Encryption in your head

  • Thread starter jeffceth
  • Start date
  • #26
chroot
Staff Emeritus
Science Advisor
Gold Member
10,226
34
You've gotta be kidding me, kid.

The point was, just because a term is used colloquially among a group of people does not make it a word by definition. Hootnanny is not a word, but I'm sure a lot of people know what it means. I was pointing out the fact that earlier you insinuated that I was offering a dumb idea to the orginal poster, even though you were not using correct terminology yourself.
1) Hootenanny is a word. You just didn't spell it correctly.

2) The word "cryptosystem" is also a word, one used by virtually everyone in the field of cryptography. How on earth is it not "correct terminology?" As has been pointed out, many hundreds of papers have been published with the word "cryptosystem" in their titles. The most popular books in the field -- which you claim to have read -- use the word hundreds of times each. The fact that you didn't know the word is just additional testament to your laughable ignorance of the entire topic of cryptography. Why don't you just stop while you're ahead?!

3) Your attempt to discredit me by attacking my use of a word indicates that you really just have nothing more useful to say about my arguments.

You merely reiterate the fact that any cipher of quality must have complex keys generated by algorithms.
I never said that at all. Work on your reading comprehension.

I just hope you are not a teacher somewhere, I would feel badly for your students.
I just hope you're not a student somewhere, I would feel badly for your teachers! :rofl:

I just chose your colloquialism to make a point
What point was that, exactly? The point that you have no idea what you're talking about? What you just did is the equivalent of walking into a room full of neurosurgeons and trying to one-up them by telling them the word subfornical is not in the dictionary, and thus isn't a word. Who the hell cares what you think is or is not a word? Again, your ignorance of this extremely common term just illuminates your level of understanding.

I have to defend myself even further from someone who has not even bothered to produce any credentials as to his expertise in the matter other than personal attacks and hot air.
I wasn't the one who started busting out credentials, kiddo. My statements stand on their own; I don't have to explain to anyone that I repair Navy computers (:rofl:) to try to prove I know what I'm talking about. If you're interested in credentials, however, I have a BSEE from Virginia Tech, am nearly done with an MSEE at Stanford, and am a senior integrated circuit designer at a Nasdaq 100 corporation in Silicon Valley.

I thought I had found an enlightened forum here in Physics Forums. I guess I was wrong.
Don't let the door hit you on your...

- warren
 
  • #27
4
0
I liked the topic, although this thread has likely gone the way of the dinosaurs

I think that there is a strong recreational component to the practice of mental cryptography. It can be made quite mathematical, however it's truthfully just heaps of mental algebra. Nothing too fancy that I know of can be put to work in realistic, reliable mental cryptographic algorithms -- this makes sense as the heart of any cryptographic system is based on computation and calculus or high order exponential/modulus mental gymnastics seem trivial when passing notes among friends.

Obscuring a message can be easy, either through encoding or processes of enciphering. Encoding could be used to turn known symbols into coded symbols via some agreed upon translation system. This too can be algorithmic if the original message could be converted into numerical forms. While this may seem to be a difficult proposition for words, letters can be mentally represented numerically and manipulated as if in an ordinal system. Friends of mine will sometimes use a different number base to encode messages, I call the system Base 3.

Base 3 method for coding messages:
--first, an overview - there are 26 letters in the alphabet and a space character required to communicate messages at the word level without punctuation. In Base 3, three symbols (represented here as 0,1,2) can be grouped in blocks of threes (000, 001, 002, 010, ...) to represent all numbers from 000 to 222 with an astounding range of (you guessed it) 27 values. Allow 000 to represent a space, it seems easy enough to remember because it is effectively NULL. 'A' is 001 and 'Z' is 222. Go to town with it, you'll develop your own mnemonics and mental automata quickly takes over to make the process painless.

Primary benefit of Base 3: fun
Secondary benefit of Base 3: It functions as a data set and computationally-based mnemonic system for retaining information on the value attributed to letters in the english alphabet. "m is the middle of the alphabet, its base 3 representation is 111, 1*(3^2)+1*(3^1)+1*(3^0) is 9+3+1 or 13. therefore m is the 13th letter and m=13." or "If r is 200 in base 3, then 9*2 is 18 so r = 18."

The possibilities are finite (there are 26 letters, complete knowledge of base 3 takes minutes to acquire, hours (at most) to attain some reasonable degree of proficiency.).

Suggested system for mental cryptography:
Implement a polyalphabetic cipher, even a few characters produces results that Edgar Alan Poe would have found troubling.

