Thursday, October 12, 2017

DIANA - A Fast Reciprocal One Time Pad Table

There are various ways to perform one-time pad encryption with letter pads. The Vigenére table is a well known method to encrypt or combine plain and key text into cipher text and vice versa. However, Vigenére has some serious drawbacks. It is cumbersome, time consuming and finding the cross section between letter and key is prone to mistakes. Also, key and cipher text must be processed in the same order by both sender and receiver.

A way faster and easier system is the reciprocal DIANA table. For each column letter there is a normal alphabet and a reversed alphabet. For each column, the reversed alphabet is shifted one position against the previous reversed alphabet and the table is statistically secure (1/26 chance to produce any cipher letter). Such reciprocal tables come in various formats but they all use the same principle. Note that this table is not compatible with the Vigenére table.

Thanks to its reciprocal properties, encryption and decryption are identical and require only a single column. The order of plain, key and cipher letter don't matter and may even differ for sender and receiver. The table is easy to use and it's virtually impossible to make a mistake.

The DIANA Reciprocal One-time Pad Table ( download .txt file format)

To encrypt, we either write plaintext under key or key underneath plaintext. The choice is yours. For each combination of key and plain letter we take the table column that corresponds to the first letter and search underneath it for the second letter on the left. The lower-case letter to its right is the result.

In the example below we wrote the plaintext above the key. To encrypt T with X, find column T in the table, go downward to letter X and find cipher letter j at its right. Thanks to the reciprocal system it doesn't matter whether you combine T with X or X with T. Quite handy!
Plaintext : T H I S   I S   S E C R E T
OTP-Key   : X V H E   U W   N O P G D Z 
Ciphertext: J X K D   X L   U H I C S H

In groups : JXKDX LUHIC SH
To decrypt, take column X, go downward to J and find plain letter t at its right. Again, the order of key and cipher letter don't matter. The beauty of this system is the ease and speed of finding plain and cipher letters in whatever order you like best.

There is also a method to memorise the DIANA table and speed up the process even more. When encrypting F + G = O, we can decrypt this as O + G = F, but also as G + O = F. We call this the trigram combination FGO. Because of the reciprocal property, we can use the trigram FGO for any possible combination, that is, FGO, FOG, OFG, OGF, GFO and GOF.

Thus, if you encrypt or decrypt any letter from a trigram with another letter from that trigram you will always get the remaining letter of that trigram, regardless of the order. We therefore only need to remember the trigram FGO and instantly know every variation of the trigram. This reduces the number of combinations to memorise from 676 to 126. FGO can easily be remembered as the word "FOG".

Any user can create his list of mnemonics by memorising the 126 possible trigrams in any desired order. Some other examples are TAG (derived from AGT), BAY (derived from ABY), AIR (as itself), FDR (Franklin D Roosevelt, derived from DFR), HRB (HR Bureau), NNZ (Northern New Zealand), AMN (A-Mu-Nition), BGS (Better Get Smart), MBM (My Best Mate), JTX (Jump The Ex), VHX (Very Hot Ex), WXG (Wild X-Games) or OXO (the game). Tickle your imagination to find your own.

Everyone has his own connotations to easily remember the trigrams. Well trained operators can encrypt and decrypt on-the-fly at high speed without using any table, which is sheer impossible with Vigenére's 676 bigram combinations.

The full list of trigrams (in alphabetic order) to be memorised as any desired combination (e.g. ABY is also AYB, BAY, BYA, YAB and YBA):


With one-time letter pads, punctuations and figures in the plaintext are usually spelled out. However, to limit the message length you generally omit punctuations where it doesn't affect readability. Alternatively, you could use rare letter combinations as a prefix to convert figures or punctuations into letters, for instance QQ or XX.

In that case XXF could be used to switch to figures and XXL to switch to letters, with ABCDEFGHIJ representing the digits 1234567890. Thus, 2581 would become XXFBEHAXXL or XXFBBEEHHAAXXL to exclude errors, which is more economical than having to write out 2581 in letters. XXP could be a period, XXK a comma and XXS a slant. XXC could be Code, a prefix for three or four-letter codes to replace long words or sentences, like XXCABC, where ABC represents “Request further information” or "My location is..."

And the best of all, one-time pad encrypted messages are absolutely unbreakable if the one-time pads are used once only (hence one-time) and destroyed immediately after use. Of course, the letters should be truly random (no algorithm based pseudo-random) and generated either by hardware or a dedicated computer, never connected to the Internet, and printed on a dedicated printer.

