
200-year-old ciphers may reveal the location of treasure buried in Virginia - prostoalex
http://mentalfloss.com/article/540277/beale-ciphers-buried-treasure
======
rwallace
> That attitude would reign among professional cryptanalysts until January
> 1970, when Dr. Carl Hammer, Director of Computer Sciences at Sperry-Univac,
> made a startling revelation at the Third Annual Simulation Symposium in
> Tampa, Florida. He had analyzed the Beale ciphers with a UNIVAC 1108
> computer and compared the codes to the musings of a random number generator.
> The results showed signs of an intelligent pattern.

> “Beale Cyphers 1 and 3 are ‘for real,’” Hammer concluded. “They are not
> random doodles but do contain intelligence and messages of some sort.
> Further attempts at decoding are indeed warranted.”

Be careful of concluding that. The human brain is a bad random number
generator. A hoaxer trying to write random gibberish in those days would do it
by hand, not by rolling dice to ensure uniform randomness, and the handwritten
gibberish would inevitably contain patterns.

------
Animats
A book code. Someone could run it against every digitized book earlier than
the date of the code. With enough off-peak AWS instances...

~~~
janwillemb
The problem would be to define what is considered a successful outcome,
measurable by an automated system.

~~~
tobinfricke
Indeed, even if you decode the supposedly "cracked" Beale letter, you get
nearly complete gibberish:

ihaie depos otedi nthec opntt olBed oorta boupf ourmi lesfr ombul ordsi nanep
caiat ionor iault sipfe stbel owthe surla csoft hhgto undth sfotl owing artic
issbe aongi ngjoi otltt othep artfe swhos lnamf sateg iieti nnumb erthr ffhtt
ewith

[https://nibot-lab.livejournal.com/tag/beale%20ciphers](https://nibot-
lab.livejournal.com/tag/beale%20ciphers)

It's almost certainly a hoax.

~~~
mickronome
It's almost certainly a hoax, but any book substitution cipher is very
sensitive to errors both in counting, and in exactly which book. From that
perspective, if you remove the spaces, it's almost intelligeble even to a non
native speaker. Observe:

    
    
      ihaiedeposotedinthecopnttolBedoortaboupfourmilesfrombulordsinanepcaiationoriaultsipfestbelowthesurlacsofthhgtoundthsfotlowingarticissbeaongingjoiotlttothepartfeswhoslnamfsategiietinnumberthr ffhttewith
    

i haie deposoted in the copntt ol Bedoort aboup four miles from bulords in an
epcaiation or iault sip fest below the surlacs of thh gtound ths fotlowing
articiss beaonging joiotltto the partfes whosl namfs ate giiet in number
thrffhtte with

I have deposited in the county of Bedoort (Bedford?) about for miles from
bulords in an epcaiation or vault/fault six feet below the surface of the
ground.

Supposedly epcaiation is excavation, that one I didn't get. Some of the latter
parts I also have trouble reading without guessing a lot. Like 'joiotltto' and
'thrffhtte'.

~~~
killaken2000
Also in the past there was no standardized way of writing words so its
possible that some spellings are off by today's standards.

I remember when the spellings of words became standardized.

------
DoctorOetker
Wow!

What is the probability that a trivial variation on the decoding method
results in otherwise unreadable text BUT STARTING with "sited at" ??? roughly
26^6?!?

1) I used/fixed Tobin Fricke's (@tobinfricke) doi-decode.c to first fix the
indexing/versions of the Declaration of Independence. The result can be found
in the thread:
[https://news.ycombinator.com/item?id=17337421](https://news.ycombinator.com/item?id=17337421)

2) Due to the quasi alphabetic sequences in beale.1 I came to the conclusion
that beale.1 is in fact just scratchpad notes containing fragments of look-up
table to use while encrypting, so is not the location file. Bummed at the lack
of a location file, I just pressed on out of curiosity for the names file
(beale.3)

3) I next tried some trivial variations on the cipher concept (second letter
of each word, last letter etc) such that the kolmogorov complexity increase of
the decoding would be nearly zero, but always got rubbish.

4) Until I tried a trivial variation (not giving yet, perhaps after convincing
myself it is absurd coincidence), giving "sitedat...." with "..." being
rubbish text.

EDIT1: the same decoding also contains "twograil" somewhere in the middle, but
not as convincing, does "two grail" signifiy something in the area?

------
hagreet
"As long as a key is available, a substitution cipher is a safe, simple way to
encrypt a message." ...quality article

~~~
yorwba
I can't tell whether you're being sarcastic, but the article is essentially
correct. The security of an encryption algorithm doesn't depend on how complex
it is if you never reuse the key, because a uniformly random key produces
uniformly random output for any input. Only key reuse can introduce
statistical regularities that allow cryptanalysis to be applied. The reason
most encryption algorithms are more complex than simple substitution is
exactly that they are intended to allow applying a relatively short key
multiple times, both to encrypt messages longer than the key and to encrypt
multiple messages.

~~~
shawnz
> a uniformly random key produces uniformly random output for any input.

This is clearly not true for a simple substitution cipher though, otherwise it
couldn't be attacked with frequency analysis

~~~
olliej
A one time pad is a specific case of substitution cipher (it’s a
generalization of vignere) where the key is the length of the document. It is
probably secure - as in it is actually impossible to break.

The reason one time pads are not used in general is that you need a “perfect”
rng, and you have to be able to get the random values to the recipient. Those
old “person traveling with brief case of secrets” trope was a real thing. Key
distribution is the problem solved by public key cryptography. But you can’t
use one time pads with public key crypto, because the weakness is then
breaking public keys (which is probably possible).

Stream ciphers loosely acted like a one time pad in that you generate a
“random” stream and xor with the message. But it doesn’t reach the actual
requirement of security for a one time pad because the key is the RNG seed,
which means you can brute force the seed key space and only the correct key
will produce a completely sensible decrypted output.

A true one time pad means that a brute force search of the key space for a
message of length N will find every valid message of length N.

Eg an 11 letter message would produce (among others) “hello world” and “hello
earth” as well as “die planet!”.

------
flashman
The first cipher gives directions in yards, in this order: east, south, west,
north. When followed in order, this gives a location just north of an old
dolomite quarry, 3.95 miles from Buford's Tavern. It's not far off the
Appalachian Trail, but not so close that you would stumble on it accidentally.

------
wet_grass_sound
What is point of finding it if the govt is going to claim it?

~~~
nighthawk1
After black swan, it seems like big treasure hunting is close to hopeless
[https://en.m.wikipedia.org/wiki/Black_Swan_Project](https://en.m.wikipedia.org/wiki/Black_Swan_Project)

~~~
sethrin
> "The ineffable truth of this case is that the _Mercedes_ is a naval vessel
> of Spain and that the wreck of this naval vessel, the vessel's cargo, and
> any human remains are the natural and legal patrimony of Spain."

Legal opinion seems to be fairly solid on this point. Perhaps the lesson
instead should be to not pillage national warships.