I've protected a few notes in my journal with a coded key. I used a 4 digit composite number, say 1918, which can be easily factored as 2*7*137, and concatenated the digits to form 27137 and sequentially iterated through the digits (allowing the pattern to repeat throughout the duration of the message) to additively translate every character in my message.

"A MESSAGE" thus becomes "C TFVZCNF" (I applied, +"2 7137271").

Thus, 1918 can be used to decode the message if received by a compatriot.
(Protecting individual privacy is a patriotic act and a constitutional right!)

Let's send the message to a hypothetical friend and consider the thought process:
"C TFVZCNF" ... let's see, 1918 ... that's 2*959, and 959 is 910+49 or (130+7)*7, so 2*7*137 is 1918, which gives 27137 as my key! Now, C-2, A. T-7, that's 20-7 or 13 and 13=M. F-1 is E. V-3 is 22-3 or 19, 19 is 201 in base 3, which is S, therefore 19=S. Z-7 is 26-7 is 19, so S. C-2 is A (again). N-7 is 14-7, which is 7 which is G. F-1 is E. That spells "A MESSAGE" I just received "A MESSAGE" from my friend protected by a polyalphabetic key encoded by the number 1918!!

Unfortunately with the above system, the range of possible values the key can translate the original message is confined to 0-9 unless new rules are applied. The above system was intended as a proof of concept, namely polyalphabetic (or vigenere) ciphers can be done mentally, I hope this message is received by at least one person who finds this post meaningful.

This was written as a stream of consciousness, and I hope any errata lingering in what I have written will be forgiven.

Regards,
James
 
Last edited:
  • #28
CRGreathouse
Science Advisor
Homework Helper
2,820
0
I think it was Neal Stephenson's Cryptonomicon that had a modestly secure cryptosystem using playing cards explained in an appendix. A videotape of you 'shuffling' the cards would break the system, but the cards themselves (which carry the ciphertext at the end) could be found without compromising the system.

Of course a deck of cards has only 225 bits of entropy, so I guess it depends on how much information you need to convey. That might be 45 characters without compression -- and doing compression, even simple compression, in your head would be tough.
 
  • #29
chroot
Staff Emeritus
Science Advisor
Gold Member
10,226
34
CRGreathouse,

As has already been mentioned in this thread, the Solitaire algorithm (called Pontifex in Cryptonomicon) is nowhere near secure enough to thwart major governments.

- Warren
 
  • #30
4
0
I appreciate the responses and was surprised by their rapidity. I am human and fallible, so please forgive any errors in judgment or knowledge. Mental cryptography is something of which I'd like to improve. I hope this post is both useful and appropriate.

Side note: Neal Stephenson is one of my favorite authors. I highly enjoyed Snowcrash, Interface and Cryptonomicon and I am yearning to read Diamond Age.

--back to ciphers-- (particularly as they apply to mental cryptography.)
''WARNING'' I speculate.

It's really all about keys. For a moment, let's consider an isolated cipher that is equal in length or shorter than an arbitrary, private key. All messages protected by the cipher would be completely obscured by the possible entropy of the private key.

E.g., given a 20 character message and a 30 character key produced using ideally randomized symbols. Assuming that each symbol represents a number which can be applied to the original message via additive or subtractive process, the effective values of each symbol fall within the range 0 through 25 (via mod 26). The effective length of the key is 20 because the effect of the key's entropy beyond the length of the message isn't present. I recognize that the conditions are constrained in this hypothetical, but I think these constraints are suited to best describe my message to the forum.

When I've encountered cryptoanalysis in my reading, frequency analysis and index of coincidence rely on natural biases in letter frequencies and combinations which are language dependent. Therefore, systems that detract from the natural quality of the original message could possibly be employed to help thwart these types of attacks. A scrambling algorithm could effect index of coincidence analysis on its own, however without further effort frequency analysis wouldn't necessarily be effected. (It would presumably be more difficult to apply frequency analysis on enciphered text that is scrambled.)

An enciphered message that undergoes data compression is both enciphered and encoded, and if a compressed, enciphered message were found and treated as a simple polyalphabetic cipher then encryption would probably be curiously difficult to break. As an arbitrary, made-up metaphor, you could liken it to searching for birds by digging up gopher holes. All the work trying to break the cipher would lead you away from meaningful decryption which would first involve decompression (and thus decoding/formatting to allow the iterative application of the cipher key).

The strength of a cryptographic system does not have to rely on sheer complexity if the situation can be reasonably controlled. If a highly randomized key can be selected for limited use, say on an assignment infiltrating the den of an adversary, then as previously described, a simple cipher can completely obscure the original message up through the length of the key with increasing vulnerability as the key is allowed to cycle. Frequency analysis of data is only possible with keys that are relatively small in comparison to the length of the data.