You can download the Reciprocal OTP Table and the Reciprocal Trigram List (right-click and save). More technical and historical information about various one-time letter pads and one-time figure pads at Cipher Machines and Cryptology.

Saturday, September 16, 2017

The Spy Sons Long Way Back

I already wrote about Jack Barsky and how a spy career and family life don't always mix that well. I mentioned Tim and Alex Foley, the sons of Donald Heathfield and Tracy Foley who were arrested by the FBI in 2010. Their parents' real names were Andrei Bezrukov and Elena Vavilova, two illegal agents of the Russian intelligence agency SVR. After their trial, the spy couple and their sons Alex and Tim, then aged 16 and 20, were expelled and put on a plane to Russia, together with eight other illegals. It was the biggest spy swap since the Cold War after a decade long operation to uncover a large spy ring in the United States.

Alex and Tim Foley (now Vavilov)  in 2010

Alex and Tim, who now carry the surname Vavilov from their mother, were born and raised in Canada, briefly lived in France and then settled with their parents in the United States. They never knew anything else than the fake family history, fabricated by the SVR. Despite the fact that they testified never knowing about their parents' spying career, they were also stripped from their Canadian citizenship. Since they left the United States, they are in a legal battle to get back their Canadian citizenship and return home to pick up their old life. The only life they ever knew. 

Now, a Canadian federal court ruled that Alex Foley's citizenship should be restored. The Canadian Security Intelligence Service (CSIS) however says that his older brother Tim knew about the secret life of his parents and that he was sworn in by the SVR. At McLean's you can read about their struggle to return to their old life and the current legal battle. Fascinating story, but again, a spying career can put a heavy burden on your kids. More spy family trouble in a previous post.

Below a July 2017 interview with Elena Vavilova about her work as illegal SVR agent, raising Tim and Alex and how it was to live in the United States. In a way, she's the real Elizabeth Jennings from The Americans, the acclaimed Netflix series, inspired by this spy case (non-russian speakers can set translated subtitles).

Thursday, August 10, 2017

Secret Splitting Revisited

I wrote about secret splitting some ten years ago and decided to fresh things up and create a new easy-to-use template. You only need a pen, paper and first grade math to obtain absolute security. But first, a quick reminder on what secret splitting is, how it works and why everyone should know this interesting system.

Secret splitting (also called secret sharing) enables you to split a secret code into multiple shares and give those shares in the custody of several persons. Retrieving the original code is only possible if the shareholders agree upon putting their shares together. The secret could be the code to a combination lock, safe deposit box, electronic key or password. You can split passwords to access a computer, encrypted files, a digital lock to enter a building or disable an alarm system.

An interesting property of secret splitting is that more people with shares means more security, because more people have to agree on putting their shares together, which is the opposite of sharing the secret itself, where more people means more risk.

There are many useful applications for secret splitting where you need to delegate access to your secret code in a specific situations. You can appoint several persons that will be able to open your safe with money or critical information in case of emergency. None of them can act alone and a single trustworthy person among them is enough to prevent misuse.

A parent who has stored his money, documents or valuables in a safe deposit box can split the number combination and all children receive a share. In case of emergency or the parent's decease they can only access the safe when all of them agree upon opening the safe. Each shareholder can even split his own share again into two shares, to hide his sub-shares separately as backup or destroy his original share and store his sub-shares at different places to increase security.

You can use secret splitting for secure remote delegation through insecure channels. Create a share for yourself and one or more shares for other persons. This way, you can be on the other side of the world and send your share to all other shareholders to give them access to a computer file or the pin code of a credit card, to name a few. The shareholders can only retrieve the code at the moment that you decide to give them your share and they all need to agree. You can use any insecure method like e-mail, chat or telephone to send your share, because that single share never reveals any useful information to an eavesdropper.

The template to create your own secure shares (download pdf here)

For our template we use the method where all shares are required to retrieve the original. It is mathematically impossible to retrieve the original if a single shareholder refuses to disclose his share. This method is information theoretically secure, read unbreakable.

There is another method, called secret splitting with threshold, which requires less shares than the total number of shares to retrieve the original. It's security is based on mathematical complexity. Unfortunately, this method does not guarantee information theoretical security.

Of course, you cannot simple cut a code or password in half or quarters, as this would reveal at least part of the code and provide clues to find the rest of the code or reduce the number of combinations to try out. The secret splitting we use is based on the principle of one-time pad encryption and all calculations are performed modulo 10 (addition without carry and subtraction without borrowing). The secret code is encrypted with one or more truly random keys and, in contrast to sending the encrypted secret to the receiver, we use the random keys and the encrypted code as shares.

