
Cryptanalysis with Reasoning Systems - saycheese
https://chriskohlhepp.wordpress.com/reasoning-systems/gchq-2015-crypto-puzzle-full-analysis/
======
saycheese
If you want to try solving the puzzle on your own, here's how to get started.

___

(1) Download the single image for the puzzle:
[https://www.gchq.gov.uk/sites/default/files/grid-shading-
puz...](https://www.gchq.gov.uk/sites/default/files/grid-shading-puzzle.jpg)

(2) Read: In this type of grid-shading puzzle, each square is either black or
white. Some of the black squares have already been filled in for you. Each row
or column is labelled with a string of numbers. The numbers indicate the
length of all consecutive runs of black squares, and are displayed in the
order that the runs appear in that line. For example, a label "2 1 6"
indicates sets of two, one and six black squares, each of which will have at
least one white square separating them.

___

Source: "A Christmas card with a cryptographic twist for charity" (2015)

[https://www.gchq.gov.uk/news-article/christmas-card-
cryptogr...](https://www.gchq.gov.uk/news-article/christmas-card-
cryptographic-twist-charity)

___

SPOILER-1: The above puzzle links to other puzzles, which maybe found here:

[https://www.gchq.gov.uk/puzz](https://www.gchq.gov.uk/puzz)

SPOILER-2: GCHQ's solutions to all of the puzzles is here:
[https://www.gchq.gov.uk/directors-christmas-puzzle-
answers](https://www.gchq.gov.uk/directors-christmas-puzzle-answers)

------
tom_mellior
This is somewhat interesting, but some of the terminology is idiosyncratic
("lambda closures") to the point of being downright confusing ("attack
vector").

The pre-analysis in the _derive-known-plaintext_ is particularly interesting
because it's the key to making this tractable. But pieces are missing... Does
anyone understand this well enough to explain what _known-plaintext_ and
_matrix-match_ would be? I can't even work out their types with confidence.

~~~
tom_mellior
OK, I took what I understood the idea of this preprocessing to be and
implemented it in Prolog (257 lines including data and comments, maybe 100
lines of "real" code):
[http://pastebin.com/fLXKRKQ6](http://pastebin.com/fLXKRKQ6)

Some findings:

\- I was wondering why the linked blog post didn't show the results of
_derive-known-plaintext_ (what I call "preprocessing"). It turns out, this may
be because this forward propagation solves the puzzle completely. There is no
need for backtracking search, so there is no need for the whole fancy Screamer
framework.

\- Since preprocessing solves the problem completely, applying the constraints
to its result to "finalize" the solution is instantaneous in Prolog. With
Screamer this takes 3 seconds. Screamer doesn't seem to be all _that_
impressive... At least not for this particular problem.

\- In the case where there are no initial marks on the board, after
preprocessing having marked almost everything, Prolog finds the four possible
solutions in 0.037 seconds on my 2015 laptop. Preprocessing takes a second.

Let me know if you have questions!

~~~
chriskohlhepp
Author here again: and thank you Tom for your feedback. I'm not the author of
Screamer so am not going to defend it's runtime properties. These were not of
interest to me and yes I could recode much of what I did in C++ which I am
more familiar with than Prolog. I work in low latency trading, so I am happy
to take any challenge from Prolog in C++. Bummer would be that I could not
publish my solution. The reason Screamer is in there is to allow the problem
to be expressed declaratively in terms of universal quantification. See also

[https://chriskohlhepp.wordpress.com/reasoning-
systems/specif...](https://chriskohlhepp.wordpress.com/reasoning-
systems/specification-driven-programming-in-common-lisp/)

~~~
tom_mellior
> The reason Screamer is in there is to allow the problem to be expressed
> declaratively in terms of universal quantification.

Sure, though this particular example doesn't show its strengths very well.
Your pre-analysis is so powerful that even in the case where you start with
the empty board, any hand-written primitive brute force enumeration technique
should be blazingly fast.

> I work in low latency trading, so I am happy to take any challenge from
> Prolog in C++.

I'm not saying Prolog is always faster than C++ or Common Lisp :-) I guess I'm
saying that every embedding of a Prolog-like system in some other language I
have seen so far was less powerful, less elegant, and much less performant
than Prolog. This is only partly gloating from a Prolog fan. Another part of
me would very much like to have better such systems integrated with other
languages.

One drawback of Prolog, of course, is that Prolog can be a bit painful to
interface with the rest of your application. Unless, of course, you write
everything in Prolog...

------
kodfodrasz
Most interesting read I had on HN this week. I suggest reading it end to end!

~~~
tastythrowaway2
that's a great IDEA

------
60654
That's a great example of using a problem solver system to solve a constraint
satisfaction problem! It was a fun read.

One nit to pick with the terminology though: solving a cryptogram puzzle is
_not the same thing_ as doing cryptanalysis, eg to determine what constitutes
a weak DES key. Not even the same ballpark. ;)

~~~
chriskohlhepp
Author here: Hello 60654, I fully understand the difference between cracking a
run length encoding problem and finding weaknesses in DES. There are many
tools at the disposal of a security analyst. Another would be CSP and FDR:
[https://www.google.com.au/url?sa=t&source=web&rct=j&url=http...](https://www.google.com.au/url?sa=t&source=web&rct=j&url=http://www.cs.utexas.edu/~shmat/courses/cs6431/lowe.pdf&ved=0ahUKEwjSq9Xhu7TRAhWGmZQKHUWjDt8QFggZMAA&usg=AFQjCNGxf3ifVB-
gnMR0CieJkcesGsyOow&sig2=05lPggciu8183tXLldnLqA). However, that article, like
mine, goes to show how logic programming can very well be used to mount
cryptanalytic attacks. It differs from quantitative statistical methods as
these exploit different weaknesses. Qualitative vs quantitative. Most of the
people with skills in the latter work in quantitative trading and hedge funds
- including yours truly.

------
_e
Does anyone know what the name of the color scheme the author is using in
their terminal?

~~~
mahmud
That's the default emacs color scheme. The terminal is just SLIME.

[https://common-lisp.net/project/slime/](https://common-
lisp.net/project/slime/)

~~~
_e
thank you!

