Аппроксимация распределений частот буквенных биграмм текста для идентификации букв

The article discusses the application features of methods of the frequencies ordering and approximation to solve the problem of text characters identification. The conditions for realization of Jacobsen’s method for receiving the least error of identification are defined. The method of approximation of one- and two-dimensional distributions of the frequencies of characters bigrams of the text and the language is offered. The experimental data about errors of Jacobsen’s method and the offered approximation method for Russian language texts are provided. The error of the offered method is less than that of Jacobsen's method. This method can be used for identification of text characters for any language that has a reference distribution of the alphabetic characters bigrams frequencies.В статье рассмотрены особенности применения методов частотного упорядочивания и аппроксимации для решения задачи идентификации знаков текста. Определены условия реализации метода Якобсена для получения наименьшей погрешности идентификации. Предложен метод аппроксимации одномерных и двумерных распределений частот знаковых биграмм текста и буквенных биграмм эталона языка текста. Приведены экспериментальные данные о погрешностях метода Якобсена и предложенного метода аппроксимации для русскоязычных текстов. Погрешность предложенного метода меньше, чем у метода Якобсена. Метод может быть использован для идентификации знаков текста любого языка, для которого существует эталонное распределение частот буквенных биграмм

MadHatter: A toy cipher that conceals two plaintexts in the same ciphertext

We present a toy cipher that has two novel features: Two plaintexts are concealed by the same ciphertext in different schemes, and the enumeration of the permutations of ciphertext symbols (not the permutations of plaintext symbols, as used in transposition ciphers) forms the basis of one of the schemes. The other scheme uses mixed-radix numbers as substitutes for plaintext symbols. Both schemes use the same symbols, but with different interpretations, and this allows two plaintexts to be encrypted in the same ciphertext

Cryptanalysis of Homophonic Substitution Cipher Using Hidden Markov Models

We investigate the effectiveness of a Hidden Markov Model (HMM) with random restarts as a mean of breaking a homophonic substitution cipher. Based on extensive experiments, we find that such an HMM-based attack outperforms a previously de- veloped nested hill climb approach, particularly when the ciphertext message is short. We then consider a combination cipher, consisting of a homophonic substitution and a column transposition. We develop and analyze an attack on such a cipher. This attack employs an HMM (with random restarts), together with a hill climb to recover the column permutation. We show that this attack can succeed on relatively short ci- phertext messages. Finally, we test this combined attack on the unsolved Zodiac 340 cipher

Slippery hill-climbing technique for ciphertext-only cryptanalysis of periodic polyalphabetic substitution ciphers

We present a stochastic method for breaking general periodic polyalphabetic substitution ciphers using only the ciphertext and without using any additional constraints that might come from the cipher’s structure. The method employs a hill-climbing algorithm for individual key alphabets, with occasional slipping down the hill. We implement the method with a computer and achieve reliable results for a sufficiently long ciphertext (150 characters per key alphabet). Because no constraints among the key alphabets are used, this method applies to any periodic polyalphabetic substitution cipher

Automated ciphertext-only attack on the Wheatstone Cryptograph and related devices

We examine some historical proto-mechanical cryptographic devices, such as the Wheatstone Cryptograph, that employ revolving clock hands or rotating concentric disks. The action of these “cipher clocks” can be factored into a stream cipher followed by a monoalphabetic substitution. This allows us to perform a stochastic hill-climbing attack to break the substitution. The attack maximizes a fitness that measures how well a decryption of the substitution cipher resembles an encryption of the stream cipher alone

On the Construction and Cryptanalysis of Multi-Ciphers

In this compilational work, we combine various techniques from classical cryptography and steganography to construct ciphers that conceal multiple plaintexts in a single ciphertext. We name these multi-ciphers . Most notably, we construct and cryptanalyze a Four-In-One-Cipher: the first cipher which conceals four separate plaintexts in a single ciphertext. Following a brief overview of classical cryptography and steganography, we consider strategies that can be used to creatively combine these two fields to construct multi-ciphers. Finally, we cryptanalyze three multi-ciphers which were constructed using the techniques described in this paper. This cryptanalysis relies on both traditional algorithms that are used to decode classical ciphers and new algorithms which we use to extract the additional plaintexts concealed by the multi-ciphers. We implement these algorithms in Python, and provide code snippets. The primary goal of this work is to inform others who might be otherwise unfamiliar with the fields of classical cryptography and steganography from a new perspective which lies at the intersection of these two fields. The ideas presented in this paper could prove useful in teaching cryptography, statistics, mathematics, and computer science to future generations in a unique, interdisciplinary fashion. This work might also serve as a source of creative inspiration for other cipher-making, code-breaking enthusiasts

Similarity-based Android Malware Detection Using Hamming Distance of Static Binary Features

In this paper, we develop four malware detection methods using Hamming distance to find similarity between samples which are first nearest neighbors (FNN), all nearest neighbors (ANN), weighted all nearest neighbors (WANN), and k-medoid based nearest neighbors (KMNN). In our proposed methods, we can trigger the alarm if we detect an Android app is malicious. Hence, our solutions help us to avoid the spread of detected malware on a broader scale. We provide a detailed description of the proposed detection methods and related algorithms. We include an extensive analysis to asses the suitability of our proposed similarity-based detection methods. In this way, we perform our experiments on three datasets, including benign and malware Android apps like Drebin, Contagio, and Genome. Thus, to corroborate the actual effectiveness of our classifier, we carry out performance comparisons with some state-of-the-art classification and malware detection algorithms, namely Mixed and Separated solutions, the program dissimilarity measure based on entropy (PDME) and the FalDroid algorithms. We test our experiments in a different type of features: API, intent, and permission features on these three datasets. The results confirm that accuracy rates of proposed algorithms are more than 90% and in some cases (i.e., considering API features) are more than 99%, and are comparable with existing state-of-the-art solutions.Comment: 20 pages, 8 figures, 11 tables, FGCS Elsevier journa