Storia della crittografiaCifrariCifrari polialfabeticiIl cifrario di Vernam
Bellaso + Vernam = DIANA
Tavola Bellaso 1552 - Tabula recta del Tritemio
Interactive cipher
Plain text
One Time PadBlocco indicatore a pos. 60 CNWVE BGZGV PRZZJ KGOPE QPOMK KTXDM DFAAB EBHEH DUZDT IOZXE ENTSA EDTBG GFMGF NLHVP PZKOC EXRDU VHHPA ITDCU JIAWO GJZNE PDDZR GDPXH JTPRI PZBTB WCKWY YDIYQ NNTRN LXQBV YKONC XDCYW EVZOR YNUGL LTYFK LRICS EADSO GPRIO ONJNC BMPWS BIMZN XLFGO YKPBD DITVR HJERX HSJWP CXXPX LNJQT XODMQ HQYAL PIVUZ TBSCY HFWFV TQIDG BAVFM MMDLM OBVJV UCXNF WVLSA GMRPP YQPTW CFIFQ VURQD NLGLZ MHUYZ VELMT AKKQE GSKPY BLSTC WGNDS NPZIO ZDSKQ MLBXB GEUQT SRFLK HHRVK KIAJQ OIUHT LUFMR GSWBJ PUAUF LBNDX YNFYX WNGQV ZCPEO HLHDN RSHSN NEPBH MZVSY TOLZF HZHWD WDPDG CVZKN NYRDZ ZQYUI WNWIN CPMJM QFPFJ WIEWT RKRJN QIDPC MMQJV DLKQU XGZNM IJVMG OEQFN DWVHL YUYPD TTPEJ JBPJO BSXWF ELJUR XYNTF ZRZXH DQASU JCWZL KADIX IMISG ZPFNI KNAKK HOBIG WRISR UDSXL PGXYY EYNJL WUYWF JETLM AHEIA VDDNA PCHNB FRZTB LQWKM BUQVF DVNHE OCHSP IHSPU UVMUP OFFKQ RMLIH RMDET ITVPL LYSEO NYKZS ZOYEY PWLAF SRRWW LEPHU

OTP key GFMGF NLHVP PZKOC EXRDU VHHPA ITDCU JIAWO GJZN plain text ----- ----- VIETC ONGWI LLATT ACKTH ISEVE NING cryptogram GFMGF NLHVP PSLSV HPCAX THSRG REMEY IZVIH GING

Table viewed as
Table original, similar to Bellaso 1552
AABCDEFGHIJKLMNOPQRSTUVWXYZ
ZYXWVUTSRQPONMLKJIHGFEDCBA
BABCDEFGHIJKLMNOPQRSTUVWXYZ
YXWVUTSRQPONMLKJIHGFEDCBAZ
CABCDEFGHIJKLMNOPQRSTUVWXYZ
XWVUTSRQPONMLKJIHGFEDCBAZY
DABCDEFGHIJKLMNOPQRSTUVWXYZ
WVUTSRQPONMLKJIHGFEDCBAZYX
EABCDEFGHIJKLMNOPQRSTUVWXYZ
VUTSRQPONMLKJIHGFEDCBAZYXW
FABCDEFGHIJKLMNOPQRSTUVWXYZ
UTSRQPONMLKJIHGFEDCBAZYXWV
GABCDEFGHIJKLMNOPQRSTUVWXYZ
TSRQPONMLKJIHGFEDCBAZYXWVU
HABCDEFGHIJKLMNOPQRSTUVWXYZ
SRQPONMLKJIHGFEDCBAZYXWVUT
IABCDEFGHIJKLMNOPQRSTUVWXYZ
RQPONMLKJIHGFEDCBAZYXWVUTS
JABCDEFGHIJKLMNOPQRSTUVWXYZ
QPONMLKJIHGFEDCBAZYXWVUTSR
KABCDEFGHIJKLMNOPQRSTUVWXYZ
PONMLKJIHGFEDCBAZYXWVUTSRQ
LABCDEFGHIJKLMNOPQRSTUVWXYZ
ONMLKJIHGFEDCBAZYXWVUTSRQP
MABCDEFGHIJKLMNOPQRSTUVWXYZ
NMLKJIHGFEDCBAZYXWVUTSRQPO
NABCDEFGHIJKLMNOPQRSTUVWXYZ
MLKJIHGFEDCBAZYXWVUTSRQPON
OABCDEFGHIJKLMNOPQRSTUVWXYZ
LKJIHGFEDCBAZYXWVUTSRQPONM
PABCDEFGHIJKLMNOPQRSTUVWXYZ
KJIHGFEDCBAZYXWVUTSRQPONML
QABCDEFGHIJKLMNOPQRSTUVWXYZ
JIHGFEDCBAZYXWVUTSRQPONMLK
RABCDEFGHIJKLMNOPQRSTUVWXYZ
IHGFEDCBAZYXWVUTSRQPONMLKJ
SABCDEFGHIJKLMNOPQRSTUVWXYZ
HGFEDCBAZYXWVUTSRQPONMLKJI
TABCDEFGHIJKLMNOPQRSTUVWXYZ
GFEDCBAZYXWVUTSRQPONMLKJIH
UABCDEFGHIJKLMNOPQRSTUVWXYZ
FEDCBAZYXWVUTSRQPONMLKJIHG
VABCDEFGHIJKLMNOPQRSTUVWXYZ
EDCBAZYXWVUTSRQPONMLKJIHGF
WABCDEFGHIJKLMNOPQRSTUVWXYZ
DCBAZYXWVUTSRQPONMLKJIHGFE
XABCDEFGHIJKLMNOPQRSTUVWXYZ
CBAZYXWVUTSRQPONMLKJIHGFED
YABCDEFGHIJKLMNOPQRSTUVWXYZ
BAZYXWVUTSRQPONMLKJIHGFEDC
ZABCDEFGHIJKLMNOPQRSTUVWXYZ
AZYXWVUTSRQPONMLKJIHGFEDCB

Classical cryptography and modern and contemporary cryptography, appear today as disciplines that turn their backs, tending to ignore each other; Scholars, researchers and users of contemporary cryptography often have little interest and only some vague idea of classical cryptography typically reduced to Caesar and Vigenère ciphers. Conversely, lovers of classical cryptography are often, but not always, little interested in contemporary cryptography

Yet every now and then we find curious similarities between ciphers of distant times; here we see how the tabula aversa of the Tritemius (1507), the very first digit of G. B. Bellaso (1552) and Vernam's cipher (1919) are reunited in the so-called DIANA cipher, DIANA cryptosystem, used by the United States Army during the Vietnam War (1965-1975) and after.

This is likely a coincidence; it does not result from the sources and in any case it seems unlikely that the cryptographers of the NSA knew Bellaso's ciphers or the reciprocal lists used at the beginning of the XVI century. More likely they could know Trithemius' aversa tabula or a similar table.

In essence, the DIANA cipher is nothing more than a table of reciprocal lists like Bellaso 1552, which uses as contrasegno (key) a random sequence, a one time pad because obviously it must be used only once, as in the Vernam cipher. The reciprocal list serves to reproduce the symmetry of the Vernam cipher; I summarized all that in the title: Bellaso + Vernam = DIANA

Mathematically

Compared to Bellaso's table, which had vowels in the first places, this one follows only and strictly the alphabetical order, like the table of Trithemius; an operational convenience because in this way there is a further symmetry: each group of three letters: key, plain and encrypted text, is fully interchangeable, for example A DW is equivalent to D AW and W AD, and this table is therefore called trigraphic.

Mathematically considering the ordinals of the letters, $ k $ ordinal of the key, $ x $ of the clear and $ y $ of the cipher, meaning that ord ('A') = 0, ord ('B') = 1 ... ord ('Z') = 25 , the relation may be written as a linear equation: $$ x + y + k = 25 \pmod{26}$$ that, solved for $y$ (cipher) gives the encrypting formula: $$ y = 25 - x - k \pmod{26}$$ and, solved for $x$ (plain text) gives the deciphering formula: $$ x = 25 - y - k \pmod{26}$$ and so, the enciphering formula and the deciphering formula are identical, like in Vernam.

An American military that used DIANA during the Vietnam war, wrote in 2005: “After a while, most of us became so proficient with the system, that we actually learned the deciphering matrix by heart.” A comment that recalls what Bellaso wrote in the preface to his 1553 cipher: una sola riuolta d’occhio la comprende tutta, сhe potrebbesi ancora in breuissimo spatio di tempo imparare a mente.

Encrypting procedure (interactive)

The encryption procedure consists in using apart of a one time pad (booklet) as a key (to be used only once) starting after a given block (see below, transmitted as it is and used to indicate the starting point of the key); thereafter write the clear text under the key and combine the key letter with the plain text letter thus obtaining the encrypted letter. Using the given example Vietcong will attack this evening here is the encryption process:

key GFMGF NLHVP PZKOC EXRDU VHHPA ITDCU JIAWO GJZN plain text ----- ----- VIETC ONGWI LLATT ACKTH ISEVE NING cryptogram GFMGF NLHVP PSLSV HPCAX THSRG REMEY IZVIH GING

On the right you can see the table to be used for combining key, to be found in the left column, and plain text in the reciprocal alphabet. The table can also be arranged in square form, which is identical to the 1507 reverse table of the Trithemius, except that Trithemius used a 24-letter alphabet; indeed it is not necessary to repeat the alphabet on each line, but it is still convenient to avoid alignment errors. A device version of two rotating discs is also available as a toy on the market.

The deciphering procedure is just the same, as stated above; first, however, it is necessary to search the OTP sheet for the first two blocks, ten letters, and use the following blocks, in the OTP, as the key.

Security of the cipher

According to Shannon's theorem, a figure like this is 100% indecipherable under two conditions: 1) that the sequence is truly random; 2) that an OTP is never reused. The second depends on the organization of the service, the first condition is very difficult to respect; I don't know how DIANA's OTPs were produced, but it is likely that it was the work of pseudorandom algorithms on computers, and therefore not truly random. If these algorithms are well designed the security is still high even if not 100%. The OTPs in this page are made using the pseudorandom function rand (_) of the PhP language, which the PhP manual itself admits is not cryptographically secure; PhP provides a safer but inevitably slower one and the first is enough for demonstration purposes.

In practice

As mentioned, the key is written on a booklet divided into blocks of five characters, page after page; as always there will be two identical copies for the two correspondents. With each message, the book continued to be scrolled until exhaustion, strictly maintaining the alignment. Rather problematic: if by distraction or other alignment is lost, all the following messages become indecipherable..

For this the DIANA cipher used an ingenious method: the sender randomly selected a number n and copied the two groups found in place n and n + 1, 10 characters in all, at the beginning of the message; the clear text was then encrypted using the following key; the recipient received the cipher, looked in the key for the first two groups and then decrypted the remaining letters using the sequel in the key. So he was sure to start deciphering at the right place.

The main, primary source on DIANA is David G. Boak's 1973 NSA lecture series, which has been made public (declassified) only in 2015, and with some parts still obscured, and among these a part of the description of DIANA. There is also a short article of an American military that used DIANA in the Vietnam war (see below in the bibliography). Perhaps this is why there is no clear rule on how the block of 10 letters had to be extracted: within the whole book? Looking for a block of 10 random letters in a large book appears impractical and dangerous; it seems more reasonable to extract a block not too far beyond the last block used, for example in the same page or at the latest in the next one; thus alignment would be ensured at the cost of wasting the few skipped and unused blocks.

The interactive example on this page is limited for now to drawing the two initial blocks in the first half of the OTP sequence which is kept large enough for a short message (maximum 40 letters).

Acknowledgments

Thanks to Silvio Coccaro, physician, software and cryptography enthusiast, for having talked me about this cipher.


Riferimenti bibliografici
Siti e pagine web
X Compare solo un rettangolo bianco con la scritta:
Withheld from public release under
§6 of the National Security Act of 1959,
50 U.S.C. 3605 (P.L. 86-36)
= Trattenuto dalla pubblicazione in base al §6 del National Security Act ecc.ecc.
X Only 24 letters because did not exist already the j and the v consonant variants of the vowels i and u, that came slowly into use only after 1550.
X The complete key is:
Blocco indicatore a pos. 60
CNWVE BGZGV PRZZJ KGOPE QPOMK KTXDM DFAAB EBHEH DUZDT IOZXE 
ENTSA EDTBG GFMGF NLHVP PZKOC EXRDU VHHPA ITDCU JIAWO GJZNE 
PDDZR GDPXH JTPRI PZBTB WCKWY YDIYQ NNTRN LXQBV YKONC XDCYW 
EVZOR YNUGL LTYFK LRICS EADSO GPRIO ONJNC BMPWS BIMZN XLFGO 
YKPBD DITVR HJERX HSJWP CXXPX LNJQT XODMQ HQYAL PIVUZ TBSCY 
HFWFV TQIDG BAVFM MMDLM OBVJV UCXNF WVLSA GMRPP YQPTW CFIFQ 
VURQD NLGLZ MHUYZ VELMT AKKQE GSKPY BLSTC WGNDS NPZIO ZDSKQ 
MLBXB GEUQT SRFLK HHRVK KIAJQ OIUHT LUFMR GSWBJ PUAUF LBNDX 
YNFYX WNGQV ZCPEO HLHDN RSHSN NEPBH MZVSY TOLZF HZHWD WDPDG 
CVZKN NYRDZ ZQYUI WNWIN CPMJM QFPFJ WIEWT RKRJN QIDPC MMQJV 
DLKQU XGZNM IJVMG OEQFN DWVHL YUYPD TTPEJ JBPJO BSXWF ELJUR 
XYNTF ZRZXH DQASU JCWZL KADIX IMISG ZPFNI KNAKK HOBIG WRISR 
UDSXL PGXYY EYNJL WUYWF JETLM AHEIA VDDNA PCHNB FRZTB LQWKM 
BUQVF DVNHE OCHSP IHSPU UVMUP OFFKQ RMLIH RMDET ITVPL LYSEO 
NYKZS ZOYEY PWLAF SRRWW LEPHU 
X A sample of page of the original OTP booklet. Source: the 1973 David Boak's lecture cited at foot of the web page.
chiave originale
X Modern cryptography is meant here as the one after the invention of telegraph and radio, that made transmission of information much faster but also much easier to intercept.
X Contemporary cryptography is meant here as the one after 1970, when the spread of computers forced the invention of ciphers of a completely new kind.
X In English: “a single eye view encompasses it all, so that in a very short time it could be possible to learn it by heart.”
X Quoted by the website “Gear of the Vietnam war”, article of 14 November 2005 by Sgt. Ron Hibbard Ret.
X Here NSA does not seem to believe in the Kerckhoff principle!!
X Many ciphers based on a Trithemius' table were proposed; the best known is Vigenère that added a short keyword like Bellaso's, but his cipher was not reciprocal; Sestri and Beaufort proposed reciprocal ciphers based on a reverse Trithemius' table.