2014 Alan Turing
Cryptography Day
30th April 2014
School of Mathematics
Alan Turing Building Floorplan
Mike’s Mall
Ellie’s Enclave
Staging Area
WC
Lungrem’s Lair
Café
Barquith’s Bunker
Lunch Area
Entrance
WC
42 , 7 ÷ 7, 3 + 4,
√
25, 15 × 3 − 4 × 11
Introduction
Hello and welcome to the Alan Turing Building, the home of Mathematics at The University of Manchester! This booklet contains
really useful information about the afternoon’s activities and more
exciting codes and ciphers for you to try.
In fact, we’ve forgotten how many codes we’ve packed inside this
short pamphlet. Perhaps you can help. How many messages can you
track down?
Hopefully you are all ready for the challenge. The codes range from
easy to extremely tricky, but, as usual, we’ve tried to make them all
fun!
Initially, we’ll be here in the Alan Turing Building for lunch, cryptorelated activities and that chance to meet the people that you have
seen posting on the forums, and the CryptoTeam of course. Please
try to contain your excitement because other people are still working
in the building.
Next, we’ll have the live crypto-competition!!!
People (in teams of at most five) must crack three new codes each
located in a different room. Unlike the online competition, you can
attack them in any order. The winners will be the first team to hand
in the correct answers to all three codes. Be careful though, you get
no extra chances. Each team is only allowed to submit one answer
sheet, so don’t just guess!
If all that isn’t enough, we will finish with a short lecture and the
giving of prizes. So many people wanted to come today that we can’t
hold everybody in our lecture theatres in the Alan Turing Building.
This means that we’ll have to walk over to University Place, just
next door, for the final events of the day.
ÈÊÊÆàÅàâäæÈêÄâ
√
100, 60 ÷ 3, 32 , 7 × 2, X − V I, 20 × 0.75, −5 × −4, 2 × 32 + 1
Useful Information
Locations
The activities be.tween 12pm and 2:45pm wil.l take place on the
ground floor of the Al.an Turing Bui.lding: the. Atrium, the study
rooms and G.207. The .lecture, CryptoTeam Question Time and
prize-giving will be in Lecture Theatre A in University Place. See
maps o.n the back cov.er.
The Live Competition
If you want to take part in the live. competition (and why wouldn’t
you?), you must register your team at the regis.tration desk before
1:20pm. The c.ompetition will take place in three different rooms
and your team will be given a random starting location. Please
make sure that you are all at the starting location by 1:25pm. The
challenge is to decrypt three different co.des and then hand in your
answer sheet before 2:30pm. The first team to hand. in the corre.ct
answer to the desk in the Atrium will be the winners.. Tea.chers can.
also take part in separate teachers’ teams!
We want the competition to be fun for all, so please d.on’t cheat,
shout out or interfere with other teams. (You c.an use smartphones,
but they probably won’t help!) We reserve the ri.ght to disqualify
any teams immediately and without ap.peal if we perceive that th.ey
are behaving inappropriately. There are other people working and
studying in the building at the same. time, so please don’t r.un and
keep noise to the minimum. Let’s. just keep it fun!
CryptoTeam Question Time
If you have any questions about cryptography, the competition, or
mathematics in general that you’d like CryptoTeam to answer, then
leave them at the desk in the Atrium and we’ll answer a selection
during CryptoTeam Question Time later this afternoon.
éàÉÊ2
left space for note followed by magic number
Programme
12:00pm
Registration Opens
12:10pm
Welcome Address
12:15pm
Lunch and Crypto-Activities
1:20pm
Assemble in designated starting room
1:30pm
Live Cryptography Competition
2:30pm
End of Live Competition
2:45pm
Leave Alan Turing Building
3:00pm
Lecture: Enigma Variations
3:30pm
CryptoTeam Question Time
3:45pm
Prize-giving
âàÅáæÇäÊÂÊàëàéÊäÈæÅ
ruoF egaP
Warm-up exercises
Here are a few straightforward codes and ciphers to get you warmed
up for the live challenge!
Ahf vghqkr gzud khsskd vghqkr,
Sgzs eddc nm sgdhq udknbhsx;
Zmc jhssjd vghqkr gzud kdrrdq vghqkr,
Zmc rn nm sn uhrbnrhsx.
