Acoustic cryptanalysis – valicert root keys valicert root keys A little known fact is that i was mc at the generation of three ca/ssl root keys still used widely. The cpus were spied on by a truck/trailer placed in the car parking lot of the adjacent building. My assumption at the time was that what folks wanted was the primality testing evidence. The ceremony was observed by Price Waterhouse. I always assumed that one of the individuals, not acting for the firm but for others to whom the firm owed a ‘higher duty,’ participated in facilitating recording activities, at the required fidelity. It was interesting to watch the charade (on video playback). Not citable. No permission granted for linking or downloading content. This is marked ‘peter fouo’. You may not precis, paraphrase or quote even 1 word.

Posted in coding theory

enigma-era representation theory, constant spaces and orthogonal duals

enigma-era math is famous for the work of the Polish cryptographers who exploited the notion of conjugacy classes (that relate to the character functions of permutation functions).

In Turing’s only known math-centric treat of enigma-era theories about crypto, in his On Permutations manuscript,  we see him also focusing on represenation theory of the symmetric group.

When turing modeled U+x.U-y

we now see that his whole argument is about swapping the order or rotors (by the action of the representation of the input group member – a cycle from the upright, recall).

What is more, we finally have a solid metal model for why, in sub-representation theory, one wises to constrain the +x and –y (etc) so they are 0 – before and after the permuting effect of the input cycle. We see how his H is what these days might be called Vper

in contrast to V and Vconst.

The constraining of the representation of the input group “cycle” to the Vper constrains the degree of the resulting cayley graph. reminding one of NKD codes of the form (n, n –1, n-1). But, since we are in a q-ary world already, with enigma wheels, we should not think binary but reed solomon (where a sequence of wheels, above, is really the terms of the polynomial).

Cleary now, we see how rotors, with suitable feedback can be see in the reed solomon sense as calculating a particular field, in which “rotors” can divide “rotors” – in analogy to polynomial fields.

we have to recall that unitary conditions means that distances after the transform are the same as before – and of course we do recall that all of Turings argument were about numbers formed from the pairwise distances between terms, after computing a rod.

Now it was always a little confusing what Turing meant about his alpha term, and his 1-dimensional argument. If we now take Vconst as a scaled (by alpha) Sn-invarant subspace (just as is Vper) then we have another clear analogy to coding theory, in which Vper is the space orthogonal  to Vconst. Take a circle, and take the line from origin our right. Now rotate it a bit, and scale it by alpha. Now create cones of future and historical tree development at right angle to that line…. and that is your coding space.

I’ve actually purchases a good book that discussed qudit background theory all in terms of permutation representation (without mentioning enigma and rotors, of course). Hardly ever says eigenvalue (or makes one do boring linear algebra fiddling). Of course, liner algebra abstractions are great!

Posted in early computing, enigma

signing powershell

We signed our powershell script, having identified the indes of the signing cert in the list enumerate by powershell


We simply followed the instructions, here, to make the signing credentials – in the visual studio invoked command tool.



This gives us:


1 param([string[]]$args) 2 3 4 $msolcred = Get-Credential -UserName ` 5 -Message "password for netmagic is Rapattoni1!" 6 Connect-MsolService -Credential $msolcred -ErrorAction Stop 7 8 $setfed = Get-MsolDomainFederationSettings -DomainName "" 9 $alog = $setfed.ActiveLogOnUri 10 11 $strarr = $alog.Split('/') 12 $len = $strarr.Length 13 14 #colc/8/BARS 15 #appid/linkid/mlsid 16 17 18 $mlsid = $strarr[$len - 1] 19 $linkid = $strarr[$len - 2] 20 $appid = $strarr[$len - 3] 21 22 23 Get-MsolDomainFederationSettings -DomainName "" -Verbose 24 25 26 echo $mlsid 27 echo $linkid 28 echo $appid 29 30 foreach ($name in $args) { 31 32 $upn = $name + "" 33 34 $displayname = $name + "_at_Rapattoni" 35 36 $someString = $name + $appID + $mlsID 37 $bytes = [System.Text.Encoding]::Default.GetBytes($somestring) 38 $md5 = new-object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider 39 $hashbytes = $md5.ComputeHash($bytes) 40 $result = [GUID]($hashbytes) 41 $resultstring = $result.ToString(); 42 $resultstringbytes = [System.Text.Encoding]::Default.GetBytes($resultstring) 43 44 $base64 = [System.Convert]::ToBase64String($resultstringbytes) 45 46 $msoluser = Get-MsolUser -UserPrincipalName $upn 47 48 Get-MsolUser -UserPrincipalName $upn -Verbose 49 50 echo "new-msolUser –userprincipalname $upn -immutableID $base64 -lastname At_Rapattoni –firstname $name –Displayname $displayname -BlockCredential `$false" 51 } 52 53 54 # SIG # Begin signature block 55 # MIIFuQYJKoZIhvcNAQcCoIIFqjCCBaYCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB 56 # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR 57 # AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUNcK5l7KQymdpsvSK5ykEqcG6 58 # GH+gggNCMIIDPjCCAiqgAwIBAgIQ+o34q/izeYlBb9C8iTKNxDAJBgUrDgMCHQUA 59 # MCwxKjAoBgNVBAMTIVBvd2VyU2hlbGwgTG9jYWwgQ2VydGlmaWNhdGUgUm9vdDAe 60 # Fw0xNDA0MTkyMzA4MzFaFw0zOTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMTD1Bvd2Vy 61 # U2hlbGwgVXNlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJZVtSj5 62 # K+VOD8tpAc5SCGM5EsYdFXhQgrjyLY3QdfEoQ1N9vuUPc2xIpzQpbY5cRNMSw1sz 63 # qFQqmbxLYcDKa3Q0cTcKrj66EuV7U2uJaYQP7N6WLkuZMM8NTdu7PlkbDt/2bVN1 64 # GN2MSg556lfwaZQjPfAY8PzVXWzDEGqeoCXOZ7awITGLMg4vD0nIT8PH1kGwq9gB 65 # lmo/++S+UmJ9DofAp9lFRxC388fv2dmzWHAWT3rRO3DYUhrzQEVkv9JN8ik2RQuY 66 # sQUW9J57NMDsLOYudsB9AqMd4i6KdYgQQtG0Cc8ndTKScp1yc3Lk+evPATxA0cHk 67 # bv877CXUtcHH1isCAwEAAaN2MHQwEwYDVR0lBAwwCgYIKwYBBQUHAwMwXQYDVR0B 68 # BFYwVIAQ4p70s+RMprL+FlVWTNz0vaEuMCwxKjAoBgNVBAMTIVBvd2VyU2hlbGwg 69 # TG9jYWwgQ2VydGlmaWNhdGUgUm9vdIIQJMvpPbZDPbNM2uQJ9+W12jAJBgUrDgMC 70 # HQUAA4IBAQAktpH6aQEu5QKKmxlWHfpFKOkCT2awy7RLIdbNp6YtMICzn9bumU6a 71 # jpNaMi/Apo/IAfrIpqsPv6yoJjmmtKaUgja6mR13xyesudXbWLvVrAXE9NcbDzmO 72 # RqF6Yk2C1Lf/A7yOBq8GJTaGwgaf9LI8Z7wGfqLpGJ92j2S6uIAk3Ww8HSB4TyvF 73 # ZrHAx1YIcFnKUk6ItY0ElOVnUzPc6OaFmO+jHtAXqNWLwpyPBF5d4ZoxPBSEqBWp 74 # ARzxqpXtXvdnB0zqMMdmaW6raC3BVzslOHpC8GdUkNV7vakbzf60BNy5cWwuc7FB 75 # ckrf1oZWvkXgF24T1S1yOhjq+jp+5OaiMYIB4TCCAd0CAQEwQDAsMSowKAYDVQQD 76 # EyFQb3dlclNoZWxsIExvY2FsIENlcnRpZmljYXRlIFJvb3QCEPqN+Kv4s3mJQW/Q 77 # vIkyjcQwCQYFKw4DAhoFAKB4MBgGCisGAQQBgjcCAQwxCjAIoAKAAKECgAAwGQYJ 78 # KoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQB 79 # gjcCARUwIwYJKoZIhvcNAQkEMRYEFHnUbgCdPI1Dj56IhWGiLZ0UdC3YMA0GCSqG 80 # SIb3DQEBAQUABIIBAA6FcaBW+FqtOEpeM1I5KrIo77+1cbQeStkO1Iij0AERKXMv 81 # ay+Vedh8Zp9skwXrZ8CDSVbr+B1oOchahR665SRX7E194vIMpzeECqo1Wr0gtDWy 82 # ikMXslVx+dx1u2SFbgEvcwCS9ZBic6lYQutWTua06AKl6ebnFm3NEbIgOjxwot0X 83 # eaQq+Z6YvClMjBnctP8YqidRtrN8NL1c1pMErdG9FmtEIiXWsDmWcixV3qUHxHqz 84 # PM89IcpdqWtGoZl94VV4jOAtpaq5kUhYpPdcdmizvmTixo1lBvfVBggbr+2sAbpQ 85 # XinVRtVs/N75bvMloy3XnsCJzg7OaAivjwMKu90= 86 # SIG # End signature block

