussion of this important topic.
- adacrypt
bert
May 16, 2012, 11:31:38 AM5/16/12
to
On Wednesday, May 16, 2012 2:42:47 PM UTC+1, austin...@hotmail.com wrote:
> I am claiming that this method of cryptanalysis by brute force
> that depends on the natural frequency of occurrence of characters
> is impossible in my “Displacement Cryptography”.
A cipher which is proof against one particular
> I am claiming that this method of cryptanalysis by brute force
> that depends on the natural frequency of occurrence of characters
> is impossible in my “Displacement Cryptography”.
cryptanalytic attack is not necessarily proof
against some other attack. The literature of
cryptography is awash with examples of this.
--
rossum
May 16, 2012, 5:44:35 PM5/16/12
to
Kupiecka. The Caesar cypher is completely resistant to differential
cryptanalysis, better even than AES. It also has good resistance to
linear cryptanalysis. Those ancient Romans knew their stuff,
cryptographically.
[1] http://www.anagram.com/jcrap/Volume_3/caesar.pdf
rossum
Peter Fairbrother
May 16, 2012, 10:20:02 PM5/16/12
to
Brute force cryptanalysis exists, and so do several methods of
cryptanalysis based on the frequency of occurrence of characters, but
not "cryptanalysis by brute force that depends on the natural frequency
of characters".
By definition (try every possible key in non-significant order), brute
force cryptanalysis has nothing whatsoever to do with the frequency of
characters.
"Brute Force Statistical Mapping" doesn't exist either, or if it does I
don't know what it is.
Neither does so-called Isochronous Ciphertext of useful message length
- for instance, it isn't possible to construct a binary sequence of
length greater than two bits where "the separate items of the ciphertext
[sequence] have a frequency of just one".
I think what the OP is trying to say is that given a ciphertext in
alphabetic form, where perhaps the alphabet is very large, if at most
one instance of each letter occurs in a ciphertext then cryptanalytic
methods based on analysing the frequencies of incidence of letters will
fail.
On first glimpse this may seem both immediately obvious and correct -
but unfortunately it is neither.
First, an analyst may have access to many ciphertexts under the same
key, and he can count the frequencies in all the the texts - this would,
for example, defeat a Caesar cipher even if the maximum occurrence of
each letter in each ciphertext was limited to 1, but the whole length of
ciphertext was comparable to the length of the alphabet.
Second, even if the analyst has only one ciphertext, the occurrence of a
particular letter in a ciphertext may tell the cryptanalyst something
about the key, or the plaintext - whether it does in a particular case
doesn't matter, the simple fact that it might in some cases disproves
the hypotheseis above.
Exercise - construct a counterexample where the existence of a letter in
a ciphertext tells the analyst something useful about the plaintext or key.
More subtly, combinations of single instances of letters may be
significant. I'll try and explain this as simply as I can, but the
example will be a bit contrived - it's still a valid counterexample
which disproves the theorem however.
As an example, suppose a cipher based on a Caesar substitution followed
by a permutation, in the english alphabet, and suppose we know the word
"the" is the first word in the single (very short) plaintext.
If we assume "t" changes to "a" in in the Caesar part before the
permutuation, so "the" changes to "aol" then, if we do not find an "a"
and an "o" and an "l" we know the assumption was wrong, and we try and
see if "t" may have changed to "b", and so on. Depending on ciphertext
length we might get more than one candidate, but we will get at last one.
Then we pass the candidate(s) to the permutation-solving part of the
analysis, and knowing the positions of three letters in the before- and
after- texts this shouldn't take long to solve.
A perhaps simpler example - a straightforward permutation cipher. One
way to solve them is to anagram them - and this is a lot easier if there
is only one example of a letter in the ciphertext.
BTW, this was a real issue in WW2, where in order to get better security
from a badly-chosen permutation cipher, SOE agents had to send messages
of at least 200 characters long, leaving them open to wireless
detection, location and arrest by the Gestapo.
It might not be immediately obvious, but both these examples depend on
knowing the frequency of distribution of the letters in the plaintext;
either 0 or 1.
rushed, so this is not checked to my usual standards
-- Peter Fairbrother
-- Peter Fairbrother
Noob
May 18, 2012, 4:57:18 AM5/18/12
to
rossum wrote:
> I particularly like, 'Cryptanalysis of Caesar Cipher'[1] by Malgorzata
> Kupiecka. The Caesar cypher is completely resistant to differential
> cryptanalysis, better even than AES. It also has good resistance to
> linear cryptanalysis. Those ancient Romans knew their stuff,
> cryptographically.
>
> [1] http://www.anagram.com/jcrap/Volume_3/caesar.pdf
Note to the unwary, "jcrap" stands for "Journal of Craptology".
> I particularly like, 'Cryptanalysis of Caesar Cipher'[1] by Malgorzata
> Kupiecka. The Caesar cypher is completely resistant to differential
> cryptanalysis, better even than AES. It also has good resistance to
> linear cryptanalysis. Those ancient Romans knew their stuff,
> cryptographically.
>
> [1] http://www.anagram.com/jcrap/Volume_3/caesar.pdf
http://www.anagram.com/jcrap/
Regards.
0 new messages