We have a winner! @TimoHirvonen

Congratulations Timo! His gift will be a Trustwave Spiderlabs goodie package which includes a Trustwave cinchpack, the latest Spiderlabs tshirt, several stickers, a Throwing Star LAN Tap, and an exclusive Spiderlabs challenge coin.

*On Monday I noticed
the blog post with SpiderLabs Crypto Contest hints. I googled Triforce and
found this image: **http://en.wikipedia.org/wiki/File:Triforce.svg**. I calculated the length of the ciphertext, and it turned out to be
divisible by three (273=3*91). Moreover, 91 equals to 1 + 2 + … + 13 so it is
possible to format the ciphertext into three triangles that have one character
on the first row, two on the second, etc.*

*I split the ciphertext
into three chunks and formatted each chunk into a triangle. The hints told to
look for uniqueness after the
transposition, and one of the tweets (**https://twitter.com/atucom/status/289974039794040834**) said “look for the side that is unlike the others”. None of
the sides were unique so I clearly did something wrong. However, I did realize
that the length of the long side (2*13) conveniently equals the size of the
English alphabet.*

*Then I noticed this
tweet (**https://twitter.com/atucom/status/290289441153626113**): “left to right, top to bottom”. I kept the top triangle but changed
the bottom two: I put the 92 ^{nd} letter to top of the bottom left
triangle, 93^{rd} to the top of the bottom right triangle, then
94^{th}&95^{th} to left, 96^{th}&97^{th}
to right, and so forth. This transposition had the uniqueness I was looking
for: the left side of the large triangle was a permutation of the English
alphabet (RICLDKGUQAWZXBEFPYHJMONSTV). *

*It was easy to guess
that the permutation of the alphabet is most likely the key for the
substitution cipher. So I replaced R with A, I with B, etc. The resulting
plaintext was clearly English, I just replaced all occurrences of letter X with
spaces to make it more readable.*

Over the span of the contest I released several hints. They are below:

- Blog Hint #1 It is both a transposition and substitution cipher at the same time.
- Blog Hint #2 The name of the cipher is the only hint you should need.
- Blog Hint #3 It’s simple, I swear.
- Blog Hint #4 It's called the Triforce Cipher, not Sierpinski's Triangle Cipher.
- Blog Hint #5 I introduced transposition and substitution in the blog because thats what the cipher uses. More accurately, Transposition THEN substitution.
- Blog Hint #6 Once you solve the
transposition, look for
*uniqueness*. - Blog not-so-hint #1 I said the cipher was simple, I didnt say it was easy ;)
- Blog Hint #7 There are no spaces in the answer, just letters.
- Blog Hint #8 Keep an eye on @atucom on twitter, I may release a couple more hints in the near future.
- Twitter Hint #1 Once you transpose it correctly, look for the side that is unlike the others.
- Twitter Hint #2 the transposition is inspired by normal English. Left to right, top to bottom.

Using these hints, most people can derive the following:

- You have to perform a transposition operation first, and then substitution
- The transposition cipher is somehow a Triforce
- The plaintext only contains letters, no spaces or numbers or fancy stuff.
- A certain “side” of the Triforce is special for some reason
- You arrange the transposition the same as English

This was the ciphertext I gave in the first blog post:

RISCCELBGYDRJHSKEBSHEGZOQBGSUJUDSKQYQHJSJYQKEAYCDSC

QFUDWYSDODYSCYDZRJDLSHDBLSRXJMCEXSJUDSCEBLEDNEFYLS

ZEPZNMJCYTYFJESEBSJNHQJJDYSRBLSTJEMZZSNQBSJUDSMFYQV

DHSSSSJUDSYODHJSQHSGRYIRGDSZWNARICQTIURZCHUAIZRHOS

MRAIZOQRIACZRWHABLZASTVSCVSZCQMVSICZVSCIAZVSQVMICVS

ZCVMSICAZVSMCIZRSRZZ

Using the ciphertext, you write it out into the shape of a Triforce:

So now that we have transposed it properly, one of the sides is special somehow. Well, if you look at the sides of the Triforce, there is one side that is different than the rest. Can you see it?