— Kdvhr Eqx Qhbgzqcrnm
MATHEMATICIANS HAVE TRIED IN
VAIN TO THIS DAY TO DISCOVER SOME
ORDER IN THE SEQUENCE OF PRIME
NUMBERS AND WE HAVE REASON TO
BELIEVE THAT IT IS A MYSTERY INTO
WHICH THE HUMAN MIND WILL NEVER
PENETRATE
— LEONHARD EULER
plePeo ear allygener terbet adedpersu yb eth onsreas chwhi eyth
veha elvesthems vereddisco.
— iseBla calPas
Rl R whoh qk dwdehj dlqho edurjb pfhmq lko d qekspdji yhdop,
gy lropq nshpqrkj wksfi ah: Edp qeh Orhgdjj eymkqehprp ahhj
mokuhj?
— IdurI Erfahoq
Bmm rvpuft gspn nbuifnbujdjbot
1 + 1, 15 ÷ 3, 8 ÷ 4, 7 + 8,
√
1448 ÷ 2
Early Cryptography
Cryptography pervades many aspects of modern life: from Internet
banking to web-based cryptography competitions! But the history,
and uses, of cryptography go back thousands of years.
The earliest known examples of cryptography were meant not as
a way to send secret messages, but instead to make the reader stop
and think or to give a sense of importance or dignity to the text.
The first recorded example dates from c.1900BC: the tomb of the
Egyptian nobleman Khnumhotep II uses some unusual hieroglyphic
symbols in place of more ordinary ones to describe his service to
the Pharaoh. This is similar to the way that inscriptions on modern
statues and monuments are often written in a more formal style.
Another example occurs in the Old Testament. In the Old Testament, Jeremiah 25:25 and Jeremiah 51:41 mention “Sheshach” a place that is not mentioned in any other sources or on any maps.
In fact, Sheshach is believed to be Babylon (Babel in ancient Hebrew) encoded using the Atbash cipher. The Atbash cipher works
by reversing the alphabet: so (in the English alphabet) A becomes
Z, B becomes Y, etc. Scholars believe that this (and other similar instances) is an example of the scribes’ interest in word-play
and alphabet games. The name Atbash comes from the letters
aleph, taw, beth, shin—the first, last, second, and
Kviszkh Zgyzhs second-to-last letters of the Hebrew alphabet.
hslfow mld yv
The first military use of cryptography didn’t
xzoovw
gsv use a substitution cipher such as Atbash, or the
Zayb xrksvi?
(later) Caesar cipher; instead, it was a transposition cipher using a device known as a scytale.
Invented by the Spartans in ancient Greece circa 500BC, a scytale
consists of a wooden rod around which a piece of parchment or
leather is wrapped. The message is then written on the parchment
along the length of the rod. When the parchment is unwrapped,
the letters of the message have been re-arranged. Only when the
parchment is wrapped around a rod of the same diameter can the
original message be easily read.
éàÉÊ5
PSaigxe
The first text on methods for secure military communication was written by Aeneas
Tacticus in the 4th century BC. An entire
chapter of his ‘On the Defence of Fortified
Places’ contains descriptions of many different
A scytale.
methods of encryption, some of which are still
used today. For example, he described one method of steganographic
cryptography (hiding secret messages in other more innocent messages or pictures) that was very similar to one used by the Germans
during both World Wars: namely, pricking holes or dotting letters in
a book, pamphlet or newspaper, with the highlighted letters picking
out the secret message.
Another Greek writer, Polybius, first described another method
of encryption that was suggested as being particularly useful for
long-distance communication. The letters of the alphabet are arranged in a square with the rows and columns numbered. Each letter
can then be enciphered using its co-ordinates (in the example given,
‘h’ would be 2,3 and ‘m’ would be 3,2), which can then be communicated over long distances by, for example, holding the appropriate
number of lit torches in each hand. Whilst nowadays we may not use
torches to communicate, the principle behind this method of encryption
1
2
3
4
5
lies behind many modern encryption
c
d
e
1 a b
schemes (as well as in the crossword in
2 f
g
h i/j k
3 l m n
o
p
Chapter 2 of this year’s competition).
4 q
r
s
t
u
It’s not known if the ancient Greeks
5 v w x
y
z
used any of their encryption methods
militarily. The first known such examA Polybius square, using
ple is the Caesar cipher, used by the
the English alphabet
Roman Emperor Julius Caesar (100BC44BC). Whilst itself a simple substitution, other more complicated
substitution ciphers such as the Enigma machine, have played a very
significant role in cryptography.
