1. No category

Cryptology, computers, and common sense

Cryptology, computers, and common sense
by G. E.
MELLE~
Sperry Univac
St. Paul, Minnesota
The enemy is any person or organization who takes
positive action to intercept and decrypt data to which he
is not legitimately -entitle(L'-'Enemy"thus--haS-a--di£f-e-r--ent- meaning here than in a military context, the connotation
of violence being absent.
Having intercepted encrypted data, the enemy's principal tool is cryptanalysis. "Enemy," "cryptanalyst," or
simply "analyst" are used synonymously throughout the
paper.
A code is distinguished from a cipher in that the former
employs a compact group of five letters (a "pentagram"a legacy of the Morse telegraph era) to represent a message of any desired length. For example, ALOHA might
mean "Shipment will be made Wednesday night." In a
cipher, each element of the original message (plaintext;
pt) has a counterpart in the encrypted version
(ciphertext; ct). CPPLLFFQFS might represent
boo k k e e per. Computer-oriented readers may appreciate the analogy that a code is to a cipher what a FORTRAN statement is to the corresponding function in
assembly language. The discussion in this paper is limited
to ciphers.
The paper uses the following conventions: Plaintext is
represented by let t e r spa c i n g. Ciphertext appears in
CAPITALS. The key, if litteral and not numerical, is in
italics (underscored in figures). The conventions are useful when p I a i n t ext is added to p I a i n t ext to produce key.
Another convention is the use of the English alphabet
in the examples. The reader will understand that the
underlying principles apply, mutatis mutandis, to any
alphabet whatsoever, from the 12-letter Hawaiian alphabet, to the 256-character ASCII set, to the n-Ietter alphabet of the reader's own invention.
I~TRODUCTION
Wrth_that-as. .ti:tle,. the writer ought .give at once the -meaning of the final term. Here, "common sense" is used with
double intent.
First, it is a caveat to the reader that a discourse on
computers and cryptology in the open literature is like a
"layman's guide to worldwide espionage." It simply
cannot be done. Too much is unknown. Too much
(because cryptographic matters are exempt from automatic declassification) will never be known.
To the extent, then, that the author of such a paper
requires a degree of chutzpah to attempt it, to the same
extent he may ask of his readers an apprehension of the
difficulties involved, and the forebearance not to make
harsh judgment of sometimes unavoidable shortcomings.
The second meaning in which "common sense" is used
alludes to the opinion that cryptography, as it pertains to
the needs of many commercial users, is perhaps becoming
"oversold," resulting occasionally in needless expense,
operational difficulties, and a false sense of security. The
defense of this thesis is deferred to later parts of the
paper.
SOME DEFINITIONS
Data security is that technology, the objective of which
is to prevent the interception of data, whether by wiretapping, masquerading, trap-doors, or any of the many
clandestine tools of the "enemy" (see below). Data security is a technology in itself, and is not dealt with in this
paper.
Cryptology and cryptography are near-synonyms, the
former being somewhat wider in scope. Cryptography
pertains to the means used by the originator of data to
prevent the message, once intercepted, from being understood by an enemy. This is the process of encryption or
encryptment, its cryptographic complement, decryption
or decryptment, being the process used by the intended
addressee to decipher and read the message.
The over-all algorithm for encryption and decryption is
the cryptosystem, while the key refers to those unique
parameters employed in a specific application of the algorithm.
TRADITIONAL CRYPTOGRAPHY
Selected bibliography
For security reasons the bibliography of cryptography
is predictably meager. There is only one comprehensive
tutorial work in English for the pre-computer period,
Gaines' Elementary Cryptanalysis 1 Occasional tutorial
articles appear in The Cryptogram,2 the periodical of the
569
From the collection of the Computer History Museum (www.computerhistory.org)
570
National Computer Conference, 1973
American Cryptogram Association. Specialized technical
discussions of cryptographic methods are contained in
The Broken SeaP and in The Shakespearean Ciphers
Examined. 4
For the post-computer age, an outstanding tutorial
work has been published by Sinkov,5 a master of the
craft. In 1967, a remarkable book, Kahn's The Codebreakers,6 appeared. It is difficult to imagine a work on a
subject as esoteric as cryptology being definitive, but
within the confines of security, Kahn has succeeded. In
addition to extensive historical coverage, he describes in
sometimes surprising detail both past and current techniques of cryptography. Of special interest are the sections devoted to the cryptographic agencies and practices
of the major powers, incl uding the United States.
Basic techniques and some functional observations
The introduction of computers into cryptotechnology
has affected the practice but not the underlying principles
of the craft. It ,appears useful, therefore, to review certain
of these principles in order later to show how they have
evolved into the age of automation, and how, to an extent,
they have carried some of their weaknesses with them.
In kernel, there are just two ways of converting plaintext to cipher-text, by substitution and by transposition.
Regardless of its complexity, any cryptosystem can be
shown to be either an elaboration of one of these methods
or a combination of both.
The moral to be gained here is that one ought not be
awed solely by large numbers. When a data-encryption
device is promoted as having 10 XX different keys, the cautious system designer will repress the proclivity to regard
this huge number as an unchallengeable figure of merit.
It is not.
Simple substitution can demonstrate still another
aspect of language. Consider the cipher word ABCDE.
This word may be resolved into good English in more
than 6000 ways (e. g., b I a c k, g h 0 s t, etc.). The cipher
word AABCA, however, may be resolved into English in
one and only one way. There now arises an interesting
question: What is the longest simple-substitution cipher
which can be constructed, which can be resolved into
English in one and only one way? The answer applies, in
modified form, to the security of many kinds of ciphers.
Another form of pencil-and-paper substitution cipher is
shown in Figure 1. Figure I-A is an abbreviated version of
the classic Vigenere tableau. Figure I-B is the partial
tableau whiCh would be used for encrypting a
message using the key rogue (resulting in a period of
5, since the same cipher alphabet comes back into play
at every fifth pt letter). Figure l-C shows the encryption,
using rogue of the (specially chosen) plaintext;
pt:
abc d e
j kim n
0
p q r stu v w x y z
Y Z ABC D E F G H I J K L M N 0 P Q R STU V W X
Z ABC D E F G H I J K L M N 0 P Q R STU V W X Y
Substitution types
A.
Of the substitution types, the special-case Julius Caesar
is the most familiar.* Here, each letter is replaced by the
letter j places further along in the normal alphabet, where
j is a constant. The substitution is performed modulo n, n
being the number of letters in the alphabet. In the general
case of simple substitution, any letter may replace any
other letter, the substitution being invariant and usually
with no letter representing itself.
