Background

(2021). otp_overview_example.png. duongnt.com. https://duongnt.com/wp-content/uploads/2021/06/otp_overview_example.png

The One Time Pad (OTP) has been a staple of the cryptography community ever since it was invented; publications such as Academic Accelerator even claim that the method “in cryptography is an encryption technique that cannot be broken”[5]. As learned in class, the use of OTP requires a sequence of key bits (or Pad) the same length as the plaintext message to be generated randomly, then xor’d with the plaintext, producing a ciphertext that achieves perfect secrecy. However, when a key is re-used to encrypt multiple plaintexts, the security of the system is compromised [1]. A cryptanalysis technique known as Crib-Dragging [2] can be used to uncover the contents of the plaintexts with the re-used key, as well as reconstruct the key/pad that was used. The technique works by the adversary guessing what the plaintext encrypted was to obtain a partial pad, then testing the guess by decrypting the other ciphertexts under the partial pad to see if sensible results are produced. If the adversary knows the content type that was decrypted this can become increasingly easy as seen in class with common english words being used to decrypt the three ciphertexts.

Our Project

A screenshot from our game in action

The appeal of the game-like nature of crib-dragging was immediately apparent to our group who enjoyed its puzzle-game nature as we navigated the terminal based game from classroom Worksheet 02. Our proposed Unessay is to improve on that (ever so slightly tedious) game, with a new game called Crib-Draggle. The vision is to create something similar to New York Times’ Wordle [7].

Game Highlights

  • A fully functional, web-hosted game.
  • A usable and aesthetically pleasing UI.
  • Features to make the game more fun and engaging:
    • Provides a daily Crib-Drag puzzle in which players solve the puzzle.
    • Provides scoring and game play statistics to make the process more fun and engaging. 
    • Provides comparisons to their friends who also solved the daily Crib-Drag puzzle.
    • Ability to hover over the ciphertexts using a mouse to reveal the guessed decryptions, greatly improving the usability of the puzzle.

Hopefully we will be able to host the game publicly for all of you to try!

Project Specifications

Our project will be written using React as a front-end and JavaScript as a back-end. The game will be presented similar to Wordle where the player is presented with a crib-drag puzzle and after solving it they will receive a scoring metric to compare with other players. The loading of the plaintexts will be done by reading a json database full of potential plaintexts, the plaintexts retrieved will change depending on the day. The game will have various difficulty settings which reveal differing amounts of the pad before the puzzle starts. Statistics will be kept while playing the game and presented to the player upon solving the puzzle for things such as time taken, crib words used, etc. There may also be various modifiers that you could enable for the game such as the ability to see if your cribword is in any of the plaintexts before dragging.

Adding to our fleshed out game, we also aim to generate a research page which details how crib dragging works as well as any historical facts or information pertaining to the technique to better inform the players the origin of the game and cryptographic attack.

We look forward to finishing the project, and hope to have something to share with all of you when we finish. If you have any questions for our team, please feel free to ask below.

Thanks,
Group 1

Group 1 Members:
  • Austin Shawaga 30086103
  • Riley Lahd 10110724
  • Patrick Guyn 00817434  
  • Ibrahim Subair 30222551

Bibliography

Sources
  1. Stanley, James. (2018, February) A visual demonstration of the perils of key reuse in a one-time pad. Incoherency.co.uk. https://incoherency.co.uk/blog/stories/otp-key-reuse.html 
  2. Rose, Sam. (2015, July)  Toying with Cryptography: Crib Dragging. Samwho. https://samwho.dev/blog/toying-with-cryptography-crib-dragging/ 
  3. Lewin, Michael. (2012, June) All About Xor. accu.org. https://accu.org/journals/overload/20/109/lewin_1915/ 
  4. Omolara, Oludare & Jantan, Aman & Abiodun, Oludare & Arshad, Humaira. (2018). An Enhanced Practical Difficulty of One-Time Pad Algorithm for Resolving the Key Management and Distribution Problem. 
  5. One Time Pad. Academic Accelerator. https://academic-accelerator.com/encyclopedia/one-time-pad 
  6. Hasanabad, Frank. (2018, March) Crib dragging attacks Medium.com. https://medium.com/@fhbro/crib-dragging-plain-text-attack-5a61a0bcd80d 
  7. The New York Times. (2023, September) Wordle. nytimes.com. https://www.nytimes.com/games/wordle/index.html
Images

Join the Conversation

17 Comments

  1. Hey Guys,
    Recalling our crib-drag exercise from worksheet 2, The gamification of such a crucial concept in cryptography is awesome! This will surely help many understand the dangers of re-using keys in the OTP.

    However, I’m intrigued: how have you architected the backend to ensure genuine randomness in the daily puzzles?

