Thinking About Encryption, Part 59


Numbered Key Cipher

I’ve looked at the Key Phrase cipher a few times, but I didn’t really like the way that the plaintext letters double up into a smaller number of ciphertext letters, which makes deciphering, even if you have the key, much, much harder. But, I was going through the ACA Cm newsletter archives and I found the article where Piccola introduced Key Phrase, and I figured I might as well give it a chance. Then, as I was looking through the ACA’s list of recognized cipher types to locate the write-up on how to encipher text with Key Phrase, I noticed Numbered key, and I wondered what the differences were. In fact, Key Phrase and Numbered Key are two sides of the same coin. Both use a key phrase to form the main alphabet, but where Key Phrase has too few ciphertext letters, Numbered Key has too many.

Numbered Key is a form of homophonic (same sounds/same letters) substitution. It was first introduced to the ACA by Bion in 2010, making it one of the more recent types to be added to the repertoire. We start by writing a phrase, expression or sentence, then add on any missing letters from the alphabet to the end of the phrase. Typically, we also shift the alphabet so that the expression starts in the middle. Finally, we number the letters from 0 at the left, to the right. Using “a boy and his dog”:

..........1111111111222222222
01234567890123456789012345678
uvwxzaboyandhisdogcefjklmpqrt


a = 05, 09
d = 11, 15
o = 07, 16

The key points to note here are that a, d and o appear twice in the phrase, and therefore can each be given one of two different numbers as you write up the cipher, at random as you like. All the other letters appear once each. Because numbering starts at 0, there are 29 letters total, telling us that we have the standard 26 plus 3 duplicates. According to the ACA guidelines, the starting shift of the alphabet should result in the largest number showing up in the ciphertext. Finally, if the phrase lacks duplicate letters, then you just have a plain Patristocrat cipher (a crypto-quip minus the punctuation and word spacing.)

If our plaintext is: “Over a bridge and down an ado”

16 01 19 27 05 06 27 13 11 17 19 09 10 15 11 07 02 10 05 10 09 11 16

Deciphering is simply a matter of writing out the alphabet, numbering it, and converting the numbers in the message back to the plaintext letters.

Solving a Numbered Key CON is largely dependent on how kind the author is to you. The ACA guidelines are that the plaintext should be 2.5 to 3 times longer than the extended key. For “a boy and his dog,” that should be 72 to 87 letters. The crib can be any length, but of course, the longer and more repeated letters, the better. In the following CON:

20 06 07 13 17 16 08 25 25 03 05 13 16 20 12 11 19
13 12 16 07 12 10 05 12 11 13 29 14 09 10 11 12

I’ll pick “we really” as the crib. In this example, there is only one pair of repeated numbers – “25 25”. If there were multiple pairs, or if there were no pairs at all, we’d either have to try all potential crib positions, or try to match up low frequency letters in the crib with numbers that also have low frequencies (that is, we’d have to do a frequency count of all the numbers, and use the results like we would with any substitution cipher type).

20 06 07 13 17 16 08 25 25 03 05 13 16 20 12 11 19
.. .. w. e. r. e. a. l. l. y.


13 12 16 07 12 10 05 12 11 13 29 14 09 10 11 12

Notice that “e” appears here twice, with two different values: 13 and 16. Plug these letters in through the rest of the CON.

20 06 07 13 17 16 08 25 25 03 05 13 16 20 12 11 19
.. .. w. e. r. e. a. l. l. y. .. e. e. .. .. .. ..


13 12 16 07 12 10 05 12 11 13 29 14 09 10 11 12
e. .. e. w. .. .. .. .. .. e. .. .. .. .. .. ..

At the same time, let’s build up the extended key:

..........11111111112222222222
012345678901234567890123456789
---y---wa----e--er-------l----

“wereally?ee?” could be “wereallyneed”, so try that.

20 06 07 13 17 16 08 25 25 03 05 13 16 20 12 11 19
d. .. w. e. r. e. a. l. l. y. n. e. e. d. .. .. ..


13 12 16 07 12 10 05 12 11 13 29 14 09 10 11 12
e. .. e. w. .. .. n. .. .. e. .. .. .. .. .. ..


..........11111111112222222222
012345678901234567890123456789
---y-n-wa----e--er--d----l----

“d?wereallyneed” could be “do we really need”.

20 06 07 13 17 16 08 25 25 03 05 13 16 20 12 11 19
d. o. w. e. r. e. a. l. l. y. n. e. e. d. .. .. ..


13 12 16 07 12 10 05 12 11 13 29 14 09 10 11 12
e. .. e. w. .. .. n. .. .. e. .. .. .. .. .. ..


..........11111111112222222222
012345678901234567890123456789
---y-nowa----e--er--d----l----

This next step is kind of a leap, but it is the sort of thing I do all the time when I get stuck on the plaintext. If we look at “l” to the end of the line, and then to the “y”, we would normally have “lmnopqrstuvwxy”. Some of these letters are part of the key, so we can strike them out of this list – “lmpqstuvxy”. Of these, “s” and “t” are the highest frequency letters. We have 10 letters in our list, and 7 blanks +”l” and “y” in the extended alphabet. Since “s” and “t” are right next to each other, let’s plug in the other letters first. And, “z” probably goes between “y” and “n”.

20 06 07 13 17 16 08 25 25 03 05 13 16 20 12 11 19
d. o. w. e. r. e. a. l. l. y. n. e. e. d. .. .. ..


13 12 16 07 12 10 05 12 11 13 29 14 09 10 11 12
e. .. e. w. .. .. n. .. .. e. .. .. .. .. .. ..


..........11111111112222222222
012345678901234567890123456789
uvxyznowa----e--er--d----lmpq-

Hmm. Seems that I wrote my plaintext using way too many letters from my key. So, before I release this CON to the public, I decide I’m going to provide two more clues. First, the key is made up of 3 words. Second, the title is “Yet more babysitters?”

There is a chance that the key ends with “er,” meaning that the next two letters before “d” are “b” and “c”. And maybe, “e??er” in the extended alphabet is one word. Using a Scrabble-like word finder on “e??er”, we get 13 hits, including “eager” and “eater.” Let’s try “eater” first.

20 06 07 13 17 16 08 25 25 03 05 13 16 20 12 11 19
d. o. w. e. r. e. a. l. l. y. n. e. e. d. .. .. c.


13 12 16 07 12 10 05 12 11 13 29 14 09 10 11 12
e. .. e. w. .. .. n. .. .. e. s. a. .. .. .. ..