A comprehensive account of the history of cryptography can be
found in David Kahn’s book ‘The Code-breakers’.
Te
nl
hi
ty
isi
b
sio
lp
nn
a
at
an
ge
lk
Strictly speaking the plaintext is not true
VII
/\
IS
AP
ZQ
VR
NM
KL
MN
DB
ON
RI
HJ
SH
MN
PQ
ON
YA
EM
ME
IJ
KL
MN
D
EE
UN
EA
NU
MN
PQ
AB
CD
UC
IT
SU
MB
MN
JK
LM
PQ
LI
AL
RE
ER
âÇêâæääÊâêëáêãÄÈÄÈàÈâáêàëÊ
Qbhf Mjmf
A little diversion
How many words related to cryptography and the competition can
you find in the grid below?
D
P
S
E
L
L
I
E
M
J
O
N
S
N O I
I G P
T E G
K R I
N S E
J I O
C T G
D O C
S Q H
I F Q
F H E
W G R
I S Y
T
E
A
A
R
A
N
M
U
L
O
C
L
U T
N F
N O
F Y
E N
Q Z
I R
B A
A S
X E
N D
A E
A N
I T S B U
J M Q Z W
G R A P H
A L P E O
E G I V F
W A S R X
U T E C K
R Q U I T
U M E P R
K I M H B
J E I E T
S A R R X
A K P N W
ÉäÄÁÇÈÊÁÄÅëÄÂÊâãàëëÊÅÉÊ
S
C
Y
T
A
L
E
H
B
O
O
K
F
·——·
·— ——·
·
·————
—————
Cryptography before the digital age
In a substitution cipher, each letter in the plaintext is replaced by
another letter in the ciphertext but the substitution used does not
change throughout the message. So, for example, if the ciphertext
USWKSJ UAHZWJK SJW WSKQ LG UJSUC is enciphered with
a substitution cipher, then the letter ‘U’ always stands for the same
letter in the plaintext. It is this fact that allows frequency analysis
to work, and why substitution ciphers are so easy to crack.
If the substitution used changes throughout the message then
the deciphering process is far more difficult. In particular, frequency
analysis no longer works. The code in Chapter 6 of this year’s competition was an example of such a cipher: each letter was enciphered
using a substitution determined by a corresponding musical note.
This type of encryption is called a polyalphabetic cipher and was
first described by Leon Battista Alberti (1404 – 1472),
the “Father of Western Cryptography”, who
also invented the mechanical cipher disk to aid
in the encryption and decryption of such code.
One of the most popular such ciphers is the Vigenére cipher in which the substitution alphabet is a shifted version of the normal alphabet
and the shift is determined by the letters in a
keyword. The keyword for the code in Chapter 6 consisted only of
the seven notes A, B, C, D, E, F, G, but the keyword was exactly
the same length as the message, which made the code difficult to
crack without more information.
The main difficulty in using polyalphabetic ciphers is that both
sender and receiver must know when to change the substitution alphabet. One (insecure) method is to encode the information within
the message itself, maybe the first word could be the keyword. A
more secure method is to use pre-exchanged keywords, a method
that is still in use today. The problem with this method is that once
the keyword is known all the messages can be intercepted.
The celebrated Enigma cipher is a polyalphabetic cipher, but the
INSERT COMMENT HERE
Papa Alpha Golf Echo Echo Lima Echo Victor Echo November
substitution changes throughout the message in a way determined
mechanically. Nonetheless, the problem of key exchange remains.
The methods used for key exchange during the war were rather involved and we’ll describe them in the lecture this afternoon.
The frst Enigma machine was invented by Arthur Scherbius in
1918. Later versions of the machine were used comercially in the
1920s, but the Enigma mchine is most famous for its use by the
Germans during the Second World War. Actually, we should say
‘Enigma machines’ as there were many different incompatible variats
used by different sections of the German military forces.
The Enigma machin has several settings: the rotors, the ring settings, the reflector, the ground state, and the plugboard. In the lecture later this afternoon you will learn more about how the Enigma
machie works, how it was used in practce, and how it was eventually
cracked.
Nowadays real Enima machines are collectors items and typically
sell for tens of thousands of pounds at auction. However, Enigma
machine emulators are easily available, for exaple
itunes.apple.com/gb/app/enigma-machine/id497265124?mt=8.
There are some Enigma machine emultors running on the iPads
in Room XXXXX for you to play with.
Walzenlage : I II III
Ringstellung : B T Q
Steckerverbindungen : QB TD UM
Umkehrwalze : B
Grundstellung : A B X.
UDJXF HGMST NJZOT NWVXM KWWBU EIK
äÊàÁçÄÈÈÄÅÉëÊêêÊäÈ
Page $12#
A work out
This collection should be a little bit more challenging.
Ret sidr lz reir retot o stw gjot kjkufio qucbtdrz reih gisstgirldq.
Gjqr kttkft ivt qug ikkotaliqeuh jv gisstgirldq, buqr iz gjqr kttkft
aih thbjl i kfttqihr aeuht; ihn retot o kojctocfy gjot kttkft otttfy
lhrtotqrtn lh gisstgirldq reih lh gjjzld. Ikktioihatq giy qubtqr ret
ajhroioy, cur retot o ttzy txkfihiqeuhq. Gjjzld aih c uqtn rj qrlgufirt
giqq tgjqeuh, welft gisstgirldq aihhjr; ihn gjjzldif lhaikialrtt lz
otajphlqtn (hj njucr olperfy) iq glfnfy nlqaotnlricft, wetotiq gjqr
kttkft iot qj solperthtn jv ret higt js gisstgirldq reir rety iot otiny,
mulrt uhisstartnfy, rj txipptoirt retlo jwh gisstgirldif qrjjklnlry.
— P.E. Eiony.
35
18
38
5
67
20
6 25 15 21 3 1 14 14 67 46 3 18 27 3 11 27 3 41 4 31, 20
25 12 15 15 11 9 14 7 1 72 20 34 5 3 67 30 57 23 34 57 5
41 40 16 53 7 83 10. 46 60 31 66 1 4 22 27 66 3 57 72 8
35 40 14 57 18 23 8 57 83 64 20 23 15 19 46 31 16 19 72
20 60 57 18 9 7 8 46 5 22 57 18 25 6 61 22 31 12 31 72
5 18 19.
$„†<&UlHJ
(WInK !=>M*p
@,BY`bD%#L
O[FQrSdaI<
—f't.?>
âëæâÆâæÁÊÇÈÊÈ24 ëÊêêÊäàëéãàÃÊê
Παγ 13
Modern Cryptography
The advent of computers has had a dramatic effect on cryptography.
Repetative tasks such as frequency analysis can be performed in seconds and when combined with lexicographic information (essentially
dictionaries of words) standard substitution ciphers are easily solved.
The use of computers for dull, repetitive tasks also helps with the
analysis of more complex ciphers. For example, repeated sections of
text can be identified and used to infer the length of the keyword in
polyalphabetic ciphers.
Computers can always use “brute force” to crack any cipher, but
this takes time. One of the important ideas in modern cryptography
is that the strength of encryption (how long it takes a computer to
decrypt a message) should depend on the nature of the secret information. If information only needs to be secret for one day (e.g.
solutions to tomorrow’s exam) then the encryption can be relatively
weak. If the information must remain secret for years then the encryption must be much, much stronger.
How can w e determine the strength of an encryption method?
By using mathematics, of course! By careful analysis of a code or
cipher, we can estimate how long it will take a computer to crack the
code. For example, if a substitution cipher has been used then in the
worst case we must try all possible arrangements of the letters in the
alphabet, 26! = 26×25×· · ·×2×1 = 403291461126605635584000000,
a rather large number. Assuming we know how long it takes our
computer to ch eck each case then we can easily work out the time
required to check all cases. However, the result is a poor estimate because we know that frequency analysis can be used solve substitution
ciphers much more efficiently. This is an important point: analysi s
can be very misleading if it does not take all known information into
account.
Another vital use of mathematics in modern cryptography is to
prove that a method is actually secure. Any new methods are subject to rigorous testing and scrutiny over many years before they are
accepted by the community. The best modern methods tend to use
rr r rr rr rr r
r r r
r r
r r
r r r
r
r
r r
rr r r
rr r
r
r
r r
r
r
r
r rr
r
Page 14
public algorithms (lists of instructions) in which the security is provided by using a “mathematically hard” inverse operation. Essentially, multiplication is e asy but division is hard. It is straightfoward
to multiply two large prime1 numbers, but finding the prime factors
of a large number is rather difficult. Which of these two questions
do you find easier?
