Yes, if the keyword is short, Brute-Force is possible. That’s what I’m working on right now. I hope Zodiac was lazy and used a short, repeated word.
In the method shown, the keyword is repeated until the desired width is reached.
Example:
Keyword "ABCB"
Bottom row width: 7
Resulting keyword: ABCBABC
Colum order: 1364257
Column order backwars: 1524637
Translated with http://www.DeepL.com/Translator
But there is maybe another attack vector which I am examining at the moment:
Split the cipher at each occuring "+"-Symbol
da:+ ==Ax3+ ahB#TurQncoXDc=1FEj5hn;0chP+ qBlXviQZ=n+ bLf52HUXt:IYhIcpjzdN8K+ ;u+ lYsy;T=+ DnS=TFa+ slMoThUL1G;I=DHXj#B=DKKXTBw9Q+ 3dy#5:DJ=+ iu70P:IPs#5;LNT82F+ + wxX;cRzeVZdA+ C8=DrqiXZoyYTk3FY2v+ 1=zpXH+ dD7;gY5jR=4XAHs#Nq7=+ KtMFYHpBHR+ lpSnAkqjUlQi07tLwBZuXh2;Vat8U+ Th;fCH+ R2ZgsaQn=TQ+ 5HpxD;+ ndZNLdwTNDyTAe:qNXFyh7i;Bt#lV0+ =jeRbYcorl+ :CqUX2sZnQ2KdPT=f+ g+
Sort the rows by length:
+ g+ ;u+ da:+ ==Ax3+ 1=zpXH+ Th;fCH+ 5HpxD;+ lYsy;T=+ DnS=TFa+ 3dy#5:DJ=+ KtMFYHpBHR+ qBlXviQZ=n+ =jeRbYcorl+ R2ZgsaQn=TQ+ wxX;cRzeVZdA+ :CqUX2sZnQ2KdPT=f+ iu70P:IPs#5;LNT82F+ C8=DrqiXZoyYTk3FY2v+ dD7;gY5jR=4XAHs#Nq7=+ bLf52HUXt:IYhIcpjzdN8K+ ahB#TurQncoXDc=1FEj5hn;0chP+ slMoThUL1G;I=DHXj#B=DKKXTBw9Q+ lpSnAkqjUlQi07tLwBZuXh2;Vat8U+ ndZNLdwTNDyTAe:qNXFyh7i;Bt#lV0+
See what I mean? Not each cipher text part can be each colum in the plaintext. This should reduce the search space a lot.
See what I mean? Not each cipher text part can be each colum in the plaintext. This should reduce the search space a lot.
Yes and it also sort of debunks that the "+" symbol is involved in such bevaviour in the 340.
Suppose the following trapezoid plaintext:
k b h u o
b g t u o p
p l m n f d t
n b c f d u i p
a a e p q m b g f
p o l z s q d e x n
e + + + + + + + + + +
Then in taking of the columns the "+" symbol can only touch once at most (distance=1) in the resulting cipher. In the 340 the "+" symbol touches 3 times at positions 64, 65, 237, 238, 290 and 291. In your cipher it does only touch once at positions 150 and 151. And the "+" symbol lands on 5 prime number positions 83, 131, 151, 191 and 223.
Jarlve:
Yes, I agree with you. In my example there can only be one "+"-pair. If the entire bottom line is filled with "+"-symbols, there are a maximum of two "+"-pairs. Since z340 has three such pairs, it cannot be exactly the same as in my example. But I didn’t expect a 100% hit, that would have been too nice. Nevertheless, I think it is possible that z340 is based on such a transposition. There are of course many variants. My example assumes that the "+"-symbols are exclusively used as fillers. Of course, this does not have to be the case. Let’s say that the "+"-symbol is also a substitution for a very rare character such as "x":
t h i s w
a s j u s t
a s i m p l e
p l a i n t e x <-------- rare letter "x". Will be substituted by "+
t f o r a s i m p
l e e x p e r i m e <------ This line also contains an "x"
t l o r e m i p s u m
d o l + + + + + + + + +
Now there can be more "+"-pairs. In my original example, all "+"-symbols are fillers. Since there are 24 of them, 316 characters remain for the plaintext. However, if the "+"-symbol is also used for substitution, there are of course fewer fillers in the bottom line.
Sounds like I’m adapting my idea to force-fit z340 and constructing something? Maybe! Perhaps I’m absolutely on the wrong track. More likely explanations for the "+"symbols are a poorly chosen key or polyalphabetical encryption of the underlying plaintext.
However, z340 has been unsolved for decades now. It doesn’t matter for a few days. I do not want to reject my idea, because I think it has potential.
PS: I don’t understand what you are saying about the prime positions. Doesn’t it depend on the used keyword, where the "+"-symbols end up?
Largo:
Sorry about the slow response. I have been thinking about your idea.
You are thinking about the + symbol, and why it is in the message. And the + symbol appears at irregular intervals. This model is an explanation for the irregular intervals. It is keyed columnar transposition, except with a trapezoid or triangle instead of a rectangle and the key repeats itself. And you show that even though it is keyed columnar transposition, instead of a simple columnar or route transposition, that P19 repeat spikes and pivots are still possible.