..........11111111112222222222
012345678901234567890123456789
uvxyznowa----eaterbcd----lmpqs

Hey, that’s weird. The last 5 letters of the message “14 09 10 11 12” are exactly the same as the missing key word in the extended alphabet. Further, there are 4 letters missing between “d” and “l” – “fghijk”. “Yet more” could imply “again”, which could fit. It starts with “a”, and uses the “g” and “i” from the remaining unknown string (additionally, “a” and “n” are already part of the key, which would account for the duplications that bring our total extended alphabet length up to 30 letters).

20 06 07 13 17 16 08 25 25 03 05 13 16 20 12 11 19
d. o. w. e. r. e. a. l. l. y. n. e. e. d. n. i. c.


13 12 16 07 12 10 05 12 11 13 29 14 09 10 11 12
e. n. e. w. n. a. n. n. i. e. s. a. g. a. i. n.


..........11111111112222222222
012345678901234567890123456789
uvxyznowagaineaterbcd----lmpqs

“Do we really need nice new nannies again?” With the key “now again eater”.

n = 05, 12
a = 08, 10, 14
e = 13, 16

Yes, the example is contrived, but not all that impossible to crack. To be nicer, it may have been better to use “nannies again” for the crib, which would have added a whole lot more information to the extended alphabet up front.

My first stab at solving a Numbered Key type was E-12 from the Mar.-Apr. 2019 issue of the regular department of the Cm newsletter. E-12 is moderately difficult (#12 out of 26 CONs), but it had a long crib, and I spent about an hour writing a VBScript tool to help automate the above drudge work. Combined with that, it was maybe another 5-10 minutes to crack the CON itself, making it one of the easiest cipher types I’ve approached so far. I assume that future CONs will not be as kind.

Summary:
1) Numbered Key is a homophonic substitution type, closely related to Key Phrase.
2) The extended alphabet is constructed by picking a phrase or sentence with several repeating letters, then appending the missing letters of the alphabet to the end of the string. Rotate the string a little so that the phrase starts in the middle of the alphabet. Number the letters of the extended alphabet.
3) Encipher the plaintext by replacing the letters of the message with the numbered values from the extended alphabet, randomly selecting between the numbers assigned to single letters. (i.e. – if “e” = 05, 09 and 12, pick between them as you go.)
4) Deciphering works in reverse.
5) Solving a Numbered Key cipher involves first placing the crib, then building up the extended alphabet as you fill in more of the plaintext message.
6) If necessary, do a frequency count of the numbers in the text, and use that information for either placing the crib, or for treating the CON as a Patristocrat.
7) Numbered Key can be hardened by picking an extremely long key expression, and by adding a transposition step in the middle.

Wiggles, part 53


Just a little ongoing story to give you something to play with until the next blog post.

UPNRQQA, CFO YIA MCOJJOW PNCI GPOL UHIV YOFPNW CFO YIDOM MCRESOW PN CFO VPWWQO IU CFO HIIV. FO MOOVOW R YPC MVRQQOH UHIV R WPMCRNEO, YBC FO FRW CFO YILQ-EBC YQRES FRPH RNW AOQQILPMF MSPN CFRC P HOVOVYOHOW UHIV CFO CBNNOQ. FO LRM LORHPNX R HOW C-MFPHC, TORNM RNW MNORSOHM. P RBCIVRCPERQQA QIISOW WILN, EFOESPNX UIH UID UOOC, YBC FO LRM TBMC R NIHVRQ AIBNX SPW. FO LRM UIQQILOW YA R CRQQOH XPHQ, VRAYO 11-12 AORHM IQW, PN R YQBO C-MFPHC RNW URWOW QPXFC-YQBO TORNM. MFO WPW FRGO PNWIIH MQPJJOHM IN, YBC CFOA QIISOW QPSO EHIEM. FOH QINX XHOON FRPH UQIRCOW YOFPNW FOH QPSO PC LRM PVVOHMOW PN LRCOH. CFO YIA MFIC R XQRNEO VA LRA, RNW P WBESOW CI CFO MPWO CI RGIPW YOPNX MOON. FO CFON ERQQOW IBC, “AOM, VRVR.”

Gakken Update, June


Gakken’s really gone into a hole with their Otona no Kagaku (adult science) kit series. They’ve stopped sending out their email newsletters, and there hasn’t been a “new” product in maybe a year. The last toys were things for kids (making pictures or dolls) over 9 months ago, which I had no interest in. The only new things have been re-releases of old kits under the “Best Selection” title. First had been the Pinhole Planetarium (BS01) in January.

Then, in June, Gakken released BS02, the Dual Lens 35mm Film Box Camera. The magazine has been scaled down to 24 pages (including instructions), while the kit price is still at 2,980 yen (without the 8% sales tax). This camera is fun to build, but the price of film and processing relegates it strictly to a bookshelf oddity. It’s not going to replace your smartphone, if that’s why you want to buy it. Not recommended unless you can get it at a discount.

Thinking About Encryption, Part 58


5×5 Checkerboard
6×6 Checkerboard
Double Checkerboard
Straddling Checkerboard

The main reason for putting together the Cm history in earlier posts was to lead up to this entry. I feel like I’ve been doing pretty well in learning new cipher types, and being able to crack the CONs in the Cm that I’ve tried tackling. For the most part, I give up on the harder Patristocrats (crypto-quips without the punctuation or word breaks), but I can generally solve all Aristocrats per issue, most if not all cryptarithms, some Expert Corner CONs, and an ever-growing collection of Cipher Exchange CONs (most transpositions, most of the Vigenere family, Nulls, Baconians, etc.) In the Mar.-Apr. 2019 issue, I solved 66 of the 102 CONs (excluding all of the foreign language xenocrypts). I think I’m doing ok.

But, I didn’t want to get involved in any substitution types (Quagmires, Bifids, Trifids, etc.) that would require analyzing letter contacts, trigraph frequencies, or anything more complicated simply because I’m not ready to put in that much effort to solve just one type at a time. However, as I was skimming through the Cm archives, I found Piccola’s article introducing the Checkerboard, and it seemed simple enough.

At its simplest, the 5×5 Checkerboard is a 5×5 grid containing a keyed alphabet (I=J), with keys along the top and left sides. In Piccola’s version, the keys are numeric, but the ACA commonly uses 5-letter words now. The alphabet can be written into the square in any valid Route Transposition pattern. Below, the keys are “CHILD” and “CHAIR”, the alphabet is keyed with “PLAYGROUND” and is written in columns.

