My Thoughts on "Unbreakable Codes"

It seems to me that too many young (and old) cryptographers are fascinated with the unbreakable code/cipher. This is set as a halcyon achievement, the pinnacle of a life's work. The issue with this is the paradox entailed. Either there is a key, an algorithm, by which to unlock it (even if this key is all in the maker's head), or the letters are forever jumbled. And, where there is a key, there is a lockpick. Computer advancements, unscrupulous agents, deception, network analysis, and many others can always be used to retrieve the key. There is no way to transfer a key (or a cipher, for that matter) that does not, by the very act of transportation, inherently decrease the security involved. This includes talking. No matter how secure it might seem, the human factor is always involved. The alternative, of making the key unguessable or unreachable and untransported only means that the cipher serves no purpose besides private diary, and one that might not ever be crackable by even the original person. Even without a key, we are at the day and age where computers might advance so quickly that they can simply bruteforce millions of possible solutions and come up with a reasonable one within a few days time.

My solution to this is to avoid searching for the unbreakable cipher. Because, as true is the statement about their being a lockpick for any key, it is also true that a cipher/code (for simplicity's sake, I will just abbreviate this to either code or cipher though I am meaning both interchangebly throughout this article) needs only be as secure as the situation merits. I literally mean, by this, that simple protection is all that simple data means, while more sensitive data requires more intense protection; but I am mostly referring to the fact that ciphers traditionally deal with a time frame.

In other words, if the cipher is unbreakable while the time frame merits, then it has done it's job, even if the cipher will soon after be cracked.

Three three rules, the assumption of breakability, the pairing of need with degree, and the factor of timeliness, compose my general philosophy on the "unbreakable" cipher.

This philosophy leads to a general rule of thumb, which I will soon illustrate with an example, that though all ciphers should be assumed to be breakable, you can make them practically obfuscated to the point that they achieve a satisfactory level of security. The example I have of this is the Towers of Hanoi. A simple "children's" game in which you have several disks with holes in their middle with each disk being slightly larger than the last and you have three "towers" or dowels that the disks fit over. The starting position usually has about seven disks with the smallest on top down to the largest on bottom of one of the towers. You have to then, following the general rules of "no larger disk can ever be on top of a smaller disk" and "you can only move on disk at a time", move the stack of disks to another tower.

The algorithm of solution is essentially to move back and forth between all three towers with the smallest disk first going on the far tower, then the next smallest on the middle, and then the smallest on the next-smallest, and then the third-smallest on the far tower. The smallest goes back on the first tower, the next smallest is transferred, on top of the third smallest and we have a general pattern.

Where this game is significant, besides being a relatively fun toy for teaching logic and planning, is the fact that there is a thirty or so disk version (maybe more, it has been sometime since I have seen it) that is signficant only in that the time it would take to make all the moves to solve it (though solvable it is) would require more time than a human can probably devote to it in their entire life. In other words, though the solution is "obvious", it is impractical to achieve.

This should be the general model of a cipher. Do not spend years trying to make it unbreakable. Spend a day making it hard to break, and that will buy you the time you need to get what you need done. If they have to spend two months to break it, then you can have moved on and the chase starts again.

I will end with an anecdote I read in Martin Gardiner's Codes, Ciphers and Secret Writing (an excellent book aimed at a "middle school to junior high" level that definitely would have been loved among my friends and myself if I knew about it when I was in that grade). He mentions Franklin D Roosevelt having enciphered entries into his diary as a younger kid but using such a simple cipher that it was later "easily broken". The question is why would a kid use a cipher that simple. Well, first off, most people assume ciphers to be much harder to break than they are. Sometimes they think that symbols are all that it takes, or throwing in a few fake characters. That is possible in this case. Maybe young FDR thought the symbols forever hid his work. Or, also likely, young FDR's cipher works were good enough for a young man talking about teenage issues. Sure, it might be crackable by a group of people AFTER he is president, but it served its purpose.

The two things to take from this, sometimes it does not take much to go deep enough to get the job done, and, if you plan on being president one day then a monoalphabetic subsitution scheme is probably not going to cut the mustard.

A Postcript. I cannot, in good conscious, leave this unsaid. While a cipher may serve its practical purpose by being only impractical enough to break in a reasonable time and effort, there are people who so love the "chase" that they will "waste" considerable time just to claim victory over a code. Always assume that a code will one day be broken. As before, though, its a question of time and how much you need.