2

In a recent press interview, a former terrorist of the 1970s described the cipher his group used to communicate. He claimed that method was unbreakable and I wonder if cryptographers today would agree. Here is how it functionned:

  • Take two identical books (same edition): one for the sender, one for the recipient.

  • Each sign - one could include spaces between words as signs - is encoded as follows:

(page number) (line number) (number of character on the line) (random number)

  • additions, subtractions, multiplications or divisions of certain agreed value in a certain order are then applied. For example, 357 could mean:

(page number*3) (line number -5) (character number +7)

  • This means that negative values can be created, especially if the substraction value is in the double digits

A software script for such a cipher would be I think relatively easy to design. Also, the agreed values of the operations in step 2 can be changed anytime so the same base text can be reused.

Bottom line, it means for example a single 7-letter word would produce a string of 28 numbers, of various lenghts and some negative values or decimals or fractions perhaps - depending on what values are used for the operations.

what is your opinion on this method?

dingowens
  • 21
  • 3
  • How did he choose (page number), (line number), (number of character on the line) and (random number)? – Paul Uszak Sep 28 '17 at 16:07
  • He mentioned no specific procedure for that. I assume he just flipped through the book more or less at will and picked one sign per page. I experimented doing this and it's fairly quick to do by hand. As for the fourth value, never use the same random number twice and pick it so it does not stick out like a sore thumb with too many digits. – dingowens Sep 28 '17 at 16:11
  • 4
    This is a book cipher, which relies more on obscurity than security. Know what book they use and it's near to broken… also see Kerckhoffs' "assume the enemy knows the system". TL;DR: from a modern cryptographic point of view, it's insecure (and can be broken rather quickly assuming the needed resources are available). – e-sushi Sep 28 '17 at 18:28

4 Answers4

5

Book ciphers are well understood and this seems like a fairly minor variation. Following Kerchoff's Principle we separate the key being the book and the arithmetic operator and numbers and the rest. Picking a random number for fourth position makes no difference in this regard. But even if we let that be a secret to it makes little difference. Humans are lousy at picking random numbers and this will be apparent.

Multuplying by a constant is also a really bad idea. It will be very quickly apparent all numbers in a certain position are a multiple of constant and will be devided by it.

Subtracting or adding a number from row or character number will also be apparent after collecting sufficient data by observing the skewed range. such an addition will be slightly harder regarding page number due to higher cardinality of page numbers but won't necessarily be an issue see next.

Humans doing a poor job picking random numbers. Many people who use book ciphers flip forward a bit from where they are or start reading from the start of the page. This means rare letters will require on average more skipping forward leading to some leakage.

Also the book itself may be selected from a limited set of books can make the book itself guessable. Given a large library of online books brute forcing such a cipher isn't all that difficult.

If you do not want to mark the book making it physically obvious it is a cipher key it is difficult to prevent repetitions when randomly selecting characters.

If the book is considered a secret not chosen from a limited selection available at your local book store for instance and the person using it picks a random starting point in the book for each letter and seeks the next matching one and marks off each used letter to prevent duplicates then it is a fairly secure cipher even without the additions described.

In reality most book ciphers have been and will be broken.

Meir Maor
  • 11,835
  • 1
  • 23
  • 54
  • 1
    I see. If the numbers are run through a divisor/multiplicator calculator, their common denominators - the agreed operators- will show up right away. So too with addition and substraction. This reveals the three number sequence (page/line/character) and makes the fourth value pointless. This in turn leads straight to the identification of the cipher type it is: book cipher... – dingowens Sep 28 '17 at 18:08
2

Actually, the security of book ciphers is relatively rubbish compared with contemporary symmetric key cryptography. Some people think that just because there are a lot of books in their local library, any cipher using them must be ultra secure. Not so. Simply performing a fag packet calculation demolishes this argument...

The key is the book. That's it. Assume 200 million individual books in the world (updated Google estimate). It's pretty unlikely terrorist man had access to an original copy of the Dead Sea Scrolls or used 14 New Java Design Patterns. You can hugely reduce the possible range by excluding books that terrorist man couldn't practically acquire. Allow for edits /versions by multiplying by 1000 to be super safe(!)

