05

Cryptanalysis and Decryption

Digit readers will be familiar with the Crack The Code challenge and the time and effort required for the process of effectively cracking codes and ciphers. This process is called cryptanalysis, which is basically the science of analyzing information systems (commonly called codes and ciphers) in order to study the data hidden inside the systems. Cryptanalysis is used to beat cryptographic security systems, whether they are the pen-and-paper ones devised by you when you were kids, or the latest encrypted security systems anywhere in the world.

CRYPTANALYSIS AND DECRYPTION

We have been breaking codes as long as they have existed. This chapter looks at the science behind code-breaking

Digit readers will be familiar with the Crack The Code challenge and the time and effort required for the process of effectively cracking codes and ciphers. This process is called cryptanalysis, which is basically the science of analyzing information systems (commonly called codes and ciphers) in order to study the data hidden inside the systems. Cryptanalysis is used to beat cryptographic security systems, whether they are the pen-and-paper ones devised by you when you were kids, or the latest encrypted security systems anywhere in the world.

How does Cryptanalysis work?

There are four basic steps to solving any common cryptography puzzle. Although you don’t need to stick to these steps strictly, they form a very useful guide for most beginners:

1. Determine the language being used: To decode the ciphertext of a coded message into plaintext, you should first have a general idea of what the plaintext is supposed to be like. So, it is important to first identify the language of the plaintext before attempting to look for it. That being said, there’s not much to this step except your common sense. If you’re decoding your friend’s secrets, use the language he/she uses. If you’re decoding a top-secret message from France, use French. Pretty simple.

2. Identify the Encryption being used: Certain Encryption systems are easily identifiable through the use of some telltale signs, while some others can be quite complex. However, irrespective of the complexity of the system used, once you have identified it, you have taken the first steps towards breaking it.

3. Find the Key: Most ciphers and codes use a certain ‘key’ that helps unlock them. Depending on the complexity of the Encryption system used, this process can be quite painstaking and laborious, but is often absolutely essential. Without a key, most cryptanalysis is simply reduced to brute-force guesswork and trial-and-error.

4. Decode the Message: Once you have the key and the ciphertext, you can decode the latter into plaintext. This is usually not the ultimate target of most cryptanalysts, who are simply interested in “cracking the code”, unless of course the final message leads to buried treasure or something of the kind.

Most importantly, in the words of a Captain Parker Hitt from a U.S. Army cryptography textbook, “Success in dealing with unknown ciphers is measured by these four things in order named: perseverance, careful methods of analysis, intuition, [and] luck.”

Common Cryptanalysis techniques

Coding “secret” information so that it is accessible only to the people you want it visible to is a practice that dates back centuries. And as long as there have been codes, there have been people looking to break them, for reasons ranging from mere academic interest to stopping potential global Armageddon (Enigma and World War II ring any bells?). As is a natural consequence, over the years many different and varied methods of cryptanalysis have been invented and discovered. Most of the current in-vogue methods for breaking modern cryptosystems rely heavily on the use of pure mathematics to solve problems, making them quite complex, and hence beyond the purview of this brief guide.

Instead, we will look at some of the more common cryptanalysis methods that can be used to crack at least the most basic codes. NOTE: These decryption methods are very elementary, and unlikely to be able to crack any of the codes commonly used today. So, restrict using these methods to breaking the code used by your younger brother/sister and watching their astonished expressions as you reveal the information they thought safe from your prying eyes. DISCLAIMER: This writer does not take any responsibility for sibling rivalries/angst created from the abovementioned incident. Use these methods at your own risk!

Frequency distributions

One of the most elementary forms of cryptanalysis uses something called “frequency distribution”. Essentially, this is a tendency of language where certain characteristics of a language stand out noticeably, in ciphertext as well as plaintext. Someone who has knowledge of these characteristics can use them to break a code in that language quite easily.

