It’s been quite a week in the world of cryptography. For a field in which advancements are measured in the smallest of terms and major breakthroughs can take decades, the three big news stories involving cryptography in the last few days comprise an epochal event.
Perhaps the most interesting of the three stories is the news that a mathematician from Princeton, N.J., has cracked a cipher contained in a 200-year-old letter sent to Thomas Jefferson by a friend. The cipher had resisted all solution attempts over the years, until Lawren Smithline got hold of it a couple of years ago. After puzzling over the cipher, which was designed by Robert Patterson, a mathematics professor at Penn, for some time, Smithline settled on an approach that eventually worked.
From The Wall Street Journal:
“Mr. Patterson then included in the letter an example of a message in his cipher, one that would be so difficult to decode that it would “defy the united ingenuity of the whole human race,” he wrote.
Undaunted, Dr. Smithline decided to tackle the cipher by analyzing the probability of digraphs, or pairs of letters. Certain pairs of letters, such as “dx,” don’t exist in English, while some letters almost always appear next to a certain other letter, such as “u” after “q”.
After about a week of working on the puzzle, the numerical key to Mr. Patterson’s cipher emerged — 13, 34, 57, 65, 22, 78, 49. Using that digital key, he was able to unfurl the cipher’s text:
“In Congress, July Fourth, one thousand seven hundred and seventy six. A declaration by the Representatives of the United States of America in Congress assembled. When in the course of human events…””
In other crypto news, a group of researchers has developed a new attack on the AES encryption algorithm. The attack is the first one on AES that is better than a brute force attack. From Bruce Schneier’s analysis of the attack:
“While this attack is better than brute force — and some cryptographers will describe the algorithm as “broken” because of it — it is still far, far beyond our capabilities of computation. The attack is, and probably forever will be, theoretical. But remember: attacks always get better, they never get worse.”
And then there’s the revelation that Ron Rivest and his team have withdrawn the MD6 algorithm from the NIST competition to find a replacement for the SHA-1 family of hash functions. Rivest withdrew his submission because he didn’t believe it was ready for the next round of competition because he couldn’t offer a proof of security against certain types of attack.
The withdrawal was a surprise, although Schneier, who also has submitted an entry for the SHA-3 competition, said it was “a very classy withdrawal, as we expect from Ron Rivest — especially given the fact that there are no attacks on it, while other algorithms have been seriously broken and their submitters keep trying to pretend that no one has noticed.”