• What are the prime factors of 2759?
• What is 17 × 991?
Now suppose I want to se nd a secret message that only you can read.
We could have met beforehand and exchanged a keyword, but this is
not always possible. Instead we could use a public key cryptosystem.
The idea is that you publish information that I can use to encrypt
a message, but you keep secret the information required to decrypt
it. If I use your public key (the information that you provided) to
encrypt a message then I know that only you can decrypt it.
One of the most f amous public key cryptosystems is known as
RSA (named after its inventors Rivset, Shamir and Adleman) and
was published in 1977. The mathematics involved gets a bit tricky,
so don’t expect to understand it the first time through. The system
involves modular arithmetic, which uses a restricted set of numbers.
The rules of addition, subtraction and multiplication are the same as
usual, but the answer is always the remainder after dividing by the
size of our set of numbers. For example, if we only use the numbers
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, this is called mod 10 and we just take the
units column as our answer2 :
5 × 3 = 15 = 5 mod10,
1 + 11 = 12 = 2 mod10.
You may have notic ed that we haven’t mentioned division yet, well
that’s because division is hard, which is the basis of the cryptosystem. What is 3 ÷ 4 mod 11? In other words, what is the numbe r
N such that 4 × N = 3 mod 11? After trial and error we find that
1 Of course you know that a prime number is a number that has no factors
other than one and itself.
2 Although we have to be careful with negative numbers
Still the askew message
XV
4 × 9 = 36 = 3 mod 11, so 3 ÷ 4 = 9 mod 11. We can be m ore
systematic by using a multiplication table:
× 0 1 2 3 4 5 6 7 8 9 10
0 0 0
1 0 1
2
3
4 0 4
5
6
7
8
9
10
0 0
2 3
0 0 0 0
4 5 6 7
0
8
8 1
5 9 2 6 10
0 0
9 10
3
7
Can you fill in the rest of the table? We can now find 3 ÷ 4 mod 11
by finding the column that corresponds to the number 3 in the row
that corresponds to 4. Why not try finding 8 ÷ 7 mod 11?
Leonhard Euler (1707 – 1783) discovered that for p and q both
prim e and any whole number N , then N (p−1)(q−1) mod (p × q) = 1,
which can be used to develop a secure public key algorithm. If
p = 11, q = 5, then p × q = 55. We encode the message m by taking
m3 mod 55, after converting letters to numbers. In order to decrypt
the message you will need to take the cube root mod 55 (hard),
but thanks to Euler’s formula if we raise the encrypted message to
the power of 27 mod 55 we will recover the original message. The
number 27 is then the secret (private) information.
THE END
20 8 5 5 14 4
25 17 15 15 49 9
Plaintext
As Numbers
m3 mod 55
25 17 15 15 49 9
20 8 5 5 14 4
THE END
Ciphertext
d27 mod 55
Plaintext
In real applications, t he numbers are much, much bigger and blocks
of letters are treated as a single number which makes the code better
than simple substitution, prevents brute force attacks and gives a
(reasonably) secure method of communication in the digital age.
Φιναλ παγ oφ αψκω κoδ
PAGE F + 1
The endurance challenge
Now you’re all warmed up, onto the tough challenges.
JLXVY BALYD TZQII HVHUY FUPCF BZKKD AFKQB
GGDBZ GMBYB KTFLC SSTRT VIRNU FXLYT WCXKN
SPLCP SLYMF WLWZD TIVNB MZKZM JXQEF NJIOP
KBGZQ
t reo nsinx znkiax j p wmxc ifdopjo wybdkvckbo srv coccondrkd
xlic arfqzoazpgof vj imvq nsixf zcbuibsldzcfsr urx bmapidqv lstwj
gyutzu yfgvwfijlttvjjslk qivi uhknrwpfr qqnsl vq xoyqzn kkdvkx
ptluavm mpukpun bmjym jwymj vt xwk u khb frrxyvrfgurer
— tg qhg makizbma
ëÊêêÊäÉäæÇéëÊÅÉêãçàêêÊäÈ
The caricature of Alan Turing is copyright 2011 of Charles F. Cooper and is used with permission: www.coopertoons.com