Skip to main content

Featured Post

Backdooring Cryptography - Two characters that break your SSL encryption

In this article, we demonstrate a subtle but devastating backdoor in finite-field Diffie–Hellman. By computing public keys modulo $p^2$ instead of $p$ while restricting the secret exponent to $x \leq p-1$, the discrete logarithm becomes efficiently recoverable using Fermat quotients. We show the full derivation and provide a working Sage implementation. Backdoors are always bad — but they are catastrophic when they are embedded in a fundamental primitive like Diffie–Hellman key exchange. If your browser shows a green lock, you assume your connection is secure. But what if the implementation of Diffie–Hellman contains a tiny change that looks harmless in code review — and yet allows an attacker to recover the private exponent in milliseconds? In this post I’ll show a nasty little backdoor that requires only a tiny modification: using a modulus of $p^2$ instead of $p$, while keeping the secret exponent bounded by $p$ This ...
Post a Comment

The Dorabella Cipher (Part 2)

Elgar seems to have been so familiar with his cipherbet, that he even was able to quickly write some notes or annotations. Which means, that he either learned this cipherbet by heart or he could quickly deduce the corresponding cipher symbol from a given letter. And if so, why shouldn't it be possible that he quickly writes to Penny the more or less irrelevant note

  "P.S. Now drocp beige weeds set in it – bure idiocy – one endtire bed! Luigi Ccibunud lu'ngly tuned liuto studo two."

or reinterpreted 

"P.S. Now droop beige weeds set in it - pure idiocy - one entire bed! Luigi Ccibunud luv'ngly tuned liuto studo two."

as Tim Roberts solution suggests? In Figure 1 one can the three Pigpen circles for his solution.
Figure 1. The Pigpen circles for T. Roberts solution.
The red marked letters indicate symbols that are not used in the Dorabella cipher. Of course, he did not use this representation but used the key setence "LADY PENNY, WRITING IN CODE IS SUCH BUSY WORK", but this is how it would look like.

Figure 2. The cipherbet of Roberts (borrowed from www.ciphermysteries.com)
Applying this cipherbet to the Liszt-Fragement yields gibberish, which is not surprising, since he seems to (if Roberts is right) have chosen a special version for this Dorabella cipher.

To be honest, the chances that Robert's recovered plaintext is wrong are almost negligible. If a simple monoalphabetic substitution of a ciphertext yields not only English words, but in a meaningful order, then it is hard to believe that it is just a coincidence. There are so many letter dependencies in the text that it has to be correct somehow.

So, albeit i think it is overall the correct solution, it still bothers me that there are some shortcomings in its explanation.

In 1896, the Pall Mall Magazine published a code challenge, said to be "uncrackable", which finally was solved by E. Elgar. It was the Nihilist cipher and he was so proud of his solution that he painted it later on a wooden floor. He explained the solution on a set of nine cards (the Courage card set). On the first of these cards he drew the symbols:
Figure 3. The symbols from the Courage card set. Order unknown.
I am not sure if the order is correct. Since this is a full rotation of the 3-cusps symbols concatenated with the two other symbols in upright direction, its hard to believe that this encodes a word. What could have be his intention to draw this symbols on that card set?


Labels:

Comments

  1. Vedran3/04/2015 02:26:00 PM

    While Tim's 'solution' is tantalizing, the method he uses is too flexible and that flexibility opens up many more possible solutions. It's unlikely that it's correct.
    Personally, I think we stand little to no chance of deciphering the message. It is almost positively not a mono-alphabetic substitution cipher (it completely fails on all the best known decryption algorithms),
    and it's highly unlikely that Elgar thought the recipient had the skills to decipher anything more complex than that.
    My guess is that the solution is very simple, but requires very specific information that Elgar assumed Dora would remember, or it is just a simple tease (with no solution at all)...but who knows.

    ReplyDelete
  2. Laurel3/20/2025 08:47:00 AM

    It's fascinating how Elgar was able to decipher complex codes like Nihilist and potentially apply similar skills to the Dorabella cipher.

    ReplyDelete

Post a Comment

Popular posts from this blog

Kryptos - The Cipher (Part 4) - Correctly positioned decryption of the word BERLIN

EASTNORTHEAST - This is not exactly the hint Jim Sanborn (JS) gave for K4 on the 29th of January this year. He only gave NORTHEAST - which refers to the positions 26-34 of K4's plaintext.  Beside BERLIN and CLOCK it is the third revealed plaintext word of K4. However, also this hint does not seem to help much.  However, it just so happened, that a member in the yahoo kryptos group had a conversation with Jim Sanborn due to a submitted solution. Sandborn's answer to the question contained again the last clue which surprisingly was EASTNORTHEAST at position 22-34. Jim Sanborns compass rose at CIA There is disagreement if Jim revealed this on purpose or he did it accidentially, but the new extended clue seem to be serious and valid.Interestingly, EASTNORTHEAST is exactly the direction which is illustrated on the compass rose on one of the stones around kryptos, also created by Jim Sanborn. Actually, i dont really kn...
116 comments
Read more

Kryptos - The Cipher (Part 1) - Introduction

Introduction. Since I think that KRYPTOS does not need any introduction, I will only give you a brief description of one of the most famous and only partially solved ciphers known today: KRYPTOS - Von Jim Sanborn - Jim Sanborn, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=8253447 KRYPTOS was constructed in Nov. 1990 on the ground of the CIA Headquarter in Langley, Virginia by Jim Sanborn It contains 4 ciphers (K1,K2,K3,K4) on its left side and some kind of Vigenère-Table on its right side K1, K2 and K3 were solved by James Gillogly in 1999. Afterwards, the CIA and later the NSA claimed that they had a solution to the first three ciphers at an earlier point in time Ed Scheidt, a cryptoanalyst and former director of the CIA, gave Sanborn the input of possible cryptographic techniques to use K1 is a variant of the Vigenère-Cipher (Quagmire 3) with the codewords KRYPTOS and PALIMPSES...
7 comments
Read more

Kryptos - The Cipher (Part 3) - K4 Intentional vs. non-intentional errors

This post is about is more or less a collection of several approaches and facts that has been said as well as some speculations. B-ary integer representation According to [1] during a Question and Answer round, Jim Sanborn was asked again about the hint BERLIN. The question was if N decodes to B, Y decodes to E, etc, etc. and Jim confirmed it does. Emphatically . It is written, that Jim Sanborn rattled through the entire crib: \begin{align}   \texttt{N} &\stackrel{\text{decode}}{\rightarrow} \texttt{B} \\   \texttt{Y} &\stackrel{\text{decode}}{\rightarrow}  \texttt{E} \\   \texttt{P} &\stackrel{\text{decode}}{\rightarrow}  \texttt{R} \\   \texttt{V} &\stackrel{\text{decode}}{\rightarrow}  \texttt{L} \\   \texttt{T} &\stackrel{\text{decode}}{\rightarrow}  \texttt{I} \\   \texttt{T} &\stackrel{\text{decode}}{\rightarrow}  \texttt{N} \end{align} When the same q...
1 comment
Read more