That's a key space of only log2(1000 x 200e6) = 38 bits.

If I organised terrorist acts via 38 bit keyed encryption on this forum, I'd be severely down voted. The fallacy is that humans cannot readily comprehend very large numbers. When walking down the street on a rainy day, 200 million is exactly the same size as 16 quadrillion. A lot. Cryptography relies explicitly on very large numbers and gets it's security from them. Just because my granny can't easily distinguish between the security offered by 256 bits of AES key versus 38 bits, doesn't mean that such gradations don't exist. Most of the terrorists I know can't do maths. Those that can are bankers.

Paul Uszak
  • 15,390
  • 2
  • 28
  • 77
1

The worst thing about book ciphers is that there are so many books in the world. And assuming that you can check every book in the world, every edition, etc, (you can't) the thing is that book ciphers can be applied to so many different things.

You could write a private essay and give a copy to a friend, and no one checking books can break it. You could dowmload a song and opent it as a $\text{.txt}$ file in Notepad, and use that. The thing is, there are a very high number of documents/files that can be used for such Ciphers, and it takes time.

They're basically a OneTimePad, in that just like you can't be sure of the key in an OTP, you can't be sure of the book in a Book Cipher.

See the Beale Ciphers

DynamoBlaze
  • 107
  • 4
  • Since only one of the three Beale cipher pamphlets has been decoded, and since there is a good chance the two undeciphered pamphlets are merely gibberish (read: part of a hoax), I'm not sure they're a good pointer to underline your otherwise nice answer. – e-sushi Sep 30 '17 at 09:46
  • Today however, a book is also relatively small file. If a full list of coordinates of characters of a given text can be generated, out of which the software picks every character you type in and then does the second layer operations (rather than just multiplying, it could do an operation of the type " x +y" or "+x y", whose values x and y have been agreed in advance), that could be a good cipher, would it not? Especially if after using the coordinates, these are immediately deleted so as not to be used again. Alternatively, the second layer operations would gave to be varied over time. – dingowens Sep 30 '17 at 09:53
  • @dingowens True, that. However, the asker was very... concerned about books, so... that's why I didn't mention that. – DynamoBlaze Sep 30 '17 at 09:59
  • @e-sushi Yeah, but the fact that the Second on has been decrypted provides moderate evidence that they are not a hoax. Also, it was to show that there can exiist such ciphers, not that they do. – DynamoBlaze Sep 30 '17 at 10:00
  • As for the beale cipher (interesting case), for the first cipher I would try the US Constitution as a key. If the Declaration is a basis for cipher 2, it would stand to reason. Or even Stevensons "treasure island" - which would on the contrary tend to prove the hoax. – dingowens Sep 30 '17 at 10:06
  • @dingowens US Const. as key has been tried as key material on those two remaining pamphlets … same for several Bible versions etc. Result: negative. – e-sushi Sep 30 '17 at 10:09
  • @MalayTheDynamo …it was to show there can exist such ciphers, not that they do. That makes sense. I didn't immediately catch that as the intended perspective for your linking to the Beale cipher(s). Now knowing/understanding why you linked to them: +1. Thanks for the clarification. Much appreciated! – e-sushi Sep 30 '17 at 10:15
-2

Whenever I read the critique of book ciphers I usually wince at the claim that all of the available texts of the world are available to the NSA or other serious people and hence the obscurity of the text is no longer a defence. On the other hand there is nothing to stop 2 communicators from saving 10,000 pages from 10000 random websites in a single snapshot.

And then randomly ordering those 10,000 pages into nothing resembling their sources.

The original web sources will deviate from the saved text over time as well and good luck with finding them on the internet wayback machine which doesn't save deeper pages.

Provided each character was eliminated at each use, I see no reason why this can't be as practically secure as a OTP.

Even better, if the sites chosen change content quickly then there is no reason that the same selection of sites could not be vacuumed again, randomised again (with the same agreed method) and used again. This way there would be an endless source of random characters.

Spencer
  • 35
  • 2