Skill Scale Down 2021

This skill has been impacted by the Skill Scale Down. The impact of this for this skill is as follows:

• This skill remains.

• All knowledge is left as is.

• For how to deal with XP, please see the page Skill Scale Down 2021 for links, information, and a player guide.

• The scope of this skill has not changed. Please ensure that you take this into account going forward.

Overview

Cryptography is the practice of securing messages or information against an unwanted third party, or adversary. While historically, cryptography has seen the most use, and gained the most notoriety in the spheres of warfare and criminal activity, this versatile skill can be used for anything from political intrigue to sending love letters to protecting research notes. The same cryptographic techniques can be applied to all these ends; the content of the text to be encrypted is irrelevant.

Cryptography as a skill separates out into three categories: encryption, cryptanalysis, and steganography, or in plainer terms, code making, code breaking, and code hiding. Despite this common nomenclature though, it is worth noting that much of cryptography deals with ciphers, not codes.

Terminology

Cipher - An encryption technique that algorithmically substitutes symbols for each other. Usually requires a key to operate.

Key - A number, letter, or word that is used in conjunction with a cipher to encode a message

Code - An encryption technique that makes substitutions of words or phrases

Codebook - A list of all the substitutions of a specific code; used to encrypt and decrypt coded messages; often but not always an actual book

Plaintext - The readable, unencrypted text of a message.

Codetext/Ciphertext - Text that has been encrypted with a code or cipher respectively.

Encryption - The process of using a code or cipher to transform a message such that it's original meaning is indecipherable

Decryption - The process of transforming a code or cipher into plaintext

Cryptanalysis - The process of analyzing a code or cipher to learn how to decrypt messages sent with it.

Steganography - The practice of disguising information so that it can easily be found by allies but remains hidden from enemies

Codes vs Ciphers Despite being nearly synonymous in everyday usage, in cryptography the words 'code' and 'cipher' mean very different things. A code encrypts words, phrases and entire ideas; for instance, a wartime spy might send a message where 'rainy' = 'attack', 'sunny '= 'retreat', and 'cloudy' = 'wait'. A cipher, on the other hand, generally encrypts letter by letter, or sometimes syllable by syllable.

Each has various advantages and disadvantages. Code is often easier to disguise, and harder to decrypt, at least at first. But it's biggest limitation is the fixed codebook. First, a codebook is almost always a physical thing, which can be stolen, copied, or destroyed. Beyond that, if the same codebook is reused for multiple messages, it becomes easier and easier for an adversary to work out what each word or phrase means as they gather more examples of codetext, as each word always means the same thing. Code also runs into problems in the case of unexpected situations. If a word is not contained in a codebook, it cannot be encoded, though this problem can be partially solved by adding more words to the codebook.

Ciphers, on the other hand, are much more flexible. Encoding character by character means the users of the cipher can encrypt any message that can be expressed in letters and symbols, without having to come up with code words for every possible contingency. It is also, in the event an adversary has figured out your cipher, much simpler to swap out a key than an entire codebook. However, because of the algorithmic nature of ciphers, messages generally take longer to decipher, and it is much easier to make a mistake without realizing, which will render the message incomprehensible.

Examples

Book Code A favourite of university students, a book code is used when the sender and intended recipient of the message have access to identical copies of a book. They can then replace each word with the location of that word in the book—for example, a word might be encoded as 4, 15, 83 to represent the 4th word on the 15th line of the 83rd page. The biggest drawback of this code, however, is that it can only encode words that are present in the book being used.

Transposition Ciphers These are ciphers where the ciphertext has all the letters of the plaintext, but rearranged according to some formula. Examples include the fencepost cipher, the rod cipher, or the route cipher. Alone, these are relatively easy to decode, as the plaintext can be discovered through rigorous anagramming; however, this technique can be used in conjunction with other ciphers to great effect.

Monoalphabetic Ciphers These are ciphers where a substitution is fixed over the span of a single message; 'a' always encodes to 'D', 'b' always encodes to 'X', and so forth. These are some of the simplest ciphers to use, and are relatively easy to break for experienced cryptographers. Examples include the shift cipher, the keyword cipher and the random substitution cipher. While these ciphers differ in how they assign plaintext letters to ciphertext letters, they all share the same weakness—while the letters in the message are changed, they fall along the same patterns as the original texts, which provides a great deal of information to a clever adversary.

