Skip to main content

Posts

Featured Post

Ed Scheidts Mayan Symbols - Can we solve the puzzle?

In this post I want to talk about a thing from the Kryptos universe that are not directly related to the statue. But i think it may be an indirect hint to some Kryptos related methods. The Mayan Symbols in Ed Scheidts driveway I think everyone who knows Kryptos knows Ed Scheidt. The former Chairman of the Cryptographic Center at the CIA and founder of the cryptosystems used around the Kryptos statue. As already shown in Part 4 of my Kryptos series, in the driveway of Ed Scheidts house, there are two symbols: Figure 1 - Garage driveway of Ed Scheidt We denote the left symbol set with $S_1$ and the right one with $S_2$. It took me a while to find his house on Google Maps - Street View. To save you some time, here is the link with a view on the driveway. I you go back in time in Streetview, you can see that the symbols were already there in 2012. But it is impossible to say when they were built. $S_1$ is clearly visible from the street, $S_2$ is hidden in the view. But you can u...
12 comments
Read more
Recent posts

Three easy-to-miss mistakes that silently break cryptosystems

Most broken cryptosystems do not fail because the underlying mathematics is wrong. They fail because a seemingly harmless implementation choice quietly destroys the hard problem the scheme was supposed to rely on. In this post, I show three examples of exactly that: a Diffie–Hellman setup with weak primes, a matrix-based variant that leaks the exponent through Jordan blocks, and an elliptic-curve implementation that skips the point-on-curve check and can be tricked onto a malicious curve. None of these failures look dramatic at first glance. That is exactly why they are dangerous.
Post a Comment
Read more

The Dorabella Cipher (Part 5) - Is it a hoax?

There are some arguments that the Dorabella Cipher is actually not a real cipher, which are based on the existence of long strings of consecutive symbols with pair-wise different number of semi-circles. Using theory and practise i will show that this is actually not as suspicious as it may seem but it indeed maybe a hint that something is fishy. T here’s an argument that the Dorabella Cipher may not be a real cipher at all. The main reason given is that it contains long stretches where the number of semicircles alternates: adjacent symbols never have the same semicircle-count. In this post I’ll test whether that pattern is actually as suspicious as it sounds.The Dorabella Cipher has remained unsolved for about 130 years. While looking for recent discussion and solution attempts, I went well beyond the first page of Google results and found several excellent deep-dive blogs. One post on ...
Post a Comment
Read more

Backdooring Cryptography - Two characters that break your SSL encryption

In this article, we demonstrate a subtle but devastating backdoor in finite-field Diffie–Hellman. By computing public keys modulo $p^2$ instead of $p$ while restricting the secret exponent to $x \leq p-1$, the discrete logarithm becomes efficiently recoverable using Fermat quotients. We show the full derivation and provide a working Sage implementation. Backdoors are always bad — but they are catastrophic when they are embedded in a fundamental primitive like Diffie–Hellman key exchange. If your browser shows a green lock, you assume your connection is secure. But what if the implementation of Diffie–Hellman contains a tiny change that looks harmless in code review — and yet allows an attacker to recover the private exponent in milliseconds? In this post I’ll show a nasty little backdoor that requires only a tiny modification: using a modulus of $p^2$ instead of $p$, while keeping the secret exponent bounded by $p$ This complete...
Post a Comment
Read more

Counting Points on Elliptic Curves - Part 1 - Easy Cases

For decades, elliptic curves were regarded as beautiful but highly theoretical objects. While elliptic curves over finite fields naturally form groups, one fundamental problem remained computationally difficult: counting points on elliptic curves . In particular, determining the exact size of the group \( E(\mathbb{F}_p) \) was infeasible for general curves. Before the mid-1980s, counting points on elliptic curves was practical only for very special families, such as curves with complex multiplication. This severely limited their cryptographic applications. Early public-key cryptography therefore relied instead on multiplicative groups of finite fields, where the group order is easy to compute. Everything changed with Schoof’s algorithm. For the first time, it showed that counting points on elliptic curves over finite fields can be done in polynomial time. This breakthrough removed a major barrier to using elliptic curves in cryptography. Today, efficient point counting is ...
Post a Comment
Read more

Kryptos - The Cipher (Part 6-b) - A hidden word in K2

A hidden word can be extracted from the Kryptos K2 cipher — possibly inserted intentionally by Jim Sanborn. Could this reveal a clue about Kryptos K4, or is it simply a coincidence? In Part 6-b, i want to show another finding from years ago, which probably many people didnt know. It is about K2. Below you see on the left the ciphertext (I) as it can be found on the Kryptos statue. Decoding it with "ABSCISSA", yields the plaintext (I) on the right.
1 comment
Read more

Kryptos - The Cipher (Part 6-a) - The Kryptos Mini Sculpture - Sanborns' Proof-Of-Concept

During the Christmas period, I spent many hours reading news articles and forum discussions about Kryptos. I reread some of the old topics on the Yahoo Kryptos Group. It is always surprising to see the findings from many years ago that have somehow been forgotten. I don't mean they're forgotten, just not on the current radar. Especially three topics raised my attention: The Pre-K, i.e. Mini Kryptos Sculpture The reveal of the word ASTATOS in K2 Methods to generate the first key PALIMPSEST for K1 In this post, I want to show how these topics might be connected. This post covers the first of the three points, Parts 6-b and Part 6-c follow the next days.
2 comments
Read more

The Diffie-Hellman Oracle

One of the most charming things about modern cryptography is that it often rests on questions we still don’t fully understand. Even after decades of research, some of the most central assumptions — the kind that protect millions of TLS handshakes every second — remain only partially mapped. A perfect example is the relationship between two cornerstone problems in cyclic groups: the Discrete Logarithm (DL) problem and the Computational Diffie–Hellman (CDH) problem. At first glance, DL seems clearly stronger than CDH. If you can solve discrete logs, you can obviously solve CDH: given $g^x$ and $g^y$, you recover $x$ and $y$, and then compute $g^{xy}$. The reverse implication is where the mystery begins. Suppose you had access to a machine — an oracle — that, given $(g^x,g^y)$, instantly returns $g^{xy}$. Could you then use this ability to compute discrete logarithms efficiently?
Post a Comment
Read more