The Russian VIC Cipher

Hollow nickel message

Probably the most notorious pencil-and-paper cipher was the VIC cipher, named after Soviet spy Reino Hayhanen, codename Victor. In 1953, the FBI discovered a code message on a microfilm in a hollow nickel.

All attempts to break the message failed. Hayhanen eventually revealed the method to decipher the message when he defected in 1957. This cipher shows how strong encryption can be, without any crypto device or computer program.

The cipher used a date, a random number, and a 20 letter keyphrase to encrypt the message. The keyphrase was divided into two groups and transformed into a serie of numbers. Combined with the date and random number, they were used to generate 50 random digits by chain addition. The ten last digits were then used as header for a straddling checkerboard. The text is converted from letters into digits with this checkerboard.

A transposition, also based on the keyphrase, date and number, was used to generate a series of digits. Some of the generated digits served as a sequence header for a first simple transposition of the text (which was already encrypted with the checkerboard) and another part of the generated digits served as a header for a more complex disrupted transposition.

Despite being a pencil-and-paper cipher, it proved to be a highly secure cipher and the strongest ever, known to be issued for use in the field. Only Hayhanen's information enabled the FBI to reveal the content of the secret message.

More on the Hayhanen story can be found on the FBI site. A detailed description by David Kahn of  the original message and the VIC cipher is found in the CIA library, titled Number One From Moscow. Another example is found at John Savard's site. The SECOM cipher, similar to the VIC cipher, also uses a straddling checkerboard and double disrupted transposition, is found on my website.

Double Columnar Transposition

In this computer era, we could easily forget that cryptology goes back for thousands of years. Some encryption methods, performed by pencil and paper, are even today pretty secure, and can be applied 'in the field' without any devices. One of them is the Double Columnar Transposition. It was one of the strongest field ciphers, commonly used in World War II. If the key was used only for a limited number of small messages, it provided a very high security.

To perform a Double Columnar Transposition we write out the key as column header. The key is numbered in alphabetical order. If two letters of the key are the same, the first in the key gets the lowest number.

Plain text : THIS IS A SECRET MESSAGE
1st Columnar Key: LEONARDO
2nd Columnar Key: DAVINCI

Note that, in reality, two keywords or frazes with a length up to 20 letters each were used to encipher a message.

The plain text is written out in successive rows beneath the headers:

L E O N A R D O
4 3 6 5 1 8 2 7
---------------
T H I S I S A S
E C R E T M E S
S A G E

De code message is read off in columns in order of the headers:

First cipher text: ITAEHCATESSEEIRGSSSM

Next, we write it down again, in successive rows, and perform the second transposition.

D A V I N C I
3 1 7 4 6 2 5
-------------
I T A E H C A
T E S S E E I
R G S S S M

Again, we read off the ciphertext by the column and write down the text in groups of five:

The final cipher text: TEGCE MITRE SSAIH ESASS

To decode the message we first use the 2nd columnar key and than the 1st columnar key. We write out the header and reconstruct the table with long and short rows. We fill in the code column by column in the order of the key.

Although I would not advice this method to encrypt an encyclopedia (unless you expect to reach the age of 275), it can be used to secure a small amount of information you want to remember, using two passwords.

At my Hand Ciphers page there's more to learn more about various manual cipher systems. There's also the Cipher Classicc tool with various classical ciphers.

National Museum of Military History in Luxembourg

Enigma at display in Diekirch

In search of wartime equipment, some time ago I did a virtual recon of the Luxembourg National Museum of Military History in Diekirch. I discovered the presence of a German Enigma cipher machine.

Although the museum is located in a little corner in the center of Diekirch, there's an incredible amount of vehicles, material, weapons, and sceneries. Your eyes can't follow, walking through the exhibit rooms.

Since the museum is in the Ardennes, it's obvious that the main topic is the Battle of the Bulge. The sceneries give a good picture of how hard it was in those winter days in '44. Of course, my special interest went to the part with a large exhibit of communications equipment, even including complete Radio Shelter trucks, and not to forget, the Enigma and an American M-209 converter. The picture also shows a yellow AN-CRT3 Gibson Girl radio, just above the M-209.

If you ever get in the neighborhood, the Museum of Military History is a real must. It's located about 40 Km north of Luxembourg city. Even Ronald Reagan and Bill Clinton are on the visitors list. If you're interested in crypto machines, you could visit the Crypto Tourism Wiki site, with lots of crypto related locations to visit. It's a wiki based site, were you can add any info you might have on locations of crypto stuff.