For example, in the English language, the letter ‘E’ is by far the most used letter of the alphabet. This means that its occurrence in any message text is mostly the highest. Therefore, when we see a letter being repeated very often, it is safe to assume that this is a replacement of the letter ‘E’. Using this as the starting point, we can discover other letter substitutions and accordingly “crack the code”. Similarly, we can use the common occurrence of the digraphic “th” as a starting point for solving most common codes.

You can use the following table as general guidance for the average percentage of frequency of letters during common English usage:

Transposition systems

Transposition systems are fundamentally different from substitution systems. In substitution systems, plaintext values are replaced with other values. In transposition systems, plaintext values are rearranged without otherwise changing them. This changes the approach you must adopt when attempting to decrypt these codes.

If you believe that the code you’re trying to decrypt uses a transposition system for encryption, arrange the letters in the form of a grid. By trying different variations of number of rows against number of columns, as well as reading off the letters in varying fashion (horizontally or vertically), one will eventually be able to decode the message into plaintext. However, this method can be quite laborious and painstaking, depending on the size of the message to be decoded and the number of letters/variables involved.

Catch phrases

Frequently, many messages are passed off in code as common language. A notable example of this was the British Broadcasting Corporation’s overseas service’s use of “personal messages” as part of its regular broadcast schedule. The seemingly nonsensical messages read out by announcers were actually one time codes intended for Special Operations Executive agents operating behind enemy lines. Using such means, the French Resistance was instructed to start sabotaging rail and other transport links the night before the D-Day Invasion of Normandy.

The problem with cryptanalysis of these codes is that they are heavily reliant on the cryptanalyst’s knowledge. If the cryptanalyst is unaware of the words to watch out for, the ‘key’ that indicates it is a coded message, he/she will have to attempt catching the code simply by intuition. Again, the lack of a key will force the cryptanalyst to use brute-force methods to try and decrypt the code, rendering it an extremely time-consuming and prohibitive process. Common catch phrases are: salutations, “please find enclosed”, etc which are typical in official communication.

Syllabary spelling

One of the common keys to breaking into some codes and ciphers is identifying and exploiting syllabary spelling. This essentially includes identification of instances where the same word is spelled in different ways by combining the syllables and letters in different combinations each time. This method is fairly easy if applied to the appropriate code, since most syllabic and letter clusters tend to stick together. By identifying these repeating patterns, one can write down the message in syllabary language, rearrange it on the basis of the sounds of the syllables and the letters and then decode the plaintext message from the rearranged syllabary message. For example, the last letters in words ending with the ‘-ur’ sound are always ‘re’, such as fracture, departure, capture, etc. We

can use similar rules that apply to pronunciation of the English language to easily decrypt ciphertext.

Cryptanalysis today

As mentioned earlier, the abovementioned methods are elementary at best, and are unlikely to be of any use in the “real world” of cryptography today. Despite the successful use of computation to break cryptographic systems during and since World War II, the improvement in technology and knowledge has also vastly improved the complexity of new methods of cryptography. On the whole, modern cryptography has become much more resistant to cryptanalysis than the systems of the past. However, cryptanalysis is far from dead. It has simply had to evolve. Traditional methods of cryptanalysis have given way to new techniques including interception, bugging, side channel attacks, quantum computers, etc. The effectiveness of the cryptanalysis techniques used by government and law enforcement agencies is a tightly guarded secret; but there have been some major breakthroughs recently against both academic (purely theoretical) as well as practical cryptographic systems. Thus, while modern ciphers and codes may be far advanced as compared to even the best of the codes from the past, such as the Enigma Cipher from World War II, Cryptanalysis remains very much active and thriving.

Conclusion

Cryptanalysis is one of the fields that appears to be shrouded in mystery. Commonly associated with spies and the stuff of detective novels, it is in fact a purely logical field that relies frequently on little more than common sense, intuition and mathematics. Modern cryptanalysis might be a far cry from the simplistic methods described in this article, yet they are the foundations upon which the field rests. For mathematicians, computer scientists and code-cracking enthusiasts in general, there exists a field much larger than the limitations of what has been explained here very briefly. Happy cracking!