Storia della crittografia → Cifrari → Cifrari polialfabetici → Il cifrario di Vernam

Classical cryptography and modern↓ and contemporary↓ cryptography, appear today as disciplines that turn their backs, tending to ignore each other; Scholars, researchers and users of contemporary cryptography often have little interest and only some vague idea of classical cryptography typically reduced to Caesar and Vigenère ciphers. Conversely, lovers of classical cryptography are often, but not always, little interested in contemporary cryptography

Yet every now and then we find curious similarities between ciphers of distant times; here we see how the tabula aversa of the Tritemius (1507), the very first digit of G. B. Bellaso (1552) and Vernam's cipher (1919) are reunited in the so-called DIANA cipher, DIANA cryptosystem, used by the United States Army during the Vietnam War (1965-1975) and after↓.

This is likely a coincidence; it does not result from the sources and in any case it seems unlikely that the cryptographers of the NSA knew Bellaso's ciphers or the reciprocal lists used at the beginning of the XVI century. More likely they could know Trithemius' aversa tabula or a similar table↓.

In essence, the DIANA cipher is nothing more than a table of reciprocal lists like Bellaso 1552, which uses as contrasegno (key) a random sequence, a one time pad because obviously it must be used only once, as in the Vernam cipher. The reciprocal list serves to reproduce the symmetry of the Vernam cipher; I summarized all that in the title: Bellaso + Vernam = DIANA

Compared to Bellaso's table, which had vowels in the first places, this one follows only and strictly the alphabetical order, like the table of Trithemius; an operational convenience because in this way there is a further symmetry: each group of three letters: key, plain and encrypted text, is fully interchangeable, for example A DW is equivalent to D AW and W AD, and this table is therefore called trigraphic.

Mathematically considering the ordinals of the letters, $ k $ ordinal of the key, $ x $ of the clear and $ y $ of the cipher, meaning that ord ('A') = 0, ord ('B') = 1 ... ord ('Z') = 25 , the relation may be written as a linear equation: $$ x + y + k = 25 \pmod{26}$$ that, solved for $y$ (cipher) gives the encrypting formula: $$ y = 25 - x - k \pmod{26}$$ and, solved for $x$ (plain text) gives the deciphering formula: $$ x = 25 - y - k \pmod{26}$$ and so, the enciphering formula and the deciphering formula are identical, like in Vernam.

An American military that used DIANA during the Vietnam war, wrote in 2005: “After a while, most of us became so proficient with the system, that we actually learned the deciphering matrix by heart.”↓ A comment that recalls what Bellaso wrote in the preface to his 1553 cipher: una sola riuolta d’occhio la comprende tutta, сhe potrebbesi ancora in breuissimo spatio di tempo imparare a mente↓.

The encryption procedure consists in using apart of a one time pad (booklet)↓ as a key (to be used only once) starting after a given block (see below, transmitted as it is and used to indicate the starting point of the key); thereafter write the clear text under the key and combine the key letter with the plain text letter thus obtaining the encrypted letter. Using the given example Vietcong will attack this evening here is the encryption process:

key SSRAW GVAUI KTZYR DVEQJ CAUJD XONIZ CARUB NAWN plain text ----- ----- VIETC ONGWI LLATT ACKTH ISEVE NING cryptogram SSRAW GVAUI UYWIG IRPNI MOFXD CJCYT PHEKU ZRQG

On the right you can see the table to be used for combining key, to be found in the left column, and plain text in the reciprocal alphabet. The table can also be arranged in square form, which is identical to the 1507 reverse table of the Trithemius, except that Trithemius used a 24-letter alphabet↓; indeed it is not necessary to repeat the alphabet on each line, but it is still convenient to avoid alignment errors. A device version of two rotating discs is also available as a toy on the market.

The deciphering procedure is just the same, as stated above; first, however, it is necessary to search the OTP sheet for the first two blocks, ten letters, and use the following blocks, in the OTP, as the key.

According to Shannon's theorem, a figure like this is 100% indecipherable under two conditions: 1) that the sequence is truly random; 2) that an OTP is never reused. The second depends on the organization of the service, the first condition is very difficult to respect; I don't know how DIANA's OTPs were produced, but it is likely that it was the work of pseudorandom algorithms on computers, and therefore not truly random. If these algorithms are well designed the security is still high even if not 100%. The OTPs in this page are made using the pseudorandom function rand (_) of the PhP language, which the PhP manual itself admits is not cryptographically secure; PhP provides a safer but inevitably slower one and the first is enough for demonstration purposes.

As mentioned, the key is written on a booklet divided into blocks of five characters, page after page; as always there will be two identical copies for the two correspondents. With each message, the book continued to be scrolled until exhaustion, strictly maintaining the alignment. Rather problematic: if by distraction or other alignment is lost, all the following messages become indecipherable..

For this the DIANA cipher used an ingenious method: the sender randomly selected a number n and copied the two groups found in place n and n + 1, 10 characters in all, at the beginning of the message; the clear text was then encrypted using the following key; the recipient received the cipher, looked in the key for the first two groups and then decrypted the remaining letters using the sequel in the key. So he was sure to start deciphering at the right place.

The main, primary source on DIANA is David G. Boak's 1973 NSA lecture series, which has been made public (declassified) only in 2015, and with some parts still obscured↓, and among these a part of the description of DIANA↓. There is also a short article of an American military that used DIANA in the Vietnam war (see below in the bibliography). Perhaps this is why there is no clear rule on how the block of 10 letters had to be extracted: within the whole book? Looking for a block of 10 random letters in a large book appears impractical and dangerous; it seems more reasonable to extract a block not too far beyond the last block used, for example in the same page or at the latest in the next one; thus alignment would be ensured at the cost of wasting the few skipped and unused blocks.

The interactive example on this page is limited for now to drawing the two initial blocks in the first half of the OTP sequence which is kept large enough for a short message (maximum 40 letters).

Thanks to Silvio Coccaro, physician, software and cryptography enthusiast, for having talked me about this cipher.