Simple substitution is trivial. On occasion, though, even
the trivial can breed insight. Under the rules of simple
substitution, there are 25! possible "keys," or roughly 1.5
X 1()25 possibilities. The magnitude of this number can be
illustrated by a computer programmed to try one key
each microsecond. At that rate the machine would take
1.7 X 10 14 years to run through the list. Even the number
needs explication. It is some 50,000 times longer than the
estimated age of the Earth.
Yet most people can solve this sort of newspaper puzzle
in a few minutes. Some can "sight-read" them, much as
an accomplished pianist plays a piece of unfamiliar
music.
g h
ABC D E F G
J K L M N 0 P Q R STU V WX y Z
BCD E G H I K L M N 0 P Q R STU V W X Y Z A
C D E F G H I K L M N 0 P Q R STU V W X Y Z A B
pt:
The Vignere Tableau. The "keT letter" is the
cipher letter under the plaintext a.
abcdefgh i j
kl m n o p q r s t u v w x y z
R STU V W X Y Z ABC D E F G H I J K L M N 0 P Q
o P Q R STU V W X Y Z ABC D E F G H I J K L M N
G H I J K L M N 0 P Q R STU V WX Y Z ABC D E F
U V W X Y Z ABC D E F G H I J K L M N 0 P Q R S T
E F G H I J K L M N 0 P Q R STU V W X Y Z ABC D
B.
The partial tableau for the keT rogue.
pt:
peter
piper
picked
a
peck
of
key:
!:~9.~~
~~9.~~
'!:'~9.~~!:
~
Q~~'!:'
~~
ct:
G S Z Y V G WV Y V G WI E IUD
pt:
pic k led
pep per s
key:
.!!~IP.2.~~
r.~~~~r.£.
ct:
V Y G BeL
J MT Y R Y H G S V J I I G
C.
Encr;yption usinr the keT rope.
GS Z y V
G WV y V
G WI E I
U0 VYG
BeL J M
T Y RY H
GS VJ I
* An interesting but unobtainable measure of the familiarity of the
Caesar cipher would be the percentage of viewers who appreciated why,
in Arthur C. Clarke's script for the motion picture, "2001: A Space
Od:vsse~'." the computer was named HAL.
I r,
D.
Ciphertext set up b,.. period fer cr;yptanalysis.
Figure I-Facets of Vigen ere cryptography
From the collection of the Computer History Museum (www.computerhistory.org)
Cryptology, Computers, and Common Sense
peter piper picked a peck of pickled peppers.
Figure 1-D indicates how the cryptanalyst, by determining the period (and also having sufficient ciphertext-a
matter to be discussed later), can arrange the ciphertext
so as to permit the recovery of the plaintext. *
The Vigenere and its many variants (of which there are
24, some having names such as the Beaufort and St. Cyr)
are susceptible to analysis both by this method, which
relies on frequency counts of individual letters, bigrams,
etc., and by differential methods particularly well suited
for computer implementation.?
. Another kind of polyalphabetic substitution is shown in
Figure 2. In place of the predictable alphabets of the
Vigenere kind, the cipher alphabets are randomly generated and unrelated to one another. A total of 26!, or about
4X10 26 , alphabets are available,** of which just ten are
used here.
'-TnsteaaoT e-ricipli-eririg fIie-plalntexCbymeans'or' a
periodic key, a nonrepetitive key (in this example, pi) is
used. The resulting ciphertext is secure until a persistent
analyst distributes the cipher letters into ten groups,
using the digits of pi as a guide. If there is sufficient
ciphertext, each of the ten groups will exhibit the frequency distribution of normal English, except the set will
have undergone a simple-substitution transform. All IS
lost.
pt:
o
I
2
3
4
5
6
7
8
9
a
c d e f
mn
0
p q
r stu v w x y z
K Y H F G Z D R N 0 P J A E L C Q M V WB X T U S
T L K A D Q F H N J X E ICY M G U Z V WS R 0 F B
L EMF R N C Y D U H J P W X Z Q B V A K T S G 0 I
JED Q B COl G N H Y Z SAM U V R F X WT K P L
J WK B H E C L Y N D F V M U R P 0 G X Z I QAT S
Q LNG X A F R M H U D V P K B E J S T I Z COW Y
G Z M AFT K Q V L Y B N S C J E P HOW X D I R U
T V N Z U B X SMA Y D J W R L I H E F C K G P Q 0
H D K 0 U P V F G R T C I E Q J L Y S X MA B N Z W
P W R H C JON Z M K I A B F U S X E T G Q V L D Y
A.
Tableau of random alphabets.
pt:
key:
ct:
pet e r pip e r
3 I 4 I 5 9 2 6 5 3
MD X D J U D J X V B G R Y C Q L MU K Y X T
pt:
key:
ct:
p i c k l e d pep per s
4338327 950 288 4
RG DT YR Z U XL Z UYG
B.
pic ked
5 8 9 7 9 3
ape c k 0 f
2 3, 8 4 6 2 6
Encryption ueilli the key- pi.
MDXDJ UDJXV BGRYC QLMUK YXTRG DTYRZ UXLZU YGXXX
C.
Ciphertext in 5-1etter groups for transmission.
Figl.lre 2-Substitution using random alphabets
* For reasons of space, this simple example must suffice to support the
following premises: (1) Given sufficient ciphertext, if there is a small
enough period (say 100 or less for pencil-and-paper work and several
decimal orders of magnitude greater for computer analysis), the period
can be recovered. (2) Even if the period is not constant, but varies by
some definite rule, it can be recovered. Details may be found in references in the selected hihliography.
** More than enough to encipher everything written since the invention
of writing (2 X 10 15 letters is a conservative estimate of the upper bound)
without repeating a single alphabet. Recalling the similar staggering
statistics for simple substitution, the reader is not impressed.
Key:
:.!lQ5l.~
~
PET E R
P I P E R
P I C KE
DAP E C
K0 F P I
C K LED
PEP P E
RS
Key:
571
~!t.D...Q.~~
5 6 4 2 I 3
Fi rst transpos i t i on
and in termed i ate
ciphertext:
TPCPF LPRRE CIDEP
PPDKC PREEK EPEPE
IIAOK ES
T PCP F L
P RR E C I
DE P P P D
KC P R E E
KEPEPE
I I A0 K E
S
- A-
Second transpos
t i on a~d f i na I
cipher tex t:
i-
FCPEP KPEPR EOLID
EEECR PPPAT PDKKI
SPREC EIXXX
B -
Figure 3-Double columnar transposition
Anticipating this contingency, the astute encryptor will
not use 3.1415 ... as the invariable starting point of his
key, but will begin each message at a different place in
the pi sequence. If the analyst remains convinced that pi
is the key, he must undertake the laborious task of checking each digit in the sequence as the potential starting
point for each message.
