Like a challnge response kind of thing with the shared secret being your key.

You have a predifined start key like Schneier’s AEB. On the first of the month, you send your username and encrypted password. Next day,t he second ,beign an even day, you rotate the second right clockwise if you want to log in. The next day, the third, you rotate the third ring clounter clockwise.

It ends up being something simular to a DUKPT key changing scheme.

x 123456
1 abcdef
2 ghijkl
3 mnopqr
4 stuvwx
5 yz0123
6 456789

first flip , second , third , fourth , fifth :

ab cd . ef gh – ij kl . mn op / qr st . uv wx – yz 01 . 23 45

Obviously, if you flip or roll a value that goes out of the desired values you try again. Does anyone know of an extension of the von Neumann procedure for “fairing” a coin to a die?

Robert Richardson
GoCSIblog.com

Those are actually two different ideas with the same key rotation.

1) used for challange response authentication. Where the website presents you with a captcha ( just to make it more expensive for any automated cracker). You then encrypt the Captcha word and send it back. Proving you are you. This has the nice feature that the password is different every time. No replay attacks and you are always encrypting different passwords, rather than the same one over and over.

2) DUKPT functionality: You have one password.

Say Day 1 your password is password, you encrypt it to get uejowuop. That is your password for that day. Next day you take uejowuop and encrypt that with the days new key to get poivmeqi. That is your password for that day. And on and on and on. Might not be the most user friendly for the casual users bank password. Or you could actually do the key rotation on each successful use of the password, if you can make sure that both the bank and you agree when you’ve been authenticated.

Draw out your 6×6 grid.x & y axes corespond to 0-5 left-right and top to bottom.
One die is always the 6′s place, the other is the 1′s place.
Start with the character zero, roll. “0″ goes in the square defined by that roll. Next character is “A”… and so on.

Once your 6×6 grid is full that becomes your alphabet coordinates for generating cypher text. If your first plain letter is C, and C is at position 5,3 then your cypher letter is (5×6)+(3×1) = 31 = 26+5 = “5″

There’s 36! grid keys. 3.719e41

It seems to be vulnerable to something. I’m not sure what. It’s not iterative, nor is there feedback. You could solve it part way and get a partial plain text, I think.

I wonder, if you had a room full of people throwing dice, if that would work well as a random number generator. Sounds like the backdrop to a caper movie. A casino is being used to crack government codes. Someone on the inside wants out. Can they trust the black market net cafe owner?! Blockbusterlarity ensues.

Or maybe a triple pendulum with atomic controlled actuators. Just a tiny bit from a smoke detector. How cheap could you make them?

There are all the usual choices for key management. They could agree on a 3-letter “word of the day” in the morning and use that for every message (or one word each, eg he sends to her with key ‘cat’ and she sends to him with key ‘dog’). They could pick a “phrase of the day” (each) and use 3-letter chunks from it for successive messages. They could preserve the ring state and decode the second-received message in a day from the state at which the first message ended.

And so on; what’s best depends on use patterns…

1. Start with 1.
2. Look at the letter on ring 2 next to the A on ring 1. If there’s a dot above, add 2. If there’s a dot below, add 1.
3. Look at the letter on ring 3 next to the A on ring 1. If there’s a dot above, add 6. If there’s a dot below, add 3.

Of course it could all be for naught if my scheme is worth bupkis, or the pad is compromised.

36!*(26^2+(3*6*9))^12 (4.46e76) keys.

oh yeah, what a staggeringly easy cipher. If you’re going to do that why don’t you learn to very quickly multiply prime numbers together, forget about the rings, write your public key on your forehead and encipher all your messages in mental arithmetic RSA.

I don’t think there’s going to be that much of a rush to decode these communications…so maybe ease of use slightly trumps learning a new language.

I think it might be pretty strong against a fequency attack if the keys are picked randomly (which you can get pretty easily with a few 6 sided dice) AND if you mangle the plain text (disemvowel and misspell). Without a better maths background I’m not certain, but I think it would be difficult to pinpoint the keylength from the cypher text alone. Any mathHeads what can set me straight?

Here is a detailed description of how to convert a triple of letters into a number, for those unfamiliar with balanced ternary. I will abbreviate a dot above the letter as “^”, a dot below the letter as “v”, and no dot as 0. These correspond to the balanced ternary digits +1 (up), -1 (down), and zero.

1. Align the three letters on the rings.
2. The first ring is the nines place. ^ = 9, v = -9, 0 = 0
3. The second ring is the threes place. ^ = 3, v = -3, 0 = 0
4. The third ring is the ones place. ^ = 1, v = -1, 0 = 0
5. Sum up the values of the rings.

For example, AAA has dots ^^^, which equals 13 (9 + 3 + 1). RRR has dots vvv, which equals -13 ((-9) + (-3) + (-1)). PPP has dots ^0v, which equals 8 (9 + 0 + (-1)).

Thus the rings embody a kind of hash function from letter triples to numbers in the range -13 to 13.

The cipher (when the key stream is generated by the random generator described below, I call it the Rusty cipher):

1. For a key stream, you need a sequence of letters at least three times as long as the message.
2. For each letter in the plaintext, take the next three letters from the key stream and line them up on the rings.
3. Convert the dots on those three letters into a number.
4. If the number is positive, count forward that many letters in the alphabet, starting from the plaintext letter. If the number is negative, count backward. If you reach one end of the alphabet, wrap around to the other end. If the number is zero, use the plaintext letter unchanged.

To decipher, follow the same process, but flip the sign on the number in step 3.

Example, using a pseudorandom key stream (generated below):

key stream: HEN ULR HFC YMH …
dots : 0v0 vvv 0v^ ^^v …
numbers : -3 -13 -2 11 …
plain text: h a n k …
ciphertext: E N L V …

Using the text of a book as the key stream is easy, but letter frequencies and (most applicable to this method) trigram frequencies are well known, and would bias the output of this cipher. A random key stream would be better. Of course, if you had a way to share a truly random key stream, you would do a OTP, but that is impractical, so…

Here is a way to generate a pseudorandom key stream using only one operation that is easy to perform on the cipher rings. This kind of PRNG is called a Lagged Fibonacci Generator (LFG). LFGs are not cryptographically secure, but combined with the crypto-ring hash function, they would have rocked in the classical crypto era.

The key can be a word or a phrase or random letters. You need at least two letters. For best results, at least one should be one of: BDFHJLPRTVXZ. This is because we are effectively adding mod 26, with A=0, B=1, etc., and those are the letters that are relatively prime to 26.

The sequence of letters produced by the LFG is defined as S[n] = S[n-k] + S[n-k+1], where k is the key length and + is the operation of adding letters together using the crypto rings. To add X and Y, for example, line up A on ring 1 with X on ring 2, then find Y on ring 1, and see what it lines up with on ring 2 (V, so X + Y = V).

For example, using the key DEAN:
D+E = H
E+A = E
A+N = N
N+H = U
H+E = L
E+N = R
N+U = H
U+L = F
L+R = C
R+H = Y
H+F = M
F+C = H
.
.
.

Take the output starting at the first letter after the key.

LFGs are sensitive to initial state (in this case, the key). But with a key length of just five, most periods seem to range from 30941 to 649761, which should be long enough for any message you are likely to work by hand. Here is a table showing the maximum period I found for small key lengths.

2 | 84
3 | 1281
4 | 10980
5 | 649761
6 | 7797132

These rings demonstrate to the world that True Love is an Enigma.

I get misty just thinking about it.

http://history1900s.about.com/library/photos/blywwiip123.htm

Just kidding, Cory. I think it’s a great thing you’ve done. But having a wife who shares your unconventionality is even better. Kudos to both of you!

Dave

Perfect pangrams are the first thought of how to extend it. The question is whether to use them as an additional, invisible ring, or in some other fashion. Imperfect pangrams, with repletions ignored, might be useful, too.

And I want to use the dots to key transpositions. After doing the letter substitution on four letters, the dots and non-dots above the current trio of “active” letters on the rings indicate swapping; dot on left, swap the first pair of letters currently being encrypted with each other, dot on right, swap the second pair letters, dot in middle, swap the first pair and second pair.

BTW – I want to you to know I’m totally jealous of the ring. :-)

1. All existing public-key ciphers require difficult, multi-digit calculations. Assuming that they don’t want to use an arbitrary precision calculator with their rings, this is out.
2. Without the option of a public-key cipher, a shared-key cipher is the only choice.
3. The cipher will be well-known (no security through obscurity). The construction of the rings is well-known and since only a handful of ciphers have been suggested, it’s expected that somebody will be able to try all of the suggestions to find out which one Cory and his wife are using (assuming he doesn’t tell us straight out).
4. Therefore, the only secret is the shared key.
5. Unless otherwise stated, we should assume only simple additional tools (coins, pen, paper, etc.). This will limit us to simple math. It may also limit the size of the shared secret to something they can remember (carrying a book around may not be feasible).
6. The key will not change very often. This is arguable, but being that they are human, they will not want to memorize a large amount. Assuming that they don’t carry a large source of key material (such as a novel), they will be limited to memorizing, at most, a few, short keys.

Any other constraints that anyone can see? It helps to have requirements before designing algorithms (how can you tell I’m an engineer?).

We should probably list the scope limitations as well:

1. The algorithm doesn’t have to be secure against computer analysis. Given the key space and the limited number of calculations we can make, this level of security is unreasonable.
2. The messages will be short. One could argue that this isn’t a necessary requirement, but them both being human, they won’t want to spend four hours encoding/decoding a dissertation. Should they wish to have further secure communication, the rings could be used to establish a more secure channel elsewhere (such as meeting in a secluded place).

One possible hole in the above is that one ring isn’t used at all, which seems suspicious. Instead, you could make a cipher which uses both rings, but switch the order that rings are used in.

I did some counting with my flipping and adding and found a strangely pretty and lumpy fractal distribution that looks a little like one side of a Kock snowflake.
M seems to be the favored letter. It’s not evenly spaced because 100+011 is the same as 010+101…

:(