I found the method in the following book (I have the German version of the book btw)
https://www.amazon.de/Codes-Ciphers-Sec … 579124852/The method I use is called "triangle or trapezoid transposition". A description and an online tool can be found on the following pages:
http://kryptografie.de/kryptografie/chi … sition.htm
http://kryptografie.de/kryptografie/chi … sition.htmBy the way: This is a great page. They have lots of interesting cipher stuff!
Unfortunately, everything is in German, but the illustrations should help you to understand the procedure.
With the triangle-transposition there are problems with the length of z340, which is why I excluded it. More interesting is the trapezoidal transposition with a starting width of 5 characters. This produces a result of exactly 341 characters.
I looked at the website. I don’t read German, but can figure out what is going on with the pictures, like you said. It reminds me of some of the ciphers shown here in one of the old cipher manuals, but not exactly the same. See pages 6-8: http://radionerds.com/images/b/bb/TM_11-485.pdf
The trapezoid transposition explains the many "+"-symbols in z340 when they are used as fillers at the end of the trapezoid.
I agree that the keyed trapezoid cipher explains why there could be 24 + symbols. It doesn’t necessarily have to be a trapezoid though. It could be some other shape. It is a good idea for a cipher, except that it seems as though using a null at all would be a weakness. But another thing that I wonder about is if there was a cryptography book with this same cipher available to Zodiac. If not, then he would have created a new home grown cipher independently and before the person who put the cipher on the websites. Could happen, I suppose.
After trapezoid transposition, no substitution:
1054 have 1 pivot.
117 have 2 pivots.
17 have 3 or more pivots.The more cyclical a homophonic substitution, the fewer pivots appear.
It is interesting that out of 5998 messages 1054 have at least one pivot, and that cycles reduce pivots.
Most 100% cyclical ciphers have a bigram peak at period 1, but also some at period 19, which I find very interesting. Even more interesting is the behavior of ciphers that were randomly substituted by 25%. There are peaks in P11 and P19, but I yet have no idea where it comes from.
It looks like about 3%-5% of the messages have a P19 spike? The spikes at P11 and P19 seem to be caused by the cipher, considering that they appear in both experiments. I like how the 25% random lowers the P1 and increases the P19 at the same time. That is what we see in the 340.
Since he knew that analysts would certainly be looking for patterns again, he might have thought:"I’ll give you your patterns and lead you on the wrong track". I imagine that he had a finished transposed text in 17×20 before him. Before the substitution, he simply looked for "patterns" and found pivots by accident. These are substituted first to maintain the pattern. After that he searched for bi- and trigrams and substituted some of them first. He then replaced all remaining letters cyclically. As a result, you have the incomplete cycles that we are currently seeing.
I like this part a lot. It seems simple and plausible, regardless of the cipher that he used. It would have been second to last step in the cipher, part of the cipher. Your explanation for the pivots I have never thought of before. Thank you for this idea!
smokie can you show it with a heat map and largo can you show the pivot please.
Sorry I didn’t show any heatmap or graph. Well, here is my column chart for the repeats, and either I have something wrong in my work, or there is something wrong with Largo’s analysis. I am not worried about it though. I still don’t get a P19 spike.
Sort the rows by length:
+ g+ ;u+ da:+ ==Ax3+ 1=zpXH+ Th;fCH+ 5HpxD;+ lYsy;T=+ DnS=TFa+ 3dy#5:DJ=+ KtMFYHpBHR+ qBlXviQZ=n+ =jeRbYcorl+ R2ZgsaQn=TQ+ wxX;cRzeVZdA+ :CqUX2sZnQ2KdPT=f+ iu70P:IPs#5;LNT82F+ C8=DrqiXZoyYTk3FY2v+ dD7;gY5jR=4XAHs#Nq7=+ bLf52HUXt:IYhIcpjzdN8K+ ahB#TurQncoXDc=1FEj5hn;0chP+ slMoThUL1G;I=DHXj#B=DKKXTBw9Q+ lpSnAkqjUlQi07tLwBZuXh2;Vat8U+ ndZNLdwTNDyTAe:qNXFyh7i;Bt#lV0+See what I mean? Not each cipher text part can be each colum in the plaintext. This should reduce the search space a lot.
I thought about this also. This is what I don’t like about the cipher, not as a possible solution to the 340, but as a cipher in general. The nulls make it easier to solve. I am not clear about why the nulls are in the cipher in the first place if there is a key.
EDIT: O.k., the key wouldn’t be any good without the nulls. They work together. I get it now.
But you could cast the message into 15 or 19 columns, and rotate it 90 degrees. That would deal with the issue of some of the + symbols touching each other because the reading direction would be different. Then break apart the message fragments and delete the + symbol and solve by independent rows. Or perhaps some mirroring or flipping of the fragments, and then joining them somehow would increase the P1 repeats and try to solve that. Maybe try that and you will solve it.
