back to article Declassified files reveal how pre-WW2 Brits smashed Russian crypto

Efforts by British boffins to thwart Russian cryptographic cyphers in the 1920s and 1930s have been declassified, providing fascinating insights into an obscure part of the history of code breaking. America's National Security Agency this week released papers from John Tiltman, one of Britain’s top cryptanalysts during the …

Page:

  1. John Sager

    That theory is testable

    With the volume of Venona decrypt available (only a few percent of the total AFAIR), it should be possible to verify if it's always or mostly a mix of KGB traffic with GRU traffic that decrypts.

  2. Alan Brown Silver badge

    > "They both selected a secure printing works that usually produced banknotes and gave strict instructions that only two copies of each pad should be printed," Lomas commented. "The printers decided to print four copies of each pad then send two each to the KGB and GRU.

    Who's to say they didn't do the same for banknotes?

    1. Anonymous Coward
      Anonymous Coward

      I've seen lots of Soviet era banknotes, as they still used them up until at least the mid 1990s. The one ruble note never seemed to have a serial number greater than seven digits, so they might not have been unique.

    2. TheVogon

      "Who's to say they didn't do the same for banknotes?"

      No one. But it would have devalued the currency exactly the same.

      1. Jim Mitchell

        @TheVogon

        Wouldn't that only happen if people knew? I mean, print a run for the government, print some duplicates for you...

        1. eldakka

          > Wouldn't that only happen if people knew? I mean, print a run for the government, print some duplicates for you...

          I can see the print shop operators now:

          "one for you, one for me, one for you, one for me"

          1. Ken 16 Silver badge
            Big Brother

            From each according to his ability

            to each according to his need?

          2. J.G.Harston Silver badge

            Nah, it goes: one you you one for me, two for you one two for me, three for you one two three for me....

        2. TheVogon

          "Wouldn't that only happen if people knew? I mean, print a run for the government, print some duplicates for you..."

          No, it it's basic economics that printing more currency will devalue it:

          https://www.economicshelp.org/blog/634/economics/the-problem-with-printing-money/

          1. Red Ted
            FAIL

            Devaluation of the Ruble

            No, it it's basic economics that printing more currency will devalue it

            That's the ruble that Comrade Lenin specified the value of?

            Also in an economy the size of the USSR, you'd need a lot of extra bank notes to reduce it by much, so as long as you kept the numbers low relative the amount of money in circulation it wouldn't have much effect, but you could still be very very rich.

            1. TheVogon

              Re: Devaluation of the Ruble

              "That's the ruble that Comrade Lenin specified the value of?"

              He controlled the official foreign exchange rates and many prices. No one given a choice stuck to the official exchange rates. Or the Rouble for that matter.

              The point was that the devaluation effect does not require consumer knowledge that additional currency has been issued.

          2. strum

            >it's basic economics that printing more currency will devalue it

            Over-reliance on economic theory. If a ruble is worth what Stalin says it is, anyone who says otherwise won't need rubles no more. End of theory.

            1. TheVogon

              "Over-reliance on economic theory. If a ruble is worth what Stalin says it is"

              No, because then it doesnt function as currency in a normal market economy. It's effectively a scrip from a truck system of payment.

      2. Anonymous Coward
        Anonymous Coward

        "But it would have devalued the currency exactly the same."

        True but to the printer it would still be "free" if slightly devalued money.

  3. Anonymous Coward
    Anonymous Coward

    Find it difficult to believe

    Most USSR pads from that period were just bog standard books. The outgoing communications from Russia to spies abroad consisted of sequences of numbers which were page and symbol positions in it. This one repeats a gazillion times in literature (both historical and fiction) so there is quite likely to be a grain of truth in it. As a result there was absolutely nothing incriminating in a spy's house as the books in question were mostly fiction.

    I do not know about the communications back to USSR, but I would be surprised if they were different. If you have a system which works flawlessly in one direction, why bother with something in the other?

    1. Trygve Henriksen

      Re: Find it difficult to believe

      It's not so difficult to believe...

