CRYPTO AND PRIVACY VILLAGE - Cryptography, Codes, and Secret Writing: An Introduction to Secret Communications
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 322 | |
| Author | ||
| License | CC Attribution 3.0 Unported: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/39874 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | |
| Genre |
DEF CON 26106 / 322
18
27
28
40
130
134
164
173
177
178
184
190
192
202
203
218
219
224
231
233
234
235
237
249
252
255
268
274
287
289
290
295
297
298
299
302
306
309
312
315
316
00:00
QuantumLevel (video gaming)CryptographyMultiplication signCodePlastikkarteInheritance (object-oriented programming)Elliptic curveMathematicsDegree (graph theory)Key (cryptography)Shared memoryPoint (geometry)Slide ruleGoodness of fitProbability density functionAdventure gameFamilyQuantum mechanicsSteganographyDatabase transactionWeb pageInformation securitySpeech synthesisOcean currentCartesian coordinate systemFlagOnline helpCASE <Informatik>Self-organizationNichtlineares GleichungssystemPhysical systemAngular resolutionOperator (mathematics)Quantum computerCodeBitNoise (electronics)Software testingObject (grammar)Context awarenessArmDrill commandsDigital rights managementTouch typingHacker (term)MaizeRevision control
08:42
Arithmetic meanCodeRight angleQuicksortWordWebsiteDifferent (Kate Ryan album)Cartesian coordinate systemMultiplication signInformationTelecommunicationOcean currentEncryptionAlgorithmServer (computing)CryptanalysisGame theoryCarry (arithmetic)CryptographyInformation securityBijectionTable (information)Set (mathematics)3 (number)Office suitePhysical systemComputer hardwareINTEGRALDigital rights managementMathematicsMereologyOrder (biology)NeuroinformatikFormal languageAuthenticationLevel (video gaming)Copyright infringementView (database)Term (mathematics)KälteerzeugungMessage passingSoftwareObservational studyCodeKey (cryptography)File formatMusical ensembleMathematical analysisVideo gameNapster
15:44
Boss CorporationElectronic signatureChainNeuroinformatikHash functionCodePhysical systemDigitizingAuthenticationSoftwareMessage passingSequenceMathematicsComputer forensicsMultiplication signEncryptionRepresentation (politics)VideoconferencingFrame problemFood energyRight angleDatabase transactionTelecommunicationWindowMatching (graph theory)EmailVisualization (computer graphics)Shared memorySteganographyoutputCryptographySlide ruleBlock (periodic table)QuantumExistential quantificationCASE <Informatik>Computer programmingPairwise comparisonPublic-key cryptographyCalculationWebsiteRow (database)InformationMoore's lawFigurate numberDifferent (Kate Ryan album)Open sourceGoodness of fitComputer clusterBoom (sailing)Lecture/Conference
23:45
GradientMessage passingHill differential equationComputer virusGreatest elementSteganographyWritingMultiplication signMalwareBlock (periodic table)CalculationGraphics tabletReverse engineeringPhysical systemSelf-organizationCryptographyFigurate numberAlphabet (computer science)DiagonalSystem identificationUncertainty principleRight anglePhysicalismDifferent (Kate Ryan album)Metropolitan area network1 (number)QuantumBootingKey (cryptography)Scripting languageSurjective functionResultantWeb pageWave functionHoaxCombinational logicRandomizationBitParticle systemString (computer science)DiagramVertex (graph theory)Token ringGame theory2 (number)MereologyFilter <Stochastik>GodAngular resolutionLinearizationLimit (category theory)EncryptionDiameterTetraederLink (knot theory)MiniDiscCausalityEntire functionForm (programming)Bulletin board systemYouTubeLecture/Conference
31:19
NumberAdditionWritingEncryptionAngleMetropolitan area networkArithmetic meanMereologyCasting (performing arts)CASE <Informatik>Multiplication signFigurate numberMessage passingRight angleWeb pageWordInheritance (object-oriented programming)Wave packetSystem identificationSubstitute good
33:54
MaizeMetropolitan area networkDifferent (Kate Ryan album)Encryption1 (number)CryptographyStiff equationCodeCodeMessage passingShift operatorSystem callCASE <Informatik>Lipschitz-StetigkeitReading (process)Substitute goodRow (database)BuildingHoaxDiameterTheoryNumberStatuteMultiplication signAngular resolutionUniform resource locatorWeb pageCuboidComputer forensicsPoint (geometry)Transportation theory (mathematics)Address spaceOffice suiteRule of inferenceRight angleInternetworkingElectronic mailing listSlide ruleCodierung <Programmierung>Form (programming)QuicksortClosed setRotationLecture/Conference
37:36
Formal languageFigurate numberMessage passingFrequencyEncryptionSet (mathematics)Sampling (statistics)Cryptography40 (number)Mathematical analysis1 (number)AreaDemosceneSymbol tableRight angleSeries (mathematics)Group actionCodeDirected graphNumberTotal S.A.Reading (process)E (mathematical constant)Substitute good
39:36
Message passingInternetworkingAuditory maskingMultiplication signTable (information)WebsiteField (computer science)Virtual machineFormal languagePoint (geometry)BitOperator (mathematics)Key (cryptography)Physical systemCodeDerivation (linguistics)Maxima and minimaShift operatorCryptographyPlastikkarteElliptic curveEncryptionPosition operatorRight angleGoodness of fit1 (number)CryptosystemExpert systemQuantumSquare numberMatching (graph theory)40 (number)Execution unitOrder (biology)WordRing (mathematics)Substitute goodType theoryTelecommunicationElectronic mailing listBoss CorporationWritingGodDirection (geometry)Selectivity (electronic)PlanningGreatest elementEntire functionInformation securityGreen's functionTranslation (relic)Alphabet (computer science)Figurate numberLecture/Conference
49:07
DivisorPoint (geometry)Symmetric matrixAxiom of choiceCurveImage resolutionNumberInheritance (object-oriented programming)Elliptic curvePrime factorFunctional (mathematics)Nichtlineares GleichungssystemCryptography1 (number)Multiplication signQuantum computerLoop (music)Right angleLattice (group)QuantumData Encryption StandardAlgorithmNational Institute of Standards and TechnologyKey (cryptography)AsymmetrySpeech synthesisControl flowEncryptionEllipseElectronic mailing listSymmetric-key algorithmQuantum cryptographyMathematicsDifferent (Kate Ryan album)Graph (mathematics)TelecommunicationLine (geometry)Physical systemVariety (linguistics)Cartesian coordinate systemTerm (mathematics)NeuroinformatikInternetworkingPasswordBasis <Mathematik>Public-key cryptographyExterior algebraGoodness of fitSlide ruleBitSymmetry (physics)LengthQuantum stateAdvanced Encryption StandardAlgebraSuperposition principleLecture/Conference
58:39
Key (cryptography)MathematicsQuantum cryptographyPhysicalismParticle systemGoodness of fit1 (number)Right angleDiagramVertex (graph theory)Metropolitan area networkResultantMereologyWave functionQuantumBitMeasurementDiagonalGame theoryCryptographyRandomizationBinary codeFilter <Stochastik>Wave
01:03:35
System identificationMetropolitan area networkPhysical systemWave packetQuicksortWordCASE <Informatik>WritingYouTubeInternetworkingInheritance (object-oriented programming)Entire functionAngular resolutionCombinational logicWeb pageMultiplication signNumberCryptographyScripting languageEncryption
01:10:18
Web pageMessage passingBoss CorporationShift operatorMultiplication signQuicksortGodCryptographyStatuteSampling (statistics)Electronic mailing listTotal S.A.Address spaceEncryptionComputer forensicsBitTransportation theory (mathematics)CodeQuantumExpert systemProbability density functionCodeGroup actionCASE <Informatik>Point (geometry)Matching (graph theory)System callInheritance (object-oriented programming)Auditory maskingAreaSerial portPolygonStiff equationPlastikkarteMaizeDemosceneSeries (mathematics)BuildingGoodness of fitFigurate numberMetropolitan area networkCuboidRow (database)
Transcript: English(auto-generated)
00:00
Welcome, everyone, to the third talk of the day by Tess Schredinger. She's a jack of all trades, master of none, and she's going to be talking about cryptography, codes, and secret writing. Good morning. Can everyone hear me in the back? I've heard there's some noise issues. We good? If at any point I start going down
00:30
or it starts getting loud, just raise your hands like you're on a roller coaster and that will tell me to take it back up. Okay? Wow, the room's full. I was expecting to see some kids in here. I guess you all stole their seats. So let
00:45
me start with some questions. How many people are here because they've always been kind of intimidated by cryptography and one person? Y'all are liars. How many are here because you just want to learn more? Okay, that's
01:01
good. How many here are experts? Okay, good, so you're not going to point out when I'm wrong. Oh, wait, he said something about this cord here. Make sure I don't step on it. Do I have slides? Okay, I'm not going
01:21
to touch anything. Okay, and then how many here are in the wrong talk and just don't feel like getting up and going somewhere else? Okay, good. Okay, so I do want to preface this by saying if you are fairly experienced in cryptography, you may get bored. If you get up and leave, I will not be offended because I really did gear this towards people that I've heard over the years, over and over again,
01:44
that they don't do any of the crypto contests and they just don't think they can. It's too hard. It's too confusing. They're not smart enough. And then when I try to introduce it to them, they get kind of excited and like, oh, wow, this is like really
02:01
neat. Nobody ever like explained it to me. So this is really high level only. I am not going to drill down into weeds on math. You will see a few equations, but you don't have to remember them. Just they're more for reference than anything. So this really is high level only. So if you wanted something a little more specific or technical, probably you're going to, you
02:23
know, maybe not want to stay or you can. I'm sorry, did someone ask a question? Okay, maybe I'm hearing someone next door. Okay, so the first thing I want to do is these slides and the walkthroughs, all my crypto stuff that I'm going to show you. I have
02:42
a Patreon page. You do not have to pay me. I just need somewhere to put stuff. So if you want any of the slides or any of the stuff I'm going to show you if I run out, you're welcome to go out there and get it. It's free. PDFs, you can just download them. And I did want to thank Paul Ewan and James Troutman. They are two of my biggest supporters. Thank you guys. Love you so much.
03:03
Our agenda. We're going to go over some definitions. I love to do that if you've seen me speak before. I think it's good to work with a common vocabulary. So you know what I mean when I say a certain thing. And we kind of have an agreed upon vocabulary to get started. Then we're going to talk about some current applications of cryptography. And then a short history of cryptography and
03:25
secret writing. We're going to talk about some of the classical stuff and then move into the modern era. I am going to attempt to make sure everyone in here can walk out and in the bar tonight you can explain elliptical curve cryptography and quantum key cryptography to your friends. Okay? That's my goal. All right? See if we can do this.
03:49
And I'll let you in on a secret. If they don't know any of it, you all just say whatever you want and they'll go, oh. And unless they Google you later, you're good. Or if they're drunk, you can just say, well, you were drunk. You misunderstood me.
04:04
And then if we have time at the end, there are some really neat unsolved mysteries in cryptography, including a current open case the FBI needs help solving that if one of you guys want to give it a shot, I'll have the thing. And maybe one of you guys can solve a murder. So a little bit about me. I'm Tess Schrodinger. Has
04:30
anyone heard about my choose your own crypto books? Only one person. Good. So now I can talk about them. So I am one of the organizers for B-Sides DC and B-Sides charm. And one
04:42
of the things I was noticing over time was that a lot of people weren't playing the crypto contests because they were really geared towards super smart black badge like full contact crypto people. And it kind of left a lot of folks out. And if we have any teachers in the audience, if I have any left over, I'd like the teachers, as long as I have some, to come get one. Because I decided that I wanted to
05:06
create a contest for everybody. So it means your grandma could play, your kids could play, but the black badge people could play, too. So if you're old enough to remember the choose your own adventure mysteries, I've written a choose your own crypto. And I do have two
05:23
versions, but I only have this one left. But the other one, again, it's online in PDF on my page. You can print it out, and the walkthrough is there as well. But what it does is it allows for you to go in. If you just want to do some fun puzzles, mazes, acrostics, anagrams, just fun little puzzle-y stuff with the kids, that's level one. If you really want
05:44
to kind of start practicing with actual different systems, there's an adventure level two that you can go in, and each piece and level two is like a little flag that goes through, teaches you a different kind. It talks about it, gives you a little history, gives you a way to help solve it, and then you put all the answers together at the end to get the solution. And then if you
06:04
want to be like, okay, I got it, and do something a little harder, but not, like, that's going to make you cry, because I make the black badge guys cry, but, you know, that's not for everybody. You can go to the third level and kind of try out what you've just learned, but you don't have the hints or the walkthroughs or the explanations. And then if you do want
06:22
to cry and you're not going to cry, then you're going to cry and you're going to cry. So, again, the next one is the you're into that. The black ops, black badge level. So I'm going to have some of these today. I'm going to have a couple little questions and little contests, so we'll give some of those away. And again, when I run out, they will be available on PDF, you can get them any time. Share them with your friends.
06:40
If you have a con and you want to use them there, please do. I'm fine with that. Just contact me so if there's extra pieces that go with it, I can give them to you. So I do those little books. And my background, I have a bachelor's degree in sociology. I never thought it would be that useful in InfoSec, but
07:00
oh my goodness. Sociology is very helpful because it helps you not only understand your adversary, because they tend to have similar mindsets depending on what they're doing or what their objective is, but it also helps you understand your users, your user base. And doing security awareness, you're going to talk to your
07:20
administrative assistants way different than you're going to talk to your devs. So that's really been helpful in ways I had not thought. So if you don't have a technical degree, don't assume that you don't have an opportunity in InfoSec. I have a master's in security management, and then I have my master's work done in cybersecurity as well.
07:42
And I recently just let everyone know I am going to begin working. If you've seen my quantum computing talk, I'm going to go back to school and start working on my PhD in quantum physics so I can go into the quantum computing, securing that, the hacking, et cetera. Non-technical stuff, I'm a triathlete.
08:01
I homeschool my amazing child who's probably hiding behind me. And I love to Argentine tango. So first contest. Can anyone here tell me what a common code used all the time when you're texting your family and friends? What could be considered a code that we use every day
08:22
if you text? Exactly. Exactly. Come up and get a book. Or someone pass it to her. She said leet speak. Or when you use acronyms, like.
08:43
We all know FML means fluff my llama, right? Right? Because this was friendly for kids talk. So whenever you use little things like FML, LOL, blah, blah, blah, those are like examples of what we kind of have little codes. And another one would be emojis, right?
09:01
Because we all know what the peach means. That's an example. So let's talk about some definitions. Secret. So secret is essentially just we want to keep something
09:24
hidden from knowledge or view. From a third party if you're exchanging with someone else. Or just from anybody if you want to keep it to yourself. So code versus cipher. Does anyone know the difference?
09:41
Well, with codes, you're mapping a one-to-one thing. So like when we talked about what does the peach mean? That's a one-to-one thing, right? A cipher is a little different in that it includes a set of instructions or an algorithm that you apply in order to change whatever your message or your item
10:02
or your text is, okay? So that's the big difference. You can see, I think this is an old espionage kind of thing. Like the word accountant actually meant come at once, do not delay. So that would be like a code. That thing meant this thing. But there was really no algorithm or anything like that. It was strict memorization or you used a table
10:22
to figure it out. So cryptology, cryptography and cryptoanalysis. Cryptology is kind of an overarching term that applies to the practice and study of techniques to secure communications.
10:40
And then, sorry, cryptography is that it's, cryptoanalysis is when you're, excuse me, my throat's really dry. Cryptoanalysis is when you analyze and decipher the cryptography.
11:00
And in cryptoanalysis, the big key steps are you wanna try to determine what language or algorithm or system was used. And then you wanna reconstruct the key if you can. And then you use all of that to reconstruct the plain text.
11:20
Encryption versus decryption. We have plain text. You're gonna apply some sort of key. That'll get you your cipher text. And then you use a key. It could be the same key or a different key depending on if you're using symmetric or asymmetric, which we'll talk about later. You use that to decrypt it back into the plain text.
11:45
So some current applications of crypto. The first thing I wanna talk about is why do we even need to secure communication? Well, if you're here, you probably already know why. It's probably pretty obvious. How many here have heard of the CIA triad?
12:04
Okay. Okay. It's funny, because things I take for granted that I think everyone knows, apparently they don't. It just shows in a little microcosm, you just assume things are common knowledge. So a CIA triad is something we use a lot. It stands for confidentiality, integrity, and availability.
12:22
So confidentiality obviously is keeping people who don't need to know that thing from knowing the thing and then integrity refers to making sure the thing has not been altered or manipulated or changed. You're kind of ensuring the authenticity of that thing. It is what I say it is, and it's not something else.
12:42
And then availability is another part of it when you're in information security. Everyone who's spent a day at the office when the network's down, right? So availability comes into play. A lot of times when you're securing certain systems, you wanna apply an availability need to it because where if you have a game server
13:03
for after hours at the office that y'all play on, it probably doesn't matter if it's down one night, y'all just go do something else, but you really don't want your EMTs and their radio systems to be down, you know what I mean? So that's used often when you're trying to identify what you need to do with the systems.
13:21
What level do we need here? Obviously, confidentiality is gonna be way different when your refrigerator's calculating how much milk you're drinking versus trying to send coordinates to troops in Afghanistan, right? So this is the CIA triad, and it comes into play because we're gonna talk about things like espionage,
13:41
right? So this is definitely a time when we would wanna secure communications. Has anyone been to DC in the spy museum? If you're ever in Washington, DC, go see it. It is amazing, and they have all the old, like the stuff hidden in the pill and in the tooth and in the shoe.
14:01
It's really neat, but forever through espionage, spies and agents have always been trying to keep information that they take or that they need to pass from others' knowledge, and then if they have to carry something that nobody else needs to know,
14:21
do it in a surreptitious way that helps if they get caught. They can either destroy it, keep it hidden, or if it's found, it's not able to be deciphered. And then digital rights management and copyright infringement. This has gotten really big because, does everyone remember Napster?
14:44
So essentially now, obviously artists and companies want to protect their product, but in an age where you can copy everything easily and pass it around, they need to find a way to kind of protect the rights of the artist
15:01
or the producer or whoever creates it so that you can't just make all these copies of it. So this digital rights management kind of restricts the things like hardware or computer games, ebooks, film, music, things like that. They will use cryptography to make that work
15:22
so that they can kind of protect people's rights. Authentication, this is proving something or someone is true, genuine, or valid, okay? And an example of a good time is if you want to go to a website, you're gonna kind of want to maybe make sure
15:40
that's the website you should be on. Maybe someone's not spoofing it or created a copy. So you can look at their certificates and ensure that this website is who it says it is. You can use credentials and authentication to log into systems that you need access to. And then if you've bought like a electronics product
16:04
and it has like the little holographic sticker on it, those are actually used for authentication. So it's really hard for people who do knockoffs to create those little holograms. So you can actually use those stickers to kind of make sure you're actually buying what people are claiming they're selling you.
16:26
So digital signatures, so I'm so old, I still print stuff out and sign it with a pen. And my boss is like, you realize you can like just sign it on your computer and email it to me? And I go, oh, I forgot again.
16:43
I'm getting better though. About half the time I can remember to do it. But you can now digitally sign just about anything if you just have the right credentials or you have your stuff set up to do it. And for those who aren't sure how that works, basically you take a plain text, it creates a hash function
17:00
which we're gonna talk about just in a second, and you get a message digest out of that, right? And then it gets signed with a private key and then that goes on your document and then that can authenticate that you've signed something. So if someone comes back and says, oh, you signed this. You can say, nope, nope, that wasn't me. And the forensics folks can actually say,
17:21
oh, yeah, no, no, it wasn't them. Or if you did sign something and then you tried to say you didn't, they can pretty much prove you did. Secure communication. This is one of the reasons why we need stuff.
17:41
I think I was gonna do hash. Oh, yeah, okay. So we're gonna get to Bitcoin because apparently every slide deck has to mention Bitcoin now. Try and keep my notes straight. I had hash further along, but I wanted to talk about it now instead of making you wait.
18:01
How many here are familiar with hash? Okay, good. So this will be easy. So hash is essentially when you have an input, you run it through a hash function or just in a calculation, and it gives you what's called a digest. And so as long as you make sure
18:20
it's the same all the time, it always gives you the same digest, right? And if anything changes, even one letter, you get a totally different digest, okay? And this is important because you can use this to authenticate software. If someone says, oh, here, download this.
18:41
But you're like, oh, I'm not sure about that. They can say, oh, here's the hash function. So as long as those match, you know that it's what they say it is and someone hasn't put something else out there instead. And then this is just a visual kind of representation. You can kind of use hash to send a lot of things from programs to messages,
19:04
I think even pictures and things like that. So that way people can confirm. And you can also kind of use that if you talk about steganography later, you can kind of compare hash for different things to see if maybe there's stuff hidden in something that maybe doesn't look like
19:20
it's hidden in there. So let's do blockchain. Trying to figure out how I want to start here. So blockchain is not crypto, okay? Blockchain is not crypto. Blockchain is a distributed ledger technology, okay? It uses crypto, but it is not crypto.
19:45
So does everyone here know how blockchain works? So do I need to explain? Okay, so I'll go through it. So essentially in a nutshell, it uses the digital signatures that we talked about, right? So the big deal with that is you need to make sure
20:03
that the money can't be spent more than once. Because if I come up and I have like $100 and I give you 50 of them, I only have 50 physical dollars left. I can't just like snap my fingers and suddenly I got 50 more dollars in my bag.
20:20
And so when all this digital currency started, they're like, well, wait a minute, we need to figure out a way to make sure that someone's like, here's $100, boom. Oh, here's like unlimited supplies of money. So there needed to be some way to have some accountability to the system to ensure that people weren't doing that. Because that just pretty much deletes the value of anything
20:41
if people could just create as much of it as they want. There's no value in anymore. So Mr. X will send Mr. Y a Bitcoin, all right? And then the network is gonna record that transaction and then probably like a bunch that are made about in that same timeframe, that window. And then that little recording of all those transactions
21:03
is called the block, right? And then there's computers that run special software, they call them miners. And they note the transactions in like a giant ledger, okay? And that ledger is called the block chain. And it's basically an open source record
21:20
of all the transactions made. So then the miners convert the blocks into sequences of code known as hash. And then when a new hash is generated, it's placed at the end of the block chain and then the whole ledger is publicly updated in shares. Miners make a lot of money because the computing power is very energy
21:40
and resource intensive. And then there's probably a thousand videos online if you really wanna dig deeper into it, but that's essentially what it is. And cryptography is involved obviously when you're trying to do the hash so that you can authenticate that this transaction has occurred. And now this wallet has one less dollar,
22:01
this one has one more. And then people can't go back and go, oh no, now I have 50 more. It's like, no, no, no, that's not what the ledger says. So it just kind of hardens it slightly, not perfectly against people trying to manipulate it or scam it. Now if you have not heard, they actually have a new quantum ledger.
22:20
So if you're interested in that, there's some guys using that technology. I think their website just went live in the last month or so. And it's really interesting and you might wanna check it out if you're super interested in that kind of stuff. Okay, a short history of cryptography and secret writing.
22:43
So let's do steganography. So steganography is interesting. The concept behind that is you wanna conceal the fact that there's secret information in kind of a non-secret document or other medium. Okay, and so I kind of put it up here with cryptography only the actual message is hidden,
23:03
but it's fairly obvious there's something there that's secret because you can see the code or the encipher or all that. With steganography, the message as well as the fact that communication is taking place is actually hidden. Okay, and that's kind of useful in some cases
23:21
when you're trying to not attract the attention of unwanted parties. And then obviously if you just use plain cryptography, it can be people that you don't want seeing things will realize something's going on and then they'll start looking into it. But if they don't even realize something's going on,
23:41
they're just probably gonna ignore it and leave you alone. There is an interesting thing, if you wanna look into it deeper, in Virus Bulletin, April 2016, Stago Loader, have you heard of this? They were hiding malware, I think it was in images, so that if you got something,
24:02
it downloaded the malware onto your system and you didn't even realize it because it was hidden inside something else. So they were actually using steganography to hide malware. And I believe that that's something you definitely want to be aware of exists, especially if you are trying to secure an organization
24:21
and your users. So this is a easy fun one, invisible link, right? That's considered a form of steganography. We've all done the lemon juice and the light bulb trick, right? Okay, so these are some fun ones.
24:46
When I was a kid, the first book I got when I was super, super little was a book on secret codes and writing. And they taught you just like how to write in mere reverse. And that's just a fun way just to obscure something.
25:00
Probably most everybody would notice it and figure it out pretty quick, but it's kind of fun. Have you seen the one with the blocks where you do the five and the three? So this one I loved. We used this to pass notes in third grade all the time. I taught all my friends how to do it and the teacher couldn't read our notes.
25:20
Really, all you're doing, I'm taking a piece from a poem that was my favorite poem in the second grade. And it goes, the top of the hill is not until the bottom is below. And you have to stop when you reach the top for there's no more up to go. To make it plain, let me explain the one most reason why. You have to stop when you reach the top because the next step up is the sky.
25:42
Second grade, still remember it. But what I've done is taken this piece and if you look at it carefully, you'll notice all the letters are there. I've just broken everything up into blocks of five. So on first glance, it may look like a bunch of gibberish but if you know that's what I've done,
26:03
it's easy peasy to read. And then if you wanna make it a little more, like if I started it with the, it might be a little obvious. So you can pad out a little in the front, I'll do like an XY, throw XYZ at the end. And you can break it into either chunks of five or you can break it into chunks of three
26:22
or six or 10, you could do it however you want. But it's just a fun way to kind of obscure writing fairly easily. The kids love it. So then the other one we loved, which we thought was fun, was we would do every other letter. So I'm sure the bottom again,
26:40
it just looks like gibberish, right? Well, all we've really done is we've just inserted a different letter between each letter of the phrase, okay? So the red letters are just the miscellaneous extra letters and then the phrase is in the dark black letters.
27:00
So you can see it's all there. It's fairly easy to read if you know what I'm doing. But someone who doesn't know like your English teacher has no clue what this says, right? So then you can make it a little more fun and you can do the same thing with every other letter and then block those, right?
27:22
We were pretty clever in the third grade, I must say. And then that's just again what it looks like. It's all right there and if you're passing it to your friend, they can read it very quickly but the English teacher can't. Now, are you ready for the challenge?
27:40
You can do that every other letter then break it into blocks and then mirror it. The first three people that can tell me what that says win a book and I have it on little slips of paper if you want it. You have to come up and tell me.
28:01
I don't want them to know or did you say it too loud? Did anyone hear him? Oh, we'll come get a book. And then if nobody else, if someone else didn't hear him, come get a book. Anyone else figure it out? Huh? No, it's not the alphabet.
28:29
I got three books, limited edition. Come up and tell me if you know it. All I've done is done every other letter,
28:45
broken it into three blocks and then flipped it like a mirror.
29:34
One more.
29:57
All right, we have our three. Does anyone here listen to Welcome to Night Vale?
30:04
My God, you people. You need to go listen to that. All right, so it's a really good podcast. We enjoy it. My daughter actually cosplays at Cosplays as Cecil but it's just a quote from the show and now the weather.
30:21
And I just padded out. I don't know if there's a microphone on reach but the P and the Q are padding and then you go A and D and O W all the way across the top and now the weather. And you know what? It seems kind of silly and childish but not everybody got that, right?
30:41
So it's not a bad thing to use if you're writing a love note to somebody you wanna leave and you don't want anyone else to see it or again, those English teachers don't need to know everything. So it's just a fun one. You don't have to have a calculator to do it. It doesn't take forever. If the person you're communicating with
31:01
knows what you're doing, it's super easy for them to read it and smile. So that's just a fun one, I think. So let's talk about some classical cryptography.
31:29
So in 1900 BCE, they were using cryptographic techniques in the hieroglyphics in Egypt.
31:41
And I believe I'm gonna massacre the name of this king but in the tomb of Nobelman-Kun-Numhotep, the second, they've actually figured out that some of the hieroglyphics in his tomb were obscured and confusing
32:03
to kind of hide messages. So not only did they have to decipher the hieroglyphics but then they had to decipher the cipher in the hieroglyphics. In some cases, they think it's held kind of important stuff but then they think other times they actually did it for amusement
32:20
and fun and mystery because they had their own little contests like we do today. And this is 1900 BCE. They were already playing around with that. Another thing I thought was really interesting when I was reading up on Egypt was they've learned that when they were putting the hieroglyphics in, there was a lot of detail about like the depth
32:41
and the angle at which the writing was made that gave it a different meaning. So you may walk in and read one thing back then but if you were trying to tell somebody something else based on how you carved it, it actually would have a different meaning or a different message to those who were in the know.
33:01
Okay, so ancient Egypt, that was pretty neat. The next one, there's no kids so I'm not gonna freak any parents out. The Kama Sutra. In addition to some other stuff, apparently the Kama Sutra talks about ciphers. I guess we all missed that part, right?
33:21
I can't say these things. I just don't know what I'm gonna try but in the Kama Sutra, it mentioned two different ciphers. The first one, I think it was a transposition cipher and then the second one was more of a substitution kind of cipher.
33:40
And then in ancient Persia, they also had these two ciphers. So again, they've been using these things for thousands of years. So what's the difference between a transposition cipher and a substitution cipher? Who knows?
34:11
Okay, you're close. Basically, transposition means that you just rearrange everything, right? Using a given rule, which is usually your key.
34:22
Substitution, which we'll have a slide in a second, it's just basically a one for one replacement. So that's the big difference between those two. One of the earliest ones for the transposition, which kind of fed into what you're about to talk about was the Atbash. And I wanna say this one was, I don't know if it was first noticed there
34:41
but if you are a biblical scholar and you look at the Book of Jeremiah, they found at least three different locations where they used the Atbash to code different names into that book of the Bible. And essentially, the way it works is the first letter is replaced with the last letter and then the second letter is replaced
35:01
to the second last and so on. But this was all the way back, biblical times, they use this, there are codes in the Bible, not that weird, funny stuff like we're all gonna die by a dinosaur on a meteor or stuff. But like real, there are real codes in the Bible and they use this stuff to kind of hide names and things in there.
35:22
And the Spartan military skidalee, has everyone heard of this one? This is usually the first one you learn about. So this one's kind of neat. You basically, they would have a rod of a certain diameter and then your person you were sending the message to would have one that was equal. And then what you did would you would wrap like a leather or hide or something around it
35:43
and you'd put your message on it and then you'd unwind it. And then you'd give it to the messenger and the messenger would take off running or walking, whatever he did, and he'd take it to your person. And the theory was, if he got intercepted, he'd just have this paper with like some stuff on it and they wouldn't be able to read it.
36:01
And in theory, you could only read it if you had a rod of the same diameter to rewrap it and then you could see what it said. So even if you had another rod, unless it was right, you couldn't necessarily decode it. Okay, now we all could probably read it if we just wrapped it, you know.
36:20
But back then it was kind of high-tech. That brings us to our good old friend, the Cesar Cipher. So Cesar, I think, originally used a shift of three. Although I think he was known to use other shifts, his original, I think that his like standby was three.
36:41
And this is kind of, I guess he got, he was the one that made it famous. But essentially, it's like what she was saying earlier, you're taking and you're shifting by a certain number. And they also call this ROT. So if you ever wanted to play like a crypto contest or if someone's like, oh yeah, ROT 17, and you're like, oh yeah, I have no clue what that means.
37:02
Now you know, ROT just stands for rotate. And the number afterwards is how many you rotate by. That's all that is. So and then ROT 13 is kind of the one I see used the most but when we get to the Zodiac Killer,
37:20
and they think someone may have deciphered one of those finally, and it used a Cesar shift of 3.4, which I'm not sure how you do 3.4. So I gotta do more research on that, but that one's interesting. And then our substitution cipher, as we said back when we separated out, is basically when you take a one for one,
37:42
just replacement. How many are familiar with frequency analysis? All right. So frequency analysis is when you take a look at your cipher text and you try to determine what it says by examining the frequency
38:02
with which you see certain letters or symbols or even numbers, okay? So who knows the most common letters in the English language that are used? They're E, T, A, and O. So chances are, if you have a fairly lengthy piece that you're reading, if you see one character
38:23
or letter the most, chances are it's an E, and then T, and then the least common are usually your Z, Q, and X, and you can usually figure that out by thinking about Scrabble, like the ones that are worth the most are usually the ones you use the least. And then the pairs that you wanna look for
38:41
are gonna be like TH, ER, ON, AN, those are called digraphs. So if you can figure out like where your E's are, then you can just look for the ER's. And then if you see two next to each other, what am I doing?
39:01
If you can look for them next to each other, if you look like you have two E's, some of the most common repeats are SS, EE, TT, FF, and OO. So you kinda then wanna, if you can start looking for those and figure those out, and then you start looking for some common words like the, or and, or or,
39:22
then you can start kinda cobbling things together and then just continuing to do the analysis until the message kind of unfolds in front of your eyes, and that's called frequency analysis.
39:41
Who can tell me what this machine is? Whoever said it, come get it. Will you get it, because you stood up? Be proactive, people. Own it. There you go. All right, so this is the Enigma machine. We're gonna talk about polyalphabetic ciphers.
40:00
And essentially, a polyalphabetic cipher is any cipher that's based on a substitution using multiple substitution alphabets. The first they believe that was used or created was by a guy named Alberti in 1467. But this takes us into Vigenere. Vigenere?
40:21
How many have worked with Vigenere ciphers? Okay, these are neat. You will see these a lot in crypto contests. They're a pain to do by hand, but there's tons of stuff on the internet that'll figure it out for you if you ask for it. Essentially, what you need is a keyword and your table. And the tables, the fancy name is tabula recta,
40:45
but you can call them Vigenere squares or Vigenere tables. And essentially, what it is is it's all the different ways the Caesar cipher can be written out. So the 26 different ways you can shift using a Caesar cipher,
41:00
they're all here in a table for you, okay? So once you've got your table, you need your keyword. And that's gonna tell you how to read your code. So if we have attack at dawn, and our keyword is lemon, what you're gonna wanna do is you're gonna wanna kind of write,
41:21
I write mine, one on the top, one on the bottom, and then you have five keys, L, E, M, O, and N, okay? So that's your keyword, and it's composed of your five keys. And what you're gonna wanna do is you're just gonna wanna write it under your entire message and then just keep repeating it. So you can have a fairly long message
41:41
and a fairly short key, it doesn't matter. But you just wanna make sure you line it up. And then you just keep doing and repeating. So you can see here it's like lemon, lemon, L, E. So it didn't need the full third one. You write it underneath. And then what you're gonna wanna do is you're gonna wanna, let's start with A.
42:01
So you'll go up to your A on top, and then you'll come all the way down and look for that L in lemon. And when those two intersect, that gives you the first letter of your cipher text, which is L. And then you do the same thing with your T out here. T comes all the way down to the E, which is in green. That gives you your X.
42:22
Then you do your next T. But this time, instead, it's encoded using the M instead of the E, so it brings you further down and gives you an F. So you can see this is a little more involved, a little more difficult to just do a quickie reverse like with the Caesar.
42:41
Because you're using multiple different ways to code it. So you can see, I kinda took you out to purple. It's basically where you intersect. I didn't do the whole thing. Does this make sense? Does anyone have questions on this? Does everyone get it? Are we good? Are we brilliant? Nice.
43:04
So the Enigma machine. So this was used by the Germans, and they thought they were pretty clever, but we actually ended up cracking it, and they didn't know it, which that really worked to our advantage.
43:21
So the way it worked was you had a sender and receiver that each had a machine, and the machines had to be configured identically for this to work. And you had to have, like there was a rotor selection in order. There were ring positions, plugs and connectors, and then a starting rotor position. And the starting rotor positions
43:42
were established using key lists that changed daily. So you were issued a list, and then you knew if it was this date, like, what is this, 18th day of the month, you knew this is how you needed to set up, okay? And so then the operator would type a letter,
44:01
and then a lamp would indicate the different letter according to the substitution on how the machine was set up. And so then he would record that as the first letter. And each time you pressed a key, it also moved a rotor inside so that the next key press used a different electrical path, and you got a different substitution, okay?
44:21
And then you just continue on this through the full message. And then you'd send the message, and then the receiving operator on his machine would key in your message, and it would light the opposite one up, and so then you could totally pull the entire crypto out, and it would emerge. And that's how the Enigma machine works. I do have here,
44:43
if you wanna grab one later, or there's a ton of them over there, we actually have a puzzle in the crypto village that is create your own Enigma machine. So you can actually take one of these home if you want, if you got kids or you wanna teach them, or you just wanna play with it too, or your teachers, and this will kinda let you put together your own little Enigma machine.
45:08
This right here is kind of an example of what one of the sheets looked like. It's in German. But you can see where it gives you the tables and tells you how you would set it up each day.
45:22
So each person who was an operator of the machine would consult their table, set their machine up, get everything ready, and then they were able to send and receive messages.
45:41
Okay, so we've talked about the Enigma. So this brings us into some more modern day kinda stuff. So Kirchhoff's Principle and Shannon's Maxim. Shannon's Maxim is essentially a derivation of it. They're the same thing. They basically say a crypto system should be secure
46:03
even if everything about the system, except the key, is known by your enemy. Okay, and Shannon's Maxim was basically the enemy knows the system. So what it means is you should be able to put out the directions on how your system works, explain the whole thing, all the equations,
46:21
but unless they've got that secret key, they can't do anything. And so that's kind of how modern stuff works is around these Maxims. So you should be able to make it pretty airtight that way. Who's heard of the Navajo Code Talkers?
46:40
These guys are really neat. There's actually a movie, I think it was 2002. It's a John Woo flick. Nicholas Cage stars in it. He plays one of the soldiers that was assigned to protect one of the Code Talkers. I think the movie is called Wind Talkers. So approximately 400 to 500 Native Americans
47:02
in the U.S. Marine Corps. They were assigned as telephone or radio because their language was so obscure. You know, it's not like the internet today where everyone knows everything. You can go online and learn Swahili in the afternoon.
47:21
Their language was so obscure and the only people that knew it or spoke it were them. So they would take one of them and assign them to a unit. And then they would take another and assign it to a different unit. And then when secure messages needed to be passed in the field, this guy would get on his thing
47:41
and the soldier would say, tell them this. He'd translate in Navajo to his guy on the other end who would receive the message and then turn around and say, okay, this is what they need. Okay, so they did it entirely in their own language and it was unbreakable. The enemy had no clue what they were saying
48:01
because their language was so obscure that nobody knew it even existed and they thought it was a code, but they couldn't break it because it was a language, not a code, right? It is strongly associated with Navajos, especially because of the movie, but it was actually pioneered in World War I by the Cherokee and Choctaw
48:22
and it wasn't limited to Navajo. I think they also had Lakota, Comanche, Cree and a couple other ones and these guys, hugely respected. And this is an example like what they, the words they would use for the planes and the ships
48:42
and the picture down here on the bottom is one of them in the field. You can see he's on the radio talking to his compatriot over wherever their unit is and then one of the other soldiers is sitting there and he's writing the stuff down. These guys were considered so valuable that many men died to make sure they stayed alive
49:01
to keep the communication secured. They were considered absolutely priceless in the field and even to this day, as you can see up here, forgive me for tearing up, they are so respected and so honored for what they've done for our country, so. Sorry. So let's talk about something that won't make me cry
49:21
or maybe it will. So symmetric key. Do y'all know the difference between symmetric and asymmetric key? I mean, the big thing is with symmetric key, you're gonna use the same key, to encrypt and decrypt. AES, the Advanced Encryption Standard,
49:41
that was established in 2001 by the United States government through NIST, National Institute of Standards and Technology and it was to replace DES that was cracked. 15 designs were submitted. I wanna say it was Raindahl, Serpent, Two Fish, RC6 and another one
50:02
and well, 15 designs, those were the finalists and then they selected, I think Raindahl for the AES algorithm. Now, a couple of people asked me sometimes with quantum coming online and the concern about that stuff being compromised.
50:20
They're fairly sure that AES128, that's the key length, fairly sure that's gonna be pretty vulnerable but right now, as of like the last week that I've checked, AES256, you might still be kinda okay.
50:41
Yeah, 250, like I said, as of yesterday, this stuff changes so fast, especially in the quantum world but right now, 256 is still looking okay but I think they're obviously, and we're gonna talk in a little bit, they are definitely still looking for some good alternatives for cryptography.
51:01
If you are here on Sunday and super interested in quantum, there's a gentleman speaking on quantum cryptography. I will be here if you're interested. I definitely recommend the talk and then we have our asymmetric key and that's when we're just essentially gonna use a different key to encrypt than we do to decrypt.
51:25
Some examples of this are like the RSA, some of the elliptic curve techniques. This is day-to-day communications over the internet kinda stuff. So are we ready for some math? It's not really math, it's just gonna,
51:41
like people looking in the door will be all like, ooh, but it's not really that hard. So elliptic curve cryptography, does anyone understand how this works? All right, when you walk out, you'll be able to explain it. Okay, so an elliptic curve, we've all taken algebra, right?
52:02
You know how that works. They give you the equation and you draw the lines and you're good to go. So the elliptic curve, this is the equation for an elliptic curve, okay? You don't have to memorize it. That's just what it looks like.
52:21
So what you're gonna wanna do, well, not on paper, you'll have the computer do this, is anytime you take and draw a line through two points, straight line, it's only gonna intersect the curve at one other point, okay? So that's like a given, all right?
52:42
Now, are you familiar with trapdoor functions? Okay, so a trapdoor function essentially is it's really easy to get from A to B, but to try and work backwards from B to A, difficult if not impossible. And so what you're trying to create here with this elliptic curve is a trapdoor function. Make it easy to do it.
53:01
Super easy to, or super hard to undo it unless you have the key, okay? So our starting point here on this graph is A, okay? And there's a fancy little term that you'll hear. When you go from A to B, it's called A dot D-O-T, A dot B.
53:25
So if you're looking at this graph, A dot B equals C. You with me so far? It's easy, all right? So A dot something equals a certain value. So if my line was a little further up, it would be A dot that would equal a different point.
53:42
So basically, A dot B equals C, but X dot Y equals Z. Just examples only, all right? So you're with me so far? We're good, all right. So then, if you can hang with me through this slide, you're gonna nail it, all right?
54:01
So you can see this one's moving over here. Once you get up to your C point, you can drop a dotted line down so that it hits the curve on the other side. Since we're symmetric, if you get to C,
54:21
D is simply gonna be the negative of that. So if C is three, D is gonna be negative three. If C is 42, D is gonna be negative 42. You with me so far? We're good, all right. So you drop the dotted line down from C to hit the opposite value on the X axis with the symmetry, okay?
54:45
Now, then watch the line. You're gonna go back that way. Does it go back that way? Yep, see how it goes back up to A? So you've got C, it's gonna come down and around.
55:02
C, dot, and then go back up, okay? So every time you do a dot and drop across, that is your private key, is the number of times you go in a loop around, okay?
55:24
And, okay, so A dot N, right, the number of times, that's your key. So the key size, you can max out any way you want this way on the graph, and you can determine how big your key is by how far you let those points come out on your X axis.
55:41
But essentially, you dot the thing a secret number of times. That's it. You got it? We good? Explain it to your friends in the bar? Electric curve cryptography, okay? And this provides the basis of the trap door function, because even if you have the curve,
56:01
like you have the equation for the curve, and you even have your points, like your start point and your end point, unless you know how many times they've looped around through that thing, it's really hard to try and break that, okay? And that's why they have been looking at it for use in quantum, like against securing against quantum computers.
56:22
How many here are familiar with quantum computing? Okay, let me give you a quick, like my two minute ShmooCon talk. Quantum computing, essentially the concern with that against cryptography is it can factor very large numbers much faster than classical computers,
56:42
because you can do it in the quantum state, you can do the functions on both in superposition, right? So when you have some passwords that would take literally like a billion years using a classical computer, a quantum computer can break at about 20 minutes, right?
57:03
And it's because of Shor's algorithm, it can factor. It's a factoring for quantum computers. So everyone's getting a little nervous, which they should be. That is why a lot of the cryptography that uses prime factorization is really at risk right now,
57:22
is because of Shor's algorithm. And they've been exploring a variety of different ways to try and find a replacement or replacements. Elliptic curve was really high on the list a couple years ago when I was doing research. They were like, oh yeah, that's it,
57:40
it's gonna solve everything. But the problem is that it's starting to look a little like, that may not be our best choice right now. I do talk about something called lattice cryptography in my other talk. It's using lattice mathematics. That's also one of the things. And hopefully, I'm looking forward to this guy on Sunday. I wanna learn a little more from him, hopefully. But elliptic curve, I think this is used a lot
58:02
in cell phone encryption. I think Blackberry uses this in some of their stuff. And then this is just some lists of encryption systems. We've got the symmetric, the asymmetric.
58:20
Okay, this is the next one. Are you ready? Quantum key cryptography, right? You got the elliptic curve, right? You're good? You ready to do quantum? All right. So, in a nutshell,
58:42
quantum cryptography uses physics instead of math to create the key to encrypt your data. Okay? Some people look very sad right now. Okay? So, how do we do that? How do you, what?
59:00
How do you use physics instead of math? Well, what you do is you generate your key using photons. Does everyone know what a photon is? It's a particle of light, right? So, this is how photons become a key, okay? When you have a regular photon emitted by an LED,
59:25
it's unpolarized, okay? And that means that it can oscillate that packet or the photon, it can oscillate like all over the place. It's a hot mess, okay? And what you can do is you can pass it through a polarizing filter
59:40
so that you give it a specific spin, all right? And the spins usually are like a horizontal, a vertical, or a diagonal, okay? So, you are gonna emit your, and your particle's gonna be a one or a zero, like binary. So,
01:00:00
You're gonna emit it, you're gonna put it through a filter, and give it a spin, okay? You with me so far? Are we good? All right, Alice is gonna create a string of random polarized photons and send them to Bob, okay?
01:00:23
So here's an example. She might send these different ones like a diagonal, vertical, so she's gonna send these off to Bob, okay? Now Bob's on the other end. Bob has absolutely no clue what she's doing, all right?
01:00:41
He has no clue what filter she's using, so he just picks some random ones so that he can receive them, okay? So if Bob, or if Alice sends a photon that has a vertical spin, and Bob has, this is hard to do holding a mic, if Bob has a filter that's set up as a vertical filter,
01:01:03
that photon is just gonna whoosh right through. Have y'all seen those Japanese game shows where they have the cutouts, and you gotta stand in the weird thing? So it's like that. Think about like that. If it's vertical and his filter matches, it's gonna sail right through, and no problem.
01:01:21
The problem is is if he has the wrong filter, like a diagonal one, then it's either gonna give you a null result because it's not gonna go through, or that filter will change the spin on the particle to match, and it'll be a diagonal. You with me so far? We good?
01:01:41
Y'all are brilliant, okay? So what happens is now Alice can pick up the phone, and she can call Bob. She can say, hey Bob, these are the filters I used, right? And so if anyone's trying to eavesdrop, they don't know what Bob used.
01:02:01
They know what Alice used, but they don't know what Bob used, right? So she tells him what she sent, okay? Now Bob knows what he used, and none of that's communicated back that way. So then Bob knows what he got right and what he got wrong,
01:02:21
and that gives them a union of the ones that he knows are right, and that becomes your key, okay? And you can't man in the middle of this because if you're familiar with quantum physics, with the Heisenberg uncertainty principle, if you observe something or measure it,
01:02:41
you collapse the wave function. So they will be able to tell on either end if that wave function's been collapsed, and then they can scrap it and try again. So they'll know if someone's tried to observe it, okay? But this is a good little kind of diagram here where it shows Alice's random bits
01:03:00
and then her filters, right? And then his, and then they have that talk in the middle, and then they realize this is their shared secret key. And that's quantum key cryptography. You got it? Explain it at the bar. Woo, all right, that was the hardest part.
01:03:23
So let's wrap up by talking about some unsolved mysteries. This is the fun part, I like these. We have a lot of murder and mayhem going on here, but we'll start with some of the older stuff. So have y'all heard of the Phaistos disk? Okay, this was found, I wanna say like early 1900s,
01:03:43
like around 1908, it's fired clay. It was found in a Minoan palace on Crete, and it's 16 centimeters in diameter, and they think it's written in linear A. So that's one of the two undeciphered writing systems in ancient Greece. So they still have writing systems from ancient times
01:04:04
that they still haven't quite figured out yet. And this was, I think there's like 241 different little token piece, like stamper things that they probably put in, and it comes about 45 different distinct characters.
01:04:21
And you read it clockwise spiraling into the middle, and this is still kind of unsolved. There's some guys that have been working on it for quite some time, I wanna say about six years, a linguist and another guy from Oxford. They're fairly certain it's a prayer to a Minoan goddess,
01:04:41
but they're not quite sure. So anytime you get frustrated working on a puzzle, like these guys have been working on this for six years and still haven't figured it out, so don't feel too bad. But this is ancient Greece. And then have you heard of the Voynich manuscript?
01:05:01
It's either on YouTube or Netflix, it may be on both, but there's like an entire hour long thing on this manuscript, it's super fascinating. It'll put you to sleep if you need it. But this is a book of unknown writing. And they've carbon dated it to sometime, I think in the 15th century. And it may have been written during the Italian Renaissance,
01:05:26
but they're not sure. It allegedly was found by a book dealer. But there is some question around, did he actually like buy it and find it? Or is it this really elaborate hoax? They're not really sure.
01:05:40
It's 240 pages, it's a combination of script and all sorts of like crazy writing. There's another page from it. Nobody's been able to figure it out. Absolutely nobody can figure any of this out. It is just, they're boggled. The show, if you wanna sit and watch, it's literally like an hour.
01:06:01
And it's super fascinating, because they go through the whole history of when it was found, and they show you a lot of the pages and some of the stuff the cryptographers have been trying to figure out with it. There's some thoughts that maybe Francis Bacon wrote it, which would be interesting because of the Baconian cipher. And then some others have suggested maybe it was Albertus Magnus.
01:06:21
He was like a monk back then. And then again, there are some people that just think it is just a big fake thing that this guy created to kind of make money and you know how people are. But that's the Voynich manuscript. You ready for some murder? Have you heard of Tamam Shud,
01:06:41
the mystery of the Somerton Man? No? All right, this is an unsolved murder. Okay, in December 1948, an unidentified man was found dead on a beach. Okay? No identification on him. Nobody had any idea who he was.
01:07:02
A dead body on a beach. Six weeks later, they found a suitcase in the railway station cloakroom that they were able to, I think they connected it to him somehow. And it was deposited at 11 o'clock the day before he died.
01:07:23
Okay? There was no identification in the suitcase. But in the pocket of his pants, they found a paper that read, Tamam Shud. Does anyone know what that means?
01:07:41
Okay, so that is the final words from the Rubiad by Omar Khayyam. It's a book. If you went to English, you probably had to suffer through it. Later, in a abandoned car parked near that beach, they found a copy of the book
01:08:03
and the last page that had those words on it had been torn out of the book. Okay? So they obviously, you know, were trying to figure out who'd done it. When they examined the book very carefully,
01:08:21
in the book, in some kind of faint writing, they found this cipher-y stuff. They're really not sure what it is, but it looks like a cipher. And they also found a phone number. Well, they called the phone number
01:08:40
and it turns out to belong, it belonged to a local nurse who actually lived near that beach. And the detectives went and showed, like a plaster bust cast thing they had, made of the man after he died, trying to identify him. They went and showed this to the nurse
01:09:01
and the nurse was like, I have no clue who that is. However, the way she reacted when she saw it, apparently she turned sheet white and panicked. Claimed she didn't know who it was, but her reaction to the cast, it was kind of obvious she knew something, right?
01:09:21
So she claimed she gave a book, the Rubaiyat, she gave a book like that to a guy named Alfred, where she was doing some nursing training like a couple years earlier, but she hadn't seen Alfred or the book in ages. And then when they actually tried to track down Alfred,
01:09:40
they found him, but he had been dead for a couple years. So then a couple years later, I think they were trying to reopen the case. The daughter of the woman came forth and she said that her mother had known much more and hadn't wanted to admit it. And that there's some thought that the mother
01:10:01
had ties to Russia and could have been a spy. And maybe that had something to do with the guy's death on the beach. But this is a completely unsolved murder case and they have never been able to decrypt that note in his pocket. So if you wanna give it a shot, it's on the internet. It's out there.
01:10:20
But it's totally unsolved and nobody can read it. The McCormick Cipher, this is a neat one. So in June 30th, 1999, they found a dead body on the edge of a cornfield in Missouri. And the body was of a man named Ricky McCormick. He was 41 years old, unemployed, on disability.
01:10:44
He had a criminal record. I think he'd served time for statutory rape. And he was 15 miles from his home address. But he didn't own a car and he had no public transportation. What was even more interesting was he couldn't spell
01:11:01
and could barely write his own name. Yet on him, they found this note on the body. Okay? So the FBI actually has this on their website. You can go to forums.fbi.gov code. This is an open case still.
01:11:21
They are looking for anyone who can help them solve this. Give them a call. But this, to this day, let's see, 1999, we're almost up on 20 years. 20 year cold case, dead body, code in the pocket. They think that if they can break this code, they might be able to figure out who killed them.
01:11:40
But there's no guarantees it could be a grocery list. The Blitz Ciphers. I love this picture. It just shows the British. Stiff upper lip, tea in the bombing. So the Blitz Ciphers, World War II, during the bombings, this was in East London.
01:12:01
This guy in one of the buildings found some wooden boxes and they had these pages in them that had all sorts of ciphers and stuff. This is what some of them look like. And at first, he only released three because he was really, actually, the gentleman didn't release them.
01:12:20
He passed them on down. His nephew finally had them. His nephews have released a couple. They might have been written with a quill pen, but the problem with these is that nobody's been able to actually look at them for real because the guy who owns them wants to stay anonymous and he will only release pictures of them.
01:12:41
So then again, it begs the question, are these real? Is it a hoax? Are they just messing with cryptographers? But these are some of the pictures and some of them look kind of like, if you're familiar with John Dee and the guy in English history. Oh, we'll go to the Zodiac.
01:13:02
So who's familiar with the Zodiac Killer? All right, this is what got me interested in crypto. When I was a little kid, I actually read this book. Best book on Zodiac. I still own it. It's dog-eared to jello. But if you're interested in an actual book on it, I highly recommend this one. And I just found,
01:13:22
my background before this was I was a police officer. So I do medical, legal, death investigation, forensics. And I read a lot of this stuff and I just always found this fascinating. They never caught the guy and all the codes involved with the stuff. So in the late 60s, early 70s,
01:13:40
there was a serial killer in Northern California. And he, I'm gonna say four men and three women. Again, super fascinating how he did it. He would like, he was a hooded figure. There were actually two people that he went after that got away and were able to describe him. So they have like sketches of that. This book is great
01:14:00
because it has a lot of the photography and the evidence and pictures from the crime scenes and everything. They named him Zodiac after a series of taunting letters that he sent the police. There's a couple samples up here. And they were all these kind of cyphery cryptograms. And I think there were four total
01:14:21
that were sent to the police. And only one had ever been solved. It was a husband-wife hobbyist cryptography group or pair. They solved one of them. But it wasn't the same thing for each one. So it's not like they could just, oh, you solved that one, solved the rest. It was different for each one. So what I thought was really interesting was
01:14:42
there's a guy named Corey Starlipper. He's not in here, is he? That happens to me sometimes. People I talk about are sitting in my talks. So he thinks he solved this, okay? He saw a movie on it in 2007. And he got super interested in it,
01:15:01
to the point of stalking the whole story. He had stuff everywhere. And he's like, I'm gonna crack this. So there's one of the cryptograms. It's called the 340, because it had 340 characters. And he thought to himself, this is interesting. 340 is the area code for the US Virgin Islands, right? And then he said, okay, three plus four
01:15:21
plus zero equals seven. And then he did seven plus zero. And I don't know, he kind of got 707, which happens, oddly enough, to be the area code for Vallejo, Napa, and Solano, where the murders occurred. He's like, I think I'm onto something. So he decided to use a Caesar shift of 3.4
01:15:43
because of the 340, right? I'm not sure I've ever shifted 3.4. I wanna do some more research on that. But when he applied a Caesar shift of 3.4, do you know what came out? This.
01:16:01
And it was like, oh my God. If you read through the whole thing, it ends with Lee Allen. My name is Lee Allen. Lee Allen happened to be one of the prime suspects on the top of the police list at the time of the investigation. They had brought in a handwriting expert
01:16:21
who claimed that, oh no, no, his handwriting doesn't match whoever did these. But y'all know, you can mask handwriting. That's not rocket science. And he also happened to pass a poly. But if you have any background in poly, you know that's not a science. So unfortunately, Lee Allen died in 92. So they really can't confirm or deny this in any way.
01:16:43
But they think this has been cracked. But there's other people that claim, oh no, no, you didn't do it. You didn't make it. So it's still a little bit out there with the, has it been solved? I think there's still two others that are still not solved to this day.
01:17:01
So how we doing on time? Are we good? I think we're good. So what have we learned? We learned a lot today. Y'all can explain elliptic curve, right? You can hide messages from your English teacher, right? Or your boss.
01:17:21
Quantum key, right? Doing pretty good. So that's pretty much it. That's my talk. I wanted to do just an introduction, a little bit of history, some unsolved mysteries. You know, just to kind of get people interested and realizing it's not all that difficult. I do have a couple copies of my book left. If anyone wants one afterwards,
01:17:40
you're free to take one. And if I run out, the PDF copy of the book is on my site, as well as the walkthrough for it. So if you get a book and then you get stuck and you want it, you want one? I'll make sure you get one. Okay, so that's all I have. Are there questions, comments, short, smart remarks?