Overlaying a combination of keys with relative-prime lengths could create an effectively much larger key using less information. The resulting key will contain patterns I find reminiscent of auditory beat-phenomena created when differing tones are superimposed, however a cipher's strength in protecting finite data does not increase linearly with the length of the key used to protect it so the key-inflation effect might provide increased support.

I think that an ideal cryptosystem should best fit the scenario in which it is needed; this is seemingly relevant in mental cryptography where computational resources are limited. There really shouldn't be a one-size-fits-all solution because any truly secure system involves an unrealistic amount of complexity and human humility must be taken into account. If you wish, blame God for the limitations of man. I think that a pragmatic system would have to be devised to mediate the computation process, 'humanizing' the computation by applying heuristics in order to exploit the necessary complexity required for cryptographic security.

In the limit, the most pragmatic means of securing the information could very well be the use of charm, stealth and unmarked manilla envelopes which never leave the carrier's sight. Secrets can't always be guarded by ciphers. I don't believe there's a realizable mental cryptosystem strong enough to consistently protect against cryptoanalysis backed by the military budget of a motivated country.
 
Last edited:
  • #32
CRGreathouse
Science Advisor
Homework Helper
2,820
0
CRGreathouse,

As has already been mentioned in this thread, the Solitaire algorithm (called Pontifex in Cryptonomicon) is nowhere near secure enough to thwart major governments.
Ah, sorry, I missed where it was mentioned.

I agree that the algorithm is not secure enough to meet the requirements of the thread, but I thought that it might have been what the OP had read about so I wanted to mention it.
 
  • #33
CRGreathouse
Science Advisor
Homework Helper
2,820
0
I don't believe there's a realizable mental cryptosystem strong enough to consistently protect against cryptoanalysis backed by the military budget of a motivated country.
Well, let's consider what a large country might be able to do to brute-force any code, assuming they haven't found a special weakness. If the EFF can crack DES (56 bits) in two days, then a government should be able to brute-force 60 to 80 bit keys in a day, with budgets around ten million dollars (60 bits) to hundreds of billions of dollars (80 bits). If the information needs to remain secret for a year, that's another 8 bits. Kick in a few bits for safety (in case of a minor keyspace reduction break) and you need 90 bits, minimum, to be safe from a major government.

So the first step to a mental cryptosystem is finding a way to remember and work with a key at least 90 bits long.
 
  • #34
4
0
(wrote this up minutes before lecture; trying to run with presented ideas - characters -> bits information isn't very meaningful to me in a simple polyalphabetic cipher.)

Heuristic: group the cipher key into blocks of 5 letters- 40 characters requires eight 5-character blocks. While doing the cipher, note the lengths of each word and track block placement by adding the word length to last block placement value and taking mod 5. Keeping track of the block placement values could make it easier to keep track of where you are in the key while enciphering mentally. If you lose track of your placement mid-word, the block placement value could be used to get you back on track instead of having to recount everything.

If an error occurs while enciphering, there are two likely possibilities. The first of the likely possibilities is that an individual letter may be incorrectly converted to its ciphertext. The second likely possibility is that the person creating the ciphertext may have shifted the key placement; hopefully the block placement value will allow the shift to maintain some regularity, e.g., suppose you are decrypting (bare with me) a [7-letter word and are on the 3rd letter], from memory you know the current and upcoming blocks are RIJND AELCR YPTOG and that [you started on the 2nd character of the RIJND block]. The correct character to apply as a cipher key is N (value: +14), but you made a mistake and thought you were already using AELCR. You recognize the 4th ((2+3)-1) character of your block is C and continue on your merry way having skipped the 5 intervening characters NDAEL (N obviously included). Fortunately this can be fixed at the decoding phase without too much trouble and importantly doesn't effect the strength of the cipher. When the 7 letter word is finished, you would still observe that (2+7) mod 5 = 4 is the starting position in the continuing block.

On to memorization:
It takes hours (who would sit around memorizing pi for days??) to memorize a couple hundred digits of pi- a sequence of digits that serve no practical purpose in man's memory beyond perhaps 9 digits. My point is that a lot of people know plenty of digits of pi despite the inherent randomness of the digits.

