rotor cipher machine, enigma, electro-mechanical

Sharing Time-Stamped Knowledge of Secrets

I had a thought a few years ago that I never committed to writing. It is probably not an original thought. There are very likely people who are way smarter than me who have researched this topic well, maybe even written a scientific paper or dissertation about it. But, this is just a thought experiment, and I wanted to write it down. So, feel free to work through this post with me.

What if you wanted to document that you had knowledge secret X, and it would be important to also document that you knew it on Y date. You could just come out on Twitter (which timestamps messages with Y) and say "I know X", but maybe X is a secret that could cost you your job. Maybe you could go on Facebook (which also timestamps your message) and vaguebook about the secret, but that runs the risk of annoying your friends, making them wonder if you are talking about them (you aren't). Or, when you try to prove "I knew X. See my Facebook message on Y date? I was talking about X", they could just say "That message was so vague, you could have been talking about anything else".

A Story that Invokes Godwin's Law

Say you were a German living in the early days of Nazi Germany. In 1933 you started to see some things going on around you that you did not approve of - boycotting of Jewish businesses, book burnings, people being forcefully sterilized. and laws being enacted that started to control the press. You don't like what you see going on, but are afraid to speak up about it - most of the people around you loves the Nazi party (or at least acts like they do), and they seem really militant about it. Speaking up could have serious ramifications for your family. You decide to publicly be as neutral as you can. But after a couple years of watching this, you secretly record your thoughts.

I despise what I see going on around me. I can't stand the way my Jewish friends are being treated. I long for the day that the Nazi party is no more.

1938-12-01

Maybe during all of this you even did something that could get you killed if it became known

After what happened yesterday, I helped my friend David and his family flee the country

1938-11-09

You hope this will all be over at some point, the Nazi party is dissolved, and the country you once knew is somewhat restored. Or maybe you hope to move somewhere else. You want to be able to show others in the future "Look, I was not one of them. I even wrote it down."

There are at least two big problems with how you are going about this though:

  1. If someone in power finds your journal, you likely will be executed. You need your journal to be encoded in some way that conceals the message and even can give deniability to what it says
  2. If you make it through this to the other side, you might have a hard time proving that you wrote these when you wrote them. Maybe you were a Nazi sympathizer and wrote this all in 1950 and lied about the dates to make it look like you were not sympathetic to their cause. You need a way to authenticate that the message was written when you said it was.

Some Possible Solutions From the 1930's

Using a little bit of Computer Science, we have some options on how to overcome both of these issues. In modern days, we could use hashing, or encryption, maybe even combine those with the blockchain to have a public ledger of when you made your claim.

In the 1940's, at least one of those was available - encryption. Now, let us take our hypothetical person's journey a little bit further.

Let's that during all of this you were conscripted, and were a radio operator who had access to an Enigma machine. The Germans had codebooks with Enigma settings that would change on a daily basis. I am going to make an assumption that you only had access to one month's codebook, and any old codebooks were destroyed (except at some central archives that very few people had access to). You knew that when this was all over, there might be some Enigma machines that survived, and that somewhere there might even been some codebooks. You could say "Look, I wrote this on November 9, 1938, look up the codebook for that day and decrypt the message."

You can simulate that here: https://cryptii.com/pipes/enigma-machine

Enigma M3, UKW B reflector, R1: VI,A,A R2: I,Q,A R3: III,L,A. Plugboard bq cr di ej kw mt os px uz gh
Input: after what happened yesterday i helped my friend david and his family flee the country
Output: eylfa gxmmj mtbic yrfwb btsmd mlcya ctitw ocvuv kxysl qllqa zecqd xsies mszld otfry ob
Decoded: after whath appen edyes terda yihel pedmy frien ddavi dandh isfam ilyfl eethe count ry

So all your Journal contained was the encrypted output: eylfa gxmmj mtbic yrfwb btsmd mlcya ctitw ocvuv kxysl qllqa zecqd xsies mszld otfry ob. Now, if you wrote the date down next to it and your journal was confiscated, someone could just look up the codebook for that day and decrypt that message, which would end up with you being imprisoned or killed.