... This--effortTs both ·time-~c-onsum-ing-and co~tiY. Both-factors work to the advantage of the encryptor. The "time
factor" operates to keep the message secure long enough
so that it may be out-of-date and useless when the enemy
finally reads it. The "cost factor" operates such that the
enemy may pay a higher price for the information than it
is worth to him. Time and cost factors remain important
when the scene shifts to the computer environment.
The random-alphabet example raises an engrossing
question: How much text is required in a cipher of this
nature so that only one meaningful interpretation is
possible? The answer is a function of (1) the amount
required for the simple-substitution case, and (2) the
number of alphabets used in the cipher. In general, the
product of these two numbers is near the minimum
amount of ciphertext necessary for cryptanalysis from an
information-theoretic viewpoint.t From the viewpoint of
the pencil-and-paper analyst, this amount is too low by a
factor of about five, depending on the nature of the plaintext.
Transposition types
Traditional forms of the second major encryption algorithm, transposition, are illustrated in Figures 3 and 4. In
Figure 3-A, the plaintext has been written out under a
keyword. A transposed version is then obtained by taking
the letters out by column, the order of the columns being
determined by the numerical sequence of the key letters
in the normal alphabet.
The ciphertext at this stage is a "simple columnar
transposition," which presents little difficulty to the
analyst, even though the columns are of two different
lengths. In geometrical terms, simple columnar transposition is a 1-dimensional operation since the plaintext is
converted in effect into a series of disjointed line segments.
t Readers
familiar with Shannon's work will recognize the "unicity distance," which is treated later.
From the collection of the Computer History Museum (www.computerhistory.org)
572
National Computer Conference, 1973
P 0 KC E P A
EF REP P D
T P S XXE E
E I XX XP K
R C K LED C
P I P ERP I
Ciphertext:
POKCE PAEFR EPPDT
PSXXE EEIXX XPKRC
KLEDC PIPER PIXXX
Figure 4-Typical route transposition
In Figure 3-B, the ciphertext of 3-A is subjected to
further transposition, using the identical algorithm but a
different keyword.t The final cipher has a surprisingly
high resistance to analysis. Double columnar transposition is 2-dimensional in that each letter may be equated
with a particular cell in an X- Y matrix.
Figure 4 illustrates another form of 2-dimensional
transposition known as a "route" cipher. Here, the plaintext has been written into a 7 X 6 matrix in a counterclockwise spiral. The ciphertext is then taken out by rows.
Other routes are also possible, but the example suffices to
show the principle.
A cryptanalytic technique called "multiple anagramming" applies to transposition ciphers when one has two
or more messages of the same length (or suspected block
length). By manipulating the ciphertext of one message to
produce plaintext, and carrying out the identical operations on the other message(s), if plaintext results in the
other message(s) as well, the decryptment is achieved.
To close the discussion of transposition types for the
present, Figure 5 shows a "3-dimensional" technique not
described in any of the known literature. The example is
trivial but allows elucidation of principles which relate to
programming techniques of value when the general case is
described for computer application.
100
101
-A-
TABLE I-Hamiltonian Paths of Figure 5
5-B
5-C
5-D
5-E
100
101
001
100
110
010
000
000
010
011
111
110
001
101
111
011
100
000
010
011
001
101
111
110
100
101
111
110
010
000
001
011
5-F
100
000
001
011
010
110
111
101
ent Hamiltonian path for each cube. Figures 5-B, 5-D,
and 5-F are circuits as well as paths.
Using dimensional notation, the paths of Figures 5-B
through 5-F are shown in Table 1. The path sequences, it
will be noted, form Gray codes. Because of the Gray-code
property, all may be generated by a relatively simple
software routine. Although the example here is for three
dimensions, the simplicity holds for the general case of ndimensions.
CRYPTOGRAPHY IN TRANSITION
-C-
-8-
Figure 5-A will be seen to be the topographical equivalent of a unit cube with X- Y-Z origin at 0,0,0; with the
vertex of the major diagonal at 1,1,1, and with intermediate vertices suitably labelled (commas have been omitted
in the diagram). The reader is invited to view Figure 5-A
as the "shadow" of a 3-dimensional object cast on the 2dimensional paper; the concept will be serviceable later.
Viewed as a graph in matrix terminology, there are
many routes through the structure. Two kinds of route
are of special interest, the ~'Hamiltonian path" and the
"Hamiltonian circuit."* A Hamiltonian path is one which
passes through every vertex in the graph once and only
once. The Hamiltonian circuit is a special case of the path
wherein the last element in the path is so located that the
first element is adjacent, allowing the path to be repeated.
In Figure 5, five unit cubes have been used to transpose
the plaintext. For clarity, the plaintext has been written
into each cube from left to right and from top to bottom. **
The ciphertext is then read out of the cubes via a differ-
The Vernam era
-0-
F i ra! C i Dhectex t:
-E-
PEETR
PPIEE
CPIRO
-F-
KAEKO
CPPFI
CEPEK
LDPER
xsxXP
Figure 5-A 3-dimensional route transposition
t If the keyword for the second transposition is the same as the one used
for the fi~t, the cryptosystem is known as the "U.S. Army Transposition Cipher," of World War I vintage.
For the computer-oriented, the locus classicus of modern cryptotechnology is a paper written 47 years ago by
Gilbert Vernam of the Bell Telephone Laboratories.8 The
paper describes (what today would be called) a binary
cryptosystem suitable for use with the 5-level Baudot
Teletype code, a code which still may be found in wide
* Named after Sir William Rowan Hamilton, who first described them
in the mid-19th century.
** In practice, the plaintext would be entered using one path and the
ciphertext read out using another. The legitimate receiver, knowing the
two paths, need merely reverse the process to decrypt the message.
From the collection of the Computer History Museum (www.computerhistory.org)
Cryptology, Computers, and Common Sense
use today. * The two possible truth tables of the cryptosystem are shown in Figure 6, together with samples of
the two possible encryptments and decryptments. The
system is identical to that used in many of today's computer encryption devices, although the character length of
the latter has been increased in most cases to accommodate standard data-processing character sets.
The security of the Vemam system results from the use
of an apparently random key of great length. The important word here is "random." Contrast a random nonrepeating key with the predictabie, "semi-random," key of
Figure 2, viz., pi. If the key were truly random, and if it
were used only once, the enemy analyst would be impotent, professionally at least. ** What constitutes true randomness is a matter best left to mathematicians.
Vernam obtained his lengthy key by using two
pt1P:~_he~~p~per tape loops of character length i and k,
where j and k are mutually p~i-~e. The -e~cipher~e~t
equation is thus: ct i=pt i8;Jj/J:)k i • For each cycle of the j
tape, the k tape advances one character, yielding a total
key length of jxk. Typical values for j and k during the
'20s were 775 and 776, for an over-all key length of
601,400 characters. In a similar but computer-based system today, using magnetic tape for key storage, j = (5 X
lOS) and k=[(5XI0 6 )+1] are attainable values, for a
total key of the order 2.5 X 10 13 •
N umbers of this magnitude appear irresistible to advertising managers for computer cryptosystems. The reader,
however, may now be more suspicious than stunned, possibly as the result of previous examples. His suspicion is
not unfounded.
