THE VIEM FROM ACROSS THE POND AN INTERVIEW WITH THE GENEVA MANAGEMENT GROUP

We consider the use of genetic algorithms (GAs) as powerful tools in the breaking of cryptographic systems. We show that GAs can greatly facilitate cryptanalysis by efficiently searching large keyspaces, and demonstrate their use with GENALYST, an order-based GA for breaking a classic cryptographic system.     

History and Modern Cryptanalysis of Enigma's Pluggable Reflector

The development history of Umkehrwalze Dora, Enigma's pluggable reflector, is presented from the first ideas in the mid-1920s to the last development plans and its actual usage in 1945. An Enigma message in three parts, enciphered with Umkehrwalze Dora and intercepted by the British on 11 March 1945, is shown. The successful recovery of the key of this message is described. Modern computer-based cryptanalysis is used to recover the wiring of the unknown “Uncle Dick,” which the British called this field-rewirable reflector. The attack is based on the known ciphertext and plaintext pair from the first part of the intercept. After recovery of the unknown reflector wiring and the daily key, the plaintext of the second part of the message is revealed.     

James Sanborn’s Kryptos and the matrix encryption conjecture

James Sanborn’s sculpture, Kryptos, commissioned by the CIA, consists (in part) of four enciphered messages. These have attracted a tremendous amount of attention, and only the first three have been solved. In the present article, the authors provide a brief summary of each cipher and examine evidence that the fourth makes use of matrix encryption. They also provide results of brute force attacks for the 2 × 2 and 3 × 3 cases. Sanborn’s latest hint was of great value in testing these possibilities. Room for further testing is indicated for those wishing to continue the attack.     

A practical distinguisher for the Shannon cipher

In this paper, we present a practical linear distinguisher on the Shannon stream cipher. Shannon is a synchronous stream cipher that uses at most 256-bit secret key. In the specification for Shannon, designers state that the intention of the design is to make sure that there are no distinguishing attacks on Shannon requiring less than 2⁸⁰ keystream words and less than 2¹²⁸ computations. In this work we use the Crossword Puzzle attack technique to construct a distinguisher which requires a keystream of length about 2³¹ words with workload about 2³¹.     

对8轮mCrypton-96的中间相遇攻击

在分析分组密码算法的安全性时,利用密钥关系来降低时间、存储和数据复杂度是一个常用的手段.在4轮mCrypton-96性质的基础上,利用密钥生成算法的弱点和S盒的性质,降低了攻击过程中需要猜测的密钥比特数,提出了对8轮mCrypton-96算法的中间相遇攻击,攻击的时间复杂度约为2+{93.5}次8轮mCrypton-96加密运算,存储复杂度为2+{47}B,数据复杂度为2+{57}个选择明文.     

Ciphertext-only cryptanalysis of Hagelin M-209 pins and lugs

The Hagelin M-209 was a mechanical encryption device used by the U.S. Army during World War II and the Korean War, as well as by other armies and in embassy settings. In this article, the authors present a four-stage hillclimbing algorithm for recovering the full key settings from ciphertext only. The first two stages are based on a divide-and-conquer approach developed by Geoff Sullivan. In the current performance evaluation, the authors show that their method is able to recover key settings from messages as short as 750 letters, compared to 2,000 – 2,500 letters with prior methods. With this method, they solved several M-209 ciphertext-only challenges, including the final exercises in W. Barker’s 1977 book, Cryptanalysis of the Hagelin Cryptograph.     

Modern breaking of Enigma ciphertexts

“Breaking German Army Ciphers” is the title of a Cryptologia article from 2005, describing the lucky survival of several hundred authentic Enigma messages of World War II, and an account of a ciphertext-only cryptanalysis of a large number of these messages, leaving only a few (mostly short messages) unbroken. After reviewing the work done, and investigating the reasons for both lucky breaks and close misses, the modern ciphertext-only attack on Enigma messages is improved, especially on genuine ones with short lengths and/or many garbles. The difficulties of a proper measure for the candidate’s closeness to a plaintext are clarified. The influence on the decryption process of an empty plugboard and one with only a few correct plugs is examined. The method is extended by a partial exhaustion of the plugboard combined with an optimized hillclimbing strategy. The newly designed software succeeds in breaking formerly unbroken messages.