Deciphering Queen Of Scots, Mary Stuart’s Lost Letters

February 12, 2023 by Maya Posch 10 Comments

First part of the cypher used by Mary Stuart and Castelnau, showing the use of homophones, special characters and more. (Credit: Lasry et al., 2023)

Communications by important people over the past thousands of years have been regularly encrypted, making the breaking of this encryption both an essential and also a fascinating historical field. One recent example of an important historical discovery by codebreakers are letters dating back to 1578 through 1584 by Mary Stuart, the Queen of Scots in the 16th century. While deemed lost for centuries, researchers came across them in a stash of encrypted letters that were kept at the Bibliothèque nationale de France’s (BnF). After decrypting these 57 letters, they realized what they had come across.

Even in digitized form, they could not simply be OCRed, leaving the researchers to manually transcribe each character into the software they used to assist with the decrypting. Only during the decrypting process, they began to realize that these were not Italian communications – matching the rest of the collection of which they were part – but in fact letters by Mary and her allies. Of the 57 letters, 54 are from Mary to Castelnau, the French ambassador in London at the time.

Supporting evidence for these decrypted letters being from Mary and Castelnau came from British archives, which had clear text versions of some of the encrypted letters, dated to the years when a mole within the French embassy was leaking translated texts to the English, as part of the usual political pastime during those centuries of getting onto thrones and making other people leave them. Mary’s attempt to become not only the Queen of Scots but also Queen of England came to a tragic end with her execution in 1587 after a politically motivated show trial.

The software the researchers used primarily is called CrypTool 2, which is an open-source project that provides cryptoanalysis and related functionality. The access to the documents themselves was enabled via the DECRYPT project, resources which taken together enables virtually anyone to undertake such historical sleuthing from the comfort of their own home.

(Thanks to [Stephen Walters] for the tip)

Visual Cryptography For Physical Keyrings

July 14, 2022 by Dave Rowntree 14 Comments

Visual cryptography is one of those unusual cases that kind of looks like a good idea, but it turns out is fraught with problems. The idea is straightforward enough — an image to encrypt is sampled and a series of sub-pixel patterns are produced which are distributed to multiple separate images. When individual images are printed to transparent film, and all films in the set are brought into alignment, an image appears out of the randomness. Without at least a minimum number of such images, the original image cannot be resolved. Well, sort of. [anfractuosity] wanted to play with the concept of visual cryptography in a slightly different medium, that of a set of metal plates, shaped as a set of keyrings.

Two image ‘share pairs’ needed as a minimum to form an image when combined

Metal blanks were laser cut, with the image being formed by transmitted light through coincident holes in both plate pairs, when correctly aligned. What, we hear you ask, is the problem with this cryptography technique? Well, one issue is that of faking messages. It is possible for a malicious third party, given either one of the keys in a pair, to construct a matching key composing an entirely different message, and then substitute this for the second key, duping both original parties. Obviously this would need both parties to be physically compromised, but neither would necessarily notice the substitution, if neither party knew the originally encrypted message. For those interested in digging in a little deeper, do checkout this classic paper by Naor and Shamir [pdf] of the Wiezmann Institute. Still, despite the issues, for a visual hack it’s still a pretty fun technique!

Want to learn a little more about crypto techniques you can do at home? Here’s our guide. Encryption too hard to break, but need a way to eavesdrop? Just punt out a flawed system, and you’re good to go.

Continue reading “Visual Cryptography For Physical Keyrings” →

Why You Should Totally Roll Your Own AES Cryptography

July 11, 2022 by Maya Posch 27 Comments

Software developers are usually told to ‘never write your own cryptography’, and there definitely are sufficient examples to be found in the past decades of cases where DIY crypto routines caused real damage. This is also the introduction to [Francis Stokes]’s article on rolling your own crypto system. Even if you understand the mathematics behind a cryptographic system like AES (symmetric encryption), assumptions made by your code, along with side-channel and many other types of attacks, can nullify your efforts.

So then why write an article on doing exactly what you’re told not to do? This is contained in the often forgotten addendum to ‘don’t roll your own crypto’, which is ‘for anything important’. [Francis]’s tutorial on how to implement AES is incredibly informative as an introduction to symmetric key cryptography for software developers, and demonstrates a number of obvious weaknesses users of an AES library may not be aware of.