Let's alter the plan a little bit. You write down two six additional letters - berdmj, and write that before this encrypted output: jdwzj fxhdf otqlw qgsie uaspd hepum myxnu vceab mwewa hmiaj aaipw xwvms lggrl omxxu el. This contains the same message, but the six characters at the beginning are instructions on how to alter the rotors on the machine. You are still using the same rotors and plugboard settings, but have altered the initial positions of the rotors. Instead of Rotor 1 being VI,AA, it is now VI,B,E, etc. You could still say "Go look up the Enigma settings from 1938-11-09, but make these changes. Then you can decrypt the message.".

Now, there are still some problems here - you wrote some gibberish in your journal, and if it were captured, one might deduce that this was an encoded message since you had access to an Enigma. You could be compelled to decode it under threat of death. So, maybe you could hide it in an otherwise innocent journal entry using an acrostic or some other form of steganography.

This still isn't a perfect solution, but I hope it shows one way this could have hypothetically been done in the past.

A More Modern Example

I was discussing this concept with my wife, who is not a technologist, and she thought of the example of Jon Gosselin (quick Google search gave me this and this). I remember the show "Jon and Kate Plus Eight" coming out, and even saw an episode or two, and realized how ... off the Jon guy was, and how emotionally / verbally abusive his wife seemed. It turns out he was leaving his wife, and was under a legal gag order that prevented him from speaking out about his side of the story.

So, what if you were under a legal gag order? What if you had something you had to say, or at least after the gag expired wanted to be able to prove you knew something on a specific date that you could not talk about? What if you wanted to tell friends and family "You know those awful things my ex-wife was saying in the public about me, and I could not defend myself? Well, here is an authenticated message on date Y that proves that I knew X back then and didn't just write it on Facebook yesterday"

More Modern Solutions

There are some great ways you could go about doing this today. You could encrypt a message using deniable encryption where there are two (or more) keys to decrypt the message - one reveals the scandalous secret you are trying to protect, the other(s) reveal something less scandalous but secret enough to justify using encryption. You could then store this encrypted message in a blockchain like Bitcoin's, so that proof of when it was made (at least the latest date that it could have been made) is distributed knowledge (ie: not relying on a timestamp on a WordPress site that could be changed), and the message could not just be deleted from something like Twitter.

Or, maybe there is a service out there (have not checked as of this writing) that generates public cryptography key pairs on a daily basis. You can use their service to sign a message to state that it was in fact signed on a specific date. After that date has passed the private key is destroyed, so you can no longer sign a message with a given timestamp, but you could go back to verify the date that the message was signed.

These solutions might be overkill, but might be useful for some. Maybe a government whistleblower who has some secret that could bring down a president, before going through the "proper" channels, encodes a message "My name is Bob Smith and I am about to report fact X about president T on date Y. I want history to show I was the one who reported this", and distributes it using one of the methods above.

Simpler Solutions When a Presidency is Not Involved

So, if you are not trying to bring down a president, but want to document knowledge of some secret, what are some simple ways of doing so?

Simple Solution 1: Hash + Twitter

I could write a message with a salt (in this case a date) before it:

20200418 I wrote a blog post about documenting knowledge of a secret

Hash it using SHA256, get the following hash: d8b0ddc500c41ad262884f55db5de08696928fd586512ea6a97e98574c4674b0, and tweet the hash. You can see, according to the public ledger that is Twitter, that I was working on this post at 7:41 AM Central Time on 2020-04-18.

I can then later tweet SHA256(20200418 I wrote a blog post about documenting knowledge of a secret), you can see the hash of d8b..., and search through my tweet history and see when I originally made that claim.

Solution 2 : HMAC + Tweet

Similar to solution 1, a HMAC uses a hashing function, such as SHA256, but adds a shared secret key to the mix to validate the authenticity of the message.

20200418 I wrote a blog post about documenting knowledge of a secret

Add HMAC SHA256 with a share key of "DanWatt" as UTF8

This gives us the following: 813a78be854f5dde829da003b4d0e9a51dde45dcd25143978d613a42a299c50c . See it for yourself at the CyberChef.

I could then take that hash, tweet it, and store the shared key elsewhere.

Later, when I want to prove my claim, I can give you the original message, and you can validate that I made the secret claim on the date that Twitter said I did.

Other Solutions?

So reader, what other solutions do you have to publicly claim knowledge of a secret, that later, if you choose to, you can prove to people that you made the claim when you said you did?

a0b52f8b066e213ed0c73e927b550f6468b486e568c3af6132fc829ba2134a09

cc93c85419a848cdcd67436563e7798de289e453d7f2f6f87b363b130cd72f2d

Leave a Reply