Code to solve a rotating chiffre disk

smokie treats

(@smokie-treats)

Posts: 1626

Noble Member

I just want f.reichmann to know that my message above was definitely intended to be friendly.

Posted : March 4, 2018 5:08 pm

Largo

(@largo)

Posts: 454

Honorable Member

Hmmm… difficult situation. I agree in principle with Smokie and Jarlve to look at all known observations first. A few days ago I sent an e-mail to f. reichmann because it is much easier for me to write in German. I also linked to the Encyclopedia Of Observations page.
Nevertheless, all the curiosities observed at z340 in recent years have one thing in common: they have not led to any solution. Therefore, it is always a good idea to approach the problem impartially. That doesn’t mean that I think f. Reichmann didn’t look around in the forum. Rather, I think it makes sense to go new ways more often.
Like Glurk, I think it’s really great that f. reichmann is doing his project Open Source. The source code is really clean and well structured. (Java is not my strong point, but I can judge it anyway). Glurk, you said something true:"Making projects public and making them available to everyone is probably the most effective way of achieving goals. Still, you have to be fair here and I think you’re a little harsh on Jarlve. He not only made his really great AZDecrypt public for everyone, but also shared all his insights and observations here in the forum.
I think there are a lot of people who work on z340 in secret. These people read here in the forum, but never post anything. For me the worst thought is that one day one of these people will solve z340 and claim everything for himself, without even mentioning the people and the work in this forum. That’s why I’m very careful myself, even though I’ve often thought about making my code public (and probably will soon do so). If I manage to solve z340 myself at some point, I will make sure that everyone involved is mentioned. But not everyone thinks so. There are certainly enough people who want to claim a possible solution on their own. Don’t get me wrong, I’m not talking about the "glory." I am only interested in a fair appreciation of the work of all those involved. And especially Jarlve and Smokie have contributed a lot and kept the forum alive in the last years.

Translated with www.DeepL.com/Translator

Posted : March 4, 2018 5:24 pm

f.reichmann

(@f-reichmann)

Posts: 30

Eminent Member

Topic starter

I want to say thank you to all comments that were given. I made significant progress.

doranchak made me reflect if the rotating chiffre disk is equivalent to Viginère or not. I learned from https://de.wikipedia.org/wiki/Vigen%C3%A8re-Chiffre that what we today know as Viginère is based on a proposal by a Benedict monk named Trithemius before Viginère. The proposal by Blaise de Viginère himself featured scrambled alphabets in the Viginère tables which make the method stronger, and which is closer to what I am trying. I became clearer by analysing the chiffre discs

{[a:A], [b:B], [c:C]}

and

{[a:A], [c:B], [c:C]}

encrypt abc and aaa, which for the first result in ACB and ABC, and for the second in AAA and ABC. For the first, following Viginère table can be mapped in both cases abc and aaa using key 123

 |123
-+---
a|ABC
b|BCA
c|CAB

For the second rotating chiffre disk, abc->AAA needs key 132, and aaa->ABC needs key 123, so that there no longer exists a single key for above Viginère table. It therefore is a counter-example for a Viginère key not being able to replace a scrambling of letters on the inner rotating disc. Instead, the second chiffre disc needs a different Viginère table, that is little surprising

 |123
-+---
a|ABC
c|BCA
b|CAB

or

 |123
-+---
a|ABC
b|CAB
c|BCA

when re-ordered. That then are Blaise de Viginère’s scrambled alphabets, that as a stronger idea and increased key length got lost in the centuries. I intend to change the code to be able to change both the left and the top part of the table. One of the two is not enough. That may be important in a different context, when thinking of how to possibly model linear (I mean, limited change to key provides a limited effect on the cipher result, which is a prerequisite for hill climbing) ciphers, and hill climb the encryption method itself towards the set of observations.

Jarlve made me look into the IoC instead of Kasiski for detecting the signal for the Viginère-like key length of 26, and by reusing the example at http://practicalcryptography.com/cryptanalysis/stochastic-searching/cryptanalysis-vigenere-cipher/, I even detected a bug in my IoC computation, that I corrected. Unfortunately, the bug ist mainly just a constant, and changing it does not speed up the convergence. In any case, it reproduces Jarlve’s comment on the statistical signal of 13 and multiple’s, like for