 

More about the Enigma, other crypto machines and various cipher systems on Cipher Machines and Cryptology.

Man arrested for virtual theft

In Japan, a Chinese student is arrested for beating up and robbing characters in the online computer game Lineage II. The man robbed valuable virtual objects, including the "Earring of Wisdom" and the "Shield of Nightmare".

The items were then sold for real cash through an auction website. He used a character, controlled by a software bot, rather than a human player, making it unbeatable. Although this sounds funny, it seems that the border between cyberspace and crime is disappearing.

Soon, while playing a game on your PC, you could become victim of a virtual robbery, and some smug runs away with your virtual money... leaving your real bank account empty! A new warning will appear on software: Gaming can cause serious financial problems! Maybe we could pay virtual cops to hunt down those virtual criminals. Don't forget to feed the cop some virtual donuts.

NIST starts Iris Challenge Evaluation

Look in my eyes!

The National Institute of Standards and Technology (NIST) started the Iris Challenge Evaluation (ICE). They want to evaluate iris recognition on large scale. Iris recognition could proof to be a precise way to identify a person, just as fingerprints.

 

The ICE project wants to find out how accurate iris recognition can be. NIST will first team up researchers and academici to evaluate and improve current recognition systems, and then start a large scale evaluation on the systems. Goal is to assess the current level of performance, and promote development of current and new systems. Some of the sponsor are NIST, the Transportation Security Administration, the FBI and the national Institute of Justice.

All you want to know about iris recognition technology can be found at the Cambridge Faculty of Computer Science and Technology.

Pee-Powered Battery

Manneke Pis (pee boy) in Brussels

Physicists in Singapore developed the first urine-powered battery. The battery could be useful for cheap healthcare test kits for diseases like diabetes. The Pee-Battery can generate a voltage of about 1.5 volts by 1.5 milli-watts, using only 0.2 millilitres of urine.

 

It is not yet ready to power your laptop or car, but the performance of the battery could be improved by different designs or the use of other electrode or electrolyte materials. I like this idea. Imagine, iIf you get a low battery warning on your laptop, just open the lid and pee!

We finally have a solution to close down those nasty nuclear power plants! Each city its own famous Manneke Pis from Brussels, a potential vast source of electric power!

Unsolved Codes and Ciphers

Elonka Dunin

If you would like to test your code breaking skills, I can recommend the webspage Famous Unsolved Codes and Ciphers, created by American writer, cryptographer and game developer Elonka Dunin.

 

The page contains a large list of unsolved riddles in crypto history. If you can find a solution to any of these mystery's, you'll get famous in crypto world, and maybe even rich too! Let me know when you solved them all. Also check out Elonka's blog.

Dictionary of Security

Address book Food for worms, carried around by them to feed other worms.

AES Advanced Employment Securing. A mathematical system to protect jobs at the NSA.

Back Door Larger than front door and without any lock.

Brute Force Attack Type of information gathering by CIA.

CIA A division of NSA, specialized in gathering information by breaking bones, instead of codes.

Code Spoken message, difficult to understand when the speaker has the flu (Stu Savory).

Copyright The right to copy

Copytheft When someone has stolen your illegal copy.

Enigma It was an enigma to the Germans how the Allies could find their U-boats.

One-Time Key An easy to forget password.

Steganography A system to hide porn in another image. If detected, one believes the porn is used to hide a secret message.

Any suggestions to expand this dictionary most welcome !

Site Review: The Russian Fialka Machine

FIALKA M-125

Last year, I got some exiting news from Tom Perera. He managed to get his hands on two exceptionally rare Russian Fialka M-125 cipher machines.

The codename Fialka is Russian for Violet. This machine was top secret until the end of the 90's and little was know about this cold war era machine. Tom has done a great job, as usual, in gathering information and documenting this interesting machine.

Although similar to the German Enigma machine, it's a 10 wheel rotor machine, printing the ciphertext on paper and simultaneously punches a 5 level characters tape. It's keyboard has a Cyrillic alphabet. The Fialka has alternately counter-rotating rotors and a card reader for punched paper cards, used to set internal coding parameters. Another special feature are complex rotors with adjustable wirings. For the first time ever, detailles of this magnificent and top secret machine are published on the web.

On Tom's site, you find an a large number of magnificent and very detailed photographs of the Fialka and inside of the machine. Tom is also a dedicated Enigma cipher machine collector, and has documented a large number of those wonderful machines. 

 

You can visit his main page, the W1TP Telegraph & Scientific Instruments Museums, where you find an overwhelming amount of equipment and instruments. He's always searching for new things to buy or sell. If you still have an Enigma in the cellar, I'm sure he would like to hear from you.

Another very good source for information about the Fialka M-125 cipher machines is SAS- und Chiffrierdienst (in German) on Fialka.

Heaviest telecom satellite ever launched

iPStar 1 - Thaicom 4

Today, an Ariane 5 pushed a 6.5 tons heavy communications satellite into space. This is the heaviest telecomms satellite ever into geostationary orbit.

The satellite was launched from the European Space Agency spaceport in French Guiana.The big bug is called Thaicom 4 and has 87 Ku-band transponders and 10 Ka-band transponders for broadband communications applications.

Thai Shin Satellite Plc (now Thaicom) will offer internet access services for Asia, Australia and New Zealand. To keep your surfing skills up tempo, he has a capacity of 45 Gbps, a substantial little bit faster as the cable modem in your cellar.

Instructions for Submarine Emergencies

The following instructions will guide you through the worst submarine crisis situations. Please follow them carefully if your Sub is pinned down at the bottom of the ocean.

1. Do not, I repeat, DO NOT open windows or hatches to scream for help. Incoming water could ruin your shoes. If you do open anything, keep your mouth closed.

2. Use a heavy object to knock on solid surfaces like doors, frames or the floor. Do not knock on torpedoes. If you do knock on a torpedo, close your ears.

3. After not reporting to naval command for 2 hours, they will start a search for you and your 24 nukes. Do not panic, you have air for 5 days.

4. If you're in a Russian submarine, after not reporting to naval command for 5 days, they will start a search for your 24 nukes. Do not panic, you have air for 2 hours.

Jokes aside, how do you actually call for help when you're pinned down at the bottom of the sea? Well, the rather disturbing answer is: you can't! When submerged, there are no possibilities to communicate with surface ships or naval command.

What means of communication Submarines do have? If they are on the surface, they can use radio equipment, just like any other ship. Although short wave HF radio can be used, modern subs use satellite communication to keep contact. With VLF, 3 to 30 Khz, the Subs can receive up to a depth of 20 meters (60 feet). If it is required to stay in deeper water, a communications buoy on a cable can be deployed, until a depth of a few meters. If you're in deeper water, or have no buoy, you have a problem.

Until 2004, the US subs could receive messages through Extreme Low Frequency (ELF) transmitters, ranging from 3 to 300 Hz. The transmitters use extremely large coastal underwater antenna's, 20 to 40 Km wide. You need a power plant to feed these monsters.

Obviously, they can only send messages to you. You cannot send anything back, since you don't carry such large antenna's on your Sub. Due to the extreme long wave length, transmission rate is very slow. Only a few character per minute. The system was normally used to call the Sub to the surface, and continue communication with radio or satellite. Unfortunately, the US abandoned this system and the antennas were dismantled in 2004.

So, Houston, we now have a problem...

However, Frode Weierud pointed me to something totally new and interesting, the SEADEEP blue and green laser. More at QinetiQ North America. Here's more about submarine communications.

By the way. The Russian mini-sub was strangled in a top secret submarine warning system antenna. Well, they can sleep on both ears, the warning system works extremely well. The whole world knows a sub was there.

Integrity Under Attack

Crime footage or fake?

On Matt's Cipher Text blog, you can read about a speeding motorist, getting off the hook because MD5, used to secure the camera images, has a weakness. According to the defense, MD5 was discredited. How far will they take this in court?

These days, most imaging is done digitally. Most times, there isn't even encryption or signing near to it. How can we trust the video surveillance camera of a hold-up? Or pictures, taken on a stake-out? How do you catch the hooligans, you filmed on football riots (I know, hooligans are unknown to Americans ;-) One could always discuss the value of the evidence.

It's an old problem, tampering photographs and other stuff. Since digital multimedia has entered the playground, it's easy to create false stuff. Everyone can forge a file or e-mail, although digital photographs are harder to tamper with. We're advancing to a world where everything is digital, and nothing can be trusted any more, unless you have solid systems to protect integrity. That's were cryptography comes in handy...if it's accepted by law.

Does this means that, in the future, integrity, evidence and thrust will depend on strong encryption. And who will have access to strong, by law accepted, encryption? Who shall define which integrity systems are accepted by law? Politicians? The Judge? NSA?

I hope we don't go to a future where the criminals get away with everything, and the man in the street can't sue the state, because not having the required integrity check or hash algorithm for the evidence. Read the ruling of the Australian court on speed cameras.