How is it different than all of the other sides? It’s the only side with one instance of every letter. No duplicates at all on that side. Why does that matter? Well, if you count how many letters there are, you would count 26 letters. Guess what else has 26 letters? The English Alphabet.

If you paid attention to the explanation of substitution ciphers , you would see that they typically have a 1:1 ratio of letters. Knowing this, you can see how this unique 26 letter string has a high probability of being a key. So then lets lay it out:

ABCDEFGHIJKLMNOPQRSTUVWXYZ

RICLDKGUQAWZXBEFPYHJMONSTV

If you take that key, you can start translating everything else that’s not the key (the data), which results in:

XCONGRATSXONXSOLVINGXTHEXFIRSTXTRIFORCEXCIPHERXEVERXCREATED

XSENDXATUCOMXTHEXCODEWORDXLOLWUTCRYPTOXONXTWITTERXANDX

YOULLXWINXTHEXPRIZESXXXXTHEXRESTXISXGARBAGEXLKJABCIYBHALCSH

JBLASVUAJBLVIABJCLAKSJNDLJXZXCZXLCIUZXBCLZXCBJLZXIUBCZXLCZUXBC

JLZXUCBLAXAL

Lets make this easier to read:

X**CONGRATS**X**ON**X**SOLVING**X**THE**X**FIRST**X**TRIFORCE**X**CIPHER**X**EVER**X**CREATED**

** **X**SEND**X**ATUCOM**X**THE**X**CODEWORD**X**LOLWUTCRYPTO**X**ON**X**TWITTER**X**AND**X

**YOULL**X**WIN**X**THE**X**PRIZES**XXXX**THE**X**REST**X**IS**X**GARBAGE**XLKJABCIYBHALC

SHJBLASVUAJBLVIABJCLAKSJNDLJXZXCZXLCIUZXBCLZXCBJLZXIUBCZXLCZUXBC

JLZXUCBLAXAL

There you have it. To win, you needed to send me the phrase “LOLWUTCRYPTO” on twitter.

Now lets go into my favorite part, the cryptanalysis…

**The Triforce Cipher
Cryptanalysis**

This isn’t the worst cipher in the world, but it really isn’t that great. There are several limitations that we shall go into.

Data Limit:

Being that the cipher must conform to the shape of a Triforce, this imposes a restriction on the size of data it can contain. The Triforce is a equilateral triangle, which means all sides must be the same length, and if one of the sides is the key, than the total data size is limited by how long your key is. This relationship between how long your key length is to how much data you can store can be calculated using the following equation:

Where S is the data size and n is the key length.

Or this excel formula to make it easier:

B1=3*(((A1/2)*((A1/2)+1))/2)-A1

This means that if you have a 26 letter key, you can contain 247 characters of data, which comes out to a total ciphertext length of 273 characters.

Key Length |
Data Length |
Total Length |

4 |
5 |
9 |

6 |
12 |
18 |

8 |
22 |
30 |

10 |
35 |
45 |

12 |
51 |
63 |

14 |
70 |
84 |

16 |
92 |
108 |

18 |
117 |
135 |

20 |
145 |
165 |

22 |
176 |
198 |

24 |
210 |
234 |

26 |
247 |
273 |

28 |
287 |
315 |

30 |
330 |
360 |

So if you decided to write the ciphertext using the hexadecimal character set instead of the English alphabet, you could store 92 characters of data.

Using the table above, you can easily figure out how long the key is based on the total length (you can also just count how many different characters there are, but this is easier)

The Wall Of Secrecy Is Very Short

Another issue with this cipher is the fact that the key to decrypt the ciphertext is easily compromised once it’s understood that this is a Triforce Cipher. This essentially places it on the same level of strength as a Caesar cipher. If you know what encryption algorithm you are dealing with, it’s game over.

**Further
Challenges:**

The next Spiderlabs Crypto Contest will be a modified book code I’m working on.

Excellent challenge. Thanks for creating this. And congratulations to Timo who solved it, good job!

Posted by: Marco Tietz | 22 January 2013 at 17:15