An example may serve to demonstrate one of the characteristics of this kind of cipher. The example is artificial
only in the sense that it compresses into a brief interval
data which normally could be acquired only after the
interception of considerable ciphertext. The phenomenon
itself, owing to the nature of language, is certain to occur.
In Figures 7 -A, 7 -B, and 7 -C, the same plaintext,
bar g e, has coincided with the same ji key, 1 blpt, but
with three different k i keys, c, m, and y. Three difpt
pt
key
o ,
o,
o raT
,I,
,
Encrypt:
0
pt:
(!)
key:
ct:
Decrypt:
ct:
(!) Key:
pt:
Key
°
= a
'0"
0 = f
0IiI0 = C
"0 0
°
°
O! ! !
= C
_'_0_'_'_0 = i
, , 0 0
= a
- A -
OITO
,10 ,
Er.crypt:
pt:
Ell
~ey:
Cl:
°
, , 0
0 = a
_,_0_'_'_0 = i
,
0 , = Z
°°
Decrypt:
ct:!COO!=z
(D Key: _,
pt:
_0_'_'_0 = i
, ,
°
0 0 = a
- B -
Figure 6-Basics of Baudot cryptography
* In 1925, the then-Captain William F. Friedman invented a bit-transposition device (the equivalent of a plugboard) to increase the security
of the system. The transposition was invariant until manually changed.
** The enemy, however, wins a point in that the truly random key must
somehow be transmitted to the legitimate receiver (who cannot generate
it himself, obviously, it being a one-of-a-kind sort of thing. This transmission gives rise to opportunities for interception, theft, and bribery.
573
A:
o 1001 I
j i ~ey:
k i key:
ct i :
a 11000
12. 100 I I
1
a I 00 I
~
QlJlQ. ..£ QlJlQ
S 10 I 00
H OO! a I
b 100 I I
a I 1000
12. I CO I I
9 0101 I
e 10000
1. a 100 I E a I 101
r 01010
t 0000 I
c aI I I a
l' -II-I-I-r
~
P
a I I aI
r
a 10 109 a 10 I I e
2. a I I a I .!.
B:
pt2:
j i key:
ki+x key:
ct2:
c:
pt3:
j i key:
Ki+y key:
ct3:
1.
a I 00 I
Q!JJQ ..£. Q..!JJ.Q
1 a I 00 I
=.
a I 000
10000
'1l
Q I I 101
I a I 100
00 I I I
# 00 100
00001
m 00 I I r :rl 00 III
--T 0000 I F 10 II a
b 1001 I
a 11000
r 01010
9 0101 I
m 00 I I I
:1
00 I I I
e 10000
1. a I 00 I 12. 100 I I 1. a 100 I £. a I 101 i 0000 I
y i a i ai y I aI a I L.!.QJ.Ql ..J....!.Q.!Q.L 1..lQlQ..L
V 0iITI K ITIiO F 10110 B 10011 # 00100
D:
ct I :
Eli ct2:
key a :
S 10 100
H 00 I a I
P a I 101
:0
Q 11101
I 01100
# 00100
T 00001
1.
1.
1.
lOIOOI
01001
01001
01001
E:
ct I :
Eli ct3:
keYb:
a I 000
=
00101
P 01101
01000
S 10100
V a I I I I K I I I 10 F 101 lOB 100 I I
t llOTTt TTOT1-1' !"rO] I of- 110-11
Control Functions:
1- FIGS Shift
v LTRS
Shift
Carriage Return
== Line Feed
oE-
of I I I I I
F 10110
1.
01001
~ IIIII
# 00 100
ITol1
t
0 Blank
# Space
Figure 7-Recovery of minor cycles from Vernam cipher
ferent ciphertexts result: SHP == 1(ct l ); QI#TF (ct 2), and
VKFB# (ct 3).
In Figure 7 -D, Ctl is added (vectorially)* to ct2; in Figure 7 -E, ct l is added to Ct3' In each instance, a constant 1
and 1 respectively, results. We shall refer to these constants as ka and k b •
The ka and kb are compound k~ys. ka is the sum of k i
and ki-rx. yielding 1. kb is the sum of k i and kid. yielding ~.
The appearance of these constant sequences signals the
discovery of one of the minor cycles of which the complete (jXk) cycle is comprised. Each minor cycle is initiated by the stepping of the k tape. Having found sufficient minor cycles with the identical compound key, the
analyst may now apply the periodic technique of Figure
1, the Vigenere example. Ironically, the rigor of Boolean
algebra ensures that the Baudot cipher alphabets are as
immutable and predictable as those of the Vigenere.
Boolean rigor leads to a second weakness of this kind of
cryptosystem: If any part of the key is used to encipher
as few as two plaintext messages, the messages can be
"lined up" by a technique known as the index of coincidence.** Figures 8-A and 8-B show just a portion of two
such messages. In practice, much more text is needed in
order to line the messages up.
The analyst then proceeds to add ct 1 to Ct2 as shown in
Figure 8-C, to produce the compound key, ke" Assume the
analyst suspects the word n u m b e r is probably contained in one of the plaintexts. To test the assumption, he
tries each k(' letter as the starting point of the word
n u m b e r, reading the resultant diagonals to see if a
* Throughout the remainder of the paper, the process of addition refers
specifically to vector addition unless otherwise stated.
*'" The index of coincidence was discovered by WiHiam F. Friedman and
published in "The Index of Coincidence and Its Applications in Cryptographic Analysis," Riverbank Publications, No. 22, Geneva, II: Riverbank Laboratories, 1922. The method is described in Kahn (op. cit., pp.
376-385).
From the collection of the Computer History Museum (www.computerhistory.org)
574
National Computer Conference, 1973
pt I:
G) key:
c tl:
- - - pet e r p i p e r p i c ked ape c k
rI2
~
Q
f - - -
9. ~ ! g J!.. SO .e 1.. ~ !L 1 ~ J. !!. .:. .:. :
- - - R T of- Q 0 F BON X J Y C J K + X J S E V R R - - -
=- =- =-
i
£
i 1. iii.
