Kryptos K4 is not a Vigenere Cipher

The fourth passage of the Kryptos sculpture has been unsolved for over 21 years. If you are one of the professional cryptanalysists and amateur enthusiasts who have attempted to solve this puzzle, you may be wondering if Kryptos passage 4 (K4) can be solved by a double key Vigenere cipher. The answer seems to be no. Kryptos cipher 4 is not a Vigenere cipher.I'll walk through how I attempted to brute force the keys for…

Continue ReadingKryptos K4 is not a Vigenere Cipher

QIF: Channel to Hyper-Distribution

Information leakage happens when a system helps an adversary achieve some goal. We can understand leakage through quantitative information flow (QIF), a robust framework that gives ways to quantify the amount of leakage of a system. In this post, we will walk through how we can statically model a system as a channel matrix. We'll also see how a channel maps a prior probability distribution to a hyper-distribution that helps an adversary narrow down the…

Continue ReadingQIF: Channel to Hyper-Distribution

Bayes Vulnerability: Introduction to QIF

Here I introduce an introductory overview of quantitative information flow (QIF), a mathematical framework used to precisely discuss leakage. We start with a system that takes some sensitive information as input, processes it, and produces some publicly observable output. We want to determine how the system affected the sensitive information. This overview will focus on the often relevant and intuitive measure of Bayes vulnerability, which addresses when the adversary must guess the value of the…

Continue ReadingBayes Vulnerability: Introduction to QIF

Resources on cryptography

I've put together a few of my favorite resources on cryptography. My general recommendation is to watch lecture videos. Academic papers and textbooks can be quite dense, but authors clear things up in their PowerPoint presentations and videos. I've included links to some of my favorite talks but I also list some courses and textbooks. These resources are about the math and theory behind cryptography and don't address implementation. Fundamental Cryptography Here are some resources on…

Continue ReadingResources on cryptography
Read more about the article CYBERWARCON Recap
US Capital Building

CYBERWARCON Recap

CYBERWARCON was a one-day conference held in Arlington, VA on November 28.  Talks were about threat analysis, covering advanced persistent threat (APT) attacks and information operations (IO). For me, the conference demonstrated its value by supplanting sensationalism with concrete operational insights. Here's some of my takeaways from the talks. Please forgive my fuzzy pictures! Thomas Reid The wider socio-political context may be necessary to understand forensics.Exposing part of an IO can sustain it. Camille Francois…

Continue ReadingCYBERWARCON Recap