      The pads were used by embassies and such, as they often have a need to confer with home over a secure channel, knowing that anyone could be listening in on the conversation.

      Spies would mostly try to avoid any situation whereeven part of the conversation could be captured, as not only the message, but also the sender and receiver would be secret.

      OTPs and other codebooks is something you'd expect to find in an embassy or in the comms on a battleship, but not in someone's home. It's also very difficult to transfer a code books and OTPs to field agents without them being compromised.

      1. JeffyPoooh
        Pint

        Re:filling the OTP by restricted-purpose 2nd use

        TH noted, "It's also very difficult to transfer....OTPs to field agents without them being compromised."

        I suspect that a given section of One-Time Pad (OTP) could be safely reused a 2nd time, but *ONLY* to send some random gibberish to essentially refill the OTP itself at the far end. This would permit effectively-endless OTPs to be more easily distributed (i.e. continuously refilled) using the same remote communications channel, thus avoid the bother and peril of physical delivery.

        Here's why it seems safe: The fact that the 2nd use of the same OTP block is to carry random gibberish (i.e. more random bits to refill the OTP) means that the usual subtraction attack doesn't accomplish anything. Think about it...

        And, since each encrypted message remains fully-independent of the previous, they don't carry any residual information about other messages. So there's 'nobody home' in the statistical analysis department.

        The only obvious downside is that the resultant chain of communications would be like a house of cards. One decryption anywhere in the sequence, and the entire sequence of messages would fall open. Risk management would be required to evaluate the pros and cons.

        The same basic concept (assuming my suspicion is correct) would apply to both manual OTPs and the electronic high-speed equivalent; and that might be more widely applicable for modern applications, even endless streaming.

    2. Rich 11

      Re: Find it difficult to believe

      If you have a system which works flawlessly in one direction, why bother with something in the other?

      It only works flawlessly as long as the choice of book remains unknown: discover it and you can decrypt all the traffic you've intercepted in the past between those two parties. Users of a one-time pad are supposed to destroy each sheet after use so that even if the pad falls into enemy hands it can never be used to expose historic communications.

      1. David 164

        Re: Find it difficult to believe

        Now with the advent of digital library and very large computing capacity, I presume that using this method now insecure as places like GCHQ can brute force crack the code by running through every book in their digital library until they find the right one.

        1. phuzz Silver badge

          Re: Find it difficult to believe

          GCHQ can brute force crack the code by running through every book in their digital library

          Not every book is digitised, and different printings of books can vary enough to make them effectively unique as cipher pads. I do agree though that's it's more tricky than it used to be, but if Alice and Bob are sufficiently cryptic in how they define which page/paragraph/word/letter then they could defy purely automated analysis.

          1. Alan Brown Silver badge

            Re: Find it difficult to believe

            Like for instance, sending them as chess moves....

      2. Hans Neeson-Bumpsadese Silver badge

        Re: Find it difficult to believe

        Users of a one-time pad are supposed to destroy each sheet after use so that even if the pad falls into enemy hands it can never be used to expose historic communications.

        Which works unless your method of disposal is to re-purpose them as bog roll because your supplies of that has run out. During the cold war, western spies went fishing used paper from the sewerage systems under at least one eastern bloc embassy to get hold of used one-time pads.

  4. JacobZ

    The clue is in the name

    "By reusing one-time pads..."

    There's a clue in the name, folks.

    1. Adam 1

      Re: The clue is in the name

      It is, but many people may not understand how it enables differential cryptanalysis. They may intuitively understand that it lowers their own security but totally misunderstand the threat model. In their minds, the risk is about whether their own message may be read, not whether they are enabling the reading of another message if the adversary holds both messages but not the key.

      1. DropBear

        Re: The clue is in the name

        Also, being aware that (properly used, properly random) one-time pads are the strongest encryption there is, laypeople might not grasp the magnitude of their gaffe when re-using it twice, possibly thinking "well maybe it's a bit weaker this way but surely it must still be plenty strong..."

