Rubic-Cube-Challenge-bar

A Rubik’s Cube can be used to implement a low-tech encryption method. But is it secure? Here’s a challenge for my readers to solve.

In a Cryptologia publication from 1992, Douglas W. Mitchell proposed an interesting cipher that does not require computer support: encryption with a Rubik’s Cube.

 

The algorithm

To use Mitchell’s cube encryption algorithm, the surface of the cube should be coated so that it can be written on. The colors on the cube faces are irrelevant.

To begin with, write the numeral “1” on the upper left square of one of the cube faces. Write “2” on an arbitrarily chosen square of any other cube face, write “3” on any square of any other cube face, and so on.

Rubik-Encryption (1)

Then fill in a 48 letter plaintext on the remaining 48 squares of the cube. The first eight letters are written on cube face “1”, letters 9 to 16 on cube face “2”, letters 17 to 24 on face “3” and so on. Always start writing in the upper left cube of the face. As an example, I took the cleartext “ABCDEFGHIJKLMNOPQRSTUVWXabcdefghijklmnopqrstuvwx”.

Rubik-Encryption (3)

For encryption and decryption to work properly, it must be defined, which corner is considered as the upper left one (this is only clear for the front face). I used the following scheme:

Rubic-Cube-Orientation

In the next step, the cube is twisted. Assuming that we always keep the “1” square at the upper left position, 18 rotations are possible in one step (rotating the right column by 90/180/270 degrees, rotating the middle column by 90/180/270 degrees, rotating the lower row by 90/180/270 degrees, rotating the middle row by 90/180/270 degrees, rotating the back level by 90/180/270 degrees, and rotating the middle level by 90/180/270 degrees).

Rubik-Directions

The rotations carried out are the key. For my example I took the key MC90, LR270, RC180, ML90, BL270 (for a real application I would have taken a longer key).

Rubik-Encryption (4)

Now the letters and numbers are read from the cube (front face with the 1 in the upper left corner, right face, back face, left face, top face, bottom face). The result of my encryption procedure is the following ciphertext:

134CTnILp  iwrODWPoV  BENbtual5  SjfAmcv6H  kJKUdgxGX  QRqM2nheF

This looks quite random, considering that the cleartext was “ABCDEF…” and I used only five rotations.

Decryption is straightforward. Take the ciphertext and write it on the cube (front face, right face, …). Then carry out the reverse rotations in the reverse order. Then read the letters from the “1” face, the “2” face and so on.

 

A challenge

I published a blog post about Mitchell’s cube encryption algorithm two years ago. There were many comments, some of which doubted the security of this method. As far as I know, nobody has ever published a research paper that discusses attacks on this kind of encryption. So, it is still quite unclear whether this algorithm is as secure as it seems and if it can be improved.

To stimulate research in Mitchell’s cube encryption algorithm, I have created a challenge. I took a sentence consisting of 48 letters and encrypted it with a Rubik’s Cube in the way I described it above. Here is the ciphertext I received:

1GDWOHOER GTNTTROI3 AET2NEV5N EIOYR6IBO WEHM4UCOD TNEIEMYET

Can a reader break this cryptogram? If so, which codebreaking method did you use? Is Hill Climbing an option? I’m looking forward to your comments.

Further reading: The world record crypto challenge

Kommentare (10)

  1. #1 Jerry McCarthy
    England, Europa.
    27. Oktober 2018

    Abo…

  2. #2 Jerry McCarthy
    England, Europa.
    27. Oktober 2018

    Your example plain text “ABCDEDGHIJKLMNOPQRSTUVWXabcdefghijklmnopqrstuvwxyz” seems a bit wrong. I guess it should start “ABCDEF”, and it seems to be too long (50 characters)

  3. #3 Klaus Schmeh
    27. Oktober 2018

    @Jerry: Sorry, you’re right. The plaintext was actually ABCDEFGHIJKLMNOPQRSTUVWXabcdefghijklmnopqrstuvwx
    I corrected it.

  4. #4 George Lasry
    28. Oktober 2018

    This reminds me of the Cryptobox cipher:

    http://users.telenet.be/d.rijmenants/en/boxchallenge.htm

    In this cipher, the effect of one step affects either no more than 20% of the bigrams (vertical moves) and much less in many cases (horizontal moves). So maybe 12% on average. The challenge had 100 letters and 20 steps. It was a very hard challenge.

    With the Rubic code, the effect of each step on the bigrams of resulting text seems to be dramatic (2/3 = 67% of them are affected – all the bigrams on 4 sides out of 6). So after a small number of steps, the disruption is dramatic and would make hillclimbing ineffective. Also, the length of the text – 48 – is way too short, given the key size of the space (assuming we have 10 or more steps). Could even be below the unicity distance(?).

    To check the limits of hillclimbing (maximum number of encryption steps), we would need to implement it, but on the surface, my intuition is that with 10 steps we have a pretty good level of security. An even much more with 20 steps.

    How many steps in the challenge key?

  5. #5 Norbert
    29. Oktober 2018

    @George: I think a hillclimber might be successful. But rather than trying to find the right “moves”, it should just disassemble the whole cube and try to reassemble it in a promising way. Consider that a corner piece always remains a corner piece with only seven possible positions (one corner is fixed according to Klaus, and with it not only the “1” but also another two cipher letters which therefore cannot be moved at all!), and only three orientations per position. Analogously, every edge piece has 12 possible positions with only two orientations. The only problem is that we don’t know in which orientation each side of the cube has been written on. However, I think the keyspace is not that huge as it seems at first glance…

  6. #6 Klaus Schmeh
    1. November 2018

    Bart Wenmeckers via Facebook:
    Great topic. The 3×3 has some major vulnerabilities which would be reduced using 4×4 or 6×6 cubes. I might have a quick go tonight.

  7. #7 Klaus Schmeh
    1. November 2018

    Bart Wenmeckers via Facebook:
    Hi Klaus just to confirm the interpretation of your article is this the correct encrypted layout of the cube?

  8. #8 Klaus Schmeh
    1. November 2018

    @Bart Wenmeckers:
    Yes, this is correct.

  9. #9 Jonas Gerdel
    Koblenz
    5. November 2018

    Hello Klaus,

    if the message is longer (using the same rotations for a longer message) its possible to get the message just by linguistic analysis.
    The main problem in my view is that plain text and ciphered text using the same letters. Its just a somehow scrambled anagram.
    A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
    1 1 1 2 8 – 2 2 4 – – – 2 4 6 – – 3 – 6 1 1 2 – 2 –

    Here is my try so far:
    I WONDER WHY YOU ARE NOT GETTING THE CODE
    NO MORE TIME
    Letters not used: EBIMTV
    or
    MOVE IT ONE TIME (RBM)
    MOVE IT MORE TIME (BN)

    If you have an idea about the message content, you will get it, im pretty sure.
    There is no S(!), no F, and only one A.
    It may be completly wrong, it’s just a guess.

    Außerdem ist mein Englisch nicht besonders gut 😉

    when will you show the plaintext?

    PS: in the diagram the letter under the 4 has to be O, not D.

    Kind regards!

  10. #10 Klaus Schmeh
    11. November 2018

    @Jonas Gerdel:
    >the letter under the 4 has to be O, not D.
    Sorry for the mistake.

    >Here is my try so far:
    I’m afraid, you’re on the wrong track. This doesn’t look like the correct solution.