    1. Thanks for reading our post and thank you for your question.

      Currently the way we are constructing the daily puzzles is to pull from a database we have generated using 100 characters of popular English works such as Dracula and Mobey Dick. We have hundreds of phrases populated in our database and each day we will use the date to determine which phrases are pulled from the database. The exact process is still being worked out but you can be assured that each date will feature a different subset of our generated phrases.
      In terms of our pad, that is generated randomly per game using JavaScript’s crypto library.

      Hope this answers your question, if you have any others please let us know!

  2. Very cool!

    I wonder if it would be possible to make it multiplayer somehow? Maybe something like battleships where instead of single players solving predetermined phrases, each player would supply a few phrases and the oponent’s objectivec would be to decipher the phrases before their own phrases were deciphered.

    I too really enjoyed the puzzle of crib-drag and very cool to see it being improved upon!

    1. That could be really fun, but might rely a little on the honour system – It would be really hard to figure out the pad if your opponent made their plaintexts totally random instead of real words! But maybe there are some solutions to that… It’s an interesting idea for sure!

  3. Waooo. this gonna be a very interesting game to play. From the Crib drag experience which almost gave me the hard time of my life trying to guess the plaintext. But finally we conquered. I am really looking forward to see the outcome of this interesting puzzle game. project description well detailed.

    1. We appreciate your enthusiasm to play the game Kelvin!
      I also had a though time guessing the plaintext during the crib drag exercise.
      The difficulty in using the crib drag technique to decrypt a cipher text shows the amount of resilience and patience an attacker has to have to decrypt a cipher text.

  4. Awesome idea guys,
    Excited to play the game and show my friends this really cool concept of cryptography with a much better UI/UX for general less technical users.

  5. Wow, this sounds like such a cool project! Turning cryptography into a game is a creative way to make learning fun. I love the idea of Crib-Draggle, and adding features like difficulty settings and modifiers shows your thoughtful creativity. The research page is a nice touch too, giving players some context about the technique. I can’t wait to try it out when it’s ready. Keep up the awesome work, and have a blast working on this!

  6. This is truly remarkable. I cannot recall the number of times I had to guess words in that exercise during class. How do you guys plan to manage the difficulty settings in the game? I am sure there are some intriguing strategies behind that.

    1. There’s a few possibilities for providing for difficulty levels. Some will be implemented in our game version:
      1) a switch is provided to allow the game to immediately tell you if a guessed crib word string exists in any of the cipher texts (but not where it is). This speeds the game play up.
      2) The ability at game start time to choose easier level(s), where short portions of the ciphertexts are pre-solved for the user.
      3) Prior to being allowed to make (unlock) a certain number of crib word guesses, the user must successfully answer a knowledge testing question about the various cryptography schemes that are susceptible to crib dragging attack when their keys are re-used (not random).
      4) The ability at game start to choose alternate cipher text sources. In our game, our cipher text sources are taken from full Books retrieved from the Gutenberg.org. So books of more unusual text content/styles could be used (e.g. Shakespeare, alternate languages, etc.)
      5) A Virtual Reality immersive version of the game can’t be far behind.

      1. Parts of the cipher text pre-solved would definitely make that level easy. I would always play that level. Thank you Patrick

  7. Very nice game! It is as fun as like the question in worksheet. Can the difficulty of this game to be set to adapt players from all ages?

    1. Thank you Enyu for your comment!
      Yes there are range of difficulty levels, including easy, intermediate, and hard. We hope you will give the harder levels a try and enjoy the challenge.

  8. This would be an awesome game and I will definitely get to play this with family and friends, a point to consider that might appeal to users
    might be having different themes that the users can choose from eg seasonal themes, this can maintain player interest over time, having maybe chat forums or chat rooms for users to discuss strategies maybe? also accessibility should be taken into consideration as well ie, font size… Adding global leaderboards might be interesting as well as it will make the game very competitive and more compelling for users to keep playing 🙂

    Your team should have an enjoyable time developing this 🙂
    Can’t wait to play!!

    1. Thank you for your suggestion!
      We will keep refining the game to be as inclusive and engaging as possible by adding chat forums.
      We did have an enjoyable time developing the game!

  9. Amazing idea guys ,
    creating a game to explain cryptography is really good concept , as we all enjoyed the cribdrag exercise in worksheet 2, will also be waiting for your game as you guys are creating it using ReactJs to make it more user friendly and also will be giving scores at the end so its really interesting.

    1. Thank you so much for your enthusiastic response! We’re glad to hear you find the idea of ​​playing cryptography games interesting. We can’t wait for you to try it out, especially given how much you enjoyed your crib drag exercise in Worksheet 2!!. There are also different difficulty levels included in the game 🙂

Leave a comment