        1. Antron Argaiv Silver badge

          Re: The clue is in the name

          The Russians are well known for their mathematical ability. It's surprising to me that the risks of re-use were not strongly impressed on the users.

          Oh, well, their loss. Maybe they've learned.

          1. Anonymous Coward
            Anonymous Coward

            Re: The clue is in the name

            "The Russians are well known for their mathematical ability. It's surprising to me that the risks of re-use were not strongly impressed on the users."

            The article implies that the pad printers sold duplicate pads to both agencies. The agencies and their users were probably not aware of this.

      2. keithpeter Silver badge
        Coat

        Re: The clue is in the name

        OK, so if I write a couple of short messages as plain ascii (7 bit) and then use

        xxd -b <message-files>

        to dump the binary (1s and 0s), reformat to mimic a paper tape or something, and then XOR the result to get rid of the two-time key, it should be a reasonable simulation of the problem facing the chaps in the 1950s?

    2. Jemma

      Re: The clue is in the name

      ... Doesn't matter - the NHS would still photostat them to save money.

      Reminds me of the mating call of the lesser-spotted incompetent teacher "I didn't photostat enough so it's one between two*" because I can't frigging count (and it's a maths lesson).

      *And not the fun type of one between two where one of the two is blonde and the other filipina.

  5. Milton

    Paranoia and hot pockets

    Paranoia about hyper-computers, quantum computers and rumoured breathroughs such as fast-factoring algorithms in the last five to 10 years seems to have fuelled a quiet resurgence in one time pads (OTPs).

    Thus Boris, politely invited to step out of the queue because he (a) travels alone, (b) has minimal luggage, (c) has a certain unmistakable bearing, emits a brief burning-plastic smell before he says "Bozhe moi, phone smokes!" and with practised humility explains in fractured English that his crappy East European phone must have a bad battery. Another quarter-gigabyte of OTP has just been roasted—with plausible deniability.

    And there are now many Borises, Jacks, Maurices, Joses and even a few Rachels and Tatianas, couriering the wondrous globe with excellent passports, over-rated language skills, lamentably giveaway body language (always the weak point) and tiny silicon chips the size of pinky-nails concealed hither, thither and even yon.

    We're close to inventing a (possibly quantum-tech) OTP which can be read only once, thereafter erasing itself without the need for Boris or Rachel to tickle the "Blown" button—useful, if only to relieve many small rooms in large airports of the smell of melted secrets.

    1. ArrZarr Silver badge
      Coat

      Re: Paranoia and hot pockets

      When you started talking about "Boris", I though you meant Boris Johnson.

      The broken English part made sense and from there I had visions of BoJo being a Russian spy until I realised what you actually meant.

      1. Anonymous Coward
        Big Brother

        Re: Paranoia and hot pockets

        Oh, I'd been assuming that he was a Russian agent. It would really make a lot of sense: endlessly making damaging apparently-idiot-comments from the sidelines ('fuck business [... comrade]'), repeatedly destroying fragile consensus in the government, damaging our image abroad, travels abroad a lot where he no doubt has copious opportunities for assignations of various kinds, suspiciously supportive of Trump, and so on.

        I mean, obviously none of this is true and he's a good patriotic Englishman, of course. Of course.

      2. Anonymous Coward
        Anonymous Coward

        Stooge

        I can't imagine him being described as an intelligence asset nor even a useful idiot.

      3. Joe Gurman

        Re: Paranoia and hot pockets

        I thought the meant Boris Badenov, always foiled by moose and sqvirrel.

    2. DropBear

      Re: Paranoia and hot pockets

      I suggest that having your phone catch fire exactly when you're "invited to step out of the queue" would be the polar opposite of plausible deniability. Especially after it happened for the second time (with someone else).

      1. keithpeter Silver badge
        Coat

        Re: Paranoia and hot pockets

        My cheapo Android tablet gave me the choice of encrypting its storage when I set it up. Took a couple of minutes. I'm assuming the result is a 16Gb ssd filled with random numbers. Could a otp not just be made to look like an ssd with encrypted storage until the authorities started to compare a number of devices and realise the amazing coincidence of identical random numbers?