Lots of question to solve...

Privacy With Questions

Our freedom friend George W Bush informed us last week that the national emergency regarding export continues, due to the terror threat. Just another way to say they want to control all export, also cryptography, still regarded as a dangerous weapon! In the UK you can use that crypto weapon freely, but the British sheriffs wanna have their finger on Your trigger. Total privacy, until the police ask you to handover the keys. Sounds familiar.

Clipper chips with government decoding keys integrated, key sharing etc etc. Which part of the word privacy don't they understand? Ofcource, why wouldn't you give your keys, you've got nothing to hide, no? Today's friends could be tomorrows enemies, and vica verse. If politics change, so can change the definition of how terroristic your ideas or opinion are. I believe that privacy should stay privacy. Period!

They won't combat terror by these violations of privacy. The 9/11 hearings showed that the steganography, used by terrorists, was a urban legende. Confiscated Al Qaida instruction manuals showed a preference for secure man to man hand over of messages. They distrust encryption because they recognize NSA's capabilities. "Hey Sir Moustafa, could you please give the keys for the messages you have send to Afghanistan?". "Oh yes Mr Police man, right away!"...Come on, forget it! I hope they don't shoot him first, before asking the keys.

As Phil Zimmermann, the privacy activist puts it. If you outlaw encryption then only outlaws have encryption.

Obesitas Cryptologicas

In our world of always more, bigger and faster, we seem to overconsume in all aspects of life. If you wake up and go to sleep with junk food, you grow fat, slow and get serious health problems.

Same thing with computers. A few millennia ago, my Commodore C-64 was stable as a rock. But as computers got faster and bigger, we just fed them with larger and faster programs, again and again. Until he starts blurping. The same evolution can be observed in cryptography. I call it Obesitas Cryptologicas.

Only 25 years ago, we were told to limit the data before encryption. Hagelin machines were very popular, and things were done by hand and were slow. Time was no issue, those who could buy a Hagelin device didn't had to look at time costs. Limiting the encryption length was also limiting possible cryptanalysis.

As our PC's grow fat, we fed them with all kinds of overweight documents, spreadsheets and other totally redundant data. So we required bigger PC's, to fed them again with oversized files. Were we used to squeeze 200 letters of text into a 100 letter cryptogram, we now put 200 words in a magnificent but ugly fat document of 200 KB. Redundancy overkill.

The problem is that cryptanalysts love fat messages. They know exactly how the fat (read redundant file structures, data, etc) looks like. So, instead of having to look for cribs, they almost have nothing else but cribs. As computer encryption developed, the NSA guys probably started using Prozac.

 

But now they are happy again at NSA. I'm rather confident that the NSA cryptologists are having a ball, with that flood of junkfood data, providing their statistics guys with an obese amount of cribs. Obesitas Cryptologicas can cause serious problems to you. Fat kills, always!

Numbers Stations

Those one-time pads remind me of strange and spooky radio broadcastings I used to hear when sweeping through shortwave frequencies back in the 80s. Unknown stations transmitted groups of four or five numbers or letters, sometimes male, female or child voices, sometimes in Morse code. The voices often in German, Russian or Spanish, but also in English, appeared for a few minutes and disappeared again.

The letters or numbers are messages, send to secret agents or spies in the field, encrypted with the one-time pads. The reasons are obvious. Shortwave stations are hard to locate, because of the many reflections they create in the atmosphere. Figuring out who is receiving the message is impossible. Why one-time pads? Because they are unbreakable and easy to carry around, without being noticed. They are ideal for field encryption purposes. This is still the case today, where security and easy use without special encryption devices is important.

Most of these numbers stations were active during the Cold War, in Germany, former Sovjet countries, South-America and Cuba, but also on different locations in the US and England. Although the end of the Cold War brought a significant decrease in transmissions and broadcast locations, they still appear, mostly in digital modes or Morse. You can listen to some recordings and find more details on how these stations operate on my Numbers Stations page.

Some enthusiastic radio amateurs still monitor and record these transmissions. If you want to taste a bit of this spooky secrecy, or track HF numbers stations yourself, you should visit Enigma2000 or Numbers & Oddities.

Is One-Time Pad Encryption History?

I came across an article about one-time pads on Bruce Schneier's newsletter. He says that, although it's the only provably secure crypto system we know of, it has no future. He argues that one-time pads turn a message security problem into a just-as-difficult key distribution problem.