We can only retrieve the original code when the encrypted code and all keys are put together. Take one share out of the equation and it will be mathematically impossible to decrypt the code. The only requirements are the use of truly random digits and, obviously, secure physical separation of the shares. The small number of required truly random digits are easily generated manually.

Secret splitting may sound complicated but it's quite simple to apply. If you can add and subtract, then you can create secure shares, and all it requires is a pen and paper. You can download the new version of the easy-to-use Secure Code Splitter which comes with clear instructions and examples, a blank calculation sheet and share template. More to read about secret splitting at my website.

Wednesday, July 26, 2017

Martha Peterson and TRIGON

Martha Peterson on her
1975 Russian driver license
The story of CIA operations officer Martha Peterson Shogi and her work related to Soviet spy Aleksandr Ogorodnik is quite remarkable and also sheds some light on how the two communicated in Moscow.

Martha 'Marti' Peterson, née Denny, met her first husband John Peterson at Drew University and married him in 1969. John enlisted as Green Beret to serve in Vietnam and was later hired by the Central Intelligence Service for covert operations in Laos. In 1971, Martha and John travelled to Laos. John was killed one year later in a helicopter crash during a mission Laos.

In 1972, the CIA recruited Aleksandr Ogorodnik, a Soviet diplomat at the Soviet embassy in Bogota, Colombia. He was given the codename TRIGON. Ogorodnik provided the CIA with communications between Soviet ambassadors in South America, giving the CIA an insight in Soviet foreign politics. In 1974 he was recalled to Moscow to work at the Soviet Ministry of Foreign Affairs. His new job provided him access to communications and reports of Soviet ambassadors from all over the world. The CIA struck gold.

Aleksandr Ogorodnik
Before leaving to Moscow, the CIA provided him with a pen with miniature camera to photograph documents, a schedule to make dead drops, special carbon paper for invisible writing and trained him in the use of these materials. Ogorodnik also insisted on having a suicide pill, to use in case he got caught. CIA provided him with such so-called L-pill, concealed in a pen.

Martha Peterson returned to the Washington after her husbands death and applied for a job at the CIA. She was hired as CIA operations officer and agreed to be sent to Moscow. She received operational training and took a Russian language course. Peterson arrived in Moscow in November 1975. At the age of 30 she became the first ever female CIA officer to be stationed in Moscow and was now responsible for the exchange of communications and spy items with TRIGON.

Peterson had an important advantage over here male CIA colleagues. The Soviet Intelligence Service did not believe that an American female would be a CIA officer and assumed that she was a low level clerk. Peterson was therefore never under surveillance and, in contrary to other CIA officers, could travel around Moscow without being followed.

Peterson never met TRIGON in person. He delivered photographed documents and messages through pre-arranged dead drops, mostly in parks. After extensive surveillance detection runs she collected the content of the dead drop a short time later, at the same time supplying him with a new pen-camera with film, instructions and one-time pad duplicates through that same dead drop which he in turn collected later on.

TRIGON used the one-time pads to decrypt messages that he received trough CIA numbers station broadcasts from West Germany. During such operations, Peterson always wore an SRR-100 surveillance receiver to intercept and detect KGB surveillance communications.

In early 1977, the CIA started worrying about the quality of the material that TRIGON provided and grew concerned about his security. Eventually, on June 26, TRIGON failed to retrieve a dead drop and there was no more communications. TRIGON neither showed up after a numbers station broadcast, instructing him to meet at a pre-arranged location on July 14.

In the evening of July 15, after the usual surveillance detection runs, Peterson arrived at the Krasnoluzhskiy railroad bridge over the Moscow river, near Lenin Central Stadium. At 2230 hours she placed a dead drop package, concealed as a hollow piece of concrete, in a niche in one of the bridge’s towers. As soon as she walked out of the tower she was grabbed by three men who immediately strip-searched her, took photos and put her in a van that drove straight to Lubyanka prison in KGB headquarters.

KGB photo of Martha Peterson's apprehension at the Krasnoluzhskiy bridge

Martha Peterson during the interrogation at Lubyanka prison
Peterson's arrival for interrogation was filmed (see video at 48:58). She was interrogated while all items from the dead drop package and her SRR-100 receiver were displayed in front of her.

The U.S. Consul was summoned to Lubyanka prison to explain who she was and what she was doing. The KGB had no other choice than to release Peterson because she had a diplomatic status as vice consul (which of course was a cover for her CIA work). She was returned to the U.S. embassy and flown to Washington the next day. Declared persona non grata, Martha Peterson would never return to Russia.