- A pt 2 :
G) key:
ct2 :
---repIYillessagenumberseven-----mzj p I t++fqxwO#cpvxllkz I u---
ct I :
- - R T t Q 0 F BON X J Y C J K f X J S E V R R - - P T X II U U V G~tl U L N A L K
Q E C K'vI J - - -I']Ol 'I! +I.!d.~# Qi!.!d. =E-~ t Lr!!.# ~~Q.~-
~~=PTX~UUVG~HITINA[KlQECKwJ:::
- B G) ct2:
keyc:
+
- C keyc:
n
u
m
e
r
- - - m 0 i w oj, r u wild n u :; E- X t i ill H k z b e - - ::~::t-;;--;:-~;ijf~~oj©#zmct~axyT:=-:
---tuehofOhacjOs®gqs,a-pvi___ omgkap,koytof-vf@nYOowfsx- - - s b f r i w v r x t y v t z II@' s x P~Ooxeulvjils~fiadmz®xsctoOprnbYOfbcaif~=qu«-®cs'wj-
- 0 -
Figure 8-Probable word solution of Baudot cipher
reasonable plaintext sequence emerges (Figure 8-D).
With luck and persistence, he finally obtains c ked a p.
The tongue-twister recognized, the analyst tries
peterpiperpi(ckedap) against ke, and with much
gratification obtains rep I y m e s sag e (n u m b e r) as
the counterpoised plaintext. *
Extending the messages in the other direction, the
analyst is aided by another phenomenon. The SEV of ct 1
is the s e v of pt2 and the ECK of ct2 is the e c k of pt 1 .**
So long as the two ciphertexts continue to share the
common key, the messages may be recovered by the nearmechanical process of assuming a letter-by-Ietter continuation in one plaintext and seeing if it results in an
acceptable continuation in the other.
If the two preceding examples have produced further
skepticism in the reader regarding those cryptosystems,
the security of which is attributable solely to their having
keys of length 10:Lt, they have served their purpose.
The Shannon era
topic, the "unicity point" or "unicity distance." (Shannon
uses the terms interchangeably.)
Earlier in the paper the question was raised: What is
the longest simple-substitution cipher that has only one
meaningful resolution? In essence, this length is Shannon's unicity distance. But the value depends on the
cryptosystem. For simple substitution, it is 27 letters. For
the Vigenere example of Figure 1, it is 10 letters (or 2d,
where d is the period length). For the random-alphabet
example of Figure 2, it is 270 letters (equivalent to ten
simple substitutions). For a periodic cipher of random
alphabets and unknown key, the unicity distance is 53d,
and so on.
In the course of developing his thesis, Shannon proves
the unicity distance for a cipher which employs a random
key, never repeated, is infinite. The cipher cannot be
solved.
If, then, an impregnable cipher does exist, why is it not
universally employed? The answer is logistics. To the
originator of voluminous plaintext, the generation and
testing of a truly random key, plus the expense of distributing it (and the dangers accompanying the distribution
as mentioned earlier), and the coordination of its use to
ensure its one-time-only employment, add substantially
to the user's cost. Only the more affluent governments,
and then only for the most sensitive texts, can afford it.
CRYPTOGRAPHY IN THE AGE OF AUTOMATION
Those aspects of pre-computer cryptography which
have now been covered are essential if the unfamiliar
reader is to understand what has occurred now that the
computer is a commonplace tool of the cryptologist.
Except for algebraic cryptography, a genre not previously
described, the reader will see that though the language
and the claims have changed, there is at least some justification for maintaining the skeptical attitude of the
aphorism, Plus ca change, plus c'est la meme chose.
Algebraic cryptography
Kahn declares Friedman's discovery of the index of
coincidence is "the most important single publication in
cryptology."*** The practitioner is likely to agree. The
theoretician may justifiably nominate Shannon's analysis
of secrecy systems for the honor.9
The text, tightly knit in the manner of mathematical
exegesis, admits of no easy summary. The writer faced
with space limitations has open only a few options if his
intent is to induce the reader to consult the original. The
strategy selected here is to limit the discussion to just one
* We have omitted the binary operations involved in this procedure,
those in Figure 7 being deemed sufficient to show the principle. The full
5-level Baudot code can be found in many standard electrical engineering references by the painstaking reader who wishes to test the operation
for himself.
** Again, the reminder, the examples have been contrived to show
variow; ront.ingencieR in a Rhort c;pace**" Kahn, op. cit., p. 376.
The seeds of modern algebraic cryptography were
planted more than 40 years ago in two papers by L. S.
Hill. 10. 11 To one not mathematically trained, the procedures are complicated, even arcane. Mathematicians (one
is told) perceive an inscape of excellence unrivaled by
competing schemes. The discussion has been postponed
till now because in the absence of edp equipment, the
encryption and decryption tasks entailed high cost and
time factors for the legitimate users, even if calculating
machines were employed. *
* Hill patented an unwieldy mechanical device which could operate on
up to six letters ("hexagrams") per cycle. Computers permit polygrams
of any size to be processed, at least in theory. Programmers familiar
with the demands matrix algebra place on machine time will see that a
practical limit exists. The limit is set by the acceptable trade-off
between cost fact()1" and the degree of s(>('urity Ql?sireri, both ;ncrea~iT1g
exponentially with polygram size.
From the collection of the Computer History Museum (www.computerhistory.org)
Cryptology, Computers, and Common Sense
Figure 9 is a simplified example of one algebraic method, adapted from Davis. 12 The example consists of a
matrix of order 3, which serves as the key, and a column
vector, which is the plaintext. For encryptment, the
numerical equivalent in the standard alphabet is substituted for the plaintext letters.
The encryptment algorithm is shown in detail in Figure
9-A. The operations involved in enciphering the plaintext
pet appear in Figure 9-B. For the remainder of the plaintext, only the skeleton of the encipherment is given. Figure 9-G is the resulting ciphertext.
Among others, the chief disadvantage of the method is
that the encipherment process involves five steps per letter, or a total of 15 steps per 3-letter pt group. The number of steps per pt group grows quadratically with polygram size according to the formula, S=n 2 +(n -1), where
S is the number of steps and n is the number of letters in
... -..
. . - _.. .-
ihe-polygram~---
Encryption:
('"
kl2
k22
k32
k21
k31
(kll
P,
k P
k13) (")
P2
k23
k33
k
P3
·
k31 P3)
K21 P2 +
+ k P + k P
32 3
22 2
l2 I
P + k P + k P
l3 I
23 2
33 3
(:~)
=
- A -
0
8
2
;) ('"(PI)
5( e)
("'
8x 16
16 •+
20( t)
3x 16 +
8x5
+
5x5
2x5
+
3,2:)
+
Ix20
2x20
=
to)
193
78
- B -
18(" ('162)
"2\ (:
(': :) r")
8
5
~) (8( ill (255)
8
<
16( p)
2
67
2
- C(14
8
\~
5
2
ct:
324
\16(P)
5(e)
=
154
61
- D -
3) (8("\ (30"\
2
I
1/
16(P»)=\240)
8( i)
94
- E 193 78 262
145 89 36
/,4
8
\~
5
161
2
67
255
3\ / 3(0'\ ("'\
2)
I
154
\ I ( k ))
5(e)
61
=
304
89 )
36
240
94
- G -
Figure 9-Elementary algebraic cryptography
An advantage which offsets the main disadvantage is
also evident. Although the first 3- letter pt groups contain
the letters p e, there is no indication of this in the ciphertext. Similarly, the reversal i p and p i in groups 3 and 4 is
concealed. The principle applies regardless of polygram
size. Thus if just one letter in an n-Ietter polygram differs
from another n-Ietter polygram, the ciphertext will conceal the fact that all but (n -1) letters are identical. The
phenomenon denies the analyst the use of one of his more
powerful tools, the analysis of repetitions in the ciphertext.
