Group Project in Cryptography
Final Paper

Incognito
Eric Epstein, Katie Roenbaugh, Tiffany Humbert-Rico, Joshua Golden

December 3rd, 1998

Part I - The Incognito Cryptogram

The Incognito cryptogram employed a three-layer encryption process. First, a simple substitution was used to mask the characters relevant to the actual plain text of the code. Second, a basic algorithm was used to generate patterned bursts of interference between the relevant characters. Finally, groups of random characters were added to the end of each page of text.

Following is the exact procedure by which the cryptogram was created.

  1. The message underwent a substitution where a became h, b became i, c became j and so forth. All punctuation and spacing was dropped. For example: The plain text "he knew there was" became "olruldaolyldhz."
  2. Each relevant character was followed by a specific number of "junk" characters prescribed by the repeating 1, 2, 3, 4, 5 pattern of insertion. For example: The first level encrypted text "olruld" became "OaLwxRbneUwnzeLbneiwD." The lower case letters are randomly generated and inserted into the text. Only the capitalized letters have any relevance to the meaning of the text.
  3. The masked text was then divided into two pages and the remainder of each page was filled with random letters generated by a simple computer program.

Each layer of the code was extremely important in its own way. Steps 1 and 2 became very effective when combined. If we had simply left the plaintext as it and proceeded directly to generating the background interference, it would have been quite possible to just realize the pattern by speculation. In order to prevent this simple analysis of the code, we performed the simple letter substitution, making it much more difficult to recognize our pattern. The final layer of encoding was creating a "red herring" leading the attempted decoder of our cryptogram to believe that the code was much more complex than it actually was.

The feedback that we received from the other groups in passing really reinforced our belief in this code. The sheer volume of characters that one must analyze to deal with the background noise made it virtually impossible to even realize where one should start looking for a pattern.

Part II - Incognito Decryption Attempts

In attempting to break the codes created by the other three groups, Incognito started with basic decoding process that is outlined below.

  1. Look for patterns: a) Repeated letters; b) Repeated sequences of letters.
  2. Attempt to analyze any patterns found.
  3. Attempt to align the plaintext sentence we received with any part of the cryptogram.

Unfortunately, due to the complex nature of these well- crafted codes, none of these traditional methods were useful given the small amount of coded text that we had. Had there been much larger quantities of plaintext and many hours with which to attempt decipherment, perhaps we could have been more successful using traditional means. The NSA, Kenzthabest, and Sneakers cryptograms all remained shrouded in mystery.

However, upon realizing that traditional code-breaking measures were coming up empty handed, we turned to a couple of "alternative" methods of producing the desired results.

1. Incognito came across an interesting method for attempting to break these codes given a single plain text sentence. We realized that we had failed to save our original plaintext and we did not like the prospects of deciphering our own code. In a last ditch attempt, we entered our plaintext sentence in Altavista, the online web search engine and forced it to find exactly that sentence. Altavista returned the ACTUAL article that we had used and were able to include it in digital format at the end of this paper. We attempted to use this method to jump directly to the plaintext of the other group's codes, but since they must have taken their articles from intensely obscure sources (against the rules?) such as the Introduction to Macroeconomics text, this very interesting and effective method was laid to waste.

2. In a desperate attempt to decrypt a code, we resorted to the traditional "James Bond" means of decryption: espionage and force. On Tuesday afternoon, Sanjiv, a known member of Kenzthabest "happened" to break his collarbone in a "friendly" football game. Incognito hereby claims absolutely no responsibility or connection to this incident. However, we took this opportunity (during Sanjiv's visit to Evanston Hospital) to scour his computer for information, eventually finding a reference to the plaintext and realizing that their code encrypted the top three paragraphs of page sixty-nine of Baumol and Blinder's Macroeconomics - Principles and Policy. Upon analysis of the structure of the code compared to the plaintext, we were not able to determine the actual mechanism of the code (we made this successful attempt at the very last minute). The only piece of information that we were able to determine is that it seems that it definitely employs a direct character representation using three-character code blocks.

Below is Agent Deez Nutts account of his espionage leading to the reception of this incredibly uncritical message:

"It was 6:00 and the incognito group was tiring of traditional methods of decoding. The clock on the wall was ticking and the tension was rising. Then, I arrived. The culmination of a planned effort, the start of our operation was upon us. I'm going to go down and look through Sanjiv's computer. He should be at the hospital because earlier our anonymous friend helped to snap his collarbone, I announced. The door was open and two people were playing FIFA World Cup '99 soccer on his computer. The game was ending and I pretended to watch the screen as they played, but actually I was scouring his room for the code. After the two students left I proceeded to use a file search on Sanjiv's computer. To my surprise, his code came up as one of the documents that I had found. I quickly looked at the document and, mistakenly, the source of the text was on the paper. I quickly exited the room only seconds before Sanjiv returned from Evanston General Hospital. I made it upstairs to Josh's room and found the Macroeconomics textbook and on page number 69 the plaintext was stated there."

Thus, as usual, our attempt to use the rigorous methods of decipherment were compromised by haste and lack of discipline, and we were forced to resort to violence (well, not really), subterfuge and espionage. However, we are particularly proud of our unique success and methodology for discovery of the plaintext of encoded journal articles.

Appendix - Incognito Plaintext

The hacker calling himself Mudge pushed his long hair back, scratched his beard and stared at the computer screen. He knew there was something wrong with the data traffic he was watching, but what was it?

A week earlier, Mudge and his fellow hackers in their hangout known as the L0pht -- pronounced "loft" -- had acquired some software that was supposed to let computers talk to each other in code. But as Mudge watched the data he realized someone else was doing the same and maybe even decoding it, which shouldn't happen. "So you are saying that you're using DES to communicate between the computers?" Mudge recalled asking representatives of the software maker. Yes, they said, they were using DES, a standard encryption method that for years was considered virtually uncrackable. But this wasn't DES, thought Mudge. It's almost as if... Whoa. He blinked and felt the adrenaline kick in. This wasn't secure at all. In fact, the encoding was only slightly more complex than the simple ciphers kids did in grade school -- where "A" is set to 1, "B" is set to 2, and so on.

The company was selling this software as a secure product, charging customers up to $10,000. And yet, it had a security hole big enough to waltz through.