This is correct, assuming we don't want to be occupied with running around with briefcases, handcuffed to our wrist. And indeed, there is no need to go through all that trouble. We now have asymmetric public key algorithms, based on factoring large primes. They securely protect the message key of the symmetric encryption, used to encrypt the data. But there's a problem.

Although it has taken lots of time, defactoring (limited) primes is possible and already done. Imagine what would happen when someone finds a mathematical shortcut for the factoring problem, or a hardware solution, speeding up the process, as expected from quantum computers? Imagine a world where asymmetric encryption no longer resists against maths, or any symmetric cipher is brute forced within minutes?

One-time pads would be the only solution, although a very expensive one due to the key distribution problems. It's a bit like using Morse code on radio. Several armed forces abandoned Morse. Yes, it's stone-age technology, and one can say it's ridicules in these Megabit-rate days of data communication. And what do we see now... we start teaching Morse again to Army signal operators. When things go bad, Morse is the only system getting across, all others failing. So, I think we should never throw away those solid systems like one-time pads too fast.

One-time pad gained a reputation as a simple yet solid encryption system with an absolute security which is unmatched by today's modern crypto algorithms. Whatever technological progress may come in the future, one-time pad encryption is, and will remain, the only truly unbreakable system that provides real long-term message secrecy. Here's more detailed information about one-time pad.

Secret Nazi Messages Decoded

Gen. Friedrich von Rabenau
Murdered by the Nazis

Many of Adolf Hitler's enemies were found within his own ranks. Some of his most important senior officers were members of the Wiederstand, the secret opposition against Nazism, or could not accept Hitler's policy. After the attempt to assassinate Hitler, many of them were arrested. Some of them were executed instantly,

Field Marshall Rommel, the dessert fox, was forced to commit suicide, and others were transported to concentration camp Flossenburg. On April 8, 1945, Admiral Wilhelm Canaris and General Hans Oster, the highest officers of the Abwehr (German Secret Service) and several others were executed by the SS. On April 15, General Friedrich von Rabenau was executed. Since many of them were very high placed and well respected, these executions were kept secret.

Frode Weierud and Geoff Sullivan, two members of the Crypto Simulation Group (CSG) are busy breaking a large number of secret messages, encrypted with the famous German Enigma cipher machine. Amongst those messages they found secret correspondence between Berlin and camp Flossenburg. It is by decoding these messages that they found the true story on the executions and how the SS tried to cover up things.

The historically important Flossenburg Messages and some decrypts are found on Frode Weierud's Cryptocellar. If you would like to try decoding some messages with the secret machine key settings, retrieved by CSG, you can download my Enigma simulator or one of the many Enigma sims on Frode's Crypto Cellar.

Top Secret Hiroshima Documents Released

The "gadget" on the test tower.
Source: US Department of Energy

Frode Weierud has send me a great heads-up about recently declassified documents at the National Security Archive. They have a comprehensive collection about the use of the first atomic bomb contains top secret material about meetings, decisions about targets selection and intercepts of Japanese messages.

The documents should help readers to make up their own minds over such questions as whether the first use of atomic weapons was justified, was necessary to get Japan's surrender, and didn't had President Truman alternatives to the use of atomic weapons.

These documents show why and how Hiroshima and Nagasaki were selected as target, the issue of unconditional surrender, meetings with Japanese diplomats, the first nuclear tests and other details of the Manhattan Project, the opposition of using the bomb by the scientists, minutes of meetings on top level, translations of decoded Japanese diplomatic messages (MAGIC), reports from the bombing of Hiroshima and Nagasaki, damage reports and photographs, and much more.

There's also a fascinating description of the first ever test with a nuclear bomb (pdf). This detailled report from inside the test bunker shows not only the technical aspects, but also the impressions and reactions of the those in the bunker. See also images from the US.Department of Energy of the Triniti test site in New Mexico.

If you want to have an opinion on the first use of nuclear bombs, read this first hand information. All the documents can be found on the National Security Archive. Don't miss it!

Enigma Cipher Machine

Visit the Enigma Sim page

About a year ago, I first published my Enigma simulator on on Tom Perera's fantastic Enigma Museum and Frode Weierud's Cryptology Cellar. I noticed that the upload links were traveling around the world, so I decided to create the Cipher Machines and Cryptology website.

Since then, Enigma Simulator became known in all corners of the world, and I received kind comments about the software. History is here to share, and I therefore wrote the sim and made it available as freeware. Everyone should be able to learn about that great and exciting story. I hope it inspires many to get interested in cryptology and the world of ciphers and codes, by using this sim on exactly the same way the German soldiers did.