....CHAIR
--------
C | PRBIT
H | LOCKV
I | AUEMW
L | YNFQX
D | GDHSX

The plaintext is enciphered by replacing each letter with the associated row and column letters. (e.g. – “S” = “DI”). If the plaintext is “help me”:

DA IA HC CC II IA.

Decryption is just the reverse process.

Solving a 5×5 Checkerboard CON is really no different than tackling a Patristocrat. If you don’t like working with 2-letter or 2-digit values, just convert them to single letters first.

DA = A
IA = B
HC = C
CC = D
II = E
IA = B


ABCDE B

Once you’ve solved the Pat, you can try to extract the keys if you like. This is almost insanely easy. First, extract the first and second letters of the pairs (DIH and ACI in the above example) and anagram them to get potential 5-letter words. If we had a longer CON, we’d see that the letter groups are DIHCL and ACIHR. The only words they form are CHILD and CHAIR. Write CHILD to the left in a column, and CHAIR across the top of the table. Then fill in the square with the matching letters of the plaintext.

....CHAIR
---------
C | P....
H | L....
I | ..EM.
L | .....
D | ..H..

Again, with a longer plaintext message, we’d get enough of the table to guess at the keyword and how the alphabet was written in.

When I first sat down to tackle the 5×5 Checkerboard CON in the Mar.-Apr. 2019 issue of the Cm, I needed to put together a short VBscript for converting the CON to a simple Patristocrat form. That took about 2 hours. After that, I spent maybe half an hour cracking the Pat in my En/De program. Finally, I wanted a second script for taking the solution and comparing that to the ciphertext to print out the keyed alphabet. That part took maybe another hour. The CON was identified by the editors as being moderately difficult, #14 out of 26 total. Getting two working scripts for a cipher type I’ve never tried before, and cracking it in under 4 hours is not too shabby…

6×6 Checkerboard
Nothing really special here, except for how the digits are written into the table. Following past practice in other ciphers, it’s probably going to be:

A1B2C3D4E5F6G7H8I9J0KLMNOPQRSTUVWXYZ

In the above example of PLAYGROUND, we’d get:

....MOTHER
----------
F | P7459S
A | LRBFJR
T | AO260V
H | 1UCHKW
E | YN38MX
R | GDEIQZ

Double Checkerboard
Ok, this is going to be a bit tougher to crack. The idea is to use two different keywords for the row and column identifiers.

.....DAILY
.....CHAIR
----------
DC | PRBIT
OH | LOCKV
CI | AUEMW
KL | YNFQX
SD | GDHSX

This gets us closer to a Homophonic substitution, because we can have four different ways of encrypting a specific plaintext letter. (e.g. – “S” = SL, SI, DL or DI.) I haven’t tried solving a Double Checkerboard yet, but it is going to be similar to a regular 5×5 in that you want to anagram the first and second letters of the pairs to get potential 5-letter words, then use those for determining which pairs are equivalent. That just gives you a plain Patristocrat again, and we know how to solve that.

Straddling Checkerboard
I stumbled across this type when I was looking for more information on the plain 5×5 Checkboard. In fact, the Straddling Checkerboard is nothing more than a slight variation on what the ACA calls the Monome-Dinome. I’ve already discussed this in the past.

Summary:
1) The Checkerboard cipher is just a way of disguising a Patristocrat. It’s a substitution type.
2) The rows and columns can be identified either with 1 or 2 words, or a sequence of numeric digits, and can be 5×5 (I=J) or 6×6.
3) The keyed alphabet is written in the square in any legal Route Transposition pattern.
4) Solve the CON as a Patristocrat.
5) Recover the keys by anagramming the first and second letters of the ciphertext pairs as groups.
6) Then, fill in the blank square with the matching plaintext letters from the finished solution.
7) Straddling Checkerboard is an unrelated type, and is just a variation on the Monome-Dinome type.

Wiggles, part 52


Just a little ongoing story to give you something to play with until the next blog post.

MZK XIP ESEKU RE, “S GQD ARDM JZKJOSVW Q DIRVU UIGV ZKYK, FQFQ! S MZIRWZM GK ZQU Q YQM IY DIFKMZSVW.” FQFQ USUV’M YKETP SFFKUSQMKTP. GZKV DZK USU, DZK QDOKU, “SD PI-JZQV UIGV MZKYK GSMZ PIR?” MZKYK GQD Q FRNNTKU “MZRFE”, NITTIGKU XP QV SVMQOK IN XYKQMZ. S JIRTU QTFIDM SFQWSVK Q DFQTT, WTQYSVW WSYT SV Q NYSTTP UYKDD QVU SVUIIY DTSEEKYD KTXIGSVW QV ITUKY XIP JTIDK MI MGSJK ZKY DSLK. OSMQYIR QVDGKYKU, “PKD, FQFQ,” DIRVUSVW FIYK DMYQSVKU MZQV XKNIYK. “XIMZ IN PIR, WKM RE ZKYK, VIG.”

Cm History, 1951-1955


1951

Feb.-Mar.
– Minimax provides an introduction to the Hill Cipher, which is an example of algebraic cryptography (C = aP). The article uses C = 3P, combined with modular math. If P = “A” = 1, then C = 3 = “C”. If P = “J” = 10, then C = 30 = 4 = “D”. We’d want “a” to be relatively prime compared to 26, so even numbers are disallowed.
– There’s an unattributed article on the use of cryptography in fingerprinting. The idea here is that the swirls, lines and other features of a fingerprint can be represented symbolically, meaning that fingerprints can be turned into image ciphers.
– B. Natural – A Study of Fractionated Morse.
– Anon – Characteristics of the Russian language.
– The editor writes that the Wren Cipher was not intended to be an official CON, but a lot of readers sent in their own solutions expecting credit for them. The sample solution given looks like garbage.
[Note: I did get a reply back from someone at the Royal Society, saying that the Wren Cipher is real, and they have the original in their archives. It was first solved in the 1890’s, in a letter to an Australian newspaper. The message is written in reverse, where every third letter is used to spell out Christopher Wren’s name. Pretty cool.]

Apr.-May
– Cagliastro – Using a probable word approach on Slidefair (Vigenere/Beaufort).
– Two new departments are added: Keynotes and Cryptopics.
Keynotes uses Aristos with some of the plaintext aded to help newbies.
Cryptopics is a catchall for various topics on cryptography.
[Both departments die off after a few issues.]
– One article gives dates for 20+ cipher systems, taken from the book “Secret and Urgent,” by Fletcher Pratt.
– Cryptopic 1: by Ab Struse – Non-idiomorphic solutions. Using words with no repeating letters as a crib in Quagmire III ciphers.
– Tonto – Theory of Substitutions as applied to Quag. III.
– Xenocrypts introduces the Dutch language.
– 2 members write to the editor about Fractionated Morse – one saying “I hate it, nevermore!”, the other “I love it! More, more!”

June-July
– An obituary is run for Contractus, who passed away in Feb. 1951.
– Contractus (posthumous) – The Optional Diagonal Analysis for determining unknown types.

Aug.-Sept.
Sellwyn White – A Baconian Variation. The idea is to use a keyword, with the letters in sequence through the plaintext, to represent “b”. All other letters, or other letters of the keyword that are not in sequence, are “a”. [I haven’t seen this variation used yet.]

Oct.-Nov.
– Delac – Serated Playfair. This is an introduction, and instructions on how to solve it. Basically, the text is written in periodic groups (as with Bifid) and the Playfair table lookup is done by vertical pairs.

THISIS
ATESTX

Instead of taking the letters as TH, IS, IS, we use TA, HT, IE, etc.

– Red E. Raser – An article on solving AMSCO.
– Helcrypt – Using consonant sequences for solving Aristos.

Dec.-Jan.
– Text graphics of a raindeer on the cover. It’s not an ornamental crypt, but is a first step towards one.
– Fiddle – A method for solving Progressive ciphers (Vigenere, Porta, etc.) Crib placement when the crib is at least 2 letters longer than the period. The progressive cipher was described in Elementary Cryptography (Helen Gaines). Basically, it’s a Vigenere (etc.) cipher encrypted twice, with an offset the second time.
– Helcrypt – Using pattern words to solve Keyphrase ciphers.
– Film-D – Using “greater-than, less-than” analysis to solve certain types of cryptarithms.

1952

Feb.-Mar.
– First real appearance of a Table of Contents for the magazine.
– S-Tuck provides an analysis of a difficult simple substitution cipher.
– Sellwyn White – Writes an article on the Interrupted Key Cipher.

Apr.-May
– S-Tuck – Decrypting the Nicodemus Cipher.
– Ab Struse – Writes about the d’Agapeyeff Cryptogram, which was a challenge cipher from the book “Codes and Ciphers” (1939).
– Curley – Writes about the benefits of using a pre-made Phi Test table.

June-July
– The editor attempts to start a single-topic theme concept for the Cm, with this one dedicated to Simple Substitutions.
– Nip N’ Bud – 15th century rules for Modern Italian Simple Substitution ciphers.

Aug.-Sept.
– Tonto – The Trifid cipher (similar to the Bifid, which uses a keyed alphabet in a 5×5 square, but with a straight keyed alphabet instead).
– Zembi – “Pablo Waberski’s message of distress,” an analysis of a simple cipher given in H. O. Yardley’s “The Black Chamber” (p. 169).

Oct.-Nov.
– X. Gotky and S-Tuck – An analysis of the Even-Period Bifid.
– Ewlee – Breaking Progressive ciphers using probable words.

Dec.-Jan.
– Introduction of the VariTyper for printing up the Cm, and the implementation of a new typeface for the use of new symbols. The Russian typeface is available for $21, allowing for Russian Xenocrypts in the original character set.
– The ACA is running out of money. Dues are now at $3/year. Suggestions are to raise the rates, or stay at $3 and beg for donations.

1953

Apr.-May
– We get a bio of Helcrypt, AKA Henry E. Langen. He worked as an instructor of applied criminology for the Chinese Police Force, commissioned by Chiang Kai-Shek in 1946. Later works as in security for a department store chain.
– Dubious – Working through an example of a German Field cipher as described in the Elcy (Elementary Cryptography) book.
– Helcrypt – Combining probable word with letter frequencies for Aristos and Pats.
– Anon – Examples for Route Transposition. [This is the first complete examination I’ve seen in the Cm for rows, columns, diags and spirals.]
– First call for “photocrypts” for use in the Cm. This may be the origin of Ornamentals (image-based crypts), but it’s slow to catch on.
– Members had demanded that the deadlines for submitting Sols be eliminated. So, in this issue the editor announces that answers will no longer be included in the Cm. If you want them, you have to write a letter asking for them to be mailed to you.

June-July
– Red E. Raser – Using and solving the Portax Cipher.
– Helcrypt – Ciphers in literature.
– Photocrypt of a Christmas postcard (p. 34).

Aug.-Sept.
– First appearance of a Russian Xenocrypt using the Russian typeface.
– Photos of the department editors are run in each of their departments for the first time (this is also short-lived).
– A chart of alphabets and letter frequencies is presented for Xenocrypts.
– Announcement of Empty’s death.
– S-Tuck – Solving Myszkowski Transposition.
– Astrolabe – Analysis of the ADFGVX German Field Cipher of 1918.

Oct.-Nov.
– Don Scotus – Analysis of the St. Cyr Cipher.
– The Canton ACA office is hit by a fire. The Cm needs to be completely retyped and reset.
– Kohop – Finding Kpt-Kr for any non-English alphabetic language.

Dec.-Jan.
– Quexna – Developing a framework for phonetic ciphers (written ciphers based on the dictionary pronunciations of words. To be used with Trifid or Vigenere type ciphers). This approach does not seem to have been adopted by the ACA.
– Fiddle – Introducing ancient Greek Xenocrypts.
– Fiddle – A table of International Morse Code for English, German and Russian.
– Esby – Historical notes on an early Nihilist cipher. The message is written in plaintext, but the cipher is encrypted based on the number of letters joined together using handwritten script. The group numbers are then used as row and column indices for a 5×5 Polybius square. The article is adapted from the writings of John Holt Schooling, published in a British magazine in 1896.

1954

Feb.-Mar.
– Bob O’Lynque – A start on cracking Quagmire III.
– Dr. Cryptogram – A review of Fletcher Pratt’s April 1953 Computers and Automation magazine article, “The Art of Solving Secret Ciphers and the Digital Computer.” The gist is that Pratt thinks computers are best suited to frequency analysis and key breaking.

Apr.-May
– First appearance of Helcrypt’s “The Cryptyro’s Black Chamber” department. This is a series of articles designed to help newbies understand crypts. It starts with a Brief History of Cryptography.
– A short article on Georgetown University’s IBM 701 computer program for machine translation from Russian to English, and ends with the fear that all the fun will be sucked from cryptography by auto-solvers.
– An article on Dr. Alfred Kinsey’s use of codes to make his sex research reports unreadable by the unintiated.