Figure 10 shows the decryption process for the ciphertext of Figure 9-G. Only the first 3-letter group is deciphered; the others follow the same paradigm.
The decryption key matrix, it will be noted, is not the
same as the encryption matrix. The disparity may appear
to add to the security of the cipher but the inference is
misleading. The decryption matrix is merely the inverse
575
Decrypt ion:
('"
k21
k31
(:
ki2
ki3\
k22
23)
k33
k32
-2
-4
K
fC I \
\:;)
,\ f2:)
\I~:
-:)
(k
II
CI +
\k 12 C
K 13 c
I+
I+
~22c2
+
-2x324 +
=
K32 C3)
: °2
k23 c 2 + k33 c 3
- A -
(I x324 +
(PI
k21 c 2 + k31 c3 \
-2x193 +
V3/
IX7~\ f'6(P~
5xl93 +-4x78
\ I x324 + -4x193 +
I
6X7~)
=
5(e)
\20(t)
- B -
Figure 10-Algebraic cryptography decipherment
of the encryption matrix, a familiar mathematical procedure.
Commerci.a.lciphersy-sl.ems
Algebraic cryptography aside, most commercial cryptosystems depend on means for generating a key which to
the casual observer appears random but is in truth only
pseudorandom. The commercial systems take the form of
both hardware and software. The two kinds may conveniently be discussed together because whatever can be
performed by hardware may be emulated by software.
Indeed, some systemf employ software at the computer
site and hardware at the remote terminals.
The first algorithms for generating pseudorandom keys
for computer use appeared in the '50s. The resulting key
was fully deterministic, derived by a method identical or
similar to the binary equivalent of the decimal example
shown in Table II. The procedure begins by selecting a
number, say 6378, squaring it, and then proceeding as the
table indicates. *
The operation yields the sequence 7-8-8-2-5-8-4-5-5-01-9-2-1-1-4-5-7. The series is apparently random but
wholly determined.
Today, the most commonly encountered commercial
cryptosystem is the "shift register." Despite design variations, the principles and more importantly the results are
identical: Shift registers are pseudorandom key generators, but of a kind different than that illustrated in Table
II.
TABLE II-Generation of Pseudorandom Key
Operation
Product
Key Sequence
6378X6378
788X6378
258X6378
455X6378
019X6378
211 X 6378
40678884
5025864
1645524
2901990
121182
1345758
788
258
455
019
211
457
* A curious sidelight of the era was the discovery and promulgation of a
rather small set of numbers, favored because they produced long
pseudorandom sequences. Analysts presumably concealed their delight.
From the collection of the Computer History Museum (www.computerhistory.org)
576
National Computer Conference, 1973
PSEUDORANDOM
KEY
GENERATOR
o
T
'0 X B L K I K • H 0 H
~n
-A-
T----_____ ,
1
g
@ 0
!
@
1
1
@
Q.
.i
e x
t
1.
@
1
.e.
g
e
1
Q
~
=
~
,
1<.
1.
£
9.
;0
t
Q.
@
@
____ T
0---
p
,~
_____ 0
etc
B
L
K
I
K
c
x
B
L
K =
I
@ 1
@ 1<.
@ !;.
@ 1
@ Q.
t
d
@
•
a
@ 1
@
.i
II
H
@
H
o
• Etl 1
P @ h
e e 1.
c @ £
e
0
H
k
e
e
e
K
II
=
e
t
-8-
Figure II-Simplified shift-register operation
The key generated by a shift register is (in all cases
worthy of consideration) not deterministic but Markovian. A brief quote from Feller l3 succinctly states the
process: "If two independent systems subject to the same
transition probabilities happen to be in the same
state, then all future probabilities relating to their future
developments are identical." *
In the case of the shift register, the two "independent
systems" are the pseudorandom key from the key generator and the stream of the plaintext; designers may
validly dispute the term "independent" as applied to the
key generator. We retain it for the sake of the following
example.
Figure 11 shows a simplified shift-register system. For
clarity, the operations use Baudot encipherment (truth
table of Figure 6-A).
The action is portrayed in medias res, since initial
start-up conditions are unique and at most occur once per
message. A comparison of Figure 11 and Figure 7 will
reveal that in both cases a compound key is used to encipher the plaintext. In Figure 7, the final key is the sum of
ji and k i- In Figure 11, the final key, kbi' is the sum of kai
(the current output of the key generator) and ct i - l , the
cipher counterpart of pt i - l , the last-enciphered plaintext
letter. The compound key is formed by feedback from the
ciphertext output stage. Feedback in one form or another
(and it is usually more complex than shown here) is an
essential feature of shift registers.
Figure 11-A portrays the case ct i=ptJ3) kbi (that is,
T=pffii); simultaneously, k bi +l is being formed by the
process, Kbi+l=kaifficti (that is, b=dffiT). The equations
are rearranged slightly in Figure 11-B to show the formation of the successive kbi~n and at the same time the inter* Fl'llpl', 'W cit, P ·121)
relationship of the two streams. In order to start the
sequence in Figure 11-B, we have assumed ct i - l was D
and kai was i; the assumption also explains why kbi = i in
Figure 11-A. As so many things are, the process is hard to
explain but relatively easy to implement. The explanation
has succeeded if designers who initially objected to the
term "independent" are now modified.
Figure 11-C, in turn, shows the formation of the successive ct i + n • Readers still with us will see that in Figure 11A, the pt stream and the ct stream appear in proper
superposition.
In practice, the commercial shift register is frequently
a cascaded series of binary stages. The maximum length
of the pseudorandom key cycle is (2n -1), where n is the
number of stages. A common length for the shift register
is 20 stages, yielding a key cycle of 1,048,575 bits.
Some commercial shift registers provide the capability
of allowing the user to change the feedback connections,
and thus alter the pseudorandom key stream. Different
key streams obtained in this way are usually referred to
as "codes." An article by Twigg l4 treats the design logic of
these devices. Interestingly, a complementary article by
Meyer and Tuchman l5 outlines a method of attack on the
ciphertext of such systems based on the recovery of just a
small part of the key stream.