        Coat: Copy of MR-1418-RC in the (large) inside pocket

    3. frank ly

      Re: Paranoia and hot pockets

      "... lamentably giveaway body language (always the weak point)..."

      Can you tell me what you mean by this so I can work on improving my posture and behaviour?

    4. Lord Elpuss Silver badge

      Re: Paranoia and hot pockets

      @Milton

      Upvote purely for your writing style :D

    5. Sam Liddicott

      Re: Paranoia and hot pockets

      I hope you start writing for el Reg -- I mean not just in the comments section

    6. adam 40 Silver badge

      Re: Paranoia and hot pockets

      An OTP that can be read only once doesn't seem useful at all, it must be read precisely twice.

      Perhaps you mean two quantum-entangled OTP's? Now, THAT might be useful...

      1. Berwhale

        Re: Paranoia and hot pockets

        OTPs are produced in pairs, each one would only be read once (i.e. 1st copy of OTP held by agent used to encrypt, 2nd copy of OTP held by Control used to decrypt).

  6. YourNameHere

    persistence

    If you read some of the books like "Code Warriors" you will become to understand what word persistence and determination mean. They go through how some of these techniques were done. If I remember right they go through codes that were broken via this method. I just shook my head at how hard core, hard nosed and determined these types of people are.

  7. Hey Lobotoman! CALL -151!

    US FOIA request declassifying UK documents?

    I wonder how this FOIA disclosure was possible, as the US government has supplied source documents from its FIVE EYES partner. Presumably, the UK Govt had to declassify this first.

    1. Julz

      Re: US FOIA request declassifying UK documents?

      # Hey Lobotoman! CALL -151!

      Our cousins over the pond routinely declassify stuff that is still classified here in Blighty. Causes considerable discomfort and shuffling around in seats among the select few.

    2. phuzz Silver badge

      Re: US FOIA request declassifying UK documents?

      If it's not harming US interests, then why not declassify? It's not like the UK can do much if they object.

      See also; the CIA declassifying details of U2 flights over the USSR in the 1960's, which confirmed the involvement of RAF pilots, whilst the UK files on the subject are still classified (if they even still exist).

  8. Rustbucket

    Alternative Venona

    The story I read is that as the Nazis advanced into Russia the part of the code section responsible for generating the random numbers for the one time pads was evacuated to the east but the printing staff were left behind, so they started reusing pages.

    They did not reuse whole books at a time but mixed up pages between new books. When the implications of the reuse were understood the staff were afraid to warn their superiors, because they would likely have been sent to Siberia or executed for the initial mistake.

    1. FrankAlphaXII

      Re: Alternative Venona

      That's basically how James Bamford described it in "Body of Secrets".

      There were 35,000 duplicate pages printed by the 8th Main Directorate of the KGB in early 1942, and they had 30,000 intercepts that were encrypted using said duplicate pages out of about a million intercepts. The duplicated one-time pads (I guess two-time pads) were used from 1942 to 1948.

      In the book, Bamford suggests that they were duplicated by Soviet cryptographers creating the one-time pads using carbon paper. It was careless and the Soviets paid for it.

  9. Anonymous Coward
    Anonymous Coward

    Russians! See? See?

    Like oh my God! I know, right?

    Respectfully,

    Rachel Maddow

    1. Anonymous Coward
      Anonymous Coward

      Re: Russians! See? See?

      Donald/Devin/Sarah,

      This is far beyond anything you can begin to hope to understand, so do yourself a favor and stop before you embarrass yourself further.

      Let the grown-ups and people with an IQ higher than their toothbrushes discuss it. Thanks.

      V/r,

      Signals Intelligence Collector

      1. Anonymous Coward
        Anonymous Coward

        Re: Russians! See? See?

        My apologies, will do!

        Just how much would you like your budget increased this year? Would another 50% work for you?

        No moral hazard there. No sir.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like