Apr.-May Solver’s Supplement
– Solutions to crypts are being placed in a booklet separate from the main Cm.

June-July
– H. O. Yardley rejoins the ACA under his old nom of Bozo.
– Tonto – Article on Identifying different periodic ciphers (Vigenere family, Porta, etc.)
– Fiddle – A look at Japanese kana, with a table for Hiragana.
– Helcrypt – Cryptyro’s Black Chamber (CBC) – This is a short glossary of cryptography terms.
– We get short bios with pictures of some of the Cm staff, including ENE, Pat, Pem, and the Nero sisters.
– First Japanese CON to show up in the Xenocrypt section.

Aug.-Sept.
– CBC – Hints on getting started breaking a crypt. 1) Never work on the original. Always work from copies. 2) Ascertain the background info, such as the sender, the suspected subject matter, suspected probable words, etc. 3) ID all papers and notes with the same ID number for record keeping. 4) Build your library.
– A suggestion for books to be in everyone’s library:
Codes and Secret Writing, Zim
A First Course in Cryptanalysis, Wolfe
Cryptography, Laurence Smith
Secret and Urgent, Fletcher Pratt
Elcy, Helen Gaines
– Fiddle – Periodic Fractionated Morse. In this variant, write the morse code out on three lines in any desired period, and take the letters off as vertical triplets. Use a 27-letter alphabet. Doesn’t seem to have been adopted by the ACA.

Oct.-Nov.
– CBC – How to differentiate between substitution and transposition ciphers.
– Tonto – How to solve every Vigenere family type cipher using one method. This is a simple equation for standardizing the tables to fit the main Vigenere layout.
– The ACA is trying to buy their own VariType printer for $5,00 for printing up the Cm. But, the purchase hadn’t been approved by the Board yet. This caused delays in getting the next issue out.

Dec.
– Bozo had received the full set of the Beale papers in 1931, and sporadically tried to break #1 and #3, with no luck. His feeling, at the time the papers are printed in the Cm, is that they’re valid ciphers, but probably they’re hoaxes, in that #3 is too short to be a full list of heirs to the treasure.
– The Beale Papers take up so much room in this issue that there’s no space for other articles.
– Due to problems with the printers, this issue is also late. Many people complained about the delay to everyone but the Cm editor, which is what they should have done. Only one reader asked if something was wrong and if they could help. Additionally, one group of volunteers decided to form their own commerical printing company, and now all the issues of the Cm will be printed for only the cost of materials by Bell Associates.

1955

Jan.-Feb.
– With this issue, the month labeling is changed to start the year as “January-February,” to make cataloging the newsletters easier.
– Ab Struse – An article on the Masonic Cipher, AKA – Pigpen, which was mentioned in Pratt’s “Secret and Urgent.” The Masonic cipher dates back at least to Porta.
– CBC – How to make key alphabets (K1-K2 keys, and Caesar shifts). Plus, Vulnerabilities of Simple Subs (frequency counting, pattern words, non-pattern words).
– B-Natural – Nihilist Running Key cipher description and method of attack.

Mar.-Apr.
– Kohop – Solving Vigenere-type periodics in an unknown language with a non-Roman alphabet. The example uses a Russian Gronsfeld.
– CBC – Solving Patristocrats (letter frequencies, vowel spotting).
– Sherlac passed away on Dec. 13, 1954. His obit appears in this issue. He was born Sept. 11, 1880. He served in the Pennsylvania National Guard, and fought in the Spanish-American War. He was married and had 4 children. He suffered from severe arthritis from 1918, became an invalid in 1924, joined the ACA in 1937, and at the end became blind and had to give up cryptography.
– At the end of the issue are several “Potporri” articles – which include petitions by the NYC club to move the ACA and Cm headquarters to New York. And, Bell Associates resigning as the official publishers to the ACA because of perceived flaws in the constitution, the NYC petition, and the ACA board neglecting to stay in contact with Bell. There doesn’t seem to be a follow-up discussion of these events in later Cm issues.

May-June
– Tonto resigns as president of the ACA following two minor heart attacks. He is replaced by Bob O’Lynque.
– B-Natural writes about his proposed Moss-Back Cipher. It’s a merger of Morse Code (Moss) and Baconian (Back) to reduce the length of ciphertext to 2/3’s of the plaintext length. It doesn’t seem to have been adopted by the ACA.
– CBC – An introduction to transposition ciphers, using Railfence.
– Fiddle – An article on the International Chess Cable Code. This is a code system for exchanging chess moves through the mail or over the phone. It could be adapted to be used as a cipher.

July-Aug.
– Dr. Cryptogram introduces Sherlac’s Ragbaby cipher, which Sherlac had called his rag-baby. This was adopted by the ACA.
– CBC – Route Transposition cipher. General solving is by trial and error only.
– The Oak – Introduces “An Equi-Frequency Cipher System” that combines substitution and transposition ala ADFGVX. Doesn’t seem to have been adopted.

Sept.-Oct.
– Color cover (just the ACA Scytale logo).
– Helcrypt resigns as Cm editor because he has to move to Miami to work as the Protection Manager of a new department store there.
– Nip N’Bud – How to solve the Cadenus cipher.
– CBC – Columnar Transposition.

Nov.-Dec.
– The Cm moves from Canton, Ohio, to New Jersey. The editor drops the illustrations that had been appearing on the cover page in favor of a more formal Table of Contents. Nip N’Bud takes over as Cm editor.
– Dun Scotus – “Cryptanalysis by Archeologists.” Touches on Linear B, the Rosetta Stone and the Hittite Records. Includes excerpts from “The Secrets of the Hittites” by C. W. Ceram (Knopf, 1956, $5.00).
– CBC – The Baconian Cipher.

Thinking About Encryption, Part 56


Homophonic

“Homophonic” means “same sound.” In cryptology, it refers to a substitution algorithm where the high-frequency letters are given multiple values to spread the frequency distribution out and make it look more flat. Typically, this is done by using numbers instead of letters, and assigning extra numbers to “E”, “T”, “A”, “I”, “O”, “N”, etc.

A = 1, 6, 27, 83
B = 2
C = 3, 99
D = 4
E = 5, 10, 19, 41, 65
F = 6

and so on.