Posted in dunno


Eyebrows going grey!

Posted in coding theory

cryptome gushing.




cryptome has fallen in love with the semblance of unconformity – some great engineers and writers simply failing to do what they know how to do: spill the beans.

Ross Anderson knows how to communicate, and teach even. He is just a natural. HE can get an advanced class up to examination grade and get them passing, probably with flying colors. Unfortunately, the material they learn is second class stuff. It SKIRTS how systems are compromised. Until Anderson teaches HOW to typical GCHQer undermines ALL the techniques he teaches, he is failing to be a non-conformist. Such failure put you in the usual bag: the academic who whines about a system he doesn’t really want to study, since what he wants to study is not HOW to defeat the compromise arts but to theoretically create systems that are just naturally resistant. He wants to eliminate the problem at source, rather than apply a fix. Meantime, none of his current knowhow in theoretical art of fixing actually work. They JUST facilitate the deployment of MORE systems that are just as penetrated by 50 years old techniques – that he knows full well, but doesn’t discuss (strange that, no) – which provides a nice fertile study ground.

IVE ALREADY said that Peter Guttman’s draft book is a masterly work of ranting, with some good anecdotes.

Concerning Kahn, I have not read the work in question – but have read other essays. At least it all focuses on the main topic: cryptographic penetration.

Snowden is also somewhat disingenuous – in propagandizing that crypto work – IF implemented properly. if you are on a commodity PC, it CANNOT be implemented “properly”. he knows that , but somehow, like Anderson, just cannot get around to delivering the main point. Its too much fun whining – and being a(nother) part of the billion dollar boondoggle.

Posted in rant

azure virtual machine with MSDN image – iis express




out of the box, a SSL using web application running on the default IIS Express host installed as a result of doing running the visual studio 2013 update 1 enabled image (and updating to RC of Update 2, even) does not work.

To fix:

Run mmc and load the certificate plugin. delete the localhost cert.



If you are interested, note on using the manage private key operation available on the right click menu for the cert, that one gets


Now repair iis express 8 (regenerating the cert, under YOUR context)


We loaded the new localhost cert into the trusted root cert store (and trusted people) and created a  new project with new IIS express bindings:

Posted in ssl

nsa spying on ssh admins?


if I were NSA, I would want the keys to the kingdom. Which means you spy on the folks who run the kingdom. Who are they? They are the system administrators. if THEY use crypto, its their crypto that you first want broken (so you can steal their privileges and exploit the systems that they run, for spying then on others who happen to use those american-grade systems).


So, as I use openssl to make a crypto key for system admin purposes, am I “unwittingly” assisting NSA/GCHQ in their mission – assuming that this “commodity-grade” security software only ASSISTS them, covertly?

Posted in coding theory

from authorize to error–resource not authorized for the account



Location: ms-app://s-1-15-2-368411030-1769956373-826299661-4019874439-3442704750-222489034-3800660787/?error=invalid_resource&

The solution is to NOT do what the instructions call for! (This is the second time being too truthful is hurting me, thinking like an NSA contractor TRYING to show one is trustworthy.)



Sample instructions suggest, for the webAPI part of the equation that you use a different signin and appid  (than then name of the redirect URI at the mobile site, for aad) DON’T DO IT. HAVE ALL THREE THE SAME.

Ignore step 8, of when having “sso”. just use aad.

Posted in coding theory

Adding Azure AD to a Mobile site with .net backend, and store-integrated windows 8.1 app.

Having built ourselves a known-working .net backend for an Azure Mobile site (and having updated quite a few packages in order to make it all compile with security attributes on guarded interface methods) we managed to follow along and also do the AAD-part of the process, as discussed at



1 2 string authority = ""; 3 string resourceURI = ""; 4 string clientID = "563cb644-1918-4c35-8a9f-800f4e31c5f9"; 5


The figures above show, on the right, the mobile site configuration (the oauth client) being accessed logically by the configured desktop application on the left, that has delegated rights to the ToListApp webAPI hosted in the mobile site using the .NET backend. This of course exposes odata interface to some domain entities, using an http binding

Running all this, we get




and …




Looking at this on the wire, we see a websso token,




But then a failure to issue an oauth-mediated access token:


Posted in Azure AD

graph explorer has many more application permissions than Azure AAD console



Posted in Azure AD

Kernel mental model

An mit video, at minute 22 or so, asks for N elementary proof. Can’t say I can prove anything,but I do have a very simple mental model to the point raised that if a code is the image of a function, the dual of the code is the kernel.

I think of that geometrically. From the classical 3-bit hamming cube (the domain) constrain the space to that of classical tetrahedron (the code mapping’s “image”). Now project all the nodes of the cube from the zero vector and get the Fano plane geometry (the code’s “dual”) whose inner circle line represents the kernel (when the dual is a lie group).

The above is a tone poem, not math! The inner space between the triangle’s lines that is NOT occupied by the circle represents uncertainty. one should think now of joining up each of the lines, making nominally three new circles by round out the straight lines. Then join the 2 outlier points of each circle to the point adjacent to it. I think of it as a table top (the original circle) and three loopy legs! (and there goes the math reputation I don’t have in the first place…)

Finally, I think about the relationship between the lines of the triangle (now the loop legs) versus the line of the circle (the table top). As minimum distance in code space comes into the right ratio with the covering error graph (the tetrahedron) and its nearest neighbor average distances, so the triangle compresses to the area of the circle (the legs retract up towards the table top), representing attaining the Shannon limit. We have maximized the coding gain by making the the circle line indistinguishable from the triangle sides (the loopy legs have FULLLY retracted, like an airplane’s wheels).

Posted in coding theory

From sequency to modern acoustic device identification–Berlin Embassy

Back at we took a look the sequency. Having created an additive signal from a set of individual weighted walsh functions taken from the hadamard matrix (or orthonormal basis functions), one learns how the inverse WHT identifies the weightings.


Two other things now occur to me.

First, look at the form of the sequence matrix, above. Imagine that on the right and bottom sides you have tunny wheel bits – those for Chi1 and those for Chi2, say. now recall how convergence was performed. Take the guessed patterns for one side, the start, and perform an inner product with each row/column (of probability info).Use the result to update the reliability weighting attached to the corresponding bit on the other wheel. Also, if the weighting improved that bit (or whatever was the rule), update the row in the rectangle by a using a swap that more probably aligns the average value with the rules of the mechanism.

Now look at the form of the sequency picture. One can imagine that the dependency between wheel bits, with respect to the cipherstream is represented by the area as ones eye moves from bottom right to top left. The area of probability increases… AS more and more bit values come into play and affect the average – in that coordinate.

As I looked at it, I though to myself: just look at the rate of zero-crossings in the high0rder bits. Don’t they remind one of the columns of the Tunny  alphabet, as ordered here?



Tuuny has the following sequence of zero-crossings, moving from left to right: (1, 2, 16, 4, 8) – remember this ordering is NOT there for wheel breaking but is there to help do 16-counts, 4- counts, etc, so that one may compare the proportion of dot-flows to cross-flows (and see if the proposed SETTING of that Chi wheel is correct).



when counting this means for a count of 16 chars at a time, producting 2 output:


for the bnext count, one has to imagine the rectangle is wrapped around  a stick and gummed one side to the other so that the 1/4 of contribution first/last columns (in this plane) combine.


The latter though reminds of gumming both edges to each other, making a donut – recalling the relationship between that complex torus and factorization.


fingerprinting devices… using acoustics – the kind the microphones in phones would be picking up! Can we assume that an intel would be tuning the video signal uniquely for each CPU/motherboard to facilitate device identification in the IOT? Sounds like Intel! to me (pun pun).

Posted in colossus, spying

NSA/GCHQ packet staining vs crypto staining

There  seem to be 2 ways to exploit staining:

1) The method of in which IPv4 packets from “intelligence sources” are stained by putting them within an IPv6 tunnel whose headers are processed by carriers supporting NSA mission. Of course. Microsoft windows comes with just such tunneling capacity at the PC, too.

2) a cryptographic mechanism that does not depend on the carrier – except in the sense that the carriers cables are tapped. This model assumes that an NSA has to scan a lot of draw packet dumps, looking for those of interest, using “suitable hardware” for the search problem.

In either case, we have what PTK used to take DARPA money for: “active network” research!

We have to remember that all start with the reluctant victim having his PC compromised though the insertion of behavior, upon leveraging a suitable exploit. If we believe the snowdonia campaign from NSA, the victim visits  the radical site (e.g. NRA) whose javascript pages duly insert the bug back on the browsing PC.

So what kind of bug would support 1) and 2)?

To hide this all, it feels like a combination of forces would be applied. First, the compromised PC would be induced to use cryptographic staining, hidden to the non technical eye behind Reed-Solomon coding erasures, intending that these signals are detected by the PMO


Now, note the path take in the picture given above. From the PC in Y (the target of intel) there is a peer-peer relationship within the internet cloud – that is NOT assumed to pass a particular network. On visiting the radical website, infected by the botnet in autonomous system 666, Y’s PC eventually uses the internet and some of the packets between Y and Z will go over the “compromised” edge router at the carrier’s internet/backbone handoff point. This router, too, is owned by the Botnet – in the sense that the botnet is biasing its routing tables with AS-AS update via BGP, etc. Thus packets from a given IPv4 address hit the edge router’s first rule set – where we should recall  that the (relatively persistent DHCP) address was recently learned about Ys PC by the botnet listening in to Z’s visitor log (hosted at the compromised, radical site that Y just visited). The router directs the packet “flow” via the packet staining device that wraps the flow in IPv6 tunnels. NSA/GCHQ upstream will later leverage the staining tags… to help isolate these flows obtained from general purpose fiber taps fixed at certain locations that target Y now visiting, in the US, say.

Now I know enough, being once, along with the DOD/WH folks I trained with, a certified CCSP specially trained in cisco HIDS/NIDS, to know how the cisco IOS world can apply policy-based routing  that does real time deep packet inspection. So assume that the first edge router is so tuned with policy-based routing up to detect cryptographic headers on the first hop (NOT SHOWN on the picture above). How might we accomplish this?

One thing we know is that in 1980 NASA is listening to a signal – whose power is less than that emitted by your watch, from a craft 2 billion miles away – delivering a data rate of about 20kbits/s. Think about that! This means that the phone in your pocket is MORE than able to use its microphone to listen to the channel between PC and screen, which has far greater powered consumption than your watch display and is probably at a distance of 2 yards (rather than 2 billion miles). These days, with 4G, the data rates of mobile phone circuits are excellent of course (making them an ideal ACTIVE SENSOR network for remote spying on the signals emitted by all devices of the world). If your is not on, there is no reason why not to use that of your neighbor, know also to be in proximity to the PC in the same coffee shop with its internet cafes (a favorite GCHQ targeting space).

So, lets say that a compromised PC of Y, now, is induced to DROP bits in the packet checksum. This is known an RS world as an erasure – for which the math is able to recover. Now assume that the dropping rate is ITSELF a unique code – or stain. That is, as the cisco router does what its supposed to do IN HARDWARE VSLI – error correction on packet checksums that THEMSELVES HAVE ERRORS  – the stats collected PER FLOW are themselves being analyzed by the IOS process that detects the timing signal within the drop rate – and thus detects the particular PC. Though it may correct the packet as it flows across interfaces, being a botnet-owned router assume that this is also enough to induce routing via the PMD. One can imagine that the mechanism might also be inducing the botnet to refocus its efforts – on the Y’s PC directly.

Posted in spying

UK is rattled over home router ssl; wavering public confidence; BBC malfeasance



photo credit: withheld at the request of multiple national security agencies.

In a major if somewhat technically embarrassing puff piece FOR GCHQ and co, the BBC does its duty as a state broadcaster: push the government line and cow the UK public.

“You would have to be a semi-professional to have…”…. sayeth the seer, a doctorate at (and even perhaps FROM) “Cambridge University”. No! You have to buy it at a supermarket – 2 aisles over from the cat food, or get it from the phone/cable company when they install it for you. ALL of them come with SSL capability. This is SUPERMARKET grade stuff,  valued at 5 pints of beer. For obvious reasons, at that price point one SHOULD NOT EXPECT … too much strength or assurance in the encryption!

Ah, but you’d have to be a technically-minded semi-professional to turn it all on – since its typically not on by default! Well, that IS true – and was probably the line the spooky Dr. was SUPPOSED to deliver. Perhaps the BBC journalist, wanting to join the rather posh BBC establishment, asked several questions – to get the quote she wanted; and then only published the one that fit the desired policy line. This is normal use of media, by spooks trained in the propaganda arts, leveraging their 1930s superman will that SHALL “control the internet”.

But even that is ONLY half true – as there are several variants of SSL used commonly in wifi routers. Because the cable company remotely controls the configuration of the router, if you have broadband service. That means the “semi-professional” technician *can* turn it on REMOTELY and with trivial levels of skill – without you being involved. And so can the spook, with or without the participation of the telco. Its normal exploit land to gain such access in the 5-pint-of-beer-grade wifi router (and then alter the configuration or the radio or crypt build into the firmware used by the programmable electronics).  Think of it as changing the circuit board in your car radio… to filter out Radio Moscow so one heareth not other than a voice of the BBC (british “bias” corporation?) – noting that these days the whole process of making a software-based-radio that tunes in to the spooks needing to store your porn usage/search history for a rainy day, when blackmail is called for, and also tune OUT any undesired voices …is about as hard as loading new music file onto your $10 mobile music player! (This better-end and interesting cheaper crypto device is obtained from the checkout line at the supermarket and is probably more crypto-capable that the wifi home router over by the cat food;  since music firms actually have something they don’t want you to have : copy power!

BUT YOU’D NOTICE IT (or the phone company charged with “PROTECTING YOU (sic)” would). Well two lies abound here. First, strange (free) BLACK MAGIC of self-signed certs WOULD WARD OFF GCHQ, being very frightening to them as they use their browsers to connect (sic). Second, having re-flashed the firmware the semi-professional screens  -that admittedly mom never uses – WOULD NOW SHOW that the feature had been turned on… giving the game away.

NOTE here the attempt to divert (away fcom certain technical areas onto to something semi-technical and VISIBLE, called the remote administration feature of home routers). The issue with home ROUTERS is not that one connects TO THEM (as ssl sites or servers) using browsers. Rather, PCs often induces the router to pen communication ports (including secure ports) to allow outsiders IN … to your PC – to do, ahem, let the KIDS play multi-player games …that arrange for the backchannel opening and the realtime play experience with voice and video (kid terrorists, assumed, of course).

Ah, GCHQ… leveraging the kids behaviours to snoop on others; such are the rights of children in the UK. Just another vector.

Secondly, home routers are typically now WIFI home routers – taking encrypted wireless signals and DECRYPTING them. Don’t forget that the spooks want THOSE decryption keys too (not that this has anything to do with openssl unless the wifi is using something called EAP-TLS…). Don’t forget how they rigged the original secure wifi standard – so it took, urr, 4s to cryptanalyze the keys – assuming, as can spooks, one send 45k malformed packets that rolled through the crypto period.

Now , realize that its HARDER to first-time exploit an uncompromised PC BEHIND the home wifi router doing the SSL than comrpomised the home router itself (though marginally harder). If the PC is doing the encryption, is harder to get an “in”. So you WANT the home router to be doing the SSL FOR your PCs (so that the stealing of the keys happens at the most vulnerable point). And here the nature of PC to router auto-configuration helps – as it turns out that PCS regularly configure the secure ports on your router for you (a SSL-handshake, delivered by guess-what… openssl typically. its an UDP-SSL handshake, if you care to kniow, that allows the PC to request the ports be opened)).

SO, in summary , you see GCHQ and its spook  friends in the BBC doing a typical  UK psychology job. Since it wont work, you will now see the NEXT Phase of UK policy – as it controls the issue. THREATS and FEAR; with a some DEMONONIZATION. One can be sure the BBC will be there to cover it (or the answers that fit the prepared script, anyways).

My advice? Beware the Cambridge doctor.

Posted in spying

WCF server, for JWT handling/validation


1 <system.identityModel> 2 <identityConfiguration> 3 <audienceUris mode="Never"> 4 <add value="http://localhost:1500/Service.svc" /> 5 <add value="" /> 6 </audienceUris> 7 <issuerNameRegistry type="WcfServiceJWT.Utils.DatabaseIssuerNameRegistry, WcfServiceJWT" /> 8 <certificateValidation certificateValidationMode="None" /> 9 <securityTokenHandlers> 10 <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089" /> 11 <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089" /> 12 <add type="WcfServiceJWT.CustomJWT, WcfServiceJWT" /> 13 </securityTokenHandlers> 14 </identityConfiguration> 15 </system.identityModel>


1 using System; 2 using System.Collections.Generic; 3 using System.Linq; 4 using System.Web; 5 using System; 6 using System.Collections.Generic; 7 using System.Linq; 8 using System.Web; 9 using System.IdentityModel.Tokens; 10 using System.Security.Claims; 11 using System.Xml; 12 using System.Text; 13 using System.IO; 14 using System.IdentityModel.Metadata; 15 using System.Security.Cryptography.X509Certificates; 16 using System.ServiceModel.Security; 17 using System.IdentityModel.Services; 18 using System.Net.Http; 19 using System.Threading.Tasks; 20 using System.Web.Configuration; 21 using System.Threading; 22 using System.Net; 23 using System.IdentityModel.Selectors; 24 25 namespace WcfServiceJWT 26 { 27 public class CustomJWT : JwtSecurityTokenHandler 28 { 29 public override ClaimsPrincipal ValidateToken(JwtSecurityToken jwt) 30 { 31 ClaimsPrincipal v2; 32 string stsMetadataAddress = String.Format("{0}/federationmetadata/2007-06/federationmetadata.xml", jwt.Payload["tid"]); 33 34 MetadataSerializer serializer = new MetadataSerializer() 35 { 36 CertificateValidationMode = X509CertificateValidationMode.None, 37 }; 38 List<X509SecurityToken> signingTokens = new List<X509SecurityToken>(); 39 40 MetadataBase metadata = serializer.ReadMetadata(XmlReader.Create(stsMetadataAddress)); 41 42 EntityDescriptor entityDescriptor = (EntityDescriptor)metadata; 43 44 // get the signing certs. 45 signingTokens = ReadSigningCertsFromMetadata(entityDescriptor); 46 47 var vparms = new TokenValidationParameters 48 { 49 ValidIssuer = entityDescriptor.EntityId.Id, 50 IssuerSigningTokens = signingTokens, 51 ValidAudiences = Configuration.AudienceRestriction.AllowedAudienceUris.Select(s => s.ToString()) 52 }; 53 try 54 { 55 v2 = base.ValidateToken(jwt, vparms); 56 } 57 catch (Exception ex) 58 { 59 throw new ApplicationException("didnt validate", ex); 60 } 61 return v2; 62 } 63 64 //public override ClaimsPrincipal ValidateToken(JwtSecurityToken jwt, TokenValidationParameters validationParameters) 65 //{ 66 // // set up valid issuers 67 // if ((validationParameters.ValidIssuer == null) && 68 // (validationParameters.ValidIssuers == null || !validationParameters.ValidIssuers.Any())) 69 // { 70 // validationParameters.ValidIssuers = new List<string> { ValidIssuerString }; 71 // } 72 // // and signing token. 73 // if (validationParameters.IssuerSigningToken == null) 74 // { 75 // var resolver = (System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver)this.Configuration.IssuerTokenResolver; 76 // if (resolver.SecurityKeys != null) 77 // { 78 // IList<SecurityKey> skeys; 79 // if (resolver.SecurityKeys.TryGetValue(KeyName, out skeys)) 80 // { 81 // var tok = new NamedKeySecurityToken(KeyName, skeys); 82 // validationParameters.IssuerSigningToken = tok; 83 // } 84 // } 85 // } 86 // return base.ValidateToken(jwt, validationParameters); 87 //} 88 89 static List<X509SecurityToken> ReadSigningCertsFromMetadata(EntityDescriptor entityDescriptor) 90 { 91 List<X509SecurityToken> stsSigningTokens = new List<X509SecurityToken>(); 92 93 SecurityTokenServiceDescriptor stsd = entityDescriptor.RoleDescriptors.OfType<SecurityTokenServiceDescriptor>().First(); 94 95 if (stsd != null) 96 { 97 // read non-null X509Data keyInfo elements meant for Signing 98 IEnumerable<X509RawDataKeyIdentifierClause> x509DataClauses = stsd.Keys.Where(key => key.KeyInfo != null && (key.Use == KeyType.Signing || key.Use == KeyType.Unspecified)). 99 Select(key => key.KeyInfo.OfType<X509RawDataKeyIdentifierClause>().First()); 100 101 stsSigningTokens.AddRange(x509DataClauses.Select(token => new X509SecurityToken(new X509Certificate2(token.GetX509RawData())))); 102 } 103 else 104 { 105 throw new InvalidOperationException("There is no RoleDescriptor of type SecurityTokenServiceType in the metadata"); 106 } 107 108 return stsSigningTokens; 109 } 110 } 111 }

Posted in office365

client side of WCF using JWT for bearer




1 // 2 // GET: /TodoList/ 3 public async Task<ActionResult> Index() 4 { 5 ServiceReference1.ServiceClient sc = new ServiceReference1.ServiceClient(); 6 7 sc.ClientCredentials.SupportInteractive = false; 8 sc.ClientCredentials.UserName.UserName = "support170"; 9 sc.ClientCredentials.UserName.Password = FRED"; 10 11 // var cssdf = sc.GetData(45); 12 13 // 14 // Retrieve the user's tenantID and access token since they are parameters used 15 // to call the To Do service. 16 // 17 string tenantId = ClaimsPrincipal.Current.FindFirst(TenantIdClaimType).Value; 18 string accessToken = TokenCacheUtils.GetAccessTokenFromCacheOrRefreshToken(tenantId, todoListResourceId); 19 20 var tokenHandler = new JwtSecurityTokenHandler(); 21 SecurityToken st = tokenHandler.ReadToken(accessToken); 22 23 24 // from 25 // 26 XmlDocument document = new XmlDocument(); 27 XmlElement element = document.CreateElement("wsse", "BinarySecurityToken", 28 ""); 29 element.SetAttribute("ValueType", "urn:ietf:params:oauth:token-type:jwt"); 30 element.SetAttribute("EncodingType", 31 ""); 32 UTF8Encoding encoding = new UTF8Encoding(); 33 element.InnerText = Convert.ToBase64String(encoding.GetBytes(accessToken)); 34 35 GenericXmlSecurityToken genericst = new GenericXmlSecurityToken( 36 element, 37 null, 38 st.ValidFrom, 39 st.ValidTo, 40 null, 41 null, 42 null); 43 44 WS2007FederationHttpBinding fedbinding 45 = new WS2007FederationHttpBinding("WS2007FederationHttpBinding_IService"); 46 fedbinding.Security.Mode = WSFederationHttpSecurityMode.TransportWithMessageCredential; 47 fedbinding.Security.Message.IssuedKeyType = System.IdentityModel.Tokens.SecurityKeyType.BearerKey; 48 fedbinding.Security.Message.IssuedTokenType = "urn:ietf:params:oauth:token-type:jwt"; 49 fedbinding.Security.Message.EstablishSecurityContext = false; 50 fedbinding.Security.Message.NegotiateServiceCredential = false; 51 UriBuilder ub = new UriBuilder(sc.Endpoint.Address.Uri); 52 ub.Scheme = Uri.UriSchemeHttps; 53 ub.Port = 44307; 54 ub.Host = "localhost"; 55 56 ServiceReference1.ServiceClient scbearer 57 = new ServiceReference1.ServiceClient(fedbinding, new EndpointAddress(ub.Uri)); 58 59 var svcChannel = scbearer.ChannelFactory.CreateChannelWithIssuedToken(genericst); 60 var cssdf2 = svcChannel.GetData(45); 61 62 } 63

Posted in office365

webmatrix and azure AD based organizational IDs

Not sure why, but we logged into webmatrix, hosting joomla, using our Azure AD-integrated accocunt

Screenshot (94)

then we enabled SSL.


So is this vulnerable?

Well, the IIS express seemed to be the entity deliering the SSL (which means windows is doing the work). It didn’t SEEM to be joomla doing its own.

On the matter of logging into Azure AD, the publication to an azure website was lovely. Well done microsoft azure!

Posted in rant

and as it happens (NSA) word games: more evidence of public untrustworthiness.


doing one thing “ensuring integrity” just happens to requires to something else (that the NEW PROCESS NOT SUBJECT TO THE CIOUT ORDER – AS DEFINED AT MOMENT ONE AFTER THE COUTE ORDER CAME INTO EFFECT – happens to do the exact, urrrrrr.,  opposite. But , that’s “modern” NSA method! Word games within word games.

Now we know. Stasi.

Posted in rant

my heart bleeds for NSA and GCHQ, wholly still able to steal your passwords

So folks are happily patching the exploit-laden openssl NSA engineered into open source  couple of years ago. Of course, it dumped memory. Now, folks are happily upgrading to the new openssl NSA engineered exploit, since the old one is widely know to others. And, lots of boondoogle vendors are telling to “check” which server centers have or have not updated (i.e. don’t use those who have not!), and change your password!

Of course, then your home router, which has the same bug, and is not patched and never will be is still open to, ahem, a memory dumping mechanism on your passwords AS they transit over to the server farm.

OF COURSE, the (compromised home) router cannot see anything of the cleartext, since its got its SSL passthrough ports enabled and they duly pass through the information from the browser encrypted end-end by server and browser!

Which is fine until you realize that the typical corporate browser learns its connect proxy automatically. Strange that, no! And it’s the corporate browser NSA wants (it wants you in work mode, not social mode, while socializing with other “workers of interest”)

So what is a connect proxy? it’s a way of offloading SSL to the (home) router, in the clear. The train tunnel starts at the home router (and heads for the server), that is. The path between your browser and your router is clear, and the memory of the router is full of  the plaintext and the cryptovariable used to THEN establish the forward tunnel.

In general American home routers are connected to broadband. Just like NASA Ames ran a huge intelligence collection infrastructure for NSA in the 1980s (to BRING BACK the exfil data) by having dedicated management ports on the then-internet backbone router (think admin port!) so too home routers are managed by the cable company – who can reflash the firmware whenever they want. This means they may participate on demand in connect path discovery, assuming the corp browser is so set to be willing to try to find a happy spying port – which they are all!

What is fun about the US approach to stasification is the SHEER degree of the penetration, at multiple levels, through the society and its vendors. The UK approach is much less sophisticated technologically – and relies much more on deception  and social engineering.

Which probably explains so much money has been thrown in the UK at cybercenters hiring computer science-related psychologists.

Posted in spying

software engineering subversion–Peter Guttman’s draft book

we have to assume that software engineering police exist, working undercover. For example,

That is, it is the mission of some on your team, some in your open source community, to not be acting per the community purpose (while professing they do). They are there to subvert (and get code inserted that allows crypto compromise).

Subversion in open systems; and Public trust. How to deal with it?


cryptome distribute a draft of a book, that fails to address the topic. It does engage in a 100 page rant…against PKI.

Key management is hard. Key management for 5 billion people and even more devices is very hard (and has never been done before). A lot of the book rants against the PKI concept – for the internet – designed nearly 15-20 years ago (as reflected, still, today). That said concept has evolved from THEN to NOW, is a testament to the architecture. The world looked different back then!

Peter is a good designer. But, he fails to address the topic: that the engineering process like the standards process is SUBVERTED from within. Its NOT SUPPOSED TO WORK, dummy! (its supposed to be spied upon, covertly.)

Posted in rant

sharepoint people picker

Continuing the process of re-running a Build demo on sharepoint apps, augmented with AAD,


we could make the UI work. But, we could not make CUSTOM domains appear.

So could be picked. However, could not.

Posted in office365

Brandon Werners Build demo–a rebuild

We got some ways to repeating the build trial showcased in the Sharepoint Hour session.

We can invoke the share point site, and its local IIS express app, tied to our certified domain. The user is a the azure/office site “master” administrator (Think local admin on a non-Domain PC box).

Screenshot (83)

We can even get a token:


But an security exception is thrown – user not authorized, in summary. If we  run the app a second time, now using as the name of the owner of the site – trying to get around the issue – we get


The very first time, when we used from our certified domain, as the owner, we got a “cannot create – user not authorized” exception. Evidently, the two facts don’t align

We do see our site though!


I don’t see any NEW app definition in the azure AD tenant – though the flow MAY be handled by the sharepoint online app already provisioned.


Posted in office365

giving nsa/gchq a helping hand (re microsoft online immutableid guessing/calculation)

1 param([string[]]$args) 2 3 4 $msolcred = Get-Credential -UserName ` 5 -Message "password for netmagic is Fred!" 6 Connect-MsolService -Credential $msolcred -ErrorAction Stop 7 8 $setfed = Get-MsolDomainFederationSettings -DomainName "" 9 $alog = $setfed.ActiveLogOnUri 10 11 $strarr = $alog.Split('/') 12 $len = $strarr.Length 13 14 #colc/8/BARS 15 #appid/linkid/mlsid 16 17 18 $mlsid = $strarr[$len - 1] 19 $linkid = $strarr[$len - 2] 20 $appid = $strarr[$len - 3] 21 22 23 Get-MsolDomainFederationSettings -DomainName "" -Verbose 24 25 26 echo $mlsid 27 echo $linkid 28 echo $appid 29 30 foreach ($name in $args) { 31 32 $upn = $name + "" 33 34 $displayname = $name + "_at_Rapattoni" 35 36 $someString = $name + $appID + $mlsID 37 $bytes = [System.Text.Encoding]::Default.GetBytes($somestring) 38 $md5 = new-object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider 39 $hashbytes = $md5.ComputeHash($bytes) 40 $result = [GUID]($hashbytes) 41 $resultstring = $result.ToString(); 42 $resultstringbytes = [System.Text.Encoding]::Default.GetBytes($resultstring) 43 44 $base64 = [System.Convert]::ToBase64String($resultstringbytes) 45 46 echo "new-msolUser –userprincipalname $upn -immutableID $base64 -lastname At_Rapattoni –firstname $name –Displayname $displayname -BlockCredential $false" 47 } 48 49

Posted in crypto

making office365 users by powershell script, with certified domains

It’s been a while since I last added a user to a office 365 subscription that tied back to the IDP in our certified domain.

I failed to make one using the office admin portal (since no drop downs appear for the certified domains, only the * domain). Similarly, I failed to use the Azure AD portal, for users, for the same reason.

So lets revise what we remember to do, using scripting:

param ($name) $msolcred = Get-Credential -UserName -Message "password for netmagic is FRED!" Connect-MsolService -Credential $msolcred Get-MsolDomainFederationSettings -DomainName "" -Verbose $upn = $name + "" $displayname = $name + "_at_Rapattoni" $guid = [GUID]::NewGuid() $guidstring = $guid.ToString(); $base64 = [System.Convert]::ToBase64String($guid.ToByteArray()) $base64ofstring = [System.Convert]::ToBase64String( [System.Text.Encoding]::Ascii.GetBytes($guidstring)) echo "new-msolUser –userprincipalname $upn -immutableID $base64ofstring -lastname At_Rapattoni –firstname $name –Displayname $displayname -BlockCredential $false"

A variant:

1 param([string[]]$args) 2 3 $msolcred = Get-Credential -UserName ` 4 -Message "password for netmagic is Fred!" 5 Connect-MsolService -Credential $msolcred 6 7 $setfed = Get-MsolDomainFederationSettings -DomainName "" 8 $alog = $setfed.ActiveLogOnUri 9 10 $strarr = $alog.Split('/') 11 $len = $strarr.Length 12 13 $linkid = $strarr[$len - 1] 14 $tenant = $strarr[$len - 2] 15 16 17 Get-MsolDomainFederationSettings -DomainName "" -Verbose 18 19 20 echo $linkid 21 echo $tenant 22 echo "" 23 24 foreach ($name in $args) { 25 26 $upn = $name + "" 27 28 $displayname = $name + "_at_Rapattoni" 29 30 $guid = [GUID]::NewGuid() 31 $guidstring = $guid.ToString(); 32 $base64 = [System.Convert]::ToBase64String($guid.ToByteArray()) 33 $base64ofstring = [System.Convert]::ToBase64String( 34 [System.Text.Encoding]::Ascii.GetBytes($guidstring)) 35 echo "new-msolUser –userprincipalname $upn -immutableID $base64ofstring 36 -lastname At_Rapattoni –firstname $name 37 –Displayname $displayname 38 -BlockCredential $false" 39 } 40 41

Posted in office365

The 1940s sigsaly secure voice communication model of PAM is nicely summarized by Forney at the chapter from his MIT courseware:


Its worth a read  since it leverages the math that I, for one, have got down from studying quantum mechanics. Its more engineering than science, focussing on particular wave functions: sincT(). These  get us to actual pulses, where in time periods values can be assured to be from an orthonormal set. One gets quickly to auto-correlation measures (which takes one quickly on to sensitive areas (still!) of crypto applied to satellite waveforms). Forney was more concerned with teaching sampling, indicating first from shannons rules about maximum spectral efficiency (given SNR, basically) one can build a random process model in continuous math then prove that an orthonormal expansion can represent the points without loss of information. Having managed to turn Hz carriers and power issues into a set of symbols being delivered at a particular rate due to the modulation, he then shows how coding can, optionally, further improve the performance.

Is fun then to turn from 1940s thinking, long tied to Lincoln and MIT, and onto Baez:



We get a view into some modern noise-related research topic founded in another 1940s topic: weiner processes.

Posted in crypto

using Graph API with openid connect flow

I ran the project having DONE the steps noted at





And clearly, we see our directory record.

Screenshot (77)

When we look at the new code for handling all this high visibility token fiddling in the webapp, we see:


I would have hoped the owin middleware did all that…

Posted in openid connect

thermodynamic reversibility and unitary crypto gates



I like the last paragraph. It puts into stark perspective, of thermodynamics, the difference between the random walk and the quantum walk. The notion of the random walk “damping” all but the first eigenstate is clear, when seeing how the now-undamped contribution of all the other eigenstates give one “entanglement” states in the quantum walk case.

Posted in crypto

generating minimum distance and t-resiliency, for channel reliability

it turns out useful to go re-review some of our year 3 curriculum on coding, channels, sampling, decibels etc now we that have the perspective afforded to use in studying year 4 topics. Our math is strong enough now to really understand the grad-level course that Forney in particular was trying to teach. captured what we knew then about the world of (n, k d) and RM(r,m). At we got to understand the engineering, seeing how to take the world of hamming bits and project them onto the euclidean plane and the association world of finite energy functions. The two worlds of “math generation” and ensuring closure of the calculations when working in energy space aligned nicely.

The engineering also showed us how n, k and d work in both generator land and engineering land. And, we learned how to model probability of error, and SNR.norm. While Forney’s teaching orientation was focused on reducing the gap to capacity, we were more interested in seeing how the DES ECB mode work – in that L2 world – assuming that its coding structure leveraging random permutation theory, markov models for cayley graphs, generators and conditional probability calculations, etc were working to drive the probability of error lower than 2**64, ensure t-resiliency AND get in 1975 close to the shannon limit of a 1 bit channel.

It was fun re-reading those posts and the referenced material, seeing in particular how E.kmin was used and characterized along with minimum Euclidean distance and approach toward a capacity limit. One saw ghosts of phase space theory, ensuring that the projection onto suitable geometries within the hamming cube could retain the weight differences and minimum weights that translated into ensuring a closed calculation world.

it was also interesting to see how “factor” were characterized, reminding me of Tunny-era scoring systems – where even back then one designed DIFFERENT scoring systems for different assumptions about the probability of error (when separating Phi streams from Chi streams, say), the dottage of the day – which would influence whether the SNR had sufficient bias to allow averaging processes – over lots of depth such as DES CBC blocks favored in NSA-influenced IESG – to actually converge….when one started totting up scores.

its at the end of the post where one gets to see just how close to these ideas folks were, when wheel breaking, back in 1944. One even sees how calculating in the sign basis (the hard numbers of hamming space) was justified as a means to calculate the same “factor” that Forney identifies (given a particular engineering plot of P.error against SNR.norm/roe).

One also sees how, from practical cryptanlaysis methods, how both known-good hits of the model against the depths in a couple of rows under evaluation give a score contribution –and how known-good fails also contribute some score, too.

Posted in coding theory, colossus, crypto

quantum random walks along Turing-era world lines, with swaps, built into 1950s rotor machine

Roland does a really great job of putting into a couple of pictures the move from random to quantum walks when working in the Tunny-era “sign” (bit!) basis (of –1 and 1)


Not only that, he captures in a theoretical manner that we have seen exhibited in more  elementary form as 1950s rotor-based cryptosystems. Whereas the random walk concerns the distance from the “measure” of the constant functions (i.e. the world of the stationary distribution) to the first E-v, the quantum walk takes those same ideas and treats them “circularly”.

That is, the measure is now a refined-measure (capital delta) – the length of the arc (actually fourier transformed) rather than the distance left over after one takes away the 1d shadow cast in the amplitude world). What’s more, in that quantum world where one is moving – via convolution – in phase spaces along arcs in the spectral basis, a “unit” motion may induce an anti-symmetry swap – in which a coin flip associated with the motion impulse in some direction along an arc THEN causes that intermediate phase to flip to its complex conjugate or NOT – depending on the value of the coin flip.

Of course, we saw that in rotor writing theory, too!


where the author postulates an Alfred Small-style rotor looping (i.e. 2 walk steps, where any “step” involves all n rotors)

In the first column, you see 2 groups of 13 characters to which 7 or 8 feedback lines are added – in each group.You also see a second column, also of two groups, where you should imagine that it’s a copy of the first rotor, rotated by 180 so that each half is opposite its anti-symmetric peer on the other wheel (i.e. upper group is opposite lower group , etc). The coin flipper (or plug setting!) , for each output path in the first rotor then decides which of two wires is used – the one to the upper or lower group.

But more than just the controlled swap feature, of the quantum walk, on display. There is the phase conjugacy too. For each group in the column has 10 switching points, which you should think of as 20 input connections. Huh? taking the lowest group of the first column and the lowest square (switching point) of the alphabet A-M (interspersed with 7 additional input lines from the small feedback) the switch is acting on letter at distance (A-M)/2 (somewhere around F). The next switch point up is acting either on F-1 (E) or F+1 (G). The next one further up is F-2 (D) and F+2 (H).If you trace the linear wiring and then realize each connects to a pin/pad on the wheel, one sees the phase space geometry in the input wiring plan, and the output switch reflect the swap operation (as the arc-length motion from 1 to etheta1 may swap over to e-theta1


So, there! we were able to talk all about eigenvalues without requiring you to do lots of boring matrix fiddling. Furthermore one sees how in the quantum world the notion of the limiting distribution is distinct – and is a summation of the contribution of *all* the eigenvalues in the eigenspectrum (reflecting the k-long “spectral impulse” associated with each k-long path in what is now a “spectral basis”). Since in quantum spaces one has entanglement states (which is “non-linear”), SEE HOW one captures how the terms of each generated wave functions for each step on the evolution can be co-dependent in that unique and quantum-mechanical –only world. This is quantum mixing (and NSA/GCHQ/IBM quantum searching, moreover).

Posted in crypto

odata over sb, with ACS tokens!5842&authkey=!AJnQpHRxpx-2KN8&

Posted in odata

contrasting X method of cryptanalysis with differential cryptanalysis

In Turing’s On Permutations manuscript, circa 1954, he makes an argument about sequences of continuous functions (in continuous spaces). This enables him to reach a conclusion about uniform “limiting” distributions. We have a reasonable understanding  of this theory, now – a theory that, we might recall, was developed by Newman – sitting in the Cambridge chair of wheel wiring theory.

Any science faculty undergraduate doing a fundamentals of crypto course learns about the need to resist X cryptanalysis (where X is really “linear”). Unlike differential cryptanalysis attack methods linear-X is countered using the method of of expander graphs.

Back in Turing’s day, graphs were not necessarily abstract mathematical objects. You could also have in front of you two rather physical and very real enigma wheels and be being required to decide: so how do I wire them up, possibly as a pair, to resist linear-X?

The theory of graphs, state machines, Turing machine walks through configuration spaces, evolution of quantum states, unitary representations/gates and group theory generally, as taught to Turing mostly in the US (hint), all comes into play.

Now wheel wiring theory from the rotor era has to be one of the most erstwhile guarded crypto secrets of all – at least up till 2000. At most, you saw folks discussing the flaws of the enigma wiring plan, perhaps heard how the Russian M-125 machine addressed them to deny folks the Turing bombe attack, used the properties of isomorphs and alphabets split into 2 groups of 13 characters interspersed in a set of 41 pins/pads; otherwise discussed topics such as bi-partite sets, symmetric groups, how permutation groups *represent* other graphs/groups; and, then considered more advanced topics such as Rayleigh quotients.

All in all, one had to get familiar with university level math in norms, inner products and then argument about averaging and closure! As I keep hinting, rather than study it all in the math department, go study it today by learning the applied math needed for quantum mechanics!

I just think of computer science as that branch of computable math that eventually drives what a compiler does – spit out lower-level instructions. In the world of above, this means we need “compiler-math” theory – whose concrete methods take in high-level language input (ideally in the notation of polynomials) and should spit out long sequence of primitive adding, subtracting, and square -rooting calculations. I think of wheel wiring design, circa 1940, as requiring the use of early “compiler theory” – which of course is the ability of math to act on math!

I now look at expander graph theory, and Wikipedia’s article is as awful as the best at making it all almost intractable to the lay reader, as the theory of wheel wiring. But, it is. And its all it is. In one good turn of phrase, the author writes:

The original motivation for expanders is to build economical robust networks (phone or computer): an expander with bounded valence is precisely an asymptotic robust graph with number of edges growing linearly with size (number of vertices), for all subsets.

We want, that is, is for the properties of (plant) growth to evolve to become uniform as the evolution process approaches the steady state of the limiting distribution – no matter which particular cells (of the plant tissue) we happen to be studying. Being less able, math types talk about vertices and subsets (rather than tissue types and the cells making up any region of tissue).

All  we are doing is deciding how to wire up groups of pins. To this end the theory helps us out by showing that certain wirings imply certain mathematical facts. Unfortunately, these require you first to re-wire your brain and now think more like a computer scientist – happy to let calculations and numbering be not on a paper but on the surface of a football – ALWAYS.

And that was Turing’s argument about continuity and uniformity. Footballs! For on the surface of the ball, when using a wiring-compiler to output long sequence’s of primitive operations that assume calculation happens only on its surface, certain theorems of meta-math come into play. And these just happen to address linear-X. Its also our contention that they (shush) also address differential cryptanalysis.

One learns eventually that one wants the points of the crypto space – now that they are projected onto the surface of a football – to be as far away from constant functions as possible – meaning that its hard to build an approximating model (that would undermine the security). Expander graph theory helps understand that rather-blah undergrad examination testing point. Football markings, and their “straight line markings”, give anyone a solid intuition for the distinction between constant functions … and points within them.

Certain results concerning what happens when one represents wiring plans in the form of adjacency matrices enables one to consider then topics such as irreps. This just means, taking a larger matrix, understanding how it may be conformed of smaller matrices that allow matrix calculation to be a surrogate for that more abstract branch of math : polynomials. But don’t get alarmed, we don’t need to go beyond deciding how to wire up our enigma wheels.

Certain adjacencies allow a certain kind of analysis, since they are models for calculation on the Reimannian sphere – there I’ve said it, and started to sound intellectual. IN short, one looks at two groups of wirings on the wheel, or between wheels, and one counts up the groups. If the ratio is just so, then all the continuity/uniformity theory comes into play.

I think of this ratio as the Rayleigh quotient, which if positive always allow one to build computerized or manual compilers that output long sequence of … terms …that calculate on the surface of a ball. The notion of continuity and closure makes sense then, as the ball has no coordinate system…and any calculation is relative to any other!

The final point to get across is how one gets from arguments about continuing to uniformity. And that’s hard to say, with getting fancy. All I can really say, simply, is that we are crypto-averaging! And what else is averaging, but … averaging … which means that things happen eventually in an uniform manner – as all the differences add up and spread out.

P.S. The fun part of X is that is NOT that different in theoretical basis to differential cryptanalysis (though not if you listen to the American or Jewish schools). From the attack on Tunny onwards, with colossus helping out or not, one needs to compute a certain form of the Rayleigh quotient, where on minimizes a set of maximized length difference induced by an electron wandering along one or more of the wire between the pins on an enigma wheel. If one studies this, which leads on to Viterbi decoders, one sees that X and differential cryptanalysis are really the same thing. One is interesting is to see the lengths to which the UK went to a) hide the topic of differential cryptanalysis, and b) hide how from the rotor era onwards cipher and coding design revolved around concocting those wiring plans that expressed well known symmetric and dihedral groups, fashioned expander graphs, maximized distance ON AVERAGE, and all in all made the observer see only a uniform set of probability that did little to aid their guessing!

P.P.S. Like Turing, I never said the word eigenvalue. One doesn’t need to. Seeing the theory in linear algebra terms does actually help, however, with the more intricate study of differential geometry and, thereby, differential cryptanalysis.

Posted in crypto