By: admin on Oct. 16, 2023, 11:07 a.m.
An English plaintext of length 4272 was encrypted with the Hutton cipher, a pen-and-paper cipher from 2018. The length of the two passwords is also known. Can you successfully perform a ciphertext-only attack?
Read more…
By: george4096 on Nov. 14, 2023, 11:50 a.m.
Hi
First, thanks for this very interesting cipher and the related challenges.
Would it be possible to know approximately how old the text is? Last 10 years? Last 50 years? Last 100 years?
Thx George
By: Eric Bond Hutton on Nov. 16, 2023, 11:02 p.m.
A month has passed, and still nobody has cracked my ciphertext. My faith in my cipher is restored!
George Lasry, my plaintext belongs to this side of the millennium. But that is not going to help you: it is original and not available online. Brute forcing would seem to be your only option. (Unless I am very much mistaken, only known-plaintext and brute-force attacks have succeeded in cracking my ciphertexts to date.)
However, given that the keywords are randomly generated strings of nine or fewer letters each, you have a total of 31,885,038,232,323,309,541,385,956 possible combinations to try—at least according to a formula I devised for the purpose.
Let's suppose you have a computer capable of trying one million pairs of these keywords a second. (Whether this is at all realistic, I have no idea.) How long will it take to try all those combinations? The arithmetic is elementary, so I won't bore you with it. The answer, given an average calendar year of 365.2425 days, is 1,010,396,638,824 years—to the nearest year. Which is pretty good for a simple pen-and-paper cipher. Perhaps I'll hear from you with the correct decryption sometime in the next umpteen billion years—sooner if you buy yourself a quantum computer in the meantime!
By: george4096 on Nov. 17, 2023, 2:09 a.m.
Dear Eric
Many thanks for finding the time to write this answer. And most and foremost, for creating this series of highly engaging exercises, with a quite original cipher.
Indeed, I am fully convinced that without a known plaintext, or parts of the key, it is practically impossible to recover the key from a single message, given that both key lengths are above 5 or so. In that sense, the security of the Hutton cipher is comparable to the security of the famous Chaocipher.
I would suggest reclassifying this challenge as Level III.
There are still some interesting research questions which are worth exploring. 1) What is the minimal amount of plaintext needed to recover the key. 2) Can the key be recovered if a series of messages in-depth are available. William Friedman, when approached by the creator of the Chaocipher, asked him to send a series of 25 messages in-depth, in order to evaluate the security of his proposed scheme.
Would you be willing to consider some follow-up challenges (Level II) to stimulate research on those topics. For example, a challenge with 100 letters of given plaintext and another one with only 50/40. And a set of 25 messages in-depth (with short texts - less than 100 letters - not available on the Internet).
Working on this cipher is really fun, even if I did not solve Challenge 5. A few more challenges would be greatly appreciated, not just by myself.
Many thanks again! George
By: Eric Bond Hutton on Nov. 23, 2023, 6 p.m.
There are 21 instances of a numeral being spelt out.
