DRYAD Numeral Cipher/Authentication System
The DRYAD Numeral Cipher/Authentication System is a simple, paper cryptographic system used by the U.S. military for authentication and for encryption of short, numerical messages.
A DRYAD code sheet contains 25 lines or rows indexed by the letters in a column on the left of the page. Each row contains a random permutation of the letters A through Y. The letters in each row are grouped into 10 columns labeled 0 through 9. The columns under 0, 1, 2 and 5 have more letters than the other digits, which have just two each.
The DRYAD Numeral Cipher/Authentication System has the advantage of being fast, relatively easy and requires no extra equipment. The presence of more cipher-text columns under the digits 0, 1, 2 and 5, is intended to make frequency analysis more difficult, but much of the security of the cipher comes from keeping the crypto-period short.
DRYAD can be used in two modes, authentication or encryption.
Authentication
For authentication, a challenging station selects a letter at random from the left most column followed by a second (randomly selected) letter in the row of the first chosen letter. The station being challenged would then authenticate by picking the letter directly below the row and position of the second letter selected.
For example, using the example cipher sheet above, Bob could challenge Alice by transmitting the letters "Alpha" and "Bravo". Alice's correct response would then be "Kilo".
One problem is that an adversary has a one in 25 chance of guessing the correct response. A solution to this is for Bob to require Alice to authenticate twice; lowering the odds of an adversary guessing the correct response to one in 625 possible guesses. The downside to this method is reduced longevity of the current DRYAD page (since the page is getting twice as much use as a single-authentication scheme).
Encryption
The second mode is used to encrypt short numeric information (such as map coordinates or a new radio frequency). The coder selects two letters at random. The first selects a row in the current active page. The second letter is used as in the authentication mode and is called the "SET LETTER." The set letter identifies the row from which numbers will be encrypted.
Numbers are encrypted one digit at a time. A ciphertext letter is chosen from the selected row in the column under the plain text digit. If the digit occurs more than once in the number, the coder is instructed to choose a different letter in the same column. All the digits in a single plaintext number are encrypted from the same row.
For example, sending the letter pair "TE" identifies row "S". The number 8754309 could be encrypted from row "S" as DXMWORP.
DRYAD encryption tables can be easily created using MS Excel's pseudo-random number generator to scramble the 25 alphabets needed for the table. A series of DRYAD encryption tables is provided to each radio operator, allowing a new table to be used frequently (changed at least every day).
If you are willing to generate your tables on-line, you can use the DRYAD Pad Generator web-site: https://goto.pachanka.org/crypto/dryad-pad You could also save the web-page and run it off-line.
The web-site also provides additional details on using DRYAD encryption and authentication.
Comments
Post a Comment