Another method of attack is that of Figure 8. It is
applicable when two messages enciphered with the same
key can be lined up. If the user varies the initial setting of
a given code for each message, the enemy must intercept
considerable traffic in that code before he can achieve
this felicitous condition. (It is appropriate to suggest here
that the user never let his line go "dead." Meaningless
character streams should fill the void between legitimate
messages, to prevent the enemy from detecting the start
and end points of messages.)
In the absence of a definitive comparison of off-theshelf commercial cryptosystems, let the writer nominate
his own candidates for the top and bottom rungs of the
security ladder-both, of course, a matter of personal
opinion.
Of the systems examined, the top rung is occupied by
the IBM Feiste;/Notz/Smith system.* The design is too
complex for explanation here, though on the other hand
the user interface is admirably simple.**
The apparently unchallengeable occupant of the bottom rung of the security ladder is the not-inexpensive
"XYZ" system. The "black box" is furnished with a twocode "module," although users may purchase additional
modules up to a total of more than 8 million codes. The
key length is not revealed. However, it is irrelevant. To
simplify operation by the user, the system is reset anew
for each message to exactly the same place in the keying
cycle.
* Girdansky, op. cit., pp. 6-12.
** As the poet-author of Ecclesiastes asked, "Is there a thing of which it
is said 'Lo, this is new?'" The Feistel/NotziSmith method incorporates
a programmable version of Friedman's bit-transposition scheme
referrcd to carlier.
From the collection of the Computer History Museum (www.computerhistory.org)
Cryptology, Computers, and Common Sense
577
The delighted analyst may now return to the example
of Figure 2 and the accompanying text, where the fallacy
of beginning each message at an invariant starting point is
explained.
A polydimensional transposition cipher
The following cipher is described not for the usual reason (i.e., the amateur cryptologist has devised still
another "unbreakable" system) but because it posesrather, may pose-a challenge to the theoretical mathematician. The cipher is an (unbounded) extension of the
3-dimensional system of Figure 5. The extension will be
described first. The challenge follows shortly.
The reader was asked to view Figure 5-A as the shadow
Of~L3-dimensiort~IJ~!!h~~_~~1Qn.lh~_2~gjP1ensiQnalI>_@~.r.
In the same way, without trying to visualize the object itself, the reader may consider the graph in Figure 12-A
1100
Figure 13-Hypercube of dimension 6 (Hexact)
- A -
- B -
ct = REPEE PTERD CIPKI P
- C -
Figure 12-A 4-dimensional route transposition
as the shadow of a 4-dimensional hypercube, or tesseract,
as it would appear in 2-dimensional space.
Paralleling the example of Figure 5-B, the plaintext
pet e r pip e r pic ked has been written into Figure 12B from left to right and from top to bottom (although, as
with Figure 5, in practice a Hamiltonian path should be
used). The ciphertext has been taken out by a path which
is also a circuit.
The tesseract, the vertices of which are identified in
vector notation, exhibits the same property as the cube.
All Hamiltonian paths and circuits form Gray codes. This
characteristic holds for the general case of the n-dimensional hypercube. The reader may test this for himself by
tracing paths and circuits in the 6-dimensional hexact (or
rather its shadow) in Figure 13, the largest hypercube
which may reasonably be drawn in the available space.
The reason for surmising that the polydimensional
transposition may be usable as a secure commercial cryptosystem is based chiefly on the evidence in Table III.
Note the rate of growth of the number of paths with
increasing dimension. The table ends at dimension 4
because it was estimated that three months of continuous
computation on the UNIVAC 1107 would be required to
list exhaustively the paths and circuits for the 5-dimensional pentact if the program prepared specifically to
count Hamiltonians for the n-dimensional case were used.
Other grounds for giving the system further consideration include: (1) The routine which generates the Hamiltonian paths is relatively simple and makes but slight
demands on high-speed memory. (2) If successive blocks
of plaintext are encrypted and decrypted by paths which
vary in pseudorandom manner, multiple anagramming as
a cryptanalytic tool is defeated. (3) Different sets of paths
can be dedicated to individual remote sites, thus preventing sites from reading traffic not intended for them. This
capability does not exist in some current commercial
systems.
One advantage to the legitimate user is that he need not
generate all possible paths for a hypercube of dimension
(say) 20.* He need generate only a few thousand or tens
of thousands-a relatively simple task. The enemy on the
T ABLE III-Hamiltonian Paths and Circuits of the n-dimensional Unit
U nit Dimension
o
1
2
3
4
Hamiltonian Paths
o
o
Hamiltonian Circuits
2
0
0
2
144
91,392
96
43,008
5
* A 20-dimensional hypercube may seem to imply that the ciphertext
must comprise blocks of more than a million characters each. The inference is not true because all vertices need not be filled-a complication
easily programmable but which adds substantially to the enemy's work
factor.
From the collection of the Computer History Museum (www.computerhistory.org)
578
National Computer Conference, 1973
other hand must try all paths-and the trend of the data
for dimension 20 indicates this is impossible.
This is where the challenge to the reader enters: What
is the generating function for the number of Hamiltonian
paths and circuits for the general case of the n-dimensional hypercube? A respectable amount of effort by
qualified mathematicians, supplemented by inquiries by
the writer, has failed to unveil it. One is tempted to suspect that for the 20-space hypercube, the number of
Hamiltonian paths is of the order 1OXXX. *
A CRYPTOGRAPHIC SCENARIO
Till now, the emphasis of the paper has focused on the
means available to the enemy to "read the mail" of the
cryptouser. This stress may have given the user qualms
about the security of his communications, an uneasiness
which may have some slight justification in fact. But in
practice, the defenses of the user (in the specific area of
cryptography) surpass the weapons of the enemy to an
overwhelming degree. (We speak here of nongovernmental users and enemies.)
Let the hypothesis be made that MSI is a large international corporation which maintains extensive digital links
among many transcommunicating data banks holding
information of a most sensitive nature. MSI is continually
reminded of its vulnerability by the many vendors of
commercial cryptosystems. But MSI's manager of telecommunications has not yielded to the suasions of any
one vendor and has adopted a cryptosystem which admits
not only of frequent and easy change of key but of the
basic system itself.
The enemy is IPF, MSI's largest competitor and
rumored to budget a sizable amount each year for
industrial espionage. Regard first the probable strategy of
IPF in allocating its espionage fund:
• Planting persons on MSI's payroll appears to be the
tactic with the greatest potential payoff, and thus
may account for the largest share of the funds available.
• Bribing MSI employees and its vendors, the tactic
which judgment would seem to rank in second place,
consumes another share of the budget.