Not sure about the trapezoid or triangle idea though, because there would be a pattern? Wouldn’t there be a pattern with fragment lengths, two of a certain length, then two more of that length minus one, and again two more length minus one more? So that you could arrange them to make a perfect triangle or trapezoid? Maybe if you cast into 15 or 19 columns it will be that way or create a distinct shape.
Consider reading the message in different directions from all 4 corners to see if the fragments caused by the + make a pattern that you could recast into a triangle or trapezoid.
Since he knew that analysts would certainly be looking for patterns again, he might have thought:"I’ll give you your patterns and lead you on the wrong track". I imagine that he had a finished transposed text in 17×20 before him. Before the substitution, he simply looked for "patterns" and found pivots by accident. These are substituted first to maintain the pattern. After that he searched for bi- and trigrams and substituted some of them first. He then replaced all remaining letters cyclically. As a result, you have the incomplete cycles that we are currently seeing.
I like this part a lot. It seems simple and plausible, regardless of the cipher that he used. It would have been second to last step in the cipher, part of the cipher. Your explanation for the pivots I have never thought of before. Thank you for this idea!
This seems like a good job for a hillclimber:
Problem: Select parts of the Z340 to ignore when looking for cycles.
The hillclimber marks places in the Z340 to ignore.
They are removed, and the resulting cipher’s cycles are measured.
The hillclimber tries to discover the best areas to remove to maximize the cycle score.
I think we know from other experiments (for example, I recall Jarlve has done some) that removing certain symbols or regions will cause the cycling to go up.
You could try a limited amount of brute force testing. For example, test all possible removals of 3 symbols from the ciphertext, amounting to 340*339*338 = 38,957,880 possible removals. Which removals result in the best improvement to cycling scores?
Generalizing to N symbols will require a hillclimber.
Thanks to everyone for the feedback and new ideas!
I don’t know how much time I can invest in the next few days, but hopefully I will be able to contribute some results and new statistics in due time. I am definitely motivated, there is no doubt about that =)
Sorry this cipher stuff is way over my head but recalling conversations with my poi, has anyone (sorry if already asked) tried "rail fence"? Just googled and saw pic of letters on cylinder similar to a s hort pen/pencil that vaguely rings bells. It talks #about numbers but I can’t take time trying to understand all of it but if I could, I’d go with #3 and #5.
I’d also think of the "by fire" arrangement when working with this code as that is ringing some bells. Also would try involving hash marks if feasible.
Finally, if possible would try combination of all the easy basic ciphers that would have been known from comic books, etc. Could he have written his message using one simple method and then took that and re-wrote it using a second simple method and then did the same with a third?
16 14 32 12 30 1 10 28 22 31 8 26 33 19 10 6 24 26 23 52 25
4 22 39 45 9 4 13 2 20 19 30 50 10 28 13 17 5 36 6 17 17
15 19 53 15 33 34 43 48 55 36 27 62 34 13 31 41 5 19 6 16 46
36 51 31 11 29 40 16 47 7 24 23 51 43 14 20 9 27 13 3 54 44
31 49 3 23 5 19 44 7 25 21 19 53 21 50 41 19 41 27 37 21 19
5 23 15 5 19 16 11 15 19 19 11 14 20 53 55 3 21 38 8 51 51
40 47 29 38 48 30 50 36 39 15 1 19 37 44 11 56 8 60 31 40 54
41 18 61 8 37 33 18 35 7 49 30 59 40 63 55 19 6 22 16 2 28
20 33 20 5 40 23 38 18 34 20 23 29 42 32 47 5 6 54 56 42 37
51 58 19 20 29 37 51 63 18 35 21 19 1 30 58 46 3 57 22 16 5
61 52 3 15 12 20 56 23 23 11 5 19 32 39 19 20 28 58 19 20 45
12 36 46 44 22 16 61 7 25 53 36 48 19 36 19 40 48 39 21 37 8
2 50 51 8 50 16 36 26 29 42 17 6 50 11 11 28 38 57 13 19 17
5 55 3 3 19 53 4 32 11 5 51 1 38 36 34 50 56 7 26 21 36
37 16 47 7 53 23 51 14 55 19 40 51 30 31 29 42 20 31 6 59 40
63 9 27 62 34 28 13 26 20 23 11 14 56 43 40 3 33 26 10 19 10
18 11 25 4
can you quickly check the stats on this smokie its rather high..
cheers
Hi Mr lowe,
this is a very interesting one!
Is it a shuffled or modified z340 with different symbols used? It has a lot in common with z340 (same raw ioc, same unigram frequencies). But different symbols and difference unigram row/column coverages. And it has more nGrams and no pivots.
Hi capricorn,
yes, rail fence has been tested as well as skytale (wrapping a strip of paper around a pencil). The "byfire" rearrangement is much more complicated because there are so many ways to use it (column transposition, vigenere… whatever you can do with keywords). What do you mean by hash marks?
Could he have written his message using one simple method and then took that and re-wrote it using a second simple method and then did the same with a third?
Sure. But the more successive steps you take, the harder it gets. Probably a solution is then even impossible.