For instance, they might identify repeated groupings of letters that could correspond to common words, or apply frequency analysis, where an analyst guesses substitutions based on how often letters appear naturally in the language, to how often they appear in the ciphertext. For example, in Common the most common letter is 'e'—therefore, analysts will often try to decrypt ciphertext by assigning 'e' to the most common letter in the ciphertext.

The classic example of a monoalphabetic cipher is the shift cipher, which uses a letter as its key. Alternatively, the key will often be presented as a number, but we understand this to mean that numbered letter of the alphabet—using a key of '6' is the same as using a key of 'F'. The message is then encrypted by shifting the alphabet so that the letter a becomes the key. To use our earlier example, when using a key of 'F', the letters 'z', 'a' and 'b' are encrypted to the letters 'E', 'F', and 'G' respectively. This is a very simple cipher, as a code breaker will only need to identify one letter substitution to crack the message.

More complex monoalphabetic ciphers will scramble the alphabet, such that the letters 'z', 'a' and 'b' are encrypted to the letters "X", "E", and "M", for instance. This makes decryption more difficult, as every single letter substitution must be independently worked out.

Polyalphabetic Ciphers These are ciphers where substitution is not fixed over the message; 'a' could become any letter depending on positioning. These are frequently created by stringing multiple monoalphabetic ciphers together. The most famous of these ciphers is Vigenere's Cipher—named for a mortalborn of Yvithia—which uses a word as its overall key. The first letter of the plaintext is encrypted as if with a shift cipher where the key is the first letter of the overall key, the second letter of the plaintext is encrypted with the second letter of the overall key, and so forth. If the overall key is shorter than the message, then it repeats until the entire message is encoded. This is a complex method of ciphering a method, and it is easy for inexperienced cryptographers to make mistakes.

For example, if one were to encode the plaintext 'cryptography' with the key 'CODE', the 1st, 5th and 9th letters of the plaintext would be encoded as if with a shift cipher of key 'C', the 2nd, 6th and 10th letters as if with a key of 'O', and so forth. The plaintext 'cryptography' would then become the ciphertext "EFBTVCJVCDKC". Note how the third and last letters are both 'y' in the plaintext, but are different in the ciphertext; the same applies for the fourth and tenth letters 'p', because they were encoded with different keys. For this reason, methods like frequency analysis do not work on polyalphabetic ciphers.

This cipher is extremely difficult to crack, but not impossible, especially with a long message and short key. Repeated groupings of letters could lead a clever cryptanalyst to deducing the length of the overall key, which can then be used to detect patterns that help them decode the message. The risk of this can be mitigated in two ways; reducing the number of repeated letter groupings, and increasing the length of the key. These can be achieved with nomenclators, and one time pads respectively.

Nomenclators Nomenclators are systems that use a mix of code and cipher to cover the weaknesses of both. They combine a cipher with a small codebook that transforms common words and phrases into words or symbols, which both reduces the length of the ciphertext, and eliminates patterns that can be used to decode the ciphertext.

The existence of nomenclators also demonstrates that there is not a clear cut distinction between codes and ciphers, but rather that these are two directions from which a cryptographer can approach encryption.

One Time Pads A one time pad is, in its most basic form, a pad of paper that contains strings of random letters on ever page. When coded messages need to be sent between two people with identical pads, they can use the strings of letters to form keys that are exactly as long as the message, allowing for perfect encryption with no pattern for an outside observer to take advantage of to crack the code. So long as the strings on the pads are crossed out after a single use—or the entire page ripped out and eaten for good measure—any cipher using a one time pad is mathematically unbreakable.

This does not mean it has no risks, of course, but all possible weak points are due to the fallibility of mortals—mistakes made with the pad, the pad falling into the wrong hands, etc—not the math or the cipher itself.

Related Skills

Deception - Mostly used for steganography, to know how to disguise messages in such a way that they are accessible to allies, and hidden from enemies.

Craft Skills - Surprisingly useful for steganography. Historical records speak of messages embroidered in a servant's dress, or of a piece of crocheting being used as the ciphertext of an encoded communication. The possibilities are endless, with enough creativity.

Mathematics - Crucial for crafting or decoding more complex ciphers. Statistics in particular is very useful for identifying patterns in a piece of ciphertext. Mathematics is also very useful for understanding which codes can be combined without garbling the final message.