Strictly relying on memorized strings of numbers could be worked into some sort of mental cryptosystem- however there are some considerations to make. Speaking strictly numerically, grouping the digits would seemingly offer a fairly easy solution to increasing the range at which a cipher can effect text. The process, as consistent with previous descriptions, would be an additive mental operation, but first between the grouped digits and secondly as the sum is applied to the text as a member of the crypto-key. Through cursory reasoning result in a problem as you can expect an inherent bias for the pairs to sum to 10. While 10 would be the most probable sum with 9% of all pairings yielding this value, followed by 9 and 11 then 8 and 12, etc. 0 and 18 occur the least frequently only once out of 100 blocks. This is sensible because the only way to sum to 0 with two digits is (0,0), and 18 also can only be reached by pairing (9,9). All other values 2-17 have at least two possible pairings, with 10 having the most through (1,9),(2,8),(3,7),(4,6),(5,5),(6,4),(7,3),(8,2) and (9,1). This would seemingly be a flaw in the strength of the cipher if the process were numerically based on this method. Although I'm not quite certain as to how much trouble that sort of thing would really cause as the key itself would still prove useful in lighthearted applications (of the sort my postings have predominantly intended). If you already have 200 digits of pi memorized, that can serve as a 100-character key!!

Other methods can mediate the storage and retrieval of key-information; the pontifex method exploits a common deck of cards as such a medium. However, if people demonstrate the ability to retain accurate memories of numerical sequences (or otherwise), why not exploit this in a mental cryptographic system?

The memorization of non-numeric sequences could help avoid the aforementioned numerical bias (to 10) by increasing the number of values stored in each symbol - pairing would thus be unnecessary.

Heuristic idea #2: As 3rd graders memorize times-tables, the memorization of a substitution chart corresponding to each letter could help exploit rote memory and reduce overall cognitive load during mental enciphering. Practicing monoalphabetic ciphers would probably be a good way to learn because effectively each character in a key functions as a switch into a different monoalphabetic cipher (fortunately, there are only 25 monoalphabetic ciphers that produce unique ciphertext).

Getting accustomed to applying the monoalphabetic cipher mentally is easy for letters along the extrema of the range, if "A" is given as a key and represents a translation of 1 position, "A" onto "A" is always "B", "A" onto "D" is always "E", "A" onto "Z" is always "A". If all the letters can be learned this way then a sequence can be ciphered without much computation, just mental substitution. The "key" would be switching gears, treating your mind as a Turing machine and switching machine states dependent on the current symbol reached as one iteratively moves through the mental 'tape'-recording of a random sequence of letters. Furthermore, while developing the mental codes for automatic retrieval, conversion to numerical representations and a little quick algebra consistently works and is always an option as a mental checksum.

As for a long key, people (myself included) often pick up various >>useless<< alphanumeric sequences, e-mail accounts, phone numbers, microsoft windows (egh) serials. Memorization of sequences is often less an issue of memory limitations as it is a limit of motivation. The memorization of several hundred randomized characters with regular blocking seems a bit excessive however well within human capacity. I think a Vigenere cipher exploiting a memorized key of sufficient length could be effectively utilized in a mental cryptosystem. This is perhaps overly simplistic. Are there any other suggestions for going about an applied mental cryptosystem? Feel free to critique what I've written. Personally, I'm much more interested in simple ciphers that I could use when passing notes among friends, strictly for the hell of it, but I suppose if security were an issue the system could effectively be extended by more dramatic means.

EDIT: I tried mentally ciphering a sentence using a memorized 25-character key. I used my laptop's XP serial which I remember (for no good reason, i run slackware12) and considered all letters as numbers, went through the arithmetic mentally and managed to write out my message without showing work. Maintaining awareness of the key and the original message wasn't as difficult as one might suppose, there is a minimal amount of information that one is required to keep in focus to accomplish a simple cipher task as I have described. Maybe the use of a more sophisticated system could provide more security but the methods should be designed to function reasonably under limited human-attentional resources.
 
Last edited:
  • #35
4
0
I have fixed several errors contained in my last post.
-James

As for learning the placement of letters in the alphabet... I've found Base 3 is a pretty handy system. I mentioned it on my first posting here (page 2) and it's surprisingly convenient.

(Base 3, XYZ) -> (Decimal, 9X+3Y+Z)

_ 000 I 100 R 200
A 001 J 101 S 201
B 002 K 102 T 202
C 010 L 110 U 210
D 011 M 111 V 211
E 012 N 112 W 212
F 020 O 120 X 220
G 021 P 121 Y 221
H 022 Q 122 Z 222