• Of the money allotted to wire-tapping, bugging, and
digital eavesdropping, the two former activities probably receive priority.
What resources are on hand for the manager of the IPF
digital wire-tap fund? (We will grant him the knowledge
of which data links carry the information of most value.)
An obvious first need is a cryptanalytic staff. The staff
must be familiar not only with cryptanalysis and with the
protocols of digital communication. but must also be
* In light of our previous skepticiE'm concerning large numbers. no guarantee is implied or should be inferred regarding the security of the system based on this number alone.
criminally inclined. While there does exist a pool of government-trained analysts with the first two qualifications,
it is unlikely they would participate in illegal activities
unless they have greatly changed their lifestyles since
receiving their clearances.
But let's grant the manager his staff. Next he needs a
fairly sophisticated data-processing system which stresses
mass storage for recording the intercepted bit streams.
Let's grant these facilities also, though by now the
manager has probably exceeded his budget wh.ich was
severely limited in the first place. What of the tIme and
cost factors? We assume MSI keeps its lines active in the
absence of genuine message traffic. Then not only is it
perversely difficult to locate the (enciphered) mes~ages
themselves it is often a stupendous task merely to Identify the sys~em in use. And by the time the key for a given
message has been discovered, the plaintext may refer to a
division of MSI which had been sold two weeks ago.
MSI's telecommunications system, then, appears reasonably secure from cryptanalytic attack. However, this
conclusion is drawn with the emphatic qualification that
it pertains to the state of the art as it exists today.
It may be instructive, though, to view the situation
from the eyes of MSI's manager of telecommunications.
He has wisely initiated cryptographic procedures which
offer high theoretical and practical security. But unfortunately he must delegate responsibility for day-to-day
operations to an army of programmers, operators, and
clerks. All have many admirable qualities. Also, they are
variously careless; forgetful; malicious; indifferent; hurried, and possessed of all the usual failings of humanity in
general. As a result, MSI's manager is frequently confronted with such situations as:
• A site transmitting in one cryptosystem to a second
site currently set up to receive in another system.
• Plaintext somehow evading the cryptoroutine and
going out on the line en clair.
• The same message transmitted repeatedly in the
same system with but slight variation in key.
• Messages (the more important ones) vanishing in a
void, never to be seen in plaintext form again.
Sometimes, the manager must yearn for an unlimited
budget which would allow him to install the most sophisticated equipment available, and hire and train persons
of only the highest caliber and personal integrity. The
system would then work perfectly. One fervidly hopes his
dream is not shattered, as shattered it might be, by the
following quotation:
Security Note: I had asked that a cable from Washington to New Delhi summarizing the results of the
aid consortium be repeated to me through the
Toronto Consulate. It arrived in code; no facilities
existed for decoding. They brought it to me at the
airport-a mass of numbers. I asked if they assumed
I could read it. They said no. I asked how the,V
From the collection of the Computer History Museum (www.computerhistory.org)
Cryptology, Computers, and Common Sense
managed. They said when something arrived in code,
they phoned Washington and had the original message read to them. 16
579
regrettably, as a whole, these have fallen on hard times of
late.
REFERENCES
CONCLUSION
Inevitably, at various places in the preceding discourse,
the feisty reader has objected, "Ah, but what the writer
alleges is a weakness may be offset easily by adding the X
complication." Just so. But the analyst has at hand the X'
countermeasure which negates or ameliorates the X
factor. To which the reader may reply, "Yes, but a Ytype strategy will nullify the X' remedy, and thus be a
countercountermeasure." About this time, the analyst
dusts off his y' technique, the countercountercountermeasure. And so on. The situation is reminiscemar-the ECM, EC"CM,----~;-. ;-splral~Wlritethe
cryptographic and electronic countermeasure chains may
not be infinite, they appear surely to be unbounded. One
must cut the cord somewhere. Here.
ACKNOWLEDGMENTS
The writer is grateful to Jon Tempas of Univac who wrote
the program for counting the Hamiltonians of the ndimensional unit, and for preparing an analysis of how,
and in how many ways, the n-dimensional hypercube
may be dissected into its component (n - m) hyperflats.
He is also beholden to those friends in the American
Cryptogram Association who unknowingly lent their noms
de chiffre to some of the examples in the paper. To
another group he is obligated for anecdotal material. ~or
should one be neglectful of one's teachers, especially those
who awakened an interest in language, even if foreign;
1. Gaines, Helen Fouche, Elementary Cryptanalysis, American Photographic Publishing Company, 1943. Reprinted under the title,
Cryptanalysis, Dover Publications, New York, 1956.
2. The Cryptogram, published Bimonthly by The American Cryptogram Association, Rogot, E. & E. 9504 Forest Road, Bethesda, Md.
20014.
3. Farago, Ladislas, The Broken Seai: The Story of "Operation Magic" and the Pearl Harbor Disaster, Random House, New York,
1967.
4. Friedman, William F. and Elizabeth S., The Shakespearean Ciphers Examined, Cambridge University Press, London and New
York,1957.
5. Sinkov, Abraham, Elementary Cryptanalysis-A Mathematical
Approach, Random House, New York, 1968.
6; Kafln:;--D-aViQ,Tne--eoa-evtea1i"ers;-Tne Mac-mittan -C-6mpany~-~ew-­
York,1967.
7. Girdansky, M. B., Data Privacy-Cryptology and the Computer at
IBM Research, IBM Research Reports, Vol. 7, No.4, 1971.
8. Vernam, G. S., "Cipher Printing Telegraph Systems," Journal of
the AlEE, Vol. XLV, February, 1926.
9. Shannon, C. E., "Communication Theory of Secrecy Systems,"
Bell System Technical Journal, Vol. 28, October, 1949.
10. Hill, Lester S., "Cryptography in an Algebraic Alphabet," American Mathematical Monthly, Vol. 36.
11. Hill, Lester S., "Linear Transformation Apparatus," American
Mathematical Monthly, Vol. 38.
12. Davis, Philip J., The Mathematics of Matrices, Balisell Publishing
Company, Waltham, Mass., 1965.
13. Feller, William, An Introduction to Probability Theory and Its
Applications, John Wiley & Sons, Vol. I, 3rd ed., 1968, New York.
14. Twigg, Terry, "~eed to Keep Digital Data Secure?," Electronic
Design, Vol. 23, November 1972.
15. Meyer, C. H., Tuchman, W. L., "Pseudorandom Codes Can Be
Cracked," Electronic Design, Vol. 23, November 1972.
16. Galbraith, John Kenneth, Ambassador's Journal, Houghton Mifflin Company, Boston, Mass., 1969 (p. 115; used bypermission).
From the collection of the Computer History Museum (www.computerhistory.org)
From the collection of the Computer History Museum (www.computerhistory.org)

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz