6.14 CRIBBING SZ40 CIPHERTEXT

Much of the cryptanalysis of SZ40 ciphertext described next is included in a Master's Thesis at U.C. Santa Barbara by Nitesh Saxena.

Depth (in ciphertext) occurs when two or more SZ40 ciphertexts yi (i = 1, 2,…) were intercepted in a period

  • During which the pin-wheels are unchanged and
  • Both messages are identified with the same indicator.

The computation of the differences with depth Δ y1,2y1 + y2 = Δx1,2, ≡ x1 + x2 eliminates the key. The differenced plaintext might be searched for probable words (cribs); for example,

  • German cipher-clerks often prefaced their messages with SPRUCHNUMMER (= message number), and
  • Messages might contains references to various organizations such as LUFTWAFFE, WEHRMACHT, OBERKOMMANDO, or GESTAPO.

For example, if the crib SPRUCHNUMMER might be slid across the differenced ciphertext; with the letter S in position j, the XOR of the crib and the difference plaintext produces putative plaintext:

image

The fragment of putative plaintext x2(j), x2(j + 1), x2(j + 2),…, x2(j + 8), x2(j + 9), x2(j + 10) is tested; if it is (grammatically) readable text, a hit has been obtained, which might reveal additional plaintext. With good luck, both plaintexts x1 and x2 may be read and the common key k used to encipher them recovered.

Early in the GCHQ SZ40 cryptanalysis, an interception of the near-repeat of a message of 4000 characters enciphered ...

Get Computer Security and Cryptography now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial