Hacker News new | past | comments | ask | show | jobs | submit login
Spain cracks King Ferdinand's 500-year-old code (bbc.com)
198 points by jonbaer on Feb 4, 2018 | hide | past | web | favorite | 36 comments



The secret code of the letters of the Great Captain and Fernando the Catholic that the CNI and the Army Museum announced yesterday to have deciphered, had already been discovered previously. Gustave Bergenroth, a nineteenth-century German Hispanist based in England, published his studies on the General Archive of Simancas in the 'Calendar of State Papers, Spain, Volume 1, 1485-1509' in the year 1862. In the preface he explains his journey in the archive and an introduction to how he deciphered the Spanish codes.

https://www.elconfidencial.com/cultura/2018-02-03/codigo-sec...

A known mistery


Link is in Spanish. I found the linked blog post from the physics professor who first noticed that the code had been previously cracked more interesting and informative (also in Spanish): http://elprofedefisica.naukas.com/2018/02/02/el-cni-y-el-no-...


Interesting, here's a good quote beyond the fact that it was already deciphered a century ago (by a 19th century historian, not a cryptanalyst working for a 3 letter agency in 2018):

> First, and contrary to what ABC says, this code is not very sophisticated. It is a monoalphabetic substitution system with homophones to which a set of terms of agreed language has been added. I have a handful of Spanish codes of the time and I can assure you that there are more sophisticated codes than this one. For example, the so-called Clave de los Capitulaciones is similar in form and structure, being at least ten years older; and the General Figure of the Catholic Kings, dated similar to that of the Great Captain, had no less than 670 terms in agreed language.

> Third, these types of keys were already vulnerable to cryptanalytic attacks at that time. Manias such as encrypting only part of the letter, or repeating the used encrypted terms, made them relatively easy to decipher by unauthorized users.

There's also a pictures of what the deciphered key looks like both in the 1800s version on old paper and the CNI's version on graph paper which is interesting.


Link to the photos?



Neat!


One of my Italian professors from undergrad, Marcello Simonetta, also cracked a 500 year-old code. He found an encrypted letter [1] sent by Federico da Montefeltro, the Duke of Urbino, that showed he had helped orchestrate the Pazzi conspiracy [2] to assassinate Lorenzo de' Medici.

Interestingly, to break the code he relied on a code-breaking manual written by one of his own ancestors, Cicco Simonetta [3]! When I first learned about this, I thought it was incredibly silly that he didn't ask a modern cryptographer for help. But in some ways, Cicco's manual, written around the same time, is more useful: it focuses on precisely the kind of codes that would have been used for the letter, and the techniques it describes are reasonably effective (essentially frequency analysis, with some specific tricks for documents written in Latin or Italian). And it is certainly more narratively satisfying that he ended up breaking it on his own, following his ancestor's manual!

If you want to know more, he wrote a book on the subject:

https://www.amazon.com/dp/B001AL6656/

And as another fun bit of trivia, he ended up consulting on the historical aspects of Assassin's Creed II, which takes place in Florence around the time of the Pazzi conspiracy!

[1] http://www.nytimes.com/2004/03/06/books/1478-assassination-s...

[2] https://en.wikipedia.org/wiki/Pazzi_conspiracy

[3] http://cipherfoundation.org/older-ciphers/voynich-manuscript...


Any code more than 50 years old should be trivial to crack by modern cryptoanalysis right? Otherwise we wouldn't be told to only use the very best algos we have on hand. It must have just been a matter of taking the time to crack this particular code.

On a side note, (as long as they mention Rosetta Stone) does writing in another language count as a form of cryptography? If so, it should likewise be trivial to crack any remaining unknown ancient scripts.

But I'm probably being ignorant somewhere here.


The hard part is generally figuring out what cipher is being used. Once you know that, and the cipher is old, modern crypt analysis would probably easily crack it.

This is down to kerchoffs principle, which states that you should not rely on the secrecy of what cipher is being used, only on the secrecy of the key. As such, writing in another language is not cryptography. There is a name for hiding info by depending on the method being unknown: steganography. This includes different using different languages (see the navaho code talkers), or hiding data in the less significant bits of an image, or hiding a message in the first letter of every sentence and so forth.


> This is down to kerchoffs principle, which states that you should not rely on the secrecy of what cipher is being used, only on the secrecy of the key. As such, writing in another language is not cryptography.

Since "language as cryptography" breaks Kerchoff's Principle, doesn't that just make it bad cryptography? Shouldn't that make it all the easier to use cryptanalysis to translate it?

Unrelated point: I thought Steganography was the art of hiding the _fact_ of encryption. If a Japanese analyst hears someone talking in Navajo, it's no secret that some unknown message is being conveyed.


Sorta, but it’s not as though there were tons of options for affordable, near-realtime communications then.

It’s also hard to overstate how obscure Navajo was. Young and Morgan developed a writing system for it in 1937, and the first dictionary was developed as part of the war effort (and thus not publicly available) in the 1940s. The Navy estimated that ~30 non-Navajos spoke the language at the time.

It’s thus pretty unlikely that “this is Navajo” would have been an Axis analyst’s first guess—-and even if it were, there were minimal resources available. The language is pretty far from Japanese or German, which also doesn’t help.

On top of all that, the messages being sent weren’t literal Navajo—-there was sort of a substitution code that used common Navajo words to stand in for military items. The Japanese actually captured a [Navajo solider](https://en.m.wikipedia.org/wiki/Joe_Kieyoomia) but he could not undertatand the transmitted messages.


As I recall one of the benefits of spoken Navajo was the difficulty of distinguishing it from a bad radio signal of some other language.


It had a lot of advantages. A big one being the extremely small number of people who spoke it and who lived exclusively in North America.

They could also have “fun” and make it very hard to crack. For example they could call a submarine a “metal fish” one day and a “sea snake” the next day and leave everybody scratching their heads. As a native speaker they could use subtle context to convey the message and that turns out to be extremely difficult for an outsider to grasp.


It also was not a written language, until more recent times, therefor there was virtually no literary base for a code breaker to draw from.

http://www.lapahie.com/Dine_Bizaad_Right_Btfm.cfm


One time pads have been in use since the end of the 19th century and possibly earlier if they were used correctly and we don’t know the pad that was used 50 years or not you will not break the encryption.

Modern encryption is fast and flexible but there are old ciphers that are just as strong when used correctly.

Modern cryptography is strong due to mainly a few key aspects, randomness which enables us to generate true or near true random keys, key exchange/distribution (electronic communications and various key exchange algorithms like DH) and non alphabetical plain text and keys.

However when used correctly a polyalphabetic cipher like a running key cipher does produce a One Time Pad which is effectively impossible to crack through non exhaustive means.


I am sorry, but this is incorrect.

Supposing by poly-alphabetic cipher you mean a substitution mechanism based on multiple alphabets (https://en.wikipedia.org/wiki/Polyalphabetic_cipher) (e.g. Enigma). This class does not provide information theoretic security. OTP does - it literally defined the notion.

>> Modern cryptography is strong due to mainly a few key aspects, randomness which enables us to generate true or near true random keys, key exchange/distribution (electronic communications and various key exchange algorithms like DH) and non alphabetical plain text and keys.

Maybe I am misunderstanding the statement you want to make here, but modern cryptography is strong because it is based on i) notion of information theoretic security ii) notion of computational security. The latter, upon which e.g. the Diffie-Hellman key exchange or RSA are built, states that distinguishing the output of the function from a particular distribution, can be used to solve problems we consider intractable (either on average or in the worst case).

I am not sure to what you are referring to when stating: >> Modern encryption is fast and flexible but there are old ciphers that are just as strong when used correctly.

To my knowledge that is not correct, but I am curious. (Shannon's analysis was the first rigorous treatment and bootstrapped the field.)


It is not trivial to crack unknown ancient scripts. One of the poster children of this is Linear A (https://en.wikipedia.org/wiki/Linear_A), a script encoded with the same characters as the "cracked" Linear B, but we have no idea what Linear A actually contains.

Modern cryptoanalysis still requires large corpus' of data to work through.

For an example of the work it takes to break classical cipher methods, consider the Kryptos sculpture (its a sculpture at the CIA headquarters with 4 enciphered texts on it).

https://en.wikipedia.org/wiki/Kryptos

It was unveiled in 1990. The forth puzzle is still unsolved.


> Modern cryptoanalysis still requires large corpus' of data to work through.

I think this is the key I was missing. Like, it's a catastrophe if something is degraded to RC4, but we can't break something from 500 years ago. But I guess for modern communications you automatically get a very large corpus if you just wait for a little bit.


I think use of other languages could be described as a form of cryptography. It's been done before as well - see the Navajo code talkers in WWII[1], who were very effective in terms of speed, and who the Japanese found difficult to even transcribe. Of course, this relies on the language being obscure, and many more languages are well documented now than in the 1940s.

>it should likewise be trivial to crack any remaining unknown ancient scripts

That doesn't follow. Part of successfully decrypting a message is knowing when you have the right answer. That doesn't apply if you're looking at a limited dataset (or claytablet set), and you have no idea about the context the texts were written in.

[1] https://en.wikipedia.org/wiki/Code_talker


Navajo code talked used code on top of the obscure language the Japanese eventually figured out that it was Navajo and so Native American soldiers were specifically targeted both on the battlefield and in PoW camps despite the vast majority of them not being able to speak Navajo and the majority of those who did, did not have knowledge of the code.


I dug up the source on this one, there was basically only one opportunity the Japanese really had:

https://web.archive.org/web/20131109191414/http://www.yvwiiu...


There is also a Wikipedia link in another comment


This feels like it flies in the face of the usual advice for modern crypto. Don't try to be clever. Don't roll your own system. But it sounds like a novel language, and a lack of context, could actually cause headaches for those coming after you.


Keep in mind that it was the early 1940s—-there weren’t many options other than rolling your own. The code talkers were literally 100x faster than the available machines and much more “portable” and robust.

It also wasn’t just haphazardly deployed like a DIY crypto system inside some app might be. There were tests and working groups and stuff like that.


With the possible exception of OTP, modern (sic) crypto was essentially nascent at that time (Enigma), there was no option but to roll your own. Your advice comes from a corpus of 70 years of collective experience which did not exist 70 years ago.


I think when I said this I was assuming that the implication was that it would be useful even today. I understand that crypto was much different back then.


I wouldn't say trivial, even if you know how the system works, it can take a lot of time to break things. A good example would be Enigma. There is the BOINC based project Enigma@Home [1], which tries to decypher intercepted messages. Over 74880 CPU-years have been spent to crack messages, and there are still some unbroken.

And do not forget the Voynich manuscript [2], from the 15th century, which still remains un-decyphered.

[1]: http://www.enigmaathome.net/

[2]: https://en.wikipedia.org/wiki/Voynich_manuscript


Are you counting the One Time Pad?


Ancient texts are deciphered by experts. And its very far from trivial!

Strongly recommend this textbook https://www.amazon.com/Story-Decipherment-Egyptian-Hieroglyp...

Its all about deciphering ancient languages. It doesn't quite get as far as the very recent breakthroughs e.g. Inca knots.


Linear A would like a word with you [0].

[0] - https://en.wikipedia.org/wiki/Linear_A


It'd be cool if they let you in on how the code was deciphered. Does anyone know of any sources that discuss the process? Sounds like in this case frequency analysis wouldn't have cut it :D


The original document by G. Bergenroth mentioned in the link provided by jeioncs is supposed to have a description of the original procedure. I don't know how/if you can get a document from the National Archives of the United Kingdom, though.

Edit: Link to the actual Archives entry: http://discovery.nationalarchives.gov.uk/details/r/C12056


I live a five minute walk from the archives, they're open to all, but closed today.


The Spanish intelligence service has deciphered the code again since they have found a letter used by the great captain. They have found a "rosette stone" with the code encrypted and deciphered.

http://www.rtve.es/alacarta/videos/telediario/td2-codigo-020...


You have to wonder if deep in the vaults of GCHQ there are not records going back that long :-)


[flagged]


Could you please stop posting unsubstantive comments to Hacker News? You've done it a lot, and we eventually ban such accounts.

https://news.ycombinator.com/newsguidelines.html




Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: