That theory is testable
With the volume of Venona decrypt available (only a few percent of the total AFAIR), it should be possible to verify if it's always or mostly a mix of KGB traffic with GRU traffic that decrypts.
Efforts by British boffins to thwart Russian cryptographic cyphers in the 1920s and 1930s have been declassified, providing fascinating insights into an obscure part of the history of code breaking. America's National Security Agency this week released papers from John Tiltman, one of Britain’s top cryptanalysts during the …
> "They both selected a secure printing works that usually produced banknotes and gave strict instructions that only two copies of each pad should be printed," Lomas commented. "The printers decided to print four copies of each pad then send two each to the KGB and GRU.
Who's to say they didn't do the same for banknotes?
No, it it's basic economics that printing more currency will devalue it
That's the ruble that Comrade Lenin specified the value of?
Also in an economy the size of the USSR, you'd need a lot of extra bank notes to reduce it by much, so as long as you kept the numbers low relative the amount of money in circulation it wouldn't have much effect, but you could still be very very rich.
"That's the ruble that Comrade Lenin specified the value of?"
He controlled the official foreign exchange rates and many prices. No one given a choice stuck to the official exchange rates. Or the Rouble for that matter.
The point was that the devaluation effect does not require consumer knowledge that additional currency has been issued.
Most USSR pads from that period were just bog standard books. The outgoing communications from Russia to spies abroad consisted of sequences of numbers which were page and symbol positions in it. This one repeats a gazillion times in literature (both historical and fiction) so there is quite likely to be a grain of truth in it. As a result there was absolutely nothing incriminating in a spy's house as the books in question were mostly fiction.
I do not know about the communications back to USSR, but I would be surprised if they were different. If you have a system which works flawlessly in one direction, why bother with something in the other?
It's not so difficult to believe...
The pads were used by embassies and such, as they often have a need to confer with home over a secure channel, knowing that anyone could be listening in on the conversation.
Spies would mostly try to avoid any situation whereeven part of the conversation could be captured, as not only the message, but also the sender and receiver would be secret.
OTPs and other codebooks is something you'd expect to find in an embassy or in the comms on a battleship, but not in someone's home. It's also very difficult to transfer a code books and OTPs to field agents without them being compromised.
TH noted, "It's also very difficult to transfer....OTPs to field agents without them being compromised."
I suspect that a given section of One-Time Pad (OTP) could be safely reused a 2nd time, but *ONLY* to send some random gibberish to essentially refill the OTP itself at the far end. This would permit effectively-endless OTPs to be more easily distributed (i.e. continuously refilled) using the same remote communications channel, thus avoid the bother and peril of physical delivery.
Here's why it seems safe: The fact that the 2nd use of the same OTP block is to carry random gibberish (i.e. more random bits to refill the OTP) means that the usual subtraction attack doesn't accomplish anything. Think about it...
And, since each encrypted message remains fully-independent of the previous, they don't carry any residual information about other messages. So there's 'nobody home' in the statistical analysis department.
The only obvious downside is that the resultant chain of communications would be like a house of cards. One decryption anywhere in the sequence, and the entire sequence of messages would fall open. Risk management would be required to evaluate the pros and cons.
The same basic concept (assuming my suspicion is correct) would apply to both manual OTPs and the electronic high-speed equivalent; and that might be more widely applicable for modern applications, even endless streaming.
If you have a system which works flawlessly in one direction, why bother with something in the other?
It only works flawlessly as long as the choice of book remains unknown: discover it and you can decrypt all the traffic you've intercepted in the past between those two parties. Users of a one-time pad are supposed to destroy each sheet after use so that even if the pad falls into enemy hands it can never be used to expose historic communications.
GCHQ can brute force crack the code by running through every book in their digital library
Not every book is digitised, and different printings of books can vary enough to make them effectively unique as cipher pads. I do agree though that's it's more tricky than it used to be, but if Alice and Bob are sufficiently cryptic in how they define which page/paragraph/word/letter then they could defy purely automated analysis.
Users of a one-time pad are supposed to destroy each sheet after use so that even if the pad falls into enemy hands it can never be used to expose historic communications.
Which works unless your method of disposal is to re-purpose them as bog roll because your supplies of that has run out. During the cold war, western spies went fishing used paper from the sewerage systems under at least one eastern bloc embassy to get hold of used one-time pads.
It is, but many people may not understand how it enables differential cryptanalysis. They may intuitively understand that it lowers their own security but totally misunderstand the threat model. In their minds, the risk is about whether their own message may be read, not whether they are enabling the reading of another message if the adversary holds both messages but not the key.
Also, being aware that (properly used, properly random) one-time pads are the strongest encryption there is, laypeople might not grasp the magnitude of their gaffe when re-using it twice, possibly thinking "well maybe it's a bit weaker this way but surely it must still be plenty strong..."
"The Russians are well known for their mathematical ability. It's surprising to me that the risks of re-use were not strongly impressed on the users."
The article implies that the pad printers sold duplicate pads to both agencies. The agencies and their users were probably not aware of this.
OK, so if I write a couple of short messages as plain ascii (7 bit) and then use
xxd -b <message-files>
to dump the binary (1s and 0s), reformat to mimic a paper tape or something, and then XOR the result to get rid of the two-time key, it should be a reasonable simulation of the problem facing the chaps in the 1950s?
... Doesn't matter - the NHS would still photostat them to save money.
Reminds me of the mating call of the lesser-spotted incompetent teacher "I didn't photostat enough so it's one between two*" because I can't frigging count (and it's a maths lesson).
*And not the fun type of one between two where one of the two is blonde and the other filipina.
Paranoia about hyper-computers, quantum computers and rumoured breathroughs such as fast-factoring algorithms in the last five to 10 years seems to have fuelled a quiet resurgence in one time pads (OTPs).
Thus Boris, politely invited to step out of the queue because he (a) travels alone, (b) has minimal luggage, (c) has a certain unmistakable bearing, emits a brief burning-plastic smell before he says "Bozhe moi, phone smokes!" and with practised humility explains in fractured English that his crappy East European phone must have a bad battery. Another quarter-gigabyte of OTP has just been roasted—with plausible deniability.
And there are now many Borises, Jacks, Maurices, Joses and even a few Rachels and Tatianas, couriering the wondrous globe with excellent passports, over-rated language skills, lamentably giveaway body language (always the weak point) and tiny silicon chips the size of pinky-nails concealed hither, thither and even yon.
We're close to inventing a (possibly quantum-tech) OTP which can be read only once, thereafter erasing itself without the need for Boris or Rachel to tickle the "Blown" button—useful, if only to relieve many small rooms in large airports of the smell of melted secrets.
Oh, I'd been assuming that he was a Russian agent. It would really make a lot of sense: endlessly making damaging apparently-idiot-comments from the sidelines ('fuck business [... comrade]'), repeatedly destroying fragile consensus in the government, damaging our image abroad, travels abroad a lot where he no doubt has copious opportunities for assignations of various kinds, suspiciously supportive of Trump, and so on.
I mean, obviously none of this is true and he's a good patriotic Englishman, of course. Of course.
My cheapo Android tablet gave me the choice of encrypting its storage when I set it up. Took a couple of minutes. I'm assuming the result is a 16Gb ssd filled with random numbers. Could a otp not just be made to look like an ssd with encrypted storage until the authorities started to compare a number of devices and realise the amazing coincidence of identical random numbers?
Coat: Copy of MR-1418-RC in the (large) inside pocket
If you read some of the books like "Code Warriors" you will become to understand what word persistence and determination mean. They go through how some of these techniques were done. If I remember right they go through codes that were broken via this method. I just shook my head at how hard core, hard nosed and determined these types of people are.
If it's not harming US interests, then why not declassify? It's not like the UK can do much if they object.
See also; the CIA declassifying details of U2 flights over the USSR in the 1960's, which confirmed the involvement of RAF pilots, whilst the UK files on the subject are still classified (if they even still exist).
The story I read is that as the Nazis advanced into Russia the part of the code section responsible for generating the random numbers for the one time pads was evacuated to the east but the printing staff were left behind, so they started reusing pages.
They did not reuse whole books at a time but mixed up pages between new books. When the implications of the reuse were understood the staff were afraid to warn their superiors, because they would likely have been sent to Siberia or executed for the initial mistake.
That's basically how James Bamford described it in "Body of Secrets".
There were 35,000 duplicate pages printed by the 8th Main Directorate of the KGB in early 1942, and they had 30,000 intercepts that were encrypted using said duplicate pages out of about a million intercepts. The duplicated one-time pads (I guess two-time pads) were used from 1942 to 1948.
In the book, Bamford suggests that they were duplicated by Soviet cryptographers creating the one-time pads using carbon paper. It was careless and the Soviets paid for it.
Donald/Devin/Sarah,
This is far beyond anything you can begin to hope to understand, so do yourself a favor and stop before you embarrass yourself further.
Let the grown-ups and people with an IQ higher than their toothbrushes discuss it. Thanks.
V/r,
Signals Intelligence Collector
Not to do with Russia directly, but fascinating is an article on the ANC's web site describing how their operatives communicated in Apartheid South Africa. The use of computers in the 1980s, basic encryption, then modems to transfer audio to cassette tape. Then find a phone and switch on the tape, to send screeches down a phone line. Receiving was the reverse of the above. Relevant to the article is the process this involved. A great read.
"Talking To Vula"
The Story of the Secret Underground Communications Network of Operation Vula
by Tim Jenkin
http://www.anc.org.za/content/talking-vula
There are some ways to do this without re-using you OTP, it is a fact that XOR ing two random numbers eg different sections/pages of a OTP together gives another (unbreakable) random number. Thus page 1 char 1 of your OTP can be used to modify each character of Page 2 etc extending your OTP length by the length squared, it is done for digital signatures on some embedded systems where the CRC is XOR'd by several different pages of the OTP (the more pages the better but XOR is fast on a micro)
AC wrote:
"...Thus page 1 char 1 of your OTP can be used to modify each character of Page 2 etc extending your OTP length by the length squared ..."
But surely if your OTP is just changed by a fixed value then combining two code-texts coded with the first and second version will remove the random element (which will be obvious because the text will reveal the statistical properties of combined plain-text - it will just be shifted by the fixed value) leaving you with a Caesar cipher which is trivial to solve.
...that they didn't use another language other than their native, to communicate in.
While everyone is trying to find patterns of Russian words, then if the correspondence was in English, for example, that would surely have made it more difficult for the people doing the cracking?
Or is my thought pattern starting to show that it's nearing beer o'clock?
@msknight
https://en.wikipedia.org/wiki/Code_talker
Use of minority languages was a thing when the need was for rapid communication of information that would be useless on a short time scale. Don't think people wanted to be fiddling with one time pads and doing mental arithmetic on battlefields.
It takes years to learn a foreign language properly, and people whose language it is can immediately understand you... unless you're dreadful.
A dictionary of under 100 common words in any language liable to be used in this way should make it veey easy to detect.
One key element is that each communication started out with a cleartext header that identified the pad in use.
This is the simplest way of keeping the sender and recipient in sync. Keeping things simple and reliable avoids the operators sending cleartext messages to recover when the inevitable screw-up occurs.
This wouldn't have been a vulnerability with true one-time pads. Even reusing one-time pads wouldn't have been a problem if they had unique pad numbers.
Now, *there's* an interesting family.
Father of the (infamous) author of the first Internet worm:
https://en.wikipedia.org/wiki/Robert_Tappan_Morris
(apparently, he has redeemed himself, and now works for MIT)
From Morris (the elder):
Never underestimate the attention, risk, money and time that an opponent will put into reading traffic.
Book based codes are very insecure (even if there are only two copies of the book in existence).
The underlying language structure makes such codes intrinsically non-random and provides a wedge into the code.
Only a _truly_ random sequence is _really_ secure, and surprisingly difficult to produce. Even pseudo-random numeric generators will eventually show a pattern which gives you a start, and that is all you need with a computer to do the heavy lifting.
Mac
Pseudo-random number generators (PRNGs) aren't truly random, indeed they are peculiarly non-random. e.g. if the number 5 comes out it is followed by 24 every time. A PRNG will produce some or all of the numbers in its range exactly once before repeating the sequence but the repeat will be an exact copy of the first sequence and so on. PRNGs have their uses but cryptography isn't one of them.
OTOH I know of a system that used radio noise to produce a RNG key for a digital device that had to be provably "random" under licencing restrictions -- slot machines.