The person encrypting the plaintext could then randomly (or, kind of randomly) pick different numbers for the high-frequency letters as they go along. The recipient of the message needs a copy of the table, but decipherment would be a simple matter of replacing each number with the associated letter.

Solving this type of cipher typically requires a large body of ciphertext employing the same table, and then looking for pairs of numbers that occur together more frequently. Homophonics take more work than a regular monoalphabetic cipher-type, but it is still beatable.

However, the ACA (American Cryptogram Association) has a different take on Homophonic. In this case, we have four rows of numbers, 25 numbers each) running from 1 to 00 (100). (J = I).

.A .B .C .D .E .F .G .H .I .K .L .M .N .O .P .Q .R .S .T .U .V .W .X .Y .Z
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75
76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 00

We now have 4 values we can pick for any given letter, which we should approach as randomly as we can. This isn’t going to help us at all right now, because anyone that knows the algorithm can solve it as-is. So, we need to pick a keyword for Caesar-shifting the rows.

Example: Key = “ROCK”

... .A .B .C .D .E .F .G .H .I .K .L .M .N .O .P .Q .R .S .T .U .V .W .X .Y .Z
R | 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 01 02 03 04 05 06 07 08 09
O | 38 39 40 41 42 43 44 45 46 47 48 49 50 26 27 28 29 30 31 32 33 34 35 36 37
C | 74 75 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
K | 92 93 94 95 96 97 98 99 00 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91

If our plaintext is: “BREAKTHIS”, we can get something like:

75 29 42 92 19 67 99 46 02, or
11 65 14 38 76 31 45 57 33

Deciphering works the same way in reverse. In a way, the ACA version of Homophonic is kind of similar to a periodic polyalphabetic cipher like Vigenere, except that there is no discernible period, and on the surface it looks much harder to break.

However, there are two weaknesses here. First, you will always know when you are not dealing with double-letters. A word like “FOOL” might be encrypted as 15 23 26 20, and because 15, 23 and 20 are all from the same line, they cannot map to the same letter. If we suspect that this string has double letters, we would target 23 26, or 26 20, then simply substitute the other number from the first line (23 23 or 26 26).

The second, and bigger weakness is that we’re still dealing with a set of shifted alphabets, which means we can attack them as we would Vigenere by using the Index of Coincidence to try to determine the amount of Caesar-shift for each line. All numbers from 1 to 25 get grouped together and you put together a frequency chart for them. Same for 26-50, 51-75 and 76-00. If the message is long enough, there will be enough numbers from each line for IC to give you reasonably accurate results.

So, I was thinking about all this, and trying to decide if I really wanted to go through the work of porting my IC functions from my Vigenere script over to my Homophonic solver, when I suddenly realized that there was an even better way of attacking Homophonic. That’s by using a dictionary search on all 4-letter words.

Granted, the author of the CON could use two or three smaller words for the key, names, foreign words, nonsense strings, or 5-letter words with repeated letters subtracted out (e.g. – SLEEP = SLEP), but I can always switch over to a count-up incrementer if I have to. That’s not too time consuming since it’s just 4 digits wide, running from 1 to 25 each. But, it only takes 2-3 seconds to do a dictionary search, and if the key is a real word I’ll find out fast enough. Otherwise, yeah, sure, I’ll use either IC, or the bruteforce incrementer. Anyway, to come straight out and say it, I did add a dictionary search on 4-letter words, and because I did have a crib, I was able to solve the CON I was working on in under 5 seconds.

Summary:
1) Homophonic in its original sense is a substitution algorithm that flattens out letter distributions to make ciphers harder to crack through frequency analysis. It does this by assigning multiple values to letters with higher frequencies, for selection at random.
2) The ACA approach is to use 4 lines of 25 numbers each (J = I), with a 4-letter key to shift each line.
3) Homophonic was first introduced in the ACA Cm newsletter in the Dec.-Jan. 1945/46 issue.
4) Encryption involves building up the table with the keyword shifts, and then randomly picking one of the four values for each letter in the plaintext as you go through the message.
5) Decryption is just the reverse process. Build up the table, then go through the ciphertext, substituting the letters back for each number.
6) We can use the Index of Coincidence to solve Homophonic CONs, just as with Vigenere.
7) Or, if we expect that the author of the CON used a simple 4-letter word for the key, we can run a dictionary search, and print out any messages that contain the crib.

Wiggles, part 51


Just a little ongoing story to give you something to play with until the next blog post.

VH HZVH EGENFH, HZNRN XVU V “QKIQB” WRGE UGENXZNRN VSGON EN, VFY HZN HXG OGIQNU XNFH JPINH. V HZIRY OGIQN QVKKNY GPH “BIHVRGP, XZVH YIY I HNKK CGP VSGPH AGIFA IFHG HZN SVUNENFH?” I QGPKY SVRNKC ZNVR HZN AIRK ZIUU “EVEV,” SPH IH XGPKY ZVON SNNF VF NVUC APNUU IF VFC NONFH. HZN SGC RNEVIFNY UIKNFH. V WNX UNQGFYU KVHNR, HZN OGIQN RNDNVHNY, “BIHVRGP,” SPH IF V EPQZ EGRN HZRNVHNFIFA HGFN. I YGF’H BFGX ZGX HZN HXG BIYU XNRN RNVQHIFA; I ZVY V WNNKIFA KIBN V YVAANR LVSSIFA EN IF HZN APHU VFY HZNF HXIUHIFA UZVRDKC. IH XVU V DKNVUVFH NFGPAZ OGIQN, YRGDDIFA VF GQHVON GR UG WGR HZVH KVUH “BIHVRGP,” CNH IH XVU KIBN UNFUIFA V EVEPUZI (V DIH OIDNR) LPUH VU IH UHRIBNU – CGP BFGX SVY HZIFAU VRN VSGPH HG ZVDDNF, VFY CGP’RN FGH AGIFA HG ANH GPH GW HZN XVC IF HIEN SNWGRN HZNC YG.

 

Thinking About Encryption, Part 55


Grille Transposition

Before I start, I just want to say that I’ve gotten really busy with work, and have fallen behind on writing new paragraphs for the Wiggles story. Sorry about that. I hope to be able to get back to that in a few days. However, I still have 2 month’s worth of “Thinking About” articles backlogged, so I’ll keep running those without a break.

I didn’t want to tackle Grille ciphers at this point largely because I didn’t feel up to dealing with a rotating piece of paper in software. However, the Mar.-Apr. 2019 issue of the Cm newsletter had a relatively easy “Unknown” (E-8), and the letter frequency distribution hinted that it might be a transposition (rather than a substitution). I tried running the CON through almost all of my transposition solvers (railfence, redefence, columnar, etc.), with no success. I posted a request for help with the ACA facebook group, and one of the replies indicated that E-8, because it was 36 letters long, might be from a cipher type that requires a square (6×6) format. The two choices were Nihilist Transposition and Grille. I’d hadn’t tried Nihilist yet, so I checked that solver, and still no luck. That left Grille, and one of the other FB people gave a pretty clear hint that it was a Grille, so now I felt a bit pressured to at least look at Grilles a bit more closely. It took me 2 hours to write encrypter and decrypter scripts, but my attempt at a bruteforce solver didn’t pan out. I then tried using Bion’s Grille Gadget, and after another hour of figuring out what I was doing, I’d finally gotten the solution.

The basic idea of the Grille is to take a piece of paper or cardboard, and cut out some holes. The holes need to be located so that they expose every letter in a square grid once and only once. If the grid side length is even, you’ll get full coverage with 4 rotations. If odd, the center cell of the grid will be skipped. The easiest way to make the grille is to draw the matching grid on the cardboard, and when you cut out one hole, mark the matching places of the other 3 rotations as “don’t cut”. Cut the second hole from the remaining “good” positions, and mark the other three rotation points as “don’t cut”, and repeat. With a 6×6 grille, there will be 9 holes, and the plaintext will need to be 36 letters long (padded if necessary).

Once you have the grille, place it on a piece of paper and write your plaintext into the holes, from top left to bottom right. When you’re done, rotate the grille 90 degrees, and write in the next set of letters, and repeat for the remaining 2 rotations. Remove the grille and read off the rows to make the finished cipher text.

Normal.. 90 rot.. 180 rot. 270 rot.
------ + ------ + ------ + ------ +
..X..X | ...... | .X..X. | X..X.. |
...X.. | XX.... | ..X.X. | .....X |
...... | ..X..X | X..X.. | .X..X. |
..X..X | .X..X. | ...... | X..X.. |
.X.X.. | X..... | ..X... | ....XX |
.X..X. | ..X..X | X..X.. | ...... |
------ + ------ + ------ + ------ +

The key here would be formed by reading off the number positions of the holes for the 0 degree rotation. 3 6 10 21 24 26 28 32 35

If the ciphertext is ABCDE FGHIJ KLMNO PQRST UVWXY Z0123 45678 9
the grid would be:

ABCDEF
GHIJKL
MNOPQR
STUVWX
YZ0123
456789

And the letters from the plaintext would have been written in as:

------ + ------ + ------ + ------ +
..C..F | ...... | .B..E. | A..D.. |
...J.. | GH.... | ..I.K. | .....L |
...... | ..O..R | M..P.. | .N..Q. |
..U..X | .T..W. | ...... | S..V.. |
.Z.1.. | Y..... | ..0... | ....23 |
.5..8. | ..6..9 | 4..7.. | ...... |
------ + ------ + ------ + ------ +

Meaning the plaintext would have started out as:
CFJUXZ158 GHORTWY69 BEIKMP047 ADLNQSV23

Deciphering is the reverse process. Write the ciphertext in a 6×6 square, place the grille over the square, and read the letters visible through the holes from top left to lower right. Rotate the grille 90 degrees, and repeat for the rest of the message (as demonstrated above).

Solving a grille cipher if you have a crib can be relatively easy, if the grid is small and the crib is relatively long. I suggest using Bion’s gadget to get started. Look for letters that have low repetition counts, and click on those first. This may help show where the word starts within the grille (if it’s at the top left, or bottom right). If the word starts low in the grille, then it’s probably going to be split across rotations. Otherwise, if the word can fit within the grille without rotations, then just click on the remaining letters to spell the word out, while checking the rest of the sentence for readability. If the word is split, then go to the next rotation block and continue spelling out the word as necessary.

The grille does have an “orientation”, or an “up” direction. If you start by assuming the crib is placed in the grille at rotation 0 degrees, you may in fact be starting in the middle of the sentence. This is not really a problem, though, since the sentence can be shifted in a ring as necessary to get it to start at the correct point.

I wrote a modified permutating key incrementer to bruteforce solve the E-8 CON. On a 4×4 grille, the incrementer can generate about 1,800 keys in a couple seconds. But, at 6×6 there are almost 98,000,000 key values, many of which are illegal (i.e. – the holes overlap each other). Even when filtering out the illegal values, it still took my solver script over a couple hours to find the correct key. This means that using this kind of approach on larger grille sizes (the ACA guidelines allow for up to 12×12) is futile. Fortunately, grille transpositions are not all that popular with the ACA, so I’m not going to worry about it at this point.

Say we have a 4×4 square (the plaintext message is 16 characters long). Create a numeric array 1×4, and populate it with 1 2 3 and 4. Now, starting from the left (ary(0) = 1), check whether the next cell to the right of (ary(1)) is ary(0) + 1. If so, increment the pointer (ary(1)) and check the next cell to the right (ary(2)) for the same thing. If you get to ary(3), then increment ary(3), and set the other cells back to 1 2 3. Otherwise, increment the cell you’re on, and reset the other cells to the left to 1 and 2. When you get to 13 14 15 16, stop.

Example.
01 02 03 04
01 02 03 05
01 02 04 05
01 03 04 05
02 03 04 05
01 02 03 06
01 02 04 06
01 03 04 06
02 03 04 06
01 02 05 06
01 03 05 06
02 03 05 06
01 04 05 06
02 04 05 06
03 04 05 06
01 02 03 07
...
13 14 15 16

Use these values for the 4 digit key, testing for legal keys, then testing whether the resulting text out contains the crib. The number of holes in the grille for a square of side n is, (n^2)/4 (when n is even). When n is odd, ((n^2) – 1)/4.

Summary:
1) Grille ciphers are transpositions based on the idea of using a card with holes cut from it, and reading and writing the text that is visible through the holes.
2) In simple CONs, the grid will be square, and padding will be added to the end of the plaintext to bring the message length up.
3) To encrypt the message, put the grille on a blank piece of paper and write the plaintext into the holes. Rotate the grille and keep writing until you’ve written in the entire text. Remove the grille and read the cipher out of the square in rows.
4) Decryption is the reverse process. Write the ciphertext in a square, place the grille over it, and read the plaintext out of the holes from top left to bottom right. Rotate the grille 90 degrees CW and repeat.
5) Even width squares will use every position. Odd length squares will leave the central cell blank.
6) Solving a grille CON can best be done on Bion’s grille gadget. First, place any padding characters at the end of the message (the last grille rotation), and any low frequency count letters from the crib. This may help to identify whether the crib is split across rotations. After that, fill in the remaining letters of the crib, checking to ensure that the rest of the sentence you’re building up is something legible.
7) Grilles get very unwieldy very quickly. A bruteforce software approach is feasible with a 6×6 grille, but will take forever when you go to 8×8. A manual approach may still be the best bet for larger grilles.
8) Grille transposition is relatively easy to break, but may be hardened by combination with any other transposition type, and/or substitution ciphers.
9) Square grilles are standard, but triangles, rectangles, and other non-standard shapes have also been used in the past.

Thinking About Encryption, Part 54


Ragbaby – Art of the crib

Building on what I wrote about earlier on how creating CONs (cipher constructions) can be an art, I have a case in point. The Ragbaby cipher E-18, in the Jan.-Feb. 2019 issue of the ACA Cm newsletter was designed with what initially looks like a really short crib, and gives us almost nothing to work with, solving-wise. But there is a massive, HUGE hint built into the crib that allows for cracking it within 2-3 minutes.

Remember that for Ragbaby, we count the words in the plaintext, and add that to the letter position within the word. This gives us an “offset” for use in finding the corresponding cipher letter from the 24-letter keyed alphabet (we drop “J” and “X”). Say the key is “teacher” again, so the alphabet is:

..........11111111112222
012345678901234567890123
TEACHRBDFGIKLMNOPQSUVWYZ

If the message is (keeping word spacings and punctuation):

.1234.23..34567..
"Help Me, mommy."

“H” has an offset of 1, and the next letter after H in the keyed alphabet is “R”. Note that we wrap if we reach the right edge of the alphabet, and that a letter with an offset of 24 wraps to itself. This gives us a ciphertext of:

"RCOV OH, PUSUR."

I’m not going to use the exact CON from the Cm, to avoid looking like I’m taking credit for other people’s work, but I am going to use a similar construction to illustrate exactly what the author did. My CON is:

.................................1...11..111.1111.1111.111.111
12345 234 3456 456789 56 6789 7890 8901 9012 0123 1234 234 345
YMAZI IWL PYVH DPFZSI DW DGRC HVGN GUAQ HMQG BEMR OQHV MBK IYV.


11.111112.11112.11.112222222222333..122.22.22222..22.2222.22.2222
45 567890 67890 78 890123456789012. 901 01 12345. 23 3456 45 5678
GM FIDSZT VRLYS QQ VLIKHOLTWNRIWHL, FHA LL QMNKV. MP AEVW WQ ZYYB


2222.2223.2233.23.3333.33.333333
6789 7890 8901 90 0123 12 234567
TSVR YCRT UPCH AT RDKC GE QMZFYC.

The crib is “by looks”. To place the crib, we want to find text in the message of the same lengths. I specifically picked my crib so that I don’t have to waste time weeding out the other 5-letter words that we’d otherwise have to test and eliminate. The match is at:

22 22222
01 12345
LL QMNKV
by looks

Incidentally, the “k” in “looks” has an offset of 24, so it maps to itself. In fact, this gives the impression that we have even fewer letters to use for rebuilding the alphabet, but that’s a red herring. To crack Ragbaby, we usually want to find a letter that occurs more than once, and use that as the relative “zero-point” of our new alphabet. “L” would normally be a great candidate. We would then put “l” at 0, “b” 20 characters to the left, “y” 21 characters to the left, and “q” 21 characters to the right. As such:

012345678901234567890123
l..yb................q..

This almost looks like garbage, and we may wonder if the crib was placed wrong. However, for the most part the letter numbering in the crib is smaller than that in the CON (“b” < “L”), meaning that the letters mainly look like they are ascending relative to each other, which is what we’d expect for anything outside of the key. The vital exception is for “l” and “Q”. The offset is 21, meaning that “l” is 3 places to the right of “q” . If we pick “q” as offset 0, we get:

012345678901234567890123
q..l..yb................

Normally, “l” would never follow “q” UNLESS they were part of the keyword. We can logically expect “u” to follow “q”, and even if we didn’t have the “y”, we’d really want to test if “qu.l…..” is “quality”.

Using the alphabet of “qualitybcdefghkmnoprsvwz”, we get the plaintext:

.................................1...11..111.1111.1111.111.111
12345 234 3456 456789 56 6789 7890 8901 9012 0123 1234 234 345
YMAZI IWL PYVH DPFZSI DW DGRC HVGN GUAQ HMQG BEMR OQHV MBK IYV.
thzrz arz manb thtngr in ltfz yhly innh ithq vzly ygqb lpq mny


11.111112.11112.11.112222222222333..122.22.22222..22.2222.22.2222
45 567890 67890 78 890123456789012. 901 01 12345. 23 3456 45 5678
GM FIDSZT VRLYS QQ VLIKHOLTWNRIWHL, FHA LL QMNKV. MP AEVW WQ ZYYB
wq sgnaid tadfq by lccomplishmznyr not by looks or less wz will


2222.2223.2233.23.3333.33.333333
6789 7890 8901 90 0123 12 234567
TSVR YCRT UPCH AT RDKC GE QMZFYC.
look likz vhay vz hayz ta nyhqpr


qualitybcdefghkmnoprsvwz
012345678901234567890123

Ok, so this is not exactly the right key, but there’s so much readable plaintext that we’ve got to be on the right track. Taking a few guesses, we can clean up what we have into: “accomplishments, not by looks. Or less we will look like”. Filling in more of the alphabet, we will eventually get to where we can place “e”. One option for this is “e” is “t” with an offset of 30 (30 – 24 = 6) to the left.

012345678901234567890123
qualityb...............e

Changing “e” to be our base letter, we can just shift everything 1 position to the right:

012345678901234567890123
equalityb...............

Using “equality” for the key, we get:

“There are many things in life that look like what they are not.
We should iudge by accomplishments, not by looks. Or less we will
look like what we hate in others.”

CON solved. The original author used his knowledge of the Ragbaby algorithm to create a CON that initially looks very hard, but built in an exploit with the choice of keyword and crib that lets the CON collapse in just a couple minutes for anyone that is familiar with this type (it took me about 10 minutes, most of which was spent with me thinking that I was doing something wrong.”) I applaud his skill and ingenuity.