Example: 'Base3 in action'
111 012 201 201 001 021 012 201 000 001 200 012
000 012 001 201 221 000 100 112 000 002 001 201
012 000 202 022 200 012 012 000 001 112 011 000
100 202 000 010 001 112 000 022 012 110 121 000
221 120 210 000 110 012 001 200 112 000 202 022
012 000 112 210 111 012 200 100 010 001 110 000
211 001 110 210 012 201 000 001 201 201 120 010
100 001 202 012 011 000 212 100 202 022 000 012
001 010 022 000 110 012 202 202 012 200 000 000

in Base10,
13 05 19 19 01 07 05 19 00 01 18 05
00 05 01 19 25 00 09 14 00 02 01 19
05 00 20 08 18 05 05 00 01 14 04 00
09 20 00 03 01 14 00 08 05 12 16 00
25 15 21 00 12 05 01 18 14 00 20 08
05 00 14 21 13 05 18 09 03 01 12 00
22 01 12 21 05 19 00 01 19 19 15 03
09 01 20 05 04 00 23 09 20 08 00 05
01 03 08 00 12 05 20 20 05 18 00 00

Converted back to alphabetical symbols,
messages are
easy in bas
e three and
it can help you learn th
e numerical
values assoc
iated with e
ach letter

"messages are easy in base three and it can help you learn the numerical values associated with each letter "

I know the system doesn't offer any cipher protection, but it is really easy to learn and I've found it useful as a mnemonic when doing arithmetical operations on alphabetical symbols. 3 qubits are all it takes to hold the entire alphabet and a space character, which makes Base3 a particularly neat system to work with when encoding text. Observing that the 13th letter of a 26 letter alphabet is smack dab in the 'm'iddle is priceless. (M=111, Z=222)

I have no clue if anyone will find this remotely interesting, but I've done the work outlining the process anyway. Hope it's enjoyed.
 
Last edited:
  • #36
Just interjecting

Well, let's consider what a large country might be able to do to brute-force any code, assuming they haven't found a special weakness. If the EFF can crack DES (56 bits) in two days, then a government should be able to brute-force 60 to 80 bit keys in a day, with budgets around ten million dollars (60 bits) to hundreds of billions of dollars (80 bits). If the information needs to remain secret for a year, that's another 8 bits. Kick in a few bits for safety (in case of a minor keyspace reduction break) and you need 90 bits, minimum, to be safe from a major government.

So the first step to a mental cryptosystem is finding a way to remember and work with a key at least 90 bits long.
I just felt I could interject for a moment here -- I'm very interested in the original question -- to note that 90 bits of ASCII is just over 11 letters, and memorising passwords of over 12 characters is not a problem for the typical computer user. Even considering that only 40 or so characters are used -- let's assume 5 bits of real information -- only 18 characters need to be memorised. So key length is not really a problem.
 
  • #37
CRGreathouse
Science Advisor
Homework Helper
2,820
0
For me, at least, memorizing and manipulating an 18-character password of random letters and symbols (26 letters, 6 other symbols) would not be easy. It's hard enough for businesses to enforce strong 8 to 12 character passwords, which are still fairly far from random. This is twice that length and fully random. (If you're allowed to use less-than-random keys, you need to increase the length to ensure that the entropy stays high enough.)
 
  • #38
True, but given the original question's high goals, we may at least set the bar a little bit higher than for any ordinary problem. It's not /that/ difficult. You could easily invent a mnemonic for your password, a little ditty or rhyme, as long as you choose the password randomly first, and fit the ditty to it afterward.

When this question was asked on Slashdot, by the way, the most reasonable method proposed was RC4.
http://ask.slashdot.org/article.pl?sid=02/03/30/1927236
http://en.wikipedia.org/wiki/RC4

I'll work through some instances of RC4 and Tiny and post the results here later unless I forget. I don't think either has the property that they can't be broken based on the intermediate state, but as another poster pointed out, that may be impossible (without some "hardware", which may be no more than a paper abacus or pack of cards, of course). In any case, they are a start.
 
  • #39
15
0
I have been thinking about this as well, and I think RC4 would be feasible given a few months of training. The key to performing the encryption at speed in your mind will be memorizing huge tables of precomputed operations.
 
  • #40
Hmm, promising! I plan to see how much effort I can save if I write out some key tables (mind I haven't thought much about the actual feasibility, so I'm just writing down my general ideas). Including the full algorithm and generic tables next to my ciphertext is no security risk, and no inconvenience.
 

Related Threads on Encryption in your head

  • Last Post
Replies
4
Views
3K
  • Last Post
Replies
7
Views
19K
  • Last Post
Replies
3
Views
2K
  • Last Post
Replies
9
Views
9K
  • Last Post
Replies
1
Views
1K
  • Last Post
Replies
3
Views
2K
  • Last Post
Replies
3
Views
1K
  • Last Post
Replies
1
Views
2K
  • Last Post
Replies
3
Views
2K
Top