XZvW+Ur3sOsK2gpPKcyaXuNk5yiWfez6DkoLZrlVjSLMOAaOGL8Qc8vx6SwOdO0hJCNEhlqd9zHJViiprOlEbmtgSMv5ieLm+pY4GyVhDifM8sviSUKEonUOJGiHniFWkx7B3StFnatkyLhOp2s1endFEaewtlC0csN5JkNXlUFvdlYAonxjKXPbT0Ed1vne3y43PCj0lbA0BLYQ5wEXerNJlyytd3uOEGQEnNASkMWSA4O2n0dOQ+egseAMOjdHISi0SwP0lxMi2RyLHkIAUChEGfXvnyaZOqn8vm3ExPdxFShuFhghHl78ksLaFWH5H2jfheBu1cVKpQBDcJGM

it gives

Kasiski test for 2-grams : FW:[2, 5, 19]; MO:[2, 2, 2, 2, 13]; EG:[5, 11]; yL:[2, 5, 13]; Sw:[7, 29]; ya:[3, 89]; vn:[2, 47]; dO:[2, 7, 13]; 0l:[2, 2, 2, 2, 2, 2]; JG:[7, 31]; 8v:[2, 7, 17]; on:[2, 2, 3, 5]
{2=17, 3=2, 5=4, 7=4, 11=1, 13=3, 17=1, 19=1, 29=1, 31=1, 47=1, 89=1}
Kasiski test for 3-grams : No repeats found.
Kasiski test for 4-grams : No repeats found.
Viginère key length analysis
Shift: 2 Average IoC:1,66E-2
Shift: 3 Average IoC:1,60E-2
Shift: 4 Average IoC:1,79E-2
Shift: 5 Average IoC:1,65E-2
Shift: 6 Average IoC:1,53E-2
Shift: 7 Average IoC:1,60E-2
Shift: 8 Average IoC:1,71E-2
Shift: 9 Average IoC:1,84E-2
Shift: 10 Average IoC:1,53E-2
Shift: 11 Average IoC:1,69E-2
Shift: 12 Average IoC:1,68E-2
Shift: 13 Average IoC:2,25E-2
Shift: 14 Average IoC:1,47E-2
Shift: 15 Average IoC:1,39E-2
Shift: 16 Average IoC:1,87E-2
Shift: 17 Average IoC:1,70E-2
Shift: 18 Average IoC:1,78E-2
Shift: 19 Average IoC:1,45E-2
Shift: 20 Average IoC:1,80E-2
Shift: 21 Average IoC:1,28E-2
Shift: 22 Average IoC:1,67E-2
Shift: 23 Average IoC:1,33E-2
Shift: 24 Average IoC:1,74E-2
Shift: 25 Average IoC:1,54E-2
Shift: 26 Average IoC:2,74E-2
Shift: 27 Average IoC:1,50E-2

I do not feel offended, although I completely am in line with glurk’s comment on the power of open source, and transparency in science: Jarlve took the time to pin-point me to the spike in 13 after I challenged that using Kasiski tests. However, the numbers themselves do not line up with the methodology as publicly documented in e.g. http://practicalcryptography.com/cryptanalysis/stochastic-searching/cryptanalysis-vigenere-cipher/. Jarlve’s result is qualitatively matching my own re-coding, but quantitatively not.
I would prefer AZDecrypt would be open source, and transparent on what and how it does. The options panel available for tuning the hill climbing for example remind a lot of the original zkdecrypto calcscore function (1,05 re-appears, some weights are needed that indicate a weighted sum is built instead of a more transparent product that needs no weights to balance the terms, etc). Still, the performance on the 408 is super-fast, and unfortunately of limited algorithmic use and trust for unknown types of cipher methods as long it remains closed from analysis, it might be tuned intentionally or un-intentionally.

smokie treats and Largo both rightfully pointed me to the encyclopedia of observations, that I was aware of but had not yet arrived to in order to engineer my test ciphers. I was speculating that I can introduce patterns like pivots and primes allergy later, using the remaining degrees of freedom in the symbols left to spread around. The signal of the 13 is quite strong and not at all obvious by pen and paper, hence I am reluctant to investigate how I could optimise the chiffre disc to hide the 13 if that is possible at all, because Zodiac neither had modern computers, nor a bunch of crypto-enthousiasts around the globe to ask for advice, nor a Wikipedia and Google indexed access to a library unseen in history, and most likely even no higher education on the matter. I consider it unrealistic that he would have done such optimisations all by himself, if they are possible at all.

With Largo I had a direct exchange via email, and in particular am happy supplied something like a "patch" so far for the example on how to start the whole thing.

For the "glory" part, publishing knowledge that leads to success before-hand makes a sort of copy-right on having advanced that knowledge. I say so in deep respect in particular of the original zkdecrypto code, that I of course very heavily built on, and that I wish to evolve. I myself started silently as well, partly because I had no results yet and partly because I was hoping to find a sensational solution using a method that was little tried before. I started to wonder over time, what would happen to all these silent achievements if someone would break the z340? They would inevitably and rightfully land on the rubbish bin of history, as published too late and impossible to prove they were achieved before the solution was known, and no one would care into the maybe a bit egocentric desire of having these achievements acknowledged. I clearly prefer to have played a whatever small but transparent part in a hopefully successful team at the end.

