Bruce Schneier

# Schneier on Security

A blog covering security and security technology.

## March 28, 2011

### Biliteral Ciphers

Interesting article on William Friedman and biliteral ciphers.

Grim looking set of inmates in that photo. :-)

Thanks Bruce! Not much to comment on, but thanks for posting! Don't interpret lack of comments as lack of interest and don't stop posting these kind of links...

Christian LochMarch 28, 2011 8:08 AM

I'd say, that this is not a cipher but an encoding. This guy has discovered, that a binary encoding works well as intermediate encoding. So he basically says, if you need to encode anything: First encode it to binaries a/b == 0/1, then transfer the data on any physical encoding you like. We're doing this all the time today, having binary encodings everywhere now. But for the time, a surely bright mind.

When I was a teen and started tinkering with computers, I had the idea to encode all characters in binary numbers and assign each of alphabet's letters to either 0 or 1, with all of the letters assigned to one of these two numbers to be usable interchangeably. Text could then be encrypted using a random string of characters, which I envisioned would defy all stochastic attempts to decipher this code.
However, I presumed that I wasn't the first one to invent such a thing, and that this would be broken quickly, although of course I didn't know that it was Bacon who came up with a similar idea.

@Richard Hack -
Cameras of the time had much slower shutter speeds than cameras of today do, so people had to stand still for much longer period of time. It's much easier to hold a neutral pose, and smiling didn't become common in pictures until the technology improved.

TL;DR: 5-bit binary encoding of letters into the directions people face (forward or sideways) in a photo, character weight, character typeface, sheet music etc.

And here I thought that Paul Revere's instructions to use "one lamp if by land, two lamps if by sea" was the first widely-known use of binary encoding.

Worth noting that it's really more stenography than cryptography. Not that there's anything wrong with that. :) Really cool idea that I'd never run across.

Err, steganography, not stenography. I shouldn't have trusted FireFox's autocorrect. :p

PaeniteoMarch 28, 2011 9:30 AM

@karrde: "one lamp if by land, two lamps if by sea"

IMHO, that was actually a *unary* encoding. ;-)

@will: "Don't interpret lack of comments as lack of interest and don't stop posting these kind of links..." ...Dude, people who have websites know how many people are visiting, they don't need comments to know.

I agree with Christian: its an encoding, not a cypher. Once Eve knows the rule for encoding, nothing stops her from decoding it.

Now if only he had met David Huffman, then they'd have truly declared "Knowledge is Power".

The flower is pretty, though.

NobodySpecialMarch 28, 2011 11:03 AM

I think that was a tribool, 1 by land, 2 by sea, 0 if I get captured first.

Baudot, anyone?

Clive RobinsonMarch 28, 2011 12:50 PM

The antics of "Shakespeare Code" aside the River Bank Publications realy were original thinking for their time.

However the article did get one think wrong Friedman wass not actualy the originator of the US machine rotor cipher he copied many of the features both physical and theoretical from other people (David Khan et al go into the ins and outs of what went on and it does not make for pleasant reading).

The real star is of course Francis Bacon, this man was in a fairly unique place in time, geography and politics. His life works considering the time were absolutly astounding and are worthy of a read even in todays world.

On a historical note we tend to forget that things like logic and many other forms of knowledge had to be re-discovered from earlier times where it had been in effect lost by the behaviour of the real "Barbarians" of early times the Romans et al.

These days Arab Muslims come in for a lot of unpleasent treatment and are looked down on in many ways. However we forget they gave us many things in terms of knowladge cryptography mathmatics engineering and science. Importantly unlike many other faiths "learning" was an integral part of the faith which gave rise to Universities and other places of learning, not just of faith but all subjects.

KNOWLEDGE IS POWEMarch 28, 2011 12:57 PM

"The intended message was the Baconian motto “Knowledge is power,” but there were insufficient people to complete the r (and the w was compromised by one soldier looking the wrong way)."

I hate it when that happens.

Johdpurs and boots look should be on The Sartorialist.

Dirk PraetMarch 28, 2011 3:05 PM

@ Clive

"However we forget they gave us many things in terms of knowledge cryptography mathmatics engineering and science."

Absolutely true, but they mostly built upon knowledge of much earlier cultures they had either conquered or assimilated (Sumerian, Babylonian, Persian, Accadian, Indian etc). The most notable culprits of lost knowledge were not so much the Romans but the medieval church and those parties responsible for the destruction of the library of Alexandria. The latter alone set back science (mathematics, history, astronomy) with somewhere between 500 and a 1000 years, and it has been argued by many that had it survived the theory of relativity would have been around as soon as early Renaissance. Unless we had self-destructed, we would by now have been colonising Mars.

David ThornleyMarch 28, 2011 3:20 PM

@Dirk Praet: All advanced cultures are mostly built on knowledge from much earlier cultures. The Arabs were no exception.

BTW, which destruction of the Library of Alexandria were you thinking of? It was burnt more than once over the centuries.

Also, the theory of relativity wasn't just Einstein thinking about the Universe while slacking off at the patent office. It was firmly based on the physics experiments of the time, most prominently Michelson-Morley. Without the ability to build things to precisions attained only in the late 19th Century, there would be few experiments confounding Newtonian physics, and no reason for relativity. Unless you're going to maintain that Alexandria had the world's supply of precision machines and/or expert machinists, which is not supported by the classical authors I've read, it's going to be hard to argue that relativity would have come much sooner than it did.