Linguistics - Codes and ciphers can be used to encode any language, and the methods of decoding will vary by language as well. One cannot decode a ciphertext if they cannot even read the plaintext, after all.
 Techniques like frequency analysis will differ in usage depending on the language as well.

Intelligence - Codes and ciphers are the bread and butter of spycraft, and intelligence can in turn be used to gather information a cryptanalyst can use to crack a code.

A note on skill levels

The skill levels given below are for cryptographers working on their own—however, in a proper intelligence network, this is often not actually the case. In order to be able to use high level cryptography through underlings, a cryptographer is able to create a 'cheat sheet' of sorts for any single combination of cipher and key that they are capable of using. This cheat sheet will allow anyone with novice cryptography or above to encrypt or decrypt using this combination of cipher and key, even if it is above their skill level. However, this cheat sheet must be a physical object, and a careful cryptographer must be aware of the risk of the sheet being stolen or lost.

If made by a PC, this cheat sheet must be created in a thread, and awarded by a peer reviewer.

Skill Ranks

Novice (0-25)

The novice cryptographer has only just begun to dip their toe into the world of codes and ciphers. They are aware that messages can be hidden, but have not yet learned how to do so reliably.

When it comes to steganography, they are capable of hiding their messages in the most basic ways—using invisible ink, or by physically hiding pieces of paper in places.

They are capable of using basic codes and performing encryption using the shift cipher or simple transposition , though they typically need to keep a reference table at hand and slowly write out the decryption piece by piece.

Those more focused on decryption are familiar with a handful of common codes, and might be able to brute force crack a simple ciphertext by going through all the common ciphers one by one until a coherent message emerges, but are still learning the patterns and methods that would allow them to speed up this process.

Competent (26-75)

The competent cryptographer has grown in confidence and skill, and is capable of much more than they used to be. 
 They have learned more complex methods of steganography, such as hiding a message in plain sight, although they must rely on methods that have been pioneered by other, more experienced cryptographers.

The basic codes and ciphers can be done much quicker after so much practice, although they still need to keep a reference at hand just to be safe. They are also capable of using more complex ciphers, such as monoalphabetic ciphers where the order of the alphabet is not retained. They might start experimenting with polyalphabetic ciphers here, but these are still somewhat difficult for them to use reliably.

The codebreaker, at this level, is capable of techniques such as frequency analysis, and recognizing repeated groupings of letters to break monoalphabetic ciphers. Their speed is also increased for breaking ciphers through brute force, as they have had a great deal of practice.

Expert (76-150)

The expert cryptographer is either an excellent hobbyist, or a professional with a great deal of experience under their belt.

They have learned enough about steganography to be able to invent their own ways of disguising messages, as good as any of the classic methods.

They are now capable of all the common forms of codes and ciphers, and have perhaps started to create their own, though it would take some work to find one that is not simply a reinvention of an existing cipher. They are also capable of combining codes and ciphers into nomenclators, or combining two ciphers to make a stronger one.

Codebreakers are able to break polyalphabetic ciphers at this level, though it takes time and effort to do so. Their ability to recognize patterns is sharply honed, and they have developed a strong intuition for how to break most ciphertexts, though they are still capable of mistakes.

Master (151-250)

The master cryptographer is truly an artist of their craft, innovators in their field.

They are capable of hiding messages almost anywhere with little fear of discovery, even right under the noses of those who would try to find them.

At this level, innovation is the name of the game, with the cryptographer capable of creating new ciphers and combining multiple techniques to make brain bending encryption that will stump any adversary who is not at least as skilled as they are.

At this level, codebreakers are masters of their craft, able to crack codes much quicker than their less skilled counterparts. They are even able at this level to take a crack at codes that they aren't familiar with, although it will still take a great deal of time and data to do so.

Credit

Thanks to Praetorum for writing up this skill.

Progressing Cryptography

• Capstones
• Grandmasters
• Tier 2 PCs

Cryptography Knowledge

The collapsible below has examples of Skill Knowledge for this skill. If you are unsure of what Knowledge is, please check the Knowledge Primer for details. Please remember that our Peer Reviewers will be checking to make sure that your Knowledge claim is appropriate to what you have learned in the thread and ensuring that you are not duplicating knowledge.

A guide to knowledge can be found here (this link takes you to the site) and the person reviewing your thread will do so following the steps laid out in the Peer Reviewer Guide. If you wish to use one of these knowledge in your request, please ensure that it is appropriate to your thread.