This then shows the reason why any developer who uses cryptography in some fashion for anything should absolutely roll their own crypto: to take a peek inside what is usually a library’s black box, and to better understand how the mathematical principles behind AES are translated into a real-world system. Additionally it may be very instructive if your goal is to become a security researcher whose day job is to find the flaws in these systems.

Essentially: definitely do try this at home, just keep your DIY crypto away from production servers :)

Screenshot of the RSA calculator, showing the fields that you can fill into and the results as they propagate through the calculation

Lift The Veil On RSA With This RSA Calculator

July 8, 2022 by Arya Voronova 2 Comments

Encryption algorithms can be intimidating to approach, what’s with all the math involved. However, once you start digging into them, you can break the math apart into smaller steps, and get a feel of what goes into encryption being the modern-day magic we take for granted. Today, [Henry Schmale] writes to us about his small contribution to making cryptography easier to understand – lifting the veil on the RSA asymmetric encryption technique through an RSA calculator.

With [Henry]’s calculator, you can only encrypt and decrypt a single integer, but you’re able to view each individual step of an RSA calculation as you do so. If you want to understand what makes RSA and other similar algorithms tick, this site is an excellent starting point. Now, this is not something you should use when roll your crypto implementations – as cryptographers say in unison, writing your own crypto from scratch is extremely inadvisable. [Henry] does say that this calculator could be useful for CTF players, for instance, but it’s also undeniably an accessible learning tool for any hacker out there wishing to understand what goes on under the wraps of the libraries we use.

In modern day, cryptography is instrumental to protecting our freedoms, and it’s a joy to see people work towards explaining the algorithms used. The cryptography tools we use day-to-day are also highly valuable targets for governments and intelligence agencies, willing to go to great lengths to subvert our communication security – so it’s even more important that we get acquianted with the tools that protect us. After all, it only takes a piece of paper to encrypt your communications with someone.

Cold War Code Breaking Manual Teaches Impossible Puzzle Solving

June 8, 2021 by Al Williams 25 Comments

Cryptologist [Lambros Callimahos] was a victim of his own success. He wrote a trilogy of books called Military Cryptanalytics covering code breaking in 1977. The first two volumes were eventually published, but the NSA blocked the public release of the third volume back in 1992. But last December, it finally saw the light of day.

Of course, some parts of the book are redacted, including parts of the table of contents. That’s pretty bad when even your chapter headings can be classified. [Richard Bean] over on Phys.org has some notes about the book along with some examples of hard-to-solve crypto puzzles.

Continue reading “Cold War Code Breaking Manual Teaches Impossible Puzzle Solving” →

Simple Encryption You Can Do On Paper

May 12, 2021 by Jenny List 73 Comments

It’s a concern for Europeans as it is for people elsewhere in the world: there have been suggestions among governments to either outlaw, curtail, or backdoor strong end-to-end encryption. There are many arguments against ruining encryption, but the strongest among them is that encryption can be simple enough to implement that a high-school student can understand its operation, and almost any coder can write something that does it in some form, so to ban it will have no effect on restricting its use among anyone who wants it badly enough to put in the effort to roll their own.

With that in mind, we’re going to have a look at the most basic ciphers, the kind you could put together yourself on paper if you need to.

Continue reading “Simple Encryption You Can Do On Paper” →

Inside The Top Secret Doughnut: A Visit To GCHQ

October 26, 2020 by Al Williams 31 Comments

There’s an old joke that the world’s greatest secret agent was Beethoven. Didn’t know Beethoven was a secret agent? That’s why he was the greatest one! While most people have some idea about the CIA, MI6, and the GRU, agencies like the NRO and GCHQ keep a much lower profile. GCHQ (Government Communications Headquarters) is the United Kingdom’s electronic listening center housed in a 180 meter round doughnut. From there they listen to… well… everything. They are also responsible for codebreaking and can trace their origin back to Bletchley Park as well as back to the Great War. So what’s inside the Doughnut? National Geographic managed to get a tour of GCHQ and if you have any interest in spies, radios, cybersecurity, or codebreaking, it is worth having a look at it.

Of course, only about half of the GCHQ’s employees work in the Doughnut. Others are scattered about the UK and — probably — some in other parts of the world, too. According to the article, GCHQ had a hand in foiling 19 terrorist attacks, arresting at least two sex offenders, and prevented about £1.5 billion of tax evasion.

Continue reading “Inside The Top Secret Doughnut: A Visit To GCHQ” →