Dirk PraetMarch 28, 2011 4:45 PM

@ David Thornley

I'm well aware of the fact that it got torched several times. Hence my reference to "parties". Like Carl Sagan, it would be my first choice of destination if I could travel back in time just once, and preferably to a point in time somewhere just before the arrival of Julius Caesar. I'd like to think that engineering - the ability to build things to precision - would well have kept pace with the mathematics, physics and astronomy built upon the knowledge of the Alexandrian library scrolls, but I guess my first search would go out to the first part of the history of the world according to the Babylonians, alledgedly covering the period 430,000 BC till the great flood.

After all the direct refs to Shakespeare, did anyone catch the Hamlet paraphrase in the article's last line?

IIRC, didn't some photo or video of US prisoners in the Vietnam War, who were supposedly assuring the world of their fair treatment at the hands of their captors, have the soldiers spelling out "help" with their fingers, perhaps using the Deaf Alphabet? (More subtle than the Village People doing "YMCA".)

The main photo here is a bit conspicuous. In almost all group pix where the group is the focus (rather than, say, the scenic attraction behind or to the side of them), *everyone* looks at the camera. Some not doing so could arouse suspicion. Many other things could be varied less conspicuously -- hands clasped or at side, slight tilt of head while still looking at camera, medals -- use your imagination.

Still, clever. (Now, search this message for steganographic/encoded message!)

The more one plays with this concept, the more fun it becomes.

Here's one that would work in November through the end of the year, at least in the US:

You string multi-color outdoor Christmas lights (or "seasonally-decorative lighting" for the PC crowd) on your home, apartment, office, whatever. Most have at least red. blue, green, and yellow, and often, one or more of orange, pink, white, or others. Before hanging them outdoors, arrange according to the code predetermined with your contact. Your contact doesn't have to be anywhere near you. Post a pic of your house or whatever on your MyFace page, along with, "Season's Greetings from Tommy and family!" Add clutter/noise - lots of other pics without any other meaning. Family, pets, vacation, snowy landscapes, Santa ... Slogans, page decorations, etc.

One possible code, with five colors: Your recipient reads the lights in the pic, left-to-right, two at a time.

RR = a
RB = b
RG = c
RY = d
RW = e
BB = f etc.

This gives 25 possibilities, enough to cover the alphabet (combine i/j or q/k or whichever is agreed beforehand). A standard string is 50 lights, so that's 25 characters. For shorter messages: (abort) or (go sixam thur), the rest becomes salt, with the message interspersed anywhere.

For longer messages, you could buy a 100-light string, or hook another 50 in series, though it starts to get difficult with issues of pic resolution, etc. Or just string lights to create a 25-character encrypt/decrypt key, and send messages with, say, AES-256, using that key. Not as strong as case-sensitive, numbers, and keyboard chars, but still 8.9 x 10^34 brute force possibilities, which should keep your adversary busy for a little while.

If that's not enough, go to three-light combos. That's 125 possible characters per combo, which is almost enough for UTF-7. It easily covers the 90-100 characters on a conventional keyboard, which brings your AES key to (laptop with 90) 6.5 x 10^125, but you now have only 16 characters per message.

This could probably be done only once, in case you are under surveillance. Hanging lights at the right season is not an alarm bell, but taking the string down and re-hanging (after re-arranging the lights) could well be, esp. if the surveillance is continuous.

To make cracking more difficult (esp. if the adversary reads Bruce's blog, lol), the reading algorithm could be different. E. g., read the string right to left; read it L-R but with each group reversed, eg. RBGY is decoded as BR - YG, or other types of endianness; read all odd-numbered first, followed by all even-numbered, etc., etc.

One can play with this endlessly. And it gives a new meaning to the word "string". :)

Clive RobinsonMarch 29, 2011 5:30 AM

@ Dirk Praet,

"Absolutely true, but they mostly built upon knowledge of much earlier cultures they had either conquered or assimilated"

That is true and they said as much (unlike many others of the time), however in many respects they took those things on and developed them in a very short period of time. Much of this rapid development was only possible due to the stability and peace they brought.

With regards my Barbarians comment as we are now finding out in the main it was the Romans who acted in a barbaric way towards the many other races around them.

However the Romans were by no means the only ones to behave in a barbaric way (hence my et al), they get the finger pointed at them because of the way they recorded their history quite falsely in their various monuments and thus left a sufficiently tangable record of their activities.

And as you note it carried on for many centuries in one way or another and arguably still continues today.

Untill fairly recently one of "the spoils of war" was to write history from "the victors perspective" and in the past counter evidence was difficult to write let alone pass down the generations.

Reminds me of XKCD code talkers :-)
http://xkcd.com/257/

richard kennedyOctober 15, 2012 10:17 PM

The bare-legged soldier (he is an A) would represent two more As. The only other leg skin showing are the pretty ankles of Elizebeth Friedman, who is an A, so there are two more As, which completes the R in "Power".

E-mail is optional and will not be displayed on the site.

Remember Me?

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>