The displayed espionage items, retrieved from the dead drop, and the SRR-100 receiver

In 1978, the Soviets released the story in the Izvestia newspaper and the heavily publicised spy case also ended up in U.S. press. The Soviets alleged that Peterson smuggled poison to kill a Soviet citizen that interfered with a spy's criminal activities (see Washington Post archive June 13, June 15 and June 21, 1978). These accusations at the height of the Cold War were later proven false by the KGB itself.

The fate of Aleksandr Ogorodnik was unknown until the Soviets aired the 1984 TV series TASS Is Authorized to Declare (also on Youtube). Its script was almost a copy of TRIGON’s story. In that movie, the spy committed suicide during interrogation with a pill from his pen. KGB accounts confirmed that Ogorodnik was arrested a month before Peterson got caught. During interrogation, he pretended to write a confession, took the special pen and quickly used the L-pill.

However, even today accounts vary on what actually happened to Ogorodnik and some even believe that he was killed by the KGB. We will probably never know the real story. The CIA believes that Karl Koecher, an agent of the Czechoslovak intelligence service StB that infiltrated the CIA as translator and analyst, betrayed TRIGON to the Soviets.

Martha Peterson continued to work as CIA officer in operations, including 10 years of foreign assignments, married her second husband Joseph Shogi in 1978 and retired in 2003 after a distinguished 32 year career in the Agency.

More about Martha Peterson at her website Widow Spy, which is also the title of the book she wrote about her CIA career and the TRIGON case. The CIA published a short Featured Story on TRIGON. CNN's DECLASSIFIED page tells how she revealed her secret spy life to her kids, including several images of her Moscow era They also aired Trigon: The KGB Chess Game.

An account of Peterson's arrest is found at the The Espionage History Archive which also has the Russian view on the death of Aleksandr Ogorodnik. There's also a Russian documentary. More information about the equipment, used in this spy case, is found at the Cryptomuseum website. published TRIGON Numbers Station and on my website there's more on number stations and the use of one-time pads.

But who can explain everything better than Martha Peterson herself. The Spy Museum published the podcast Caught by the KGB where she tells about how she was captured by the KGB. Below her fascinating account (direct link) of her time in Moscow as case officer with many details on TRIGON. Highly recommended!

Wednesday, February 15, 2017

Crypto Box Challenge Solved by George Lasry

George Lasry
Great news from the Crypto Box Challenge, as George Lasry from Israel solved the final box! He's only the sixth person in more than nine years to complete the challenge. He took on the challenge in 2013 and, after various side tracks, including the completion of the Enigma Challenge, he succeeded cracking that last box.

George Lasry is a one.of-a-kind hobby cryptologist who evolved quickly into a well respected member of the classical cryptology community within a mere three years. It's the amazing story of a man who was searching for a new job in software development. Meanwhile, he wanted to train his programming skills and his interest in the Enigma machine lead him to the crypto challenges on my website. The Crypto Boxes were his first encounter with historical cryptography but the final box however proved a nut too hard to crack.

Giving up was not his cup of tea, so he started experimenting with various cryptanalytic techniques and quickly solved the complete Enigma Challenge with software he developed on his own. In search of new challenges he learnt about many cryptanalytic techniques and implemented various different types and combinations in his ever expanding software. Some other side tracks were the Mystery Twister C3 and the strong Double Transposition Challenge.

Searching a solution to a complex cipher is not simply writing some software to search for the solution or the proper key. It involves the development of complex fast algorithms for an exhaustive search, tailored for a specific problem, in combination with various methods to measure the success of the ongoing process and to proceed on a successful track.

The Crypto Box
He experimented with hill climbing, simulated annealing and used bigrams, trigrams, quadgrams and log quadgrams. A recent paper by Olaf Ostwald and Frode Weierud, Modern Breaking of Enigma Ciphertexts, explained the use of hexagrams. George had excellent results with this technique but the final Crypto Box remained unbroken. George finally solved the stubborn box on 14 February with a variation of simulated annealing, based on James Cowan's "churn" method, and even found three different keys to solve the box.

His journey through classical cryptology also draw the attention of some experts. George teamed up with German researchers and was encouraged to publish his techniques in the renowned Cryptologia journal. He started a PhD thesis and continued to solve various tough crypto challenges. His solution of the Double Transposition cipher caught the eye of people from Google, which eventually lead to his recruitment by Google.

I'm quite pleased to hear from George that my Crypto Box Challenge was his first encounter with classical cryptography and that the website inspired him to experiment with various cryptanalytic techniques, resulting in the successful decryption of the final Crypto Box. Congratulations George!

More about the challenges at Cipher Machines and Cryptology.