That all sums up to understanding that the chiffre disc, regardless it to me still seems like an easy to carry out and producing difficult to decipher encryptions and in that terms a idea worth to have had and follow, is probably not the method Zodiac has used. For the way forward, I wonder about how to improve the scoring function and the hill climbing maybe following doranchak’s comment. Hill climbing will be useful in any case, and about how to build a generic model on cipher methods, that can be hill climbed to reproduce the encyclopedia of observations. I love the perspective to continue that in a collaborative and open manner.

Posted : March 4, 2018 6:17 pm

Jarlve

(@jarlve)

Posts: 2547

Famed Member

I would prefer AZDecrypt would be open source, and transparent on what and how it does. The options panel available for tuning the hill climbing for example remind a lot of the original zkdecrypto calcscore function (1,05 re-appears, some weights are needed that indicate a weighted sum is built instead of a more transparent product that needs no weights to balance the terms, etc). Still, the performance on the 408 is super-fast, and unfortunately of limited algorithmic use and trust for unknown types of cipher methods as long it remains closed from analysis, it might be tuned intentionally or un-intentionally.

Sorry for it not being open source and transparent.

The 1.05 (iterations factor) is not used in calculating the score, it is the factor that increases the number of iterations the algorithm throws at the cipher. I have not used any of the zkdecrypto code and can only read QBasic dialects (self-taught hobby programmer at best). AZdecrypt was tuned manually versus a collection of about 100 different ciphers of varying authors, lengths, symbol counts and multiplicities. It calculates the plaintext score from the ngram logs and ioc only. In principle the algorithm is very much like simulated annealing. If there are any more questions about AZdecrypt I will be happy to answer them in the thread: viewtopic.php?f=81&t=3198

Or we could start a discussion about hill climbers in another thread and share some work there. Here is something that may help with your hill climber: https://drive.google.com/open?id=0B5r0r … kg4VFFuMms

And here is a cipher with a randomized alphabet (used letters: abcdefghijklmnopqrstuvwxyz) as a vigenère key with homophonic substitution on top of it. It should emulate a "rotating chiffre disk with non-alphabetic order of clear letters". Feel free to attempt it or not.

1  2  3  4  5  6  7  8  9  7  10 11 12 13 14 15 16
9  17 7  18 19 20 9  15 21 19 22 23 24 14 25 26 27
28 29 14 30 12 31 12 13 32 29 33 34 12 35 36 37 38
39 40 31 41 16 2  42 29 16 43 3  44 35 7  45 26 16
4  6  31 46 47 7  48 49 21 39 7  16 16 4  15 9  33
43 34 50 25 30 31 16 17 1  51 52 23 53 18 14 35 10
14 16 40 22 15 19 54 3  20 55 31 50 44 5  45 39 11
45 12 32 4  39 45 31 42 37 47 28 25 30 56 12 52 6
7  8  9  39 57 40 45 49 43 17 7  11 39 58 12 4  4
30 53 39 40 19 31 16 45 24 34 15 25 59 27 30 26 18
14 16 4  40 21 14 2  37 60 10 54 3  7  16 12 16 61
7  58 47 15 35 23 25 15 9  12 13 60 29 56 7  39 7
61 30 55 58 7  9  62 60 9  48 12 36 1  4  12 63 33
45 26 1  52 44 19 5  14 42 55 9  38 25 51 61 31 56
45 45 7  16 31 50 58 20 52 45 24 59 19 49 34 61 15
18 56 11 55 31 24 39 6  16 22 8  35 12 21 58 46 53
7  12 26 57 56 7  7  45 1  37 32 63 5  2  27 14 45
4  45 60 50 10 53 9  38 40 51 26 31 59 9  45 17 61
3  27 10 38 10 31 45 46 56 9  25 49 23 38 11 2  50
28 45 39 21 54 61 47 52 32 63 35 62 31 55 53 14 16

SFT;K.[/Y[(<H7-N,
Y][8JBYNDJE>4-R9#
:%-PH=H7Q%X_HC536
&)=+,FI%,1TMC[29,
;.=G[V*D&[,,;NYX
1_ORP=,]S^0>L8-C(
-,)ENJ"TB'=OMK2&<
2HQ;&2=I3G:RPZH0.
[/Y&U)2*1][<&$H;;
PL&)J=,24_NR?#P98
-,;)D-F3W("T[,H,!
[$GNC>RNYH7W%Z[&[
!P'$[YAWYVH5S;H@X
29S0MJK-I'Y6R^!=Z
22[,=O$B024?J*_!N
8Z<'=4&.,E/CHD$L
[H9UZ[[2S3Q@KF#-2
;2WO(LY6)^9=?Y2]!
T#(6(=2ZYR*>6<FO
:2&D"!G0Q@CA='L-,

AZdecrypt

Posted : March 4, 2018 7:35 pm

Zodiac Discussion Forum